Current release: v7.6.0
Release Highlights
The 7.6 release of the Cequence Unified API Protection (UAP) platform is generally available as of February 25, 2025. The key highlights of this release are listed below.
New Features
The new features in the 7.6 release require version 5.3 or newer of Cequence Bridge and 5.3 or newer of Cequence Defender.
Viewing Mitigated Transaction Details
Users can now view detailed information about transactions mitigated by Cequence Defenders, including policies that triggered mitigation and client information. Transactions can be searched using their unique request IDs.
Displaying Mitigated Transactions
Security analysts can now search historical data for a given Application Tag across the entire retention period on the Detection page, including data that predates the creation of the tag.
Disabling Individual Rules Within API Risk Categories
Organizations now have finer control with the ability to enable or disable individual risk rules (contributors) within risk categories, rather than only enabling/disabling entire categories. When customizing rules, the original system rule is disabled and a cloned version is created, allowing Cequence to update system rules without conflicts.
API Inventory Customization
Users can now save their preferred column views in API Inventory, ensuring column preferences remain intact between sessions.
Attack Surface Discovery Enhancements
New multi-region crawlers are available across North America, Europe, Middle East, Asia, and Australia, allowing for comprehensive discovery. Customers can select which regions to run crawls from and can view crawler IP addresses to add to allow-lists. PDF reports have been updated to better identify API hosting locations and include recommendations.
API Security Testing Improvements
Enhanced authentication profiles now support additional types like OAuth with PKCE and are easier to share across test plans. The platform also allows for inline test plan archival when updating to new versions.
Resolved Issues
Story
CEQASP-3544 API Sentinel: \(1\) API Inventory flyout details, Transaction summary
CEQASP-4011 UAP Installer KEDA and Kube-Prometheus-Stack Installation and Testing
CEQASP-4349 API Sentinel: \(1\) API Inventory Add Sources
CEQASP-5150 Add a tab for Mitigated Transactions with search functionality
CEQASP-5180 Create a system dataset to include AI Bot user agents
CEQASP-5457 Handling Form URL encoded body parameters for extraction
CEQASP-5460 Inclusion of Path Parameters as business relevant fields
CEQASP-5582 API Sentinel: Review new NLPs to remove duplicates and irrelevant NLP
CEQASP-5584 API Sentinel: Remove old Inventory
CEQASP-5656 API Sentinel: UI add sources column for display, filtering and endpoint details summary on the left hand side
CEQASP-5671 API Sentinel: Remove V1 and V2 Risk rules
CEQASP-5699 Reintroduce ability to look into the past by adding new URI Filter type in Dashboard
CEQASP-5727 Add attributes to ML-generated Auth Expressions
CEQASP-5728 Add attributes to ML-generated Custom Rules
CEQASP-5730 Add attributes to ML-generated Mitigation Policies
CEQASP-5740 Change the default for "Enable Log Request" to ON.
CEQASP-5929 API Sentinel: ability to Clone/customize Risk rules
CEQASP-5946 Remove Filters side-panel
CEQASP-5951 Minor renaming of terminology on the Detection page
CEQASP-6049 Add attributes to ML-generated Data Extractions
CEQASP-6141 Modify Timeframe to take a TimeRange
CEQASP-6145 API Sentinel: ability to update NLP keywords on existing/upgrade instances
CEQASP-6196 API Sentinel: Risk Posture details missing method
CEQASP-6273 UI: Risk Posture add new performance endpoint
CEQASP-6274 UI: additional clean up for Old Inventory Removal
CEQASP-6275 UI: inventory add better error handling
CEQASP-6316 Add threat-classification column in Data Export
CEQASP-6342 API Sentinel: Allow NLP updates to keywords on upgrades
