Ruby agent release notes

---

[1.17.0] 2019-03-23

• Implement HTTP Response Code, Content-Type, and Content-Length in relevant sqreen events
• Enhance reliability in case of unavailability of the backend
• Handle communication exceptions more gracefully
• Improve handling and sanitization of non-UTF8 encodings
• Avoid concurrent hash modification during iteration
• Improve feedback accuracy in logs

[1.16.2] 2019-02-14

• Improve handling of maximum request execution time setting
• Improved log clarity when using a forking server
• Fix case sensitive configuration keys handling
• Improved reliabilty on concurrent access to a hash
• Support Ruby 2.6

[1.16.1] 2019-01-18

• Fix bugs in low memory JavaScript paths

[1.16.0] 2019-01-18

• Implement redirect_user action
• Improve performance of JavaScript rules
• Support Organization Token

[1.15.8] 2019-01-07

• Improve JavaScript engine memory usage

[1.15.7] 2018-11-28

• Improve performance of IP blacklisting

[1.15.7.beta1] 2018-11-22

• Improve serialization of arguments to rule engine (MRI Ruby only)

[1.15.6] 2018-11-21

• Avoid errors on Sqreen SDK method call when Sqreen is not yet configured

[1.15.5] 2018-11-15

• Reduce overhead of performance monitoring

[1.15.4] 2018-11-14

• Fix JS functions sometimes interfering with each other

[1.15.3] 2018-11-08

• User customization of sensitive data purging
• Ignore redundant rules_reload commands
• Eliminate reentering protection in request start/end hooks
• Add logging statements

[1.15.2] 2018-10-31

• Fix exception when evaluating actions without the server having sent the actions_reload command
• Fix reporting of such an exception

[1.15.1] 2018-10-29

• Improve performance of large number of IP blocks
• Changed order in which actions, whielisting and blacklisting are evaluated
• Improve serialization of arguments to JS functions (MRI only)

[1.15.0] 2018-10-24

• Improve memory usage
• Fix uninitialized @@issue_nojs_warn
• Fix FloatDomainError when binning value is 0

[1.14.2] 2018-10-02

• Fix error when instrumented method is called between requests and measuring agent performance
• Fix encoding error when passing arguments to mini_racer
• Work around bug causing Ruby 2.5.0 and 2.5.1 to segfault
• Fix JavaScript usage in jRuby (Rhino contexts cannot cross threads)
• Increase minimum version of sq_mini_racer to 0.2.2.sqreen1

[1.14.1] 2018-09-21

• Improve agent performance monitoring collection

[1.14.0] 2018-09-12

• Improve log msgs for block and redirect (and make block a warning)
• Avoid v8 instances being created in master processes (before forking)

[1.14.0.beta3] 2018-09-06

• Remove dependency on therubyracer
• Upgrade sq_mini_racer
• Set mini_racer flag noconcurrent_recompilation

[1.14.0.beta2] 2018-08-20

• Fixed sq_mini_racer not being declared as a runtime dependency

[1.14.0.beta1] 2018-08-20

• Fix exception in XSS callback for HAML 4 script lines
• Introduce sq_mini_racer (fork of mini_racer)

[1.13.4] 2018-08-16

• Fixed literals in HAML 4 being improperly escaped
• Fixed exception in XSS callback when some input is not UTF-8 encoded

[1.13.3] 2018-08-13

• Redact sensitive data before sending it to Sqreen's servers
• Specify a minimum version of therubyracer

[1.13.2] 2018-07-23

• Explicitly ignore uncaught Sqreen::AttackBlocked exceptions on Sentry and NewRelic

[1.13.1] 2018-07-18

• Force mini_racer gem dependency version to 0.1.x

[1.13.0] 2018-07-04

• Implement the block_user security response
• Add ip_header configuration option
• Prevent double instrumentation of instance methods
• Support performance metrics

[1.12.0] 2018-05-31

• Add support for security responses

[1.11.3] 2018-03-26

• Improve workaround about uncommon potential segfault happenning in Ruby 2.5.0

[1.11.2] 2018-03-21

• Workaround uncommon potential segfault happenning in Ruby 2.5.0

[1.11.1] 2018-03-20

• Improve performance of agent in the request cycle

[1.11.0] 2018-03-07

• Add limit of protection runtime through settings
• Improve performance of XSS related protections
• Change NewRelic performance reports to use custom attributes instead of custom metrics
• Add a way to display overhead per request in logs

