arrow-left Back to Announcements
DATE:
AUTHOR:
CyberCloud Team
PentestPortal.io

Release 6 January 2026

DATE:
AUTHOR: CyberCloud Team

We’re starting 2026 strong with a major release of PentestPortal focused on transparency, flexibility, and better control across reporting, planning, scope and user experience. Highlights include a new target type, calendar subscriptions for planning, and backend reliability improvements.

Features & Improvements

PP-542: New target type: Desktop Application

You can now define Desktop Applications as a target type during scoping. The new form includes:

  • Name (required)

  • Version / Build Number (optional)

  • Platform (Windows, macOS, Linux, Multi-platform, Other – required)

  • Framework / Runtime (optional combobox with suggestions like .NET, Java, Electron, Python, Rust, etc.)

PP-498: Read-only planning calendar

Stay in sync, even outside the portal. Pentesters can now subscribe to their personal read-only calendar for assignments:

  • Accessible via a unique URL from your profile

  • Works with Google Calendar, Outlook, and mobile

  • Displays capacity, assessment titles, project codes

  • View up to 1 year ahead and 3 months back

This is especially helpful for combining personal and work calendars.

PP-567: PDF Report sorting on CVSS score

PDF risk listings now sort:

  1. First by risk level (e.g. Critical, High)

  2. Then by CVSS score within the same level
    This ensures the most severe findings are always at the top of each section.

PP-592: Sentry logging on backend startup

Sentry is now hooked earlier in the backend boot process to capture and alert on issues faster, even during initial imports or startup calls.

PP-565: HTML language meta in PDF templates

PDF reports now explicitly define their language via meta tags (<html lang="xx"> and <meta name="language">) to support better rendering and automation.

PP-586: Planning view enhancements

Calendar entries now better display essential data like:

  • Assessment title

  • Project code

  • Capability

Helps with quicker scanning and less confusion when viewing team capacity.

PP-566: Risk database: add/modified Dates

Two new sortable columns in the risk database:

  • Date Added

  • Date Modified

Track content freshness and filter for recent changes more easily.

PP-574: MongoDB: dateCreated field

A dateCreated field has been added for core backend models like:

  • Customers

  • Resellers

  • Risks
    Lays groundwork for audit logging, though it’s not yet visible in the UI.

PP-580: Scope: multi-checkbox selection

You can now select multiple scope items using checkboxes, just like in the open ports section. Great for quick deletions or bulk operations.

Bug Fixes

  • PP-554: “Add and create another” button broken for test accounts
    The button now correctly allows you to add multiple test accounts in sequence without reload issues.

  • PP-555: Broken risk references in retests

    • Incorrect references causing “risk has been removed!” errors

    • Retests now use correct new IDs for referenced risks

    • Fixed retroactively for existing retests

  • PP-558: Incorrect shortcodes in cheatsheet
    Fixed bugs in the cheatsheet that caused wrong references when inserting shortcodes.

  • PP-560: Risk reference causing validation errors in quality requirements
    Resolved incorrect validation issues caused by referencing risks in quality requirement fields.

  • PP-561: Spellcheck Issues in view mode

    • Misspellings now correctly highlighted

    • Link stripping before submission to language tool

    • Render issues after inline edit resolved

    • Configured language errors visibility for non-pentesters

  • PP-562: “Extern ID” no longer required in quality requirement editor
    The “Extern ID” field in quality requirements is now optional.

  • PP-569: Single-Reseller instances failing to start
    Fixed a regression caused by missing environment variables on creation.

  • PP-571: Mismatched URLs in instance settings tabs
    Corrected incorrect GET parameter values in the admin tabs for team capabilities and pentester IPs.

  • PP-583: Sentry deploy integration issues resolved
    Sentry deployment now correctly logs releases and deployment environments.

  • PP-584: CSV Export of open ports did not match filters

    • Filter mismatch in number of rows

    • Output sort order now matches screen

    • UI now includes 3 export options: all, filtered, or visible only

  • PP-588: Finding description shows “[object Object]”
    Resolved a bug where the finding's recommendation field displayed [object Object] instead of proper content.

  • PP-589: Quality requirements text not shown in UI
    Fixed a bug that hid the requirement description in pentest views, even though the data existed.

  • PP-590: PDF Download resulted in 500 error
    Fixed a backend rendering error when attempting to download reports.

  • PP-591: Typing errors were not detected on yarn build
    Type checking is now enforced again during builds using rollup.

We believe that PentestPortal will greatly enhance the experience of individual penetration testers, penetration testing firms and enterprises conducting their own pentests and that PentestPortal contributes to more efficient and effective penetration testing. Your feedback is invaluable in helping us improve and tailor the software to meet your needs.

Thank you for choosing our software, and we look forward to hearing your thoughts on this exciting new release!

Powered by LaunchNotes