CEQASP-6346 Runtime Inventory - Dashboard \( API Inventory and Metrics Call \) validation
CEQASP-6459 refactor terms elastic search query to regex based query
CEQASP-6511 Mitigation Transaction Bug Fixes
CEQASP-6513 Make the timeout value for the API calls to ui ingress configurable via helm chart
CEQASP-6564 Add Null check to rules
CEQASP-6628 Test failures
CEQASP-6667 API Inventory: Page filter \(outside of MUI grid widget\) for API Hosts
CEQASP-6670 API Inventory: Page filter \(outside of MUI grid widget\) for Scopes
CEQASP-6671 API Inventory: Rename exposure types to scopes \(incl. in Inventory settings\)
CEQASP-6673 Risk Posture: Page filter \(outside of MUI grid widget\) for API Hosts
CEQASP-6674 Risk Posture: Page filter \(outside of MUI grid widget\) for Labels
CEQASP-6675 Risk Posture: Page filter \(outside of MUI grid widget\) for Applications
CEQASP-6676 Risk Posture: Page filter \(outside of MUI grid widget\) for Scopes
CEQASP-6677 Risk Posture: Show Issue Instances instead of Issue Types
CEQASP-6678 Risk Posture: Show bars on the Issue Widget as clickable elements
CEQASP-6679 Risk Posture: Update counts on # of issues/instances at the top of the table to reflect applied filters, if any
CEQASP-6680 Risk Posture: Page filter \(outside of MUI grid widget\) for Risk Contributors
CEQASP-6804 Automate end-to-end deployment of code in SaaS \(with automation\)
CEQASP-6853 Risk Posture: Show number of Issues for each Host, Application, Scope, Auth Type, Label
CEQASP-6856 Risk Posture: Page filter \(outside of MUI grid widget\) for Risk Contributors
CEQASP-6875 Risk Posture: Page filter \(outside of MUI grid widget\) for Severity
Bugs
CEQASP-2794 Credentials sent in an clear text and stored in plain text in ES
CEQASP-4938 Issue with Dataset Name contains \[ \] and /
CEQASP-5008 Need disable zstd encoding on chrome in order to load transation
CEQASP-5012 migrator job failing on master
CEQASP-5382 APIGATEWAY endpoints are throwing 500 internal server error
CEQASP-5396 Remove the ability to select multiple rows in the Mitigation Dashboard Pivot Table
CEQASP-5558 API Sentinel: Custom Auth defined for Request Body
CEQASP-5573 Pagination of Sensitive Data Dashboard Results hard to see
CEQASP-5640 \[Elasticsearch Init\] Remove readonly from ILM template for all indices
CEQASP-5693 Transactions Confidence Filter incorrect Conditions
CEQASP-5700 Able to save the FP datasets with Duplicate FP's
CEQASP-5739 API Sentinel: Spec gen with internal \(east-west\) k8s traffic duplicate paths error
CEQASP-5937 API Inventory view shows keywords as hierarchy if the keyword has spaces
CEQASP-5998 Cluster stacks are not being deleted
CEQASP-6000 Cluster project is generting the kube-config before the cluster is created
CEQASP-6038 PCI\_TRACK\_ORDER False Negative
CEQASP-6053 Decrease Resource Dictionary memory usage for appTags/labels features
CEQASP-6076 Defender 5.1.0 Config-updater logs gives me config fetch error: 403 Client Error when used with UAP in master
CEQASP-6092 App tag UX creation dialog should remove the red outline on mandatory fields
CEQASP-6104 Grammatical typo in search field.
CEQASP-6131 CLIENT tokens with User Management Admin role can call any keycloak admin API
CEQASP-6142 fix common-io vulnerability
CEQASP-6159 Empty field name listed in API Field names page
CEQASP-6162 API Sentinel: Passport not triggering in Sentinel NLP
CEQASP-6173 API Sentinel: Dashboard metrics are all off
CEQASP-6179 Risk contributor filter not working as expected.
CEQASP-6181 Dashboard/Risk Posture linking to Inventory not working as expected.
CEQASP-6184 API Sentinel: Risk Posture Page Performance.
CEQASP-6186 UI - navigation from risk posture to inventory is broken
CEQASP-6211 Time windows selected in detection dashboard \(Custom time range\) changes in transaction page
CEQASP-6215 Error in regex match for file extensions for Traffic management.
