Traceable publishes independent release updates for CLI V1 and V2. You can expand the sections below to view the latest changes for each version. For information on release updates in 2025, see Traceable CLI Release Notes.
CLI v2 (Latest Update: 20th May)
2.6.0 — 20th May
Traceable CLI 2.6.0 release provides the following updates:
Updates
Resume support for interrupted scans
Added support for resuming interrupted scans, allowing runners to continue previously errored or aborted scans.
Payload encoding support for test mutations
Added payload encoding support for test mutations, including URL, Base64, HTML, Unicode, Hex, random case, homoglyph, zero-width character, and leet speak encodings.
Resolved Issues
Improved test duration calculation
Resolved an issue where the test duration reported only the response time. The test duration now includes all stages of text execution.
Thread resource cleanup
Resolved a resource leak where completed processes and thread holders were not cleared between scan cycles, preventing stale state accumulation.
Parent test chain isolation
Resolved an issue where the parent test results chain was merged across different plugins, causing incorrect chain data in uploaded results.
2.5.1 — 23rd April
Traceable CLI 2.5.1 release provides the following updates:
Updates
Automatic scan abort on unrecoverable runner failures
Added automatic scan abort when unrecoverable failures occur during runner startup, ensuring scans move to the Aborted state instead of remaining stuck in the Scheduled state.
Domain mapping configuration pattern
Updated domain mapping configuration to use a new list-based pattern format and resolved an issue where regex-based client configurations defined in
config.pywere not applied correctly.
Resolved Issues
Request body UTF-8 encoding
Resolved an issue where request bodies were not properly encoded to UTF-8 before being sent, which caused failures for certain content types.
Multithreading throughput
Resolved issues in multithreading that could affect scan throughput.
2.5.0 — 9th April
Traceable CLI 2.5.0 release provides the following updates:
Updates
JWT plugin exclusion controls
Improved JWT plugin exclusions by introducing regex-based controls for headers and parameters, enabling more precise input evaluation during testing.
Adaptive scan execution
Improved scan stability by enabling automatic adaptation to system memory pressure, ensuring reliable execution for large or long-running scans.
Connection reliability improvements
Improved connection stability through enhancements to gRPC communication and HTTP client handling.
Automatic disk cleanup
Improved disk management by automatically removing test scan files after processing, reducing disk usage and eliminating manual cleanup.
Parallel result uploading
Improved result upload performance with multi-threaded processing, increasing throughput and reducing completion time for large scans.
Refined gRPC timeout configuration
Improved timeout handling by replacing a single timeout configuration with separate settings for control and data channels.
Improved reliability across varying network conditions by setting
timeout_controlto 30 seconds andtimeout_datato 120 seconds,
Resolved Issues
Remote configuration consistency
Resolved an issue where remote configuration changes did not take effect between consecutive scans.
Environment detection consistency
Resolved inconsistencies in containerized environment detection, ensuring accurate and reliable CPU and memory usage reporting.
Idle timeout handling during reachability
Resolved an issue where idle timeouts triggered incorrectly during reachability tests and while results were still uploading.
Resolved an issue where scans terminated prematurely; scans now complete the reachability phase reliably.
Accurate reachability status reporting
Resolved an issue where unreachable endpoints were reported as Error instead of Not Reachable.
Memory usage optimization
Resolved memory leaks related to scan processing and chained test cases.
2.4.4 — 24th March
Traceable CLI 2.4.4 release provides the following updates:
Updates
Faster scans with parallel reachability testing
Introduced multi-threaded reachability testing for replay and live scans, enabling parallel execution and reducing overall scan time.
Enhanced gRPC-to-HTTP error mapping
Improved protocol accuracy by adding support for previously unmapped gRPC error codes, including
UNKNOWN,DEADLINE_EXCEEDED,UNIMPLEMENTED,INTERNAL,UNAVAILABLE, andDATA_LOSS.
Resolved Issues
Reliable result and log delivery
Resolved an issue where test results and scan logs were not consistently flushed, eliminating potential data loss.
Correct client Stats logging behavior
Resolved an issue causing gRPC and HTTP client stats to be logged on every request. Logging now correctly follows the configured interval.
2.4.3 — 10th March
Traceable CLI 2.4.3 release provides the following updates:
Updates
Clearer logging and better control
Added split logging in hook testing to separate customer-facing errors from system logs for faster troubleshooting.
