Shipped weekly · since Apr 2026

What we shipped this week.

Public, plain-English changelog. Real version numbers, real dates. If we changed something that affects how your dashboard works, it's here.

API changelog →
v2.4.025 Apr 2026 · this week

EntryRate storefront launch

The new entryrate.co.uk site goes live alongside the existing dashboard. Cleaner promoter-side messaging, full rate calculator, network diagram.

  • featNew EntryRate marketing site — landing, pricing, features, network, browse, docs.
  • featInteractive fee calculator on /pricing — savings vs Ticketmaster, DICE, Skiddle, Eventbrite.
  • featPromoter-angled live shows browser — search, city filter, sell-through hint per card.
  • docsPromoter terms v2.0 — re-issued with explicit Network cross-listing clause.
v2.3.424 Apr 2026

Security audit · all four findings closed

Pre-launch professional security audit completed; four findings (one high, three medium) all fixed and shipped to production.

  • secRemoved unauthenticated /api/tickets/verify-scan endpoint (H1).
  • secSSRF defence on URL importers — DNS pre-check, redirect re-validation, IPv4/IPv6 private-range block (M1).
  • secBuyer registration now rejects all existing emails regardless of verification state (M2).
  • secAdmin buyer search wrapped with regex escape to prevent ReDoS (M3).
v2.3.024 Apr 2026

Venue import from URL

Paste a Skiddle, Resident Advisor or generic schema.org venue URL into the admin dashboard and we'll scrape and pre-fill the venue record.

  • featAdmin dashboard: "Import venue from URL" with Skiddle EntertainmentBusiness support.
  • featPending promoter approvals now surface on admin overview KPI cards.
  • fixPitch pages: minimum booking fee corrected from £0.25 → £0.75 in 05_modern, 06_blueprint.
v2.2.022 Apr 2026

Hetzner migration · Render decommissioned

www.showday.co.uk and dashboard.showday.co.uk now serve from a single Hetzner VPS. nginx + Let's Encrypt, Node on pm2, Atlas Mongo. Render service shut down.

  • perfP50 latency improved from ~280ms → 95ms on Hetzner FRA1 (vs Render Oregon).
  • featOne-host deploy: git pull && pm2 reload gigtix — no build, no slug.
  • fixStripe webhook URL flipped to www.showday.co.uk/api/payments/webhook.
v2.1.020 Apr 2026

Database audit fixes

Five database-layer issues found in pre-launch audit, all closed.

  • secAtomic oversell guard on door sales + passes via findOneAndUpdate stock predicate.
  • secPayout idempotency key + distributed lock — one pending payout per promoter/period.
  • perfThree new Order indexes: resaleToken (sparse), event+status, promoter+createdAt.
  • fixEvent.lowestPrice virtual restored — fixes broken minPrice/maxPrice filter.
  • fixSchema fields rotatingQr, resaleEnabled now declared (were read but not written).
v2.0.514 Apr 2026

Pre-launch security hardening

Email XSS, CSV injection, presale brute-force, CORS hardening, error-handler strict-prod check.

  • secEvery user-controlled email-template field wrapped with esc().
  • secCSV exports prefix '=', '+', '-', '@' cells — no formula injection.
  • secPresale password lockout: 5 attempts / 5 min per IP, 429 + janitor.
  • secStrict CORS allowlist — no more substring matching.
v2.0.010 Apr 2026 · founders' release

EntryRate launches into private beta

First Bristol founders onboarded. The 50-account founders' tier locks 2.5% for life. Standard rate is 5%. Network cross-listing to the consumer storefront opens.

  • featFounders' tier (2.5% locked) — first 50 Bristol accounts.
  • featNetwork cross-listing — every event surfaces to the consumer storefront by default.
  • featDoor-scan PWA, rotating QR, Staged Stripe Connect payouts, full audit log.

Subscribe to changelog updates by email — drop us a line via contact. RSS feed coming soon.

EntryRate · Showday Tickets LTD · Co. 17168332 · Bristol T&Cs · Privacy · Contact