CEQASP-6219 UI: app is not handling state and code query params in the URL
CEQASP-6230 Specs with multiple matching servers with different base path's break inventory table
CEQASP-6238 API Sentinel: Dashboard identification of newly found not reflected in API inventory
CEQASP-6249 ES Retry improvements
CEQASP-6255 Create new system rule for AI user agent detection
CEQASP-6262 Custom auth type not selected in inventory filter
CEQASP-6264 \[Bot Analyzer\] Fix BOLA Aggregation test by piping input one by one instead of all together
CEQASP-6268 \[Bot Analyzer\] Fix Dependency Issues - Spring Boot Web
CEQASP-6269 New End points - Risk posture does not work
CEQASP-6305 IDP-initiated SSO not working at regions
CEQASP-6338 Exclude existing Pivots from Rules and Policies creation
CEQASP-6341 API Sentinel: New Inventory White screen \(non unique Identifiers\)
CEQASP-6359 API Sentinel: underscore in the base path for an API definition is unable to be entered
CEQASP-6364 UI Bug: the transaction detial is not in order
CEQASP-6365 Bot analyzer crash looping in master ceqasp
CEQASP-6377 \[Dependency Verifier\] Missing CPU Request / Limit
CEQASP-6382 Transaction count discrepancy between detection and sentinel dashboard
CEQASP-6384 Update Rule Bundle to 5.0
CEQASP-6386 API Sentinel: API Definition does not update
CEQASP-6387 page specific query params being stripped from URL in new tab
CEQASP-6388 API Sentinel: Exposure Dashboard widget links to "active" instead of "ALL" API endpoints
CEQASP-6397 Published endpoint coming in as discovered
CEQASP-6420 API Sentinel: schema non-conformance \(drfit\) not working at all
CEQASP-6421 API Sentinel: NLP masked values do not reflect intended masking defined in CEQASP-5494
CEQASP-6431 API Sentinel: Risk Posture counts are off
CEQASP-6432 API Sentinel: Risk Posture LastSeen/First Seen Sort should be based on actual time stamps not display strings
CEQASP-6444 API Sentinel: API inventory sort on Auth types does not work
CEQASP-6448 API Sentinel: Rquest cookie is falsely lighing up when the Sensitive data filter is enabled.
CEQASP-6450 Error while deleting resources
CEQASP-6453 address CVE-2024-38821 in BFF
CEQASP-6508 Mitigated transactions tab - deletion and recreating same policy adds duplicates to the drop down and hence bad user experience
CEQASP-6510 In Mitigation-Transaction tab country drop down search throws an error when country is unknown
CEQASP-6526 API Inventory: Contributor filter - remove disabled rules
CEQASP-6530 None of the Sensitive Data is being detected
CEQASP-6538 API Sentinel: API Definitions only returns 1000
CEQASP-6557 Upgrade from 7.5 to 7.6 failed with unknown Enum Value
CEQASP-6565 Vulnerability upgrades done in 7.6.x
CEQASP-6571 \[ui\] continuous redirects adding query params until "Request-URI Too Large" error
CEQASP-6631 Sentinel Dashboard: Update Definitions card to link to API Summary page
CEQASP-6637 API Sentinel - \(backend\) Contact Column is empty in display and export
CEQASP-6646 UI: API Endpoints not saving column config on refresh
CEQASP-6690 Search by requestID does not work in the new Mitigated Transactions page
CEQASP-6692 Import from 7.3.x//7.5.x to 7.6.0-Beta6 is not working as Expected
CEQASP-6693 Exported file from 7.6.0-Beta-6 is Corrupted
CEQASP-6709 Detection Dashboard Risk label is wrong color
CEQASP-6723 No "Exclude App Tags" filter on the Detection page
CEQASP-6732 ES backup import - Dictionary does not publish api specs/definitions
CEQASP-6748 API host is missing in the inventory filter
CEQASP-6777 Add info to Sentinel Spec upload api documentation
CEQASP-6785 BotAnalyzer: Fix CI CD pipelines that are using deploy token to fetch packages
CEQASP-6866 Check for metadataDetail mapping before starting dictionary
CEQASP-6883 Transactions - Mitigation Dashboard is not showing any transaction on landing page.
CEQASP-6884 Labels from API Inventory not getting exported
CEQASP-6885 Intelligent edge traffic filters will not be honoured after Import from 7.3.x to 7.6.0-BETA5
CEQASP-6887 List of NLP that are not getting marked as SD in API Inventory when SDM is disable in Traffic Management.
CEQASP-6955 login\_required query param from oidc-client libraries causing redirect loop
CEQASP-6960 UI token expiry not handled properly
CEQASP-6972 Resource Dictionary Change needed to publish to global topic
Upgrading from 7.5
To upgrade from the 7.4 release, back up and export all of your configuration files, then upgrade as normal.
Rolling back
After rolling back to the 7.4 release from 7.5, observe the system's behavior to verify correct operation.
Upgrading from 7.4
To upgrade from the 7.4 release, back up and export all of your configuration files, then upgrade as normal.
Rolling back
After rolling back to the 7.4 release from 7.6, import the exported configuration files, then perform the following scale alterations:
- Scale down deployments
- Scale up Resources Dictionary and Component Configuration
- Scale down Statefulsets
- Scale up Policy Engine.
Note that rolling back to 7.4 from 7.6 will result in the loss of two weeks of Sentinel metrics.
On-Premises Deployments
| Package | Version | Location |
| Helm Chart | 7.6.0 | https://cequence.gitlab.io/helm-charts/ |