What's New

Version 4.3.2

Released 2024-11-07

  • Fixed a bug where malformed URLs resulted in an uncaught exception

Version 4.3.1

Released 2024-08-13

  • Added support for cookie secret rotation
  • Fixed a GraphQL parsing issue

Version 4.3.0

Released 2024-07-18

  • Added HumanSecurityFirstParty for more modular use of first party functionality within Lambdas
  • Added GraphQL query keyword extraction via string/regex (px_graphql_keywords) and custom function (px_extract_graphql_keywords)
  • Changed telemetry activity to include all types of config and include redacted sensitive configuration fields
  • Changed default value for px_bypass_monitor_header from empty string to "x-px-block"
  • Changed configuration px_sensitive_graphql_operation_names to include regular expressions and apply to extracted GraphQL keywords as well
  • Fixed issue where unvalidated _pxvid value was added to the captcha page
  • Fixed issue where configured regular expressions with the global flag (g) occasionally failed on calls to test()

Version 4.2.0

Released 2024-04-01

  • Added ability to pass the Context object to the Enforcer to use awsRequestId as the HUMAN request ID
  • Fixed bug where First Party XHR body was not transferred properly
  • First party handler returns response instead of throwing error on non-first party requests
  • Updated the captcha template
  • Using raw URL instead of parsed URL in block page captcha script query parameter

Version 4.1.0

Released 2024-02-21

  • Added base64-encoded request HTTP method to captcha script query parameters on block pages
  • Fixed JSON parsing issue with generated package.json for CommonJS library build

Version 4.0.0

Released 2024-02-12

  • Add TypeScript support
  • Changed to use async/await syntax rather than callback syntax
  • Refactor to base on JS Core library
  • Maintains support for:
    • additional activity handler
    • advanced blocking response
    • block activity
    • block page captcha
    • block page rate limit
    • bypass monitor header
    • client ip extraction
    • cookie v3
    • cors support
    • credentials intelligence
    • css ref
    • custom cookie header
    • custom first party endpoints
    • custom logo
    • custom parameters
    • enforced routes
    • filter by extension
    • filter by http method
    • filter by ip
    • filter by route
    • filter by user agent
    • first party
    • graphql support
    • header based logger
    • hype sale challenge
    • js ref
    • logger
    • mobile support
    • module enable
    • module mode
    • monitored routes
    • page requested activity
    • pxde
    • pxhd (conditionally)
    • risk api
    • sensitive headers
    • sensitive routes
    • telemetry command
    • url decode reserved characters
    • user identifiers
    • vid extraction

Version 3.14.0

Released 2024-01-11

  • Support for url decode reserved characters feature
  • Support in lambda enforcer for non-reserved characters

Version 3.10.0

Released 2023-05-16

  • Custom cookie header is processed in addition to (not instead of) default cookie header
  • Custom cookie header default value has been set to x-human-cookies
  • Added PXHD from risk response to the async activities

Version 3.8.0

Released 2023-01-30

  • Support for CORS preflight requests and CORS headers in block responses

Version 3.7.0

Released 2023-01-26

  • Support User Identifiers: CTS and JWT.

Version 3.6.0

Released 2023-1-16

  • Update to Node Core v3.7.0

Version 3.5.0

Released 2022-11-17

  • Support for modifying the request context via a custom function. This provides flexibility for setting the module mode or request sensitivity based on custom logic.

Version 3.4.0

Released 2022-10-23

  • Support for px_custom_first_party_path configuration

Version 3.3.3

Released 2022-09-28

  • Updated dependences and confirmed support of Node.js 16.x AWS Lambda runtime

Version 3.3.2

Released 2022-06-06

  • Fix - GraphQL parsed operation name issue

Version 3.3.1

Released 2022-05-18

  • Fix - Update block page to support error handling for mobile.

Version 3.3.0

Released 2022-05-08

  • Added Credentials Intelligence v2 hashing protocol as the default. The new protocol normalizes and hashes credentials according to a new algorithm that improves accuracy.

Version 3.2.0

Released 2022-01-25

  • Added additional_s2s activity to replace external activities feature. This additional activity can be sent automatically via the HUMANActivities Lambda or transferred as a header to the origin and sent directly to HUMAN via an XHR POST request.
  • Added the ability to report the raw username to HUMAN on the additional_s2s activity in cases where compromised credentials were used to successfully log in
  • Enhancements to the login credentials extraction feature, including automatic detection of content type via the Content-Type header, the option to define custom extraction callbacks for endpoints, and automatic sending of credentials to HUMAN upon successful extraction, and more
  • Fixed an issue with enforced routes not working in monitor mode
  • Fixed an issue with the bypass monitor header not working for configured monitored routes

Version 3.1.1

Released 2021-12-29

  • Added the server_info_origin property to all Enforcer activities. This property indicates which CDN POP/Datacenter the specific request hits for visibility on the request origin
  • Added a flow to route requests to sensitive route based on parsing the GraphQL payload

Version 3.1.0

Released 2021-11-28

  • Support to add an additional activity callback function to run after sending page_requested or block activity to the collector, and before forwarding the request to the next step in the pipeline to allow customization (e.g. set the HUMAN score as a header)
  • Enhancements to the login credentials extraction feature to support latest requirements of HUMAN Credential Intelligence product. Includes adding login paths as sensitive routes automatically

Version 3.0.1

Released 2021-10-25

  • Support for outputting whether user credentials are compromised on an additional header as part of HUMAN Credential Intelligence product

Version 3.0.0

Released 2021-10-18

  • Improved mechanism to handle asynchronous activities in a context of a Lambda function. This will reduce the response time to the end user and Lambda duration, which may also reduce operational costs
  • Restructuring of the module code to enable quick and simple upgrades moving forward, which will ease efforts to keep the enforcer up to date and allow fast delivery of new capabilities by HUMAN
  • Bundling Lambda functions using Rollup which reduces the total size of the Lambda code by roughly 50%
  • Configuration field changes for consistency (HUMAN Node Core v3.0.0)