Skip to content

feat: Add WAF 2025 & 2024 changelog entries #1227

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Oct 2, 2025
Merged

feat: Add WAF 2025 & 2024 changelog entries #1227

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7c8a316
feat: Add WAF 2025 & 2024 changelog entries
ADubhlaoich Oct 2, 2025
5fc0b71
Merge branch 'main' into waf/complete-changelog
ADubhlaoich Oct 2, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
215 changes: 215 additions & 0 deletions content/waf/changelog/2024.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,215 @@
---
title: "2024 archive"
# Weights are assigned in increments of 100: determines sorting order
weight: 100
# Creates a table of contents and sidebar, useful for large documents
toc: true
# Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
nd-content-type: reference
# Intended for internal catalogue and search, case sensitive:
# Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
nd-product: NAP-WAF
---

This page is an archive of changelog entries for 2024.

For the current year, view [the top-level changelog]({{< ref "/waf/changelog/">}}) topic.

## F5 WAF for NGINX 5.4 / 4.12

_November 19th, 2024_

### New features

- Added support for Amazon Linux 2023
- NGINX App Protect WAF now supports NGINX Plus R33.
- **5.4 Only:** Added support for [readOnlyFileSystem in Kubernetes deployments]({{< ref "/waf/configure/kubernetes-read-only/" >}})
- **5.4 Only:** Added a [a policy converter to the compiler]({{< ref "/waf/configure/converters.md#policy-converter">}})

Please read the [subscription licenses]({{< ref "/solutions/about-subscription-licenses.md" >}}) topic for information about R33.

### Important notes

- Alpine 3.16 is no longer supported.

### Resolved issues

- (11973) Updated the Go version to 1.23.1
- (11469) _apt-get update_ warning for Ubuntu 22.04

### Known issues

On Ubuntu 24.04, you may receive the following error when uninstalling an old version of NGINX App Protect and installing a newer version:

```text
APP_PROTECT failed to open /opt/app_protect/config/config_set.json
```

This can occur if you are not using the default `nginx.conf` file and are using the `app_protect_enforcer_address` directive.

To fix the problem, remove the file configuration folder and recreate the directory, then restart NGINX.

```shell
sudo rm /opt/app_protect/config
sudo mkdir /opt/app_protect/config
sudo service nginx restart
```

### Packages

{{< table >}}

| Distribution name | NGINX Open Source (5.4) | NGINX Plus (5.4) | NGINX Plus (4.12) |
| ------------------------ | ----------------------------------------------------------------- | -------------------------------------------------------------- |----------------------------------------------------|
| Alpine 3.17 | _app-protect-module-oss-1.27.2+5.210.0-r1.apk_ | _app-protect-module-plus-33+5.210.0-r1.apk_ | _app-protect-33.5.210.0-r1.apk_ |
| Amazon Linux 2023 | _app-protect-module-oss-1.27.2+5.210.0-1.amzn2023.ngx.x86_64.rpm_ | _app-protect-module-plus-33+5.210.0-1.amzn2023.ngx.x86_64.rpm_ | _app-protect-33+5.210.0-1.amzn2023.ngx.x86_64.rpm_ |
| Debian 11 | _app-protect-module-oss_1.27.2+5.210.0-1\~bullseye_amd64.deb_ | _app-protect-module-plus_33+5.210.0-1\~bullseye_amd64.deb_ | _app-protect_33+5.210.0-1\~bullseye_amd64.deb_ |
| Debian 12 | _app-protect-module-oss_1.27.2+5.210.0-1\~bookworm_amd64.deb_ | _app-protect-module-plus_33+5.210.0-1\~bookworm_amd64.deb_ | _app-protect_33+5.210.0-1\~bookworm_amd64.deb_ |
| Oracle Linux 8.1 | _app-protect-module-oss-1.27.2+5.210.0-1.el8.ngx.x86_64.rpm_ | _app-protect-module-plus-33+5.210.0-1.el8.ngx.x86_64.rpm_ | _app-protect-33+5.210.0-1.el8.ngx.x86_64.rpm_ |
| Ubuntu 20.04 | _app-protect-module-oss_1.27.2+5.210.0-1\~focal_amd64.deb_ | _app-protect-module-plus_33+5.210.0-1\~focal_amd64.deb_ | _app-protect_33+5.210.0-1\~focal_amd64.deb_ |
| Ubuntu 22.04 | _app-protect-module-oss_1.27.2+5.210.0-1\~jammy_amd64.deb_ | _app-protect-module-plus_33+5.210.0-1\~jammy_amd64.deb_ | _app-protect_33+5.210.0-1\~jammy_amd64.deb_ |
| Ubuntu 24.04 | _app-protect-module-oss_1.27.2+5.210.0-1\~noble_amd64.deb_ | _app-protect-module-plus_33+5.210.0-1\~noble_amd64.deb_ | _app-protect_33+5.210.0-1\~noble_amd64.deb_ |
| RHEL 8 and Rocky Linux 8 | _app-protect-module-oss-1.27.2+5.210.0-1.el8.ngx.x86_64.rpm_ | _app-protect-module-plus-33+5.210.0-1.el8.ngx.x86_64.rpm_ | _app-protect-33+5.210.0-1.el8.ngx.x86_64.rpm_ |
| RHEL 9 | _app-protect-module-oss-1.27.2+5.210.0-1.el9.ngx.x86_64.rpm_ | _app-protect-module-plus-33+5.210.0-1.el9.ngx.x86_64.rpm_ | _app-protect-33+5.210.0-1.el9.ngx.x86_64.rpm_ |

{{< /table >}}

## F5 WAF for NGINX 5.3 / 4.11

_September 25, 2024_

### New features

- Ubuntu 24.04 support
- **5.3 Only:** [Secure Traffic Between NGINX and App Protect Enforcer]({{< ref "/waf/configure/secure-mtls.md" >}})

### Important notes

- Starting from this release, CentOS 7.4, Rhel 7.4 and Amazon Linux 2 support has been deprecated.

### Resolved issues

- (10775) Resolved a threshold calculation in the base64 decoding mechanism.
- (11426) Resolved log entry of an XFF header that contains more than one value.
- (11272) Resolved an issue where, in certain instances, the original HTTP response code was shown for rejected requests.
- (11568) Support seamless upgrades by using the latest tag instead of hardcoded versions.
- (5302) The enforcer leaves an incomplete job when NGINX reloads during DNS resolution.

### Packages

{{< table >}}

| Distribution name | NGINX Open Source (5.3) | NGINX Plus (5.3) | NGINX Plus (4.11) |
| ------------------------ | ----------------------------------------------------------------- | -------------------------------------------------------------- |----------------------------------------------------|
| Alpine 3.17 | _app-protect-module-oss-1.25.4+5.144.0-r1.apk_ | _app-protect-module-plus-32+5.144.0-r1.apk_ | _app-protect-32.5.144.0-r1.apk_ |
| Amazon Linux 2023 | _app-protect-module-oss-1.25.4+5.144.0-1.amzn2023.ngx.x86_64.rpm_ | _app-protect-module-plus-32+5.144.0-1.amzn2023.ngx.x86_64.rpm_ | _app-protect-32+5.144.0-1.amzn2023.ngx.x86_64.rpm_ |
| Debian 11 | _app-protect-module-oss_1.25.4+5.144.0-1\~bullseye_amd64.deb_ | _app-protect-module-plus_32+5.144.0-1\~bullseye_amd64.deb_ | _app-protect_32+5.144.0-1\~bullseye_amd64.deb_ |
| Debian 12 | _app-protect-module-oss_1.25.4+5.144.0-1\~bookworm_amd64.deb_ | _app-protect-module-plus_32+5.144.0-1\~bookworm_amd64.deb_ | _app-protect_32+5.144.0-1\~bookworm_amd64.deb_ |
| Oracle Linux 8.1 | _app-protect-module-oss-1.25.4+5.144.0-1.el8.ngx.x86_64.rpm_ | _app-protect-module-plus-32+5.144.0-1.el8.ngx.x86_64.rpm_ | _app-protect-32+5.144.0-1.el8.ngx.x86_64.rpm_ |
| Ubuntu 20.04 | _app-protect-module-oss_1.25.4+5.144.0-1\~focal_amd64.deb_ | _app-protect-module-plus_32+5.144.0-1\~focal_amd64.deb_ | _app-protect_32+5.144.0-1\~focal_amd64.deb_ |
| Ubuntu 22.04 | _app-protect-module-oss_1.25.4+5.144.0-1\~jammy_amd64.deb_ | _app-protect-module-plus_32+5.144.0-1\~jammy_amd64.deb_ | _app-protect_32+5.144.0-1\~jammy_amd64.deb_ |
| Ubuntu 24.04 | _app-protect-module-oss_1.25.4+5.144.0-1\~noble_amd64.deb_ | _app-protect-module-plus_32+5.144.0-1\~noble_amd64.deb_ | _app-protect_32+5.144.0-1\~noble_amd64.deb_ |
| RHEL 8 and Rocky Linux 8 | _app-protect-module-oss-1.25.4+5.144.0-1.el8.ngx.x86_64.rpm_ | _app-protect-module-plus-32+5.144.0-1.el8.ngx.x86_64.rpm_ | _app-protect-32+5.144.0-1.el8.ngx.x86_64.rpm_ |
| RHEL 9 | _app-protect-module-oss-1.25.4+5.144.0-1.el9.ngx.x86_64.rpm_ | _app-protect-module-plus-32+5.144.0-1.el9.ngx.x86_64.rpm_ | _app-protect-32+5.144.0-1.el9.ngx.x86_64.rpm_ |

