Skip to content
Copy
View as Markdown Suggest changes
Add Docs MCP
Setup guide

Native Node Artifact Versions and Changelog

This document lists available versions of the Native Wallarm Node 0.14.x+ in various form factors, helping you track releases and plan upgrades.

All-in-one installer

The all-in-one installer for the Native Node is used for connectors.

History of all-in-one installer updates simultaneously applies to it's x86_64 and ARM64 versions.

How to upgrade

0.25.2 (2026-06-05)

  • Fixed issues with caching MCP schemas for schema enforcement

0.25.1 (2026-05-21)

  • Added full support for the ME (Middle East) Wallarm Cloud in the all-in-one installer:

    • Interactive mode now lists ME Cloud alongside the US and EU options.
    • The -c, --cloud flag now accepts ME as a value.
    • The -H, --host flag description now references me1.api.wallarm.com.

  • Added the http_inspector.wmcp_enabled configuration parameter (default true) that lets you opt out of MCP traffic analysis even when it would otherwise be enabled automatically by your Wallarm subscription

  • Added connector.app_reply_timeout and connector.app_reply_timeout_code configuration parameters that enforce a hard time-based cut-off on request handling in connector-server mode. Use them when the upstream caller (for example, an API gateway) requires a strict response budget per request

  • Fixed an issue where MCP session locations were not invalidated on configuration reload, causing stale entries to persist after reconfiguration

  • Fixed an issue where attack requests were silently dropped from the export pipeline when acl.enabled: false was set, breaking attack reporting in deployments with ACL disabled

  • Bumped Go version to 1.26.3

  • Fixed security vulnerabilities:

0.25.0 (2026-05-04)

  • Added support for MCP server discovery in API Discovery

  • Added support for MCP Sessions

  • Added MCP mitigation controls: ACL policy, request verification, and tool input schema enforcement

  • Added HEX encoding attack detection — the Node now decodes and analyzes HEX-encoded payloads, improving protection against obfuscation-based bypass techniques

  • Fixed API Specification Enforcement incorrectly reporting requests as "undefined endpoint" for OpenAPI specs that define a base path in the servers block

0.24.1 (2026-04-27)

  • Added the metrics.per_host_stats configuration parameter to control per-host metrics collection (enabled by default)

  • Bumped Go version to 1.26.2

  • Fixed intermittent errors in custom ruleset loading and GraphQL processing

  • Fixed occasional panic in tcp-capture-v2 mode

0.24.0 (2026-04-06)

  • Added authentication flow detection in API Discovery — automatically identifies authentication methods used by each endpoint and highlights unauthenticated endpoints

  • TCP traffic mirror analysis (tcp-capture-v2 mode):

    • Added support for VXLAN and GENEVE decapsulation, including automatic support for AWS VPC Traffic Mirroring (GENEVE with nested VXLAN)
    • Added new configuration parameters: tcp_stream.from_vxlan and tcp_stream.from_geneve for receiving encapsulated mirrored traffic
    • Fixed issues that caused missing and unanalyzed requests, incorrect response-to-request association, and VLAN ID mishandling
    • Fixed incorrect reassembly of interlaced packets captured from multiple interfaces in promiscuous mode

  • Changed default log.proton_log_mask from info@* to info+@* to show warning and error messages from the traffic analysis engine (previously only info-level messages were displayed)

  • Changed default http_inspector.shm_dir from /tmp to /opt/wallarm/shm for better compatibility with containerized environments

  • Fixed API Specification Enforcement not triggering specification processing overlimit events for requests exceeding size or time limits

  • Updated Prometheus metrics:

