5 April 2026 — Release 2026.04
Security hardening, job lifecycle enhancements, and infrastructure improvements.
Security Hardening
Encryption at rest extended to all core data entities
Encryption at rest extended to all core data entities
Strengthened data protection controls with comprehensive encryption-at-rest coverage across all core platform entities, ensuring alignment with UK GDPR, the Data Protection Act 2018, and ISO 27001 obligations.
Data protection controls applied to additional API endpoints
Data protection controls applied to additional API endpoints
Extended consistent data protection handling to a broader set of API endpoints, ensuring personally identifiable information is handled uniformly across the entire platform surface.
Data protection applied to activity logs and system communications
Data protection applied to activity logs and system communications
Applied data protection controls to user activity logs, email logs, and system communications, reinforcing the platform’s GDPR compliance posture and reducing the risk of inadvertent PII exposure in operational records.
Statutory data retention policy enforced for job records
Statutory data retention policy enforced for job records
Updated the data retention schedule for job records to align with UK statutory requirements. The previous short-term expiry window has been replaced with a retention period consistent with financial and property regulation obligations.
Secure contact retrieval in property search
Secure contact retrieval in property search
Enhanced the property and job search capability to support the secure retrieval of contact information, ensuring data protection controls remain active during search operations without degrading query performance.
Release artefact integrity verification introduced
Release artefact integrity verification introduced
Introduced automated checksum generation for all release artefacts, enabling independent verification of deployment package integrity prior to installation. This provides an additional assurance layer for self-hosted deployments.
Resolved serialisation issue in HTTP error response logging
Resolved serialisation issue in HTTP error response logging
Corrected a serialisation defect in error response logging that affected the integrity of log records produced by authentication and access-control error paths. Log output now consistently reflects the structured format expected by downstream monitoring tooling.
Features
Job archiving with read-only enforcement
Job archiving with read-only enforcement
Introduced a comprehensive job archiving capability, enabling organisations to transition completed jobs to a permanent read-only archive state. Archived jobs retain their full history, audit trail, and attachments and remain fully searchable, but cannot be modified or reopened outside of a formal recall process.
Automated reconciliation of orphaned records during archiving
Automated reconciliation of orphaned records during archiving
Enhanced the job archive and purge utility to automatically identify and remove orphaned address and tenant records that become disassociated following bulk archiving operations. This maintains referential integrity across the data model and eliminates the need for manual database housekeeping.
Dark mode design system extended
Dark mode design system extended
Extended the platform design system with additional colour tokens for dark mode interfaces, improving visual consistency and accessibility across low-light display variants on all supported devices.
Stale branch reporting workflow
Stale branch reporting workflow
Introduced an automated workflow that identifies and reports inactive repository branches on a scheduled basis, supporting repository hygiene and reducing the long-term maintenance burden for engineering teams.
Performance
Container base image upgraded to PHP 8.5
Container base image upgraded to PHP 8.5
Upgraded the container base image to PHP 8.5, delivering runtime performance improvements and extended security patch coverage. All self-hosted deployments should update to the latest image to benefit from these improvements.
Staging deployment workflow hardened against configuration drift
Staging deployment workflow hardened against configuration drift
Corrected the staging deployment workflow to preserve Docker configuration files during release operations, preventing configuration drift between staging and production environments.
Database schema rationalised
Database schema rationalised
Removed deprecated schema structures and consolidated legacy data definitions to reduce schema complexity, improve query planning, and lower the overhead associated with database migrations.
Broad code quality improvements applied
Broad code quality improvements applied
Applied a structured programme of code quality improvements across the platform, addressing technical debt, improving internal consistency, and reducing long-term maintenance overhead.
31 March 2026 — Release 2026.03.4
PII encryption enhancements, compliance documentation, and API security improvements.
Security & Compliance
Comprehensive PII encryption across all API endpoints
Comprehensive PII encryption across all API endpoints
Implemented end-to-end PII encryption at rest and in transit across all core API endpoints. Sensitive fields including names, contact details, and addresses are now consistently encrypted and decrypted with appropriate access controls in place.
Enhanced job search with encrypted field lookups
Enhanced job search with encrypted field lookups
Upgraded the job and property search functionality to support lookups across encrypted fields without exposing raw PII in query results, maintaining both performance and data protection compliance.
COMPLIANCE-REPORT.md published covering UK GDPR, ISO 27001, Cyber Essentials, PECR, and property regulations
COMPLIANCE-REPORT.md published covering UK GDPR, ISO 27001, Cyber Essentials, PECR, and property regulations
Added a formal compliance report covering the platform’s adherence to UK GDPR, ISO 27001, Cyber Essentials, the Privacy and Electronic Communications Regulations (PECR), UK property regulations, and VAT obligations.
