Lucent Sky AVM version 2212 release notes

2023/2/17 |

Lucent Sky AVM version 2212 releases

Lucent Sky AVM version 2212 SU1

New features in 2212 SU1


  • Compatibility improvements to the C/C++, C#, ECMAScript, Java, and Python parsers

Binary analysis

  • Direct binary analysis improvements to the Java binary analysis engine

Source code analysis

  • Compatibility improvements to source code analysis engines


  • Improvements to the remediation confidence algorithms


  • Support for PCI DSS v4.0 (applicable to all currently supported versions of Lucent Sky AVM)
  • File list is available in HTML and PDF reports regardless of verbosity


  • Performance improvements to the Web UI

Issues fixed in 2212 SU1

  • We fixed an issue where some dependencies are not properly classified as dependencies when scanning Python applications
  • We fixed an issue where certain .NET files are not marked as scanned by source code analysis even though they were successfully analyzed by source code analysis
  • We fixed an issue where installing license fails on on-premise instances without Web UI installed
  • We fixed an issue where incorrect line number being reported for results in certain JSP files
  • We fixed an issue where the Web UI returns an error when attempting to delete a large number of applications
  • We fixed an issue where managed MSBuild instead of native MSBuild is used for .NET 7 applications

Breaking changes in 2212 SU1

There is no breaking change in 2212 SU1.

Lucent Sky AVM version 2212 MR

New features in 2212 MR

Technology stack

  • Support for .NET 7 and C# 11
  • Support for Groovy 4
  • Improved compatibility for server-side scripting languages

Binary analysis

  • Improved Intelligent Analysis efficiency

Source code analysis

  • Performance improvements on source code analysis engines
  • General improvements on C/C++, ECMAScript, Go, Java, PHP, and Visual Basic source code analysis engines
  • Improved Intelligent Analysis efficiency

Contextual analysis

  • Performance improvements on contextual analysis engine

Dependency analysis

  • General improvements on the dependency analysis engines


  • Performance improvements on intelligence delivery mechanisms


  • General improvements on the remediation engines

Weakness policies

  • Support for CWE 4.9


  • API permissions are available on on-premise instances and can be set on the CLI and Web UI
  • Improvements on Web UI in-product documentation
  • The Group interface and additional methods of the Maintenance and User interfaces are available on the CLI

    • The Group interface support complete CRUD operations of Group objects
    • The User interface support complete CRUD and migration operations of User objects
    • New methods in the Maintenance interface support returning license and system information of the CLEAR Engine instance
  • CLI performance improvements
  • Visual Studio extension and Eclipse plug-in have been migrated to API key sign-in
  • Eclipse plug-in now supports Eclipse IDE 2202-06 R, 2202-09 R, and 2202-12 R

Issues fixed in 2212 MR

  • We fixed an issue where online activation returns unexpected error for communication issues
  • We fixed an issue where IDE extensions does not support the Network vector when creating a scan

Breaking changes in 2212 MR


  • CLI command for creating users

    Breaking change. The EncodedUserObject argument for the User.Create method has been deprecated. To create a user, supply its email, password, and membership provider through the Email, Password, and Provider arguments respectively. A placeholder password is no longer needed when creating an organizational user.

  • CLI output for application list and user list

    Breaking change. The format of output of the Application.GetList and User.GetList methods has been changed. If your integration relies on these outputs having a specific format, you may need to modify your integration.

  • Visual Studio extension and Eclipse plug-in no longer support signing in with email and password

    Breaking change. Visual Studio extension and Eclipse plug-in now require signing in using API keys and no longer accept email and password.