    Change Metric
    New wallarm_gonode_tcp_stream_input_packets_total{source=…}
    New wallarm_gonode_tcp_stream_input_bytes_total{source=…}
    New wallarm_gonode_tcp_stream_output_packets_total
    New wallarm_gonode_tcp_stream_output_bytes_total
    New wallarm_gonode_tcp_stream_packets_rejected_total{reason=…}
    New wallarm_gonode_tcp_stream_bytes_rejected_total{reason=…}
    New wallarm_gonode_tcp_reassembler_http_decode_bytes_decoded_total
    New wallarm_gonode_tcp_reassembler_http_flow_bytes_rejected_total
    New wallarm_gonode_tcp_reassembler_container_is_overloaded
    New wallarm_gonode_tcp_reassembler_http_unpaired_messages
    New wallarm_gonode_tcp_stream_diag_interface_counters_total
    New wallarm_gonode_tcp_stream_errors_total (Geneve/VXLAN error types)
    New wallarm_gonode_envoy_external_filter_requests_blocked_total
    Changed wallarm_gonode_tcp_stream_diag_interface_info — now only reports MTU; I/O counters moved to diag_interface_counters_total
    Changed Per-host metrics (*_per_host_total) — host label is now validated, normalized to lowercase; invalid/oversized values bucketed under __invalid_host__
    Renamed …errors_total{type="ResponseBeforeRequest"}…{type="ResponseReadyBeforeRequest"}
    Removed wallarm_gonode_tcp_stream_tcp_packets_read_total
    Removed wallarm_gonode_http_connector_server_errors_total{type="MsgType"}

  • Fixed minor stability and reliability issues

0.23.2 (2026-03-24)

0.23.1 (2026-03-19)

  • Fixed a memory leak in the API Specification Enforcement component that caused steadily increasing memory consumption and eventual OOMKill pod restarts

  • Added new traffic metrics to the wallarm-status statistics service: bytes_blocked_in, bytes_blocked_out, bytes_blocked_by_acl_in, and bytes_blocked_by_acl_out

    These counters track the volume of incoming and outgoing traffic in blocked requests, split by block reason (attack/overlimit/antibot vs. denylists). Available in JSON, Prometheus, and per-application split formats.

  • Bumped Go version to 1.26.1

  • Fixed a shared memory allocation bug in the statistics service initialization that could lead to data corruption under high load

  • Fixed memory limit handling for wcli jobs

  • Fixed security vulnerabilities:

0.23.0 (2026-02-24)

  • Added support for circular references in OpenAPI specifications uploaded for API Specification Enforcement

  • Added support for OpenAPI v3 specifications with non-string (for example, integer) YAML keys in API Specification Enforcement. This improves compatibility and prevents schema parsing failures

  • Increased the frequency of session updates sent to the Wallarm Cloud. Sessions now appear in the UI faster, closer to real time

  • Improved memory usage monitoring and prevention of resource exhaustion

  • Added API token masking in Node logs to prevent sensitive data exposure

  • Fixed the CVE-2026-21441 vulnerability

  • Fixed an issue where the Node sent too many requests in a single batch to wstore, causing submission failures

  • Fixed an issue where the installer script failed with the "Incorrect config content for tcp-capture-v2 mode" error when the mode parameter value was quoted

  • Minor bug fixes and performance improvements

0.22.2 (2026-05-08)

0.22.1 (2026-02-03)

  • Fixed an issue where real IP header overrides were not applied when the header value contained an IP address with a port

0.22.0 (2025-12-23)

  • Added support for the Gloo Gateway connector

  • Fixed the issue where integers were not being masked when using the "Mask sensitive data" rule

  • Fixed the issue where responses containing infoleak stamps were being blocked

    Wallarm no longer blocks such responses, as doing so caused false detections and prevented rules from being edited

  • Fixed connector server waiting for the response data that is known to never arrive

0.21.0 (2025-12-17)

  • Added support for the Amazon API Gateway connector

  • Added the client_uuid label to all *_per_app* and *_per_host* Prometheus metrics for Nodes running in multi-tenant mode

  • Fixed the issue where the wallarm_status service statistics contained the outdated abnormal metric, which was incorrectly increasing with each request

    The metric and other outdated fields have been removed.

  • Fixed an issue where large or overlapping denylisted IP ranges were not being blocked in Security Edge-hosted environments

0.20.0 (2025-11-25)

  • Introduced support for OpenAPI 3.1 in the API Specification Enforcement feature — you can now upload specifications in version 3.1 format to compare traffic against them, identify mismatches, and mitigate related security risks

  • Added Prometheus metrics support for the Postanalytics wstore component. The metrics are available by default at http://localhost:9001/metrics using the tcp4 (IPv4-only) protocol

    You can change the default metrics host, port, and protocol by setting the following environment variables when deploying the Node:

    • WALLARM_WSTORE__METRICS__LISTEN_ADDRESS — defines the host and port
    • WALLARM_WSTORE__METRICS__PROTOCOL — defines the protocol

