arrow-left Back to Announcements
DATE:
AUTHOR:
CyberCloud Team
PentestPortal.io

Release 17 July 2025

DATE:
AUTHOR: CyberCloud Team

We’re excited to share our July 2025 release — a major update packed with planning improvements, new user roles, team capability management, and a long list of bug fixes. From holiday-aware scheduling to role-based permissions and dynamic QA filtering, this release enhances security, clarity, and user experience across the board.

Features

  • #PP-438 – Advanced User Filtering
    Added filters to the user overview table:

    • Internal team members

    • Customer contacts

    • Users affecting licensing (e.g., pentesters)

    • Users without any assigned role (in multi-reseller setups)

  • #PP-435 – Capability-based Pentest Planning
    Pentests can now be scheduled based on required capabilities (Infra, Web, Cloud, etc.), regardless of overlap in timing. The start date of the pentest is dynamically calculated based on the first available team member.

  • #PP-437 – Public & personal leave management

    • API integration for national holidays (per country)

    • Manual entry of organization-wide holidays

    • Personal leave management with reason descriptions

    • Requires the newly implemented HR Manager role at the admin level

  • #PP-447 – Planning summary text
    Added a read-only summary showing who is scheduled to work when. Visible in the planning tab or edit mode (if not yet scheduled).

  • #PP-440 – Extended Role System
    Introduced and refined multiple roles:

    • Admin, HR Manager, Functional Manager, Account Manager

    • Reseller Contact, Pentester, Customer Contact Primary

  • #PP-448 – Country-based holidays
    Instances can now specify their country to load the correct public holidays.

  • #PP-456 – Rights-based filtering in API
    API calls now consistently enforce draft visibility rules across overviews and sub-endpoints like risks and scopes.

  • #PP-419 – Show customer name under project title
    Reintroduced display of the customer name in lowercase beneath the project title.

  • #PP-434 – Define required capabilities per Pentest
    Select one or more required capabilities per assessment. Coverage can be fulfilled by one or multiple users.

  • #PP-429 – "Add" (+) button in all datatables
    Added a floating "+" button to all relevant tables for quicker add/edit access.

  • #PP-430 – "Save and add another" button
    For dialogs like risk, target, contact person, test accounts, files, and pentester IPs — not reviewers or versions.

  • #PP-431 – Team management module
    Brand-new Team section with:

    • Overview of internal users & their capabilities

    • Individual leave management

    • National & manual public holidays

    • Role-based access through HR Manager

Bug Fixes

  • #PP-436 – Risk titles could no longer be edited in the database — fixed.

  • #PP-439 – Spelling checker didn’t detect English spelling errors — resolved.

  • #PP-446 – Microsoft login loop after inactivity resulted in 500 errors — fixed.

  • #PP-449 – Reproduction steps weren’t fully copied when duplicating risks — corrected.

  • #PP-451 – CyberScanner order validation failed due to missing domains — backend logic updated.

  • #PP-452 – Downloading images from reproduction steps returned HTML instead of the image — fixed.

  • #PP-454 – Small fixes:

    • Default pentest status now starts as “Draft”

    • Missing permission for editing team member capabilities

    • Pagination and sorting now persist

    • Spellchecker buttons no longer capitalize suggestions by default

  • #PP-418 – Spelling errors in code blocks are now ignored automatically.

  • #PP-441 – False positives in spelling QA checks now resolved.

  • #PP-453 – IP addresses were misaligned in the PDF report table — layout improved.

  • #PP-421 – Changes made via the pentest overview weren’t immediately visible — now refreshed properly.

  • #PP-445 – Various UI/UX adjustments:

    • Filter for reseller contacts in user overview

    • Placeholder alignment in filter fields

    • Initial default capabilities with correct translations

    • Project numbers added in planning view

    • Autofocus and scroll behavior improved

    • Read-only summary in planning now aligned with editable state

    • Project code field input now always uppercase

    • Roles synced across customer/reseller views

    • "403 on /me" now triggers refresh

We believe that PentestPortal will greatly enhance the experience of individual penetration testers, penetration testing firms and enterprises conducting their own pentests and that PentestPortal contributes to more efficient and effective penetration testing. Your feedback is invaluable in helping us improve and tailor the software to meet your needs.

Thank you for choosing our software, and we look forward to hearing your thoughts on this exciting new release!

Powered by LaunchNotes