Skip to content

Releases: tirrenotechnologies/tirreno

v0.10.0

Choose a tag to compare

@onerrit onerrit released this 02 Jul 16:38

Release song: https://youtu.be/QcJj9lBqjuY

tirreno is thrilled to announce v0.10.0!

This release has been in development for five months and marks a significant
shift for the tirreno framework. It introduces a new API that will help
developers and coding agents build new sections and pages, creating security
systems tailored to their own products' needs. Moreover, it includes new RBAC
and system operators to do this in an efficient and secure way.

On a separate note, the tirreno team would like to thank the publisher, and
personally Markus Stubbig from iX magazine, for the article and for featuring
tirreno on the front page of the July 2026 issue. Thank you for having us.

Link to the article: https://www.heise.de/select/ix/2026/7/2604013251085560826

Finally, we would like to thank cybersecurity researcher Pranav Pandit for
his report regarding CWE-384: Session Fixation, which affected tirreno
in that the session ID was not rotated after a user logged in. This issue has
been resolved and a patch is included in this release.

v0.9.12

Choose a tag to compare

@onerrit onerrit released this 12 Feb 18:52

Release song: https://youtu.be/9zQX2XqAE8c&t=52s

tirreno is announcing v0.9.12.

This release introduces optimized class for frontend constants overrides, improves outgoing HTTP requests and installation process.

v0.9.11

Choose a tag to compare

@onerrit onerrit released this 27 Jan 18:42

Release song: https://youtu.be/PWMCbEzRF1E

tirreno is thrilled to announce v0.9.11.

This release celebrates 1,000 stars since tirreno was open-sourced. It contains improved extendable context for easier risk rule creation, an improved installation workflow, and preset rules for account takeover, credential stuffing, content spam, account registration, fraud prevention, insider threat, bot detection, dormant accounts, multi-accounting, promo abuse, API protection, high-risk regions, and more.

v0.9.10

Choose a tag to compare

@onerrit onerrit released this 01 Dec 04:30

Release song: https://youtu.be/-tVZX470SYc

tirreno is announcing version v0.9.10.

This release is a major update this year, introducing field history (field audit trail), a new feature that can be embedded into your applications. It also includes several internal improvements, such as a streamlined installation workflow, a refactored queue model, and overall performance optimizations.

v0.9.9

Choose a tag to compare

@onerrit onerrit released this 26 Sep 08:54

Release song: https://youtu.be/nVfTGzlD4_Y

tirreno is announcing version v0.9.9.

This release enhances user visiual analytics, improves user-agent treatment and introduces several manual app settings, including .php formatted lists of suspicious words.

v0.9.8

Choose a tag to compare

@onerrit onerrit released this 31 Aug 06:24

Release song: https://youtu.be/bwl6njgJ34Q

tirreno is announcing version v0.9.8.

This release introduces field audit trails with new event type field_edit, optional payload for page_search and account_email_change, UI enhancements and performance improvement through sequential requests.

v0.9.7

Choose a tag to compare

@onerrit onerrit released this 25 Jul 20:08

Release song: https://youtu.be/gYLBtfCFKIc

tirreno is announcing version v0.9.7.

This release introduces user interface enhancements, new event type page_error, ability to edit suspicious words lists for rule engine, query improvements for countries requests and minor bug fixes.

v0.9.6

Choose a tag to compare

@onerrit onerrit released this 23 Jun 20:46

Release song: https://youtu.be/9S_4bp2kyJs

tirreno is announcing version v0.9.6.

This release introduces a flexible rule engine that allows to create custom security
rules based on user context, SQL query improvements, minor bug fixes, and includes a
security patch.

We received a report from security expert Juan Soberanes (@cyberducky0o0) regarding a
blind SQL injection vulnerability in tirreno. After receiving the report, we
confirmed receipt within one hour and immediately reproduced the problem, developing
a patch the same day.

It's important to mention that this vulnerability can only be exploited if the user is
logged in and has knowledge of both the CSRF token and session token. Without these
conditions, the vulnerability cannot be abused. However, for authenticated users
who possess this token information, the blind SQL injection vulnerability allows them
to execute malicious SQL queries through AJAX requests intended for loading data grids.

The tirreno team highly appreciates Juan's report and help in maintaining tirreno’s
application security.

v0.9.5

Choose a tag to compare

@onerrit onerrit released this 28 Apr 15:50

Release song: https://youtu.be/ZWmrfgj0MZI

tirreno is announcing version v0.9.5.

The new release focuses on user review and blacklisting automation. There are new thresholds that allow you to choose when a flagged user should be manually reviewed or immediately auto-blacklisted. Additionally, new search filters make it easy to work with Trust Scores, and there is a new API endpoint to integrate tirreno blacklist logic into your application.

v0.9.4

Choose a tag to compare

@onerrit onerrit released this 28 Mar 16:04

Release song: https://youtu.be/Mz19M4a4560

tirreno is announcing version v0.9.4.

This update introduces new interface features, including search filters, an alert events graph, and active rule codes. It also improves the load performance of single entity pages and controls the limits of user sessions.