corazawaf/coraza-proxy-wasm 0.6.0

on GitHub

This release notably brings:

• the latest Coraza v3.3.3, which fixes GHSA-q9f5-625g-xm39.
• CRS rules updated to v4.14.0.
• Improved body scanning enforcement when HTTP/2 trailers are used (#306).
  See below for the full list of changes.

⚠️ Note: this version still relies on tinygo (updated to 0.34), proxy-wasm-go-sdk, and nottinygc. As with previous releases, it has been reported that it might lead to memory leaks and overall performance degradation. It is recommended to use this module only after extensive testing to confirm module stability under your specific use case and traffic patterns. A separate issue will be created to detail the project's future direction and explore solutions to the current limitations.

What's Changed

• chore: adds dashboard. by @jcchavezs in #222
• updates coraza to 3.1, and deps by @M4tteoP in #259
• updates to CRS v4.0.0 by @M4tteoP in #260
• Adds arm64 arch to busybox image, updates proxyv2 latest version by @M4tteoP in #264
• fix: removes deprecated docker-compose in favour of docker compose by @M4tteoP in #267
• ci: install qemu [Multi-platform busybox image] by @M4tteoP in #266
• chore: prints error on closing tx. by @jcchavezs in #275
• Allow empty path when HTTP method is CONNECT by @pwjagrullar in #270
• update to CRS v4.3.0 by @arminabf in #276
• fix: rely on IsResponseBodyProcessable by @M4tteoP in #281
• chore: updates to latest envoy images by @M4tteoP in #284
• Updates to Coraza v3.2.1 and several dependencies by @M4tteoP in #282
• feat: Audit logs in proxy-wasm logs by @M4tteoP in #263
• Bump Go to 1.21 following upstream Coraza by @M4tteoP in #285
• chore: updates to latest tinygo v0.33.0 by @M4tteoP in #287
• Bump Go to 1.22 following upstream Coraza min requirements by @M4tteoP in #293
• CRS v4.5, albedo, etc. by @M4tteoP in #294
• fix: ci deprecated actions by @M4tteoP in #302
• feat(magefile): allow to customise interp timeout by @Infra-Red in #301
• Coraza 3.3.3 with CVE fix, tinygo 0.34 by @M4tteoP in #303
• update to latest CRS v4.14 by @M4tteoP in #304
• fix: enforces request body scanning with trailers by @M4tteoP in #306

New Contributors

• @pwjagrullar made their first contribution in #270
• @arminabf made their first contribution in #276
• @Infra-Red made their first contribution in #301

Full Changelog: 0.5.0...0.6.0