What's New | HUMAN Documentation

Version 0.15.10

Released 2025-06-18

Fixed

Minor bug fixes

Version 0.15.9

Released 2024-12-26

Added

New testing system
Automated Fuzzing Test

Version 0.15.8

Released 2024-07-25

Fixed

Minor stability fixes

Version 0.15.7

Released 2024-07-11

Fixed

Enforcer memory usage improvements

Version 0.15.6

Released 2024-07-03

Added

Rate Limit feature

Version 0.15.5

Released 2024-05-30

Fixed

Minor stability fixes

Version 0.15.4

Released 2024-05-13

Fixed

Fixed several minor issues, reported by fuzz testing

Version 0.15.3

Released 2024-02-27

Fixed

Correctly release pcre resources during Nginx module shutdown

Version 0.15.2

Released 2024-01-31

Added

Telemetry command now sends information about OS, Linux distribution name, and Web server configuration

Version 0.15.1

Released 2024-01-31

Added

Add “raw_url” field for all activities, which contains unparsed URL
Add BlockedURL parameter to Captcha

Fixed

Do not send a body response for HEAD requests
Fix “compression_level” feature (users can now set a compressing level 1-9 for Async Activities)

Changed

Update Captcha template

Version 0.15.0

Released 2023-10-27

Added

Add px_url_decode_reserved_characters to decode reserved URL characters
Add px_skip_module_variable_enabled configuration and $px_skip_module Nginx variable, this feature allows clients to dynamically disable Enforcer for individual requests.

Fixed

Correctly set Enforcer endpoints for a custom FirstParty prefix.

Changed

Removed px_skip_module configuration (now it is $px_skip_module Nginx variable)

Version 0.14.11

Released 2023-10-11

Added

Add support for v1.9.0 “ingress-nginx”
Add new configuration px_skip_module to use it with Nginx variables to conditionally enable/disable Enforcer.
Add an option to postpone network initialization (needed by chroot)

Fixed

Fix px_filter_by_domain regex initialization issue
Improvements related to HAProxy module

Version 0.14.10

Released 2023-09-20

Fixed

Issue with handling first party requests

Version 0.14.9

Released 2023-09-01

Added

Header‐Based Logger

Fixed

correctly handle POST requests
improvements related to processing request data

Version 0.14.8

Released 2023-07-27

Added

new configuration parameter: px_filter_by_domain
implement upstream score header for Apache

Version 0.14.7

Released 2023-05-23

Added

new configuration parameter: px_custom_first_party_sensor_endpoint
new configuration parameter: px_skip_mod_by_envvar (Apache only)

Changed

remove “Transfer-Encoding” header from XHR response

Version 0.14.6

Released 2023-05-15

Changed

Support redirect for a custom block page sub-request

Version 0.14.5

Released 2023-05-09

Changed

disable HTTP/2 for Enforcer communication

Version 0.14.4

Released 2023-05-04

Fixed

JSON body detection for CI

Version 0.14.3

Released 2023-03-30

Added

CI Multistep SSO

Version 0.14.2

Released 2023-03-16

Added

new configuration parameter: px_send_page_requested_activity

Version 0.14.1

Released 2023-03-15

Added

new configuration parameter: px_custom_cookie_header

Version 0.14.0

Released 2023-03-13

Added

new configuration parameters: px_cookie_custom_parameters_decrypt and px_cookie_custom_parameters_decrypt_method to decrypt cookie field(-s) before sending via “custom_param”
CORS support, new configuration parameters: px_cors_support_enabled and px_cors_preflight_request_filter_enabled
support for compilation Apache on MacOS
support for Rocky Linux 8
new “Connectivity tool” to test customers’ network bandwidth and network errors

Fixed

race condition when accessing shared pbdk2 values from multiple threads
send pxhd with page_requested/block activities

Changed

improve Varnish Enforcer code
improve support for Istio v1.12.2

Version 0.12.3

Released 2022-12-20

Added

support for User Identifiers (JWT / pxcts)
support for Enforcer traffic compression (px_compression_enabled)

Fixed

extract GraphQL operation name with parameters
extract GraphQL nested variables

Version 0.12.2

Released 2022-10-13

Added

px_filter_by_extension and px_filter_by_http_method configurations
Support of RPM packages build

Fixed

Always send VID with async activities
IP address with port extraction from px_ip_headers
Port the latest code to Windows OS
Apache module order

Changed

px_cookie_custom_parameters now accepts empty parameters
Whitelist extensions only for GET requests

Version 0.12.1

Released 2022-09-20

Fixed

memory usage improvements

Version 0.12.0

Released 2022-09-08

Added

GraphQL support
New configuration directives:
px_sensitive_routes_regex
px_sensitive_graphql_operation_types
px_sensitive_graphql_operation_names
px_graphql_routes
TLS information extraction for newer Apache versions

Fixed

Apache / Nginx / Envoy modules configuration code
PX-interested POST body detection, cache POST body
Initialization of old OpenSSL library versions
Use of proxy password (if set) for all network activities

Changed

TLS field names alignment for all activities
Request header keys are always compared and stored in lower case

Version 0.11.2

Released 2022-07-25

Added

new configuration directives:
px_login_successful_header_value_regex
px_login_successful_query_key
px_login_successful_query_value

