helm-chart-5.1.0

• Over-limit events improvements
• Bumped APIFW version to 0.8.3
• wallarm_attack_type / wallarm_attack_type_list NGINX variables now properly show APIFW attacks
• [init container]Reduced memory usage during node registration

helm-chart-4.10.13

• Fixed memory leak on duplicate response headers in libproton (initially introduced in 4.8)
• Fixed memory leak in libwacl on IP addresses that are not in acldb but have known source (initially introduced in 4.8)
• Backported API Discovery fix of errors on missing status code

helm-chart-5.0.3

• Added support for customizing sensitive data detection in API Discovery
• Fixed memory leak on duplicate response headers in libproton
• Fixed memory leak related to IP addresses that are not in IP lists but have known source

helm-chart-5.0.2

• fixed installation fails without AAS subscription
• fixed export attack delay metric

helm-chart-5.0.1

• The supplementary Ruby code used in the node was replaced with Golang

helm-chart-4.10.10

• Fixed the Tarantool reconnect issue for API Abuse Prevention
• Fixed issues exporting malicious behavior patterns detected by the API Abuse Prevention module to API Sessions
• Fixed the CVE-2024-6345 vulnerability

helm-chart-4.10.9

• Fixed issues preventing sidecar proxy container from starting

helm-chart-4.10.8

• Fixed issues with starting the API Firewall service required for API Specification Enforcement in split deployment mode of Wallarm containers

• Fixed a memory leak in the API Discovery module

• Introduced new configuration parameters for controlling NGINX worker_connections and worker_processes:

  • config.nginx.workerProcesses and sidecar.wallarm.io/nginx-worker-processes chart value and pod annotation respectively
  • config.nginx.workerConnections and sidecar.wallarm.io/nginx-worker-connections chart value and pod annotation respectively

• Bump Golang version to 1.22.5

• The Sidecar controller now uses Alpine Linux version 3.20 with NGINX stable version 1.26.1, as previously introduced for the Docker image

• Fixed the vulnerabilities:

  • CVE-2024-24791
  • CVE-2024-5535

helm-chart-4.10.7

• Breaking change: The default method for generating the admission webhook certificate is now certgen, replacing the previous method. Multiple options for self-provisioning certificates have been introduced. Due to this breaking change, you need to follow specific upgrade instructions, including removing old certificate artifacts and applying the new configuration.
• As of Docker image release 4.10.7, the Sidecar solution now uses Alpine Linux version 3.20 with NGINX stable version 1.26.1
• Fixed the syncnode issue Could not update (TypeError): no implicit conversion of nil into String that sometimes appeared when registering a node in Wallarm Cloud using a node token
• Optimized OpenAPI data type detection by the API Discovery module

helm-chart-4.10.6

• Enhanced OpenAPI data type detection by the API Discovery module

• Introduced the wallarm_http_v2_stream_max_len directive to control the maximum length of HTTP/2 streams, helping prevent excessive memory consumption in long-lived gRPC connections

  To apply this directive during Sidecar controller deployment, include it in the per-pod snippets or includes.

• Resolved a memory leak issue where memory continued to be consumed after an overlimit attack was triggered, even when no further attack checks were conducted