Release Notes

v1.1.73 — June 2026

New

  • Quantum risk score in code analysis. Code analysis findings now include a quantum risk score (0-100), consistent with binary and certificate analyzers. The dashboard factors code analysis scores into the overall risk picture.
  • Risk score column in Network Analyzer history. The network scan history table now shows the quantum risk score alongside each result.
  • Audit logging. All API endpoints now emit structured audit log entries for security review and compliance purposes.
  • Ctrl+F find-in-page. Native browser-style find-in-page search is now available across the app.
  • PDF export for reports. Report history entries can now be exported directly to PDF.

Bug Fixes

  • Network scanner — improved TLS detection reliability across common ports.
  • Binary scan — detection count showing 0 in history. The history table was reading a key that no longer existed in the stored scan structure. Fixed to use matches_found with correct fallbacks.
  • Binary scan — false-positive Q5 scores when OpenSSL is linked but not used. YARA Q5 matches are now suppressed when OpenSSL is detected as a linked library without direct algorithm usage.
  • Certificate analyzer — cert expiry now factored into risk score. Short-lived certificates were previously scored CRITICAL regardless of algorithm. Expiry is now correctly weighted.
  • Risk scoring — refined quantum risk calculation. Improved accuracy across algorithm scoring, timeline weighting, and cipher suite matching.
  • userData path normalized on Windows and Linux. App data was written to inconsistent paths across platforms. Normalized to CerebionRivet on both.
  • License guard — hardened license validation error handling.
  • Code Analyzer — cancelled scan badge no longer shown on client disconnect. If the client disconnected mid-scan, the scan was marked CANCELLED incorrectly. Fixed.
  • Code Analyzer — expanded file coverage to include dotfiles. Files such as .golangci.yml are now included in scans.
  • Code Analyzer — bash false positives on $1 and 0. The bash weak random generation rule was matching shell positional parameters and the literal 0. Fixed.

Performance

  • File tree now loads on demand — large repositories no longer freeze on initial load.
  • Switching away from Code Analyzer mid-scan no longer causes a navigation freeze.

Security

  • License keys are now obfuscated in all log output.
  • LiteLLM telemetry disabled — no usage data leaves the machine via the AI integration.
  • All Python and Node.js dependencies audited: 0 known vulnerabilities in shipped code.
  • Windows installer signed with EV code signing certificate (DigiCert). macOS installer signed and notarized by Apple.

v1.0.168 — April 2026

Bug Fixes

  • Scan History — missing scans after restart. Scans saved before project-path tracking was introduced had a NULL project_path and were excluded by the history filter. All such records are now included. Path comparisons are also now case-insensitive, fixing missing scans on Windows due to drive-letter case differences.
  • Report export — HTML and SARIF blank for certificate/quantum scans. The HTML and SARIF export paths were missing the certificate_analysis data fallback that the CSV export already had, resulting in empty tables. Fixed.
  • Report export — risk score always blank in bulk export. The bulk export risk score extractor was reading a key that no longer exists in the stored scan structure. Fixed to read the correct path.

Coverage

  • PQC detection rules extended to 35+ programming languages, adding Dart, Dockerfile, YAML, SQL, Jsonnet, and all previously uncovered subdirs.
  • AES-192 detection added with WARNING severity, completing full AES-128/192/256 coverage.

Code Analysis Engine

  • Code analysis engine updated to the latest version.
  • Removed the PQC / All Vulnerabilities scan mode toggle — all built-in rules are quantum/crypto-focused so the distinction was meaningless. The setting has been removed from the UI and backend.

UI Polish

  • License key entry fields now show the correct placeholder format: CR-XXXXXXXX-XXXXXXXX-XXXXXXXX-XXXXXXXX.

v1.0.167 — April 2026

New

  • Linux desktop installer (.AppImage) and CLI now available
  • macOS desktop installer (.dmg) and CLI now available

Infrastructure

  • Automated license key delivery via email on purchase
  • Download page with SHA-256 integrity checksums for all installers
  • CloudFront CDN for installer downloads (downloads.cerebion.com)

v1.0.166 — March 2026

Bug Fixes

  • Code Analyzer — AI fix now works end-to-end. Clicking Generate AI Code Fix or Generate AI Recommendation now shows a loading indicator and correctly returns the generated fix. Root cause was a key mismatch between the findings table and the fix state store on Windows paths (backslash vs forward slash normalization).
  • Code Analyzer — AI fix works for directory scans. Findings from directory scans with 1–10 files were returned with relative paths by the code scanner. These are now resolved to absolute paths before reading the file or saving the patch, preventing silent failures.
  • Certificate Analyzer — Security Grade no longer shows UNKNOWN. When the stored grade is the default sentinel value, the UI now derives a letter grade from the risk level instead.
  • Certificate Analyzer — Cert Expires no longer shows 12/31/1969. A null notAfter date was being passed to new Date(null), returning Unix epoch 0. Null dates now display as .
  • Certificate Analyzer — Days to Expiry no longer appears blank. Shows when the value is unavailable.

v1.0.165 — March 2026

Documentation

  • Added full User Guide (15 chapters covering all analyzers, risk scoring, AI fixes, CI/CD, reporting, and troubleshooting)
  • Added Quick Reference Card (algorithm scores, PQC replacements, confidence levels, log locations)
  • Added Binary Analyzer limitations section to docs and FAQ
  • Warranty Disclaimer updated to include static analysis scope clarification
  • Version number now consistent across all packages and documentation

Binary Analyzer

  • Pattern detection engine path discovery is now fully portable — no longer hard-coded to a specific machine path
  • Removed duplicate detection rule file; single authoritative copy consolidated internally
  • Removed dead code files (analyzer_with_limits.py, analyzer_with_limits_hardened.py)

v1.0.164 — March 2026

New

  • Added Dart, Lua, and Vue to supported code analysis languages
  • Backend startup timeout retry button — if the backend doesn't respond within 30 seconds, a Retry button appears on the splash screen
  • Port scan now supports standard TLS ports (443, 465, 587, etc.) — previously blocked incorrectly

Security

  • Electron IPC hardening: open-external restricted to https:// URLs only
  • File read IPC enforces workspace path containment when a workspace root is provided
  • Settings IPC uses an allowlist of permitted keys with type validation
  • Path traversal fix for uploaded license files
  • LLM API key moved from query parameter to X-LLM-Key request header