You can now sign in without a password using a passkey stored on your device, secured by your fingerprint, face, or device PIN. Register and name passkeys from the new Passkeys tab in your security settings, and use "Sign in with a passkey" on the login page.
Before: Signing in always required your email and password. After: Register a passkey once and sign in with a single device prompt, no password to type.
The command palette now searches applications across every team you belong to, not just the one you are currently in. Jump straight to an app in another team and the palette switches teams for you before navigating. Page navigation, team switching, and create actions are all grouped and fully keyboard-navigable.
Before: Search only found apps in your current team, so reaching an app elsewhere meant switching teams first. After: Find any app across all your teams from one search box and jump to it in a keystroke.
Each IP address in a managed database's allowlist can now carry a short note like "home" or "office", so a long list of allowed addresses is finally readable at a glance. Notes stay within Ploi Cloud and never change which addresses are actually allowed.
Before: The allowlist showed bare IP addresses with no way to tell them apart. After: Label every allowed address so you know what each entry is for.
Applications with lots of environment secrets get a search box to filter them instantly, shown once you have more than ten. Hidden secret values now render behind a fixed-length mask, so the mask no longer hints at how long the real value is until you reveal it.
Before: Long secret lists had no filter, and the mask length revealed how long each secret was. After: Search to find a secret fast, and masked values give nothing away about their length.
API tokens that are approaching their expiry date now trigger a heads-up email, giving you time to rotate them before anything that relies on them stops working.
Before: API tokens expired silently, and integrations broke without warning. After: You get an email ahead of expiry so you can rotate the token in time.
Every documentation article now has a clean markdown version. Add .md to any docs URL, or send an Accept: text/markdown header, to get the raw article, ideal for feeding into AI assistants and coding agents.
Before: Documentation was only available as HTML pages. After: Fetch any article as plain markdown for use with AI tools.
The applications API endpoint and its MCP tool accept a new all_teams flag, returning apps from every team you belong to in a single request instead of one team at a time.
The usage analytics, team billing, and detailed usage pages now paint instantly and stream their heavy figures in afterward, with skeleton placeholders while the data loads. Pagination on usage records stays snappy.
Live updates for deployments, applications, databases, and object storage were rebuilt to poll only while something is actually changing and stop once it settles, making real-time status more reliable while reducing background load.
CPU and memory graphs kept collecting data through brief readiness blips that momentarily flip an app to starting, so short restarts no longer leave gaps in your charts. Recent data keeps full resolution while older points are summarized to keep the graphs fast.
Teams that are Ploi Cloud partners now show a PARTNER badge in the team switcher, making partner teams easy to spot at a glance.
Users you created on a managed PostgreSQL database could fail migrations with "permission denied for schema public". Panel-created users are now automatically granted full access to every logical database, including the ability to create tables, so migrations work right away.
When basic auth was enabled on an application, uptime checks received a 401 and marked healthy apps as down. Uptime checks now send your basic auth credentials, and stay in sync when you change or remove them, so protection and monitoring work together.
WordPress redirects, such as adding a trailing slash to /wp-admin, could send visitors to a URL containing an internal port number. Redirects now always use your real domain over HTTPS.
The SFTP service could try to attach the same WordPress volume twice and fail to start. It now attaches each volume once and starts reliably.
Editing a field while an application was starting up could repeatedly pop an unsaved-changes warning during background status updates. The prompt now appears only when you genuinely navigate away.
When a build failed, the build step could still appear to be running. The deployments view now clearly marks the build step as failed.
RAM options in the pricing calculator dropdown rendered white-on-white in Firefox and were unreadable. They now use a readable color.
Using force apply when adding a domain through the API now always provisions an SSL certificate, even when the DNS check is skipped.