Release/v0.9.4

.github/workflows/binaries.yml

@@ -51,7 +51,7 @@ jobs:
     needs:
       - draft-release
     env:
-      X_GO_DISTRIBUTION: "https://go.dev/dl/go1.24.6.linux-amd64.tar.gz"
+      X_GO_DISTRIBUTION: "https://go.dev/dl/go1.24.10.linux-amd64.tar.gz"
       APIFIREWALL_NAMESPACE: "github.com/wallarm/api-firewall"
     strategy:
       matrix:
@@ -162,7 +162,7 @@ jobs:
     needs:
       - draft-release
     env:
-      X_GO_VERSION: "1.24.6"
+      X_GO_VERSION: "1.24.10"
       APIFIREWALL_NAMESPACE: "github.com/wallarm/api-firewall"
     strategy:
       matrix:
@@ -272,19 +272,19 @@ jobs:
         include:
           - arch: armv6
             distro: bookworm
-            go_distribution: https://go.dev/dl/go1.24.6.linux-armv6l.tar.gz
+            go_distribution: https://go.dev/dl/go1.24.10.linux-armv6l.tar.gz
             artifact: armv6-libc
           - arch: aarch64
             distro: bookworm
-            go_distribution: https://go.dev/dl/go1.24.6.linux-arm64.tar.gz
+            go_distribution: https://go.dev/dl/go1.24.10.linux-arm64.tar.gz
             artifact: arm64-libc
           - arch: armv6
             distro: alpine_latest
-            go_distribution: https://go.dev/dl/go1.24.6.linux-armv6l.tar.gz
+            go_distribution: https://go.dev/dl/go1.24.10.linux-armv6l.tar.gz
             artifact: armv6-musl
           - arch: aarch64
             distro: alpine_latest
-            go_distribution: https://go.dev/dl/go1.24.6.linux-arm64.tar.gz
+            go_distribution: https://go.dev/dl/go1.24.10.linux-arm64.tar.gz
             artifact: arm64-musl
     steps:
       - uses: actions/checkout@v4

Makefile

@@ -1,4 +1,4 @@
-VERSION := 0.9.3
+VERSION := 0.9.4
 NAMESPACE := github.com/wallarm/api-firewall
 
 .DEFAULT_GOAL := build

demo/docker-compose/OWASP_CoreRuleSet/docker-compose.yml

@@ -2,7 +2,7 @@ version: "3.8"
 services:
   api-firewall:
     container_name: api-firewall
-    image: wallarm/api-firewall:v0.9.3
+    image: wallarm/api-firewall:v0.9.4
     restart: on-failure
     environment:
       APIFW_URL: "http://0.0.0.0:8080"

demo/docker-compose/docker-compose-api-mode.yml

@@ -2,7 +2,7 @@ version: '3.8'
 services:
   api-firewall:
     container_name: api-firewall
-    image: wallarm/api-firewall:v0.9.3
+    image: wallarm/api-firewall:v0.9.4
     restart: on-failure
     environment:
       APIFW_MODE: "api"

demo/docker-compose/docker-compose-graphql-mode.yml

@@ -2,7 +2,7 @@ version: '3.8'
 services:
   api-firewall:
     container_name: api-firewall
-    image: wallarm/api-firewall:v0.9.3
+    image: wallarm/api-firewall:v0.9.4
     restart: on-failure
     environment:
       APIFW_MODE: "graphql"

demo/docker-compose/docker-compose.yml

@@ -2,7 +2,7 @@ version: "3.8"
 services:
   api-firewall:
     container_name: api-firewall
-    image: wallarm/api-firewall:v0.9.3
+    image: wallarm/api-firewall:v0.9.4
     restart: on-failure
     environment:
       APIFW_URL: "http://0.0.0.0:8080"

demo/kubernetes/volumes/helm/api-firewall.yaml

@@ -10,7 +10,7 @@ manifest:
           "url": "https://kennethreitz.org",
           "email": "me@kennethreitz.org"
         },
-        "version": "0.9.3"
+        "version": "0.9.4"
       },
       "servers": [
         {

