- 30 Sep 2024
- Print
- DarkLight
What's New
- Updated on 30 Sep 2024
- Print
- DarkLight
Version 5.2.0
Released 2024-09-30
Updated GraphQL logic to match spec and added functionality:
Added keywords extraction, including custom extraction
Updated logic of operationName query operations filtering
Updated parsing logic of multiple operations in the same query
Removed empty fields from activities
Changed order of cookie verification steps to accommodate research severity definitions
Added hard block page response template
Added AdditionalActivityHandler example
Removed S2SCallReason none
Modified check of empty risk response to not use UUID
Modified first party captcha script fetching to always get script with params
Changed default value of bypass monitor header to x-px-block
Added CI support including end to end tests and fuzzing
Added CI multi-config for default, advanced and monitor modes
Version 5.1.0
Released 2024-06-03
Support multiple config types (active, static, remote)
Modify telemetry activity to include all types of config
Fixed module mode default value and refactored according to spec (monitor and active_blocking instead of true false)
Version 5.0.2
Released 2024-05-06
Added exponential backoff mechanism for retrying remote config updates when errors occur
Version 5.0.1
Released 2024-04-11
Added
errorType
field to error logs during failed remote config updates
Version 5.0.0
Released 2024-04-02
API change: Removed
GetConfig()
function from runtimeAPI change: Must create new
HumanSecurityEnforcer
struct by callingNewHumanSecurityEnforcer
API change: Added
CreateDefaultHumanSecurityMiddleware
which creates a default middlewareAdded support for remote configuration feature
Added support for header-based logger feature
Added capability to add to module version via configuration
px_module_version
Update the captcha template with captcha page includes client-side first party timeout
Configuration for first party timeout
Changed PXHD cookie attribute (added SameSite=Lax, using Max-Age instead of Expires)
Minor cookie bug fixes
Version 4.6.1
Released 2024-02-15
Fixed body parsing issue
Version 4.6.0
Released 2024-02-11
Added support for monitored and enforced routes regex
Added support for sensitive routes regex
Added support for filter by route regex
Added http method to the block response query params
Version 4.5.1
Released 2023-12-27
Fixed first party XHR and Captcha validation issue
Version 4.5.0
Released 2023-12-13
Added risk_start_time and enforcer_start_time fields to enforcer activities
Added blocked URL to the captcha query params
Version 4.4.0
Released 2023-08-20
PXHD reported on async activities is taken from risk response if it exists
Align risk and async activities fields
Configure domain on PXHD cookie
Update the new blocking page
Version 4.3.0
Released 2023-04-18
Added support for filtering by user agent, HTTP method, and IP
Added support for custom cookie header
Added support for monitored routes
Added support for enforced routes
Added support for user identifiers as part of Account Defender
Added support for CORS, including:
Preflight request filtering
Custom preflight request handling
Default CORS headers on block requests
Customized CORS block headers
Minor fixes to align with enforcer specifications (cookie origin, activity payloads, telemetry)
Version 4.2.2
Released 2022-08-09
Fixed pxProxy to handle empty response.
Added some safety checks to credentials intelligence methods.
Version 4.2.1
Released 2022-07-25
Added support for the customer to send the
response status code
from his origin, independently, for any request by decoupling theadditionalS2SActvity
from the Credentials Intelligence feature.
Version 4.2.0
Released 2022-06-28
Added support for Graphql sensitive operations based on name and type
Added support for customizable Graphql routes
Added support for enabling and disabling Graphql
Added support for sending reporting single and multiple Graphql operation names and types on all enforcer activities
Version 4.1.0
Released 2022-06-20
Added support for enforcer telemetry by command
Removed sending enforcer telemetry activities on init and remote config updates feature
Version 4.0.0
Released 2022-05-22
Added Credentials Intelligence
Added Custom Logo
Added Advanced Blocking Response
Added Custom Parameters
Added Block Invalid Cookie
Version 3.1.5
Released 2021-06-28
Support for dynamic cookie signature fields
Support for configurable riskUrl and collectorUrl
Added px_metadata.json
Version 3.1.4
Released 2020-10-06
Added support for IP signed PX cookie.
Version 3.1.3
Released 2020-10-06
Added Whitelist Routes.
Version 3.1.2
Released 2020-05-24
Added empty string validation for sensitive_routes.
Version 3.1.1
Released 2019-09-04
Fixed cookie iterations validation
Version 3.1.0
Released 2019-09-04
Added verficiation for mobile header length
Added risk_status_code
Added bypass monitor mode
Version 3.0.0
Released 2019-01-10
Added PXHD handling
Minor Refactoring
Minor bug fixes
Added testing mode
Added fp fallback for blocking
Version 2.0.0
Released 2018-08-27
The
Enforce
function now returns(res *http.Response, context *PxContext, err error)
instead of(res *http.Response, int score, err error)
. The score is available as a property in the context object.Support for rate limiting
Simplified captcha flow
First party support
Data enrichment
JSON response
mobile error alignment
logging on server to server error