Latest
v2.1.1
April 2026✨ New Features
- AI Security Copilot — natural-language threat analysis and recommendations
- Behavioral anomaly detection — impossible travel, login time anomalies, process chain analysis
- Email threat analysis — phishing detection, BEC indicators, domain validation
- SIEM webhook integration — real-time event forwarding with HMAC signing
- Incident response playbooks — automated and manual remediation workflows
- Onboarding checklist — guided first-run experience with progress tracking
- Session management — view and revoke active login sessions
- Platform announcements — in-app notification system
🛠️ Improvements
- Outbound rate-limit throttling for all 7 external API dependencies
- BFF cookie authentication pattern — HttpOnly cookies replace localStorage JWT
- CSP nonce injection — dynamic nonces for all inline scripts
- Unified pricing across all surfaces ($15/$25/$35 per user/month)
- Custom 404 page with helpful navigation
- Multi-browser E2E testing (Chromium, Firefox, WebKit)
🐛 Bug Fixes
- Fixed org_slug bypass in checkout (security critical)
- Fixed Host header injection in Stripe redirect URLs
- Fixed /api/health leaking DB exception details
- Fixed agent JWT secret shared with user auth
- Fixed CSP connect-src being too permissive