Release Notes v2.3.0
Last updated
Last updated
This release includes new features and enhancements to the product. The release updates include:
1. Cross Origin Request Header: Introduces a new feature in the domain settings for each domain, enabling users to enter a value for "cross-origin request". This option relates to the HTTP header Access-Control-Allow-Origin.
To enable Cross Origin Request: Go to the settings page and click the edit button for the domain to locate the domain settings to activate the Cross-Origin Request Header.
Disclaimer: This is an advanced feature, please toggle this feature if your application supports the following configurations, else your application functionality will be affected.
2. Secure Cookie Header: A new functionality that lets users enable or disable a secure cookie flag for a domain in the domain settings. This will add the header Set-Cookie: SameSite=Strict; path=/; secure; HttpOnly.
To enable secure cookies: Access the settings page, click the edit button for the domain to locate the domain settings, and under security headers, activate the Secure Cookie option.
Disclaimer:This is an advanced feature, please toggle this feature if your application supports the following configurations, else your application functionality will be affected.
3. Clickjacking Protection header: A new option in the settings allows users to add a security header to protect against clickjacking attacks. In the enabled state, there are two options:
DENY ALL: When selected, it adds the header: X-Frame-Options: DENY
Allow Only Same Origin: This option adds the header: X-Frame-Options: SAMEORIGIN
To enable Clickjacking Protection: Access the settings page, click the edit button for the domain to locate the domain settings, and under security headers, activate the Clickjacking Protection header.
Disclaimer:This is an advanced feature, please toggle this feature if your application supports the following configurations, else your application functionality will be affected.
This is a preliminary launch of the feature, which is currently static and does not involve any user interaction. The information displayed will be directly fetched from the database and associated with the user. It will appear under the account details page and will include the following data: License Key and Expiry Date.
CRLF Injection Rule: Added one new policy under built in WAF policy. Activating the rule protects against CRLF injection attacks.
Help documentation has been added to the left menu of the dashboard.
Modification of 'Attack Type' column value in the Attacks Page.
Reference links have been added to the settings page.
‘Read Only’ access for built in WAF Policies and exceptions. The user can not toggle the state of the rule and also can not modify the exceptions as well in the WAF-Rules page.
Secondary verification has been implemented for deleting rules.
The option to add allowed IPs has been enabled, even when bot mitigation is disabled.
We propose adding a search bar at the top of the API listing page. This feature will allow users to perform searches on the available APIs. When a query is entered, the search results will dynamically display all APIs that match the search criteria.
Improved the functionality of the attack report generation module.
