5.1.1+upstream4.9.0

What's Changed

• Fix vulnerability GHSA-c5pj-mqfh-rvc3

5.1.0+upstream4.9.0

What's Changed

• Over-limit events improvements
• APIFW version 0.8.3
  • [bug fix] Introduced a way to illuminate the possibility for attackers to bypass APIFW protection
  • Added new APIFW configurable parameters in the helm chart
• wallarm_attack_type / wallarm_attack_type_list NGINX variables now properly show APIFW attacks
• [init container] Reduced memory usage during node registration
• [bug fix]Wallarm solution turn on/off switch in Helm values now triggers pod redeployment properly to avoid unnecessary containers during the Helm upgrade process

4.10.13+upstream4.9.0

• Fixed memory leak on duplicate response headers in libproton (initially introduced in 4.8)
• Fixed memory leak in libwacl on IP addresses that are not in acldb but have known source (initially introduced in 4.8)
• Backported API Discovery fix of errors on missing status code

5.0.3+upstream4.9.0

• Added support for customizing sensitive data detection in API Discovery
• Fixed memory leak on duplicate response headers in libproton
• Fixed memory leak related to IP addresses that are not in IP lists but have known source
• Go version bumped to 1.22.7
• opencontainers/runc version bumped to 1.1.14

5.0.2+upstream4.9.0

• fixed installation fails without AAS subscription
• fixed export attack delay metric

5.0.1+upstream4.9.0

• The supplementary Ruby code used in the node was replaced with Golang

4.10.9+upstream4.9.0

• Fixed the Tarantool reconnect issue for API Abuse Prevention
• Fixed issues exporting malicious behavior patterns detected by the API Abuse Prevention module to API Sessions
• Fixed the CVE-2024-6345 vulnerability

4.10.8+upstream4.9.0

• Fixed a memory leak in the API Discovery module

• Upgraded the controller to Go 1.21.12

• Fixed the vulnerabilities:

  • CVE-2024-24791
  • CVE-2024-5535

4.10.7+upstream4.9.0

• Fixed the syncnode issue Could not update (TypeError): no implicit conversion of nil into String that sometimes appeared when registering a node in Wallarm Cloud using a node token
• Optimized OpenAPI data type detection by the API Discovery module
• Upgraded the controller to Go 1.21.11 for the CVE-2024-24790 fix

4.10.6+upstream4.9.0

• Added the controller.wallarm.container_name.extraEnvs chart values to allow passing additional environment variables to Docker containers utilized by the solution

• Enhanced OpenAPI data type detection by the API Discovery module

• Introduced the wallarm_http_v2_stream_max_len directive to control the maximum length of HTTP/2 streams, helping prevent excessive memory consumption in long-lived gRPC connections

  To apply this directive during Ingress controller deployment, include it in the controller.config.http-snippet, server-snippet, or location-snippet values. Alternatively, use the nginx.ingress.kubernetes.io/server-snippet Ingress annotation.

• Resolved a memory leak issue where memory continued to be consumed after an overlimit attack was triggered, even when no further attack checks were conducted