2024 archive
This page is an archive of changelog entries for 2024.
For the current year, view the top-level changelog topic.
November 19th, 2024
- Added support for Amazon Linux 2023
- NGINX App Protect WAF now supports NGINX Plus R33.
- 5.4 Only: Added support for readOnlyFileSystem in Kubernetes deployments
- 5.4 Only: Added a a policy converter to the compiler
Please read the subscription licenses topic for information about R33.
- Alpine 3.16 is no longer supported.
- (11973) Updated the Go version to 1.23.1
- (11469) apt-get update warning for Ubuntu 22.04
On Ubuntu 24.04, you may receive the following error when uninstalling an old version of NGINX App Protect and installing a newer version:
APP_PROTECT failed to open /opt/app_protect/config/config_set.jsonThis can occur if you are not using the default nginx.conf file and are using the app_protect_enforcer_address directive.
To fix the problem, remove the file configuration folder and recreate the directory, then restart NGINX.
shell
sudo rm /opt/app_protect/config
sudo mkdir /opt/app_protect/config
sudo service nginx restart| Distribution name | NGINX Open Source (5.4) | NGINX Plus (5.4) | NGINX Plus (4.12) |
|---|---|---|---|
| Alpine 3.17 | app-protect-module-oss-1.27.2+5.210.0-r1.apk | app-protect-module-plus-33+5.210.0-r1.apk | app-protect-33.5.210.0-r1.apk |
| Amazon Linux 2023 | app-protect-module-oss-1.27.2+5.210.0-1.amzn2023.ngx.x86_64.rpm | app-protect-module-plus-33+5.210.0-1.amzn2023.ngx.x86_64.rpm | app-protect-33+5.210.0-1.amzn2023.ngx.x86_64.rpm |
| Debian 11 | app-protect-module-oss_1.27.2+5.210.0-1~bullseye_amd64.deb | app-protect-module-plus_33+5.210.0-1~bullseye_amd64.deb | app-protect_33+5.210.0-1~bullseye_amd64.deb |
| Debian 12 | app-protect-module-oss_1.27.2+5.210.0-1~bookworm_amd64.deb | app-protect-module-plus_33+5.210.0-1~bookworm_amd64.deb | app-protect_33+5.210.0-1~bookworm_amd64.deb |
| Oracle Linux 8.1 | app-protect-module-oss-1.27.2+5.210.0-1.el8.ngx.x86_64.rpm | app-protect-module-plus-33+5.210.0-1.el8.ngx.x86_64.rpm | app-protect-33+5.210.0-1.el8.ngx.x86_64.rpm |
| Ubuntu 20.04 | app-protect-module-oss_1.27.2+5.210.0-1~focal_amd64.deb | app-protect-module-plus_33+5.210.0-1~focal_amd64.deb | app-protect_33+5.210.0-1~focal_amd64.deb |
| Ubuntu 22.04 | app-protect-module-oss_1.27.2+5.210.0-1~jammy_amd64.deb | app-protect-module-plus_33+5.210.0-1~jammy_amd64.deb | app-protect_33+5.210.0-1~jammy_amd64.deb |
| Ubuntu 24.04 | app-protect-module-oss_1.27.2+5.210.0-1~noble_amd64.deb | app-protect-module-plus_33+5.210.0-1~noble_amd64.deb | app-protect_33+5.210.0-1~noble_amd64.deb |
| RHEL 8 and Rocky Linux 8 | app-protect-module-oss-1.27.2+5.210.0-1.el8.ngx.x86_64.rpm | app-protect-module-plus-33+5.210.0-1.el8.ngx.x86_64.rpm | app-protect-33+5.210.0-1.el8.ngx.x86_64.rpm |
| RHEL 9 | app-protect-module-oss-1.27.2+5.210.0-1.el9.ngx.x86_64.rpm | app-protect-module-plus-33+5.210.0-1.el9.ngx.x86_64.rpm | app-protect-33+5.210.0-1.el9.ngx.x86_64.rpm |
September 25, 2024
- Ubuntu 24.04 support
- 5.3 Only: Secure Traffic Between NGINX and App Protect Enforcer
- Starting from this release, CentOS 7.4, Rhel 7.4 and Amazon Linux 2 support has been deprecated.
- (10775) Resolved a threshold calculation in the base64 decoding mechanism.
