Skip to content

Native Node Artifact Versions and Changelog

This document lists available versions of the Native Wallarm Node 0.14.x+ in various form factors, helping you track releases and plan upgrades.

All-in-one installer

The all-in-one installer for the Native Node is used for connectors.

History of all-in-one installer updates simultaneously applies to it's x86_64 and ARM64 (beta) versions.

How to upgrade

0.19.0 (2025-10-07)

  • Added support for blocking attackers by API sessions

  • Added multitenancy support

  • Changed the default wstore binding to IPv4 (tcp4), it now listens only on IPv4 instead of dual‑stack

    If your configuration uses localhost for wstore, update it to 127.0.0.1.

  • Introduced protocol selection (tcp, tcp4, tcp6) using the WALLARM_WSTORE__SERVICE__PROTOCOL environment variable, which can be set in /opt/wallarm/env.list

    The default value is "tcp4".

  • Relaxed content-type validation in API Specification Enforcement: requests with image MIME types (image/png, image/jpeg, image/gif, image/webp, image/avif, image/heic, image/heif, image/bmp, image/tiff, image/svg+xml) are no longer rejected

  • Bumped Go version to 1.24

  • Bug fixes:

    • Fixed an issue where the go-node process could segfault in production environments
    • Fixed an issue where response context parameters configured in API Sessions were not uploaded to the Wallarm Cloud
    • Fixed an issue with incorrect remote_addr parsing

0.18.0 (2025-09-17)

  • Added support for the Azure API Management connector

  • Added support for the Apigee API Management connector

  • Updated Go version to 1.25

  • http_inspector.workers: auto now respects Kubernetes cgroup limits

  • Optimized mesh balancing logic for scale-up and scale-down events

  • Bug fixes:

    • Fixed issue where the go-node process did not terminate correctly when stopped too early
    • Fixed issue where the go-node process ignored failures of metrics/health-check/mesh listeners
    • Fixed issue where http_inspector workers silently ignored ACL errors, addressing the most common source of these errors

0.17.1 (2025-08-15)

  • Fixed the stuffed credentials export to the Cloud

  • Improved GraphQL parser

  • Optimized the internal channel between the Node and wstore to increase throughput

    This prevents potential data loss when the Node ingests traffic faster than it can export it to postanalytics.

  • Fixed an issue where serialized requests without a source IP address failed to be exported to postanalytics

  • Bug fixes and internal improvements

0.16.3 (2025-08-05)

  • Added support for the Akamai connector

  • Fixed a silent failure when upgrading with the --preserve flag set to true

0.16.1 (2025-08-01)

  • Introduced the drop_on_overload parameter to control dropping excess input under high load

    Enabled (true) by default.

  • Added new Prometheus metrics:

    • wallarm_gonode_application_info with the general Native Node instance information, e.g.:

      wallarm_gonode_application_info{deployment_type="node-native-aio-installer",mode="connector-server",version="0.16.1"} 1

    • wallarm_gonode_http_inspector_balancer_workers

    • wallarm_gonode_http_inspector_debug_container_len now includes aggregate="sum" for type="channel:in"
    • wallarm_gonode_http_inspector_errors_total now includes a new type="FlowTimeouts"

  • Improved stability in the internal http_inspector module

0.16.0 (2025-07-23)

0.15.1 (2025-07-08)

  • Added support for mitigation control-based GraphQL API Protection

  • Introduced the proxy_headers configuration to configure trusted networks and extract real client IP and host headers

    This replaces http_inspector.real_ip_header used in earlier versions in the tcp-capture mode.

  • Added the metrics.namespace configuration option to customize the prefix of Prometheus metrics exposed by the go-node binary

  • Fixed the --preserve script flag behavior to correctly retain the existing node.yaml and env.list files during upgrade

    Previously, these files could be overwritten, resulting in loss of configuration.

  • Added connector.per_connection_limits to control keep-alive connection limits

  • Minor internal file structure change

  • Fixed wstore ports binding: now bound to 127.0.0.1 instead of 0.0.0.0

  • Fixed the CVE-2025-22874 vulnerability

  • Fixed the CVE-2025-47273 vulnerability

0.14.1 (2025-05-07)

  • Added support for enumeration mitigation controls

  • Added support for DoS protection mitigation control

  • Added support for the IBM API Connect connector

  • Fixed the CVE-2024-56406, CVE-2025-31115 vulnerabilities

  • Added support for external health check endpoint in the connector-server mode

    This is controlled by the new connector.external_health_check configuration section.

