Changelog

What's new in OneComply — feature releases, improvements, and fixes

v1.5.0 — May 2026

Feature

Production-grade Incident Intake Connector added for Jira, ServiceNow, PagerDuty, SIEM, and generic signed webhooks
External incident signals now land in a review queue with quarantine, HMAC verification, replay protection, idempotent retries, and audit logging
Reviewers can promote validated external events into official OneComply incidents so DORA/NIS2 reporting clocks start from governed records
Integrations dashboard now includes source setup, one-time secret display, secret rotation, active/disabled source management, and pending event review
Incident intake documentation added with payload format, signing requirements, security boundaries, and operational guidance

Release

Billing tiers repositioned as DORA Essentials, DORA Operations, and DORA Assurance while keeping existing Stripe plan keys stable
Annual billing copy now consistently highlights the 2 months free incentive across public pricing and dashboard billing
Dashboard sidebar simplified around a DORA Command Center, searchable navigation, and collapsible Daily Work, Assurance, Cross-Framework, and Operations sections
Public pricing and homepage pricing copy updated to reinforce DORA-first operations with cross-framework evidence reuse

Release

Public positioning updated to DORA-first operational resilience with cross-framework evidence reuse instead of broad compliance overclaims
Framework coverage model added with explicit scope labels for DORA, CSSF 22/806, ISO 27001, NIS2, GDPR, and CRA
Dashboard now highlights DORA operations, Control Mapping Concierge entry points, and evidence reuse boundaries
Reports page now shows a trust layer explaining internal readiness, authority-template gating, and compliance/legal review requirements
Customer documentation added for framework coverage, messaging guardrails, and launch demo workflow
Sentry monitoring configuration expanded for release tracking, metrics, cron check-ins, operational messages, and PII-safe event scrubbing

Release

Production-readiness hardening across security, authentication, database migrations, observability, and cron job execution
Admin health checks upgraded with clearer failure grouping and faster interactive feedback
Cron-backed compliance checks restored for deadline monitoring, alert generation, evidence expiry, score recalculation, drift detection, and regulatory scraping
Full Playwright E2E suite stabilized for hardened staging and production deployments
Regulated-entity workflow verification added for controls, framework mappings, evidence, vendors, incidents, audit trail, CSSF ROI readiness, and posture scoring

Feature

Real-time cron job handlers — drift detection, deadline alerts, compliance score recalc, evidence expiry, trial notifications, GDPR data cleanup
Server-side pagination for all list APIs with search support
Onboarding state now persisted to database (not just localStorage)
Upstash Redis-backed rate limiting for production scale
PostHog analytics integration with cookie consent
Dynamic OG images for social sharing

Feature

Launch

Initial release of OneComply
DORA, ISO 27001, NIS2 framework support
Vendor risk management with auto-scoring
Incident management with DORA Art.19 deadline tracking
Control lifecycle management (368+ controls)
Policy document management with templates
Evidence collection and expiry tracking
Compliance score calculation (6-module weighted)
CSSF Register of Information source checks and EBA-format ZIP package generation
Role-based access control (9 roles)
Multi-language support (EN, FR, DE, LU)
Audit trail for all entity changes

Beta