Releases: chaitin/SafeLine
Releases · chaitin/SafeLine
SafeLine-CE 8.1.0
Improvements
This version involves automatic migration of AUTH-related data. Relevant users are advised to review the data migration rules and upgrade at their discretion.
- Modularization of AUTH Functionality
- Supports application-level configuration to "Enable authentication for specific conditions" and custom whitelist conditions for AUTH
- Supports selection of different login methods, currently supporting Account/password and GitHub
- Supports global user management with new user authorization approval
- Enhanced AUTH logs
- No longer supports multi-factor authentication scenarios
- Data Migration Rules
- Original Custom AUTH Rules
- Rules configured with "Application" parameter will be migrated to specified applications and automatically enable AUTH for those applications
- Rules without "Application" parameter will be migrated to apply to all applications and automatically enable AUTH for all applications
- No rule migration will occur for applications with AUTH already enabled
- Original Identity Sources
- Only active identity sources will be migrated; for GitHub, only valid users will be migrated
- After migration, users will automatically be configured with application authorization based on original associations
- Original Custom AUTH Rules
- Modularization of HTTP Flood Functionality
- Changed the entry point for global Rate Limiting configuration
- Added parameter descriptions for Rate Limiting to provide intuitive understanding of current configurations
Fix
- Optimized rule compilation module to accelerate rule compilation speed
- Enhanced detection engine health check mechanism
- Improved breadcrumb structure
- Fixed issue with abnormal AUTH source IP acquisition under Proxy Protocol configuration
- Fixed problem with site logs closing unexpectedly under certain conditions
- Fixed various translation errors
SafeLine-CE 8.0.0
Improvements
- SafeLine Community Edition has been renamed to Personal Edition
- New Lite Edition launched with premium features for personal use
- New IP Intelligence feature: Direct access to SafePoint IP Intelligence for comprehensive attack behavior analysis
- SSE streaming enabled for applications
Fix
- Fixed delayed data updates in statistics module
- Fixed high memory usage when Anti-Bot Challenge is enabled in certain scenarios
- Fixed application routings limit not taking effect
- Fixed database index length overflow issues
*Fixed QPS not displaying in SDK bypass mode
SafeLine-CE 7.6.2
Feature
- Free now supports viewing up to 20 latest Auth Logs
- Free enables access to application logs including access log and error log
- Pro increased maximum concurrent users allowed in waiting room to 5,000
Fixed
- Enhanced query performance for statistics dashboard
- Improved detection engine stability with optimized memory allocation
SafeLine-CE 7.5.0
Feature
- Added
GitHubauthentication in Auth- Auth supports multiple types of IdP
- GitHub authentication supports granular user audit management
- Added the feature of obtaining real IP through
PROXY Protocol - Added
Opt in to User Experience PrograminSystem. Users can opt out to stop us from getting your usage habits.
Fixed
- Custom interception pages no longer affect error codes returned by upstream
- Refactored FVM memory management, significantly reducing memory usage of FVM containers
- Fixed an issue where the default administrator account password would occasionally reset during upgrades
- Fixed an issue where rate limiting would count approved attack requests in high-frequency attack calculations
- Optimized master-slave configuration synchronization by adding error retry mechanism and improving sync performance
- Fixed inconsistency between browser favicon and title display in Pro versions
SafeLine-CE 7.3.0
Improvements
- Anti-Bot Challenge adds a fault-tolerant mechanism which supports automatic switching to local verification when there is a cloud failure.
- Improve Custom Block Pages
- Allow custom page color schemes
- Custom HTML supports online editing, online preview, and allow reset to the default page.
- Web Services / SECURITY add Get Attack IP From
- Pro version supports Data Dashboard
- Improve Custom Rules
- URL, URL path add Does Not Equal, Does Not Contain
- BODY add Contain, Does Not Contain
Fix
- Clean Data supports more options.
- Optimize SQL injection detection logic to allow non-injection attacks.
