Platform Changelog

Real-time timeline of technical updates, compliance adjustments, and system features across the Salp B2B ecosystem.

v4.0.5May 20, 2026
Security Notice

AES-256-GCM Secure Invoice Document Token Encryption

Retired direct exposure of database primary keys (UUIDs) in packing slip and tax invoice URLs. All public document share links now use encrypted tokens generated via AES-256-GCM to prevent Broader Object Level Authorization (BOLA) exploitation. This is part of our Zero-Trust Security Audit standard.

Key Security Enhancements

  • Replaced internal UUID endpoints with secure dynamic token exchange paths via /api/document/share/[token]
  • Implemented automatic token expiration (15-day window) and validation checks
  • Enforced RLS (Row Level Security) and brand-scoped authorization policies
v4.0.4May 18, 2026
Improvement

Multi-Channel Price Tier Performance Optimization

Optimized caching behaviors across all 20 country-specific Eurozone storefront channels. Page transition latency has been reduced to sub-300ms by introducing custom Redis-backed key-value tags on regional prices and shipping rules.

Updates & Optimizations

  • Optimized onMouseEnter prefetching hooks on Sidebar navigation tabs to achieve near-zero transition latency
  • Added automated background sync scripts to update cached values during nightly catalog ingestion intervals
v4.0.3May 16, 2026
New Feature

Conversational Support Hub & AI-Driven Diagnostics

Launched an all-new support ticket pipeline that integrates an automated client-side Diagnostics Panel alongside a Gemini 2.5 Flash-Lite triage assistant.

Key Features:

  • Added a dynamic diagnostics button scanning VAT, integration state, and barcode health in real-time
  • Enabled automatic triage summary generation on the ticket queue using Google Generative AI
  • Strictly enforced Zero-Trust BOLA checks on ticket message retrieval and escalations
v4.0.2May 14, 2026
Bug Fix

Webhook JWKS Key Rotation & Signature Retries

Resolved an issue causing intermittent webhook authentication drops during signature verifications. Added an automatic JWKS key rotation cache with built-in retry queues.

v4.0.1May 12, 2026
Security Notice

Lightspeed eCom OAuth 2.0 Security Hardening

Upgraded Lightspeed C-Series integration connection parameters. The system now enforces strict server-side OAuth 2.0 flows, completely retiring legacy manual API token methods.

v4.0.0May 9, 2026
New Feature

Real-Time Inventory Sync & VAT OSS Compliance Gateway

We have fully overhauled the Eurozone synchronization pipeline. This release introduces real-time webhook-driven catalog mappings alongside destination-based VAT calculation gateways under the EU One-Stop-Shop (OSS) scheme.