Managed Web Application Firewall (WAF)

May 2024

Version 5.1.4.1

May 22, 2024

Fixes

• Allow daemons to start without interference after user-specified upgrades

• Allow deletion of ACL paths that include HTML entities

• Properly schedule reload/restart of the daemon that restarts other daemons

Version 5.1.4.0

May 20, 2024

New Features

• Oracle Linux 8 Security Technical Implementation Guide - MAC II - Sensitive-system hardening

• Support user-specified egress IP network filtering

• Support regular ASV scans

• Support user-specified upgrades of auto-scaling stacks

Enhancements

• Update SQLite

Fixes

• Resolve issues syncing regex ACLs and ordered ACLS in HA clusters

• Resolve issue with bot management by properly matching certain L7 attributes

March 2024

Version 5.1.3.0

March 25, 2024

New Features

• Added ACME certificate management support, including automatic SSL certificate renewal

• Introduced HTTP request throttling based on classifications of the source IP (for example, GeoIP)

Enhancements

• Show blocked country code in deny log of requests blocked by GeoIP

• Improve resilience of an internal service related to features such as detecting anomalous sessions

• Add minor Fortra branding changes to the UI

Fixes

• Delete OpenAPI definitions when a proxy is deleted

• Fix a config sync issue by properly comparing all data structure variants

• Add support for signature class exceptions for custom signatures in the advanced signature engine

• Fix multiple issues with CAPTCHA logic

• Prevent DDoS detection from starting until it has been turned on

• Fix race conditions and improve resilience of an internal service related to detecting anomalous sessions

Version 5.1.2.0

March 15, 2024

Enhancements

• Show ACL type in the web application overview list

Fixes

• Allow the management UI to work with custom PKCS12 certificates/keys

• Allow dashes in Open API paths' parameter names

• Make ACL matching case insensitive when case insensitivity is selected

• Delete OpenAPI definitions when a proxy is deleted

December 2023

Version 5.1.2.0

December 10, 2023

New Features

• Google reCAPTCHA and hCaptcha integration via interstitial page injection

Fixes

• Prevent deactivation of global L7 blocking settings if particular websites are using it

• Avoid URL collisions in paths used by both protected websites and internal captcha redirects

• Correctly enforce large URI first line request limits

• Improve DNS resolution resiliency for single-protocol sites with backends defined by hostname

November 2023

Version 5.1.1.0

November 2, 2023

New Features

• API optimized DDoS protection option in Azure and AWS based on automatically generated rulesets of known-good clients

• Improved logging of session anomalies to the deny log

• Bot management reporting capability

Enhancements

• Mitigate HTTP/2 rapid resets with per-iteration stream handling limit

• Transmit additional uptime details with the existing uptime monitoring check

• Improve efficiency of loading an IP database in core worker processes

Fixes

• Restore DDoS configurations properly on autoscaling deployments

• Correctly parse out hyphenated hostnames for some blackholed requests

• Correctly parse out the HTTP method for requests using HTTP/2 and client authentication

• Various improvements to bot and client management user interface

• Fix validation issue in web form for restricting request length and number

• Fix validation issue in web form for layer 7 source IP blocking

• Support CamelCase in OpenAPI schemas

• Preserve and restore non-alphabetic ACL orderings

• Skip public IPs of trusted proxies in XFF headers

August 2023

August 8, 2023

Alert Logic has announced that Fortra's Managed WAF will "end of life" (EOL) software versions prior to version 5.x as of March 31, 2024. If you are running version(s) of Managed WAF that will be affected by this EOL, we strongly urge you to contact our dedicated Security Operations team at support@alertlogic.com to schedule an update to the latest version. For additional information, refer to our software update.

July 2023

Version 5.1.0.2

July 12, 2023

New Features

• Automated challenge-based DDoS protection in AWS - pushing protection into AWS infrastructure

Enhancements

• Support AWS IMDSv2 API for host metadata

• Support X-Forwarded-For source IP parsing for requests going to the black hole

• Use systemd for al-core service start/stop

Fixes

• Fix initialization error in certain ACL policy overrides

• Only add vhost alias for a domain to its "www." proxy if not already present for another website

• Improvements to PKCS12 certificate key encryption

• Solve conflict when CSRF protection (response rewriting) and dynamic HTTP response caching are both enabled

• URL decode software packaged filenames properly when looking for updates in S3 repos

• Normalize filenames in multipart file upload HTTP requests to prevent spurious decoding violations

• Ensure XXE parsing state is properly preserved in all cases to prevent spurious violations

• Ensure strictest source IP controls combination is selected when multiple Source Control Groups apply in L7 Source IP and Geolocation based controls

May 2023

Version 5.1.0.1

May 24, 2023

New Features

• Support managing RFC1918 addresses as a separate Source Class in L7 Source IP and Geolocation based controls

