Release Notes

1.7.1

October 23, 2023

Upgrade Paths

Security Monitoring supports upgrades from these previous versions:

• 1.4.0 - 1.7.0

If your Security Monitoring version is older, you may need to upgrade to an intermediate version before upgrading to the target version.

What’s New

This release includes the following updates:

• Stability and performance improvements

  This release includes stability and performance improvements.

Known Issues

You can find information about known issues in the Known Issues topic.

1.7.0

October 18, 2023

Upgrade Paths

Security Monitoring supports upgrades from these previous versions:

• 1.4.0 - 1.6.0

If your Security Monitoring version is older, you may need to upgrade to an intermediate version before upgrading to the target version.

Changes in Default Behavior

This release has the following changes in default behavior:

• Security Monitoring backend service

  The backend for Security Monitoring is now served by the nms-sm process instead of nms-core. The nms-sm process must be started after installation of the nms-sm package.

Known Issues

You can find information about known issues in the Known Issues topic.

1.6.0

July 20, 2023

Upgrade Paths

Security Monitoring supports upgrades from these previous versions:

• 1.3.0 - 1.5.0

If your Security Monitoring version is older, you may need to upgrade to an intermediate version before upgrading to the target version.

Resolved Issues

This release fixes the following issues. Select an issue’s ID link to view its details.

• Using empty values as filters returns inaccurate results (42941)

Known Issues

You can find information about known issues in the Known Issues topic.

1.5.0

June 12, 2023

Upgrade Paths

Security Monitoring supports upgrades from these previous versions:

• 1.2.0 - 1.4.0

If your Security Monitoring version is older, you may need to upgrade to an intermediate version before upgrading to the target version.

What’s New

This release includes the following updates:

• Improved security monitoring with violation and signature details

  This release adds violation and signature details to Security Monitoring. This information helps you identify false positives and gain a more comprehensive understanding of violations, allowing you to fine-tune your security policies and optimize your threat detection.

Known Issues

You can find information about known issues in the Known Issues topic.

1.4.0

April 26, 2023

Upgrade Paths

Security Monitoring supports upgrades from these previous versions:

• 1.1.0 - 1.3.0

If your Security Monitoring version is older, you may need to upgrade to an intermediate version before upgrading to the target version.

What’s New

This release includes the following updates:

• View violation context for requests in Event logs

  You can now view the request entity and its associated details that triggered a WAF violation from the event logs.

Changes in Default Behavior

This release has the following changes in default behavior:

• Update to the Signature context pie chart

  The Signature context pie chart now shows information related to signature-based violations in requests and URIs, in addition to the already available header, parameter, and cookie information.

Known Issues

You can find information about known issues in the Known Issues topic.

1.3.0

March 21, 2023

Upgrade Paths

Security Monitoring supports upgrades from these previous versions:

• 1.0.0 - 1.2.0

If your Security Monitoring version is older, you may need to upgrade to an intermediate version before upgrading to the target version.

What’s New

This release includes the following updates:

• Top Signatures section added to the Main tab

  The “Top Signatures” section is now available in the “Main” tab of the Security Monitoring module dashboard.

Security Updates

Important:
For the protection of our customers, NGINX doesn’t disclose security issues until an investigation has occurred and a fix is available.

This release includes the following security updates:

• Instance Manager vulnerability CVE-2023-1550

  NGINX Agent inserts sensitive information into a log file (CVE-2023-1550). An authenticated attacker with local access to read NGINX Agent log files may gain access to private keys. This issue is exposed only when the non-default trace-level logging is enabled.

  NGINX Agent is included with NGINX Instance Manager, and used in conjunction with API Connectivity Manager and the Security Monitoring module.

  This issue has been classified as CWE-532: Insertion of Sensitive Information into Log File.

Mitigation

• Avoid configuring trace-level logging in the NGINX Agent configuration file. For more information, refer to the Configuring the NGINX Agent section of NGINX Instance Manager documentation. If trace-level logging is required, ensure only trusted users have access to the log files.

Fixed in

• NGINX Agent 2.23.3
• Instance Manager 2.9.0

For more information, refer to the MyF5 article K000133135.

Changes in Default Behavior

This release has the following changes in default behavior:

• Improved error message when NGNIX Management Suite server is not running

  The Security Monitoring module now displays the message “Upstream unavailable” when the NGINX Instance Manager server is not running, instead of the previous message “Oops something went wrong.”

• Single quotes are automatically escaped in filtered values

  Single quotes in filtered values are automatically escaped to ensure that the data is parsed correctly.

Known Issues

You can find information about known issues in the Known Issues topic.

1.2.0

January 30, 2023

Upgrade Paths

Security Monitoring supports upgrades from these previous versions:

• 1.0.0 - 1.1.0

If your Security Monitoring version is older, you may need to upgrade to an intermediate version before upgrading to the target version.

What’s New

This release includes the following updates:

• Get the latest Signature and Geolocation Databases

  Update the Signature database to get the latest attack signature details.

  Update the Geolocation Database to get the most accurate mapping of IP address to Geolocation.

Resolved Issues

This release fixes the following issues. Select an issue’s ID link to view its details.

• The field retrieving URIs is incorrectly listed as URL (38377)

Known Issues

You can find information about known issues in the Known Issues topic.

1.1.0

December 20, 2022

Upgrade Paths

Security Monitoring supports upgrades from these previous versions:

• 1.0.0

If your Security Monitoring version is older, you may need to upgrade to an intermediate version before upgrading to the target version.

Changes in Default Behavior

This release has the following changes in default behavior:

• Removal of Total Requests count

  The Total Requests count was removed from the Security Monitoring dashboards, to avoid customer confusion, as the value didn’t convey different configuration scenarios for NGINX App Protect on NGINX instances.

• Removal of WAF PASSED requests count

  The count of WAF PASSED requests was removed from the Security Monitoring dashboards to avoid customer confusion, as it counted only requests with violations and not all requests filtered by NGINX App Protect WAF.

Known Issues

You can find information about known issues in the Known Issues topic.

1.0.0

November 17, 2022

What’s New

This release includes the following updates:

• Introducing the NGINX Security Monitoring module

  Use the NGINX Security Monitoring module to monitor the NGINX App Protect WAF protection of your apps and APIs. View protection insights for analyzing possible threats and tuning policies.

  The Security Monitoring module includes the following:

  • Informative dashboards that provide valuable protection insights
  • In-depth security log details to help with analyzing possible threats and making policy decisions

  Refer to the Installation Guide to get started.

Known Issues

You can find information about known issues in the Known Issues topic.