Subscribe to updates at https://docs.bugcrowd.com/changelog.xml. Filtered changelogs are available for:
- API: https://docs.bugcrowd.com/api/changelog/
- Customers: https://docs.bugcrowd.com/customers/changelog/
- Researchers: https://docs.bugcrowd.com/researchers/changelog/
Nov 7th, 2024
Nov 4th, 2024
Oct 24th, 2024
Oct 16th, 2024
Oct 3rd, 2024
Oct 1st, 2024
Sep 17th, 2024
Aug 20th, 2024
Aug 20th, 2024
Aug 15th, 2024
Jul 22nd, 2024
Jul 22nd, 2024
Jul 16th, 2024
Jul 16th, 2024
Jul 11th, 2024
Jul 2nd, 2024
Jun 18th, 2024
Jun 18th, 2024
Jun 11th, 2024
Jun 11th, 2024
Jun 11th, 2024
Jun 11th, 2024
May 29th, 2024
May 29th, 2024
May 7th, 2024
May 7th, 2024
Apr 25th, 2024
Apr 22nd, 2024
Apr 10th, 2024
Apr 10th, 2024
Mar 27th, 2024
Feb 12th, 2024
Feb 9th, 2024
Jan 11th, 2024
Dec 18th, 2023
Dec 18th, 2023
Nov 28th, 2023
Nov 27th, 2023
Nov 27th, 2023
Nov 27th, 2023
Nov 6th, 2023
Oct 12th, 2023
Oct 12th, 2023
Sep 27th, 2023
Sep 26th, 2023
Sep 6th, 2023
Aug 29th, 2023
Aug 17th, 2023
Jul 4th, 2023
May 9th, 2023
May 8th, 2023
May 2nd, 2023
Apr 5th, 2023
Apr 5th, 2023
Mar 30th, 2023
Mar 16th, 2023
Mar 16th, 2023
Mar 9th, 2023
Jan 26th, 2023
Jan 26th, 2023
Dec 7th, 2022
Dec 7th, 2022
Oct 24th, 2022
Oct 24th, 2022
Oct 24th, 2022
Sep 8th, 2022
Aug 4th, 2022
Aug 4th, 2022
May 12th, 2022
May 12th, 2022
Apr 28th, 2022
API > View Team Member API Keys
-
Added
Admins can now view the API keys of their team members
Mar 25th, 2022
Mar 22nd, 2022
Mar 22nd, 2022
Mar 8th, 2022
API > Deprecation of Generic Header Usage for Legacy (v3) API
-
Deprecated
Generic accept header not supported for legacy (v3) API
Mar 8th, 2022
API > Support for Generic Accept Headers on Current Version
-
Added
The current API version will now accept Generic Accept Header
Feb 24th, 2022
Feb 17th, 2022
Jan 27th, 2022
Jan 12th, 2022
Jan 7th, 2022
Dec 21st, 2021
Dec 15th, 2021
Dec 15th, 2021
Dec 15th, 2021
API > API code examples
-
Added
API code examples
Nov 29th, 2021
API > Auth token must be marked legacy to use the legacy (v3) API
-
Changed
Auth token must be marked legacy to use the legacy (v3) API
Nov 17th, 2021
API > New token deprecation warning for the legacy (v3) API
-
Deprecated
The legacy (v3) API will now 404 if used with a new auth token
Nov 9th, 2021
API > New field and button to copy raw request body from webhook delivery page
-
Added
New field and button to copy raw request body from webhook delivery page
Oct 28th, 2021
API > New API version released 2021-10-28
-
Added
- Changed
- Deprecated
- Removed
Remove
invited-asc
andinvited-desc
sort options fromprograms
index
Fixed
- Security
Sep 24th, 2021
Jul 12th, 2021
Jun 21st, 2021
Jun 10th, 2021
Jun 3rd, 2021
Customers > Simplified Purchasing
-
Added
Indicate need for Purchase Order within reward pool deposit
May 11th, 2021
May 2nd, 2021
Apr 16th, 2021
Platform > Updated with VRT 1.10
-
Added
Introduced a variant for OAuth Accounting Squatting classified as a P4
Secure Code Warrior developed a VRT mapping to their developer training
Improved
Extended support for Automotive categorization, developed in collaboration with Stellantis.
