0.81.0
Core:
-
Prepared Statements
- Added support of prepared statements for PostgreSQL/MySQL. Both binary and text response formats are supported (#192).
-
SQL requests filtering in AcraCensor
AcraCensor got smarter in preventing SQL Injections.
-
Improved flexibility for parsing queries. If AcraCensor can't parse an SQL query, it is considered as potentially too dangerous to send it to the database, so AcraCensor blocks such "unparseable" queries by default.
However, setting the configuration flagignore_parse_error
totrue
will make AcraCensor ignore the "unparseable" quality of queries and send them to the database anyway. Check out the configuration example in configs/acra-censor.example.yaml (#194). -
Added support of complex JOIN queries (#191).
-
Improved reading/writing QueryCapture log file. Now AcraCensor uses bufferisation before writing queries into a log file.
Changed format of QueryCapture log to JSON Line (each query sits in a separate line in a log file instead of having an array of JSON objects) (#193). -
Introduced a few fixes here and there, made integration tests for AcraCensor more stable (#184).
-
-
Improving MySQL support
We introduced MySQL support just a few Acra releases ago and we continue polishing it. Now we've updated the example projects so you can jump right into the code!
Take a look at how to use Acra for both PostreSQL and MySQL databases in these examples:
-
Go: see the examples/golang folder (#190).
-
Ruby: see the examples/ruby folder (#189).
-
Python: see the examples/python folder (#188).
-
-
Other
-
Updated handling of message formats for PostgreSQL and MySQL protocols (#186).
-
Improved logging in CEF and JSON formats for high load systems (#195).
-
Added comprehensive
Readme
to every project in /examples folder (#196). -
Added pre-generated configuration file for AcraAuthmanager. Now it's easier to configure AcraServer using AcraWebconfig (#187).
-
Documentation:
- Updated Acra Architecture and Data flow graphic schemes to better illustrate Acra's components, connections between them, and typical use-cases.
- Updated AcraCensor's description to explain how unparseable queries are handled.
- Described typical Public Key Infrastructure with some advice on where to put Acra in the general scheme of things.
- Described Acra's Security Model, possible threats, and possible consequences of compromisation.
- Added a page describing the ways Acra can help you better comply with GDPR.