- Configuration Templates
- Basic multipart file uploads validation for Flask and Django
- New reaction mechanism and capabilities
- Improved class constructor
- Changed configuration workflow
GTFO_MSGandDENY_STATUS_CODEparameters have been deprecated (seeBLACKLIST_*andBLOCK_*settings)
- Revamped reaction capabilities
- Simplified MCP blocked attack response format
- Improved posted variables processing in Flask
- Removed development mode
- New QA engine (ok that's on our side, but you benefit from it)
- Fixed FastMCP deprecations
- Upgraded setuptools minimum version dependency to fix potential security issues
- Prompt Injection detection module based on custom 100% home made LLM
- Logging to local file
- Migrated from setuptools pkg_resources (deprecated) to importlib_resources (but who cares...)
- Log format is now independant from log protocol
- Simplified and cleaned some pieces of code
- Fixed a FastAPI agent crash. Credits to Julien Balleyguier
- MCP Tools security
- Exceptions were not applied on FastAPI
- HTTP Headers whitelist
- Improved XSS and SQL injections machine learning engines
- Upgraded to scikit-learn 1.6.0
- Version 0.8.4 is not available on AWS Lambda Functions
- Some SQL Injection attacks may be blocked as XSS attacks
- 'ends' pattern check was not applied
- New XSS and SQL injection machine learning engines
- SQL Injection grammatical analysis was removed to improve performances and lower false-positive rate
- XSS and SQL injection tests won't fail when model is not loaded
- Fix Base64 decoding, which was a little bit too invasive
- Log only mode was sending empty response on Flask
- Version 0.8.3 is not available on AWS Lambda Functions
- AWS Lambda support will be provided in next version
- Attack details display with verbose level = 100+
- Improved JSON data analysis recursion
- Lowered TCP logs connection timeout
- Removed a debug output when analyzing json data
- Specific payloads may crash XSS detection engine
- Fixed an SQL Injection false positive
- Fixed requirements.txt for build from sources
- Zero-Trust Application Access
- Noticeably improved documentation by fixing typos, dead links, etc.
- Fixed several issues in agents for AWS, GCP and Azure serverless functions
- XSS check would fail while testing very specific JSON content
- License changed to CC BY-NC-SA 4.0 (https://creativecommons.org/licenses/by-nc-sa/4.0/)
Broken dependencies - Removed
- Application routes are sent when first connecting to configuration server (cloud operations)
- New API functions:
- set_config(): change configuration from the protected application
- get_routes(): get routes defined in the applications
- Handling of nested base64-encoded JSON structures
- Added explicit versions in dependencies requirements
- No security engine was activated when running with default configuration
- Added detection engine and machine learning score in SQLI and XSS attack logs
- Added request path in JSON security logs
- Improved JSON extraction from headers values
- Improved SQL injection grammatical analysis to prevent some false-positive
- Country identification in logs can be disabled via the RESOLVE_COUNTRY configuration option
- Leaked data can be logged by setting the DLP_LOG_LEAKED_DATA configuration option to True (default: False)
- Some cookie values were not properly processed
- PyRASP would crash at launch if SQL injection or XSS protections are not activated
- PyRASP classes API
- Improved ML engines for SQL Injection and XSS detection
- Default SQL Injection detection probabilities raised to 0.85
- Default XSS detection probabilities raised to 0.70
- Attack payloads are now base64 encoded in logs
- Flask agent was still processing page, even if attack was detected
- Support for Azure Functions
- Slightly improved SQL injection detection
- Fixed XSS engine false positive with some large JSON data
- Disabled security checks would be handled according to default value
- Fixed few things in documentation
- Support for Google Cloud Functions
- "Log Only" mode for detections
- Added exceptions to properly manage false-positive
- Added Brute Force specific attack type (previously merged with Flood)
- Decoy routes can be defined as a pattern with specific match function (regex, starts with or contains)
- Added MITRE ATT&CK technique ID and PCB attack ID in logs
- Added action taken by PyRASP agent in logs
- Default security checks are loaded if missing from configuration file (see documentation for values)
- Attack floods are not detected on AWS Lambda agent, each attack being blocked individually
- Error floods were not detected if source IP was not blacklisted (which was totally nonsense)
- Python AWS Lambda functions support
- Option to disable source IP country resolution in logs
- Configuration file can be set by environment variable
- Table of content and hyperlinks in the documentation
- Offending source IP country resolution in logs is now optional (default to enabled for backward compatibility)
- Offending source IPs were blackisted event if the SECURITY_CHECKS value was set to 1 (Enabled, no Blacklisting)