[1.10.5] 2018-02-22

• Fix compatibility issue with delayed_job workers
• Fix infrequent logging error
• Improve speed of WAF-like rule

[1.10.4] 2018-02-20

• Fix instrumentation when Sqreen is used with skylight
• Improve security plugins signature handling when Oj is present

[1.10.3] 2018-02-15

• Further improments of sqreen-alt memory profile

[1.10.2] 2018-02-15

• Improve memory profile of sqreen-alt

[1.10.1] 2018-02-14

• Fix memory leak that can occur when reloading protection in sqreen-alt

[1.10.0] 2018-02-14

• Publish sqreen-alt gem that uses mini_racer as rule engine
• Change local rule storage

[1.9.2] 2018-02-06

• Look for XSS in raw erb templates (<%== %>)
• Fix data report format when retrying delivery

[1.9.1] 2018-01-22

• Fix observing the first request of an app server on sinatra

[1.9.0] 2018-01-22

• Add identify method to SDK to tag a user on a request
• Group attacks and metrics observed per requests
• Update attack blocked page template
• Tune ip detection
• Fix corner case that would occur when the request had very deep hash of parameters

[1.8.5] 2017-10-18

• Fix an issue when trying to compile slim templates containing modifier if (e.g. == expr if something)

[1.8.4] 2017-10-17

• Better support old version of json libraries

[1.8.3] 2017-10-04

• Improve resilience on badly shaped request environment

[1.8.2] 2017-09-25

• Improve performance of SQL injection detection
• Improve ip address detection on private networks

[1.8.1] 2017-08-09

• Ensure that rules are correctly reapplied after a process fork

[1.8.0] 2017-08-07

• Smaller login payloads
• make disable accept more value as true
• Add version of Sqreen gem in User-Agent

[1.7.2] 2017-07-18

• Improve speed of early attack detection
• Correctly disable early attack detection when a request is whitelisted

[1.7.1] 2017-07-10

• Fixes some security rules getting lost when applying whitelisting

[1.7.0] 2017-06-30

• Completely redesigned whitelist/blacklist support
• Better support badly encoded strings in parameters

[1.6.5] 2017-06-09

• Only escape maliciously injected reflected values
• Better File parameters handling

[1.6.4] 2017-05-29

• Accept more kind of values in Haml protection

[1.6.3] 2017-05-22

• Improve Haml5 support

[1.6.2] 2017-05-16

• Display custom error page when an attack in cached in the templates

[1.6.1] 2017-05-15

• Ensure all protection use the selected protection mode behavior

[1.6.0] 2017-05-12

• More early attack detection rules
• Refactor dynamic rules execution

[1.5.0] 2017-04-18

• Use ERB inside sqreen.yml config file
• Disable Sqreen through config file

[1.4.3] 2017-04-07

• More support for HAML & Slim templating engines
• Capturing more slightly more detailed traffic metrics

[1.4.2] 2017-03-28

• Parameter inclusion check was too wide

[1.4.0] 2017-03-27

• Initial support for HAML templating engine (reflected XSS)
• Initial support for whitelisting a request path
• Change patch numbering system

[1.3.2] 2017-03-09

• Faster exit when application is in development mode

[1.3.1] 2017-03-06

• Improve error logs

[1.3.0] 2017-02-23

• More stable middleware instrumentation
• Fix encoding objects when sending to Sqreen

[1.2.0] 2017-01-20

• Improve error logs

[1.1.5] 2016-12-15

• Better metrics collection

[1.1.4] 2016-12-15

• Do not start by default in cucumber environment

[1.1.2] 2016-12-14

• Improve security APIs statistics collection
• Stop freezing user-agent strings

[1.1.1] 2016-12-07

• Improve IP address selection heuristic

[1.1.0] 2016-12-06

• Authentication SDK (documentation)

[1.0.0] 2016-12-05

• Improved agent network communication performance (new agent login)

[0.8.1] 2016-06-06

• Improved performance (pre-conditions fix)

[0.8.0] 2016-05-30

• New feature: Suspicious activities on accounts
• New feature: Content Security Policy management

[0.7.X] 2016-04-20

• First version published to Rubygems