Enforcer frameworksJava

Java changelog

November 12, 2025

Version 6.16.0

  • Added support for data enrichment header feature (px_data_enrichment_header_name configuration)
  • Added support for AD user identifiers feature
  • Added px_secured_pxhd_enabled configuration option to enable secure flag on pxhd cookie
  • Added is_sensitive_route to risk api and async activities
  • Added additional_token_info to risk api and async activities
  • Updated telemetry activity to new format (static_config and active_config; remote_config is not supported)
  • Updated telemetry activity to include request_id
  • Updated captcha page template to newest version
  • Updated dependencies minor and patch versions (major versions unchanged)
  • Changed custom parameters to be of type Object instead of String to allow more flexibility
  • Changed first party block script in captcha template to end with expected /captcha.js
  • Changed RequestWrapper to include custom headers in methods that retrieve request headers
  • Fixed possible connection leak issue due to unclosed responses in first party and telemetry requests
  • Fixed first party fuzzing errors by returning 400 on first party requests with URL length > 1000 characters
November 12, 2024

Version 6.14.1

  • Fix Telemetry bug when sending page requested activities when telemetry fails
  • Fix risk_rtt is not sent when risk call gets s2s_timeout
December 28, 2023

Version 6.10.0

  • Added feature request-header-based-logger.
  • Align risk api and async activities fields.
  • Added enforcer start timestamp and risk start timestamp to activities schema
  • Removed the blockedUrl window variable from the block page to prevent XSS vulnerability.
  • Added blocked URL to the captcha query params.