CHANGELOG.md

libddwaf release

v1.19.1 (unstable)

Fixes

• Split collections by module (#328)

Miscellaneous

• Upgrade arm64 runner (#326)
• Remove noisy scenarios and add new scenario (#327)

v1.19.0 (unstable)

New features

This new version of libddwaf introduces a multitude of new features in order to support new use cases and expand existing ones.

Exploit prevention: Shell injection detection

A new operator shi_detector has been introduced for detecting and blocking shell injections, based on input parameters and the final shell code being evaluated. This new operator is part of the exploit prevention feature, so it is meant to be used in combination with targeted instrumentation.

The following example rule takes advantage of the new operator to identify injections originating from request parameters:

  - id: rsp-930-004
    name: SHi Exploit detection
    tags:
      type: shi
      category: exploit_detection
      module: rasp
    conditions:
      - parameters:
          resource:
            - address: server.sys.shell.cmd
          params:
            - address: server.request.query
            - address: server.request.body
            - address: server.request.path_params
            - address: grpc.server.request.message
            - address: graphql.server.all_resolvers
            - address: graphql.server.resolver
        operator: shi_detector

Attacker & Request Fingerprinting

This release includes a new family of processors which can be used to generate different fingerprints for a request and / or user, depending on available information:

• http_endpoint_fingerprint: this processor generates a fingerprint which uniquely identifies the HTTP endpoint accessed by the request as well as how this endpoint was accessed (i.e. which parameters were used).
• http_headers_fingerprint: generates a fingerprint which provides information about the headers used when accessing said HTTP endpoint.
• http_network_fingerprint: provides a fingerprint containing some information about the network-related HTTP headers used within the request.
• session_fingerprint: this processor generates a specific fingeprint with sufficient information to track a unique session and / or attacker.

Suspicious attacker blocking

Suspicious attackers can now be blocked conditionally when they perform a restricted action or an attack. With the combination of custom exclusion filter actions and exclusion data, it is now possible to change the action of a rule dynamically depending on a condition, e.g. all rules could be set to blocking mode if a given IP performs a known attack.

The following exclusion filter, in combination with the provided exclusion data, changes the action of all rules based on the client IP:

exclusions:
  - id: suspicious_attacker
    conditions:
      - operator: ip_match
        parameters:
          inputs:
            - address: http.client_ip
          data: ip_data
exclusion_data:
  - id: ip_data
    type: ip_with_expiration
    data:
      - value: 1.2.3.4
        expiration: 0

Other new features

• New operator exists: this new operator can be used to assert the presence of at least one address from a given set of addresses, regardless of their underlying value.
• Rule tagging overrides: rule overrides now allow adding tags to an existing rule, e.g. to provide information about the policy used.
• New function ddwaf_known_actions: this new function can be used to obtain a list of the action types which can be triggered given the set of rules and exclusion filters available.

Release changelog

Changes

• Multivariate processors and remove generators (#298)
• Custom rule filter actions (#303)
• SHA256 hash based on OpenSSL (#304)
• Shell injection detection operator (#308)
• Limit the number of transformers per rule or input (#309)
• Validate redirection location and restrict status codes (#310)
• Rule override for adding tags (#313)
• Add support for dynamic exclusion filter data (#316)
• HTTP Endpoint Fingerprint Processor (#318)
• HTTP Header, HTTP Network and Session Fingerprints (#320)
• Exists operator and waf.context.event virtual address (#321)
• Add function to obtain available actions (#324)

Fixes

• Transformer fixes and improvements (#299)

Miscellaneous

• Fix object generator stray container (#294)
• Regex tools & benchmark rename (#290)
• Order benchmark scenarios (#300)
• Upgrade to macos-12 (#312)
• Skip disabled rules when generating ruleset (#314)
• Update default obfuscator regex (#317)

v1.18.0 (unstable)

This version introduces a new operator sqli_detector for the detection of SQL injections. In addition, the ruleset parser has been updated to allow non-string parameter values on action definitions.

