Changelog

All notable changes to the HackerSavanna platform. Subscribe to our newsletter to get release updates by email.

v2.4.0
April 1, 2026

Feature flags, test infrastructure, and accessibility improvements.

  • New
    Feature flag management: toggle application features at runtime from the admin panel without a deployment.
  • New
    Researcher onboarding checklist: guided step-by-step setup flow for new researchers.
  • New
    Public status page: real-time system health overview at /status.
  • New
    Vitest unit test suite and Playwright end-to-end tests now included in the repository.
  • Improved
    Report submission form now shows contextual tooltip hints on key fields.
  • Improved
    Accessibility: WCAG 2.1 AA checks added to CI via axe-core Playwright integration.
v2.3.0
March 15, 2026

Legal compliance, eDiscovery, and health monitoring.

  • New
    Legal hold management: admins can place and release legal holds to prevent data deletion.
  • New
    eDiscovery search: admins can search reports and audit logs by target user with keyword and date filters.
  • New
    Compliance report export: download a full JSON evidence package per user for audit purposes.
  • New
    Health check endpoint at /api/health: probes Firestore and returns 200 ok or 503 degraded.
  • Security
    All admin server actions now enforce IP allowlist and write to security audit logs.
v2.2.0
February 20, 2026

Researcher reviews, company reviews, and verification badges.

  • New
    Companies can now rate researchers on communication, report quality, and professionalism.
  • New
    Researchers can rate companies on responsiveness, payout fairness, and program clarity with optional anonymity.
  • New
    Verification badges: email, identity, KYC, 2FA, domain, CVE-author, and premium badges synced and displayed.
  • Improved
    Researcher search now shows trust level and verification badge indicators in results.
v2.1.0
January 30, 2026

Community features: forums, mentorship, groups, and events.

  • New
    Community forums with category filters, threaded replies, and upvote system.
  • New
    Researcher groups: create, join, and leave public/private groups.
  • New
    Mentorship program: submit and browse mentor/mentee requests with specialization matching.
  • New
    Events calendar: community events grouped by month with admin approval workflow.
  • New
    Activity feed: personalized feed of follow-based events from researchers and programs you follow.
v2.0.0
January 10, 2026

Major release: disclosure pipeline, coordinated CVE requests, and Hall of Fame.

  • New
    Full coordinated disclosure pipeline: timeline milestones, embargo management, and advisory versioning.
  • New
    CVE request integration with NVD submission and CERT/CC coordination tracking.
  • New
    Hall of Fame: public recognition page for nominated researchers with top disclosures.
  • New
    SavannaHub: searchable public disclosure database with CVE, weakness, and date filters.
  • New
    Redaction tools, disclosure previews, and press release template generation.
  • Improved
    Advisory generation produces structured advisory bodies with versioned edit history.
v1.9.0
December 5, 2025

NDA gate, safe harbor templates, and program templates.

  • New
    NDA gate on researcher program pages: programs can require NDA acceptance before scope is revealed.
  • New
    Safe harbor agreement templates (standard, comprehensive, minimal, GDPR-compliant) for programs.
  • New
    Program templates: seed new programs from five pre-built templates.
  • Improved
    Program version diff viewer: see exactly what changed between policy versions.
v1.8.0
November 12, 2025

Smart triage assistant, AI-powered recommendations, and reputation decay.

  • New
    Smart triage assistant: AI-powered duplicate detection, scope linking, and quality scoring.
  • New
    Researcher program recommendations based on specialization matching.
  • New
    Trust levels: Bronze → Diamond tiers computed from reputation with colour-coded badges.
  • New
    Reputation decay: admin-triggered inactivity-based decay with configurable threshold.
  • Security
    CSRF protection via assertServerActionOrigin() added to all server actions.

Older releases are archived. View on GitHub