All Versions
15
Latest Version
Avg Release Cycle
75 days
Latest Release
1065 days ago

Changelog History
Page 2

  • v0.81.0 Changes

    July 06, 2018

    Core:

    • Prepared Statements

      • Added support of prepared statements for PostgreSQL/MySQL. Both binary and text response formats are supported (#192).

    • SQL requests filtering in AcraCensor

    AcraCensor got smarter in preventing SQL Injections.

    • Improved flexibility for parsing queries. If AcraCensor can't parse an SQL query, it is considered as potentially too dangerous to send it to the database, so AcraCensor blocks such "unparseable" queries by default. However, setting the configuration flag ignore_parse_error to true will make AcraCensor ignore the "unparseable" quality of queries and send them to the database anyway. Check out the configuration example in configs/acra-censor.example.yaml (#194).

    • Added support of complex JOIN queries (#191).

    • Improved reading/writing QueryCapture log file. Now AcraCensor uses bufferisation before writing queries into a log file. Changed format of QueryCapture log to JSON Line (each query sits in a separate line in a log file instead of having an array of JSON objects) (#193).

    • Introduced a few fixes here and there, made integration tests for AcraCensor more stable (#184).

      • ๐Ÿ‘ Improving MySQL support

    We introduced MySQL support just a few Acra releases ago and we continue polishing it. Now we've updated the example projects so you can jump right into the code!

    Take a look at how to use Acra for both PostreSQL and MySQL databases in these examples:

    • Go: see the examples/golang folder (#190).

    • Ruby: see the examples/ruby folder (#189).

    • Python: see the examples/python folder (#188).

      • Other

    • Updated handling of message formats for PostgreSQL and MySQL protocols (#186).

    • Improved logging in CEF and JSON formats for high load systems (#195).

    • Added comprehensive Readme to every project in /examples folder (#196).

    • Added pre-generated configuration file for AcraAuthmanager. Now it's easier to configure AcraServer using AcraWebconfig (#187).

    ๐Ÿ“š Documentation:

  • v0.80.0 Changes

    May 31, 2018

    Core:

    • Renaming

      • Global renaming of Acra components and their configuration parameters. We believe that the updated naming will decrease confusion about the components' functions and will make Acra's setup and usage process easier.

    Main services:

    | Old name | New name | Function | | --- | --- | --- | | AcraServer | AcraServer | decrypts data from the database | | AcraWriter | AcraWriter | encrypts data on the client side | | AcraProxy | AcraConnector | encrypts traffic between the client and the server using Themis Secure Session | | AcraCensor | AcraCensor | firewall, part of AcraServer, blocks suspicious SQL requests to the database | | AcraConfigUI | AcraWebConfig | lightweight HTTP web server for managing AcraServer's certain configuration options |

    Utilities:

    | Old name | New name | Function | | --- | --- | --- | | acra_rollback | AcraRollback | decrypts the whole database | | acra_genkeys | AcraKeymaker | generates encryption keys for storage and transport of the Acra components | | acra_genauth | AcraAuthmanager | generates user accounts for AcraWebConfig | | acra_genpoisonrecord | AcraPoisonRecordMaker | generates poison records for databases | | acra_addzone | AcraAddzone | generates Zones' header for AcraWriter |

    Check the configurations of components inside /configs folder and read Migration Guide for more details (#175, #174, #173, #170, #169, #168).

    • SSL/TLS

      • Improved SSL/TLS connections between AcraServer<->AcraConnector and AcraServer<->database. Added TLS authentication mode (tls_auth) argument to the AcraServer/AcraConnector configuration files:
        • for AcraConnector it indicates how to authenticate AcraServer during a TLS connection;
        • for AcraServer it indicates how to authenticate database during a TLS connection.
      • Updated TLS configuration to provide other less strict authentication methods (do not authenticate client from server, ask for any certificate, ask and check) (#171).

    • SQL requests filtering

      • Added support of filtering SQL requests for PostgreSQL databases. Now you can setup AcraCensor rules for both MySQL and PostgreSQL databases (#177).
      • Improved QueryCapture: AcraCensor writes allowed/blocked queries into a separate log file without blocking the main process (#176, #172).

    See a detailed description of AcraCensor on the corresponding AcraCensor documentation page.

    • ๐Ÿ’Ž AcraWriter in Ruby

    • Key Handling

      • Added make keys target in the Makefile: one command now generates keys and places them into correct folders for all Acra components (#182, #181).
      • Improved handling of master key length longer than 32 bytes (#183).

    • Other

      • Updated notification when AcraConnector is launched in an environment without netstat (#167).
      • Updated error handling for AcraServer working with Zones and fix some corner-cases in using PostgreSQL protocol (#186, #179).

    Infrastructure:

    • ๐Ÿณ Even better Docker support

      • Added more ready-to-use Docker Containers: acra-keymaker, acra-authmanager. As a result, each Acra component is wrapped into a Docker container, allowing you to try Acra into your infrastructures easily.
      • Added easy-to-use docker-compose files for setting up the whole Acra-based environment connected to MySQL database. Possible configurations include setup with/without SSL, with/without AcraConnector, with/without Zones (#180). Check out the instructions and examples in the /docker folder: we have examples for both MySQL and PostgreSQL databases.
      • Updated descriptions for official Cossack Labs packages on Docker Hub.
      • Updated Getting started with Docker guide to make starting out with Acra even easier.

    • OS

      • Added support of Ubuntu Xenial, Ubuntu Bionic (added precompiled binaries and tests to make sure that Acra is compiling/building/working well on 16.04/18.04).

    ๐Ÿ“š Documentation:

    • โšก๏ธ Updated tutorials about protecting a Ruby on Rails app and a Django app.
    • โšก๏ธ Every single document, code line, and image are updated using the new naming.
    • Significant parts of the README have been rewritten.

