Kingfisher v1.69.0

[v1.69.0]

• Reduced per-match memory usage by compacting stored source locations and interning repeated capture names.
• Stored optional validation response bodies as boxed strings to avoid allocating empty payloads and to streamline validator caches.
• Parallelized git cloning based on the configured job count and begin scanning repositories as soon as each clone finishes to reduce end-to-end scan times.
• Combined per-repository results into a single aggregate summary after scans complete.
• Added initial access-map support and report viewer html file. Currently beta features.

Kingfisher v1.68.0

[v1.68.0]

• Fixed Bitbucket authenticated cloning bug

Kingfisher v1.67.0

[v1.67.0]

• Added checksum to GitLab rule
• Fixed deduplication to consider rule identifiers so overlapping patterns are not merged before validation
• After scan summaries, emit the styled outdated-version notice to stderr when a newer release is available
• Reduced false positives across a number of rules
• Updated Summary to include scan date, kingfisher version ran, and latest kingfisher version available

Kingfisher v1.66.0

[v1.66.0]

• Updating to support Bitbucket App Passwords
• Improved boundaries for several rules
• Added more rules

Kingfisher v1.65.0

[v1.65.0]

• Skip reporting MongoDB and Postgres findings when their connection strings cannot be parsed, even when validation is disabled.
• Improve MySQL detection by broadening URI coverage and adding live validation that skips clearly invalid connection strings.
• Added a helper to truncate validation response bodies only at UTF-8 character boundaries to prevent panics during validation.

Kingfisher v1.64.0

[v1.64.0]

• Fixed a bug when using --redact, that broke validation
• Added JDBC rule with validator
• Filter out empty 'KF_BITBUCKET_*' environment values when constructing the Bitbucket authentication configuration so blank variables no longer override valid credentials

Kingfisher v1.63.1

[v1.63.1]

• Updated allocator

Kingfisher v1.63.0

[v1.63.0]

• Fixed bug when retrieving some finding values and injecting them as TOKENS in the rule templates
• Improved Datadog rule
• Improved AWS rule

Kingfisher v1.62.0

[v1.62.0]

• Added pattern_requirements checks to rules, providing lightweight post-regex character-class validation without lookarounds. See docs/RULES.md for detail
• Added an ignore_if_contains option to pattern_requirements to drop matches containing case-insensitive placeholder words, with tests covering the new behavior.
• Updated rules to adopt the new pattern_requirements support.
• Added checksum comparisons to pattern_requirements, new suffix, crc32, and base62 Liquid filters, and verbose logging so mismatched checksums are skipped with context rather than reported as findings.
• Split GitHub token detections into fine-grained/fixed-format variants and enforce checksum validation for modern GitHub token families (PAT, OAuth, App, refresh) while preserving legacy coverage.
• Added a rule for Zuplo tokens.
• Added checksum calculation for Confluent, GitHub, and Zuplo tokens, which can drastically reduce false positive reports.
• Improved OpsGenie validation.
• Automatically enable --no-dedup when --manage-baseline is supplied so baseline management keeps every finding.
• This release is focused on further improving detection accuracy, before even attempting to validate findings.
• Updated GitHub Actions CI for Windows and buildwin.bat script

Kingfisher v1.61.0

[v1.61.0]

• Fixed local filesystem scans to keep open_path_as_is enabled when opening Git repositories and only disable it for diff-based scans.
• Created Linux and Windows specific installer script
• Updated diff-focused scanning so --branch-root-commit can be provided alongside --branch, letting you diff from a chosen commit while targeting a specific branch tip (still defaulting back to the --branch ref when the commit is omitted).
• Updated rules