Copyright

Copyright © 2019 Balasys IT Ltd.. All rights reserved. This document is protected by copyright and is distributed under licenses restricting its use, copying, distribution, and decompilation. No part of this document may be reproduced in any form by any means without prior written authorization of Balasys.

This documentation and the product it describes are considered protected by copyright according to the applicable laws.

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)

Linux™ is a registered trademark of Linus Torvalds.

Windows™ 10 is registered trademarks of Microsoft Corporation.

The Balasys™ name and the Balasys™ logo are registered trademarks of Balasys IT Ltd.

The Proxedo™ name and the Proxedo™ logo are registered trademarks of Balasys IT Ltd.

AMD Ryzen™ and AMD EPYC™ are registered trademarks of Advanced Micro Devices, Inc.

Intel® Core™ and Intel® Xeon™ are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries.

All other product names mentioned herein are the trademarks of their respective owners.

DISCLAIMER

Balasys is not responsible for any third-party websites mentioned in this document. Balasys does not endorse and is not responsible or liable for any content, advertising, products, or other material on or available from such sites or resources. Balasys will not be responsible or liable for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods, or services that are available on or through any such sites or resources.

2023-08-23 .Copyright

The following new features, bug fixes and improvements have been completed for Release 4.6.0 Proxedo API Security.

Features

  • OpenAPI 3.1 support
    PAS now supports the OpenAPI 3.1 specification, which brings the enforcement capabilities to the latest revision of the specification. Support for 3.1 opens several new possibilities to enhance the maintainability and security of the exposed API endpoints. The most significant changes are the following, see the full list of changes at OpenAPI Initiative’s website.

    • The OpenAPI 3.1 schema is now a valid JSON Schema document. Standard JSON schema tools can be now used to handle OpenAPI specs as well.

    • Array objects now support multiple types and nullable can be omitted if an element can be empty.

    • Multiple examples can now be defined to cover all relevant use cases for a configuration fragment.

    • File type and transport encoding can now be specified for file uploads, which significantly enhances security controls for uploads.

  • Elastic Insight targets now support username/password authentication
    PAS now supports username and password authentication for its Elastic Insight targets. As Elasticsearch 8.0 requires security to be set up by default, adding the authentication credentials is mandatory in PAS as well.

  • Elastic Insight targets now support load balancing between multiple servers
    PAS now automatically load balances between multiple Elasticsearch servers if multiple addresses are configured.

Bug Fixes

  • WAF Enforcer memory leak
    The underlying ModSecurity library used by PAS to perform the WAF Enforcer functionality failed to free up memory when performing a reload of the ruleset, which resulted in an out of memory condition after multiple config apply actions or ruleset updates. This has been corrected and the ModSecurity library has been upgraded to version 3.0.9.

  • Miscellaneous fixes

    • Several UI labels have been changed to correctly spell the words "WSDL" and "SNI".

Improvements

  • Swagger validator parsing efficiency improvement
    The Swagger validator in PAS now parses the traversing documents more efficiently, which results in a slight performance improvement.

  • Multiple performance optimizations in Flow Director
    The Flow Director component of PAS now handles connections more efficiently, which results in a slight performance improvement.

  • More efficient internal communication
    PAS now uses a more performant version of the protocol used for transmitting traffic between its internal components, which results in performance and latency improvement.

  • Support for non-interactive updates
    The scripts used to perform the update of PAS Docker images can now be called with a -y or --yes option to automatically confirm the operation to facilitate non-interactive update workflows.