  • v0.77.0 Changes

    April 13, 2018

    Core:

    MySQL databases

    • Added support for MySQL: now you can connect Acra to MySQL databases. Works with any SSL mode: require, allow, disable.
    • Tested and supported on: MySQL (#155, #140).

    ๐Ÿ‘ > Note: Prepared statements are not supported yet, but this feature is coming soon!

    ๐Ÿ“š Read about the new configurations on the AcraServer documentation page.

    Keeping keys in secret

    • Added encryption for the keys' folder: private keys are now symmetrically encrypted by master_key (#143) for storage.
    • Added ability to generate public/private keys in the separate folders (#148, #142).

    Read more about the current changes in key management here.

    Filtering requests for MySQL

    • Added firewall component named AcraCensor to handle MySQL queries.

    ๐Ÿ”ง You can provide a list of restricted or allowed tables, columns, and exact queries to handle. AcraCensor will pass the allowed queries and return error on forbidden ones. Rules are configured and stored in yaml file. Each request is logged in real time. Moreover, all the queries and their states are logged into a separate log file. (#151, #138, #136, #132, #125, #108).

    ๐Ÿ“š See a detailed description of AcraCensor on the corresponding AcraCensor documentation page.

    ๐Ÿ’ป Web Config UI

    • Added lightweight HTTP web server for managing AcraServer's certain configuration options.

    โšก๏ธ You can update the proxy address and port, database address and port, handling of Zone mode and poison records. On saving new configuration, acraserver will gracefully restart and use these settings automatically. The access to thiw web page is restricted using basic auth. (#153, #141, #123, #111).

    ๐Ÿ‘€ See the interface screenshot and detailed instructions at Acra Config UI page.

    ๐ŸŒฒ Logging

    • Added support of new logging formats: plaintext, CEF, and json.

    ๐Ÿ”ง Logging mode and verbosity level is configured for AcraServer, AcraProxy, and AcraConfigUI in the corresponding yaml files. Log messages were slightly improved, custom error codes were added (which we believe will help to understand and debug any issues) (#135, #126, #110).

    ๐ŸŒฒ Read more about the log analysis at Logging page.

    โœ… Tests

    • Added many new integartion tests, fixed stability and handling of more complicated use-cases (#150, #147, #137, #117, #116, #115).

    Infrastructure:

    ๐Ÿณ Docker support

    โž• Added Docker Container for every main component: AcraServer, AcraProxy, AcraConfigUI, and key generators (AcraGenKeys and AcraGenAuth). You can find the containers in /docker folder or on the Docker Hub (#139).

    โšก๏ธ Updated Getting started with Docker guide to make starting out with Acra even easier.

    โž• Added easy-to-use docker-compose files to launch Acra in different environments, including key distribution. Possible configurations are:

    - `acraserver` + `acra_configui `;
- connecting to PostreSQL or MySQL databases;
- using Secure Session or SSL as transport encryption;
- with or without `acraproxy`;
- with or without zones.

    ๐Ÿณ This is huge! We encourage you to try it! Check out the instructions and examples in the /docker folder. (#154, #146, #134, #133, #102).

    Go versions

    - Updated the list of supported versions of Go. Every Acra component can now be built using Go >1.7, except acra_rollback that requires Go >1.8. No worries, you can still download Acra as a binary package anyway :)

    OS

    • Dropped support of Debian Wheezy (no autotests, no precompiled binaries now).

    ๐Ÿ“š Documentation:

    • ๐Ÿ“š Updated QuickStart documentation about launching and building Acra components.
    • Described how to setup AcraCensor and AcraConfigUI.
    • โž• Added more details and described new options (like using TLS and connecting to MySQL databases) for AcraServer and AcraProxy.
    • ๐ŸŒฒ Described new logging formats.
    • โšก๏ธ Updated description of Key management approach we encourage you to use.
    • ๐Ÿณ Described Docker components and ready-to-use Docker Compose configurations based on the Docker Readme.
    • โšก๏ธ Updated Getting started with Docker guide.
    • ๐Ÿ“„ Distributed the information about master key across the docs.
    • Many small improvements.

  • v0.76 Changes

    March 09, 2018

    Core:

    • ๐Ÿ‘ SSL / TLS support

    ๐Ÿ‘ Now you can use PostgeSQL with SSL/TLS settings enabled. Acra supports two modes of connection between AcraServer and the database: using SSL/TLS or using Secure Session (#113, #119).

    • Unix sockets

    ๐Ÿ‘ Acra now supports usage of both TCP and Unix Sockets as a connection layer between AcraWriter <-> AcraProxy <-> AcraServer.

    โœ… Tests

    • Updated integration test suit to support multiple connection modes between the Acra components and the database (#115, #117, #118, #120).
    • Added Docker image to make testing easier (#104).

    Infrastructure:

    • โž• Added support of Go 1.10, removed support of older Go versions (<1.6).
    • โž• Added support of Ubuntu 17.10, Ubuntu 16.04, Ubuntu 14.04, Debian Stretch.
    • โšก๏ธ Updated dependency libraries (libthemis and libcrypto) to use the latest ones.

    ๐Ÿ“š Documentation:

    • ๐Ÿ“š Updated the documentation and tutorials to reflect the latest changes.

  • v0.75 Changes

    March 07, 2017

    ๐Ÿš€ This is the initial public release of Acra, a database protection suite.

    This version of Acra:

    • ๐Ÿง works on Ubuntu, CentOS, Debian linuxes
    • ๐Ÿ‘Œ supports PostgreSQL 9.4+
    • ๐Ÿ“ฆ has AcraWriter packages for Python, PHP, Go and NodeJS