Changes

• SQL Injection (SQLi) Detection Operator (#284)

Fixes

• Fix mishandling invalid actions key type (#286)
• Convert non-string object types into string during ruleset parsing (#285)

Miscellaneous

• Use SSE4.1 ceilf when available and add badges to readme (#288)
• SQLi Detector Fuzzer and improvements (#291)

v1.17.0 (unstable)

This new version introduces RASP rules and supporting features, including:

• Multivariate operators for the development of complex rules.
• A new operator lfi_detector for the detection of local file inclusion (LFI) / path traversal attacks.
• A new operator ssrf_detector for the detection of server-side request forgery (SSRF) attacks.
• Better support for rule actions, as well as internal default actions: block, stack_trace and extract_schema.

The upgrading guide has also been updated to cover the new breaking changes.

Changes

• Multivariate operator support (#241)
• Local file inclusion (LFI) operator (#258)
• Server-side request forgery (SSRF) detection operator (#268)
• Action semantics and related improvements (#277)

Fixes

• Reduce benchmark noise (#257, #259, #260)
• Add support for old glibc (e.g. RHEL 6) (#262)
• Add weak ceilf symbol and definition (#263)
• Fix parsing of variadic arguments (#267)

Miscellaneous

• Update node-16 actions to node-20 ones (#266)
• Attempt to build libddwaf on arm64 runner (#270)
• Run tests on arm64 (#271)
• LFI detector fuzzer (#274)
• Remove rpath from linux-musl binary (#282)

v1.17.0-alpha3 (unstable)

Changes

• Action semantics and related improvements (#277)

Miscellaneous

• LFI detector fuzzer (#274)

v1.17.0-alpha2 (unstable)

Changes

• Server-side request forgery (SSRF) detection operator (#268)

Miscellaneous

• Attempt to build libddwaf on arm64 runner (#270)
• Run tests on arm64 (#271)

v1.17.0-alpha1 (unstable)

Fixes

• Fix parsing of variadic arguments (#267)

Miscellaneous

• Update node-16 actions to node-20 ones (#266)

v1.17.0-alpha0 (unstable)

Fixes

• Add support for old glibc (e.g. RHEL 6) (#262)
• Add weak ceilf symbol and definition (#263)

Changes

• Multivariate operator support (#241)
• Local file inclusion (LFI) operator (#258)

Miscellaneous

• Reduce benchmark noise (#257, #259, #260)

v1.16.1 (unstable)

Fixes

• Add support for old glibc (e.g. RHEL 6) (#262)
• Add weak ceilf symbol and definition (#263)

v1.16.0 (unstable)

Fixes

• Address a libinjection false positive (#251)
• Remove a few fingerprints causing false positives (#252)
• Fix SSE2 lowercase transformer (#253)

Changes

• Support ephemeral addresses on processors (#240)
• Phrase match: enforce word boundary option (#256)

Miscellaneous

• Build tools on CI to avoid breaking tool users (#229)
• Remove legacy linux builds (#230)
• Vendorize re2 and utf8proc (#231)
• Refactor cmake scripts and support LTO (#232)
• Microbenchmarks (#242, #243, #244, #245, #246, #247, #248, #250)

v1.15.1 (unstable)

Fixes

• Fix duplicate processor check (#234)

v1.15.0 (unstable)

This new version of the WAF includes the following new features:

• Ephemeral addresses for composite requests
• Naive duplicate address support on input filters
• Required / Optional address diagnostics

The upgrading guide has also been updated to cover the new changes.

