What's New
Version 4.3.2
Released 2024-11-07
- Fixed a bug where malformed URLs resulted in an uncaught exception
Version 4.3.1
Released 2024-08-13
- Added support for cookie secret rotation
- Fixed a GraphQL parsing issue
Version 4.3.0
Released 2024-07-18
- Added
HumanSecurityFirstParty
for more modular use of first party functionality within Lambdas - Added GraphQL query keyword extraction via string/regex (
px_graphql_keywords
) and custom function (px_extract_graphql_keywords
) - Changed telemetry activity to include all types of config and include redacted sensitive configuration fields
- Changed default value for
px_bypass_monitor_header
from empty string to "x-px-block" - Changed configuration
px_sensitive_graphql_operation_names
to include regular expressions and apply to extracted GraphQL keywords as well - Fixed issue where unvalidated
_pxvid
value was added to the captcha page - Fixed issue where configured regular expressions with the global flag (
g
) occasionally failed on calls totest()
Version 4.2.0
Released 2024-04-01
- Added ability to pass the
Context
object to the Enforcer to useawsRequestId
as the HUMAN request ID - Fixed bug where First Party XHR body was not transferred properly
- First party handler returns response instead of throwing error on non-first party requests
- Updated the captcha template
- Using raw URL instead of parsed URL in block page captcha script query parameter
Version 4.1.0
Released 2024-02-21
- Added base64-encoded request HTTP method to captcha script query parameters on block pages
- Fixed JSON parsing issue with generated package.json for CommonJS library build
Version 4.0.0
Released 2024-02-12
- Add TypeScript support
- Changed to use async/await syntax rather than callback syntax
- Refactor to base on JS Core library
- Maintains support for:
- additional activity handler
- advanced blocking response
- block activity
- block page captcha
- block page rate limit
- bypass monitor header
- client ip extraction
- cookie v3
- cors support
- credentials intelligence
- css ref
- custom cookie header
- custom first party endpoints
- custom logo
- custom parameters
- enforced routes
- filter by extension
- filter by http method
- filter by ip
- filter by route
- filter by user agent
- first party
- graphql support
- header based logger
- hype sale challenge
- js ref
- logger
- mobile support
- module enable
- module mode
- monitored routes
- page requested activity
- pxde
- pxhd (conditionally)
- risk api
- sensitive headers
- sensitive routes
- telemetry command
- url decode reserved characters
- user identifiers
- vid extraction
Version 3.14.0
Released 2024-01-11
- Support for url decode reserved characters feature
- Support in lambda enforcer for non-reserved characters
Version 3.10.0
Released 2023-05-16
- Custom cookie header is processed in addition to (not instead of) default cookie header
- Custom cookie header default value has been set to x-human-cookies
- Added PXHD from risk response to the async activities
Version 3.8.0
Released 2023-01-30
- Support for CORS preflight requests and CORS headers in block responses
Version 3.7.0
Released 2023-01-26
- Support User Identifiers: CTS and JWT.
Version 3.6.0
Released 2023-1-16
- Update to Node Core v3.7.0
Version 3.5.0
Released 2022-11-17
- Support for modifying the request context via a custom function. This provides flexibility for setting the module mode or request sensitivity based on custom logic.
Version 3.4.0
Released 2022-10-23
- Support for px_custom_first_party_path configuration
Version 3.3.3
Released 2022-09-28
- Updated dependences and confirmed support of Node.js 16.x AWS Lambda runtime
Version 3.3.2
Released 2022-06-06
- Fix - GraphQL parsed operation name issue
Version 3.3.1
Released 2022-05-18
- Fix - Update block page to support error handling for mobile.
Version 3.3.0
Released 2022-05-08
- Added Credentials Intelligence v2 hashing protocol as the default. The new protocol normalizes and hashes credentials according to a new algorithm that improves accuracy.
Version 3.2.0
Released 2022-01-25
- Added additional_s2s activity to replace external activities feature. This additional activity can be sent automatically via the HUMANActivities Lambda or transferred as a header to the origin and sent directly to HUMAN via an XHR POST request.
- Added the ability to report the raw username to HUMAN on the additional_s2s activity in cases where compromised credentials were used to successfully log in
- Enhancements to the login credentials extraction feature, including automatic detection of content type via the Content-Type header, the option to define custom extraction callbacks for endpoints, and automatic sending of credentials to HUMAN upon successful extraction, and more
- Fixed an issue with enforced routes not working in monitor mode
- Fixed an issue with the bypass monitor header not working for configured monitored routes
Version 3.1.1
Released 2021-12-29
- Added the server_info_origin property to all Enforcer activities. This property indicates which CDN POP/Datacenter the specific request hits for visibility on the request origin
- Added a flow to route requests to sensitive route based on parsing the GraphQL payload
Version 3.1.0
Released 2021-11-28
- Support to add an additional activity callback function to run after sending page_requested or block activity to the collector, and before forwarding the request to the next step in the pipeline to allow customization (e.g. set the HUMAN score as a header)
- Enhancements to the login credentials extraction feature to support latest requirements of HUMAN Credential Intelligence product. Includes adding login paths as sensitive routes automatically
Version 3.0.1
Released 2021-10-25
- Support for outputting whether user credentials are compromised on an additional header as part of HUMAN Credential Intelligence product
Version 3.0.0
Released 2021-10-18
- Improved mechanism to handle asynchronous activities in a context of a Lambda function. This will reduce the response time to the end user and Lambda duration, which may also reduce operational costs
- Restructuring of the module code to enable quick and simple upgrades moving forward, which will ease efforts to keep the enforcer up to date and allow fast delivery of new capabilities by HUMAN
- Bundling Lambda functions using Rollup which reduces the total size of the Lambda code by roughly 50%
- Configuration field changes for consistency (HUMAN Node Core v3.0.0)
Updated 12 days ago