Skip to content

NGINX Node Artifact Versions and Changelog

This document lists available versions of the NGINX Wallarm Node 6.x in various form factors, helping you track releases and plan upgrades.

All-in-one installer

Since version 4.10, installation and upgrading of Wallarm nodes is performed only with all all-in-one installer. Manual upgrade with individual Linux packages is not supported any more.

History of all-in-one installer updates simultaneously applies to it's x86_64 and ARM64 (beta) versions.

How to migrate from DEB/RPM packages

How to migrate from previous all-in-one installer version

6.5.1 (2025-09-09)

  • Relaxed content-type validation in API Specification Enforcement: requests with image MIME types (image/png, image/jpeg, image/gif, image/webp, image/avif, image/heic, image/heif, image/bmp, image/tiff, image/svg+xml) are no longer rejected

  • Bumped Go version to 1.24

  • Fixed the behavior of the wallarm_wstore_throttle_mode Prometheus metric, which previously did not return to the normal state (0) after throttling ended

6.4.1 (2025-08-07)

  • Added Prometheus metrics support for API Specification Enforcement service operation (based on the built-in API Firewall service):

    • Enable with APIFW_METRICS_ENABLED=true in /opt/wallarm/env.list
    • Default endpoint: :9010/metrics
    • Host and endpoint name configurable via variables APIFW_METRICS_HOST and APIFW_METRICS_ENDPOINT_NAME

6.4.0 (2025-07-31)

  • Fixed the stuffed credentials export to the Cloud

  • Improved GraphQL parser

  • Bug fixes and internal improvements

6.3.1 (2025-07-23)

  • Fixed memory leak

6.3.0 (2025-07-08)

6.2.1 (2025-06-23)

  • Minor internal file structure change

6.2.0 (2025-06-20)

  • Optimized stream handling for gRPC traffic

  • Introduced the wallarm_max_request_stream_message_size and wallarm_max_request_stream_size NGINX directives to control the maximum size of a single message payload and an entire stream body, respectively, in gRPC and WebSocket traffic

  • Added the streams and messages parameters to the /wallarm-status service output to report the number of processed gRPC/WebSocket streams and messages

  • Introduced the wallarm_max_request_body_size NGINX directive to control the maximum size of an HTTP request body analyzed by the Node

  • Added support for SSL/TLS and mTLS between the NGINX-Wallarm module and the postanalytics module when they are installed separately

  • Fixed wstore ports binding: now bound to 127.0.0.1 instead of 0.0.0.0

  • Minor bug fixes

6.1.0 (2025-05-09)

  • Added support for enumeration mitigation controls

  • Added support for DoS protection mitigation control

  • Bugfix: Attacks originated from allowlisted sources are no longer shown in the Attacks section

  • wstore logs now include "component": "wstore" for easier identification

6.0.3 (2025-05-07)

  • Added support for Amazon Linux 2

  • Fixed the installation issues with custom NGINX

6.0.2 (2025-04-29)

  • Added support for NGINX stable 1.28.0

  • Added support for NGINX mainline 1.27.5

6.0.1 (2025-04-22)

6.0.0 (2025-04-03)

Helm chart for Wallarm NGINX Ingress controller

How to upgrade

6.5.1 (2025-09-09)

  • Added Prometheus metrics support for API Specification Enforcement service operation (based on the built-in API Firewall service)

    Metrics are disabled by default and can be enabled through the new controller.wallarm.apiFirewall.metrics.* values.

  • Relaxed content-type validation in API Specification Enforcement: requests with image MIME types (image/png, image/jpeg, image/gif, image/webp, image/avif, image/heic, image/heif, image/bmp, image/tiff, image/svg+xml) are no longer rejected

  • Bumped Go version to 1.24

  • Fixed the behavior of the wallarm_wstore_throttle_mode Prometheus metric, which previously did not return to the normal state (0) after throttling ended

  • Upgraded to Community Ingress NGINX Controller version 1.11.8, aligning with the upstream Helm chart version 4.11.8 and Alpine version 3.22.0

  • Fixed the CVE-2025-5399 and CVE-2025-22872 vulnerabilities due to the upstream upgrade

6.4.0 (2025-07-31)