docs/configuration-guides/allowlist.md

@@ -33,7 +33,7 @@ docker run --rm -it --network api-firewall-network --network-alias api-firewall
     -e APIFW_URL=<API_FIREWALL_URL> -e APIFW_SERVER_URL=<PROTECTED_APP_URL> \
     -e APIFW_REQUEST_VALIDATION=<REQUEST_VALIDATION_MODE> -e APIFW_RESPONSE_VALIDATION=<RESPONSE_VALIDATION_MODE> \
     -e APIFW_ALLOW_IP_FILE=/opt/ip-allowlist.txt -e APIFW_ALLOW_IP_HEADER_NAME="X-Real-IP" \
-    -p 8088:8088 wallarm/api-firewall:v0.9.3
+    -p 8088:8088 wallarm/api-firewall:v0.9.4
 ```
 
 | Environment variable | Description |

docs/installation-guides/api-mode.md

@@ -38,7 +38,7 @@ Use the following command to run the API Firewall container:
 
 ```
 docker run --rm -it -v <PATH_TO_SQLITE_DATABASE>:/var/lib/wallarm-api/1/wallarm_api.db \
-    -e APIFW_MODE=API -p 8282:8282 wallarm/api-firewall:v0.9.3
+    -e APIFW_MODE=API -p 8282:8282 wallarm/api-firewall:v0.9.4
 ```
 
 You can pass to the container the following variables:

docs/installation-guides/docker-container.md

@@ -27,7 +27,7 @@ networks:
 services:
   api-firewall:
     container_name: api-firewall
-    image: wallarm/api-firewall:v0.9.3
+    image: wallarm/api-firewall:v0.9.4
     restart: on-failure
     volumes:
       - <HOST_PATH_TO_SPEC>:<CONTAINER_PATH_TO_SPEC>
@@ -171,6 +171,6 @@ To start API Firewall on Docker, you can also use regular Docker commands as in
         -v <HOST_PATH_TO_SPEC>:<CONTAINER_PATH_TO_SPEC> -e APIFW_API_SPECS=<PATH_TO_MOUNTED_SPEC> \
         -e APIFW_URL=<API_FIREWALL_URL> -e APIFW_SERVER_URL=<PROTECTED_APP_URL> \
         -e APIFW_REQUEST_VALIDATION=<REQUEST_VALIDATION_MODE> -e APIFW_RESPONSE_VALIDATION=<RESPONSE_VALIDATION_MODE> \
-        -p 8088:8088 wallarm/api-firewall:v0.9.3
+        -p 8088:8088 wallarm/api-firewall:v0.9.4
     ```
 4. When the environment is started, test it and enable traffic on API Firewall following steps 6 and 7.

docs/installation-guides/graphql/docker-container.md

@@ -29,7 +29,7 @@ networks:
 services:
   api-firewall:
     container_name: api-firewall
-    image: wallarm/api-firewall:v0.9.3
+    image: wallarm/api-firewall:v0.9.4
     restart: on-failure
     volumes:
       - <HOST_PATH_TO_SPEC>:<CONTAINER_PATH_TO_SPEC>
@@ -200,6 +200,6 @@ To start API Firewall on Docker, you can also use regular Docker commands as in
         -e APIFW_GRAPHQL_MAX_QUERY_COMPLEXITY=<MAX_QUERY_COMPLEXITY> \
         -e APIFW_GRAPHQL_MAX_QUERY_DEPTH=<MAX_QUERY_DEPTH> -e APIFW_GRAPHQL_NODE_COUNT_LIMIT=<NODE_COUNT_LIMIT> \
         -e APIFW_GRAPHQL_INTROSPECTION=<ALLOW_INTROSPECTION_OR_NOT> \
-        -p 8088:8088 wallarm/api-firewall:v0.9.3
+        -p 8088:8088 wallarm/api-firewall:v0.9.4
     ```
 4. When the environment is started, test it and enable traffic on API Firewall following steps 6 and 7.

docs/release-notes.md

@@ -2,6 +2,11 @@
 
 This page describes new releases of Wallarm API Firewall.
 
+## v0.9.4 (2025-11-28)
+
+* Upgrade Go to 1.24.10
+* Upgrade dependencies
+
 ## v0.9.3 (2025-08-15)
 
 * Relaxed `content-type` handling: API Firewall no longer rejects requests with image MIME types (image/png, image/jpeg, image/gif, image/webp, image/avif, image/heic, image/heif, image/bmp, image/tiff, image/svg+xml)

go.mod

@@ -1,6 +1,6 @@
 module github.com/wallarm/api-firewall
 
-go 1.24.6
+go 1.24.10
 
 require (
 	github.com/andybalholm/brotli v1.2.0
@@ -10,25 +10,25 @@ require (
 	github.com/dgraph-io/ristretto v0.2.0
 	github.com/fasthttp/websocket v1.5.12
 	github.com/foxcpp/go-mockdns v1.1.0
