Released May 9, 2026
Full OpenID Connect support for Google, Azure AD, and Okta. Features a robust 'Capture-and-Forward' redirect engine for complex NAT/Proxy environments.
Added native bind-based LDAP support with JIT provisioning, allowing enterprise users to log in using existing corporate credentials.
Introduced a dynamic engine to map external groups (OIDC claims, LDAP DNs) directly to StacksAtlas permissions (Admin, Standard, Viewer).
Integrated server-side diagnostic tools to verify OIDC metadata and LDAP bind credentials in real-time before saving configurations.
Hardened system security by enforcing strict RBAC policies on traceroute, diagnostics, and management tools.
Intelligent UI state management that automatically disables destructive actions for View-Only users, preventing unauthorized network changes.
Launched a secure self-service profile endpoint, allowing all users to manage their personal alert preferences without administrative rights.
Implemented a masked 'Write-Only' pattern for sensitive configuration fields, ensuring Client Secrets are never exposed in the UI.
Native payload formatting for Slack (Block Kit), Discord (Rich Embeds), and Microsoft Teams (Adaptive Cards 1.5+). Allows for deep integration into enterprise notification workflows.
Implemented exponential backoff with jitter and a smart Circuit Breaker mechanism to pause failing endpoints, ensuring appliance performance remains stable during external outages.
Added a one-click 'Test Payload' feature and real-time delivery history logs directly in the management UI for instant verification of external alert routing.
Features encryption-at-rest for URLs, masked secret management, and optional HMAC-SHA256 signing for cryptographically verified payload integrity.
Released April 26, 2026
Implemented a 'Ping-First' strategy for subnet sweeps, eliminating the 10-second hang caused by blocking ARP calls.
Reduced mDNS listen windows and increased scan intervals to 5 minutes, significantly lowering network 'tax' during discovery.
Integrated granular phase-timing into the engine via Debug logs, enabling instant performance audits directly from the Dashboard UI.
Introduced a 'Debug Mode' switch on the Logs page for instant, verbose diagnostics without requiring a service restart.
Restored the background security scoring engine to the main sync loop for live vulnerability updates.
Re-implemented event logging for device discovery, roaming, and status changes to restore full history visibility.
Restored Latency History and Stability Score increments to ensure accurate long-term health analytics.
Introduced real-time event streaming to SIEM platforms like Splunk and Elastic, enabling enterprise-wide security correlation.
Consolidated Network Ports and SIEM configuration into a single, high-authority 'Appliance Infrastructure' section with atomic restart controls.
Migrated to a secure, public licensing handshake. Master API Keys are no longer stored within the appliance, significantly hardening the security posture.
Introduced a tiered offline verification system (30-day soft warning, 60-day hard expiry) to ensure business continuity in remote or air-gapped sites.
Completely eliminated legacy 'Mock Mode' bypasses, ensuring mandatory, authoritative validation for all production environments.
Fixed a cross-platform encryption issue preventing database migration between Windows and Docker/Linux.
Hardened auto-detection to ignore 169.254.x.x subnets while keeping them manually selectable.
Released April 25, 2026
Eliminated identity 'ping-pong' by centralizing all device classification logic into a single, authoritative reconciliation engine.
Implemented a hierarchical identity system that prevents low-confidence discovery data from overwriting manual names or high-confidence fingerprints.
Refactored the core API infrastructure into a modular, service-oriented architecture for significantly improved reliability and cold-start speed.
Upgraded internal database encryption with 256-bit peppered entropy and DPAPI-hardened key protection.
Migrated to PBKDF2 with 600,000 iterations and implemented O(1) constant-time API key validation to mitigate timing attacks.
Introduced a sophisticated 0-100 security scoring engine with structured risk tracking for unauthenticated services and remote exposure.
Optimized socket hygiene and concurrency models to boost port enrichment speeds by over 300% on high-density networks.
Implemented full bitwise CIDR masking for all subnet sizes, ensuring 100% accuracy for massive /16 corporate environments.
