UI
🐞 Fixed
- Large scan report ZIP downloads now stream through a Next.js Route Handler instead of buffering the full file in a Server Action (#11330)
- Compliance requirement findings table now respects the page size selector (#11365)
API
🐞 Fixed
finding-groupsslow response with finding-level filters such asregion; check title and description are now read from the daily summaries, which drops sorting bycheck_title(#11326)
SDK
🐞 Fixed
compute_project_os_login_enabledandcompute_project_os_login_2fa_enabledchecks for GCP provider no longer false-FAIL on projects where theenable-oslogin/enable-oslogin-2fametadata is not set explicitly but is inherited automatically from theconstraints/compute.requireOsLoginorg policy. The policy controller writes the inherited value in lowercase ("true"), but the service-layer parser compared it to the uppercase string literal"TRUE". Comparison is now case-insensitive (#11341)storage_smb_channel_encryption_with_secure_algorithmcheck for Azure provider no longer passes when a storage account allows a weak SMB channel encryption algorithm (e.g.AES-128-CCM/AES-128-GCM) alongsideAES-256-GCM; it now requires every enabled algorithm to be in the recommended list, configurable viaazure.recommended_smb_channel_encryption_algorithms(defaults toAES-256-GCMonly, as required by CIS) (#11327)- Azure and M365 providers crashing with
RuntimeError: There is no current event loopon Python 3.12 when called from threads without an active event loop (e.g. Celery workers) (#11360)
MCP
🐞 Fixed
- Preserve authorization header in HTTP mode (#11366)