{{< /table >}}

## F5 WAF for NGINX 5.2 / 4.10

_May 29, 2024_

### New features

- [Added apreload]({{< ref "/waf/configure/apreload.md" >}})

### Resolved issues

- (11038) In some scenarios, autodetect does not correctly recognize the internal buffer as base_64 buffer and so does not decode the data.
- (11059) Enforcer may crash in specific scenarios.
- (11105) Update libprotobuf to version 1.33.0+.
- (11148) When following the config guide for starting NAP v5 in docker or kubernetes and leaving nginx.conf without any 'app_protect' directive: changing the conf to include NAP does not work. Enforcer times out every 40 secs waiting for the configuration.

### Packages

{{< table >}}

| Distribution name | NGINX Open Source (5.2) | NGINX Plus (5.2) | NGINX Plus (4.10) |
| ------------------------ | ----------------------------------------------------------------- | -------------------------------------------------------------- |----------------------------------------------------|
| Alpine 3.17 | _app-protect-module-oss-1.25.4+5.144.0-r1.apk_ | _app-protect-module-plus-32+5.144.0-r1.apk_ | _app-protect-32.5.144.0-r1.apk_ |
| Amazon Linux 2023 | _app-protect-module-oss-1.25.4+5.144.0-1.amzn2023.ngx.x86_64.rpm_ | _app-protect-module-plus-32+5.144.0-1.amzn2023.ngx.x86_64.rpm_ | _app-protect-32+5.144.0-1.amzn2023.ngx.x86_64.rpm_ |
| Debian 11 | _app-protect-module-oss_1.25.4+5.144.0-1\~bullseye_amd64.deb_ | _app-protect-module-plus_32+5.144.0-1\~bullseye_amd64.deb_ | _app-protect_32+5.144.0-1\~bullseye_amd64.deb_ |
| Debian 12 | _app-protect-module-oss_1.25.4+5.144.0-1\~bookworm_amd64.deb_ | _app-protect-module-plus_32+5.144.0-1\~bookworm_amd64.deb_ | _app-protect_32+5.144.0-1\~bookworm_amd64.deb_ |
| Oracle Linux 8.1 | _app-protect-module-oss-1.25.4+5.144.0-1.el8.ngx.x86_64.rpm_ | _app-protect-module-plus-32+5.144.0-1.el8.ngx.x86_64.rpm_ | _app-protect-32+5.144.0-1.el8.ngx.x86_64.rpm_ |
| Ubuntu 20.04 | _app-protect-module-oss_1.25.4+5.144.0-1\~focal_amd64.deb_ | _app-protect-module-plus_32+5.144.0-1\~focal_amd64.deb_ | _app-protect_32+5.144.0-1\~focal_amd64.deb_ |
| Ubuntu 22.04 | _app-protect-module-oss_1.25.4+5.144.0-1\~jammy_amd64.deb_ | _app-protect-module-plus_32+5.144.0-1\~jammy_amd64.deb_ | _app-protect_32+5.144.0-1\~jammy_amd64.deb_ |
| RHEL 8 and Rocky Linux 8 | _app-protect-module-oss-1.25.4+5.144.0-1.el8.ngx.x86_64.rpm_ | _app-protect-module-plus-32+5.144.0-1.el8.ngx.x86_64.rpm_ | _app-protect-32+5.144.0-1.el8.ngx.x86_64.rpm_ |
| RHEL 9 | _app-protect-module-oss-1.25.4+5.144.0-1.el9.ngx.x86_64.rpm_ | _app-protect-module-plus-32+5.144.0-1.el9.ngx.x86_64.rpm_ | _app-protect-32+5.144.0-1.el9.ngx.x86_64.rpm_ |

