v6.0.0-beta.1

[6.0.0-beta.1] - 2021-07-05 UTC+0800

NOTE

• This release contains some breaking changes.

• Advanced rules have a high performance cost because the principle is to compile the rules into a series of instructions that are then executed by the VM.

Upgrade from 5.x.x to 6.x.x

1. Create a new empty file named advanced in the rules directory.

2. If the directive waf_priority is used, you can delete it or modify it according to the directive in the documentation.

Added

• Advanced rules are supported, see the documentation for details.

Changed

• Updated the directive waf_priority, see the documentation for details.

---

[6.0.0-beta.1] - 2021-07-05 UTC+0800

注意

• 本次更新有一些不向下兼容的改动。

• 高级规则的执行速度较慢，因为其原理是将规则编译成一系列指令，然后由虚拟机执行。

从 5.x.x 升级到 6.x.x

1. 在规则目录下新建一个名为 advanced 的空文件。
2. 如果使用了配置项 waf_priority，可以将其删除或者按照文档中对该配置项的说明进行修改。

新增

• 支持了高级规则，详情见文档。

变动

• 更新了配置项 waf_priority，详情见文档。

v5.5.0

[5.5.0] - 2021-06-25 UTC+0800

Changed

• Because of high false positives, libinjection-based XSS attack detection has been disabled in working modes STD and DYNAMIC.

---

[5.5.0] - 2021-06-25 UTC+0800

变动

• 在工作模式 STD 和 DYNAMIC 中禁用了基于 libinjection 的 XSS 攻击检测，因为有用户反映误报比较高。

v5.4.2

[5.4.2] - 2021-06-15 UTC+0800

Fixed

• When POST inspection is enabled, POST requests are not logged in the access log.

---

[5.4.2] - 2021-06-15 UTC+0800

修复

• 如果启用了 POST 检测，则访问日志（access_log）中不会记录 POST 请求，即丢失所有的 POST 请求的日志。

v5.4.2-beta.2

[5.4.2-beta.2] - 2021-06-11 UTC+0800

Fixed

• When POST inspection is enabled, POST requests are not logged in the access log.

• The connection may not be closed properly, this bug only exists for v5.4.2-beta.1.

---

[5.4.2-beta.2] - 2021-06-11 UTC+0800

修复

• 如果启用了 POST 检测，则访问日志（access_log）中不会记录 POST 请求，即丢失所有的 POST 请求的日志。

• 可能无法正常关闭连接，此 bug 仅存在于 v5.4.2-beta.1。

v5.4.2-beta.1

[5.4.2-beta.1] - 2021-06-09 UTC+0800

Fixed

• When POST inspection is enabled, POST requests are not logged in the access log.

---

[5.4.2-beta.1] - 2021-06-09 UTC+0800

修复

• 如果启用了 POST 检测，则访问日志（access_log）中不会记录 POST 请求，即丢失所有的 POST 请求的日志。

v5.4.1

[5.4.1] - 2021-06-09 UTC+0800

Fixed

• The value of built-in variables may be wrong when the directive error_page is used.

---

[5.4.1] - 2021-06-09 UTC+0800

修复

• 当使用了 error_page 配置时，内置变量的值可能会出错。

v5.4.1-beta.1

[5.4.1-beta.1] - 2021-06-03 UTC+0800

Fixed

• The value of built-in variables may be wrong when the directive error_page is used.

---

[5.4.1-beta.1] - 2021-06-03 UTC+0800

修复

• 当使用了 error_page 配置时，内置变量的值可能会出错。

v5.4.0

[5.4.0] - 2021-06-03 UTC+0800

NOTE

The clone link for libinjection has been replaced in this release. The new link is https://github.com/libinjection/libinjection.git.

Added

• Anti XSS (powered by libinjection).

Changed

• Add debug log related to built-in variable calculation.

Fixed

• POST inspection is not working.

---

[5.4.0] - 2021-06-03 UTC+0800

注意

本次更新更换了 libinjection 的 clone 链接，新的链接为 https://github.com/libinjection/libinjection.git。

新增

• XSS 攻击防御（Powered By libinjection）。

变动

• 增加内置变量计算相关的调试日志。

修复

• POST 检测失效。

v5.4.0-beta.1

[5.4.0-beta.1] - 2021-05-31 UTC+0800

Added

• Anti XSS (powered by libinjection).

---

[5.4.0-beta.1] - 2021-05-31 UTC+0800

新增

• XSS 攻击防御（Powered By libinjection）。

v5.3.2

[5.3.2] - 2021-05-28 UTC+0800

Fixed

• Memory corruption.

---

[5.3.2] - 2021-05-28 UTC+0800

Fixed

• 内存损坏。