Python microagent release notes¶ [1.27.0] 2021-04-06 Falcon framework support. ddtrace integration. Fix static rules loading several times. [1.26.2] 2021-03-11 Fix In-App WAF testing rules running more than once. [1.26.1] 2021-03-11 Raise the amount of time the agent waits for instrumentation to 10s. Update log messages. Fix an aiohttp issue with the In-App WAF. [1.26.0] 2021-02-23 Instrument some frameworks earlier in the startup process. Report framework endpoints in HTTP traces. Fix the WSGI middleware that was preventing headers mutation. Fix a float convertion issue on Python 2. Fix a unicode issue on Python 2. [1.25.2] 2020-12-09 Fix a Python 2 import regression. Set the HTML Content-Type for Sqreen error pages. [1.25.1] 2020-11-18 Suppress warning on Sentry SDK configuration. [1.25.0] 2020-11-09 Support for Django in ASGI mode. Silent Sqreen logging records in Sentry SDK. Overall instrumentation improvements. [1.24.0] 2020-10-15 New In-App WAF filtering primitives. Support for Python 3.9. Support for the collect_body option in track SDK calls. Fix for applications mutating the HTTP request parameters. [1.23.0] 2020-08-17 Introduced tracing for AMQP and Kafka. Use the dyno name as agent hostname on Heroku. Improved psycopg2 instrumentation. Deprecate PROXY_URL and recommend HTTP_PROXY configuration variable. Support case sensitiveness in PII key sanitization. [1.22.0] 2020-08-04 Introduced tracing for databases and message brokers. [1.21.3] 2020-07-22 Fix support for Flask's request.stream. [1.21.2] 2020-07-17 Fix an HTTP client tracing compatibility issue on Python 3.5. [1.21.1] 2020-07-09 Fix a regression with SQLalchemy due to a DBApi2 deviation. [1.21.0] 2020-07-07 New blocking page design. Introduced tracing for HTTP services. Detect backend connectivity and use the sqreen.com domain when possible. yes, y, true and 1 are now the only valid booleans in the configuration. Fix possible wrong unicode decoding in Python 2.7. Several performance improvements. [1.20.3] 2020-07-03 Fix a performance issue in the request tracing. Fix permissions of the log file. Upgrade PyMiniRacer to 0.3.0. [1.20.2] 2020-06-11 Improve the performance for pages using intensively the protections. [1.20.1] 2020-06-10 Add support for latest versions of aiohttp (from 3.2 to 3.6). [1.20.0] 2020-05-25 Beta XXE protection. Improve user monitoring SDK call performance. Fix a race condition in the security response store. [1.19.0] 2020-03-26 Introduce static typing analysis support. Improved frameworks integration. Improved PII scrubbing (partial match support). Introduce the STRIP_HTTP_REFERER configuration option. Optimized instrumentation using the native wrapt extension. Better integration with NewRelic. Fix reconnection when the backend invalidates the session. [1.18.2] 2020-03-06 Rollback changes expected for a future release. [1.18.1] 2020-03-05 Improved support for Flask-API. Improved PII scrubbing. [1.18.0] 2020-02-03 Add support for the Pylons framework. Fix an issue preventing the Sqreen error page to appear on Django 404 pages. Introduce a new WSGI instrumentation strategy. Improve arguments passing for instrumented functions. Make use of the vendorized wrapt module for instrumentation. Bump vendorized ipaddress module to fix a SyntaxWarning. Add support for JS garbage collection from the PyMiniRacer module. [1.17.1] 2019-12-26 Avoid sending an unexpected field in user monitoring [1.17.0] 2019-12-16 Introduce a performance budget. Better startup error reporting. Multiple In-App WAF reliability and performance improvements. Fix an inconsistency in Security Responses enforcement. Support for Python 3.8. [1.16.1] 2019-10-10 Improve the In-App WAF error reporting. Better support for unicode in HTTP request headers. [1.16.0] 2019-09-24 Introduce support for the In-App WAF. [1.15.3] 2019-09-06 Improve rule signature verification. [1.15.2] 2019-08-27 Introduce Performance Monitoring. Fix an issue impacting the import of modules. Improve the reliability of some protections. [1.15.1] 2019-06-24 Improve HTTP request headers decoding. Fix an issue preventing backtraces from being reported with security events. Fix an issue that could lead to unexpected events being reported when an IP is blocked. [1.15.0] 2019-06-06 Add support for user redirection security response. Provide more information about HTTP response in events. Improve performance for some protection mecanisms. Fix an issue with Django authentication events. Fix an issue that might prevent the agent from starting in forking servers. [1.14.6] 2019-05-06 Reduce the maximum startup time of the agent [1.14.5] 2019-03-26 Fix a regression from 1.14.4 where starting the agent without a token would take