tag:github.com,2008:https://github.com/AikidoSec/firewall-java/releasesRelease notes from firewall-java2026-03-10T10:09:29Ztag:github.com,2008:Repository/859952642/v1.1.262026-03-10T12:02:24Zv1.1.26<h2>What's Changed</h2>
<ul>
<li>Add outbound domain blocking</li>
<li>Improve sql detection algorithm (now v0.1.60)</li>
<li>Improve absolute path traversal check</li>
</ul>bitterpanda63tag:github.com,2008:Repository/859952642/v1.1.252026-02-06T13:49:55Zv1.1.25<h2>What's Changed</h2>
<ul>
<li>Make sure if \r and \f is used when the command and user input are one and the same is also still getting blocked</li>
</ul>bitterpanda63tag:github.com,2008:Repository/859952642/v1.1.242026-02-06T13:12:06Zv1.1.24<h2>What's Changed</h2>
<ul>
<li>Fixes bypass with \r and \f shell separators</li>
<li>Normalizes current directory path segments (<code>/./</code>) for absolute path traversal detection</li>
<li>Also support .tar.gz downloads during release</li>
</ul>bitterpanda63tag:github.com,2008:Repository/859952642/v1.1.232025-12-04T08:45:13Zv1.1.23<h2>What's Changed</h2>
<ul>
<li>Reports samples for attack wave</li>
<li>Improves IMDS SSRF protection by also checking ipv4-mapped ipv6 addresses</li>
</ul>bitterpanda63tag:github.com,2008:Repository/859952642/v1.1.222025-11-27T08:54:22Zv1.1.22<h2>What's Changed</h2>
<ul>
<li>send attack events even without a context for stored ssrf</li>
<li>report query parameters in url during attack for Spring MVC & Javalin</li>
<li>run attack wave detection after req, so user data can be reported.</li>
<li>respect protection forced off when scanning for (stored) ssrf</li>
<li>perf: re-use scanner instances to avoid unnecessary gc</li>
<li>perf: caches hostname, host ip, os & platform</li>
</ul>bitterpanda63tag:github.com,2008:Repository/859952642/v1.1.22-beta.32025-11-26T13:33:31Zv1.1.22 beta 3<h2>What's Changed</h2>
<ul>
<li>send attack events even without a context for stored ssrf</li>
<li>report query parameters in url during attack for Spring MVC & Javalin</li>
<li>run attack wave detection after req, so user data can be reported.</li>
<li>respect protection forced off when scanning for (stored) ssrf</li>
<li>perf: re-use scanner instances to avoid unnecessary gc</li>
<li>perf: caches hostname, host ip, os & platform</li>
</ul>bitterpanda63tag:github.com,2008:Repository/859952642/v1.1.22-beta.22025-11-21T10:19:54Zv1.1.22 beta 2<p>internal testing of a memory improvement</p>bitterpanda63tag:github.com,2008:Repository/859952642/v1.1.22-beta2025-11-17T14:34:12Zv1.1.22 beta<h2>What's changed</h2>
<p>internal testing of a memory improvement</p>bitterpanda63tag:github.com,2008:Repository/859952642/v1.1.212025-11-04T13:54:50Zv1.1.21<h2>What's Changed</h2>
<ul>
<li>Fixes path traversal vulnerability with leading slashes</li>
<li>Reduces unnecessary reporting when an attack happens</li>
<li>Improves trace logs slightly</li>
</ul>bitterpanda63tag:github.com,2008:Repository/859952642/v1.1.202025-10-30T13:00:41Zv1.1.20<h2>What's Changed</h2>
<ul>
<li>Improves functionality when AIKIDO_TOKEN is not set</li>
</ul>
<p><strong>Full Changelog</strong>: <a class="commit-link" href="https://github.com/AikidoSec/firewall-java/compare/v1.1.19...v1.1.20"><tt>v1.1.19...v1.1.20</tt></a></p>bitterpanda63