Release 2026.4.9

Highlights

📝 Documentation

• fix: improve mermaid diagram rendering across all markdown files @copilot-swe-agent[bot] (#8536)

📦 Dependencies

• build(deps): bump org.apache.commons:commons-configuration2 from 2.13.0 to 2.14.0 @dependabot[bot] (#8535)
• build(deps): bump org.checkerframework:checker-qual from 3.55.1 to 4.0.0 @dependabot[bot] (#8534)

Political Analysis Enhancements

Changes in this release continue to enhance the Citizen Intelligence Agency (OSINT) platform's capabilities for monitoring political figures and institutions, providing improved insights into:

• Political performance metrics
• Institutional transparency
• Decision-making analysis
• Risk assessment

🔐 Hack23 ISMS Policies & Governance

Hack23 is committed to transparency and evidence-based security. Our complete Information Security Management System (ISMS) is publicly available:

Coverage: 32 ISMS policies • 100+ security controls • ISO 27001:2022 • NIST CSF 2.0 • CIS Controls v8.1

🛡️ Security & Compliance

SLSA Build Attestations

Artifact Attestations Available:

• DEB Package Build Provenance - SLSA Level 3 provenance for cia-dist-deb-2026.4.9.all.deb
• WAR Build Provenance - SLSA Level 3 provenance for citizen-intelligence-agency-2026.4.9.war
• DEB SBOM Attestation - Software Bill of Materials in SPDX format
• WAR SBOM Attestation - Software Bill of Materials in SPDX format

Security Posture

Security Scanning Results

📊 Quality & Testing

Code Quality Reports

Detailed Reports Available:

• Maven Site Documentation - Complete project documentation
• JaCoCo Test Coverage - Unit test coverage reports (80%+ line, 70%+ branch)
• JavaDoc API Documentation - Complete API reference
• SonarCloud Dashboard - Code quality metrics

Testing Standards

Per Secure Development Policy:

• ✅ Minimum 80% line coverage
• ✅ Minimum 70% branch coverage
• ✅ Automated security scanning (SAST/DAST)
• ✅ Dependency vulnerability checks

💻 Technology Stack

Runtime: Java 26 (Feature Release) • Source: Java 21 (LTS) • Build: Maven 3.9.14 • Database: PostgreSQL 18

🙏 Contributors

Thanks to @Copilot, @dependabot[bot], @pethers, copilot-swe-agent[bot] and dependabot[bot] for their contributions to this release!

Full Changelog: 2026.4.7...2026.4.9

Release 2026.4.7

Highlights

🎨 UI/UX Improvements

• feat: Migrate to Jetty 12.1.8 EE8 (Servlet 4.0, javax.servlet namespace) @copilot-swe-agent[bot] (#8532)

🏗️ Infrastructure & Performance

• feat: Migrate to Jetty 12.1.8 EE8 (Servlet 4.0, javax.servlet namespace) @copilot-swe-agent[bot] (#8532)

🔄 Code Quality & Refactoring

• feat: Migrate to Jetty 12.1.8 EE8 (Servlet 4.0, javax.servlet namespace) @copilot-swe-agent[bot] (#8532)

📝 Documentation

• feat: Migrate to Jetty 12.1.8 EE8 (Servlet 4.0, javax.servlet namespace) @copilot-swe-agent[bot] (#8532)

📦 Dependencies

• feat: Migrate to Jetty 12.1.8 EE8 (Servlet 4.0, javax.servlet namespace) @copilot-swe-agent[bot] (#8532)
• build(deps): bump com.google.errorprone:error_prone_annotations from 2.48.0 to 2.49.0 @dependabot[bot] (#8533)
• build(deps): bump com.google.errorprone:error_prone_core from 2.48.0 to 2.49.0 @dependabot[bot] (#8531)

Political Analysis Enhancements

Changes in this release continue to enhance the Citizen Intelligence Agency (OSINT) platform's capabilities for monitoring political figures and institutions, providing improved insights into:

• Political performance metrics
• Institutional transparency
• Decision-making analysis
• Risk assessment

🔐 Hack23 ISMS Policies & Governance

Hack23 is committed to transparency and evidence-based security. Our complete Information Security Management System (ISMS) is publicly available:

Coverage: 32 ISMS policies • 100+ security controls • ISO 27001:2022 • NIST CSF 2.0 • CIS Controls v8.1

🛡️ Security & Compliance

SLSA Build Attestations

Artifact Attestations Available:

• DEB Package Build Provenance - SLSA Level 3 provenance for cia-dist-deb-2026.4.7.all.deb
• WAR Build Provenance - SLSA Level 3 provenance for citizen-intelligence-agency-2026.4.7.war
• DEB SBOM Attestation - Software Bill of Materials in SPDX format
• WAR SBOM Attestation - Software Bill of Materials in SPDX format

Security Posture

Security Scanning Results

📊 Quality & Testing

Code Quality Reports

Detailed Reports Available:

• Maven Site Documentation - Complete project documentation
• JaCoCo Test Coverage - Unit test coverage reports (80%+ line, 70%+ branch)
• JavaDoc API Documentation - Complete API reference
• SonarCloud Dashboard - Code quality metrics

Testing Standards

Per Secure Development Policy:

• ✅ Minimum 80% line coverage
• ✅ Minimum 70% branch coverage
• ✅ Automated security scanning (SAST/DAST)
• ✅ Dependency vulnerability checks

💻 Technology Stack

Runtime: Java 26 (Feature Release) • Source: Java 21 (LTS) • Build: Maven 3.9.14 • Database: PostgreSQL 18

🙏 Contributors

Thanks to @Copilot, @dependabot[bot], copilot-swe-agent[bot] and dependabot[bot] for their contributions to this release!

Full Changelog: 2026.4.6...2026.4.7

Release 2026.4.6

Highlights

🎨 UI/UX Improvements

• build(deps): bump org.passay:passay from 1.6.6 to 2.0.0 with API migration @dependabot[bot] (#8529)

🏗️ Infrastructure & Performance

• build(deps): bump bridgecrewio/checkov-action from 12.3092.0 to 12.3093.0 @dependabot[bot] (#8530)
• feat: classify JSON export schema field mismatches, fix validator view mappings, duplicate field handling, and array type parsing, and add implementation roadmap @copilot-swe-agent[bot] (#8528)

🔄 Code Quality & Refactoring

• build(deps): bump org.passay:passay from 1.6.6 to 2.0.0 with API migration @dependabot[bot] (#8529)
• feat: Implement BruteForceAttack.drl security rules for brute force detection @copilot-swe-agent[bot] (#8525)

📝 Documentation

• feat: classify JSON export schema field mismatches, fix validator view mappings, duplicate field handling, and array type parsing, and add implementation roadmap @copilot-swe-agent[bot] (#8528)
• build(deps): bump org.passay:passay from 1.6.6 to 2.0.0 with API migration @dependabot[bot] (#8529)
• docs: reconcile DATABASE_VIEW_INTELLIGENCE_CATALOG.md view count (96 claimed → 110 actual) @copilot-swe-agent[bot] (#8527)
• docs: Fix THREAT_MODEL.md MFA status discrepancy — "Planned" → "Implemented (optional enrollment)" @copilot-swe-agent[bot] (#8526)
• chore: delete 42 temporary Copilot-generated report files @copilot-swe-agent[bot] (#8516)

📦 Dependencies

• build(deps): bump bridgecrewio/checkov-action from 12.3092.0 to 12.3093.0 @dependabot[bot] (#8530)
• build(deps): bump org.passay:passay from 1.6.6 to 2.0.0 with API migration @dependabot[bot] (#8529)
• build(deps): bump org.checkerframework:checker-qual from 3.54.1 to 3.55.1 @dependabot[bot] (#8515)