• Send additional audit log to Fortra log backend

Enhancements

• Update dependencies not already part of automatic updates

• Emit a "wsm-cert-monitor" log when certificates approach expiration dates

• Update Web Session Anomaly Detection sensitivity definitions

• Several improvements to CAPTCHA capability

• Redact sensitive values in the config object sent to the backend

Fixes

• Resolve an issue in UTF-8 detection in the WAF engine introduced in version 5.1.0.0 which could lead to a 500 Internal Server Error

• Support ACL path regexes with curly brackets

• Set correct permissions on some log files

• Improvements to error message to read-only users attempting disallowed actions

• Set correct violation for requests with an unspecified protocol

• Fix issue where caching of XML parse results can lead to subsequent similar XML payloads not being validated correctly

April 2023

Version 5.1.0.0

April 19, 2023

New Features

• Detection of anomalous HTTP sessions

• Bot and client automation management

• Generalized interface for managing client connection trust

• API Support - including OpenAPI specification import

Enhancements

• Improved decoupling of monitoring components

• Performance optimizations per request

• Redirects to centralized documentation

• Support giving an appliance a nickname

• Support unrestricted file uploads within an application

• Improve completeness of deny logs exported to S3

Fixes

• Fixed a slow memory leak in database lookups of private IPs

• Fixed a slow memory leak in core request handling code

• Allow header validation rules to be added/saved without a tag

• Use updated configuration commands for connection rate limiting

• Stop noting redirects issued by the WAF as violations

• Remove a stale config file if it is not in the current format

• Timeout vhost test request in the UI after one second

• Properly trim log details

November 2022

For 2022, Alert Logic supports only WAF as an inline service. Thus, release notes under this section are only in reference to the inline versions of WAF.

Version 5.0.3.0

November 18, 2022

New Features

• New deny log format for Alert Logic backend preserving multiple violations for single requests

• Expanded virtual patch capabilities

• Support dynamic export of non-anonymized data prior to recording anonymized logs

• Support pinning signature versions

• Support tagging custom signatures with a meaningful name

Enhancements

• Support case sensitivity overrides in ACLs

• Improve default settings for new websites and management interface

• Improve default SSH settings

• Recognize new JSON-based MIME types as JSON

• Increase sync message size limit

• Update certificates used during software updates

• Minor improvements to several existing general signatures

Fixes

• Handle text/plain parsing correctly in all cases

• Remove references to "trial version"

• Resolve issue with handling charsets of backend certificate DNs

• Resolve issue with captcha settings affecting some upgrades

• Ensure ACL order is always preserved when importing a configuration

• Require updated agent for backend communication

• Removed unneeded repository configurations

• Rotate the attack log appropriately

September 2022

Version 4.6.2.1

September 2, 2022

Enhancements

• Improve settings for default reference clock

Fixes

• Validate and enforce SSL CA order correctly

• Sync SSL client CA certificate properly on auto-scaling WAFs

• Persist system hostname after reboot

Version 5.0.2.1

September 1, 2022

New Features

• Data anonymization: irreversible obfuscation of client input to move WSM log data out of scope of privacy requirements like GDPR, HIPAA, the UK Data Protection Act of 2018, and Australian Information Privacy Act 2009.

Enhancements

• Support TLS 1.3 automatically when communicating with backend servers

• Improve settings for default reference clock

Fixes

• Enforce all policies when brute force protection has no CAPTCHA selected

• Validate and enforce SSL CA order correctly

• Sync SSL client CA certificate properly on auto-scaling WAFs

August 2022

Versions 4.6.2.0 and 5.0.2.0

August 4, 2022

New Features

• Detect brute force password guessing and credential stuffing and prevent by enforcing a CAPTCHA

• Switch to Oracle Linux 8

Enhancements

• Allow NICs without support for legacy settings

• Display NTP settings in the UI

• Improve validation of core settings on master before synchronization to workers

• Integrate with new edge actions API in support of Intelligent Response

• Use systemd consistently on WSM 5+

Fixes

• Allow file upload setting changes when using legacy signatures

• Improve repo settings for automated system updates

• Skip cookies when running signatures over HTTP headers

• Skip Cookie header when running signatures over HTTP headers as each individual cookie is validated separately

• Handle wide character issues during command line normalization

• Eliminate false positives in one alarm related to appliance monitoring

• Stop writing duplicate logs on autoscaling workers

• Validate 'null' payloads in JSON correctly

• Improve check for RE2 compatibility in signatures

April 2022

Versions 4.6.1.2 and 5.0.1.2

April 12, 2022

Enhancements

• Add support for Alert Logic Intelligent Response

• Standardize on dynamically-generated health response for all deployments

• Improve crypto-policy and encryption algorithm defaults

• Make cluster IDs configurable and persistent across changes to sync settings

• Decode %u encoding if allowed in the config

Fixes

• Ensure synchronization of DNS settings for auto-scaling WAFs

• Filter out possibly empty management interface configs

• Add further guards against an improper bootstrap in AWS

• Add a health check for a read-only filesystem

• Alarm on additional signals in the error log

• Make adaptive protect mode default to off

• Truncate large deny logs properly in all cases

• Remove unnecessary modules left over from upgrades from WSM 4

• Remove internal debug info from violations logged for invalid JSON

December 2021

Versions 4.6.1.0 and 5.0.1.1

December 10, 2021

Enhancements

• Separate %U decoding into multiple configuration options

• Allow selection of GeoIP address lookup order

• Display implied regex anchors whenever they will apply to header validation rules