API & Breaking Changes

• Support ephemeral addresses on ddwaf_run (#219)
• Rename ddwaf_required_addresses to ddwaf_known_addresses (#221)

Fixes

• Schema extraction scanners: reduce false positives on arrays (#220)

Changes

• Ephemeral addresses for rules & exclusion filters (#219)(#224)
• Address diagnostics (#221)
• Naive duplicate address support on input/object filters (#222)

Miscellaneous

• Update nuget packaging to use new musl linux binaries (#217)
• Validator improvements (#225)
• Use fmt::format for logging and vendorize some dependencies within src/ (#226)
• Reduce linux binary size and fix some flaky tests (#227)

v1.14.0 (unstable)

This release of the WAF includes the following new features:

• Schema data classification through the use of scanners.
• A vectorized version of the lowercase transformer using SSE2.
• Generalized processors which are evaluated before or after filters and rules based on their outcome.
• Optimizations to avoid unnecessary rule and filter evaluation.
• Many other quality of life, correctness and performance improvements

API & Breaking Changes

• Rename preprocessor top-level key to processor (#209)

Fixes

• Fix missing top-level key for processor diagnostics (#209)

Changes

• SSE2 lowercase transformer (#195)
• Reduce schema extraction limits (#208)
• Skip rule and filter evaluation when no new rule targets exist (#207)
• Refactor preprocessors into preprocessors and postprocessors (#209)
• Convert float to (un)signed within the parsing stage (#210)
• Scanners for schema scalar classification (#211)
• Remove ptr typedefs (#212)
• Indexer abstraction to encapsulate rule and scanner search and storage (#213)

v1.13.1 (unstable)

Changes

• Allow conversions between signed/unsigned types during parsing (#205)

v1.13.0 (unstable)

This new version of the WAF includes the following new features:

• Schema extraction preprocessor
• New and improved universal linux buids, including support for i386 and armv7
• float and null types
• Equals operator for arbitrary type equality comparison within conditions
• Many other quality of life, correctness and performance improvements

The upgrading guide has also been updated to cover the new changes.

API & Breaking Changes

• Add object types DDWAF_OBJ_FLOAT and DDWAF_OBJ_NULL (#197)
• Add double field f64 in ddwaf_object (#197)
• Add ddwaf_object_null, ddwaf_object_floatand ddwaf_object_get_float (#197)
• Rename ddwaf_object_signed to ddwaf_object_string_from_signed (#197)
• Rename ddwaf_object_unsigned to ddwaf_object_string_from_unsigned (#197)
• Rename ddwaf_object_signed_force to ddwaf_object_signed(#197)
• Rename ddwaf_object_unsigned_force to ddwaf_object_unsigned(#197)
• Add derivatives field to ddwaf_result for output objects generated through preprocessors (#182)

Changes

• Encapsulate conditions within expressions (#192)
• Equals operator and arbitrary operator type support (#194)
• Float and null type support (#197)
• Schema Extraction Preprocessor (#182)(#202)

Miscellaneous

• Minor improvements (#193)
• Rename operation to matcher (#196)
• Fix coverage (#199)
• Linux musl/libc++ builds using alpine-based sysroots and llvm16 (#198)(#200)(#201)

v1.12.0 (unstable)

Changes

• Per-input transformers support on exclusion filter conditions (#177)
• Read-only transformers (#178)(#185)(#190)
• Rule filter bypass / monitor mode support (#184)(#188)

Miscellaneous

• Object schemas (#174)
• Simple IP Match Benchmark (#176)
• Remove Manifest (#179)
• Reduce build parallelism (#183)
• Change standard to C++20 (#186)

v1.11.0 (unstable)

API & Breaking Changes

• Full ruleset parsing diagnostics (#161)
• Event result as ddwaf_object (#162)
• Replace ddwaf_result.actions with a ddwaf_object array (#165)

Changes

• Add logging and remove dead code (#169)
• Support for per-input transformers (#170)

Miscellaneous

• Multithreaded fuzzer (#166)
• Fix benchmark, test output and update ruleset to 1.7.0 (#171)
• Validator: add support for per-directory tests and ruleset (#172)
• Rename examples directory to tools (#173)
• Update ruleset to 1.7.1 (#173)
• Refactor and simplify tools to reduce code duplication (#173)

v1.10.0 (unstable)

Changes

• Add all rule tags to event (#160)

v1.9.0 (unstable)