  • Fixed the stuffed credentials export to the Cloud

  • Improved GraphQL parser

  • Bug fixes and internal improvements

6.3.1 (2025-07-23)

  • Fixed memory leak

6.3.0 (2025-07-08)

6.2.0 (2025-06-20)

  • Optimized stream handling for gRPC traffic

  • Introduced the wallarm_max_request_stream_message_size and wallarm_max_request_stream_size NGINX directives to control the maximum size of a single message payload and an entire stream body, respectively, in gRPC and WebSocket traffic

  • Added the streams and messages parameters to the /wallarm-status service output to report the number of processed gRPC/WebSocket streams and messages

  • Introduced the wallarm_max_request_body_size NGINX directive to control the maximum size of an HTTP request body analyzed by the Node

  • Added support for SSL/TLS and mTLS between the Filtering Node and the postanalytics module

  • Split the unified controller.wallarm.wcli component in values.yaml into 2 separately configurable units: wcliController and wcliPostanalytics, allowing fine-grained control over containers

  • Minor bug fixes

6.1.0 (2025-05-09)

  • Bugfix: Attacks originated from allowlisted sources are no longer shown in the Attacks section

  • wstore logs now include "component": "wstore" for easier identification

6.0.2 (2025-04-25)

  • Added the validation.enableCel parameter to enable validation of Ingress resources via Validating Admission Policies

6.0.1 (2025-04-22)

6.0.0 (2025-04-03)

Helm chart for Sidecar

How to upgrade

6.5.1 (2025-09-09)

  • Added Prometheus metrics support for API Specification Enforcement service operation (based on the built-in API Firewall service)

    Metrics are disabled by default and can be enabled through the new config.wallarm.apiFirewall.metrics.* values.

  • Relaxed content-type validation in API Specification Enforcement: requests with image MIME types (image/png, image/jpeg, image/gif, image/webp, image/avif, image/heic, image/heif, image/bmp, image/tiff, image/svg+xml) are no longer rejected

  • Bumped Go version to 1.24

  • Fixed the behavior of the wallarm_wstore_throttle_mode Prometheus metric, which previously did not return to the normal state (0) after throttling ended

6.4.0 (2025-07-31)

  • Fixed the stuffed credentials export to the Cloud

  • Improved GraphQL parser

  • Bug fixes and internal improvements

6.3.1 (2025-07-23)

  • Fixed memory leak

6.3.0 (2025-07-08)

6.2.0 (2025-06-20)

  • Optimized stream handling for gRPC traffic

  • Added support for SSL/TLS and mTLS between the Filtering Node and the postanalytics module

  • Bump Alpine version to 3.22

  • Upgrade NGINX to version 1.28.0

  • Minor bug fixes

6.1.0 (2025-05-09)

  • Bugfix: Attacks originated from allowlisted sources are no longer shown in the Attacks section

  • wstore logs now include "component": "wstore" for easier identification

6.0.1 (2025-04-22)

6.0.0 (2025-04-03)

NGINX-based Docker image

How to upgrade

6.5.1 (2025-09-09)

  • Relaxed content-type validation in API Specification Enforcement: requests with image MIME types (image/png, image/jpeg, image/gif, image/webp, image/avif, image/heic, image/heif, image/bmp, image/tiff, image/svg+xml) are no longer rejected

  • Bumped Go version to 1.24

  • Fixed the behavior of the wallarm_wstore_throttle_mode Prometheus metric, which previously did not return to the normal state (0) after throttling ended

6.4.1 (2025-08-07)

  • Added Prometheus metrics support for API Specification Enforcement service operation (based on the built-in API Firewall service):

    • Enable with the environment variable APIFW_METRICS_ENABLED=true
    • Default endpoint: :9010/metrics
    • Expose the metrics port in your container (e.g., for the default state, use -p 9010:9010)
    • Host and endpoint name configurable via variables APIFW_METRICS_HOST and APIFW_METRICS_ENDPOINT_NAME

6.4.0 (2025-07-31)

  • Fixed the stuffed credentials export to the Cloud

  • Improved GraphQL parser

  • Bug fixes and internal improvements

6.3.1 (2025-07-23)

  • Fixed memory leak

6.3.0 (2025-07-08)

