Building fast, shipping often.

Track what’s new, what’s in progress, and what’s next. Follow our changelog, peek at the backlog, and join the discussion. We’re building Vauzy in the open.

Changelog

Dec 15, 2025

1.0.0

Dec 15, 2025

Vauzy has arrived! We officially rename from Passbot and enter public release.

Read the post

Vauzy 1.0.0 delivers a major set of launch-ready upgrades, including richer credential metadata, more reliable sharing, tighter permissions, and stronger audit visibility. It also includes a wide range of stability, onboarding, and UX fixes that reduce everyday friction for teams.

See more details

New features

Credential metadata overhaul to support richer fields, cleaner organisation, and better viewing/editing experiences.
Audit logging for workspace channels so key actions are easier to trace and review.
Password generator improvements, including responsive UI updates.
Keepalive lock when awaiting an external step (like scanning or capturing a QR code from another device) to reduce timeouts and interruptions.
Invite management improvements, including the ability to re-send invites and better handling for certain admin and group inheritance scenarios.
New and updated public site content and flows, including refreshed pages (pricing, security, teams, freelancers, agencies), newsletter signup, and demo request journeys.
Permissions and access safeguards tightened across credential actions and external vault access.
New vauzy.com site

Bug fixes

Fixed token flow issues when sharing, reducing failed or confusing share handoffs.
Fixed issues inviting external client users, improving reliability of cross-organisation invitations.
Fixed audit log edge cases around notes and default metadata, improving consistency in activity history.
Fixed address field visibility on the accept-invite form.
Fixed issues with external vault sharing error checks and access verification.
Fixed billing and seat management edge cases, including upgrades with pending downgrades and free account seat adjustments.
Fixed build and pre-render issues affecting certain public pages and routes.
Resolved assorted QA-reported issues ahead of launch, improving overall stability and polish.

Other

Initial migration work completed and refined, including updates related to credential group sharing data.
Release tooling added for site release execution.
General UI and copy refinements across the site and product surfaces.

Oct 9, 2025

0.8.0

Oct 9, 2025

Smoother onboarding, sturdier billing, and multi-domain readiness

Read the post

This release improves reliability during QR-based setup flows, makes lifetime trial setup faster and more resilient, and adds support for operating multiple domains side by side.

See more details

New features

Improved reliability while waiting on external steps such as scanning or capturing a QR code on another device (adds a keepalive lock to prevent timeouts during setup flows).
Added configuration support to run passbot.io and vauzy.com domain routing side by side.

Bug fixes

Reduced the payload sent during lifetime trial setup to improve performance and reduce the chance of request issues.
Disabled an incorrect default subdomain and removed an associated legacy distribution configuration to prevent misrouting and unintended traffic handling.

Other

General billing service updates and refinements.

Sep 18, 2025

0.7.0

Sep 18, 2025

A smoother 2FA experience, better mobile UX, and improved support

Read the post

This release improves the 2FA setup and reset experience, especially on mobile, and introduces better ways to get help through in-app support chat. It also includes reliability and consistency updates across the platform.

See more details

New features

Introduced in-app support chat integration for faster help and better visibility of support conversations.
Initial Slack bot capability added to help teams stay informed and take action without leaving Slack.
Added a dedicated support domain for a smoother, more trustworthy support experience.

Bug fixes

Major improvements to the 2FA setup and management wizard, with a strong focus on mobile usability and smoother step-by-step flows.
Improved the reset flow for existing 2FA tokens to reduce confusion and prevent users getting stuck during recovery.
Defaulted Google Authenticator style credentials to standard TOTP to prevent incorrect setup and improve compatibility.
Fixed tenant detection issues that could cause unexpected behavior in staging-like environments.
Resolved issues with deletion groups to ensure deletion actions behave consistently.
Fixed an issue where surnames were not correctly handled when syncing user details into support chat profiles.
Addressed audit log related issues that could affect reliability of auditing in certain environments.

Other

UI groundwork for more consistent modal and sidebar behavior, improving consistency across the product over time.
Improved routing and health checking behavior to increase reliability and reduce intermittent access issues.
Tightened tenant handling rules by disallowing wildcard tenants, reducing the chance of misrouting and improving safety.
Removed extra debug logging to keep operational logs cleaner and easier to interpret.
Updated staging seed data to include new passkeys for testing and validation purposes.

Sep 9, 2025

0.6.0

Sep 9, 2025

Easier 2FA setup and reliability improvements

Read the post

This release introduces early improvements to two-factor authentication setup and makes credential entry more flexible. It also fixes audit log and shortened link issues to improve reliability across everyday workflows.

