v1.3.4 🌈

Changes

• Picking up system config from config in Privado

• Feature/system config @abhstabs (#135)

v1.3.3 🌈

Changes

• Dev @khemrajrathore (#134)
• Update purchase_data.yaml @HiteshMah-Jan (#129)
• Add : new rules - TIN, EIN @HiteshMah-Jan (#130)
• fix - inet4, inet6 @khemrajrathore (#133)
• Fix/insurance number category @HiteshMah-Jan (#128)

v1.3.2 🌈

Changes

• add - exclusion rule for WEB-INF application.properties @khemrajrathore (#125)
• Added and modified a rule @hiaashna (#115)

v1.3.1 🌈

Changes

• Dev @khemrajrathore (#124)
• Add/map box @khemrajrathore (#122)
• fix - pwd in passsword @khemrajrathore (#111)

v1.3.0 🌈

Changes

• Probable Sink listing

• Inventory Dataflows with Reverse Graph

• Multi-pattern support in the rule

• Warning message to alert user, if privado doesn’t have permission to write result to it

• Bug - If a repo have Java as a minor language, rules are were not getting picked correctly

• In validation stage of rule earlier regex of rule was not validated, now it will be

• Fix - Test cases not running

• Add - Jooq database detection

• Fix - Address Rule

• Add - semantics for persistence entity, and backup for unresolved method names

• Dev @khemrajrathore (#112)

• patch: fix VPA address rule @abhstabs (#110)

• fix - remove getBody, getStatusCode from sendgrid match @khemrajrathore (#108)

• fix - remove detection of remoteAddress in personal address, add Trace in log @khemrajrathore (#107)

• Patch/rule fixes @abhstabs (#98)

• add - semantic for persistence entity @khemrajrathore (#103)

• add - backup for unresolved @khemrajrathore (#102)

v1.2.0 🌈

Changes

• Sink Processing
• Probable Sinks
• Experimental JS support
• Database Name Identification
• Validate Rules

v1.1.1 🌈

Changes

• Enhance java patterns for Sinks, Collections & Sources @ojaswa1942 (#83)
• Add actionable content to README @benvenker (#82)

v1.1.0 🌈

Changes

Features:

1. Support for Console Output: Privado now shows the scan results as a summarized report on the console itself. Before this release, users had only two options either look at the privado.json file or view results on the Privado dashboard. Now, users can quickly see the scan results and for interesting scans visualize them on the dashboard or look at the privado.json file.
2. Upload command: Users can explicitly pass a command for uploading the results from their machine to the dashboard. This will help if the automatic upload fails or if the user by default does not want to upload results and only wants to upload results for a few repositories. Details of the command are in our documentation.
3. Added. flags to let CLI run in a non-interactive way: Users can now pass additional flags with the scan command to skip upload or explicitly upload results. This will be useful in a CI environment where there is no UI for users to interact with our consent question. Details on the flags are added to our documentation.
4. Added Support for Configurable Semantics. With semantics, users have control over how data propagates through a function call. For example - log.debug(name, email), the user can choose if the name would further taint email, log, or does not taint anything.

Enhancements:

1. Reduced noise in leakage detection
2. Account Data: Account Name and Account Password will stop detecting global credentials needed for connecting with databases or SaaS apps like JIRA.
3. Contact Data: Added more keywords to detect Phone Number: phone, cellphone, contact, etc.
4. Mnemonics: Added a new data element to track mnemonics which is a sensitive data element for web3 wallets and products.

• Sync dev branch with master @HiteshMah-Jan (#65)
• Track mnemonic used in digital wallets @tuxology (#64)
• fix: prevent db_username to match as AccountName @HiteshMah-Jan (#41)
• semver: replaced . with - for versioning in dev @hiteshbedre (#57)
• fix: upgrade phone rule to get only phone keyworld @luizleite-hotmart (#42)
• Sync contributor commit with dev @ojaswa1942 (#56)
• Docs: sync Gitbook docs with dev @ojaswa1942 (#54)
• Versioning: Added new version semantics for dev env @hiteshbedre (#51)
• add - semantic support @khemrajrathore (#46)
• feat: update readme @prashant-privado (#38)

v1.0.0 🌈

Changes

• Release: First release of privado code scanning tool to scan Java source code project and identify data flows and privacy issues.

Privado CLI v0.2

Highlights

• Workflow to generate Data Safety Report
• CLI Commands for Privado Privacy Scan
• Incremental Data Safety Report on Rescan

Release Items

For the list of complete release items, refer v0.1.
Additional release items:

• Incremental Data Safety Report on Rescan
• Data Safety Report Validations
• Custom docker tag using PRIVADO_TAG
• Enhance installation documentation
• Chore fixes and enhancements

Full Changelog: v0.1...v0.2