1.8.31-beta.1

• Add support for elysia
• Add runWithTenant for IDOR protection in background jobs, queues, and timers
• Improve NoSQL injection detection for mongodb
• Respect Node's --disallow-code-generation-from-strings flag so apps that disable eval and new Function keep that behavior when Zen is loaded
• Fix bypass IPs so requests from those IPs skip Zen checks everywhere they should
• Fix outbound hostname matching for domains with non-English characters (punycode and Unicode domains now match)
• Reduce JS injection false positives for signed numbers such as -10 and +5
• Reduce SQL injection false positives for numbers followed by a closing parenthesis, such as 2)
• Improve IDOR detection for joined SQL queries: when the query filters one joined table by tenant, Zen now understands that the other joined table is filtered too

1.8.30

• Improve SQL injection detection when user input has leading or trailing whitespace
• Improve path traversal detection on case-insensitive filesystems
• Rate limiting now works out of the box for Next.js apps: rate-limited requests get a 429 response with a Retry-After header (also applies to micro)
• Reduce SQL injection false positives for simple strings that end in a comma
• Improve IDOR detection: table-valued functions (such as Postgres jsonb_array_elements(...)) in a query are no longer treated as database tables

1.8.29

• Improve mysql2 SQL injection and IDOR protection to cover pool query methods and fix request context getting lost under high concurrency
• Add support for @google/genai v2
• Add warning for apps using Turbopack with the old --require @aikidosec/firewall instrumentation
• Improve NoSQL injection detection
• Improve attack wave detection by recognizing requests for .php, .jsp, and other extensions that a Node.js app wouldn't serve

1.8.27

• Add support for Node.js v26
• Fix bug where route params on express Router routes were not instrumented in ESM mode
• Add warning when an HTTP server runs without a web framework (helps detect bundled or unsupported frameworks)
• Make warning messages more visible with a box format so they're harder to miss

1.8.26

• Add Zen.shutdown() to flush stats before the process exits, so no data is lost on shutdown
• Support AIKIDO_INSTANCE_NAME environment variable to override the hostname reported by the agent
• Normalize hostnames with trailing dots (e.g. example.com. is now treated the same as example.com)
• Improve handling of deeply nested arrays in request bodies

1.8.25

• Fix SSRF protection not working for outgoing http and https requests in ESM mode

1.8.24

• Add Retry-After header to rate-limited responses (HTTP and GraphQL)

Note: If you use a custom middleware, you can access result.retryAfterSeconds to set the header yourself.

1.8.23

• Support undici v8
• Support Next.js 16 via ESM mode
• Support @mistralai/mistralai v2
• Support Prisma v7 on Postgres via @prisma/adapter-pg
• Extend Prisma SQL injection detection to $queryRaw / $executeRaw tagged templates
• Allow excluding specific users from rate limiting

1.8.22

• Remove startup warning recommending AIKIDO_BLOCK_INVALID_SQL=true
• Fix edge case where startup logs showed a package as "supported" when Zen wasn't actually instrumenting it

1.8.21

• AIKIDO_BLOCK_INVALID_SQL now defaults to off instead of on, see docs