diff --git a/.github/workflows/regression.yml b/.github/workflows/regression.yml index dca2641d90..7252059449 100644 --- a/.github/workflows/regression.yml +++ b/.github/workflows/regression.yml @@ -275,7 +275,7 @@ jobs: - name: Generate WAF v5 tgz from JSON run: | - docker run --rm --user root -v /var/run/docker.sock:/var/run/docker.sock -v ${{ github.workspace }}/tests/data/ap-waf-v5:/data gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/nap/waf-compiler:5.8.0 -p /data/wafv5.json -o /data/wafv5.tgz + docker run --rm --user root -v /var/run/docker.sock:/var/run/docker.sock -v ${{ github.workspace }}/tests/data/ap-waf-v5:/data gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/nap/waf-compiler:5.9.0 -p /data/wafv5.json -o /data/wafv5.tgz if: ${{ contains(matrix.images.image, 'nap-v5')}} - name: Run Regression Tests diff --git a/.github/workflows/setup-smoke.yml b/.github/workflows/setup-smoke.yml index 4ed8fb9205..184715ceeb 100644 --- a/.github/workflows/setup-smoke.yml +++ b/.github/workflows/setup-smoke.yml @@ -152,7 +152,7 @@ jobs: - name: Generate WAF v5 tgz from JSON run: | - docker run --rm --user root -v /var/run/docker.sock:/var/run/docker.sock -v ${{ github.workspace }}/tests/data/ap-waf-v5:/data gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/nap/waf-compiler:5.8.0 -p /data/wafv5.json -o /data/wafv5.tgz + docker run --rm --user root -v /var/run/docker.sock:/var/run/docker.sock -v ${{ github.workspace }}/tests/data/ap-waf-v5:/data gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/nap/waf-compiler:5.9.0 -p /data/wafv5.json -o /data/wafv5.tgz if: ${{ contains(inputs.image, 'nap-v5')}} - name: Run Smoke Tests diff --git a/Makefile b/Makefile index 551a3ee220..8a1c1fb42e 100644 --- a/Makefile +++ b/Makefile @@ -4,9 +4,9 @@ GIT_TAG = $(shell git describe --exact-match --tags || echo untagged) VERSION = $(VER)-SNAPSHOT NGINX_OSS_VERSION ?= 1.29 NGINX_PLUS_VERSION ?= R35 -NAP_WAF_VERSION ?= 35+5.498 -NAP_WAF_COMMON_VERSION ?= 11.533 -NAP_WAF_PLUGIN_VERSION ?= 6.20.0 +NAP_WAF_VERSION ?= 35+5.527 +NAP_WAF_COMMON_VERSION ?= 11.559 +NAP_WAF_PLUGIN_VERSION ?= 6.23.0 NGINX_AGENT_VERSION ?= 3.3 PLUS_ARGS = --build-arg NGINX_PLUS_VERSION=$(NGINX_PLUS_VERSION) --secret id=nginx-repo.crt,src=nginx-repo.crt --secret id=nginx-repo.key,src=nginx-repo.key diff --git a/build/Dockerfile b/build/Dockerfile index c80d40ed43..0abc4de47d 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -2,9 +2,9 @@ ARG BUILD_OS=debian ARG NGINX_OSS_VERSION=1.29 ARG NGINX_PLUS_VERSION=R35 -ARG NAP_WAF_VERSION=35+5.498 -ARG NAP_WAF_COMMON_VERSION=11.533 -ARG NAP_WAF_PLUGIN_VERSION=6.20.0 +ARG NAP_WAF_VERSION=35+5.527 +ARG NAP_WAF_COMMON_VERSION=11.559 +ARG NAP_WAF_PLUGIN_VERSION=6.23.0 ARG NGINX_AGENT_VERSION=3.3 ARG DOWNLOAD_TAG=edge ARG DEBIAN_FRONTEND=noninteractive diff --git a/charts/nginx-ingress/values.schema.json b/charts/nginx-ingress/values.schema.json index 1fe9b4deb3..6159a95bea 100644 --- a/charts/nginx-ingress/values.schema.json +++ b/charts/nginx-ingress/values.schema.json @@ -350,10 +350,10 @@ }, "tag": { "type": "string", - "default": "5.8.0", + "default": "5.9.0", "title": "The tag of the App Protect WAF v5 Enforcer image", "examples": [ - "5.8.0" + "5.9.0" ] }, "digest": { @@ -389,7 +389,7 @@ "examples": [ { "repository": "private-registry.nginx.com/nap/waf-enforcer", - "tag": "5.8.0", + "tag": "5.9.0", "pullPolicy": "IfNotPresent" } ] @@ -422,10 +422,10 @@ }, "tag": { "type": "string", - "default": "5.8.0", + "default": "5.9.0", "title": "The tag of the App Protect WAF v5 