Political Analysis Enhancements

Changes in this release continue to enhance the Citizen Intelligence Agency (OSINT) platform's capabilities for monitoring political figures and institutions, providing improved insights into:

• Political performance metrics
• Institutional transparency
• Decision-making analysis
• Risk assessment

🔐 Hack23 ISMS Policies & Governance

Hack23 is committed to transparency and evidence-based security. Our complete Information Security Management System (ISMS) is publicly available:

Coverage: 32 ISMS policies • 100+ security controls • ISO 27001:2022 • NIST CSF 2.0 • CIS Controls v8.1

🛡️ Security & Compliance

SLSA Build Attestations

Artifact Attestations Available:

• DEB Package Build Provenance - SLSA Level 3 provenance for cia-dist-deb-2026.4.6.all.deb
• WAR Build Provenance - SLSA Level 3 provenance for citizen-intelligence-agency-2026.4.6.war
• DEB SBOM Attestation - Software Bill of Materials in SPDX format
• WAR SBOM Attestation - Software Bill of Materials in SPDX format

Security Posture

Security Scanning Results

📊 Quality & Testing

Code Quality Reports

Detailed Reports Available:

• Maven Site Documentation - Complete project documentation
• JaCoCo Test Coverage - Unit test coverage reports (80%+ line, 70%+ branch)
• JavaDoc API Documentation - Complete API reference
• SonarCloud Dashboard - Code quality metrics

Testing Standards

Per Secure Development Policy:

• ✅ Minimum 80% line coverage
• ✅ Minimum 70% branch coverage
• ✅ Automated security scanning (SAST/DAST)
• ✅ Dependency vulnerability checks

💻 Technology Stack

Runtime: Java 26 (Feature Release) • Source: Java 21 (LTS) • Build: Maven 3.9.14 • Database: PostgreSQL 18

🙏 Contributors

Thanks to @Copilot, @dependabot[bot], @pethers, copilot-swe-agent[bot] and dependabot[bot] for their contributions to this release!

Full Changelog: 2026.4.4...2026.4.6

Release 2026.4.4

Highlights

• fix: eliminate fan-out JOIN in view_riksdagen_party_summary (RC10) @copilot-swe-agent[bot] (#8509)

🏗️ Infrastructure & Performance

• docs: address PR #8510 review comments — fix MCP list, Vaadin 8 refs, workflows table, autobuild note @copilot-swe-agent[bot] (#8512)
• docs: improve gh-aw skills, compact agents, and align workflow docs @copilot-swe-agent[bot] (#8510)

📝 Documentation

• docs: address PR #8510 review comments — fix MCP list, Vaadin 8 refs, workflows table, autobuild note @copilot-swe-agent[bot] (#8512)
• docs: improve gh-aw skills, compact agents, and align workflow docs @copilot-swe-agent[bot] (#8510)

📦 Dependencies

• build(deps): bump org.ehcache:ehcache from 3.11.1 to 3.12.0 @dependabot[bot] (#8514)
• build(deps): bump org.checkerframework:checker-qual from 3.54.0 to 3.54.1 @dependabot[bot] (#8513)
• build(deps-dev): bump io.github.bonigarcia:webdrivermanager from 6.3.3 to 6.3.4 @dependabot[bot] (#8511)

Political Analysis Enhancements

Changes in this release continue to enhance the Citizen Intelligence Agency (OSINT) platform's capabilities for monitoring political figures and institutions, providing improved insights into:

• Political performance metrics
• Institutional transparency
• Decision-making analysis
• Risk assessment

🔐 Hack23 ISMS Policies & Governance

Hack23 is committed to transparency and evidence-based security. Our complete Information Security Management System (ISMS) is publicly available:

Coverage: 32 ISMS policies • 100+ security controls • ISO 27001:2022 • NIST CSF 2.0 • CIS Controls v8.1

🛡️ Security & Compliance

SLSA Build Attestations

Artifact Attestations Available:

• DEB Package Build Provenance - SLSA Level 3 provenance for cia-dist-deb-2026.4.4.all.deb
• WAR Build Provenance - SLSA Level 3 provenance for citizen-intelligence-agency-2026.4.4.war
• DEB SBOM Attestation - Software Bill of Materials in SPDX format
• WAR SBOM Attestation - Software Bill of Materials in SPDX format

Security Posture

Security Scanning Results

📊 Quality & Testing

Code Quality Reports

Detailed Reports Available:

• Maven Site Documentation - Complete project documentation
• JaCoCo Test Coverage - Unit test coverage reports (80%+ line, 70%+ branch)
• JavaDoc API Documentation - Complete API reference
• SonarCloud Dashboard - Code quality metrics

Testing Standards

Per Secure Development Policy:

• ✅ Minimum 80% line coverage
• ✅ Minimum 70% branch coverage
• ✅ Automated security scanning (SAST/DAST)
• ✅ Dependency vulnerability checks

💻 Technology Stack

Runtime: Java 26 (Feature Release) • Source: Java 21 (LTS) • Build: Maven 3.9.14 • Database: PostgreSQL 18

🙏 Contributors

Thanks to @Copilot, @dependabot[bot], copilot-swe-agent[bot] and dependabot[bot] for their contributions to this release!

Full Changelog: 2026.4.2...2026.4.4

Release 2026.4.2

Highlights

🏗️ Infrastructure & Performance

• build(deps): bump step-security/harden-runner from 2.16.0 to 2.16.1 @dependabot[bot] (#8504)

📦 Dependencies

• build(deps): bump com.amazonaws.secretsmanager:aws-secretsmanager-jdbc from 2.0.4 to 2.1.0 @dependabot[bot] (#8507)
• build(deps): bump org.apache.ant:ant from 1.10.15 to 1.10.16 @dependabot[bot] (#8506)
• build(deps): bump cia.project.versions.bytebuddy from 1.18.7 to 1.18.8 @dependabot[bot] (#8505)
• build(deps): bump step-security/harden-runner from 2.16.0 to 2.16.1 @dependabot[bot] (#8504)
• build(deps): bump org.scala-lang:scala-library from 3.8.2 to 3.8.3 @dependabot[bot] (#8503)

Political Analysis Enhancements

Changes in this release continue to enhance the Citizen Intelligence Agency (OSINT) platform's capabilities for monitoring political figures and institutions, providing improved insights into:

• Political performance metrics
• Institutional transparency
• Decision-making analysis
• Risk assessment

🔐 Hack23 ISMS Policies & Governance

Hack23 is committed to transparency and evidence-based security. Our complete Information Security Management System (ISMS) is publicly available:

Coverage: 32 ISMS policies • 100+ security controls • ISO 27001:2022 • NIST CSF 2.0 • CIS Controls v8.1

🛡️ Security & Compliance

SLSA Build Attestations

Artifact Attestations Available:

• DEB Package Build Provenance - SLSA Level 3 provenance for cia-dist-deb-2026.4.2.all.deb
• WAR Build Provenance - SLSA Level 3 provenance for citizen-intelligence-agency-2026.4.2.war
• DEB SBOM Attestation - Software Bill of Materials in SPDX format
• WAR SBOM Attestation - Software Bill of Materials in SPDX format

Security Posture

Security Scanning Results

📊 Quality & Testing

Code Quality Reports

Detailed Reports Available:

• Maven Site Documentation - Complete project documentation
• JaCoCo Test Coverage - Unit test coverage reports (80%+ line, 70%+ branch)
• JavaDoc API Documentation - Complete API reference
• SonarCloud Dashboard - Code quality metrics

Testing Standards

Per Secure Development Policy:

• ✅ Minimum 80% line coverage
• ✅ Minimum 70% branch coverage
• ✅ Automated security scanning (SAST/DAST)
• ✅ Dependency vulnerability checks

💻 Technology Stack

Runtime: Java 26 (Feature Release) • Source: Java 21 (LTS) • Build: Maven 3.9.14 • Database: PostgreSQL 18

🙏 Contributors

Thanks to @dependabot[bot] and dependabot[bot] for their contributions to this release!

