What's New

v6.13.0

Released on 2024-04-27

• Added vid Validation for _pxvid extraction
• Added Enforcer Fuzzer as part of the CI process
• Updated log4j artifact version
• Removed /examples directory

v6.12.0

Released on 2024-02-25

• Added Dockerfile for web application example.
• Bugfix - Sensitive headers are now case-insensitive.
• Block page HTML align with spec.
• Automatically running e2e tests on pull request.
• Automatically verify version on pull request to master.
• Automatically deploying a new release on merge to master.

Version 6.11.0

Released 2024-02-18

• Added base64-encoded request http method to captcha script query parameters on block - pages

Version 6.10.0

Released 2023-12-28

• Added feature request-header-based-logger (more about this feature).
• Align risk api and async activities fields.
• Added enforcer start timestamp and risk start timestamp to activities schema
• Removed the blockedUrl window variable from the block page to prevent XSS vulnerability.
• Added blocked URL to the captcha query params.

Version 6.9.5

Released 2023-11-23

• Updated the PerimeterX first-party request handler with connection timeout limit.
• Updated the captcha template for a better user experience.

Version 6.9.4

Released 2023-11-21

• Fixed first party connection timeout issue.
• Updated the captcha template to efficiently manage delays in captcha retrieval.

Version 6.9.3

Released 2023-11-16

• Fixed risk request schema.
• Fixed cookie validation.

Version 6.9.2

Released 2023-11-15

• Fixed potential XHR first party issue.

Version 6.9.1

Released 2023-11-13

• Updated ABR and captcha template.

Version 6.9.0

Released 2023-11-08

• Added request filtering with a new RequestFilter for better management and introduced CustomFilterByFunction for more powerful filtering.
• Added hard block support.
• Fixed issues with cookies containing special characters, ensuring proper handling.
• Fixed the Captcha page template.
• Fixed resource management issues across various code locations.
• Updated the Context URI to Servlet Path to better enforce feature routes.
• Updated the Risk Request Schema to better support detection.
• Updated Page Request and Block Activity schema to better support detection.

Version 6.8.1

Released 2023-10-22

• Fixed handling of cookies with illegal arguments.

Version 6.8.0

Released 2023-10-18

• Fixed Resolved an issue with unhandled Telemetry errors.
• Added Enhanced customization with configurable IPXHttpClient and HUMANClient settings.
• Fixed HUMANHD didn't set cookies after using the risk_api.
• Fixed Enhanced security with the addition of an HTTP method check for static content extensions.

Version 6.7.1

Released 2023-09-05

• Added logs for timeouts
• Running async activities via ExecutorService

Version 6.7.0

Released 2023-11-05

• Added feature custom cookie header
• Changed getTelemetryConfig is now using builder.
• Bugfix NullPointerException when using ConsoleLogger.

Version 6.6.0

Released 2023-27-04

• Updating readme with customIsSensitve, customParametersExtraction
• Added an option to configure logger without slf4j using HUMANConfiguration.setPxLoggerSeverity(<loggerSeverity>)
• Added an option to close HUMAN

Version 6.5.0

Released 2023-03-04

• Adding custom is sensitive configuration option
• Lazy read the request body
• Added new custom parameters function signature which receives the original HTTP request
• Reading the body binary instead of textually

Version 6.4.5

Released 2023-01-11

• Fixed invalid http connections for risk requests bug.

Version 6.4.4

Released 2022-09-05

• Added pass reason enforcer_error
• Changed s2s_error_reason to error_reason

Version 6.4.3

Released 2022-06-28

• Fixed s2s_call_reason as sensitive_route in case of Credentials Intelligence request.

Version 6.4.2

Released 2022-06-01

• Added sending telemetry by Slack command

Version 6.4.1

Released 2022-04-17

• Support creating block activity after block handler invocation

Version 6.4.0

Released 2022-04-13

• Support for credentials intelligence protocols v1, v2 and multistep_sso
• Support for login successful reporting methods header, status, body, and custom
• Support for manual sending of additional_s2s activity via header and function call.
• Support for sending raw username on additional_s2s activity
• Support for login credentials extraction via custom callback
• New request_id field to all enforcer activities

Version 6.3.0

Released 2022-04-11

• Added new block page implementation

Version 6.2.8

Released 2022-03-31

• Added monitored routes feature.
• Added enforced routes feature.
• Updated Lombok dependency version to 1.18.22

Version 6.2.7

Released 2022-02-21

• Added ability to mark simulated block on context

Version 6.2.6

Released 2021-05-31

• Added supported features list to project metadata

Version 6.2.5

Released 2021-05-03

• Fixed dependencies vulnerability issue by upgrading dependencies

Version 6.2.4

Released 2020-12-06

• fix http_method bug when there is no http_version

Version 6.2.3

Released 2020-11-04

• Fixed CLIENT_HOST scheme
• Added query params to URL field

Version 6.2.2

Released 2020-10-09

• New version to update files on Maven Central

Version 6.2.1

Released 2020-10-08

• Fixed CLIENT_HOST configuration field

Version 6.2.0

Released 2020-08-23

• Support regex values for sensitive-routes configuration

Version 6.1.5

Released 2020-05-13

• Fixed 3rd party libs vulnerability issues

Version 6.1.4

Released 2020-03-04

• Log exception information on deserialize by cookie selector
• Fixed vulnerability issue by upgrading FasterXML version

