https://v3ndor.io/changelog Operator-visible improvements to the v3ndor.io third-party risk management platform. Updated in monthly batches. en-us 1440 https://v3ndor.io/changelog v3ndor-changelog-2026-05-26-new-workspaces-start-with-a-15-day-vendor-io-trial Tue, 26 May 2026 00:00:00 GMT New Approved workspace activations now create a backend-owned 15-day vendor.io trial. The app shows countdown and expired states from the tenant entitlement, and expired trials stay readable while new changes require an active subscription. https://v3ndor.io/changelog v3ndor-changelog-2026-05-26-more-operator-queues-use-structured-scan-rows Tue, 26 May 2026 00:00:00 GMT Improved Reviews, Evidence, Contacts, Questionnaire templates, and Cases now carry compact desktop metric rails for due dates, evidence expiry, contact coverage, template weight, case age, activity volume, and ownership. Operators can compare assurance and incident queues faster while mobile views keep the same readable metadata fallbacks. https://v3ndor.io/changelog v3ndor-changelog-2026-05-25-denser-structured-rows-for-core-work-queues Mon, 25 May 2026 00:00:00 GMT Improved The Vendors, Risks, Findings, and Contracts workspaces now use a shared scan-row metric rail so operators can compare health, risk score movement, finding age/ownership, and contract renewal/value signals without opening each record. Compact density also tightens row internals, helping high-volume work queues show more useful records per viewport while preserving the mobile metadata fallback. https://v3ndor.io/changelog v3ndor-changelog-2026-05-18-verification-email-links-survive-corporate-safe-links-rewriters Mon, 18 May 2026 00:00:00 GMT Security The id + token in v3ndor.io's sign-up verification email now live in the URL's hash fragment instead of the query string. Hash fragments are never sent over HTTP, so they're invisible to corporate Safe-Links / URL-Defense rewriters (Microsoft Defender, Proofpoint, Mimecast) that have been observed dropping unfamiliar query parameters during click-tracking redirects. Recipients on those rewriter stacks no longer land on a 'Missing verification details' panel after clicking a link from their inbox. The verify route still accepts the legacy query form for back-compat. https://v3ndor.io/changelog v3ndor-changelog-2026-05-17-workspace-prefix-on-every-primary-operator-tab Sun, 17 May 2026 00:00:00 GMT Improved Continuing the dashboard tab-title rollout earlier today: the workspace name now leads the browser-tab title on /vendors, /risks, /findings, and /audit too. Operators juggling multiple workspaces from the same browser can disambiguate every primary list view from the tab strip alone — flipping between Acme's and Globex's risk register stops requiring a focus-switch. https://v3ndor.io/changelog v3ndor-changelog-2026-05-17-workspace-name-in-the-browser-tab-title Sun, 17 May 2026 00:00:00 GMT Improved The dashboard's browser tab now leads with the active workspace name — operators juggling multiple browser tabs across workspaces can disambiguate them from the tab strip alone, no focus-switch required. Mirrors the dashboard subtitle treatment at the tab-strip level. https://v3ndor.io/changelog v3ndor-changelog-2026-05-17-rename-your-workspace-from-settings Sun, 17 May 2026 00:00:00 GMT New Settings → Workspace now hosts a rename affordance. The tenant id stays the same (so every existing audit / vendor / contract / risk record continues to belong to the same workspace), only the display label updates. Tenant-admins on signup-minted workspaces can rename; the three demo seed workspaces stay pinned read-only. The rename writes an audit-log entry so the change is visible alongside every other operator mutation. https://v3ndor.io/changelog v3ndor-changelog-2026-05-17-workspace-name-role-visible-on-the-dashboard-heading Sun, 17 May 2026 00:00:00 GMT Improved The dashboard subtitle now leads with the active workspace name + your