Full Changelog: 2026.3.30...2026.4.2

Release 2026.3.30

Highlights

🏗️ Infrastructure & Performance

• build(deps): bump github/codeql-action from 4.35.0 to 4.35.1 @dependabot[bot] (#8497)
• build(deps): bump bridgecrewio/checkov-action from 12.3091.0 to 12.3092.0 @dependabot[bot] (#8496)

📦 Dependencies

• build(deps): bump org.bsc.maven:maven-processor-plugin from 5.1-jdk8 to 5.2-jdk8 @dependabot[bot] (#8502)
• build(deps): bump org.apache.logging.log4j:log4j-bom from 2.25.3 to 2.25.4 @dependabot[bot] (#8501)
• build(deps): bump org.codehaus.plexus:plexus-utils from 4.0.2 to 4.0.3 @dependabot[bot] (#8499)
• build(deps): bump org.codehaus.plexus:plexus-utils from 4.0.2 to 4.0.3 in /testfoundation in the maven group across 1 directory @dependabot[bot] (#8498)
• build(deps): bump github/codeql-action from 4.35.0 to 4.35.1 @dependabot[bot] (#8497)
• build(deps): bump bridgecrewio/checkov-action from 12.3091.0 to 12.3092.0 @dependabot[bot] (#8496)

Political Analysis Enhancements

Changes in this release continue to enhance the Citizen Intelligence Agency (OSINT) platform's capabilities for monitoring political figures and institutions, providing improved insights into:

• Political performance metrics
• Institutional transparency
• Decision-making analysis
• Risk assessment

🔐 Hack23 ISMS Policies & Governance

Hack23 is committed to transparency and evidence-based security. Our complete Information Security Management System (ISMS) is publicly available:

Coverage: 32 ISMS policies • 100+ security controls • ISO 27001:2022 • NIST CSF 2.0 • CIS Controls v8.1

🛡️ Security & Compliance

SLSA Build Attestations

Artifact Attestations Available:

• DEB Package Build Provenance - SLSA Level 3 provenance for cia-dist-deb-2026.3.30.all.deb
• WAR Build Provenance - SLSA Level 3 provenance for citizen-intelligence-agency-2026.3.30.war
• DEB SBOM Attestation - Software Bill of Materials in SPDX format
• WAR SBOM Attestation - Software Bill of Materials in SPDX format

Security Posture

Security Scanning Results

📊 Quality & Testing

Code Quality Reports

Detailed Reports Available:

• Maven Site Documentation - Complete project documentation
• JaCoCo Test Coverage - Unit test coverage reports (80%+ line, 70%+ branch)
• JavaDoc API Documentation - Complete API reference
• SonarCloud Dashboard - Code quality metrics

Testing Standards

Per Secure Development Policy:

• ✅ Minimum 80% line coverage
• ✅ Minimum 70% branch coverage
• ✅ Automated security scanning (SAST/DAST)
• ✅ Dependency vulnerability checks

💻 Technology Stack

Runtime: Java 26 (Feature Release) • Source: Java 21 (LTS) • Build: Maven 3.9.14 • Database: PostgreSQL 18

🙏 Contributors

Thanks to @dependabot[bot] and dependabot[bot] for their contributions to this release!