Moved high-concurrency environment tuning to the host level to eliminate 'ramp-up' latency during initial network sweeps.
Retired the legacy power icon for a modern User Avatar system with integrated profile management and alert diagnostics.
Converted the scan engine to a push-model reactive system for instantaneous, millisecond-accurate progress feedback in the UI.
Standardized all settings layers to use high-performance atomic write patterns, eliminating I/O latency and disk corruption risks.
Released April 19, 2026
Smashed the 'Scan Stall' bug by implementing persistent negative caching for DNS and SNMP. Reduces sparse network scan times by up to 40%.
Scan parameters now apply instantly via a CancellationToken interrupt system. Changes to subnets or intervals no longer wait for the engine sleep cycle.
Eliminated scan 'ramp-up' latency by scaling the .NET ThreadPool proactively to match configured parallelism, preventing thread starvation.
Introduced a high-performance terminal UI for real-time engine logs, featuring millisecond-accurate stage timing and severity filtering.
Eliminated a hidden 5-strike grace period. The engine now respects your configured status thresholds immediately.
Docker/restricted devices responding only to ICMP now show as 'Online' with an 'Unknown MAC' instead of being rejected.
The engine now explicitly logs which IPs were dropped by synthetic filters, providing full transparency into discovery outliers.
Massive expansion of the visual registry including premium logos for Dell, Synology, Samsung, Sennheiser, Yamaha, and major Pro-AV brands.
Smashed the 'Ugly Logo' placeholder bug by replacing the legacy text with a professional, high-quality gradient wordmark.
Refactored detection logic to handle substring matches and common vendor variations (e.g. HPE/Aruba) automatically.
Optimized the discovery engine to support managed network hardware that prioritizes ICMP over ARP responses.
Reduced default discovery timeouts from 2s to 1s to ensure rapid failure detection on large subnets without impacting accuracy.
Released April 18, 2026
Released the first-party StacksAtlas bridge for the OpenAVC platform. Enables real-time 'Network Pulse' status cards on AV control surfaces.
Relaxed Ghost-Ping protection to allow devices that respond to ICMP but delay ARP requests (common in managed switch security profiles).
Hardened neighbor verification to require active ICMP/ARP verification for all passive neighbors, eliminating stale ARP 'ghost' entries.
Running a Traceroute or Deep Scan now automatically promotes the target device to 'Online' status.
Complete refactor of the release history UI with real-time search, collapsible entries, and optimized filtering logic.
Unified industrial-grade icons across all historical release notes for consistent visual governance.
Released April 13, 2026
Implemented a 'Physical Reality Check' for all scans. If a sweep returns suspiciously high counts (>85%), a mandatory triple-verification loop is triggered automatically.
Nmap discovery now monitors OS network buffers for 'Resource temporarily unavailable' errors, aborting unreliable scans rather than reporting false data during system load.
Added randomized micro-delays (0-20ms) to parallel pings to distribute peak network stack pressure and prevent packet reflections.
Full UI-driven control over HTTP/HTTPS ports with a graceful, persistent restart-and-migrate workflow. No command-line access required.
Replaced standard Swagger with a beautiful, high-performance Scalar UI at /api-docs. Securely gated behind Admin roles for internal development.
Upgraded self-signed certificate generation with modern .NET 10 APIs and 'Basic Constraints: CA=True' to satisfy strict browser trust requirements.
Built a robust PBKDF2 hashed token system for external API access, replacing the legacy static JWT model with individually revocable keys and usage auditing.
Updated the engine to support our new commercial accessibility tiers: Free (50 devices) | Pro (100 devices) | Enterprise (Unlimited).
Released April 5, 2026
Implemented a passive 'Stage 0' discovery layer using netstat and arp for instantaneous device recognition on Darwin, bypassing traditional socket throttling.
Refined Role-Based Access Control to allow 'Normal' users read-only access to Dashboards, Topology, and Alert History while strictly gating administrative settings.
