v1.4.0

• CHANGES
  • Change SCA package name format and signature #118

v1.3.2

• FEATURES
  • Add str/bytes/bytearray concat hook #106

v1.3.1

• FEATURES
  • Add crypto bad cipher detection #107
  • Add regular expression DOS attack detection #111
  • Compatible with v2 version taint data reporting API #116
• BUGFIXES
  • Fix exception caused when using gevent patch #105
  • Fix Django 3.1, 3.2 response header parsing error #108
  • Added documentation of packages required for compiling under alpine linux #115
• ENHANCEMENTS
  • performance optimization #116
  • code cleanup #110
• BUILD
  • When the github action runs, it automatically triggers openapi to pull the latest agent package #113

v1.3.0

• FEATURES
  • Add installed packages report for SCA #100
• BUGFIXES
  • Fix memory leak when use requests #99

v1.2.1

• BUGFIXES
  • Fix memory leak in fstring hook #97

v1.2.0

• FEATURES
  • Add pymongo hook rules for NoSQL injection detection #84
  • Add python-ldap and ldap3 hook rules for LDAP injection detection #86, #88
  • Use the environment variable DEBUG=1 to enable debug mode #92
• BUGFIXES
  • Fix request and response header formats #87
  • Bypass the hook in the filter rules #93
• TESTING
  • When testing for vulnerabilities, separate Django and Flask project names #94, DockerVulspace#8

v1.1.4

• FEATURES
  • Add funchook for Python C API functions/methods
  • Add fstring patch
  • Add str/bytes/bytearray cformat(%) patches
  • Add str.__new__, bytes.__new__, bytearray.__init__ patches
  • Add pickle.load, pickle.loads hook rules for Insecure Deserialization detection
  • Add some filtering rules for HTML escaping
• BUGFIXES
  • Fix yaml.load and yaml.load_all sink parameters check
• CHANGES
  • Change yaml.load, yaml.unsafe_load strategy type to Insecure Deserialization
  • For requests containing multiple sink methods, tracking is no longer stopped after the first sink method is detected
• BUILD
  • Support for C extension build under Windows
  • Add build actions on Ubuntu/macOS/Windows

v1.1.3

• FEATURES
  • Use the environment variable ENGINE_NAME to customize agent name
  • Use the environment variable LOG_PATH to customize log file path
  • Add exec hook and policy rule to detect code execution vulnerabilities
• ENHANCEMENTS
  • Code refactoring: Add scope to prevent recursive execution of the agent's own code
  • Code refactoring: Add runtime settings and replace the configuration that uses global variables
  • Code refactoring: Add request context to store tainted data
  • Performance improvements: Tainted data processing optimization
  • Performance improvements: Remove unnecessary list policy rules
• BUGFIXES
  • Fix eval exceptions with contextual variables

v1.1.2

Merge pull request #61 from lostsnow/feature/v1.1.1

update changelog

v1.1.1

• FEATURES
  • Add agent auditing on startup
  • Use environment variable PROJECT_VERSION for auto create project version
• ENHANCEMENTS
  • Add Django template hook rule for XSS detection
  • Add old version werkzeug request body hook rule
  • Add Django route match hook rule
• BUGFIXES
  • Fix SQL injection sink arguments processing
  • Fix the duplicate agent name caused by using the same configuration file under multiple frameworks
  • Fix the problem that Django response body is getting empty
  • Fix object hash generation method to avoid duplicate hashes
  • Fix the problem of method pooling under multiple threads
  • Fix the case that some methods return values from their own parameters
  • Fix old version werkzeug compatibility