ACRA 0.80.0 IS HERE

ACRA 0.80.0 RELEASE

This release is dedicated to usability and unification. Many components of Acra have been renamed. We believe that the updated names will decrease confusion about the components' functions and will make Acra's setup and usage process easier. The new names also align better with the common package naming practices.

We couldn’t find a day inauspicious enough to release Acra 0.80.0, but decided that that last day of spring is still quite special :) Here are the changes in the new release:

Core:

● Renaming — global renaming of Acra’s components and their configuration parameters.

Main services:

Old name
New name
Function
AcraServer
AcraServer
decrypts data from the database
AcraWriter
AcraWriter
encrypts data on the client side
AcraProxy
AcraConnector
encrypts traffic between the client and the server using Themis Secure Session
AcraCensor
AcraCensor
firewall, part of AcraServer, blocks suspicious SQL requests to the database
AcraConfigUI
AcraWebConfig
lightweight HTTP web server for managing AcraServer's certain configuration options

Utilities:

Old name
New name
Function
acra_rollback
AcraRollback
decrypts the whole database
acra_genkeys
AcraKeymaker
generates encryption keys for storage and transport of the Acra components
acra_genauth
AcraAuthmanager
generates user accounts for AcraWebConfig
acra_genpoisonrecord
AcraPoisonRecordMaker
generates poison records for databases
acra_addzone
AcraAddzone
generates Zones' header for AcraWriter

Please check the configurations of components inside the /configs folder and read Migration Guide for more details (#175, #174, #173, #170, #169, #168).

● SSL/TLS

We’ve Improved SSL/TLS connections between AcraServer <-> AcraConnector and AcraServer <-> database. Added TLS authentication mode (tls_auth) argument to the AcraServer/AcraConnector configuration files:

- for AcraConnector it indicates how to authenticate AcraServer during a TLS connection;

- for AcraServer it indicates how to authenticate database during a TLS connection.

We’ve updated TLS configuration to provide other less strict authentication methods (do not authenticate client from server, ask for any certificate, ask and check) (#171).

● SQL requests filtering

- Added support of filtering SQL requests for PostgreSQL databases. Now you can setup AcraCensor rules for both MySQL and PostgreSQL databases (#177).

- Improved QueryCapture: AcraCensor writes allowed/blocked queries into a separate log file without blocking the main process (#176, #172). Please see a detailed description of AcraCensor on the corresponding AcraCensor documentation page.

● AcraWriter in Ruby

Updated AcraWriter Ruby wrapper for ActiveRecord tutorial and pushed a new gem (#166).

● Key Handling

Added `make keys` target in the Makefile: one command now generates keys and places them into correct folders for all Acra components (#182, #181). Also we’ve improved handling of master key length longer than 32 bytes (#183).

● Other

- Updated notification when AcraConnector is launched in an environment without `netstat` (#167).

- Updated error handling for AcraServer working with Zones and fix some corner-cases in using PostgreSQL protocol (#186, #179).

Infrastructure:

● Even better Docker support!

    • Added more ready-to-use Docker Containers: acra-keymaker, acra-authmanager. As a result, each Acra component is wrapped into a Docker container, allowing you to try Acra into your infrastructures easily.

    • Added easy-to-use docker-compose files for setting up the whole Acra-based environment connected to MySQL database. Possible configurations include setup with/without SSL, with/without AcraConnector, with/without Zones (#180). Check out the instructions and examples in the /docker folder: we have examples for both MySQL and PostgreSQL databases.

    • Updated descriptions for official Cossack Labs packages on Docker Hub.

    • Updated Getting started with Docker guide to make starting out with Acra even easier.

    ● OS

    Added support of Ubuntu Xenial, Ubuntu Bionic (added precompiled binaries and tests to make sure that Acra is compiling/building/working well on 16.04/18.04).

    Documentation:

    • Updated tutorials about protecting a Ruby on Rails app and a Django app.

    • Every single document, code line, and image are updated using the new naming.

    • Significant parts of the README have been rewritten.

    Lose no time, go get the new version of Acra now!

Copyright © 2014-2018 Cossack Labs Limited
Cossack Labs is a privately-held British company with a team of data security experts based in Kyiv, Ukraine.