Development Release - feat/v3.x/aviator/26.3 branch

See Assets section below for latest build artifacts

v3.19.0

3.19.0 (2026-05-11)

Features

• fcli aviator ssc audit: Add suppression exclusions in tag mapping configuration (#991) (8400aff)
• fcli fod app/release update: Add --auto-required-attrs option to automatically set required attributes that were not set before (d172ce6)
• fcli fod issue update: Add --all/--include-all option for updating all issues for a release (0d0d7a5)
• Load trusted certificates from system trust store if available, in addition to existing Java trust store configuration (786e345)

Bug Fixes

• fcli fod issue update: Add --issue-ids alias for --vuln-ids for consistency (0d0d7a5)
• fcli fod issue update: Correct description of --user option (0d0d7a5)
• fcli fod issue update: Update descriptions to use issues (vulnerabilities) consistently (0d0d7a5)

v3.19

Semantic version release for v3.19.0

v3

Semantic version release for v3.19.0

Development Release - dev/v3.x branch

See Assets section below for latest build artifacts

v3.18.0

3.18.0 (2026-04-22)

Features

• fcli fod * list: Add --fetch option on most list commands to fetch subset of records from FoD (2bba9c5)
• fcli fod session list: Add --validate option to check validity of FoD OAuth token (525e13f)
• fcli sc-dast * list: Add --fetch option on most list commands to fetch subset of records from ScanCentral DAST (2bba9c5)
• fcli sc-sast * list: Add --fetch option on some list commands that utilize SSC REST endpoints to fetch subset of records from SSC (2bba9c5)
• fcli ssc * list: Add --fetch option on most list commands to fetch subset of records from SSC (2bba9c5)
• fcli ssc session list: Add --validate option to check and update session data based on current SSC token state (token deleted, expiry date changed, ...) (525e13f)
• fcli ssc tag: Add --[no-]extensible option to create and update commands (d92c7bd)
• fcli util all-commands list: Enrich output with module category (PRODUCT/CONFIG/UTIL) and session requirement metadata (f64243e)
• fcli util mcp-server start: --module option is now optional (at least one of --module or --import must be specified) (f64243e)
• fcli util mcp-server start: Add --import option for importing action YAML files, exposing exported action functions as MCP tools or resource templates (f64243e)
• fcli util mcp-server start: Support MCP resource templates via function meta.mcp.resource metadata (f64243e)
• fcli util rpc-server start: New JSON-RPC server command for programmatic fcli access (hidden, for internal use only for now) (f64243e)
• fcli --style option: Add [no-]envelope style for various output formats like JSON and YAML to allow for outputting paging and potentially other metadata (2bba9c5)
• fcli action framework: Add #fcli.listCommands(), #fcli.listCommands(query), #fcli.getCommandSpec(command), and #fcli.getCommandArgs(command) SpEL functions for querying available fcli commands from within action YAML (f64243e)
• fcli action framework: Add fn.yield step for emitting records from streaming functions, with automatic consumer termination detection (f64243e)
• fcli action framework: Add functions support — define reusable functions in action YAML with typed arguments, return values, and streaming (lazy fn.yield) capabilities; invoke via #fn.call('name', args...) SpEL function (f64243e)
• fcli action framework: Add sleep step for pausing execution for a SpEL-evaluated duration in milliseconds (f64243e)
• fcli action framework: Add with.product step for establishing product context (SSC/FoD) within action steps, making product-specific SpEL functions and REST targets available without running product-specific action commands (f64243e)
• fcli action framework: Emit <key>.metadata variable on run.fcli instructions to allow actions to access paging and potentially other metadata produced by the fcli command (2bba9c5)

Bug Fixes

• fcli aviator ssc audit: Improve filter set handling (#981) (c23d9e1)
• fcli fod dast-scan get-config: Fix NullPointerException when DAST Automated scan has not been configured (7e84eee)
• fcli fod dast-scan setup-*: Improve error messaging with information on locked settings. (7e84eee)
• fcli util mcp-server start: Fix option required reporting for options inside optional argument groups (f64243e)
• Fix potential concurrent modification of global values in multi-threaded contexts (e.g., async jobs in RPC/MCP servers) (f64243e)
• Fix some potential issues related to fcli stdio handling (f64243e)

v3.18

Semantic version release for v3.18.0

v3.17.0

3.17.0 (2026-04-10)

Features

• fcli aviator entitlement list-dast: New command for querying DAST entitlements (credit-based model) (8521a9f)
• fcli aviator entitlement list-sast: New command for querying SAST entitlements (8521a9f)
• fcli aviator entitlement list: Deprecated; use fcli aviator entitlement list-sast instead (8521a9f)
• fcli aviator ssc apply-remediations: Add --latest, --all, --since, --av options for easier selection of Aviator-processed artifacts (8521a9f)
• fcli aviator ssc audit : Add --folder-priority-order option to prioritize folder for issues selection if open issues exceed aviator app quota (8521a9f)
• fcli aviator ssc audit: Add --skip-if-exceeding-quota option to skip audits if open issues exceed aviator app quota (8521a9f)
• fcli aviator ssc audit: Add --test-exceeding-quota option for dry-run mode to report potential skips without auditing if open issues exceed aviator app quota (8521a9f)
• fcli fod aviator apply-remediations: New command for applying Aviator remediations from Fortify on Demand (8521a9f)
• fcli sc-dast scan delete: Add --force option to request forced deletion (0fb8a4d)
• SSC bulkaudit action: Add --aviator-app-mapping option to control SSC app/version to Aviator application mapping (8521a9f)

Bug Fixes

• fcli aviator ssc audit: Reduce memory consumption while parsing FPR files (8521a9f)
• fcli fod access-control: Throw exception if invalid role is specified on create-user or update-user commands (c0fb907)
• fcli fod: Fix loading of attribute definitions on FoD 26.2+ (5af0833)
• fcli fod: Use default attribute values from FoD 26.2+ if available for --auto-required-attrs (#969) (fd0fefd)
• fcli ssc * list: Improve server-side query generation to support matches operator (eb1170d)
• fcli util mcp-server start: Expose fcli ssc issue update command (10ce4bc)
• fcli util mcp-server start: Improve server-side query generation/handling (eb1170d)
• Fix duplicate HTTP request headers (427e929)
• Implement exponential back-off retry strategy on HTTP 502/503 errors for GET requests to SSC, SC-DAST, SC-DAST, and FoD (45a47ca)

v3.17

Semantic version release for v3.17.0

Development Release - feat/v3.x/aviator/26.2 branch

See Assets section below for latest build artifacts