What is new in Wallarm node 4.4¶
The new minor version of the Wallarm node has been released! Wallarm node 4.4 has new features making attack mitigation even more powerful and usable including JWT strength check and double-validation of SQLi attacks.
Checking JSON Web Token strength¶
JSON Web Token (JWT) is a popular authentication standard used to exchange data between resources like APIs securely. JWT compromisation is a common aim of attackers as breaking authentication mechanisms provides them full access to web applications and APIs. The weaker JWTs, the higher chance for it to be compromised.
Starting from version 4.4, you can enable Wallarm to detect the following JWT weaknesses:
-
Unencrypted JWTs
-
JWTs signed using compromised secret keys
To enable, use the Weak JWT trigger.
Enhanced attack analysis with the libdetection library¶
Attack analysis performed by Wallarm has been enhanced by involving an additional attack validation layer. Wallarm node 4.4 and above are distributed with the libdetection library enabled by default. This library performs secondary fully grammar-based validation of all SQLi attacks reducing the number of false positives detected among SQL injections.
Memory consumption increase
With the libdetection library enabled, the amount of memory consumed by NGINX/Envoy and Wallarm processes may increase by about 10%.
Details on how Wallarm detects attacks →
Supported installation options¶
-
Added support for Ubuntu 22.04 LTS (jammy)
-
Dropped support for Debian 10.x (buster) for Wallarm to be installed as the module for either NGINX stable or NGINX Plus
See the full list of supported installation options →
When upgrading node 3.6 and lower¶
If upgrading from the version 3.6 or lower, learn all changes from the separate list.
Which Wallarm nodes are recommended to be upgraded?¶
-
Client and multi-tenant Wallarm nodes of version 4.x to stay up to date with Wallarm releases and prevent installed module deprecation.
-
Client and multi-tenant Wallarm nodes of the unsupported versions (3.6 and lower). Changes available in Wallarm node 4.4 simplify the node configuration and improve traffic filtration. Please note that some settings of node 4.4 are incompatible with the nodes of older versions.
Upgrade process¶
-
Upgrade installed modules following the instructions for your Wallarm node deployment option: