Release/0.9.3

.github/workflows/binaries.yml

@@ -51,7 +51,7 @@ jobs:
     needs:
       - draft-release
     env:
-      X_GO_DISTRIBUTION: "https://go.dev/dl/go1.23.10.linux-amd64.tar.gz"
+      X_GO_DISTRIBUTION: "https://go.dev/dl/go1.24.6.linux-amd64.tar.gz"
       APIFIREWALL_NAMESPACE: "github.com/wallarm/api-firewall"
     strategy:
       matrix:
@@ -162,7 +162,7 @@ jobs:
     needs:
       - draft-release
     env:
-      X_GO_VERSION: "1.23.10"
+      X_GO_VERSION: "1.24.6"
       APIFIREWALL_NAMESPACE: "github.com/wallarm/api-firewall"
     strategy:
       matrix:
@@ -181,7 +181,7 @@ jobs:
       -
         uses: addnab/docker-run-action@v3
         with:
-          image: golang:${{ env.X_GO_VERSION }}-alpine3.21
+          image: golang:${{ env.X_GO_VERSION }}-alpine3.22
           options: >
             --volume ${{ github.workspace }}:/build
             --workdir /build
@@ -272,19 +272,19 @@ jobs:
         include:
           - arch: armv6
             distro: bookworm
-            go_distribution: https://go.dev/dl/go1.23.10.linux-armv6l.tar.gz
+            go_distribution: https://go.dev/dl/go1.24.6.linux-armv6l.tar.gz
             artifact: armv6-libc
           - arch: aarch64
             distro: bookworm
-            go_distribution: https://go.dev/dl/go1.23.10.linux-arm64.tar.gz
+            go_distribution: https://go.dev/dl/go1.24.6.linux-arm64.tar.gz
             artifact: arm64-libc
           - arch: armv6
             distro: alpine_latest
-            go_distribution: https://go.dev/dl/go1.23.10.linux-armv6l.tar.gz
+            go_distribution: https://go.dev/dl/go1.24.6.linux-armv6l.tar.gz
             artifact: armv6-musl
           - arch: aarch64
             distro: alpine_latest
-            go_distribution: https://go.dev/dl/go1.23.10.linux-arm64.tar.gz
+            go_distribution: https://go.dev/dl/go1.24.6.linux-arm64.tar.gz
             artifact: arm64-musl
     steps:
       - uses: actions/checkout@v4

Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.23-alpine3.21 AS build
+FROM golang:1.24-alpine3.22 AS build
 
 ARG APIFIREWALL_NAMESPACE
 ARG APIFIREWALL_VERSION
@@ -24,7 +24,7 @@ RUN go mod download -x                    && \
 # Smoke test
 RUN ./api-firewall -v
 
-FROM alpine:3.21 AS composer
+FROM alpine:3.22 AS composer
 
 WORKDIR /output
 
@@ -34,7 +34,7 @@ COPY docker-entrypoint.sh ./usr/local/bin/docker-entrypoint.sh
 RUN chmod 755 ./usr/local/bin/*           && \
     chown root:root ./usr/local/bin/*
 
-FROM alpine:3.21
+FROM alpine:3.22
 
 RUN adduser -u 1000 -H -h /opt -D -s /bin/sh api-firewall
 

Makefile

@@ -1,4 +1,4 @@
-VERSION := 0.9.2
+VERSION := 0.9.3
 NAMESPACE := github.com/wallarm/api-firewall
 
 .DEFAULT_GOAL := build

cmd/api-firewall/internal/handlers/api/updater.go

@@ -1,7 +1,6 @@
 package api
 
 import (
-	"github.com/wallarm/api-firewall/internal/platform/metrics"
 	"os"
 	"runtime/debug"
 	"sync"
@@ -14,6 +13,7 @@ import (
 
