Traceable Platform Agents and Tracing Agents are released asynchronously from the platform features and they can be found here. 

Protection against Spring4Shell vulnerability Announcement 

Spring4shell sprung up towards the end of March. Customers running following software versions are likely impacted: 

• Running on JDK 9 or higher
• Apache Tomcat as the Servlet container.
• Packaged as a traditional WAR and deployed in a standalone Tomcat instance. Typical Spring Boot deployments using an embedded Servlet container or reactive web server are not impacted.
• spring-webmvc or spring-webflux dependency.
• Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions.

Traceable AI can protect your applications and API’s both at the Gateway layer with signature based approach and within the application with our Java agent which does not rely on signatures but on functional call sequence and malicious payloads detected within the agent.

CloudFlare Integration for Blocking Announcement 

Some of Traceable customers  rely on agentless deployment for a portion or even all of their environment. With this feature, we are able to provide proactive protection and block threat actors and malicious sources even when  in agentless mode.

The blocking is accomplished via integration with an external  CDN/WAF. The first integration made available is that with a popular CDN vendor, CloudFlare.

Adding a threat actor to a deny or suspend  list in Traceable will result in that actor being blocked at  the edge by an integrated CloudFlare instance.

Traceable  location and IP range blocking rules will operate in a similar fashion.

Changes in Attacker ScoringImprovement 

We got feedback from  Traceable  users that our previous scoring methodology was  too  aggressive for their high volume applications. To better align  with   our customers security workflow, we have  made changes to our approach to attacker  scoring as  follows:

1. If multiple malicious behaviors are observed  in a single request, only the  highest severity behavior  will add to the score
2. Reduction in  score contribution by similar events based on which parameter is being attacked, how many users have sent malicious payloads and exact values being sent.
3. Contribution of each event is displayed in attacker timeline

Apigee On-premisesAnnouncement 

Apigee is a platform for developing and managing APIs. By fronting services with a proxy layer, Apigee provides an abstraction for your backend service APIs and provides security, rate limiting, quotas, analytics, and more. Traceable supports Apigee private cloud v4.51.00 and above.

Multi Region SAAS SupportAnnouncement 

For compliance reasons like GDPR, data residency and cost concerns our SAAS platform will also be hosted in Europe and APAC from this release. Customers will have the option to choose which deployments need to be connecting to the SAAS platform

Platform Access Token ManagementFeature 

Platform access tokens will have similar functionality like API tokens we introduced in the January release which will allow for - 

1. Naming tokens for better traceability
2. Revoking them when no longer needed
3. Listing out all tokens with last access times