42Crunch Platform release, November 29, 2019

This 42Crunch Platform release enables you to disable authentication checks in API Security Audit, download your fixed APIs from the platform to be used elsewhere, and choose where to publish firewall logs.

Compatibility

This release is compatible with the following API Firewall images:

  • 42crunch/apifirewall:v0.13.1

All previous image versions have been deprecated and are not compatible with this version of the platform.

New features

The following are the new features and improvements to the existing ones in this release.

Disable authentication checks in Security Audit

You can now use the property x-42c-no-authentication in your OpenAPI definition to disable authentication checks in Security Audit for API operations that do not need authentication at all.

For more details, see Run audit without authentication checks.

Check media type definitions with Security Audit

Security Audit now validates that media types in your OpenAPI definition are proper MIME types. The checks apply to both OpenAPI Specification (OAS) v2 and v3.

Download API definitions

You can now download OpenAPI definitions from 42Crunch Platform. The downloaded API definition includes all the edits you have done to it in Security Editor, so you can easily improve on your API based on the issues that API Security Audit or API Conformance Scan find, and then use the fixed API definition as needed.

For more details, see Download fixed API definitions.

Fixed loading and validation of the API definition in API Firewall

The loading and validating the OpenAPI definition of the API in API Firewall has been improved. Previously, some special path parameter sequences could cause API Firewall to fail to load the API definition or result in invalid validation of the parameters. This has now been fixed.

Choose logs destination

You can now choose where you want API Firewall to publish logs. By default, the logs are published in 42Crunch Platform, but you can switch the destination to a directory you have mounted.

For more details, see Switch log destination for API Firewall logs.

Known issues

This release has the following known issues.

Structural or semantic issues prevent scanning and protecting the API

If your API definition has structural or semantic issues in its OpenAPI format, trying to run API Conformance Scan or API Protection fails. Both of these features require that your API has a valid OpenAPI definition, otherwise they do not work properly.

Use Security Audit to find structural and semantic issues and fix them in Security Editor before you run Conformance Scan or API Protection.