Changelog
What we ship, when we ship it. Updated weekly.
v0.5May 25, 2026
security.txt generator + full legal trust center
- ·New /tools/security-txt — free RFC 9116 vulnerability disclosure file generator with live preview, validation, copy & download
- ·/security trust center: production controls, compliance status, coordinated disclosure policy, hall of fame
- ·Eight new legal pages: Privacy Policy, Terms of Service, Cookie Policy, Acceptable Use, Disclaimer, DPA, Subprocessors, Contact
- ·DPA auto-applies to every paid customer with full SCC + UK Addendum + DPDP coverage and TOM annex
- ·Aligned /.well-known/security.txt with the published security policy (acknowledge in 2 business days, fix critical in 30 days)
v0.4.1May 25, 2026
Pricing flow + dashboard polish
- ·New /pricing page with smart per-user CTAs: logged-out → login & resume; on free → Razorpay checkout; on paid → manage subscription
- ·Login flow now honors a redirect parameter so /pricing → /login → checkout works end-to-end
- ·Dashboard sidebar plan label is dynamic (no more hardcoded "Free")
- ·Dashboard plan card switches between "Upgrade plan" (free users) and "Manage subscription" (paid users) via Razorpay portal
- ·Open-redirect protection on every auth callback (sanitizeRedirect helper)
v0.4May 16, 2026
Auto-fix PRs for security headers, Razorpay webhooks, and rate limits
- ·Auto-fix engine generates real code-changing GitHub PRs (not just fix briefs)
- ·Fixes for: missing CSP/HSTS, Razorpay webhook signature verification, auth rate limiting, robots.txt, privacy policy
- ·Available on Pro and Max plans — confidence scoring per fix type
- ·Fix briefs still available for findings without auto-fix
v0.3May 15, 2026
Live Attack Replay — industry first
- ·Every critical finding ships with a working proof-of-exploit (curl + response)
- ·Replay button animates the attack succeeding against your own URL
- ·13 attack vectors with replay support: JWT alg:none, Razorpay webhook forgery, mass assignment, GraphQL introspection, subdomain takeover, CORS reflection, more
- ·Live feed on landing page shows real findings as they happen
v0.2May 15, 2026
Rebrand to Vezraa
- ·VibeAudit is now Vezraa — same product, sharper name
- ·Live at vezraa.com
- ·MCP package @vibeaudit/mcp continues to work (backward compatible)
- ·New domain, new OG image, new brand colors (indigo + red accent)
v0.1.5May 14, 2026
MCP server published on npm
- ·@vibeaudit/mcp@1.0.2 live on npm — works in Claude Code, Cursor, Windsurf, Claude Desktop
- ·5 tools exposed: scan, check_headers, check_dns, check_rls, get_report
- ·API key generation in dashboard with one-click MCP config snippets per tool
- ·Bring-your-own-key mode for power users
v0.1.4May 14, 2026
Subscription pricing — Starter / Pro / Max
- ·Starter $9/mo, Pro $19/mo, Max $39/mo — 30% off annual
- ·Free standalone tools remain available — header checker, DNS checker, RLS tester
- ·Razorpay checkout flow wired end-to-end with subscription mode
- ·Pricing modal on report page when free user tries to view locked findings
v0.1.3May 13, 2026
Parallel scanner — 30 second results
- ·All 17 scan categories now run in parallel via Promise.allSettled
- ·Average scan time dropped from ~140s to ~28s
- ·Animated progress UI shows real-time scan activity
- ·PageSpeed timeout reduced from 45s to 20s
v0.1.2May 12, 2026
Security hardening of our own app
- ·Added full CSP, HSTS, X-Frame-Options, Permissions-Policy, COOP, CORP
- ·Sentry integrated for error tracking (server, client, edge)
- ·Free plan paywall enforced server-side, not just in UI
- ·Score jumped from 50 to 90+ on our own scanner
v0.1.1May 10, 2026
Domain verification — 4 methods
- ·DNS TXT record verification
- ·HTML file verification at .well-known/
- ·Meta tag verification
- ·Ask AI — generates a paste-ready prompt for Cursor/Claude to add the verification
v0.1May 8, 2026
Initial release
- ·2,100 checks, 90+ categories
- ·Active pentest probes: JWT, CORS, webhook forgery, mass assignment, GraphQL, subdomain takeover
- ·Read-only scanner — no destructive operations
- ·AI-generated fix prompts for every finding
Want updates in your inbox?
Run your first scan →