What's New

Version 22.0.0

🚧

Warning

Version 22.0.0 introduces breaking changes to the Enforcer configuration and the implementation of custom functions. Make sure to review the updated format and adjust your enforcer configurations accordingly before upgrading.

Released 2025-04-28

Added

  • Added enforcer start time to risk api activity and async activities
  • Added domain attribute to the pxhd cookie.
  • Added user and pass fields to async activities

Changed

  • Moved custom configuration files to dedicated pxCustomFunctionsConfig.js file
  • Aligned the following field names to spec:
    • http_status to http_status_code
    • ip to socket_ip
    • uuid to client_uuid
  • Improved telemetry error handling and stop the flow correctly after successful telemetry request processing
  • Added support for configuring the backend URL and collector URL through the configuration
  • Updated additionalActivityHandler custom function to return void instead of a boolean
  • Updated pxSensitiveRoutes, pxMonitoredRoutes, pxEnforcedRoutes, and pxFilteredRoutes to accept a single regular expression pattern instead of an array of strings.
  • Changed the async activities default url to https://collector-<px_app_id>.perimeterx.net

Removed

  • Removed deprecated sensitiveRoutesRegex and enforcedRoutesRegex and monitoredRouteRegex and filteredRoutesRegex configuration fields

Version 21.4.3

Released 2024-12-19

Fixed

  • Removed the service package usage to compatability with SiteGenesis

Version 21.4.2

Released 2024-06-23

Added

  • Support for filter routes by regex
  • Better handling for configuration object

Version 21.4.1

Released 2023-12-23

Added
Updated deprecated methods

Version 21.4.0

Released 2023-08-14

Added
__ controllers allowlisting (prevents attackers using __Analytics for POST requests

Version 21.3.0

Released 2022-06-07

Added

  • Custom cookie header with the x-px-cookies default value
  • Sending pxvid on async activities also when it was extracted from cookie

Version 21.2.1

Released 2022-04-13

Fixed

  • Fixed bug in bypass monitor header

Version 21.2.0

Released 2022-04-13

Fixed

  • Linter issues
  • Wrong risk mode sent on risk api

Added

  • Sending email and user creation date on activities (for account defender)

Version 21.1.1

Released 2022-02-02

Fixed

  • Metadata schema was updated to include PX_loggerSeverity

Version 21.1.0

Released 2022-01-03

Added

  • Support for credentials intelligence v2 and multistep_sso protocols
  • Support for login credentials which are sent through body (when the content-type is JSON or form-urlencoded), header and query-param
  • Support for manual sending of additional_s2s activity
  • Support for sending raw username on additional_s2s activity
  • New request_id field to all enforcer activities

Changed

  • Update the default request timeout value of async and risk activities to 1 second

Version 21.0.0

Released 2022-11-28

Changed

  • Async activities fields align with the spec
  • Changed the debug mode field configuration name to px_logger_severity and its possible values according to the spec
  • Changed the px_module_mode possible values according to the spec

Fixed

  • Send the full url with the risk api activity url field which is included query params if any

Added

  • Added implementation for handling s2s_error and s2s_timeout
  • Support for monitored routes feature
  • Support for enforced routes feature
  • Added 'app_user_id' field on risk api and async activities calls

Version 20.3.1

Released 2020-12-23

Fixed

  • Mobile token handling for OCAPI

Version 20.3.0

Released 2020-12-23

Fixed

  • Mobile token handling
  • Mobile response handling

Version 20.2.0

Released 2020-11-18

Added

  • OCAPI support
  • PBKDF2 key hashing

Fixed

  • Bypass monitor header reporting
  • Debug flag

Version 20.1.0

Released 2020-02-03

Added

  • Send telemetry on demand by header
  • Support for testing blocking flow in monitor mode
  • Full first-party support
  • onRequest integration
  • Support for properties in ISML templates

Fixed

  • Removed getWriter() and replaced it with templates.

Version 19.1.0

Released 2018-12-25

Added

  • Enrich Custom Parameters support for async activities
  • Support for PXHD cookies
  • First-Party fallback for block templates
  • Support Cookie names extraction

Version 18.4.0

Released 2018-09-26

Added

  • Whitelist by ip/cidr support
  • Custom block page support

Fixed

  • Better handling of Services Framework errors
  • Better handling of query params for Captcha service calls
  • Missing px_cookie on risk_api calls

Version 18.3.0

Released 2018-06-22

Added

  • Refactor of services framework usage to support multi app ids
  • Support for Advanced Blocking Response
  • SFRA support

Fixed

  • Documentation refresh

Version 18.2.1

Released 2018-05-01

Added

  • Refactor of services framework usage to support multi app ids
  • Support for Advanced Blocking Response
  • SFRA support
  • Captcha v2 support

Fixed

  • Documentation refresh

Version 18.2.1

Released 2018-05-01

Added

  • Ratelimit support
  • First party support
  • Enrich Custom Parameters support

Fixed

  • Corrected monitor mode block reporting

Version 18.1.1

Released 2018-02-12

Fixed

  • Numerous bug fixes

Changed

  • Updated README to include js sensor section

Version 18.1.0

Released 2018-01-22

Changed

  • New version number scheme

Version 1.1.1

Released 2017-12-17

Changed

  • Updated services framework implementation to use LocalServiceRegistry.

Version 1.1.0

Released 2017-12-05

Added

  • Enhanced module logs

Changed

  • Various performance enhancments.