Java agent release notes

[1.6.2] 2019-10-28

  • Improve compatibility with Jetty (support recent versions)
  • Upgrade In-app WAF to 0.4.0
  • Rerun WAF rules when parameters are body of the request is read, in addition to the beginning of the request
  • Better fix for compatibility problems with recents versions of Spring WebMVC

[1.6.1] 2019-09-30

  • Upgrade In-app WAF to 0.3.0, with preview support for Mac OS and Windows
  • Fix recent versions of Spring WebMVC not being instrumented since 1.5.0
  • Fix signature verification in Java 1.6.0
  • Call resetBuffer() rather than reset() just before sending a blocking response

[1.6.0] 2019-09-10

  • Introduce support for the In-app WAF (Linux amd64 only)
  • Fix parsing of query string with repeated parameter keys

[1.5.0] 2019-08-13

  • Add initial support for performance cap
  • Allow to use SQREEN_CONFIG_FILE env variable to provide configuration file
  • Performance improvement for Shellshock protection
  • Fixes for NullPointerException and other agent exceptions
  • Make User-agent matching use performance cap
  • Fix performance monitoring low resolution
  • Various performance improvements

[1.4.4] 2019-07-12

  • Fix a regression impacting use SDK even tracking

[1.4.3] 2019-07-10

  • Javascript performance improvements for Java 8 and later
  • Improve reliability of backend connection with multiple applications
  • Fix Javascript exception on some versions of Java 7

[1.4.2] 2019-07-03

  • Add configurable class bypass
  • Fix intermittend NullPointerException on http request end

[1.4.1] 2019-05-29

  • Fix a regression in data scrubbing

[1.4.0] 2019-05-27

  • Add support for single token setup
  • Add support for performance monitoring
  • Add ability to redirect users
  • Performance optimization for injection detection
  • Compatibility with In-app WAF
  • Prevent errors when more than 1 agent is configured
  • Remove misleading warning message for cryptography setup
  • Use embedded keystore as fallback to avoid backend connection issues
  • Fix parameter parsing with ‘=’ in value
  • Fix log file creation in subfolder
  • Fix agent ordering issue detection

[1.3.0] 2019-04-04

  • Add support authenticated http proxy
  • Add support for IP headers for Azure
  • Add Dropwizard support
  • Enhanced compatibility with Tomcat 5.5
  • Compatibility with Jboss and Wildfly
  • Improve instrumentation compatibility
  • Fix javascript engine detection
  • Add warning to prevent setup errors with multiple agents

[1.2.0] 2019-01-18

  • Add ability to block users by identifier with playbooks
  • Add ability to redirect users by IP with playbooks

[1.1.0] 2018-12-21

  • Add ability to track custom events with SDK
  • Add ability to block users by IP with playbooks
  • IPv6 addresses are now properly normalized

[1.0.4] 2018-12-18

  • Fix performance issue with Tomcat applications deployed as unpacked folders

[1.0.3] 2018-12-05

  • Improved compatibility with other JVM agents (NewRelic 4.7+)

[1.0.2] 2018-11-26

  • improved compatibility with glassfish 4.x

[1.0.1] 2018-11-12

  • improved compatibility with Java 11
  • prevent false positive limited cryptography check

[1.0.0] 2018-10-18

  • Local file inclusion protection improvement
  • Improved agent configuration

[0.4.20] 2018-10-10

  • Performance improvements
  • Fix error on CLI status tool with other agents
  • Less verbose log for detected dependencies

[0.4.19] 2018-10-04

  • Add CLI tool to easily check agent configuration on running JVMs

[0.4.18] 2018-09-28

  • Improve dependency detection for single jar applications (Spring-Boot).

[0.4.17] 2018-09-19

  • Improve sensitive data scrubbing configuration

[0.4.16] 2018-09-17

  • Improve compatibility with JBoss 6.x
  • Add configurable data scrubbing

[0.4.15] 2018-09-06

  • Improve compatibility & reduced memory footprint for java6

[0.4.14] 2018-09-04

  • Improve compatibility with java6
  • Fix weblogic managed database pool instrumentation
  • Improve agent internal errors reporting

[0.4.13] 2018-08-28

  • Improve compatiblity with java 10 later
  • Improve hostname detection
  • Improve internal security protections error reporting

[0.4.12] 2018-08-21

  • Improve compatibility with Servlet containers version < 3.x (Weblogic, Tomcat6, ...)

[0.4.11] 2018-08-13

  • Allow the specification of proxy configuration for Sqreen HTTP requests
  • Improve compatibility with Weblogic

[0.4.10] 2018-08-03

  • Fixes minor IllegalArgument warning in agent log

[0.4.9] 2018-08-02

  • Fixes triggering POST parameters parsing with default encoding

[0.4.8] 2018-07-24

  • Improve attack parameters capture

[0.4.7] 2018-07-18

  • Improve user SDK compatibility on Websphere
  • Optimize security plugins reloading at application startup

[0.4.6] 2018-07-11

  • Improve dependencies and security plugins detection

[0.4.5] 2018-06-22

  • Fix SDK method arguments reporting to Sqreen backend
  • Fix potential StackOverflow error when classloading is triggered from a constructor
  • Fix security scanner user-agent partial matching

[0.4.4] 2018-06-11

  • Fix compatibility with websphere 8.5
  • Add JVM health monitoring

[0.4.3] 2018-05-21

  • Fix a potential memory leak when executing security plugins
  • Fix NullPointerException when whitelist is used outside HTTP requests
  • Add security plugin context when reporting attacks
  • Fix Sqreen SDK methods properties recording

[0.4.2] 2018-05-03

  • Prepare for Sqreen SDK publication
  • Ignore JDK proxies during instrumentation

[0.4.1] 2018-04-16

  • Improved compatibility with New Relic Java agent

[0.4] 2018-04-07

  • Improved compatibility with New Relic Java agent