Inventory of node artifact versions¶
This document lists available patch versions of Wallarm node 4.10 in different form-factors. You can track new patch version releases and plan timely upgrades based on this document.
All-in-one installer¶
History of updates simultaneously applies to the x86_64 and ARM64 (beta) versions of all-in-one installer.
How to migrate from DEB/RPM packages
How to migrate from previous all-in-one installer version
4.10.9 (2024-07-19)¶
-
Fixed the Tarantool reconnect issue for API Abuse Prevention
-
Fixed issues exporting malicious behavior patterns detected by the API Abuse Prevention module to API Sessions
-
Fixed the CVE-2024-6345 vulnerability
4.10.8 (2024-07-12)¶
- Fixed a memory leak in the API Discovery module
4.10.7 (2024-07-03)¶
-
Added support for NGINX v1.26.1 stable
-
Added support for NGINX v1.25.5 mainline
-
Added support for NGINX Plus R32
-
Fixed the
syncnode
issueCould not update (TypeError): no implicit conversion of nil into String
that sometimes appeared when registering a node in Wallarm Cloud using a node token -
API Specification Enforcement no longer requires manual NGINX configuration changes in
server
sections -
Optimized OpenAPI data type detection by the API Discovery module
4.10.6 (2024-05-16)¶
-
Enhanced OpenAPI data type detection by the API Discovery module
-
Introduced the
wallarm_http_v2_stream_max_len
directive to control the maximum length of HTTP/2 streams, helping prevent excessive memory consumption in long-lived gRPC connections -
Added support for NGINX v1.26.0
-
Fixed compatibility issues with the Kong Gateway
-
Resolved a memory leak issue where memory continued to be consumed after an overlimit attack was triggered, even when no further attack checks were conducted
-
Return proper non-zero exit codes during installation errors, addressing previous issues
-
Include the cpire-runner utility, which facilitates testing of regular expressions intended for user-defined attack detectors
-
Introduced distinct search tags for the
account_takeover
,scraping
, andsecurity_crawlers
attack types, improving specificity over the previous generalapi_abuse
tag
4.10.5 (2024-04-23)¶
- Fixed the API Abuse Prevention module logging issues
4.10.4 (2024-04-18)¶
-
Added support for API Specification Enforcement (using the functionality increases CPU consumption normally by about 20%)
-
Added support for GraphQL API Protection
To start using the functionality, you need to create at least one Detect GraphQL attacks rule in Wallarm Console.
-
Added support for NGINX v1.25.4
4.10.3 (2024-03-18)¶
- The
readahead
parameter value for Tarantool has been decreased to 32KB
4.10.2 (2024-03-08)¶
-
Internal improvements for higher reliability and security, including better synchronization between the filtering node and Wallarm Cloud, securing the
wallarm
user with a non-interactive shell, and other changes that do not affect the usage flow -
Updated the
appstructure
package -
Updated the
api-firewall
package -
The
readahead
parameter value for Tarantool has been decreased to 32KB -
Fixed the vulnerabilities:
-
Required access to the IP addresses below for downloading updates to attack detection rules and API specifications, as well as retrieving precise IPs for your allowlisted, denylisted, or graylisted countries, regions, or data centers
4.10.1 (2024-02-21)¶
-
Fixed an issue where partially downloaded custom ruleset files were mistakenly validated as complete. Chunked downloading has been implemented to address this issue
-
Fixed the vulnerabilities:
4.10.0 (2024-02-02)¶
- Initial release 4.10, see changelog
Helm chart for Wallarm NGINX Ingress controller¶
4.10.9 (2024-07-19)¶
-
Fixed the Tarantool reconnect issue for API Abuse Prevention
-
Fixed issues exporting malicious behavior patterns detected by the API Abuse Prevention module to API Sessions
-
Fixed the CVE-2024-6345 vulnerability
4.10.8 (2024-07-12)¶
-
Fixed a memory leak in the API Discovery module
-
Upgraded the controller to Go 1.21.12
-
Fixed the vulnerabilities:
4.10.7 (2024-07-03)¶
-
Fixed the
syncnode
issueCould not update (TypeError): no implicit conversion of nil into String
that sometimes appeared when registering a node in Wallarm Cloud using a node token -
Optimized OpenAPI data type detection by the API Discovery module
-
Upgraded the controller to Go 1.21.11 for the CVE-2024-24790 fix
4.10.6 (2024-05-22)¶
-
Added the
controller.wallarm.container_name.extraEnvs
