v1.5.0

What's New

CyberArk Integration

• Full Privilege Cloud support: safes, privileged accounts, and safe memberships
• Identity (SCIM) sync: users and roles from CyberArk Identity
• Secure Infrastructure Access (SIA): VM and database access policies with target criteria matching
• Access Mapping Visualization: interactive React Flow graph showing user-to-target access paths (standing and JIT)
• CyberArk Dashboard: dedicated resource views for safes, roles, and SIA policies
• Tenant Discovery: automatic URL discovery from CyberArk subdomain name
• CyberArk settings panel with SCIM configuration, sync diagnostics, and connection testing

Security Fixes

• Fix CVE-2025-8869: pin pip>=25.3 for symlink path traversal
• Fix CVE-2026-23949: pin jaraco.context>=6.1.0 for path traversal
• Fix CVE-2026-24049: upgrade wheel and setuptools in Docker image
• Upgrade axios>=1.13.5 to fix request vulnerability
• SSRF protection on settings test endpoints
• CodeQL log injection and clear-text logging fixes

Infrastructure & IaC

• S3 bucket auto-discovery with excluded paths support
• Standalone IAM module decoupled from ECS
• CyberArk API and SCIM secrets in Terraform deployment
• S3 bucket parser, collector, and API endpoints

UI Enhancements

• Collapsible VPC and subnet nodes in topology visualization
• Collapsible sidebar sections (AWS / CyberArk / IaC)
• Custom zoom controls replacing default React Flow controls
• Search and filter controls on CyberArk resources and ECS list
• 400ms debounce on search inputs for better performance
• Data freshness indicators and refresh buttons
• Audit log panel in settings

Versioning & Docs

• Fix version drift: sync frontend/package.json to 1.5.0
• Add pre-merge versioning checklists to CONTRIBUTING.md and CLAUDE.md
• Add Versioning section to README.md
• Document required CyberArk service account permissions