nginx
diff --git a/‎content/waf/changelog/2024.md‎
Lines changed: 215 additions & 0 deletions b/‎content/waf/changelog/2024.md‎
Lines changed: 215 additions & 0 deletions
@@ -0,0 +1,215 @@
+---
+title: "2024 archive"
+# Weights are assigned in increments of 100: determines sorting order
+weight: 100
+# Creates a table of contents and sidebar, useful for large documents
+toc: true
+# Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
+nd-content-type: reference
+# Intended for internal catalogue and search, case sensitive:
+# Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
+nd-product: NAP-WAF
+---
+
+This page is an archive of changelog entries for 2024.
+
+For the current year, view [the top-level changelog]({{< ref "/waf/changelog/">}}) topic.
+
+## F5 WAF for NGINX 5.4 / 4.12
+
+_November 19th, 2024_
+
+### New features
+
+- Added support for Amazon Linux 2023
+- NGINX App Protect WAF now supports NGINX Plus R33.
+- **5.4 Only:** Added support for [readOnlyFileSystem in Kubernetes deployments]({{< ref "/waf/configure/kubernetes-read-only/" >}})
+- **5.4 Only:** Added a [a policy converter to the compiler]({{< ref "/waf/configure/converters.md#policy-converter">}})
+
+Please read the [subscription licenses]({{< ref "/solutions/about-subscription-licenses.md" >}}) topic for information about R33.
+
+### Important notes
+
+- Alpine 3.16 is no longer supported.
+
+### Resolved issues
+
+- (11973) Updated the Go version to 1.23.1
+- (11469) _apt-get update_ warning for Ubuntu 22.04
+
+### Known issues
+
+On Ubuntu 24.04, you may receive the following error when uninstalling an old version of NGINX App Protect and installing a newer version:
+
+```text
+APP_PROTECT failed to open /opt/app_protect/config/config_set.json
+```
+
+This can occur if you are not using the default `nginx.conf` file and are using the `app_protect_enforcer_address` directive.
+
+To fix the problem, remove the file configuration folder and recreate the directory, then restart NGINX.
+
+```shell
+sudo rm /opt/app_protect/config
+sudo mkdir /opt/app_protect/config
+sudo service nginx restart
+```
+
+### Packages
+
+{{< table >}}
+
+| Distribution name        | NGINX Open Source (5.4)                                           |  NGINX Plus (5.4)                                              | NGINX Plus (4.12)                                  |
+| ------------------------ | ----------------------------------------------------------------- | -------------------------------------------------------------- |----------------------------------------------------|
+| Alpine 3.17              | _app-protect-module-oss-1.27.2+5.210.0-r1.apk_                    | _app-protect-module-plus-33+5.210.0-r1.apk_                    | _app-protect-33.5.210.0-r1.apk_                    |
+| Amazon Linux 2023        | _app-protect-module-oss-1.27.2+5.210.0-1.amzn2023.ngx.x86_64.rpm_ | _app-protect-module-plus-33+5.210.0-1.amzn2023.ngx.x86_64.rpm_ | _app-protect-33+5.210.0-1.amzn2023.ngx.x86_64.rpm_ |
+| Debian 11                | _app-protect-module-oss_1.27.2+5.210.0-1\~bullseye_amd64.deb_     | _app-protect-module-plus_33+5.210.0-1\~bullseye_amd64.deb_     | _app-protect_33+5.210.0-1\~bullseye_amd64.deb_     |
+| Debian 12                | _app-protect-module-oss_1.27.2+5.210.0-1\~bookworm_amd64.deb_     | _app-protect-module-plus_33+5.210.0-1\~bookworm_amd64.deb_     | _app-protect_33+5.210.0-1\~bookworm_amd64.deb_     |
