Releases: newrelic/csec-go-agent
Releases · newrelic/csec-go-agent
Release v1.4.0
[v1.4.0] - 2024-08-27
Features:
- Added new key identifiers to all event JSONs.
- Introduced detailed IAST scan metric reporting via HealthCheck for better insights.
- Added support for Secure Cookie event reporting to provide detailed vulnerability information.
- Added support for application/xml and text/xml content-types for RXSS vulnerability detection.
- Implemented a new mechanism to uniquely generate low severity events based on API ID, with a 30-minute time interval
Changes:
- Update IAST Header Parsing Minimum Expected Length Set to 8.
- Updated API ID generation to utilize both stacktrace and route information.
- Performed comprehensive code refactoring and cleanup for improved system efficiency and maintainability.
- Json Version bump to 1.2.5
Deprecations:
- Status File Used for Debugging: This feature has been deprecated. All debugging capabilities have been moved to either Init Logging or Error Inbox and will be removed in a future agent release
Release v1.3.0
Features
- Added functionality to report panics in user code.
- Added support to report 5xx status code.
- Added support to detect gRPC API endpoint.
- Added support for MongoDB latest version v1.15.0
- Added feature to detect route of an incoming request for all supported frameworks.
- Added support to detect server web directory
- Added generic code to run agent on os like OpenBSD, FreeBSD
Miscellaneous chores
- Fixed for incorrect system memory reporting on darwin
- Fixed for duplicate URL mapping reporting issue
- No Longer Sending Fuzz Fail Events
- Json Version bump to 1.2.3
Release v1.2.0
Features
- IAST replay header decryption due to Security Findings.
- Json Version bump to 1.2.0
Miscellaneous chores
- Prepended the vulnerability case type with apiId.
- Updated time interval for IAST pull request.
- Bumped golang.org/x/net from v0.17.0 to v0.23.0
Release v1.1.0
Features
- Functionality to report API endpoints of the application
Bug fixes
- Updated permissions for file/directory created by security agent
Miscellaneous chores
- Bumped google.golang.org/protobuf from v1.32.0 to v1.33.0
- Improved logging.
Release v1.0.0
Changes
- Added env variable to print logs on stdout.
Miscellaneous chores
- Improved logging.
- Updated software license to New Relic Software License Version 1.0
- Updated Copyright headers.
- Updated license in readme.
Release v0.7.0
Changes
- Added new critical log messages.
- Added thread pool stats in HC messages.
Bug Fixes
- Fixed incorrect query parameter encoding.
- Fixed multiple API ID issues for RCE events
Release v0.6.0
Changes
- Added exclusion based filtering of RXSS events.
- Added ws headers NR-CSEC-ENTITY-GUID and NR-CSEC-ENTITY-NAME.
- Added Support for PUT, PATCH and DELETE http requests type. NR-175410
- Added Support for FastHttp framework.
- Implemented API to send important logs to Security Engine.
- Added support for warning messages in case of missing security wrappers
- Updated jsonVersion to 1.1.1 in security events.
- Updated example/test application directory.
- Updated unit test-cases for mongo.
- Updated file access hook and sent absolute file path.
Bug Fixes
- Incorrect query type for mongo findAndModify case.
- Fixed empty complete request ID for lastleg .
- Incorrect server protocol in case of grpc.
- Nil query for sql prepared statement for MAC environment.
- Fixed for NPE in case of outbound request.
Release v0.5.1
- Added required changes for backward compatibility with APM agent.
- Corrects an error in the release process for v0.5.0
Release v0.5.0
[v0.5.0] - 2023-10-23
Features
- Last leg acknowledgement in IAST scanning.
- Added event stats in healthcheck
Bug Fixes
- Remediate cve with grpc version v1.56.2
- Remediate cve with net version v0.13.0
- Out of Memory issue in case of large request body.
- Added a new security config parameter to set a limit on the read request body.
- Added a few optimizations for CPU and memory utilization.
Release v0.4.0
- Updated logger module and implemented new logging module with standard golang package
log
- Remove the following third-party dependency for logging:
- juju/fslock
- sirupsen/logrus
- Remove the following third-party dependency for logging:
- Update HC health check messages sending pipeline and send HC health check messages on priority.
- Added null parameter checks before event generation.
- Adopt IAST data pull implementation.
- Improved logging and added a few fallback mechanisms for restricted environments.
- Updated service status module and removed the following third-party dependency:
- juju/fslock
- mackerelio/go-osstat
- pbnjay/memory
- sirupsen/logrus
- struCoder/pidusage