Latest: v13.4.71 shipped April 13, 2026

Product Changelog

Every feature, fix, and improvement shipped in KARVO ERP. Built for B2B distribution, logistics, and wholesale teams.

71
Releases
265+
Services
5,400+
Tests
170K
Lines of Code
v13.4.71 v13.4.70 v13.4.65 v13.4.61-64 v13.4.60 v13.4.59 v13.4.50-53 v13.4.44-49 v13.4.21
v13.4.71
April 13, 2026
Massive expansion: 15 new services, 48 API endpoints, Docker, payroll ROE/DAS

The biggest single release in KARVO ERP history. Full Docker containerization, supplier management, commission engine, SaaS billing infrastructure, and Quebec payroll compliance features for ROE and DAS.

+ Feature Infrastructure Security Performance
  • + 15 new services added in a single release, covering supplier management, commissions, SaaS billing, and payroll compliance
  • + 48 new API endpoints expanding REST API v2 coverage for suppliers, commissions, payroll, and billing operations
  • Docker containerization with full docker-compose stack: WordPress, MariaDB, Redis, Nginx, OSRM routing engine, VROOM optimizer
  • Payroll ROE + DAS — Record of Employment (Service Canada XML) and Sommaire DAS (Revenu Quebec) generation for year-end compliance
  • Supplier management module with vendor profiles, purchase history, payment terms, and performance scoring
  • Commission engine with configurable rate tiers, sales rep attribution, and automatic monthly calculations
  • SaaS billing infrastructure for multi-tenant usage metering, invoice generation, and Stripe subscription management
  • Anti-copy protection on sensitive admin pages with right-click disable, print CSS blanking, and watermarking
New services: 15
New endpoints: 48
Tests: 5,400+
Assertions: 10,600+
v13.4.70
April 11, 2026
Legal system overhaul + karvoerp.com PageSpeed 100/100

Comprehensive licensing and legal infrastructure. Bilingual FR/EN legal documents, AI legal agent, EULA acceptance flow, and the karvoerp.com website pushed to perfect PageSpeed scores.

§ Legal + Feature Performance UX
  • § LegalDocumentService — dynamic bilingual document generation (EULA, Terms, Privacy, DPA, SLA) in both French and English
  • § LegalAcceptanceService — per-user EULA/TOS acceptance tracking with HMAC-SHA256 hashed IP/UA, fully Loi 25 compliant
  • AI Legal Agent — bilingual legal Q&A using legal docs as context, rate-limited 20 req/h, gated to Pro plan
  • License dashboard rewritten — bilingual UI, plan comparison table (Starter/Pro/Enterprise), trial countdown with progress bar
  • karvoerp.com Performance 100/100, SEO 100/100 — service worker, Container Queries, scroll-driven animations, 5 JSON-LD blocks, PWA manifest
  • § 10 public legal pages deployed with cookie consent banner compliant with Loi 25, PIPEDA, and RGPD
New tests: 82
Migration: #0038
PageSpeed: 100/100
v13.4.65
April 10, 2026
In-app contextual help system

UserGuideService adds three help sub-systems: guided tours for onboarding, contextual tooltips on UI elements, and a setup checklist for initial configuration.

+ Feature UX
  • Guided tours — step-by-step interactive walkthroughs for first-time users and on-demand access
  • Contextual help — tooltips and popovers anchored to specific UI elements across all admin pages
  • Setup checklist — progress tracker guiding new users through initial configuration with completion indicators
  • 668 lines of service code wired into admin pages via HookRegistry for zero-config activation
v13.4.61-64
April 8-10, 2026
Cleaning contracts, Quebec Payroll, Stripe self-serve licensing

Four releases shipping two complete vertical modules (commercial cleaning, Quebec payroll) plus Stripe self-serve license purchasing and full payroll v2 with direct deposit and tax slips.

+ Feature Security Infrastructure
  • + Stripe Checkout (v13.4.61) — self-serve license purchase with webhook verification, event logging, and purchase tracking
  • Commercial cleaning module (v13.4.62) — contract lifecycle management, 21 service types with $/sqft pricing, frequency multipliers, seasonal adjustments, inspector assignments
  • Quebec Payroll v1 (v13.4.63) — full payroll engine with RRQ, AE, RQAP, federal/provincial tax, employer CPEEP, timesheets, and 4 pay frequencies
  • Payroll v2 (v13.4.64) — Desjardins CPA-005 direct deposit files, PDF pay stubs, printed cheques, T4 and RL-1 tax slips, garnishment support with priority ordering
  • Security fixes — remaining strtotime() migrated to DateHelper, CSRF hardening on 3 admin endpoints
New tests: 193
New services: 7
New tables: 10
Migrations: #34-37
v13.4.60
April 7, 2026
KARVO product launch + Security 100/100

The strategic pivot: KARVO deployed as the white-label product brand on dedicated OVH infrastructure. Security score pushed from 98 to a perfect 100/100 across all axes.