  • Added Prometheus metrics support for API Specification Enforcement service operation (based on the built-in API Firewall service). API Firewall metrics are included as part of the go-node Prometheus metrics

  • Removed support for the deprecated http_inspector.real_ip_header configuration parameter

  • Improved Node initialization logs — added detailed information about component type, supported versions, error source, API endpoint, and Node UUID to simplify troubleshooting during the initialization stage

  • Fixed the CVE-2025-58188 vulnerability

  • Bug fixes:

    • Fixed an issue where the Aggregation/wcli container could enter a crash loop due to an out-of-memory (OOM) condition
    • Fixed an issue where the Node raised an error when a JWT token was sent in the Authorization: Bearer header
    • Fixed invalid type error when editing automatically created rules for attacks detected in gRPC responses
    • Fixed a race condition in out-of-band connectors, resolving the FlowIsMissingRequest, FlowIsMissingResponse, and occasional duplicate ID errors
    • Fixed the issue where the verdict field in go-node access logs was occasionally missing, incorrectly formatted, and not JSON-compatible

0.19.0 (2025-10-07)

  • Added support for blocking attackers by API sessions

  • Added multitenancy support

  • Changed the default wstore binding to IPv4 (tcp4), it now listens only on IPv4 instead of dual‑stack

    If your configuration uses localhost for wstore, update it to 127.0.0.1.

  • Introduced protocol selection (tcp, tcp4, tcp6) using the WALLARM_WSTORE__SERVICE__PROTOCOL environment variable, which can be set in /opt/wallarm/env.list

    The default value is "tcp4".

  • Relaxed content-type validation in API Specification Enforcement: requests with image MIME types (image/png, image/jpeg, image/gif, image/webp, image/avif, image/heic, image/heif, image/bmp, image/tiff, image/svg+xml) are no longer rejected

  • Bumped Go version to 1.24

  • Bug fixes:

    • Fixed an issue where the go-node process could segfault in production environments
    • Fixed an issue where response context parameters configured in API Sessions were not uploaded to the Wallarm Cloud
    • Fixed an issue with incorrect remote_addr parsing

0.18.0 (2025-09-17)

  • Added support for the Azure API Management connector

  • Added support for the Apigee API Management connector

  • Updated Go version to 1.25

  • http_inspector.workers: auto now respects Kubernetes cgroup limits

  • Optimized mesh balancing logic for scale-up and scale-down events

  • Bug fixes:

    • Fixed issue where the go-node process did not terminate correctly when stopped too early
    • Fixed issue where the go-node process ignored failures of metrics/health-check/mesh listeners
    • Fixed issue where http_inspector workers silently ignored ACL errors, addressing the most common source of these errors

0.17.1 (2025-08-15)

  • Fixed the stuffed credentials export to the Cloud

  • Improved GraphQL parser

  • Optimized the internal channel between the Node and wstore to increase throughput

    This prevents potential data loss when the Node ingests traffic faster than it can export it to postanalytics.

  • Fixed an issue where serialized requests without a source IP address failed to be exported to postanalytics

  • Bug fixes and internal improvements

0.16.3 (2025-08-05)

  • Added support for the Akamai connector

  • Fixed a silent failure when upgrading with the --preserve flag set to true

0.16.1 (2025-08-01)

  • Added new Prometheus metrics:

    • wallarm_gonode_application_info with the general Native Node instance information, e.g.:

      wallarm_gonode_application_info{deployment_type="node-native-aio-installer",mode="connector-server",version="0.16.1"} 1

    • wallarm_gonode_http_inspector_balancer_workers

    • wallarm_gonode_http_inspector_debug_container_len now includes aggregate="sum" for type="channel:in"
    • wallarm_gonode_http_inspector_errors_total now includes a new type="FlowTimeouts"

  • Improved stability in the internal http_inspector module

0.16.0 (2025-07-23)

0.15.1 (2025-07-08)

  • Added support for mitigation control-based GraphQL API Protection

  • Introduced the proxy_headers configuration to configure trusted networks and extract real client IP and host headers

  • Added the metrics.namespace configuration option to customize the prefix of Prometheus metrics exposed by the go-node binary

  • Fixed the --preserve script flag behavior to correctly retain the existing node.yaml and env.list files during upgrade

    Previously, these files could be overwritten, resulting in loss of configuration.

