1.1.2-beta.2

1.1.2-beta.2

1.1.2 Beta Release

What's Changed

• Expose new public api for rate limiting and user blocking
• Add GeoIP banning support

v1.1.1

What's Changed

• Uses our new SQL Tokenizer for improved detection
• Fixes edge case bug in SSRF algorithm
• Fixes bypass with get_json(Force=True) for Flask
• Minor improvements to start and API Discovery

Full Changelog: v1.0.16...v1.1.1

v1.0.16

What's Changed

• Disable package tests for end2end by @bitterpanda63 in #259
• Add compatibility with datadog (ddtrace-run) by @bitterpanda63 in #263

Full Changelog: v1.0.15...v1.0.16

v1.0.15

• API Discovery on by default
• Minor bugfixes/improvements

Full Changelog: v1.0.14...v1.0.15

v1.0.14

What's Changed

• subprocess.Popen patch
• XML bugfix

Full Changelog: v1.0.13...v1.0.14

v1.0.13

What's Changed

• Minor bugfixes for NoSQL
• Allow changes to sys.modules (Bugfix for importhook)
• Expand path traversal coverage

Full Changelog: v1.0.12...v1.0.13

v1.0.12

What's Changed

• Now prioritizes user data over IP for ratelimiting
• Improved our in-house benchmarking
• Added lots of extra testing
• Lots of performance optimization done.

Full Changelog: v1.0.11...v1.0.12

v1.0.11

What's Changed

• Performance optimizations due to reduced IPC usage
• Minor changes to branding (Firewall to Zen transition)
• Bugfix for possible exploit when using Mapping in NoSQL which is not a dict.

v1.0.10

What's Changed

• Improved detection for noSQL injection
• Fix issue reporting to Aikido dashboard