> For the complete documentation index, see [llms.txt](https://docs.p0.dev/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.p0.dev/change-log/2025.md). # 2025 ## December 28th 2025 ### New Features #### Core Platform Capabilities * **Access Request History Export**\ Export your access request history directly from the UI for off-platform analysis and compliance reporting. * **macOS URL Handler (`p0://` Scheme)**\ A new macOS URL handler lets you trigger CLI commands from your browser. Clicking a `p0://ssh/my-host` link opens the corresponding SSH session automatically. #### Notifications & Integrations * **Full Access Lifecycle Notifications for Microsoft Teams**\ Microsoft Teams notifications now cover the complete access lifecycle-request, approval, provisioning, and expiration-keeping your team informed at every stage. * **Enhanced Jira Ticket Integration**\ The Jira integration now provides richer tracking of access requests as tickets, improving audit trails for compliance workflows. ### Enhancements #### API & CLI Enhancements * **Accurate `p0 ls` Accessibility Labels**\ The `p0 ls --principal` command now correctly shows “accessible to ” instead of always displaying “accessible to you.” The `--all` flag omits the accessibility line entirely. * **Improved Expired Okta Session Messages**\ Clearer error messages when Okta sessions expire during AWS authentication, explaining what happened and how to resolve it. * **Enhanced User-Agent String**\ The CLI now includes OS, CPU architecture, and installation method in HTTP request headers, improving supportability. #### Stability & Fixes * **Snowflake Role Display Fix**\ Corrected how Snowflake roles appear in the access request flow. * **Improved Web Request Error Handling**\ Clearer feedback when access requests submitted via the web UI encounter errors. *** ## December 14th 2025 ### New Features #### Core Platform Capabilities * **Pre-Approval Routing Rules**\ A new routing rule type requires pre-approval before access is granted, with full support in Slack-based workflows. * **Azure Resource Group Scoping**\ Scope Azure access requests to specific resource groups for more granular access control. * **Kubernetes Namespace Scoping**\ Scope Kubernetes access requests to specific namespaces, reducing over-provisioning. * **SSH Session Recording Indicator**\ Users now see a visual indicator when their SSH session is being recorded for compliance purposes. #### API & CLI Enhancements * **Linux (Debian) Standalone Builds**\ The CLI now ships as a `.deb` package for x64 Debian-based Linux distributions, including Ubuntu. * **Print Login URL for Headless Machines**\ For device-code authentication flows, the CLI now prints the login URL to the terminal, enabling users on headless machines to complete authentication on a different device. #### Security & Compliance Workflows * **Install Validation for AWS, GCP, and Azure**\ Post-install validation checks for AWS, GCP, and Azure integrations let you verify correct setup immediately after installation. ### Enhancements #### User Experience * **Resource Type Filter for Access Requests**\ Filter access requests by resource type in the UI for faster navigation. * **Requester Info in Approval Notifications**\ Approval notifications now display requester identity information for better context during review. * **Improved Access Request Duration Display**\ Clearer presentation of access request durations in the UI and notifications. #### API & CLI Enhancements * **Pre-approved Requests Skip Verbose Output**\ When a request is pre-approved, the CLI skips the “Access requested… Will wait up to 5 minutes…” messages and proceeds directly to provisioning. * **Fixed `--approved` Filter in CLI**\ The `--approved` flag now correctly filters to show only approved requests. #### Stability & Fixes * **Routing Rules Deny Behavior Fix**\ Fixed routing rules so that deny rules behave correctly, preventing unintended access approvals. * **Azure Storage Account Naming Fix**\ Corrected an issue where Azure storage account names were incorrectly formatted in access requests. * **Improved Group Cache Resilience**\ Reduced errors when groups are used in routing rules by improving group membership cache reliability. *** ## November 23rd 2025 ### New Features #### Core Platform Capabilities * **Snowflake Account-Level Roles JIT**\ Request just-in-time access for Snowflake account-level role grants, with full support for routing rules, access inventory, posture assessments, and install validation. * **Entra ID Group Membership JIT**\ Request just-in-time access to Microsoft Entra ID group memberships, with routing, assessments, and install validation. * **Azure RDP Access Requests**\ Request just-in-time RDP access to Azure VMs directly through the P0 platform. * **Bulk Revoke for Access Grants**\ Administrators can revoke multiple active grants at once from the UI, streamlining cleanup workflows. * **Custom Approval Messages**\ Approvers can include a message when approving or denying requests, providing context to requesters. #### API & CLI Enhancements * **`p0 allow` CLI Command**\ A new CLI command for managing access pre-approvals, bringing allowlist management to the command line. * **Azure Bastion SSH on Windows**\ Added support for Azure Bastion SSH tunnels on Windows, including proper `netcat` handling. * **On-Premises SSH on Windows**\ Windows users can now connect to self-hosted and on-premises SSH targets through the CLI. #### Platform Configuration & Limits * **SSO Preference as Org-Level Configuration**\ Organizations can configure SSO preferences at the org level for consistent enforcement. * **Access Duration Presets in Routing Rules**\ Routing rules can define preset access duration options, guiding requesters toward approved time windows. * **FIPS Mode Indicator**\ The settings UI now shows whether FIPS compliance mode is active for your organization. ### Enhancements #### User Experience * **Fuzzy Search in Resource Listers**\ Fuzzy search across resource listers for faster resource discovery when making access requests. * **Improved Access Request Status Display**\ Clearer status indicators for the access request lifecycle in the UI. #### Notifications & Integrations * **Lambda Notifier Custom Payloads**\ Custom AWS Lambda notifiers can receive configurable payload formats for more flexible alerting. * **Configurable Fields in Routing Rules**\ Routing rules now support configurable custom fields per integration for tailored request workflows. #### Stability & Fixes * **SSH Config File Cleanup**\ Automatic cleanup of stale SSH config files in `~/.p0-*/ssh/configs/` that accumulated over time. * **CLI Telemetry Crash Fix**\ Fixed an issue where network errors during telemetry export could crash the CLI. * **Improved Error Messages for Expired Grants**\ Clearer error messages when users try to use expired access grants. * **Teams Notification Formatting Fix**\ Fixed access request notification formatting in Microsoft Teams. *** ## November 9th 2025 ### New Features #### Cloud Platform Integrations * **Oracle Cloud Infrastructure (OCI) Integration**\ Full OCI integration with just-in-time access provisioning, resource discovery, routing rules, posture assessments, and install validation. OCI now appears in the integrations catalog alongside AWS, GCP, and Azure. * **Okta User Group JIT**\ Request just-in-time membership in Okta user groups, with full routing, access inventory, posture assessments, and install validation. #### Platform Configuration & Limits * **Configurable Access Duration for Snowflake**\ Administrators can define custom access durations for Snowflake JIT grants to enforce least-privilege time windows. #### Security & Compliance Workflows * **Install Validation Notifications**\ Proactive install validation now surfaces integration health issues directly in the P0 app, alerting you to configuration problems before they impact access requests. ### Enhancements #### API & CLI Enhancements * **FIPS-Compliant macOS Builds**\ macOS standalone binary builds now use OpenSSL with FIPS support, meeting compliance requirements for regulated environments. * **Windows arm64 Installer**\ The CLI now ships Windows arm64 builds alongside x64. The version display shows build platform info (e.g., “built for Windows/arm64”). * **Fixed `kubeconfig` Duration Argument**\ Corrected the `kubeconfig` command to use the current `--duration` argument name. * **Fixed Azure CLI Commands on Windows**\ Resolved failures when running `az` CLI commands on Windows during Azure SSH requests. * **Fixed Login Status Accuracy**\ Corrected a misleading “session is logged in and valid” message that appeared even when the token was expired. *** ## October 19th 2025 ### New Features #### Authentication & Access * **Expanded OIDC Support**\ Adds compatibility for additional identity providers to make single sign-on easier across environments. * **Session Timeout Controls**\ Lets administrators define custom session durations for stricter security posture. * **Azure JIT General Availability**\ Azure JIT access is now available for all environments, removing the previous feature-flag restriction. #### Security & Compliance Workflows * **Pre-Approvals Lifecycle Automation**\ Automatically moves stale pre-approvals to archived status and notifies owners before expiration. * **IAM Drift Detection Monitor**\ Flags unauthorized role or permission changes in AWS and GCP to maintain least-privilege posture. * **Entra Service Principal Secret Assessment**\ Entra ID posture assessment now includes service principal client secret expiration data, enabling monitors for secrets that are near expiry or have excessively