Skip to content

Changelog

All notable changes to PolicyClue are documented here. This file follows the spirit of "Keep a Changelog" and aims to be compatible with Semantic Versioning.

1.11.3 - 2026-05-25

End-user UX polish across alerts, dashboards, BAS, DLP, and admin views, plus a security hardening pass on the alert table.

  • Changed: Alerts page rewrite. The free-text search box is gone - filter by typing into each column's header, or drill down by left-clicking a chart element (right-click to exclude). The table now scrolls to load instead of stopping at a fixed window, with a running total shown next to the table title.
  • Changed: Scroll-to-load on every activity table. Awareness, BAS dashboards, Phishing Reports, DLP, Download Guard, GenAI Prompt Logs, Vulnerabilities, File Transfers, IoC Droppings, and per-policy/training activity tables now stream additional rows as you scroll instead of capping at the previous fixed window.
  • Changed: Magic-byte DLP detection replaces the previous MIME-type detection. A dropdown of common file types (incl. DICOM) is built in; custom hex patterns are supported, with an @offset: prefix when the marker isn't at byte 0.
  • Changed: Phishing simulation spotgame. Multilingual intro (DE/EN/FR/IT), explicit Continue button with a give-up countdown instead of auto-redirect, and a public-page navbar mock so the simulated experience matches the real portal.
  • Changed: Admin tables surface misconfiguration. Inactive policies, trainings, DLP groups, webhooks, download filters, and tenants are now shown with a soft red background row so problems are visible at a glance.
  • Fixed: Awareness dashboard user names. The Top Users chart and Recent Activity table now show user email addresses instead of browser identifiers. Same fix applies to the per-training Recent Activity table.
  • Fixed: Phishing simulation funnel chart. The funnel widget on the BAS simulations dashboard now renders the Opened → Clicked → Submitted flow with Reported as a parallel branch, instead of falling back to a "no data" placeholder.
  • Fixed: Training reminder emails. Removed the double "Hello" greeting and the unsubstituted {{.TrainingURL}} placeholder in the default reminder body.
  • Fixed: Alert table XSS hardening. A user reported an alert value containing executable JavaScript that rendered in the portal. Stored values are no longer HTML-escaped at write time; they're escaped at render time and an upgrade migration unescapes any values that had previously been encoded. Inline event-handler interpolation in the alerts table now uses URL-safe encoding.
  • Changed: Column-filter chips propagate dashboard-wide. Typing a value into an activity table's column filter now appears as a removable chip in the dashboard's filter bar (marked with ~ to distinguish it from chart drill-down chips) and narrows KPIs and charts in lockstep with the table. Clicking the chip's ✕ clears the column filter.
  • Fixed: Stale plugin instances no longer record dataflow events without a policy. A retired server-side compat shim used to silently reroute legacy file-transfer / input-recording events from pre-1.10 plugins into the logs pipeline regardless of whether any policy authorised recording. Those events are now rejected; affected plugin versions log the rejection and continue working - the recording UI for current versions is unchanged.
  • Fixed: Errors during login or auth-expired flows stay readable. A 401 response used to immediately reload the portal, wiping any error notification before it could be read. The reload is now deferred by five seconds, and a separate path that quietly navigated the browser on internal session resets no longer does.

1.11.2 - 2026-05-11

Internal cleanup of the BAS data model after 1.11.1. No end-user changes.

1.11.1 - 2026-05-11

Polishing pass on the Breach & Attack Simulation module.