Introduced API-based filtering to provide precise control over traffic inspection and test execution.
Enhanced XML support and smarter assertions
Improved XML parsing and strengthened AST-based assertion operators in XML payloads.
Added support for OpenAPI-driven testing, including:
Security schemes for endpoint-specific token generation.
Server URLs for accurate targeting.
Request and response schemas for validation.
Parameters for improved coverage and consistency.
Improved scan lifecycle handling
Updated scan behavior to transition
IDLE_TIME_OUTwhen it exceeds the configured idle duration, ensuring predictable scan execution.
Resolved Issues
Stronger detection and protocol accuracy
Resolved weak algorithm reporting to improve detection reliability.
Resolved double-encoding issues to ensure consistent payload interpretation.
Corrected
HTTP/2response code handling for accurate protocol behavior.Resolved root element parsing errors to improve request validation.
Payload processing and encoding
Resolved double-encoding issues affecting payload processing.
Protocol handling
Resolved
HTTP/2response code handling issues.
Request validation
Resolved root element parsing errors impacting request validation.
2.4.2 — 11th February
Traceable CLI 2.4.2 release provides the following updates:
Resolved Issues
UTF-8 double encoding
Resolved an issue where certain values were being encoded twice during UTF-8 processing.
2.4.1 — 6th February
Traceable CLI 2.4.1 release provides the following updates:
Updates
Added HTTP/2 API support
Added support for making API calls over HTTP/2.
Added HTTPS scheme support for client proxy configuration
Added a
schemefield for the client proxy configuration to support HTTPS proxy protocols.
Automatic config file creation
Added automatic creation of
config.yamlwhen it is not present in the home directory.
Resolved Issues
Data suppression handling for dotted header and cookie names
Resolved an issue in the data suppression logic to handle headers and cookies containing dots in their names correctly.
Executable permission missing in tarball distributions
Resolved an issue where the
traceablebinary lacked executable permissions in tarball-based distributions.
Scan abort after connection failures
Resolved an issue where scans were aborted after five consecutive connection failures with the Traceable platform.
2.4.0 — 2nd February
Traceable CLI 2.4.0 release provides the following updates:
Updates
OpenTelemetry (OTEL) logging support
Added OpenTelemetry (OTEL) logging support to enable standardized telemetry export for logs and metrics.
Helm configuration management
Added ConfigMap support in the Helm chart to allow externalized and declarative configuration management.
Log upload and backpressure handling
Implemented staggered log emission to improve backpressure handling during high-throughput scenarios.
Resource metrics accuracy
Normalized process-level CPU metrics to ensure accurate and comparable resource utilization reporting across environments.
Scan logging optimization
Removed DAST-based logging for replay and live scans to eliminate redundant telemetry and reduce overall log volume.
Resolved Issues
Dictionary value serialization
Resolved an encoding issue where dictionary values passed as strings were not correctly serialized before processing.
Local hook execution
Resolved an issue where locally configured hooks were not being loaded during runtime.
2.3.0 — 15th January
Traceable CLI 2.3.0 release provides the following updates:
Updates
Improved JWT algorithm confusion scan pre-checks
Added a pre-check to the JWT algorithm confusion scan to skip API endpoints that do not validate JWT signatures, reducing false positives and improving scan efficiency.
Resolved Issues
Scan log retention flag names
Resolved an issue where incorrect scan log retention flag names (
--scan-max-retention-countand--scan-max-retention-days) were used in theinstall.shscript.
gRPC client configuration
Resolved a configuration error that occurred when setting gRPC client options without explicitly specifying a timeout.
2.2.1 — 2nd January
Traceable CLI 2.2.1 release provides the following updates:
Updates
Added memory backpressure handling
Added memory backpressure handling to prevent out-of-memory errors during large or long-running scans.
Introduced request and response YAML wrapper
Introduced a YAML wrapper for request and response configuration, enabling more flexible definition of test attributes.
Resolved Issues
Scan log upload
Resolved an issue where some scan logs were not uploaded correctly to the platform.
Proxy configuration via environment variables
Resolved an issue where proxy settings defined through environment variables were not consistently applied.
Header and cookie encoding
Resolved an issue where special characters caused corruption in header and cookie encodings.