long expiry periods. #### API & CLI Enhancements * **`p0 print-bearer-token` Command**\ Prints the bearer token to stdout, simplifying Terraform provider setup by eliminating the need for external tools like `jq` or `python` to extract the token. * **`p0 rdp session` Command**\ RDP session support for Azure Entra-joined VMs on Windows clients via `p0 rdp session `. ### Enhancements #### User Experience * **Improved Search Performance**\ Faster results and fuzzy matching across projects and monitors. #### Reliability & Performance * **Caching for Directory Data**\ Speeds up identity lookups. * **Optimized Data Snapshots**\ Reduces snapshot time and improves consistency under heavy load. #### Notifications & Integrations * **Slack Error Resilience**\ Retries failed approvals and handles transient Slack API errors automatically. * **Teams Integration UX Refresh**\ Cleaner approvals and notifications with rich context cards. * **PagerDuty Routing Enhancements**\ Adds fine-grained routing options for incident notifications. #### Stability & Fixes * **Fixed SSH Hanging on Exit (AWS SSM)**\ Resolved the CLI hanging indefinitely after SSH sessions that used AWS SSM ProxyCommand. * **Fixed CLI Startup on Modern Linux**\ Fixed a startup failure on Ubuntu 23+ and Debian 12+ by updating the shebang line for proper argument splitting. * **Expired Okta Session Handling**\ The CLI now detects expired Okta sessions during AWS SSH, clears cached credentials, and prompts you to re-run the command instead of showing a confusing error. * **Improved SCP Error Messages**\ When you mistakenly include a username in `p0 scp`, the CLI now displays a hint explaining that usernames should be omitted. *** ## October 6th 2025 ### New Features #### Cloud Platform Integrations * **Build Installer for Entra Security Perimeter**\ One-click installer to deploy the Entra Security Perimeter components, reducing manual setup and configuration time. * **AWS GovCloud S3 Bucket Access**\ Adds S3 bucket resource access in GovCloud accounts, listing buckets directly from S3 since GovCloud does not support Resource Explorer. #### Authentication & Access * **Okta SSO for AWS GovCloud**\ Enables single sign-on with Okta in GovCloud to simplify and standardize authentication. #### Security & Compliance Workflows * **Duplicate Preset Monitors**\ Lets you clone a preset monitor and tailor it to your needs, speeding monitor setup. * **Create Monitors from Templates**\ New monitor creation workflow: create from scratch, create from a template, or duplicate an existing monitor from the Settings page. #### API & CLI Enhancements * **Configurable Labels in P0 CLI**\ Allows custom labels in CLI workflows for consistent reporting and easier filtering. * **Skip Version Check Configuration**\ A new environment variable lets you skip the CLI version check against npm, useful for air-gapped or restricted environments. ### Enhancements #### User Experience * **Fuzzy Search in “Allow” Modal**\ Find the correct principal faster with typo-tolerant search in the selection field. * **Consistent Entra Group Names**\ Ensures Entra group names appear consistently across pages and flows. * **Monitor Tagging (Custom vs. Preset)**\ Monitors now display visual “Custom” or “Preset” tags for quick identification. #### Reliability & Performance * **Caching for Entra Groups and Users**\ Reduces latency and load for directory-backed operations. * **Backoff on HTTP 429 in P0 CLI**\ Automatically backs off on rate-limit responses to reduce failures in scripted runs. * **Okta SAML Role Assumption Retry**\ Automatic retry with exponential backoff (up to five minutes) for Okta SAML role assumption, handling intermittent eventual-consistency delays. #### Security & Compliance Workflows * **AWS IAM Management Policy (Terraform)**\ Provides ready-to-use policy templates to standardize deployments across environments. #### Stability & Fixes * **Fixed PostgreSQL Slack Notification Rendering**\ Resolved a bug where PostgreSQL JIT requests showed “Unknown SQL” in Slack messages. Also fixed rendering of non-fully-qualified table and schema names. * **Fixed `p0 ls` Help Output**\ Corrected spurious `false false false` text in CLI help when using `p0 ls` with an unknown argument. * **Fixed SSH on Windows (MAC Algorithm)**\ Set reliable default MAC algorithms for `p0 ssh` on Windows, resolving “Corrupted MAC on input” errors. * **Fixed Login on Dedicated Environments**\ Resolved a login failure that occurred when re-logging in after token expiration on dedicated environments. * **Fixed Snowflake SCIM Install**\ Corrected Snowflake SCIM provisioning that generated incorrect user ID formatting, causing JIT requests to fail. *** ## September 22nd 2025 ### New Features #### Core Platform Capabilities * Azure Graph Integration ingestion for Microsoft Graph (resources and