Fixes

• Disable bootstrap user after an appliance is claimed

• Handle AWS S3 errors during bootstrap gracefully

• Allow ipset restore to add overlapping subnets

• Apply API-driven changes to website aliases automatically

November 2021

Versions 4.6.1.0 and 5.0.1.0

November 15, 2021

New Features

• Improved XSS signatures

• Improved password management for API users

• Support SNI for health-checking https backends

Fixes

• Resolve issue in handling end-of-file during high-volume log transport

• Make several violation types more uniform in their presentation

• Resolve issue with logging identity of internal users

• Inspect file uploads only when the new signature model is enabled

October 2021

Versions 4.6.0.19 and 5.0.0.19

October 15, 2021

New Features

• FIPS mode for WSM 5

Fixes

• Allow PUT requests without a recognized Content-Type if bypass is enabled

• Correct SSL certificate permissions issue

• Word-break long hostnames in the deny log

• Gracefully handle certain SSL read errors in backend health checks

• Increase allowed duration of network time requests

Versions 4.6.0.18-3249 (all inline platforms) and 5.0.0.18-648 (AWS AMI non-FIPS)

October 4, 2021

New Features

• Attack signatures usage now includes advanced engine with header evaluation built in

• Improved time-keeping with multiple fallbacks

• Improved defaults (advanced signature engine; file upload inspection; emerging threat detection; and opt-in learning)

Fixes

• Trim learn stats more frequently

• Always regenerate core configs during migrations

• Remove outdated version check

• Perform additional database integrity checks

• Skip proxy syncs when no proxies are found

September 2021

Versions 4.6.0.17 (all platforms) and 5.0.0.17 (AWS AMI non-FIPS)

September 9, 2021

Fixes

• Eliminate backtracking in the command line normalizer

August 2021

Versions 4.6.0.16 (all platforms) and 5.0.0.16 (AWS AMI non-FIPS)

August 25, 2021

New Features

• Display IPs blocked as a result of setting a connection limit

• Extend the REST API to support fetching access logs

• Automate updates of system packages

Fixes

• Wrap the text of long Referer URLs in the UI

• Minor improvements to system log transport

• Anchor ACL path regex when finding matches

• Never enable default HTTP/HTTPS in created templates

• Correct UI regression in show original request view on WSM 4

Versions 4.6.0.15 (all platforms) and 5.0.0.15 (AWS AMI non-FIPS)

August 3, 2021

Fixes

• Resolve high-availability cluster sync regression

• Allow read-only users to connect from the Alert Logic console

• Preserve transparent proxy settings when applying configurations

July 2021

Versions 4.6.0.14 (all platforms) and 5.0.0.14 (AWS AMI non-FIPS)

July 15, 2021

Fixes

• Re-initialize message queues upon restoring/importing system settings

• Allow sync daemon to health check by way of loopback

Versions 4.6.0.13 (all platforms) and 5.0.0.13 (AWS AMI non-FIPS)

July 13, 2021

New Features

• Show number of files associated with excess upload attempts

• Allow full search text search on 'info' deny log field

• Add HTTP/4848 health check to non-autoscaling deployments

• Support delegated credentials for automated response integration

Fixes

• Prevent significant CPU consumption during normalization of some requests

• Support non-compliant multipart form boundaries

• Sort the list of available backups

• Support larger deny logs

• Ensure AWS auto-scaling deployments have a default configuration

Versions 4.6.0.12 (all platforms) and 5.0.0.12 (AWS AMI non-FIPS)

July 9, 2021

New Features

• Integrate with incident API to support automated response

• Support migration of transparent proxy from WSM 4 to WSM 5

• Improve configuration sync on AWS auto-scaling deployments

• System log display rendering improvements

• Internal enhancements to log transport components

• Add include sub option to log filter violation filter

Fixes

• Correctly sort log events

• Sync website configs in an optimal order

• Adjust log rotation/retention configuration

• Remove irrelevant warnings

• Ensure all system configuration elements can be saved in UI

• Correctly match VLAN interface ID mapping

• Concatenate multi-line syslog messages

• Allow header/body filters to work on WSM 5

• Resolve precedence between GeoIP-blocked and blackholed requests

• On WSM 5, ensure log volume is preserved and mounted when master instance is replaced

