0.6.0

This release notably brings:

• the latest Coraza v3.3.3, which fixes GHSA-q9f5-625g-xm39.
• CRS rules updated to v4.14.0.
• Improved body scanning enforcement when HTTP/2 trailers are used (#306).
  See below for the full list of changes.

⚠️ Note: this version still relies on tinygo (updated to 0.34), proxy-wasm-go-sdk, and nottinygc. As with previous releases, it has been reported that it might lead to memory leaks and overall performance degradation. It is recommended to use this module only after extensive testing to confirm module stability under your specific use case and traffic patterns. A separate issue will be created to detail the project's future direction and explore solutions to the current limitations.

What's Changed

• chore: adds dashboard. by @jcchavezs in #222
• updates coraza to 3.1, and deps by @M4tteoP in #259
• updates to CRS v4.0.0 by @M4tteoP in #260
• Adds arm64 arch to busybox image, updates proxyv2 latest version by @M4tteoP in #264
• fix: removes deprecated docker-compose in favour of docker compose by @M4tteoP in #267
• ci: install qemu [Multi-platform busybox image] by @M4tteoP in #266
• chore: prints error on closing tx. by @jcchavezs in #275
• Allow empty path when HTTP method is CONNECT by @pwjagrullar in #270
• update to CRS v4.3.0 by @arminabf in #276
• fix: rely on IsResponseBodyProcessable by @M4tteoP in #281
• chore: updates to latest envoy images by @M4tteoP in #284
• Updates to Coraza v3.2.1 and several dependencies by @M4tteoP in #282
• feat: Audit logs in proxy-wasm logs by @M4tteoP in #263
• Bump Go to 1.21 following upstream Coraza by @M4tteoP in #285
• chore: updates to latest tinygo v0.33.0 by @M4tteoP in #287
• Bump Go to 1.22 following upstream Coraza min requirements by @M4tteoP in #293
• CRS v4.5, albedo, etc. by @M4tteoP in #294
• fix: ci deprecated actions by @M4tteoP in #302
• feat(magefile): allow to customise interp timeout by @Infra-Red in #301
• Coraza 3.3.3 with CVE fix, tinygo 0.34 by @M4tteoP in #303
• update to latest CRS v4.14 by @M4tteoP in #304
• fix: enforces request body scanning with trailers by @M4tteoP in #306

New Contributors

• @pwjagrullar made their first contribution in #270
• @arminabf made their first contribution in #276
• @Infra-Red made their first contribution in #301

Full Changelog: 0.5.0...0.6.0

Version 0.5.0

This release brings a fix while dealing with body payloads sent in multiple chunks. It comes with a cleaner, optimized, and less error-prone solution.

What's Changed

• chore: BodyLimit and Memorylimit to 131072 by @M4tteoP in #251
• fix: chunk bodies and process partial by @M4tteoP in #252

Full Changelog: 0.4.0...0.5.0

Version 0.4.0

This release notably updates the embedded rule set to the CRS v4.0.0-rc2 release and moves the default request body process policy to ProcessPartial in order to avoid potential service degradation during the initial integration of coraza-proxy-wasm. It is strongly recommended to be fully aware of the deployed configurations and to customize them accordingly based on your needs and security posture.

What's Changed

• Add go.work file by @anuraaga in #242
• fix indentation in the example by @spacewander in #245
• updates to CRS v4.0.0-rc2, sets equal BodyLimits in default configs by @M4tteoP in #243
• Updates coraza-wasilibs by @M4tteoP in #246
• fix(ci): creation of release if it does not exists by @M4tteoP in #247

New Contributors

• @spacewander made their first contribution in #245

Full Changelog: 0.3.0...0.4.0

Version 0.3.0

What's Changed

• Updates to latest tinygo and coraza-wasilibs by @M4tteoP in #231
• chore: relaxes tinygo version check by @M4tteoP in #232
• chore(readme): Add Coraza Proxy WASM as WasmPlugin for Istio Guide by @KarstenSiemer in #233
• chore: fixes Wasm path for EnvoyExample, removes detached by @M4tteoP in #238
• Update nottinygc by @anuraaga in #235, #239 and #240

New Contributors

• @KarstenSiemer made their first contribution in #233

Full Changelog: 0.2.0...0.3.0

Version 0.2.0

This release decreses the memory usage by the introduction of memoization in the high memory objects like regexes or aho-corasick dictionaries.

What's Changed

• Support getting request host, path, method and response code from pro… by @shukitchan in #210
• feat(e2e): swaps e2e with the official Coraza ones, updates Go to 1.20 by @M4tteoP in #224
• Update TinyGo to 0.29 by @anuraaga in #229
• feat: uses memoization to decrease memory consumption. by @jcchavezs in #220
• chore: upgrades to Coraza 3.0.4. by @jcchavezs in #230

New Contributors

• @shukitchan made their first contribution in #210

Full Changelog: 0.1.2...0.2.0

Version 0.1.2

Notably updates Coraza to v3.0.2 addressing GHSA-c2pj-v37r-2p6h.

You can download the wasm binary directly from the assets section or use the docker image:

docker pull ghcr.io/corazawaf/coraza-proxy-wasm:0.1.2

What's Changed

• Update TinyGo to 0.28.1 by @anuraaga in #207
• chore(deps): bump github.com/corazawaf/coraza/v3 from 3.0.0 to 3.0.2 by @dependabot in #213

Full Changelog: 0.1.1...0.1.2

Version 0.1.1

Initial release

This is the very first release of coraza-proxy-wasm based on Coraza v3.0.0 Release.

You can download the wasm binary directly from the assets section or use the docker image

docker pull ghcr.io/corazawaf/coraza-proxy-wasm:0.1.1

What's Changed

• updates Coraza to v3.0.0 release by @M4tteoP in #204
• Upgrade nottinygc by @anuraaga in #206
• Fix usage examples in README. by @cthain in #205

New Contributors

• @cthain made their first contribution in #205

Full Changelog: 0.1.0...0.1.1

Version 0.1.0

Initial release

This is the very first release of coraza-proxy-wasm based on coraza@v3.

You can download the wasm binary directly from the assets section or use the docker image

docker pull ghcr.io/corazawaf/coraza-proxy-wasm:0.1.0

Contributors

• @anuraaga
• @blaisewang
• @codefromthecrypt
• @evacchi
• @helloausrine
• @jcchavezs
• @M4tteoP
• @mlesaout
• @nacx
• @sts
• @upgle
• @zufardhiyaulhaq

Full Changelog: https://github.com/corazawaf/coraza-proxy-wasm/commits/0.1.0