Fimil Changelog

Fimil ChangelogWhat has shipped in Fimil: scanners, the AI pentest engine, auto-remediation, and platform updates.https://fimil.deven-usPlatform-wide dependency and code audit sweephttps://fimil.dev/changelog#2026-06-platform-audit-sweephttps://fimil.dev/changelog#2026-06-platform-audit-sweepResolved every open dependency alert across the API, web app, worker, and MCP server, alongside a hardening pass on session timeouts and billing webhook deduplication.Mon, 01 Jun 2026 00:00:00 GMTsecurityAI Pentest: in-browser testing, TOTP MFA login, and advisory fix PRshttps://fimil.dev/changelog#2026-05-pentest-browser-mfahttps://fimil.dev/changelog#2026-05-pentest-browser-mfaThe agent can now drive a real headless browser during discovery and exploitation, log in through TOTP multi-factor auth before testing, and open an advisory fix PR for every confirmed finding.Fri, 01 May 2026 00:00:00 GMTfeatureAI Pentest: IDOR detection, PoC export, and pay-per-confirmed-finding billinghttps://fimil.dev/changelog#2026-05-pentest-idor-poc-billinghttps://fimil.dev/changelog#2026-05-pentest-idor-poc-billingCross-account session pairs catch insecure direct object references; every confirmed finding exports a PoC with a copy-paste curl reproduction; billing meters only confirmed findings, with automatic credit on false-positive reversal.Fri, 01 May 2026 00:00:00 GMTfeatureMCP server: run security operations from your AI assistanthttps://fimil.dev/changelog#2026-03-mcp-serverhttps://fimil.dev/changelog#2026-03-mcp-serverModel Context Protocol tools covering scans, findings, triage, remediation, reports, and webhooks — so an AI assistant can drive Fimil end to end. Pentest tools joined the set alongside the pentest engine.Sun, 15 Mar 2026 00:00:00 GMTfeatureAI Pentest: vector breadth, API-aware discovery, and audit-ready reportshttps://fimil.dev/changelog#2026-03-pentest-vectors-discoveryhttps://fimil.dev/changelog#2026-03-pentest-vectors-discoverySQL injection, SSRF, broken authorization, mass assignment, and prompt injection validators with curated payload libraries; BFS crawling plus OpenAPI and GraphQL schema ingest for discovery; PDF reports with SOC 2 and PCI-DSS finding mappings.Sun, 01 Mar 2026 00:00:00 GMTfeatureIntelligence layer: one signal from many scannershttps://fimil.dev/changelog#2026-02-intelligence-layerhttps://fimil.dev/changelog#2026-02-intelligence-layerCross-scanner deduplication via fingerprints, finding groups with four correlation types, composite priority scoring (severity, age, reachability, EPSS), call-graph reachability with call chains, and auto-triage rules with a full audit trail.Sun, 01 Feb 2026 00:00:00 GMTfeatureAuto-remediation: the finding is the pull requesthttps://fimil.dev/changelog#2026-01-auto-remediationhttps://fimil.dev/changelog#2026-01-auto-remediationSemver-aware dependency bumps across 7+ package ecosystems, IaC fixes for Terraform, CloudFormation, and Kubernetes, code fixes from 75+ CWE-specific handlers in eight languages, and secrets rotation guidance — all delivered as ready-to-merge PRs.Thu, 15 Jan 2026 00:00:00 GMTfeatureCore platform: scanner orchestration behind one dashboardhttps://fimil.dev/changelog#2025-12-core-platformhttps://fimil.dev/changelog#2025-12-core-platformIsolated scanner execution with normalized output across SAST, SCA, secrets, IaC, containers, and SBOM; GitHub, GitLab, and Bitbucket integrations with PR checks; CLI pre-commit gate; Kubernetes operator for self-hosted installs.Mon, 01 Dec 2025 00:00:00 GMTfeature