See more details

New features

Introduced an early 2FA setup wizard flow to guide users through enabling two-factor authentication
Improved credential entry by accepting Base32-formatted TOTP keys

Bug fixes

Fixed issues with the audit log to improve reliability and accuracy
Fixed the shortened URL resolver to ensure shortened links resolve correctly
Resolved multiple reported issues referenced in #159, #160, and #161

Other

Improved the create and edit credential experience by pre-populating the form payload on load

Sep 5, 2025

0.5.0

Sep 5, 2025

External Vault Sharing and Better Shared Security Visibility

Read the post

This release introduces external vault sharing and improves how risk is shown across shared vaults, alongside a set of reliability fixes for signup, search, and permissions.

See more details

New features

External vault sharing is now available, making it easier to collaborate securely beyond your own workspace.
API key support has been added, improving how integrations and automated access can be managed.
Risk status for credentials is now reflected across shared vaults, improving visibility for teams and collaborators.

Bug fixes

Fixed issues in the signup flow so the correct routes are matched reliably, preventing users from being sent down the wrong path during registration.
Resolved cases where external vaults were not showing correctly after signup or during navigation.
Fixed audit log filtering to ensure activity can be narrowed down accurately.
Resolved an issue where search results were not appearing, improving findability across the platform.
Fixed add and remove user flows where permissions and state could drift out of sync.
Resolved an issue where passwords with OTP changes were not updating their type correctly.
Prevented upgrading to a Teams account in cases where an account is already sharing an external vault, avoiding conflicting account states.

Other

Trial length has been adjusted to 14 days, and the holding page now includes a login button for easier access.
General data fixes and cleanup for improved consistency.

Aug 26, 2025

0.4.0

Aug 26, 2025

Stronger security, smoother passkeys, and everyday usability improvements

Read the post

This release strengthens encryption and credential privacy, improves passkey sign in reliability, and delivers a set of usability fixes across admin and trial experiences.

See more details

New features

End to end encryption improvements for sessions and credential access flows
Passkeys and sign up verification updates, including stronger user verification requirements during registration
Staging health checks added to improve environment readiness checks
Trial experience update with clearer prompts and messaging around shared vaults
Public facing holding and signup flow updates, including refreshed pricing and trial information

Bug fixes

Credential URL validation now supports IP addresses (fixes #120)
Improved WebAuthN error handling and clearer error messages during passkey setup and login
Better handling of authentication errors in the passkey wizard
Schedule creation fixes
Health check reliability fixes for service checks

Other

Progress toward PWA support including initial testing and URL handling improvements
General UI polish including mobile improvements in the admin area
Packaging and dependency housekeeping to improve build consistency
Security hardening to reduce sensitive data returned from credential creation responses

Aug 5, 2025

0.3.0

Aug 5, 2025

Stripe Billing, Vault Sharing, and a New Health Check Experience

Read the post

This release introduces Stripe billing, vault sharing, and a new Health Check experience, plus a wide set of improvements to authentication, auditing, and overall reliability.

See more details

New features

Stripe billing integration across the platform, including updated plans and purchase flow tracking.
Vault sharing, including invitations, share management, and updates to account upgrade and downgrade paths for shared accounts.
Health Check app to provide clearer service status visibility.
Improved audit logging, including capturing source IP metadata for audit events.
Updated admin audit log UI for more consistent status colouring.
Session handling improvements to strengthen sign-in and ongoing session behaviour.
Discord bot support additions (token secret handling and improved OTP generation context).

Bug fixes

Fixed OTP validation issues, including base32 secret validation and add/edit credential validation logic.
Fixed passkey registration and relying-party identifier mismatches to improve passkey reliability across domains.
Fixed JWT signature verification across the app to ensure tokens are validated consistently.
Hardened session cookie handling (secure and strict behaviour) and improved session reset during authorisation.
Improved audit log reliability and correctness (object conversion and logging fixes).
Fixed invitation flow handling for expired invitation links.
Fixed credential security calculations and improved identification and marking of at-risk credentials.
Fixed authenticator metadata lookup issues (AAGUID lookup).
Stability fixes for billing-related UI after subscription and pricing changes.

Other

Deployment and environment configuration updates to support a dedicated staging setup and smoother staging deployments.
General container and compose configuration refinements to improve local and staging consistency.
CI test stage timeout added to reduce the chance of stuck pipelines.
Removed legacy billing provider remnants and cleaned up related configuration references.
User onboarding tour updated to better reflect workflows involving vault sharing.

May 20, 2025

0.2.0

May 20, 2025

Payments progress, stronger 2FA, and a more reliable Discord bot

Read the post

This release brings Stripe payments, major improvements to 2FA setup and migration, and a more dependable Discord bot experience. It also includes a wide set of admin fixes and usability improvements.