permissions), improving coverage for access modeling and future automations. * Create AWS Service Accounts (Roles) with IaC Adds infrastructure‑as‑code support to create service roles, simplifying setup in AWS environments. ### Enhancements #### Authentication & Access * SSH Access Controls Adds an access‑type filter for SSH, lets admins restrict SSH access types via access policies, and introduces an SSH host key cache for faster, less noisy connections. * GCC High Entra role assignment Extends compatibility for regulated Azure environments (GCC High) to support more deployment scenarios. #### Core Platform Capabilities * IaC & Terraform Improvements Adds `sts:TagSession` permission to installer IAM policies and updates the Terraform provider to support partition `type`, keeping installs aligned across partitions. #### Platform Configuration & Limits * Monitors UX Lets you disable preset monitors and clarifies that new monitors are created from the Inventory page. #### Security & Monitoring * Compliance hardening Addresses compliance findings such as GCP service‑account IAM roles and MFA posture in Google Workspace. #### Stability & Fixes * `p0 ssh` host fingerprint saving Fixes saving of host fingerprints so first‑time SSH connections do not repeatedly prompt. * Intermittent 500 error path Fixes an intermittent `AxiosError: Request failed with status code 500` to restore normal operation. *** ## September 7th 2025 ### New Features #### Core Platform Capabilities * **AWS IDC Identities without specific IDC backing being required**\ Adds identity data to the graph for more complete access modeling when no IDC is specified. * **Automatic Registration & One-Click Install (Azure Integration)**\ Allows automatic registration and one-click installation, eliminating manual key copy-paste steps. ### Enhancements #### Authentication & Access * **Make OIDC Client Configs Optional**\ Makes certain OIDC client settings optional to ease setup without reducing security. #### Core Platform Capabilities * **Create Access Policy from Fix View (GCP Unused Role Bindings)**\ Lets you create an access policy directly from the Fix view to remediate unused GCP role bindings with JIT. #### Stability & Fixes * **`p0 ssh --size` Option**\ Fixes the `--size` flag for `p0 ssh`, restoring expected behavior *** ## August 24th 2025 ### New Features #### Core Platform Capabilities * **Self-Hosted Plugin for CLI**\ Adds support for a self-hosted plugin in the CLI to streamline provisioning and management. * **Automatic Registration & One-Click Install for tailscale**\ Allows automatic registration and one-click installation, eliminating manual key copy-paste steps. ### Enhancements #### Visibility * **Domain Users Counted as Internal**\ Counts domain users as internal rather than external for accurate auditing and policy targeting. #### Authentication & Access * **Secure GCP Service-Account Access**\ Prevents p0 access via GCP service accounts using tokens generated for 3rd-parties * **SSH Access Type for Tailscale**\ Adds dedicated SSH access type for Tailscale to improve clarity and policy management. * **Entra JiT CLI Help Text Fix**\ Removes duplicate “group” option in CLI help for clearer guidance. #### Platform Configuration & Limits * **Azure Bastion host: Case-Sensitivity Fix**\ Prevents permission errors during install by fixing a case-sensitivity check. #### Stability & Fixes * **`p0 ssh` Command Execution**\ Ensures commands rasdun and output is returned reliably with p0 ssh in very specific situations. * **`p0 ssh --size` Option**\ Fixes the `--size` flag behavior for `p0 ssh`. * **Intermittent `p0 ssh` Failures**\ Resolves sporadic failures to improve overall connection stability. *** ## August 10th 2025 ### New Features #### Authentication & Access * **Azure AD PKCE Sign-In**\ End users can sign in with Azure AD using PKCE, improving security and compatibility for browser-based OAuth flows. ### Enhancements #### Core Platform Capabilities * **`p0 ssh` Command Execution**\ Re-enables running remote commands with `p0 ssh`, restoring expected CLI behavior. * **“Accessible By” Display Correction**\ Corrects how lateral relationships are shown in the "accessible by panel" so they display valid accessors and removes additional accessees. #### Authentication & Access * **Settings Cleanup: Remove One-Party Approvals & “Reason Required”**\ Streamlines administration by removing rarely used toggles, reducing configuration overhead without changing approval behavior. *** ## July 28th 2025 ### New Features **Authentication & Access** * **Database Scoping in Access Policies**\ You can now specify which database an access policy applies to, giving finer-grained control over access routing and approvals. **Audit & Observability** * **Capture Authentication Context in Audit Logs**\ Authentication-related metadata is now