Release Notes
These release notes list and describe the new features, enhancements, and resolved issues in the NGINX Management Suite Security Monitoring module.
Dependencies with Instance Manger, NGINX App Protect WAF, and NGINX Plus
The Security Monitoring module requires the following versions of Instance Manager to be installed on the management plane:
| Security Monitoring | Instance Manager |
|---|---|
| 1.3.0 | 2.9.0 |
| 1.2.0 | 2.8.0 |
| 1.1.0 | 2.7.0 |
| 1.0.0 | 2.6.0 |
Important:
The Security Monitoring module installation does not automatically install or upgrade Instance Manager. You’ll need to manually install Instance Manager, or upgrade it to a version supported for use with Security Monitoring.
The Security Monitoring module requires the following versions of NGINX App Protect WAF and NGINX Plus for the data plane:
| Security Monitoring | NGINX App Protect WAF |
|---|---|
| 1.3.0 | Release 3.12.2 - 4.2.0 |
| 1.2.0 | Release 3.12.2 - 4.1.0 |
| 1.1.0 | Release 3.12.2 - 4.0.0 |
| 1.0.0 | Release 3.12.2 |
1.3.0
March 21, 2023
What’s New
-
Top Signatures section added to the Main tab
The “Top Signatures” section is now available in the “Main” tab of the Security Monitoring module.
Security Update
Important:
For the protection of our customers, NGINX doesn’t disclose security issues until an investigation has occurred and a fix is available.
This release includes the following security update:
-
Instance Manager vulnerability CVE-2023-1550
NGINX Agent inserts sensitive information into a log file (CVE-2023-1550). An authenticated attacker with local access to read NGINX Agent log files may gain access to private keys. This issue is exposed only when the non-default trace-level logging is enabled.
NGINX Agent is included with NGINX Instance Manager, and used in conjunction with API Connectivity Manager and the Security Monitoring module.
This issue has been classified as CWE-532: Insertion of Sensitive Information into Log File.
Mitigation
- Avoid configuring trace-level logging in the NGINX Agent configuration file. For more information, refer to the Configuring the NGINX Agent section of NGINX Management Suite documentation. If trace-level logging is required, ensure only trusted users have access to the log files.
Fixed in
- NGINX Agent 2.23.3
- Instance Manager 2.9.0
For more information, refer to the MyF5 article K000133135.
Changes in Default Behavior
-
Improved error message when NGINX Management Suite server is not running
The Security Monitoring module now displays the message “Upstream unavailable” when the NGINX Management Suite server is not running, instead of the previous message “Oops something went wrong.”
-
Single quotes are automatically escaped in filtered values
Single quotes in filtered values are automatically escaped to ensure that the data is parsed correctly.
Known Issues
- To view the known issues in this release, see the Known Issues topic.
1.2.0
January 30, 2023
What’s New
-
Get the latest Signature and Geolocation Databases
Update the Signature database to get the latest attack signature details.
Update the Geolocation Database to get the most accurate mapping of IP address to Geolocation.
Resolved Issues
This release fixes the following issue. To view the history for an issue, see the Known Issues list.
- The field retrieving URIs is incorrectly listed as URL (38377)
Known Issues
- To view the known issues in this release, see the Known Issues topic.
1.1.0
December 20, 2022
What’s New
- This release includes stability and performance improvements.
Changes in Default Behavior
Security Monitoring 1.1.0 has the following changes in default behavior:
-
Removal of Total Requests count
The Total Requests count was removed from the Security Monitoring dashboards, to avoid customer confusion, as the value didn’t convey different configuration scenarios for NGINX App Protect on NGINX instances.
-
Removal of WAF PASSED requests count
The count of WAF
PASSEDrequests was removed from the Security Monitoring dashboards to avoid customer confusion, as it counted only requests with violations and not all requests filtered by NGINX App Protect WAF.
Known Issues
- To view the known issues in this release, see the Known Issues topic.
1.0.0
November 17, 2022
What’s New
This release includes the following updates:
-
Introducing the NGINX Management Suite Security Monitoring module
Use the NGINX Management Suite Security Monitoring module to monitor the NGINX App Protect WAF protection of your apps and APIs. View protection insights for analyzing possible threats and tuning policies.
The Security Monitoring module includes the following:
- Informative dashboards that provide valuable protection insights
- In-depth security log details to help with analyzing possible threats and making policy decisions
Refer to the Installation Guide to get started.
Known Issues
- To view the known issues in this release, see the Known Issues topic.