cleave v1.1.0 significantly expands what you can extract from binaries without a disassembler.
PE analysis gains ~60 new fields: header scalars, Authenticode chain, and timestamps — useful for triage and signature development. ELF picks up ~20 fields including symbol counts, build ID, debuglink, interpreter, soname, needed libraries, and rpath/runpath. Mach-O adds ~25: CPU type, load commands, dylib info, and build version. systemd unit files are now a recognized file type.
The output schema (V4) is more pipeline-friendly: criticality is now an unsigned ordinal (0–5), metrics are 2dp, and string fields use tuples. Breaking change from prior versions.
Archive scanning scales better — member limits raised from 1K to 100K, and AES payload decryption is now fully in-memory, removing the per-file disk I/O. The YARA classifier and fileid have been split into separate crates for easier embedding.
Full release notes and downloads on Codeberg.