New dedicated analysis pipeline for third-party library and dependency risk scoring, accessible from the sidebar under its own section.

31 detection rules mapped to the Secure Software Development Framework, covering build integrity, provenance validation, and artifact signing gaps.

10 rules targeting prompt injection, training data poisoning, model denial of service, and insecure plugin design in AI-integrated applications.

Dynamic Execution module now flags unsafe deserialization across Java ObjectInputStream, .NET BinaryFormatter, Python pickle, and PHP unserialize.

Injection Flaws module extended with detection for Hibernate HQL injection, Django ORM raw queries, and Entity Framework interpolated SQL.

Added detection for Spring EL, OGNL, MVEL, and Freemarker template injection patterns.

Footer now reports loaded ruleset count, signature revision, and scanner readiness state with a live indicator.

Dashboard header shows the active engine version and signature database date for audit traceability.

Rulesets & Policies view now displays the number of active rules per loaded ruleset.

OWASP Top 10 updated to 2025 edition, CWE/SANS Top 25 updated to 2025 rankings, PCI DSS ruleset upgraded to v4.0.1 with 38 detection rules.

All pattern modules renamed to align with industry SAST terminology. Buffer Overflow is now Memory Corruption, Hardcoded Secrets is now Secrets Detection, Code Injection is now Dynamic Execution.

Now includes use-after-free, double-free, out-of-bounds read/write, and integer overflow leading to buffer misallocation alongside existing stack/heap overflow detection.

Broadened from SQL-only to cover OS command injection, LDAP injection, ORM injection, and expression language injection across all supported languages.

Quick scan reduced to ~30s (header + IAT only), Standard to ~2 min (full static pass), Deep to ~8 min (exhaustive with heuristic passes) after worker thread optimizations.

Analysis, Supply Chain, and Configuration are now separate groups for clearer workflow separation.

Vulnerability Report renamed to Findings with CWE classification references and remediation context surfaced per item.

Three cards rebuilt: Compliance Posture (OWASP/CWE mapping), Priority Remediation (weighted by exploitability and blast radius), and Trend Analysis (regression tracking).

Recent scans panel no longer shows empty state on cold start; historical entries are restored correctly.

Resolved a race condition where NVD lookups would silently fail on standard scans if the network round-trip exceeded 4 seconds.

Fixed an unhandled exception when analyzing UPX-packed or Themida-protected executables with non-standard section alignment.

Selected scan depth now correctly survives navigation between configuration tabs.

PDF export no longer cuts off vulnerability descriptions exceeding 2048 characters per finding.

Superseded by the 2025 edition. Existing scan results mapped to new rule IDs automatically during migration.

Consolidated into the Insights view to reduce navigation redundancy.