Native Node Artifact Versions and Changelog¶

This document lists available versions of the Native Wallarm Node 0.x in various form factors, helping you track releases and plan upgrades.

All-in-one installer¶

The all-in-one installer for the Native Node is used for TCP traffic mirror analysis and self-hosted node deployment with the MuleSoft Mule Gateway, CloudFront, Cloudflare, Broadcom Layer7 API Gateway, Fastly, IBM DataPower connectors.

History of all-in-one installer updates simultaneously applies to it's x86_64 and ARM64 (beta) versions.

How to upgrade

0.13.7 (2025-07-23)¶

• Introduced the input_filters configuration section, allowing to define which requests should be inspected or bypassed by the Node

• Fixed blocking issue with denylisted origins and Wallarm Console UI-configured mode

0.13.6 (2025-07-08)¶

• Fixed the CVE-2025-22874 vulnerability

• Resolved an issue in proxy_headers processing where headers from multiple records could be mixed for a single request

  Now, once a request matches a trusted_networks entry, only headers from that specific record are used.

• Minor bug fixes

0.13.5 (2025-06-09)¶

• Fixed the CVE-2025-47273 vulnerability

• Removed support for the WALLARM_ATTACKS_DETAILED_EXPORT environment variable which has been used to disable exporting full attack data to Wallarm Cloud

• Introduced the proxy_headers configuration to configure trusted networks and extract real client IP and host headers

  This replaces http_inspector.real_ip_header used in earlier versions in the tcp-capture mode.

• Added the metrics.namespace configuration option to customize the prefix of Prometheus metrics exposed by the go-node binary

0.13.4 (2025-05-14)¶

• Fixed the --preserve script flag behavior to correctly retain the existing node.yaml and env.list files during upgrade

  Previously, these files could be overwritten, resulting in loss of configuration.

• Added connector.per_connection_limits to control keep-alive connection limits

• Added support for the WALLARM_ATTACKS_DETAILED_EXPORT environment variable to optionally disable exporting full attack data to Wallarm Cloud

  This is intended for environments with strict data protection requirements.

0.13.3 (2025-05-07)¶

• Added support for the IBM API Connect connector

• Fixed the CVE-2024-56406, CVE-2025-31115, CVE-2025-22871 vulnerabilities

• Added support for external health check endpoint in the connector-server mode

  This is controlled by the new connector.external_health_check configuration section.

• Fixed a recurring intermittent bug that could cause occasional corruption of request and response bodies

• The following fixes and updates were made in tcp-capture mode:

  • GoReplay is now built with Go 1.24
  • Fixed: go-node process no longer hangs when the goreplay process crashes
  • Fixed a crash caused by a slice out-of-bounds error during header parsing in GoReplay
  • Fixed incorrect display of Native Node versions in Wallarm Console → Nodes

0.13.2 (2025-04-15)¶

• Fixed an intermittent bug causing occasional request and response body corruption

0.13.1 (2025-04-09)¶

• Stability improvements

0.13.0 (2025-03-31)¶

• tarantool_exporter is now postanalytics_exporter in the Native Node configuration file. This change also requires an update to the version value:

  -version: 3
  +version: 4
  
  -tarantool_exporter:
  +postanalytics_exporter:
    address: 127.0.0.1:3313
    enabled: true
  

  Deployments using version 2 or version 3 will continue to work with Native Node 0.13.x and above if you do not explicitly specify the postanalytics_exporter configuration. However, this approach is deprecated, and updating to the new configuration format is recommended.

• Added support for the envoy-external-filter operation mode for Istio/Envoy external gRPC processing filter

• Fixed the CVE-2024-56171, CVE-2025-24928, CVE-2025-22869, CVE-2025-22868 vulnerabilities

• Fixed request counter when wallarm_mode: off (they are not counted)

0.12.1 (2025-02-27)¶

• Fixed the CVE-2025-22869, CVE-2024-13176, CVE-2024-56326, CVE-2024-56201 and CVE-2025-22866 vulnerabilities

• Fixed the CVE-2025-26519 and CVE-2024-12797 vulnerabilities

• Fixed vpatch attacks not being blocked in monitoring mode

• Fixed serialized requests missing response time and length fields

• Fixed chained headers log level from warn to trace

0.12.0 (2025-02-05)¶

• Added support for response parameters in API Sessions for providing the full context of user activities and more precise session grouping (see detailed change description)