  • Added: AI Generate for phishing simulations. New button on the Simulations list opens a brief dialog (scenario, language, optional brand, optional pretext) and produces a draft simulation - subject line, Outlook-safe email body with phishing-tell markers, and a brand-realistic credential-harvest landing page - ready to review and launch.
  • Added: Per-simulation statistics. Each simulation editor now includes a dedicated dashboard below the edit form, showing opens, clicks, submissions, reports, funnel, timeline, top failed users, top reporters, and recent events for that simulation only. IoC simulations get a parallel dashboard tailored to their event family.
  • Added: Target percentage on manual simulations. When launching a phishing or IoC simulation manually, choose what share of the eligible target pool actually receives this run. 100% targets everyone (default, unchanged behaviour); lower values pick a random subset.
  • Added: Spotgame toggle in Auto Mode. Auto-spawned phishing simulations now honour an admin opt-in for the phishing-indicator spotgame. When enabled, the spotgame is turned on if the randomly-picked template carries phishing-tell markers; otherwise it stays off.
  • Added: Date and time placeholders. Phishing email and landing page templates now accept dynamic time tokens that resolve at send time: current date, current time, end of week, end of month, plus signed offsets (e.g. five business days from now, ten minutes ago, one year from now). Use these instead of hard-coded timestamps so a quarantine notice always looks fresh and a "submit by Friday" deadline always points to the right Friday.
  • Added: Preview email pre-fill. When you preview a phishing simulation or click the link in a test send, the rendered landing page's email field is pre-filled with your own admin email instead of a generic placeholder.
  • Changed: Built-in phishing templates now use the new dynamic date placeholders for copyright footers, invoice numbers, quarantine timestamps, and tax-year references so they stay current as time passes.
  • Changed: Preview rendering keeps the spotgame's deliberate "stale date" markers intact only where they are the intended phishing-tell - elsewhere, dates are refreshed automatically.
  • Fixed: Saving a simulation with a schedule (Launch at / Send by) after the first save no longer fails with a database error.

1.11.0 - 2026-05-04

New module: Breach & Attack Simulation. A subscribable add-on that lets you run phishing simulations and IoC drop tests against your own users to validate awareness, your AV/EDR/NDR stack, and your web-proxy inspection - all from the portal.

  • Added: Phishing email simulations. Send realistic-looking phishing mails to your users. PolicyClue tracks who opens, clicks, submits credentials, or reports the message. The visible From-address is locked to your configured sending profile so SPF, DKIM, and DMARC alignment stays intact - only the display name and (optionally) the SMTP envelope sender are configurable per simulation.
  • Added: IoC drop tests. Browser-driven file delivery (e.g. EICAR-style probes) that exercises your inline AV, post-download scanning, and web-proxy inspection. The portal records whether the file was blocked at delivery, removed afterwards, or slipped through unnoticed.
  • Added: Auto mode. Monthly automatic simulations from a curated template library - set the percentage of users to test each month, the allowed template categories, and business-hours windows; the platform picks targets, schedules sends, and rotates landing hostnames.
  • Added: Refresher training auto-assignment. When a user falls for a simulation, you can pin an awareness Training that automatically blocks their browser on every visit until they complete it. No extension update needed.
  • Added: Positive feedback in Outlook. When a user correctly reports a simulated phishing mail, the Outlook add-in shows a brief positive-feedback modal so the right behaviour is reinforced immediately.
  • Added: Targets management. Dedicated Targets page with paginated grid, per-user enable/disable, and a 90-day timeline view per target. CSV bulk import with optional Replace mode to soft-disable manually-added rows missing from a new upload (M365- and log-discovered targets are untouched). Targets can be sourced from manual entries, M365, or observed logins, with per-simulation source filters.
  • Added: Simulation editor. Tabbed editor with Email, Landing, IoC, Recipients, and Results views - only the relevant tabs show up per simulation type. For IoC simulations, a Test button delivers the configured IoC file straight to the admin's browser so you can verify the AV reaction on a known-good machine before launching to users.
  • Added: Dashboards.
  • Phishing Simulations - KPIs, trend chart, conversion funnel (opened → clicked → submitted / reported), top-failed and top-reporters lists, by-category bars, activity table.
  • IoC Droppings - KPIs including average time-to-detect, trend, delivered → detected / undetected funnel, by-family breakdown, activity table.
  • Added: Pricing & subscription. BAS is a separate subscribable module - same flow as Awareness, Security, DLP, or Governance. Activation requires a Breach & Attack Simulation subscription on the tenant; the portal hides every BAS surface (nav group, dashboards, settings) until the subscription is active.

