@newrelic/security-agent - npm Package Versions

v2.3.1 (2025-02-04)

Bug fixes

• Removed docker-cli-js dependency and updated mongodb unit test case (#283)
• Added safety check for agentModule before accessing its properties (#284)

v2.3.0 (2025-02-03)

Features

• Added Support for VM module
• IAST support for Next.js
• Support for Insecure settings i.e crypto, hash and random modules

Bug fixes

• Fix for special characters in ws header
• Fix for getting transaction in graphql instrumentation
• Fix for mongodb unit tests

Miscellaneous chores

• deps-dev: bump undici from v5.28.4 to v5.28.5
• Updated axios to v1.7.9

v2.2.0 (2024-12-18)

Features

• Support for express 5.x
• IAST support for GraphQL
• Added support for trustboundary security events

Bug fixes

• Fix for empty route in fastify

v2.1.1 (2024-11-07)

Bug fixes

• Fix for assignment to logger constant

v2.1.0 (2024-11-05)

Features

• IAST support for CI/CD
• Support for IAST schedule, delay and ignore scan categories

Bug fixes

• Added default values for scan_schedule, scan_controllers and exclude_from_iast_scan config
• Fix for security home placeholder replacement in fuzz requests
• Handling to not resolve file path in fs module instrumentation
• Fix for batch size and condition of iast-data-request sending

Miscellaneous chores

• Added requestURI field in http request for application-runtime-error
• Updated instrumented to get the transaction directly instead of from the active segment

v2.0.0 (2024-09-20)

⚠ BREAKING CHANGES

• Dropped support for Node.js v16
• Dropped functionality to generate snapshot file

Features

• Support to honour proxy settings via config
• Support for secure cookie security event generation
• Report error to Error Inbox upon connection failure to Security Engine
• Support to detect application and server path
• Functionality to truncate Incoming HTTP request upto default limit
• Dropped support for Node.js v16
• Dropped functionality to generate snapshot file

Bug fixes

• Handling for empty data in IAST fuzzing header
• Added identifiers in events
• Fix for file integrity security event generation
• Fix for missing identifiers in iast-data-request JSON

v1.5.0 (2024-08-14)

Features

• Support for Node.js v22.x

Bug fixes

• Fix for traceId in error reporting

Miscellaneous chores

• (deps): bumped axios from 1.6.8 to 1.7.4
• (deps-dev): bumped ws from 7.5.9 to 8.18.0

Continuous integration

• Added Node.js v22.x to unit tests

v1.4.0 (2024-06-24)

Features

• Added support to report application's errors while IAST scanning
• Support to detect gRPC API endpoints

Bug fixes

• Remove additional headers added by IAST client
• Fix for uncaught exception reporting

Miscellaneous chores

• Updated package.json to bump ws from 8.14.2 to 8.17.1
• (deps-dev): bump @grpc/grpc-js from 1.9.12 to 1.10.9
• (deps-dev): bump braces from 3.0.2 to 3.0.3
• (deps): bump ws from 8.14.2 to 8.17.1

v1.3.0 (2024-05-31)

Features

• Added route field in security event for API endpoint mapping

Bug fixes

• Fix for control commands acknowledgement in security agent
• Added assert for typeof response data in Reflected XSS validation
• Updated @grpc/grpc-js instrumentation to instrument submodules
• Handling to convert header values into string

Miscellaneous chores

• Updated log level for critical messages
• Readme update
• (deps-dev): bump axios from 0.21.4 to 1.7.2

v1.2.0 (2024-04-12)

Features

• Added instrumentation for express framework's res.download() and res.sendFile()

Bug fixes

• Handling to decrypt fuzz header data for IAST scanning
• Logging and snapshot file fixes

Miscellaneous chores

• Prepend vulnerability case type with apiId
• Updated jsonVersion to v1.2.0
• Bumped undici from 5.28.3 to 5.28.4