• Added a full-fledged GraphQL parser (see detailed change description) that allows:

  • Improved detection of the input validation attacks in GraphQL-specific request points
  • Fine-tuning attack detection for specific GraphQL points (e.g. disable detection of specific attack types in specific points)
  • Analyzing specific parts of GraphQL requests in API sessions

• Fixed invalid time value in serialized requests to properly display the resource overlimit attacks

• Fixed problem for the invalid_xml attack detection in responses

• Fixed an issue where user-overridden headers were being dropped

0.11.0 (2025-01-31)¶

• Added support for the WALLARM_APID_ONLY environment variable which enables API Discovery-only mode

  In this mode, attacks are blocked locally (if enabled) but not exported to Wallarm Cloud, while API Discovery, API session tracking, and security vulnerability detection remain fully functional. This mode is rarely needed, in most environments, using this mode is unnecessary.

• Improved the Native Node's interaction with GoReplay, resulting in the following configuration changes:

  -version: 2
  +version: 3
  
  -middleware:
  +goreplay:
    parse_responses: true
    response_timeout: 5s
    url_normalize: true
  

  During upgrade, update the version value and replace the middleware section with goreplay if explicitly specified in the initial configuration file.

• Fixed a small HTTP parsing bug in the tcp-capture mode

0.10.1 (2025-01-02)¶

• Added support for sensitive business flows in API Discovery and API Sessions

• Added support for the Fastly connector

• Fixed potential request loss at mesh startup

• Resolved the CVE-2024-45337 and CVE-2024-45338 vulnerabilities

• Fixed an issue where some requests were processed unsuccessfully, potentially affecting API Sessions, Credential Stuffing, and API Abuse Prevention

0.10.0 (2024-12-19)¶

• Added URL normalization before selecting route configurations and analyzing data with libproton in tcp-capture mode

  This is controlled by the middleware.url_normalize parameter (true by default).

• Introduced the http_inspector.wallarm_process_time_limit parameter to control request processing time locally

  The default is 1s unless overridden by Wallarm Console settings.

• Prometheus metrics updates (available in the :9000 port):

  • Removed obsolete metrics with static zero values.
  • Enhanced http_inspector_requests_processed and http_inspector_threats_found metrics with anything allowed to be specified in source label values.
  • Added the http_inspector_adjusted_counters metric for tracking request and attack counts.

0.9.1 (2024-12-10)¶

• Minor bug fixes

0.9.0 (2024-12-04)¶

• The default endpoint for JSON-formatted /wallarm-status metrics has changed to 127.0.0.1:10246 (the metrics.legacy_status.listen_address parameter value). This legacy service is critical for Node functionality but does not require direct interaction.

0.8.3 (2024-11-14)¶

• Added support for MuleSoft connector 3.0.x

0.8.2 (2024-11-11)¶

• Fixed some bugs in the wallarm-status service operation

0.8.1 (2024-11-06)¶

• Fixed regression in the request_id format introduced in 0.8.0

0.8.0 (2024-11-06)¶

• Added support for the Broadcom Layer7 API Gateway connector

• Added support for API Sessions

• Improved limiting request processing time

• Changed default values for the following parameters:

  • The connector.blocking parameter now defaults to true, enabling the Native Node's general capability to block incoming requests without manual configuration during deployment.
  • The route_config.wallarm_mode parameter, which sets the traffic filtration mode, now defaults to monitoring, providing an optimal setup for initial deployments.

• Added URL normalization before selecting route configurations and analyzing data with libproton (controlled by the controller.url_normalize parameter which is set to true by default)

• Reduced memory usage during node registration

• Some bug fixes

0.7.0 (2024-10-16)¶

• Fixed an issue where some internal service connector headers were not being stripped before processing

• Added support for the mesh feature in connector-server mode, enabling consistent request/response routing across multiple node replicas

  This introdcues the new configuration parameters under connector.mesh to configure the mesh functionality.