 	"github.com/wallarm/api-firewall/internal/config"
 	"github.com/wallarm/api-firewall/internal/platform/allowiplist"
+	"github.com/wallarm/api-firewall/internal/platform/metrics"
 	"github.com/wallarm/api-firewall/internal/platform/router"
 	"github.com/wallarm/api-firewall/internal/platform/storage"
 	"github.com/wallarm/api-firewall/internal/platform/storage/updater"

demo/docker-compose/OWASP_CoreRuleSet/docker-compose.yml

@@ -2,7 +2,7 @@ version: "3.8"
 services:
   api-firewall:
     container_name: api-firewall
-    image: wallarm/api-firewall:v0.9.2
+    image: wallarm/api-firewall:v0.9.3
     restart: on-failure
     environment:
       APIFW_URL: "http://0.0.0.0:8080"

demo/docker-compose/docker-compose-api-mode.yml

@@ -2,7 +2,7 @@ version: '3.8'
 services:
   api-firewall:
     container_name: api-firewall
-    image: wallarm/api-firewall:v0.9.2
+    image: wallarm/api-firewall:v0.9.3
     restart: on-failure
     environment:
       APIFW_MODE: "api"

demo/docker-compose/docker-compose-graphql-mode.yml

@@ -2,7 +2,7 @@ version: '3.8'
 services:
   api-firewall:
     container_name: api-firewall
-    image: wallarm/api-firewall:v0.9.2
+    image: wallarm/api-firewall:v0.9.3
     restart: on-failure
     environment:
       APIFW_MODE: "graphql"

demo/docker-compose/docker-compose.yml

@@ -2,7 +2,7 @@ version: "3.8"
 services:
   api-firewall:
     container_name: api-firewall
-    image: wallarm/api-firewall:v0.9.2
+    image: wallarm/api-firewall:v0.9.3
     restart: on-failure
     environment:
       APIFW_URL: "http://0.0.0.0:8080"

demo/kubernetes/volumes/helm/api-firewall.yaml

@@ -10,7 +10,7 @@ manifest:
           "url": "https://kennethreitz.org",
           "email": "me@kennethreitz.org"
         },
-        "version": "0.9.2"
+        "version": "0.9.3"
       },
       "servers": [
         {

docs/configuration-guides/allowlist.md

@@ -33,7 +33,7 @@ docker run --rm -it --network api-firewall-network --network-alias api-firewall
     -e APIFW_URL=<API_FIREWALL_URL> -e APIFW_SERVER_URL=<PROTECTED_APP_URL> \
     -e APIFW_REQUEST_VALIDATION=<REQUEST_VALIDATION_MODE> -e APIFW_RESPONSE_VALIDATION=<RESPONSE_VALIDATION_MODE> \
     -e APIFW_ALLOW_IP_FILE=/opt/ip-allowlist.txt -e APIFW_ALLOW_IP_HEADER_NAME="X-Real-IP" \
-    -p 8088:8088 wallarm/api-firewall:v0.9.2
+    -p 8088:8088 wallarm/api-firewall:v0.9.3
 ```
 
 | Environment variable | Description |

docs/installation-guides/api-mode.md

@@ -38,7 +38,7 @@ Use the following command to run the API Firewall container:
 
