Release-1.4.1

What's Changed

• fix export report and method pool send to engine by @jinghao1 in #542
• hotfix:1.4.1-agent-download by @Bidaya0 in #557

Full Changelog: v1.4.0...v1.4.1

Release-1.4.0

What's Changed

• Fix error if multi mysql container exists by @hardy4yooz in #432
• Merge all component into one repo by @Bidaya0 in #434
• deploy:dockerfile bug fix by @Bidaya0 in #437
• Update deploy-dev.yaml by @Bidaya0 in #438
• Feature/agent config by @jinghao1 in #440
• Feature/agent config debug by @jinghao1 in #441
• change config setting by @jinghao1 in #442
• all json setting null by @jinghao1 in #443
• bugfix:agent download url conflict by @Bidaya0 in #444
• add del config by @jinghao1 in #445
• bugfix: status monitor api change permission by @Bidaya0 in #446
• Add Apitest by @Bidaya0 in #448
• feature/ saas method pool poolsign change distinct logicis by @Bidaya0 in #449
• rm webHook by @jinghao1 in #450
• Bugfix conf/config.ini.example conf/config.ini.test fix by @Bidaya0 in #453
• Feature/agent config by @jinghao1 in #454
• Deploy/chmod775docker/entrypoint.sh by @Bidaya0 in #459
• robust:add parameter validated by @Bidaya0 in #460
• Feature/agent config by @jinghao1 in #455
• add replay check by @jinghao1 in #461
• add sectest with dongtai-iast by @Bidaya0 in #462
• bugfix: read secret from config.ini to enable scalable in dongtai-ser… by @Bidaya0 in #463
• add version sql init by @Bidaya0 in #464
• Update entrypoint.sh by @Bidaya0 in #466
• Update deploy-dev.yaml by @Bidaya0 in #467
• debug method by @jinghao1 in #468
• debug method param by @jinghao1 in #469
• bugfix: health NoneType Error by @Bidaya0 in #472
• deploy/add-secret-key-in-config by @Bidaya0 in #471
• debug setting by @jinghao1 in #473
• debug agent config by @jinghao1 in #476
• debug agent config update by @jinghao1 in #479
• debug common user by @jinghao1 in #480
• debug project add scan_id default by @jinghao1 in #481
• debug agent list by @jinghao1 in #482
• I18n/add locale to default response message by @Bidaya0 in #483
• Update release_dongtai.yml by @Bidaya0 in #470
• Release-1.4.0 by @Bidaya0 in #484
• Main by @Bidaya0 in #485
• add dockerhub image push by @Bidaya0 in #486
• Release-1.4.0 by @Bidaya0 in #487
• Update updaterecord.txt by @Bidaya0 in #488
• Update release_dongtai.yml by @Bidaya0 in #489
• update record.txt by @Bidaya0 in #490
• Temprorary revert deploy by @Bidaya0 in #491
• debug program error of agents list by @jinghao1 in #492
• Develop by @Bidaya0 in #493
• update compatibility for version lte 1.3.1 by @Bidaya0 in #494
• Revert "Temprorary revert deploy" by @Bidaya0 in #495
• Develop by @Bidaya0 in #496

New Contributors

• @jinghao1 made their first contribution in #440

Full Changelog: v1.3.1...v1.4.0

Release 1.3.1

What's Changed

• Fix data backup option by @hardy4yooz in #412
• Fix get project name in upgrade process by @hardy4yooz in #415
• fix:add sca config in manifest config by @hardy4yooz in #421
• Bidaya0 release 1.3.1 by @Bidaya0 in #425
• Update updaterecord.txt by @Bidaya0 in #426
• All service start depend on mysql by @hardy4yooz in #427
• Fix spelling error by @hardy4yooz in #428

Full Changelog: v1.3.0...v1.3.1

Release 1.3.0

What's Changed

• Release-1.2.0 by @Bidaya0 in #401
• Add auto check sca image name by @hardy4yooz in #411

Full Changelog: v1.2.0...v1.3.0

Release 1.2.0

What's Changed

• Remove scarf.sh gateway by @hardy4yooz in #393
• 1.1.4-hotfix by @Bidaya0 in #394
• Bidaya0 1.2.0 update record by @Bidaya0 in #398

Full Changelog: v1.1.4...v1.2.0

Release 1.1.4

What's Changed

• Fix check load sql first by @hardy4yooz in #375
• Add dtctl usage doc by @hardy4yooz in #383
• Add unittest in github action by @hardy4yooz in #384
• add-log-file-size-limit by @Bidaya0 in #389
• Update 1.1.4 updaterecord.txt by @Bidaya0 in #390
• Fix: add action by @exexute in #392

Full Changelog: v1.1.3...v1.1.4

Release 1.1.3

v1.1.3 Release Note

Release Date: 2021.12.03

DongTai-openapi

Function

• Projects are now sorted according to the time of obtaining component and vulnerability information

DongTai-engine

• Close ISSUE #92 (Increase the judgment of whether prompt vulnerabilit… by @exexute in #93
• Close ISSUE #94 ( DongTai-Engine ) by @exexute in #95
• Closes #96 (dependency dongtai-core) by @exexute in #97
• Closes #82 (add request param/data check) by @exexute in #98
• Update deploy_test.yml by @hardy4yooz in #99

DongTai-web

Function

• Add AboutDongTai page
• Add policy template editing function

Improve

• Automatically clear the verification code in case of login error
• Add advanced configuration function in project configuration
• Add component path