role chip — at-a-glance confirmation of which tenant's data you're looking at when you switch workspaces via the avatar dropdown. https://v3ndor.io/changelog v3ndor-changelog-2026-05-17-per-signup-workspace-tenant-admin-role-at-signup Sun, 17 May 2026 00:00:00 GMT New Signing up to v3ndor.io now mints a fresh workspace (you pick the name) and assigns you tenant-admin of it. Production parity for the SaaS onboarding model: every operator owns the workspace they create and invites teammates from the inside. https://v3ndor.io/changelog v3ndor-changelog-2026-05-17-end-to-end-per-tenant-data-isolation Sun, 17 May 2026 00:00:00 GMT Security Every operator-visible surface — dashboard activity feed, vendors / contracts / risks / reviews / contacts / findings / evidence list pages, cases / tickets / webhooks / API keys panels — now scopes its rows to the active tenant. Mirrors the production audit_log / vendor / contract RLS policies (V001 + V019). A second user signed up in the same browser cannot see your records. https://v3ndor.io/changelog v3ndor-changelog-2026-05-15-export-pinned-watch-lists-as-csv Fri, 15 May 2026 00:00:00 GMT New The three pinned-watch-list dashboard widgets (vendors, findings, risks) now have an Export CSV button. Exports the full pinned set, not the limit-truncated visible subset. The risks CSV includes both inherent and residual exposure scores so a manager can answer 'is treatment paying off?' without opening the SPA. https://v3ndor.io/changelog v3ndor-changelog-2026-05-15-branded-open-graph-social-card Fri, 15 May 2026 00:00:00 GMT Public surface Sharing v3ndor.io URLs on Twitter/X, LinkedIn, Slack, or Discord now renders a 1200x630 branded preview with the headline and tagline visible at thumb scale, instead of a tiny logo dot. https://v3ndor.io/changelog v3ndor-changelog-2026-05-15-undo-toast-on-bulk-pin-unpin-actions Fri, 15 May 2026 00:00:00 GMT Improved Accidentally bulk-unpinning ten vendors mid-triage used to mean ten detail-page round-trips to restore. The bulk pin/unpin action now fires an 8-second Undo toast. For mixed-selection Pin actions, Undo only unwinds the items that weren't pre-pinned so pre-existing pins survive. https://v3ndor.io/changelog v3ndor-changelog-2026-05-15-rfc-9116-security-txt Fri, 15 May 2026 00:00:00 GMT Security Vulnerability researchers and IRM scanners can now auto-discover the disclosure contact at /.well-known/security.txt. The /security page surfaces a direct link too. https://v3ndor.io/changelog v3ndor-changelog-2026-05-15-changelog-page-launched Fri, 15 May 2026 00:00:00 GMT Public surface Public /changelog page lists every operator-visible improvement, grouped by month. Demonstrates platform velocity to procurement teams evaluating whether the platform is actively maintained. https://v3ndor.io/changelog v3ndor-changelog-2026-05-15-pricing-page-launched Fri, 15 May 2026 00:00:00 GMT Public surface The public /pricing framework page explains the four pricing levers (vendor count, seat count, framework templates, integration footprint) + three tier positions (Starter, Growth, Enterprise) so buyers can position their organisation before the call. https://v3ndor.io/changelog v3ndor-changelog-2026-05-15-pin-unpin-keyboard-shortcut Fri, 15 May 2026 00:00:00 GMT Improved Press P on any vendor / finding / risk detail page to toggle pinned state. Same direction-aware toast as the inline Pin button; available in audit mode too. https://v3ndor.io/changelog v3ndor-changelog-2026-05-15-bulk-pin-unpin-in-the-list-bulk-action-toolbar Fri, 15 May 2026 00:00:00 GMT New Select multiple rows on /vendors, /findings, /risks → 'Pin N' button in the bulk-action toolbar adds every selected entity to your watch list in one click. Flips to 'Unpin N' when every selected row is already pinned. https://v3ndor.io/changelog v3ndor-changelog-2026-05-15-personal-watch-list-dropdowns-in-the-sidebar Fri, 15 May 2026 00:00:00 GMT Improved The