Configuration

The administrator running the deployment needs to provide: - PHISHING_SENDING_PROFILES - JSON list of SMTP sender identities used by phishing simulations (host, credentials, from_address, optional default display name). - BAS_HOSTNAMES - comma-separated list of hostnames used for phishing landing pages and IoC file delivery. Pick hosts that route through your normal web-proxy / AV inspection path. Auto-mode rotates randomly across this list each month.

Both are documented in the Network Allow-List and Deployment pages.

Notes for administrators

  • The platform-wide time zone (TIMEZONE deployment env) now drives BAS calendar-month boundaries, so the per-user "one simulation per month" rule rolls over at midnight in your local time, not UTC.
  • Auto-mode cooldown counts only auto-mode simulations. Manual simulations are admin one-shots and don't lock the auto scheduler out of a target.
  • BAS works alongside the existing modules - alerts and logs land in the same dashboards and feeds you already use.

1.10.6 - 2026-04-26

  • Added: Correlation ids on alerts and logs - session.id (one per browser tab / Outlook addin runtime) and view.id (one per page view / item view). Lets you trace which alerts and logs were generated during the same visit. Old plugin versions that don't send these fields continue to work; their events simply don't carry the correlation ids.

1.10.5 - 2026-04-18

  • Added: Central LLM gateway (api/llm/) speaking the OpenAI Chat Completions API via the official openai SDK. Works against any OpenAI-compatible endpoint - Ollama (self-hosted), LiteLLM proxy, OpenAI, Azure OpenAI (via LiteLLM) - selected via env vars only (LLM_ENABLED, LLM_BASE_URL, LLM_API_KEY, LLM_MODEL, LLM_TIMEOUT_SECONDS). Defaults target Ollama + Qwen 2.5 14B. Structured outputs use Pydantic response schemas with one retry on parse failure.
  • Added: AI Generate Training - POST /api/portal/trainings/ai-generate creates a normal Training row (decks, questions, answers) from a short brief (topic, audience, language, #decks, #questions). Frontend button next to Import Template on Awareness > Trainings opens a brief dialog with a blocking progress indicator; on success, the new training opens in the existing editor. Content is not rolled out until the admin links it to a policy.
  • Added: LLM connectivity block in GET /api/portal/health/. Probes GET /v1/models with a 5s timeout when LLM_ENABLED=true; reports configured base_url, model, and whether the model appears in the backend's model list. Healthcheck returns 503 when enabled but unreachable.
  • Added: Optional docker-compose-ollama.yml override in policyclue-docker-compose/ for self-hosted Ollama inference, matching the existing pgadmin/acme override pattern. Enables AI features on air-gapped deployments.
  • Added: Unified template library. GET/POST/PUT/DELETE /api/portal/templates/ with training | dlp | download_filter types, visibility scoping (system | public | tenant | partner), unlisted flag, and share-token access at GET /templates/by-token/<token>.
  • Added: Publish-as-template flow - UI button on the Training, DLP Group, and Download Filter detail views runs a two-step dialog (metadata + safety checkbox) and returns a copyable share link.
  • Added: Template gallery chips for visibility filtering (All / PolicyClue / Partner / Private / Public) plus colored visibility badges on template cards.
  • Changed: System templates are synced from api/static/*templates/ into the templates table on migration and on every FastAPI startup. Files on disk are the git-versioned source of truth; the admin UI rejects PUT/DELETE on visibility='system' rows. Removed files soft-delete their row to preserve FK integrity for tenants that already cloned.
  • Changed: Training.template_id, DLPGroup.template_id, and DownloadFilter.template_id converted from String(255) to Integer FK → templates.id ON DELETE SET NULL. Existing string values (file stems + numeric strings) are backfilled to the new integer ids.
  • Changed: Renamed api/static/policytemplates/ to api/static/trainingtemplates/ - the consumer is create_training, not any policy creation flow.
  • Removed: Legacy per-type template listing endpoints (GET /trainings/templates, GET /dlp/templates, GET /download-filters/templates) and all file-reading helpers (_load_safe_json, _load_template_json, BASE_DIR*).
  • Fixed: Stale sanitize_xml_from_scripts import in routers/portals/users.py.