 ```
 docker run --rm -it -v <PATH_TO_SQLITE_DATABASE>:/var/lib/wallarm-api/1/wallarm_api.db \
-    -e APIFW_MODE=API -p 8282:8282 wallarm/api-firewall:v0.9.2
+    -e APIFW_MODE=API -p 8282:8282 wallarm/api-firewall:v0.9.3
 ```
 
 You can pass to the container the following variables:

docs/installation-guides/docker-container.md

@@ -27,7 +27,7 @@ networks:
 services:
   api-firewall:
     container_name: api-firewall
-    image: wallarm/api-firewall:v0.9.2
+    image: wallarm/api-firewall:v0.9.3
     restart: on-failure
     volumes:
       - <HOST_PATH_TO_SPEC>:<CONTAINER_PATH_TO_SPEC>
@@ -171,6 +171,6 @@ To start API Firewall on Docker, you can also use regular Docker commands as in
         -v <HOST_PATH_TO_SPEC>:<CONTAINER_PATH_TO_SPEC> -e APIFW_API_SPECS=<PATH_TO_MOUNTED_SPEC> \
         -e APIFW_URL=<API_FIREWALL_URL> -e APIFW_SERVER_URL=<PROTECTED_APP_URL> \
         -e APIFW_REQUEST_VALIDATION=<REQUEST_VALIDATION_MODE> -e APIFW_RESPONSE_VALIDATION=<RESPONSE_VALIDATION_MODE> \
-        -p 8088:8088 wallarm/api-firewall:v0.9.2
+        -p 8088:8088 wallarm/api-firewall:v0.9.3
     ```
 4. When the environment is started, test it and enable traffic on API Firewall following steps 6 and 7.

docs/installation-guides/graphql/docker-container.md

@@ -29,7 +29,7 @@ networks:
 services:
   api-firewall:
     container_name: api-firewall
-    image: wallarm/api-firewall:v0.9.2
+    image: wallarm/api-firewall:v0.9.3
     restart: on-failure
     volumes:
       - <HOST_PATH_TO_SPEC>:<CONTAINER_PATH_TO_SPEC>
@@ -200,6 +200,6 @@ To start API Firewall on Docker, you can also use regular Docker commands as in
         -e APIFW_GRAPHQL_MAX_QUERY_COMPLEXITY=<MAX_QUERY_COMPLEXITY> \
         -e APIFW_GRAPHQL_MAX_QUERY_DEPTH=<MAX_QUERY_DEPTH> -e APIFW_GRAPHQL_NODE_COUNT_LIMIT=<NODE_COUNT_LIMIT> \
         -e APIFW_GRAPHQL_INTROSPECTION=<ALLOW_INTROSPECTION_OR_NOT> \
-        -p 8088:8088 wallarm/api-firewall:v0.9.2
+        -p 8088:8088 wallarm/api-firewall:v0.9.3
     ```
 4. When the environment is started, test it and enable traffic on API Firewall following steps 6 and 7.

docs/release-notes.md

@@ -2,6 +2,11 @@
 
 This page describes new releases of Wallarm API Firewall.
 
+## v0.9.3 (2025-08-15)
+
+* Added support for images with the following MIME types: image/png, image/jpeg, image/gif, image/webp, image/avif, image/heic, image/heif, image/bmp, image/tiff, image/svg+xml
+* Bump up Go version to 1.24
+
 ## v0.9.2 (2025-06-09)
 
 * Added support for [Prometheus metrics in `API` mode](installation-guides/api-mode.md#prometheus-metrics)

go.mod

@@ -1,36 +1,34 @@
 module github.com/wallarm/api-firewall
 
-go 1.23.0
-
-toolchain go1.23.10
+go 1.24.6
 
 require (
-	github.com/andybalholm/brotli v1.1.1
+	github.com/andybalholm/brotli v1.2.0
 	github.com/ardanlabs/conf v1.5.0
 	github.com/clbanning/mxj/v2 v2.7.0
 	github.com/corazawaf/coraza/v3 v3.3.3
 	github.com/dgraph-io/ristretto v0.2.0
 	github.com/fasthttp/websocket v1.5.12
 	github.com/foxcpp/go-mockdns v1.1.0
 	github.com/gabriel-vasile/mimetype v1.4.9
-	github.com/getkin/kin-openapi v0.131.0
+	github.com/getkin/kin-openapi v0.132.0
 	github.com/go-playground/validator v9.31.0+incompatible
-	github.com/golang-jwt/jwt/v5 v5.2.2
+	github.com/golang-jwt/jwt/v5 v5.3.0
 	github.com/golang/mock v1.6.0
 	github.com/google/uuid v1.6.0
 	github.com/karlseguin/ccache/v2 v2.0.8
 	github.com/klauspost/compress v1.18.0
-	github.com/mattn/go-sqlite3 v1.14.28
+	github.com/mattn/go-sqlite3 v1.14.32
 	github.com/pkg/errors v0.9.1
-	github.com/prometheus/client_golang v1.22.0
