Skip to content

Release history

trufflehog releases

Find, verify, and analyze leaked credentials

Back to tool Latest release

All releases

20 shown

Review required
v3.95.5 Mixed
Dependencies

GitLab OAuth + Box + AppSync + Twilio fix

Open
Review required
v3.95.4 Mixed
Auth

GitHub cache + Twilio fix + DB extra data

Open
No immediate action
v3.95.3 Breaking risk

SecretParts rename

Open
v3.95.2 Maintenance
⚠ Upgrade required
  • Reverted git version parser panic fix for non-numeric patch versions
Full changelog

What's Changed

  • Revert "[INS-397] Fix git version parser panic on non-numeric patch versions" by @trufflesteeeve in https://github.com/trufflesecurity/trufflehog/pull/4903

Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/v3.95.1...v3.95.2

View release on GitHub
v3.95.1 Bug fix

Minor fixes and improvements.

Full changelog

What's Changed

  • [INS-444] Fix verification logic in Mesibo detector by @mustansir14 in https://github.com/trufflesecurity/trufflehog/pull/4884

Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/v3.95.0...v3.95.1

View release on GitHub
v3.95.0 Mixed
Notable features
  • Bitbucket Data Center PAT detector
  • Jira Data Center PAT detector
  • Confluence Data Center PAT detector
Full changelog

What's Changed

  • Upgrade golangci-lint in CI runner and Makefile by @amanfcp in https://github.com/trufflesecurity/trufflehog/pull/4861
  • Deprecate SquareUp Detector by @nabeelalam in https://github.com/trufflesecurity/trufflehog/pull/4855
  • [INS-397] Fix git version parser panic on non-numeric patch versions by @shahzadhaider1 in https://github.com/trufflesecurity/trufflehog/pull/4882
  • Fix Bitbucket line highlighting URLs by @shahzadhaider1 in https://github.com/trufflesecurity/trufflehog/pull/4854
  • [INS-403] Support Custom endpoint config in hashicorpvaultauth Detector by @MuneebUllahKhan222 in https://github.com/trufflesecurity/trufflehog/pull/4825
  • [INS-398] Added tests to ensure that custom endpoint configuration works in artifactory detectors by @MuneebUllahKhan222 in https://github.com/trufflesecurity/trufflehog/pull/4832
  • Host ldap-verify library in trufflesecurity by @trufflesteeeve in https://github.com/trufflesecurity/trufflehog/pull/4859
  • Add AnalysisError type and wrap all analyzer error paths by @johnelliott in https://github.com/trufflesecurity/trufflehog/pull/4779
  • dep-updates: Go 1.25 and dependency refreshes by @dustin-decker in https://github.com/trufflesecurity/trufflehog/pull/4888
  • Fix nil pointer panics in GitHub analyzer gist/repo binding functions by @shahzadhaider1 in https://github.com/trufflesecurity/trufflehog/pull/4864
  • [INS-399] Added Bitbucket data center(on prem) PAT detector by @MuneebUllahKhan222 in https://github.com/trufflesecurity/trufflehog/pull/4883
  • [INS-402] Add Jira Data Center PAT Detector by @mustansir14 in https://github.com/trufflesecurity/trufflehog/pull/4872
  • Add man page generation for trufflehog by @bryanbeverly in https://github.com/trufflesecurity/trufflehog/pull/4894
  • Add Confluence Data Center PAT detector by @amanfcp in https://github.com/trufflesecurity/trufflehog/pull/4886

Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/v3.94.3...v3.95.0

View release on GitHub
v3.94.3 New feature
Notable features
  • HTML decoder for secret detection
  • Explicit Azure revocation signal
View release on GitHub
v3.94.2 Breaking risk
Breaking changes
  • GoogleAPIKey detector deprecated
Security fixes
  • gRPC update to v1.79.3
Notable features
  • Shopify OAuth detector
View release on GitHub
v3.94.0 New feature
Notable features
  • Datadog detector verification fix
  • AnyPoint OAuth2 detector
View release on GitHub
v3.93.8 Bug fix

## What's Changed * fix: make LDAP verification context-aware * Stop growing filesystem resume data

View release on GitHub
v3.93.7 New feature
Notable features
  • JFrog Artifactory Reference Token detector
Full changelog

What's Changed

  • [INS-331] Fix the issue causing the tests file system soruce tests to fail on windows by @MuneebUllahKhan222 in https://github.com/trufflesecurity/trufflehog/pull/4743
  • Thread original chunk data through engine pipeline by @dustin-decker in https://github.com/trufflesecurity/trufflehog/pull/4780
  • Added detector for JFrog Artifactory Reference Tokens by @shahzadhaider1 in https://github.com/trufflesecurity/trufflehog/pull/4684
  • Fix JDBC detector regex truncating trailing non-alphanumeric password characters by @amanfcp in https://github.com/trufflesecurity/trufflehog/pull/4755

Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/v3.93.6...v3.93.7

View release on GitHub
v3.93.6 Maintenance

## What's Changed * GH_TOKEN needed for gh * Move verify flag into `detectableChunk`

View release on GitHub
v3.93.5 New feature
Notable features
  • Google Gemini API key detector
  • Symlink following support
View release on GitHub
v3.93.2 Bug fix

Fixes pre-receive hook hangs, missing logs, and custom detector line number reporting.

View release on GitHub
v3.93.1 Maintenance

Minor fixes and improvements.

Full changelog

What's Changed

  • Enhance security reporting guidelines in SECURITY.md by @joeleonjr in https://github.com/trufflesecurity/trufflehog/pull/4725
  • Allow logging of caller info by @rosecodym in https://github.com/trufflesecurity/trufflehog/pull/4731

Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/v3.93.0...v3.93.1

View release on GitHub
v3.93.0 Breaking risk
Breaking changes
  • Remove ResultWithMetadata.Data
Notable features
  • Rate limiting for Github Analyzer
  • Pre-commit hook auto-configuration
View release on GitHub

Beta — feedback welcome: [email protected]