NGINX Node Artifact Versions and Changelog¶
This document lists available versions of the NGINX Wallarm Node 5.x in various form factors, helping you track releases and plan upgrades.
All-in-one installer¶
Since version 4.10, installation and upgrading of Wallarm nodes is performed only with all all-in-one installer. Manual upgrade with individual Linux packages is not supported any more.
History of all-in-one installer updates simultaneously applies to it's x86_64 and ARM64 (beta) versions.
How to migrate from DEB/RPM packages
How to migrate from previous all-in-one installer version
5.2.11 (2024-12-25)¶
-
Added support for NGINX Mainline v1.27.2 and 1.27.3
-
Added support for NGINX Plus R33
-
Resolved the CVE-2024-45337 and CVE-2024-45338 vulnerabilities
-
Fixed an issue where some requests were processed unsuccessfully, potentially affecting API Sessions, Credential Stuffing, and API Abuse Prevention
5.2.1 (2024-12-07)¶
-
New
$wallarm_attack_point_list
and$wallarm_attack_stamp_list
variables for extended loggingThese variables log request points containing malicious payloads and attack sign IDs, thereby enabling advanced debugging of Node behavior.
-
Minor bug fixes
5.1.1 (2024-11-08)¶
- Fixed some bugs in the
wallarm-status
service operation
5.1.0 (2024-11-06)¶
-
Added support for API Sessions
-
Improved limiting request processing time
-
Reduced memory usage during node registration
5.0.3 (2024-10-10)¶
-
Added support for customizing sensitive data detection in API Discovery
-
Fixed memory leak on duplicate response headers in libproton
-
Fixed memory leak related to IP addresses that are not in IP lists but have known source
5.0.2 (2024-09-18)¶
-
Fixed installation failure issue when no WAAP + API Security subscription is activated
-
Fixed delays in attack export
5.0.1 (2024-08-21)¶
-
Initial release 5.0, see changelog
-
Added support for NGINX v1.26.2 stable
Helm chart for Wallarm NGINX Ingress controller¶
5.2.12 (2025-01-08)¶
- Resolved the CVE-2024-45338 controller vulnerability
5.2.11 (2024-12-27)¶
-
Resolved the CVE-2024-45337 and CVE-2024-45338 vulnerabilities
-
Fixed an issue where some requests were processed unsuccessfully, potentially affecting API Sessions, Credential Stuffing, and API Abuse Prevention
5.2.2 (2024-12-11)¶
- Re-apply the fix for the GHSA-c5pj-mqfh-rvc3 vulnerability
5.2.1 (2024-12-07)¶
-
Upgraded to Community Ingress NGINX Controller version 1.11.3, aligning with the upstream Helm chart version 4.11.3
-
Breaking changes introduced by the Community Ingress NGINX Controller upgrade:
- Discontinued support for Opentracing and Zipkin modules, now only supporting Opentelemetry
- Dropped support for
PodSecurityPolicy
-
Compatibility extended up to Kubernetes version 1.30
-
Updated to NGINX 1.25.5
-
Minor bug fixes
5.1.1 (2024-11-14)¶
-
Fixed the GHSA-c5pj-mqfh-rvc3 vulnerability
-
Fixed some bugs in the
wallarm-status
service operation
5.1.0 (2024-11-06)¶
-
Added support for API Sessions
-
Improved limiting request processing time
-
Reduced memory usage during node registration
-
Added new settings for API Specification Enforcement:
readBufferSize
readBufferSize
writeBufferSize
maxRequestBodySize
disableKeepalive
maxConnectionsPerIp
maxRequestsPerConnection
See descriptions and default values here.
5.0.3 (2024-10-10)¶
-
Added support for customizing sensitive data detection in API Discovery
-
Fixed memory leak on duplicate response headers in libproton
-
Fixed memory leak related to IP addresses that are not in IP lists but have known source
5.0.2 (2024-09-18)¶
-
Fixed installation failure issue when no WAAP + API Security subscription is activated
-
Fixed delays in attack export
5.0.1 (2024-08-21)¶
- Initial release 5.0, see changelog
Helm chart for Sidecar¶
5.2.11 (2024-12-27)¶
-
Resolved the CVE-2024-45337 and CVE-2024-45338 vulnerabilities
-
Fixed an issue where some requests were processed unsuccessfully, potentially affecting API Sessions, Credential Stuffing, and API Abuse Prevention
5.2.1 (2024-12-09)¶
-
New
$wallarm_attack_point_list
and$wallarm_attack_stamp_list
variables for extended loggingThese variables log request points containing malicious payloads and attack sign IDs, thereby enabling advanced debugging of Node behavior.
