v2.0 — Multi-Tenant Hardening, Passkeys

Released 2026-01-15.

Headline changes

Passkeys are here. Tenant isolation has been deeply audited and improved. This is a major version because the tenant catalog architecture was reworked under the hood — the migration ran during the planned 4-hour Sunday maintenance window.

Added

• Passkey authentication — register Touch ID, Face ID, Windows Hello, or a hardware security key under Profile → Security. Sign in without a password going forward.
• WebAuthn-based step-up auth — high-risk operations (deleting a document classified Restricted, changing platform admin assignments) can require passkey confirmation
• Encryption-at-rest fields on document records (content encrypted with per-tenant keys; metadata encrypted with platform key)
• Tenant-isolation regression tests in CI — every release now runs cross-tenant access tests before deployment

Changed

• AppDbContext query filters — every entity now passes through hardened tenant filter evaluation
• Search index segmentation — per-tenant index segments; never possible to surface cross-tenant results
• Audit log enrichment — additional fields per entry (request id, session id) without breaking schema

Security

• Tenant-isolation review (external) — 2 medium-severity findings, both remediated before release
• Penetration test by independent firm — no critical findings
• Dependency vulnerabilities cleaned up to zero High/Critical CVEs

Deprecated

• The legacy /api/v1/login endpoint (form-encoded) is deprecated in favour of /api/v1/auth/login (JSON). Sunset 2027-01-01.