captured in audit logs, improving traceability of actions and helping security teams correlate identity with activity. This includes authentication and authorization failures. **Platform Configuration & Limits** * **Configurable Upper Limit for Standing Access Requests**\ Administrators can now define upper bounds on standing access durations, helping enforce least-privilege policies and reduce unintended long-lived access. ### Enhancements **Core Platform Capabilities** * **Extended Postgres Installation UI Integration**\ The Postgres installation experience in the UI has been enhanced to better support customer workflows, making setup more intuitive and transparent. * **Enhanced Access Policy Evaluation Logic**\ We improved how access policies evaluate group membership and related edge cases, reducing surprises in access decisions. *** ## July 14th 2025 ### **New Features** **Core Platform Capabilities** * **Service Account Support for P0 API Requests**\ Service accounts (for example, those used by Terraform) can now authenticate and execute P0 API calls without needing static credentials, making infrastructure-as-code workflows smoother. * **Access‑Type Selector in Access Policies**\ You can now pick specific access types when authoring access policies just like the sample template so you can tailor approvals by, for example, “p0 request gcloud role.” * **Query Search for User Listings in Directory Integrations**\ When you’re browsing users in any directory integration (LDAP, Entra, etc.), there’s now a search box to filter by name, email, or ID. **User Experience** * **Disable Automatic Log-Out**\ A new toggle in the UI lets you disable automatic session log-outs, so your P0 session stays active until you choose to end it. ### **Enhancements** **Core Platform Capabilities** * **AWS Account Alias Support in SSH Requests**\ SSH commands now accept AWS account aliases in the `parent` parameter (e.g. `./p0 request ssh parent:alias-name`), so you can reference accounts by friendly names instead of numeric IDs. **Security & Monitoring** * **Dangerous Access Policy Detection**\ Automatically detects and alerts on potentially dangerous access policies, helping you catch misconfigurations before they impact your environment. *** ## June 29th 2025 ### New Features #### Core Platform Capabilities * **Group & Parent Context in SSH Notifier**\ SSH notifications now include both group and parent identifiers in their event payloads, giving you richer context for auditing and routing. * **Access-Type Selector in Access Policies**\ A new UI control lets you pick specific access types (for example, “p0 request gcloud role”) when authoring access policies, so you can tailor approvals more precisely. #### Email Notifier Enhancements * **Evidence-Created Alerts**\ The Email Notifier can now send you a notification immediately when new evidence is submitted-keeping stakeholders in the loop. * **Expiration-Reminder Alerts**\ Receive automated email reminders before any evidence item expires, so nothing slips through the cracks.\ Automatic Expiration Workflow * **Pending-Request Auto-Expiration**\ Access requests that linger past their expiration date are now closed out automatically by a scheduled job, reducing manual cleanup. ### Enhancements #### Reliability & Error Handling * **Snowflake User Detection Fix**\ Resolved an issue where email case mismatches prevented user lookups in Snowflake. Emails are now normalized to avoid false negatives. * **Terraform-Backed GKE Updates**\ Improved our Terraform module to ensure GKE clusters and node pools stay aligned with the desired configuration. * **AWS Lambda Notifier Created-At Field**\ Fixed a missing timestamp field on Lambda-based notification events so you can reliably track when alerts were generated. * **ProxyCommand & Versioning CLI Fixes** * `p0 --version` now prints clean output without extra logging noise. * The `p0 proxy` command gracefully handles token expiry and exits quietly when no targets match. #### Developer Experience & Tooling * **Kubernetes Configuration Updates**\ Refined default configs for cluster access and context management to simplify developer onboarding. * **Off-Boarding Automation**\ Streamlined user off-boarding flows so that deactivated accounts are removed from all P0 services in one go. *** ## June 15th 2025 ### New Features * **Email Notifier Default Sender**\ The email notification channel now sends from a dedicated `noreply@p0.dev` address to minimize bounce-backs. * **Installer Enhancements** * **Resource ID Injection**\ The P0 installer can now automatically inject resource identifiers into its setup flow for more precise asset mapping. * **`~/.kube/config` Alias Generation**\ Running `p0 ssh` will create friendly host aliases in your Kubernetes config file, so you can connect with a simple name. ### Enhancements * **Authentication & Proxy Fixes** * Email addresses entered with uppercase letters (e.g. `Owner@Acme.com`) are normalized on sign-up so you never get blocked by case mismatches. * The `p0 proxy` command now handles token expiry without crashing and suppresses output when no matching instances are found. * **Resource Editor Robustness** * Guardrails have been added to the resource-editor UI to prevent “cannot read properties of undefined” errors. * **Retry & Timeout Improvements** * AWS component installation checks now automatically retry on transient failures. *** ## June 1st 2025 ### New Features #### Cloud Installers & Integrations * **Azure Application Installers** * Improved UI/UX for Azure related features. * **AWS Lambda Notifier Guide**\ Comprehensive documentation for configuring AWS Lambda as a custom alert notifier in P0. * **PagerDuty Auto-Approver**\ Access policies can include PagerDuty on-call schedules as automatic approvers for emergency workflows. #### API & CLI Enhancements * **Default SSH Shell Configuration**\ Updated `p0 ssh` command to default to Bash, with an option to override for other shells. * **Resource Listing Endpoint & CLI**\ New REST API and accompanying `p0 resources list` command to fetch all supported resource types and their definitions. * **OpenAPI Specification Publications**\ Public OpenAPI docs released for: * Swisscom integration * Access policies engine * AWS SDK installation workflow #### Documentation Improvements * **Azure Command References**\ Added step-by-step guidance for: * Creating the P0 Management Role in Azure * Generating federated credentials via CLI * **Custom Resource Types**\ Detailed walkthroughs for defining and using custom resource categories in P0. ### Enhancements #### CLI & Developer Experience * **SSH Performance & Errors**\ Reduced latency in `p0 ssh` connections and improved “identifier resolution” error messages. * **AWS Policy Hyphen Support**\ Enhanced attachment-rule parser to accept hyphens in AWS Function Caller policies. * **Persistent Access Duration**\ Fixed an issue where “persistent” access requests ignored the specified duration. * **Enhanced Tracing**\ Expanded internal tracing hooks for better diagnostics during CLI operations. #### UI & UX Tweaks * **Access-Key Lookback Correction**\ Adjusted the default audit time window displayed for access-key evidence in the UI. #### Microsoft Teams Resilience * **Case-Insensitive Channels**\ Channel name matching in Teams is now case-insensitive to avoid routing errors. *** ## May 18th 2025 #### ### New Features #### CLI Improvements * **Seamless Login**\ The `p0 login` command now detects existing sessions and skips redundant authentication steps, streamlining your workflow. * **Automatic SSH Config**\ A new `p0 ssh-config` command generates ready-to-use SSH configuration snippets for effortless access to your servers. #### Authentication & Notifications * **Microsoft Entra Support**\ New customers can create new accounts using Microsoft Entra, expanding your choice of identity providers. * **Email Alerts**\ An email notification channel has been introduced so you can receive P0 alerts directly in your inbox. * **Multi-Channel Notifications**\ Setup notifications and chat ops with Slack, Teams, or Email to stay informed where it’s most convenient. #### Cloud Platform Integrations * **AWS Just-In-Time Provisioning**\ Fine-tune IAM policy attachment rules with the new “extends from” attribute for more granular access control. * **Google Cloud Run Agent**\ Deploy P0 agents seamlessly to Cloud Run environments using the new installation component. #### Visualization & Installer * **Asset Relationship Graph**\ Explore a prototype graph layout for visualizing compute asset topologies and their interconnections. * **Teams Store Installer**\ The P0 installer now defaults to installing our Microsoft Teams app straight from the official Teams Store for a smoother setup. ### Enhancements #### CLI & UX Fixes * Corrected the default time shown in the `/p0 allow` modal’s DateTime picker. * Permission-set dropdowns now display all options instead of truncating choices. * Email addresses entered with uppercase letters (e.g.) are normalized automatically. * Improved public-channel notification formatting and expanded help text for Microsoft Teams. * Clarified installation guidance messages for setting up notification channels. #### Reliability & Error Handling * Automatic retries during AWS component installation checks to mitigate transient errors. * Extended Semgrep scan timeouts in CI workflows to prevent premature cancellations. * Suppressed errors when AWS instances are already removed during evidence revocation. * Safeguarded against circular-reference issues by ensuring evidence records don’t match themselves. #### ProxyCommand Enhancements * Gracefully handle token