Releases · wallarm/sidecar

New $wallarm_attack_point_list and $wallarm_attack_stamp_list variables for extended logging

These variables log parameters containing malicious payloads and attack sign IDs enabling advanced debugging of Node behavior.
Minor bug fixes

Over-limit events improvements
Bumped APIFW version to 0.8.3
wallarm_attack_type / wallarm_attack_type_list NGINX variables now properly show APIFW attacks
[init container]Reduced memory usage during node registration

Fixed memory leak on duplicate response headers in libproton (initially introduced in 4.8)
Fixed memory leak in libwacl on IP addresses that are not in acldb but have known source (initially introduced in 4.8)
Backported API Discovery fix of errors on missing status code

Added support for customizing sensitive data detection in API Discovery
Fixed memory leak on duplicate response headers in libproton
Fixed memory leak related to IP addresses that are not in IP lists but have known source

Fixed the Tarantool reconnect issue for API Abuse Prevention
Fixed issues exporting malicious behavior patterns detected by the API Abuse Prevention module to API Sessions
Fixed the CVE-2024-6345 vulnerability

Fixed issues with starting the API Firewall service required for API Specification Enforcement in split deployment mode of Wallarm containers
Fixed a memory leak in the API Discovery module
Introduced new configuration parameters for controlling NGINX worker_connections and worker_processes:
- config.nginx.workerProcesses and sidecar.wallarm.io/nginx-worker-processes chart value and pod annotation respectively
- config.nginx.workerConnections and sidecar.wallarm.io/nginx-worker-connections chart value and pod annotation respectively
Bump Golang version to 1.22.5
The Sidecar controller now uses Alpine Linux version 3.20 with NGINX stable version 1.26.1, as previously introduced for the Docker image
Fixed the vulnerabilities:
- CVE-2024-24791
- CVE-2024-5535

Provide feedback