NGINX App Protect WAF Release 5.2

May 29, 2024

Note:
All existing policy bundles and log bundles must be recompiled post upgrade using this version’s WAF compiler. Older bundles will be detected and disallowed.

New Features

In this release, NGINX App Protect WAF supports NGINX Open Source 1.25.5 and NGINX Plus R32.

• Apreload support

Supported Packages

App Protect Module for NGINX Open Source

Alpine Linux 3.16 / Alpine Linux 3.17

• app-protect-module-oss-1.25.5.5.48.0-r1.apk

Debian 11

• app-protect-module-oss_1.25.5+5.48.0-1~bullseye_amd64.deb

Debian 12

• app-protect-module-oss_1.25.5+5.48.0-1~bookworm_amd64.deb

Ubuntu 20.04

• app-protect-module-oss_1.25.5+5.48.0-1~focal_amd64.deb

Ubuntu 22.04

• app-protect-module-oss_1.25.5+5.48.0-1~jammy_amd64.deb

RHEL 7.4+ / CentOS 7.4+ / Amazon Linux 2

• app-protect-module-oss-1.25.5+5.48.0-1.el7.ngx.x86_64.rpm

RHEL 8.1+ / Oracle Linux 8.1+

• app-protect-module-oss-1.25.5+5.48.0-1.el8.ngx.x86_64.rpm

RHEL 9+

• app-protect-module-oss-1.25.5+5.48.0-1.el9.ngx.x86_64.rpm

App Protect Module for NGINX Plus

Alpine Linux 3.16 / Alpine Linux 3.17

• app-protect-module-plus-32.5.48.0-r1.apk

Debian 11

• app-protect-module-plus_32+5.48.0-1~bullseye_amd64.deb

Debian 12

• app-protect-module-plus_32+5.48.0-1~bookworm_amd64.deb

Ubuntu 20.04

• app-protect-module-plus_32+5.48.0-1~focal_amd64.deb

Ubuntu 22.04

• app-protect-module-plus_32+5.48.0-1~jammy_amd64.deb

RHEL 7.4+ / CentOS 7.4+ / Amazon Linux 2

• app-protect-module-plus-32+5.48.0-1.el7.ngx.x86_64.rpm

RHEL 8.1+ / Oracle Linux 8.1+

• app-protect-module-plus-32+5.48.0-1.el8.ngx.x86_64.rpm

RHEL 9+

• app-protect-module-plus-33+5.48.0-1.el9.ngx.x86_64.rpm

Resolved Issues

• 11038 Fixed - In some scenarios, autodetect does not correctly recognize the internal buffer as base_64 buffer and so does not decode the data.
• 11059 Fixed - Enforcer may crash in specific scenarios.
• 11105 Fixed - Update libprotobuf to version 1.33.0+.
• 11148 Fixed - When following the config guide for starting NAP v5 in docker or kubernetes and leaving nginx.conf without any ‘app_protect’ directive: changing the conf to include NAP does not work. Enforcer times out every 40 secs waiting for the configuration.