Ruby agent release notes

[1.16.2] 2019-02-14

  • Improve handling of maximum request execution time setting
  • Improved log clarity when using a forking server
  • Fix case sensitive configuration keys handling
  • Improved reliabilty on concurrent access to a hash
  • Support Ruby 2.6

[1.16.1] 2019-01-18

  • Fix bugs in low memory JavaScript paths

[1.16.0] 2019-01-18

  • Implement redirect_user action
  • Improve performance of JavaScript rules
  • Support Organization Token

[1.15.8] 2019-01-07

  • Improve JavaScript engine memory usage

[1.15.7] 2018-11-28

  • Improve performance of IP blacklisting

[1.15.7.beta1] 2018-11-22

  • Improve serialization of arguments to rule engine (MRI Ruby only)

[1.15.6] 2018-11-21

  • Avoid errors on Sqreen SDK method call when Sqreen is not yet configured

[1.15.5] 2018-11-15

  • Reduce overhead of performance monitoring

[1.15.4] 2018-11-14

  • Fix JS functions sometimes interfering with each other

[1.15.3] 2018-11-08

  • User customization of sensitive data purging
  • Ignore redundant rules_reload commands
  • Eliminate reentering protection in request start/end hooks
  • Add logging statements

[1.15.2] 2018-10-31

  • Fix exception when evaluating actions without the server having sent the actions_reload command
  • Fix reporting of such an exception

[1.15.1] 2018-10-29

  • Improve performance of large number of IP blocks
  • Changed order in which actions, whielisting and blacklisting are evaluated
  • Improve serialization of arguments to JS functions (MRI only)

[1.15.0] 2018-10-24

  • Improve memory usage
  • Fix uninitialized @@issue_nojs_warn
  • Fix FloatDomainError when binning value is 0

[1.14.2] 2018-10-02

  • Fix error when instrumented method is called between requests and measuring agent performance
  • Fix encoding error when passing arguments to mini_racer
  • Work around bug causing Ruby 2.5.0 and 2.5.1 to segfault
  • Fix JavaScript usage in jRuby (Rhino contexts cannot cross threads)
  • Increase minimum version of sq_mini_racer to 0.2.2.sqreen1

[1.14.1] 2018-09-21

  • Improve agent performance monitoring collection

[1.14.0] 2018-09-12

  • Improve log msgs for block and redirect (and make block a warning)
  • Avoid v8 instances being created in master processes (before forking)

[1.14.0.beta3] 2018-09-06

  • Remove dependency on therubyracer
  • Upgrade sq_mini_racer
  • Set mini_racer flag noconcurrent_recompilation

[1.14.0.beta2] 2018-08-20

  • Fixed sq_mini_racer not being declared as a runtime dependency

[1.14.0.beta1] 2018-08-20

  • Fix exception in XSS callback for HAML 4 script lines
  • Introduce sq_mini_racer (fork of mini_racer)

[1.13.4] 2018-08-16

  • Fixed literals in HAML 4 being improperly escaped
  • Fixed exception in XSS callback when some input is not UTF-8 encoded

[1.13.3] 2018-08-13

  • Redact sensitive data before sending it to Sqreen's servers
  • Specify a minimum version of therubyracer

[1.13.2] 2018-07-23

  • Explicitly ignore uncaught Sqreen::AttackBlocked exceptions on Sentry and NewRelic

[1.13.1] 2018-07-18

  • Force mini_racer gem dependency version to 0.1.x

[1.13.0] 2018-07-04

  • Implement the block_user security response
  • Add ip_header configuration option
  • Prevent double instrumentation of instance methods
  • Support performance metrics

[1.12.0] 2018-05-31

  • Add support for security responses

[1.11.3] 2018-03-26

  • Improve workaround about uncommon potential segfault happenning in Ruby 2.5.0

[1.11.2] 2018-03-21

  • Workaround uncommon potential segfault happenning in Ruby 2.5.0

[1.11.1] 2018-03-20

  • Improve performance of agent in the request cycle

[1.11.0] 2018-03-07

  • Add limit of protection runtime through settings
  • Improve performance of XSS related protections
  • Change NewRelic performance reports to use custom attributes instead of custom metrics
  • Add a way to display overhead per request in logs

