Releases: rbidou/pyrasp
Releases · rbidou/pyrasp
PyRASP - 0.9.2
New features
- Configuration Templates
- Basic multipart file uploads validation for Flask and Django
- New reaction mechanism and capabilities
READ THE DOC !!!
- Improved class constructor
- Changed configuration workflow
GTFO_MSGandDENY_STATUS_CODEparameters have been deprecated (seeBLACKLIST_*andBLOCK_*settings)
Improvements
- Revamped reaction capabilities
- Simplified MCP blocked attack response format
- Improved posted variables processing in Flask
- Removed development mode
- New QA engine (ok that's on our side, but you benefit from it)
Bug fix
- Fixed FastMCP deprecations
- Upgraded setuptools minimum version dependency to fix potential security issues
PyRASP - 0.9.1
New features
- Prompt Injection detection module based on custom 100% home made LLM
- Logging to local file
Improvement
- Migrated from setuptools pkg_resources (deprecated) to importlib_resources (but who cares...)
- Log format is now independant from log protocol
- Simplified and cleaned some pieces of code
Bug fix
- Fixed a FastAPI agent crash. Credits to Julien Balleyguier
PyRASP - 0.9.0
New features
- MCP Tools security
Bug fix
- Exceptions were not applied on FastAPI
PyRASP - 0.8.4
New features
- HTTP Headers whitelist
Improvements
- Improved XSS and SQL injections machine learning engines
- Upgraded to scikit-learn 1.6.0
Limitations
- Version 0.8.4 is not available on AWS Lambda Functions
- Some SQL Injection attacks may be blocked as XSS attacks
Bug fix
- 'ends' pattern check was not applied
PyRASP - 0.8.3
New features
- New XSS and SQL injection machine learning engines
Improvements
- SQL Injection grammatical analysis was removed to improve performances and lower false-positive rate
Bug fix
- XSS and SQL injection tests won't fail when model is not loaded
- Fix Base64 decoding, which was a little bit too invasive
- Log only mode was sending empty response on Flask
Limitation
- Version 0.8.3 is not available on AWS Lambda Functions
- AWS Lambda support will be provided in next version
PyRASP - 0.8.2
New feature
- Attack details display with verbose level = 100+
Improvements
- Improved JSON data analysis recursion
- Lowered TCP logs connection timeout
Bug fix
- Removed a debug output when analyzing json data
- Specific payloads may crash XSS detection engine
- Fixed an SQL Injection false positive
- Fixed requirements.txt for build from sources
PyRASP - 0.8.1
New features
- Zero-Trust Application Access
Improvements
- Noticeably improved documentation by fixing typos, dead links, etc.
Bug fix
- Fixed several issues in agents for AWS, GCP and Azure serverless functions
- XSS check would fail while testing very specific JSON content
License
- License changed to CC BY-NC-SA 4.0 (https://creativecommons.org/licenses/by-nc-sa/4.0/)
PyRASP - 0.7.2
New features
- Application routes are sent when first connecting to configuration server (cloud operations)
- New API functions:
- set_config(): change configuration from the protected application
- get_routes(): get routes defined in the applications
Improvements
- Handling of nested base64-encoded JSON structures
- Added explicit versions in dependencies requirements
Bug fix
- No security engine was activated when running with default configuration
PyRASP - 0.7.1
New features
- Added detection engine and machine learning score in SQLI and XSS attack logs
- Added request path in JSON security logs
Improvements
- Improved JSON extraction from headers values
- Improved SQL injection grammatical analysis to prevent some false-positive
- Country identification in logs can be disabled via the RESOLVE_COUNTRY configuration option
- Leaked data can be logged by setting the DLP_LOG_LEAKED_DATA configuration option to True (default: False)
Bug fix
- Some cookie values were not properly processed
- PyRASP would crash at launch if SQL injection or XSS protections are not activated
PyRASP - 0.7.0
New features
- PyRASP classes API
Improvements
- Improved ML engines for SQL Injection and XSS detection
- Default SQL Injection detection probabilities raised to 0.85
- Default XSS detection probabilities raised to 0.70
- Attack payloads are now base64 encoded in logs
Bug fix
- Flask agent was still processing page, even if attack was detected