+	github.com/prometheus/client_golang v1.23.0
 	github.com/rs/zerolog v1.34.0
 	github.com/savsgio/gotils v0.0.0-20250408102913-196191ec6287
 	github.com/spf13/viper v1.20.1
 	github.com/stretchr/testify v1.10.0
-	github.com/valyala/fasthttp v1.62.0
+	github.com/valyala/fasthttp v1.65.0
 	github.com/valyala/fastjson v1.6.4
 	github.com/wundergraph/graphql-go-tools v1.67.4
-	golang.org/x/sync v0.15.0
+	golang.org/x/sync v0.16.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
@@ -51,7 +49,8 @@ require (
 	github.com/go-playground/locales v0.13.0 // indirect
 	github.com/go-playground/universal-translator v0.17.0 // indirect
 	github.com/go-viper/mapstructure/v2 v2.2.1 // indirect
-	github.com/gorilla/mux v1.8.1 // indirect
+	github.com/goccy/go-json v0.10.5 // indirect
+	github.com/gorilla/mux v1.8.0 // indirect
 	github.com/hashicorp/golang-lru v0.5.4 // indirect
 	github.com/huandu/xstrings v1.2.1 // indirect
 	github.com/imdario/mergo v0.3.8 // indirect
@@ -61,10 +60,10 @@ require (
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/leodido/go-urn v1.2.0 // indirect
 	github.com/magefile/mage v1.15.1-0.20241126214340-bdc92f694516 // indirect
-	github.com/mailru/easyjson v0.9.0 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
-	github.com/miekg/dns v1.1.63 // indirect
+	github.com/miekg/dns v1.1.57 // indirect
 	github.com/mitchellh/copystructure v1.0.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.0 // indirect
 	github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect
@@ -78,10 +77,10 @@ require (
 	github.com/perimeterx/marshmallow v1.1.5 // indirect
 	github.com/petar-dambovaliev/aho-corasick v0.0.0-20240411101913-e07a1f0e8eb4 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	github.com/prometheus/client_model v0.6.1 // indirect
-	github.com/prometheus/common v0.62.0 // indirect
-	github.com/prometheus/procfs v0.15.1 // indirect
-	github.com/r3labs/sse/v2 v2.10.0 // indirect
+	github.com/prometheus/client_model v0.6.2 // indirect
+	github.com/prometheus/common v0.65.0 // indirect
+	github.com/prometheus/procfs v0.16.1 // indirect
+	github.com/r3labs/sse/v2 v2.8.1 // indirect
 	github.com/sagikazarmark/locafero v0.7.0 // indirect
 	github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
@@ -94,20 +93,21 @@ require (
 	github.com/tidwall/match v1.1.1 // indirect
 	github.com/tidwall/pretty v1.2.1 // indirect
 	github.com/tidwall/sjson v1.2.5 // indirect
+	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/valllabh/ocsf-schema-golang v1.0.3 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	go.uber.org/zap v1.27.0 // indirect
-	golang.org/x/crypto v0.38.0 // indirect
-	golang.org/x/exp v0.0.0-20250305212735-054e65f0b394 // indirect
-	golang.org/x/mod v0.24.0 // indirect
-	golang.org/x/net v0.40.0 // indirect
-	golang.org/x/sys v0.33.0 // indirect
-	golang.org/x/text v0.25.0 // indirect
-	golang.org/x/tools v0.31.0 // indirect
-	google.golang.org/protobuf v1.36.5 // indirect
+	go.uber.org/zap v1.26.0 // indirect
+	golang.org/x/crypto v0.41.0 // indirect
+	golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
+	golang.org/x/mod v0.26.0 // indirect
+	golang.org/x/net v0.43.0 // indirect
+	golang.org/x/sys v0.35.0 // indirect
+	golang.org/x/text v0.28.0 // indirect
+	golang.org/x/tools v0.35.0 // indirect
+	google.golang.org/protobuf v1.36.6 // indirect
 	gopkg.in/cenkalti/backoff.v1 v1.1.0 // indirect
 	gopkg.in/go-playground/assert.v1 v1.2.1 // indirect
-	nhooyr.io/websocket v1.8.17 // indirect
+	nhooyr.io/websocket v1.8.7 // indirect
 	rsc.io/binaryregexp v0.2.0 // indirect
 )