- 13 May 2024
- Print
- DarkLight
What's New
- Updated on 13 May 2024
- Print
- DarkLight
v6.13.0
Released on 2024-04-27
- Added vid Validation for _pxvid extraction
- Added Enforcer Fuzzer as part of the CI process
- Updated log4j artifact version
- Removed /examples directory
v6.12.0
Released on 2024-02-25
- Added Dockerfile for web application example.
- Bugfix - Sensitive headers are now case-insensitive.
- Block page HTML align with spec.
- Automatically running e2e tests on pull request.
- Automatically verify version on pull request to master.
- Automatically deploying a new release on merge to master.
Version 6.11.0
Released 2024-02-18
- Added base64-encoded request http method to captcha script query parameters on block - pages
Version 6.10.0
Released 2023-12-28
- Added feature request-header-based-logger (more about this feature).
- Align risk api and async activities fields.
- Added
enforcer start timestamp
andrisk start timestamp
to activities schema - Removed the
blockedUrl
window variable from the block page to prevent XSS vulnerability. - Added blocked URL to the captcha query params.
Version 6.9.5
Released 2023-11-23
- Updated the first-party request handler with connection timeout limit.
- Updated the captcha template for a better user experience.
Version 6.9.4
Released 2023-11-21
- Fixed first party connection timeout issue.
- Updated the captcha template to efficiently manage delays in captcha retrieval.
Version 6.9.3
Released 2023-11-16
- Fixed risk request schema.
- Fixed cookie validation.
Version 6.9.2
Released 2023-11-15
- Fixed potential XHR first party issue.
Version 6.9.1
Released 2023-11-13
- Updated ABR and captcha template.
Version 6.9.0
Released 2023-11-08
- Added request filtering with a new RequestFilter for better management and introduced CustomFilterByFunction for more powerful filtering.
- Added hard block support.
- Fixed issues with cookies containing special characters, ensuring proper handling.
- Fixed the Captcha page template.
- Fixed resource management issues across various code locations.
- Updated the Context URI to Servlet Path to better enforce feature routes.
- Updated the Risk Request Schema to better support detection.
- Updated Page Request and Block Activity schema to better support detection.
Version 6.8.1
Released 2023-10-22
- Fixed handling of cookies with illegal arguments.
Version 6.8.0
Released 2023-10-18
- Fixed Resolved an issue with unhandled Telemetry errors.
- Added Enhanced customization with configurable IPXHttpClient and HUMANClient settings.
- Fixed HUMANHD didn't set cookies after using the risk_api.
- Fixed Enhanced security with the addition of an HTTP method check for static content extensions.
Version 6.7.1
Released 2023-09-05
- Added logs for timeouts
- Running async activities via ExecutorService
Version 6.7.0
Released 2023-11-05
- Added feature custom cookie header
- Changed
getTelemetryConfig
is now using builder. - Bugfix
NullPointerException
when usingConsoleLogger
.
Version 6.6.0
Released 2023-27-04
- Updating readme with
customIsSensitve
,customParametersExtraction
- Added an option to configure logger without slf4j using
HUMANConfiguration.setPxLoggerSeverity(<loggerSeverity>)
- Added an option to close HUMAN
Version 6.5.0
Released 2023-03-04
- Adding custom is sensitive configuration option
- Lazy read the request body
- Added new custom parameters function signature which receives the original HTTP request
- Reading the body binary instead of textually
Version 6.4.5
Released 2023-01-11
- Fixed invalid http connections for risk requests bug.
Version 6.4.4
Released 2022-09-05
- Added pass reason
enforcer_error
- Changed s2s_error_reason to error_reason
Version 6.4.3
Released 2022-06-28
- Fixed
s2s_call_reason
assensitive_route
in case of Credentials Intelligence request.
Version 6.4.2
Released 2022-06-01
- Added sending telemetry by Slack command
Version 6.4.1
Released 2022-04-17
- Support creating block activity after block handler invocation
Version 6.4.0
Released 2022-04-13
- Support for credentials intelligence protocols
v1
,v2
andmultistep_sso
- Support for login successful reporting methods
header
,status
,body
, andcustom
- Support for manual sending of
additional_s2s
activity via header and function call. - Support for sending raw username on
additional_s2s
activity - Support for login credentials extraction via custom callback
- New
request_id
field to all enforcer activities
Version 6.3.0
Released 2022-04-11
- Added new block page implementation
Version 6.2.8
Released 2022-03-31
- Added monitored routes feature.
- Added enforced routes feature.
- Updated Lombok dependency version to 1.18.22
Version 6.2.7
Released 2022-02-21
- Added ability to mark simulated block on context
Version 6.2.6
Released 2021-05-31
- Added supported features list to project metadata
Version 6.2.5
Released 2021-05-03
- Fixed dependencies vulnerability issue by upgrading dependencies
Version 6.2.4
Released 2020-12-06
- fix http_method bug when there is no http_version
Version 6.2.3
Released 2020-11-04
- Fixed CLIENT_HOST scheme
- Added query params to URL field
Version 6.2.2
Released 2020-10-09
- New version to update files on Maven Central
Version 6.2.1
Released 2020-10-08
- Fixed CLIENT_HOST configuration field
Version 6.2.0
Released 2020-08-23
- Support regex values for sensitive-routes configuration
Version 6.1.5
Released 2020-05-13
- Fixed 3rd party libs vulnerability issues
Version 6.1.4
Released 2020-03-04
- Log exception information on deserialize by cookie selector
- Fixed vulnerability issue by upgrading FasterXML version
Version 6.1.3
Released 2020-02-24
- Fixed PBKDF2 iterations range check to be greater than 0
Version 6.1.2]
Released 2019-09-29
- Fix potential concurrency problems within activity buffer
- Increase default activities batch size from 10 to 20
- Update underlying libs versions
Version 6.1.1
Released 2019-06-30
- Fixed vulnerability issue by upgrading FasterXML version
Version 6.1.0
Released 2019-04-08
- Support advanced blocking response - response can be json structured instead of html
- Ignoring static files (json, imgs ...)
