Release Notes
v1.1.73 — June 2026
New
- Quantum risk score in code analysis. Code analysis findings now include a quantum risk score (0-100), consistent with binary and certificate analyzers. The dashboard factors code analysis scores into the overall risk picture.
- Risk score column in Network Analyzer history. The network scan history table now shows the quantum risk score alongside each result.
- Audit logging. All API endpoints now emit structured audit log entries for security review and compliance purposes.
- Ctrl+F find-in-page. Native browser-style find-in-page search is now available across the app.
- PDF export for reports. Report history entries can now be exported directly to PDF.
Bug Fixes
- Network scanner — improved TLS detection reliability across common ports.
- Binary scan — detection count showing 0 in history. The history table was reading a key that no longer existed in the stored scan structure. Fixed to use
matches_foundwith correct fallbacks. - Binary scan — false-positive Q5 scores when OpenSSL is linked but not used. YARA Q5 matches are now suppressed when OpenSSL is detected as a linked library without direct algorithm usage.
- Certificate analyzer — cert expiry now factored into risk score. Short-lived certificates were previously scored CRITICAL regardless of algorithm. Expiry is now correctly weighted.
- Risk scoring — refined quantum risk calculation. Improved accuracy across algorithm scoring, timeline weighting, and cipher suite matching.
- userData path normalized on Windows and Linux. App data was written to inconsistent paths across platforms. Normalized to
CerebionRiveton both. - License guard — hardened license validation error handling.
- Code Analyzer — cancelled scan badge no longer shown on client disconnect. If the client disconnected mid-scan, the scan was marked CANCELLED incorrectly. Fixed.
- Code Analyzer — expanded file coverage to include dotfiles. Files such as
.golangci.ymlare now included in scans. - Code Analyzer — bash false positives on
$1and0. The bash weak random generation rule was matching shell positional parameters and the literal0. Fixed.
Performance
- File tree now loads on demand — large repositories no longer freeze on initial load.
- Switching away from Code Analyzer mid-scan no longer causes a navigation freeze.
Security
- License keys are now obfuscated in all log output.
- LiteLLM telemetry disabled — no usage data leaves the machine via the AI integration.
- All Python and Node.js dependencies audited: 0 known vulnerabilities in shipped code.
- Windows installer signed with EV code signing certificate (DigiCert). macOS installer signed and notarized by Apple.
v1.0.168 — April 2026
Bug Fixes
- Scan History — missing scans after restart. Scans saved before project-path tracking was introduced had a NULL project_path and were excluded by the history filter. All such records are now included. Path comparisons are also now case-insensitive, fixing missing scans on Windows due to drive-letter case differences.
- Report export — HTML and SARIF blank for certificate/quantum scans. The HTML and SARIF export paths were missing the
certificate_analysisdata fallback that the CSV export already had, resulting in empty tables. Fixed. - Report export — risk score always blank in bulk export. The bulk export risk score extractor was reading a key that no longer exists in the stored scan structure. Fixed to read the correct path.
Coverage
- PQC detection rules extended to 35+ programming languages, adding Dart, Dockerfile, YAML, SQL, Jsonnet, and all previously uncovered subdirs.
- AES-192 detection added with WARNING severity, completing full AES-128/192/256 coverage.
Code Analysis Engine
- Code analysis engine updated to the latest version.
- Removed the PQC / All Vulnerabilities scan mode toggle — all built-in rules are quantum/crypto-focused so the distinction was meaningless. The setting has been removed from the UI and backend.
UI Polish
- License key entry fields now show the correct placeholder format:
CR-XXXXXXXX-XXXXXXXX-XXXXXXXX-XXXXXXXX.
v1.0.167 — April 2026
New
- Linux desktop installer (.AppImage) and CLI now available
- macOS desktop installer (.dmg) and CLI now available
Infrastructure
- Automated license key delivery via email on purchase
- Download page with SHA-256 integrity checksums for all installers
- CloudFront CDN for installer downloads (downloads.cerebion.com)
v1.0.166 — March 2026
Bug Fixes
- Code Analyzer — AI fix now works end-to-end. Clicking Generate AI Code Fix or Generate AI Recommendation now shows a loading indicator and correctly returns the generated fix. Root cause was a key mismatch between the findings table and the fix state store on Windows paths (backslash vs forward slash normalization).
- Code Analyzer — AI fix works for directory scans. Findings from directory scans with 1–10 files were returned with relative paths by the code scanner. These are now resolved to absolute paths before reading the file or saving the patch, preventing silent failures.
- Certificate Analyzer — Security Grade no longer shows UNKNOWN. When the stored grade is the default sentinel value, the UI now derives a letter grade from the risk level instead.
- Certificate Analyzer — Cert Expires no longer shows 12/31/1969. A null
notAfterdate was being passed tonew Date(null), returning Unix epoch 0. Null dates now display as —. - Certificate Analyzer — Days to Expiry no longer appears blank. Shows — when the value is unavailable.
v1.0.165 — March 2026
Documentation
- Added full User Guide (15 chapters covering all analyzers, risk scoring, AI fixes, CI/CD, reporting, and troubleshooting)
- Added Quick Reference Card (algorithm scores, PQC replacements, confidence levels, log locations)
- Added Binary Analyzer limitations section to docs and FAQ
- Warranty Disclaimer updated to include static analysis scope clarification
- Version number now consistent across all packages and documentation
Binary Analyzer
- Pattern detection engine path discovery is now fully portable — no longer hard-coded to a specific machine path
- Removed duplicate detection rule file; single authoritative copy consolidated internally
- Removed dead code files (
analyzer_with_limits.py,analyzer_with_limits_hardened.py)
v1.0.164 — March 2026
New
- Added Dart, Lua, and Vue to supported code analysis languages
- Backend startup timeout retry button — if the backend doesn't respond within 30 seconds, a Retry button appears on the splash screen
- Port scan now supports standard TLS ports (443, 465, 587, etc.) — previously blocked incorrectly
Security
- Electron IPC hardening:
open-externalrestricted tohttps://URLs only - File read IPC enforces workspace path containment when a workspace root is provided
- Settings IPC uses an allowlist of permitted keys with type validation
- Path traversal fix for uploaded license files
- LLM API key moved from query parameter to
X-LLM-Keyrequest header