6.2.0 (2025-06-20)

  • Optimized stream handling for gRPC traffic

  • Added the streams and messages parameters to the /wallarm-status service output to report the number of processed gRPC/WebSocket streams and messages

  • Added support for SSL/TLS and mTLS between the NGINX-Wallarm module and the postanalytics module when they are installed separately

  • Fixed wstore ports binding: now bound to 127.0.0.1 instead of 0.0.0.0

  • Bump Alpine version to 3.22

  • Upgrade NGINX to version 1.28.0

  • Minor bug fixes

6.1.0 (2025-05-09)

  • Bugfix: Attacks originated from allowlisted sources are no longer shown in the Attacks section

  • wstore logs now include "component": "wstore" for easier identification

6.0.1 (2025-04-22)

6.0.0 (2025-04-03)

Amazon Machine Image (AMI)

How to upgrade

6.5.1 (2025-09-09)

  • Relaxed content-type validation in API Specification Enforcement: requests with image MIME types (image/png, image/jpeg, image/gif, image/webp, image/avif, image/heic, image/heif, image/bmp, image/tiff, image/svg+xml) are no longer rejected

  • Bumped Go version to 1.24

  • Fixed the behavior of the wallarm_wstore_throttle_mode Prometheus metric, which previously did not return to the normal state (0) after throttling ended

6.4.0 (2025-07-31)

  • Fixed the stuffed credentials export to the Cloud

  • Improved GraphQL parser

  • Bug fixes and internal improvements

6.3.1 (2025-07-23)

  • Fixed memory leak

6.3.0 (2025-07-08)

6.2.0 (2025-06-20)

  • Optimized stream handling for gRPC traffic

  • Added the streams and messages parameters to the /wallarm-status service output to report the number of processed gRPC/WebSocket streams and messages

  • Added support for SSL/TLS and mTLS between the NGINX-Wallarm module and the postanalytics module when they are installed separately

  • Fixed wstore ports binding: now bound to 127.0.0.1 instead of 0.0.0.0

  • Minor bug fixes

6.1.0 (2025-05-09)

  • Bugfix: Attacks originated from allowlisted sources are no longer shown in the Attacks section

  • wstore logs now include "component": "wstore" for easier identification

6.0.1 (2025-04-22)

6.0.0 (2025-04-03)

Google Cloud Platform Image

How to upgrade

wallarm-node-6-5-1-20250908-174655 (2025-09-09)

  • Relaxed content-type validation in API Specification Enforcement: requests with image MIME types (image/png, image/jpeg, image/gif, image/webp, image/avif, image/heic, image/heif, image/bmp, image/tiff, image/svg+xml) are no longer rejected

  • Bumped Go version to 1.24

  • Fixed the behavior of the wallarm_wstore_throttle_mode Prometheus metric, which previously did not return to the normal state (0) after throttling ended

wallarm-node-6-4-0-20250730-083353 (2025-07-31)

  • Fixed the stuffed credentials export to the Cloud

  • Improved GraphQL parser

  • Bug fixes and internal improvements

wallarm-node-6-3-1-20250721-082413 (2025-07-23)

  • Fixed memory leak

wallarm-node-6-3-0-20250708-175541 (2025-07-08)

  • In rules, the separator used in xml_tag values that combine a URI, namespace, and tag name has been changed from : to |

  • Internal improvements

wallarm-node-6-2-0-20250618-150224 (2025-06-20)

  • Optimized stream handling for gRPC traffic

  • Added the streams and messages parameters to the /wallarm-status service output to report the number of processed gRPC/WebSocket streams and messages

  • Added support for SSL/TLS and mTLS between the NGINX-Wallarm module and the postanalytics module when they are installed separately

  • Fixed wstore ports binding: now bound to 127.0.0.1 instead of 0.0.0.0

  • Minor bug fixes

wallarm-node-6-1-0-20250508-144827 (2025-05-09)

  • Bugfix: Attacks originated from allowlisted sources are no longer shown in the Attacks section

  • wstore logs now include "component": "wstore" for easier identification

wallarm-node-6-0-1-20250422-104749 (2025-04-22)

wallarm-node-6-0-0-20250403-102125 (2025-04-03)