prowler/ui/CHANGELOG.md

Prowler UI Changelog

All notable changes to the Prowler UI are documented in this file.

[1.16.0] (Prowler v5.16.0)

🚀 Added

• SSO and API Key link cards to Integrations page for better discoverability (#9570)
• Risk Radar component with category-based severity breakdown to Overview page (#9532)
• More extensive resource details (partition, details and metadata) within Findings detail and Resources detail view (#9515)
• Integrated Prowler MCP server with Lighthouse AI for dynamic tool execution (#9255)

🔄 Changed

• Lighthouse AI markdown rendering with strict markdownlint compliance and nested list styling (#9586)
• Lighthouse AI default model updated from gpt-4o to gpt-5.2 (#9586)
• Lighthouse AI destructive MCP tools blocked from LLM access (delete, trigger scan, etc.) (#9586)

🐞 Fixed

• Lighthouse AI angle-bracket placeholders now render correctly in chat messages (#9586)
• Lighthouse AI recommended model badge contrast improved (#9586)

---

[1.15.1] (Prowler v5.15.1)

🔐 Security

• Bump Next.js to version 15.5.9 (#9522), (#9513)
• Bump React to version 19.2.2 (#9534)

---

[1.15.0] (Prowler v5.15.0)

🚀 Added

• Risk Plot component with interactive legend and severity navigation to Overview page (#9469)
• Navigation progress bar for page transitions using Next.js onRouterTransitionStart (#9465)
• Findings Severity Over Time chart component to Overview page (#9405)
• Attack Surface component to Overview page (#9412)

🔄 Changed

• Migrate package manager from npm to pnpm for faster installs and stricter dependency resolution (#9442)
• Pin pnpm to version 10 in Dockerfile for consistent builds (#9452)
• Compliance Watchlist component to Overview page (#9199)
• Service Watchlist component to Overview page (#9316)
• Risk Pipeline component with Sankey chart to Overview page (#9317)
• Threat Map component to Overview Page (#9324)
• MongoDB Atlas provider support (#9253)
• Lighthouse AI support for Amazon Bedrock API key (#9343)

🐞 Fixed

• Show top failed requirements in compliance specific view for compliance without sections (#9471)

---

[1.14.2] (Prowler v5.14.2)

🐞 Fixed

• Models list in Lighthouse selector when default model is not set for provider (#9402)
• Sort compliance cards by name from the compliance overview (#9422)
• Risk severity chart must show only FAIL findings (#9452)

🔐 Security

• Bump Next.js and React for CVE-2025-66478 (#9447)

---

[1.14.0] (Prowler v5.14.0)

🚀 Added

• RSS feeds support (#9109)
• Multi LLM support to Lighthouse AI (#8925)
• Customer Support menu item (#9143)
• PDF reporting for ENS compliance framework (#9158)
• IaC (Infrastructure as Code) provider support for scanning remote repositories (#8751)
• PDF reporting for NIS2 compliance framework (#9170)
• External resource link to IaC findings for direct navigation to source code in Git repositories (#9151)
• New Overview page and new app styles (#9234)
• Use branch name as region for IaC findings (#9296)

🔄 Changed

• Resource ID moved up in the findings detail page (#9141)
• C5 compliance logo (#9224)
• Overview charts now support click navigation to Findings page with filters and keyboard accessibility (#9281)
• Threat score now displays 2 decimal places with note that it doesn't include muted findings (#9281)

---

[1.13.1] (Prowler v5.13.1)

🔄 Changed

• Upgrade React to version 19.2.0 (#9039)

---

[1.13.0] (Prowler v5.13.0)

🚀 Added

• Support for Markdown and AdditionalURLs in findings detail page (#8704)
• Prowler Hub menu item with tooltip (#8692)
• Copy link button to finding detail page (#8685)
• React Compiler support for automatic optimization (#8748)
• Turbopack support for faster development builds (#8748)
• Add compliance name in compliance detail view (#8775)
• PDF reporting for Prowler ThreatScore (#8867)
• Support C5 compliance framework for the AWS provider (#8830)
• API key management in user profile (#8308)
• Refresh access token error handling (#8864)
• Support Common Cloud Controls for AWS, Azure and GCP (#8000)
• New M365 credentials certificate authentication method (#8929)

