What's New
Version 22.1.0
Released 2025-10-26
Added
- Added support for is sensitive request custom function
- Added is_sensitive_route field to risk API and async activities
- Reporting the cross tab session cookie for AD on async activities and risk API
- Added the additional_risk_info field to async activities if present on the risk API response
- Added custom functions support for Site Genesis and SFRA if onRequest is not wanted.
Version 22.0.1
Released 2025-09-03
Fixed
- Added missing px_cookie on async activities
Version 22.0.0
Version 22.0.0 introduces breaking changes to the Enforcer configuration and the implementation of custom functions. Make sure to review the updated format and adjust your enforcer configurations accordingly before upgrading.
Released 2025-04-28
Added
- Added enforcer start time to risk api activity and async activities
- Added domain attribute to the pxhd cookie.
- Added
userandpassfields to async activities
Changed
- Moved custom configuration files to dedicated
pxCustomFunctionsConfig.jsfile - Aligned the following field names to spec:
http_statustohttp_status_codeiptosocket_ipuuidtoclient_uuid
- Improved telemetry error handling and stop the flow correctly after successful telemetry request processing
- Added support for configuring the backend URL and collector URL through the configuration
- Updated
additionalActivityHandlercustom function to return void instead of a boolean - Updated
pxSensitiveRoutes,pxMonitoredRoutes,pxEnforcedRoutes, andpxFilteredRoutesto accept a single regular expression pattern instead of an array of strings. - Changed the async activities default url to
https://collector-<px_app_id>.perimeterx.net
Removed
- Removed deprecated
sensitiveRoutesRegexandenforcedRoutesRegexandmonitoredRouteRegexandfilteredRoutesRegexconfiguration fields
Version 21.4.3
Released 2024-12-19
Fixed
- Removed the service package usage to compatability with SiteGenesis
Version 21.4.2
Released 2024-06-23
Added
- Support for filter routes by regex
- Better handling for configuration object
Version 21.4.1
Released 2023-12-23
Added
Updated deprecated methods
Version 21.4.0
Released 2023-08-14
Added
__ controllers allowlisting (prevents attackers using __Analytics for POST requests
Version 21.3.0
Released 2022-06-07
Added
- Custom cookie header with the
x-px-cookiesdefault value - Sending
pxvidon async activities also when it was extracted from cookie
Version 21.2.1
Released 2022-04-13
Fixed
- Fixed bug in bypass monitor header
Version 21.2.0
Released 2022-04-13
Fixed
- Linter issues
- Wrong risk mode sent on risk api
Added
- Sending email and user creation date on activities (for account defender)
Version 21.1.1
Released 2022-02-02
Fixed
- Metadata schema was updated to include PX_loggerSeverity
Version 21.1.0
Released 2022-01-03
Added
- Support for credentials intelligence
v2andmultistep_ssoprotocols - Support for login credentials which are sent through
body(when the content-type is JSON or form-urlencoded),headerandquery-param - Support for manual sending of
additional_s2sactivity - Support for sending raw username on
additional_s2sactivity - New
request_idfield to all enforcer activities
Changed
- Update the default request timeout value of async and risk activities to 1 second
Version 21.0.0
Released 2022-11-28
Changed
- Async activities fields align with the spec
- Changed the debug mode field configuration name to
px_logger_severityand its possible values according to the spec - Changed the px_module_mode possible values according to the spec
Fixed
- Send the full url with the risk api activity url field which is included query params if any
Added
- Added implementation for handling s2s_error and s2s_timeout
- Support for monitored routes feature
- Support for enforced routes feature
- Added ‘app_user_id’ field on risk api and async activities calls
Version 20.3.1
Released 2020-12-23
Fixed
- Mobile token handling for OCAPI
Version 20.3.0
Released 2020-12-23
Fixed
- Mobile token handling
- Mobile response handling
Version 20.2.0
Released 2020-11-18
Added
- OCAPI support
- PBKDF2 key hashing
Fixed
- Bypass monitor header reporting
- Debug flag
Version 20.1.0
Released 2020-02-03
Added
- Send telemetry on demand by header
- Support for testing blocking flow in monitor mode
- Full first-party support
- onRequest integration
- Support for properties in ISML templates
Fixed
- Removed getWriter() and replaced it with templates.
Version 19.1.0
Released 2018-12-25
Added
- Enrich Custom Parameters support for async activities
- Support for PXHD cookies
- First-Party fallback for block templates
- Support Cookie names extraction
Version 18.4.0
Released 2018-09-26
Added
- Whitelist by ip/cidr support
- Custom block page support
Fixed
- Better handling of Services Framework errors
- Better handling of query params for Captcha service calls
- Missing px_cookie on risk_api calls
Version 18.3.0
Released 2018-06-22
Added
- Refactor of services framework usage to support multi app ids
- Support for Advanced Blocking Response
- SFRA support
Fixed
- Documentation refresh
Version 18.2.1
Released 2018-05-01
Added
- Refactor of services framework usage to support multi app ids
- Support for Advanced Blocking Response
- SFRA support
- Captcha v2 support
Fixed
- Documentation refresh
Version 18.2.1
Released 2018-05-01
Added
- Ratelimit support
- First party support
- Enrich Custom Parameters support
Fixed
- Corrected monitor mode block reporting
Version 18.1.1
Released 2018-02-12
Fixed
- Numerous bug fixes
Changed
- Updated README to include js sensor section
Version 18.1.0
Released 2018-01-22
Changed
- New version number scheme
Version 1.1.1
Released 2017-12-17
Changed
- Updated services framework implementation to use LocalServiceRegistry.
Version 1.1.0
Released 2017-12-05
Added
- Enhanced module logs
Changed
- Various performance enhancments.