• Prefer configured UUID over provisioning UUID for heartbeating

• Prevent auto-scaling worker instances from running wsm_bootstrap loop

• Restart framework after WSM update

• Regenerate core configuration after SSL certificate REST API update

• Allow "0" when validating an HTTP header

• Remove 240.0/8 loopback IPs from the UI

• Layer 7 blocking should ignore invalid IPs in XFF

• Re-open database handles after daemonization in one service

• Miscellaneous packaging improvements and system software updates

April 2021

Version 5.0.0.11 (AWS AMI non-FIPS)

April 19, 2021

New Features

• Improvements to CPU and RAM utilization

• Log transport agent updated to use newer log ingestion system

• Support provisioning in additional data centers

Fixes

• Allow UI to save policies with over 248 global parameters

• Support multi-line syslog messages and system logs in new log agent

• Ensure admin daemon restarts service dependencies robustly

Other changes

• Remove AWS autoclaim agent

No 4.6.0.10 release exists.

March 2021

Version 5.0.0.10 (AWS AMI non-FIPS)

March 18, 2021

New Features

• Support DHCP assignments with /32 netmask

Other Changes

• Update jQuery

No 4.6.0.9 release exists.

Version 5.0.0.9 (AWS AMI non-FIPS)

March 8, 2021

New Features

• Support JSON lines format for S3 deny log export

• Enhance deny log to include string that triggers double encoding violation

Fixes

• Resolve issue where daemons were not restarting when certain config changes were committed

• Resolve issue uploading PEM certificates with separate chains and with uploading PKCS#12 certs/keys

• Resolve issue affecting ACL policy manipulation

• Suppress errors from update tools when deployment-specific repo bundles are not in use

5.0.0.8 was not released for Managed WAF.

No 4.6.0.8 release exists.

February 2021

Versions 4.6.0.7 (all platforms) and 5.0.0.7 (AWS AMI non-FIPS)

February 9, 2021

New Features

• Extend virtual patch support to include Base64 decoding support

Fixes

• Resolve rare issue with host/role in config generation

• Resolve issue with configs where both session persistence (cookie, source IP, etc.) and real server failover was enabled at the same time

• Fix internal get_worker_status ops tool

• Resolve issue with FIPS mode detection on non-FIPS kernels

No 4.6.0.6, 5.0.0.5, or 5.0.0.6 releases exist.

January 2021

Versions 4.6.0.5 (all platforms) and 5.0.0.4 (AWS AMI non-FIPS)

January 29, 2021

Other Changes

• Update sudo

Version 5.0.0.3 (AWS AMI non-FIPS)

January 27, 2021

New Features

• Support for TLS 1.3

• Support for HTTP/2

• Support for proxying Web Sockets

• Support for proxying gRPC

Version 4.6.0.4

January 19, 2021

New Features

• Extended support for virtual patches

• New virtual patches with coverage related to SolarWinds compromise

Fixes

• Improved validation of SSL certificate uploads

• Improved handling of certificate revocation lists

November 2020

Version 4.6.0.3

November 2, 2020

Fixes

• Resolve permissions issue and timing issues in AWS master config sync

• Resolve country code discrepancy issue in the deny log

• Resolve country code discrepancy issue in the deny log

• Improve handling of formats for upstream response time value

• Reformat deny log to be parseable in search again

• Upgrade onboard database software (SQLite)

• Minor internal fixes in support of future enhancements

October 2020

Version 4.6.0.2

October 8, 2020

Fixes

• On upgrade, handle ACL paths with regex meta characters correctly

September 2020

Version 4.6.0.1

September 9, 2020

Fixes

• On upgrade, migrate to more configurable HTTP method inspection correctly

• Discover recent changes to health-check configuration correctly

August 2020

Version 4.6.0.0

August 31, 2020

New Features

• Support exporting deny logs to an S3 bucket

• Support syslog over TLS

• Support vpatches for emerging threats

• Send additional details to Log Manager regarding generic protocol violations

• Improve handling of XML

• Improve configurability of body permissions and actions across methods

• Minor signature improvement

• Numerous performance and portability improvements to WSM internals

Fixes

• Interpret and synchronize extended syslog config correctly

• Check multiple virtual patches matching a path

• Fix issue with WSM dashboard not displaying through the AL console

• Allow OPTIONS method when no application path config is present

• Support separate default vhosts for both HTTP and HTTPS

• Send certificate metadata to backend in all cases

• Avoid double-escaping regex application paths during upgrades and imports

May 2020

Version 4.5.9.1

May 5, 2020

Fixes

• Improved utf8 handling

• Resolved an issue with displaying HTML5 graphs in the console

• Improved mqueue allocation during an upgrade

April 2020

Version 4.5.9.0

April 7, 2020

New Features

• Alert Logic now supports new collections of virtual patches (highly-targeted security content for specific vulnerabilities)

