v1.1.26

What's Changed

• Add outbound domain blocking
• Improve sql detection algorithm (now v0.1.60)
• Improve absolute path traversal check

v1.1.25

What's Changed

• Make sure if \r and \f is used when the command and user input are one and the same is also still getting blocked

v1.1.24

What's Changed

• Fixes bypass with \r and \f shell separators
• Normalizes current directory path segments (/./) for absolute path traversal detection
• Also support .tar.gz downloads during release

v1.1.23

What's Changed

• Reports samples for attack wave
• Improves IMDS SSRF protection by also checking ipv4-mapped ipv6 addresses

v1.1.22

What's Changed

• send attack events even without a context for stored ssrf
• report query parameters in url during attack for Spring MVC & Javalin
• run attack wave detection after req, so user data can be reported.
• respect protection forced off when scanning for (stored) ssrf
• perf: re-use scanner instances to avoid unnecessary gc
• perf: caches hostname, host ip, os & platform

v1.1.22 beta 3

What's Changed

• send attack events even without a context for stored ssrf
• report query parameters in url during attack for Spring MVC & Javalin
• run attack wave detection after req, so user data can be reported.
• respect protection forced off when scanning for (stored) ssrf
• perf: re-use scanner instances to avoid unnecessary gc
• perf: caches hostname, host ip, os & platform

v1.1.22 beta 2

internal testing of a memory improvement

v1.1.22 beta

What's changed

internal testing of a memory improvement

v1.1.21

What's Changed

• Fixes path traversal vulnerability with leading slashes
• Reduces unnecessary reporting when an attack happens
• Improves trace logs slightly

v1.1.20

What's Changed

• Improves functionality when AIKIDO_TOKEN is not set

Full Changelog: v1.1.19...v1.1.20