expiration without crashing. * Exit quietly when no instances match, reducing unnecessary output. * Display SSH-friendly host identifiers for easier server selection. * Provide clear error messages when required parameters (e.g., reason) are missing. * Ensure `p0 ls` consistently lists servers according to specified filters. #### Web Request Submission Flow * Backend validation errors (including “Reason” and “Request duration” fields) now surface directly in the P0 web-request form for faster troubleshooting. *** ## April 20th 2025 ### New Features #### Slack & Notification Enhancements * **Rich Slack Modals**\ Interactive input blocks for the `/p0 allow` command-including date/time and duration pickers-plus optimistic pre-population of form data for faster approvals. * **Automated Expiration Alerts**\ Email and in-app notifications to requestors and approvers before evidence items expire, so nothing slips through the cracks. * **MS Teams Lifecycle Integrations**\ Submit audit evidence and lifecycle events directly from Teams, complete with clear guidance and error messaging. #### Security & Compliance Workflows * **AWS Trust Policy Monitor**\ Real-time checks on IAM roles to flag any trust policy granting unrestricted root access. * **Custom Resource Routing Engine**\ New API endpoints and access policies for user-defined asset types, giving you total flexibility. * **Okta Assessment Automation**\ End-to-end Okta security reviews-from data collection through report generation-built into the P0 audit pipeline. #### Reporting & Analytics * **Cross-Project Findings Export**\ One-click export of detailed findings across all your projects for off-platform analysis. * **Enhanced Dashboard Charts**\ Bucket-date overlays on findings charts for clearer trend analysis over time. #### Cloud Platform Integrations * **AWS Just-In-Time Provisioning**\ “Extends from” support on attachment rules for more precise IAM policy scope. * **Google Cloud Run Agent Installer**\ Deploy P0 agents seamlessly into Cloud Run with a dedicated installation component. ### Enhancements #### Reliability & Performance * **Datastore Indexing**\ New index on evidence records to speed up complex queries. #### User Experience * **Posture & Monitor Pages**\ Fixed infinite-render issues on “all” views and ensured data loads reliably. * **Date Validation**\ Both client and server now enforce valid future start/end times in all access-request flows. * **Dropdown & Picker Fixes**\ Permission-set selects now show every option, and the `/p0 allow` DateTime picker defaults correctly every time. #### Notifications & Integrations * **PagerDuty Resilience**\ Standalone repro cases for token-expiry issues and automatic retries in notification flows. * **Error Messaging**\ Expanded help text and clarified error feedback across Slack, Teams, and email channels. *** ## April 6th 2025 ### New Features * **Unused IAM Roles Monitor**\ View IAM roles that haven’t been used (including “never used”), complete with last-used timestamps and guided remediation suggestions. * **AWS Identity Center Diagnostics**\ Built-in troubleshooting for Identity Center errors, surfacing detailed traces so you can resolve issues faster. * **Lifecycle SDK Enhancements**\ Full support for multi-valued objects in lifecycle workflows, enabling more complex automation scenarios. * **Automated “Fix” Commands**\ New one-click CLI commands to automatically remediate unused or overly-privileged IAM policies. * **AWS Service Discovery**\ Automatically enumerate which AWS services are enabled in your account to streamline compliance checks. * **Custom Permission-Set Scopes**\ Tailor exactly which resources, actions, and conditions are requested via both the UI and API. * **Virtualized Permission Tables**\ Replace full-render tables with virtualized lists so large graphs and tables load and scroll instantly. ### Enhancements * **Search & Navigation** * No-op on empty searches to prevent errors * Resource links now always navigate correctly in monitor views * **Form Validation & Error Feedback** * Inline display of JSON parse errors in environment payloads * Date-pickers enforce future dates and default to the correct time * Backend validation errors (e.g. missing Reason or invalid duration) now surface directly in the form * **Visual Consistency** * Warning icons and status badges reflect real-time data states * Table columns render consistently across browsers, with proper truncation * **Visibility Check Resilience**\ Clear error message and retry option when visibility-check endpoints are unavailable * **Performance & Responsiveness**\ Virtualized lists and optimized rendering ensure snappy load times and smooth scrolling throughout the app. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.p0.dev/change-log/2025.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.