Skip to content

Releases: AikidoSec/firewall-ruby

v1.1.1

28 Jan 15:25
@marksmith marksmith
v1.1.1
1c93ce3
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.1.1 Latest
Latest

What's Changed

  • Include API token hash in the detached agent socket path
  • Fix SSRF detection for invalid URIs
  • Prepend "." to payload paths
Assets 2
Loading

v1.1.0

13 Jan 15:15
@marksmith marksmith
v1.1.0
b35c2d8
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.1.0

What's Changed

  • Add bot blocking and monitoring
  • Log updated runtime settings only when updated
Loading

v1.0.8

09 Jan 16:02
@marksmith marksmith
v1.0.8
f45c018
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.0.8

What's Changed

  • Fix stored SSRF attack detection when the address is the hostname
  • Exclude unknown payload properties from attack data to avoid displaying them as "unknown" in the Aikido dashboard
Loading

v1.0.7

08 Jan 17:30
@marksmith marksmith
v1.0.7
5f7dc73
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.0.7

What's Changed

  • Fix undefined request method in ActionController sink when triggered from ActionMailer callbacks
Loading

v1.0.6

29 Dec 11:23
@marksmith marksmith
v1.0.6
b5af455
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.0.6

What's Changed

  • Improve background worker logging with formatted exception class and message, and backtrace for debugging
  • Clarify hardened method configuration documentation
  • Simplify configuration documentation by removing rarely used middleware insertion
Loading

v1.0.5

23 Dec 12:07
@marksmith marksmith
v1.0.5
a14ee93
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.0.5

What's Changed

  • Make middleware anchor point configurable
  • Anchor middleware after ActionDispatch::Executor by default
Loading

v1.0.4

19 Dec 13:04
@marksmith marksmith
v1.0.4
7544bba
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.0.4

What's Changed

  • Improve middleware registration reliability by anchoring after Rails::Rack::Logger middleware
Loading

v1.0.3

16 Dec 12:24
@marksmith marksmith
v1.0.3
020983f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.0.3

What's Changed

  • Prevent recursive computation of Aikido::Zen::Context#protection_disabled in route constraints
Loading

v1.0.2

05 Dec 16:22
@marksmith marksmith
1.0.2
1766be2
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.0.2

What's Changed

  • Control blocking mode at runtime through the Aikido dashboard
  • Support global bypass list for allowed IPs (individual IPv4 and IPv6 addresses and CIDR ranges)
  • Match wildcard endpoints by verbs and paths
  • Report outbound hostname hits
  • Include clean stack traces in attack reports
  • Fix non-string value bypasses for SQL injection, path traversal, and shell injection
  • Fix path formatting bypass for allowed IP address check
  • Fix SSRF attack metadata port type
  • Fix reporting attacks without request context
  • Rename environment variable AIKIDO_DISABLED to AIKIDO_DISABLE
  • Upcase HTTP method in events
Loading

v1.0.2.beta.10

30 Oct 09:35
@marksmith marksmith
v1.0.2.beta.10
518f47c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.0.2.beta.10 Pre-release
Pre-release

What's Changed

  • Support disabling method hardening via AIKIDO_HARDEN=false or Aikido::Zen.config.harden = false
  • Add fallback for File.join when method hardening is disabled
Loading