chart values to allow passing additional environment variables to Docker containers utilized by the solution -
Enhanced OpenAPI data type detection by the API Discovery module
-
Introduced the
wallarm_http_v2_stream_max_len
directive to control the maximum length of HTTP/2 streams, helping prevent excessive memory consumption in long-lived gRPC connectionsTo apply this directive during Ingress controller deployment, include it in the
controller.config.http-snippet
,server-snippet
, orlocation-snippet
values. Alternatively, use thenginx.ingress.kubernetes.io/server-snippet
Ingress annotation. -
Resolved a memory leak issue where memory continued to be consumed after an overlimit attack was triggered, even when no further attack checks were conducted
-
Introduced distinct search tags for the
account_takeover
,scraping
, andsecurity_crawlers
attack types, improving specificity over the previous generalapi_abuse
tag
4.10.5 (2024-04-30)¶
- Fixed the API Abuse Prevention module logging issues
4.10.4 (2024-04-19)¶
-
Added support for API Specification Enforcement (using the functionality increases CPU consumption normally by about 20%)
-
Added support for GraphQL API Protection
-
Fixed performance issue
4.10.3 (2024-03-08)¶
-
Internal improvements for higher reliability and security, including better synchronization between the filtering node and Wallarm Cloud, securing the
wallarm
user with a non-interactive shell, and other changes that do not affect the usage flow -
Updated the
appstructure
package -
Updated the
api-firewall
package -
Fixed the vulnerabilities:
4.10.2 (2024-02-21)¶
-
Restored OpenTracing
-
Required access to the IP addresses below for downloading updates to attack detection rules and API specifications, as well as retrieving precise IPs for your allowlisted, denylisted, or graylisted countries, regions, or data centers
4.10.1 (2024-02-21)¶
-
Updated the
appstructure
package -
Internal enhancements and optimizations:
- Implemented labels and annotations for the Tarantool pod
- Transitioned to supervisord
-
Fixed the vulnerabilities:
4.10.0 (2024-02-01)¶
- Initial release 4.10, see changelog
Helm chart for Sidecar¶
4.10.10 (2024-07-22)¶
-
Fixed the Tarantool reconnect issue for API Abuse Prevention
-
Fixed issues exporting malicious behavior patterns detected by the API Abuse Prevention module to API Sessions
-
Fixed the CVE-2024-6345 vulnerability
4.10.9 (2024-07-18)¶
- Fixed issues preventing sidecar proxy container from starting
4.10.8 (2024-07-17)¶
-
Fixed issues with starting the API Firewall service required for API Specification Enforcement in split deployment mode of Wallarm containers
-
Fixed a memory leak in the API Discovery module
-
Introduced new configuration parameters for controlling NGINX
worker_connections
andworker_processes
:config.nginx.workerProcesses
andsidecar.wallarm.io/nginx-worker-processes
chart value and pod annotation respectivelyconfig.nginx.workerConnections
andsidecar.wallarm.io/nginx-worker-connections
chart value and pod annotation respectively
-
Bump Golang version to 1.22.5
-
The Sidecar controller now uses Alpine Linux version 3.20 with NGINX stable version 1.26.1, as previously introduced for the Docker image
-
Fixed the vulnerabilities:
4.10.7 (2024-07-03) - Breaking changes¶
-
Breaking change: The default method for generating the admission webhook certificate is now
certgen
, replacing the previous method. Multiple options for self-provisioning certificates have been introduced.Due to this breaking change, you need to follow specific upgrade instructions, including removing old certificate artifacts and applying the new configuration.
-
As of Docker image release 4.10.7, the Sidecar solution now uses Alpine Linux version 3.20 with NGINX stable version 1.26.1
-
Fixed the
syncnode
issueCould not update (TypeError): no implicit conversion of nil into String
that sometimes appeared when registering a node in Wallarm Cloud using a node token -
Optimized OpenAPI data type detection by the API Discovery module
4.10.6 (2024-05-22)¶
-
Enhanced OpenAPI data type detection by the API Discovery module
-
Introduced the
wallarm_http_v2_stream_max_len
directive to control the maximum length of HTTP/2 streams, helping prevent excessive memory consumption in long-lived gRPC connectionsTo apply this directive during Sidecar controller deployment, include it in the per-pod snippets or includes.