+| Oracle Linux 8.1         | _app-protect-module-oss-1.27.2+5.210.0-1.el8.ngx.x86_64.rpm_      | _app-protect-module-plus-33+5.210.0-1.el8.ngx.x86_64.rpm_      | _app-protect-33+5.210.0-1.el8.ngx.x86_64.rpm_      |
+| Ubuntu 20.04             | _app-protect-module-oss_1.27.2+5.210.0-1\~focal_amd64.deb_        | _app-protect-module-plus_33+5.210.0-1\~focal_amd64.deb_        | _app-protect_33+5.210.0-1\~focal_amd64.deb_        |
+| Ubuntu 22.04             | _app-protect-module-oss_1.27.2+5.210.0-1\~jammy_amd64.deb_        | _app-protect-module-plus_33+5.210.0-1\~jammy_amd64.deb_        | _app-protect_33+5.210.0-1\~jammy_amd64.deb_        |
+| Ubuntu 24.04             | _app-protect-module-oss_1.27.2+5.210.0-1\~noble_amd64.deb_        | _app-protect-module-plus_33+5.210.0-1\~noble_amd64.deb_        | _app-protect_33+5.210.0-1\~noble_amd64.deb_        |
+| RHEL 8 and Rocky Linux 8 | _app-protect-module-oss-1.27.2+5.210.0-1.el8.ngx.x86_64.rpm_      | _app-protect-module-plus-33+5.210.0-1.el8.ngx.x86_64.rpm_      | _app-protect-33+5.210.0-1.el8.ngx.x86_64.rpm_      |
+| RHEL 9                   | _app-protect-module-oss-1.27.2+5.210.0-1.el9.ngx.x86_64.rpm_      | _app-protect-module-plus-33+5.210.0-1.el9.ngx.x86_64.rpm_      | _app-protect-33+5.210.0-1.el9.ngx.x86_64.rpm_      |
+
+{{< /table >}}
+
+## F5 WAF for NGINX 5.3 / 4.11
+
+_September 25, 2024_
+
+### New features
+
+- Ubuntu 24.04 support
+- **5.3 Only:** [Secure Traffic Between NGINX and App Protect Enforcer]({{< ref "/waf/configure/secure-mtls.md" >}})
+
+### Important notes
+
+- Starting from this release, CentOS 7.4, Rhel 7.4 and Amazon Linux 2 support has been deprecated.
+
+### Resolved issues
+
+- (10775) Resolved a threshold calculation in the base64 decoding mechanism.
+- (11426) Resolved log entry of an XFF header that contains more than one value.
+- (11272) Resolved an issue where, in certain instances, the original HTTP response code was shown for rejected requests.
+- (11568) Support seamless upgrades by using the latest tag instead of hardcoded versions.
+- (5302) The enforcer leaves an incomplete job when NGINX reloads during DNS resolution.
+
+### Packages
+
+{{< table >}}
+
+| Distribution name        | NGINX Open Source (5.3)                                           |  NGINX Plus (5.3)                                              | NGINX Plus (4.11)                                  |
+| ------------------------ | ----------------------------------------------------------------- | -------------------------------------------------------------- |----------------------------------------------------|
+| Alpine 3.17              | _app-protect-module-oss-1.25.4+5.144.0-r1.apk_                    | _app-protect-module-plus-32+5.144.0-r1.apk_                    | _app-protect-32.5.144.0-r1.apk_                    |
+| Amazon Linux 2023        | _app-protect-module-oss-1.25.4+5.144.0-1.amzn2023.ngx.x86_64.rpm_ | _app-protect-module-plus-32+5.144.0-1.amzn2023.ngx.x86_64.rpm_ | _app-protect-32+5.144.0-1.amzn2023.ngx.x86_64.rpm_ |
+| Debian 11                | _app-protect-module-oss_1.25.4+5.144.0-1\~bullseye_amd64.deb_     | _app-protect-module-plus_32+5.144.0-1\~bullseye_amd64.deb_     | _app-protect_32+5.144.0-1\~bullseye_amd64.deb_     |
+| Debian 12                | _app-protect-module-oss_1.25.4+5.144.0-1\~bookworm_amd64.deb_     | _app-protect-module-plus_32+5.144.0-1\~bookworm_amd64.deb_     | _app-protect_32+5.144.0-1\~bookworm_amd64.deb_     |
+| Oracle Linux 8.1         | _app-protect-module-oss-1.25.4+5.144.0-1.el8.ngx.x86_64.rpm_      | _app-protect-module-plus-32+5.144.0-1.el8.ngx.x86_64.rpm_      | _app-protect-32+5.144.0-1.el8.ngx.x86_64.rpm_      |
