Python agent release notes

---

[1.14.4] 2019-03-20

• Improve the agent behaviour when the backend is experiencing difficulties
• Make the PII scrubbing configurable through environment variables
• Fix an issue that could result in some blocked IP not working as expected
• Fix an issue that might cause exceptions within the agent, causing performance issues

[1.14.3] 2019-02-25

• Fix a parsing issue on some Azure headers

[1.14.2] 2019-01-23

• Send out more data when blocking a user agent

[1.14.1] 2019-01-23

• Provide more data about some blocking events

[1.14.0] 2018-12-20

• Fix memory leaks
• Reduce memory usage

[1.13.5] 2018-12-06

• Improve the performance of blocking/redirecting IPs

[1.13.4] 2018-10-23

• Fix enconding issues with Python2

[1.13.3] 2018-07-10

• Strip sensitive data before sending them to the BackEnd

[1.13.2] 2018-07-03

• Fix the IP blacklist for request without IP

[1.13.1] 2018-06-15

• Arguments passed to SDK track function are no longer modified in-place.
• Update vendored libraries.

[1.13.0] 2018-06-11

• Add support for block user security response.
• Update security responses format.

[1.12.8] 2018-05-30

• Improve agent behavior when receiving invalid security plugin signatures.

[1.12.7] 2018-05-28

• Fix a potential deadlock at startup with Django on Python 2.
• Do not escape Django messages to protect against XSS.
• Update vendored dependencies.

[1.12.6] 2018-05-24

• Update security plugin signature validation algorithm.
• Improve agent behavior when receiving invalid security plugin signatures.

[1.12.5] 2018-05-22

• Add support for Python 3.7.
• Update security responses format.

[1.12.4] 2018-05-21

• Fix IP redirection security response behavior.
• Fix security responses compatibility with Django 2.0.

[1.12.3] 2018-05-17

• Improve management of HTTP timeouts when Sqreen backend is not reachable.
• Do not run the agent within Pyramid shell.
• Update security responses format.

[1.12.2] 2018-05-15

• Fix communication recovery when Sqreen backend is not reachable for a while (e.g. network outage).
• Fix security responses parsing.

[1.12.1] 2018-05-04

• Improve security responses behavior during actions reload.

[1.12] 2018-05-03

• Add compatibility for Flask 1.x.
• Improve security responses behavior.

[1.11.3] 2018-04-24

• Log and filter out invalid options key in SDK track events.
• Add request information to SDK track events.
• Update vendored libraries.

[1.11.2] 2018-04-23

• Fix metrics aggregation on SDK track events.

[1.11.1] 2018-04-20

• Fix HTTP code metrics on aiohttp.

[1.11.0] 2018-04-19

• Add support for SDK track function.

[1.10.0] 2018-04-12

• Add support for custom IP headers.
• Update vendored libraries.

[1.9.0] 2018-04-03

• Add support for aiohttp 3.0 and 3.1.

[1.8.7] 2018-03-22

• Fix user-agent matching.
• Fix a memory leak in JS rules execution.

[1.8.6] 2018-02-28

• Fix disabled instrumentation with New Relic on Heroku.

[1.8.5] 2018-02-06

• Fix HTTP code metrics on blocked attacks.

[1.8.4] 2018-02-01

• Process preloaded Django messages.

[1.8.3] 2018-01-29

• Don't consume Django messages when analyzing them.
• Avoid crashing on non-string Django messages.

[1.8.2] 2018-01-26

• Protect against malicious cookies payloads.

[1.8.1] 2018-01-17

• Fix behavior of request recording.

[1.8.0] 2018-01-11

• Add support for Django 2.0.
• Add new SDK method identify.
• Update vendored libraries.

[1.7.2] 2017-12-21

• Don't trigger DATA_UPLOAD_MAX_MEMORY_SIZE with Django Rest Framework.

[1.7.1] 2017-12-13

• Support for aiohttp 2.2.
• Improve IP address detection.

[1.7.0] 2017-12-04

• Beta support for aiohttp.

[1.6.0] 2017-11-23

• Smaller communication payloads.
• Updated error page.
• Updated user agent.

[1.5.8] 2017-10-27

• Fix whitelist behavior on Gunicorn socket mode.
• Fix authentication behavior when no request was recorded.

[1.5.7] 2017-10-23

• Improve performances on long parameters.
• Fix behavior on missing hookpoints.

[1.5.6] 2017-10-18

• Don't crash when exiting uWSGI 2.0.15.

[1.5.5] 2017-10-16

• Upgrade vendored dependencies.
• Improve IP address detection.
• Fix encoding issues in JS callbacks.

[1.5.4] 2017-10-11

• Performance improvements.
• Update documentation URLs.
• Improve IP address detection.
• Fixed behavior on invalid or unknown IP addresses.
• Fixed behavior when receiving bytes instead of strings in DB-API 2.0 methods.

[1.5.3] 2017-09-26

• Upgrade vendored dependencies.
• Performance improvements.

[1.5.2] 2017-09-15

• Unusual clash between vendored and app libraries.
• Performance improvements.

[1.5.1] 2017-08-29

• Performance regression.

