Releases: newrelic/csec-node-agent
v2.3.1
v2.3.1 (2025-02-04)
Bug fixes
- Removed docker-cli-js dependency and updated mongodb unit test case (#283)
- Added safety check for agentModule before accessing its properties (#284)
Support statement:
New Relic recommends that you upgrade the agent regularly to ensure that you're getting the latest features and performance benefits. Additionally, older releases will no longer be supported when they reach end-of-life.
v2.3.0
v2.3.0 (2025-02-03)
Features
- Added Support for VM module (#274)
- IAST support for Next.js (#270)
- Support for Insecure settings i.e crypto, hash and random modules (#276)
Bug fixes
- Fix for special characters in ws header (#279)
- Fix for getting transaction in graphql instrumentation (#275)
- Fix for mongodb unit tests (#273)
Miscellaneous chores
Support statement:
New Relic recommends that you upgrade the agent regularly to ensure that you're getting the latest features and performance benefits. Additionally, older releases will no longer be supported when they reach end-of-life.
v2.2.0
v2.2.0 (2024-12-18)
Features
- Support for express 5.x (#269)
- IAST support for GraphQL (#250)
- Added support for trustboundary security events (#218)
Bug fixes
- Fix for empty route in fastify (#268)
Support statement:
New Relic recommends that you upgrade the agent regularly to ensure that you're getting the latest features and performance benefits. Additionally, older releases will no longer be supported when they reach end-of-life.
v2.1.1
v2.1.1 (2024-11-07)
Bug fixes
- Fix for assignment to logger constant (#266)
Support statement:
New Relic recommends that you upgrade the agent regularly to ensure that you're getting the latest features and performance benefits. Additionally, older releases will no longer be supported when they reach end-of-life.
v2.1.0
v2.1.0 (2024-11-05)
Features
Bug fixes
- Added default values for scan_schedule, scan_controllers and exclude_from_iast_scan config (#262)
- Fix for security home placeholder replacement in fuzz requests (#256)
- Handling to not resolve file path in fs module instrumentation (#257)
- Fix for batch size and condition of iast-data-request sending (#264)
Miscellaneous chores
- Added requestURI field in http request for application-runtime-error (#258)
- Updated instrumented to get the transaction directly instead of from the active segment (#261)
Support statement:
New Relic recommends that you upgrade the agent regularly to ensure that you're getting the latest features and performance benefits. Additionally, older releases will no longer be supported when they reach end-of-life.
v2.0.0
v2.0.0 (2024-09-20)
⚠ BREAKING CHANGES
- Dropped support for Node.js v16
- Dropped functionality to generate snapshot file
Features
- Support to honour proxy settings via config (#236)
- Support for secure cookie security event generation (#220)
- Report error to Error Inbox upon connection failure to Security Engine (#248)
- Support to detect application and server path (#224)
- Functionality to truncate Incoming HTTP request upto default limit (#119)
- Dropped support for Node.js v16 (#240)
- Dropped functionality to generate snapshot file (#241)
Bug fixes
- Handling for empty data in IAST fuzzing header (#237)
- Added identifiers in events (#235)
- Fix for file integrity security event generation (#249)
- Fix for missing identifiers in iast-data-request JSON (#252)
Support statement:
New Relic recommends that you upgrade the agent regularly to ensure that you're getting the latest features and performance benefits. Additionally, older releases will no longer be supported when they reach end-of-life.
v1.5.0
v1.5.0 (2024-08-14)
Features
- Support for Node.js v22.x
Bug fixes
- Fix for traceId in error reporting (#239)
Miscellaneous chores
Continuous integration
- Added Node.js v22.x to unit tests (#234)
Support statement:
New Relic recommends that you upgrade the agent regularly to ensure that you're getting the latest features and performance benefits. Additionally, older releases will no longer be supported when they reach end-of-life.
v1.4.0
v1.4.0 (2024-06-24)
Features
- Added support to report application's errors while IAST scanning (#214)
- Support to detect gRPC API endpoints (#223)
Bug fixes
Miscellaneous chores
- Updated package.json to bump ws from 8.14.2 to 8.17.1 (#228)
- (deps-dev): bump @grpc/grpc-js from 1.9.12 to 1.10.9 (#227)
- (deps-dev): bump braces from 3.0.2 to 3.0.3 (#226)
- (deps): bump ws from 8.14.2 to 8.17.1 (#225)
Support statement:
New Relic recommends that you upgrade the agent regularly to ensure that you're getting the latest features and performance benefits. Additionally, older releases will no longer be supported when they reach end-of-life.
v1.3.0
v1.3.0 (2024-06-03)
Features
- Added route field in security event for API endpoint mapping (#212)
Bug fixes
- Fix for control commands acknowledgement in security agent (#206)
- Added assert for typeof response data in Reflected XSS validation (#207)
- Updated @grpc/grpc-js instrumentation to instrument submodules (#203)
- Handling to convert header values into string (#213)
Miscellaneous chores
- Updated log level for critical messages (#205)
- Readme update (#208)
- (deps-dev): bump axios from 0.21.4 to 1.7.2 (#216)
Support statement:
New Relic recommends that you upgrade the agent regularly to ensure that you're getting the latest features and performance benefits. Additionally, older releases will no longer be supported when they reach end-of-life.
v1.2.0
v1.2.0 (2024-04-12)
Features
- Added instrumentation for express framework's res.download() and res.sendFile() (#197)
Bug fixes
- Handling to decrypt fuzz header data for IAST scanning (#196)
- Logging and snapshot file fixes (#198)
Miscellaneous chores
- Prepend vulnerability case type with apiId (#202)
- Updated jsonVersion to v1.2.0 (#196)
- Bumped undici from 5.28.3 to 5.28.4 (#199)
Support statement:
New Relic recommends that you upgrade the agent regularly to ensure that you're getting the latest features and performance benefits. Additionally, older releases will no longer be supported when they reach end-of-life.