Skip to main content

Documentation Index

Fetch the complete documentation index at: https://support.pexcard.com/llms.txt

Use this file to discover all available pages before exploring further.

PEX is an evergreen SaaS platform, which means that our engineering and product teams are constantly working to improve our products and services. As part of our continuous deployment process we make updates to our software every single day, multiple times throughout the day. These updates may be fixes & improvements to existing functionality, or new functionality not yet available to our users. This article provides updates on changes that we have made summarized on a weekly basis. Please be sure to subscribe to our monthly product blog for

Mar-16, 2025 to Mar-20, 2026

  • CSP, Dashboard, Internal API, Reporting, Fraud Service, Credit
This set of releases continued to mature credit application, disputes, and bill inbox/vendor payment workflows end-to-end. CSP added richer credit/dispute tooling (contextual credit application reprocess errors, decision reason display, audit event visibility, applicant external login visibility, AllowedLoginMethods, created date in admin search, due date surfaced for reverification, SBFE alerts, and statement links). Dashboard expanded Bill Inbox (Inbox filters/selection/bulk actions and Review tab), improved account linking UX, added automation for bulk “Send Invites”, and refined “Authorized apps”/MCP server access experiences (beta badge, info messaging). Internal API increased bank statement upload limits and fixed duplicate-statement and bill-pay statement issues, added vendor payment support for non-platform payments, and improved external login flows (including fixes for Google sign-up/sign-in edge cases). Fraud optimized dispute eligibility performance. Credit focused on reliability and telemetry: fixed AMS alert onboarding issues, JSON/NaN crashes blocking alert emails, SQL timeouts, Salesforce onboarding case creation gaps, resubmit validations and state transitions, and preserved original submission data on resubmits; it also added early reverification triggers for prolonged Plaid disconnections. (CSP-1537, CSP-1552; Dashboard-4172, Dashboard-4179, Dashboard-4189; Internal API-1128, Internal API-1129; REP-related items surfaced in CSP; CONDOR-329; Credit-916)
  • Purchasing, Invoicing, Metadata, Search
Bill Pay and Bill Inbox improvements were reinforced at the service layer. Purchasing added vendor icon/logo support for Bill Inbox History/Review, fixed vendor creation so IconUrl/LogoUrl populate correctly, added a NonPlatformPaymentEnabled vendor flag, and improved observability/logging hygiene (OTEL updates, devsql DNS, Linux console logging disabled). Invoicing upgraded to .NET 10, added due date filtering support in Bill Inbox search (noted earlier), expanded Bill Inbox remit-to fields/address fields, added non-platform payment as a payment method, and added a paginated endpoint for open business account numbers (not a blocker). Metadata shipped multiple Bill Inbox and Visa Enhanced stability fixes (attachments tab placement, JSON conversion and deserialization failures, OTEL package update). Search improved stability and correctness by removing ~70s timeouts caused by unnecessary enrichment in CardholderSearchCount and fixing occasional networkTransactionId formatting issues; it also updated OTEL. (Purchasing SVC-457; Invoicing-422, Invoicing-430; Metadata-1198; Search SVC-230)
  • CSP, Approval Service, Dashboard
Group-based workflows and admin tooling improved. CSP deprecated the “Use Cardholder Groups” setting in favor of newer group handling, added AllowedLoginMethods business setting, and improved admin search results (Created Date). Dashboard added the ability to choose between user vs cardholder groups when configuring group-based approval rules across approval workflows. Approval Service shipped .NET 10 + OTEL upgrades (and earlier added user-group logic for “If” conditions). (CSP-1537; Dashboard-4134, Dashboard-4143; Approval SVC-170)
  • Cardholder, Embossing, Security & Identity
Cardholder and identity data alignment continued to support “cardholder group” isolation. Cardholder exposed SecurityGroupId on Cardholder Group API responses and implemented dual-write syncing to Security.[Group] type=2 and GroupXUser; it also disabled Linux console logging to prevent log accumulation. Embossing migrated its EmbossingRecordsGet stored procedure to use the IdentityLegacyMap + GroupXUser path, then temporarily restricted EmbossingRecordsGet to Cardholder GroupType only to avoid cross-group leakage, and included a dev environment fix plus documentation migration. Security & Identity compatibility changes were consumed by CSP/BM (AllowedLoginMethods and .NET 10 OAuth2 compatibility). (Cardholder-590; EMBOSSING-62, EMBOSSING-63; CSP-1537)
  • Bank, Scheduling, IVR, LogEngine, Audit, MalwareProcessing
A consistent operational theme was .NET 10 upgrades, OpenTelemetry updates, and reducing Linux log growth by disabling NLog consoleTarget. Bank fixed asset report validation behavior when a Plaid item is deleted (KnownFailure vs 500), added Plaid connection attributes, refactored HttpClient, and disabled console logging on Linux. Scheduling Service upgraded to .NET 10 + OTEL, disabled Linux console logging, migrated AGENTS.md, and fixed a Hangfire null-reference issue. IVR upgraded to .NET 10 + OTEL and continued release-process validation (SWARM testing). LogEngine delivered support fixes for inaccurate network transaction IDs. Audit also continued OTEL updates and removed Semantic Kernel in favor of Agent Framework (previously), aligning with the broader platform direction. MalwareProcessing patched high severity vulnerabilities (previously). (Bank-667; Scheduling SVC-34; IVR-186, IVR-197; LogEngine-33; Audit items previously noted; MalwareProcessing Core 41 previously noted)
  • CSP, Dashboard, Bank
Supportability improvements were visible across UI: correlation IDs were added to bank-connection and login/auth error messaging, reducing time-to-diagnose. Dashboard also improved legal-name prefill and wallet/account-linking experiences to reduce fulfillment and account-access issues. (Dashboard-4134, Dashboard-4143, Dashboard-4172; CSP-1511; Bank-667)
  • BeneficialOwnerCore
Compliance reporting continued with fixes to report schedules and destinations (314a destination path fixes). (BeneficialOwnerCore-Release-183)
  • Marketplace, Connectors, Rules Engine
Marketplace and connectors continued both functional improvements and security/maintenance. Marketplace shipped an MCP server tab info message and updated manifests. NetSuite/Dynamics connector updates addressed multiple UX and sync issues (locations, settings, OAuth relogin routing, excluding system notes, description sync rules, expense category removal, new receipt endpoint, invalid value mapping, and more), plus a follow-up to increase parallel cardholder processing batch size. Rules Engine shipped a .NET 10 + OTEL upgrade and a fix for standardized vendor name toggle behavior. (marketplace-329; marketplace-manifests-155; pex-connector-netsuite-288, pex-connector-netsuite-289; RE-Release-797)

Mar-9, 2025 to Mar-12, 2026

  • CSP, Dashboard, Internal API, ExternalAPI, Reporting, Fraud Service
Customer support and dispute workflows were the primary theme. CSP and Dashboard improved dispute handling/visibility, aligned dispute PDF generation to Reporting, and expanded tooling around ACH errors, Ocrolus duplicate detection, and credit/dispute data shown to support users. Internal API and ExternalAPI continued rolling out external login/registration capabilities, improved dispute case details (including better Salesforce case subject/description data), strengthened tag dependency rules, and continued dupe invoice flagging. Reporting added/updated dispute PDF output and patched a Magick.NET security vulnerability, while Fraud Service exposed additional fraud-engine options. (CSP-1495, CSP-1511; Dashboard-4134, Dashboard-4143, Dashboard-4145, Dashboard-4153; Internal API-1099, InternalAPI-1111, InternalAPI-1123; ExternalAPI-684; REP-609, REP-615; CONDOR-324)
  • Search, LogEngine, Audit
Platform reliability and operational noise reduction. Search and TransactionHub/LogEngine moved forward with .NET 10 upgrades and multiple bug fixes, plus new fields to improve transaction search/sync accuracy (AuthorizationResponseCode/TransmissionDateTime) and fixes for network transaction ID accuracy. Search/Audit/LogEngine also disabled NLog console logging on Linux to prevent unintended log accumulation, and Audit further reduced complexity by replacing Semantic Kernel with the Agent Framework while updating OpenTelemetry. (Search SVC-218, Search-211, Search SVC-215; LogEngine-19, LogEngine-32, LogEngine-33; Audit-258, Audit-260, Audit-263)
  • Security & Identity, Business Management, Start, Mobile
Authentication and onboarding improvements rolled out across web and mobile. Security & Identity continued OIDC Authentication/Registration work, added pre-checks to prevent orphaned accounts, expanded external login method support, and fixed OAuth/OTP reliability and error-reporting gaps. Start added Google Sign-Up/Sign-In, improved credit application wording and bank-statement fallback/duplicate-detection UX, patched a high-severity “core” CVE, and removed Microsoft Clarity. Business Management introduced/expanded partner settings and access gates (including MCP Server Access, AllowedLoginMethods), enabled Card Switch by default, and improved correlation-ID logging practices. Mobile 32.0.23 improved logging and MFA convenience (iOS), and fixed multiple first-time login and reimbursement/tagging UX issues. (Security-SVC-1023, Security-SVC-1033, Security-SVC-1036; Business-1401, Business-1402, Business-1404, Business-1408; Start Site-338, Start-339, Start-351; Mobile 32.0.23)
  • Credit, Bank, Balance Engine, Approval Service, Rules Engine
Credit and adjacent services focused on correctness, account lifecycle, and supportability. Credit delivered a large reliability release covering application resubmits, Ocrolus webhook hardening/recovery, multiple 500/validation fixes, audit events, retries for stuck applications, and multi-program account closure, plus decision-reason support. Bank improved Plaid/asset-report validation behavior (KnownFailure vs 500), added Plaid connection attributes, and reduced Linux log accumulation. Balance Engine fixed scheduled funding and credit billing-period issues and improved operational procedures. Approval Service and Rules Engine both added/expanded user-group support in rules configuration and improved merchant normalization/MCC mapping, with additional Linux log hardening. (Credit-900; Bank-667; BE-Release-1200; Approval Service-167; RE-Release-791)
  • MalwareProcessing, Metadata, IVR
Security and stability maintenance. MalwareProcessing patched high severity vulnerabilities and migrated documentation. Metadata continued dupe invoice flagging work, strengthened tag dependency constraints, improved duplicate detection support, added remit-to bank fields in bill email analysis, and fixed invoice/SMS/attachment edge cases. IVR focused on Linux deployment/process verification, reduced Linux log growth, and improved receipt/note SMS behavior. (MalwareProcessing Core 41; Metadata-1194; IVR-159, IVR-160, IVR-162)
  • Marketplace, Apps, Connectors
Broad Marketplace security patching, largely centered on CVE-2026-27970 (“core”) and related compiler CVEs, plus documentation migrations (AGENTS.md). Several connectors/apps also included targeted functional fixes (NetSuite filtering and inactive mapped field failures, Concur purchase sync). (marketplace-manifests-143; pex-app-envelope-127; pex-app-analytics-69; pex-app-auto-tagger-381; pex-app-funding-scheduler-130; pex-app-batch-funding-121; pex-connector-data-export-250; pex-connector-intacct-185; pex-connector-zohobooks-63; pex-connector-google-sheets-166; pex-connector-xero-91; pex-connector-procore-54; pex-connector-google-drive-189; pex-connector-onedrive-129; pex-connector-netsuite-268; pex-connector-concur-257)
  • BeneficialOwnerCore, SalesForce
Compliance/reporting and CRM metadata updates. BeneficialOwnerCore continued Bancorp-required reporting (314(a), Monthly Originators) and fixed scheduling/control-file naming issues. SalesForce shipped multiple metadata/configuration updates (including AccountTags, new queue/status, picklist updates, quota and event object metadata changes). (BeneficialOwnerCore-Release-180, -181, -182; SalesForce-1397)