🔄 Changed

• Upgraded Zod to version 4.1.11 with comprehensive migration of deprecated syntax (#8801)
• Upgraded Zustand to version 5.0.8 (no code changes required) (#8801)
• Upgraded AI SDK to version 5.0.59 with new transport and message structure (#8801)
• Upgraded React to version 19.1.1 with async components support (#8748)
• Upgraded Next.js to version 15.5.3 with enhanced App Router (#8748)
• Updated from NextUI to HeroUI (#8748)
• Updated LangChain to latest versions with API improvements (#8748)
• Migrated all page components to async params/searchParams API (#8748)
• Migrated from useFormState to useActionState for React 19 compatibility (#8748)
• References display in findings detail page now shows as a proper bulleted list (#8793)

🐞 Fixed

• SAML configuration errors are now properly caught and displayed (#8880)
• ThreatScore for each pillar in Prowler ThreatScore specific view (#8582)
• Remove maxTokens model param for GPT-5 models (#8843)
• MITRE ATTACK compliance view now shows all requirements in charts (#8886)
• Mutelist menu item now doesn't blink (#8932)

---

[1.12.3] (Prowler v5.12.3)

🐞 Fixed

• Disable "See Findings" button until scan completes (#8762)
• Scrolling during Lighthouse AI response streaming (#8669)
• Lighthouse textbox to send messages on Enter (#8747)

---

[1.12.2] (Prowler v5.12.2)

🐞 Fixed

• Handle 4XX errors consistently and 204 responses properly (#8722)

[1.12.1] (Prowler v5.12.1)

🐞 Fixed

• Field-level email validation message (#8698)
• POST method on auth form (#8699)

---

[1.12.0] (Prowler v5.12.0)

🚀 Added

• Jira integration (#8640), (#8649)

🔄 Changed

• Overview chart "Findings by Severity" now shows only failing findings (defaults to status=FAIL) and chart links open the Findings page pre-filtered to fails per severity (#8186)
• Handle API responses and errors consistently across the app (#8621)
• No-permission message on the scan page (#8624)

🐞 Fixed

• Scan page shows NoProvidersAdded when no providers (#8626)
• XML field in SAML configuration form validation (#8638)
• Social login buttons in sign-up page (#8673)

---

[1.11.0] (Prowler v5.11.0)

🚀 Added

• Security Hub integration (#8552)
• Cloud Provider type filter to providers page (#8473)
• New menu item under Configuration section for quick access to the Mutelist (#8444)
• Resource agent to Lighthouse for querying resource information (#8509)
• Lighthouse support for OpenAI GPT-5 (#8527)
• Link to the configured S3 bucket and folder in each integration (#8554)

🔄 Changed

• Disable See Compliance button until scan completes (#8487)
• Provider connection filter now shows "Connected/Disconnected" instead of "true/false" for better UX (#8520)
• Provider Uid filter on scan page to list all UIDs regardless of connection status (#8375)

🐞 Fixed

• Default value inside credentials form in AWS Provider add workflow properly set (#8553)
• Auth callback route checking working as expected (#8556)
• DataTable column headers set to single-line (#8480)

---

[1.10.2] (Prowler v5.10.3)

🐞 Fixed

• Lighthouse using default config instead of backend config (#8546)

---

[1.10.1] (Prowler v5.10.1)

🐞 Fixed

• Field for Assume Role in AWS role credentials form shown again (#8484)
• GitHub submenu to High Risk Findings (#8488)
• Improved Overview chart Findings by Severity spacing (#8491)

[1.10.0] (Prowler v5.10.0)