0.6.0 (2024-10-10)¶

• Added support for customizing sensitive data detection in API Discovery

• Fixed memory leak on duplicate response headers in libproton

• Fixed memory leak related to IP addresses that are not in IP lists but have known source

• Updated artifact naming from "next" to "native"

  https://meganode.wallarm.com/next/aionext-<VERSION>.<ARCH>.sh → https://meganode.wallarm.com/native/aio-native-<VERSION>.<ARCH>.sh

0.5.2 (2024-09-17)¶

• Fixed installation failure issue when no WAAP + API Security subscription is activated

• Fixed delays in attack export

• Fixed an issue with the C memory allocator that caused a performance slowdown

0.5.1 (2024-09-16)¶

• Added configurable access log output via log.access_log parameters

0.5.0 (2024-09-11)¶

• Minor technical improvements and optimizations

0.4.3 (2024-09-05)¶

• Fixed an issue causing ~0.1% of data source messages to be silently lost due to a typo

0.4.1 (2024-08-27)¶

• Added support for wildcard matching in the route_config.routes.host configuration parameter

0.4.0 (2024-08-22)¶

• Initial release

Helm chart¶

The Helm chart for the Native Node is used for self-hosted node deployments with the MuleSoft, CloudFront, Cloudflare, Broadcom Layer7 API Gateway, Fastly, IBM DataPower, Kong API Gateway, and Istio connectors.

How to upgrade

0.13.7 (2025-07-23)¶

• Fixed blocking issue with denylisted origins and Wallarm Console UI-configured mode

0.13.6 (2025-07-08)¶

• Fixed the CVE-2025-22874 vulnerability

• Minor bug fixes

0.13.5 (2025-06-09)¶

• Fixed the CVE-2025-47273 vulnerability

0.13.4 (2025-05-14)¶

• Added config.connector.per_connection_limits to control keep-alive connection limits

0.13.3 (2025-05-07)¶

• Added support for the IBM API Connect connector

• Renamed the container label to type in all Prometheus metrics matching *_container_* to prevent conflicts with Kubernetes system labels

• Fixed the CVE-2025-22871 vulnerability

• Fixed handling of clusterIP: None in Helm chart headless service

• Fixed a recurring intermittent bug that could cause occasional corruption of request and response bodies

• Fixed incorrect display of Native Node versions in Wallarm Console → Nodes

0.13.2 (2025-04-15)¶

• Fixed an intermittent bug causing occasional request and response body corruption

0.13.1 (2025-04-09)¶

• Stability improvements

0.13.0 (2025-03-31)¶

• Added support for the envoy-external-filter operation mode for Istio/Envoy external gRPC processing filter

• Fixed the CVE-2024-56171, CVE-2025-24928, CVE-2025-22869, CVE-2025-22868 vulnerabilities

• Fixed request counter when wallarm_mode: off (they are not counted)

0.12.1 (2025-02-27)¶

• Fixed the CVE-2025-22869, CVE-2024-13176, CVE-2024-56326, CVE-2024-56201 and CVE-2025-22866 vulnerabilities

• Fixed the CVE-2025-26519 and CVE-2024-12797 vulnerabilities

• Fixed vpatch attacks not being blocked in monitoring mode

• Fixed serialized requests missing response time and length fields

• Fixed chained headers log level from warn to trace

0.12.0 (2025-02-05)¶

• Added support for response parameters in API Sessions for providing the full context of user activities and more precise session grouping (see detailed change description)

• Added a full-fledged GraphQL parser (see detailed change description) that allows:

  • Improved detection of the input validation attacks in GraphQL-specific request points
  • Fine-tuning attack detection for specific GraphQL points (e.g. disable detection of specific attack types in specific points)
  • Analyzing specific parts of GraphQL requests in API sessions

• Fixed invalid time value in serialized requests to properly display the resource overlimit attacks

• Fixed problem for the invalid_xml attack detection in responses

• Fixed an issue where user-overridden headers were being dropped

0.11.0 (2025-01-31)¶

• Fixed some bugs

0.10.1 (2025-01-02)¶

• Added support for sensitive business flows in API Discovery and API Sessions

• Added support for the Fastly connector

• Fixed potential request loss at mesh startup

• Resolved the CVE-2024-45337 and CVE-2024-45338 vulnerabilities

• Fixed an issue where some requests were processed unsuccessfully, potentially affecting API Sessions, Credential Stuffing, and API Abuse Prevention

0.10.0 (2024-12-19)¶

• Introduced more granular logging configuration options in the config.connector.log section, replacing the single config.connector.log_level parameter

• The default log level is now info (previously debug)

0.9.1 (2024-12-10)¶

• Minor bug fixes

0.9.0 (2024-12-04)¶

• Some fixes for consistent traffic distribution across all aggregation replicas.

