Skip to content
ALTCHA ALTCHA ALTCHA

ALTCHA Sentinel Releases

RSS

1.25.0

Human Interaction Signature and Improvements
Released: 2026-03-23

Highlights:

  • New: Introduced the Human Interaction Signature protection mechanism to help identify automated activity (PoW v2 only). Docs
  • New: Threat Sources now support authorization and custom HTTP headers. Docs
  • New: Added a simple configuration UI for PoW v2 in Security Groups.
  • Improvement: LDAP now supports username override via parameter. Docs
  • Improvement: Log fetching for the dashboard now uses a PostgreSQL cursor to improve performance.
  • Improvement: Enhanced error handling for the SQLite-backed threat intelligence index.
  • Security: Updated dependencies to address potential vulnerabilities.

Migration required:

ClickHouse users must migrate the database schema to new columns. Docs

1.24.0

New Speech Synthesizer and Memory Optimizations
Released: 2026-03-07

Highlights:

  • New: Introduced a new speech synthesizer that generates high-quality audio verification challenges in 45 languages. Docs
  • Optimization: Reduced memory usage by optimizing the Threat Intelligence index and adding support for a SQLite-backed store for low-memory environments. Docs
  • Security: Updated dependencies to address potential vulnerabilities.

1.23.0

Proxy, Files, LibSQL and Security Updates
Released: 2026-02-27

Highlights:

  • New: Added UI management for downloaded files (cached files), such as lists and mmdb databases, accessible under Admin → Files.
  • New: Support for LibSQL databases and the Bunny.net edge platform. Docs
  • New: Added environment variables:
    • HTTP(S)_PROXY: enables native request proxying. Docs
    • APP_BASE_PATH: allows prefixing the admin application URL. Docs
    • SECURITY_TXT: replaces the contents of /.well-known/security.txt. Docs
    • API_DOCS_ENABLED: disables API documentation at /v1/docs. Docs
  • Improvement: LOG_LEVEL=debug now logs HTTP(S) requests made by the server.
  • Security: Updated dependencies to address potential vulnerabilities.

1.22.0

PoW V2 and Security Updates
Released: 2026-02-22

Highlights:

  • New: Support for PoW V2 and the new widget (Beta).
  • Improvement: Challenges now include an id (matching the id in the verification data).
  • Improvement: Cache duration for used challenges is now configurable via the CACHE_DURATION_USED_CHALLENGES environment variable.
  • Improvement: Penalty time-to-live is now configurable using the PENALTY_TTL environment variable.
  • Fix: IPStack - updated API URL to use HTTPS.
  • Security: Updated dependencies to address potential vulnerabilities.

1.21.0

Stability and Security Updates
Released: 2026-02-13

UPDATE RECOMMENDED due to important stability improvements.

Highlights:

  • Stability: Resolved a memory leak affecting the Threat Intelligence List.
  • Stability: Enhanced data validation and enforced configurable limits for disposable email and phishing lists. Docs
  • Stability: Improved error handling for MaxMind and IpInfo databases.
  • Improvement: Added support for TLS certificates and additional configuration options to the LDAP connector. Docs
  • Improvement: Minor UI fixes and general enhancements.

1.20.0

Security Updates and Improvements
Released: 2026-02-06

Highlights:

  • Improvement: Added CSV and JSON export support for individual request logs.
  • Improvement: Request logs for failed verifications that return verified: false now include the failure reason in the log’s error field.
  • Security: Strengthened input validation for the /v1/verify endpoint, reducing potential attack vectors from malformed payloads.
  • Security: Updated dependencies to address potential vulnerabilities.

1.19.0

Bug Fixes and Security Updates
Released: 2026-01-23

Highlights:

  • Fix: Resolved additional timezone and usability issues affecting dashboard charts.
  • Fix: Addressed audio challenge compatibility issues in Safari 26 by adding Content-Length response header.
  • Security: Updated dependencies to address potential vulnerabilities.

1.18.0

Logs CSV Export and Bug Fixes
Released: 2026-01-07

Highlights:

  • New: Export request logs to CSV.
  • Fix: Corrected average latency reporting in the dashboard when using Postgres as the logs backend.
  • Fix: Resolved calendar time picker issues when using timezones different from the server timezone.
  • Security: Updated dependencies to address potential vulnerabilities.