🚀 Added

• Lighthouse banner (#8259)
• Amazon AWS S3 integration (#8391)
• Github provider support (#8405)
• XML validation for SAML metadata in the UI (#8429)
• Default Mutelist placeholder in the UI (#8455)
• Help link in the SAML configuration modal (#8461)

🔄 Changed

• Rename Memberships to Organization in the sidebar (#8415)

🐞 Fixed

• Display error messages and allow editing last message in Lighthouse (#8358)

❌ Removed

• Removed Browse all resources from the sidebar, sidebar now shows a single Resources entry (#8418)
• Removed Misconfigurations from the Top Failed Findings section in the sidebar (#8426)

---

[v1.9.0] (Prowler v5.9.0)

🚀 Added

• Mutelist configuration form (#8190)
• SAML login integration (#8203)
• Resource view (#7760)
• Navigation link in Scans view to access Compliance Overview (#8251)
• Status column for findings table in the Compliance Detail view (#8244)
• Allow to restrict routes access based on user permissions (#8287)
• Max character limit validation for Scan label (#8319)

🔐 Security

• Enhanced password validation to enforce 12+ character passwords with special characters, uppercase, lowercase, and numbers (#8225)

🔄 Changed

• Upgrade to Next.js 14.2.30 and lock TypeScript to 5.5.4 for ESLint compatibility (#8189)
• Improved active step highlighting and updated step titles and descriptions in the Cloud Provider credentials update flow (#8303)
• Refactored all existing links across the app to use new custom-link component for consistent styling (#8341)

🐞 Fixed

• Error message when launching a scan if user has no permissions (#8280)
• Include compliance in the download button tooltip (#8307)
• Redirection and error handling issues after deleting a provider groups (#8389)

---

[v1.8.1] (Prowler v5.8.1)

🔄 Changed

• Latest new failed findings now use GET /findings/latest (#8219)

❌ Removed

• Validation of the provider's secret type during updates (#8197)

---

[v1.8.0] (Prowler v5.8.0)

🚀 Added

• New profile page with details about the user and their roles (#7780)
• Improved SnippetChip component and show resource name in new findings table (#7813)
• Possibility to edit the organization name (#7829)
• GCP credential method (Account Service Key) (#7872)
• Compliance detail view: ENS (#7853)
• Compliance detail view: ISO (#7897)
• Compliance detail view: CIS (#7913)
• Compliance detail view: AWS Well-Architected Framework (#7925)
• Compliance detail view: KISA (#7965)
• Compliance detail view: ProwlerThreatScore (#7979)
• Compliance detail view: Generic (rest of the compliances) (#7990)
• Compliance detail view: MITRE ATTACK (#8002)
• Improve Scan ID filter by adding more context and enhancing the UI/UX (#8046)
• Lighthouse chat interface (#7878)
• Google Tag Manager integration (#8058)

🔄 Changed

• Provider UID filter to scans page (#7820)
• Aligned Next.js version to v14.2.29 across Prowler and Cloud environments for consistency and improved maintainability (#7962)
• Refactor credentials forms with reusable components and error handling (#7988)
• Updated the provider details section in Scan and Findings detail pages (#7968)
• Make user and password fields optional but mutually required for M365 cloud provider (#8044)
• Improve filter behaviour and relationships between filters in findings page (#8046)
• Set filters panel to be always open by default (#8085)
• Updated "Sign in"/"Sign up" capitalization for consistency (#8136)
• Duplicate API base URL as an env var to make it accessible in client components (#8131)

🐞 Fixed

• Sync between filter buttons and URL when filters change (#7928)
• Improve heatmap perfomance (#7934)
• SelectScanProvider warning fixed with empty alias (#7998)
• Prevent console warnings for accessibility and SVG (#8019)

---

[v1.7.3] (Prowler v5.7.3)

🐞 Fixed

• Encrypted password typo in formSchemas (#7828)

---

[v1.7.2] (Prowler v5.7.2)