Full Changelog: 2026.3.27...2026.3.30

Release 2026.3.27

Highlights

🏗️ Infrastructure & Performance

• build(deps): bump bridgecrewio/checkov-action from 12.3090.0 to 12.3091.0 @dependabot[bot] (#8495)
• build(deps): bump github/codeql-action from 4.34.1 to 4.35.0 @dependabot[bot] (#8494)
• build(deps): bump bridgecrewio/checkov-action from 12.3089.0 to 12.3090.0 @dependabot[bot] (#8493)

📦 Dependencies

• build(deps): bump bridgecrewio/checkov-action from 12.3090.0 to 12.3091.0 @dependabot[bot] (#8495)
• build(deps): bump github/codeql-action from 4.34.1 to 4.35.0 @dependabot[bot] (#8494)
• build(deps): bump bridgecrewio/checkov-action from 12.3089.0 to 12.3090.0 @dependabot[bot] (#8493)
• build(deps): bump io.netty:netty-bom from 4.2.11.Final to 4.2.12.Final @dependabot[bot] (#8492)

Political Analysis Enhancements

Changes in this release continue to enhance the Citizen Intelligence Agency (OSINT) platform's capabilities for monitoring political figures and institutions, providing improved insights into:

• Political performance metrics
• Institutional transparency
• Decision-making analysis
• Risk assessment

🔐 Hack23 ISMS Policies & Governance

Hack23 is committed to transparency and evidence-based security. Our complete Information Security Management System (ISMS) is publicly available:

Coverage: 32 ISMS policies • 100+ security controls • ISO 27001:2022 • NIST CSF 2.0 • CIS Controls v8.1

🛡️ Security & Compliance

SLSA Build Attestations

Artifact Attestations Available:

• DEB Package Build Provenance - SLSA Level 3 provenance for cia-dist-deb-2026.3.27.all.deb
• WAR Build Provenance - SLSA Level 3 provenance for citizen-intelligence-agency-2026.3.27.war
• DEB SBOM Attestation - Software Bill of Materials in SPDX format
• WAR SBOM Attestation - Software Bill of Materials in SPDX format

Security Posture

Security Scanning Results

📊 Quality & Testing

Code Quality Reports

Detailed Reports Available:

• Maven Site Documentation - Complete project documentation
• JaCoCo Test Coverage - Unit test coverage reports (80%+ line, 70%+ branch)
• JavaDoc API Documentation - Complete API reference
• SonarCloud Dashboard - Code quality metrics

Testing Standards

Per Secure Development Policy:

• ✅ Minimum 80% line coverage
• ✅ Minimum 70% branch coverage
• ✅ Automated security scanning (SAST/DAST)
• ✅ Dependency vulnerability checks

💻 Technology Stack

Runtime: Java 26 (Feature Release) • Source: Java 21 (LTS) • Build: Maven 3.9.14 • Database: PostgreSQL 18

🙏 Contributors

Thanks to @dependabot[bot], @pethers and dependabot[bot] for their contributions to this release!

Full Changelog: 2026.3.25...2026.3.27

Release 2026.3.25

Highlights

🏗️ Infrastructure & Performance

• fix: align release artifact SPDX and intoto filenames with primary artifacts @copilot-swe-agent[bot] (#8491)

📝 Documentation

• fix: align release artifact SPDX and intoto filenames with primary artifacts @copilot-swe-agent[bot] (#8491)

📦 Dependencies

• build(deps): bump io.netty:netty-bom from 4.2.10.Final to 4.2.11.Final @dependabot[bot] (#8490)

Political Analysis Enhancements

Changes in this release continue to enhance the Citizen Intelligence Agency (OSINT) platform's capabilities for monitoring political figures and institutions, providing improved insights into:

• Political performance metrics
• Institutional transparency
• Decision-making analysis
• Risk assessment

🔐 Hack23 ISMS Policies & Governance

Hack23 is committed to transparency and evidence-based security. Our complete Information Security Management System (ISMS) is publicly available:

Coverage: 32 ISMS policies • 100+ security controls • ISO 27001:2022 • NIST CSF 2.0 • CIS Controls v8.1

