Babel 11.7.0 Release Notes

We are pleased to announce the release of Babel 11.7.0.0, headlined by an AI-friendly CLI mode for babel.exe, plus security hardening, .NET 10 compatibility improvements, and important fixes across both Babel Obfuscator and Babel Licensing.

Babel Obfuscator

Babel Obfuscator 11.7.0.0 introduces a new AI-friendly CLI mode, strengthens reliability of cross-assembly renaming, broadens compatibility with the .NET 10 SDK build chain, and tightens internal credential hygiene.

Enhancements

• AI-Friendly CLI Mode: New global flag --format=text|json|ndjson (default text). With json or ndjson, babel.exe emits a structured stream conforming to the babel.cli.v1 schema (versioned, machine-parseable), and human diagnostics are routed to stderr so the channels stay clean. The pre-existing CLI surface is fully backward compatible — existing CI scripts and customer integrations require no changes.
• babel --help --format=json and babel --version --format=json emit a machine-readable schema describing every option (name, aliases, type, container, negatable flag, description, group) or runtime/platform info. The textual --help and --version outputs are unchanged in --format=text.
• New flag --quiet (alias -q) suppresses the logo banner and causes interactive password prompts to fail-fast with an explicit error instead of blocking on input — safe for unattended/agent invocations.
• New flag --strict-exit enables semantic exit codes: 0 success, 10 invalid arguments, 20 input not found, 30 obfuscation failure, 40 licensing failure, 50 key/signing failure. Without this flag, the legacy 0/1 contract is preserved.

Bug Fixes

• Cross-Assembly Renaming — Interface Members: Fixed a regression where local properties or methods implicitly implementing an interface member from an external assembly were still being renamed even when the external map file marked the interface member as excluded. Interface dispatch now keeps working at runtime in these scenarios.
• Overloaded Parameter Renaming (.NET Android, .NET 10 SDK 36): Fixed redefinition of argument errors in marshal_methods.*.ll when compiling .NET Android assemblies with the .NET 10 SDK tools 36. Uniqueness is now enforced in RenameParameters by appending a numeric suffix when a duplicate name is detected, instead of disabling overloaded renaming for Android assemblies.
• ExcludeFiles Regex: Removed a stray trailing $ anchor in the ExcludeFiles regex pattern, which previously caused some files to be incorrectly retained in the build output.

Security

• Internal License Signing Passwords Rotated: Rotated the internal signing passwords used to sign edition entitlements. No customer action is required, but obfuscated assemblies should be re-built with 11.7.0 to pick up the new keys.

Babel Licensing

Babel Licensing 11.7.0.0 introduces in-place activation expiration management, upgrades client-side storage encryption to AES, and resolves several important security findings on the licensing service.

Enhancements

• Activation License — Update Expiration: Added Web API support and Babel UI license editor integration for updating the expiration date of activation licenses without re-issuing the license. Administrators can now extend or shorten activation license expiry directly from the Management Controller, with end-to-end test coverage.
• Babel.Licensing Storage Encryption — DES → AES: Migrated IsolatedFileDate storage encryption from DES (56-bit, trivially breakable) to AES-128 with a SHA-256-derived key. The change is backward-compatible: legacy DES-encrypted data is still readable on first access and is automatically re-written as AES on the next save.

Security

• AuthController — Cleartext Password Logging Removed: Login credentials submitted to the licensing service AuthController were being logged at Information level and persisted to console, file, and database log sinks. Logging now records only the username. Operators should rotate any historical log archives that may contain previously-logged credentials.
• Default Admin Credentials & Hardcoded JWT Signing Key Removed: Removed the default admin/admin account and the hardcoded JWT signing key from appsettings.json. The licensing service now auto-generates a cryptographically-secure random signing key at startup if one is not configured. Existing deployments must explicitly configure an admin account on first start.
• IP Whitelist — Allowlist vs Rate-Limit Exemption: The IP whitelist in IpFilteringMiddleware was incorrectly behaving as an exclusive allowlist: as soon as any whitelist entry existed, all non-whitelisted IPs were blocked from the service. Whitelist semantics have been corrected — whitelisted IPs are now exempt from brute-force rate limiting, while all other IPs continue to access the service normally subject to the standard rate limits.

Upgrade today to benefit from the latest security improvements and bug fixes in both Babel Obfuscator and Babel Licensing!