Config Manager image", "examples": [ - "5.8.0" + "5.9.0" ] }, "digest": { @@ -461,7 +461,7 @@ "examples": [ { "repository": "private-registry.nginx.com/nap/waf-config-mgr", - "tag": "5.8.0", + "tag": "5.9.0", "pullPolicy": "IfNotPresent" } ] @@ -2020,7 +2020,7 @@ "port": 50000, "image": { "repository": "private-registry.nginx.com/nap/waf-enforcer", - "tag": "5.8.0", + "tag": "5.9.0", "pullPolicy": "IfNotPresent" }, "securityContext": {} @@ -2028,7 +2028,7 @@ "configManager": { "image": { "repository": "private-registry.nginx.com/nap/waf-config-mgr", - "tag": "5.8.0", + "tag": "5.9.0", "pullPolicy": "IfNotPresent" }, "securityContext": { @@ -2660,7 +2660,7 @@ "port": 50000, "image": { "repository": "private-registry.nginx.com/nap/waf-enforcer", - "tag": "5.8.0", + "tag": "5.9.0", "pullPolicy": "IfNotPresent" }, "securityContext": {} @@ -2668,7 +2668,7 @@ "configManager": { "image": { "repository": "private-registry.nginx.com/nap/waf-config-mgr", - "tag": "5.8.0", + "tag": "5.9.0", "pullPolicy": "IfNotPresent" }, "securityContext": { diff --git a/charts/nginx-ingress/values.yaml b/charts/nginx-ingress/values.yaml index 8693a0517c..bd8c29892c 100644 --- a/charts/nginx-ingress/values.yaml +++ b/charts/nginx-ingress/values.yaml @@ -84,7 +84,7 @@ controller: repository: private-registry.nginx.com/nap/waf-enforcer ## The tag of the App Protect WAF v5 Enforcer image. - tag: "5.8.0" + tag: "5.9.0" ## The digest of the App Protect WAF v5 Enforcer image. ## If digest is specified it has precedence over tag and will be used instead # digest: "sha256:CHANGEME" @@ -100,7 +100,7 @@ controller: repository: private-registry.nginx.com/nap/waf-config-mgr ## The tag of the App Protect WAF v5 Configuration Manager image. - tag: "5.8.0" + tag: "5.9.0" ## The digest of the App Protect WAF v5 Configuration Manager image. ## If digest is specified it has precedence over tag and will be used instead # digest: "sha256:CHANGEME" diff --git a/charts/tests/__snapshots__/helmunit_test.snap b/charts/tests/__snapshots__/helmunit_test.snap index 3d91c099a9..3a12a7696e 100755 --- a/charts/tests/__snapshots__/helmunit_test.snap +++ b/charts/tests/__snapshots__/helmunit_test.snap @@ -1936,7 +1936,7 @@ spec: - -weight-changes-dynamic-reload=false - name: waf-enforcer - image: my.private.reg/nap/waf-enforcer:5.8.0 + image: my.private.reg/nap/waf-enforcer:5.9.0 imagePullPolicy: "IfNotPresent" env: - name: ENFORCER_PORT @@ -1947,7 +1947,7 @@ spec: - name: app-protect-bd-config mountPath: /opt/app_protect/bd_config - name: waf-config-mgr - image: my.private.reg/nap/waf-config-mgr:5.8.0 + image: my.private.reg/nap/waf-config-mgr:5.9.0 imagePullPolicy: "IfNotPresent" securityContext: @@ -2519,7 +2519,7 @@ spec: - -agent-instance-group=app-protect-wafv5-agentv2-nginx-ingress-controller - name: waf-enforcer - image: my.private.reg/nap/waf-enforcer:5.8.0 + image: my.private.reg/nap/waf-enforcer:5.9.0 imagePullPolicy: "IfNotPresent" env: - name: ENFORCER_PORT @@ -2530,7 +2530,7 @@ spec: - name: app-protect-bd-config mountPath: /opt/app_protect/bd_config - name: waf-config-mgr - image: my.private.reg/nap/waf-config-mgr:5.8.0 + image: my.private.reg/nap/waf-config-mgr:5.9.0 imagePullPolicy: "IfNotPresent" securityContext: diff --git a/cmd/nginx-ingress/main.go b/cmd/nginx-ingress/main.go index 9b039002d2..9016e16c43 100644 --- a/cmd/nginx-ingress/main.go +++ b/cmd/nginx-ingress/main.go @@ -12,7 +12,6 @@ import ( "os/signal" "path/filepath" "reflect" - "regexp" "runtime" "strings" "syscall" @@ -146,8 +145,7 @@ func main() { if *appProtect { appProtectVersion = getAppProtectVersionInfo(ctx) - r := regexp.MustCompile("^5.