Python Agent Release Notes


[1.12.6] 2018-04-24

  • Update security plugin signature validation algorithm.
  • Improve agent behavior when receiving invalid security plugin signatures.

[1.12.5] 2018-05-22

  • Add support for Python 3.7.
  • Update security responses format.

[1.12.4] 2018-05-21

  • Fix IP redirection security response behavior.
  • Fix security responses compatibility with Django 2.0.

[1.12.3] 2018-05-17

  • Improve management of HTTP timeouts when Sqreen backend is not reachable.
  • Do not run the agent within Pyramid shell.
  • Update security responses format.

[1.12.2] 2018-05-15

  • Fix communication recovery when Sqreen backend is not reachable for a while (e.g. network outage).
  • Fix security responses parsing.

[1.12.1] 2018-05-04

  • Improve security responses behavior during actions reload.

[1.12] 2018-05-03

  • Add compatibility for Flask 1.x.
  • Improve security responses behavior.

[1.11.3] 2018-04-24

  • Log and filter out invalid options key in SDK track events.
  • Add request information to SDK track events.
  • Update vendored libraries.

[1.11.2] 2018-04-23

  • Fix metrics aggregation on SDK track events.

[1.11.1] 2018-04-20

  • Fix HTTP code metrics on aiohttp.

[1.11.0] 2018-04-19

  • Add support for SDK track function.

[1.10.0] 2018-04-12

  • Add support for custom IP headers.
  • Update vendored libraries.

[1.9.0] 2018-04-03

  • Add support for aiohttp 3.0 and 3.1.

[1.8.7] 2018-03-22

  • Fix user-agent matching.
  • Fix a memory leak in JS rules execution.

[1.8.6] 2018-02-28

  • Fix disabled instrumentation with New Relic on Heroku.

[1.8.5] 2018-02-06

  • Fix HTTP code metrics on blocked attacks.

[1.8.4] 2018-02-01

  • Process preloaded Django messages.

[1.8.3] 2018-01-29

  • Don't consume Django messages when analyzing them.
  • Avoid crashing on non-string Django messages.

[1.8.2] 2018-01-26

  • Protect against malicious cookies payloads.

[1.8.1] 2018-01-17

  • Fix behavior of request recording.

[1.8.0] 2018-01-11

  • Add support for Django 2.0.
  • Add new SDK method identify.
  • Update vendored libraries.

[1.7.2] 2017-12-21

  • Don't trigger DATA_UPLOAD_MAX_MEMORY_SIZE with Django Rest Framework.

[1.7.1] 2017-12-13

  • Support for aiohttp 2.2.
  • Improve IP address detection.

[1.7.0] 2017-12-04

  • Beta support for aiohttp.

[1.6.0] 2017-11-23

  • Smaller communication payloads.
  • Updated error page.
  • Updated user agent.

[1.5.8] 2017-10-27

  • Fix whitelist behavior on Gunicorn socket mode.
  • Fix authentication behavior when no request was recorded.

[1.5.7] 2017-10-23

  • Improve performances on long parameters.
  • Fix behavior on missing hookpoints.

[1.5.6] 2017-10-18

  • Don't crash when exiting uWSGI 2.0.15.

[1.5.5] 2017-10-16

  • Upgrade vendored dependencies.
  • Improve IP address detection.
  • Fix encoding issues in JS callbacks.

[1.5.4] 2017-10-11

  • Performance improvements.
  • Update documentation URLs.
  • Improve IP address detection.
  • Fixed behavior on invalid or unknown IP addresses.
  • Fixed behavior when receiving bytes instead of strings in DB-API 2.0 methods.

[1.5.3] 2017-09-26

  • Upgrade vendored dependencies.
  • Performance improvements.

[1.5.2] 2017-09-15

  • Unusual clash between vendored and app libraries.
  • Performance improvements.

[1.5.1] 2017-08-29

  • Performance regression.

[1.5.0] 2017-08-28

  • Add support for IP whitelist and blacklist.
  • Add support for Pyramid 1.8 and 1.9.
  • Corner-case bug on non-blocking rules.
  • Smaller memory footprint.

[1.4.0] 2017-08-17

  • Improve login mechanism with smaller payloads.

[1.3.2] 2017-06-28

  • Add support for reverse proxy in the configuration file
  • Fix PostgreSQL support when using Django 1.11 and Python 3

[1.3.1] 2017-05-09

  • Correctly handle HTTP requests with some empty field

[1.3.0] 2017-04-24

  • Add compatibility for Django 1.11
  • Add the attack page

[1.2.1] 2017-04-12

  • Improve the data collected with the automatic user context when using Django.
  • Fix a possible regression in startup time when using gunicorn with a gevent worker.