Changes

• Remove a libinjection signature (#145)
• Priority collection, rule and filter simplification (#150)
• Improve allocation / deallocation performance within the context using a context_allocator (#151)
• Longest rule data expiration takes precedence for ip_match and exact_match operators (#152)
• Custom rules support (#154)
• Add vdso support for aarch64 (#157)

Miscellaneous

• Upgrade CodeQL Github Action to v2 (#144)
• Fix broken builds (#147)
• Benchmark: context destroy fixture (#148)
• Remove unused json rule files and vendorise aho-corasick submodule (#153)
• Cancel jobs in progress (#158)

v1.8.2 (unstable)

Changes

• Use raw pointers instead of shared pointers for rule targets (#141)

Fixes

• Relax rule override restrictions (#140)
• Initialise ruleset_info on invalid input (#142)

v1.8.1 (unstable)

Fixes

• Return NULL handle when incorrect version or empty rules provided to ddwaf_init (#139)

v1.8.0 (unstable)

API & Breaking Changes

• Add ddwaf_update for all-in-one ruleset updates (#138)
• Remove ddwaf_required_rule_data_ids (#138)
• Remove ddwaf_update_rule_data (#138)
• Remove ddwaf_toggle_rules (#138)

Changes

• Add WAF Builder (#138)

v1.7.0 (unstable) - 2023/02/06

Changes

• Handle lifetime extension (#135)
• Create macos universal binary (#136)

v1.6.2 (unstable) - 2023/01/26

Changes

• Add boolean getter (#132)
• Add support for converting string to bool in parameter bool cast operator (#133)
• Add parameter int64_t cast operator (#133)
• Add support for enabled flag on ruleset parser (#133)

Fixes

• Replace isdigit with custom version due to windows locale-dependence (#133)
• Minor fixes and parsing improvements (#133)

v1.6.1 (unstable) - 2023/01/17

Miscellaneous

• Add SHA256 to packages (#128)
• Automatic draft release on tag (#129)

v1.6.0 (unstable) - 2023/01/10

Changes

• Exclusion filters: targets and conditions (#110)
• Exclusion filters: inputs (#117)
• Add ID to exclusion filters (#120)
• Rework path trie for exclusion (#122)
• Priority collections (#123)
• Support for glob component and arrays on object filter (#124)

Miscellaneous

• Experiment building libddwaf on the oldest available macos target (#111)
• Strip libddwaf.a for darwin/linux release (#107)
• linux/aarch64: add missing libunwind.a artefact (#109)
• Add option to prevent loading test targets (#108)
• Upgrade deprecated actions (#114)
• Include mac arm binaries in nuget (#115)
• Run clang tidy / format on CI (#116)
• Exclusion filters on fuzzer (#118)

v1.5.1 (unstable) - 2022/09/22

API & Breaking Changes

• Add ddwaf_required_rule_data_ids to obtain the rule data IDs defined in the ruleset (#104)

Miscellaneous

• GTest ddwaf_result validators (#102)
• Replace std::optional::value() with std::optional::operator*() (#105)
• Add new and missing exports (#106)

v1.5.0 (unstable) - 2022/09/08

API & Breaking Changes

• Remove ddwaf_version, ddwaf_get_version now returns a version string (#89)
• Move free function from ddwaf_context_init to ddwaf_config (#89)
• Add ddwaf_result.actions struct containing a char* array and its size (#91)
• Add ddwaf_update_rule_data (#91)
• Remote DDWAF_BLOCK (#91)
• Rename DDWAF_GOOD to DDWAF_OK (#92)
• Rename DDWAF_MONITOR to DDWAF_MATCH (#92)
• Deanonymize nested structs (#97)
• Add ddwaf_object_bool for backwards-compatible support for boolean ddwaf_object (#99)
• Add ddwaf_toggle_rules to enable or disable rules at runtime (#99)