  • Added connector.per_connection_limits to control keep-alive connection limits

  • Minor internal file structure change

  • Fixed wstore ports binding: now bound to 127.0.0.1 instead of 0.0.0.0

  • Fixed the CVE-2025-22874 vulnerability

  • Fixed the CVE-2025-47273 vulnerability

0.14.1 (2025-05-07)

  • Added support for enumeration mitigation controls

  • Added support for DoS protection mitigation control

  • Added support for the IBM API Connect connector

  • Fixed the CVE-2024-56406, CVE-2025-31115 vulnerabilities

  • Added support for external health check endpoint in the connector-server mode

    This is controlled by the new connector.external_health_check configuration section.

  • Fixed a recurring intermittent bug that could cause occasional corruption of request and response bodies

  • Fixed incorrect display of Native Node versions in Wallarm Console → Nodes

0.14.0 (2025-04-16)

  • Wallarm Node now uses wstore, a Wallarm-developed service, instead of Tarantool for local postanalytics processing

  • The collectd service, previously installed on all filtering nodes, has been removed along with its related plugins

    Metrics are now collected and sent using Wallarm's built-in mechanisms, reducing dependencies on external tools.

Helm chart

The Helm chart for the Native Node is used for self-hosted node deployments with the connectors.

How to upgrade

0.25.2 (2026-06-05)

  • Fixed issues with caching MCP schemas for schema enforcement

0.25.1 (2026-05-21)

  • Fixed an issue where MCP session locations were not invalidated on configuration reload, causing stale entries to persist after reconfiguration

  • Fixed an issue where attack requests were silently dropped from the export pipeline when acl.enabled: false was set, breaking attack reporting in deployments with ACL disabled

  • Bumped Go version to 1.26.3

  • Fixed security vulnerabilities:

0.25.0 (2026-05-04)

  • Added support for MCP server discovery in API Discovery

  • Added support for MCP Sessions

  • Added MCP mitigation controls: ACL policy, request verification, and tool input schema enforcement

  • Added HEX encoding attack detection — the Node now decodes and analyzes HEX-encoded payloads, improving protection against obfuscation-based bypass techniques

  • Fixed API Specification Enforcement incorrectly reporting requests as "undefined endpoint" for OpenAPI specs that define a base path in the servers block

0.24.1 (2026-04-27)

  • Bumped Go version to 1.26.2

  • Fixed intermittent errors in custom ruleset loading and GraphQL processing

0.24.0 (2026-04-06)

  • Added authentication flow detection in API Discovery — automatically identifies authentication methods used by each endpoint and highlights unauthenticated endpoints

  • Fixed API Specification Enforcement not triggering specification processing overlimit events for requests exceeding size or time limits

  • Updated Prometheus metrics:

    Change Metric
    New wallarm_gonode_envoy_external_filter_requests_blocked_total
    Changed Per-host metrics (*_per_host_total) — host label is now validated, normalized to lowercase; invalid/oversized values bucketed under __invalid_host__
    Renamed …errors_total{type="ResponseBeforeRequest"}…{type="ResponseReadyBeforeRequest"}
    Removed wallarm_gonode_http_connector_server_errors_total{type="MsgType"}

  • Fixed minor stability and reliability issues

0.23.2 (2026-03-24)

0.23.1 (2026-03-19)

  • Fixed a memory leak in the API Specification Enforcement component that caused steadily increasing memory consumption and eventual OOMKill pod restarts

  • Added new traffic metrics to the wallarm-status statistics service: bytes_blocked_in, bytes_blocked_out, bytes_blocked_by_acl_in, and bytes_blocked_by_acl_out

    These counters track the volume of incoming and outgoing traffic in blocked requests, split by block reason (attack/overlimit/antibot vs. denylists). Available in JSON, Prometheus, and per-application split formats.