{{< /table >}}

## F5 WAF for NGINX 5.1 / 4.9

_April 18, 2024_

### New features

- Authorization Rules in URLs
- New [JSON Web Token]({{< ref "/waf/policies/jwt-protection.md" >}}) signature signing algorithm support for:
- **RSA**: RS256, RS384, RS512
- **PSS**: PS256, PS384, PS512
- **ECDSA**: ES256, ES256K, ES384, ES512
- **EdDSA**
- [Time-based signature staging]({{< ref "/waf/policies/time-based-signature-staging.md" >}})

### Resolved issues

- (10250/10251) Fixed issues related to upgrading on Debian and Ubuntu.
- (10219/10512) Resolved issues related to base64 detection and decoding.
- (10465) Resolved the "header already sent" alert message in the NGINX error log.

### Packages

{{< table >}}

| Distribution name | NGINX Open Source (5.1) | NGINX Plus (5.1) | NGINX Plus (4.9) |
| ------------------------ | ----------------------------------------------------------------- | -------------------------------------------------------------- |----------------------------------------------------|
| Alpine 3.17 | _app-protect-module-oss-1.25.4+5.17.0-r1.apk_ | _app-protect-module-plus-31+5.17.0-r1.apk_ | _app-protect-31.5.17.0-r1.apk_ |
| Amazon Linux 2023 | _app-protect-module-oss-1.25.4+5.17.0-1.amzn2023.ngx.x86_64.rpm_ | _app-protect-module-plus-31+5.17.0-1.amzn2023.ngx.x86_64.rpm_ | _app-protect-31+5.17.0-1.amzn2023.ngx.x86_64.rpm_ |
| Debian 11 | _app-protect-module-oss_1.25.4+5.17.0-1\~bullseye_amd64.deb_ | _app-protect-module-plus_31+5.17.0-1\~bullseye_amd64.deb_ | _app-protect_31+5.17.0-1\~bullseye_amd64.deb_ |
| Debian 12 | _app-protect-module-oss_1.25.4+5.17.0-1\~bookworm_amd64.deb_ | _app-protect-module-plus_31+5.17.0-1\~bookworm_amd64.deb_ | _app-protect_31+5.17.0-1\~bookworm_amd64.deb_ |
| Oracle Linux 8.1 | _app-protect-module-oss-1.25.4+5.17.0-1.el8.ngx.x86_64.rpm_ | _app-protect-module-plus-31+5.17.0-1.el8.ngx.x86_64.rpm_ | _app-protect-31+5.17.0-1.el8.ngx.x86_64.rpm_ |
| Ubuntu 20.04 | _app-protect-module-oss_1.25.4+5.17.0-1\~focal_amd64.deb_ | _app-protect-module-plus_31+5.17.0-1\~focal_amd64.deb_ | _app-protect_31+5.17.0-1\~focal_amd64.deb_ |
| Ubuntu 22.04 | _app-protect-module-oss_1.25.4+5.17.0-1\~jammy_amd64.deb_ | _app-protect-module-plus_31+5.17.0-1\~jammy_amd64.deb_ | _app-protect_31+5.17.0-1\~jammy_amd64.deb_ |
| RHEL 7 | _app-protect-module-oss-1.25.4+5.17.0-1.el7.ngx.x86_64.rpm | _app-protect-module-plus-31+5.17.0-1.el7.ngx.x86_64.rpm_ | _app-protect-31+5.17.0-1.el7.ngx.x86_64.rpm_ |
| RHEL 8 and Rocky Linux 8 | _app-protect-module-oss-1.25.4+5.17.0-1.el8.ngx.x86_64.rpm_ | _app-protect-module-plus-31+5.17.0-1.el8.ngx.x86_64.rpm_ | _app-protect-31+5.17.0-1.el8.ngx.x86_64.rpm_ |
| RHEL 9 | _app-protect-module-oss-1.25.4+5.17.0-1.el9.ngx.x86_64.rpm_ | _app-protect-module-plus-31+5.17.0-1.el9.ngx.x86_64.rpm_ | _app-protect-31+5.17.0-1.el9.ngx.x86_64.rpm_ |