• Replaced Flash-based UI graphs with HTML5 charts

• Improved multibyte support

• Allowed GET requests to have a body

• Treated expected redirects of HTTP to SSL as non-violating

• Minimized UI presentation of sequentially-duplicated system logs

• Supported custom log fields in extended enhanced alert log

• Used ISO date format for audit logs

• Allowed quoted multipart boundaries

• Supported SameSite cookies

• Supported customizable 307/308 redirects

• Supported negation of deny log filter expressions

• Supported optional silencing of GeoIP access violations

• Expanded character set in the default URL class definition

• Added cipher and TLS version as options for custom access log format

• Covered additional SQLi conditions with improved security content

Fixes

• Properly decoded HTML entities when dealing with customer-defined web ACLs

• Validated SSL PEM certificates on upload regardless of the "Validate certificate chain" option

• Corrected an issue with updating CRL lists

• Properly matched regex-based ACLs when adding to them from the deny log view

• Updated text in "Add from deny log" functionality

• Updated OpenSSH

• Updated console URLs in login page

• Removed source IPs which have been removed from the teacher node's blacklist

• Improved X-Forwarded-For parsing

• Made SSL certificate generation default to 2048 bit keys

• Used default HTTPS proxy settings correctly

• New web ACLs now inherit allowed HTTP method settings

• Improved logging for the health check daemon

• Improved automated detection of XML content

November 2019

Version 4.5.8.0

November 21, 2019

New Features

• Use regular expressions in web application paths (Note: existing paths will be converted to regexes automatically)

• Improve handling of UTF-8 encoding in policy values

• Add file extension validation framework

• Prioritize GeoIP lookups by represented country, registered country, and RIR assignment country order (Note: This product includes GeoLite2 data created by MaxMind).

• Add trusted proxy support for black hole

• Offer extended alert log format

• Support ECDSA keys for TLS proxies (mutually exclusive with RSA)

• Release package updates for base OS security

• Block TRACE method on Management UI

Fixes

• Fix response body rewriting consistency when learning engine is enabled

• Fix issue where health check daemon could miss config change notifications

September 2019

Version 4.5.7.0-2249

September 26, 2019

New Features

• Support sending SNI to upstream servers

• Support future hotfix deployments independent of upgrades

• UI to multi-select country codes

• UI to copy deny log details to clipboard

• UI warning when enabling proxy protocol

• Disable legacy SSH algorithms

• Deterministic package installation order for new physical/virtual deployments

• API for managing redirects and aliases

• Generate warnings when auto-scaling worker sync is blocked

• Improvements to deny log parser error handling

• Protocol violations should not log entire payload

• Reduce false positives on XPATH signatures

• Skip [ TRUNCATED ] suffix when adding parameters from log

• Remove low-confidence XPATH signatures

Fixes

• Replace message queue implementation for deny logs, learning data, and response inspection

• Always validate request headers using general rules in addition to header-specific validation

• Allow ACL definitions to be agnostic about trailing slashes

• Match newlines when masking deny log input

• Make signature package updates visible in UI

• Improve access log routing for auto-scaling deployments with more than ten proxies

• Use correct package name when updating signatures on autoscaling worker instances

June 2019

Version 4.5.6.3-2084

June 13, 2019

New Features

• Switched to a new GeoIP2 database format for more accurate geolocation data. This product includes GeoLite2 data created by MaxMind.

May 2019

Version 4.5.6.2-2030

May 7, 2019

New Features

• Reduced false positives in OS Commanding signatures.

Fixes

• Preserved policy routes when upgrading.

April 2019

Version 4.5.6.1-1976

April 9, 2019

New Features

• Allow single-quoted strings in JSON parser

• RPC audit logging overhaul

• Expose an option to disable Alert Logic Managed Web Application Firewall (WAF) default inspection scope

