arrow-left Back to Announcements
DATE:
AUTHOR:
CyberCloud Team
RELATED ROADMAP ITEMS:
#PP-379 - Automatic approval/check on outstanding pentest waivers
#PP-14 - Automated spelling check quality check
#PP-377 - Multiple hostname support for IP-targets
#PP-375 Anti-virus scanning on file-uploads
PentestPortal.io

Release 24 April 2025

DATE:
AUTHOR: CyberCloud Team
RELATED ROADMAP ITEMS: #PP-379 - Automatic approval/check on outstanding pentest waivers , #PP-14 - Automated spelling check quality check , #PP-377 - Multiple hostname support for IP-targets , #PP-375 Anti-virus scanning on file-uploads

We’re excited to announce our latest PentestPortal release! This update brings major improvements to your workflow and security, including:

  • Support for multiple hostnames per IP target for much greater flexibility and clarity in scoping and reporting.

  • Automatic daily checks for outstanding pentest waivers to ensure quality requirements are approved without manual intervention.

  • Automated spelling quality checks for faster, more reliable reporting and review.

  • Built-in anti-virus scanning (ClamAV) for all customer file uploads for enhanced security and peace of mind.

And much more! Read on for a detailed overview of new features, enhancements, and bug fixes.

Features

  • #PP-374 - Docker Hub Authentication for GitLab Pipelines
    Added Docker Hub authentication to our GitLab pipelines in response to new rate limits. This ensures reliable builds and smoother CI/CD workflows. Read more

  • #PP-320 - MongoDB Atlas Flex Tier Migration & Backup Improvements
    Updated our MongoDB configuration to support the new Atlas Flex Tier.

    • Spinning up new instances is now streamlined.

    • Backup frequency and retention align with Flex Tier best practices (daily backup, 8-day retention).

  • #PP-386 - Multilingual Search for Target Types in Scope Table
    You can now search target types in the scope table across all supported languages, making the interface more consistent regardless of your chosen language.

  • #PP-375 - Automated Virus Scanning for Customer File Uploads
    All files uploaded by customers are now scanned with ClamAV for added security.

    • Unsafe files are blocked and users receive an immediate error message.

    • Note: Pentesters are exempt and can upload files without virus scanning, to avoid that the payloads you want to share with your customer(s) are being blocked.

  • #PP-14 - Automated Spellcheck Quality Control
    Automated quality requirement checks now include a full overview of unresolved spelling issues in findings, helping pentesters and reviewers see which fields (description, steps, rationale, etc.) still need attention.

  • #PP-379 - Automatic Approval of Quality Requirements for Outstanding Waivers
    The system now automatically checks for waivers that are still open but require no further action, and sets the related quality requirement to "Approved" when appropriate. This reduces manual work and keeps dashboards up to date.

  • #PP-377 - Multiple Hostname Support for IPv4 Targets
    Major improvements to target management:

    • Domain targets can now be linked to multiple IP addresses.

    • Scope table now shows all associated (sub)domains, and you can add/remove links directly.

    • Nessus/Nmap imports handle duplicate hosts and external IPs intelligently.

    • Subdomains are grouped under their main domain for better visibility and reporting.

Bug Fixes

  • #PP-381 - CSV export now includes all selected fields and no longer truncates data.

  • #PP-378 - Fixed issue where uploaded files were not visible in the system after upload.

  • #PP-364 - Tightened Content Security Policy (CSP) configuration to block unsafe scripts.

  • #PP-387 - Favicon and logo branding settings can now be removed as intended.

  • #PP-385 - Fixed character encoding issues in email communications (special characters now display correctly).

  • #PP-380 - Test account passwords are visible again for completed pentests; copying findings from completed assessments is now possible.

  • #PP-372 - Autofocus now works when adding a new reviewer.

  • #PP-371 - The logo in the top left now loads correctly on first portal visit.

  • #PP-369 - CSV export for open ports table now respects filters and avoids duplicate entries.

  • #PP-368 - ASVS compliance check now accurately reflects approval status.

  • #PP-383 - Logos now work correctly on single-instance deployments.

  • #PP-366 - Improved CyberScan add screen:

    • Reworked table dialog, inline subdomain addition, and better error handling for insufficient credits.

  • #PP-376 - Hardened input validation to fix Server Side Request Forgery (SSRF) vulnerability in the dataUrl parameter.

  • #PP-359 - Secrets table column widths in CyberScanner are now displayed correctly.

We believe that PentestPortal will greatly enhance the experience of individual penetration testers, penetration testing firms and enterprises conducting their own pentests and that PentestPortal contributes to more efficient and effective penetration testing. Your feedback is invaluable in helping us improve and tailor the software to meet your needs.

Thank you for choosing our software, and we look forward to hearing your thoughts on this exciting new release!

Powered by LaunchNotes