Native Node Artifact Versions and Changelog¶

This document lists available versions of the Native Wallarm Node 0.x in various form factors, helping you track releases and plan upgrades.

All-in-one installer¶

The all-in-one installer for the Native Node is used for TCP traffic mirror analysis and self-hosted node deployment with the MuleSoft, CloudFront, Cloudflare, Broadcom Layer7 API Gateway, Fastly connectors.

History of all-in-one installer updates simultaneously applies to it's x86_64 and ARM64 (beta) versions.

How to upgrade

0.12.0 (2025-02-05)¶

Added support for response parameters in API Sessions for providing the full context of user activities and more precise session grouping (see detailed change description)
Added a full-fledged GraphQL parser (see detailed change description) that allows:
- Improved detection of the input validation attacks in GraphQL-specific request points
- Fine-tuning attack detection for specific GraphQL points (e.g. disable detection of specific attack types in specific points)
- Analyzing specific parts of GraphQL requests in API sessions
Fixed invalid time value in serialized requests to properly display the resource overlimit attacks
Fixed problem for the invalid_xml attack detection in responses
Fixed an issue where user-overridden headers were being dropped

0.11.0 (2025-01-31)¶

Added support for the WALLARM_APID_ONLY environment variable which enables API Discovery-only mode

In this mode, attacks are blocked locally (if enabled) but not exported to Wallarm Cloud, while API Discovery, API session tracking, and security vulnerability detection remain fully functional. This mode is rarely needed, in most environments, using this mode is unnecessary.
Improved the Native Node's interaction with GoReplay, resulting in the following configuration changes:
```
-version: 2
+version: 3

-middleware:
+goreplay:
  parse_responses: true
  response_timeout: 5s
  url_normalize: true
```
During upgrade, update the version value and replace the middleware section with goreplay if explicitly specified in the initial configuration file.
Fixed a small HTTP parsing bug in the tcp-capture mode

0.10.1 (2025-01-02)¶

Added support for sensitive business flows in API Discovery and API Sessions
Added support for the Fastly connector
Fixed potential request loss at mesh startup
Resolved the CVE-2024-45337 and CVE-2024-45338 vulnerabilities
Fixed an issue where some requests were processed unsuccessfully, potentially affecting API Sessions, Credential Stuffing, and API Abuse Prevention

0.10.0 (2024-12-19)¶

Added URL normalization before selecting route configurations and analyzing data with libproton in tcp-capture mode

This is controlled by the middleware.url_normalize parameter (true by default).
Introduced the http_inspector.wallarm_process_time_limit parameter to control request processing time locally

The default is 1s unless overridden by Wallarm Console settings.
Prometheus metrics updates (available in the :9000 port):
- Removed obsolete metrics with static zero values.
- Enhanced http_inspector_requests_processed and http_inspector_threats_found metrics with anything allowed to be specified in source label values.
- Added the http_inspector_adjusted_counters metric for tracking request and attack counts.

0.9.1 (2024-12-10)¶

Minor bug fixes

0.9.0 (2024-12-04)¶

The default endpoint for JSON-formatted /wallarm-status metrics has changed to 127.0.0.1:10246 (the metrics.legacy_status.listen_address parameter value). This legacy service is critical for Node functionality but does not require direct interaction.

0.8.3 (2024-11-14)¶

Added support for Mulesoft connector 3.0.x

0.8.2 (2024-11-11)¶

Fixed some bugs in the wallarm-status service operation

0.8.1 (2024-11-06)¶

Fixed regression in the request_id format introduced in 0.8.0

0.8.0 (2024-11-06)¶

Added support for the Broadcom Layer7 API Gateway connector
Added support for API Sessions
Improved limiting request processing time
Changed default values for the following parameters:
- The connector.blocking parameter now defaults to true, enabling the Native Node's general capability to block incoming requests without manual configuration during deployment.
- The route_config.wallarm_mode parameter, which sets the traffic filtration mode, now defaults to monitoring, providing an optimal setup for initial deployments.
Added URL normalization before selecting route configurations and analyzing data with libproton (controlled by the controller.url_normalize parameter which is set to true by default)
Reduced memory usage during node registration
Some bug fixes

0.7.0 (2024-10-16)¶

Fixed an issue where some internal service connector headers were not being stripped before processing
Added support for the mesh feature in connector-server mode, enabling consistent request/response routing across multiple node replicas

This introdcues the new configuration parameters under connector.mesh to configure the mesh functionality.