-	github.com/gabriel-vasile/mimetype v1.4.9
-	github.com/getkin/kin-openapi v0.132.0
+	github.com/gabriel-vasile/mimetype v1.4.11
+	github.com/getkin/kin-openapi v0.133.0
 	github.com/go-playground/validator v9.31.0+incompatible
 	github.com/golang-jwt/jwt/v5 v5.3.0
 	github.com/golang/mock v1.6.0
 	github.com/google/uuid v1.6.0
 	github.com/karlseguin/ccache/v2 v2.0.8
-	github.com/klauspost/compress v1.18.0
+	github.com/klauspost/compress v1.18.1
 	github.com/mattn/go-sqlite3 v1.14.32
 	github.com/pkg/errors v0.9.1
-	github.com/prometheus/client_golang v1.23.0
+	github.com/prometheus/client_golang v1.23.2
 	github.com/rs/zerolog v1.34.0
-	github.com/savsgio/gotils v0.0.0-20250408102913-196191ec6287
-	github.com/spf13/viper v1.20.1
-	github.com/stretchr/testify v1.10.0
-	github.com/valyala/fasthttp v1.65.0
+	github.com/savsgio/gotils v0.0.0-20250924091648-bce9a52d7761
+	github.com/spf13/viper v1.21.0
+	github.com/stretchr/testify v1.11.1
+	github.com/valyala/fasthttp v1.68.0
 	github.com/valyala/fastjson v1.6.4
 	github.com/wundergraph/graphql-go-tools v1.67.4
-	golang.org/x/sync v0.16.0
+	golang.org/x/sync v0.18.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
@@ -39,75 +39,76 @@ require (
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/buger/jsonparser v1.1.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
-	github.com/corazawaf/libinjection-go v0.2.2 // indirect
+	github.com/corazawaf/libinjection-go v0.2.3 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
-	github.com/eclipse/paho.mqtt.golang v1.2.0 // indirect
-	github.com/fsnotify/fsnotify v1.8.0 // indirect
-	github.com/go-openapi/jsonpointer v0.21.0 // indirect
-	github.com/go-openapi/swag v0.23.0 // indirect
-	github.com/go-playground/locales v0.13.0 // indirect
-	github.com/go-playground/universal-translator v0.17.0 // indirect
-	github.com/go-viper/mapstructure/v2 v2.2.1 // indirect
-	github.com/goccy/go-json v0.10.5 // indirect
-	github.com/gorilla/mux v1.8.0 // indirect
-	github.com/hashicorp/golang-lru v0.5.4 // indirect
-	github.com/huandu/xstrings v1.2.1 // indirect
-	github.com/imdario/mergo v0.3.8 // indirect
+	github.com/eclipse/paho.mqtt.golang v1.5.1 // indirect
+	github.com/fsnotify/fsnotify v1.9.0 // indirect
+	github.com/go-openapi/jsonpointer v0.22.3 // indirect
+	github.com/go-openapi/swag/jsonname v0.25.4 // indirect
+	github.com/go-playground/locales v0.14.1 // indirect
+	github.com/go-playground/universal-translator v0.18.1 // indirect
+	github.com/go-viper/mapstructure/v2 v2.4.0 // indirect
+	github.com/gorilla/mux v1.8.1 // indirect
+	github.com/gorilla/websocket v1.5.3 // indirect
+	github.com/hashicorp/golang-lru v1.0.2 // indirect
+	github.com/huandu/xstrings v1.5.0 // indirect
+	github.com/imdario/mergo v0.3.16 // indirect
 	github.com/jensneuse/abstractlogger v0.0.4 // indirect
-	github.com/jensneuse/byte-template v0.0.0-20200214152254-4f3cf06e5c68 // indirect
+	github.com/jensneuse/byte-template v0.0.0-20231025215717-69252eb3ed56 // indirect
 	github.com/jensneuse/pipeline v0.0.0-20200117120358-9fb4de085cd6 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
-	github.com/leodido/go-urn v1.2.0 // indirect
+	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/magefile/mage v1.15.1-0.20241126214340-bdc92f694516 // indirect
-	github.com/mailru/easyjson v0.7.7 // indirect
-	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mailru/easyjson v0.9.1 // indirect
+	github.com/mattn/go-colorable v0.1.14 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
