Improvements

• Optimize the log_format for access logs and error logs of the Applications.
• SSL Protocol configuration is available in all Editions (including Personal & Lite).
• Adjust the nginx configuration items proxy_ssl_server_name and proxy_ssl_name to custom values.
• Update the geographic IP database.

Fix

• Fixed the issue of incorrect statistics for 5XX errors being counted as attack blocks.
• Fixed the issue where certificates could not be renewed properly.
• Fixed an issue where, after adding a proxy to the console, the system log displayed the proxy IP instead of the real source IP
  • When performing a manual update, you need to add a new configuration item MGT_PROXY=0 in the .env file.
• Fixed an issue where custom IP groups did not display the last updated time.
• Fixed an issue where edits to the Custom HTML [Application Offline-466] could not be saved or reset to default.
• Fixed an issue where editing the custom rule fails after deleting the application with that rule.
• Update the local Anti-Bot Challenge Service and fix some known bugs.
• Fix the issue that Settings - Notifications cannot be cleared.
• Fix the issue where "Applications - BOT Protect - Anti-Bot Challenge - Challenge Conditions - Challenge when the condition is met" can only delete the last added challenge condition.

What's new

• Custom Rules "JA4 Fingerprint" now supports "equals" and "not equals" matching modes
• Traffic Analysis
  • Added views (PV) statistics
  • Separated 4xx errors and 4xx blocked statistics
  • [Pro] Response status now differentiates between WAF responses and origin server responses
• [Lite] JA4 fingerprint intelligence supports upgrade to enhanced intelligence
• [Pro] Data dashboard added dark theme
• Optimized personal edition traffic analysis page styling
• Improved site access log loading speed
• Optimized rate limiting ban logic

Fix

• Fixed HTTPS auto-redirect failure with proxy_protocol
• Fixed abnormal clearing of site access logs
• Fixed rate limiting alerts not filtering sites correctly
• Fixed slave node alerts not syncing properly

What's new

• [Pro] Security Posture
  • View various log statistics, trends, and distributions; view real-time event streams; support application-level data statistics
  • Personal edition allows viewing of 24h log statistics, attacks trends, and real-time event streams

Fix

• Merged basic statistics and advanced statistics into Traffic Analysis module
• Optimized SSL selection interaction when adding applications/configuring SSO
• Fixed issue where custom rules occasionally displayed incorrect site names
• Fixed issue where rate limiting occasionally failed to block properly
• Fixed issue requiring password modification when changing username in Auth

What's new

• Support for response detection
• Custom rules now include new matching conditions: "Response Body", "Full HTTP Response Headers", and "Full HTTP Request Headers"
• Rate limiting supports independent policies for different URL paths, enabling interface-level granular traffic control
• Statistics for blocked counts now include blacklist quantity statistics
• Lite application limit increased to 20
• PRO AUTH user seats increased to 5,000

Fix

• Fixed occasional aggregation failures in attack events
• Fixed form validation errors in custom rules
• Fixed XSS injection issue in Custom HTML color schemes

Semantic Analysis Engine Improvements

Optimizations

• CMD Inj, SQL Inj, XSS, File Uploading, File Including, Java Code Inj, Java Unserialize and PHP Code Inj detection logic
• JSON, XML, Base64 and Hex decoding logic
• HTTP protocol parsing logic

Fixes

• Detection bypass issues in certain malformed HTTP request scenarios

Refactoring

• SSRF detection module to support detection of more bypass techniques

Improvements

• Supports JA4 fingerprint recognition, you can view attacker JA4 fingerprints in attack detai
• Added official Malicious JA4 Fingerprint intelligence, with built-in Malicious JA4 Fingerprint intelligence Deny Rule by default
• Pro edition supports editing auth blocking page title
• Pro edition supports modifying SSO page icon and title, with support for light theme and dark theme selection
• Pro edition supports manual switching of local Anti-Bot Challenge
• SSO supports adding multiple listening ports, with support for Redirect HTTP to HTTPS configuration
• Auth login page supports Enter key login
• Custom rule parameter optimization
  • "Host" matching method adds "Regex Match", "Contains", and "Does Not Contain"
  • "Applications" matching method supports group display when Group Management is enabled
  • "Source IP" Geo location selection supports display by continent
• Notifications supports configuring Allow & Deny type