[1.2.0] 2017-04-05

  • Improve the quality of data we get for HTTP code.

[1.1.0] 2017-03-23

  • The agent detect when the Flask or Django application is in debug mode and skip the cleanup in order to fasten the exit.
  • The agent now correctly detect when the application is launched in a interactive interpreter environment with manage.py shell and doesn't launch.
  • Reduce startup overhead.
  • Improve compatibility with Newrelic.

[1.0.3] 2017-03-10

  • Add official support for Django 1.6 and Django 1.7.
  • Ensure the agent use a compatible version of urllib3 in all cases.

[1.0.2] 2017-01-16

  • Prepare the agent for a future user related feature.

[1.0.1] 2017-01-09

  • Fix a last minute regression on a monitoring feature.

[1.0.0] 2017-01-06

  • Add support for Pyramid framework versions 1.6 and 1.7.
  • Add support for Python 3.6.
  • Display a message when the agent starts if it detect a not-supported framework version or Python version.
  • Improve performances on Django when the response is 404.
  • Reduce startup time.

[0.9.3] 2016-11-30

  • Add support for XSS protection with Jinja2.
  • Remove agent logging from Python raven breadcrumbs integration.
  • Greatly improve memory consumption of the agent.

[0.9.2] 2016-11-16

  • The client IP is now more accurate when proxies are present in the network architecture.
  • Greatly improve performance when checking SQL queries for SQL injections.
  • Fix a bug with DjangoRestFramework 3.3.X that could lead to empty POST parameters.

[0.9.1] 2016-10-28

  • Update version of the shipped Urllib3 dependency.

[0.9.0] 2016-10-26

  • Add a new layer of security to the Python agent.
  • Small performances improvements.
  • Fix a regression with Flask integration about handling X-Forwarded-For header.

[0.8.13] 2016-10-10

  • Add support for the basic authentication SDK, see our documentation for more information how to enable it.

[0.8.12] 2016-10-07

  • Add support for paths whitelist.
  • Improve detection of situations where the Python agent shouldn't starts.

[0.8.11] 2016-10-06

  • Bump the minimum version of PyMiniRacer to be sure to use the latest most performant one.

[0.8.10] 2016-10-03

  • Make the Python agent more network friendly.

[0.8.9] 2016-09-26

  • Fix an edge-case that could sends twice the query parameters.

[0.8.8] 2016-09-21

  • Improve general performance of the Python agent.
  • Fix edge-case that could lead the agent to returns an incorrect client IP.

[0.8.7] 2016-09-12

  • Fix issue with some Django authentication backends that prevents account activity monitoring.

[0.8.6] 2016-09-09

  • Fix a bug when the configuration file is invalid, now the Sqreen agent displays a clean message explaining that it cannot start.

[0.8.5] 2016-09-08

  • Add a better integration with Flask, the data showed on the dashboard should be more precise and consistent with the data Flask parses and exposes.
  • Fix a bug with Python3 and headers insertion.
  • Fix a bug where the XSS protection protect even in learning mode.
  • Fix a bug with the XSS protection that could send log messages to the application.
  • Fix a double instrumentation bug that could happen with some WSGI servers.

[0.8.4] 2016-08-16

  • Fix a bug caused by the interaction between SQL protection and psycopg2 register_type.

[0.8.3] 2016-08-12

  • Add better support for Django framework, the requests should be more precise and match information you could find in your logs.

[0.8.2] 2016-08-11

  • Fix the bug that consume file upload, making the file unavailable for the application.

[0.8.1] 2016-08-11

  • Fix a bug that makes the Sqreen agent to block during starting.

[0.8.0] 2016-08-10

  • Add support for dynamic rules.

[0.7.2] 2016-07-29

  • Update the Python agent to compute the client-ip using the X-FORWARDED-FOR header if present, you should now see the real client ip.

[0.7.1] 2016-07-28

  • Fix a bug that could send a 500 when the URL didn't match any route instead of a 404.
  • Fix a bug that blocked security bots even in learning mode.

[0.7.0] 2016-07-22

  • Update Django account activity monitoring to be more generic and not depends on the Django authentication backend configured.

[0.6.0] 2016-07-20

  • Improve the performance of the Sqreen agent when no attacks is detected.

[0.5.0] 2016-06-30

  • The Python agent now correctly detects the pyramid framework, but it's not supported yet.
  • Improve HTTP performance when interacting with the backend.

[0.4.0] 2016-06-23

  • Add support for account activity monitoring.
  • Add support for crawlers monitoring.

[0.3.0] 2016-06-16

First version!