🐞 Fixed

• Download report behaviour updated to show feedback based on API response (#7758)
• Missing KISA and ProwlerThreat icons added to the compliance page (#7860)
• Retrieve more than 10 scans in /compliance page (#7865)
• Improve CustomDropdownFilter component (#7868)

---

[v1.7.1] (Prowler v5.7.1)

🐞 Fixed

• Validation to AWS IAM role (#7787)
• Tweak some wording for consistency throughout the app (#7794)
• Retrieve more than 10 providers in /scans, /manage-groups and /findings pages (#7793)

---

[v1.7.0] (Prowler v5.7.0)

🚀 Added

• Chart to show the split between passed and failed findings (#7680)
• Accordion component (#7700)
• Improve Provider UID filter by adding more context and enhancing the UI/UX (#7741)
• AWS CloudFormation Quick Link to the IAM Role credentials step (#7735) – Use getLatestFindings on findings page when no scan or date filters are applied (#7756)

🐞 Fixed

• Form validation in launch scan workflow (#7693)
• Moved ProviderType to a shared types file and replaced all occurrences across the codebase (#7710)
• Added filter to retrieve only connected providers on the scan page (#7723)

❌ Removed

• Alias if not added from findings detail page (#7751)

---

[v1.6.0] (Prowler v5.6.0)

🚀 Added

• Support for the M365 Cloud Provider (#7590)
• Option to customize the number of items displayed per table page (#7634)
• Delta attribute in findings detail view (#7654)
• Delta indicator in new findings table (#7676)
• Button to download the CSV report in compliance card (#7665)
• Show loading state while checking provider connection (#7669)

🔄 Changed

• Finding URLs now include the ID, allowing them to be shared within the organization (#7654)
• Show Add/Update credentials depending on whether a secret is already set or not (#7669)

🐞 Fixed

• Set a default session duration when configuring an AWS Cloud Provider using a role (#7639)
• Error about page number persistence when filters change (#7655)

---

[v1.5.0] (Prowler v5.5.0)

🚀 Added

• Social login integration with Google and GitHub (#7218)
• one-time scan feature: Adds support for single scan execution (#7188)
• Accepted invitations can no longer be edited (#7198)
• Download column in scans table to download reports for completed scans (#7353)
• Show muted icon when a finding is muted (#7378)
• Static status icon with link to service status page (#7468)

🔄 Changed

• Tweak styles for compliance cards (#7148)
• Upgrade Next.js to v14.2.25 to fix a middleware authorization vulnerability (#7339)
• Apply default filter to show only failed items when coming from scan table (#7356)
• Fix link behavior in scan cards: only disable "View Findings" when scan is not completed or executing (#7368)

---

[v1.4.0] (Prowler v5.4.0)

🚀 Added

• exports feature: Users can now download artifacts via a new button (#7006)
• New sidebar with nested menus and integrated mobile navigation (#7018)
• Animation for scan execution progress—it now updates automatically (#6972)
• status_extended attribute to finding details (#6997)
• Prowler version to the sidebar (#7086)

🔄 Changed

• New compliance dropdown (#7118)

🐞 Fixed

• Revalidate the page when a role is deleted (#6976)
• Allows removing group visibility when creating a role (#7088)
• Displays correct error messages when deleting a user (#7089)
• Updated label: "Select a scan job" → "Select a cloud provider" (#7107)
• Display uid if alias is missing when creating a group (#7137)

---

[v1.3.0] (Prowler v5.3.0)

🚀 Added

• Findings endpoints now require at least one date filter (#6864)

🔄 Changed

• Scans now appear immediately after launch (#6791)
• Improved sign-in and sign-up forms (#6813)

---

[v1.2.0] (Prowler v5.2.0)

🚀 Added

• First seen field included in finding details (#6575)

🔄 Changed

• Completely redesigned finding details layout (#6575)
• Completely redesigned scan details layout (#6665)
• Simplified provider setup: reduced from 4 to 3 steps Successful connection now triggers an animation before redirecting to /scans (#6665)

---