Infrastructure Security + Feature
  • Dedicated OVH server — AMD EPYC 4344P, 64GB RAM, 1TB NVMe with Nginx, PHP 8.3, MariaDB 11.4, and Redis 8.6
  • Multi-site deployment — karvoerp.com (marketing), app.karvoerp.com (application), updates.karvoerp.com (update + license server)
  • PlanGateService — module gating by license plan (Starter/Pro/Enterprise) with 30-day HMAC-protected trial
  • White-label brandingBrandingConfigService powers all dynamic brand references across UI and emails
  • Security 100/100 — all credentials rotated, SQL injection fix in AjaxRegistry, SSH key auth replacing passwords, AES-256-CBC encrypted backups
  • CI/CD pipelinegit tag v13.x auto-deploys ZIP to update server via GitHub Actions
Security score: 100/100
Infrastructure: 3 sites
v13.4.59
April 6, 2026
Full codebase audit remediation: 78 to 98/100

Systematic remediation across 39 files following an 11-axis audit covering security, performance, architecture, database, frontend, accessibility, Loi 25, API, QA, DevOps, and code quality.

Security Bugfix QA § Legal
  • 10 SQL queries migrated to $wpdb->prepare() across 7 services, plus XSS fix in DeliveryAdminModule
  • 15 PHP files missing the defined('ABSPATH') || exit guard added
  • DevOps hardening — deploy concurrency lock, health gate retry with exponential backoff, rollback integrity verification
  • WCAG 2.2 AA — alt text added to 5 modules, modal focus trap + ESC handler, prefers-reduced-motion expanded
  • § BreachNotificationService — 72-hour CAI notification countdown for Loi 25 compliance, with audit trail
  • Rate limit headersX-RateLimit-Limit/Remaining/Reset on all AJAX responses
Score: 78 → 98
Files fixed: 39
Tests: 4,995
v13.4.50-53
April 4-6, 2026
White-label product + premium client dashboard redesign

The KARVO brand launched as the generic product identity. Complete redesign of the client portal with a modern design token system, hero dashboard, and activity timeline.

+ Feature UX Infrastructure
  • Product presentations (v13.4.50) — bundled EN + FR 16-page PDFs with secure admin download
  • RemoteUpdateService (v13.4.51) — native WordPress update pipeline pointing to KARVO update server with DNS rebinding guard
  • LicenseService (v13.4.52) — KARVO license key management with KV-XXXX-XXXX-XXXX-XXXX-CC format, remote verification, fail-open design
  • + Premium client dashboard (v13.4.53) — complete design token system, gradient hero with time-of-day greeting, YoY spend delta, activity timeline, mobile-first responsive
New tests: 32
Design tokens: Full system
v13.4.44-49
April 3-4, 2026
Product enrichment adoption loop

Six focused releases closing the enrichment loop end-to-end. Staff can now enrich any product in a single click: admin-bar shortcut, 14-field URL extraction, auto-tagging, maximum-info scraping, and aggressive garbage filtering.

+ Feature UX Bugfix
  • + Admin-bar shortcut (v13.4.44) — one-click enrichment from any product page with 3 sub-actions (AI / URL / History)
  • 14-field URL extraction — GTIN, MPN, model, color, material, country of origin, videos, PDF specs via JSON-LD + microdata + spec tables
  • +17 maximum-info fields (v13.4.46) — ratings, pricing tiers, warranty, pack/case/pallet counts, energy rating, certifications, GHS hazard codes
  • Full UI overhaul (v13.4.47) — 3-column editable grid, pricing badges, logistics badges, certification chips, auto-translate for English pages
  • Post-process cleanup (v13.4.48) — schema.org URI normalization, prose validation guard, title-echo guard, pack count mining from titles
  • REST API v2 endpoints for /products, /products/{id}, /products/sku/{sku} with SKU alias resolution
New tests: 29
Assertions: +88
Fields extracted: 31
v13.4.2-21
April 1-2, 2026
19-version nightly sweep: performance + security hardening

19 versions shipped in a single 8-hour session. Fixed 10 critical root causes including admin CSS loading, 39 modules leaking raw PHP, 126 legacy KPI filters silently dropping credit notes, and enrichment cache poisoning.

Performance Security Bugfix QA
  • 39 modules fixed — PHP concat syntax leaking as raw text on every affected admin page
  • 126 legacy KPI filters migratedtotal > 0 filters were silently dropping credit notes from NRR, top clients, ABC analysis, YoY growth
  • Composite DB index on se_invoices (customer_code, invoice_date) — the single biggest dashboard hot-path cost on 120K invoices
  • Portal chat rate limiting — 20 messages/minute/user cap to prevent spam and DoS
  • Enrichment reliability — cache poisoning fix, web search timeout guard, product picker wired, weight priority system for B2B shipping
  • Zero-tolerance CI tests — 7 architecture tests enforcing revenue correctness, credit-note correctness, and no legacy filter patterns
Versions shipped: 19
Modules fixed: 39
Queries migrated: 135
Tests: 4,878