forked from p0pr0ck5/lua-resty-waf
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CHANGELOG
201 lines (102 loc) · 6.34 KB
/
CHANGELOG
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
v0.11.1 May 8, 2017
* Feature: configurable rule-based collection sieving
* Maintenance: Minor refactor of rule process loop
* Improvement: alternate error handling in SecRules translation
* Bugfix: Appropriate handling of capture action in SecRules translation
* Improvement: Better handling of uninitialized storage collections
* Improvement: Translate human-readable SecRules phase names
v0.11 Mar 20, 2017
* Feature: REQUEST_URI_RAW collection
* Feature: FILES and friends collections
* Feature: ARGS_COMBINED_SIZE collection
* Feature: null character handling transformations
* Feature: normalizePathWin transformation
* Feature: GLOBAL storage collection
* Feature: CC verification and translation
* Feature: JS and CSS decoding transformations
* Improvement: SecRules translation can now be performed in init_by_lua
* Improvement: Various performance improvements in SecRules translations
* Improvement: Performance improvement in parse_dynamic_value
* Improvement: Use FFI functions for HTML decode transformations
* Bugfix: Properly define offset for SecMarker translations
* Bugfix: Properly translate setvar definitions with no value
* Bugfix: Always assign a value to MATCHED_VAR
* Bugfix: Properly assign MATCHED_VAR_NAME
* Distribution: Install library files without executable permissions
* Maintenance: Deprecate disable_pcre_optimization options
* Bugfix: Write audit logs via exec when transaction was previously altered
v0.10.1 Feb 20, 2017
* Bugfix: Log phase rules could not be translated
* Bugfix: Accurate handling of macro expansion in operators
* Improvement: Do not execute when translaction was previously altered
v0.10 Feb 18, 2017
* Feature: Implement in-line SecRules translation
* Feature: Implement module interface to directly load SecRules translation
* Bugfix: Treat ignores like a seive, not a separate collection
* Improvement: Use ngx.re.find as the default regex operator handler
* Feature: Allow for execution in arbitrary phases
* Feature: Introduce setvar object interface
* Feature: Implement ruleRemoveBy* ctl actions
* Distrubution: Define configurable installation dir for OPM libs
* Improvement: Define prefix for persistent memory storage collections keys
* Maintenance: Standardize versions among library modules
* Maintenance: Implement deprecation function
* Maintenance: Expose the default global rulesets
v0.9 Jan 16, 2017
* Distribution: Improve Makefile flexibility and feature sets
* Maintenance: Refactor on-disk event logging to use native io library
* Improvement: Remove default_option API for performance
* Improvement: Use a unique namespace in the global ngx.ctx
* Improvement: Refactor var parse structure to obviate a next() call
* Feature: Allow execution in log phase
* Maintenance: Improve runtimes in socket logging unit tests
v0.8.2 Sep 17, 2016
* Distribution: libinjection and lua-aho-corasick are now provided as git
submodules and built as part of the make process
* Translation: Force upper case for storage variables
* Translation: Various bugfixes and cleanup improvements
* Bugfix: Properly determine collection when length modifier is present
* Improvement: Proper handling of non-disruptive actions
* Feature: Add DROP disruptive action
* Feature: Add sleep non-disruptive action
* Improvement: Fatally fail when a storage_zone hasn't been defined
v0.8.1 Aug 21, 2016
* Feature: Configurable cosocket keepalive pools for remote persistent
storage hosts
* Translation: Refactor translation functions into separate library
* Translation: Add tests for translation functions
* Translation: Various bugfixes and cleanup improvements
* Feature: Regular expression-enabled collection parsers
* Distribution: Hoist lookup tables to their respective modules
* Improvement: Localize some core library calls
* Maintenance: Replace SCORE mechanism with ephemeral variable tracking
* Distribution: Update third-party resty.cookie library
v0.8 July 14, 2016
* Distribution: Added rockspec (luarocks.org/modules/p0pr0ck5/lua-resty-waf)
* Distribution: Refactor layout structure of modules and includes
* Maintenance: Clean up required modules to make better use of existing
OpenResty libraries
* Feature: Add option to declare rulesets directly via JSON string
* Bugfix/Translation: Handle cases where setvar set a variable to 0
* Improvement/Translation: Use a saner regex to capture quoted string tokens
* Feature: Add TIME_* collections
* Feature/Translation: Add cmdLine transform translation
* Feature: Implement memcached and redis support for persistent storage
* Distribution: Add Makefile (thanks tperalta82)
* Feature: Implement action overrides, allowing customized handling of
actions on rule match
* Maintenance/Translation: Rename 'description' field to 'msg'
* Bugfix: Ensure write_log_events doesn't cause a thread abort in some cases
v 0.7.2 May 23, 2016
* Feature: Add strmatch operator
* Feature: Add rbl lookup operator
* Bugfix: Allow dynamic parse strings to contain lowercase chars
* Bugfix/Translation: Handle case where setvar opts contained multiple '.'
chars
* Bugfix/Translation: Trim problematic extra whitespace chars
* Feature/Translation: Add translation for urlDecodeUni transform
v0.7.1 April 12, 2016
* Feature: Add support for TLS in socket event logging
* Feature: Implement deny_status option
* Improvement: Optimize dynamic parse regex
* Bugfix: Properly set the return offset for ignored rules