1.17.0

Resource Limits and UI Improvements
Released: 2025-12-22

Highlights:

  • New: Added limits for Threat Intelligence sources to prevent misconfiguration and excessive resource usage. Docs
  • Improvement: Introduced new environment variables to override container CPU and memory limits. Docs
  • Improvement: Multiple UI fixes and usability improvements:
    • Added log filtering by API key name.
    • Account dropdown entries are now sorted alphabetically by name.
    • Fixed rate-limiting issues when switching between accounts.

1.16.0

Redis Cluster and Security Updates
Released: 2025-12-14

UPDATE RECOMMENDED due to a vulnerability in altcha-lib. See the Security Advisory.

Highlights:

  • New: Added support for Redis Cluster and Redis Sentinel deployments. Docs
  • Security: Updated altcha-lib to v1.4.1, preventing possible replay attacks via salt splicing. Security Advisory.
  • Security: Updated dependencies to address potential security vulnerabilities.
  • Improvement: Added missing legacy time zones still in use for geo-detection.

1.15.0

Improvements and Security Updates
Released: 2025-11-16

Highlights:

  • Improvement: Removed all telemetry data from the license “call home” request. Docs
  • Improvement: Enhanced the classifier’s RANDOM_CHARS logic to recognize a wider range of random sequences.
  • Fix: Resolved issues with Google OAuth refresh token handling.
  • Security: Updated dependencies to address potential security vulnerabilities.

1.14.0

Improvements and Security Updates
Released: 2025-10-26

Highlights:

  • New: Ability to disable certain features on accounts. Docs
  • New: Ability to adjust the maximum PoW complexity. Docs
  • Fix: Rate limiters configured on API keys are now scoped under their respective API key, avoiding shared limits between keys for identically configured rate limiters.
  • Fix: Added missing timezones to the built-in list used for geo-location.
  • Fix: UI fixes and improvements related to responsiveness.
  • Security: Updated dependencies to address potential security vulnerabilities.

1.13.1

Security Updates and Bug Fixes
Released: 2025-10-13

Highlights:

  • Security: Updated dependencies to address minor security vulnerabilities.
  • Fix: Minor UI fixes and improvements.

1.13.0

Challenge Custom Params and Bug Fixes
Released: 2025-10-05

Highlights:

  • New: Challenge API now supports custom parameters. Docs
  • Improved: PostgreSQL TLS/SSL support — AWS RDS CA bundle is now built-in for easier setup. Docs
  • Fix: ipinfo.io with MMDB can now be enabled only when using IPINFO_IO_MMDB_DOWNLOAD_URL that includes an authorization token. Docs
  • Security: Updated dependencies to address minor security vulnerabilities.

1.12.0

Phishing Detection
Released: 2025-09-23

Highlights:

  • New: Phishing URL detection in the Classifier and Email Spam Filter. Docs
  • New: Classifier now includes two new rules: URL_PHISHING and CONSECUTIVE_LINE_BREAKS. Docs
  • New: Simple rules configuration UI for Security Groups now supports request origins.
  • Improved: Security Group rules now support conditions based on request origin, including wildcard matching. Docs
  • Improved: The verificationData property returned from POST /v1/verify now includes additional values such as the request origin and user’s timezone. Docs
  • Improved: Request logs now include error messages for non-OK status codes.
  • Fix: REDIS_KEY_PREFIX environment variable was not being applied.
  • Fix: Minor UI fixes and improvements.

Migration required:

ClickHouse users must migrate the database schema to include error. Docs

1.11.0

Email Spam Filter
Released: 2025-09-09

Highlights:

  • New: Email Spam Filter for parsing and classifying EML files. Docs
  • New: Request logs now include verificationId from POST /v1/verify.
  • New: Prometheus metrics now include API verification metrics. Docs
  • Improved: General stability and minor bug fixes across the application.

Migration required:

ClickHouse users must migrate the database schema to include verificationId. Docs

1.10.2

AI Rules and Bug Fixes
Released: 2025-08-28

Highlights:

  • Improvement: AI providers now allow request parameter override using AI_PROVIDER_REQUEST_OPTIONS. Docs
  • Fix: X_FORWARDED_FOR_TRUSTED with IPv4 + IPv6 dual stack
  • Fix: CSP styles error in Safari

1.10.1

Bug Fixes
Released: 2025-08-26

Highlights:

  • Fix: Apply a default container memory limit when one is not explicitly set.
  • Fix: Minor UI fixes and improvements.