longer [1.14.4] 2019-03-20 Improve the agent behaviour when the backend is experiencing difficulties Make the PII scrubbing configurable through environment variables Fix an issue that could result in some blocked IP not working as expected Fix an issue that might cause exceptions within the agent, causing performance issues [1.14.3] 2019-02-25 Fix a parsing issue on some Azure headers [1.14.2] 2019-01-23 Send out more data when blocking a user agent [1.14.1] 2019-01-23 Provide more data about some blocking events [1.14.0] 2018-12-20 Fix memory leaks Reduce memory usage [1.13.5] 2018-12-06 Improve the performance of blocking/redirecting IPs [1.13.4] 2018-10-23 Fix enconding issues with Python2 [1.13.3] 2018-07-10 Strip sensitive data before sending them to the BackEnd [1.13.2] 2018-07-03 Fix the IP denylist for request without IP [1.13.1] 2018-06-15 Arguments passed to SDK track function are no longer modified in-place. Update vendored libraries. [1.13.0] 2018-06-11 Add support for block user security response. Update security responses format. [1.12.8] 2018-05-30 Improve agent behavior when receiving invalid security plugin signatures. [1.12.7] 2018-05-28 Fix a potential deadlock at startup with Django on Python 2. Do not escape Django messages to protect against XSS. Update vendored dependencies. [1.12.6] 2018-05-24 Update security plugin signature validation algorithm. Improve agent behavior when receiving invalid security plugin signatures. [1.12.5] 2018-05-22 Add support for Python 3.7. Update security responses format. [1.12.4] 2018-05-21 Fix IP redirection security response behavior. Fix security responses compatibility with Django 2.0. [1.12.3] 2018-05-17 Improve management of HTTP timeouts when Sqreen backend is not reachable. Do not run the agent within Pyramid shell. Update security responses format. [1.12.2] 2018-05-15 Fix communication recovery when Sqreen backend is not reachable for a while (e.g. network outage). Fix security responses parsing. [1.12.1] 2018-05-04 Improve security responses behavior during actions reload. [1.12] 2018-05-03 Add compatibility for Flask 1.x. Improve security responses behavior. [1.11.3] 2018-04-24 Log and filter out invalid options key in SDK track events. Add request information to SDK track events. Update vendored libraries. [1.11.2] 2018-04-23 Fix metrics aggregation on SDK track events. [1.11.1] 2018-04-20 Fix HTTP code metrics on aiohttp. [1.11.0] 2018-04-19 Add support for SDK track function. [1.10.0] 2018-04-12 Add support for custom IP headers. Update vendored libraries. [1.9.0] 2018-04-03 Add support for aiohttp 3.0 and 3.1. [1.8.7] 2018-03-22 Fix user-agent matching. Fix a memory leak in JS rules execution. [1.8.6] 2018-02-28 Fix disabled instrumentation with New Relic on Heroku. [1.8.5] 2018-02-06 Fix HTTP code metrics on blocked attacks. [1.8.4] 2018-02-01 Process preloaded Django messages. [1.8.3] 2018-01-29 Don't consume Django messages when analyzing them. Avoid crashing on non-string Django messages. [1.8.2] 2018-01-26 Protect against malicious cookies payloads. [1.8.1] 2018-01-17 Fix behavior of request recording. [1.8.0] 2018-01-11 Add support for Django 2.0. Add new SDK method identify. Update vendored libraries. [1.7.2] 2017-12-21 Don't trigger DATA_UPLOAD_MAX_MEMORY_SIZE with Django Rest Framework. [1.7.1] 2017-12-13 Support for aiohttp 2.2. Improve IP address detection. [1.7.0] 2017-12-04 Beta support for aiohttp. [1.6.0] 2017-11-23 Smaller communication payloads. Updated error page. Updated user agent. [1.5.8] 2017-10-27 Fix passlist behavior on Gunicorn socket mode. Fix authentication behavior when no request was recorded. [1.5.7] 2017-10-23 Improve performances on long parameters. Fix behavior on missing hookpoints. [1.5.6] 2017-10-18 Don't crash when exiting uWSGI 2.0.15. [1.5.5] 2017-10-16 Upgrade vendored dependencies. Improve IP address detection. Fix encoding issues in JS callbacks. [1.5.4] 2017-10-11 Performance improvements. Update documentation URLs. Improve IP address detection. Fixed behavior on invalid or unknown IP addresses. Fixed behavior when receiving bytes instead of strings in DB-API 2.0 methods. [1.5.3] 2017-09-26 Upgrade vendored dependencies. Performance improvements. [1.5.2] 2017-09-15 Unusual clash between vendored and app libraries. Performance improvements. [1.5.1] 2017-08-29 Performance regression. [1.5.0] 2017-08-28 Add support for IP passlist and denylist. Add support for Pyramid 1.8 and 1.9. Corner-case bug on non-blocking rules. Smaller memory footprint. [1.4.0] 2017-08-17 Improve login mechanism with smaller payloads. [1.3.2] 2017-06-28 Add support for reverse proxy in the configuration file Fix PostgreSQL support when using Django 