Product changelog

This release fixes Docker Compose runtime configuration for container deployments. ## What's changed - Fixed: Docker Compose now uses the configured runtime image (`BUMPT_IMAGE`) with `pull_policy: always`, ensuring deployments run the expected published image instead of rebuilding locally.

## Summary This release improves first-run default behavior and adds finer GitHub release channel targeting for monitored items. ## Shared - Changed: `AI Enrichment` is now disabled by default on fresh installations. - Changed: Default rows per page is now `25`, and it is applied immediately on first startup (no manual save required). - Added: GitHub source monitoring now supports an optional free-text repository flavor/channel filter (for example `prod`, `dev`, `canary`, or any custom naming convention). - Changed: New monitored items now default both `currentVersion` and `latestVersion` to `0.0.0`.

This release hardens local license enforcement for self-hosted deployments and closes multiple server-side bypass paths. It also introduces a stricter signed license payload model to align issuance from the storefront with offline verification in the container. ## What's changed - Fixed: License checks now reject invalid or expired signatures with strict payload validation. - Fixed: Server-side feature gates are now enforced consistently on protected API routes (reports, webhooks, API keys). - Fixed: API key authentication is blocked when the license does not allow API keys. - Fixed: License activation now fails fast when the provided key verifies as invalid instead of silently degrading behavior. - Fixed: Additional report history and webhook endpoints now enforce Professional entitlement checks. - Added: Support for `schemaVersion` + `kid` license payload fields to prepare public key rotation. - Added: Clock rollback detection and periodic re-validation safeguards for offline deployments. - Added: Structured v1 license payload support with explicit `features`, `limits`, `notBefore`, and `instanceBinding` claims.

This release improves report scheduling accuracy across timezones and keeps version history cleaner. ## What's changed - Fixed: Report scheduling now respects the configured app timezone, including daylight saving time transitions for IANA regions. - Fixed: Scheduled report next-run calculation now uses the same timezone-aware path across create, update, manual send, and cron flows. - Fixed: Item version history now records entries only when a version is explicitly validated, preventing non-validated automatic check noise.

## Summary This release improves publishing reliability across Pro and Community delivery flows and keeps package ownership clearer between both repositories. ## Shared - Fixed: Community sync now retries from the latest remote state to avoid non-fast-forward push failures during concurrent updates. - Fixed: Temporary release artifacts are excluded from Community sync output. ## Pro - Fixed: Docker publishing keeps Pro tags and package source metadata aligned with the Pro repository. ## Community - Fixed: Docker publishing keeps Community image source metadata aligned with the Community repository package.

This patch release improves reliability for Pro deployments that use Microsoft SQL Server. ## What's changed - Fixed: MSSQL support for Pro deployments during Docker build and startup. - Added: No shared product-facing changes in this patch.

This patch release is published to re-run and validate the full Pro and Community build and release pipeline. ## What's changed - Fixed: Release rerun with refreshed versioning to validate Docker image publishing end-to-end. - Added: Changed: No product behavior change in Pro for this validation patch.

This patch release improves release reliability for Docker image publishing after recent Community sync fixes. ## What's changed - Fixed: Community release pipeline now keeps AI stubs aligned with CVE enrichment imports to prevent Docker build failures. - Fixed: Release metadata continuity for Docker image tags by publishing a fresh patch version after post-release sync fixes. - Added: Changed: No functional product behavior change in Pro for this patch.

This patch release fixes a Community build compatibility issue introduced in v0.2.0 and improves release stability. ## What's changed - Fixed: Community Docker build no longer fails when CVE enrichment imports AI helpers. - Added: Changed: No functional product change in Pro behavior for this patch.

This release improves risk prioritization, vulnerability context quality, and dashboard usability for security and operations teams. ## What's changed - Fixed: Stale risk and CVE states after acknowledge and re-check flows. - Fixed: End-of-life date matching for older version lines. - Fixed: CVE detection reliability for edge naming and version scenarios. - Fixed: AI enrichment fallback behavior for timeout, quota, and retry failure paths. - Added: BPT (Business Priority Threat), an internal score combining technical severity, threat intelligence, and business context. - Added: EPSS and CISA KEV enrichment signals in vulnerability prioritization. - Added: Optional AI CVE enrichment as a complementary stage after standard source checks and CVE API enrichment. - Added: Changed: Lifecycle handling now clearly distinguishes up-to-date, outdated, and end-of-life states. - Added: Changed: Dashboard and admin table layouts are more compact and consistent. - Added: Changed: Default rows-per-page setting now applies across dashboard, items, users, and logs. - Added: AI provider configuration improvements including multi-provider support and advanced runtime controls. - Added: Super admin prompt template support for AI enrichment customization.

This is the first official release of bum.pt Professional. bum.pt helps IT teams monitor software, Docker images, and services from a single dashboard, with built-in update intelligence, release metadata, and vulnerability context. Professional extends the platform with advanced automation, enterprise integrations, and richer operational workflows. ## What's changed - Added: Initial official Professional release of bum.pt. - Added: Unified monitoring experience for 43 built-in sources across registries, package ecosystems, and app marketplaces. - Added: Dashboard and fullscreen NOC/TV overview for real-time operational visibility. - Added: Automatic release metadata and CVE enrichment to support safer update decisions. - Added: Professional features including AI enrichment, webhooks/notifications, scheduled reports, SSO (SAML/OIDC), API keys, and MCP server support. - Added: Multi-database support with Professional MSSQL capability. - Replaced: Legacy/early project documentation with a production-ready public release documentation set.