arrow-left Back to Announcements
DATE:
AUTHOR:
CyberCloud Team
PentestPortal.io

Release 18 May 2026

DATE:
AUTHOR: CyberCloud Team

This May release introduces one of the biggest architectural improvements to PentestPortal so far: fine-grained RBAC access control on pentest level for customer users. Customers can now securely manage access per assessment, enabling better segregation between teams, products, and departments.

Alongside this major security-focused feature, this release also adds improved JIRA exports, finding navigation, enhanced search capabilities, and multiple usability improvements across kick-off flows, comments, and permissions handling.

Features & Improvements

PP-694: Jira CSV Export - Added ASVS items column

The Jira CSV export now includes linked ASVS items as a dedicated column.

  • Multiple ASVS items are separated using newlines

  • Makes it easier to automatically map ASVS references to JIRA labels or workflows

  • Available in all JIRA CSV exports

PP-196: MAJOR FEATURE – RBAC access control on pentest level

PentestPortal now supports Role-Based Access Control (RBAC) on individual pentest level for customer users. This major feature allows customers to grant access to specific pentests instead of entire customer environments.

Key improvements include:

  • Pentest-specific access management for customer contacts

  • Pentest-specific permission to edit risk status after completion

  • Full migration path for existing customer permissions

  • Assessment-level rights enforcement across frontend and backend

  • Optimized rights caching and payload size reductions

  • Improved contact management flows

  • Better handling of login permissions and assessment visibility

This update significantly improves scalability and security for organizations with many customer users and multiple isolated pentests.

PP-575: Navigate between findings

Added next/previous navigation inside findings. Users can now browse findings directly without returning to the overview page.
Additional improvements:

  • Better navigation flow during pentests

  • Floating navigation bar

  • Improved contextual navigation support

PP-705: Search findings in recommendation field

The global findings search now also searches within recommendation fields.
Users can now quickly locate remediation guidance across all accessible pentests.

Bug Fixes

  • PP-712: Added clarification message for functional managers who automatically have access to all pentests

  • PP-711: Frontend rights cache now updates correctly after creating a pentest

  • PP-698: Fixed incorrect sender email handling when custom SMTP settings are configured

  • PP-692: Resolved Error 500 after sending kick-off emails

  • PP-699: Fixed UUID being displayed instead of sender name in kick-off email links

  • PP-695: Fixed issue where customer login permissions were not correctly displayed in the portal

  • PP-708: Added proper default bottom margin below the comment FAB

  • PP-707: Fixed Error 500 during login on the accept environment

We believe that PentestPortal will greatly enhance the experience of individual penetration testers, penetration testing firms and enterprises conducting their own pentests and that PentestPortal contributes to more efficient and effective penetration testing. Your feedback is invaluable in helping us improve and tailor the software to meet your needs.

Thank you for choosing our software, and we look forward to hearing your thoughts on this exciting new release!

Powered by LaunchNotes