• Return signature info in response headers in signature test mode

• Detect evasion attempts using request body header tricks

• Replace ntpd

• Reduce false positives

• Change authentication mechanism for repository access

• Content validation data collection framework

• Allow malformed UTF-8 encodings in JSON payloads

• Further improvements to TLS key handling

Fixes

• Persist policy routing priorities

• Web App IDS deny log notes correct action on requests to unknown hosts

• Prevent errors from terminating syncd

• Prevent proxy error log duplication

• Allow overlapping system gateway to match a whitelist

Signature Changes

• Package renamed to accommodate breaking changes

• Removed RFI to reduce false positives

• Improved general coverage

• Improved SQLI coverage

December 2018

Version 4.5.6.0-1839

December 14, 2018

New Features

• Add Joomla PHP injection signature to header validation

• Add underlying support for nvme1n1 for new instance types

• Allow access logging of calculated remote IP

• Allow more granular control of email notifications

• Improve TLS key handling

• Install operations tool by default

• Relax JSON parser to allow scalar string data

• Release new kernel

• Require latest DNS SQLi signature

• Support TLDs up to 32 characters long

• Support configurable DTD validation when parsing XML payloads

• Turn on filename validation by default

• Update several common software packages

Fixes

• Align utf8 usage in WAF core and the Alert Logic console

• Allow the trusted proxy setting to be reset to undefined

• Fix WAF display for read­-only users in the Alert Logic console

• Fix bug in reading attribution signatures

• Rotate deny log database more gracefully

• HUP syslog­ng after rotating access log

• Improve header validation / RFC enforcement options

• Send HSTS headers on WAF error pages

• Suppress sensitive metadata in log

Signature Changes

• DNS exfiltration

• Date field for classification signatures

• Improved OSC / removed OSC_TRAIL_PIPE

• Improved PHP INJ signature

• New OSC and SQLI signatures

August 2018

Version 4.5.5.1-1683

August 14, 2018

New Features

• Improved OS commanding detection

Fixes

• Proxy would improperly block certain OS commanding violations with HTTP 500 errors regardless of policy setting

Version 4.5.5.0-1668

August 7, 2018

New Features

• Clean up orphaned package management transaction files

• Improve deny log rotation performance

• Reduce alarm flapping

• Log the offending part of abnormally large payloads

• Watchdog enhancements

• Enable "Accept underscore characters in request headers" by default

• Allow certain alarm conditions to automatically clear when the alarm condition is no longer present

• Normalize and de-duplicate virtual host aliases to lowercase

• Allow optional port numbers in X-Forwarded-For header parsing

• Add configurable back-off period for auto-clearing alarms

• Improved OS Commanding detection

• Updated signature content

• Add Drupal signature as a custom signature to new proxies

• AWS Enhanced Networking Adapter foundational support, pending AMI release

• Improve cluster synchronization resilience to network errors

Fixes

• Passive WAF logged proxy IP instead of trusted X-Forwarded-For IP in some circumstances

• Error saving intermediate certificate when "Validate certificate chain" is enabled

• Strip request headers entirely when required by policy, rather than only removing the value

• Deny log processing could stall on Passive WAF

• Passive WAF feature can be fully enabled without requiring sensor reboot

June 2018

Version 4.5.4.3-1586

June 7, 2018

New Features

• Add support for AWS S3 bucket server-side KMS encryption

May 2018

Version 4.5.4.2-1545

May 8, 2018

New Features

• Improved audit logging

Fixes

• Fix a rare memory leak

April 2018

Version 4.5.4.1-1501

April 9, 2018

Fixes

• Fixed issue displaying deny logs with malformed utf8 data

• Resolve UI error related to IP sharding feature

• Fixed grouping by country in the deny log dashboard

• Stop logging at 10% free space left on Passive WAF

• Read the correct core error log on auto-scaling masters

March 2018

Version 4.5.4.0-1461

March 6, 2018

New Features

• Support inline WAF on Google Compute Engine

• Updated kernel

• Replaced string search algorithm

• Relaxed threshold for waf-core-cpu alarm

Fixes

• Prevent autoscaling master instances from syncing backup to S3 when unhealthy

• Restored "Insert" option on response header rewrite rules when using more than 4 entries

• Fixed L7 blacklist syncing for CIDR ranges

• Restored missing fields in deny log in edge case

January 2018

Version 4.5.3.4-1418

January 30, 2018

Fixes

• Resolve an issue which could prevent certain global system settings from syncing to autoscaling workers and HA learners

• Resolve a slow memory leak in the proxy core

Version 4.5.3.3-1395

January 4, 2018

Fixes

• Restore allowed HTTP method types in policy ACLs correctly when restoring backups or replacing autoscaling master instances

November 2017

Version 4.5.3.2-1320

November 14, 2017

New Features

• Activate JSON parser for a wider content-type range

• Enable response inspection by default on Passive WSM

• Support tilde and percent in external redirects

• Parse cookies more strictly

• Configure AWS auto-scaling master as undisciplined clock

Fixes

• Resolve a circumstance which caused DHCP to be enabled improperly on new sensors

• Don't log the RAW body twice on Passive WSM

• Allow large file uploads when Content-Length is set

• Resolve UI error when deleting phantom static routes

• Resolve minor issues in SSL client auth handling

August 2017

Version 4.5.3.1-1204

August 1, 2017

Fixes

• Fix a regression that broke new routing proxy deployments

July 2017

Version 4.5.3.0

July 17, 2017

New Features

• Added API calls to import and export site policy templates via WSM management API.

• Added an option to close connection on 502 errors.

• Improved network performance in customer environments with high rates of requests and concurrent requests.

Fixes

• Improved response inspection/analysis statistics to eliminate sources of inaccurate criticality scoring.

• Resolved an issue with multi-node configuration sync that could interrupt cluster sync operations.

• Resolved an issue preventing blacklist not syncing from master to learner nodes in some scenarios.

