v0.5.2

What's changed

Added

• info groups sub-command — lists all quantum-safe TLS and SSH key exchange groups with their IANA codepoint and governing standard.
• pytest-mock>=3.12 added to dev extras.

Changed

• assessor.assess(): parameters after target are now keyword-only (enforced by *,); timeout type corrected from int to float (default 10.0).
• All Optional[X] type hints replaced with X | None (PEP 604) throughout assessor.py, cli.py, models.py, and tls_utils.py.
• cli: --version short flag changed from -v to -V (uppercase), consistent with all other platform modules.
• reporter: save_report() raises ValueError for unsupported extensions instead of silently falling back to plain text.

Removed

• reporter.print_report deprecated alias removed; use print_full_report directly.

Impact

Harmonization pass 2. Migration: replace print_report with print_full_report; update -v to -V in scripts; pass timeout as float if calling assess() directly.

---

Full changelog: https://github.com/NC3-TestingPlatform/quantumvalidator/blob/master/CHANGELOG.md

v0.5.1

What's changed

Changed

• pyproject.toml: corrected authors field to t0kubetsu, consistent
  with all other platform modules.
• reporter: exposes a public console alias (Console(record=True)) and
  a save_report(path) function supporting .txt, .svg, and .html
  extensions (unknown extensions fall back to plain text).
• CLI migrated to use reporter.console; print_report() now renders to
  the module-level console so save_report() captures the output correctly.
  The private _save_report() helper in cli.py has been removed.

Impact

Platform API alignment release. save_report() is now a first-class
public function consistent with all other NC3-TestingPlatform modules.
No changes to probe logic, verdict scoring, or PQC group detection.

---

Full changelog: https://github.com/NC3-TestingPlatform/quantumvalidator/blob/master/CHANGELOG.md

v0.5.0

What's changed

Added

• Extended STARTTLS protocol detection — _fingerprint_banner now
  auto-detects FTP (220 … FTP …), LMTP (220 … LMTP …), NNTP (200/201),
  and ManageSieve ("IMPLEMENTATION" / "SIEVE" / "STARTTLS" capability
  lines) from server banners, dispatching to the correct openssl -starttls
  mode automatically. Protocols that send no opening banner (XMPP, LDAP,
  MySQL, PostgreSQL) remain unsupported in auto-detect mode by design.

Changed

• _probe_ftp greeting/response reads are now loop-safe — replaced single
  sock.recv(1024) calls with chunk-accumulation loops that read until \n or
  1024 bytes, guarding against TCP segmentation on slow links.
• _probe_ftp uses dataclasses.replace() instead of post-construction
  field mutation when stamping detected_starttls="ftp" onto the openssl result.
• Empty AUTH TLS response now reports "(no response)" in the error message
  instead of a trailing bare colon.

Fixed

• FTP probe no longer hangs on servers that reject AUTH TLS — openssl s_client -starttls ftp does not exit cleanly when the server replies with
  e.g. 500 AUTH not understood; it hangs until the subprocess timeout fires.
  A new _probe_ftp function now sends AUTH TLS over a raw socket first;
  if the server responds with anything other than 234, the error is returned
  immediately without invoking openssl.

Impact

Critical fix for FTP server probing: servers that reject AUTH TLS no longer
cause the tool to hang until the subprocess timeout. Four additional STARTTLS
protocols (FTP, LMTP, NNTP, ManageSieve) are now auto-detected from server
banners, covering a broader range of internet-exposed services without
requiring manual protocol selection.

---

Full changelog: https://github.com/NC3-TestingPlatform/quantumvalidator/blob/master/CHANGELOG.md