What's New

Version 21.4.1

Released 2023-12-23

Added
Updated deprecated methods

Version 21.4.0

Released 2023-08-14

Added
__ controllers allowlisting (prevents attackers using __Analytics for POST requests

Version 21.3.0

Released 2022-06-07

Added

• Custom cookie header with the x-px-cookies default value
• Sending pxvid on async activities also when it was extracted from cookie

Version 21.2.1

Released 2022-04-13

Fixed

• Fixed bug in bypass monitor header

Version 21.2.0

Released 2022-04-13

Fixed

• Linter issues
• Wrong risk mode sent on risk api

Added

• Sending email and user creation date on activities (for account defender)

Version 21.1.1

Released 2022-02-02

Fixed

• Metadata schema was updated to include PX_loggerSeverity

Version 21.1.0

Released 2022-01-03

Added

• Support for credentials intelligence v2 and multistep_sso protocols
• Support for login credentials which are sent through body (when the content-type is JSON or form-urlencoded), header and query-param
• Support for manual sending of additional_s2s activity
• Support for sending raw username on additional_s2s activity
• New request_id field to all enforcer activities

Changed

• Update the default request timeout value of async and risk activities to 1 second

Version 21.0.0

Released 2022-11-28

Changed

• Async activities fields align with the spec
• Changed the debug mode field configuration name to px_logger_severity and its possible values according to the spec
• Changed the px_module_mode possible values according to the spec

Fixed

• Send the full url with the risk api activity url field which is included query params if any

Added

• Added implementation for handling s2s_error and s2s_timeout
• Support for monitored routes feature
• Support for enforced routes feature
• Added 'app_user_id' field on risk api and async activities calls

Version 20.3.1

Released 2020-12-23

Fixed

• Mobile token handling for OCAPI

Version 20.3.0

Released 2020-12-23

Fixed

• Mobile token handling
• Mobile response handling

Version 20.2.0

Released 2020-11-18

Added

• OCAPI support
• PBKDF2 key hashing

Fixed

• Bypass monitor header reporting
• Debug flag

Version 20.1.0

Released 2020-02-03

Added

• Send telemetry on demand by header
• Support for testing blocking flow in monitor mode
• Full first-party support
• onRequest integration
• Support for properties in ISML templates

Fixed

• Removed getWriter() and replaced it with templates.

Version 19.1.0

Released 2018-12-25

Added

• Enrich Custom Parameters support for async activities
• Support for PXHD cookies
• First-Party fallback for block templates
• Support Cookie names extraction

Version 18.4.0

Released 2018-09-26

Added

• Whitelist by ip/cidr support
• Custom block page support

Fixed

• Better handling of Services Framework errors
• Better handling of query params for Captcha service calls
• Missing px_cookie on risk_api calls

Version 18.3.0

Released 2018-06-22

Added

• Refactor of services framework usage to support multi app ids
• Support for Advanced Blocking Response
• SFRA support

Fixed

• Documentation refresh

Version 18.2.1

Released 2018-05-01

Added

• Refactor of services framework usage to support multi app ids
• Support for Advanced Blocking Response
• SFRA support
• Captcha v2 support

Fixed

• Documentation refresh

Version 18.2.1

Released 2018-05-01

Added

• Ratelimit support
• First party support
• Enrich Custom Parameters support

Fixed

• Corrected monitor mode block reporting

Version 18.1.1

Released 2018-02-12

Fixed

• Numerous bug fixes

Changed

• Updated README to include js sensor section

Version 18.1.0

Released 2018-01-22

Changed

• New version number scheme

Version 1.1.1

Released 2017-12-17

Changed

• Updated services framework implementation to use LocalServiceRegistry.

Version 1.1.0

Released 2017-12-05

Added

• Enhanced module logs

Changed

• Various performance enhancments.