-
Resolved a memory leak issue where memory continued to be consumed after an overlimit attack was triggered, even when no further attack checks were conducted
-
Introduced distinct search tags for the
account_takeover
,scraping
, andsecurity_crawlers
attack types, improving specificity over the previous generalapi_abuse
tag
4.10.5 (2024-04-30)¶
-
Fixed the API Abuse Prevention module logging issues
-
Fixed Docker labels
4.10.4 (2024-04-29)¶
-
Added support for API Specification Enforcement (using the functionality increases CPU consumption normally by about 20%)
-
Added support for GraphQL API Protection
-
Bump Alpine version to 3.19
-
Bump Golang version to 1.22.2
-
Bump Golang dependencies
4.10.2 (2024-04-19)¶
-
Added support for credential stuffing detection
-
Added support for ARM64 processors
-
Bump Alpine version to 3.19
-
Upgrade NGINX to version 1.24.0 from 1.21.6
-
The following built-in NGINX modules are not distributed with the Sidecar solution anymore:
-
Fixed the vulnerabilities of the critical and high risk levels:
-
Required access to the IP addresses below for downloading updates to attack detection rules and API specifications, as well as retrieving precise IPs for your allowlisted, denylisted, or graylisted countries, regions, or data centers
Helm chart for Wallarm eBPF‑based solution¶
0.10.28 (2024-04-24)¶
-
Added support for API Specification Enforcement (using the functionality increases CPU consumption normally by about 20%)
-
Added support for GraphQL API Protection
-
Added support for NGINX v1.25.4
-
Required access to the IP addresses below for downloading updates to attack detection rules and API specifications, as well as retrieving precise IPs for your allowlisted, denylisted, or graylisted countries, regions, or data centers
0.10.27 (2024-03-29)¶
- Fixed incorrect behavior in case of processing/aggregation init container fail
0.10.26 (2024-03-27)¶
-
Implemented Certificate Authority (CA) verification for traffic from the eBPF agent to the Wallarm processing node
-
Added mutual TLS (mTLS) support, enabling the processing node to authenticate the security of traffic from the eBPF agent
This is controlled by the
config.mutualTLS
value in the Helm chart, disabled by default. -
Upgraded agent dependencies
0.10.25 (2024-03-19)¶
-
Added support for credential stuffing detection
-
Bump the default
SLAB_ALLOC_ARENA
value up to 2GB -
Internal improvements
0.10.23 (2024-03-07)¶
-
Fixed http2 streams mirroring issues in some cases
-
Internal fixes and stability improvements
0.10.22 (2024-03-01)¶
NGINX-based Docker image¶
4.10.9-1 (2024-07-22)¶
- Fixed the CVE-2024-6345 vulnerability
4.10.8-1 (2024-07-12)¶
-
Fixed a memory leak in the API Discovery module
-
Fixed the CVE-2024-24791 vulnerability
4.10.7-1 (2024-07-03)¶
-
Upgraded the Alpine Linux version used in the Docker image to 3.20, which includes NGINX stable 1.26.1
-
Fixed the
syncnode
issueCould not update (TypeError): no implicit conversion of nil into String
that sometimes appeared when registering a node in Wallarm Cloud using a node token -
API Specification Enforcement no longer requires manual NGINX configuration changes in
server
sections -
Optimized OpenAPI data type detection by the API Discovery module
4.10.6-1 (2024-05-17)¶
-
Enhanced OpenAPI data type detection by the API Discovery module
-
Introduced the
wallarm_http_v2_stream_max_len
directive to control the maximum length of HTTP/2 streams, helping prevent excessive memory consumption in long-lived gRPC connectionsTo use this variable in a Docker container, specify it in your NGINX configuration file and mount the file into the container.
