Version 8.4.0

New features and improvements

Added a public preview of the Interactive Application Security Testing (IAST) mode of the New Relic Security agent. 1224

Warning
The New Relic Security agent IAST mode is in public preview and should only be used in non-production environments.

By default, the New Relic Security agent IAST mode is completely disabled. To enable it, set both newrelic.config.security.agent.enabled=true and newrelic.config.security.enabled=true.

Full configuration options are detailed below (note that the security stanza should be indented two spaces under the pre-existing common stanza in the newrelic.yml config file):

  # New Relic Security vulnerability detection.
  security:
    # Determines whether the security data is sent to New Relic or not. When this is disabled and agent.enabled is
    # true, the security module will run but data will not be sent. Default is false.
    enabled: false

    # New Relic Security provides two modes: IAST and RASP
    # Default is IAST. Due to the invasive nature of IAST scanning, DO NOT enable this mode in either a
    # production environment or an environment where production data is processed.
    mode: IAST

    # New Relic Security’s SaaS connection URL
    validator_service_url: wss://csec.nr-data.net

    # To completely disable all security functionality, set this flag to false. This property is
    # read only once at application start. Default is false.
    agent:
      enabled: false

    # These are the category of security events that can be detected. Set to false to disable detection of
    # individual event types. Default is true for each event type.
    detection:
      rci:
        enabled: true
      rxss:
        enabled: true
      deserialization:
        enabled: true

New Contributors

• @harshit-ap made their first contribution in #1222
• @lovesh-ap made their first contribution in #1274

Full Changelog: v8.3.0...v8.4.0