Mar-2, 2025 to Mar-6, 2026

  • CSP, Internal API, ExternalAPI, Fraud Service, Reporting
Dispute and case workflows were strengthened and aligned across systems. CSP switched dispute PDF generation to use the Reporting service (replacing PdfDispute.Client) and added more dispute-related UI/hardening (including XSS encoding fixes). Internal API expanded dispute support with dispute detail endpoints and added transaction details into Salesforce case descriptions after dispute submission, plus continued support for fraud-driven dispute flows. Fraud Service improved dispute search (search by cardholder name, filter by origin: CSP vs Dashboard), added an origin indicator (where the dispute was created), and introduced a client SDK for retrieving/downloading dispute attachments; it also fixed eligibility/search defects that could allow duplicate dispute attempts and name searches returning no results. Reporting added dispute form PDF generation (including questionnaire fields) and patched a high-severity Magick.NET CVE. ExternalAPI added a new Vendor/Active endpoint (not a blocker), migrated GET /Partner to Platform data, added an option to bypass/enable tag-save validation, and fixed incorrect HasAttachments flags. (CSP-1495; Internal API-1080, Internal API-1084; CONDOR-316; REP-605, REP-609; ExternalAPI-684)
  • Dashboard, Start, Mobile
Dashboard continued the transaction UX rollout and operational improvements. It removed Microsoft Clarity, renamed the Bill Inbox Pending tab to Inbox, reduced dependency loading time, added support for adding unregistered cardholders to user groups, and shipped Multi-Program Account Closure. Scheduled funding views were improved with “Max Per Funding” and MaxFundingAmount support, and multiple defects were fixed across receipts/notes concurrency, tag restrictions by group, backward compatibility for tag disabling + tag dependencies, partial receipt uploads, visibility TypeErrors, missing funding transaction IDs, vendor creation redirects, and ensuring the correct card is closed on fraud disputes. Additional fixes addressed regressions and bill pay/dispute UX gaps, plus dupe invoice flagging and general transaction UX missing features. Start added Google Sign-Up/Sign-In, updated credit application text and Credit ZBA screen wording, patched a high-severity “core” CVE (CVE-2026-27970), and later removed Microsoft Clarity. Mobile 32.0.23 went live with improved logging and iOS-only MFA code prepopulation (SMS/Gmail), plus many fixes across first-time login/verify identity, reimbursement creation/submission (including split-tag cases), tag UX/scroll behavior, approval flow visibility, attachment deletion behavior for auto-matched receipts, note editing/navigation issues, validation text/field alignment, and iOS secure code timing/profile edit issues. (Dashboard-4106, Dashboard-4117; Start Site-338, Start-339; Mobile 32.0.23)
  • Search, LogEngine, Audit
Search and logging were updated to support richer transaction data, scheduled funding limits, and operational stability. Search added AuthorizationResponseCode and TransmissionDateTime to purchase transaction search and also synced HasNote/HasTag on cardholder transactions. It added MaxFundingAmount to scheduled funding search results, added CardholderTypeId for faster filtering and the ability to identify registered vs non-registered cardholders, added GetProcessorTranId lookup support for TransactionMetadataSync, and improved stored procedure performance with OPTION(RECOMPILE). Follow-up Search fixes addressed dashboard card-funding display errors, cache-key issues, null TranId DataExceptions, and FK constraint failures in metadata delete flows; it also standardized filtering to use CardholderTypeId and disabled NLog consoleTarget on Linux to prevent log accumulation. LogEngine added AuthorizationResponseCode and TransmissionDateTime to sync DTOs, later upgraded TransactionHub to .NET 10, disabled NLog consoleTarget on Linux, and addressed date/time inconsistencies between transaction list and details. Audit patched the critical SemanticKernel CVE (CVE-2026-25592), later disabled NLog consoleTarget on Linux, and added a new CreditApplicationResubmittedEvent audit event. (Search SVC-208, Search-211, Search SVC-215; LogEngine-19, LogEngine-32; Audit-258, Audit-260)
  • Security & Identity, Business Management, Cardholder, Bank
Identity, onboarding, and group management received major updates. Security & Identity introduced OIDC Authentication & Registration (resolved), strengthened GroupType isolation (including seeding Cardholder group types and filtering at-risk stored procedures), fixed SQL timeouts in login audit device list, and resolved OTP reliability issues tied to stale keep-alive connections and update failures. It also added Search Engine sync when cardholder invite status changes and supports adding unregistered cardholders to user groups. Business Management added partner schema + CRM fallback, new endpoints to retrieve partner/partner business ID, enabled Card Switch by default, enabled EAP by default (resolved), allowed document uploads for closed customers, and updated logging so Semantic Kernel services use PexLogger for correlation IDs. Follow-up enabled EarlyAutopaymentAccess for specific templates and added a new partner (Bakertilly) plus a setting to gate MCP server access. Cardholder fixed ETD empty-file generation failures related to PGP encryption, added SecurityGroupId column + indexes to CardholderGroups, updated OpenTelemetry package, addressed a stuck error-queue message, and updated SQL references. Bank patched a P1 issue where a NullReferenceException in PlaidApiProvider masked real Plaid error details. (Security-SVC-1023; Business-1401, Business-1402, Business-1404; Cardholder-586; Bank-665)
  • Fraud Service
Fraud Engine added bill payment controls and reliability improvements. It introduced an ACH safeguard rule for bill payments and updated rule queries to avoid deprecated tables. Later releases added “Admin Created Date”, fixed divide-by-zero errors in fraud rule stored procedures, and disabled NLog consoleTarget on Linux to prevent unintended log accumulation. (CONDOR-319, CONDOR-323)
  • Metadata, Internal API, Dashboard
Invoice/tagging data integrity was improved. Internal API added dupe invoice flagging and prevented adding dependencies to disabled/deleted tags; Dashboard also shipped dupe invoice flagging and fixed several tag recommendation/visibility issues tied to group restrictions and dependency backward compatibility. Search/Internal API also coordinated on dropping previously migrated columns (counts/group) from Search.Cardholder. (Internal API-1099; Dashboard-4117, Dashboard-4106; Search SVC-208; ExternalAPI-684)
  • MalwareProcessing
Patched high severity vulnerabilities and migrated AGENTS.md documentation. (MalwareProcessing Core 41)
  • Connectors, Marketplace, Apps
Multiple integrations and marketplace packages were updated. NetSuite connector patched a high severity “core” CVE, improved filtering queries via Rutter API, and fixed sync failures when mapped custom fields are inactive. Concur connector fixed purchase sync for a customer. Marketplace manifests fixed Dynamics manifest issues and updated Auto Tagger logo styling. Funding Scheduler fixed stuck/blocked scheduled funding records. (pex-connector-netsuite-268; pex-connector-concur-257; marketplace-manifests-143; pex-app-funding-scheduler-128)
  • IVR
Deployment process verification and Linux logging hardening. One deployment validated the Linux-only release process, and a follow-up disabled NLog consoleTarget on Linux to prevent log accumulation. (IVR-159, IVR-160)
  • BeneficialOwnerCore
Added new bank reporting outputs (53rd 314(a) bank report implementation and a Monthly Originators report required by Bancorp to support Bill Payment; both noted as not blockers). (BeneficialOwnerCore-Release-177)