  • Bumped Go version to 1.26.1

  • Fixed a shared memory allocation bug in the statistics service initialization that could lead to data corruption under high load

  • Fixed memory limit handling for wcli jobs

  • Fixed security vulnerabilities:

0.23.0 (2026-02-24)

  • Improved the Helm chart for high-availability deployments by adding pod disruption budgets, tuning resource settings, and introducing the topologySpreadConstraints and startupProbe values

  • Added support for circular references in OpenAPI specifications uploaded for API Specification Enforcement

  • Added support for OpenAPI v3 specifications with non-string (for example, integer) YAML keys in API Specification Enforcement. This improves compatibility and prevents schema parsing failures

  • Increased the frequency of session updates sent to the Wallarm Cloud. Sessions now appear in the UI faster, closer to real time

  • Improved memory usage monitoring and prevention of resource exhaustion

  • Added API token masking in Node logs to prevent sensitive data exposure

  • Fixed the CVE-2026-21441 vulnerability

  • Fixed an issue where the Node sent too many requests in a single batch to wstore, causing submission failures

  • Minor bug fixes and performance improvements

0.22.1 (2026-02-03)

  • Fixed an issue where real IP header overrides were not applied when the header value contained an IP address with a port

0.22.0 (2025-12-23)

  • Added support for the Gloo Gateway connector

  • Added support for Kong Ingress Controller connector 1.1.0 with new inspect_response and inspect_response_body configuration parameters

  • Fixed the issue where integers were not being masked when using the "Mask sensitive data" rule

  • Fixed the issue where responses containing infoleak stamps were being blocked

    Wallarm no longer blocks such responses, as doing so caused false detections and prevented rules from being edited

  • Fixed connector server waiting for the response data that is known to never arrive

0.21.0 (2025-12-17)

0.20.0 (2025-11-25)

  • Introduced support for OpenAPI 3.1 in the API Specification Enforcement feature — you can now upload specifications in version 3.1 format to compare traffic against them, identify mismatches, and mitigate related security risks

  • Added Prometheus metrics support for the Postanalytics wstore component. The metrics are available by default at http://localhost:9001/metrics using the tcp4 (IPv4-only) protocol

    You can change the default metrics host, port, and protocol by setting the following in values.yaml:

  • Added Prometheus metrics support for API Specification Enforcement service operation (based on the built-in API Firewall service). API Firewall metrics are included as part of the go-node Prometheus metrics

  • Improved Node initialization logs — added detailed information about component type, supported versions, error source, API endpoint, and Node UUID to simplify troubleshooting during the initialization stage

  • Switched to native HTTP readiness and liveness probes for the wstore component

  • Fixed the CVE-2025-58188 vulnerability

  • Bug fixes:

    • Fixed an issue where the Aggregation/wcli container could enter a crash loop due to an out-of-memory (OOM) condition
    • Fixed the issue where the Node raised an error when a JWT token was sent in the Authorization: Bearer header
    • Fixed invalid type error when editing automatically created rules for attacks detected in gRPC responses
    • Fixed a race condition in out-of-band connectors, resolving the FlowIsMissingRequest, FlowIsMissingResponse, and occasional duplicate ID errors
    • Fixed the issue where the verdict field in go-node access logs was occasionally missing, incorrectly formatted, and not JSON-compatible

0.19.0 (2025-10-07)

  • Added support for blocking attackers by API sessions

  • Added multitenancy support

  • Changed the default wstore binding to IPv4 (tcp4), it now listens only on IPv4 instead of dual‑stack

  • Introduced the protocol selection (tcp, tcp4, tcp6) configuration parameter: config.aggregation.serviceProtocol

    The default value is "tcp4".

  • Changed the default value of config.aggregation.serviceAddress to 0.0.0.0:3313

    This allows IPv4 traffic only. If you are using a custom value, make sure it matches the selected config.aggregation.serviceProtocol.

  • Relaxed content-type validation in API Specification Enforcement: requests with image MIME types (image/png, image/jpeg, image/gif, image/webp, image/avif, image/heic, image/heif, image/bmp, image/tiff, image/svg+xml) are no longer rejected

  • Bumped Go version to 1.24

  • Set the default value for config.connector.per_connection_limits.max_duration to 1m (1 minute)

  • Bug fixes:

    • Fixed an issue where the go-node process could segfault in production environments
    • Fixed an issue where response context parameters configured in API Sessions were not uploaded to the Wallarm Cloud
    • Fixed an issue with incorrect remote_addr parsing
    • Fixed an issue where processing affinity was not applied correctly in the Native Node Helm chart

0.18.0 (2025-09-17)

  • Added support for the Azure API Management connector

  • Added support for the Apigee API Management connector

  • Updated Go version to 1.25

  • http_inspector.workers: auto now respects Kubernetes cgroup limits

  • Optimized mesh balancing logic for scale-up and scale-down events

  • Bug fixes:

    • Fixed issue where the go-node process did not terminate correctly when stopped too early
    • Fixed issue where the go-node process ignored failures of metrics/health-check/mesh listeners
    • Fixed issue where http_inspector workers silently ignored ACL errors, addressing the most common source of these errors

0.17.1 (2025-08-15)

  • Introduced the proxy_headers configuration to configure trusted networks and extract real client IP and host headers

  • Fixed the stuffed credentials export to the Cloud

  • Improved GraphQL parser

  • Optimized the internal channel between the Node and wstore to increase throughput

    This prevents potential data loss when the Node ingests traffic faster than it can export it to postanalytics.

