Python agent release notes¶ [1.15.1] 2019-06-24 Improve HTTP request headers decoding. Fix an issue preventing backtraces from being reported with security events. Fix an issue that could lead to unexpected events being reported when an IP is blocked. [1.15.0] 2019-06-06 Add support for user redirection security response. Provide more information about HTTP response in events. Improve performance for some protection mecanisms. Fix an issue with Django authentication events. Fix an issue that might prevent the agent from starting in forking servers. [1.14.6] 2019-05-06 Reduce the maximum startup time of the agent [1.14.5] 2019-03-26 Fix a regression from 1.14.4 where starting the agent without a token would take longer [1.14.4] 2019-03-20 Improve the agent behaviour when the backend is experiencing difficulties Make the PII scrubbing configurable through environment variables Fix an issue that could result in some blocked IP not working as expected Fix an issue that might cause exceptions within the agent, causing performance issues [1.14.3] 2019-02-25 Fix a parsing issue on some Azure headers [1.14.2] 2019-01-23 Send out more data when blocking a user agent [1.14.1] 2019-01-23 Provide more data about some blocking events [1.14.0] 2018-12-20 Fix memory leaks Reduce memory usage [1.13.5] 2018-12-06 Improve the performance of blocking/redirecting IPs [1.13.4] 2018-10-23 Fix enconding issues with Python2 [1.13.3] 2018-07-10 Strip sensitive data before sending them to the BackEnd [1.13.2] 2018-07-03 Fix the IP blacklist for request without IP [1.13.1] 2018-06-15 Arguments passed to SDK track function are no longer modified in-place. Update vendored libraries. [1.13.0] 2018-06-11 Add support for block user security response. Update security responses format. [1.12.8] 2018-05-30 Improve agent behavior when receiving invalid security plugin signatures. [1.12.7] 2018-05-28 Fix a potential deadlock at startup with Django on Python 2. Do not escape Django messages to protect against XSS. Update vendored dependencies. [1.12.6] 2018-05-24 Update security plugin signature validation algorithm. Improve agent behavior when receiving invalid security plugin signatures. [1.12.5] 2018-05-22 Add support for Python 3.7. Update security responses format. [1.12.4] 2018-05-21 Fix IP redirection security response behavior. Fix security responses compatibility with Django 2.0. [1.12.3] 2018-05-17 Improve management of HTTP timeouts when Sqreen backend is not reachable. Do not run the agent within Pyramid shell. Update security responses format. [1.12.2] 2018-05-15 Fix communication recovery when Sqreen backend is not reachable for a while (e.g. network outage). Fix security responses parsing. [1.12.1] 2018-05-04 Improve security responses behavior during actions reload. [1.12] 2018-05-03 Add compatibility for Flask 1.x. Improve security responses behavior. [1.11.3] 2018-04-24 Log and filter out invalid options key in SDK track events. Add request information to SDK track events. Update vendored libraries. [1.11.2] 2018-04-23 Fix metrics aggregation on SDK track events. [1.11.1] 2018-04-20 Fix HTTP code metrics on aiohttp. [1.11.0] 2018-04-19 Add support for SDK track function. [1.10.0] 2018-04-12 Add support for custom IP headers. Update vendored libraries. [1.9.0] 2018-04-03 Add support for aiohttp 3.0 and 3.1. [1.8.7] 2018-03-22 Fix user-agent matching. Fix a memory leak in JS rules execution. [1.8.6] 2018-02-28 Fix disabled instrumentation with New Relic on Heroku. [1.8.5] 2018-02-06 Fix HTTP code metrics on blocked attacks. [1.8.4] 2018-02-01 Process preloaded Django messages. [1.8.3] 2018-01-29 Don't consume Django messages when analyzing them. Avoid crashing on non-string Django messages. [1.8.2] 2018-01-26 Protect against malicious cookies payloads. [1.8.1] 2018-01-17 Fix behavior of request recording. [1.8.0] 2018-01-11 Add support for Django 2.0. Add new SDK method identify. Update vendored libraries. [1.7.2] 2017-12-21 Don't trigger DATA_UPLOAD_MAX_MEMORY_SIZE with Django Rest Framework. [1.7.1] 2017-12-13 Support for aiohttp 2.2. Improve IP address detection. [1.7.0] 2017-12-04 Beta support for aiohttp. [1.6.0] 2017-11-23 Smaller communication payloads. Updated error page. Updated user agent. [1.5.8] 2017-10-27 Fix whitelist behavior on Gunicorn socket mode. Fix authentication behavior when no request was recorded. [1.5.7] 2017-10-23 Improve performances on long parameters. Fix behavior on missing hookpoints. [1.5.6] 2017-10-18 Don't crash when exiting uWSGI 2.0.15. [1.5.5] 2017-10-16 Upgrade vendored dependencies. Improve IP address detection. Fix encoding issues in JS callbacks. [1.5.4] 2017-10-11 Performance improvements. Update documentation URLs. Improve IP address detection. Fixed behavior on invalid or unknown IP addresses. Fixed behavior when receiving bytes instead of strings in DB-API 2.0 methods. [1.5.3] 2017-09-26 Upgrade vendored dependencies. Performance improvements. [1.5.2] 2017-09-15 Unusual clash between vendored and app libraries. Performance improvements. [1.5.1] 2017-08-29 Performance regression. [1.5.0] 2017-08-28 Add support for IP whitelist and blacklist. Add support for Pyramid 1.8 and 1.9. Corner-case bug on non-blocking rules. Smaller memory footprint. [1.4.0] 2017-08-17 Improve login mechanism with smaller payloads. [1.3.2] 2017-06-28 Add support for reverse proxy in the configuration file Fix PostgreSQL support when using Django 1.11 and Python 3 [1.3.1] 2017-05-09 Correctly handle HTTP requests with some empty field [1.3.0] 2017-04-24 Add compatibility for Django 1.11 Add the attack page [1.2.1] 2017-04-12 Improve the data collected with the automatic user context when using Django. Fix a possible regression in startup time when using gunicorn with a gevent worker. [1.2.0] 2017-04-05 Improve the quality of data we get for HTTP code. [1.1.0] 2017-03-23 The agent detect when the Flask or Django application is in debug mode and skip the cleanup in order to fasten the exit. The agent now correctly detect when the application is launched in a interactive interpreter environment with manage.py shell and doesn't launch. Reduce startup overhead. Improve compatibility with Newrelic. [1.0.3] 2017-03-10 Add official support for Django 1.6 and Django 1.7. Ensure the agent use a compatible version of urllib3 in all cases. [1.0.2] 2017-01-16 Prepare the agent for a future user related feature. [1.0.1] 2017-01-09 Fix a last minute regression on a monitoring feature. [1.0.0] 2017-01-06 Add support for Pyramid framework versions 1.6 and 1.7. Add support for Python 3.6. Display a message when the agent starts if it detect a not-supported framework version or Python version. Improve performances on Django when the response is 404. Reduce startup time. [0.9.3] 2016-11-30 Add support for XSS protection with Jinja2. Remove agent logging from Python raven breadcrumbs integration. Greatly improve memory consumption of the agent. [0.9.2] 2016-11-16 The client IP is now more accurate when proxies are present in the network architecture. Greatly improve performance when checking SQL queries for SQL injections. Fix a bug with DjangoRestFramework 3.3.X that could lead to empty POST parameters. [0.9.1] 2016-10-28 Update version of the shipped Urllib3 dependency. [0.9.0] 2016-10-26 Add a new layer of security to the Python agent. Small performances improvements. Fix a regression with Flask integration about handling X-Forwarded-For header. [0.8.13] 2016-10-10 Add support for the basic authentication SDK, see our documentation for more information how to enable it. [0.8.12] 2016-10-07 Add support for paths whitelist. Improve detection of situations where the Python agent shouldn't starts. [0.8.11] 2016-10-06 Bump the minimum version of PyMiniRacer to be sure to use the latest most performant one. [0.8.10] 2016-10-03 Make the Python agent more network friendly. [0.8.9] 2016-09-26 Fix an edge-case that could sends twice the query parameters. [0.8.8] 2016-09-21 Improve general performance of the Python agent. Fix edge-case that could lead the agent to returns an incorrect client IP. [0.8.7] 2016-09-12 Fix issue with some Django authentication backends that prevents account activity monitoring. [0.8.6] 2016-09-09 Fix a bug when the configuration file is invalid, now the Sqreen agent displays a clean message explaining that it cannot start. [0.8.5] 2016-09-08 Add a better integration with Flask, the data showed on the dashboard should be more precise and consistent with the data Flask parses and exposes. Fix a bug with Python3 and headers insertion. Fix a bug where the XSS protection protect even in learning mode. Fix a bug with the XSS protection that could send log messages to the application. Fix a double instrumentation bug that could happen with some WSGI servers. [0.8.4] 2016-08-16 Fix a bug caused by the interaction between SQL protection and psycopg2 register_type. [0.8.3] 2016-08-12 Add better support for Django framework, the requests should be more precise and match information you could find in your logs. [0.8.2] 2016-08-11 Fix the bug that consume file upload, making the file unavailable for the application. [0.8.1] 2016-08-11 Fix a bug that makes the Sqreen agent to block during starting. [0.8.0] 2016-08-10 Add support for dynamic rules. [0.7.2] 2016-07-29 Update the Python agent to compute the client-ip using the X-FORWARDED-FOR header if present, you should now see the real client ip. [0.7.1] 2016-07-28 Fix a bug that could send a 500 when the URL didn't match any route instead of a 404. Fix a bug that blocked security bots even in learning mode. [0.7.0] 2016-07-22 Update Django account activity monitoring to be more generic and not depends on the Django authentication backend configured. [0.6.0] 2016-07-20 Improve the performance of the Sqreen agent when no attacks is detected. [0.5.0] 2016-06-30 The Python agent now correctly detects the pyramid framework, but it's not supported yet. Improve HTTP performance when interacting with the backend. [0.4.0] 2016-06-23 Add support for account activity monitoring. Add support for crawlers monitoring. [0.3.0] 2016-06-16 First version!