Traceable publishes independent release updates for CLI V1 and V2. You can expand the sections below to view the latest changes for each version. For information on release updates in 2025, see Traceable CLI Release Notes.
CLI v2 (Latest Update: 24th March)
2.4.4 — 24th March
Traceable CLI 2.4.4 release provides the following updates:
Updates
Faster Scans with Parallel Reachability Testing
Introduced multi-threaded reachability testing for replay and live scans, enabling parallel execution and reducing overall scan time.
Enhanced gRPC-to-HTTP Error Mapping
Improved protocol accuracy by adding support for previously unmapped gRPC error codes, including
UNKNOWN,DEADLINE_EXCEEDED,UNIMPLEMENTED,INTERNAL,UNAVAILABLE, andDATA_LOSS.
Resolved Issues
Reliable Result and Log Delivery
Resolved an issue where test results and scan logs were not consistently flushed, eliminating potential data loss.
Correct Client Stats Logging Behavior
Resolved an issue causing gRPC and HTTP client stats to be logged on every request. Logging now correctly follows the configured interval.
2.4.3 — 10th March
Traceable CLI 2.4.3 release provides the following updates:
Updates
Clearer Logging and Better Control
Added split logging in hook testing to separate customer-facing errors from system logs for faster troubleshooting.
Introduced API-based filtering to provide precise control over traffic inspection and test execution.
Enhanced XML Support and Smarter Assertions
Improved XML parsing and strengthened AST-based assertion operators in XML payloads.
Added support for OpenAPI-driven testing, including:
Security schemes for endpoint-specific token generation.
Server URLs for accurate targeting.
Request and response schemas for validation.
Parameters for improved coverage and consistency.
Improved Scan Lifecycle Handling
Updated scan behavior to transition to
IDLE_TIME_OUTwhen it exceeds the configured idle duration, ensuring predictable scan execution.
Resolved Issues
Stronger Detection and Protocol Accuracy
Resolved weak algorithm reporting to improve detection reliability.
Resolved double-encoding issues to ensure consistent payload interpretation.
Corrected
HTTP/2response code handling for accurate protocol behavior.Resolved root element parsing errors to improve request validation.
Payload Processing and Encoding
Resolved double-encoding issues affecting payload processing.
Protocol Handling
Resolved
HTTP/2response code handling issues.
Request Validation
Resolved root element parsing errors impacting request validation.
2.4.2 — 11th February
Traceable CLI 2.4.2 release provides the following updates:
Resolved Issues
UTF-8 Double Encoding
Resolved an issue where certain values were being encoded twice during UTF-8 processing.
2.4.1 — 6th February
Traceable CLI 2.4.1 release provides the following updates:
Updates
Added HTTP/2 API Support
Added support for making API calls over HTTP/2.
Added HTTPS Scheme Support for Client Proxy Configuration
Added a
schemefield for the client proxy configuration to support HTTPS proxy protocols.
Automatic Config File Creation
Added automatic creation of
config.yamlwhen it is not present in the home directory.
Resolved Issues
Data Suppression Handling for Dotted Header and Cookie Names
Resolved an issue in the data suppression logic to handle headers and cookies containing dots in their names correctly.
Executable Permission Missing in Tarball Distributions
Resolved an issue where the
traceablebinary lacked executable permissions in tarball-based distributions.
Scan Abort After Connection Failures
Resolved an issue where scans were aborted after five consecutive connection failures with the Traceable platform.
2.4.0 — 2nd February
Traceable CLI 2.4.0 release provides the following updates:
Updates
OpenTelemetry (OTEL) Logging Support
Added OpenTelemetry (OTEL) logging support to enable standardized telemetry export for logs and metrics.
Helm Configuration Management
Added ConfigMap support in the Helm chart to allow externalized and declarative configuration management.
Log Upload and Backpressure Handling
Implemented staggered log emission to improve backpressure handling during high-throughput scenarios.
Resource Metrics Accuracy
Normalized process-level CPU metrics to ensure accurate and comparable resource utilization reporting across environments.
Scan Logging Optimization
Removed DAST-based logging for replay and live scans to eliminate redundant telemetry and reduce overall log volume.
Resolved Issues
Dictionary Value Serialization
Resolved an encoding issue where dictionary values passed as strings were not correctly serialized before processing.
Local Hook Execution
Resolved an issue where locally configured hooks were not being loaded during runtime.
2.3.0 — 15th January
Traceable CLI 2.3.0 release provides the following updates:
Updates
Improved JWT Algorithm Confusion Scan Pre-Checks
Added a pre-check to the JWT algorithm confusion scan to skip API endpoints that do not validate JWT signatures, reducing false positives and improving scan efficiency.
Resolved Issues
Scan Log Retention Flag Names
Resolved an issue where incorrect scan log retention flag names (
--scan-max-retention-countand--scan-max-retention-days) were used in theinstall.shscript.
gRPC Client Configuration
Resolved a configuration error that occurred when setting gRPC client options without explicitly specifying a timeout.
2.2.1 — 2nd January
Traceable CLI 2.2.1 release provides the following updates:
Updates
Added Memory Backpressure Handling
Added memory backpressure handling to prevent out-of-memory errors during large or long-running scans.
Introduced Request and Response YAML Wrapper
Introduced a YAML wrapper for request and response configuration, enabling more flexible definition of test attributes.
Resolved Issues
Scan Log Upload
Resolved an issue where some scan logs were not uploaded correctly to the platform.
Proxy Configuration via Environment Variables
Resolved an issue where proxy settings defined through environment variables were not consistently applied.
Header and Cookie Encoding
Resolved an issue where special characters caused corruption in header and cookie encodings.