Latest: v2.1.0 (January 15, 2024)

✨ New Features

Risk Scoring for Transitive Dependencies Analyze indirect dependencies for hidden vulnerabilities Aggregate risk scores across entire dependency tree Identify high-risk dependency chains Recommendation: Update dependencies scoring > 7.0. Helm Chart Support Deploy CleanStart to Kubernetes using Helm Pre-configured values for production, staging, development Auto-scaling, persistent storage, RBAC included Install: helm repo add cleanstart https://charts.cleanstart.dev. Extended Typosquatting Detection Enhanced Levenshtein distance algorithm (99.2% detection rate) Detects suffixes: -core, -lib, -tool, -proxy, -helper Checks namespace hijacking (e.g., @org/lib-unofficial) Prevents 150K+ supply chain attacks monthly. Webhook Retry with Exponential Backoff Failed webhook deliveries automatically retry Configurable retry policy (linear, exponential, constant) Maximum 10 retries over 24 hours. Policy Template Builder Interactive wizard for creating security policies Pre-built templates (baseline, moderate, strict, compliance) YAML editor with validation Test policies against real images.

🐛 Bug Fixes

Fixed race condition in parallel image scanning Corrected CVSS score calculation for edge cases Improved SBOM parsing performance (1000+ components) Fixed false positives in metadata analysis Resolved timezone issues in date range queries.

📈 Performance Improvements

40% faster SBOM generation 25% reduction in intelligence query latency 60% webhook delivery improvement 35% memory usage reduction in long-running scans.

⚠️ Breaking Changes

None in v2.1.0 (fully backward compatible).

🔄 Deprecations

--include-deprecated-vulns flag (use --include-unverified) Legacy config format ~/.cleanstartrc (migrated to ~/.cleanstart/config.yaml). Migration Guide: https://docs.cleanstart.dev/migrate/v2.0-to-v2.1

v2.0.0 (December 1, 2023)

Major Release: Complete Platform Redesign

Three Core Components:

1. CleanStart Source Intelligence Core — Threat Source Intelligence Core
2. clnstrt-cli — Unified command-line tool
3. Customer Portal — Web dashboard and image catalog

Key Features: Real-time supply chain threat intelligence Container image signing and verification SBOM generation and analysis Policy-based security enforcement Kubernetes native support.

What Changed from v1.x

Full Migration Guide: https://docs.cleanstart.dev/migrate/v1-to-v2

Version Support Matrix

Upgrade Guide

From v2.0 to v2.1

# 1. Update CLIcurl -sSL https://releases.cleanstart.dev/clnstrt-cli-latest.tar.gz | tar xzsudo mv ./clnstrt-cli /usr/local/bin/clnstrt-cli # 2. Verifyclnstrt-cli --version# Output: v2.1.0 # 3. Update Helm charthelm repo update cleanstarthelm upgrade cleanstart cleanstart/cleanstart \  --namespace cleanstart \  --values custom-values.yaml

From v1.x to v2.0

Breaking Changes: Command syntax changed (cosign verify → clnstrt-cli verify) Configuration file format updated API endpoints reorganized. Steps:

1. Backup: cp -r ~/.cleanstart ~/.cleanstart.v1.backup
2. Uninstall v1.x: cosign, trivy, syft
3. Install v2.0: Follow quickstart
4. Regenerate SBOM: clnstrt-cli generate-sbom --path . --output sbom.spdx

Full Migration: https://docs.cleanstart.dev/migrate/v1-to-v2

Known Issues

v2.1.0

Issue #742: Webhook retries exceed timeout in high-latency networks Status: Known, fix in v2.1.1 Workaround: Increase webhook timeout in policy: webhook_timeout: 30s. Issue #748: Transitive dependency risk scores sometimes unavailable Status: Known, pending intelligence core update Workaround: Query individual packages.

v2.0.0

(All issues resolved in v2.1.0)

Security Updates

v2.1.0

CVE Fixes: CVE-2024-1234 (JWT validation) — Fixed CVE-2024-5678 (YAML parsing) — Fixed. Recommendation: Update to v2.1.0 immediately if running v2.0.x.

v2.0.0 (End-of-Life: Dec 1, 2024)

CVE-2023-9999 (Race condition) — No fix, update to v2.1.0 CVE-2023-8888 (Path traversal) — Patched in v2.0.1.

Planned Features

v2.2.0 (Q2 2024)

AI-powered threat prediction Automated remediation recommendations Multi-cloud federation Advanced SIEM integration.

v2.3.0 (Q3 2024)

Kubernetes native policy enforcement (CEL language) Hardware security module (HSM) support Decentralized policy registry Supply chain forensics dashboard.

v3.0.0 (Q4 2024)

Major Source Intelligence Core redesign Zero-knowledge proof attestations Distributed ledger for audit trails Cross-organization policy sharing.

Release Process

Versioning

CleanStart follows Semantic Versioning: MAJOR (v2.0) — Breaking changes, significant features MINOR (v2.1) — New features, backward compatible PATCH (v2.1.1) — Bug fixes only.

Release Schedule

Major releases — Quarterly (Jan, Apr, Jul, Oct) Minor releases — Monthly (mid-month) Patch releases — As needed (within 48h of discovery).

Support Timeline

Current version — 12 months full support Previous version — 6 months security fixes only Older versions — Community support only.

Notification Channels

Subscribe to release notifications:

Email: https://cleanstart.dev/releases Slack: #releases at https://slack.cleanstart.dev GitHub: https://github.com/cleanstart/releases RSS: https://cleanstart.dev/releases.rss

Community Feedback

Report issues and feature requests:

Bugs: https://github.com/cleanstart/issues Features: https://github.com/cleanstart/discussions Slack: https://slack.cleanstart.dev (#feedback) Email: product@cleanstart.dev.

Version History Archive

Older releases: GitHub: https://github.com/cleanstart/releases Documentation: https://docs.cleanstart.dev/releases/archive Portal: https://portal.cleanstart.dev/downloads (customer access).

Last Updated: January 15, 2024

For detailed release notes: https://github.com/cleanstart/releases