Lucent Sky AVM version 2506 release notes

2025/07/17 |

Lucent Sky AVM version 2506 releases

Lucent Sky AVM version 2506 MR

New features in 2506 MR

Weakness policies

  • Support for CWE 4.17
  • Support for PCI-DSS 4.0.1

Binary analysis

  • Improved data-flow analysis in binary analysis for Java applications

Source code analysis

  • Improved data-flow and control-flow analysis and other general improvements in source code analysis for C#, Java, and VB.NET
  • General improvements in the ASP, ECMAScript, Go, PHP, and Python source code analysis engines
  • More efficient source code analysis infrastructure, with performance improvements in all source code analysis engines

Dependency analysis

  • General improvements in the dependency analysis engine

Remediation

  • Expanded availability of Instant Fixes and Guided Fixes for .NET, ASP, and Java applications
  • More accurate Guided Fixes for vulnerable dependencies through ML-augmented dependency analysis
  • General improvements in the remediation engine
  • General improvements in ML-augmented vulnerability remediation and explanations

Interfaces

  • Enhancements in the Dependency interface

    Notable enhancements include significant performance improvements when querying dependencies, and ability the list dependencies discovered in a particular application or scan.

  • Performance and user experience improvements in the Web UI

    On the Web UI, notable changes include improved navigation between different data views, the ability to open results in new tabs, and improved data availability in low data mode.

  • Improved error handling in the CLI
  • General improvements in the dependency interface

Administration

  • API key expiration

    Starting with version 2506, API keys created on the Web UI has a configurable expiration date with a 90-day default. API keys creasted using the API already has a configurable expiration date but do not expire by default.

  • Cluster-wide analysis mode configuration

    A custom default analysis mode can be configured for all applications or by technology stack in the storage configuration.

Issues fixed in 2506 MR

  • We fixed a bug where CWE Top 25 categories might be displayed with incorrect years in the HTML and PDF reports
  • We fixed a bug where Active Directory users can be added when Active Directory is unavailable
  • We fixed a bug where the MultiFactorAuthentication and ProcessIsolation settings are reverted to defaults during upgrades
  • We fixed a bug where repository settings are visible to application members

Breaking changes in 2506 MR

  • The Result interface of the API

    Potentially breaking change. Several internal properties of the models used by methods in the Result interface have been renamed.

  • The Maintenance interface of the CLI

    Breaking change. The JSON outputs for the methods in the Maintenance interface have been changed to a dictionary from an array of dictionaries and the keys have been changed to snake_case from PascalCase. This change makes the output structure consistent with other similar methods in the CLI.