# Release v2.7.0 - April, 2025

### Overview

This release introduces **Suspicious IP Throttling**, a comprehensive set of security features that safeguard applications against unauthorized access, brute force attacks, and malicious IP activities.

This release introduces enhanced detection, throttling, and blocking mechanisms to ensure **trusted access while mitigating suspicious behavior**.

### Key Functionality

1. **Trusted IPs**
   * Allows administrators to configure a **whitelist of trusted IP addresses**.
   * Users connecting from trusted IPs can bypass security challenges.
   * Ensures a smooth login experience for corporate networks or approved remote IPs.

***

2. **Anomaly Detection Check**
   * Monitors incoming traffic against **historical user activity patterns**.
   * If a request comes from an IP previously marked as **blocked or suspicious**, the system will automatically deny access.
   * Prevents attackers from reusing compromised IPs.

***

3. **Brute Force Attack Check**
   * Detects **multiple failed login attempts from the same IP**.
   * Automatically marks the IP as suspicious and triggers **CAPTCHA** or **IP blocking**.
   * Reduces risk of credential stuffing and password spraying attacks.

***

4. **Activity Event Criteria**
   * Provides **fine-grained control** over login failure thresholds.
   * Admins can configure:
     * **Event Type** (e.g., `user_login_failure`)
     * **Time Range (seconds)** – period in which attempts are counted
     * **Attempts** – number of failures allowed
     * **Cooling Period (seconds)** – block duration after threshold is reached
     * Example: If 3 failed login attempts occur within 30 seconds, the IP is blocked for 10 minutes.

***

5.  **External IP Threat Providers**
   * Integrates with **third-party threat intelligence databases**.
   * If an IP is flagged as malicious in the external DB, the system will automatically block it.
   * Ensures proactive defense against **known global attack sources**.