Changelog

Product updates, security fixes, and new features.

vUnreleased

No changes documented yet.

v1.0.02026-02-15

Added

  • V1 go-live checklist with measurable GO/NO-GO gates.
  • Runbooks for auth, DB, queue/redis, and release rollback.
  • E2E smoke suite for core authenticated routes.
  • Shared Playwright auth helpers.
  • Dashboard store regression tests for payload shape compatibility.
  • CI release gate now includes coverage and e2e smoke.
  • SSRF firewall + redirect-safe fetch integrated into scanner/crawlers.
  • Email verification flow (register + verify endpoint + UI), with sign-in blocked in production until verified.
  • GDPR account deletion endpoint (password confirmation, safe anonymization).
  • Encryption key rotation support (`ENCRYPTION_KEY_PREVIOUS`) + rotation script.
  • API key authentication support for guard proxy/evaluate.
  • Plan quota enforcement for assets, webhooks, API keys, scheduled scans, guard calls/day, and exports/month.
  • MFA recovery codes (hashed storage, one-time use, regeneration endpoint).
  • Release evidence artifacts for audits, dry-run, and real scan proof.

Changed

  • Dashboard store now accepts direct and wrapped API payloads.
  • Health endpoint now reports queue status in addition to DB/Redis/Memory.
  • Prisma safe migration script now enforces command timeout via `PRISMA_COMMAND_TIMEOUT_MS`.
  • Deploy workflow now runs release gate before build/push.
  • Cron routes now enforce `CRON_SECRET` consistently (with dev warnings).
  • Stripe webhook signature verification is required in production.
  • Stripe webhook processing is idempotent by `event.id` with Redis/in-memory fallback.
  • RBAC enforced for webhooks, scheduled scans, and billing routes.
  • Sidebar includes Sign Out.

Fixed

  • `tests/security/fuzzer.test.ts` regression caused by missing exports.
  • Middleware now allows `/api/billing/webhook` without auth interception.
  • Same-origin validation for billing checkout/portal redirect URLs (open redirect mitigation).

Security

  • Security workflow now blocks on critical production dependency vulnerabilities.
  • PR dependency review is enabled with high severity fail threshold.

Security Advisories & Mitigations

  • 2026-02-07: Resolved `next` production DoS advisory exposure by upgrading to `^15.5.10` and enforcing `npm audit --omit=dev --audit-level=high` in release gate.
  • 2026-02-07: Hardened deploy gate to fail fast when deployment webhooks are missing, avoiding false-positive release states.
  • 2026-02-07: Reduced operational information exposure by returning sanitized DB health errors (`Database unavailable`) instead of internal exception details.