Skip to content
This repository has been archived by the owner on Nov 2, 2023. It is now read-only.

Commit

Permalink
v0.13.0
Browse files Browse the repository at this point in the history 
New Feature:

- (#137) RASP: add noSQL Injection protection support for the Go MongoDB driver
  `go.mongodb.org/mongo-driver/mongo`. This protection can be configured at
  <https://my.sqreen.com/application/goto/modules/rasp/details/nosql_injection>.

Internal Changes:

- (#138) Health-check the HTTPS connectivity to the new backend API
  `ingestion.sqreen.com` before using it. Fallback to the usual
  `back.sqreen.com` in case of a connection issue. Therefore, the agent can take
  up to 30 seconds to connect to Sqreen if the health-check timeouts. Please
  make sure to add this new  firewall and proxy configurations.

- (#136) Add support to attach multiple security protections per hook point.

Fixes:

- (#140) Fix the In-App WAF metadata PII scrubbing to also match substrings.
  • Loading branch information
Julio Guerra committed Jul 24, 2020
2 parents 897eb37 + 53e2d05 commit 028e3f1
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 18 deletions.
57 changes: 40 additions & 17 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,27 @@
# v0.12.1
# v0.13.0 - 24 July 2020

## New Feature

- (#137) RASP: add noSQL Injection protection support for the Go MongoDB driver
`go.mongodb.org/mongo-driver/mongo`. This protection can be configured at
<https://my.sqreen.com/application/goto/modules/rasp/details/nosql_injection>.

## Internal Changes

- (#138) Health-check the HTTPS connectivity to the new backend API
`ingestion.sqreen.com` before using it. Fallback to the usual
`back.sqreen.com` in case of a connection issue. Therefore, the agent can take
up to 30 seconds to connect to Sqreen if the health-check timeouts. Please
make sure to add this new firewall and proxy configurations.

- (#136) Add support to attach multiple security protections per hook point.

## Fixes

- (#140) Fix the In-App WAF metadata PII scrubbing to also match substrings.


# v0.12.1 - 13 July 2020

## Fixes

Expand All @@ -19,7 +42,7 @@
- (eeb1dca) Avoid copying the metadata returned by the In-App WAF.


# v0.12.0
# v0.12.0 - 6 July 2020

## New Features

Expand Down Expand Up @@ -53,7 +76,7 @@
- (794d6e2) Allow port numbers in the `X-Forwarded-For` header.


# v0.11.0
# v0.11.0 - 19 June 2020

## New Features

Expand Down Expand Up @@ -90,14 +113,14 @@
- (#114) Add Goroutine Local Storage (GLS) support through static instrumentation of the Go runtime.


# v0.10.1
# v0.10.1 - 5 June 2020

## Fix

- (#116) Fix the instrumentation tool ignoring vendored packages, leading to
missing hook points in the agent.

# v0.10.0
# v0.10.0 - 20 May 2020

## New Features

Expand Down Expand Up @@ -136,7 +159,7 @@

- Document PII scrubbing configuration at <https://docs.sqreen.com/go/configuration/#personally-identifiable-information-scrubbing>.

# v0.9.1
# v0.9.1 - 31 March 2020

## Fixes

Expand All @@ -150,7 +173,7 @@
- (#101) Prevent starting the agent when the instrumentation tool and agent
versions are not the same.

# v0.9.0
# v0.9.0 - 19 February 2020

This new major version says farewell to the `beta` and adds SQL-injection
run time protection thanks the first building blocks of [RASP][RASP-Wikipedia]
Expand Down Expand Up @@ -233,7 +256,7 @@ Because we now want a stable public API, find below the breaking changes:
compiled as a Go module. This is also shown by the dashboard when the list
of dependencies is empty.

# v0.1.0-beta.10
# v0.1.0-beta.10 - 24 January 2020

## Breaking Change

Expand Down Expand Up @@ -264,7 +287,7 @@ Because we now want a stable public API, find below the breaking changes:
- (#92) Vendoring using `go mod vendor` could lead to compilation errors due to
missing files.

# v0.1.0-beta.9
# v0.1.0-beta.9 - 19 December 2019

## New Features

Expand All @@ -283,7 +306,7 @@ Because we now want a stable public API, find below the breaking changes:
- The In-App WAF has been intensively optimized so that large requests can no longer impact
its execution time. (#83)

# v0.1.0-beta.8
# v0.1.0-beta.8 - 15 October 2019

## Internal Changes

Expand All @@ -292,7 +315,7 @@ Because we now want a stable public API, find below the breaking changes:
- Ignore WAF timeout errors and add more context when reporting an error (#80).
- Update the libsqreen to v0.4.0 to add support for the `@pm` operator.

# v0.1.0-beta.7
# v0.1.0-beta.7 - 26 September 2019

## Breaking Changes

Expand All @@ -319,7 +342,7 @@ Because we now want a stable public API, find below the breaking changes:
- Fix a compilation error on 32-bit target architectures.
# v0.1.0-beta.6
# v0.1.0-beta.6 - 25 July 2019
## New Features
Expand Down Expand Up @@ -354,7 +377,7 @@ Because we now want a stable public API, find below the breaking changes:
log-level.
# v0.1.0-beta.5
# v0.1.0-beta.5 - 23 May 2019
## New Features
Expand All @@ -380,7 +403,7 @@ Because we now want a stable public API, find below the breaking changes:
processing loop.
# v0.1.0-beta.4
# v0.1.0-beta.4 - 16 April 2019
This release adds the ability to block IP addresses or users into your Go web
services by adding support for [Security Automation] according to your
Expand Down Expand Up @@ -440,7 +463,7 @@ Note that redirecting users or IP addresses is not supported yet.
- Avoid performing multiple times commands within the same command batch. (51)


# v0.1.0-beta.3
# v0.1.0-beta.3 - 22 March 2019

## New Features

Expand Down Expand Up @@ -477,15 +500,15 @@ Note that redirecting users or IP addresses is not supported yet.
self-managing the initializations. (#28)


# v0.1.0-beta.2
# v0.1.0-beta.2 - 14 February 2019

## New feature

- Add a new `Identify()` method allowing to explicitly associate a user to the
current request. As soon as we add the support for the security reponses, it
will allow to block users (#26).

# v0.1.0-beta.1
# v0.1.0-beta.1 - 7 February 2019

This version is a new major version towards the v0.1.0 as it proposes a new and
stable SDK API, that now will only be updated upon user feedback. So please,
Expand Down
1 change: 0 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@
[![GoDoc](https://godoc.org/github.com/sqreen/go-agent?status.svg)](https://godoc.org/github.com/sqreen/go-agent)
[![Go Report Card](https://goreportcard.com/badge/github.com/sqreen/go-agent)](https://goreportcard.com/report/github.com/sqreen/go-agent)
[![Build Status](https://dev.azure.com/sqreenci/Go%20Agent/_apis/build/status/sqreen.go-agent?branchName=master)](https://dev.azure.com/sqreenci/Go%20Agent/_build/latest?definitionId=8&branchName=master)
[![Sourcegraph](https://sourcegraph.com/github.com/sqreen/go-agent/-/badge.svg)](https://sourcegraph.com/github.com/sqreen/go-agent?badge)

After performance monitoring (APM), error and log monitoring it’s time to add a
security component into your app. Sqreen’s microagent automatically monitors
Expand Down

0 comments on commit 028e3f1

Please sign in to comment.