What's New
  • 13 May 2024
  • Dark

What's New

  • Dark

Article summary


Released on 2024-04-27

  • Added vid Validation for _pxvid extraction
  • Added Enforcer Fuzzer as part of the CI process
  • Updated log4j artifact version
  • Removed /examples directory


Released on 2024-02-25

  • Added Dockerfile for web application example.
  • Bugfix - Sensitive headers are now case-insensitive.
  • Block page HTML align with spec.
  • Automatically running e2e tests on pull request.
  • Automatically verify version on pull request to master.
  • Automatically deploying a new release on merge to master.

Version 6.11.0

Released 2024-02-18

  • Added base64-encoded request http method to captcha script query parameters on block - pages

Version 6.10.0

Released 2023-12-28

  • Added feature request-header-based-logger (more about this feature).
  • Align risk api and async activities fields.
  • Added enforcer start timestamp and risk start timestamp to activities schema
  • Removed the blockedUrl window variable from the block page to prevent XSS vulnerability.
  • Added blocked URL to the captcha query params.

Version 6.9.5

Released 2023-11-23

  • Updated the first-party request handler with connection timeout limit.
  • Updated the captcha template for a better user experience.

Version 6.9.4

Released 2023-11-21

  • Fixed first party connection timeout issue.
  • Updated the captcha template to efficiently manage delays in captcha retrieval.

Version 6.9.3

Released 2023-11-16

  • Fixed risk request schema.
  • Fixed cookie validation.

Version 6.9.2

Released 2023-11-15

  • Fixed potential XHR first party issue.

Version 6.9.1

Released 2023-11-13

  • Updated ABR and captcha template.

Version 6.9.0

Released 2023-11-08

  • Added request filtering with a new RequestFilter for better management and introduced CustomFilterByFunction for more powerful filtering.
  • Added hard block support.
  • Fixed issues with cookies containing special characters, ensuring proper handling.
  • Fixed the Captcha page template.
  • Fixed resource management issues across various code locations.
  • Updated the Context URI to Servlet Path to better enforce feature routes.
  • Updated the Risk Request Schema to better support detection.
  • Updated Page Request and Block Activity schema to better support detection.

Version 6.8.1

Released 2023-10-22

  • Fixed handling of cookies with illegal arguments.

Version 6.8.0

Released 2023-10-18

  • Fixed Resolved an issue with unhandled Telemetry errors.
  • Added Enhanced customization with configurable IPXHttpClient and HUMANClient settings.
  • Fixed HUMANHD didn't set cookies after using the risk_api.
  • Fixed Enhanced security with the addition of an HTTP method check for static content extensions.

Version 6.7.1

Released 2023-09-05

  • Added logs for timeouts
  • Running async activities via ExecutorService

Version 6.7.0

Released 2023-11-05

  • Added feature custom cookie header
  • Changed getTelemetryConfig is now using builder.
  • Bugfix NullPointerException when using ConsoleLogger.

Version 6.6.0

Released 2023-27-04

  • Updating readme with customIsSensitve, customParametersExtraction
  • Added an option to configure logger without slf4j using HUMANConfiguration.setPxLoggerSeverity(<loggerSeverity>)
  • Added an option to close HUMAN

Version 6.5.0

Released 2023-03-04

  • Adding custom is sensitive configuration option
  • Lazy read the request body
  • Added new custom parameters function signature which receives the original HTTP request
  • Reading the body binary instead of textually

Version 6.4.5

Released 2023-01-11

  • Fixed invalid http connections for risk requests bug.

Version 6.4.4

Released 2022-09-05

  • Added pass reason enforcer_error
  • Changed s2s_error_reason to error_reason

Version 6.4.3

Released 2022-06-28

  • Fixed s2s_call_reason as sensitive_route in case of Credentials Intelligence request.

Version 6.4.2

Released 2022-06-01

  • Added sending telemetry by Slack command

Version 6.4.1

Released 2022-04-17

  • Support creating block activity after block handler invocation

Version 6.4.0

Released 2022-04-13

  • Support for credentials intelligence protocols v1, v2 and multistep_sso
  • Support for login successful reporting methods header, status, body, and custom
  • Support for manual sending of additional_s2s activity via header and function call.
  • Support for sending raw username on additional_s2s activity
  • Support for login credentials extraction via custom callback
  • New request_id field to all enforcer activities

Version 6.3.0

Released 2022-04-11

  • Added new block page implementation

Version 6.2.8

Released 2022-03-31

  • Added monitored routes feature.
  • Added enforced routes feature.
  • Updated Lombok dependency version to 1.18.22

Version 6.2.7

Released 2022-02-21

  • Added ability to mark simulated block on context

Version 6.2.6

Released 2021-05-31

  • Added supported features list to project metadata

Version 6.2.5

Released 2021-05-03

  • Fixed dependencies vulnerability issue by upgrading dependencies

Version 6.2.4

Released 2020-12-06

  • fix http_method bug when there is no http_version

Version 6.2.3

Released 2020-11-04

  • Fixed CLIENT_HOST scheme
  • Added query params to URL field

Version 6.2.2

Released 2020-10-09

  • New version to update files on Maven Central

Version 6.2.1

Released 2020-10-08

  • Fixed CLIENT_HOST configuration field

Version 6.2.0

Released 2020-08-23

  • Support regex values for sensitive-routes configuration

Version 6.1.5

Released 2020-05-13

  • Fixed 3rd party libs vulnerability issues

Version 6.1.4

Released 2020-03-04

  • Log exception information on deserialize by cookie selector
  • Fixed vulnerability issue by upgrading FasterXML version

