Release Notes
Releases
| Release | Date | Notes |
|---|---|---|
1.1.9 | 2024-04-18 | |
1.1.8 | 2024-04-10 | |
1.1.7 | 2024-03-11 | |
1.1.6 | 2024-02-20 | |
1.1.5 | 2024-02-12 | |
1.1.4 | 2024-02-04 | |
1.1.3 | 2023-12-28 | |
1.1.2 | 2023-12-03 | |
1.1.0 | 2023-09-10 | |
1.0.1 | 2023-08-24 | |
1.0.0 | 2023-07-25 | first "stable" release "latest" release notes |
0.9.1-rc | 2023-06-02 | |
0.9.0-rc | 2023-05-06 | |
0.8.0-rc | 2023-05-02 | |
1.2242.1-rc1 | 2022-10-25 | initial open-source release |
Limitations
We are constantly working on resolving the limitations listed here and adding enhanced functionality.
Declarative Management:
Kubernetes:
Kong Declarative configuration for open-appsec for Kong requires Ingress Resource which the open-appsec Annotation can be added to. Currently doesn't work if there are no ingress resources available and traffic is sent to Kong Gateway directly. (Workaround if there are no ingress resources: Use central management)
Only ingress resource rules that specify both keys are supported: host and path. Specifying just the path is not supported. In that case either add the host key as a temporary fix to your ingress rules if currently missing, or switch to WebUI (SaaS) management instead of local declarative management. This will be fixed soon. (Note: This does not impact the optional specific rules as defined in the open-appsec policy CRD.)
All environments:
Snort signatures and API schema: defining Snort signatures and API schema for K8s is not supported yet (this is supported when using central Management via WebUI (SaaS))
Custom Response: "Redirect" action in CustomResponse CRD/config is not supported (use "block-page" or "response-code-only" options until this is available.
Block Page returns a blank screen - security isn't affected.
General:
Log Trigger Response body: In the log trigger setting "Response body" to true can affect traffic.
SELinux: open-appsec Linux servers: SELinux in “Enforced” mode is not supported. When SELinux is used in “Enforced” mode on the machine running the reverse proxy server and the agent, deployment of the agent might fail during registration. SELinux in “Enforced” mode, blocks the registration attempt.
Country-based Exception rules: When configuring exceptions in Asset edit->Exceptions Tab, an exception rule using the keys Country Name or Country Code cannot be defined with additional conditions based on other keys in the same exception. There’s an implicit OR logic between different exception rules, so it is possible to define different exception rules, some using country code/name, and others using other keys.
Country-based Exception rules: are only supported in managed tenants (Declarative / Management)
SaaS Management (WebUI):
Creating a second tenant using the same email address is not supported (the user can be added to another tenant with another main email address as an additional user)
WildCard asset: you can only have a single asset using wildcard resource for each HTTP as well as HTTPS (e.g.: http://* and https://* ) per tenant. This will be resolved soon.
Social log-in: Adding Google or GitHub users as additional users to a tenant is not supported (use regular users with email addresses instead)
Tools:
CLI tools for macOS are not available yet
Platform support:
Temporarily Fedora is not supported for Linux-embedded installations (consider using Docker-based deployment instead)
Envoy and Ambassador support is not available yet
Last updated