Feb-23, 2025 to Feb-27, 2026

  • Dashboard, Start
Dashboard expanded dispute support and transaction UX. Users can now review submitted disputes from Card details → Disputes, and dispute creation logic/validations were improved (including fixes so cardholders can create disputes and clearer dispute warning wording). Tag Dependencies shipped preview tag visibility and improved required-child-tag validation (“otherwise” condition), plus multiple UX fixes (tags disappearing on bill pay screen, dependency-related error messaging, saving tags without dependency selected). This set also addressed many UI/responsiveness issues (subnav ellipsis behavior, large MCC text, missing tag recommendations, long notes on mobile browser, extra scrollbars, console warnings) and included dependency security patches (minimatch/ajv/qs CVEs). A later release added Bill Inbox UX enhancements (History tab + Pending tab phase 2), MaxFundingAmount UI for scheduled funding, early asset report validation with PDF fallback in credit apply flow, and multiple transaction-page reliability fixes. A no-code deployment then enabled the new transaction details page in Prod/Sandbox. Start improved the credit apply / bank-statement flow by prompting applicants to confirm sweep accounts, fixing a PDF underwriting upload issue (3 months of statements), correcting an ngx-pex/core misconfiguration, and improving clarity in the bank statement fallback delete modal. (Dashboard-4056, Dashboard-4077, Dashboard-4084; Start-332)
  • Internal API, CSP, Fraud Service, Reporting
Dispute flows were expanded end-to-end. Internal API added endpoints for the “Fraud” dispute reason flow, dispute details, and improvements so dispute eligibility checks are accessible to cardholders when enabled by business settings; it also populated transaction details into the Salesforce case description after dispute submission. CSP added more details to the dispute details page. Fraud Service added dispute origin indicators (Dashboard vs CSP), expanded dispute search to support cardholder name and origin filters, and introduced a client SDK for retrieving/downloading dispute attachments; it also fixed issues that allowed attempts to re-dispute already-disputed transactions and fixed name-search returning 0 results. Reporting added a dispute form PDF generation endpoint and included cardholder questionnaire fields in the dispute PDF. (Internal API-1080, Internal API-1084; CSP-1481; CONDOR-316; REP-605)
  • Internal API, Dashboard, CSP, Business Management, Credit, Balance Engine
Several cross-service features progressed together. Bill Inbox support advanced with Internal API Bill Inbox functions + structured Bill Inbox item fields, and Dashboard Bill Inbox UX enhancements (History and additional Pending phase work). Mandatory EAP work landed across Internal API, Dashboard, CSP, and Business Management. Multi-Program Credit Line Allocation Management was enabled through Internal API and surfaced in Dashboard, while Credit improved CLI diagnostics (decision reasons), reduced Ocrolus-related 500s, and passed BankStatementDaysAvailable to Alloy underwriting. Balance Engine improved scheduled funding performance (notes queued separately), fixed enqueue-fund and delinquency-cycle issues, and added a MaxFundingAmount cap; Internal API added MaxFundingAmount support and exposed BillInboxEmailAddress in business settings responses. Business Management added DisputeForm document category, embossing branch code read/write endpoints, opt-in data completeness validation at onboarding, and patched a critical SemanticKernel CVE. CSP improved sweep/ZBA visibility and added “Previous Credit Line”, plus security hardening and maintenance migrations. (Internal API-1080, Internal API-1084, InternalAPI-1087; Dashboard-4056, Dashboard-4077; CSP-1481, CSP-1486; Business-1391; Credit-878; BE-Release-1193, BE-Release-1194)
  • Metadata, Search (sync & enhanced data ops)
Metadata restored and improved Search synchronization and enhanced Visa transaction operations. It fixed Search SVC synchronization not working, ensured Fund/Defund cardholder transactions can return HasNote/HasTag in cardholder transaction search (not a blocker), removed an unused Search.Cardholder dependency from tag recommendation feedback queries, and added TagValueName to SQL tag tables. It added reconciliation endpoints for unmatched Visa enhanced transactions and multiple matching/job-processing fixes (fine-tuned match logic, duplicate matched IDs, null PostingDate), enabled deleting SMS notes, and tracked group type (User/Cardholder) for tag option restrictions. Follow-up fixes addressed tag option restriction upsert 500s and an ObjectDisposedException app crash when logging. (Metadata-1183, Metadata-1185)
  • Log Service, CSP
Log Service added validation for Tag Dependencies bulk tagging and expanded TransactionHub legacy integration via ITransactionLogProvider. CSP also began refactoring transaction log queries to use the TransactionHub service client (not a blocker). (Log Service-18; CSP-1481)
  • Reports (custom)
Delivered two support-relevant reports: a reconciliation report fix restoring missing GL codes, and a non-consolidated credit cardholder report by business. (CE-SettlementRecon-18; CE-CardholderCreditLimitByBusiness-1)
  • IVR
First PROD release of IVR Service to Linux. (IVR-146)
  • Marketplace, Apps, Connectors
Security, branding, and targeted integration fixes. Marketplace updated the “Build your app with PEX” → “Deepen your experience” banner. Envelope hotfix patched multiple dependency CVEs (eslint/minimatch/ajv/qs/webpack). Analytics app patched lodash high severity vulnerability. Auto Enforcer fixed a customer rule-date update issue, patched compiler CVE, and resolved Clarity icon upgrade issues. Connectors shipped targeted fixes: Data Export MIP exporter save behavior with future end dates, GreenSlate expired password handling, Concur charges not downloading for a cardholder, and Intacct specs swapping between Sage business details. (marketplace-322; pex-app-envelope-125; pex-app-analytics-67; pex-app-auto-enforcer-266; pex-connector-data-export-248; pex-connector-greenslate-129; pex-connector-concur-254; pex-connector-intacct-183)
  • CRM
set Onboarding Stage to QA Review on logic fall-through. (CRM-702)

Feb-16, 2025 to Feb-19, 2026

  • Dashboard, Mobile, and Customer-Facing UI
Dashboard expanded disputes and tagging UX while continuing Tag Dependencies improvements. New work added dispute creation logic and eligibility validation messaging, triggers to block cards when “Fraud” is selected as the dispute reason, and multiple transaction-details fixes (auto-match label behavior, arrows/UX consistency, required tag validation). Tag Dependencies shipped bulk tagging and more modal updates (bill/reimbursement), and Admin capabilities were restored to delete system-generated notes. Additional fixes addressed broken UI actions on transaction details, tag-rule configuration edge cases (“Any value”), SDACH page freeze errors, verification notification links, attachment indicators, merchant list description hints, UI for long tag titles, resolution/layout issues, and attachment upload limits. Dashboard also shipped Bill Inbox “Pending” tab work, moved to NodeJS v22, and fixed several responsive/layout issues (tag layout on mobile resolutions, filter group name display, unnecessary footer visibility). Mobile app 31.9.18 was published to 100% of users, focusing on matching/receipt retry visibility, switching to new Metadata endpoints for attachments, improving action dropdown consistency, extending reimbursement logging, and improving reject reason UX. It also fixed multiple stability and workflow issues: crashes, null-reference race conditions, reimbursement approval visibility, rematch time display, enum/logging issues, wrong admin name on rejected fund requests, handling 409 conflict for already-registered cardholder verification, opening receipt reminder notifications for settled transactions, and avoiding auto-match sparkles when receipts weren’t auto-matched. (Dashboard-4000, Dashboard-4022, Dashboard-4028; Mobile 31.9.18)
  • Internal API, Search, Log Engine, and Audit
Internal API continued to build out dispute and notes support: it reintroduced/standardized endpoints for dispute eligibility checks and dispute initiation, fixed CH access to tag dependency sets, added a new disputes list endpoint, added an endpoint to set onboarding bank account sweep flag, enabled admins to delete system-generated notes, and ensured dispute creation sets Dashboard as the origin. It also updated SQL Server references to the devsql DNS entry as part of infra standardization. Search Service continued performance work and cleanup: added a CardholderUserInfo table for faster aggregation, added ApprovalCode into TransactionPurchaseLifeCycle, stopped dual-writing cardCounts/group fields into Search.Cardholder, and fixed timeout errors for search count queries. Log Engine added a TransactionLog API for CSP compatibility, added ApprovalCode to the transaction details sync endpoint, and included bug fixes around that CSP compatibility work. Audit shipped a new audit event for Bank Sweep Indicator changes and patched a critical SemanticKernel CVE (CVE-2026-25592). (Internal API-1064, Internal API-1069; Search SVC-195, Search Service-197; LogEngine-15; Audit-255)
  • Rules Engine, Balance Engine, Bank/BankHub, and Business Management
Rules Engine fixed several policy/ruleset reliability issues (errors copying prepaid spend policies into credit businesses, failures saving cardholder spending rulesets), added an “Install Default Spend Policies” endpoint, and updated transaction logging with DecisionResultInput. Balance Engine fixed a P1 production alert (Fund call exception), added an endpoint to apply default EAP settings, and migrated documentation. BankHub addressed missing icons and continued its BAU migration work (Windows service to Linux) with documentation updates. Bank Service added sweep/ZBA account indicator support, reduced noisy logs when Ocrolus books are checked after deletion, added asset report pre-validation/status, handled 425 “Too early” responses when getting Ocrolus book summary, updated SQL Server references, and included the CSP-facing Ocrolus Books search fix. Business Management shipped Early Autopay II automation (auto-enable for monthly credit customers), installed default spending rulesets during account creation, set FullMetadataRequirements=true by default, updated S&I client dependency for correlation ID propagation, and patched the critical SemanticKernel CVE; it also updated SQL Server references. (RE-Release-783; BE-Release-1189; BankHub-407; Bank-662; Business-1384)
  • CSP, Credit, Invoicing, Reporting, CRM, and Salesforce
Credit had multiple operational releases: Credit-868 was a deployment for Experian password rotation (no code changes). Credit-870 introduced multi-program credit line allocation management and added a “Voluntary Credit Limit Decrease” AAN reason. Credit-871 improved Ocrolus webhook recovery for failed Plaid asset reports and updated SQL references. Invoicing fixed a P1 issue where HandleAchCompletion silently no-ops when PaymentTransfer is in Exception state with InboundAchCheckStatusError, and added DueDate support to BillInbox sorting (not a blocker). Reporting shipped fixes for credit statement generation when credit line wasn’t active during the statement period (P1). CRM-701 expanded platform/strategic account sync (new fields including EstYearlyRevenue and three new strategic account fields), improved contact update behavior after account changes, and continued infra/maintenance cleanup (SQL reference updates, removing deprecated APIs, documentation migration). Salesforce releases added contact creation endpoint support and metadata updates (including Affiliated_Entity_Vintage__c and Success Reviewed checkbox), and later prevented updates to `sales_marketing_attribution__c`. (Credit-868, Credit-870, Credit-871; Invoicing-409; REP-603; CRM-701; Salesforce-1375, Salesforce-1377)
  • IVR, Connectors, and Beneficial Owner
IVR was upgraded for security and hosting: patched System.Private.Uri CVEs (2019-0981 / 2019-0657) and migrated IVR from IIS to a Windows Service. A QBD API connector hotfix fixed a Marketplace issue where QBD CreditCardCharge sync fails when AccountRef is empty and the transaction is tagged with an Item. Beneficial Owner Console Core shipped a fix to include all required columns for the 53rd bank report CSV and migrated documentation. (IVR-111; pex-connector-qbd-api-76; BeneficialOwnerCore-Release-169)