• Addressed an issue related to high CPU consumption when running scans against WSM in some customer environments.

Security

• Resolved nginx range filter potential leakage/denial of service vulnerability (CVE-2017-7529).

Changes

• Management UI now requires TLS 1.2+.

April 2017

Version 4.5.2.4

April 12, 2017

Fixes

• Addressed an issue introduced in 4.5.2.1 release causing unexpected proxy update/delete behavior.

Security

• Removed potential for theoretical XSS within a specific dialog.

March 2017

Version 4.5.2.2

March 13, 2017

New Features

• Added Apache Struts (CVE-2017-5638) header validation rule and included in default template.

• Added option to globally enable proxy protocol for all listen IPs

Fixes

• Improved log rotation/log storage database to reduce contention and improve log rotation process.

• Resolved a rare issue with CPUs without AVX support.

Changes

• Changed WSM “Import Proxy Template” API call to match documentation.

February 2017

Version 4.5.2.1

February 21, 2017

New Features

• Added per-site policy GeoIP-based blacklisting/whitelisting functionality.

Fixes

• Resolved an issue related to falsely indicating versions within a cluster.

• Addressed a small number of scenarios where license keys incorrectly report that they are invalid.

• Addressed scenarios where the appliance watchdog service may inadvertently not be running.

• Resolved several minor typos in the user interface.

• Resolved an issue where changed cluster passwords were not replicated through the entire system.

Security

• Added internal last modified date for CRUD operations on websites, to be relayed to Alert Logic’s backend.

Changes

• User interface will now prevent a proxy creation that overlaps on IP:port between another proxy/protocol.

• Increased internal daemons dealing with syslog messages now have higher free disk thresholds, consistent with alarms.

Version 4.5.2.0

February 7, 2017

New Features

• Completed support for new AWS regions that require both HVM and v4 signatures.

Fixes

• Resolved an issue where stats database could end up with improper permissions.

• Resolved potential slow memory leaks with stats collector.

• Improved watchdog recovery of logging agent.

Changes

• Introduced dependency on new health monitoring agent.

January 2017

Version 4.5.1.2

January 19, 2017

New Features

• Extended maximum header size limitation to optionally allow headers up to 32k.

Fixes

• Improved logging related to blocking/blacklisting IPs, both removing excess errors and ensuring details are properly logged.

• Ensure blocking configuration files are properly written during AWS master re-spins.

• Resolved issue with block timeouts falling back to default rather than using configured timeout.

• Resolved an issue with adding overlapping ranges to blacklists that resulted in some IPs not blacklisted.

December 2016

Version 4.5.1.1

December 15, 2016

Fixes

• Updated response inspection to pick up configuration changes when website configurations are changed.

• Improved handling of learn candidate failures to prevent unexpected deny logs from being created from learn candidates.

• Resolved an issue with System>Tools>Website Configuration preventing expected configuration content from being returned.

• Addressed an issue that may result in unexpected mismatched version alarms within a cluster.

Security

• Provided an updated kernel to address potential security vulnerabilities (including dirtyc0w).

Changes

• Updated several minor issues in the REST API and added a new API call to get IP addresses.

• Updated invalid hostname violation to enforce SSL hostname restrictions.

• Provided an affordance for single quotes present in file paths to be allowed by modifying the allowable files regular expression.

October 2016

Version 4.5.1.0

October 27, 2016

Fixes

• This release removes the unexpected need for initial configuration save and restart of the WSM appliance UI at provisioning time.

• This release resolves an issue where backend server violations did not always log headers.

• This release resolves an issue where layer 7 blocking did not always work following autoscaling instance respins.

• This release removes superfluous error generation when syncing routing proxy configs.

• This release improves resilience of deny log transport in certain edge cases.

• This release improves storage of datacenter affiliation configuration.

• This release adds functionality to always include response parameters (even if values are empty) in deny logs to ensure logs are properly parsed.

• This release improves Denial of Service mitigation setting configuration to ensure settings are saved and operate as expected.

• This release addresses an issue related to response inspection learning that can lead to increased CPU consumption.

• This release improves handling of iptables configuration to ensure appliance specific changes are not overwritten for both WSM Premier and WSM (Out of Band).

• This release resolves a scenario where the ACL cache can be cleared during the autoscaling instance boot process.

• This release improves payment card masking to reduce false positives in deny log masking.

Security

• This release updates HTTP SSL settings to lock down insecure ciphers and SSL/TLS for WSM (Out of Band).

Changes

• WSM Appliance API users can now be created via UI, CFT, and during appliance provisioning.

• WSM Appliance API users will now be indicated in the appliance UI.

• IP Addresses extracted from X-Forwarded-For headers will now be the leftmost non-private IP.

• Deny log rotation is now limited to preserving 100k records, which will be rotated more frequently.

