Node.js Agent Release Notes


[1.10.4] 17 OCT 2017

Fixed

  • ensure no infinite recursions when packages are installed with cnpm

[1.10.3] 10 OCT 2017

Fixed

  • attachValue cb checks that context exists before running

[1.10.2] 29 SEP 2017

Fixed

  • insert sqreen header sooner in request lifecycle

[1.10.1] 14 SEP 2017

Added

  • CRS patterns min_length control

Changed

  • requests are cleaned at response time
  • reduced usage of setImmediates

Fixed

  • CLS-patched modules are patchable

[1.10.0]

Added

  • When Sqreen is not the first required module, a warning message will be displayed in the error output

Changed

  • hook detection uses hasOwnProperty

[1.9.9]

Changed

  • js rules in strict mode
  • better sqreen debug logs

[1.9.8]

Fixed

  • add forgotten promise rejection catch

[1.9.7]

Changed

  • safeguard at specific hooks

[1.9.6]

Changed

  • lazy binding accessor

[1.9.5]

Changed

  • Important: lazy build of rules callbacks
  • moved debug collection of dependencies to command

[1.9.4]

Changed

  • prevent errors on tentative of pathcing unexisting packages (fix)

[1.9.3]

Changed

  • prevent errors on tentative of pathcing unexisting packages

[1.9.2]

Changed

  • ip address detection behavior

[1.9.1]

Changed

  • login v1.5

[1.8.8]

Changed

  • reduce memory/cpu footprint on login due to packages collection

[1.8.7]

Fixed

  • first attacks are pushed to BE immediately

[1.8.6]

Added

  • filtered_request_params BA

[1.8.5]

Changed

  • better handling of network errors
  • node_modules/.bin rpertory not explored at login

[1.8.4]

Changed

  • Null rulespack do not fire errors anymore

[1.8.3]

Changed

  • Express middleware to be injected by overriding lazyrouter and not init

[1.8.2]

Fixed

*on-request hook is blocking when skipped

[1.8.1]

Added

  • IP blacklist support
  • onrequest http/https hook after cls init

[1.8.0]

Added

  • IP whitelist support

Fixed

  • reduced continuity loss in passport-local

[1.7.10]

Fixed

  • express CRS support when no call to use is made
  • referer header captured in attacks

[1.7.9]

Fixed

  • passport-SAML auto hook strategy to handle mongoose objects

[1.7.8]

Added

  • '1' is allowed for env var

Changed

  • escape only certain xss

[1.7.7]

Added

  • SQREEN_DISABLE env to disable Sqreen

Fixed

  • tests in node 8

[1.7.6]

SKIPPED

[1.7.5]

Fixed

  • agent version not to be tempered with

[1.7.4]

Added

  • hapijs ext points added for custom ruling

[1.7.3]

Fixed

  • whitepathed attacks are whitepathed

[1.7.2]

Changed

  • remove an unhandled promise rejection

[1.7.1]

Added

  • safeguard to ensure remote ip is a string in utils

Changed

  • README.md

[1.7.0] 2017-04-19

Added

  • attack page and redirection behavior

Fixed

  • Pre-conditions updates

[1.6.0] 2017-04-18

Added

  • CRS support
  • request_params BA

Changed

  • beats force metric collection

[1.5.0] 2017-04-07

Added

  • pre-conditions support
  • BindingAccessorCounter cb

[1.4.8] 2017-03-27

Changed

  • updated wreck to 12.

[1.4.7] 2017-03-23

Added

  • https support

Changed

  • login metric name

[1.4.6] 2017-03-17

Changed

  • rename hook files names to prevent NR fake warning

[1.4.5] 2017-03-14

Changed

  • reduced error logs

[1.4.4] 2017-03-03

Fixed

  • batch is overridden when an event kind is met for the first time

[1.4.3] 2017-03-03

Changed

  • change logs

[1.4.2] 2017-02-27

Changed

  • fast logout when NODE_ENV indicates dev

[1.4.1] 2017-02-27

Added

  • #.cwd in accessors

Changed

  • allow all chars in pkg names

Fixed

  • login features issue

[1.4.0] 2017-02-16

Added

  • ensure preventaion of double call on res.write
  • shellshock protection

Changed

  • remove patching prevention on native code

Removed

  • lookup space cache removed to prevent reducing the attack space size

Fixed

  • matcher case_sensitive management

[1.3.5] 2017-02-02

Added

  • count status code of dropped requests

Changed

  • do not use a shadow cache for non native modules
  • remove blind patching

[1.3.4] 2017-01-27

Added

  • require-dir excluded from patching

Changed

  • do not cache excluded modules

[1.3.3] 2017-01-25

Added

  • include cls-bluebird

[1.3.2] 2017-01-25

Added

  • Async callback continuity

[1.3.1] 2017-01-23

Changed

  • inlined @vdeturckheim/asjson

[1.3.0] 2017-01-23

Added

  • support for passport-saml

Changed

  • udpate lab

[1.2.1] 2017-01-16

Added

  • request tracking with uuid v4

Changed

  • updated warning when no config is found

Fixed

  • attack artifacts should be compliant with BE

[1.2.0] 2016-12-30

Added

  • initial features
  • (not public) signup sdk part 1

Changed

  • split context in CLS thrown errors
  • hard coded express continuity

Removed

  • opbeat warnings

[1.1.0] 2016-12-27

Added

  • force logout command

Changed

  • npm keywords
  • update README

Fixed

  • callback call count fixed (bad rulespack, no default enabled)

[1.0.0] 2016-12-20

DEC 2016

Changed

  • custom management of response.end to prevent overrides impact
  • binding accessor will give exceptions
  • remove feature on metric delay

[0.12.1] 2016-12-20

Fixed

  • SDK auth fail are not converted to success anymore

[0.12.0] 2016-12-19

Changed

  • metrics key are not a string in a string
  • versionCheck metric is better
  • use login/heartbeat API v1
  • sqreen does not block all depreciation messages anymore

[0.11.3] 2016-12-16

Added

  • Continuity relays on q promises
  • Better reports if a js cb fails
  • Metric flush on logout
  • Better behavior when NR is present

[0.11.2] 2016-12-13

Added

  • Continuity relays on passport

[0.11.1] 2016-12-08

Fixed

  • Renamed instrumentation/director for preventing NR from thinking that npm package director has been already required.

[0.11.0] 2016-12-08

Changed

  • major perf boost
  • dynamic patching enabled

Fixed

  • call count disabled on default

[0.10.0] 2016-11-22

Added

[0.9.0] 2016-11-16

Added

  • better ip detection for clients

[0.7.0] 2016-09-15

Added

  • features change supported
  • update wreck
  • batch mode

0.6.5 - 2016-09-13