Changelog
Start typing to search…
Back to All

Release of October 15th, 2025

October 15th, 2025

Enhancements

Mask toggle for Additional Headers in the Authentication Flow dialog

Values of a specific header in the Advanced tab of the Authentication flow dialog can now be set to display as Clear Text or Masked Text. This masking enhancement follows the same role scopes as the existing mask feature.

Mask toggle for 'Additional Headers' in the Authentication Flow dialog

Note: The unmasking access scope determines the ability to mask and unmask values.

For more information, see Additional Headers

Unconfirmed Issues Tab Now Visible by Default

The Unconfirmed Issues tab is now visible by default on the Scan and Project details pages. This tab was previously hidden by default making it harder for new users to find unconfirmed issues show in the scan widgets to locate their details.

Redesigned Email Templates

Bright system emails now include modernized layouts, and improved readability for easier communication and understanding.

Improvements

Scheduled Scans Reliability Improvements

The issue preventing scheduled scans from running as expected due to unavailable repeaters or off-line environments is resolved. Scans will now start and complete in the correct sequence, ensuring reliable automation and scheduled scan results.

SSO Configuration Fix

The issue preventing users from completing SSO setup after removing a previous authentication provider is now resolved. A Disconnect button was added enabling users to to reset or remove configurations at any time, preventing setup interruptions.

Visual Fixes in Scan Progress

Several UI inconsistencies in the Scan Info > Progress view are now resolved. When no entry points are scanned (0/0), the system now displays N/A instead of 100%, providing a clearer and more accurate representation of scan results.

Scan Progress

Upcoming breaking changes

API Scope Update - Effective October 21, 2025

Report permissions will be more clear and secure.

What will change

Starting October 21, 2025, certain actions related to PDF report generation will require a different authentication method:

  • PDF report generation (for Scan and Project) and organization-level report configuration will be available only when using a Bearer token – the same authentication method used in the Bright web app.

    These actions will require two specific permissions:

    • reports:read – to view and export reports
    • reports:write – to edit or configure report templates

  • API Keys will no longer support these report-related endpoints.

    • Regular exports such as CSV, JSON, SARIF, HAR, etc., will continue to work with API Keys as before.

This update helps prevents users with limited roles from exporting sensitive report data without proper access.

What you’ll need to do

If you or your automations currently use API Keys to generate PDF reports or configure report templates, switch to Bearer token authentication to continue using these capabilities.

No action will be required for other export formats.