Feb-9, 2025 to Feb-12, 2026

  • Dashboard, Start, and Customer-Facing UI
Dashboard continued Tag Dependencies and transaction details redesign work by updating the purchase and reimbursement details modals, improving UX when adding tags that violate dependency rules, and adding a Launch Hub dropdown update. It also fixed regression test failures and several workflow/UX issues (Early AutoPay banner behavior, incorrect preselected workflow for group-based policies, CH info box visibility, clearer errors for already-registered cardholders during registration, and better messaging when disabling/deleting tags with dependencies). Dashboard patched a high-severity axios vulnerability (CVE-2026-25639) and improved token-generation UX by requiring an access code before generating external API tokens, plus removed the ability to set “None” spend policy for credit cardholders. Start shipped the axios CVE fix and a broader Start bundle (security patching, asset report check + bank statement fallback, duplicate detection, partner list updates, and automation/devops updates). (Dashboard-3977, Dashboard-3983; Start-324, Start-325)
  • Internal API, Search, and Platform Performance
Internal API improved validation and dispute flows: better 4xx validation messages, dispute initiation endpoint updates, eligibility-check endpoint for disputing, and CRM SF case creation/updating triggers when “Fraud” is selected as a dispute reason. It also respected the new MFA reason “Generate external API token,” updated note payloads to include UploadChannel (SMS) and UploadChannelSentFrom (phone), and fixed several issues (correlation ID propagation in OAuth token requests via updated S&I client, inability to switch to Basic review-requirements flow, missing accountNumber validation on change card status, cancelled requests appearing in review requisitions, transaction details suggested value issues with multiple attachments/auto-match, and improved 404 error messaging). Follow-up releases fixed a silent failure when an already-registered cardholder verifies a card, and added a batch admin endpoint for sending invites along with small UI/support fixes (sandbox authorized apps name; metadata next retry date visibility for Amazon receipt matching). Search Service continued performance optimization by adding a CardholderGroup table. (InternalAPI-1056, Internal API-1057, Internal API-1060; Search SVC-193)
  • CSP, Security & Identity, and Notifications
CSP improved AAN management and known vendor workflows: fixed filtering AANs by business name, fixed resetting search filters after searching by Platform Business Account ID, added/expanded Known Vendors management, and fixed Ocrolus Books search errors by Book ID/Platform Account ID. Additional CSP work streamlined known vendor updates into a single button, showed Visa enhanced transaction data on Transaction Details (not a blocker), replaced the Raw Data modal with an interactive JSON tab with search, and fixed issues around closing credit businesses/credit accounts. Security & Identity fixed missing correlation ID headers on OAuth token requests, optimized refresh token deletion, added a new MFA reason (“Generate external API token”), migrated docs, fixed Cardholder Linkage secure access issues (SAC/DOB), fixed “User permissions changed” auditing, logged admin-created events for redemption flow, and fixed missing actor details in AdminCreated events from CSP. Notification Service added PexRequestContext to client definitions, exposed emails sent to the user in CSP, migrated docs, fixed a connection issue that caused OTP sending errors, and shipped a follow-up bug fix for an AutoMapper failure when attachments are provided. (CSP-1462, CSP-1465, CSP-1466, CSP-1467; Security-SVC-1006; NotificationSVC-68, Notification-70)
  • Metadata, Visa Enhanced Data, and Attachments
Metadata focused on attachment reliability, matching, and Visa enhanced data capabilities. It fixed email attachment visibility in Dashboard for cardholders with unique emails, corrected cases where emails were treated as phone numbers, and adjusted logging for client request cancellations. It added a Visa Enhanced Transaction Search endpoint, introduced a retry attachment analysis endpoint, improved multi-user matching, expanded SMS receipt submission text capture (including truncation rules), fixed timestamp behavior for SMS async attachment ingestion, improved Visa enhanced workers matching using Business Account ID, and added an endpoint to validate tag dependencies and required tags before saving. (Metadata-1158)
  • Purchasing, Cardholder, Credit, Invoicing, Reporting, and Connectors
Purchasing added Sunlight Card Switching support with a new endpoint to retrieve a known vendor by id, and added richer system notes for manual request cancellations. Cardholder Service added a bulk “Send Invites” job type and made ReportDate optional on ETD file generation endpoints to support scheduled jobs. Credit Service improved reliability and customer ops: it now sends Alloy details about Ocrolus PDF failure reasons (resolved), fixed a P1 production incident where SBFE/Experian alerts stopped working, integrated with Notification Svc to send AANs after PDF generation completes, fixed unexpected Ocrolus asset report errors for a specific customer, and added “Voluntary closure” as an account management AAN reason. Invoicing shipped baseline Bill Pay Inbox requirements and schema enhancements (normalized vendor info and AttachmentMetadataId), plus a fix for UpdatePaymentTransfer error handling. Reporting added carved-out merchants for automated rebate calculations, updated consumption of Credit history endpoint for point-in-time credit limits (P1), patched a Magick.NET high-severity security alert, constrained pending transactions by statement date range (P1), continued AAN PDF generation work, and fixed an incorrect starting balance/statement issue (P2). NetSuite connector fixed an issue where Indiana NetSuite purchases were not syncing. A custom scheduled card funding report was also released for CommOp. (Purchasing SVC-446, Purchasing-448; CH svc Cardholder-579; Credit svc Credit-862; Invoicing-407; Report svc REP-602; pex-connector-netsuite-264; report CE-ScheduledCardFunding-2)

Feb-2, 2025 to Feb-6, 2026

  • Dashboard, Start, and Customer-Facing UI
Dashboard shipped further work around transaction details and account history. This includes a transaction details modal redesign (not enabled everywhere yet), business settings grouping improvements, updated login imagery (approval workflow / cardholder approval workflow), and respecting the new BM “Account history access” gating setting. Dashboard also added support for copying rulesets between linked accounts and viewing existing tokens (without exposing token values), plus multiple performance/stability fixes (cache repository errors, long loading when closing cards). Sunlight Card Switching work continued with support for the `CardSwitchEnabled` business setting and related UI/flow changes. Start added duplicate bank statement validation to reduce repeated/duplicate submissions. Mobile app 31.8.0 was published, focusing on logging cleanup, pipeline updates (.NET 10 / Xcode 26.2), and multiple transaction experience improvements: reloading transaction lists after metadata updates, switching to new Internal API metadata endpoints for tag CRUD/splitting, supporting advanced “Transaction review requirements & missing data reminders,” and enabling users to open transactions directly from “missing info” push notifications. Bug fixes covered date filtering (transactions + ledger), tag edit behavior with disabled/deleted tags, status refresh issues after adding/deleting required info/notes, missing info reminder navigation, non-clickable “3 dots” UI, tag opening issues on transaction details, ledger duplicate dates, spend request UI tweaks, receipt/note delays, layout fixes for larger screens, decline amount mismatch, and notes indicators on unblock requests. (Dashboard-3947, Dashboard-3962, Dashboard-3964; Start-318; Mobile app 31.8.0)
  • Internal API, External API, Search, and Core Platform
Internal API expanded dispute and platform tooling support: added/extended endpoints to initiate disputes, introduced account tags on business accounts (and endpoints to edit them), fixed audit history filtering so events generated after 02.01.2026 appear for the default filter, and added endpoints for generating a `pex-mcp-tool` external token and copying rulesets between linked accounts. It also added an option to control whether save-tag requests are validated, and fixed a 500x issue coming from the onboarding-checklist endpoint. External API added bill pay enhancements and normalization: `PayeeNameNormalized` on bill payment search items, exposing “Use Bill Pay” in business settings responses, a new `GetBillPaymentRequest` endpoint, and a fix for Account history showing External API actions with no actor. Search Service focused on performance: introduced a dedicated CardholderStatusCounts table and optimized related queries (with a follow-up optimization release and documentation migration). (InternalAPI-1035, Internal API-1042; ExternalAPI-678; Search Service-190, Search SVC-192)
  • Metadata, Visa Enhanced Data, and Reporting-Adjacent Enhancements
Metadata continued hardening and Visa Enhanced Data work. A major release (Metadata-1122) consolidated multiple improvements: storing Visa Enhanced Data, fixing Fleet Line JSON deserialization type mismatches, sanitizing card data from transaction metadata, moving tag recommendations/attachment analysis to the new Metadata service layer, improving reliability by publishing with PlatformBusinessAccountId and adding retry logic, and cleanup/refactors (dead code removal, DI cleanup to constructor injection only). A hotfix ensured `x-correlation-id` is present in logs, and an additional hotfix expanded BillInbox extraction/recording, fixed Visa enhanced transaction endpoint validation (502 when StartDate > EndDate), added basic text capture from SMS receipt submission (not a blocker), aligned Visa config away from vault variables into locked encrypted variables, migrated AGENTS.md for Transaction Metadata, and continued Visa Enhanced Data storage/config improvements. (Metadata-1122, Metadata-1139, Metadata-1143)
  • Business (BM), CSP, Credit, Bank, and Rules Engine
Business Management introduced and refined account tags and per-account gating: added the Account Tags field and management endpoints, added the `CardSwitchEnabled` business setting, fixed validation so account tags can’t be set for invalid account IDs, and changed “Account history access” to default to true across templates. CSP delivered a large set of fixes and feature additions: improved VISA Enhanced Data searching (including gas station transactions), fixed PD JsonSerializer issues, added manual account labels/ratings visibility (not a blocker), added/expanded AAN visibility and audit trail, fixed invoices retrieval errors, repaired search-by-business-account-id flows for Credit/Receivable, removed card numbers from query string parameters, surfaced the BM “Use account audit history” setting in CSP, improved SBFE registration status visibility, and supported Sunlight Card Switching gating via `CardSwitchEnabled`. A follow-up CSP release added “show JSON data” for VISA enhanced transaction data and fixed multiple AAN-automation-related issues that blocked actions on credit businesses and broke notifications in some regions. Credit work included readiness for a new endpoint to retrieve AAN reasons for CSP (as a blocker for CSP credit-line updates) and confirmation that active AAN automation work is acceptable to release even while customer notifications aren’t fully enabled yet. Additionally, Credit-854 (released yesterday) integrated with Report Svc for PDF generation, added allocation history endpoints for point-in-time balance calculations, and fixed several P2 issues (allocation validation failures, bad PDFs still flowing to manual review, and Ocrolus webhook status reasons). Rules Engine added copy-ruleset functionality, fixed lifetime spend targeting, improved merchant normalization/MCC mapping and merchant validation, corrected network-data behavior for similar merchant names/mapped MCCs, and fixed incorrect EventPlatformBusinessAccountId population on spending ruleset assignment events. (BM svc Business-1367, Business-1369; CSP-1451, CSP-1457; Credit-849 , Credit-854; RE-Release-778)
  • Cardholder, Fraud, Purchasing, Log Engine, IVR, Callback, and Connectors
Cardholder Service completed a .NET 10 upgrade, fixed Sunlight Card Switch vendor creation issues, added an endpoint to retrieve a cardholder profile by embossing id, and migrated AGENTS.md documentation; a follow-up release updated Sunlight production variables (no code changes). Fraud Service expanded dispute support: added an eligibility-check endpoint for disputing, added endpoints for dispute attachment details and downloads, stored additional fields needed for Dashboard dispute flows, enabled adding attachments to the dispute form, and fixed a P2 issue where `Status` was null in POST /disputes. Purchasing Service migrated documentation and fixed a Sunlight Card Switching issue where merchant suggestion id was missing in SQL. Log Engine added a new DecisionResultInput model to AuthMessageModel and migrated AGENTS.md. IVR addressed a PD incident by fixing an ObjectDisposedException in GetCardholdersData and migrated AGENTS.md. QBO connector hotfix improved Bill Pay UX/backend behavior (admin save, bill payments, sync, wording, attachment checkbox default) and ensured it respects the “Use Bill Pay” business setting. Callback service is ready for PROD with a PexCard.* migration and client package rename. (CH svc Cardholder-574, Cardholder-576; Fraud svc CONDOR-309; Purchasing SVC-445; LogEngine-11; IVR SVC-91; pex-connector-qbo-177; Callback-28)

