Today we released Lucent Sky AVM 2.6. Version 2.6 marks the first release after we transitioned Lucent Sky AVM to a shorter release cycle. Until version 2.5, we released a new update at the end of each quarter, and occasionally a hotfix pack in between. Starting with version 2.6, we will release a new update at the end of each month.

Version 2.6 brings the following new features and improvements

• Custom rule packs - Users can now upload rule packs containing custom rules they would like to use to identify vulnerabilities and mitigate vulnerabilities. For example, a user would be able to create a rule pack that enables the use of an enterprise mitigation library. Rule packs can only be managed by system administrators and are shared by all users, groups, and applications system-wide.
• Expanded use of parameterized mitigation - We’ve further extended our expansion of the scenarios where parameterized queries will be used to mitigate SQL injections as well as other injection flaws. Most of these newly extended scenarios are related to Java applications.
• Web-based server management - Administrators can now perform software update, server restarts and manage licenses within the web UI.
• Vulnerability information within HTML reports - HTML reports now contain additional information about identified vulnerabilities.
• More accurate application size - The mechanism used to determine the scope and size of an application is changed by including both source code and referenced libraries. Previously, only source code is included.

Updating to 2.6

If you’re using Lucent Sky AVM Standard or Enterprise (both on-premise and cloud), you can update to Lucent Sky AVM 2.6 immediately. Our support team will reach out to you shortly to schedule an update. If you’re using Lucent Sky AVM On-demand, your server will be updated in the next few days.