[1.5.0] 2017-08-28

• Add support for IP whitelist and blacklist.
• Add support for Pyramid 1.8 and 1.9.
• Corner-case bug on non-blocking rules.
• Smaller memory footprint.

[1.4.0] 2017-08-17

• Improve login mechanism with smaller payloads.

[1.3.2] 2017-06-28

• Add support for reverse proxy in the configuration file
• Fix PostgreSQL support when using Django 1.11 and Python 3

[1.3.1] 2017-05-09

• Correctly handle HTTP requests with some empty field

[1.3.0] 2017-04-24

• Add compatibility for Django 1.11
• Add the attack page

[1.2.1] 2017-04-12

• Improve the data collected with the automatic user context when using Django.
• Fix a possible regression in startup time when using gunicorn with a gevent worker.

[1.2.0] 2017-04-05

• Improve the quality of data we get for HTTP code.

[1.1.0] 2017-03-23

• The agent detect when the Flask or Django application is in debug mode and skip the cleanup in order to fasten the exit.
• The agent now correctly detect when the application is launched in a interactive interpreter environment with manage.py shell and doesn't launch.
• Reduce startup overhead.
• Improve compatibility with Newrelic.

[1.0.3] 2017-03-10

• Add official support for Django 1.6 and Django 1.7.
• Ensure the agent use a compatible version of urllib3 in all cases.

[1.0.2] 2017-01-16

• Prepare the agent for a future user related feature.

[1.0.1] 2017-01-09

• Fix a last minute regression on a monitoring feature.

[1.0.0] 2017-01-06

• Add support for Pyramid framework versions 1.6 and 1.7.
• Add support for Python 3.6.
• Display a message when the agent starts if it detect a not-supported framework version or Python version.
• Improve performances on Django when the response is 404.
• Reduce startup time.

[0.9.3] 2016-11-30

• Add support for XSS protection with Jinja2.
• Remove agent logging from Python raven breadcrumbs integration.
• Greatly improve memory consumption of the agent.

[0.9.2] 2016-11-16

• The client IP is now more accurate when proxies are present in the network architecture.
• Greatly improve performance when checking SQL queries for SQL injections.
• Fix a bug with DjangoRestFramework 3.3.X that could lead to empty POST parameters.

[0.9.1] 2016-10-28

• Update version of the shipped Urllib3 dependency.

[0.9.0] 2016-10-26

• Add a new layer of security to the Python agent.
• Small performances improvements.
• Fix a regression with Flask integration about handling X-Forwarded-For header.

[0.8.13] 2016-10-10

• Add support for the basic authentication SDK, see our documentation for more information how to enable it.

[0.8.12] 2016-10-07

• Add support for paths whitelist.
• Improve detection of situations where the Python agent shouldn't starts.

[0.8.11] 2016-10-06

• Bump the minimum version of PyMiniRacer to be sure to use the latest most performant one.

[0.8.10] 2016-10-03

• Make the Python agent more network friendly.

[0.8.9] 2016-09-26

• Fix an edge-case that could sends twice the query parameters.

[0.8.8] 2016-09-21

• Improve general performance of the Python agent.
• Fix edge-case that could lead the agent to returns an incorrect client IP.

[0.8.7] 2016-09-12

• Fix issue with some Django authentication backends that prevents account activity monitoring.

[0.8.6] 2016-09-09

• Fix a bug when the configuration file is invalid, now the Sqreen agent displays a clean message explaining that it cannot start.

[0.8.5] 2016-09-08

• Add a better integration with Flask, the data showed on the dashboard should be more precise and consistent with the data Flask parses and exposes.
• Fix a bug with Python3 and headers insertion.
• Fix a bug where the XSS protection protect even in learning mode.
• Fix a bug with the XSS protection that could send log messages to the application.
• Fix a double instrumentation bug that could happen with some WSGI servers.

[0.8.4] 2016-08-16

• Fix a bug caused by the interaction between SQL protection and psycopg2 register_type.

[0.8.3] 2016-08-12

• Add better support for Django framework, the requests should be more precise and match information you could find in your logs.

[0.8.2] 2016-08-11

• Fix the bug that consume file upload, making the file unavailable for the application.

[0.8.1] 2016-08-11

• Fix a bug that makes the Sqreen agent to block during starting.

[0.8.0] 2016-08-10

• Add support for dynamic rules.

[0.7.2] 2016-07-29

• Update the Python agent to compute the client-ip using the X-FORWARDED-FOR header if present, you should now see the real client ip.

[0.7.1] 2016-07-28

• Fix a bug that could send a 500 when the URL didn't match any route instead of a 404.
• Fix a bug that blocked security bots even in learning mode.

[0.7.0] 2016-07-22

• Update Django account activity monitoring to be more generic and not depends on the Django authentication backend configured.

[0.6.0] 2016-07-20

• Improve the performance of the Sqreen agent when no attacks is detected.

[0.5.0] 2016-06-30

• The Python agent now correctly detects the pyramid framework, but it's not supported yet.
• Improve HTTP performance when interacting with the backend.

[0.4.0] 2016-06-23

• Add support for account activity monitoring.
• Add support for crawlers monitoring.

[0.3.0] 2016-06-16

First version!