Welcome to Lucent Sky AVM version 2506 MR, the second release for 2025. This release brings improved binary analysis for Java applications, improved source code analysis for C#, Java, and VB.NET, and performance enhancements across all source code analysis engines. It also introduces new features to dependency management, support for CWE 4.17 and PCI DSS v4.0.1, and UX and administrative improvements. To learn more about this release, visit Lucent Sky AVM version 2506 release notes.

Let’s take a look at the key new features, enhancements, and important changes in version 2506.

Improved analysis engines

The binary analysis engine for Java has improved data-flow analysis, and provides additional cross-functional context for identified vulnerabilities. The C#, Java, and VB.NET source code analysis engines received enhancements on data-flow and control-flow analysis, enabling greatly expanded flow-tracking.

In addition, the underlying source code analysis infrastructure has been made more efficient, resulting up to 18% performance improvements across all source code analysis engines.

Dependency interface enhancements

Building on the public preview introduced in 2503 MR, the Dependency interface has received several enhancements:

• On the API, there are significant performance improvements when querying dependencies on the system, especially on instances and clusters with more than 10K unique dependencies. These improvements also translate to Web UI and CLI functions that use the Dependency API.
• Also on the API, querying of a list of dependencies or a specific dependency gained the ability to limit the query against a specific application or scan.
• On the Web UI, the dependency dashboard has improved navigation between vendors, products, and versions, as well as to applications and files where the dependency was discovered. A list of dependencies discovered from an application or a scan is available in their respective summary page.

The Dependency interface is expected to become generally available in 2509 MR.

Expanded Guided Fixes and more accurate Guided Update

Version 2506 continues to expand the applicability of automatic remediation, making Instant Fixes and Guided Fixes available to vulnerabilities identified with partial source code of .NET, ASP, ECMAScript, and Java applications. This release also brings more accurate Guided Updates for vulnerable dependencies, powered by ML-augmented dependency analysis.

In addition, the ML-augmented explanations are now available in roughly 15% more vulnerabilities, helping developers better understand how a vulnerability can be exploited and how the generated Instant Fixes, Guided Fixes, or Guided Updates can help remediate the risks.

Interface and administration improvements

Numerous updates were also made to the Web UI, the CLI, and administration experiences. The Web UI has better navigation between different data views, the ability to make expiring API keys, and other UX improvements. The CLI has better error handling, and the JSON outputs of various CLI methods have been standardized. For CLEAR Engine administrators, they can configure a “custom” default analysis mode for all their CLEAR Engine instances.

Updating to 2506 MR

For customers with managed Lucent Sky AVM instances and customers of Lucent Sky AVM On-Demand, your servers will be updated to 2506 MR in the next few days, unless they are affected by backward compatibility issues or an opt-out is in effect.

For customers with on-premise Lucent Sky AVM instances, you can update to 2506 MR immediately. Our support team will reach out to you shortly to schedule the update.