0.6.0 (2024-10-10)¶

Added support for customizing sensitive data detection in API Discovery
Fixed memory leak on duplicate response headers in libproton
Fixed memory leak related to IP addresses that are not in IP lists but have known source
Updated artifact naming from "next" to "native"

https://meganode.wallarm.com/next/aionext-<VERSION>.<ARCH>.sh → https://meganode.wallarm.com/native/aio-native-<VERSION>.<ARCH>.sh

0.5.2 (2024-09-17)¶

Fixed installation failure issue when no WAAP + API Security subscription is activated
Fixed delays in attack export
Fixed an issue with the C memory allocator that caused a performance slowdown

0.5.1 (2024-09-16)¶

Added configurable access log output via log.access_log parameters

0.5.0 (2024-09-11)¶

Minor technical improvements and optimizations

0.4.3 (2024-09-05)¶

Fixed an issue causing ~0.1% of data source messages to be silently lost due to a typo

0.4.1 (2024-08-27)¶

Added support for wildcard matching in the route_config.routes.host configuration parameter

0.4.0 (2024-08-22)¶

Initial release

Helm chart¶

The Helm chart for the Native Node is used for self-hosted node deployments with the MuleSoft, CloudFront, Cloudflare, Broadcom Layer7 API Gateway, Fastly, Kong API Gateway, and Istio connectors.

How to upgrade

0.12.0 (2025-02-05)¶

Added support for response parameters in API Sessions for providing the full context of user activities and more precise session grouping (see detailed change description)
Added a full-fledged GraphQL parser (see detailed change description) that allows:
- Improved detection of the input validation attacks in GraphQL-specific request points
- Fine-tuning attack detection for specific GraphQL points (e.g. disable detection of specific attack types in specific points)
- Analyzing specific parts of GraphQL requests in API sessions
Fixed invalid time value in serialized requests to properly display the resource overlimit attacks
Fixed problem for the invalid_xml attack detection in responses
Fixed an issue where user-overridden headers were being dropped

0.11.0 (2025-01-31)¶

Fixed some bugs

0.10.1 (2025-01-02)¶

Added support for sensitive business flows in API Discovery and API Sessions
Added support for the Fastly connector
Fixed potential request loss at mesh startup
Resolved the CVE-2024-45337 and CVE-2024-45338 vulnerabilities
Fixed an issue where some requests were processed unsuccessfully, potentially affecting API Sessions, Credential Stuffing, and API Abuse Prevention

0.10.0 (2024-12-19)¶

Introduced more granular logging configuration options in the config.connector.log section, replacing the single config.connector.log_level parameter
The default log level is now info (previously debug)

0.9.1 (2024-12-10)¶

Minor bug fixes

0.9.0 (2024-12-04)¶

Some fixes for consistent traffic distribution across all aggregation replicas.
The default endpoint for JSON-formatted /wallarm-status metrics has changed to 127.0.0.1:10246 (the metrics.legacy_status.listen_address parameter value). This legacy service is critical for Node functionality but does not require direct interaction.
Minor fixes to increase reliability under diverse deployment conditions.

0.8.3 (2024-11-14)¶

Added support for Mulesoft connector v3.0.x

0.8.2 (2024-11-11)¶

Fixed some bugs in the wallarm-status service operation

0.8.1 (2024-11-07)¶

Added support for the Broadcom Layer7 API Gateway connector
Added support for API Sessions
Improved limiting request processing time
The config.connector.mode parameter, which sets the traffic filtration mode, now defaults to monitoring, providing an optimal setup for initial deployments
Reduced memory usage during node registration
Some bug fixes

0.7.0 (2024-10-17)¶

Fixed an issue where some internal service connector headers were not being stripped before processing
Added support for customizing sensitive data detection in API Discovery
Fixed memory leak on duplicate response headers in libproton
Fixed memory leak related to IP addresses that are not in IP lists but have known source
Updated artifact naming from "next" to "native"

wallarm/wallarm-node-next → wallarm/wallarm-node-native
Updated the config.wallarm_node_address parameter value in the KongClusterPlugin Kubernetes resource used to activate the Wallarm Lua plugin:

http://next-processing.wallarm-node.svc.cluster.local:5000 → http://native-processing.wallarm-node.svc.cluster.local:5000

0.5.3 (2024-10-01)¶

Initial release

Docker image¶

The Docker image for the Native Node is used for self-hosted node deployment with the MuleSoft, CloudFront, Cloudflare, Broadcom Layer7 API Gateway, Fastly connectors.