-
Resolved a memory leak issue where memory continued to be consumed after an overlimit attack was triggered, even when no further attack checks were conducted
-
Include the cpire-runner utility, which facilitates testing of regular expressions intended for user-defined attack detectors
-
Introduced distinct search tags for the
account_takeover
,scraping
, andsecurity_crawlers
attack types, improving specificity over the previous generalapi_abuse
tag
4.10.5-1 (2024-04-30)¶
- Fixed the API Abuse Prevention module logging issues
4.10.4-1 (2024-04-18)¶
-
Added support for API Specification Enforcement (using the functionality increases CPU consumption normally by about 20%)
-
Added support for GraphQL API Protection
To start using the functionality, you need to create at least one Detect GraphQL attacks rule in Wallarm Console.
-
Added support for NGINX v1.25.4
4.10.2-1 (2024-03-08)¶
-
Internal improvements for higher reliability and security, including better synchronization between the filtering node and Wallarm Cloud, securing the
wallarm
user with a non-interactive shell, and other changes that do not affect the usage flow -
Updated the
appstructure
package -
Updated the
api-firewall
package -
Fixed the vulnerabilities:
-
Required access to the IP addresses below for downloading updates to attack detection rules and API specifications, as well as retrieving precise IPs for your allowlisted, denylisted, or graylisted countries, regions, or data centers
4.10.1-1 (2024-02-21)¶
-
Updated the
appstructure
package -
Fixed the vulnerabilities:
4.10.0-1 (2024-02-02)¶
- Initial release 4.10, including optimizations, and security enhancements for the Docker image. See changelog
Amazon Machine Image (AMI)¶
4.10.9-1 (2024-07-22)¶
-
Fixed the Tarantool reconnect issue for API Abuse Prevention
-
Fixed issues exporting malicious behavior patterns detected by the API Abuse Prevention module to API Sessions
4.10.8-1 (2024-07-12)¶
- Fixed a memory leak in the API Discovery module
4.10.7-1 (2024-07-03)¶
-
Fixed the
syncnode
issueCould not update (TypeError): no implicit conversion of nil into String
that sometimes appeared when registering a node in Wallarm Cloud using a node token -
Optimized OpenAPI data type detection by the API Discovery module
4.10.6-1 (2024-05-22)¶
-
Enhanced OpenAPI data type detection by the API Discovery module
-
Introduced the
wallarm_http_v2_stream_max_len
directive to control the maximum length of HTTP/2 streams, helping prevent excessive memory consumption in long-lived gRPC connections -
Resolved a memory leak issue where memory continued to be consumed after an overlimit attack was triggered, even when no further attack checks were conducted
-
Include the cpire-runner utility, which facilitates testing of regular expressions intended for user-defined attack detectors
-
Introduced distinct search tags for the
account_takeover
,scraping
, andsecurity_crawlers
attack types, improving specificity over the previous generalapi_abuse
tag
4.10.5-1 (2024-05-16)¶
- Fixed the API Abuse Prevention module logging issues
4.10.4-1 (2024-04-19)¶
-
Added support for API Specification Enforcement (using the functionality increases CPU consumption normally by about 20%)
-
Added support for GraphQL API Protection
4.10.2-2 (2024-03-20)¶
- The
readahead
parameter value for Tarantool has been decreased to 32KB
4.10.2-1 (2024-03-08)¶
-
Internal improvements for higher reliability and security, including better synchronization between the filtering node and Wallarm Cloud, securing the
wallarm
user with a non-interactive shell, and other changes that do not affect the usage flow -
Updated the
appstructure
package -
Updated the
api-firewall
package -
Fixed the vulnerabilities:
-
Required access to the IP addresses below for downloading updates to attack detection rules and API specifications, as well as retrieving precise IPs for your allowlisted, denylisted, or graylisted countries, regions, or data centers
4.10.1-2 (2024-02-21)¶
-
Updated the
appstructure
package -
Fixed the vulnerabilities:
4.10.0-1 (2024-02-02)¶
- Initial release 4.10, including optimizations for the image. See changelog
Google Cloud Platform Image¶
wallarm-node-4-10-20240220-234618¶
-
Updated the
appstructure
package -
Fixed the vulnerabilities:
wallarm-node-4-10-20240126-175315 (2024-02-02)¶
- Initial release 4.10, including optimizations for the image. See changelog