1.10.3 - 2026-04-04

  • Added: Training entity - reusable awareness content (decks + quizzes) that can be linked to multiple policies. Managed under Awareness > Trainings.
  • Added: Awareness menu group with Dashboard and Trainings pages, gated by Awareness module subscription.
  • Added: Awareness Dashboard with training completion analytics (KPIs, timeline, top policies/users, activity table).
  • Added: Import from template on Trainings page for quick training creation.
  • Added: Website blocking - per-policy setting in Policy Settings. When enabled, matched sites are blocked; an optional training deck overrides the default block page. Requires Awareness subscription.
  • Added: File transfer recording - per-policy toggle on the Governance tab. Logs file uploads and downloads when enabled.
  • Added: Data Flows dashboard under Governance with download/upload analytics, top sites, top extensions, and activity table.
  • Changed: Decks and questions are now owned by trainings instead of policies. Existing content is automatically migrated.
  • Changed: Training settings (repeat interval, quiz requirements, delay, random decks) moved from policy to training.
  • Changed: is_block_policy renamed to is_blocking on the Policy Settings tab. Gated by Awareness module subscription.
  • Changed: Policy detail page replaces Decks/Questions tabs with a Trainings tab for linking trainings.
  • Changed: Outlook add-in phishing reporting no longer requires Graph API, MSAL, or an Entra app registration. Exchange Online uses Microsoft's integrated spam reporting surface (getAsFileAsync). Exchange on-premises uses EWS. Both paths send the complete email as an EML file.
  • Changed: Outlook add-in deployment page now offers two manifest types - "Exchange Online (Recommended)" with the integrated Report button, and "Exchange On-Premises" with legacy ribbon buttons.
  • Changed: Entra app setup instructions simplified - delegated permissions (Mail.Read, Mail.ReadWrite), redirect URI, and "Expose an API" steps removed. Entra app is now only needed for Teams DLP.
  • Added: EML extraction in sandbox worker - reported phishing emails (.eml files) are automatically unpacked into individual parts (email body, attachments). Each part is stored as a separate attachment on the alert and scanned independently.
  • Added: URL extraction from email bodies - the sandbox worker extracts URLs from HTML email bodies within EML files and submits them to the sandbox for analysis.
  • Fixed: Anonymization now enforced in all alert paths. Previously, Teams DLP alerts and vulnerability alerts bypassed anonymization settings. index_alert now handles anonymization centrally.
  • Fixed: Anonymization fallthrough bug - when anonymization was enabled but the plugin did not provide an anonymity_id, the user's real identity was stored instead of being stripped.
  • Fixed: Phishing report recipients (email.to.address) are now stripped when alert anonymization is enabled.
  • Fixed: Notifications and webhooks now use anonymized identity fields when anonymization is enabled.

1.10.0 - 2026-04-04

  • Changed: File downloads, file uploads, and input recordings are now tracked on their respective dashboards (Download Guard, GenAI Prompt Logs) instead of appearing as alerts. They no longer generate email notifications or webhook calls.
  • Changed: Download Guard dashboard now separates file transfer activity from download security events (warned, blocked, dismissed).
  • Added: New report type log for lightweight event tracking without alert overhead.
  • Added: event.name field on all log entries (site_visit, training_completed, file_download, file_upload, input_recorded).
  • Changed: Version bump to 1.10.0 across portal, browser extension, and Outlook add-in.