Downgraded all Flash-based entries to a rating of P5
Improved existing remediation advice for a number of entries
Simplified Weak Login Function entries with a baseline severity rating of P4
Apr 14th, 2021
Apr 5th, 2021
Customers > Generating Organization Insight Report
-
Added
Welcome Center to help you get started
Mar 11th, 2021
API > Bugfix for state filter on /submissions
-
Fixed
Filtering for submissions in
new
state does not return any
Feb 4th, 2021
Jan 25th, 2021
Jan 20th, 2021
Jan 15th, 2021
Customers > Improved data fidelity and organization with Target Group
-
Added
Better describe Targets with their new technology attributes and get Researchers there faster with a cleaner URL experience
Detail a set of targets via Target Group descriptions
Define a reward range per set of targets with recommendations presented when rewarding
Improved
Documented days of operation relative to triage and researcher payments
Dec 17th, 2020
Customers > Accounting Management
-
Added
Self-serve to deposit into reward pool
Organization-level reward pool to manage funds across one’s programs
Transaction details across one’s organization
Nov 19th, 2020
Nov 5th, 2020
Customers > Task List
-
Added
Task List to highlight and help you complete work
Provide feedback on documentation so we can continue to improve by clicking Give Feedback at the bottom of the page
Sep 16th, 2020
Sep 15th, 2020
Sep 12th, 2020
Sep 9th, 2020
Customers > New Documentation Site
-
Improved
Design and Search at the same location https://docs.bugcrowd.com
Added
Sep 1st, 2020
API > API Token usage
-
Added
Visibility into usage of API tokens across the team
Aug 22nd, 2020
Jul 30th, 2020
Customers > Viewing NDA Compliance Status
-
Added
- Improved
SSO Domain Validation no longer identifies Bugcrowd
A submission’s disclosure policy is defined based on when the submission was submitted
Jun 18th, 2020
Apr 16th, 2020
Customers > Attack Surface Management Asset Inventory - Dashboards and other updates
-
Added
New features in Attack Surface Management:Asset Inventory - Dashboards and other updates
Mar 31st, 2020
Customers > New features in Attack Surface Management - Asset Inventory
-
Added
New features in Attack Surface Management - Asset Inventory
Mar 28th, 2020
Mar 25th, 2020
Mar 5th, 2020
Customers > Slack Integration Notification for Blockers
-
Added
- Improved
ADA compliance of external submission form
Manage assignment and Custom fields when On-Demand programs are running
Dec 20th, 2019
Dec 19th, 2019
Dec 19th, 2019
Nov 29th, 2019
Nov 5th, 2019
Oct 23rd, 2019
Customers > Program Announcements
-
Added
Bugcrowd’s Slack Integration is now available in the Slack App Directory
Bugcrowd’s Jira Integration is now available in the Atlassian Marketplace
Improved
Additional search filters within Submission API
Oct 11th, 2019
Aug 21st, 2019
Aug 13th, 2019
Aug 2nd, 2019
Jul 24th, 2019
Jun 17th, 2019
May 8th, 2019
Customers > Public Program Credential Support and Improved Target Management
-
Improved
- Added
Callout for customers when program is about to launch or has recently launched
May 7th, 2019
May 3rd, 2019
Apr 11th, 2019
Apr 11th, 2019
Apr 10th, 2019
Customers > Retesting Update
-
Added
Retesting platform support
Apr 2nd, 2019
Customers > Program Search Launched
-
Improved
Renamed
Additional Fields
tab toFields and Settings
Renamed
Known Issues
tab toImport Issues
Apr 1st, 2019
Mar 20th, 2019
Customers > Integration Updates
-
Improved
Jira authentication is now available via OAuth for both Cloud and Server
Added
Mar 14th, 2019
Platform > Updating to VRT 1.7
-
Added
Automative Security Misconfiguration category
Sensitive Data Exposure > Weak Password Reset Implementation > Token Leakage via Host Header Poisoning as a new P2 variant, which is consistent with how this issue has been triaged by Bugcrowd’s Application Security Engineers so far.
