CloudPAM v0.17.4

Security

• API-key bearer credentials now take precedence over session cookies, preventing a browser session from widening a restricted API key's effective permissions.
• CSRF protection now still applies to state-changing requests that carry a session cookie, even if they also include a cpam_ bearer-style Authorization header.

CloudPAM v0.17.3

Added

• Discovery Merged Network now shows an operator triage guide, selected-conflict notes, and grouped issue badges so link, relink, import, and expected duplicate decisions are easier to distinguish.

CloudPAM v0.17.2

Added

• Discovery Merged Network now includes managed network object and relationship browsers, request-scoped schema policy controls, relink-oriented alternate exact-pool actions, placeholder-parent action summaries, and inline network action result details.
• Discovery conflict details now show structured affected resources, ownership, pool and parent evidence, CIDR/IP evidence, attached relationships, current resolution state, and navigation back to affected merged rows or relationship filters.
• Managed network object browsing now supports provider, region, pool ID, and source discovered resource filters in addition to account, type, state, and search.
• Network relationship resolution in the UI now uses an explicit per-row Apply action with pending state and inline error handling.

Fixed

• Merged Network relationship filters now stay scoped to the selected account and use the backend's resolved relationship state vocabulary.

CloudPAM v0.17.1

Added

• Added durable managed network objects and explicit network relationships so VPCs, subnets, EIPs/public IPs, soft links, conflict evidence, placeholder parents, and imported relationships can be stored separately from allocated blocks.
• Added network object and relationship APIs under /api/v1/network/objects and /api/v1/network/relationships, plus placeholder-parent conflict action support.
• Added POST /api/v1/network/relationships/resolve so relationship IDs that contain URL path separators can be resolved from the request body while server-generated relationship IDs remain URL-safe.
• Merged network conflict evaluation now supports schema policy query options for account-level, region-level, global, and manual duplicate handling with policy evidence in conflict responses.
• Network conflict decisions and concrete actions now write audit events, and link actions can update an existing discovered-resource pool association when an alternate exact-pool conflict identifies the target pool.
• The Merged Network conflict UI now exposes alternate exact-pool filtering, placeholder-parent actions, and the full network conflict action response contract.

CloudPAM v0.17.0

Added

• Added durable managed network objects and explicit network relationships so VPCs, subnets, EIPs/public IPs, soft links, conflict evidence, placeholder parents, and imported relationships can be stored separately from allocated blocks.
• Added network object and relationship APIs under /api/v1/network/objects and /api/v1/network/relationships, plus placeholder-parent conflict action support.
• Added POST /api/v1/network/relationships/resolve so relationship IDs that contain URL path separators can be resolved from the request body while server-generated relationship IDs remain URL-safe.
• Merged network conflict evaluation now supports schema policy query options for account-level, region-level, global, and manual duplicate handling with policy evidence in conflict responses.

CloudPAM v0.16.2

Fixed

• Cloud Discovery resource checkboxes now allow selecting multiple unlinked resources, including stale discoveries, and linking the selected resources to a chosen pool in one action.

CloudPAM v0.16.1

Fixed

• Network conflict import actions now fail and roll back when any selected resource is skipped or errors, preventing partial imports from marking the whole conflict resolved.
• PostgreSQL-backed deployments now persist drift and network conflict resolution metadata instead of falling back to in-memory drift storage.

CloudPAM v0.16.0

Added

• Discovery import now supports checkbox-selected preview/apply flows that show per-resource actions, conflicts, missing parents, outside-pool placement, duplicate CIDRs across accounts, and link-only network-object candidates before creating discovered-source pools.
• Added merged network APIs at /api/v1/network/flat, /api/v1/network/hierarchy, /api/v1/network/merged, and /api/v1/network/conflicts so operators can inspect pools, linked discovered resources, discovered-only network objects, and conflict evidence in both table and hierarchy form.
• Cloud Discovery now includes a Merged Network tab with hierarchy, flat, and conflict views plus filters for object type and issue type.

Changed

• Discovery documentation now clarifies the distinction between allocated blocks, discovered resources, network objects, and soft links.
• EIPs and other non-pool cloud resources are now surfaced as network objects in merged views instead of being pushed through the allocated-block model.

Fixed

• Network conflict resolution now only offers durable review decisions and rejects unsupported decisions instead of marking no-op import/link requests as resolved.
• Discovery import preview and apply now scan all discovered resource pages when checking parents and duplicate CIDRs.

CloudPAM v0.15.0

Added

• Generic SIEM audit forwarding via CEF-over-syslog with CLOUDPAM_AUDIT_SYSLOG_ADDR, CLOUDPAM_AUDIT_SYSLOG_NETWORK, and CLOUDPAM_AUDIT_SYSLOG_APP_NAME, avoiding vendor-specific Splunk, Security Onion, or Datadog connectors.
• Log Destinations now documents the common syslog/CEF path and the runtime settings for external SIEM receivers.

CloudPAM v0.14.8

Fixed

• Completed in-app upgrades now clear upgrade-specific frontend state and reload through a cache-busting URL so the new frontend bundle is loaded without requiring a manual hard refresh.