Alpha testing: all current functionality is free while VAT Engine is in active development

Product updates

Changelog

Track product releases, security hardening, compliance reporting work, and infrastructure changes across VAT Engine.

Archive page 11 of 14.

Latest release
3.6.112
Production Frontend Now Redirects www To The Canonical Apex Host
Releases tracked
162
Since January 2026
Logged changes
755
Across all categories
SecurityFeatureImprovementFixInfrastructure

Showing releases 121-132 of 162

3.5.2April 29, 2026

Account & Security Dashboard Refresh

7 changes
Security3 items
  • Security Settings now provides clearer protection status, password controls, authenticator setup, and backup-code regeneration from one focused page
  • Backup-code regeneration now has stronger confirmation requirements and is included in the account activity trail
  • Dashboard billing and account forms received additional request validation before sensitive redirects or profile changes
Improvement4 items
  • Account Settings now presents profile details, email verification state, account identifier, security status, and subscription status in a cleaner layout
  • API key details now highlight recent error rate and use clearer wording for the latest request IP security signal
  • Activity Log labels are clearer for profile updates, email changes, and two-factor authentication events
  • Dashboard form validation and loading states were refined to reduce stale data flicker after account updates
3.5.1April 26, 2026

Compliance Reporting Hardening

6 changes
Security1 item
  • Strengthened request-origin validation for compliance dashboard actions, improving protection when the app is deployed behind proxies or multiple hostnames
Improvement4 items
  • Compliance report downloads now handle very large result sets more gracefully, returning a clear truncation marker instead of failing mid-stream
  • Background exchange-rate refreshes now spread themselves out over time, reducing the chance of synchronized refresh spikes across deployments
  • Dashboard-to-API compliance requests now time out cleanly when an upstream service stalls, reducing hanging pages
  • Added dedicated reporting views for transaction ledger, exports, country exposure, tax-class mix, and monthly trend analysis
Fix1 item
  • Country and currency reference data used by the compliance dashboard is now checked automatically to prevent frontend and backend drift
3.5.0April 2026

Multi-Currency Compliance Tracking

4 changes
Feature2 items
  • Compliance threshold tracking now supports foreign-currency transactions using European Central Bank reference rates for EUR comparison
  • Compliance responses now show which currencies were converted successfully and which still need exchange-rate data before they can be included
Fix1 item
  • Threshold status and threshold checks now handle empty transaction periods cleanly instead of failing for new or inactive accounts
Improvement1 item
  • Background exchange-rate syncing is now part of the API startup flow so compliance calculations can stay current without manual imports
3.4.2April 26, 2026

Edge Protection v2

4 changes
Security3 items
  • Edge protection now responds better to both bursty and slow reconnaissance traffic
  • Repeat abusive sources are tracked longer so simple wait-and-retry cycles are less effective
  • Per-site traffic shaping adds another layer of resilience against distributed floods
Improvement1 item
  • Connection and header handling were tightened to improve resilience against slow-loris and oversized-request patterns
3.4.1April 22, 2026

Edge Protection Refinements

3 changes
Security2 items
  • Strengthened automated blocking for malformed and non-standard connection probes at the edge, improving protection against low-level scanning traffic
  • Improved deployment-time validation guidance so live protection rules can be verified more reliably after rollout
Improvement1 item
  • Refined security runbooks to reduce configuration drift between repository changes and the active server setup
3.4.0April 2026

Backend Platform Upgrade

5 changes
Infrastructure2 items
  • Modernized the backend web platform to the latest generation of our Go API framework, improving long-term maintainability and compatibility with current tooling
  • Aligned backend build images with the current Go toolchain used in development and deployment
Security1 item
  • Improved how the API interprets client IP and HTTPS information behind a reverse proxy, making secure-request enforcement and request limiting more reliable
Improvement2 items
  • Standardized backend request parsing, middleware behavior, and automated tests without changing the public API contract
  • Refreshed internal metrics integration and framework-level request handling to make future backend upgrades lower risk
3.3.0April 2026