Changes

• Add unicode_normalize transformer (#82)
• Remove PWRetriever, PWArgsWrapper, Iterator and ArgsIterator (#77)
• Add ddwaf::object_store to manage all targets and objects provided to the WAF (#77)
• Add ddwaf::value_iterator for object value traversal (#77)
• Add ddwaf::key_iterator for object key traversal (#77)
• Simplify target manifest (#78)
• Remove input object validation (#85)
• Merge PWAdditive and PWProcessorand rename to ddwaf::context (#89)
• Rename PowerWAF to ddwaf::waf (#89)
• Add ddwaf::timer to abstract deadline (#89)
• Simplify rule processors (#89)
• Add ip_match operator and tests (#87)
• Refactor ip handling into ip_utils (#87)
• Add exact_match operator and tests (#87)
• Rename existing rule processors to more closely resemble their operator name (#87)
• Rename IPWRuleProcessor to rule_processor_base (#87)
• Add support for per-rule on_match array in ruleset (#91)
• Add optional on_match to JSON event format (#91)
• Remove PWRetManager and MatchGatherer (#91)
• Add ddwaf::event to collect all relevant rule match data in one structure (#91)
• Add ddwaf::event_serializer for JSON event (#91)
• Update processors to use std::string_view rather than char * and length (#91)
• Add ddwaf::timeout_exception to avoid error code propagation (#91)
• Disable the 1)c libinjection fingerprint (#94)
• Configurable rule data (#96)

Fixes

• Timeout error propagation (#89)
• Pass object limits configuration to iterators (#89)
• Apply string limits (#89)
• Fix missing exports (#101)

Miscellaneous

• Add utf8proc license (#84)
• Add codecov support (#86)
• Add CODEOWNERS (#88)
• Add benchmerge to merge multiple benchmark results (#85)
• Update ruleset version for testing to 1.3.2 (#101)
• Fix missing build flags from utf8proc build (#100)

v1.5.0-rc0 (unstable) - 2022/09/02

API & Breaking Changes

• Add ddwaf_object_bool for backwards-compatible support for boolean ddwaf_object (#99)
• Add ddwaf_toggle_rules to enable or disable rules at runtime (#99)

Fixes

• Fix missing exports (#101)

Miscellaneous

• Update ruleset version for testing to 1.3.2 (#101)
• Fix missing build flags from utf8proc build (#100)

v1.5.0-alpha1 (unstable) - 2022/08/30

API & Breaking Changes

• Deanonymize nested structs (#97)

Changes

• Disable the 1)c libinjection fingerprint (#94)
• Configurable rule data (#96)

v1.5.0-alpha0 (unstable) - 2022/08/04

API & Breaking Changes

• Remove ddwaf_version, ddwaf_get_version now returns a version string (#89)
• Move free function from ddwaf_context_init to ddwaf_config (#89)
• Add ddwaf_result.actions struct containing a char* array and its size (#91)
• Add dummy ddwaf_update_rule_data for future use (#91)
• Remote DDWAF_BLOCK (#91)
• Rename DDWAF_GOOD to DDWAF_OK (#92)
• Rename DDWAF_MONITOR to DDWAF_MATCH (#92)

Changes

• Add unicode_normalize transformer (#82)
• Remove PWRetriever, PWArgsWrapper, Iterator and ArgsIterator (#77)
• Add ddwaf::object_store to manage all targets and objects provided to the WAF (#77)
• Add ddwaf::value_iterator for object value traversal (#77)
• Add ddwaf::key_iterator for object key traversal (#77)
• Simplify target manifest (#78)
• Remove input object validation (#85)
• Merge PWAdditive and PWProcessorand rename to ddwaf::context (#89)
• Rename PowerWAF to ddwaf::waf (#89)
• Add ddwaf::timer to abstract deadline (#89)
• Simplify rule processors (#89)
• Add ip_match operator and tests (#87)
• Refactor ip handling into ip_utils (#87)
• Add exact_match operator and tests (#87)
• Rename existing rule processors to more closely resemble their operator name (#87)
• Rename IPWRuleProcessor to rule_processor_base (#87)
• Add support for per-rule on_match array in ruleset (#91)
• Add optional on_match to JSON event format (#91)
• Remove PWRetManager and MatchGatherer (#91)
• Add ddwaf::event to collect all relevant rule match data in one structure (#91)
• Add ddwaf::event_serializer for JSON event (#91)
• Update processors to use std::string_view rather than char * and length (#91)
• Add ddwaf::timeout_exception to avoid error code propagation (#91)