+| Ubuntu 20.04             | _app-protect-module-oss_1.25.4+5.144.0-1\~focal_amd64.deb_        | _app-protect-module-plus_32+5.144.0-1\~focal_amd64.deb_        | _app-protect_32+5.144.0-1\~focal_amd64.deb_        |
+| Ubuntu 22.04             | _app-protect-module-oss_1.25.4+5.144.0-1\~jammy_amd64.deb_        | _app-protect-module-plus_32+5.144.0-1\~jammy_amd64.deb_        | _app-protect_32+5.144.0-1\~jammy_amd64.deb_        |
+| Ubuntu 24.04             | _app-protect-module-oss_1.25.4+5.144.0-1\~noble_amd64.deb_        | _app-protect-module-plus_32+5.144.0-1\~noble_amd64.deb_        | _app-protect_32+5.144.0-1\~noble_amd64.deb_        |
+| RHEL 8 and Rocky Linux 8 | _app-protect-module-oss-1.25.4+5.144.0-1.el8.ngx.x86_64.rpm_      | _app-protect-module-plus-32+5.144.0-1.el8.ngx.x86_64.rpm_      | _app-protect-32+5.144.0-1.el8.ngx.x86_64.rpm_      |
+| RHEL 9                   | _app-protect-module-oss-1.25.4+5.144.0-1.el9.ngx.x86_64.rpm_      | _app-protect-module-plus-32+5.144.0-1.el9.ngx.x86_64.rpm_      | _app-protect-32+5.144.0-1.el9.ngx.x86_64.rpm_      |
+
+{{< /table >}}
+
+## F5 WAF for NGINX 5.2 / 4.10
+
+_May 29, 2024_
+
+### New features
+
+- [Added apreload]({{< ref "/waf/configure/apreload.md" >}})
+
+### Resolved issues
+
+- (11038) In some scenarios, autodetect does not correctly recognize the internal buffer as base_64 buffer and so does not decode the data.
+- (11059) Enforcer may crash in specific scenarios.
+- (11105) Update libprotobuf to version 1.33.0+.
+- (11148) When following the config guide for starting NAP v5 in docker or kubernetes and leaving nginx.conf without any 'app_protect' directive:  changing the conf to include NAP does not work. Enforcer times out every 40 secs waiting for the configuration.
+
+### Packages
+
+{{< table >}}
+
+| Distribution name        | NGINX Open Source (5.2)                                           |  NGINX Plus (5.2)                                              | NGINX Plus (4.10)                                  |
+| ------------------------ | ----------------------------------------------------------------- | -------------------------------------------------------------- |----------------------------------------------------|
+| Alpine 3.17              | _app-protect-module-oss-1.25.4+5.144.0-r1.apk_                    | _app-protect-module-plus-32+5.144.0-r1.apk_                    | _app-protect-32.5.144.0-r1.apk_                    |
+| Amazon Linux 2023        | _app-protect-module-oss-1.25.4+5.144.0-1.amzn2023.ngx.x86_64.rpm_ | _app-protect-module-plus-32+5.144.0-1.amzn2023.ngx.x86_64.rpm_ | _app-protect-32+5.144.0-1.amzn2023.ngx.x86_64.rpm_ |
+| Debian 11                | _app-protect-module-oss_1.25.4+5.144.0-1\~bullseye_amd64.deb_     | _app-protect-module-plus_32+5.144.0-1\~bullseye_amd64.deb_     | _app-protect_32+5.144.0-1\~bullseye_amd64.deb_     |
+| Debian 12                | _app-protect-module-oss_1.25.4+5.144.0-1\~bookworm_amd64.deb_     | _app-protect-module-plus_32+5.144.0-1\~bookworm_amd64.deb_     | _app-protect_32+5.144.0-1\~bookworm_amd64.deb_     |
+| Oracle Linux 8.1         | _app-protect-module-oss-1.25.4+5.144.0-1.el8.ngx.x86_64.rpm_      | _app-protect-module-plus-32+5.144.0-1.el8.ngx.x86_64.rpm_      | _app-protect-32+5.144.0-1.el8.ngx.x86_64.rpm_      |
