This release focuses on safer scanning and more reliable detection. You get stronger protection against malicious targets, plus fewer missed findings during secret scans.
Security hardening for URL-based checks
Preflight now blocks checks from being coerced into probing private, loopback, or metadata-style addresses when scanning untrusted targets. This reduces SSRF risk while keeping trusted local development workflows working as expected.
Redirect-following behavior is also safer, so checks cannot be redirected into internal addresses mid-flight. TLS connections follow the same safety rules, and connection errors are presented in a way that avoids leaking extra hostname details.
Secret scanning coverage fixes
Secret scanning now correctly includes common local configuration variants that were previously skipped by filename filtering rules. This helps you catch accidental leaks in files that are frequently used during staging and production setup.