Fixes

• Timeout error propagation (#89)
• Pass object limits configuration to iterators (#89)
• Apply string limits (#89)

Miscellaneous

• Add utf8proc license (#84)
• Add codecov support (#86)
• Add CODEOWNERS (#88)
• Add benchmerge to merge multiple benchmark results (#85)

v1.4.0 (unstable) - 2022/06/29

• Correct nuget url (#68)
• Only take params ownership when needed (#69)
• WAF Benchmark Utility (#70)
• WAF Validator (#74)
• Make libinjection look for backticks (#80)
• Add version semantic and unstable release information (#81)

v1.3.0 (unstable) - 2022/04/04

• WAF event obfuscator.
• Add obfuscator configuration to ddwaf_config.
• Changes to limits in ddwaf_config:
  • Rename maxArrayLength to limits.max_container_size.
  • Rename maxMapDepth to limits.max_container_depth.
  • Add limits.max_string_length, currently unused.
  • All limits are now uint32.
  • Relevant macros renamed accordingly.

v1.2.1 (unstable) - 2022/03/17

• Fix issue on ruleset error map reallocation causing cached pointer invalidation.
• Add check for empty input map on parser.
• Update github actions windows build VM to windows-2019.

v1.2.0 (unstable) - 2022/03/16

• Remove metrics collector.
• Add total_runtime to ddwaf_result.
• Fix issue when reporting timeouts.

v1.1.0 (unstable) - 2022/03/09

• Add ddwaf_object getters.
• Provide ruleset parsing diagnostics on ddwaf_init.
• Add support for metrics collection on ddwaf_run.
• Add keys_only transformer.
• Improve support for older platforms.
• Remove indirection and reduce string operations when processing flows.
• Refactor input verification.
• Remove deprecated features.

v1.0.18 (unstable) - 2022/02/16

• Add arm64 build to nuget package.
• Upgrade RE2 to 2022-02-01.

v1.0.17 (unstable) - 2022/01/24

• Add missing libunwind to x86_64 linux build.
• Fix potential integer overflow in DDWAF_LOG_HELPER.
• Add missing shared mingw64 build.
• Add example tool to run the WAF on a single rule with multiple test vectors.

v1.0.16 (unstable) - 2021/12/15

• Fix duplicate matches in output (#36)

v1.0.15 (unstable) - 2021/12/07

• Support min_length option on regex_match operator.
• Remove DDWAF_ERR_TIMEOUT and update value of other errors.
• Add timeout field to ddwaf_result.
• Remove action field from ddwaf_result.
• Support MacOS 10.9.
• Minor CMake compatibility improvements.

v1.0.14 (unstable) - 2021/10/26

• WAF output now conforms to the appsec event format v1.0.0.
• Add schema for output validation.
• Remove zip package generation.
• Minor improvements.

v1.0.13 (unstable) - 2021/10/11

• Add support for ruleset format v2.1.
• Update fuzzer.
• Fix addresses with key path missing from ddwaf_required_addresses.
• Improve ruleset parsing logging.

v1.0.12 (unstable) - 2021/10/01

• Add libinjection SQL and XSS rule processors.
• Add support for ruleset format v1.1 (adding is_sqli and is_xss operators).
• Improved universal x86_64 and arm64 builds.
• Added darwin arm64 build.
• Fixed error on corpus generator for fuzzer.

v1.0.11 (unstable) - 2021/09/16

• Improve contributor onboarding and readme.
• Cross-compile aarch64 static/shared libraries.
• Improve corpus generator for fuzzer.

v1.0.10 (unstable) - 2021/09/13

• Add license to nuget package.

v1.0.9 (unstable) - 2021/09/13

• Renamed static windows library to ddwaf_static.
• Correctly publish DSO dependencies.
• Add license and notice.
• Add copyright note to source files.
• Add issue and pull-request templates.