API endpoint documentation updated for consistency
API endpoint documentation updated for consistency
Updated API endpoint path references throughout the README and developer documentation to reflect the current routing structure, eliminating stale references that could mislead integrations.
26 March 2026 — Release 2026.03.3
Maintenance mode, PWA enhancements, brand management, and API access controls.
Features
Maintenance mode system implemented
Maintenance mode system implemented
Introduced a full maintenance mode API and frontend integration, allowing administrators to take the platform offline for scheduled maintenance with configurable user-facing messaging and role-based bypass controls.
Progressive Web App (PWA) service worker enhanced
Progressive Web App (PWA) service worker enhanced
Improved service worker registration with timeout handling and an enhanced caching strategy, increasing PWA reliability and offline capability across supported devices.
Brand management enhancements
Brand management enhancements
Updated the brand management system to support custom login page slides and background images, enforce file type restrictions from environment configuration, and allow application logo uploads as SVG files. Login and forgot-password pages now use locally hosted images for improved performance and consistency.
Default avatar SVG serving introduced
Default avatar SVG serving introduced
Implemented a dedicated API endpoint to serve default avatars as inline SVGs, simplifying error handling and eliminating broken image states across user profiles and listings.
Session location map on security dashboard
Session location map on security dashboard
Added an interactive session location map to the security dashboard, powered by Mapbox, providing administrators with a real-time visual overview of active session geography.
SecOps chiplets for security dashboard
SecOps chiplets for security dashboard
Introduced SecOps summary chiplets to the security dashboard, surfacing key operational security metrics including recent file uploads, accessed files counts, and system health indicators with fade-in navigation effects.
Document selection dropdown and document inspector enhanced
Document selection dropdown and document inspector enhanced
Improved the document management interface with a new selection dropdown and an enhanced document inspector view for faster document review workflows.
API
API access control checks implemented across all endpoints
API access control checks implemented across all endpoints
Applied consistent API access and permission checks to all platform endpoints, ensuring that authentication and authorisation validation is enforced uniformly regardless of the request path.
Health check endpoint added to all APIs
Health check endpoint added to all APIs
Added a
/health endpoint to all API modules, enabling infrastructure monitoring tools to verify service availability independently of business logic.API logging and testing framework enhanced
API logging and testing framework enhanced
Improved structured logging across API endpoints and expanded the internal testing framework to cover authentication flows, access control edge cases, and response format validation.
Infrastructure
Protect-source workflow enhanced
Protect-source workflow enhanced
Updated the branch protection workflow to block merges from staging and production branches into main, providing automated feedback to contributors when a blocked merge is attempted.
Dependency updates
Dependency updates
Updated the
yaml package from 2.8.2 to 2.8.3 and updated picomatch to address minor security and compatibility improvements.PHPUnit configuration added for API testing
PHPUnit configuration added for API testing
Added a PHPUnit configuration file to standardise the automated testing setup for API endpoints, enabling consistent test execution across development and CI environments.
25 March 2026 — Release 2026.03.2
Security dashboard improvements, document management, and cleanup of deprecated functionality.
Features
Security dashboard layout improvements
Security dashboard layout improvements
Enhanced the security dashboard with improved responsiveness, refined styling, and better layout for monitoring panels on all screen sizes.
Recent uploads and accessed files count in security report
Recent uploads and accessed files count in security report
Extended the security report to surface the count of recently uploaded files and most recently accessed files, giving administrators greater visibility into file activity.
Legal document DPO and document management columns added
Legal document DPO and document management columns added
Added new database columns to the legal documents table to support Data Protection Officer (DPO) assignment and enhanced document lifecycle management.
Maintenance
Deprecated settings, database backups, and obsolete scripts removed
Deprecated settings, database backups, and obsolete scripts removed
Removed the settings group backup mechanism, old database backup files, and obsolete scripts and views related to the legacy background image system and the deprecated recall jobs feature, reducing codebase complexity.
Logout process enhanced with improved cache clearing
Logout process enhanced with improved cache clearing
Refactored the logout flow to perform comprehensive cache clearing and improved session teardown, preventing residual session data from persisting after a user signs out.
Sidebar handling simplified
Sidebar handling simplified
Code structure refactored for readability
Code structure refactored for readability
Applied broad code structure improvements across multiple modules, improving internal consistency, reducing cyclomatic complexity, and easing future maintenance.