  • Fixed a recurring intermittent bug that could cause occasional corruption of request and response bodies

  • The following fixes and updates were made in tcp-capture mode:

    • GoReplay is now built with Go 1.24
    • Fixed: go-node process no longer hangs when the goreplay process crashes
    • Fixed a crash caused by a slice out-of-bounds error during header parsing in GoReplay
    • Fixed incorrect display of Native Node versions in Wallarm Console → Nodes

0.14.0 (2025-04-16)

  • Wallarm Node now uses wstore, a Wallarm-developed service, instead of Tarantool for local postanalytics processing

  • The collectd service, previously installed on all filtering nodes, has been removed along with its related plugins

    Metrics are now collected and sent using Wallarm's built-in mechanisms, reducing dependencies on external tools.

Helm chart

The Helm chart for the Native Node is used for self-hosted node deployments with the connectors.

How to upgrade

0.19.0 (2025-10-07)

  • Added support for blocking attackers by API sessions

  • Added multitenancy support

  • Changed the default wstore binding to IPv4 (tcp4), it now listens only on IPv4 instead of dual‑stack

  • Introduced the protocol selection (tcp, tcp4, tcp6) configuration parameter: config.aggregation.serviceProtocol

    The default value is "tcp4".

  • Changed the default value of config.aggregation.serviceAddress to 0.0.0.0:3313

    This allows IPv4 traffic only. If you are using a custom value, make sure it matches the selected config.aggregation.serviceProtocol.

  • Relaxed content-type validation in API Specification Enforcement: requests with image MIME types (image/png, image/jpeg, image/gif, image/webp, image/avif, image/heic, image/heif, image/bmp, image/tiff, image/svg+xml) are no longer rejected

  • Bumped Go version to 1.24

  • Set the default value for config.connector.per_connection_limits.max_duration to 1m (1 minute)

  • Bug fixes:

    • Fixed an issue where the go-node process could segfault in production environments
    • Fixed an issue where response context parameters configured in API Sessions were not uploaded to the Wallarm Cloud
    • Fixed an issue with incorrect remote_addr parsing
    • Fixed an issue where processing affinity was not applied correctly in the Native Node Helm chart

0.18.0 (2025-09-17)

  • Added support for the Azure API Management connector

  • Added support for the Apigee API Management connector

  • Updated Go version to 1.25

  • http_inspector.workers: auto now respects Kubernetes cgroup limits

  • Optimized mesh balancing logic for scale-up and scale-down events

  • Bug fixes:

    • Fixed issue where the go-node process did not terminate correctly when stopped too early
    • Fixed issue where the go-node process ignored failures of metrics/health-check/mesh listeners
    • Fixed issue where http_inspector workers silently ignored ACL errors, addressing the most common source of these errors

0.17.1 (2025-08-15)

  • Introduced the proxy_headers configuration to configure trusted networks and extract real client IP and host headers

  • Fixed the stuffed credentials export to the Cloud

  • Improved GraphQL parser

  • Optimized the internal channel between the Node and wstore to increase throughput

    This prevents potential data loss when the Node ingests traffic faster than it can export it to postanalytics.

  • Fixed an issue where serialized requests without a source IP address failed to be exported to postanalytics

  • Bug fixes and internal improvements

0.16.3 (2025-08-05)

0.16.1 (2025-08-01)

  • Introduced the input_filters configuration section, allowing to define which requests should be inspected or bypassed by the Node

  • Introduced the drop_on_overload parameter to control dropping excess input under high load

    Enabled (true) by default.

  • Added new Prometheus metrics:

    • wallarm_gonode_application_info with the general Native Node instance information, e.g.:

      wallarm_gonode_application_info{deployment_type="node-native-aio-installer",mode="connector-server",version="0.16.1"} 1

    • wallarm_gonode_http_inspector_balancer_workers

    • wallarm_gonode_http_inspector_debug_container_len now includes aggregate="sum" for type="channel:in"
    • wallarm_gonode_http_inspector_errors_total now includes a new type="FlowTimeouts"

  • Deprecated the Wallarm Connector for Istio that relied on a Lua plugin

    We recommend using the gRPC-based external processing filter for Istio instead.

  • For the deprecated Istio connector, the following improvements were made to ensure compatibility in existing deployments:

    • Fixed mesh balancing logic for messages
    • Added the disable_mesh parameter to process all connector traffic on the Node without mesh balancing (false by default - mesh balancing is enabled)
    • Added support for the drop_on_overload parameter

  • Improved stability in the internal http_inspector module

0.16.0 (2025-07-23)

0.15.1 (2025-07-08)

0.14.1 (2025-05-07)

  • Added support for the IBM API Connect connector

  • Fixed the CVE-2025-22871 vulnerability

  • Fixed handling of clusterIP: None in Helm chart headless service

  • Fixed a recurring intermittent bug that could cause occasional corruption of request and response bodies

  • Fixed incorrect display of Native Node versions in Wallarm Console → Nodes

0.14.0 (2025-04-16)

  • Wallarm Node now uses wstore, a Wallarm-developed service, instead of Tarantool for local postanalytics processing

  • All tarantool references in values.yaml (including container names and parameter keys) have been renamed to wstore

    If you override these parameters in your configuration, update their names accordingly.