Jan-26, 2025 to Jan-30, 2026

  • Dashboard, Start, and Web Apps
Dashboard continued Launch Hub, policy UX, Tag Dependencies, and account history improvements. We renamed the Onboarding Checklist to “Launch Hub”, updated its imagery, and added confirmation messages when users change approval policy data (name, thresholds, out-of‑policy rules). Tag Dependencies UX was enhanced with rule editing, an updated Tag Manager tab, confirmation pop‑ups when leaving unsaved changes, and a new Notes filter option on the consolidated transactions page. Transaction details were refactored to use signals and the new metadata API response format; Audit/Account history UI was improved; and Bill Inbox menu and prod‑ready gating were added. Multiple bugs were fixed: incorrect admin review banner vs. available actions, Sunlight card status editing, CH approvals failing with 404, Ripon deny‑list issues, switches for Manage/Create Cardholder not working, empty notes added on approval, Tag Manager tab errors, high JS error volume, and a lodash (4.17.21) security alert. Start added an asset report screening feature for Credit Flow plus related test automation work. The Envelope app patched several high‑severity CVEs (lodash, compiler, qs), fixed cardholder transactions not loading on the Create tab, and resolved Clarity icon issues. (Dashboard-3912, Dashboard-3914, Dashboard-3932, Dashboard-3936; Start-316; pex-app-envelope-123)
  • Internal API, Search, and Audit
Search service fixed transaction filtering so that combining `HasTag` and `HasNote` now works with an AND clause. Internal API expanded AI‑analysis and audit features by extending the list of events with AI analysis, adding error handling for the audit events search endpoint, and later enabling the `AuditEventAnalysisEnabled` pipeline variable (config only). It iterated on Tag Dependencies APIs, added `GetAuditEventById`, removed the old Linked Credit MPA Businesses endpoint, respected a new BM setting that gates Account audit history, and added a new endpoint to initiate disputes. Bugs were fixed around mapping demo cards to specific cardholder accounts and inability to save tag dependencies. Audit service introduced Agent Context Tools and then updated the AI‑analysis prompt to avoid mentioning internal IDs, event source, or embossing information. (Search SVC-188; Internal API-1021, Internal API-1025, InternalAPI-1030, InternalAPI-1031; Audit svc Audit-247, Audit-248)
  • Metadata and Visa Enhanced Data
Metadata focused on stability, security, and enhanced data. It fixed PD app crashes and decryption key‑not‑present errors, resolved JSON deserialization issues for Fleet Line sequence numbers, and upgraded Magick.NET‑Q16‑AnyCPU to address vulnerabilities. Functionally, it switched tag recommendations and attachment analysis to the new Metadata service layer, started sending bill analysis to Invoicing BillInbox, stored Visa Enhanced Data in Transaction Metadata (with Visa company id now configured/validated via appsettings), restricted disabling/deleting tags, ensured auto‑approval triggers correctly when notes are added, and cleaned up legacy Attachments/User/Business APIs. It also added lookup of businesses by TO/FROM email and sanitized card data from transaction metadata payloads while continuing Visa Enhanced Data storage. (Metadata-1103, Metadata-1120)
  • CSP, Business, Credit, Bank, Cardholder, and Purchasing
CSP improved billing and Visa Enhanced Data UX by adding a button to append billing periods for charge accounts, moving the Real‑Time Visa Enhanced Data button to a more prominent spot, and showing SBFE Registration Status and a registration button. Several bugs were fixed: incorrect fraud alert transaction dates, ET time zone for application submitted time, default time range in simple search, errors when searching Real‑Time Visa Enhanced Data, and inability to apply Payment Status and Risk Level filters on the Credit tab. Business service fixed a typo in CSP’s close reason (“CustomerWithdrew”), added a new partner AmTravt, resolved P2 KYC errors in QA logs (GetKycRefreshApplication and TriggerKycRefresh), and introduced a new BM setting to gate Account audit history. Credit service delivered multiple P1/P2 bug fixes around Ocrolus asset report errors and statement processing, integrated with Report Svc and Notification Svc for AAN PDF creation and delivery, and added endpoints for AAN Reason Codes, credit line history (point‑in‑time balance), and SBFE alert monitoring; it also now sends HSOriginalSource data to Alloy and avoids AAN calls when no data was sent. Bank service improved asset report failure handling by setting `bankauthenticationmethod = all`, fixed a P1 mismatch between Bank Svc and Ocrolus portal errors, aligned Split Plaid Link configuration for Credit Flow, enhanced logging for asset report endpoints, and fixed Same Day ACH validation job 500s in QA. Cardholder service fixed enhanced data file generation so it doesn’t pick up already‑assigned cardholders, added a `SendEmptyFile` config for ETD generation, added a delete endpoint for Sunlight card switch cleanup, updated Sunlight Card Switch to use the known vendors list from Purchasing (only supported vendors), updated VIDS filenames, and attempted (then reverted) a .NET 10 upgrade. Purchasing service added `VendorNameNormalized` to `VendorGetResponse` to support normalized vendor logic in downstream Sunlight features. (CSP-1438; BM svc Business-1359, Business-1361; Credit svc Credit-846; Bank svc Bank-652; CH svc Cardholder-569; Purchasing SVC-442)
  • Apps, Marketplace, and Malware Processing
Connector and core app releases focused heavily on dependency security updates and resilience. The GreenSlate connector upgraded Magick.NET‑Q8‑AnyCPU and lodash to fix high‑severity vulnerabilities; the Blackbaud connector likewise patched lodash‑4.17.21. NetSuite connector resolved repeated timeouts on load, improved UX by showing the customer field, synced customer names into the Memo field, and upgraded compiler/core/lodash to versions that address CVE‑2026‑22610 and related issues. MalwareProcessing Core upgraded Magick.NET‑Q16‑AnyCPU to resolve a high‑severity security alert, continuing the broader hardening across platform services. (pex-connector-greenslate-126; pex-connector-blackbaud-305; pex-connector-netsuite-263; MalwareProcessing Core-38)