1.8.2 - 2026-04-03

  • Added: AI Governance module with GenAI Prompt Recording feature. Record what users type into AI tools (ChatGPT, Claude, Gemini, etc.) via the browser extension.
  • Added: Input Recording policy setting - enable per policy on the new Governance tab.
  • Added: GenAI Prompt Logs dashboard page under Governance menu with KPI cards, charts, and activity table.
  • Added: Auto-enable flow on GenAI Prompt Logs page for quick setup using the managed "AI Tools" hostlist.
  • Added: Governance menu group in sidebar with add-on badge and module-gated visibility.

1.8.1 - 2026-03-30

  • Added: Outlook add-in now uses Microsoft Graph API via Nested App Authentication (NAA) for Exchange Online. Fetches email attachments and deletes reported emails via Graph instead of deprecated EWS tokens. Falls back to EWS for Exchange on-premises.
  • Added: Entra app permissions table in deployment page explaining each permission (Application vs Delegated) and what it's used for.
  • Added: Mail.Read and Mail.ReadWrite delegated permissions for the Outlook add-in phishing report feature.
  • Added: Redirect URI step (brk-multihub://addins.policyclue.com) in Entra app setup instructions.
  • Added: Exchange Online disclaimer in Outlook add-in deployment section.
  • Changed: Renamed "Azure AD App Registration" to "Microsoft 365 Integration" in deployment page. Now covers both Teams DLP and Outlook phishing features.
  • Added: Phishing email metadata fields - email.subject, email.delivery_timestamp, email.to.address, email.message_id, email.from.address.
  • Added: Attachment malware scanning with CAPE sandbox - YARA static analysis + URL scanning. Risk scores and risk tags (YARA rule names, signature names) displayed in alert inspector.
  • Added: Attachments stored as AES-256 encrypted ZIP files (password: "infected") to prevent AV interference.
  • Changed: event.risk_score now computed as MAX across all attachment scores per alert.

1.8.0 - 2026-03-28

  • Changed: Breaking - Webhook payloads use new ECS-aligned field names. alert_type is now event.name, @timestamp is event.created, policy_id/policy_name are nested under policy.*, and DLP fields are nested under dlp.*. See updated Webhooks documentation for the full payload format.
  • Changed: ECS field restructuring across all Elasticsearch indices. Fields are now consistently nested (e.g. event.*, policy.*, dlp.*) instead of using flat names.
  • Changed: Consolidated visits and trainings into a unified logs index, reducing index sprawl and simplifying queries.
  • Added: Comment threads on alerts. Administrators can add multiple comments to any alert, each recording who wrote it and when. Comments are immutable (read-only after saving) and appear in the audit trail.

1.7.8 - 2026-03-28

  • Added: Platform filter dropdown on all dashboards. Filter widgets by Browser Extension, Outlook Add-in, or Microsoft Teams. Appears to the left of the date picker; all platforms selected by default.
  • Added: User display name (user.name) field on alerts. Populated from Teams sender displayName - visible in alert details and webhook payloads.
  • Added: Full URL tracking (url.full) for browser extension visits and alerts.
  • Changed: Elasticsearch field names migrated to Elastic Common Schema (ECS). Internal field storage now uses user.id, user.email, user_agent.name, url.domain, host.name, observer.type, @timestamp, vulnerability.* instead of flat browser_*/hostname/created_at names. The portal API continues to serve legacy field names for frontend compatibility.
  • Changed: Webhook payloads now use ECS field names. See updated Webhooks documentation for the new payload format.
  • Fixed: Teams DLP alerts now include sender display name even when email is unavailable for internal Azure AD users.

1.7.7 - 2026-03-25

  • Added: Microsoft Teams DLP scanning via Microsoft Graph API. Tenant-wide monitoring of all Teams channels and chats with domain-based policy resolution. Enforcement modes 2/3 set a policy violation flag on messages (best-effort, requires E5 / Communications DLP service plan). Alerting works on any license.
  • Added: New "Microsoft 365" tab in Deployment view for configuring Azure AD credentials. All channels and chats are monitored automatically - no manual selection needed.
  • Added: "Microsoft Teams" platform checkbox on policies to control which policies apply to Teams monitoring.
  • Added: Background worker worker_m365_subscriptions for Graph API subscription lifecycle management.
  • Changed: Outlook Add-in deployment now uses XML manifest only. Removed JSON (unified) manifest files and ZIP package download.
  • Changed: Updated platform support matrix in documentation to include Microsoft Teams column.