*") - if r.MatchString(appProtectVersion) { + if _, err := os.Stat("/opt/app_protect/VERSION.common"); os.IsNotExist(err) { appProtectV5 = true appProtectBundlePath = appProtectv5BundleFolder } diff --git a/tests/data/modules/data.json b/tests/data/modules/data.json index ead2e1dfd2..9ed3defab0 100644 --- a/tests/data/modules/data.json +++ b/tests/data/modules/data.json @@ -80,11 +80,11 @@ }, { "name": "nginx-plus-module-appprotect", - "version": "35+5.498" + "version": "35+5.527" }, { "name": "app-protect", - "version": "35+5.498" + "version": "35+5.527" }, { "name": "app-protect-attack-signatures", @@ -126,15 +126,15 @@ }, { "name": "nginx-plus-module-appprotect", - "version": "35+5.498" + "version": "35+5.527" }, { "name": "app-protect-module-plus", - "version": "35+5.498" + "version": "35+5.527" }, { "name": "app-protect-plugin", - "version": "6.20.0" + "version": "6.23.0" }, { "name": "nginx-agent", @@ -202,11 +202,11 @@ }, { "name": "nginx-plus-module-appprotect", - "version": "35+5.498" + "version": "35+5.527" }, { "name": "app-protect", - "version": "35+5.498" + "version": "35+5.527" }, { "name": "app-protect-attack-signatures", @@ -349,11 +349,11 @@ }, { "name": "nginx-plus-module-appprotect", - "version": "35.5.498" + "version": "35.5.527" }, { "name": "app-protect", - "version": "35.5.498" + "version": "35.5.527" }, { "name": "app-protect-attack-signatures", @@ -395,15 +395,15 @@ }, { "name": "nginx-plus-module-appprotect", - "version": "35.5.498" + "version": "35.5.527" }, { "name": "app-protect-module-plus", - "version": "35.5.498" + "version": "35.5.527" }, { "name": "app-protect-plugin", - "version": "6.20.0" + "version": "6.23.0" } ], "system": "alpine", @@ -495,11 +495,11 @@ }, { "name": "nginx-plus-module-appprotect", - "version": "35+5.498" + "version": "35+5.527" }, { "name": "app-protect", - "version": "35+5.498" + "version": "35+5.527" }, { "name": "app-protect-attack-signatures", @@ -541,15 +541,15 @@ }, { "name": "nginx-plus-module-appprotect", - "version": "35+5.498" + "version": "35+5.527" }, { "name": "app-protect-module-plus", - "version": "35+5.498" + "version": "35+5.527" }, { "name": "app-protect-plugin", - "version": "6.20.0" + "version": "6.23.0" } ], "system": "ubi", @@ -583,11 +583,11 @@ }, { "name": "nginx-plus-module-appprotect", - "version": "35+5.498" + "version": "35+5.527" }, { "name": "app-protect", - "version": "35+5.498" + "version": "35+5.527" }, { "name": "app-protect-attack-signatures", @@ -629,15 +629,15 @@ }, { "name": "nginx-plus-module-appprotect", - "version": "35+5.498" + "version": "35+5.527" }, { "name": "app-protect-module-plus", - "version": "35+5.498" + "version": "35+5.527" }, { "name": "app-protect-plugin", - "version": "6.20.0" + "version": "6.23.0" } ], "system": "ubi", @@ -701,7 +701,7 @@ }, { "name": "nginx-plus-module-appprotect", - "version": "35+5.498" + "version": "35+5.527" }, { "name": "nginx-plus-module-appprotectdos", @@ -713,7 +713,7 @@ }, { "name": "app-protect", - "version": "35+5.498" + "version": "35+5.527" }, { "name": "app-protect-attack-signatures", diff --git a/tests/settings.py b/tests/settings.py index 585a7b86aa..335cbb80fa 100644 --- a/tests/settings.py +++ b/tests/settings.py @@ -33,4 +33,4 @@ # Nginx registry address to pull waf components from NGX_REG = "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr" # WAF component version to pull from above registry -WAF_V5_VERSION = "5.8.0" +WAF_V5_VERSION = "5.9.0"