• Improvements to several WSM appliance alarms facilitate better monitoring and troubleshooting by Alert Logic operations teams.

• Updated WSM appliance SQlite instance for improved stability and reliability.

September 2016

Version 4.5.0.2

September 19, 2016

Fixes

• This release resolves an issue where Content-Type was not being matched case-insensitively.

• This release improves handling of chunked multipart/form-data.

• This release prevents multiple instances of internal services from running on the appliance.

• This release resolves two minor syslog daemon configuration issues.

• This release resolves an issue where invalid learn chunks could cause startup failures without manual intervention.

Security

• This release updates the embedded agent which now includes additional TLS1.2 support for Alert Logic services.

August 2016

Version 4.5.0.0

August 11, 2016

New Features

• This release adds capabilities to capture and analyze full server responses, providing the response and potential indicators of compromise within the UI and deny logs.

• This release improves support for Azure WSM deployments, including adjustments to SSH ClientAliveInterval and the WSM configuration UI.

Fixes

• This release ensures syslog daemon was restarted properly after upgrade.

• This release resolves an issue with single tuned site configurations not properly transmitting log activity.

• This release resolves an issues with configuration files potentially being overwritten during an upgrade.

• This release resolves an issue during boot where AWS environments were not properly recognized.

• This release resolves an issue with duplicate fwmark rules being created in transparent proxy deployments.

Security

• This release resolves CVE-2016-4450 (a potential DoS condition in nginx).

Changes

• This release removes VLAN submenu from WSM UI in deployments where it’s not used.

July 2016

Version 3.2.38

July 7, 2016

Security

• This release updates openssl library to address recent openssl vulnerabilities (including CVE-2016-2108, CVE-2016-2107).

Changes

• This release further restricts remote login access via SSH to internal and Alert Logic networks.

• This release enables masking of sensitive payment card information in log data by default.

June 2016

Version 4.4.3.0

June 16, 2016

Fixes

• This release resolves an issue with unnecessary services running on auto-scaling workers.

• This release resolves an issue with connectivity to s3 during updates.

• This release resolves several minor issues that could generate unexpected log output.

• This release resolves several issues with the internal watchdog to improve resilience.

• This release resolves an issue where SSL certificate chain expiration dates could appear incorrectly or be out of sync across components.

• This release resolves an issue related to certain scans causing unexpected appliance behavior.

• This release resolves an issue where certain scheduled tasks would not run in configured timezones.

• This release resolves an issue where cluster IP alias limits were not functioning as expected in configuration UI.

• This release resolves an issue with custom access log formats not behaving as expected.

Security

• This release updates openssl library to address recent openssl vulnerabilities (including CVE-2016-2108 and CVE-2016-2107).

Changes

• This release further restricts remote login access via SSH to internal and Alert Logic networks.

April 2016

Version 4.4.2.0

April 21, 2016

New Features

• This release adds several improvements relating to web security content, including additional details in the deny log when content is triggered.

• This release adds support for monitoring RESTful API methods and zero-length requests that normally have a request body.

• This release adds several improvements to aid in troubleshooting of WSM appliances, while improving monitored checks.

Fixes

• This release resolves an issue causing proxy stats database to grow excessively large in size.

• This release resolves an issue with a dependent service failing to auto-upgrade during provisioning.

• This release resolves an issue with missing configuration settings not being restored during re-spin in AWS auto-scaling deployments.

• This release resolves an issue with WSM agent service consuming resources on AWS auto-scaling workers.

• This release resolves an issue with the management of multiple instances of dependent services.

• This release resolves an issue with the bootstrap process when services are not immediately ready.

• This release resolves an issue with AWS auto-scaling workers performing unnecessary S3 config backups.

• This release resolves an issue related to layer 7 blocking, including a problem with timeout enforcement.

Changes

• This release changes worker CPU usage calculation to use standard deviation instead of min/max.

• This release changes backend health check configuration to reject semicolons in path.

March 2016

Version 4.4.1.0

March 3, 2016

New Features

• This release adds support for worker access logs to be aggregated on master (similar to deny logs).

Fixes

• This release resolves an issue where WSM user guides/help links may not have been accurate to the WSM version deployed.

• This release resolves issues with several scenarios that could cause unexpected responses to carefully crafted requests.

• This release resolves an issue causing failures importing PKCS12 certificates.

• This release resolves an issue with static routes when using interface-specific gateways.

• This release resolves an issue where temporary files remained after working with SSL cache.

• This release resolves an issue where bypassing an unknown method (e.g. WebDAV LOCK) where parameters/cookies were present was not possible.

• This release resolves an issue deploying customer-specific hotfixes to AWS auto-scaling deployments.

• This release resolves an issue displaying deny log when Unicode encoded characters were present in an entry.

Security

• This release updates glibc and openssl to address recent upstream security announcements.

Changes

• This release extends enforcement of SSH access, eliminating remote access from the “operator” user.