🛡️ Security & Compliance

SLSA Build Attestations

Artifact Attestations Available:

• DEB Package Build Provenance - SLSA Level 3 provenance for cia-dist-deb-2026.3.25.all.deb
• WAR Build Provenance - SLSA Level 3 provenance for citizen-intelligence-agency-2026.3.25.war
• DEB SBOM Attestation - Software Bill of Materials in SPDX format
• WAR SBOM Attestation - Software Bill of Materials in SPDX format

Security Posture

Security Scanning Results

📊 Quality & Testing

Code Quality Reports

Detailed Reports Available:

• Maven Site Documentation - Complete project documentation
• JaCoCo Test Coverage - Unit test coverage reports (80%+ line, 70%+ branch)
• JavaDoc API Documentation - Complete API reference
• SonarCloud Dashboard - Code quality metrics

Testing Standards

Per Secure Development Policy:

• ✅ Minimum 80% line coverage
• ✅ Minimum 70% branch coverage
• ✅ Automated security scanning (SAST/DAST)
• ✅ Dependency vulnerability checks

💻 Technology Stack

Runtime: Java 26 (Feature Release) • Source: Java 21 (LTS) • Build: Maven 3.9.14 • Database: PostgreSQL 18

🙏 Contributors

Thanks to @Copilot, @dependabot[bot], copilot-swe-agent[bot] and dependabot[bot] for their contributions to this release!

Full Changelog: 2026.3.23...2026.3.25

Release 2026.3.23

Highlights

• fix: correct data quality bugs in 34 database view definitions and ensure JPA backward compatibility @copilot-swe-agent[bot] (#8486)

🏗️ Infrastructure & Performance

• chore: replace unmaintained unix-maven-plugin with jdeb, upgrade Maven to 3.9.14 @copilot-swe-agent[bot] (#8487)

📝 Documentation

• chore: replace unmaintained unix-maven-plugin with jdeb, upgrade Maven to 3.9.14 @copilot-swe-agent[bot] (#8487)

📦 Dependencies

• chore: replace unmaintained unix-maven-plugin with jdeb, upgrade Maven to 3.9.14 @copilot-swe-agent[bot] (#8487)

Political Analysis Enhancements

Changes in this release continue to enhance the Citizen Intelligence Agency (OSINT) platform's capabilities for monitoring political figures and institutions, providing improved insights into:

• Political performance metrics
• Institutional transparency
• Decision-making analysis
• Risk assessment

🔐 Hack23 ISMS Policies & Governance

Hack23 is committed to transparency and evidence-based security. Our complete Information Security Management System (ISMS) is publicly available:

Coverage: 32 ISMS policies • 100+ security controls • ISO 27001:2022 • NIST CSF 2.0 • CIS Controls v8.1

🛡️ Security & Compliance

SLSA Build Attestations

Artifact Attestations Available:

• DEB Package Build Provenance - SLSA Level 3 provenance for cia-dist-deb-2026.3.23.all.deb
• WAR Build Provenance - SLSA Level 3 provenance for citizen-intelligence-agency-2026.3.23.war
• DEB SBOM Attestation - Software Bill of Materials in SPDX format
• WAR SBOM Attestation - Software Bill of Materials in SPDX format

Security Posture

Security Scanning Results

📊 Quality & Testing

Code Quality Reports

Detailed Reports Available:

• Maven Site Documentation - Complete project documentation
• JaCoCo Test Coverage - Unit test coverage reports (80%+ line, 70%+ branch)
• JavaDoc API Documentation - Complete API reference
• SonarCloud Dashboard - Code quality metrics

Testing Standards

Per Secure Development Policy:

• ✅ Minimum 80% line coverage
• ✅ Minimum 70% branch coverage
• ✅ Automated security scanning (SAST/DAST)
• ✅ Dependency vulnerability checks

💻 Technology Stack

Runtime: Java 26 (Feature Release) • Source: Java 21 (LTS) • Build: Maven 3.9.14 • Database: PostgreSQL 18

🙏 Contributors

Thanks to @Copilot and copilot-swe-agent[bot] for their contributions to this release!