Two new P4’s related to 2FA Secret Management
Improved
Remediation Advice links to latest OWASP Documentation
Feb 20th, 2019
Feb 16th, 2019
Platform > Comparison Operators for Dates
-
Improved
Tokenized date search
Feb 16th, 2019
Feb 16th, 2019
Customers > Bugcrowd mention
-
Improved
Direct comment to user with triage team
Dec 18th, 2018
Dec 18th, 2018
Customers > Application Security Engineer Listed
-
Added
Application Security Engineer listed
Dec 17th, 2018
Dec 17th, 2018
Platform > File Support Update
-
Improved
Platform supports 100MB for all file uploads
Nov 2nd, 2018
Platform > Updating to VRT 1.6
-
Improved
Nov 1st, 2018
Oct 30th, 2018
Researchers > Point Reward System Better Aligns Expectations and Acknowledges Researchers for Their Hard Work
-
Added
- Fixed
Email notifications on updates for Researchers
Oct 30th, 2018
Oct 26th, 2018
Platform > Updating to VRT 1.5
-
Improved
Oct 3rd, 2018
Sep 24th, 2018
Sep 24th, 2018
Customers > Crowdcontrol Improves Adjusted Payment Workflow
-
Added
Adjusting mistaken rewards workflow updated, Customers can send mail to support@bugcrowd.com.
Sep 22nd, 2018
Sep 19th, 2018
Sep 19th, 2018
Sep 18th, 2018
Aug 16th, 2018
Aug 16th, 2018
Customers > Crowdcontrol Usability More Intuitive
-
Improved
- Added
Identify Bugcrowd employees in activity feeds with a new icon identifier
Aug 15th, 2018
Researchers > Improved identification of Bugcrowd
-
Improved
Identify Bugcrowd employees in activity feeds with a new icon identifier
Aug 7th, 2018
Jul 11th, 2018
Customers > Improved Platform Usability
-
Improved
Known Issue Sharing displays
Informational
Program code can now have hyphens
Push to Jira button now gives instant feedback
Fixed
Jul 10th, 2018
Jul 3rd, 2018
Researchers > Advanced Crowdcontrol UX
-
Added
updated
label on the Programs page, to highlight recently updated programs.Bugcrowd ninja forwarding now includes the
to
email address to allow sub-domains.Quick links panel in Researcher dashboard
Leveraging program or user images for unfurling
Improved
Use Crowdcontrol on the go, now with a responsive navigation bar.
Notifications show below the customer state dropdown, so you can quickly change states, without needing to dismiss.
Jul 3rd, 2018
Customers > Advanced Crowdcontrol UX
-
Added
Unique Avatars - distinct default avatars to easily identify users. (Customer
Hover over avatar to show a user’s email address.
Highlight recently updated on the Programs page
Indication on customer’s programs page which programs are demos.
Leveraging program or user images for unfurling.
Improved
Use Crowdcontrol on the go, now with a responsive navigation bar.
Change states without needing to dismiss thanks to notifications shown below the customer state dropdown.
Jul 2nd, 2018
Jun 21st, 2018
Jun 19th, 2018
Platform > Updating to VRT 1.4
-
Added
VRT v1.4 is shipped
Apr 21st, 2018
Customers > Enhance Program Metrics
-
Fixed
Transaction Times within insights take into account skipped states
Validation Time within the Bounty Brief takes into account submissions that have not been validated yet
Improved
Bounty average payouts only include first to find, P1-4 payouts
Apr 17th, 2018
Researchers > Heightened Platform Security and Usability
-
Added
Remove timeout, instead using re-authentication prompts.
Interactive Session Management UI
Apr 17th, 2018
Customers > Heightened Platform Security and Usability
-
Added
Remove timeout, instead using re-authentication prompts.
