DATE:
AUTHOR:
CyberCloud Team
PentestPortal.io

Release 28 March 2025

DATE:
AUTHOR: CyberCloud Team

We’re excited to bring you our biggest update of the year so far! This release includes powerful new features to improve usability, report quality, and pentest workflow, along with an extensive list of bug fixes — including improvements following our migration to Nuxt3.

Features

  • #PP-309 - CyberScanner Wizard UI improvements
    A new wizard-style popup helps you manage and review main domains before launching a scan. Subdomains and related main domains are now automatically fetched and displayed with counts, allowing users to toggle which main domains to include. Estimated credit usage is also shown. Designed to reduce the risk of scanning unrelated tenants.

  • #PP-331 - Draft status for findings
    New findings now default to a “Draft” status, visible only to Pentesters. This prevents accidental exposure to clients and supports workflows like copy/paste from other reports. “Draft” findings must be manually set to “New” when ready.

  • #PP-355 - Redesigned app theme picker
    Updated the theme picker with translation support, color chips, styled buttons, tabs, and cards. Also fixed issues with saving selected themes.

  • #PP-316 - Auto-disable login after inactivity
    For users with the “Customer Contact Primary” role, logins are now automatically disabled after one year of inactivity. The last login date is now visible in the user management overview.

  • #PP-347 - Label support for Pentester IPs
    You can now add a custom label (e.g., location) to each Pentester IP. These labels are also shown in the final report for added context.

  • #PP-346 - Scope ports datatable improvements
    Improved the ports datatable in the Scope tab with checkboxes, edit icons, and both single and bulk delete options.

  • #PP-357 - Improved single menu items in datatables
    Menu items in datatables now support simplified rendering without submenus. Edit/delete logic is still controlled via role-based permissions.

  • #PP-354 - Persistent datatable states
    Datatables now retain sorting, visible columns, and custom filters across page switches. Filters like IP context are retained for 9 hours. Reset to defaults with a new button.

  • #PP-364 - New Security Headers chapter in CyberScanner reports
    Reports now include a section on HTTP security headers such as CSP, X-Frame-Options, HSTS, and Referer policies.

  • #PP-342 - One-click email to all contacts
    A new button in the contacts tab allows users to launch their mail client pre-filled with all contact email addresses.

  • #PP-310 - Auto-close quality requirement dialog after approval
    Approving a quality requirement now automatically closes the dialog and returns the user to the overview — provided notes were added.

Bug Fixes

  • #PP-350 - Incorrect numbering in waiver documents

  • #PP-355 - “This is where it starts” error screen resolved

  • #PP-367 - 500 error when uploading some Nessus files

  • #PP-373 - Empty waiver document when cloud resources are involved

  • #PP-360, 362, 363 - Post-Nuxt3 migration fixes:

    • Long client names now handled via backend rewrite

    • Tabs left open overnight now redirect to login

    • Fixed error when exporting findings CSV with certain settings

    • Changing pentest status no longer results in 500 error

    • Restored ability to set a finding’s status to "Open"

    • Uploading a logo in Branding Email settings now works

    • Search now includes results from across assessments

    • Code no longer disappears on click in code blocks

    • $, {{ shortcuts now show auto-suggestions again

    • Feedback popup no longer overlaps the "+" button

    • ASVS compliancy checklist now retains saved data

    • Cancelling a finding dialog no longer falsely triggers a discard prompt

    • Fix for /report tab leading to error screen

    • Fixed missing send button for finalized reports

    • Fixed inconsistent widths of search filters between tabs

    • Nmap and Nessus uploads now correctly limit file selection to .xml

    • Fixed frontend refresh issue with date fields (start vs. end date)

    • Restored editable title after copying findings

    • Fix for adding custom Pentester IPs with labels

    • Fixed cancel flow when sending waiver

    • Fixed loading loop in /pentest endpoint in old frontend

  • #PP-358 - Incorrect assessment status sorting
    Order is now: Lopend > In Review > Gepland > Afgerond

  • #PP-359 - CyberScanner Secrets table column widths fixed

  • #PP-343 - Read-only popup added for findings in completed pentests
    Allows copying of translations or reviewing earlier content.

  • #PP-341 - [TEXT NOT FOUND] error in waiver for out-of-scope targets fixed

  • #PP-345 - Compliancy notes now visible again for completed pentests

  • #PP-326 - Step order now preserved when copying findings

We believe that PentestPortal will greatly enhance the experience of individual penetration testers, penetration testing firms and enterprises conducting their own pentests and that PentestPortal contributes to more efficient and effective penetration testing. Your feedback is invaluable in helping us improve and tailor the software to meet your needs.

Thank you for choosing our software, and we look forward to hearing your thoughts on this exciting new release!

Powered by LaunchNotes