Skip to content

v2.1.0

Latest
Latest

Choose a tag to compare

View all tags
@Anipaleja Anipaleja released this 01 May 03:25
· 52 commits to main since this release
v2.1.0
749ce96
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

nginx-defender v2.1.0

nginx-defender v2.1.0 continues the push toward a more capable, production ready WAF and threat detection platform. This release strengthens the core security architecture, improves operational visibility, and keeps the project aligned with its multi layer defense model: threat intelligence, behavioral analysis, adaptive mitigation, and firewall enforcement.

Highlights

  • Expanded multi-layer security coverage across network, application, and ML-driven detection paths.
  • Stronger authentication and authorization posture, including MFA and RBAC concepts documented in the security architecture.
  • Improved observability with dashboard, metrics, and alerting support for faster incident response.
  • Continued support for multiple firewall backends, including iptables, nftables, and pf.
  • Benchmarking and performance validation remain part of the release process, with reproducible results documented in the repo.

Security and stability

  • Hardened request handling and threat scoring paths.
  • Better support for secure communication defaults, including TLS-focused configuration guidance.
  • Ongoing work to reduce false positives while preserving fast blocking for clearly malicious traffic.

For operators and integrators

  • Review your deployment configuration before upgrading, especially auth, firewall, and notification settings.
  • If you embed nginx-defender as a library, check the examples and refactor notes in the repo for the current integration pattern.
  • Existing users on v2.0.0 should be able to upgrade with minimal disruption, but production deployments should still be validated in staging first.

What's Changed

  • Bump js-yaml from 3.14.1 to 3.14.2 in /bindings/nodejs in the npm_and_yarn group across 1 directory by @dependabot[bot] in #36
  • Bump alpine from 3.22 to 3.23 by @dependabot[bot] in #39
  • Bump axios from 1.12.2 to 1.13.5 in /bindings/nodejs in the npm_and_yarn group across 1 directory by @dependabot[bot] in #40
  • Bump the npm_and_yarn group across 1 directory with 1 update by @dependabot[bot] in #47
  • Bump github.com/slack-go/slack from 0.12.3 to 0.21.0 by @dependabot[bot] in #57
  • Bump golang.org/x/crypto from 0.14.0 to 0.50.0 by @dependabot[bot] in #59
  • Bump axios from 1.15.0 to 1.15.1 in /bindings/nodejs by @dependabot[bot] in #60

Full Changelog: v2.0.0...v2.1.0

Contributors

dependabot
Assets 2
Loading
0 Join discussion