ACD Pillars Cyber Solutions logo ACD Pillars
ThreatLedger Capabilities Schedule a Demo Support

ThreatLedger release notes

ThreatLedger Release Notes

Version 1.2.3

Customer Release
Release Date: June 2026

ThreatLedger 1.2.3 is a locally hosted vulnerability, compliance, and RMF support platform designed to help teams ingest scan data, normalize findings, track project baselines, and generate security documentation.

This release is intended for customer deployment, workflow validation, and operational feedback in vulnerability management, RMF, and compliance support workflows.


Release Highlights

Local Docker-Based Deployment

ThreatLedger is packaged for local deployment using Docker containers. The Windows installer package creates the required local folders, prepares the environment, pulls the ThreatLedger containers, and starts the application locally.

Customer data is stored outside the containers in persistent local directories so application data can survive container restarts, updates, and reinstall activity.

Persistent local paths include:

  • instance/
  • uploads/
  • reports/
  • backups/
  • logs/
  • temp/
  • certs/

Project-Based Scan Management

ThreatLedger supports project-based organization of scan data. Users can create projects, upload scan files, review findings, and generate reports tied to specific project data.

Supported project workflows include:

  • Project creation and management
  • Project-specific scan uploads
  • Project findings review
  • Project dashboard summaries
  • Project report generation

STIG Checklist Support

ThreatLedger supports ingestion and processing of STIG checklist data. Uploaded STIG checklist content is parsed into normalized findings that can be reviewed, tracked, and reported through the application.

The system supports actionable finding counts and STIG-derived report outputs.


Nessus Scan Support

ThreatLedger supports ingestion and processing of Nessus scan data. Nessus findings are normalized into the ThreatLedger findings model and can be reviewed alongside other project findings.

Nessus-derived findings can be used in project dashboards, findings views, and supported reports.


Vulnerability Enrichment

ThreatLedger includes local enrichment support for vulnerability data, including cached vulnerability and end-of-life related information. This helps provide additional context during review and reporting.

Included enrichment-related capabilities include:

  • CVE-aware finding context
  • EPSS-related enrichment support
  • NVD cache support
  • EOL inventory support
  • Local cached enrichment data

Inventory and EOL Reporting

ThreatLedger includes software and hardware inventory reporting capabilities. The application can generate inventory-focused reports and provide EOL-related visibility where supporting data is available.

Current inventory-related outputs include:

  • Software Inventory Report
  • Hardware Inventory Report
  • EOL-focused inventory visibility
  • Ports and Protocols Report

Report Generation

This release includes multiple PDF report outputs intended to support RMF, compliance, vulnerability management, and executive review workflows.

Available report types include:

  • Executive Summary Report
  • Executive Trend Report
  • Historical Delta Report
  • Compliance Mapping Report
  • POA&M Report
  • Software Inventory Report
  • Hardware Inventory Report
  • Ports and Protocols Report
  • Vulnerability/finding-focused exports and summaries

Reports are generated locally and written to the local reports/ directory.


Backup and Restore Support

ThreatLedger includes backup and restore functionality from the administrative interface. This allows local application data to be backed up and restored as needed during operational use.

Backups are stored under the local backups/ directory.


Support Bundle Support

ThreatLedger includes support bundle functionality to help with troubleshooting. Support bundles are intended to collect relevant local diagnostic information that can be shared with ThreatLedger support when needed.

Customers should review support bundle contents before sending them externally.


TLS/Certificate Support

The installer package includes a certificate directory and TLS guidance. Customers can provide their own certificate and key files for local HTTPS/TLS configuration.

Expected certificate filenames:

certs/threatledger.crt
certs/threatledger.key

TLS mode can be adjusted using the included tooling and nginx configuration.


Legal and Documentation Package

This release includes customer-facing documentation and legal notices:

  • README
  • End User License Agreement
  • Privacy Statement
  • Release Notes
  • Third-Party Software Notices

These files are included in the installer package.


Known Limitations

Baseline Update Behavior

ThreatLedger currently treats a new project upload as the active uploaded data set for that project workflow. If a project baseline includes multiple files, such as several STIG checklists and a Nessus scan, customers should upload the full updated file set when refreshing the project baseline.

Uploading only one updated file from a larger baseline may not preserve the intended full baseline context.

Improved partial baseline update behavior is planned for a future release.


Multi-User Hardening Still In Progress

ThreatLedger includes user and role structures, but full multi-user production hardening is still in progress. Customers should limit access to trusted users and follow local access-control practices for the host system and deployment environment.


Customer-Managed Deployment Environment

This release is intended for customer-managed local Docker deployment. Customers are responsible for the host system, Docker runtime, local access controls, backups, and network exposure decisions.


Support Expectations

Customers should report:

  • Installation issues
  • Upload or parsing failures
  • Report generation problems
  • Incorrect or unexpected finding counts
  • Usability concerns
  • RMF workflow gaps
  • Suggested report improvements

Upgrade and Reinstall Notes

The installer is designed to preserve existing local data when rerun. The following should not be deleted during normal reinstall or upgrade activity:

  • .env
  • instance/threatledger.db
  • uploads/
  • reports/
  • backups/
  • logs/
  • temp/
  • certs/

Customers should back up the installer directory before performing upgrades.


Security and Data Handling Notes

ThreatLedger is designed to run locally. Customer scan files, findings, reports, uploads, and project data are stored in the local deployment directory and are not intentionally transmitted to ACD Pillars Cyber Solutions LLC or any external service by the application.

Customers are responsible for controlling access to the local host, deployment directory, Docker environment, generated reports, backups, and support bundles.


Third-Party Components

ThreatLedger uses third-party open source components as part of its runtime and packaging. See the Third-Party Notices page for additional information.


Legal Notice

ThreatLedger is proprietary software provided for licensed use under the included End User License Agreement. See the EULA / Terms page for license terms and usage restrictions.

Return to ACD Pillars home