-
Minor bug fixes
5.1.0 (2024-11-06)¶
-
Added support for API Sessions
-
Improved limiting request processing time
-
Reduced memory usage during node registration
5.0.3 (2024-10-10)¶
-
Added support for customizing sensitive data detection in API Discovery
-
Fixed memory leak on duplicate response headers in libproton
-
Fixed memory leak related to IP addresses that are not in IP lists but have known source
5.0.2 (2024-09-19)¶
-
Fixed installation failure issue when no WAAP + API Security subscription is activated
-
Fixed delays in attack export
5.0.1 (2024-08-21)¶
- Initial release 5.0, see changelog
NGINX-based Docker image¶
5.2.11 (2024-12-25)¶
-
Resolved the CVE-2024-45337 and CVE-2024-45338 vulnerabilities
-
Fixed an issue where some requests were processed unsuccessfully, potentially affecting API Sessions, Credential Stuffing, and API Abuse Prevention
5.2.1 (2024-12-07)¶
-
New
$wallarm_attack_point_list
and$wallarm_attack_stamp_list
variables for extended loggingThese variables log parameters containing malicious payloads and attack sign IDs enabling advanced debugging of Node behavior.
-
Moved image source and Dockerfile from GitHub to an internal GitLab repository
5.1.0-1 (2024-11-06)¶
-
Added support for API Sessions
-
Improved limiting request processing time
-
Reduced memory usage during node registration
5.0.3-1 (2024-10-10)¶
-
Added support for customizing sensitive data detection in API Discovery
-
Fixed memory leak on duplicate response headers in libproton
-
Fixed memory leak related to IP addresses that are not in IP lists but have known source
5.0.2-1 (2024-09-18)¶
-
Fixed installation failure issue when no WAAP + API Security subscription is activated
-
Fixed delays in attack export
5.0.1-1 (2024-08-21)¶
-
Initial release 5.0, see changelog
-
Added support for NGINX v1.26.2 stable
Amazon Machine Image (AMI)¶
5.2.11 (2024-12-28)¶
-
Resolved the CVE-2024-45337 and CVE-2024-45338 vulnerabilities
-
Fixed an issue where some requests were processed unsuccessfully, potentially affecting API Sessions, Credential Stuffing, and API Abuse Prevention
5.2.1 (2024-12-07)¶
-
New
$wallarm_attack_point_list
and$wallarm_attack_stamp_list
variables for extended loggingThese variables log parameters containing malicious payloads and attack sign IDs enabling advanced debugging of Node behavior.
-
Minor bug fixes
5.1.0-1 (2024-11-06)¶
-
Added support for API Sessions
-
Improved limiting request processing time
-
Reduced memory usage during node registration
5.0.3-1 (2024-10-10)¶
-
Added support for customizing sensitive data detection in API Discovery
-
Fixed memory leak on duplicate response headers in libproton
-
Fixed memory leak related to IP addresses that are not in IP lists but have known source
5.0.2-1 (2024-09-19)¶
-
Fixed installation failure issue when no WAAP + API Security subscription is activated
-
Fixed delays in attack export
5.0.1-1 (2024-08-21)¶
- Initial release 5.0, see changelog
Google Cloud Platform Image¶
wallarm-node-5-2-20241227-095327 (2024-12-27)¶
-
Resolved the CVE-2024-45337 and CVE-2024-45338 vulnerabilities
-
Fixed an issue where some requests were processed unsuccessfully, potentially affecting API Sessions, Credential Stuffing, and API Abuse Prevention
wallarm-node-5-2-20241209-114655 (2024-12-07)¶
-
New
$wallarm_attack_point_list
and$wallarm_attack_stamp_list
variables for extended loggingThese variables log parameters containing malicious payloads and attack sign IDs enabling advanced debugging of Node behavior.
-
Minor bug fixes
wallarm-node-5-1-20241108-120238 (2024-11-08)¶
- Initial release 5.x, see changelog