  • Fixed an issue where serialized requests without a source IP address failed to be exported to postanalytics

  • Bug fixes and internal improvements

0.16.3 (2025-08-05)

0.16.1 (2025-08-01)

  • Introduced the input_filters configuration section, allowing to define which requests should be inspected or bypassed by the Node

  • Added new Prometheus metrics:

    • wallarm_gonode_application_info with the general Native Node instance information, e.g.:

      wallarm_gonode_application_info{deployment_type="node-native-aio-installer",mode="connector-server",version="0.16.1"} 1

    • wallarm_gonode_http_inspector_balancer_workers

    • wallarm_gonode_http_inspector_debug_container_len now includes aggregate="sum" for type="channel:in"
    • wallarm_gonode_http_inspector_errors_total now includes a new type="FlowTimeouts"

  • Deprecated the Wallarm Connector for Istio that relied on a Lua plugin

    We recommend using the gRPC-based external processing filter for Istio instead.

  • For the deprecated Istio connector, the following improvements were made to ensure compatibility in existing deployments:

    • Fixed mesh balancing logic for messages
    • Added the disable_mesh parameter to process all connector traffic on the Node without mesh balancing (false by default - mesh balancing is enabled)

  • Improved stability in the internal http_inspector module

0.16.0 (2025-07-23)

0.15.1 (2025-07-08)

0.14.1 (2025-05-07)

  • Added support for the IBM API Connect connector

  • Fixed the CVE-2025-22871 vulnerability

  • Fixed handling of clusterIP: None in Helm chart headless service

  • Fixed a recurring intermittent bug that could cause occasional corruption of request and response bodies

  • Fixed incorrect display of Native Node versions in Wallarm Console → Nodes

0.14.0 (2025-04-16)

  • Wallarm Node now uses wstore, a Wallarm-developed service, instead of Tarantool for local postanalytics processing

  • All tarantool references in values.yaml (including container names and parameter keys) have been renamed to wstore

    If you override these parameters in your configuration, update their names accordingly.

  • The collectd service, previously installed on all filtering nodes, has been removed along with its related plugins

    Metrics are now collected and sent using Wallarm's built-in mechanisms, reducing dependencies on external tools.

  • Renamed the container label to type in all Prometheus metrics matching *_container_* to prevent conflicts with Kubernetes system labels

Docker image

The Docker image for the Native Node is used for self-hosted node deployment with the connectors.

How to upgrade

0.25.2 (2026-06-05)

  • Fixed issues with caching MCP schemas for schema enforcement

0.25.1 (2026-05-21)

  • Added the http_inspector.wmcp_enabled configuration parameter (default true) that lets you opt out of MCP traffic analysis even when it would otherwise be enabled automatically by your Wallarm subscription

  • Added connector.app_reply_timeout and connector.app_reply_timeout_code configuration parameters that enforce a hard time-based cut-off on request handling in connector-server mode. Use them when the upstream caller (for example, an API gateway) requires a strict response budget per request

  • Fixed an issue where MCP session locations were not invalidated on configuration reload, causing stale entries to persist after reconfiguration

  • Fixed an issue where attack requests were silently dropped from the export pipeline when acl.enabled: false was set, breaking attack reporting in deployments with ACL disabled

  • Bumped Go version to 1.26.3

  • Fixed security vulnerabilities:

0.25.0 (2026-05-04)

  • Added support for MCP server discovery in API Discovery

  • Added support for MCP Sessions

  • Added MCP mitigation controls: ACL policy, request verification, and tool input schema enforcement

  • Added HEX encoding attack detection — the Node now decodes and analyzes HEX-encoded payloads, improving protection against obfuscation-based bypass techniques

  • Fixed API Specification Enforcement incorrectly reporting requests as "undefined endpoint" for OpenAPI specs that define a base path in the servers block

