Links
Comment on page

Release Notes

Releases

Release
Date
Notes
1.1.0
2023-10-09
1.0.1
2023-08-24
1.0.0
2023-25-07
first "stable" release "latest" release notes
0.9.1-rc
2023-02-06
0.9.0-rc
2023-16-05
0.8.0-rc
2023-05-02
1.2308-rc1
2023-02-24
1.2303-rc1
2023-01-22
1.2301-rc1
2023-01-02
1.2245-rc3
2022-11-13
1.2243-rc2
2022-10-30
1.2242.1-rc1
2022-10-25
initial open-source release

Limitations

We are constantly working on resolving the limitations listed here and adding enhanced functionality.
Let us know via the open-appsec GitHub or our Website Chat if you identified a potential issue/limitation or via our Website Chat as well if you have any ideas/requirements for additional features.

Declarative Management:

Kubernetes:
  • (Kong only) Declarative configuration for open-appsec for Kong requires Ingress Resource where the open-appsec Annotation can be added to. Currently doesn't work if there's no ingress resources available and traffic is sent to Kong Gateway directly. (Workaround if there's no ingress resources: Use central management)
  • Only ingress resource rules which specify both keys are supported: host and path. Specifying just the path is not supported. In that case either add host key as temporary fix to your ingress rules if currently missing, or switch to WebUI (SaaS) management instead of local declarative management. This will be fixed soon. (Note: This does not impact the optional specific rules as defined in the open-appsec policy CRD.)
General:
  • Defining Snort signatures and API schema in open-appsec for K8s and NGINX is not supported yet (this is supported when using central Management via WebUI (SaaS))
  • "Redirect" action in CustomResponse CRD/config is not supported (use "block-page" or "response-code-only" options until this is available.
  • In a log trigger, setting "Response body" to true can affect traffic.

SaaS Management (WebUI):

  • Creating a second tenant using the same email address is not supported (user can be added to another tenant with another main email address as an additional user)
  • You can only have a single asset using wildcard resource for each HTTP as well as HTTPS (e.g.: http://* and https://* ) per tenant. This will be resolved soon.
  • Adding Google or GitHub users as additional users to a tenant is not supported (use regular users with email addresses instead)

Tools:

  • CLI tools for macOS are not available yet

Platform support:

  • Temporarily Fedora not supported for Linux-embedded installations (consider using Docker-based deployment instead)
  • Envoy and Ambassador support not available yet