• The default endpoint for JSON-formatted /wallarm-status metrics has changed to 127.0.0.1:10246 (the metrics.legacy_status.listen_address parameter value). This legacy service is critical for Node functionality but does not require direct interaction.

• Minor fixes to increase reliability under diverse deployment conditions.

0.8.3 (2024-11-14)¶

• Added support for MuleSoft connector v3.0.x

0.8.2 (2024-11-11)¶

• Fixed some bugs in the wallarm-status service operation

0.8.1 (2024-11-07)¶

• Added support for the Broadcom Layer7 API Gateway connector

• Added support for API Sessions

• Improved limiting request processing time

• Reduced memory usage during node registration

• Some bug fixes

0.7.0 (2024-10-17)¶

• Fixed an issue where some internal service connector headers were not being stripped before processing

• Added support for customizing sensitive data detection in API Discovery

• Fixed memory leak on duplicate response headers in libproton

• Fixed memory leak related to IP addresses that are not in IP lists but have known source

• Updated artifact naming from "next" to "native"

  wallarm/wallarm-node-next → wallarm/wallarm-node-native

• Updated the config.wallarm_node_address parameter value in the KongClusterPlugin Kubernetes resource used to activate the Wallarm Lua plugin:

  http://next-processing.wallarm-node.svc.cluster.local:5000 → http://native-processing.wallarm-node.svc.cluster.local:5000

0.5.3 (2024-10-01)¶

• Initial release

Docker image¶

The Docker image for the Native Node is used for self-hosted node deployment with the MuleSoft, CloudFront, Cloudflare, Broadcom Layer7 API Gateway, Fastly, IBM DataPower connectors.

How to upgrade

0.13.7 (2025-07-23)¶

• Introduced the input_filters configuration section, allowing to define which requests should be inspected or bypassed by the Node

• Fixed blocking issue with denylisted origins and Wallarm Console UI-configured mode

0.13.6 (2025-07-08)¶

• Fixed the CVE-2025-22874 vulnerability

• Resolved an issue in proxy_headers processing where headers from multiple records could be mixed for a single request

  Now, once a request matches a trusted_networks entry, only headers from that specific record are used.

• Minor bug fixes

0.13.5 (2025-06-09)¶

• Fixed the CVE-2025-47273 vulnerability

• Removed support for the WALLARM_ATTACKS_DETAILED_EXPORT environment variable which has been used to disable exporting full attack data to Wallarm Cloud

• Introduced the proxy_headers configuration to configure trusted networks and extract real client IP and host headers

  This replaces http_inspector.real_ip_header used in earlier versions in the tcp-capture mode.

• Added the metrics.namespace configuration option to customize the prefix of Prometheus metrics exposed by the go-node binary

0.13.4 (2025-05-14)¶

• Added connector.per_connection_limits to control keep-alive connection limits

• Added support for the WALLARM_ATTACKS_DETAILED_EXPORT environment variable to optionally disable exporting full attack data to Wallarm Cloud

  This is intended for environments with strict data protection requirements.

0.13.3 (2025-05-07)¶

• Added support for the IBM API Connect connector

• Fixed the CVE-2025-22871 vulnerability

• Added support for external health check endpoint

  This is controlled by the new connector.external_health_check configuration section.

• Fixed a recurring intermittent bug that could cause occasional corruption of request and response bodies

• Fixed incorrect display of Native Node versions in Wallarm Console → Nodes

0.13.2 (2025-04-15)¶

• Fixed an intermittent bug causing occasional request and response body corruption

0.13.1 (2025-04-09)¶

• Stability improvements

0.13.0 (2025-03-31)¶

• tarantool_exporter is now postanalytics_exporter in the Native Node configuration file. This change also requires an update to the version value:

  -version: 3
  +version: 4
  
  -tarantool_exporter:
  +postanalytics_exporter:
    address: 127.0.0.1:3313
    enabled: true
  

  Deployments using version 2 or version 3 will continue to work with Native Node 0.13.x and above if you do not explicitly specify the postanalytics_exporter configuration. However, this approach is deprecated, and updating to the new configuration format is recommended.

