v2.0.0

v2.0.0 (2024-09-20)

⚠ BREAKING CHANGES

• Dropped support for Node.js v16
• Dropped functionality to generate snapshot file

Features

• Support to honour proxy settings via config (#236)
• Support for secure cookie security event generation (#220)
• Report error to Error Inbox upon connection failure to Security Engine (#248)
• Support to detect application and server path (#224)
• Functionality to truncate Incoming HTTP request upto default limit (#119)
• Dropped support for Node.js v16 (#240)
• Dropped functionality to generate snapshot file (#241)

Bug fixes

• Handling for empty data in IAST fuzzing header (#237)
• Added identifiers in events (#235)
• Fix for file integrity security event generation (#249)
• Fix for missing identifiers in iast-data-request JSON (#252)

Support statement:

New Relic recommends that you upgrade the agent regularly to ensure that you're getting the latest features and performance benefits. Additionally, older releases will no longer be supported when they reach end-of-life.

v1.5.0

v1.5.0 (2024-08-14)

Features

• Support for Node.js v22.x

Bug fixes

• Fix for traceId in error reporting (#239)

Miscellaneous chores

• (deps): bumped axios from 1.6.8 to 1.7.4 (#243)
• (deps-dev): bumped ws from 7.5.9 to 8.18.0 (#244)

Continuous integration

• Added Node.js v22.x to unit tests (#234)

Support statement:

New Relic recommends that you upgrade the agent regularly to ensure that you're getting the latest features and performance benefits. Additionally, older releases will no longer be supported when they reach end-of-life.

v1.4.0

v1.4.0 (2024-06-24)

Features

• Added support to report application's errors while IAST scanning (#214)
• Support to detect gRPC API endpoints (#223)

Bug fixes

• Remove additional headers added by IAST client (#209)
• Fix for uncaught exception reporting (#230)

Miscellaneous chores

• Updated package.json to bump ws from 8.14.2 to 8.17.1 (#228)
• (deps-dev): bump @grpc/grpc-js from 1.9.12 to 1.10.9 (#227)
• (deps-dev): bump braces from 3.0.2 to 3.0.3 (#226)
• (deps): bump ws from 8.14.2 to 8.17.1 (#225)

Support statement:

New Relic recommends that you upgrade the agent regularly to ensure that you're getting the latest features and performance benefits. Additionally, older releases will no longer be supported when they reach end-of-life.

v1.3.0

v1.3.0 (2024-06-03)

Features

• Added route field in security event for API endpoint mapping (#212)

Bug fixes

• Fix for control commands acknowledgement in security agent (#206)
• Added assert for typeof response data in Reflected XSS validation (#207)
• Updated @grpc/grpc-js instrumentation to instrument submodules (#203)
• Handling to convert header values into string (#213)

Miscellaneous chores

• Updated log level for critical messages (#205)
• Readme update (#208)
• (deps-dev): bump axios from 0.21.4 to 1.7.2 (#216)

Support statement:

New Relic recommends that you upgrade the agent regularly to ensure that you're getting the latest features and performance benefits. Additionally, older releases will no longer be supported when they reach end-of-life.

v1.2.0

v1.2.0 (2024-04-12)

Features

• Added instrumentation for express framework's res.download() and res.sendFile() (#197)

Bug fixes

• Handling to decrypt fuzz header data for IAST scanning (#196)
• Logging and snapshot file fixes (#198)

Miscellaneous chores

• Prepend vulnerability case type with apiId (#202)
• Updated jsonVersion to v1.2.0 (#196)
• Bumped undici from 5.28.3 to 5.28.4 (#199)

Support statement:

New Relic recommends that you upgrade the agent regularly to ensure that you're getting the latest features and performance benefits. Additionally, older releases will no longer be supported when they reach end-of-life.

v1.1.1

v1.1.1(2024-03-21)

Bug fixes

• Reverted IAST support for gRPC(#193)

Support statement:

New Relic recommends that you upgrade the agent regularly to ensure that you're getting the latest features and performance benefits. Additionally, older releases will no longer be supported when they reach end-of-life.

v1.1.0

v1.1.0 (2024-03-19)

Features

• IAST support for grpc (#97)
• Functionality to report API endpoints of the application (#178)
• IAST support for undici (#130)

Bug fixes

• Updated permissions for file/directory created by security agent (#176)

Miscellaneous chores

• Bumped follow-redirects from v1.15.2 to v1.15.4 (#188)
• Updated axios to v1.6.8 (#189)
• Bumped ip from v2.0.0 to v2.0.1 (#181)
• Bumped undici from 5.28.2 to v5.28.3 (#179)
• Readme update (#184 , #190 )

Support statement:

New Relic recommends that you upgrade the agent regularly to ensure that you're getting the latest features and performance benefits. Additionally, older releases will no longer be supported when they reach end-of-life.

v1.0.1

v1.0.1 (2024-02-07)

Bug fixes

• Reporting of framework in security event json (#168)

Miscellaneous chores

• Updated software license to New Relic Software License Version 1.0 (#170)
• Ability to send critical messages on successful startup of agent (#169)
• Updated Copyright headers (#171)
• Updated license in readme (#172)

Support statement:

New Relic recommends that you upgrade the agent regularly to ensure that you're getting the latest features and performance benefits. Additionally, older releases will no longer be supported when they reach end-of-life.

v0.7.0

v0.7.0 (2024-01-18)

Features

• Handling to exclude unsupported content types from rxss processing (#140)
• Handling to report errors/critical messages to Security Engine (#163) (#164)

Bug fixes

• Fix for file operation event's parameter must be absolute path of file (#158)
• Fix for ReferenceError of commonUtils module (#166)

Miscellaneous chores

• Updated log event jsonName to "critical-messages" (#161)
• Removed dependency @aws-sdk/client-lambda (#160)
• Bumped follow-redirects from v1.15.2 to v1.15.4 (#162)
• Upgraded axios to v1.6.5 (#165)

Support statement:

New Relic recommends that you upgrade the agent regularly to ensure that you're getting the latest features and performance benefits. Additionally, older releases will no longer be supported when they reach end-of-life.

v0.6.0

v0.6.0 (2024-01-03)

Features

• Added ws headers NR-CSEC-ENTITY-GUID and NR-CSEC-ENTITY-NAME (#132)
• Updated jsonVersion to 1.1.1 in security events (#144)
• Support to send important logs/errors to security engine (#142)

Bug fixes

• Added missing protocol in http request object (#147)
• Fix for honouring probing interval from policy (#143)

Miscellaneous chores

• Added nestjs test cases (#146)
• Additional logging for instrumented modules and methods (#135)
• Upgraded axios to v1.6.3 (#150)
• Removed pinned version for axios and check-disk-space (#156)
• Update in lockfileVersion of package-lock.json (#133)
• Updated @babel/traverse, protobufjs, fast-xml-parser and @aws-sdk/credential-providers (#151) (#152) (#155)
• Updated Readme.md (#136)

Support statement:

New Relic recommends that you upgrade the agent regularly to ensure that you're getting the latest features and performance benefits. Additionally, older releases will no longer be supported when they reach end-of-life.