Features
Dark mode text colour utilities added
Dark mode text colour utilities added
Added new CSS utility classes for dark mode text colours, extending the design system with improved visual consistency and accessibility across all dark mode views on supported devices.
Git repository hygiene workflow
Git repository hygiene workflow
Added a scheduled GitHub Actions workflow to automatically identify and report stale branches, reducing repository noise and supporting long-term maintainability for the engineering team.
18 September 2025 — Release 2025.09.3
User activity tracking, notifications system, contractor trades, and online status.
Features
Comprehensive user activity tracking system
Comprehensive user activity tracking system
Implemented a full user activity tracking system with detailed logging for page visits, link clicks, button interactions, and form activity. Includes a backend API, a frontend tracking class, database schema updates, and an enhanced activity log display with pagination.
UUID-based profile routing
UUID-based profile routing
Updated user profile routing to use UUID-based URLs for improved privacy and security. Added UUID validation for URL and GET parameters, and ensured staff permission controls are enforced for profile access.
Notification system with user data integration
Notification system with user data integration
Overhauled the notifications system to integrate user data, improved rendering logic, and added comprehensive notification management including deletion functionality. Introduced a dedicated user avatar API and enhanced notification dropdown and footer action separation.
Contractor trades and certification management
Contractor trades and certification management
Added a Trades & Certifications demo page with a searchable selection system. Enhanced the contractor trades API with improved assignment status handling and introduced a trades manager interface for assigning and managing trade certifications.
Online status system with real-time updates
Online status system with real-time updates
Implemented a real-time online status system with activity tracking, enabling staff and tenant views to reflect user presence in real time.
Avatar management and upload functionality
Avatar management and upload functionality
Introduced full avatar upload and removal functionality with improved error handling and JSON response management. Refactored avatar storage to use a UUID-based directory structure. Avatar URLs are now protected from direct access via session-based authentication.
17 September 2025 — Release 2025.09.2
Profile system, agent and contractor views, and authentication improvements.
Features
Comprehensive profile system
Comprehensive profile system
Implemented staff and tenant profile sections with role-specific details, dashboards, and recent activity feeds. Consolidated profile form fields, improved layout, and enhanced accessibility. Added functionality for staff to update email addresses and set email notification preferences.
Agent and contractor profile views
Agent and contractor profile views
Enhanced agent and contractor profile views with Flowbite components, read-only view support, and role-specific data display.
Email verification system
Email verification system
Implemented a full email verification flow with activation token generation, account status checking, and a resend activation email capability. Updated login and activation pages to integrate with the new verification workflow.
Admin impersonation (view-as) functionality
Admin impersonation (view-as) functionality
Added admin impersonation capability allowing support staff to view the platform as a specific user for debugging and support purposes, with account type filtering and status management controls.
16 September 2025 — Release 2025.09.1
Project foundations: deployment, routing, database, and authentication.
Infrastructure
GitHub Actions deployment workflow established
GitHub Actions deployment workflow established
Implemented GitHub Actions workflows for automated deployments to staging and production environments, including PHP syntax checks, manual approval gates for production, and Plesk integration for deployment status tracking and notifications.
Clean URL routing implemented
Clean URL routing implemented
Added a Router helper class and updated
.htaccess to support clean URL routing across the platform, improving URL readability and enabling structured route definitions with authentication checks.Database schema and models established
Database schema and models established
Created the initial database schema with comprehensive table definitions for user management, job tracking, financial records, notifications, and compliance data. Added migration scripts and PDO-based connection handling.
Automated production cleanup workflow
Automated production cleanup workflow
Implemented a GitHub Actions workflow to automatically remove all development-only files during production merges, ensuring clean production deployments without manually curated exclusion lists.
Comprehensive database backup system
Comprehensive database backup system
Added a database backup system with scheduled and on-demand backup capabilities, supporting operational continuity and disaster recovery for self-hosted deployments.
Features
Authentication system
Authentication system
Implemented the core authentication system including session management, role-based access control, and secure logout with comprehensive session teardown and cache clearing.
Shared dashboard with role-based rendering
Shared dashboard with role-based rendering
Theme configuration and dynamic theming
Theme configuration and dynamic theming
Added theme configuration with helper functions to support dynamic theming across the platform, enabling per-branch or per-tenant visual customisation.
Project initialised with Tailwind CSS, Flowbite, and PHP components
Project initialised with Tailwind CSS, Flowbite, and PHP components
Established the frontend foundation using Tailwind CSS and Flowbite, with a PHP component architecture, email service integration via the Brevo API, and a BaseLayout class with shared SVG icon support.