Vendors, Findings, and Risks sidebar sections now expose a chevron-dropdown with 'All X' + 'Pinned (N)' entries. Live count chip next to each — muted-tone, hidden when zero, glanceable from anywhere. https://v3ndor.io/changelog v3ndor-changelog-2026-05-15-integrations-page-launched Fri, 15 May 2026 00:00:00 GMT Public surface The public /integrations page lists the 23 concrete systems v3ndor.io plugs into — Google Workspace + Microsoft Entra + generic OIDC, CISA KEV + NVD CVE feeds, Slack + Teams + webhooks, audit-log syslog streaming + REST API, 7 framework templates + bring-your-own. https://v3ndor.io/changelog v3ndor-changelog-2026-05-15-security-overview-page-launched Fri, 15 May 2026 00:00:00 GMT Public surface Substantive /security page replaces the in-page landing fragment. Trust pillars + 8-claim posture grid + compliance frameworks (SOC 2, ISO 27001, NIST CSF 2.0, GDPR, CCPA, PCI-DSS) + operational security + customer-side controls + responsible disclosure programme. https://v3ndor.io/changelog v3ndor-changelog-2026-05-15-show-pinned-commands-in-the-cmd-k-palette Fri, 15 May 2026 00:00:00 GMT Improved A new 'Personal watch lists' group in the command palette with three live-count entries — 'Show pinned vendors (N)', 'Show pinned findings (N)', 'Show pinned risks (N)'. Each lands you on the corresponding list with the pinned-only filter pre-applied. https://v3ndor.io/changelog v3ndor-changelog-2026-05-15-pinned-only-filter-on-vendors-findings-risks Fri, 15 May 2026 00:00:00 GMT Improved The 'Manage X →' dashboard widget links now activate the watch-list view they promised — landing on /vendors?pinned=1, /findings?pinned=1, or /risks?pinned=1. ActiveFiltersBar chip with one-click clear. https://v3ndor.io/changelog v3ndor-changelog-2026-05-15-per-route-browser-tab-titles Fri, 15 May 2026 00:00:00 GMT Improved Every route now sets its own document.title — bookmarks, history entries, and tab strips disambiguate one open page from another. Previously every tab read the same static landing title regardless of which view was active. https://v3ndor.io/changelog v3ndor-changelog-2026-05-15-pinned-risks-the-third-entity-in-the-watch-list-trio Fri, 15 May 2026 00:00:00 GMT New Risks join vendors and findings as the third pinnable entity. Detail-page pin button, drawer compact pin, list star indicator + default-sort tie-break, dashboard widget showing inherent + residual scores inline. https://v3ndor.io/changelog v3ndor-changelog-2026-05-15-dashboard-widget-pinned-findings Fri, 15 May 2026 00:00:00 GMT New Mirrors the Pinned vendors widget for findings. Each row links to /findings/$id with severity + status + owner; inline Unpin clears the entry without round-tripping through the detail page. https://v3ndor.io/changelog v3ndor-changelog-2026-05-15-findings-list-star-indicator-pinned-first-sort Fri, 15 May 2026 00:00:00 GMT Improved Operators pinning a finding from its detail page now see it surface at the top of /findings (default sort) with a star next to the title. Explicit sorts (severity, title, raised-newest, owner) skip the promotion so the pin doesn't yank entries out of chosen sort groups. https://v3ndor.io/changelog v3ndor-changelog-2026-05-15-production-html-head-seo-foundation Fri, 15 May 2026 00:00:00 GMT Security The static index.html ships with meta description, Open Graph + Twitter card tags, JSON-LD (Organization + SoftwareApplication), canonical URL, and theme-color. Paired with robots.txt allow-list + sitemap.xml priorities. Public pages are now indexable; authenticated routes are explicitly disallowed. https://v3ndor.io/changelog v3ndor-changelog-2026-05-15-production-ready-landing-page Fri, 15 May 2026 00:00:00 GMT Public surface Hero + product overview + features grid + security-posture section + closing CTA. Sign-in CTAs route to /login (OIDC owns the credential flow). Removed the dev-only route launcher that previously leaked the authenticated surface to anonymous visitors.