Released: Jun 9, 2025

v25.03.01.12 中的更新

修补程序

• Avoid calling getAutoCommit on each connection once per minute for logging to avoid a deadlock situation with long transactions or queries for the heartbeats.
• Exit if not possible to bind to the health check port, to allow a clean restart.

Released: May 21, 2025

v25.03.01.11 中的更新

特性

• Updated Tomcat dependency to resolve CVE-2025-31651.
• Updated the health check binding code to exit if it can’t successfully bind the port, to avoid a race condition where the proxy would come online, but not respond to health checks.
• Related to the health check binding code, the CF template has been updated to better detect failed nodes and actually restart them vs just remove them from being used.

Released: May 9, 2025

v25.03.01.10 中的更新

修补程序

• Resolved issue ZDI-CAN-24755, reported by Trend Micro on a possible XSS attack involving unsanitized usernames in UI elements.
• Optimized TLS handling to avoid copying data more than needed while encrypting.
• Updated tomcat version to avoid a new CVE.

Released: Mar 23, 2025

v25.03.01.7 中的更新

特性

• Now detects if an RDS cluster is in the “failing-over” state, and delays updating the config until it transitions to another state, to avoid multiple re-configurations in a short time.
• Improved logging further to help with debugging failover events.

修补程序

• Resolved issue with configuration fingerprint incrementing before the config was updated during failover events.
• Removed unnecessary logging of rate limiter events.

Released: Mar 16, 2025

v25.03.01.4 中的更新

特性

• Adjusted an internal lock in the manager to avoid a deadlock situation if the manager runs out of heap space.
• Adjusted logging during RDS failover events.

No proxy level behaviors are adjusted in this patch build.

Released: Mar 11, 2025

v25.03.01.3 中的更新

特性

• Included a new api endpoint /api/endpoints to provide a list of api endpoints, and the permission levels needed to access each one, for the purpose of auditing any changes that may impact security.
• Added a VDB option for “disableSetReadOnly”, which if set to true, will bypass attempts to set connections to read-only, to avoid overhead and issues when application frameworks set this option when it really isn’t needed.

Released: Mar 3, 2025

v25.03.01.2 中的更新

特性

• Added portal wizard to simplify configuring all the portal related configuration items.
• Removed privateKeyPassword field when exporting configuration files for log purposes.
• Added documentation for using HA Proxy for load balancing.
• Improved Postgres protocol compatibility for Node.js for types that are transmitted as text, but flagged as a binary value (such as integer types, date and timestamps).
• Improved connection logging to help track state of a front-side connection in relation to...

Released: Sep 6, 2024

v24.09.06.1 中的更新

修补程序

• Remove the pre-loading of Redis keys when the PCI/HIPAA option is selected in the cache settings. This can avoid issues when using a shared cache with the application that is creating large numbers of keys.
• When loading keys from Redis, pre-filter the keys so that only the keys relevant to Heimdall are extracted and use the scan call to reduce load on Redis.
• When using multiple proxy nodes, avoid a race condition when a server fails that could result in multiple “cluster auto-detect...

Released: Jun 2, 2023

v23.06.02.1 中的更新

特性

• Added support for LDAP authentication in the GUI, as well as a general overhaul of the authentication system used by the central manager.
• Added an option to upload logs directly to a write-only S3 bucket for Heimdall support.
• Explicit support for Google AlloyDB is now included, including cluster tracking support.
• Removed the ability to limit logins from particular IP ranges from the user objects, as firewall rules were typically used for this.
• Improved the filters for various log types on the...

Released: Mar 30, 2023

v23.03.21.3 中的更新

特性

• Adjusted default 'preferQueryMode' to be extended, to avoid cases that could trigger an OOM on PostgreSQL.
• Added support for Systemd service watchdog. This requires a full image update to activate.
• Added support for proxy port ranges in the format 'start-end'.