Copyright

Copyright © 2019 Balasys IT Ltd.. All rights reserved. This document is protected by copyright and is distributed under licenses restricting its use, copying, distribution, and decompilation. No part of this document may be reproduced in any form by any means without prior written authorization of Balasys.

This documentation and the product it describes are considered protected by copyright according to the applicable laws.

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)

Linux™ is a registered trademark of Linus Torvalds.

Windows™ 10 is registered trademarks of Microsoft Corporation.

The Balasys™ name and the Balasys™ logo are registered trademarks of Balasys IT Ltd.

The Proxedo™ name and the Proxedo™ logo are registered trademarks of Balasys IT Ltd.

AMD Ryzen™ and AMD EPYC™ are registered trademarks of Advanced Micro Devices, Inc.

Intel® Core™ and Intel® Xeon™ are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries.

All other product names mentioned herein are the trademarks of their respective owners.

DISCLAIMER

Balasys is not responsible for any third-party websites mentioned in this document. Balasys does not endorse and is not responsible or liable for any content, advertising, products, or other material on or available from such sites or resources. Balasys will not be responsible or liable for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods, or services that are available on or through any such sites or resources.

2026-03-31 .Copyright

The following new features, bug fixes and improvements have been completed for Release 4.14.1 Proxedo API Security.

Known Issues

  • Failure after reloads under heavy traffic
    In rare cases under heavy load, core components might stop with an error when the configuration is applied. If this occurs, core components have to be restarted manually with systemctl restart proxedo-api-security.

Features

  • Compression is now handled by Serializers
    The Compressor and Decompressor plugins have been removed, and their functionality is now automatically handled. If a Security Flow starts with a Deserializer plugin, then the body will be decompressed before the flow, and re-compressed after the flow. This means that empty Security Flows are now possible, and in that case, no decompression is performed.

  • Easier multi-node installation
    pas-mgmt-deploy-core can now automatically verify and update certain configuration values with the --auto-config command line flag, which makes multi-node deployment simpler and less error-prone.

Bug Fixes

  • Incorrect flow-director ID in logs on K8s
    The ID of flow-director instances was in the form 3(NXDOMAIN) on Kubernetes, this made flow-director identification in the logs harder. This has been corrected.

Improvements

  • Performance improvements
    Performance has been significantly improved in cases where calls are rejected, HTTP Keep-Alive is not used, or many unique URLs are called. This may also stabilize performance in mixed traffic environments, with potential gains up to 20-50%.

  • Persistent mounts have been reworked
    On VM environments, some unused persistent mounts have been removed, along with the pas-mgmt-factory-reset command. As part of this cleanup, the internal structure of some of the persistent mounts have been changed to be more safe, and a better cleanup mechanism ensures that their disk usage won’t grow above a certain limit.

  • Simplified base system configuration
    On VM environments, the COMPOSE_PROJECT_NAME parameter in docker-compose.conf files is now obsolete. This change implies that the container name and journal log prefixes will change from pas- to pas-mgmt-, pas-storage- and pas-core-, respectively.

  • Easily identifiable flow-director instances in logs
    On VM environments, flow-director instances are now suffixed with numbers in logs, making them easier to identify. It is still possible to view aggregated logs if necessary.