July 22, 2025
Welcome to Lucent Sky AVM version 2506 MR, the second release for 2025. This release brings improved binary analysis for Java applications, improved source code analysis for C#, Java, and VB.NET, and performance enhancements across all source code analysis engines. It also introduces new features to dependency management, support for CWE 4.17 and PCI DSS v4.0.1, and UX and administrative improvements. To learn more about this release, visit Lucent Sky AVM version 2506 release notes.
Let’s take a look at the key new features, enhancements, and important changes in version 2506.
The binary analysis engine for Java has improved data-flow analysis, and provides additional cross-functional context for identified vulnerabilities. The C#, Java, and VB.NET source code analysis engines received enhancements on data-flow and control-flow analysis, enabling greatly expanded flow-tracking.
In addition, the underlying source code analysis infrastructure has been made more efficient, resulting up to 18% performance improvements across all source code analysis engines.
Building on the public preview introduced in 2503 MR, the Dependency interface has received several enhancements:
The Dependency interface is expected to become generally available in 2509 MR.
Version 2506 continues to expand the applicability of automatic remediation, making Instant Fixes and Guided Fixes available to vulnerabilities identified with partial source code of .NET, ASP, ECMAScript, and Java applications. This release also brings more accurate Guided Updates for vulnerable dependencies, powered by ML-augmented dependency analysis.
In addition, the ML-augmented explanations are now available in roughly 15% more vulnerabilities, helping developers better understand how a vulnerability can be exploited and how the generated Instant Fixes, Guided Fixes, or Guided Updates can help remediate the risks.
Numerous updates were also made to the Web UI, the CLI, and administration experiences. The Web UI has better navigation between different data views, the ability to make expiring API keys, and other UX improvements. The CLI has better error handling, and the JSON outputs of various CLI methods have been standardized. For CLEAR Engine administrators, they can configure a “custom” default analysis mode for all their CLEAR Engine instances.
For customers with managed Lucent Sky AVM instances and customers of Lucent Sky AVM On-Demand, your servers will be updated to 2506 MR in the next few days, unless they are affected by backward compatibility issues or an opt-out is in effect.
For customers with on-premise Lucent Sky AVM instances, you can update to 2506 MR immediately. Our support team will reach out to you shortly to schedule the update.