NGINX App Protect WAF Release 4.7
December 19, 2023
In this release, NGINX App Protect WAF supports NGINX Plus R31.
New Features
Supported Packages
App Protect
Alpine 3.16
- app-protect-31.4.641.0-r1.apk
Alpine 3.17
- app-protect-31.4.641.0-r1.apk
CentOS 7.4+ / RHEL 7.4+ / Amazon Linux 2
- app-protect-31+4.641.0-1.el7.ngx.x86_64.rpm
Debian 11
- app-protect_31+4.641.0-1~bullseye_amd64.deb
Oracle Linux 8.1+
- app-protect-31+4.641.0-1.el8.ngx.x86_64.rpm
RHEL 8.1+
- app-protect-31+4.641.0-1.el8.ngx.x86_64.rpm
RHEL 9+
- app-protect-31+4.641.0-1.el9.ngx.x86_64.rpm
Ubuntu 20.04
- app-protect_31+4.641.0-1~focal_amd64.deb
Ubuntu 22.04
- app-protect_31+4.641.0-1~jammy_amd64.deb
NGINX Plus
- NGINX Plus R31
Resolved Issues
- 9065 Fixed - Increasing the limit for “max_request_size” in log configuration from 2k to 10k. The default will change from “any” to 2k to maintain the old behaviour.
- 9297 Fixed - Add new limit from
responseCheckLength
to response ingress event handling in order to reduce the memory used for buffering.
Limitation
- 9992 - There is a limitation on Edwards-curve Digital Signature Algorithm (EdDSA) protocol on CentOS 7 as the Enforcer does not support this protocol on this Operating System (OS). When a JSON Web Token (JWT) signed with EdDSA is used on CentOS 7, it results in a
VIOL_ACCESS_INVALID
error.
Important Notes
-
Starting with this release, the bot signatures list is generated automatically as a part of the app-protect-bot-signatures package, which is a dependency of the app-protect-compiler package. It resembles a format similar to the README-style text file found in the attack signature. Refer to the Bot Signatures Update File for more details.
-
Starting with the next release version of NGINX App Protect WAF, the existing bot signatures file
included_bot_signatures
which is located at the following path:/opt/app-protect/var/update_files/included_bot_signatures
will be removed from the app-protect-compile package.
Last modified March 26, 2024