What's New

Version 5.0.1

Released 2022-09-20

  • Added pass reason enforcer_error
  • Changed s2s_error_message field to error_message on page_requested activity.

Version 5.0.0

Released 2022-07-30

  • Added the ability to build enforcer in both service worker and module Cloudflare formats.
  • Made filter by extension and s2s timeout features configurable rather than needing to edit the built worker.
  • Using a global pxConfig object, which means the enforcer configuration no longer needs to be built with the worker allowing for easier future enforcer upgrades.
  • Unit test expansions and improvements.
  • Updated dependencies.

Version 4.5.4

Released 2022-07-28

  • Added - Support displaying hype sale challenge on each user attempt to access hype sale and according to the configured limit.

Version 4.5.3

Released 2022-07-18

  • Added - A CPA field to a risk activity in case of valid cookie with a CPA field

Version 4.5.2

Released 2022-07-17

  • Changed - New hype sale template.

Version 4.5.1

Released 2022-06-30

  • Fixed - Add SameSite=Lax to PXHD cookie.

Version 4.5.0

Released 2022-06-20

  • Added - Support User Identifiers: CTS and JWT.

Version 4.4.2

Released 2022-05-18

  • Fix - Update block page to support error handling for mobile.

Version 4.4.1

Released 2022-05-01

  • Fix - Include Bypass Monitor Header feature when checking the module mode.

Version 4.4.0

Released 2022-04-13

  • Added Credentials Intelligence v2 hashing protocol as the default. The new protocol normalizes and hashes credentials according to a new algorithm that improves accuracy.
  • Added custom logo and alternate block script to ABR (JSON block response).
  • Changed the block page to use the new template.

Version 4.3.2

Released 2022-03-30

  • Fixed an error that caused page_requested activities with s2s_timeout to be sent in cases of block while in monitor mode.

Version 4.3.1

Released 2022-03-27

  • Added s2s_error enrichment for enhanced visibility and analysis of errors.
  • Added HTTP version field to all enforcer activities.
  • Added the decoded cookie to risk_api activities if due to sensitive route.
  • Fixed an issue where errors were not logged in debug mode.
  • Fixed an issue that caused an exception to be thrown on GraphQL paths.

Version 4.3.0

Released 2022-02-10

  • Added support for Hype Sales Challenge

Version 4.2.0

Released 2022-02-08

  • Added the automatic reporting of GraphQL operation names and types on PerimeterX activities, which improves visibility and detection.
  • Added the sensitive GraphQL operation feature, which triggers server-to-server calls for configured GraphQL operation names and types
  • Added additional_s2s activity as part of Credentials Intelligence reporting. This additional activity can be sent automatically within the Cloudflare worker or transferred as a header to the origin and sent directly to PerimeterX via an XHR POST request.
  • Added the ability to report the raw username to PerimeterX on the additional_s2s activity in cases where compromised credentials were used to successfully log in
  • Enhancements to the login credentials extraction feature, including the option to define custom extraction callbacks for endpoints, and automatic sending of credentials to PerimeterX upon successful extraction, and more

Version 4.1.1

Released 2022-01-30

  • Added support for automated upgrades, which allows for a faster and easier upgrade experience for enforcer versions moving forward.

Version 4.1.0

Released 2022-01-10

  • Added support for snippet injection, which enables to auto inject the custom JS snippet to the client’s HTML pages and is controlled remotely, allowing the flexibility to modify the snippet without having to deploy changes to the production environment

Version 4.0.4

Released 2021-12-29

  • Added a field server_info_origin to all enforcer activities, holding the three-letter IATA airport code of the data center where the request originated

Version 4.0.3

Released 2021-12-20

  • Added the ability to support multiple username and password fields for the same endpoint as part of the login credentials extraction feature
  • Added to ability to filter requests from the enforcer verification flow by specific header & its value

Version 4.0.2

Released 2021-11-22

Version 4.0.1

Released 2021-11-08

  • Added the request object to px_enrich_custom_params custom config function to enrich the information that user can send to PerimeterX
  • Differentiate custom code logic from the core functionality module. The config object now consist only of customer configuration without any internal logic

Version 4.0.0

Released 2021-10-25

  • Restructuring of the module code to enable quick and simple upgrades moving forward, which will ease efforts to keep the enforcer up to date and allow fast delivery of new capabilities by PerimeterX. Separate worker into customer facing and core sections (Config, pxCore, Main sections)
  • Enhanced logs for debugging purposes.
  • New configuration key px_login_credentials_http_body_size_limit added to limit the allowed http body size to extract the login credentials and maintain performance
  • Support for outputting whether user credentials are compromised on an additional header as part of PerimeterX Credential Intelligence product

Version 3.3.0

Released 2021-08-11

  • Added ability to sign cookie with the following fields: user agent, IP

Version 3.2.0

Released 2021-07-27

Version 3.1.0

Released 2021-07-21

  • Bug fix of unsafe cookie handling

Version 3.0.0

Released 2021-06-22

  • Added the ability to manage and deploy Cloudflare workers via Wrangler CLI tool

Version 2.9.0

Released 2021-06-01

  • Added handler feature which is pre enforcement
  • Separation between Bot Defender and Code Defender enforcement functionality - detached mechanisms

Version 2.8.0

Released 2021-05-18

  • New feature to support CSP and restrict resources as part of the Code Defender product

Version 2.7.0

Released 2021-04-07

Version 2.6.2

Released 2021-03-25

  • Bug fix to enable better handling for sensor injection

Version 2.6.1

Released 2021-03-10

  • Bug fix for enable better URL parsing

Version 2.6.0

Released 2021-02-01

  • Bug fix to better handle hashtags
  • Bug fix to better verify whitelist extensions

Version 2.5.0

Released 2020-10-25

  • Added Upstream Score Header property which specifies a header name that will contain the PerimeterX score to be sent to the origin.
  • Added Upstream Identifier Header property which specifies a header name that will contain the PerimeterX unique identifier (UUID) to be sent to the origin.
  • Support for JavaScript Sensor Injection

Version 2.4.2

Released 2020-10-02

  • Bug fix to verify pxCtx for deferred activities

Version 2.4.1

Released 2020-09-17

  • Bug fixed to enable sending deferred activities in monitor mode

Did this page help you?