Blackglass

Product

Changelog

What we’ve shipped recently. We release small improvements continuously and group user-visible changes here for easier scanning. Want a deeper dive? See the full commit history on GitHub or ask us about a specific change.

2026.05.b

May 9, 2026

  • NewRun-scan now waits up to 90s for the next push-agent snapshot when SSH is unavailable, so drift introduced seconds before the click is detected on the first scan instead of the next one.
  • NewSnapshot-freshness pill on the dashboard shows how recent the latest fleet signal is at a glance, with green/amber/red thresholds.
  • NewOnboarding wizard surfaces the live collector status ("Waiting for fresh agent snapshot…") so first-scan flows feel transparent rather than stalled.
  • PerformanceDefault push-agent cadence reduced from 5 minutes to 60 seconds (systemd timer + cron fallback). Every scan now reflects state captured within the last minute.
  • FixScan-job projection no longer fakes a "succeeded" status for real scans before the collector resolves them — the dashboard refresh now lines up with actual drift events.
  • FixMulti-instance scan tracking: scan kind + progress now persist to Redis, so a poll routed to a different web container still sees the right state.

2026.05.a

May 1, 2026

  • NewNew six-tier pricing ladder — Lab (free), Starter, Growth, Scale, Business, Enterprise — plus a Remediator (HITL AI) add-on slot.
  • NewEnterprise "Talk to sales" CTA now opens a structured lead form with Slack + email fan-out and full audit-log capture.
  • NewStripe checkout supports Scale tier and inline-fallback pricing for fresh deployments where price IDs aren't wired yet.

2026.04

April 2026

  • NewBulletproof first-baseline experience — onboarding wizard recovers cleanly from SSH timeouts, mid-flow errors, and stuck queues.
  • NewHost tombstones: deleted hosts no longer reappear from a stale agent push; bulk delete + undo windows make cleanup safe.
  • NewAsync baseline jobs — long-running fleet baselines run in BullMQ with live progress, freeing up the API for interactive scans.
  • NewPush-mode agent + bundle-ingest route + lab-health agent freshness probe — the foundation for blackholed-host coverage.
  • FixDrift compute on every push instead of overwriting the baseline, so silent drift can't sneak in between scans.
  • FixPDF report generators sanitise Unicode glyphs before draw, eliminating the "missing glyph" boxes in compliance evidence bundles.

2026.03

March 2026

  • SecurityBYOK Phase 2/3 — encryption-key rotation + per-tenant KMS bindings, with airgap probe wiring for self-hosted deployments.
  • SecurityApproval Token enforcement is now default-on for Remediator HITL actions; matrix tests cover all sudo / non-sudo combinations.
  • SecurityPer-tenant scan rate-limit + tenant-leak RLS test prevents cross-tenant signal contamination in noisy multi-tenant deployments.
  • NewDrift-digest email summarises new findings on a daily cadence; CEF integration note + Playwright win32 visual baselines added.
  • NewHelm chart ships sandbox-worker, with lab-health probe + drift-digest UI + collector port pinned at 22.
Subscribed to a previous version? Email [email protected] and we’ll loop you back into release notifications.