[1.10.5] 2018-02-22

  • Fix compatibility issue with delayed_job workers
  • Fix infrequent logging error
  • Improve speed of WAF-like rule

[1.10.4] 2018-02-20

  • Fix instrumentation when Sqreen is used with skylight
  • Improve security plugins signature handling when Oj is present

[1.10.3] 2018-02-15

  • Further improments of sqreen-alt memory profile

[1.10.2] 2018-02-15

  • Improve memory profile of sqreen-alt

[1.10.1] 2018-02-14

  • Fix memory leak that can occur when reloading protection in sqreen-alt

[1.10.0] 2018-02-14

  • Publish sqreen-alt gem that uses mini_racer as rule engine
  • Change local rule storage

[1.9.2] 2018-02-06

  • Look for XSS in raw erb templates (<%== %>)
  • Fix data report format when retrying delivery

[1.9.1] 2018-01-22

  • Fix observing the first request of an app server on sinatra

[1.9.0] 2018-01-22

  • Add identify method to SDK to tag a user on a request
  • Group attacks and metrics observed per requests
  • Update attack blocked page template
  • Tune ip detection
  • Fix corner case that would occur when the request had very deep hash of parameters

[1.8.5] 2017-10-18

  • Fix an issue when trying to compile slim templates containing modifier if (e.g. == expr if something)

[1.8.4] 2017-10-17

  • Better support old version of json libraries

[1.8.3] 2017-10-04

  • Improve resilience on badly shaped request environment

[1.8.2] 2017-09-25

  • Improve performance of SQL injection detection
  • Improve ip address detection on private networks

[1.8.1] 2017-08-09

  • Ensure that rules are correctly reapplied after a process fork

[1.8.0] 2017-08-07

  • Smaller login payloads
  • make disable accept more value as true
  • Add version of Sqreen gem in User-Agent

[1.7.2] 2017-07-18

  • Improve speed of early attack detection
  • Correctly disable early attack detection when a request is whitelisted

[1.7.1] 2017-07-10

  • Fixes some security rules getting lost when applying whitelisting

[1.7.0] 2017-06-30

  • Completely redesigned whitelist/blacklist support
  • Better support badly encoded strings in parameters

[1.6.5] 2017-06-09

  • Only escape maliciously injected reflected values
  • Better File parameters handling

[1.6.4] 2017-05-29

  • Accept more kind of values in Haml protection

[1.6.3] 2017-05-22

  • Improve Haml5 support

[1.6.2] 2017-05-16

  • Display custom error page when an attack in cached in the templates

[1.6.1] 2017-05-15

  • Ensure all protection use the selected protection mode behavior

[1.6.0] 2017-05-12

  • More early attack detection rules
  • Refactor dynamic rules execution

[1.5.0] 2017-04-18

  • Use ERB inside sqreen.yml config file
  • Disable Sqreen through config file

[1.4.3] 2017-04-07

  • More support for HAML & Slim templating engines
  • Capturing more slightly more detailed traffic metrics

[1.4.2] 2017-03-28

  • Parameter inclusion check was too wide

[1.4.0] 2017-03-27

  • Initial support for HAML templating engine (reflected XSS)
  • Initial support for whitelisting a request path
  • Change patch numbering system

[1.3.2] 2017-03-09

  • Faster exit when application is in development mode

[1.3.1] 2017-03-06

  • Improve error logs

[1.3.0] 2017-02-23

  • More stable middleware instrumentation
  • Fix encoding objects when sending to Sqreen

[1.2.0] 2017-01-20

  • Improve error logs

[1.1.5] 2016-12-15

  • Better metrics collection

[1.1.4] 2016-12-15

  • Do not start by default in cucumber environment

[1.1.2] 2016-12-14

  • Improve security APIs statistics collection
  • Stop freezing user-agent strings

[1.1.1] 2016-12-07

  • Improve IP address selection heuristic

[1.1.0] 2016-12-06

[1.0.0] 2016-12-05

  • Improved agent network communication performance (new agent login)

[0.8.1] 2016-06-06

  • Improved performance (pre-conditions fix)

[0.8.0] 2016-05-30

[0.7.X] 2016-04-20