Code Review Hardening

10 changes
Security3 items
  • Fixed a memory safety issue where request header values could be corrupted when passed to background processing — headers are now safely copied before async use
  • Sequential database identifiers are no longer exposed in user API responses — only the public UUID is returned to clients
  • All database error comparisons updated to use wrapped-error-safe checks, preventing edge cases where errors could be silently misclassified
Fix2 items
  • Fixed an unreachable error response path in CSV export streaming — errors during export are now properly logged instead of attempting to send JSON after CSV headers were already committed
  • Clipboard copy button no longer throws an unhandled promise rejection when the browser denies clipboard access (e.g. non-HTTPS contexts)
Improvement5 items
  • Threshold listing endpoint now supports an optional country filter for more targeted lookups
  • Threshold queries consolidated from multiple near-identical database calls into a single efficient dynamic query
  • API specification updated with all missing query parameters and standardized error responses across every authenticated endpoint
  • API documentation scopes table now lists all transaction and compliance endpoints with their required access levels
  • API key management pages now show animated skeleton loaders instead of plain text while loading
3.2.0April 2026

SME Eligibility & Public Threshold Lookup

5 changes
Feature3 items
  • New public API endpoint checks domestic SME VAT exemption eligibility — submit a country and annual turnover to find out if you fall within the national exemption threshold. Includes policy details and sector-specific sub-thresholds where applicable
  • New public threshold lookup endpoint returns OSS and IOSS thresholds with optional type and date filters — designed for integration into registration workflows
  • Negative consignment amounts are now rejected with a clear validation error on the IOSS threshold check endpoint
Improvement2 items
  • Full API documentation added for the SME eligibility endpoint at /docs/api/sme-eligibility
  • OpenAPI specification updated with complete request and response schemas for all new endpoints
3.1.0April 2026

Compliance Logic Review Fixes

7 changes
Fix5 items
  • IOSS removed from annual threshold status — IOSS is a per-consignment check, not an annual cumulative threshold. Ad-hoc IOSS validation remains available via the threshold check endpoint
  • Threshold reporting now highlights when some foreign-currency transactions could not yet be included in the totals
  • Date range queries fixed to include all transactions on the end date (previously could miss the final day)
  • Request ID in VAT calculation responses now matches the ID used in logs and tracing headers
  • Export date range validation adjusted to correctly handle leap years
Security1 item
  • Account-scoped endpoints (transactions, compliance, threshold status) now require V2 authenticated API keys — legacy keys are restricted to VAT calculation and rate lookup only
Improvement1 item
  • Prepared the compliance reporting surface for later multi-currency threshold conversion support
3.0.0April 14, 2026

Compliance Logic Foundation

3 changes
Feature2 items
  • Account ID: every user account now has a stable, unique public identifier shown in the dashboard under Profile Information — useful for support, integrations, and future multi-key compliance reporting
  • Account ID can be copied to clipboard directly from the dashboard with one click
Infrastructure1 item
  • Database schema extended to support full compliance transaction tracking and user-scoped data ownership — foundation for per-country VAT aggregations and OSS threshold monitoring
2.9.0April 10, 2026

SME VAT Thresholds — TEDB Integration

7 changes
Feature5 items
  • New public API endpoint returns EU SME VAT exemption and scheme thresholds for all 27 member states — no API key required
  • Thresholds include EUR amounts and, for non-eurozone countries, national-currency equivalents (e.g. PLN, HUF, CZK, DKK, SEK, RON, BGN)
  • Sectoral thresholds available where TEDB provides them (e.g. specific industry exemption levels)
  • Data sourced directly from the official EU TEDB SMERetrievalService and kept in sync via the admin panel
  • Full API documentation available at /docs/api/sme-thresholds
Improvement2 items
  • Admin TEDB panel extended with an SME Thresholds tab: preview incoming changes, review field-level diffs, and apply with a single click
  • Diff preview highlights every changed threshold field individually — operators see exactly what changed before confirming
2.8.0April 3, 2026

TEDB Scheduled Sync & Change Alerts

5 changes
Feature3 items
  • VAT rate sync now runs automatically on a monthly schedule — no external cron or manual trigger required
  • When pending rate changes are detected, a Grafana alert is sent via email so operators can review the diff before applying
  • Changes are never applied automatically — human review is required before any database update
Infrastructure2 items
  • Dedicated sync service added to all deployment environments with automatic restart on failure or host reboot
  • Operational credential handling was strengthened so background sync services no longer rely on plain environment values for sensitive access