Release 30 January 2026

Our second release of 2026 continues the momentum with deep improvements to team collaboration, risk management, and performance. We’ve added a fully integrated commenting system on risks (with tagging and notifications), a brand-new audit log, and smarter syncing of test account credentials between pentests and customers.

Frontend editors are now faster and smarter with the TipTap v3 upgrade and instant spellcheck highlighting - plus extended target types for Mobile and Desktop apps, and the ability to assign ownership of findings to individual pentesters.

As always, we’ve included numerous bug fixes and subtle UX enhancements to keep your workflow smooth and secure.

Features & Improvements

PP-544: Upgrade to Tiptap v3

We’ve upgraded the rich text editor to Tiptap v3, bringing improved typing safety, new editor kits (TableKit, ListKit, TextStyleKit), and enhanced command handling.

PP-594: Smarter test accounts handling

Test accounts are now better synchronized between the customer level and individual pentests:

• Password updates at pentest level now optionally sync to the customer level

• Improved visibility and override options for pentesters

• Prevents outdated passwords from reappearing

PP-552: Audit logging (Phase 1)

An audit log framework has been introduced to track key actions:

• Internal vs external actions differentiated

• Logs respect user permissions

• Foundation laid for expanded future audit capabilities

PP-550: Commenting system for Risks

We’ve added a full commenting system on risk items:

• Sidebar view similar to Confluence

• Mentions with email notifications (customer & pentester)

• Granular visibility, editing, and notification settings

• Unread indicator and deep linking from email

PP-603: New risk category – Desktop App

You can now link findings to the new “Desktop App” category to better support native application assessments.

PP-598: Extended mobile target type

The Mobile target type now includes:

• Operating system (Android / iOS / Other)

• Version number

• More consistent labels with the Desktop App type

PP-581: Preloaded Spellcheck Results

Spelling errors are now loaded directly from the backend instead of live-checked:

• Faster load times

• Fewer network calls

• Cleaner UX, especially in risk fields and translations

PP-557: Assign Risks to Specific Pentesters

Findings can now be assigned to individual pentesters during a pentest:

• Visible in the risk datatable and detail view

• Internal use only (not exported or in reports)

• Deactivated users still show as assigned (with visual indicator)

Bug Fixes

• PP-619: Fixed issue where risk fields were not shown to customers due to incorrect permissions (403/404).

• PP-613: URLs are no longer flagged as spelling errors in rich text fields.

• PP-600: Resolved bug where targets in historical test accounts appeared empty.

• PP-593: Improved Basecone XML invoice handling:

  • Matching filenames for PDF and XML

  • XML now downloadable from the portal

  • Corrected cbc:ID tag placement

• PP-610: Resolved a handleApiCall is not defined error when resetting QA Demands.

• PP-609: Fixed reseller branding error related to qaDemands validation.

• PP-606: Updated CWE version to resolve data mapping issues.

• PP-605: Seat calculation now correctly sums seat additions.

• PP-604: Spelling suggestion pop-up now correctly appears when errors are near the edge of text fields.

• PP-602: Fixed broken manual input for the Vnumber field.

• PP-601: Prevented incorrect copyOfId assignment when copying targets to customers from pentests.

We believe that PentestPortal will greatly enhance the experience of individual penetration testers, penetration testing firms and enterprises conducting their own pentests and that PentestPortal contributes to more efficient and effective penetration testing. Your feedback is invaluable in helping us improve and tailor the software to meet your needs.

Thank you for choosing our software, and we look forward to hearing your thoughts on this exciting new release!