Jan-19, 2025 to Jan-22, 2026

  • Dashboard, Start, and Mobile
Dashboard: Improved login image, required notes, subnav text, event naming, and Q1 webinar promotion. Advanced Tag Dependencies UX (added tag-based filtering), enabled review/receipt features toggle, upgraded Sunlight Card Switching, and provided “Correlation ID on errors”. Fixed account creation bugs, duplicated API call prevention, history UI polish, and ensured dispute creation supports attachments. Start: Enhanced analytics for bank account linking, fixed/added Split Plaid Link config for Credit Flow (Start-315), and improved security (critical/high severity CVEs). Mobile v31.7.13: Updated UI for iOS 26/Xcode 26 changes, log cleanup, fixed keyboard, receipt, transaction approval, and toast bugs, improved quick action UI, “not reviewed” label logic, and improved Person Directed Supports handling. (Dashboard-3890, Dashboard-3894, Dashboard-3895, Dashboard-3897, Dashboard-3901, Start-314, Start-315, mobile app 31.7.13)
  • Internal API & Platform
Internal API added/updated dispute, audit event AI analysis, tag dependency, and attachment-handling endpoints, reimb receipt validation, and improved visibility on system/client exceptions, asset reports, and business actor metadata. Updated to use HasUserNote for user/system note distinction. Fixed receipt visibility, logs, Sunlight Card Switching demo, audit/history display, Plaid config for Credit Flow, and errors on system notes. Log Engine introduced “missing transaction info” reminders. (Internal API-1008, Internal API-1010, Internal API-1016, Log Engine-8)
  • Security, Fraud, Cardholder, Approval, IVR
Security maintained Mend/CVE compliance. Fraud, approval and cardholder services improved receipt upload validation, SFTP/proxy config, Sunlight Card Switching flexibility, bill payment QA, and fixed key errors. IVR Service improved monitoring for frequent error bursts. (S&I Svc Security-SVC-995, Fraud svc CONDOR-293, Cardholder-561, Approval Service-163, IVR SVC-87)
  • Metadata & Reporting
Metadata released dependency rule editing/filters, PD/cancelation alert handling, improved Visa Enhanced Data APIs, removed sensitive test data, fixed OpenAI/attachment upload bugs, and prioritized active tags over deleted ones. Emergency hotfixes resolved service crashes (PD, StackOverflow/exceptions, etc). Reports: Added annual spending and audit reports for Samaritan, updated Credit Welcome emails, rebate variable logic, tweaked AAN PDF generation, improved compliant reason code APIs, and fixed start/end balance/PDF errors. (Metadata-1085, TransactionMetaData-1097, report CE-SpendByCard3Years-2, report CE-SpendByCard3Years-3, Report svc REP-592)
  • Marketplace & Integrations
Major marketplace, app, and connector updates for security (CVE-2026-22610, CVE-2025-66412, Magick.NET, compiler/core), icon upgrades, reliability, clarity, and batch funding scheduler improvements. OneDrive exited beta status. GreenSlate, Intacct, QBO, Blackbaud, Automation, Airtable, CMIC, Xero, NetSuite, Procore, Zohobooks, Data Export and Auto Tagger received dependency/UX/security updates. (pex-app-funding-scheduler-126, pex-app-batch-funding-119, marketplace-manifests-140, pex-connector-intacct-182, pex-connector-automation-153, pex-app-auto-tagger-374, pex-app-analytics-66, pex-connector-qbo-170, pex-connector-blackbaud-304, pex-connector-airtable-146, pex-connector-concur-251, pex-connector-cmic-204, pex-connector-data-export-247, pex-connector-xero-89, pex-connector-netsuite-258, pex-connector-qbd-39, pex-connector-zohobooks-61, pex-connector-greenslate-124, pex-connector-greenslate-125, pex-connector-procore-52, marketplace-321)
  • Business Management, CSP, CRM, Beneficial Ownership
BM svc: Enhanced request context, fixed SAP Concur “remind for receipts”, instability, QA payment transfer, and updated Mongo/Redis tracing. CSP: Better timezone support, displaying and editing new business settings (BillPayInboxEmail, UseTagDependencies), real-time VISA Enhanced Data, menu cleanup, permission fixes, actor/exception handling, and edited session recordings. CRM: New API endpoints, account update fix, disabled BasedOnBusiness logic, migrated core/services to PexCard.*. Beneficial Ownership: pipeline config changes, improved output folder, service reliability. (BM svc Business-1355, BM svc Business-1358, CSP-1423, CSP-1426, CSP-1431, CRM-684, CRM-685, Beneficial Ownership Core - 3073)
  • Balance Engine & Core
Balance Engine added calendar/invoice endpoints, billing enhancements, and payment transfer bug fixes. Webhook Delivery Service migrated to PexCard.*. Audit migrated to Microsoft agent framework and improved recurring job scheduling, fixed timeouts. Search SVC: HasUserNote on transactions, SE Recon Endpoint addition. (BE-Release-1185, webhook-delivery-service-273, Audit svc Audit-243, Search SVC-187)

Jan-12, 2025 to Jan-15, 2026

  • Dashboard, Start, and Mobile
    Dashboard advanced its Tag Dependencies UX (Settings tab), bulk and in-line disputing from Card details, and improved error messaging for approval policy changes. Added account history viewing for users with proper permissions, page title-casing for brand alignment, and a single “Profile” tab naming standard. Fixed background subscription leaks and several security issues (including CVEs). Brand UX improvements and analytics for Start, plus security patches and better feedback for bank statement upload errors.
    (Dashboard-3874, Dashboard-3879, Dashboard-3882, Start-313)
  • Internal API, Platform & Core Services
    InternalAPI removed legacy review requirements, added Tag Dependencies APIs, webhook processing for Sunlight Card Switching, enhanced account audit events, and new field handling in business metadata. Improved logging, error handling, and fixed consistency/validation in asset reports, exceptions, and permission callbacks.
    Core/LogEngine updated review, context, and error handling for transaction history and service instrumentation.
    (InternalAPI-988, Internal API-1000, LogEngine-6)
  • Security, Approvals, Fraud, Cardholder, Data Protection
    Security & Identity fixed PlatformBusinessId issues in UserPermissionChanged, updated context passing, and event handling.
    Approvals added EventPlatformAccountId to audit records, security upgrades, and maintained Mend/CVE compliance.
    Fraud fixed null “Status” in dispute search, policy events, and AAN reason codes API.
    Cardholder made ETD generation field corrections, enriched sunlight card switching logic, improved webhook configuration, and made SFTP/VISA proxy improvements.
    DataProtection added key management and improved client security configs.
    (Security-SVC-995, Approval Service-163, Fraud svc CONDOR-293, CH svc Cardholder-549, Cardholder-554, Cardholder-558, DataProtection svc DataProtection-260, DataProtection svc DataProtection-261)
  • Metadata & Reporting
    Metadata: fixed restarts, improved Enhanced Data API, handled invoice emailing, improved tag and status ordering/display, legacy API cleanups, handling for circular references (StackOverflow), and delivered new tag dependency/field endpoints. Emergency hotfixes deployed for transaction service crashes.
    Report Service: fixed incorrect starting balances, PDF statement failures, added AAN PDF and compliant reason code APIs, improved rebate query performance, and patched all Mend-vulnerability issues.
    (Metadata-1065, Metadata-1076, Metadata-1081, Report svc REP-589, report CE-CardFundingTransactions)
  • Marketplace & Integrations
    Massive work on Marketplace and connectors: all migrated to PexCard.* packages, UI and icon upgrades for QBO/APLOS/Blackbaud/Intacct, security patching (critical/medium CVEs on compiler, core, preact), and reliability fixes.
    Major highlights: connection cards/tabs/setting cards for QBO; reliability, Angular 19, and clarity upgrades for Intacct, Blackbaud, Aplos, plus Memo sync and customer display for NetSuite (257).
    (pex-connector-qbo-169, pex-connector-intacct-181, pex-connector-blackbaud-303, pex-connector-netsuite-257, pex-connector-aplos-288, marketplace-319, pex-app-analytics-64, pex-connector-cmic-199, pex-connector-data-export-246, pex-connector-onedrive-124, pex-connector-google-drive-184, pex-connector-airtable-142, pex-connector-netsuite-254, pex-connector-google-sheets-154, pex-connector-concur-247, pex-connector-xero-87, PEX-Connector-116)
  • Purchasing, Salesforce, and Banking
    Purchasing Service enhanced merchant suggestion and context, improved known vendor handling, and enriched Sunlight card logic.
    Salesforce now features “All Activity” and “All Cases” sections, new account hierarchy updates, and sub-reasoning/fields.
    Banking: further OTEL instrumentation, configuration and profile updates (limited access by onboarding status), and fixed instability in several banking profile scenarios.
    (Purchasing SVC-441, Salesforce-1357, BM svc Business-1348, Bank svc Bank-646, BankHub-347)
  • CSP & Beneficial Owner
    CSP made “Spending Power” the standard terminology, implemented multi-account overview and multi-bank views, improved statement and rebate navigation, and fixed several customer/exception errors, serialization problems, styling, and permission states. Beneficial Owner reporting logic was further refined.
    (CSP-1412, CSP-1414)
  • Search, Embossing, and Other Core Releases
    Search Engine removed legacy review logic and improved client context.
    Embossing Service continued scheduled card updates for Blood Cancer programs.
    (Search-185, Embossing svc EMBOSSING-59)