Fix

• Fixed an issue where console cert could not be renewed properly
• Fixed an issue where slave nodes could not exit normally
• Fixed an issue where custom rule forms occasionally had validation errors

Improvements

• Support for application-level semantic analysis module configuration
• Auth supports manual account merging
• Auth GitHub and OIDC support auto merge account during login
• Allow & Deny split into independent menus, allowing log viewing and custom rule configuratio
• Pro edition auth seats increased to 1000
• Login console supports password viewing
• Optimized IP group rule compilation speed

Fix

• Fixed issue where Audited mode did not record Deny logs
• Fixed issue where config sync did not sync waiting room configuration in some cases
• Fixed issue where auth did not redirect to access path

What's new

• IPv6 address location identification
• Pro adds application-level data statistics, which needs to be manually enabled in application details. May increase system load, recommended to enable as needed.
  • Original [Attack Alert] upgraded to [Notifications]
  • Supports proxy access configuration
  • Event types expanded to include Anti-Bot, Auth, Waiting Room, and System notifications
  • Attack detection, rate limiting, and Anti-Bot types support configurable notification frequency (options: 10 minutes, 1 hour, 2 hours)
  • Supports selection of application range, allowing notifications for selected applications only
  • Attack detection type supports sending unblocked log notifications
  • Rate limiting type supports sending Error Limiting events
  • AUTH supports configuring mandatory 2FA (TOTP) when users access applications
• Improved display of blacklist and whitelist names when exporting attack logs

What's new

• Pro Edition Auth now supports LDAP authentication, enabling unified user management and access control. Click to view feature introduction.
• Auth supports passing authentication information to application servers. Click to view feature introduction.
• Auth supports direct application access after authentication, without requiring approval.
• Support for configuring general proxy settings, applicable to various system functions requiring proxy support. Currently, third-party login for Auth supports proxy configuration.
• Personal/Lite Edition Auth users increased to 20, Pro Edition seats increased to 200.
• Master-slave configuration synchronization logic optimized, resolving issues with delayed data synchronization in certain situations.

Fix

• Fixed the issue where plugins like APISIX couldn't correctly obtain the source IP when integrated.
• Fixed the issue where the auth page would remain in a continuous loading state under specific circumstances.
• Fixed the issue where Rate Limiting error rules for rate limiting were not taking effect.

What's new

• Auth supports OIDC integration, enabling unified user management and access control. Click to view feature introduction
• Pro version enables [Group Management] feature in "Applications - Advanced"
  • Supports application grouping and drag-and-drop sorting
  • Allows specifying groups when adding applications
• Pro version increases Auth seats to 100
• Applications optimized with card-style interface
• Original application "Edit" button now displays basic info edit instead of application edit; application edit can be accessed from details page
• Supports NTLM authorization authentication

Fix

• Fixed issue where scanners were not properly disabled in audited mode
• Fixed issue where specific paths would not correctly return "website does not exist" response
• Fixed issue where Anti-Bot incorrectly displayed IP filtering conditions when switching verification methods
• Optimized UA display in data statistics

What's new

• Auth supports SSO, requiring only one authentication to access all applications that have joined SSO. SSO Guide
• Support editing application title and icon in application details. This content is only for display in SafeLine console and SSO center, and does not affect the original application configuration
• Modularization of Applications Functionality, with original global application configuration migrated to the Applications - Advancedpage
• Modularization of Attacks Functionality, with original custom rules and detection modules migrated to Attacks - Settingspage. The original detection Modulehas been renamed to Semantic Analysis Module
• Modularization of Settings Functionality, with original ssl cert, general configuration, and system settings migrated to the Settings page. The settings function list is as follows:
  • Protections: IP Groups, SSL Cert, Blocking Pages, Performance, Clean Data, Config Auto Sync, Attack Alert, Syslog, Information Sharing Program
  • Management: Manager User, API Token, SSL Cert (SafeLine Web Console), System Message

Fix

• Applications list supports searching by application name
• Fixed an issue where the exclusion of resources in Routings collection was not correctly implemented