- Make returning a built-in certificate when the site does not exist optional, to be compatible with IP certificate anomalies.
- Fix CAPTCHA occasionally fails to close properly.
- Fix modifying the SSL protocol under specific conditions does not take effect.
*Fix the frontend styles are incorrect when selecting multiple websites for custom rules.
SafeLine-CE 7.1.0
Improvements
- System->Attack Alert add Telegram
- Pro version supports deployment on ARM servers
- Site detail add "Custom NGINX Config"
- Clean Data add selection of cleaning 7 days, 15 days, or 30 days of data
- Pro version add Anti-Replay in Anti-Bot
- Improve the performance of data statistics and reduce memory usage
FIx
- Fix the problem that the SSL protocol version will be reset after restarting
SafeLine-CE 7.0.1
Improvements
- Allowlist adds "detecting and recording attack requests when whitelisting" . Attack log of allowlist add the name of the Rule
- Allow Enable/Disable enhanced rules. Pro version allow advaned security rules, or further configuration of rules
- Improve Challenge
- Pro version allow customizing the page of challenge
- Pro version allow choosing sliding verificaiton, allow modifying the validity period of the verification
- Pro version allow HA synchronizatio by setting master node and slave node in System Settings -> Configuration Synchronization
- Optimize error log when tengine is abnormal
Fix
- Update IP geolocation library and fix some IP geolocation display errors
- Fix the problem that static sites cannot access subdirectory paths normally
- Fix the problem that the attack log is not correctly recorded as whitelist release when low-risk events hit the whitelist
- Fix the problem that X-Forwarded-Host is set to $http_host by default when passing it to the upstream server
- Fix the problem of incorrect resource settings for site resource collection exclusion
- Fix the problem that the site configuration is lost abnormally after ssl_ciphers is saved
- Remove bridge container (merge into mgt)
SafeLine-CE 6.10.2
Improvements
- Add Limit High-Frequency Error. Allow blocking clients that request a large number of errors. It can effectively prevent attacks such as directory traversal and 401 (HTTP Basic Auth) brute force:
Fix
- If a request is judged as an attack, but released because whitelist, it will now be recorded. The attack type will be recorded as 'Allow List'
- SSL Cert allow renewing the free cert in advance
- In Attacks Events and Attack Logs, Attack IP allow fuzzy query (#378)
- When a ssl site does not exist (SafeLine cannot find the host) , return a built-in cert to avoid leaking domain name (#978)
- Challenge (Anti-Bot) page display CN or EN according to the browser language now.
- Optimize the log processing module, remove container mario, improve performance and reduce resource usage.
SafeLine-CE 6.9.0
Added
- In Protection Log->Attack Detection->Attack Log, "View IP Profile" has been added, which allows you to directly jump to Changting IP Intelligence and comprehensively analyze the attack behavior of the IP
- Sites that support adding "redirection"
- Sites built with static files support setting default pages and behaviors when pages do not exist. Can be used to adapt History routing mode (#1049)
- System Settings -> Data Cleanup supports separate configuration of protection log and statistics cleanup
- Site global configuration, site advanced configuration, support enabling HTTP/1.0 (new installation is not enabled by default):
- Site global configuration, site advanced configuration, support resetting XFF
- Professional version supports customizing global and site Header operations and SSL cipher:
- Professional version supports customizing authentication pages
Fixed
- Fix the problem that HSTS configuration does not take effect when requesting 404
- Fix the problem that the site details->website routing page occasionally times out
SafeLine-CE 6.8.0
Improvements
- Change the code of Challenge to 468 to avoid being cached by CDN
- Reduce the probability of deadlock in luigi
Fix
- Mistakenly return 504 error when 502 Bad Gateway
- Access log and error log in site detail do not refresh automatically
- Advanced statistics sometimes have data of 0
- Sites Serving as Static Files mistakenly record some rate-limiting logs caused by 127.0.0.1