Philterd

Talk to the Team

Tell us about your stack and the privacy problems you're trying to solve. We typically respond within one business day.

Prefer email? support@philterd.ai

Prefer to skip the form? Pick a time on our calendar →
or send a message

Please do not enter PII or PHI in this form. If you need to share an example, use a sanitized one.

← All posts

Phileas 4.0.0

By Phileas

Phileas 4.0.0 has been released and is available now on Maven Central as ai.philterd:phileas:4.0.0. This is a major version of the open source library that finds and redacts PII and PHI in text, and the engine underneath Philter. The headline themes are stronger cryptography, hardening against untrusted input, and a faster redaction pipeline.

Security hardening

  • Authenticated encryption. The encrypt and format-preserving encryption filter strategies now use authenticated AES-GCM in place of AES-CBC with a static IV. Encrypted values are both confidential and tamper-evident, and identical plaintext no longer produces identical ciphertext.
  • ReDoS protection. A new configurable regex match timeout (regex.timeout.ms) guards user-supplied identifier and section patterns. A pathological or adversarial pattern can no longer hang the redaction pipeline.

Performance

  • No more O(n^2) span shifting. The replacement loop in the unstructured document processor was rewritten so applying redactions across many detected spans scales linearly instead of quadratically.
  • Precompiled regexes and a hand-written Span.equals cut per-document overhead on the hot path.
  • Exact set lookups replace dictionary bloom filters, removing the false-positive surface bloom filters carried while keeping lookups fast.

New capabilities

  • PhiSQL as a policy input. Policies can now be loaded from PhiSQL, the declarative query language for PII operations, via Policy.fromPhiSQL. Express what to detect and how to handle it in PhiSQL instead of hand-writing JSON.
  • Spelled-out ages. The age filter now detects ages written as words, not just digits.
  • Valid VIN replacements. Synthetic VIN replacements are generated only from the valid VIN character set (excluding I, O, and Q), so replaced values still pass VIN validation downstream.

Alongside these, 4.0.0 includes a batch of correctness fixes: an anonymization bug where a detected token equal to an existing replacement value could be left unredacted (surfacing as the literal text null), corrected sensitivity levels on fuzzy filters, and improved span disambiguation when multiple filters overlap.

Breaking changes

This is a major version because it carries breaking changes. The largest is that the redaction policy schema is now managed externally and upstream, rather than living inside Phileas. Decoupling the schema from the library lets each evolve independently and lets the same schema be reused by other PII-focused applications. The full set of breaking changes and upgrade notes is in the release notes.

Upgrading

Phileas 4.0.0 is built on Java 25, so confirm your runtime before upgrading. Then bump the Maven coordinate:

<dependency>
    <groupId>ai.philterd</groupId>
    <artifactId>phileas</artifactId>
    <version>4.0.0</version>
</dependency>

See the Phileas product page for the full feature overview and the documentation for configuration details, including the new regex.timeout.ms setting and PhiSQL policy loading.

Related posts: