Skip to content

Version 0.20

Compare
Choose a tag to compare
@CaledoniaProject CaledoniaProject released this 26 Oct 09:10
· 4397 commits to master since this release

中文说明

Breaking changes

  • JS engine optimization
    • Replace Google V8 with Mozilla Rhino
    • Performance impact now reduced to 2% (worst case scenario)
  • No longer support the WebLogic application server

JS API changes

  • Add a SQL tokenize method: RASP.sql_tokenize
  • Add a SESSION modification method: context.session.getSession / context.session.setSession
  • Only execute the readFile callback when the file exists

Hook point changes

  • Add a WebDAV hook point that monitors HTTP MOVE and COPY operations

Logging changes (alarm logs)

  • Added HTTP referer field
  • Added a request_id field that uniquely identifies a request
  • Added an event_type field to distinguish between alarm logs and security policy logs
  • attack_time field now renamed to event_time
  • The content of attack_params field now changed to JSON format
    • An update to the ElasticSearch index mapping is required

New features

  • Support HTTP alarm push notification
  • Added X-Protected-By: OpenRASP to all responses
  • Added support of Jetty, JBoss 5~6 platforms
  • No longer throws exception when an attack happens
  • Maximum stacktrace level now configurable via the log.maxstack option
  • Application server hardening support (See here for details)

Algorithm improvements

  • Add ability to detect common/commerical web vulnerability scanners
    • Disabled by default
  • Release the SQLi detection algorithm #1
  • Forceful browsing detection
  • Added a confidence field in detection results

Other improvements

  • XXE detection on JBoss: remove redundant JS callbacks