Fixed

Default CI version (v2)

Version 0.11.1

Released 2022-07-13

Added

New configuration directive px_block_page_template_file

Version 0.11.0

Released 2022-07-06

Added

HUMAN Envoy module

Changed

Moved the network code into a separate module

Version 0.10.6

Released 2022-06-27

Fixed

Use of milliseconds to compare telemetry timestamps

Version 0.10.5

Released 2022-06-15

Added

CI v2 support
OpenSSL v3.0 support
New CI configuration directives

Fixed

CI related fixes
Alpine Linux compilation

Changed

px_whitelist_uri_regex accepts a pair of regex and the HTTP method
Switched to the new block page
Moved the crypto-related code into a separate module

Version 0.10.4

Released 2022-04-12

Fixed

Send JSON response, even if a redirect URL is set.

Version 0.10.3

Released 2022-03-03

Added

Ability to Send CORs headers with the block page
Proxy authorization
px_monitor_by_cookie feature

Fixed

A compilation error in the recent Nginx versions

Version 0.10.2

Released 2021-09-15

Added

px_proxy_userpwd feature: set [user name]:[password] to connect to the HTTP proxy

Version 0.10.1

Released 2021-06-30

Added

PXDE features:
px_pxde_header_name
px_enable_pxde
px_cookie_custom_parameters feature
CSP features:
px_code_defender_enabled
px_code_defender_update_sec
px_whitelist_uri_regex feature

Changed

Switch to the new Nginx module configuration

Version 0.10.0

Released 2021-03-11

Added

px_enablement_header_name feature
Support of px_enforced_routes and px_monitored_routes
login credentials extraction
GO module
Python module

Fixed

redirect issue for px_custom_block_url

Changed

libpcre is a new required dependency

Version 0.9.5

Released 2020-10-26

Fixed

incorrect base64 buffer size for SSL ciphers encoding

Version 0.9.4

Released 2020-10-21

Fixed

Close beacon connection for 204 (no content) and 304 (not modified) responses

Version 0.9.3

Released 2020-06-29

Fixed

Nginx event handling during async tasks
PX module compilation for old distros

Version 0.9.2

Released 2020-06-19

Fixed

Fix for Nginx internal redirects

Version 0.9.1

Released 2020-06-15

Changed

Added support for an empty body from the PX Collector.
Disabled HTTP2 communication with PX servers for all modules.

Version 0.9.0

Released 2020-05-18

Added

Caching of first party resources
Varnish module
Cowboy module

Fixed

Build scripts fixes and improvements
Windows support

Changed

JSON activity/riskAPI objects
Refresh version naming scheme

Version 0.8.10

Released 2020-05-25

Added

Send score header to an upstream

Fixed

Multiple PX Nginx module execution for a single request, if a request hits multiple locations

Version 0.8.9

Released 2020-04-23

Fixed

Incorrect usage of the ngx_log_error() function

Version 0.8.8

Released 2020-04-21

Added

New directive px_enabled_routes

Version 0.8.7

Released 2020-04-14

Added

Support for Nginx “server” type module

Version 0.8.6

Released 2020-03-31

Added

Support for Nginx variables expanding

Version 0.8.5

Released 2020-03-26

Added

Support for Nginx server wide configuration

Version 0.8.4

Released 2020-03-18

Fixed

Compatibility with Nginx ngx_http_rewrite_module

Version 0.8.3

Released 2019-12-05

Added

Print dependencies versions (used in compilation and actually loaded)

Changed

The custom parameters behavior - Values are now taken from a list of headers

Fixed

Handle SSL decryption errors

Version 0.8.2

Released 2019-11-14

Added

SSL to RiskAPI connection information

Fixed

RiskAPI requests are not sent for high score requests with a PX cookie
Read 304 response body

Changed

Connections for blocked requests are not closed now

Version 0.8.1

Released 2019-11-12

Fixed

Null s2s_call_reason

Version 0.8.0

Released 2019-10-29

Added

Support of async request processing
Ability to send JSON activities objects in bulk
Builder script and build recipes

Fixed

HAProxy module
Nginx module memory

Changed

Use of keep alive connections to PX servers

Version 0.7.5

Released 2019-09-18

Added

px_allowed_cookies feature - a list of cookies to send to PX

Version 0.7.4

Released 2019-09-11

Fixed

Copying response headers to the Nginx memory

Version 0.7.3

Released 2019-08-21

Added

Support of Nginx variables

Fixed

Set custom base_url / risk_api via configuration

Version 0.7.2

Released 2019-07-01

Added

The firstPartyEnabled value to the captcha template
Processing times report for a debug build

Fixed

The Nginx module crashing when a request with no headers is received
Compilation on Alpine Linux

Changed

Use of first_party_timeout_ms for a redirect timeout
Lua and HAProxy modules update

Version 0.7.1

Released 2019-06-17

Added

px_first_party_timeout configuration directive

Version 0.7.0

Released 2019-06-05

Added

Pbdk2 crypto values caching
Support of module activation via HTTP header
Configuration parameters for cURL connection pools

Fixed

Cleanup resources on Nginx reload

Changed

Removed callbacks based SWIG interface