Releases: tirrenotechnologies/tirreno
Release list
v0.10.0
Release song: https://youtu.be/QcJj9lBqjuY
tirreno is thrilled to announce v0.10.0!
This release has been in development for five months and marks a significant
shift for the tirreno framework. It introduces a new API that will help
developers and coding agents build new sections and pages, creating security
systems tailored to their own products' needs. Moreover, it includes new RBAC
and system operators to do this in an efficient and secure way.
On a separate note, the tirreno team would like to thank the publisher, and
personally Markus Stubbig from iX magazine, for the article and for featuring
tirreno on the front page of the July 2026 issue. Thank you for having us.
Link to the article: https://www.heise.de/select/ix/2026/7/2604013251085560826
Finally, we would like to thank cybersecurity researcher Pranav Pandit for
his report regarding CWE-384: Session Fixation, which affected tirreno
in that the session ID was not rotated after a user logged in. This issue has
been resolved and a patch is included in this release.
v0.9.12
Release song: https://youtu.be/9zQX2XqAE8c&t=52s
tirreno is announcing v0.9.12.
This release introduces optimized class for frontend constants overrides, improves outgoing HTTP requests and installation process.
v0.9.11
Release song: https://youtu.be/PWMCbEzRF1E
tirreno is thrilled to announce v0.9.11.
This release celebrates 1,000 stars since tirreno was open-sourced. It contains improved extendable context for easier risk rule creation, an improved installation workflow, and preset rules for account takeover, credential stuffing, content spam, account registration, fraud prevention, insider threat, bot detection, dormant accounts, multi-accounting, promo abuse, API protection, high-risk regions, and more.
v0.9.10
Release song: https://youtu.be/-tVZX470SYc
tirreno is announcing version v0.9.10.
This release is a major update this year, introducing field history (field audit trail), a new feature that can be embedded into your applications. It also includes several internal improvements, such as a streamlined installation workflow, a refactored queue model, and overall performance optimizations.
v0.9.9
Release song: https://youtu.be/nVfTGzlD4_Y
tirreno is announcing version v0.9.9.
This release enhances user visiual analytics, improves user-agent treatment and introduces several manual app settings, including .php formatted lists of suspicious words.
v0.9.8
Release song: https://youtu.be/bwl6njgJ34Q
tirreno is announcing version v0.9.8.
This release introduces field audit trails with new event type field_edit, optional payload for page_search and account_email_change, UI enhancements and performance improvement through sequential requests.
v0.9.7
Release song: https://youtu.be/gYLBtfCFKIc
tirreno is announcing version v0.9.7.
This release introduces user interface enhancements, new event type page_error, ability to edit suspicious words lists for rule engine, query improvements for countries requests and minor bug fixes.
v0.9.6
Release song: https://youtu.be/9S_4bp2kyJs
tirreno is announcing version v0.9.6.
This release introduces a flexible rule engine that allows to create custom security
rules based on user context, SQL query improvements, minor bug fixes, and includes a
security patch.
We received a report from security expert Juan Soberanes (@cyberducky0o0) regarding a
blind SQL injection vulnerability in tirreno. After receiving the report, we
confirmed receipt within one hour and immediately reproduced the problem, developing
a patch the same day.
It's important to mention that this vulnerability can only be exploited if the user is
logged in and has knowledge of both the CSRF token and session token. Without these
conditions, the vulnerability cannot be abused. However, for authenticated users
who possess this token information, the blind SQL injection vulnerability allows them
to execute malicious SQL queries through AJAX requests intended for loading data grids.
The tirreno team highly appreciates Juan's report and help in maintaining tirreno’s
application security.
v0.9.5
Release song: https://youtu.be/ZWmrfgj0MZI
tirreno is announcing version v0.9.5.
The new release focuses on user review and blacklisting automation. There are new thresholds that allow you to choose when a flagged user should be manually reviewed or immediately auto-blacklisted. Additionally, new search filters make it easy to work with Trust Scores, and there is a new API endpoint to integrate tirreno blacklist logic into your application.
v0.9.4
Release song: https://youtu.be/Mz19M4a4560
tirreno is announcing version v0.9.4.
This update introduces new interface features, including search filters, an alert events graph, and active rule codes. It also improves the load performance of single entity pages and controls the limits of user sessions.