Full Changelog: 2026.3.22...2026.3.23

Release 2026.3.22

Highlights

🏗️ Infrastructure & Performance

• chore: upgrade PostgreSQL 16 → 18 and align Java 25 → 26 across all workflows, CloudFormation, devcontainer, agents, and documentation @copilot-swe-agent[bot] (#8485)
• build(deps): bump github/codeql-action from 4.34.0 to 4.34.1 @dependabot[bot] (#8480)

🔄 Code Quality & Refactoring

• chore: upgrade PostgreSQL 16 → 18 and align Java 25 → 26 across all workflows, CloudFormation, devcontainer, agents, and documentation @copilot-swe-agent[bot] (#8485)

📝 Documentation

• chore: upgrade PostgreSQL 16 → 18 and align Java 25 → 26 across all workflows, CloudFormation, devcontainer, agents, and documentation @copilot-swe-agent[bot] (#8485)

📦 Dependencies

• build(deps): bump com.google.protobuf:protobuf-java from 4.34.0 to 4.34.1 @dependabot[bot] (#8483)
• build(deps): bump org.apache.artemis:artemis-server from 2.52.0 to 2.53.0 @dependabot[bot] (#8484)
• build(deps): bump org.apache.artemis:artemis-jms-client from 2.52.0 to 2.53.0 @dependabot[bot] (#8482)
• build(deps): bump cia.project.versions.jackson from 2.21.1 to 2.21.2 @dependabot[bot] (#8481)
• build(deps): bump github/codeql-action from 4.34.0 to 4.34.1 @dependabot[bot] (#8480)

Political Analysis Enhancements

Changes in this release continue to enhance the Citizen Intelligence Agency (OSINT) platform's capabilities for monitoring political figures and institutions, providing improved insights into:

• Political performance metrics
• Institutional transparency
• Decision-making analysis
• Risk assessment

🔐 Hack23 ISMS Policies & Governance

Hack23 is committed to transparency and evidence-based security. Our complete Information Security Management System (ISMS) is publicly available:

Coverage: 32 ISMS policies • 100+ security controls • ISO 27001:2022 • NIST CSF 2.0 • CIS Controls v8.1

🛡️ Security & Compliance

SLSA Build Attestations

Artifact Attestations Available:

• DEB Package Build Provenance - SLSA Level 3 provenance for cia-dist-deb-2026.3.22.all.deb
• WAR Build Provenance - SLSA Level 3 provenance for citizen-intelligence-agency-2026.3.22.war
• DEB SBOM Attestation - Software Bill of Materials in SPDX format
• WAR SBOM Attestation - Software Bill of Materials in SPDX format

Security Posture

Security Scanning Results

📊 Quality & Testing

Code Quality Reports

Detailed Reports Available:

• Maven Site Documentation - Complete project documentation
• JaCoCo Test Coverage - Unit test coverage reports (80%+ line, 70%+ branch)
• JavaDoc API Documentation - Complete API reference
• SonarCloud Dashboard - Code quality metrics

Testing Standards

Per Secure Development Policy:

• ✅ Minimum 80% line coverage
• ✅ Minimum 70% branch coverage
• ✅ Automated security scanning (SAST/DAST)
• ✅ Dependency vulnerability checks

💻 Technology Stack

Runtime: Java 26 (Feature Release) • Source: Java 21 (LTS) • Build: Maven 3.9.9 • Database: PostgreSQL 18

🙏 Contributors

Thanks to @Copilot, @dependabot[bot], copilot-swe-agent[bot] and dependabot[bot] for their contributions to this release!

Full Changelog: 2026.3.21...2026.3.22