Enforcer frameworksGO

What's New

Version 5.5.0

Released 2025-10-27

Added

  • Added is_sensitive_route field to risk api and async activities
  • Added custom_sensitive_request feature support
  • Added request_id field in telemetry activity

Fixed

  • Fixed a bug where cookie operation order mismatched the spec, causing expired high-score cookies to trigger block instead of risk

Version 5.4.1

Released 2025-09-08

Internal

  • Added additional updateReason RISK to Telemetry flow

Version 5.4.0

Released 2025-09-01

Internal

  • Added Documentation enforcement workflow - verify that the documentation is up to date with the latest changes in the codebase
  • Telemetry By Risk Support
  • Added Telemetry By Risk support

Version 5.3.0 -

Released 2025-06-04

Internal

  • Added remote config CI workflow support

Version 5.2.1

Released 2025-03-04

  • Aligned remote config ID field (px_remote_config_id -> remote_config_id) and added it to all activities
  • Added remote config version field on all activities

Version 5.2.0

Released 2024-09-30

  • Updated GraphQL logic to match spec and added functionality:
    • Added keywords extraction, including custom extraction
    • Updated logic of operationName query operations filtering
    • Updated parsing logic of multiple operations in the same query
    • Removed empty fields from activities
  • Changed order of cookie verification steps to accommodate research severity definitions
  • Added hard block page response template
  • Added AdditionalActivityHandler example
  • Removed S2SCallReason none
  • Modified check of empty risk response to not use UUID
  • Modified first party captcha script fetching to always get script with params
  • Changed default value of bypass monitor header to x-px-block
  • Added CI support including end to end tests and fuzzing
  • Added CI multi-config for default, advanced and monitor modes

Version 5.1.0

Released 2024-06-03

  • Support multiple config types (active, static, remote)
  • Modify telemetry activity to include all types of config
  • Fixed module mode default value and refactored according to spec (monitor and active_blocking instead of true false)

Version 5.0.2

Released 2024-05-06

  • Added exponential backoff mechanism for retrying remote config updates when errors occur

Version 5.0.1

Released 2024-04-11

  • Added errorType field to error logs during failed remote config updates

Version 5.0.0

Released 2024-04-02

  • API change: Removed GetConfig() function from runtime
  • API change: Must create new HumanSecurityEnforcer struct by calling NewHumanSecurityEnforcer
  • API change: Added CreateDefaultHumanSecurityMiddleware which creates a default middleware
  • Added support for remote configuration feature
  • Added support for header-based logger feature
  • Added capability to add to module version via configuration px_module_version
  • Update the captcha template with captcha page includes client-side first party timeout
  • Configuration for first party timeout
  • Changed PXHD cookie attribute (added SameSite=Lax, using Max-Age instead of Expires)
  • Minor cookie bug fixes

Version 4.6.1

Released 2024-02-15

  • Fixed body parsing issue

Version 4.6.0

Released 2024-02-11

  • Added support for monitored and enforced routes regex
  • Added support for sensitive routes regex
  • Added support for filter by route regex
  • Added http method to the block response query params

Version 4.5.1

Released 2023-12-27

  • Fixed first party XHR and Captcha validation issue

Version 4.5.0

Released 2023-12-13

  • Added risk_start_time and enforcer_start_time fields to enforcer activities
  • Added blocked URL to the captcha query params

Version 4.4.0

Released 2023-08-20

  • PXHD reported on async activities is taken from risk response if it exists
  • Align risk and async activities fields
  • Configure domain on PXHD cookie
  • Update the new blocking page

Version 4.3.0

Released 2023-04-18

  • Added support for filtering by user agent, HTTP method, and IP
  • Added support for custom cookie header
  • Added support for monitored routes
  • Added support for enforced routes
  • Added support for user identifiers as part of Account Defender
  • Added support for CORS, including:
    • Preflight request filtering
    • Custom preflight request handling
    • Default CORS headers on block requests
    • Customized CORS block headers
  • Minor fixes to align with enforcer specifications (cookie origin, activity payloads, telemetry)

Version 4.2.2

Released 2022-08-09

  • Fixed pxProxy to handle empty response.
  • Added some safety checks to credentials intelligence methods.

Version 4.2.1

Released 2022-07-25

  • Added support for the customer to send the response status code from his origin, independently, for any request by decoupling the additionalS2SActvity from the Credentials Intelligence feature.

Version 4.2.0

Released 2022-06-28

  • Added support for Graphql sensitive operations based on name and type
  • Added support for customizable Graphql routes
  • Added support for enabling and disabling Graphql
  • Added support for sending reporting single and multiple Graphql operation names and types on all enforcer activities

Version 4.1.0

Released 2022-06-20

  • Added support for enforcer telemetry by command
  • Removed sending enforcer telemetry activities on init and remote config updates feature

Version 4.0.0

Released 2022-05-22

  • Added Credentials Intelligence
  • Added Custom Logo
  • Added Advanced Blocking Response
  • Added Custom Parameters
  • Added Block Invalid Cookie

Version 3.1.5

Released 2021-06-28

  • Support for dynamic cookie signature fields
  • Support for configurable riskUrl and collectorUrl
  • Added px_metadata.json

Version 3.1.4

Released 2020-10-06

  • Added support for IP signed PX cookie.

Version 3.1.3

Released 2020-10-06

  • Added Whitelist Routes.

Version 3.1.2

Released 2020-05-24

  • Added empty string validation for sensitive_routes.

Version 3.1.1

Released 2019-09-04

  • Fixed cookie iterations validation

Version 3.1.0

Released 2019-09-04

  • Added verficiation for mobile header length
  • Added risk_status_code
  • Added bypass monitor mode

Version 3.0.0

Released 2019-01-10

  • Added PXHD handling
  • Minor Refactoring
  • Minor bug fixes
  • Added testing mode
  • Added fp fallback for blocking

Version 2.0.0

Released 2018-08-27

  • The Enforce function now returns (res *http.Response, context *PxContext, err error) instead of (res *http.Response, int score, err error). The score is available as a property in the context object.
  • Support for rate limiting
  • Simplified captcha flow
  • First party support
  • Data enrichment
  • JSON response
  • mobile error alignment
  • logging on server to server error