1.11 and Python 3 [1.3.1] 2017-05-09 Correctly handle HTTP requests with some empty field [1.3.0] 2017-04-24 Add compatibility for Django 1.11 Add the attack page [1.2.1] 2017-04-12 Improve the data collected with the automatic user context when using Django. Fix a possible regression in startup time when using gunicorn with a gevent worker. [1.2.0] 2017-04-05 Improve the quality of data we get for HTTP code. [1.1.0] 2017-03-23 The agent detect when the Flask or Django application is in debug mode and skip the cleanup in order to fasten the exit. The agent now correctly detect when the application is launched in a interactive interpreter environment with manage.py shell and doesn't launch. Reduce startup overhead. Improve compatibility with Newrelic. [1.0.3] 2017-03-10 Add official support for Django 1.6 and Django 1.7. Ensure the agent use a compatible version of urllib3 in all cases. [1.0.2] 2017-01-16 Prepare the agent for a future user related feature. [1.0.1] 2017-01-09 Fix a last minute regression on a monitoring feature. [1.0.0] 2017-01-06 Add support for Pyramid framework versions 1.6 and 1.7. Add support for Python 3.6. Display a message when the agent starts if it detect a not-supported framework version or Python version. Improve performances on Django when the response is 404. Reduce startup time. [0.9.3] 2016-11-30 Add support for XSS protection with Jinja2. Remove agent logging from Python raven breadcrumbs integration. Greatly improve memory consumption of the agent. [0.9.2] 2016-11-16 The client IP is now more accurate when proxies are present in the network architecture. Greatly improve performance when checking SQL queries for SQL injections. Fix a bug with DjangoRestFramework 3.3.X that could lead to empty POST parameters. [0.9.1] 2016-10-28 Update version of the shipped Urllib3 dependency. [0.9.0] 2016-10-26 Add a new layer of security to the Python agent. Small performances improvements. Fix a regression with Flask integration about handling X-Forwarded-For header. [0.8.13] 2016-10-10 Add support for the basic authentication SDK, see our documentation for more information how to enable it. [0.8.12] 2016-10-07 Add support for paths passlist. Improve detection of situations where the Python agent shouldn't starts. [0.8.11] 2016-10-06 Bump the minimum version of PyMiniRacer to be sure to use the latest most performant one. [0.8.10] 2016-10-03 Make the Python agent more network friendly. [0.8.9] 2016-09-26 Fix an edge-case that could sends twice the query parameters. [0.8.8] 2016-09-21 Improve general performance of the Python agent. Fix edge-case that could lead the agent to returns an incorrect client IP. [0.8.7] 2016-09-12 Fix issue with some Django authentication backends that prevents account activity monitoring. [0.8.6] 2016-09-09 Fix a bug when the configuration file is invalid, now the Sqreen agent displays a clean message explaining that it cannot start. [0.8.5] 2016-09-08 Add a better integration with Flask, the data showed on the dashboard should be more precise and consistent with the data Flask parses and exposes. Fix a bug with Python3 and headers insertion. Fix a bug where the XSS protection protect even in learning mode. Fix a bug with the XSS protection that could send log messages to the application. Fix a double instrumentation bug that could happen with some WSGI servers. [0.8.4] 2016-08-16 Fix a bug caused by the interaction between SQL protection and psycopg2 register_type. [0.8.3] 2016-08-12 Add better support for Django framework, the requests should be more precise and match information you could find in your logs. [0.8.2] 2016-08-11 Fix the bug that consume file upload, making the file unavailable for the application. [0.8.1] 2016-08-11 Fix a bug that makes the Sqreen agent to block during starting. [0.8.0] 2016-08-10 Add support for dynamic rules. [0.7.2] 2016-07-29 Update the Python agent to compute the client-ip using the X-FORWARDED-FOR header if present, you should now see the real client ip. [0.7.1] 2016-07-28 Fix a bug that could send a 500 when the URL didn't match any route instead of a 404. Fix a bug that blocked security bots even in learning mode. [0.7.0] 2016-07-22 Update Django account activity monitoring to be more generic and not depends on the Django authentication backend configured. [0.6.0] 2016-07-20 Improve the performance of the Sqreen agent when no attacks is detected. [0.5.0] 2016-06-30 The Python agent now correctly detects the pyramid framework, but it's not supported yet. Improve HTTP performance when interacting with the backend. [0.4.0] 2016-06-23 Add support for account activity monitoring. Add support for crawlers monitoring. [0.3.0] 2016-06-16 First version!