Release Notes¶
v2.1.2 (2025-05-26)¶
- Switched from Poetry to uv for package management
v2.1.1 (2025-05-08)¶
Bug Fixes¶
- Fixed
custom_response_modifier
implementation.
v2.1.0 (2025-05-08)¶
Improvements¶
- Rate Limiting: Replaced fixed window rate limiting with true sliding window algorithm
- Added atomic Redis Lua script for distributed rate limiting
- Improved timestamp tracking for more accurate request counting
- Fixed edge cases in rate limiting that could cause unexpected 429 errors
v2.0.0 (2025-05-05)¶
Security Fixes¶
- IMPORTANT: Fixed Remote Header Injection vulnerability via X-Forwarded-For manipulation (GHSA-77q8-qmj7-x7pp)
- CVE ID: CVE-2025-46814
- Added secure client IP extraction with trusted proxy validation
- Added new configuration parameters for proxy security:
trusted_proxies
: List of trusted proxy IPs or CIDR rangestrusted_proxy_depth
: Configurable proxy chain depthtrust_x_forwarded_proto
: Option to trust X-Forwarded-Proto header
New Features¶
- IPInfo is now completely optional, you can implement your own
GeoIPHandler
- Added protocol-based design for customizable geographical IP handling
- Introduced
GeoIPHandler
protocol allowing custom implementations - Separated protocol definitions into dedicated modules
Improvements¶
- Deprecated
ipinfo_token
andipinfo_db_path
in favor ofgeo_ip_handler
- Improved type safety and code readability
- Added runtime type checking for custom GeoIP handlers
v1.5.0 (2025-05-01)¶
Improvements¶
- IpInfo token is now only required when using country filtering or cloud blocking
- Performance: Selective loading of IP geolocation database and cloud IP ranges
- Only download/process IP geolocation data when country filtering is configured
- Only fetch cloud provider IP ranges when cloud blocking is enabled
- Reduced startup time and memory usage when not using all security features
v1.4.0 (2025-04-30)¶
New Features¶
- Added configurable logging levels for normal and suspicious requests
- Enhanced log_activity function to support all logging levels
- Added ability to completely disable request logging
Improvements¶
- Improved performance by allowing complete disabling of normal request logging
- Better log level control for different environments (dev/prod)
v1.3.2 (2025-04-27)¶
New Features¶
- Created an interactive FastAPI Guard Playground
- Added
passive_mode
option to log suspicious activity without blocking requests - Enhanced
detect_penetration_attempt
function to return trigger information
v1.2.2 (2025-04-07)¶
Improvements¶
- Added an empty
py.typed
- Fixed the
package_data
configuration insetup.py
- Added
mypy
configuration topyproject.toml
- Added
MANIFEST.in
v1.2.1 (2025-04-05)¶
New Features¶
- Added new pattern management methods to
SusPatternsManager
: get_default_patterns()
andget_custom_patterns()
for separate pattern accessget_default_compiled_patterns()
andget_custom_compiled_patterns()
for separate compiled pattern access- Enhanced
remove_pattern()
method to return success/failure status
Improvements¶
- Fixed issue with default pattern removal in
SusPatternsManager
- Improved pattern separation between default and custom patterns
v1.2.0 (2025-04-04)¶
New Features¶
- Added dedicated
RateLimitManager
for improved rate limiting functionality - TTLCache-based in-memory rate limiting still available
- Extended Redis support for distributed rate limiting
Improvements¶
- Fixed rate limiting logic to properly handle rate limiting
- Standardized Singleton pattern across all handlers
- Added new
keys
anddelete_pattern
methods toRedisManager
for easy key/pattern retrieval/cleanup
v1.1.0 (2025-03-21)¶
New Features¶
- Added proper typing throughout the codebase
- Added custom Docker container for example app
- Added better Docker Compose support
Improvements¶
- Fixed multiple typing issues across test files
- Improved documentation for Docker container usage
- Enhanced serialization of Redis data
v1.0.0 (2025-02-19)¶
New Features¶
- Added Redis integration for distributed state management
Improvements¶
- Improved tests & testing coverage (100% coverage)
v0.4.0 (2025-02-16)¶
New Features¶
- Added
db_path
parameter toIPInfoManager
for custom database locations
Improvements¶
- Improved IPInfo database handling with local caching
Bug Fixes¶
- Fixed Azure IP ranges download by adding proper User-Agent headers (#19)
- Fixed cloud provider validation logic to properly filter invalid entries
- Resolved test coverage gaps on all test files
v0.3.4 (2025-01-26)¶
Bug Fixes¶
- Fixed issue with accepted
Headers
onSwagger UI
access/requests.
v0.3.3 (2024-12-14)¶
Bug Fixes¶
- Fixed package structure to properly include all required modules
- Resolved import issues with handlers package
- Improved package installation reliability