Skip to main content
Koh Cyber
Changelog

What's new in Koh

Release notes and product updates. New versions ship continuously.

  1. v1.4
    • securitySSRF protection: webhook URLs now DNS-resolved at save time; hostnames resolving to private IPs are rejected.
    • securitySession check now enforces suspended-user state — suspended accounts are immediately blocked at the session layer.
    • featurePlatform rules opt-out: org admins can now disable specific crowd-sourced detection rules for their org.
    • featureOps portal: internal staff evidence export center with 6 SOC-2-ready artifacts (org roster, scan stats, access control matrix, audit log, sub-processors, platform rules).
    • improvementAPI key names now validated (1–100 characters) and allowlist entries enforce max-length at the API layer.
    • improvementNotification config now validates email address format, caps recipient list at 50, and validates frequency enum values.
  2. v1.3
    • featureDomain-intel re-escalation: if async WHOIS/DNS enrichment finds a new attack domain or +all SPF policy, the scan label is upgraded to HIGH_THREAT and Gmail quarantine label is reapplied automatically.
    • featureCustomer-facing REST API v1: Bearer token API keys let technical teams pull threat and quarantine data into their SIEM/SOAR.
    • securityCloud Armor WAF now in front of the API: OWASP CRS rules (SQLi, XSS, LFI, RFI, RCE) + Adaptive Protection + IP rate limiting.
    • improvementRate limiting extended to API key creation (10/hour), threat feed (300/min), and all v1 endpoints (200/min per key).
  3. v1.2
    • featureContent compliance rules: org admins can create keyword and regex rules that trigger quarantine, flagging, or graymail routing.
    • featureSender allowlist and blocklist management with full audit trail.
    • featureCrowd-sourced platform rules: detection signals shared across orgs (with opt-out) and auto-promoted at 90% confirmed-positive rate.
    • improvementDaily digest emails summarise the previous 24 hours of threat activity per org.
  4. v1.1
    • featureLayer 4 async domain intel enrichment via Cloud Tasks: WHOIS age, website presence, MX, Cloudflare NS signals.
    • featureOutbound webhooks: real-time threat events can be pushed to any HTTPS endpoint with HMAC-SHA256 signature verification.
    • featureSlack notifications for threat alerts.
    • fixSPF +all policy now correctly classified as a high-risk signal.
  5. v1.0
    • featureInitial launch: real-time Gmail scanning via push notifications, SPF/DKIM/DMARC validation, lookalike domain detection, display-name spoofing detection.
    • featureQuarantine queue with admin review and one-click release.
    • feature15-day no-CC trial with automatic suspension at expiry.
    • featureGoogle Workspace Marketplace listing for one-click install.