Automatic path resolution for Nmap on macOS (Homebrew or Bundle paths) with hardened privileged execution for OS fingerprinting.
Replaced manual fulfillment uploads with an automated Cloudflare R2 pipeline. All installers now support versioned permalinks.
Integrated native Windows MSI generation with industrial code signing into the global CI/CD pipeline.
New root-level automation script for 'One-Click' build, sign, distribute, and git-sync operations.
Implemented 'Neutral Skip' logic across all platforms (Windows, macOS, Linux/Docker) to prevent accidental public releases while keeping the CI dashboard green.
Released March 28, 2026
StacksAtlas can now be deployed natively on Apple Silicon/Intel Macs and any Linux server (Ubuntu, Synology, Unraid) via Docker!
Resolved the 'Ghost Ping' bug on Linux by pivoting to a native Nmap discovery backend, ensuring 100% accurate device counts in Docker.
Implemented GitHub Actions to automatically build and publish Docker images and native macOS binaries on every release.
Released March 1, 2026
A beautiful, interactive Canvas-based Force-Directed Graph mapping the entire scanned subnet in real-time.
Native SNMP v2c support for fetching System Name and Description from managed hardware (Switches, NAS, Routers).
Replaced legacy Windows PInvoke with a robust, cross-platform engine for universal networking compatibility.
Integrated Recog XML signature engine for industrial-grade hardware identification.
Simultaneous ARP+Ping 'racing' logic reduces subnet sweep times by up to 30%.
Fixed startup race conditions; auto-detection now handles late network interface initialization gracefully.
Scanning now starts instantly after creating the initial admin account—no restart required.
Released February 16, 2026
Fixed a critical race condition causing service hangs on startup. Startup is now sub-second.
Fixed race condition where acknowledged security risks were reverting.
Resolved a 'Invalid URL' crash in ApiService and a LiteDB mapping exception.
Fixed regressions in 'Show Archived' toggle and 'New' filter logic.
Fixed issue where manual device edits were not persisting.
Implemented immediate visual feedback for risk acknowledgement.
Added one-click launch support for SSH, Telnet, and FTP.
PDF/CSV reports now include Security Grades (A/C/F).
Added 'Hard Delete' option for complete removal.
Smart sorting for IP addresses in lists and reports.
Manual reset capability for device performance counters.
Released February 7, 2026
'Magic Packet' support to boot up offline workstations remotely.
Visual Traceroute to identify latency bottlenecks.
Historical tracking of MAC-to-IP bindings to spot 'drifting' devices.
Detection of EOL OS (XP/Win7) for immediate risk forecasting.
Added dependency disclosure (Npcap/Nmap).
Fixed critical race conditions and deadlock prevention.
Modernized scrollbars and layout refinements.
Cutdown sweep time from 30s to 5s.
Released January 29, 2026
Integrated Nmap scanning for deep service discovery.
Correctly activated licenses now support 30-day offline grace period.
New progress bar UI provides live feedback during deep scans.
Installer now handles Nmap dependencies automatically.
Native detection for IP Cameras, NDI Video, and Storage Infrastructure.
Splash screen and lock contention resolution.
Automated global repair of legacy stability data.
Native fetching of web page titles for better ID.
Real-time identification of PTP Master clocks.
Added secure encrypted database migration export.
Released January 25, 2026
Enhanced classification for Dante, Q-SYS, Biamp, Shure, and Crestron.
Manual edits to Model or Vendor are protected from automated overwrites.
Specific icons for Microphones, Amplifiers, Mixers, and NAS.
Released January 20, 2026
Added capability to restart the host service/system from the UI.
Added Network Adapter selection and transparency.
Added Backup & Restore (Snapshot) functionality.
Ensuring secure and trusted deployments.
Initial Public Release
Industrial-grade network scanning and identification.
Weighted analytics for predicting hardware failure.
Professional PDF and CSV exports for inventory audits.
Built by Keaton
© 2026 StacksAtlas LLC. All rights reserved.