Jan-5, 2025 to Jan-9, 2026

  • Dashboard, Start, Mobile, and Marketplace Apps
    Dashboard shipped major new dispute workflows: bulk transaction dispute selection, in-line creation from Card details → Purchases, enhanced Tag Dependencies UX in Settings, improvements to limited access messaging for Credit, updated onboarding checklist, UI polish for new login imagery, new ‘Disburse’ button consolidation, settings for ‘early_autopayment_settings_saved’ events, and refactored use of IntApi business attachment endpoints. Additional fixes covered sidebar debounce, account balance reloads, cache invalidation, minor UI and text issues, bulk assignment UX, and error message clarity.
    Start now adds CorrelationId details on file upload errors and fixes for missing Fed Tax ID error messaging.
    Mobile app v31.6.19 used Internal API for business attachments, standardized OTEL env names, improved logs, refined input UX for filters and numeric fields, and patched more than a dozen bugs including permissions, error messages, and receipt behavior.
    Marketplace and connectors migrated to PexCard.* packages, handled widespread security patching (compiler CVEs), upgraded workflow tab display (Auto Enforcer, Auto Tagger), and applied validation and UI bug fixes throughout exports and integrations.
    (Dashboard-3857, Dashboard-3858, Dashboard-3870, Start-307, mobile app 31.6.19, marketplace-manifests-139, pex-connector-cmic-199, pex-connector-data-export-246, pex-app-analytics-64, pex-app-funding-scheduler-122, pex-app-batch-funding-113, pex-app-auto-tagger-363, pex-connector-onedrive-124, pex-connector-google-drive-184, pex-connector-airtable-142, pex-connector-netsuite-254, pex-connector-google-sheets-154, pex-connector-concur-247, pex-connector-xero-87, PEX-Connector-116)
  • Internal API, External API, and Platform Services
    Internal API consolidated approval endpoints, improved nuget dependency management, removed obsolete endpoints, added audit actor details, allowed asset report validation/polling, and fixed bugs in matching, assignment, and review flows.
    ExternalAPI migrated to PexCard.* packages, updated user ID handling with Metadata APIs, improved bill/process/validation error paths, and enabled cardholder transaction queries using Search Service.
    Multiple services migrated to, or upgraded with, the PexCard.Engine.Core package, emphasizing consistency and performance.
    (Internal API-977, Internal API-984, ExternalAPI-671, Balance engine BE-Release-1181, MalwareProcessing Core -36, Wire Listener-140, LogEngine-6)
  • Security, Fraud, Data Protection, and Log/Audit Services
    Security & Identity added PexRequestContext to client/MQ, patched MFA, rate-limit, and performance issues.
    Fraud Svc fixed dispute search “Status: null” bug (IncludeSalesforceStatus), addressed Credit/ACH edge cases, and kept up with core/package migrations.
    Data Protection Service expanded authentication endpoints, improved client context passing, and overall security posture.
    Log Engine migrated to PexCard.* packages, added client request context, fixed transaction history CPU spikes, and improved error messaging for push notifications.
    Audit Service migrated to .NET 10, retooled audit event structure, and maintained package parity.
    (Security-SVC-994, Fraud svc CONDOR-293, DataProtection svc DataProtection-260, LogEngine-6, Audit svc Audit-233)
  • Metadata, Approvals, Beneficial Owner, CSP, and Credit
    Metadata upgraded dependency handling, SDK/tag API enhancements (including bidirectional deps), cleaned up legacy APIs, patched bugs with attachment names and email extraction, and supported new mobile endpoints.
    Approvals Service resolved security vulnerabilities, consolidated API templates, and upgraded packages.
    Beneficial Owner disabled legacy reporting, fixed CRM call errors, and absorbed new platform improvements.
    CSP further improved dispute PDF watermarking, L2/L3 VISA workflow, risk/invite bug fixes, and refined ledger/rebate navigation.
    Credit Svc delivered core upgrades, PDF, book summary, and feed bug fixes (including critical app/PD alerts), and continued pipeline and state machine enhancements.
    (Metadata-1055, Approval SVC-162, Approval SVC-161, BeneficialOwnerCore-Release-166, Beneficial Owner Release -165, CSP-1391, CSP-1392, Credit svc Credit-831, Credit svc Credit-832)
  • Bank, Embossing, Invoicing, and Purchasing
    BankHub migrated to PexCard.* packages, improved user access in multi-bank contexts, added asset pre-validation and balance history features, and addressed PD alert errors.
    Embossing Service updated records for Blood Cancer United-Susan Lang (DI) and Blood Cancer Financial Relief DI.
    Invoicing migrated to PexCard.* packages, upgraded balance engine, and validated payment transfer creation.
    Purchasing upgraded foundational packages, modernized vendor sync, cleaned up legacy dependencies, and ensured critical bug fixes for vendor management/QC.
    (Bank svc Bank-646, BankHub-347, Embossing svc EMBOSSING-59, Invoicing-387, Purchasing SVC-437, Purchasing SVC-438)
  • Reports
    Cardholder funding reports now support tags; various report generation logic and template endpoints got significant fixes (PDFs, summaries, .zip, asset polling, etc).
    New custom/consolidated reporting released in CE-CardFundingTransactions.
    (report CE-CardFundingTransactions, Report svc REP-577)

Dec-29, 2025 to Jan-2, 2026

  • Dashboard, Start, and Marketplace Apps Dashboard released multiple enhancements and fixes: improved API communication, instrumented Posthog for session recording, removed unused endpoints, deduplicated balance API calls, refined selection logic, tightened approval/reject permissions by approval policy status, clarified errors after receipt additions, fixed primary account and tag UI, and patched workflow/403 errors and CVE-2025-15284 vulnerabilities. Other releases included fine-tuning UI with alignment fixes, removing request/response bodies from Posthog, and quick bug-patch releases. Start instrumented Posthog session recording, updated default bank configs and financial partner naming, and enforced trimming on business names in account management. Marketplace app images now show the latest versions (manifest refresh). (Dashboard-3842, Dashboard-3844, Dashboard-3845, Dashboard-3846, Start-305, Start-303, Business-1328, marketplace-manifests-139)
  • Internal API, Notification, Approval, and Purchasing Services Internal API added endpoints for Linked Credit MPA Businesses, Sunlight Card Switching support, receipt visibility on mobile, fixed card linking problems, switched to new Metadata attachments architecture, resolved assignment-listing issues, and numerous community/business logic bug fixes. Notification Service migrated to PexCard.* packages. Approval Service migrated to PexCard.* packages, added consolidated template creation/updating endpoints, and continued service modernization. Purchasing Service migrated to PexCard.* packages, removed merchant schema dependencies, updated Sunlight vendor sync logic, improved error messaging for vendor management, and integrated critical upgrades to the PexCard.Engine.Core package. (Internal API-967, InternalAPI-971, Internal API-972, Notification SVC-61, Approval SVC-161, Purchasing SVC-437, Purchasing SVC-438)
  • Metadata, Malware, Cardholder, Invoicing Metadata fixed email-uploaded attachment names, cleaned up legacy state/suggested match/payment request APIs, added mobile-get attachment link endpoint, and upgraded foundational components. Malware Service was migrated to PexCard.* packages and patched to address Mend.io security vulnerabilities (CVE-2025-66628). Cardholder Service patched P1 errors related to conditional “Amount” validation. Invoicing Service migrated to PexCard.* packages, upgraded foundational components, improved balance engine integration, and added validation on payment transfers. (Metadata-1044, Malware-35, CH svc Cardholder-545, Cardholder-546, Invoicing-387)
  • Rules, Velocity, Bank, Business Management, CSP & Notification Rules Engine, Velocity Service, Bank Service, and Invoicing Service all upgraded to the latest PexCard.Engine.Core package for consistency and performance. Bank Service also added a new endpoint for retrieving Ocrolus Signals. Business Management updated Databasics default configs, renamed financial partners, and fixed P2 errors for business-name field trimming. CSP migrated to PexCard.* packages and resolved MFA code display, customer record, and SBFE file filtering bugs. Notification Management migrated to PexCard.* packages. (RE-Release-770, VELOCITY-Release-198, Bank svc Bank-637, BM svc Business-1328, CSP-1385, Notification SVC-61)
  • Audit and ApprovalsAudit service defined a structure for new approval history event updates, implemented engine upgrades, and continued PexCard.* migration. Approval service created consolidated approval template endpoints and upgraded to PexCard.* packages. (Audit svc Audit-227, Audit svc Audit-228, Approval SVC-161)

Dec-22, 2025 to Dec-24, 2025

  • Dashboard, Start, and Marketplace Apps Dashboard deployed a hotfix to resolve the star indicator on all linked accounts, improved login imagery, added tracking for “Explore more” button clicks, optimized calls to /Business/GetBusinessSettings using CacheService, enabled Monthly Statement XLSX export for credit, surfaced new workflow sub-module apps, addressed bank-link redirect behaviors, adopted new IntApi business attachment endpoints, improved approval policy navigation, corrected PDF statement file naming, and resolved an error when uploading business attachments. Start defaulted Sap Concur customers to the Credit product if no other is specified in the URL. Marketplace Apps took Exporter apps out of beta and added Auto Enforcer & Auto Tagger to the workflow tab. (Dashboard-3824, Dashboard-3828, Start-303, marketplace-manifests-138)
  • Mobile App Mobile app v31.5.27 migrated to PexCard.* packages, cleaned up logs, improved iOS input for numeric fields, standardized tab title case, introduced filters for the card requests tab, displayed “not reviewed” statuses for pending approvals, changed the “Note” icon to the new design, and addressed several bug fixes. (mobile app 31.5.27)
  • Reports & Custom Reports Report Service migrated to PexCard.* packages, resolved persistent PDF/ZIP generation errors affecting customers, ensured missing ReportTemplateId values are handled in statement template endpoints, and enabled new reporting features including custom report CE-ConsolidatesSettlementRecon-1. (Report svc REP-577, CE-ConsolidatesSettlementRecon-1)
  • Security & Fraud Security & Identity Service preserved RateLimitBypass setting during ThreeScaleApplication updates, migrated client packages, and fixed PexGetCardholderMetadata performance as well as MFA OTP “not found” exceptions. Fraud Management updated fast credit line utilization and ACH deposit/account rules, fixed reimbursements with no spend history, and migrated to PexCard.* packages for compliance and performance. (Security-SVC-992, Fraud svc CONDOR-292)
  • Credit, Velocity, and Workflow
Credit Service resolved a P1 SQL error during funds verification requests. Velocity Service fixed an annual spend limit approval bug, migrated to PexCard.* packages, renamed client libraries, and quickly addressed recent PD alerts with a patch release. App workflow improvements allow apps to be surfaced in new workflow sub-modules. (Credit svc Credit-819, VELOCITY-Release-195, VELOCITY-Release-197)