{{< /table >}}

## F5 WAF for NGINX 5.0 / 4.8.1

_March 19, 2024_

### New features

- [New deployment types]({{< ref "/waf/fundamentals/technical-specifications.md#supported-deployment-environments" >}})
- [Security policy and logging profile bundles]({{< ref "/waf/configure/compiler.md">}})

### Packages

{{< table >}}

| Distribution name | NGINX Open Source (5.1) | NGINX Plus (5.1) | NGINX Plus (4.9) |
| ------------------------ | ----------------------------------------------------------------- | -------------------------------------------------------------- |----------------------------------------------------|
| Alpine 3.17 | _app-protect-module-oss-1.25.4+4.815.0-r1.apk_ | _app-protect-module-plus-31+4.815.0-r1.apk_ | _app-protect-31.4.815.0-r1.apk_ |
| Amazon Linux 2023 | _app-protect-module-oss-1.25.4+4.815.0-1.amzn2023.ngx.x86_64.rpm_ | _app-protect-module-plus-31+4.815.0-1.amzn2023.ngx.x86_64.rpm_ | _app-protect-31+4.815.0-1.amzn2023.ngx.x86_64.rpm_ |
| Debian 11 | _app-protect-module-oss_1.25.4+4.815.0-1\~bullseye_amd64.deb_ | _app-protect-module-plus_31+4.815.0-1\~bullseye_amd64.deb_ | _app-protect_31+4.815.0-1\~bullseye_amd64.deb_ |
| Debian 12 | _app-protect-module-oss_1.25.4+4.815.0-1\~bookworm_amd64.deb_ | _app-protect-module-plus_31+4.815.0-1\~bookworm_amd64.deb_ | _app-protect_31+4.815.0-1\~bookworm_amd64.deb_ |
| Oracle Linux 8.1 | _app-protect-module-oss-1.25.4+4.815.0-1.el8.ngx.x86_64.rpm_ | _app-protect-module-plus-31+4.815.0-1.el8.ngx.x86_64.rpm_ | _app-protect-31+4.815.0-1.el8.ngx.x86_64.rpm_ |
| Ubuntu 20.04 | _app-protect-module-oss_1.25.4+4.815.0-1\~focal_amd64.deb_ | _app-protect-module-plus_31+4.815.0-1\~focal_amd64.deb_ | _app-protect_31+4.815.0-1\~focal_amd64.deb_ |
| Ubuntu 22.04 | _app-protect-module-oss_1.25.4+4.815.0-1\~jammy_amd64.deb_ | _app-protect-module-plus_31+4.815.0-1\~jammy_amd64.deb_ | _app-protect_31+4.815.0-1\~jammy_amd64.deb_ |
| RHEL 7 | _app-protect-module-oss-1.25.4+4.815.0-1.el7.ngx.x86_64.rpm | _app-protect-module-plus-31+4.815.0-1.el7.ngx.x86_64.rpm_ | _app-protect-31+4.815.0-1.el7.ngx.x86_64.rpm_ |
| RHEL 8 and Rocky Linux 8 | _app-protect-module-oss-1.25.4+4.815.0-1.el8.ngx.x86_64.rpm_ | _app-protect-module-plus-31+4.815.0-1.el8.ngx.x86_64.rpm_ | _app-protect-31+4.815.0-1.el8.ngx.x86_64.rpm_ |
| RHEL 9 | _app-protect-module-oss-1.25.4+4.815.0-1.el9.ngx.x86_64.rpm_ | _app-protect-module-plus-31+4.815.0-1.el9.ngx.x86_64.rpm_ | _app-protect-31+4.815.0-1.el9.ngx.x86_64.rpm_ |

{{< /table >}}
Loading