42Crunch Platform release, August 4, 2020
In this 42Crunch Platform release, we have added samples and resources for fine-tuning the CI/CD integration of API Security Audit. On API Protection side, you can now configure a health check for API Firewall, and active firewall instances show where they store logs.
New features
The following are the new features and improvements to the existing ones in this release.
Support for OpenAPI Specification v3.0.3
Security Audit now supports the OpenAPI Specification (OAS) v3.0.3.
Configuration samples for fine-tuning CI/CD integration plugins
We have added configuration samples for the 42c-conf.yaml
configuration file to our public Resources repository in GitHub.
- Check the examples how you can fine-tune the behavior of the plugin that integrates Security Audit with your CI/CD pipeline.
- Use the provided samples to test changes in action.
- Pick the bits you want and copy the code examples to create a
42c-conf.yaml
for your plugin.
For more details, see the CI/CD resources in our repository in GitHub. For more details on CI/CD integration in general, see CI/CD integrations.
API Firewall heath check
You can now configure a health check call to monitor that your API Firewall instance is running without issues. For more details, see API Firewall health check.
Log destination on API Firewall instances
The details on active API Firewall instances now show where each instance is storing its logs:
For more details, see Destinations for logs.
Compatibility
This release is compatible with the following API Firewall images:
42crunch/apifirewall:v0.17.15
- PCRE regex engine
42crunch/apifirewall:v0.17.16
- Non-TLS configuration allowed with
LISTEN_NO_TLS=1
- Non-TLS configuration allowed with
42crunch/apifirewall:v0.17.17
- Expression functions for date manipulation added
All previous image versions have been deprecated and are not compatible with this version of the platform.
When you switch the version of the API Firewall image, you must reconfigure any existing protection configurations so that they work with the new version. For more details, see Reconfigure API Protection.
Known issues
This release has the following known issues.
Removing an API does not stop the API Firewall instance
If you delete an API from 42Crunch Platform and that API has an active API Firewall instance protecting it, API Firewall continues to run unless you specifically stop it. Same happens if the protection token that the API Firewall instance uses is deleted or otherwise becomes invalid.
This will be fixed in a future release.