Fix

• Adjusted UI details and fixed some detail bugs

DongTai-webapi

Function

• Projects are now sorted according to the time of obtaining component and vulnerability information
• Added scan template policy management
• Increase the vulnerability active verification switch (including global and project level)

Improve

• Component information now adds component path
• Improved the original paging logic
• Improved the original data verification to adapt to the boundary value
• The agent name now gives priority to the alias when binding the agent

Fix

• Fix the error that may be caused by agentid when the project is created
• Fixed a non-atomic error when the project was created
• Fix permission errors when deleting data

Dongtai-Base-Image

Function

• Increase the vulnerability active verification switch (including global and project level)

Improve

• Add strategy
• Add sensitive_info rule

DongTai-agent-java

• Fixes #153 (When using resttemplate to customize the header, some fields will not be loaded, such as the host header).
• Fixes #159 (Third-party dependent component analysis is changed to asynchronous tasks).
• Add httpclient for Vulnerability full link tracking#157.
• Add propagator rules for Path Traversal#164.

DongTai-agent-python

FEATURES

• Use the environment variable ENGINE_NAME to customize agent name
• Use the environment variable LOG_PATH to customize log file path
• Add exec hook and policy rule to detect code execution vulnerabilities

ENHANCEMENTS

• Code refactoring: Add scope to prevent recursive execution of the agent's own code
• Code refactoring: Add runtime settings and replace the configuration that uses global variables
• Code refactoring: Add request context to store tainted data
• Performance improvements: Tainted data processing optimization
• Performance improvements: Remove unnecessary list policy rules

BUGFIXES

• Fix eval exceptions with contextual variables

Release 1.1.2

Bugfix

• Remove openapi port config
• Remove container name for scale
• Add nginx proxy to openapi
• Fix version number
• Update config-tutorial.ini (#352)

Release 1.1.1

DongTai-webapi

Feature

• Added sensitive information rule management
  HXSecurity/DongTai-webapi#188
• Changed the relationship between the original strategy and hook rules to adapt to the design of sensitive rules HXSecurity/DongTai-webapi#201
• Improved strategy management
  HXSecurity/DongTai-webapi#200
• It is now possible to set the CSRF trusted domain name through config.ini HXSecurity/DongTai-webapi#197

Bugfix

• Inconsistent statistics due to multiple versions of the project
  HXSecurity/DongTai-webapi#186
• The corresponding strategy was not created at the same time when the dangerous rule was created HXSecurity/DongTai-webapi#190
• Fix the program error when there is a null value HXSecurity/DongTai-webapi#192
• Unreasonable escaping causes the text to display incorrectly HXSecurity/DongTai-webapi#195
• CSRF Failed: Referer checking failed - https://dev-iast.huoxian.cn:1024/taint/search does not match any trusted origins. HXSecurity/DongTai-webapi#197

DongTai-openapi

Feature

• Do not return queue data, when request /api/v1/report/upload with return_queue is 0
• Add scarf tracking pixel

Bugfix

• Fix agent_register register bug
• Fix error conf in action file

DongTai-Engine

Feature:

• Beta version of sensitive information risk detection function released
• Project report supports exporting vulnerability call links

DongTai-Java-Agent

Feature

• The agent register report and heartbeat report are transferred to agent.jar

Bugfix

• Fix custom model hook bug

DongTai-Web

Feature

1. Add sensitive information configuration function
2. Adjust the existing UI to make it more beautiful

Bugfix

• Adjusted some errors in multilingual translation

Release 1.1.0

Feature

Add agent resource limit API

Increase agent startup time APi

Registration API adds automatic project creation

Add project version tag for agent

Feature/issue/319 Export project report asynchronous

Add keyword for search by @Bidaya0 in #164

Close ISSUE #322：Add JVM Parameter for custom project version, e.g: - Dproject.version=<project.version>

Close ISSUE #313：Add Propagation rules

Close ISSUE #312：Add Sql Injection Rule: executeLargeUpdate

Agent pause/start by DongTai server

Agent pause/start based on system resource usage

Use environment variable AUTO_CREATE_PROJECT=1 for auto create project

Report Agent startup time

Add Reflected XSS detection

Add XXE detection

Add SSRF detection

Bug fix

Close ISSUE #253：Added propagation node of MyBatis framework

Close ISSUE #133: Resolve false positives of server- side request forgery vulnerabilities

Close ISSUE #236：The CPU usage data collected by Java Agent under windows is inaccurate

Close ISSUE #302：Agent collecting CPU usage blocks the thread

Close ISSUE HXSecurity/DongTai#315：Fix a bug where application logs cannot be printed

Close ISSUE HXSecurity/DongTai#321：Fix attach mode startup error

Close ISSUE #308：Fix IDEA DongTai IAST plug- in startup failure

Close ISSUE #311：DongTai IDEA plugin : add Hook rules

Close ISSUE #134：Add details about vulnerabilities in weak encryption algorithms

Close ISSUE #324：The Java Agent cannot obtain the inheritance relationship of the class and the vulnerability cannot be check

Fix report data parameterclassName to fully named class name

Fix report data request/response body format

Fix streaming response processing

Fix response body processing

Fix Django request form data processing

Fix missing kwargs parameter for taint data

Fix invalid tainted data in method pool

Fix incorrect filter of tainted data