Interactive Session Management UI
Improved
Added SSO indicators for authentications within the Session Management interface
Apr 17th, 2018
Apr 16th, 2018
Feb 16th, 2018
Customers > New Crowdcontrol Enhancements Add Improved Platform Efficiencies
-
Added
Search by Custom Fields with the Submission Search Bar
Search result number count when using the Submission Search Bar
Insights filter toggle - offering a clean display for sharing data on TVs
Improved
Page design refreshes on the Rewards page
Feb 15th, 2018
Researchers > New Crowdcontrol Enhancements Add Improved Platform Efficiencies
-
Added
Search by Custom Fields with the Submission Search Bar
Search result number count when using the Submission Search Bar
Insights filter toggle - offering a clean display for sharing data on TVs
Improved
Page design refreshes on the ID Verification and Payment Method Configuration pages
Jan 17th, 2018
Researchers > Improved Program Performance Tracking and Platform Efficiency
-
Added
Program performance metric to Program Page (Time to Validation)
Jan 17th, 2018
Customers > Improved Program Performance Tracking and Platform Efficiency
-
Improved
Program performance metric to Program Page (Time to Validation)
Customers can “read” credentials if enabled on their program
Dec 22nd, 2017
Nov 22nd, 2017
Customers > New Submission Search Bar and Filtering
-
Added
Search bar has been launched within Crowcontrol
Improved
Known issue import no longer requires
submitted_at
to be set, defaulting to the current time.Text search within Crowdcontrol is now more accurate in filtering for exactly what you search for, no longer trying to handle misspellings.
Nov 21st, 2017
Researchers > New Submission Search Bar and Filtering
-
Added
Advanced submission filtering is live
Improved
Text search within Crowdcontrol is now more accurate in filtering for exactly what you search for, no longer trying to handle misspellings.
Oct 19th, 2017
Customers > Improved Efficiency with CVSS and Notifications
-
Added
CVSS scores get backfilled based on VRT after enabled on a program
Easy to track email notifications now with threading grouped by submissions are delivered as a thread within email clients
Oct 10th, 2017
Customers > Added CVSS Calculator
-
Added
Organizations can manage submission severity with CVSS v3
Oct 4th, 2017
Platform > Introducing VRT 1.3
-
Improved
VRT v1.3 is shipped
Sep 26th, 2017
Customers > New Notification Management and Downloadable Data
-
Added
View and manage your notifications all from the new notifications page.
Download CSV of reward data from Crowdcontrol.
Sep 22nd, 2017
Customers > New Embedded Submission Form
-
Added
Use the Embedded Submission Form integration to integrate a submission form from your own website rather than through Bugcrowd.
Sep 15th, 2017
Customers > Improved Notifications
-
Improved
Viewing unread notifications automatically marks them as read
Sep 6th, 2017
Customers > Seamless Crowdcontrol Quick Search
-
Added
Enable syntax highlighting in your fenced code blocks when writing or commenting on a submission.
Use Quick Search to find exactly what you’re looking for in Crowdcontrol.
Sep 1st, 2017
API > Advanced API Documentation
-
Added
New API docs are available.
created_at
DateTime within the Comment Object
Aug 11th, 2017
Customers > VRT 1.2, Improved Functionality, and New Integration
-
Added
Attach a file to comments within Crowdcontrol.
Import known issues found in Qualys WAS scans into Crowdcontrol
Improved
v1.2 of the VRT is available
Custom fields now support up to 2048 characters.
Aug 1st, 2017
Customers > Slack Integration
-
Added
Slack integration is now available
Jul 26th, 2017
Platform > VRT Goes Open Source
-
Added
VRT gem is now open sourced
Jul 17th, 2017
Customers > Enhanced Reporting
-
Improved
Rewards are now listed in the order in which they were rewarded.
Added
CSV exports of submissions now include information about the target (
name
andcategory
) and thesource
of the submission.
Jul 13th, 2017
Customers > Simplified Workflow and Improved Filtering
-
Added
source filters are now available in Insights.
Switching between programs now takes you to the same page in the selected program.
Jul 6th, 2017
Customers > Improved Clarity and Workflow
-
Added
Researchers can now upload an attachment to a comment
New
andTriaged
submissions can be auto-assigned to a team member.
Jun 27th, 2017
Customers > Print a Submission
-
Added
Individual submissions can now be printed within Crowdcontrol
Jun 23rd, 2017
Customers > Improved Security and Transparency
-
Improved
Password entropy validation will be performed on any page where a password can be changed.
Public program response metrics for a program can now be viewed without logging in to the platform.
P5 submissions can now be viewed and filtered in Insights.