v1.2.0 | Generic Report URLs

Release Date: April 14, 2023

Hey everyone,

We are excited to announce that we have made some major changes and bug fixes to our platform. These changes are designed to make it easier for security researchers and program members to collaborate and share reports.

🎇 Sharing Reports with Colleagues Made Easier

We know that it is sometimes necessary to share URLs of reports with colleagues. Our previous configuration for the paths to the reports had an accessibility issue because it was customized depending on the ACCOUNT_TYPE that the current user was using. To solve this, we have refactored our report URLs so that they are now generic. This means that both security researchers and organization users can simply access a report by accessing the following URL:

https://platform.secuna.io/reports/[REPORT_ID]

Note that even though we have made the URL to view a specific report generic, only users with the proper privileges to view a specific report will be given access to it. This means that only the security researcher who made the report and those who are members of the program where the report has been submitted to will be able to view it.

We believe that these changes will make it easier for security researchers and program members to collaborate and share reports. We hope that you find these changes helpful.

🔧Bugfixes

We have fixed a number of bugs, including:

🛠️ Functional Bugs

Fixed an issue where reports with selected statuses, such as closed reports, were also being marked as stale by the platform after having no activity for a month even if they should not be marked as one.
Fixed an issue with the notification system where no notification was being sent to program members when a report was submitted by a security researcher to their program.
Added the missing redirection behaviors of the chevron icons in the program dashboard.

👁️ Visual Bugs

Fixed the visual bug that ruins the design of the report page when a file attachment is added by the security researcher when submitting a report.
Fixed the visual bug that also ruins the design of the report page when very long strings such as JWT tokens are added in the markdown fields of the report submitted by security researchers.