How to upgrade

0.12.0 (2025-02-05)¶

Added support for response parameters in API Sessions for providing the full context of user activities and more precise session grouping (see detailed change description)
Added a full-fledged GraphQL parser (see detailed change description) that allows:
- Improved detection of the input validation attacks in GraphQL-specific request points
- Fine-tuning attack detection for specific GraphQL points (e.g. disable detection of specific attack types in specific points)
- Analyzing specific parts of GraphQL requests in API sessions
Fixed invalid time value in serialized requests to properly display the resource overlimit attacks
Fixed problem for the invalid_xml attack detection in responses
Fixed an issue where user-overridden headers were being dropped

0.11.0 (2025-01-31)¶

Added support for the WALLARM_APID_ONLY environment variable which enables API Discovery-only mode

In this mode, attacks are blocked locally (if enabled) but not exported to Wallarm Cloud, while API Discovery, API session tracking, and security vulnerability detection remain fully functional. This mode is rarely needed, in most environments, using this mode is unnecessary.

0.10.1 (2025-01-02)¶

Added support for sensitive business flows in API Discovery and API Sessions
Added support for the Fastly connector
Fixed potential request loss at mesh startup
Resolved the CVE-2024-45337 and CVE-2024-45338 vulnerabilities
Fixed an issue where some requests were processed unsuccessfully, potentially affecting API Sessions, Credential Stuffing, and API Abuse Prevention

0.10.0 (2024-12-19)¶

Resolved the critical CVE-2024-45337 vulnerability and addressed several minor vulnerabilities
Added URL normalization before selecting route configurations and analyzing data with libproton in tcp-capture mode

This is controlled by the middleware.url_normalize parameter (true by default).
Introduced the http_inspector.wallarm_process_time_limit parameter to control request processing time locally

The default is 1s unless overridden by Wallarm Console settings.
Prometheus metrics updates (available in the :9000 port):
- Removed obsolete metrics with static zero values.
- Enhanced http_inspector_requests_processed and http_inspector_threats_found metrics with anything allowed to be specified in source label values.
- Added the http_inspector_adjusted_counters metric for tracking request and attack counts.

0.9.1 (2024-12-10)¶

Minor bug fixes

0.9.0 (2024-12-04)¶

Some fixes for consistent traffic distribution across all aggregation replicas.
The default endpoint for JSON-formatted /wallarm-status metrics has changed to 127.0.0.1:10246 (the metrics.legacy_status.listen_address parameter value). This legacy service is critical for Node functionality but does not require direct interaction.
Minor fixes to increase reliability under diverse deployment conditions.

0.8.3 (2024-11-14)¶

Added support for Mulesoft connector v3.0.x

0.8.2 (2024-11-11)¶

Fixed some bugs in the wallarm-status service operation

0.8.1 (2024-11-06)¶

Added support for the Broadcom Layer7 API Gateway connector
Added support for API Sessions
Improved limiting request processing time
Changed default values for the following parameters:
- The connector.blocking parameter now defaults to true, enabling the Native Node's general capability to block incoming requests without manual configuration during deployment.
- The route_config.wallarm_mode parameter, which sets the traffic filtration mode, now defaults to monitoring, providing an optimal setup for initial deployments.
Added URL normalization before selecting route configurations and analyzing data with libproton (controlled by the controller.url_normalize parameter which is set to true by default)
Reduced memory usage during node registration
Some bug fixes

0.7.0 (2024-10-16)¶

Fixed an issue where some internal service connector headers were not being stripped before processing
Added support for the mesh feature in connector-server mode, enabling consistent request/response routing across multiple node replicas

This introdcues the new configuration parameters under connector.mesh to configure the mesh functionality.

0.6.0 (2024-10-10)¶

Initial release