News

As the days were getting shorter, our pull requests were getting longer, and here we are now, proud to present Acra 0.83.0. Its distinctive new feature is the AcraRotate utility, which allows you easily rotate the storage keys on a regular basis or perform an emergency key rotation if you’ve detected (or suspect) a compromise of the client app. SQL filtering got more flexible — the new 6 patterns (including SUBQUERY and LIST_OF_VALUES) allow deep customisation for configuring the accepted queries and blocking malicious requests.

Summer moves on, Acra improves. This corridor of eclipses and Mercury retrograde gave life to the new version of Acra. Whole lotta updates to the already existing infrastructural elements. What else is new? AcraTranslator, for that matter — a lightweight server that receives AcraStructs stored anywhere and returns the decrypted data. Previously Acra was closely tied to the database infrastructure, but AcraTranslator is a tool that allows storing AcraStructs wherever it is convenient — as cells in a database or as files in a file storage (local or cloud storage, like AWS S3).

ACRA 0.81.0 RELEASE All the terrible things like lunar and solar eclipses, Mercury retrogrades, and PHP code refactoring will come later — this Friday is fully dedicated to the new release of Acra. In Acra 0.81.0 we’ve concentrated our efforts on improving the overall SQL handling, especially when it comes to SQL injection prevention, and teaching Acra’s “firewall” AcraCensor a few new tricks. If you’ve had troubles integrating some 3rd party WAFs into your infrastructure, Acra now might offer you a simpler, trouble-free solution.

ACRA 0.80.0 RELEASE This release is dedicated to usability and unification. Many components of Acra have been renamed. We believe that the updated names will decrease confusion about the components' functions and will make Acra's setup and usage process easier. The new names also align better with the common package naming practices. We couldn’t find a day inauspicious enough to release Acra 0.80.0, but decided that that last day of spring is still quite special :) Here are the changes in the new release:

ACRA 0.77.0 RELEASE Sticking to our tradition of rolling out new releases on conspicuous dates, we’re presenting Acra 0.77.0 on Friday 13th, Mercury retrograde. The changelog for the new Acra release was 3 pages long, so we’ve decided to spare you the details here (but you can always read the changelog in full in the Cossack Labs GitHub repository if you want to). Here are the main changes in the new release:

ACRA 0.76 RELEASE The spring and change are in the air! After a year in testing by early adopters (Acra 0.75 was released 1 year 5 days ago), we’re starting to push new features into the open-source version of Acra. 0.76 is a stability release, which unifies a lot of things “under the hood”: module interfaces, test automation, API, connection schemes — everything we need to gradually unveil & plenty of new exciting features we’ve prepared based on the user feedback.

THEMIS 0.10.0 RELEASE We couldn’t hold out till St. Valentine’s Day, so we’re releasing the love and all the hard work put into the new version of Themis today. Themis 0.10.0 is out and there is no turning back as this release introduces breaking changes. If you are using Themis on x64 systems, consider upgrading every Themis library/wrapper you were using to 0.10.0. Incompatibility issues may arise between previous Themis versions and 0.

THEMIS 0.9.6 RELEASE One release a week is good, two releases is better still. After releasing Hermes-core 0.5.1 PoC yesterday, following the good tradition of releasing on the 13th day of the month, we’re releasing Themis 0.9.6 today. The main feature of this release is adding support for OpenSSL 1.1. The rest of the update details are as follows: Docs: Significant update of the Contributing section in Wiki.

Hermes by Cossack Labs Cossack Labs release a proof of concept version of Hermes — a framework for cryptographically assured access control and data security. A PoC reference implementation of Hermes is Hermes-core 0.5.1, the source code and accompanying documentation of which become available on December 13, 2017. What is Hermes Hermes is a cryptography-based method of providing protected data storage and sharing that allows enforcing cryptographically checked CRUD permissions to data blocks and doesn't let server that's running Hermes do anything worse than DoS.

THEMIS 0.9.5 RELEASE Strategic planning, respect for traditions, and a consultation with our in-house astrologer led to an imminent release of Themis 0.9.5 on Wednesday 13, the 256th day of the year a.k.a. the International Developer’s Day. The update focuses on crystallizing conveniences, niceties and compatibility fixes that have been around for some time now. Here is the list of improvements: Infrastructure: You can now download pre-built Themis packages from our package server.