Skip to content

@vixentael vixentael released this Sep 28, 2018 · 104 commits to stable since this release

0.83.0, September 28th 2018

Core:

  • Security

    • Updated the default and allowed TLS configurations (#254).

      Use TLS v1.2 (the latest supported version in Golang now) and limited cipher suite recommended by Internet Assigned Numbers Authority and OWASP for most transport connections.

      Use TLS v1.0 and extended cipher suit for MySQL TLS connections due to the limited support of MySQL database and drivers.

    • Improved security of transport connection between Acra's services by validating the clientId length. This decreases the chance of misusing the clientId (#253).

  • Key management – key rotation

    • Added AcraRotate utility for rotation of Zone keys and re-encryption of AcraStructs. AcraRotate generates a new Zone keypair (zoneid_zone.pub and zoneid_zone) for a particular ZoneId and re-encrypts the corresponding AcraStructs with new keys. ZoneId stays the same (#256, #239).

      AcraRotate doesn't affect the ACRA_MASTER_KEY or storage keypair used without Zones (clientid_storage.pub / clientid_storage keys).

      AcraRotate rotates only the Zone storage keys and affects only the AcraStructs encrypted with Zones.

      AcraRotate works with AcraStructs stored both in database cells (MySQL or PostgreSQL) or files.

      Read the full documentation on AcraRotate on the Documentation Server.

  • AcraCensor – SQL filter and firewall

    • Improved SQL filtering through more complex pattern matching (#264, #263, #262, #238).

      • %%VALUE%% pattern represents literal value (string, binary, number, boolean) and is supported in the following expressions: WHERE, IN, ORDER BY, GROUP BY, BETWEEN.
      • %%LIST_OF_VALUES%% pattern represents several values one by one, used with IN expressions.
      • %%SUBQUERY%% pattern represents a subquery expression inside the main query.
      • %%WHERE%% pattern represents one or more expressions after a WHERE statement. This pattern works for SELECT/UPDATE/DELETE queries.
      • %%COLUMN%% pattern represents a column expression used after SELECT and ORDER BY expressions.
      • %%SELECT%% pattern represents a whole SELECT expression.

    Read the detailed description and usage examples on the AcraCensor page on DocServer.

  • AcraWriter

    • Added Java/Android AcraWriter library, added examples and tests (#252).

      Read the usage guide and examples in examples/android_java folder.

    • Added SQLAlchemy type wrappers for the Python AcraWriter (#257).

    • Improved and refactored the Python AcraWriter example of encrypting data and reading it from the database (#258).

  • Prometheus Metrics

    • Added functionality for exporting the basic metrics of AcraServer, AcraConnector, and AcraTranslator to Prometheus: if incoming_connection_prometheus_metrics_string is set, the service will generate specific metrics (time of connection life, time of processing requests, AcraStruct decryption counters) and push them to Prometheus (#260, #251, #234).
  • Other

    • Improved AcraConnector's compatibility with PostgreSQL: AcraConnector now correctly handles the database's denial to use TLS connection (#259).

    • Added export of CLI parameters for AcraServer, AcraConnector, and AcraTranslator to markdown (#261).

    • Improved readability of CEF-formatted logs by sorting extension fields in alphabetical order (#255).

    • Improved quality of our codebase — cleaned up the old unnecessary code (#250).

Infrastructure:

  • Added AcraRotate as a ready-to-use tool inside AcraTranslator and AcraServer Docker containers (#236).

Documentation:

  • Made the Documentation Server the primary and the only regularly updated source of documentation for Acra. The most recent version of the documentation, tutorials, and demos for Acra can be found there. The GitHub Wiki documentation for Acra is still available, but is no longer updated starting with the version 0.82.0 (with the exception of Changelog and README files with every new version release).

  • AcraCensor: updated the details on how the "patterns" filter works.

  • AcraRotate: added a tutorial for using AcraRotate to rotate Zone keys and re-encrypt the data.

  • Tons of small fixes here and there to make your overall experience of using Acra's docs on a new platform distinctive and smooth ;).

Assets 2
You can’t perform that action at this time.