diff --git a/content/waf/changelog/_index.md b/content/waf/changelog/_index.md index ea7cc5fcb7..bccfb0dd52 100644 --- a/content/waf/changelog/_index.md +++ b/content/waf/changelog/_index.md @@ -11,6 +11,41 @@ This changelog lists all of the information for F5 WAF for NGINX releases in 202 For older releases, check the changelogs for previous years: [2024]({{< ref "/waf/changelog/2024.md" >}}), [2023]({{< ref "/waf/changelog/2023.md" >}}). +## F5 WAF for NGINX 5.11 + +Released _December 30th, 2025_. + +### New features + +- Added support for the Brotli data compression algorithm + +### Important notes + +- Upgrade Go compiler to 1.24.11 + +### Resolved issues + +- 13340 - F5 WAF for NGINX leaked sockets and terminated on-going requests during graceful reload of NGINX (SIGHUP) +- 12728 - Fixing a scenario under memory pressure, causing NGINX to return HTTP 503 and log SECURITY_WAF_BYPASS + +### Packages + +{{< table >}} + +| Distribution name | NGINX Open Source (5.11) | NGINX Plus (5.11) | NGINX Plus (5.11) | +| ------------------------ | ----------------------------------------------------------------- | -------------------------------------------------------------- |----------------------------------------------------| +| Alpine 3.22 | _app-protect-module-oss-1.29.3+5.564.0-r1.apk_ | _app-protect-module-plus-36+5.564.0-r1.apk_ | _app-protect-36.5.564.0-r1.apk_ | +| Amazon Linux 2023 | _app-protect-module-oss-1.29.3+5.564.0-1.amzn2023.ngx.x86_64.rpm_ | _app-protect-module-plus-36+5.564.0-1.amzn2023.ngx.x86_64.rpm_ | _app-protect-36+5.564.0-1.amzn2023.ngx.x86_64.rpm_ | +| Debian 11 | _app-protect-module-oss_1.29.3+5.564.0-1\~bullseye_amd64.deb_ | _app-protect-module-plus_36+5.564.0--1\~bullseye_amd64.deb_ | _app-protect_36+5.564.0-1\~bullseye_amd64.deb_ | +| Debian 12 | _app-protect-module-oss_1.29.3+5.564.0-1\~bookworm_amd64.deb_ | _app-protect-module-plus_36+5.564.0--1\~bookworm_amd64.deb_ | _app-protect_36+5.564.0-1\~bookworm_amd64.deb_ | +| Oracle Linux 8.1 | _app-protect-module-oss-1.29.3+5.564.0-1.el8.ngx.x86_64.rpm_ | _app-protect-module-plus-36+5.564.0-1.el8.ngx.x86_64.rpm_ | _app-protect-36+5.564.0-1.el8.ngx.x86_64.rpm_ | +| Ubuntu 22.04 | _app-protect-module-oss_1.29.3+5.564.0-1\~jammy_amd64.deb_ | _app-protect-module-plus_36+5.564.0--1\~jammy_amd64.deb_ | _app-protect_36+5.564.0-1\~jammy_amd64.deb_ | +| Ubuntu 24.04 | _app-protect-module-oss_1.29.3+5.564.0-1\~noble_amd64.deb_ | _app-protect-module-plus_36+5.564.0--1\~noble_amd64.deb_ | _app-protect_36+5.564.0-1\~noble_amd64.deb_ | +| RHEL 8 and Rocky Linux 8 | _app-protect-module-oss-1.29.3+5.564.0-1.el8.ngx.x86_64.rpm_ | _app-protect-module-plus-36+5.564.0-1.el8.ngx.x86_64.rpm_ | _app-protect-36+5.564.0-1.el8.ngx.x86_64.rpm_ | +| RHEL 9 and Rocky Linux 9 | _app-protect-module-oss-1.29.3+5.564.0-1.el9.ngx.x86_64.rpm_ | _app-protect-module-plus-36+5.564.0-1.el9.ngx.x86_64.rpm_ | _app-protect-36+5.564.0-1.el9.ngx.x86_64.rpm_ | + +{{< /table >}} + ## F5 WAF for NGINX 5.10 Released _December 1st, 2025_. @@ -30,6 +65,7 @@ Released _December 1st, 2025_. - 13117 - Severity Field should contain a value based on the violation highest severity - 13138 - Ability to bypass request when there is a 444 scenario - 13130 - add --all-policy-signatures option to include all policy signatures in the conversion output +- 12979 - fixing a scenario of CLOSE_WAIT connections error messages when using big POST request ### Packages diff --git a/data/nap-waf/schema/policy.json b/data/nap-waf/schema/policy.json index b15ac481c6..7deaad0166 100644 --- a/data/nap-waf/schema/policy.json +++ b/data/nap-waf/schema/policy.json @@ -3717,7 +3717,7 @@ "oneOf" : [ { "items" : { - "description" : "Defines behavior when signatures found within a signature-set are detected in a request. Settings are culmulative, so if a signature is found in any set with block enabled, that signature will have block enabled.", + "description" : "Defines behavior when signatures found within a signature-set are detected in a request. Settings are cumulative, so if a signature is found in any set with block enabled, that signature will have block enabled.", "properties" : { "$action" : { "enum" : [