1.7.6 - 2026-03-21

  • Added: Generic attachments support on alerts - stored in Elasticsearch, downloadable from the alert inspector.
  • Added: Attachments section in alert inspector with name, size, risk score badge, and download button.
  • Added: Sandbox integration - automatic attachment analysis with risk scoring (background worker).
  • Changed: Renamed alert type security_phishing_reported to phishing_reported (moved to phishing module).
  • Removed: phishing_report_email and phishing_forward_mode tenant settings (use webhooks instead).

1.6.15 - 2026-03-19

  • Added: Interactive dashboard filtering. Right-click any chart element (bar, doughnut, stacked bar) to include or exclude that value as a dashboard-wide filter. Active filters appear as toggleable pills below the dashboard header. All widgets on the dashboard update instantly when filters are added, removed, or toggled.
  • Added: Interaction hints bar at the bottom of each dashboard explaining left-click (drill down) and right-click (filter) actions.
  • Fixed: Hostname dashboard not loading when navigated to from the search bar or activity tables.

1.6.14 - 2026-02-19

  • Added: Privacy & Data Deletion page under Administration. Tenant admins can search for a browser user by email or browser ID, analyze how many personal data records exist across all statistics indices, and permanently purge them for GDPR compliance. Includes confirmation dialog, per-index deletion counts, and automatic verification after purge.

1.6.13 - 2026-02-14

  • Added: Download Guard - file extension filtering for downloads. Create download filters (blocklist or whitelist mode) with four enforcement levels: report only, warn with override, or block. Filters are linked to policies and enforced on monitored hostnames.
  • Added: Four predefined download filter templates: Executables (block), Archives (warn), Documents Only (whitelist), and High Risk (block).
  • Added: Global download tracking. Every file download is automatically logged with filename, extension, file size, and source URL - regardless of whether download filters are active.
  • Added: Global upload tracking. File uploads on monitored pages are automatically logged with the same file metadata.
  • Added: DLP file transfer flow diagram. Visualize download sources and upload destinations by hostname and total bytes transferred over a configurable time range.
  • Added: Download filter linking on policies, similar to DLP groups.
  • Added: Download guard user notifications in English, German, French, and Italian.

1.6.11 - 2026-02-12

  • Added: Per-admin timezone preference. Dates and times throughout the portal are now displayed in the admin's chosen IANA timezone with correct daylight saving time handling.
  • Added: Per-admin language preference (English / German). All portal UI text, labels, and buttons are translated based on the selected language.
  • Added: Browser language auto-detection on account creation (signup and SSO) to set the initial language preference.
  • Added: Display Settings section in the Profile page for changing timezone and language.

1.6.10 - 2026-02-11

  • Added: CSV import wizard for DLP patterns. Bulk-import names or keywords from CSV files directly in the group editor. Includes delimiter selection, column mapping, preview, word boundary option, and a progress bar during import.
  • Added: Per-pattern case insensitive flag for DLP. When enabled, the pattern matches regardless of upper/lower case. Supported in the portal editor, preview, and browser extension.
  • Changed: Regex engine now uses Unicode-aware mode (u flag) for all DLP patterns in both the portal and browser extension. This improves word boundary matching for international characters (e.g. accented names).
  • Added: CSV download button on widget data tables.