- Support for testing blocking flow in monitor mode
- Bypass Bypass
- Added support to load config from a file
Version 6.0.5
Released 2019-02-25
- Fixed the setting process of the pxhd cookie
Version 6.0.4
Relaesed 2019-02-04
- Added multiple applications support (HUMAN class can be initialized multiple times within the same process)
- Added some logs to increase visibility over httpasyncclient exceptions
- Add client HUMANVID as a vid source
- Changed simulatedBlock to be a boolean
- Added vid_source to additional in async activities and renamed to enforcer_vid_source
Version 6.0.3
Released 2019-01-15
- Removed pxvid from no_cookie_w_vid assertion
Version 6.0.0
Released 2018-12-25
- Added HUMANHD handling (new human cookie has been added)
- Added async custom params
- Fixed activities connection errors
Version 5.4.0
Released 2018-12-13
- Removed logback log implementation.
- Removed debugMode configuration, instead use log level configuration per logger implementation.
Version 5.3.0
Released 2018-12-12
- Fixed http components memory leak
- Added custom params to async activities (page_requested, block)
- Added data enrichment to context
- Changed logger implementation to logback
- formatted code style across project files
- Added debugMode configuration that changes the log level from ERROR to DEBUG
Version 5.2.0
Released 2018-11-13
- Fixed an issue when the acitivity telemetry won't send humanConfiguration.
- Fixed the usage of custom activity handlers: The verification handler used to override the custom
activity handler. - Added request cookie name extraction, requestCookieNames field sent during risk api call
Version 5.1.0
Released 2018-10-29
- Added testing mode capability
- Added Firsty party fallback when encountering redirection errors
- Reordered the cookies such that the v3 cookie will be selected before v1
Version 5.0.0
Released 2018-08-28
- Added handling of mobile tokens: x-px-tokens, x-px-original-tokens
- Now using CaptchaV2 instead of a third party captcha provider
- Added proxy support
Version 4.2.0
Released 2018-08-06
- Additional mobile handling
- Better cookie decryption
Version 4.1.1
Released 2018-07-22
- Fixed logging level for unexpected risk result
Version 4.1.0
Released 2018-07-20
- Fixed index out of bound error
Version 4.0.0
Released 2018-06-06
- Fixed CustomBlockHandler implementations
- Added support for First Party
- Deprecated PXContext's method
isVerified()
, instead useisHandledResponse()
, read more about it on at the Upgrading section - Update jackson packages
Version 3.1.0
Released 2018-04-04
- Replaced footer on block pages
- New logs format
- Improved enforcer telemetry
- Mobile SDK support
- Custom Params support
Version 3.0.0
Released 2017-11-07
- Remote Configuration support (by default is off)
- Fixed
risk_rtt
fors2s
on exception - Support
js challenge
- Sending
enforcer_telemetry
activities on init and remote config updates, telemetry includes px_config as json, os name and machine name - Supporting
funCaptcha
- New captcha flow
- Fixed bug in S2S
pass_reason
- New documentation
- Support for
monitor mode
(default set totrue
) - Support for ipHeaders (using new class
CombinedIPProvider
)
This version includes breaking changes in the following configurations:
- Monitor mode is now on by default, for blocking mode it should be set to ACTIVE
- BlockingScore was changed from 70 -> 100
- Using ipHeaders from configuration - use default interface of IPProvider (
CombinedIPProvider
instead ofRemoteAddressIPProvider
)
Version 2.1.0
Released 2017-30-07
- Renamed expired_cookie call reason to cookie_expired
- Custom verification handler is now supported
- Added
pass_reason
topage_requested
- Sending
client_uuid
onpage_requested
activities pxVerify
now returning context instead of boolean value- Fixed wrong hostname being collected on
DefualtHostnameProvider
Version 2.0.0
Released 2017-25-04
- Support cookie v3
- Support risk API v2
- Support custom css/javascript/logo on block page
- Send px_cookie_orig when cookie decryption fails
- Invalid cookie format handling
- Buffered activities handling (async send)
- Updated server URL
- Redesign block/captcha page
Version 1.0.16
Released 2016-02-10
HostnameProvider
interface to allow user defined hostname extraction from http request.
Version 1.0.15
- Decrypted risk cookie was added to page_requested activity.
- UUID was added to captcha api request.
- HUMAN server base url changed.
- Documentation updated.
- Bug fix: page_requested payload do not include block activities field.
Merged pull requests:
- Build and deploy automation
Version 1.0.14
Released 2016-10-10
Merged pull requests:
- Compatibility with older jackson
Version 1.0.13
Released 2016-09-27
Version 1.0.12
Released 2016-09-26
Version 1.0.11
Released 2016-09-26
Version 1.0.10
Merged pull requests:
- User-agent and cookie fix case insensitive
Version 1.0.9
Released 2016-09-22
Version 1.0.8
Released 2016-09-21
Merged pull requests:
- Dev less depends
Version 1.0.1
Released 2016-08-22