See more details

New features

Stripe payments are now supported across the platform.
Updated the pre-launch Holding site purchase flow with refreshed "buy now" options and plan-to-product mapping.
Added currency support and began Chargebee integration work (in progress).
Added Google Tag Manager and Google Analytics 4 tracking service on the Holding site, with refined tracking behaviour.
Improved Discord bot reliability with safer user fetching, member caching on startup, and better handling of multi-tenant contexts (including Admin and Manage Devices commands).
Introduced a new MFA capability set, including improved 2FA token generation and smoother upgrades from older OTP secret formats to modern key URI formats.
Added new experimental Discord bot commands to view and list vaults.
Added an Industry field to the Holding site register-interest form.
Improved public site SEO metadata and ensured consistent favicons across UIs.

Bug fixes

Bot processor now avoids looking up users when a tenant does not exist, reducing failed requests and noisy errors.
Prevented unintended cascading deletes when related user entities are removed, reducing risk of accidental user data removal.
Fixed CORS configuration to allow the Holding staging site to access the API.
Removed remaining Paddle references and dependencies to prevent conflicts and configuration issues.
Fixed admin URL validation to allow single and double character domain names (Issue #74).
Fixed copying 2FA codes so it copies the 2FA code, not the password (Issue #106).
Fixed vault access counts and corrected permission visibility in the admin experience (Issue #109 related areas).
Resolved multiple audit log issues and formatting inconsistencies (Issue #105).
Fixed form submission behaviour in admin so pressing Enter does not navigate away unexpectedly (Issue #79).
Fixed Latest Updates not reflecting credential group permission changes (Issue #107).
Fixed permission cache busting so permission updates propagate reliably (Issues #91 and #108).
Fixed logout action reliability so it works from anywhere in admin (Issue #83).
Fixed a layout issue where the permission box was too narrow on the user edit page (Issue #109).
Fixed a web app initialisation migration issue that could affect startup in some environments.
Fixed OTP key handling consistency across controls and resolved saving issues for OTP keys scanned via mobile camera (Issue #81).
Fixed a migration edge case by filtering undefined credential payloads.

Other

Improved API authorization decorator usage internally for better consistency across controllers.
Added more diagnostic logging to Discord bot context and command flows to speed up support and troubleshooting.
Improved CI/CD workflows, including tagging successful deployments and enabling Holding UI build and deployment adjustments.
Implemented landing page prerendering support to improve how pages are presented to search engines and link previews, along with supporting operational tweaks.
Added a DNS record to align with MailerSend domain authentication recommendations.
Refreshed core dependency versions and applied security-focused updates.
General cleanup and housekeeping across the codebase.

Backlog

Community ideas

Suggest a feature

Chrome Extension

It would be a great idea to have a Chrome extension so that I can auto-fill my passwords and...

Suggested 2 months ago

Ability to generate magic links for quick one-time sharing

It would be great to be able to quickly share credentials securely with 3rd party / external people...

Suggested 2 months ago

Upcoming

Session Management
securityFeature
Add ability to see active sessions across the organisation (for admins) or for you own user.
Show key information such as IP, timestamp and device authed with.
Provide ability to remotely kill the session.
Configurable geolocation restrictions
securityFeature
Allow organisations to optionally configure where users can access the application from.
Allow user by user configuration to allow for 'roaming'/travelling users.
Support the storing of passkeys
Feature
* Users should be able to store 3rd party service passkeys in the Vauzy store and allow other users to use them as any other type of credential.
* Will be more usable once we have browser plugins completed.

In development

Chrome Extension
securitybrowser extensionUX
* Create a chrome extension to directly interact with sites and provide secure credential injection. * Extend existing security practices such as E2E encryption and time limited passkey authentication windows. Useful Links: * [https://github.com/apple/password-manager-resources](https://github.com/apple/password-manager-resources) * [https://web.dev/articles/change-password-url#resources](https://web.dev/articles/change-password-url#resources) * [https://github.com/agilebits/onepassword-app-extension](https://github.com/agilebits/onepassword-app-extension) * [https://github.com/lastpass/generic-password-app-extension](https://github.com/lastpass/generic-password-app-extension)

Frequently asked

How often do you ship updates?

We deploy small improvements weekly and bundle feature releases into regular versions. The changelog lists every update as it lands.

Can I vote or comment on roadmap items?

Yes. Head to our community forum to upvote ideas and add context. We prioritise based on impact, security, and user feedback.

Do you publish security fixes separately?

Security patches are noted in the changelog with clear labels and mitigation notes. Critical updates are also emailed to subscribers.