ThreatLedger release notes
ThreatLedger Release Notes
Version 1.2.3
Customer Release
Release Date: June 2026
ThreatLedger 1.2.3 is a locally hosted vulnerability, compliance, and RMF support platform designed to help teams ingest scan data, normalize findings, track project baselines, and generate security documentation.
This release is intended for customer deployment, workflow validation, and operational feedback in vulnerability management, RMF, and compliance support workflows.
Release Highlights
Local Docker-Based Deployment
ThreatLedger is packaged for local deployment using Docker containers. The Windows installer package creates the required local folders, prepares the environment, pulls the ThreatLedger containers, and starts the application locally.
Customer data is stored outside the containers in persistent local directories so application data can survive container restarts, updates, and reinstall activity.
Persistent local paths include:
instance/uploads/reports/backups/logs/temp/certs/
Project-Based Scan Management
ThreatLedger supports project-based organization of scan data. Users can create projects, upload scan files, review findings, and generate reports tied to specific project data.
Supported project workflows include:
- Project creation and management
- Project-specific scan uploads
- Project findings review
- Project dashboard summaries
- Project report generation
STIG Checklist Support
ThreatLedger supports ingestion and processing of STIG checklist data. Uploaded STIG checklist content is parsed into normalized findings that can be reviewed, tracked, and reported through the application.
The system supports actionable finding counts and STIG-derived report outputs.
Nessus Scan Support
ThreatLedger supports ingestion and processing of Nessus scan data. Nessus findings are normalized into the ThreatLedger findings model and can be reviewed alongside other project findings.
Nessus-derived findings can be used in project dashboards, findings views, and supported reports.
Vulnerability Enrichment
ThreatLedger includes local enrichment support for vulnerability data, including cached vulnerability and end-of-life related information. This helps provide additional context during review and reporting.
Included enrichment-related capabilities include:
- CVE-aware finding context
- EPSS-related enrichment support
- NVD cache support
- EOL inventory support
- Local cached enrichment data
Inventory and EOL Reporting
ThreatLedger includes software and hardware inventory reporting capabilities. The application can generate inventory-focused reports and provide EOL-related visibility where supporting data is available.
Current inventory-related outputs include:
- Software Inventory Report
- Hardware Inventory Report
- EOL-focused inventory visibility
- Ports and Protocols Report
Report Generation
This release includes multiple PDF report outputs intended to support RMF, compliance, vulnerability management, and executive review workflows.
Available report types include:
- Executive Summary Report
- Executive Trend Report
- Historical Delta Report
- Compliance Mapping Report
- POA&M Report
- Software Inventory Report
- Hardware Inventory Report
- Ports and Protocols Report
- Vulnerability/finding-focused exports and summaries
Reports are generated locally and written to the local reports/ directory.
Backup and Restore Support
ThreatLedger includes backup and restore functionality from the administrative interface. This allows local application data to be backed up and restored as needed during operational use.
Backups are stored under the local backups/ directory.
Support Bundle Support
ThreatLedger includes support bundle functionality to help with troubleshooting. Support bundles are intended to collect relevant local diagnostic information that can be shared with ThreatLedger support when needed.
Customers should review support bundle contents before sending them externally.
TLS/Certificate Support
The installer package includes a certificate directory and TLS guidance. Customers can provide their own certificate and key files for local HTTPS/TLS configuration.
Expected certificate filenames:
certs/threatledger.crt
certs/threatledger.key
TLS mode can be adjusted using the included tooling and nginx configuration.
Legal and Documentation Package
This release includes customer-facing documentation and legal notices:
- README
- End User License Agreement
- Privacy Statement
- Release Notes
- Third-Party Software Notices
These files are included in the installer package.
Known Limitations
Baseline Update Behavior
ThreatLedger currently treats a new project upload as the active uploaded data set for that project workflow. If a project baseline includes multiple files, such as several STIG checklists and a Nessus scan, customers should upload the full updated file set when refreshing the project baseline.
Uploading only one updated file from a larger baseline may not preserve the intended full baseline context.
Improved partial baseline update behavior is planned for a future release.
Multi-User Hardening Still In Progress
ThreatLedger includes user and role structures, but full multi-user production hardening is still in progress. Customers should limit access to trusted users and follow local access-control practices for the host system and deployment environment.
Customer-Managed Deployment Environment
This release is intended for customer-managed local Docker deployment. Customers are responsible for the host system, Docker runtime, local access controls, backups, and network exposure decisions.
Support Expectations
Customers should report:
- Installation issues
- Upload or parsing failures
- Report generation problems
- Incorrect or unexpected finding counts
- Usability concerns
- RMF workflow gaps
- Suggested report improvements
Upgrade and Reinstall Notes
The installer is designed to preserve existing local data when rerun. The following should not be deleted during normal reinstall or upgrade activity:
.envinstance/threatledger.dbuploads/reports/backups/logs/temp/certs/
Customers should back up the installer directory before performing upgrades.
Security and Data Handling Notes
ThreatLedger is designed to run locally. Customer scan files, findings, reports, uploads, and project data are stored in the local deployment directory and are not intentionally transmitted to ACD Pillars Cyber Solutions LLC or any external service by the application.
Customers are responsible for controlling access to the local host, deployment directory, Docker environment, generated reports, backups, and support bundles.
Third-Party Components
ThreatLedger uses third-party open source components as part of its runtime and packaging. See the Third-Party Notices page for additional information.
Legal Notice
ThreatLedger is proprietary software provided for licensed use under the included End User License Agreement. See the EULA / Terms page for license terms and usage restrictions.