v1.0.8 (unstable) - 2021/09/07

• Removed spdlog dependency.
• Fixed crash on base64encode transformer.
• Fixed crash on compressWhiteSpace transformer.
• Updated and fixed fuzzer.
• Fixed missing static library on windows packages.
• Other minor fixes and improvements.

v1.0.7 (unstable) - 2021/08/31

• Support for new rule format, using ddwaf::object.
• Interface updated with ddwaf namespace.
• Removed pass-by-value and return-by-value from interface.
• Removed WAF singleton interface.
• Simplified WAF interface to be handle based and always additive.
• Clarified the ownership of ddwaf::object passed to the WAF.
• Removed functionality not supported by the new rule format.
• Added exception catch-all on interface functions to prevent std::terminate.

v1.0.6 - 2020/10/23

• Convert integers to strings at the input of the WAF
• Report the manifest key of the parameter that we matched in the trigger report
• Fix a bug where we could send reports from a previously reported attack in follow-up executions of the additive API

v1.0.5 - 2020/10/13

• Fix behavior of @exist on empty list
• Improve the cache bypass logic to only bypass it once per run
• Fix the cache overwrite logic when the bypass resulted in a match

v1.0.4 - 2020/10/01

• Fix an issue where we wouldn't run on keys if the associtated value was a container in specific encapsulated containers
• Introduce a numerize transformer to better handle Content-Length

v1.0.3 - 2020/09/29

• Fix an issue where we wouldn't run on keys if the associtated value was a container

v1.0.2 - 2020/09/25

• Fix an issue where reports would be generated when no action is triggered
• Fix an issue where only the last step of a flow will trigger a report
• Fix an issue where reports would be incomplete if some rules triggered in previous run of the additive API

v1.0.1 - 2020/09/23

• Fix a bug where we wouldn't run on keys if the associated value was shorter than a rule's options.min_length

v1.0 - 2020/08/28

• Introduce transformers to extract CRS targets from the raw URI
• Introduce removeComments transformer
• Introduce @ipMatch operator

v0.9.1 (1.0 preview 2) - 2020/08/24

• Introduce modifiers for a rule execution
• Introduce @exist operator
• Improve performance of the Additive API
• Reduce the frequency of perf cap check
• Return the detailed performance of the slowest rules
• Introduce allocation helpers
• Other performance optimisations

v0.9.0 (1.0 preview) - 2020/08/10

• Introduce Additive API
• Introduce expanded initialization format
• Introduce Handle API
• Report performance metrics on each run
• Report the runtime of the slowest rules of each run
• Report the path of a match
• Introduce new transformers
• Rename and shorten the API names
• More...

v0.7.0 - 2020/06/19

• Fix false positives in libinjection SQL heuristics
• Fix a false positive in libinjection XSS heuristics

v0.6.1 - 2020/04/03

• When running a rule with multiple parameters, don't stop processing if a parameter is missing
• Add support for the config key in the init payload
• Add support for prefixes to operators
• Add a switch through both means to revert the first fix

v0.6.0 - 2020/03/19

• Replace the clock we were using with a more efficient one
• When processing a multi step rule where a parameter is missing to one step, fail the step instead of ignoring it

v0.5.1 - 2020/01/10

• Fix a bug where the Compare operators could read one byte after the end of a PWArgs buffer
• Fix a bug where lib injection might read one byte past an internal buffer

v0.5.0 - 2019/11/15

• Give more control over the safety features to the API

v0.4.0 - 2019/10/02

• Introduce @pm operator

v0.3.0 - 2019/09/24

• Introduce @beginsWith, @contains, and @endsWith operators
• Cap the memory each RE2 object can use to 512kB

v0.2.0 - 2019/09/13

• Introduce powerwaf_initializePowerWAFWithDiag
• Fix a UTF-8 trucation bug (SQR-8164)
• Cleanup headers
• Improved locking performance

v0.1.0

• Initial release