firewall-node
Zen by Aikido protects your node app against attacks with one line of code. Get peace of mind— at runtime.
OTHER License
Bot releases are visible (Hide)
What's Changed
- Fix various edge cases and extend test coverage
Published by hansott about 2 months ago
- Temporarily disabled SSRF redirect protection for stability
Published by hansott about 2 months ago
- Fix accuracy issue during wildcard rate limiting
Published by hansott about 2 months ago
- Improve fetch &
undiciSSRF protection against malicious redirects - Add support for
better-sqlite3 - Improve rate limiting algorithm
- Protect
needlefor SSRF - Fix issue related to Sentry SDK v8
Published by hansott 2 months ago
- Improved shell injection detection
Published by hansott 2 months ago
- Improve communication with Aikido dashboard (increased timeout)
- Add support for HTTP/2 server
- Prevent SSRF bypass through redirection
- Ensure that direct invocations of shell are also inspected
Published by hansott 2 months ago
What's Changed
- Minor changes to handling of IP blocks
Published by hansott 2 months ago
What's Changed
- Improve Hono app benchmark
- Add Next.js install instructions
- Introduce IP allowlist feature for admin API routes
Published by hansott 3 months ago
What's Changed
- Solve SQLi false positive edge cases
Published by hansott 3 months ago
What's Changed
- Add benchmark with Hono and PostgreSQL
- Fixed false positive edge cases in SQLi
- Add support for node:sqlite
Published by hansott 3 months ago
What's Changed
- Added support for GraphQL, including field reporting and rate limiting per field
- Add performance optimizations
Published by hansott 3 months ago
What's Changed
- Fix context sometimes not available in event handlers
- Sanitize output of pathToPayload
- Fix SSRF false positives with different ports
Published by hansott 3 months ago
What's Changed
- Cleanup of tests and linting
Published by hansott 3 months ago
What's Changed
- Add docs for micro
- Wrap undici if node 16.8+ and run tests on node 22
Published by hansott 3 months ago
What's Changed
- Add support for micro server
Published by hansott 3 months ago
What's Changed
- Check for unsupported runtime
- Detect path traversal in file: URL
- Send more clean stack traces
Published by hansott 3 months ago
What's Changed
- Validate setUser(...) input and accept numbers as IDs
Published by hansott 3 months ago
What's Changed
- Ignore error handlers and add end2end test for Sentry by @hansott in https://github.com/AikidoSec/firewall-node/pull/274
Full Changelog: https://github.com/AikidoSec/firewall-node/compare/1.5.48...1.5.49
Published by hansott 3 months ago
What's Changed
- Add support for hapi 🚀
- Add support for ShellJS
- Add ~ to dangerous shell characters
Published by hansott 4 months ago
What's Changed
- Stop reporting redirects as API paths
- Allow enabling 'blocking mode' from UI