1.10.0

OpenTelemetry
Released: 2025-08-19

Highlights:

  • New: OpenTelemetry support (Enterprise only). Docs
  • New: Added LICENSE_JSON environment variable to disable license-server verification.
  • Fix: Total system memory and CPUs now correctly report the container’s limits if set.

1.9.1

Clustering Improvements
Released: 2025-08-05

Highlights:

  • Improvement: Cluster monitoring now includes database and Redis health checks.
  • Fix: Various UI enhancements and fixes related to clustering and application configuration.

1.9.0

PostgreSQL and Clustering
Released: 2025-08-05

This release introduces improved and simplified clustering with PostgreSQL as the primary database. Clustering is now also available in the Professional plan.

Highlights:

  • New: Support for PostgreSQL as the primary database engine, offering better performance and scalability. Docs
  • New: Streamlined clustering configuration for easier setup and management. Docs
  • Improved: General stability, minor bug fixes, and performance enhancements across the application.

1.8.2

Performance Improvements
Released: 2025-07-23

Highlights:

  • Improvement: Threat Intelligence reporting endpoint now returns actions and whether the limit has been reached.
  • Improvement: Optimized loading of Threat Intelligence data, significantly improving application start time.
  • Fix: Minor UI fixes and improvements.

1.8.1

Threat Intelligence
Released: 2025-07-15

Highlights:

  • New: Threat Intelligence for automatic detection and blocking of malicious IPs.
  • Fix: Minor UI fixes and improvements.

Migration required:

If you previously used FIREHOL_* environment variables, review and update your configuration in the new Threat Sources section. These variables have been removed, and blocklist URLs are now managed directly through Threat Sources.

1.7.0

Filtering, IP resolvers
Released: 2025-07-02

Highlights:

  • New: Cloudflare IP resolver using the CF-IPCountry HTTP header.
  • Improvement: Filtering and search capabilities across the application.
  • Improvement: IP resolvers can be combined for more comprehensive IP resolution.
  • Improvement: Alerts now include the API key and user-agent.
  • Fix: Issue with the disableRules parameter in the classifier.
  • Fix: Minor UI fixes and improvements.

1.6.0

Logs and Analytics
Released: 2025-06-22

Highlights:

  • New Feature: ClickHouse integration for high-performance data storage and real-time analytics.
  • Improvement: Enhanced analytics dashboard now displays the total number of requests and all matched spam rules.
  • Improvement: More accurate language detection for very short texts.
  • Improvement: Minor UI enhancements, including dark mode adjustments and general bug fixes.
  • Fix: Issue with excluding countries from the high-risk country list.

1.5.0

General Improvements and Bug Fixes
Released: 2025-06-15

Highlights:

  • New: Added environment variables to configure update schedules for data sources and IP resolvers.
  • Improvement: Updated Content Security Policy to support the redirect page and API documentation.
  • Fix: Geo-location data was not being properly recorded in request logs.

1.4.0

IPInfo Resolver and Bug Fixes
Released: 2025-06-08

Highlights:

  • New Feature: IPInfo.io IP resolver – Integrated IPInfo.io service for IP resolution.
  • Fix: Monitoring endpoints IP whitelist with default values causing issues with Kubernetes probes.

1.3.0

AI Security Rules
Released: 2025-06-03

Highlights:

  • New Feature: AI Security Rules.
  • Fix: Improved WAV bit depth in audio challenges for better browser compatibility.
  • Fix: Corrected CSP policy in JSON editor to restore style loading.
  • Fix: Enhanced protection against replay attacks in /v1/verify/signature.

1.2.0

Enhanced Similarity Matching and Redirects
Released: 2025-05-25

Highlights:

  • New Feature: Links and Redirects – Generate short, shareable links that show a verification challenge before redirecting to the final destination. Helps block bots and abuse before users reach protected URLs.
  • New Feature: Partial Similarity Matching – Identify suspicious phrases within longer text using substring-based detection.
  • Breaking Change: Request logs and alerts now require admin role access.
  • UI Improvements: General design polish and usability enhancements.

1.1.0

First Public Release
Released: 2025-05-19

We’re excited to announce the first public release of ALTCHA Sentinel!

Getting Started:

To begin using ALTCHA Sentinel, follow our Installation Guide.