Skip to content

Releases: newrelic/csec-go-agent

Release v1.6.0

16 Dec 05:56
@aayush-ap aayush-ap
v1.6.0
1b0c5f3
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v1.6.0 Latest
Latest

[v1.6.0] - 2024-12-16

Features:

  • Added Support for Graphql framework graphql-go/graphql.
  • Added support for IAST CI/CD and Scan Controllers.
    Configuration via yaml: 
    # This configuration allows users to specify a unique test identifier when running IAST Scan with CI/CD
iast_test_identifier: 'run-id'

scan_controllers:
   # This configuration allows users to the number of application instances for a specific entity where IAST analysis is performed.
   scan_instance_count:  0 # Values are 1 or 0, 0 signifies run on all application instances

Fixes

  • Fix query parameter encoding for replaying fuzz requests.
Assets 2
Loading

Release v1.5.0

29 Oct 10:36
@aayush-ap aayush-ap
v1.5.0
28fb274
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v1.5.0

[v1.5.0] - 2024-10-29

Features:

  • Json Version bump to 1.2.9.
  • Add IAST Scan start time and Traffic Start Time in Health Check
  • Add feature to allow IAST Scan Scheduling.
  • Add feature to ignore IAST Scan of certain APIs, categories, or parameters.
  • Add feature to rate limit the IAST replay requests.
  • Add trace.id in event json.
  • Add request uri in application runtime error event.

Fixes

  • Fix for wrong user file name for RXSS event in windows environment.
Assets 2
Loading

Release v1.4.0

27 Aug 04:40
@aayush-ap aayush-ap
v1.4.0
e429392
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v1.4.0

[v1.4.0] - 2024-08-27

Features:

  • Added new key identifiers to all event JSONs.
  • Introduced detailed IAST scan metric reporting via HealthCheck for better insights.
  • Added support for Secure Cookie event reporting to provide detailed vulnerability information.
  • Added support for application/xml and text/xml content-types for RXSS vulnerability detection.
  • Implemented a new mechanism to uniquely generate low severity events based on API ID, with a 30-minute time interval

Changes:

  • Update IAST Header Parsing Minimum Expected Length Set to 8.
  • Updated API ID generation to utilize both stacktrace and route information.
  • Performed comprehensive code refactoring and cleanup for improved system efficiency and maintainability.
  • Json Version bump to 1.2.5

Deprecations:

  • Status File Used for Debugging: This feature has been deprecated. All debugging capabilities have been moved to either Init Logging or Error Inbox and will be removed in a future agent release
Assets 2
Loading

Release v1.3.0

25 Jun 03:36
@aayush-ap aayush-ap
v1.3.0
753dc83
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v1.3.0

Features

  • Added functionality to report panics in user code.
  • Added support to report 5xx status code.
  • Added support to detect gRPC API endpoint.
  • Added support for MongoDB latest version v1.15.0
  • Added feature to detect route of an incoming request for all supported frameworks.
  • Added support to detect server web directory
  • Added generic code to run agent on os like OpenBSD, FreeBSD

Miscellaneous chores

  • Fixed for incorrect system memory reporting on darwin
  • Fixed for duplicate URL mapping reporting issue
  • No Longer Sending Fuzz Fail Events
  • Json Version bump to 1.2.3
Assets 2
Loading

Release v1.2.0

12 Apr 06:56
@aayush-ap aayush-ap
v1.2.0
41c4a3a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v1.2.0

Features

  • IAST replay header decryption due to Security Findings.
  • Json Version bump to 1.2.0

Miscellaneous chores

  • Prepended the vulnerability case type with apiId.
  • Updated time interval for IAST pull request.
  • Bumped golang.org/x/net from v0.17.0 to v0.23.0
Assets 2
Loading

Release v1.1.0

26 Mar 11:33
@aayush-ap aayush-ap
v1.1.0
97dfc89
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v1.1.0

Features

  • Functionality to report API endpoints of the application

Bug fixes

  • Updated permissions for file/directory created by security agent

Miscellaneous chores

  • Bumped google.golang.org/protobuf from v1.32.0 to v1.33.0
  • Improved logging.
Assets 2
Loading

Release v1.0.0

07 Feb 11:58
@aayush-ap aayush-ap
v1.0.0
105ce11
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v1.0.0

Changes

  • Added env variable to print logs on stdout.

Miscellaneous chores

  • Improved logging.
  • Updated software license to New Relic Software License Version 1.0
  • Updated Copyright headers.
  • Updated license in readme.
Assets 2
Loading

Release v0.7.0

25 Jan 13:04
@aayush-ap aayush-ap
v0.7.0
de9939e
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v0.7.0

Changes

  • Added new critical log messages.
  • Added thread pool stats in HC messages.

Bug Fixes

  • Fixed incorrect query parameter encoding.
  • Fixed multiple API ID issues for RCE events
Assets 2
Loading

Release v0.6.0

15 Jan 13:23
@aayush-ap aayush-ap
v0.6.0
16d5280
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v0.6.0

Changes

  • Added exclusion based filtering of RXSS events.
  • Added ws headers NR-CSEC-ENTITY-GUID and NR-CSEC-ENTITY-NAME.
  • Added Support for PUT, PATCH and DELETE http requests type. NR-175410
  • Added Support for FastHttp framework.
  • Implemented API to send important logs to Security Engine.
  • Added support for warning messages in case of missing security wrappers
  • Updated jsonVersion to 1.1.1 in security events.
  • Updated example/test application directory.
  • Updated unit test-cases for mongo.
  • Updated file access hook and sent absolute file path.

Bug Fixes

  • Incorrect query type for mongo findAndModify case.
  • Fixed empty complete request ID for lastleg .
  • Incorrect server protocol in case of grpc.
  • Nil query for sql prepared statement for MAC environment.
  • Fixed for NPE in case of outbound request.
Assets 2
Loading

Release v0.5.1

16 Nov 19:11
@aayush-ap aayush-ap
v0.5.1
3663c25
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v0.5.1
  • Added required changes for backward compatibility with APM agent.
  • Corrects an error in the release process for v0.5.0
Assets 2
Loading