-	github.com/miekg/dns v1.1.57 // indirect
-	github.com/mitchellh/copystructure v1.0.0 // indirect
-	github.com/mitchellh/reflectwalk v1.0.0 // indirect
+	github.com/miekg/dns v1.1.68 // indirect
+	github.com/mitchellh/copystructure v1.2.0 // indirect
+	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
-	github.com/nats-io/nats.go v1.34.1 // indirect
-	github.com/nats-io/nkeys v0.4.7 // indirect
+	github.com/nats-io/nats.go v1.47.0 // indirect
+	github.com/nats-io/nkeys v0.4.12 // indirect
 	github.com/nats-io/nuid v1.0.1 // indirect
 	github.com/oasdiff/yaml v0.0.0-20250309154309-f31be36b4037 // indirect
 	github.com/oasdiff/yaml3 v0.0.0-20250309153720-d2182401db90 // indirect
-	github.com/pelletier/go-toml/v2 v2.2.3 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.4 // indirect
 	github.com/perimeterx/marshmallow v1.1.5 // indirect
-	github.com/petar-dambovaliev/aho-corasick v0.0.0-20240411101913-e07a1f0e8eb4 // indirect
+	github.com/petar-dambovaliev/aho-corasick v0.0.0-20250424160509-463d218d4745 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/prometheus/client_model v0.6.2 // indirect
-	github.com/prometheus/common v0.65.0 // indirect
-	github.com/prometheus/procfs v0.16.1 // indirect
-	github.com/r3labs/sse/v2 v2.8.1 // indirect
-	github.com/sagikazarmark/locafero v0.7.0 // indirect
+	github.com/prometheus/common v0.67.4 // indirect
+	github.com/prometheus/procfs v0.19.2 // indirect
+	github.com/r3labs/sse/v2 v2.10.0 // indirect
+	github.com/sagikazarmark/locafero v0.12.0 // indirect
 	github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
-	github.com/sourcegraph/conc v0.3.0 // indirect
-	github.com/spf13/afero v1.12.0 // indirect
-	github.com/spf13/cast v1.7.1 // indirect
-	github.com/spf13/pflag v1.0.6 // indirect
+	github.com/spf13/afero v1.15.0 // indirect
+	github.com/spf13/cast v1.10.0 // indirect
+	github.com/spf13/pflag v1.0.10 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/tidwall/gjson v1.18.0 // indirect
-	github.com/tidwall/match v1.1.1 // indirect
+	github.com/tidwall/match v1.2.0 // indirect
 	github.com/tidwall/pretty v1.2.1 // indirect
 	github.com/tidwall/sjson v1.2.5 // indirect
-	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/valllabh/ocsf-schema-golang v1.0.3 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
+	github.com/woodsbury/decimal128 v1.4.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	go.uber.org/zap v1.26.0 // indirect
-	golang.org/x/crypto v0.41.0 // indirect
-	golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
-	golang.org/x/mod v0.26.0 // indirect
-	golang.org/x/net v0.43.0 // indirect
-	golang.org/x/sys v0.35.0 // indirect
-	golang.org/x/text v0.28.0 // indirect
-	golang.org/x/tools v0.35.0 // indirect
-	google.golang.org/protobuf v1.36.6 // indirect
+	go.uber.org/zap v1.27.1 // indirect
+	go.yaml.in/yaml/v2 v2.4.3 // indirect
+	go.yaml.in/yaml/v3 v3.0.4 // indirect
+	golang.org/x/crypto v0.45.0 // indirect
+	golang.org/x/exp v0.0.0-20251125195548-87e1e737ad39 // indirect
+	golang.org/x/mod v0.30.0 // indirect
+	golang.org/x/net v0.47.0 // indirect
+	golang.org/x/sys v0.38.0 // indirect
+	golang.org/x/text v0.31.0 // indirect
+	golang.org/x/tools v0.39.0 // indirect
+	google.golang.org/protobuf v1.36.10 // indirect
 	gopkg.in/cenkalti/backoff.v1 v1.1.0 // indirect
 	gopkg.in/go-playground/assert.v1 v1.2.1 // indirect
-	nhooyr.io/websocket v1.8.7 // indirect
+	nhooyr.io/websocket v1.8.17 // indirect
 	rsc.io/binaryregexp v0.2.0 // indirect
 )