What's New
Version 22.0.0
Warning
Version 22.0.0 introduces breaking changes to the Enforcer configuration and the implementation of custom functions. Make sure to review the updated format and adjust your enforcer configurations accordingly before upgrading.
Released 2025-04-28
Added
- Added enforcer start time to risk api activity and async activities
- Added domain attribute to the pxhd cookie.
- Added
user
andpass
fields to async activities
Changed
- Moved custom configuration files to dedicated
pxCustomFunctionsConfig.js
file - Aligned the following field names to spec:
http_status
tohttp_status_code
ip
tosocket_ip
uuid
toclient_uuid
- Improved telemetry error handling and stop the flow correctly after successful telemetry request processing
- Added support for configuring the backend URL and collector URL through the configuration
- Updated
additionalActivityHandler
custom function to return void instead of a boolean - Updated
pxSensitiveRoutes
,pxMonitoredRoutes
,pxEnforcedRoutes
, andpxFilteredRoutes
to accept a single regular expression pattern instead of an array of strings. - Changed the async activities default url to
https://collector-<px_app_id>.perimeterx.net
Removed
- Removed deprecated
sensitiveRoutesRegex
andenforcedRoutesRegex
andmonitoredRouteRegex
andfilteredRoutesRegex
configuration fields
Version 21.4.3
Released 2024-12-19
Fixed
- Removed the service package usage to compatability with SiteGenesis
Version 21.4.2
Released 2024-06-23
Added
- Support for filter routes by regex
- Better handling for configuration object
Version 21.4.1
Released 2023-12-23
Added
Updated deprecated methods
Version 21.4.0
Released 2023-08-14
Added
__ controllers allowlisting (prevents attackers using __Analytics for POST requests
Version 21.3.0
Released 2022-06-07
Added
- Custom cookie header with the
x-px-cookies
default value - Sending
pxvid
on async activities also when it was extracted from cookie
Version 21.2.1
Released 2022-04-13
Fixed
- Fixed bug in bypass monitor header
Version 21.2.0
Released 2022-04-13
Fixed
- Linter issues
- Wrong risk mode sent on risk api
Added
- Sending email and user creation date on activities (for account defender)
Version 21.1.1
Released 2022-02-02
Fixed
- Metadata schema was updated to include PX_loggerSeverity
Version 21.1.0
Released 2022-01-03
Added
- Support for credentials intelligence
v2
andmultistep_sso
protocols - Support for login credentials which are sent through
body
(when the content-type is JSON or form-urlencoded),header
andquery-param
- Support for manual sending of
additional_s2s
activity - Support for sending raw username on
additional_s2s
activity - New
request_id
field to all enforcer activities
Changed
- Update the default request timeout value of async and risk activities to 1 second
Version 21.0.0
Released 2022-11-28
Changed
- Async activities fields align with the spec
- Changed the debug mode field configuration name to
px_logger_severity
and its possible values according to the spec - Changed the px_module_mode possible values according to the spec
Fixed
- Send the full url with the risk api activity url field which is included query params if any
Added
- Added implementation for handling s2s_error and s2s_timeout
- Support for monitored routes feature
- Support for enforced routes feature
- Added 'app_user_id' field on risk api and async activities calls
Version 20.3.1
Released 2020-12-23
Fixed
- Mobile token handling for OCAPI
Version 20.3.0
Released 2020-12-23
Fixed
- Mobile token handling
- Mobile response handling
Version 20.2.0
Released 2020-11-18
Added
- OCAPI support
- PBKDF2 key hashing
Fixed
- Bypass monitor header reporting
- Debug flag
Version 20.1.0
Released 2020-02-03
Added
- Send telemetry on demand by header
- Support for testing blocking flow in monitor mode
- Full first-party support
- onRequest integration
- Support for properties in ISML templates
Fixed
- Removed getWriter() and replaced it with templates.
Version 19.1.0
Released 2018-12-25
Added
- Enrich Custom Parameters support for async activities
- Support for PXHD cookies
- First-Party fallback for block templates
- Support Cookie names extraction
Version 18.4.0
Released 2018-09-26
Added
- Whitelist by ip/cidr support
- Custom block page support
Fixed
- Better handling of Services Framework errors
- Better handling of query params for Captcha service calls
- Missing px_cookie on risk_api calls
Version 18.3.0
Released 2018-06-22
Added
- Refactor of services framework usage to support multi app ids
- Support for Advanced Blocking Response
- SFRA support
Fixed
- Documentation refresh
Version 18.2.1
Released 2018-05-01
Added
- Refactor of services framework usage to support multi app ids
- Support for Advanced Blocking Response
- SFRA support
- Captcha v2 support
Fixed
- Documentation refresh
Version 18.2.1
Released 2018-05-01
Added
- Ratelimit support
- First party support
- Enrich Custom Parameters support
Fixed
- Corrected monitor mode block reporting
Version 18.1.1
Released 2018-02-12
Fixed
- Numerous bug fixes
Changed
- Updated README to include js sensor section
Version 18.1.0
Released 2018-01-22
Changed
- New version number scheme
Version 1.1.1
Released 2017-12-17
Changed
- Updated services framework implementation to use LocalServiceRegistry.
Version 1.1.0
Released 2017-12-05
Added
- Enhanced module logs
Changed
- Various performance enhancments.
Updated 2 days ago