Version 6.1.3

Released 2020-02-24

  • Fixed PBKDF2 iterations range check to be greater than 0

Version 6.1.2]

Released 2019-09-29

  • Fix potential concurrency problems within activity buffer
  • Increase default activities batch size from 10 to 20
  • Update underlying libs versions

Version 6.1.1

Released 2019-06-30

  • Fixed vulnerability issue by upgrading FasterXML version

Version 6.1.0

Released 2019-04-08

  • Support advanced blocking response - response can be json structured instead of html
  • Ignoring static files (json, imgs ...)
  • Support for testing blocking flow in monitor mode
  • Bypass Bypass
  • Added support to load config from a file

Version 6.0.5

Released 2019-02-25

  • Fixed the setting process of the pxhd cookie

Version 6.0.4

Relaesed 2019-02-04

  • Added multiple applications support (HUMAN class can be initialized multiple times within the same process)
  • Added some logs to increase visibility over httpasyncclient exceptions
  • Add client HUMANVID as a vid source
  • Changed simulatedBlock to be a boolean
  • Added vid_source to additional in async activities and renamed to enforcer_vid_source

Version 6.0.3

Released 2019-01-15

  • Removed pxvid from no_cookie_w_vid assertion

Version 6.0.0

Released 2018-12-25

  • Added HUMANHD handling (new human cookie has been added)
  • Added async custom params
  • Fixed activities connection errors

Version 5.4.0

Released 2018-12-13

  • Removed logback log implementation.
  • Removed debugMode configuration, instead use log level configuration per logger implementation.

Version 5.3.0

Released 2018-12-12

  • Fixed http components memory leak
  • Added custom params to async activities (page_requested, block)
  • Added data enrichment to context
  • Changed logger implementation to logback
  • formatted code style across project files
  • Added debugMode configuration that changes the log level from ERROR to DEBUG

Version 5.2.0

Released 2018-11-13

  • Fixed an issue when the acitivity telemetry won't send humanConfiguration.
  • Fixed the usage of custom activity handlers: The verification handler used to override the custom
    activity handler.
  • Added request cookie name extraction, requestCookieNames field sent during risk api call

Version 5.1.0

Released 2018-10-29

  • Added testing mode capability
  • Added Firsty party fallback when encountering redirection errors
  • Reordered the cookies such that the v3 cookie will be selected before v1

Version 5.0.0

Released 2018-08-28

  • Added handling of mobile tokens: x-px-tokens, x-px-original-tokens
  • Now using CaptchaV2 instead of a third party captcha provider
  • Added proxy support

Version 4.2.0

Released 2018-08-06

  • Additional mobile handling
  • Better cookie decryption

Version 4.1.1

Released 2018-07-22

  • Fixed logging level for unexpected risk result

Version 4.1.0

Released 2018-07-20

  • Fixed index out of bound error

Version 4.0.0

Released 2018-06-06

  • Fixed CustomBlockHandler implementations
  • Added support for First Party
  • Deprecated PXContext's method isVerified(), instead use isHandledResponse(), read more about it on at the Upgrading section
  • Update jackson packages

Version 3.1.0

Released 2018-04-04

  • Replaced footer on block pages
  • New logs format
  • Improved enforcer telemetry
  • Mobile SDK support
  • Custom Params support

Version 3.0.0

Released 2017-11-07

  • Remote Configuration support (by default is off)
  • Fixed risk_rtt for s2s on exception
  • Support js challenge
  • Sending enforcer_telemetry activities on init and remote config updates, telemetry includes px_config as json, os name and machine name
  • Supporting funCaptcha
  • New captcha flow
  • Fixed bug in S2S pass_reason
  • New documentation
  • Support for monitor mode (default set to true)
  • Support for ipHeaders (using new class CombinedIPProvider)

This version includes breaking changes in the following configurations:

  • Monitor mode is now on by default, for blocking mode it should be set to ACTIVE
  • BlockingScore was changed from 70 -> 100
  • Using ipHeaders from configuration - use default interface of IPProvider (CombinedIPProvider instead of RemoteAddressIPProvider)

Version 2.1.0

Released 2017-30-07

  • Renamed expired_cookie call reason to cookie_expired
  • Custom verification handler is now supported
  • Added pass_reason to page_requested
  • Sending client_uuid on page_requested activities
  • pxVerify now returning context instead of boolean value
  • Fixed wrong hostname being collected on DefualtHostnameProvider

Version 2.0.0

Released 2017-25-04

  • Support cookie v3
  • Support risk API v2
  • Support custom css/javascript/logo on block page
  • Send px_cookie_orig when cookie decryption fails
  • Invalid cookie format handling
  • Buffered activities handling (async send)
  • Updated server URL
  • Redesign block/captcha page

Version 1.0.16

Released 2016-02-10

  • HostnameProvider interface to allow user defined hostname extraction from http request.

Version 1.0.15

  • Decrypted risk cookie was added to page_requested activity.
  • UUID was added to captcha api request.
  • HUMAN server base url changed.
  • Documentation updated.
  • Bug fix: page_requested payload do not include block activities field.

Merged pull requests:

  • Build and deploy automation

Version 1.0.14

Released 2016-10-10

Merged pull requests:

  • Compatibility with older jackson

Version 1.0.13

Released 2016-09-27

Version 1.0.12

Released 2016-09-26

Version 1.0.11

Released 2016-09-26

Version 1.0.10

Merged pull requests:

  • User-agent and cookie fix case insensitive

Version 1.0.9

Released 2016-09-22

Version 1.0.8

Released 2016-09-21

Merged pull requests:

  • Dev less depends

Version 1.0.1

Released 2016-08-22

Was this article helpful?

What's Next