Dec-15, 2025 to Dec-18, 2025

  • Internal API, Metadata, and Audit Internal API extended business setting feature flags and gating for Dashboard Disputes, ensured the Card Owner subnav persists when a cardholder was ever assigned, fixed PDF upload errors on the Attachments screen, prevented unintended MPA access via cardholder/vendor assignment, enabled Monthly Statement XLSX exports, migrated to PexCard.* packages, added new endpoints to search for audit events, fixed viewing of auto‑matched receipts, and improved Finicity bank-link failure handling.Metadata resolved PD alerts and PDF conversion failures, fixed regex parsing issues for currency detection, corrected display of reviewed attachments on the Attachments tab, migrated Transaction Metadata to PexCard.* packages, added and extended “get attachment by MetadataId for Auto-Match” endpoints, included transaction details in Suggested Match responses, and added indexing on TagRecommendation for BusinessId and Created to improve performance.Audit Service added a new event for approval policy changes, adjusted CDP flag handling for card status changes, and migrated to PexCard.* packages.(InternalAPI-947, InternalAPI-952, InternalAPI-959, Metadata-1030, Metadata-1036, Audit-223, Audit-225)
  • Dashboard, Start, and Connectors Dashboard introduced an Audit history page, fixed card order date filtering, updated business setting UI, credit acknowledgment flow, duplicate bank account handling, enhanced assignment filtering, updated login image, and added alerting and automation improvements. It also fixed routing after policy page creation and primary account flag behavior. Start improved product selection for Credit Expense, allowed always-visible correlation IDs on error, added a new partner (“Perk”), and made UX, error and security fixes. Multiple connectors (pex-connector-blackbaud, auto-enforcer) received security patches, branding updates, backend setting enhancements, and package migrations. (Dashboard-3804, Dashboard-3805, Dashboard-3816, Start-299, Start-300, Start-302, pex-connector-blackbaud-301, pex-app-auto-enforcer-258)
  • Search Engine, Rules Engine, Beneficial Owner, and Reports Search Engine migrated core components to PexCard.* packages, improved reconciliation logic, and fixed metadata tag representation issues. Rules Engine enhanced merchant reconciliation with failure tracking, improved null reference handling, vendor standardization, and migrated to PexCard.* packages. Beneficial Owner Core improved sandbox error handling, migrated its console to PexCard.* packages, and implemented the latest regulatory bank report. Report Service added Monthly Statement XLSX export for credit, refined reporting template endpoint, and renamed packages. (Search Engine-152, Search Engine-181, Rules Engine-Release-767, RE-Release-769, BeneficialOwnerCore-Release-164, Report svc REP-573)
  • Bank, Business Management, Credit, IVR, and SalesForce Bank Service migrated to PexCard.* packages, split models into new libraries, and aligned package names. Business Management migrated to new package structure, fixed slow-performing endpoints, and improved client package clarity. Credit Service updated AAN PDF generation & delivery, migrated to PexCard.* packages, fixed state transition bugs, and improved SBFE reporting. IVR service migrated to PexCard.* packages, upgraded receipt sending logic to new Metadata endpoints, improved logging with phone masking, and validated email callback signatures. SalesForce improved campaign attribution, standardized source/motion, and updated tests. (Bank svc Bank-636, BM svc Business-1325, Credit svc Credit-815, Credit svc Credit-818, IVR-71, IVR-72, SalesForce-1344)

Dec-8, 2025 to Dec-11, 2025

  • Internal API, Metadata, and Reporting Internal API switched to the new Metadata business attachments approach, restricted team member card assignment if a cardholder was ever invited or registered, improved menu endpoint with Redis cache and smarter permission checks, added a “Max Attachment Number Per Single Upload” business setting, enabled Monthly Statement CSV download, and resolved multiple bugs related to new endpoints and credit MPA flows. Metadata addressed SQL timeouts in email attachments, renamed packages for clarity, fixed approval triggers and missing review notifications, added retry history, cleaned up legacy APIs, and restricted visible business attachments to only those created within the last year. Reports Service adopted the new Metadata Attachments API, introduced Monthly Statement CSV downloads, and updated client package naming. (InternalAPI-923, Internal API-930, Metadata-1022, Metadata-1027, Report svc REP-571)
  • Dashboard, Start, Log Engine, Mobile, and Connectors Dashboard fixed review tab order, improved attachment uploads by respecting business settings, adopted Monthly Statement CSV download, reset assignment states on failure, and tackled critical bugs including UI inconsistencies, SSO issues, and patched high-severity security alerts. Start defaulted product selection for specific integrations, fixed document display and validation bugs, improved handling of required government ID/POA docs, resolved bank routing number correction stalls, ensured correct username field format, and patched security vulnerabilities. Log Engine switched to using new Metadata State APIs, completed client package renaming, fixed missing review admin notifications, and corrected balance display for certain adjustment transactions. PEX connectors (Google Drive, GreenSlate, QBD, Concur) updated branding, improved sync behaviors, resolved security vulnerabilities, and migrated to PexCard.* packages. Mobile App v31.4.13 (phased rollout) improved logging, enabled review/approval/reject for reimbursements and card requests by cardholders, fixed automation, map, and policy flows, and addressed multiple UI/UX and bug fixes. (Dashboard-3792, Start-293, Start-296, Log Engine-356, pex-connector-google-drive-179, pex-connector-greenslate-114, pex-connector-qbd-37, pex-connector-qbd-api-75, pex-connector-concur-243, Mobile App 31.4.13)
  • Search, Approval, Notification, Fraud, and Rules Engine Search Service launched interval-based purchase transaction reconciliation APIs, fixed inserts in daily recon, and renamed client packages. Approval Service added indexes for approval hierarchy, adopted new packages and Metadata APIs, and optimized performance on workflow routing. Notification Service completed package renaming for better maintainability. Fraud Service updated Finicity ACH rule logic, integrated Salesforce case handling, and migrated client package naming. Rules Engine released support for “Per purchase” spend limits, improved logging, added receipt support, handled vendor standardization, and completed package renaming across the codebase. (Search SVC-170, Approval SVC-159, Notification SVC-60, Fraud svc CONDOR-285, VELOCITY-Release-192, RE-Release-762, RE-Release-764, RE-Release-765)
  • Business Management, Data Protection, Embossing, and Auto Enforcer Business Management migrated to new client package structure, updated audit client integration, improved partner settings, launched new dispute handling and attachment upload limit settings, and made “Use disputes” admin-configurable. Data Protection and Audit services transitioned to new package namespaces, with Audit also renaming Security and Identity client packages. Embossing enabled outbound HTTP/2 requests for microservices and completed migration to new packages. Auto Enforcer improved MCC code/merchant validation logic and fixed edge case bugs. (BM svc Business-1323, DataProtection svc DataProtection-258, Audit svc Audit-222, Embossing svc EMBOSSING-58, pex-app-auto-enforcer-251)
  • ExternalAPI ExternalAPI added file extension support to the attachment API, improved sorting and vendor cards responses, enabled bypass for 3Scale hits in internal apps, expanded endpoints to expose search service transactions (including declines and purchases), and delivered multiple bug fixes around approvals, sorting, and vendor/bill document management. (ExternalAPI-656)

Dec-1, 2025 to Dec-4, 2025

  • Internal API, Audit, Approval, and Invoicing: Internal API enabled user switching to closed cardholder MPA accounts from Linked accounts, anticipated monthly spend in the Same EIN-Credit flow, business rules for team member card assignments, and fixed attachment updates. Audit Service added a manual override event for Credit Application. Approval optimized the workflows-in-route endpoint. Invoicing addressed transfer job timeout errors, matched ACH/bill pay dashboard states, adopted new PaymentRequest APIs, and resolved reporting errors on QA.
    (Internal API-895, Audit svc Audit-218, Approval-153, Invoicing-383)
  • Dashboard and Marketplace: Dashboard followed Internal API logic to prevent assignment of registered/invited cardholders, added anticipated spend and attachment UX enhancements. It included multiple bug fixes: round trip mile toggle, file upload error messages, linked account switching, assignment text, reimbursement unapproval, vendor assignment consistency, validation for zero payments, chat bot integration, assignment state management, and menu info optimization. Marketplace upgraded Angular and Clarity libraries.
    (Dashboard-3769, Dashboard-3774, marketplace-313)
  • Search Engine: Search Engine solved NULL TypeName/CategoryName results for cardholder transactions and optimized daily reconciliation stored procedures for greater performance and token filtering.
    (Search Engine-165, Search Engine-168)
  • Credit, Purchasing, Embossing, and Metadata: Credit released AAN PDF generation, solved race conditions, improved SBFE reporting (with date parameters and segment mapping), patched timeouts and subaccount display, and required audit entries for override actions. Metadata service fixed SQL timeout in attachments. Purchasing upgraded to .NET 10. Embossing added new codes for Premier Marine LLC-Disburse.
    (Credit svc Credit-807, Metadata-102, Purchasing-429, Embossing-54)
  • BankHub, Bank Services, and Beneficial Owner Core: BankHub and Bank Services fixed CRM deserialization, Plaid bank linking with various account numbers, and critical bugs. BeneficialOwnerCore limited concurrent calls to Business Svc in reporting. (BankHub-345, Bank svc Bank-632, BeneficialOwnerCore-Release-160)
  • Security & Identity, NetSuite Connector, and BM Business: Security & Identity added RateLimit bypass flag, optimized user search procedures, and solved SQL timeouts. Netsuite’s connector updated header colors and branding. Business Management fixed MPA link creation, card creation with whitespace, CRM document calls, 500 errors, KYC review status, attachment limits, and confirmed email processes.
    (S&I svc Security-SVC-981, pex-connector-netsuite-246, BM svc Business-1317)
  • CSP (Client Services Portal): CSP introduced team member card assignment settings, attachment upload limits, audit client and doc revisions, and fixed credit subaccount display. A manual credit payment release turned off auto unsuspension. (CSP-1375, CSP-1378)
Last modified on May 5, 2026