  • The collectd service, previously installed on all filtering nodes, has been removed along with its related plugins

    Metrics are now collected and sent using Wallarm's built-in mechanisms, reducing dependencies on external tools.

  • Renamed the container label to type in all Prometheus metrics matching *_container_* to prevent conflicts with Kubernetes system labels

Docker image

The Docker image for the Native Node is used for self-hosted node deployment with the connectors.

How to upgrade

0.19.0 (2025-10-07)

  • Added support for blocking attackers by API sessions

  • Added multitenancy support

  • Changed the default wstore binding to IPv4 (tcp4), it now listens only on IPv4 instead of dual‑stack

    If your configuration uses localhost for wstore, update it to 127.0.0.1.

  • Introduced protocol selection (tcp, tcp4, tcp6) via the WALLARM_WSTORE__SERVICE__PROTOCOL environment variable

    The default value is "tcp4".

  • Relaxed content-type validation in API Specification Enforcement: requests with image MIME types (image/png, image/jpeg, image/gif, image/webp, image/avif, image/heic, image/heif, image/bmp, image/tiff, image/svg+xml) are no longer rejected

  • Bumped Go version to 1.24

  • Bug fixes:

    • Fixed an issue where the go-node process could segfault in production environments
    • Fixed an issue where response context parameters configured in API Sessions were not uploaded to the Wallarm Cloud
    • Fixed an issue with incorrect remote_addr parsing

0.18.0 (2025-09-17)

  • Added support for the Azure API Management connector

  • Added support for the Apigee API Management connector

  • Updated Go version to 1.25

  • http_inspector.workers: auto now respects Kubernetes cgroup limits

  • Optimized mesh balancing logic for scale-up and scale-down events

  • Bug fixes:

    • Fixed issue where the go-node process did not terminate correctly when stopped too early
    • Fixed issue where the go-node process ignored failures of metrics/health-check/mesh listeners
    • Fixed issue where http_inspector workers silently ignored ACL errors, addressing the most common source of these errors

0.17.1 (2025-08-15)

  • Fixed the stuffed credentials export to the Cloud

  • Improved GraphQL parser

  • Optimized the internal channel between the Node and wstore to increase throughput

    This prevents potential data loss when the Node ingests traffic faster than it can export it to postanalytics.

  • Fixed an issue where serialized requests without a source IP address failed to be exported to postanalytics

  • Bug fixes and internal improvements

0.16.3 (2025-08-05)

  • Added support for the Akamai connector

  • Fixed a silent failure when upgrading with the --preserve flag set to true

0.16.1 (2025-08-01)

  • Introduced the drop_on_overload parameter to control dropping excess input under high load

    Enabled (true) by default.

  • Added new Prometheus metrics:

    • wallarm_gonode_application_info with the general Native Node instance information, e.g.:

      wallarm_gonode_application_info{deployment_type="node-native-aio-installer",mode="connector-server",version="0.16.1"} 1

    • wallarm_gonode_http_inspector_balancer_workers

    • wallarm_gonode_http_inspector_debug_container_len now includes aggregate="sum" for type="channel:in"
    • wallarm_gonode_http_inspector_errors_total now includes a new type="FlowTimeouts"

  • Improved stability in the internal http_inspector module

0.16.0 (2025-07-23)

0.15.1 (2025-07-08)

  • Added support for mitigation control-based GraphQL API Protection

  • Introduced the proxy_headers configuration to configure trusted networks and extract real client IP and host headers

    This replaces http_inspector.real_ip_header used in earlier versions in the tcp-capture mode.

  • Added the metrics.namespace configuration option to customize the prefix of Prometheus metrics exposed by the go-node binary

  • Added connector.per_connection_limits to control keep-alive connection limits

  • Minor internal file structure change

  • Fixed wstore ports binding: now bound to 127.0.0.1 instead of 0.0.0.0

  • Fixed the CVE-2025-22874 vulnerability

  • Fixed the CVE-2025-47273 vulnerability

0.14.1 (2025-05-07)

  • Added support for the IBM API Connect connector

  • Fixed the CVE-2025-22871 vulnerability

  • Added support for external health check endpoint

    This is controlled by the new connector.external_health_check configuration section.

  • Fixed a recurring intermittent bug that could cause occasional corruption of request and response bodies

  • Fixed incorrect display of Native Node versions in Wallarm Console → Nodes

0.14.0 (2025-04-16)

  • Wallarm Node now uses wstore, a Wallarm-developed service, instead of Tarantool for local postanalytics processing

  • The collectd service, previously installed on all filtering nodes, has been removed along with its related plugins

    Metrics are now collected and sent using Wallarm's built-in mechanisms, reducing dependencies on external tools.

Amazon Machine Image (AMI)

0.14.0 (2025-05-07)

  • Initial release