- (11426) Resolved log entry of an XFF header that contains more than one value.
- (11272) Resolved an issue where, in certain instances, the original HTTP response code was shown for rejected requests.
- (11568) Support seamless upgrades by using the latest tag instead of hardcoded versions.
- (5302) The enforcer leaves an incomplete job when NGINX reloads during DNS resolution.
| Distribution name | NGINX Open Source (5.3) | NGINX Plus (5.3) | NGINX Plus (4.11) |
|---|---|---|---|
| Alpine 3.17 | app-protect-module-oss-1.25.4+5.144.0-r1.apk | app-protect-module-plus-32+5.144.0-r1.apk | app-protect-32.5.144.0-r1.apk |
| Amazon Linux 2023 | app-protect-module-oss-1.25.4+5.144.0-1.amzn2023.ngx.x86_64.rpm | app-protect-module-plus-32+5.144.0-1.amzn2023.ngx.x86_64.rpm | app-protect-32+5.144.0-1.amzn2023.ngx.x86_64.rpm |
| Debian 11 | app-protect-module-oss_1.25.4+5.144.0-1~bullseye_amd64.deb | app-protect-module-plus_32+5.144.0-1~bullseye_amd64.deb | app-protect_32+5.144.0-1~bullseye_amd64.deb |
| Debian 12 | app-protect-module-oss_1.25.4+5.144.0-1~bookworm_amd64.deb | app-protect-module-plus_32+5.144.0-1~bookworm_amd64.deb | app-protect_32+5.144.0-1~bookworm_amd64.deb |
| Oracle Linux 8.1 | app-protect-module-oss-1.25.4+5.144.0-1.el8.ngx.x86_64.rpm | app-protect-module-plus-32+5.144.0-1.el8.ngx.x86_64.rpm | app-protect-32+5.144.0-1.el8.ngx.x86_64.rpm |
| Ubuntu 20.04 | app-protect-module-oss_1.25.4+5.144.0-1~focal_amd64.deb | app-protect-module-plus_32+5.144.0-1~focal_amd64.deb | app-protect_32+5.144.0-1~focal_amd64.deb |
| Ubuntu 22.04 | app-protect-module-oss_1.25.4+5.144.0-1~jammy_amd64.deb | app-protect-module-plus_32+5.144.0-1~jammy_amd64.deb | app-protect_32+5.144.0-1~jammy_amd64.deb |
| Ubuntu 24.04 | app-protect-module-oss_1.25.4+5.144.0-1~noble_amd64.deb | app-protect-module-plus_32+5.144.0-1~noble_amd64.deb | app-protect_32+5.144.0-1~noble_amd64.deb |
| RHEL 8 and Rocky Linux 8 | app-protect-module-oss-1.25.4+5.144.0-1.el8.ngx.x86_64.rpm | app-protect-module-plus-32+5.144.0-1.el8.ngx.x86_64.rpm | app-protect-32+5.144.0-1.el8.ngx.x86_64.rpm |
| RHEL 9 | app-protect-module-oss-1.25.4+5.144.0-1.el9.ngx.x86_64.rpm | app-protect-module-plus-32+5.144.0-1.el9.ngx.x86_64.rpm | app-protect-32+5.144.0-1.el9.ngx.x86_64.rpm |
May 29, 2024
- (11038) In some scenarios, autodetect does not correctly recognize the internal buffer as base_64 buffer and so does not decode the data.
- (11059) Enforcer may crash in specific scenarios.
- (11105) Update libprotobuf to version 1.33.0+.
- (11148) When following the config guide for starting NAP v5 in docker or kubernetes and leaving nginx.conf without any ‘app_protect’ directive: changing the conf to include NAP does not work. Enforcer times out every 40 secs waiting for the configuration.
| Distribution name | NGINX Open Source (5.2) | NGINX Plus (5.2) | NGINX Plus (4.10) |
|---|---|---|---|
| Alpine 3.17 | app-protect-module-oss-1.25.4+5.144.0-r1.apk | app-protect-module-plus-32+5.144.0-r1.apk | app-protect-32.5.144.0-r1.apk |
| Amazon Linux 2023 | app-protect-module-oss-1.25.4+5.144.0-1.amzn2023.ngx.x86_64.rpm | app-protect-module-plus-32+5.144.0-1.amzn2023.ngx.x86_64.rpm | app-protect-32+5.144.0-1.amzn2023.ngx.x86_64.rpm |
| Debian 11 | app-protect-module-oss_1.25.4+5.144.0-1~bullseye_amd64.deb | app-protect-module-plus_32+5.144.0-1~bullseye_amd64.deb | app-protect_32+5.144.0-1~bullseye_amd64.deb |
| Debian 12 | app-protect-module-oss_1.25.4+5.144.0-1~bookworm_amd64.deb | app-protect-module-plus_32+5.144.0-1~bookworm_amd64.deb | app-protect_32+5.144.0-1~bookworm_amd64.deb |
| Oracle Linux 8.1 | app-protect-module-oss-1.25.4+5.144.0-1.el8.ngx.x86_64.rpm | app-protect-module-plus-32+5.144.0-1.el8.ngx.x86_64.rpm | app-protect-32+5.144.0-1.el8.ngx.x86_64.rpm |
| Ubuntu 20.04 | app-protect-module-oss_1.25.4+5.144.0-1~focal_amd64.deb | app-protect-module-plus_32+5.144.0-1~focal_amd64.deb | app-protect_32+5.144.0-1~focal_amd64.deb |
| Ubuntu 22.04 | app-protect-module-oss_1.25.4+5.144.0-1~jammy_amd64.deb | app-protect-module-plus_32+5.144.0-1~jammy_amd64.deb | app-protect_32+5.144.0-1~jammy_amd64.deb |
| RHEL 8 and Rocky Linux 8 | app-protect-module-oss-1.25.4+5.144.0-1.el8.ngx.x86_64.rpm | app-protect-module-plus-32+5.144.0-1.el8.ngx.x86_64.rpm | app-protect-32+5.144.0-1.el8.ngx.x86_64.rpm |
| RHEL 9 | app-protect-module-oss-1.25.4+5.144.0-1.el9.ngx.x86_64.rpm | app-protect-module-plus-32+5.144.0-1.el9.ngx.x86_64.rpm | app-protect-32+5.144.0-1.el9.ngx.x86_64.rpm |
April 18, 2024
- Authorization Rules in URLs
- New JSON Web Token signature signing algorithm support for:
- RSA: RS256, RS384, RS512
- PSS: PS256, PS384, PS512
- ECDSA: ES256, ES256K, ES384, ES512
- EdDSA
- Time-based signature staging
- (10250/10251) Fixed issues related to upgrading on Debian and Ubuntu.
- (10219/10512) Resolved issues related to base64 detection and decoding.
- (10465) Resolved the “header already sent” alert message in the NGINX error log.
| Distribution name | NGINX Open Source (5.1) | NGINX Plus (5.1) | NGINX Plus (4.9) |
|---|---|---|---|
| Alpine 3.17 | app-protect-module-oss-1.25.4+5.17.0-r1.apk | app-protect-module-plus-31+5.17.0-r1.apk | app-protect-31.5.17.0-r1.apk |
| Amazon Linux 2023 | app-protect-module-oss-1.25.4+5.17.0-1.amzn2023.ngx.x86_64.rpm | app-protect-module-plus-31+5.17.0-1.amzn2023.ngx.x86_64.rpm | app-protect-31+5.17.0-1.amzn2023.ngx.x86_64.rpm |
| Debian 11 | app-protect-module-oss_1.25.4+5.17.0-1~bullseye_amd64.deb | app-protect-module-plus_31+5.17.0-1~bullseye_amd64.deb | app-protect_31+5.17.0-1~bullseye_amd64.deb |
| Debian 12 | app-protect-module-oss_1.25.4+5.17.0-1~bookworm_amd64.deb | app-protect-module-plus_31+5.17.0-1~bookworm_amd64.deb | app-protect_31+5.17.0-1~bookworm_amd64.deb |
| Oracle Linux 8.1 | app-protect-module-oss-1.25.4+5.17.0-1.el8.ngx.x86_64.rpm | app-protect-module-plus-31+5.17.0-1.el8.ngx.x86_64.rpm | app-protect-31+5.17.0-1.el8.ngx.x86_64.rpm |
| Ubuntu 20.04 | app-protect-module-oss_1.25.4+5.17.0-1~focal_amd64.deb | app-protect-module-plus_31+5.17.0-1~focal_amd64.deb | app-protect_31+5.17.0-1~focal_amd64.deb |
| Ubuntu 22.04 | app-protect-module-oss_1.25.4+5.17.0-1~jammy_amd64.deb | app-protect-module-plus_31+5.17.0-1~jammy_amd64.deb | app-protect_31+5.17.0-1~jammy_amd64.deb |
| RHEL 7 | _app-protect-module-oss-1.25.4+5.17.0-1.el7.ngx.x86_64.rpm | app-protect-module-plus-31+5.17.0-1.el7.ngx.x86_64.rpm | app-protect-31+5.17.0-1.el7.ngx.x86_64.rpm |
| RHEL 8 and Rocky Linux 8 | app-protect-module-oss-1.25.4+5.17.0-1.el8.ngx.x86_64.rpm | app-protect-module-plus-31+5.17.0-1.el8.ngx.x86_64.rpm | app-protect-31+5.17.0-1.el8.ngx.x86_64.rpm |
| RHEL 9 | app-protect-module-oss-1.25.4+5.17.0-1.el9.ngx.x86_64.rpm | app-protect-module-plus-31+5.17.0-1.el9.ngx.x86_64.rpm | app-protect-31+5.17.0-1.el9.ngx.x86_64.rpm |
March 19, 2024
| Distribution name | NGINX Open Source (5.1) | NGINX Plus (5.1) | NGINX Plus (4.9) |
|---|---|---|---|
| Alpine 3.17 | app-protect-module-oss-1.25.4+4.815.0-r1.apk | app-protect-module-plus-31+4.815.0-r1.apk | app-protect-31.4.815.0-r1.apk |
| Amazon Linux 2023 | app-protect-module-oss-1.25.4+4.815.0-1.amzn2023.ngx.x86_64.rpm | app-protect-module-plus-31+4.815.0-1.amzn2023.ngx.x86_64.rpm | app-protect-31+4.815.0-1.amzn2023.ngx.x86_64.rpm |
| Debian 11 | app-protect-module-oss_1.25.4+4.815.0-1~bullseye_amd64.deb | app-protect-module-plus_31+4.815.0-1~bullseye_amd64.deb | app-protect_31+4.815.0-1~bullseye_amd64.deb |
| Debian 12 | app-protect-module-oss_1.25.4+4.815.0-1~bookworm_amd64.deb | app-protect-module-plus_31+4.815.0-1~bookworm_amd64.deb | app-protect_31+4.815.0-1~bookworm_amd64.deb |
| Oracle Linux 8.1 | app-protect-module-oss-1.25.4+4.815.0-1.el8.ngx.x86_64.rpm | app-protect-module-plus-31+4.815.0-1.el8.ngx.x86_64.rpm | app-protect-31+4.815.0-1.el8.ngx.x86_64.rpm |
| Ubuntu 20.04 | app-protect-module-oss_1.25.4+4.815.0-1~focal_amd64.deb | app-protect-module-plus_31+4.815.0-1~focal_amd64.deb | app-protect_31+4.815.0-1~focal_amd64.deb |
| Ubuntu 22.04 | app-protect-module-oss_1.25.4+4.815.0-1~jammy_amd64.deb | app-protect-module-plus_31+4.815.0-1~jammy_amd64.deb | app-protect_31+4.815.0-1~jammy_amd64.deb |
| RHEL 7 | _app-protect-module-oss-1.25.4+4.815.0-1.el7.ngx.x86_64.rpm | app-protect-module-plus-31+4.815.0-1.el7.ngx.x86_64.rpm | app-protect-31+4.815.0-1.el7.ngx.x86_64.rpm |
| RHEL 8 and Rocky Linux 8 | app-protect-module-oss-1.25.4+4.815.0-1.el8.ngx.x86_64.rpm | app-protect-module-plus-31+4.815.0-1.el8.ngx.x86_64.rpm | app-protect-31+4.815.0-1.el8.ngx.x86_64.rpm |
| RHEL 9 | app-protect-module-oss-1.25.4+4.815.0-1.el9.ngx.x86_64.rpm | app-protect-module-plus-31+4.815.0-1.el9.ngx.x86_64.rpm | app-protect-31+4.815.0-1.el9.ngx.x86_64.rpm |