OWASP · sonukapoor · Jun 15, 2026 · Jun 15, 2026
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,21 @@ All notable changes to CVE Lite CLI will be documented in this file.
 
 ## [Unreleased]
 
+## [1.23.1] - 2026-06-15
+
+### Performance
+- npm lockfile graph construction reduced from O(E*V) to O(E) using Set accumulators for edge lists (#652)
+- npm lockfile graph nodes and arrays pre-frozen at construction time; redundant uniquePathArrays removed (#654)
+- Remediation package lookup replaced with Map for O(1) access (#653)
+
+### Docs
+- Four new case studies: Strapi (Yarn Berry, 2,887 packages), Twenty (Yarn Berry, 5,451 packages), Presenton (dual npm lockfiles), Payload CMS (pnpm, 2,602 packages) (#593, #594, #595, #638)
+- OWASP Lab Project status reflected across all project docs: README, CONTRIBUTING, comparison page, case studies index, and press page (#673)
+
+### Changed
+- SARIF, CycloneDX, and HTML reporter file-write cleanup refactored for clarity; test spy coverage refined (#637)
+- Case study contribution scope clarified in CONTRIBUTING: contributors submit case-study files only, shared index files maintained by maintainer (#649)
+
 ## [1.23.0] - 2026-06-13
 
 ### Added

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "cve-lite-cli",
-  "version": "1.23.0",
+  "version": "1.23.1",
   "description": "Developer-friendly CLI for scanning JS/TS projects for dependency vulnerabilities using local lockfiles and OSV",
   "type": "module",
   "bin": {

diff --git a/website/docusaurus.config.ts b/website/docusaurus.config.ts
@@ -2,7 +2,7 @@ import {themes as prismThemes} from 'prism-react-renderer';
 import type {Config} from '@docusaurus/types';
 import type * as Preset from '@docusaurus/preset-classic';
 
-const latestVersion = 'v1.23.0';
+const latestVersion = 'v1.23.1';
 
 const config: Config = {
   title: 'CVE Lite CLI',