+| Ubuntu 20.04             | _app-protect-module-oss_1.25.4+5.144.0-1\~focal_amd64.deb_        | _app-protect-module-plus_32+5.144.0-1\~focal_amd64.deb_        | _app-protect_32+5.144.0-1\~focal_amd64.deb_        |
+| Ubuntu 22.04             | _app-protect-module-oss_1.25.4+5.144.0-1\~jammy_amd64.deb_        | _app-protect-module-plus_32+5.144.0-1\~jammy_amd64.deb_        | _app-protect_32+5.144.0-1\~jammy_amd64.deb_        |
+| RHEL 8 and Rocky Linux 8 | _app-protect-module-oss-1.25.4+5.144.0-1.el8.ngx.x86_64.rpm_      | _app-protect-module-plus-32+5.144.0-1.el8.ngx.x86_64.rpm_      | _app-protect-32+5.144.0-1.el8.ngx.x86_64.rpm_      |
+| RHEL 9                   | _app-protect-module-oss-1.25.4+5.144.0-1.el9.ngx.x86_64.rpm_      | _app-protect-module-plus-32+5.144.0-1.el9.ngx.x86_64.rpm_      | _app-protect-32+5.144.0-1.el9.ngx.x86_64.rpm_      |
+
+{{< /table >}}
+
+## F5 WAF for NGINX 5.1 / 4.9
+
+_April 18, 2024_
+
+### New features
+
+- Authorization Rules in URLs
+- New [JSON Web Token]({{< ref "/waf/policies/jwt-protection.md" >}}) signature signing algorithm support for:
+    - **RSA**: RS256, RS384, RS512
+    - **PSS**: PS256, PS384, PS512
+    - **ECDSA**: ES256, ES256K, ES384, ES512
+    - **EdDSA**
+- [Time-based signature staging]({{< ref "/waf/policies/time-based-signature-staging.md" >}})
+
+### Resolved issues
+
+- (10250/10251) Fixed issues related to upgrading on Debian and Ubuntu.
+- (10219/10512) Resolved issues related to base64 detection and decoding.
+- (10465) Resolved the "header already sent" alert message in the NGINX error log.
+
+### Packages
+
+{{< table >}}
+
+| Distribution name        | NGINX Open Source (5.1)                                           |  NGINX Plus (5.1)                                              | NGINX Plus (4.9)                                  |
+| ------------------------ | ----------------------------------------------------------------- | -------------------------------------------------------------- |----------------------------------------------------|
+| Alpine 3.17              | _app-protect-module-oss-1.25.4+5.17.0-r1.apk_                    | _app-protect-module-plus-31+5.17.0-r1.apk_                    | _app-protect-31.5.17.0-r1.apk_                    |
+| Amazon Linux 2023        | _app-protect-module-oss-1.25.4+5.17.0-1.amzn2023.ngx.x86_64.rpm_ | _app-protect-module-plus-31+5.17.0-1.amzn2023.ngx.x86_64.rpm_ | _app-protect-31+5.17.0-1.amzn2023.ngx.x86_64.rpm_ |
+| Debian 11                | _app-protect-module-oss_1.25.4+5.17.0-1\~bullseye_amd64.deb_     | _app-protect-module-plus_31+5.17.0-1\~bullseye_amd64.deb_     | _app-protect_31+5.17.0-1\~bullseye_amd64.deb_     |
+| Debian 12                | _app-protect-module-oss_1.25.4+5.17.0-1\~bookworm_amd64.deb_     | _app-protect-module-plus_31+5.17.0-1\~bookworm_amd64.deb_     | _app-protect_31+5.17.0-1\~bookworm_amd64.deb_     |
+| Oracle Linux 8.1         | _app-protect-module-oss-1.25.4+5.17.0-1.el8.ngx.x86_64.rpm_      | _app-protect-module-plus-31+5.17.0-1.el8.ngx.x86_64.rpm_      | _app-protect-31+5.17.0-1.el8.ngx.x86_64.rpm_      |
+| Ubuntu 20.04             | _app-protect-module-oss_1.25.4+5.17.0-1\~focal_amd64.deb_        | _app-protect-module-plus_31+5.17.0-1\~focal_amd64.deb_        | _app-protect_31+5.17.0-1\~focal_amd64.deb_        |
+| Ubuntu 22.04             | _app-protect-module-oss_1.25.4+5.17.0-1\~jammy_amd64.deb_        | _app-protect-module-plus_31+5.17.0-1\~jammy_amd64.deb_        | _app-protect_31+5.17.0-1\~jammy_amd64.deb_        |