• Added support for the envoy-external-filter operation mode for Istio/Envoy external gRPC processing filter

• Fixed the CVE-2024-56171, CVE-2025-24928, CVE-2025-22869, CVE-2025-22868 vulnerabilities

• Fixed request counter when wallarm_mode: off (they are not counted)

0.12.1 (2025-02-27)¶

• Fixed the CVE-2025-22869, CVE-2024-13176, CVE-2024-56326, CVE-2024-56201 and CVE-2025-22866 vulnerabilities

• Fixed the CVE-2025-26519 and CVE-2024-12797 vulnerabilities

• Fixed vpatch attacks not being blocked in monitoring mode

• Fixed serialized requests missing response time and length fields

• Fixed chained headers log level from warn to trace

0.12.0 (2025-02-05)¶

• Added support for response parameters in API Sessions for providing the full context of user activities and more precise session grouping (see detailed change description)

• Added a full-fledged GraphQL parser (see detailed change description) that allows:

  • Improved detection of the input validation attacks in GraphQL-specific request points
  • Fine-tuning attack detection for specific GraphQL points (e.g. disable detection of specific attack types in specific points)
  • Analyzing specific parts of GraphQL requests in API sessions

• Fixed invalid time value in serialized requests to properly display the resource overlimit attacks

• Fixed problem for the invalid_xml attack detection in responses

• Fixed an issue where user-overridden headers were being dropped

0.11.0 (2025-01-31)¶

• Added support for the WALLARM_APID_ONLY environment variable which enables API Discovery-only mode

  In this mode, attacks are blocked locally (if enabled) but not exported to Wallarm Cloud, while API Discovery, API session tracking, and security vulnerability detection remain fully functional. This mode is rarely needed, in most environments, using this mode is unnecessary.

0.10.1 (2025-01-02)¶

• Added support for sensitive business flows in API Discovery and API Sessions

• Added support for the Fastly connector

• Fixed potential request loss at mesh startup

• Resolved the CVE-2024-45337 and CVE-2024-45338 vulnerabilities

• Fixed an issue where some requests were processed unsuccessfully, potentially affecting API Sessions, Credential Stuffing, and API Abuse Prevention

0.10.0 (2024-12-19)¶

• Resolved the critical CVE-2024-45337 vulnerability and addressed several minor vulnerabilities

• Added URL normalization before selecting route configurations and analyzing data with libproton in tcp-capture mode

  This is controlled by the middleware.url_normalize parameter (true by default).

• Introduced the http_inspector.wallarm_process_time_limit parameter to control request processing time locally

  The default is 1s unless overridden by Wallarm Console settings.

• Prometheus metrics updates (available in the :9000 port):

  • Removed obsolete metrics with static zero values.
  • Enhanced http_inspector_requests_processed and http_inspector_threats_found metrics with anything allowed to be specified in source label values.
  • Added the http_inspector_adjusted_counters metric for tracking request and attack counts.

0.9.1 (2024-12-10)¶

• Minor bug fixes

0.9.0 (2024-12-04)¶

• Some fixes for consistent traffic distribution across all aggregation replicas.

• The default endpoint for JSON-formatted /wallarm-status metrics has changed to 127.0.0.1:10246 (the metrics.legacy_status.listen_address parameter value). This legacy service is critical for Node functionality but does not require direct interaction.

• Minor fixes to increase reliability under diverse deployment conditions.

0.8.3 (2024-11-14)¶

• Added support for MuleSoft connector v3.0.x

0.8.2 (2024-11-11)¶

• Fixed some bugs in the wallarm-status service operation

0.8.1 (2024-11-06)¶

• Added support for the Broadcom Layer7 API Gateway connector

• Added support for API Sessions

• Improved limiting request processing time

• Changed default values for the following parameters:

  • The connector.blocking parameter now defaults to true, enabling the Native Node's general capability to block incoming requests without manual configuration during deployment.
  • The route_config.wallarm_mode parameter, which sets the traffic filtration mode, now defaults to monitoring, providing an optimal setup for initial deployments.

• Added URL normalization before selecting route configurations and analyzing data with libproton (controlled by the controller.url_normalize parameter which is set to true by default)

• Reduced memory usage during node registration

• Some bug fixes

0.7.0 (2024-10-16)¶

• Fixed an issue where some internal service connector headers were not being stripped before processing

• Added support for the mesh feature in connector-server mode, enabling consistent request/response routing across multiple node replicas

  This introdcues the new configuration parameters under connector.mesh to configure the mesh functionality.

0.6.0 (2024-10-10)¶

• Initial release

Was this page helpful?

How can we improve this article? (Optional)

Information is unclear or confusing

Insufficient information

Outdated or incorrect information

0/240

Send