Go agent release notes


v0.1.0-beta.3 - 22 March 2019

GitHub Release

New Features

  • Get the client IP address out of the HAProxy header X-Unique-Id using the new configuration variable ip_header_format.

  • New configuration option strip_http_referer/SQREEN_STRIP_HTTP_REFERER allowing to avoid sending the Referer HTTP header to the Sqreen backend when it contains sensitive data.

  • Ability to disable/enable the agent through the dashboard settings using the Sqreen status button.

Breaking Changes

  • Agent internals are now under a private Go package and can no longer be imported. Any sub-package under github.com/sqreen/go-agent/agent was not supposed to be imported and is now private to avoid future confusions.

Fixes

  • Remove duplicate User-Agent entry sent twice in the request record.

  • Fix IPv4 and IPv6 matching against private network definitions.

  • Remove useless empty request records mistakenly created while not carrying any SDK observation.

Minor Changes

  • Better memory management and footprint when the agent is disabled by removing globals. This will be also required to be able to cleanly restart the agent by self-managing the initializations.

v0.1.0-beta.2 - 14 February 2019

GitHub Release

New feature

  • Add a new Identify() SDK method allowing to explicitly associate a user to the current request. As soon as we add the support for the security reponses, it will allow to block users.

v0.1.0-beta.1 - 7 February 2019

GitHub Release

This version is a new major version towards the v0.1.0 as it proposes a new andstable SDK API, that now will only be updated upon user feedback. So please, share your impressions with us.

New Features

  • New web framework middleware supports:
  • Standard Go's net/http package.
  • Echo.

  • Multiple custom events can now be easily associated to a user using the user-scoped methods under ForUser(). For example, to send two custom events for a given user, do:

sqUser := sqreen.ForUser(uid)
sqUser.TrackEvent("my.event.one")
sqUser.TrackEvent("my.event.two")

  • The configuration file can now be stored into multiple locations, the current working directory or the executable one, or enforced using the new configuration environment variable SQREEN_CONFIG_FILE.

  • The custom client IP header configured in SCREEN_IP_HEADER is now also sent to Sqreen so that it can better understand what IP headers were considered by the agent to determine what is the actual client IP address.

Breaking Changes

  • Stable SDK API of "Sqreen for Go":

  • Avoid name conflicts with framework packages by prefixing Sqreen's middleware packages with sq. For example, gin becomes sqgin.

  • Cleaner Go documentation now entirely included in the SDK and middleware packages Go documentations. So no more need to go inside the agent documentation to know more on some SDK methods, it is now all documented in the same place, with lot of examples.

  • Clearer SDK API: The flow of security events that can send to Sqreen is now well-defined by a tree of SDK methods that can only be used the right way.

    • The SDK handle getter function name is renamed from GetHTTPRequestContext() into a simpler FromContext().

    • User-related SDK methods are now provided by ForUser(), for example: sqreen.TrackAuth(true, uid) becomes sqreen.ForUser(uid).TrackAuthSuccess().

v0.1.0-alpha.5 - 24 January 2019

GitHub Release

New features

  • SDK:

    • Ability to associate a user to a single event using WithUserIdentifier().
    • Track user creations using TrackSignup().
    • Track user authentications using TrackAuth().
  • Agent:

    • Proxy configuration: take into account {HTTPS,HTTP,NO}_PROXY environment variables (and their lowercase alternatives).
    • Token: organization token support.

Fixes

  • agent/config: avoid conflicts with global viper configs.
  • sdk: better documentation with examples.