+| RHEL 7                   | _app-protect-module-oss-1.25.4+5.17.0-1.el7.ngx.x86_64.rpm       | _app-protect-module-plus-31+5.17.0-1.el7.ngx.x86_64.rpm_      | _app-protect-31+5.17.0-1.el7.ngx.x86_64.rpm_        |
+| RHEL 8 and Rocky Linux 8 | _app-protect-module-oss-1.25.4+5.17.0-1.el8.ngx.x86_64.rpm_      | _app-protect-module-plus-31+5.17.0-1.el8.ngx.x86_64.rpm_      | _app-protect-31+5.17.0-1.el8.ngx.x86_64.rpm_      |
+| RHEL 9                   | _app-protect-module-oss-1.25.4+5.17.0-1.el9.ngx.x86_64.rpm_      | _app-protect-module-plus-31+5.17.0-1.el9.ngx.x86_64.rpm_      | _app-protect-31+5.17.0-1.el9.ngx.x86_64.rpm_      |
+
+{{< /table >}}
+
+## F5 WAF for NGINX 5.0 / 4.8.1
+
+_March 19, 2024_
+
+### New features
+
+- [New deployment types]({{< ref "/waf/fundamentals/technical-specifications.md#supported-deployment-environments" >}})
+- [Security policy and logging profile bundles]({{< ref "/waf/configure/compiler.md">}})
+
+### Packages
+
+{{< table >}}
+
+| Distribution name        | NGINX Open Source (5.1)                                           |  NGINX Plus (5.1)                                              | NGINX Plus (4.9)                                  |
+| ------------------------ | ----------------------------------------------------------------- | -------------------------------------------------------------- |----------------------------------------------------|
+| Alpine 3.17              | _app-protect-module-oss-1.25.4+4.815.0-r1.apk_                    | _app-protect-module-plus-31+4.815.0-r1.apk_                    | _app-protect-31.4.815.0-r1.apk_                    |
+| Amazon Linux 2023        | _app-protect-module-oss-1.25.4+4.815.0-1.amzn2023.ngx.x86_64.rpm_ | _app-protect-module-plus-31+4.815.0-1.amzn2023.ngx.x86_64.rpm_ | _app-protect-31+4.815.0-1.amzn2023.ngx.x86_64.rpm_ |
+| Debian 11                | _app-protect-module-oss_1.25.4+4.815.0-1\~bullseye_amd64.deb_     | _app-protect-module-plus_31+4.815.0-1\~bullseye_amd64.deb_     | _app-protect_31+4.815.0-1\~bullseye_amd64.deb_     |
+| Debian 12                | _app-protect-module-oss_1.25.4+4.815.0-1\~bookworm_amd64.deb_     | _app-protect-module-plus_31+4.815.0-1\~bookworm_amd64.deb_     | _app-protect_31+4.815.0-1\~bookworm_amd64.deb_     |
+| Oracle Linux 8.1         | _app-protect-module-oss-1.25.4+4.815.0-1.el8.ngx.x86_64.rpm_      | _app-protect-module-plus-31+4.815.0-1.el8.ngx.x86_64.rpm_      | _app-protect-31+4.815.0-1.el8.ngx.x86_64.rpm_      |
+| Ubuntu 20.04             | _app-protect-module-oss_1.25.4+4.815.0-1\~focal_amd64.deb_        | _app-protect-module-plus_31+4.815.0-1\~focal_amd64.deb_        | _app-protect_31+4.815.0-1\~focal_amd64.deb_        |
+| Ubuntu 22.04             | _app-protect-module-oss_1.25.4+4.815.0-1\~jammy_amd64.deb_        | _app-protect-module-plus_31+4.815.0-1\~jammy_amd64.deb_        | _app-protect_31+4.815.0-1\~jammy_amd64.deb_        |
+| RHEL 7                   | _app-protect-module-oss-1.25.4+4.815.0-1.el7.ngx.x86_64.rpm       | _app-protect-module-plus-31+4.815.0-1.el7.ngx.x86_64.rpm_      | _app-protect-31+4.815.0-1.el7.ngx.x86_64.rpm_        |
+| RHEL 8 and Rocky Linux 8 | _app-protect-module-oss-1.25.4+4.815.0-1.el8.ngx.x86_64.rpm_      | _app-protect-module-plus-31+4.815.0-1.el8.ngx.x86_64.rpm_      | _app-protect-31+4.815.0-1.el8.ngx.x86_64.rpm_      |
+| RHEL 9                   | _app-protect-module-oss-1.25.4+4.815.0-1.el9.ngx.x86_64.rpm_      | _app-protect-module-plus-31+4.815.0-1.el9.ngx.x86_64.rpm_      | _app-protect-31+4.815.0-1.el9.ngx.x86_64.rpm_      |
+
+{{< /table >}}