0.24.1 (2026-04-27)

  • Added the metrics.per_host_stats configuration parameter to control per-host metrics collection (enabled by default)

  • Bumped Go version to 1.26.2

  • Fixed intermittent errors in custom ruleset loading and GraphQL processing

0.24.0 (2026-04-06)

  • Added authentication flow detection in API Discovery — automatically identifies authentication methods used by each endpoint and highlights unauthenticated endpoints

  • Changed default log.proton_log_mask from info@* to info+@* to show warning and error messages from the traffic analysis engine (previously only info-level messages were displayed)

  • Changed default http_inspector.shm_dir from /tmp to /opt/wallarm/shm for better compatibility with containerized environments

  • Fixed API Specification Enforcement not triggering specification processing overlimit events for requests exceeding size or time limits

  • Updated Prometheus metrics:

    Change Metric
    New wallarm_gonode_envoy_external_filter_requests_blocked_total
    Changed Per-host metrics (*_per_host_total) — host label is now validated, normalized to lowercase; invalid/oversized values bucketed under __invalid_host__
    Renamed …errors_total{type="ResponseBeforeRequest"}…{type="ResponseReadyBeforeRequest"}
    Removed wallarm_gonode_http_connector_server_errors_total{type="MsgType"}

  • Fixed minor stability and reliability issues

0.23.2 (2026-03-24)

0.23.1 (2026-03-19)

0.23.0 (2026-02-24)

  • Added support for circular references in OpenAPI specifications uploaded for API Specification Enforcement

  • Added support for OpenAPI v3 specifications with non-string (for example, integer) YAML keys in API Specification Enforcement. This improves compatibility and prevents schema parsing failures

  • Increased the frequency of session updates sent to the Wallarm Cloud. Sessions now appear in the UI faster, closer to real time

  • Improved memory usage monitoring and prevention of resource exhaustion

  • Added API token masking in Node logs to prevent sensitive data exposure

  • Fixed the CVE-2026-21441 vulnerability

  • Fixed an issue where the Node sent too many requests in a single batch to wstore, causing submission failures

  • Minor bug fixes and performance improvements

0.22.2 (2026-05-08)

0.22.1 (2026-02-03)

  • Fixed an issue where real IP header overrides were not applied when the header value contained an IP address with a port

0.22.0 (2025-12-23)

  • Added support for the Gloo Gateway connector

  • Fixed the issue where integers were not being masked when using the "Mask sensitive data" rule

  • Fixed the issue where responses containing infoleak stamps were being blocked

    Wallarm no longer blocks such responses, as doing so caused false detections and prevented rules from being edited

  • Fixed connector server waiting for the response data that is known to never arrive

0.21.0 (2025-12-17)

0.20.0 (2025-11-25)

  • Introduced support for OpenAPI 3.1 in the API Specification Enforcement feature — you can now upload specifications in version 3.1 format to compare traffic against them, identify mismatches, and mitigate related security risks

  • Added Prometheus metrics support for the Postanalytics wstore component. The metrics are available by default at http://localhost:9001/metrics using the tcp4 (IPv4-only) protocol

    You can change the default metrics host, port, and protocol by setting the following environment variables when deploying the Node:

    • WALLARM_WSTORE__METRICS__LISTEN_ADDRESS — defines the host and port
    • WALLARM_WSTORE__METRICS__PROTOCOL — defines the protocol

  • Added Prometheus metrics supportfor API Specification Enforcement service operation (based on the built-in API Firewall service). API Firewall metrics are included as part of the go-node Prometheus metrics

  • Removed support for the deprecated http_inspector.real_ip_header configuration parameter

  • Improved Node initialization logs — added detailed information about component type, supported versions, error source, API endpoint, and Node UUID to simplify troubleshooting during the initialization stage

  • Fixed the CVE-2025-58188 vulnerability

  • Bug fixes:

    • Fixed an issue where the Aggregation/wcli container could enter a crash loop due to an out-of-memory (OOM) condition
    • Fixed an issue where the Node raised an error when a JWT token was sent in the Authorization: Bearer header
    • Fixed invalid type error when editing automatically created rules for attacks detected in gRPC responses
    • Fixed a race condition in out-of-band connectors, resolving the FlowIsMissingRequest, FlowIsMissingResponse, and occasional duplicate ID errors
    • Fixed the issue where the verdict field in go-node access logs was occasionally missing, incorrectly formatted, and not JSON-compatible

0.19.0 (2025-10-07)

  • Added support for blocking attackers by API sessions

  • Added multitenancy support

  • Changed the default wstore binding to IPv4 (tcp4), it now listens only on IPv4 instead of dual‑stack

    If your configuration uses localhost for wstore, update it to 127.0.0.1.

