- Dropped support for Node.js v16
- Dropped functionality to generate snapshot file
- Support to honour proxy settings via config
- Support for secure cookie security event generation
- Report error to Error Inbox upon connection failure to Security Engine
- Support to detect application and server path
- Functionality to truncate Incoming HTTP request upto default limit
- Dropped support for Node.js v16
- Dropped functionality to generate snapshot file
- Handling for empty data in IAST fuzzing header
- Added identifiers in events
- Fix for file integrity security event generation
- Fix for missing identifiers in iast-data-request JSON
- Support for Node.js v22.x
- Fix for traceId in error reporting
- (deps): bumped axios from 1.6.8 to 1.7.4
- (deps-dev): bumped ws from 7.5.9 to 8.18.0
- Added Node.js v22.x to unit tests
- Added support to report application's errors while IAST scanning
- Support to detect gRPC API endpoints
- Remove additional headers added by IAST client
- Fix for uncaught exception reporting
- Updated package.json to bump ws from 8.14.2 to 8.17.1
- (deps-dev): bump @grpc/grpc-js from 1.9.12 to 1.10.9
- (deps-dev): bump braces from 3.0.2 to 3.0.3
- (deps): bump ws from 8.14.2 to 8.17.1
- Added route field in security event for API endpoint mapping
- Fix for control commands acknowledgement in security agent
- Added assert for typeof response data in Reflected XSS validation
- Updated @grpc/grpc-js instrumentation to instrument submodules
- Handling to convert header values into string
- Updated log level for critical messages
- Readme update
- (deps-dev): bump axios from 0.21.4 to 1.7.2
- Added instrumentation for express framework's res.download() and res.sendFile()
- Handling to decrypt fuzz header data for IAST scanning
- Logging and snapshot file fixes
- Prepend vulnerability case type with apiId
- Updated jsonVersion to v1.2.0
- Bumped undici from 5.28.3 to 5.28.4
- Reverted IAST support for gRPC.
- IAST support for grpc
- Functionality to report API endpoints of the application
- IAST support for undici
- Updated permissions for file/directory created by security agent
- Bumped follow-redirects from v1.15.2 to v1.15.4
- Updated axios to v1.6.8
- Bumped ip from v2.0.0 to v2.0.1
- Bumped undici from 5.28.2 to v5.28.3
- Readme update
- Reporting of framework in security event json
- Updated software license to New Relic Software License Version 1.0
- Ability to send critical messages on successful startup of agent
- Updated Copyright headers
- Updated license in readme
- Handling to exclude unsupported content types from rxss processing
- Handling to report errors/critical messages to Security Engine
- Fix for file operation event's parameter must be absolute path of file
- Fix for ReferenceError of commonUtils module
- Updated log event jsonName to "critical-messages"
- Removed dependency @aws-sdk/client-lambda
- Bumped follow-redirects from v1.15.2 to v1.15.4
- Upgraded axios to v1.6.5
- Added ws headers NR-CSEC-ENTITY-GUID and NR-CSEC-ENTITY-NAME
- Updated jsonVersion to 1.1.1 in security events
- Support to send important logs/errors to security engine
- Added missing protocol in http request object
- Fix for honouring probing interval from policy
- Added nestjs test cases
- Additional logging for instrumented modules and methods
- Upgraded axios to v1.6.3
- Removed pinned version for axios and check-disk-space
- Update in lockfileVersion of package-lock.json
- Updated @babel/traverse, protobufjs, fast-xml-parser and @aws-sdk/credential-providers
- Updated Readme.md
- IAST support for NestJS framework
- Fixed misspelled constant in fs.open() hook
- Minor fix in applicationInfo for pod properties
- Upgraded ws to v8.14.2 and updated initialization of websocket for v8.x.
- Upgraded check-disk-space to v3.4.0
- Upgraded @aws-sdk/client-lambda to v3.436.0
- Added event stats for RASP, IAST and exit events in healthcheck.
- Deps: Updated uuid to v9.0.1 and @aws-sdk/client-lambda to v3.405.0
- Upgraded axios to 1.6.0 to resolve CVE-2023-45857
- Removed Node.js 14.x from CI.
- Added should_skip flag to skip CI based on label.
- Last leg acknowledgement in IAST scanning.
- Fix for mysql query params in security events.
- Logging update for default log level and status file flags.
- Update in IAST batch size processing.
- Disable instrumentation when security enabled flag is set to false
- Readme update
- Pinned check-disk-space to v3.3.1 to support Node.js v14
- deps: Updated semver to v7.5.4 and @aws-sdk/client-lambda to v3.363.0
- Add Node.js 20.x to CI
- IAST data pull implementation
- Logging update
- Param fixes for mysql and file hooks.
- Updated semver to v7.5.3 (Fix for CWE-1333)
- Updated request-ip, log4js, html-entities, uuid and fast-safe-stringify to latest version.
- Fix for system call event generation to avoid null parameters in event.
- Fix for id in nr-csec-tracing-data.
- WS logging update.
- bump @aws-sdk/client-lambda to v3.348.0
- Minor fix in ws reconnect.
- Fix in mysql instrumentation on getConnection to check if callback is wrapped
- NR-123832: Support for fire and forget vulnerability detection
- Fixes for snapshot file.
- Handling for high_security config.
- Handling to use OS specific path separator.
- Functionality to create directories in windows environment.
- IAST support for windows.
- Log file permission fix.
- Handling for IP resolving to IPV4 as Node.js v17 and above no longer re-sorts results of IP address lookups and returns them as-is.
- Third Party Notices update
- Update in publish workflow
- Updated copyright header in source files
- ReadMe update
- Minor logging update
- Updated default fuzz host to 0.0.0.0
- Handling to get custom certificate path from config instead of environment variable
- Updated README file
- Init logging update
- Code refactoring
- Minor bug fixes