v1.1.28

What's Changed

• Add support for AIKIDO_INSTANCE_NAME

v1.1.27

What's Changed

• Adds a java version check for 17 <= and < 25 for now
• Java hostnames now normalized to lowercase before reporting
• supports user id exclusion from rate limiting
• minor improvements: IPList now has built-in ipv4-mapped ipv6 support
• minor dev improvements & new release workflow

v1.1.26

What's Changed

• Add outbound domain blocking
• Improve sql detection algorithm (now v0.1.60)
• Improve absolute path traversal check

v1.1.25

What's Changed

• Make sure if \r and \f is used when the command and user input are one and the same is also still getting blocked

v1.1.24

What's Changed

• Fixes bypass with \r and \f shell separators
• Normalizes current directory path segments (/./) for absolute path traversal detection
• Also support .tar.gz downloads during release

v1.1.23

What's Changed

• Reports samples for attack wave
• Improves IMDS SSRF protection by also checking ipv4-mapped ipv6 addresses

v1.1.22

What's Changed

• send attack events even without a context for stored ssrf
• report query parameters in url during attack for Spring MVC & Javalin
• run attack wave detection after req, so user data can be reported.
• respect protection forced off when scanning for (stored) ssrf
• perf: re-use scanner instances to avoid unnecessary gc
• perf: caches hostname, host ip, os & platform

v1.1.22 beta 3

What's Changed

• send attack events even without a context for stored ssrf
• report query parameters in url during attack for Spring MVC & Javalin
• run attack wave detection after req, so user data can be reported.
• respect protection forced off when scanning for (stored) ssrf
• perf: re-use scanner instances to avoid unnecessary gc
• perf: caches hostname, host ip, os & platform

v1.1.22 beta 2

internal testing of a memory improvement

v1.1.22 beta

What's changed

internal testing of a memory improvement