1.6.7 - 2026-02-01

  • Added: Security add-on with vulnerability exposure monitoring and anti-phishing protection. Enable via the tenant settings.
  • Added: Vulnerability dashboard showing detected CVEs by severity, affected browsers, and discovery timeline.
  • Added: Anti-phishing protection configurable per policy. Detects and blocks phishing sites with user override tracking.
  • Added: Phishing dashboard showing detection events, blocked attempts, and dismissed warnings.
  • Added: Option to ignore SSL certificate errors for webhooks, supporting self-signed certificates and internal CAs.

1.6.6 - 2026-01-29

  • Changed: Renamed "Host Lists" to "Matching Rules" throughout the application.
  • Added: URL matching support. Rules can now match against the full URL (not just hostname) when the browser extension sends the URL.
  • Added: New matching operations: Contains, Prefix, and Suffix in addition to the existing Equals operation. These allow more flexible pattern matching (e.g., match all .edu domains with suffix rule, or block paths containing /admin/).
  • Added: Per-rule configuration of match target (Hostname or URL) and match operation (Equals, Contains, Prefix, Suffix).
  • Changed: Subdomain matching now only applies to rules using the Equals operation. Other operations (Contains, Prefix, Suffix) match against the full hostname string.

1.6.5 - 2026-01-29

  • Added: Webhooks for alert forwarding. Configure webhooks in the Administration menu to automatically send alert data to external systems (e.g., SIEM, ticketing, or chat tools) when alerts are triggered. Supports POST/PUT methods and custom authentication headers.
  • Added: Warning when configuring webhooks with HTTP (instead of HTTPS) to prevent accidental unencrypted data transmission.

1.6.3 - 2026-01-27

  • Changed: Deprecated direct hostname-policy associations. Hostnames must now be managed through hostlists. Existing direct associations are automatically migrated to autocreated hostlists named "Autocreated for Policy {name}".
  • Changed: Simplified policy UI by removing the Hostnames tab; policies now only show hostlist selection.
  • Fixed: DLP configuration is no longer sent to the browser extension when the DLP add-on is disabled for the tenant.
  • Added: Server health check (DB, Redis, Elasticsearch) to plugin health endpoint.
  • Added: Recheck websites for applicable policies on every URL change
  • Added: UI tooltips for supporting users with delayed policies

1.5.4 - 2026-01-15

  • Added: Audit log (per tenant) to record admin actions (who, what, when, path, IP, details). Available via the portal and API; designed for fast filtering by tenant and time.

1.5.3 - 2025-11-20

  • Changed: Removed deprecated API endpoints from plugin communication.
  • Changed: Rebuilt partner overview logic.
  • Changed: Migrated statistics storage to Elasticsearch for speed optimizations (2025‑11‑09).
  • Changed: Rebuilt global policy logic using native hostlists (2025‑11‑08).
  • Fixed: Elasticsearch index generation on tenant creation.

  • Fixed: Announcements creation.

  • Added: Alerts module and portal UI with search, assignment, comments, and close/reopen. Includes bulk close/reopen and daily/stacked summaries by alert type. The list of alert types is available for filtering.

  • Added: Policy option to trigger an alert for every policy hit (useful for high‑sensitivity monitoring).
  • Added: DLP (Data Loss Prevention) module gated by a tenant add‑on. Manage DLP groups, patterns, and per‑pattern exceptions in the portal/API.
  • Added: DLP group templates import. Create groups from predefined templates; patterns and exceptions import automatically. Groups keep a reference to their source template for traceability.
  • Added: DLP enforcement modes per pattern: 0=Report only, 1=Alert, 2=Mask & overridable, 3=Mask (no override). Replaces the legacy on/off enforcement.
  • Changed: Simplified DLP exceptions model (removed name/type); exceptions are now concise value entries tied to a pattern.
  • Added: Ability to link DLP groups to policies so specific DLP sets are enforced per policy.
  • Added: New training question types: single choice, free text, numeric input, and exact text match. Validation and answer handling updated accordingly.
  • Added: Option to show only a subset of decks per policy in randomized order; showing all remains the default.
  • Added: Option to let users postpone policy prompts for a configurable number of hours. Block policies cannot be postponed.
  • Changed: Introduced a tenant‑level DLP add‑on switch (replacing the legacy enforcement toggle) to better reflect licensing and enablement.

1.4.12 - 2025-10-29

  • Added: Support for blocking policies.
  • Added: Partner billing overview.
  • Added: New templates.
  • Changed: Extended API endpoints.
  • Changed: Improved PII purging automation.

1.4.11 - 2025-09-30

  • Added: Support for global policies in the browser extension.
  • Added: Support for multiple policies with different repetition windows in the extension.
  • Improved: Browser extension rollout guide in the portal (AD & Intune).
  • Improved: UI tag components.
  • Improved: Advisor capabilities to enhance user guidance in the portal.
  • Fixed: Repetition timeout for global policies.

1.4.10 - 2025-09-03

  • Added: Popup branding and style designer.
  • Added: Drag‑and‑drop deck ordering.
  • Added: Partner capabilities with tenant linking.
  • Improved: Template library selection and added more templates.
  • Improved: License slider, select dropdowns, and color pickers.
  • Changed: Enhanced cache optimizations (2025‑08‑22).
  • Added: New hostlists and templates (2025‑08‑22).
  • Changed: Redis‑based caching layer for plugin hostname lookups (2025‑08‑22).
  • Added: Personal API tokens (2025‑08‑16).
  • Changed: Auto‑link associated hostlists when importing policy templates (2025‑08‑16).
  • Improved: License usage calculations performance (2025‑08‑16).
  • Added: Email reminders for license over‑usage (2025‑08‑16).
  • Changed: Extended caching for aggregated queries and other performance optimizations (2025‑08‑13).

1.4.9 - 2025-07-23

  • Changed: www‑subdomain prefix‑stripping for statistics and hostname matching.
  • Added: Statistics widget with top observed domains.
  • Fixed: Global search functionality.
  • Added: User discovery and search; started collecting browser language; redesigned home/general statistics (2025‑07‑03, 2025‑06‑30).
  • Improved: Onboarding (contextual hints) and URL‑path handling for multi‑tab, multi‑tenant scenarios (2025‑06‑30).
  • Fixed: Minor policy template errors; improved page loading UX (2025‑06‑30).
  • Changed: Asynchronous backend workers; hostlists for domain‑category policies; improved portal hostname search; initial auto‑disable for imported templates (2025‑06‑27).
  • Fixed: Diverse minor UI fixes; case‑insensitive admin email by lowercasing (2025‑06‑23).

1.4.8 - 2025-06-23

  • Added: Healthcheck for browser extension and status popup (includes current configuration) for easier debugging.
  • Added: Language support in backend.
  • Improved: UI element hover animations; popup style isolation; content scrolling to prevent height overflow.
  • Added: Support for browser identification and statistics; implemented templates (2025‑06‑22).
  • Fixed: Policy creation failures (2025‑06‑22).

1.4.7 - 2025-05-18

  • Added: Healthcheck for browser extension and status popup (including current configuration) for easier debugging.
  • Added: Language support in backend.
  • Improved: Browser plugin installation instructions (2025‑05‑15).

1.4.6 - 2025-05-10

  • Changed: More efficient caching of policy requests by the browser extension (fewer requests).
  • Fixed: Overlay issues of browser popup on certain websites.

1.4.5 - 2025-05-06

  • Improved: Home statistics dashboard.
  • Changed: Better state storage logic in the browser extension.
  • Fixed: Microsoft Single Sign‑On login.

1.4.4 - 2025-04-25

  • Added: Policy preview/simulation functionality.
  • Fixed: Allow larger company logo sizes.

1.4.3 - 2025-04-24

  • Added: Browser popup customization through company logo.

1.4.1 - 2025-04-23

  • Added: Edge installation instructions.
  • Added: Extended invoice details options.
  • Added: Translations and automatic language detection for browser extension labels.

1.03 - 2025-03-27

  • Initial release of PolicyClue.