  • Introduced protocol selection (tcp, tcp4, tcp6) via the WALLARM_WSTORE__SERVICE__PROTOCOL environment variable

    The default value is "tcp4".

  • Relaxed content-type validation in API Specification Enforcement: requests with image MIME types (image/png, image/jpeg, image/gif, image/webp, image/avif, image/heic, image/heif, image/bmp, image/tiff, image/svg+xml) are no longer rejected

  • Bumped Go version to 1.24

  • Bug fixes:

    • Fixed an issue where the go-node process could segfault in production environments
    • Fixed an issue where response context parameters configured in API Sessions were not uploaded to the Wallarm Cloud
    • Fixed an issue with incorrect remote_addr parsing

0.18.0 (2025-09-17)

  • Added support for the Azure API Management connector

  • Added support for the Apigee API Management connector

  • Updated Go version to 1.25

  • http_inspector.workers: auto now respects Kubernetes cgroup limits

  • Optimized mesh balancing logic for scale-up and scale-down events

  • Bug fixes:

    • Fixed issue where the go-node process did not terminate correctly when stopped too early
    • Fixed issue where the go-node process ignored failures of metrics/health-check/mesh listeners
    • Fixed issue where http_inspector workers silently ignored ACL errors, addressing the most common source of these errors

0.17.1 (2025-08-15)

  • Fixed the stuffed credentials export to the Cloud

  • Improved GraphQL parser

  • Optimized the internal channel between the Node and wstore to increase throughput

    This prevents potential data loss when the Node ingests traffic faster than it can export it to postanalytics.

  • Fixed an issue where serialized requests without a source IP address failed to be exported to postanalytics

  • Bug fixes and internal improvements

0.16.3 (2025-08-05)

  • Added support for the Akamai connector

  • Fixed a silent failure when upgrading with the --preserve flag set to true

0.16.1 (2025-08-01)

  • Added new Prometheus metrics:

    • wallarm_gonode_application_info with the general Native Node instance information, e.g.:

      wallarm_gonode_application_info{deployment_type="node-native-aio-installer",mode="connector-server",version="0.16.1"} 1

    • wallarm_gonode_http_inspector_balancer_workers

    • wallarm_gonode_http_inspector_debug_container_len now includes aggregate="sum" for type="channel:in"
    • wallarm_gonode_http_inspector_errors_total now includes a new type="FlowTimeouts"

  • Improved stability in the internal http_inspector module

0.16.0 (2025-07-23)

0.15.1 (2025-07-08)

  • Added support for mitigation control-based GraphQL API Protection

  • Introduced the proxy_headers configuration to configure trusted networks and extract real client IP and host headers

  • Added the metrics.namespace configuration option to customize the prefix of Prometheus metrics exposed by the go-node binary

  • Added connector.per_connection_limits to control keep-alive connection limits

  • Minor internal file structure change

  • Fixed wstore ports binding: now bound to 127.0.0.1 instead of 0.0.0.0

  • Fixed the CVE-2025-22874 vulnerability

  • Fixed the CVE-2025-47273 vulnerability

0.14.1 (2025-05-07)

  • Added support for the IBM API Connect connector

  • Fixed the CVE-2025-22871 vulnerability

  • Added support for external health check endpoint

    This is controlled by the new connector.external_health_check configuration section.

  • Fixed a recurring intermittent bug that could cause occasional corruption of request and response bodies

  • Fixed incorrect display of Native Node versions in Wallarm Console → Nodes

0.14.0 (2025-04-16)

  • Wallarm Node now uses wstore, a Wallarm-developed service, instead of Tarantool for local postanalytics processing

  • The collectd service, previously installed on all filtering nodes, has been removed along with its related plugins

    Metrics are now collected and sent using Wallarm's built-in mechanisms, reducing dependencies on external tools.

Amazon Machine Image (AMI)

0.14.0 (2025-05-07)

  • Initial release