Version 6.1.3

Released 2020-02-24

• Fixed PBKDF2 iterations range check to be greater than 0

Version 6.1.2]

Released 2019-09-29

• Fix potential concurrency problems within activity buffer
• Increase default activities batch size from 10 to 20
• Update underlying libs versions

Version 6.1.1

Released 2019-06-30

• Fixed vulnerability issue by upgrading FasterXML version

Version 6.1.0

Released 2019-04-08

• Support advanced blocking response - response can be json structured instead of html
• Ignoring static files (json, imgs ...)
• Support for testing blocking flow in monitor mode
• Bypass Bypass
• Added support to load config from a file

Version 6.0.5

Released 2019-02-25

• Fixed the setting process of the pxhd cookie

Version 6.0.4

Relaesed 2019-02-04

• Added multiple applications support (HUMAN class can be initialized multiple times within the same process)
• Added some logs to increase visibility over httpasyncclient exceptions
• Add client HUMANVID as a vid source
• Changed simulatedBlock to be a boolean
• Added vid_source to additional in async activities and renamed to enforcer_vid_source

Version 6.0.3

Released 2019-01-15

• Removed pxvid from no_cookie_w_vid assertion

Version 6.0.0

Released 2018-12-25

• Added HUMANHD handling (new human cookie has been added)
• Added async custom params
• Fixed activities connection errors

Version 5.4.0

Released 2018-12-13

• Removed logback log implementation.
• Removed debugMode configuration, instead use log level configuration per logger implementation.

Version 5.3.0

Released 2018-12-12

• Fixed http components memory leak
• Added custom params to async activities (page_requested, block)
• Added data enrichment to context
• Changed logger implementation to logback
• formatted code style across project files
• Added debugMode configuration that changes the log level from ERROR to DEBUG

Version 5.2.0

Released 2018-11-13

• Fixed an issue when the acitivity telemetry won't send humanConfiguration.
• Fixed the usage of custom activity handlers: The verification handler used to override the custom
  activity handler.
• Added request cookie name extraction, requestCookieNames field sent during risk api call

Version 5.1.0

Released 2018-10-29

• Added testing mode capability
• Added Firsty party fallback when encountering redirection errors
• Reordered the cookies such that the v3 cookie will be selected before v1

Version 5.0.0

Released 2018-08-28

• Added handling of mobile tokens: x-px-tokens, x-px-original-tokens
• Now using CaptchaV2 instead of a third party captcha provider
• Added proxy support

Version 4.2.0

Released 2018-08-06

• Additional mobile handling
• Better cookie decryption

Version 4.1.1

Released 2018-07-22

• Fixed logging level for unexpected risk result

Version 4.1.0

Released 2018-07-20

• Fixed index out of bound error

Version 4.0.0

Released 2018-06-06

• Fixed CustomBlockHandler implementations
• Added support for First Party
• Deprecated PXContext's method isVerified(), instead use isHandledResponse(), read more about it on at the Upgrading section
• Update jackson packages

Version 3.1.0

Released 2018-04-04

• Replaced footer on block pages
• New logs format
• Improved enforcer telemetry
• Mobile SDK support
• Custom Params support

Version 3.0.0

Released 2017-11-07

• Remote Configuration support (by default is off)
• Fixed risk_rtt for s2s on exception
• Support js challenge
• Sending enforcer_telemetry activities on init and remote config updates, telemetry includes px_config as json, os name and machine name
• Supporting funCaptcha
• New captcha flow
• Fixed bug in S2S pass_reason
• New documentation
• Support for monitor mode (default set to true)
• Support for ipHeaders (using new class CombinedIPProvider)

This version includes breaking changes in the following configurations:

• Monitor mode is now on by default, for blocking mode it should be set to ACTIVE
• BlockingScore was changed from 70 -> 100
• Using ipHeaders from configuration - use default interface of IPProvider (CombinedIPProvider instead of RemoteAddressIPProvider)

Version 2.1.0

Released 2017-30-07

• Renamed expired_cookie call reason to cookie_expired
• Custom verification handler is now supported
• Added pass_reason to page_requested
• Sending client_uuid on page_requested activities
• pxVerify now returning context instead of boolean value
• Fixed wrong hostname being collected on DefualtHostnameProvider

Version 2.0.0

Released 2017-25-04

• Support cookie v3
• Support risk API v2
• Support custom css/javascript/logo on block page
• Send px_cookie_orig when cookie decryption fails
• Invalid cookie format handling
• Buffered activities handling (async send)
• Updated server URL
• Redesign block/captcha page

Version 1.0.16

Released 2016-02-10

• HostnameProvider interface to allow user defined hostname extraction from http request.

Version 1.0.15

• Decrypted risk cookie was added to page_requested activity.
• UUID was added to captcha api request.
• HUMAN server base url changed.
• Documentation updated.
• Bug fix: page_requested payload do not include block activities field.

Merged pull requests:

• Build and deploy automation

Version 1.0.14

Released 2016-10-10

Merged pull requests:

• Compatibility with older jackson

Version 1.0.13

Released 2016-09-27

Version 1.0.12

Released 2016-09-26

Version 1.0.11

Released 2016-09-26

Version 1.0.10

Merged pull requests:

• User-agent and cookie fix case insensitive

Version 1.0.9

Released 2016-09-22

Version 1.0.8

Released 2016-09-21

Merged pull requests:

• Dev less depends

Version 1.0.1

Released 2016-08-22