NGINX Node Artifact Versions and Changelog¶

This document lists available versions of the NGINX Wallarm Node 5.x in various form factors, helping you track releases and plan upgrades.

All-in-one installer¶

Since version 4.10, installation and upgrading of Wallarm nodes is performed only with all all-in-one installer. Manual upgrade with individual Linux packages is not supported any more.

History of all-in-one installer updates simultaneously applies to it's x86_64 and ARM64 (beta) versions.

How to migrate from DEB/RPM packages

How to migrate from previous all-in-one installer version

5.3.7 (2025-02-04)¶

• Added support for the WALLARM_APID_ONLY environment variable which enables API Discovery-only mode

  In this mode, attacks are blocked locally (if enabled) but not exported to Wallarm Cloud, while API Discovery, API session tracking, and security vulnerability detection remain fully functional. This mode is rarely needed, in most environments, using this mode is unnecessary.

• Fix for the invalid_xml attack detection in responses

• Minor GraphQL parser fixes

5.3.0 (2025-01-29)¶

• Added support for response parameters in API Sessions for providing the full context of user activities and more precise session grouping (see detailed change description)

• Added a full-fledged GraphQL parser (see detailed change description) that allows:

  • Improved detection of the input validation attacks in GraphQL-specific request points
  • Fine-tuning attack detection for specific GraphQL points (e.g. disable detection of specific attack types in specific points)
  • Analyzing specific parts of GraphQL requests in API sessions

• Fixed invalid time value in serialized requests to properly display the resource overlimit attacks

5.2.11 (2024-12-25)¶

• Added support for NGINX Mainline v1.27.2 and 1.27.3

• Added support for NGINX Plus R33

• Added support for sensitive business flows in API Discovery and API Sessions

• Resolved the CVE-2024-45337 and CVE-2024-45338 vulnerabilities

• Fixed an issue where some requests were processed unsuccessfully, potentially affecting API Sessions, Credential Stuffing, and API Abuse Prevention

5.2.1 (2024-12-07)¶

• New $wallarm_attack_point_list and $wallarm_attack_stamp_list variables for extended logging

  These variables log request points containing malicious payloads and attack sign IDs, thereby enabling advanced debugging of Node behavior.

• Minor bug fixes

5.1.1 (2024-11-08)¶

• Fixed some bugs in the wallarm-status service operation

5.1.0 (2024-11-06)¶

• Added support for API Sessions

• Improved limiting request processing time

• Reduced memory usage during node registration

5.0.3 (2024-10-10)¶

• Added support for customizing sensitive data detection in API Discovery

• Fixed memory leak on duplicate response headers in libproton

• Fixed memory leak related to IP addresses that are not in IP lists but have known source

5.0.2 (2024-09-18)¶

• Fixed installation failure issue when no WAAP + API Security subscription is activated

• Fixed delays in attack export

5.0.1 (2024-08-21)¶

• Initial release 5.0, see changelog

• Added support for NGINX v1.26.2 stable

Helm chart for Wallarm NGINX Ingress controller¶

How to upgrade

5.3.7 (2025-02-10)¶

• Fix for the invalid_xml attack detection in responses

• Minor GraphQL parser fixes

5.3.0 (2025-01-29)¶

• Added support for response parameters in API Sessions for providing the full context of user activities and more precise session grouping (see detailed change description)

• Added a full-fledged GraphQL parser (see detailed change description) that allows:

  • Improved detection of the input validation attacks in GraphQL-specific request points
  • Fine-tuning attack detection for specific GraphQL points (e.g. disable detection of specific attack types in specific points)
  • Analyzing specific parts of GraphQL requests in API sessions

• Fixed invalid time value in serialized requests to properly display the resource overlimit attacks

5.2.12 (2025-01-08)¶

• Resolved the CVE-2024-45338 controller vulnerability

5.2.11 (2024-12-27)¶

• Added support for sensitive business flows in API Discovery and API Sessions

• Resolved the CVE-2024-45337 and CVE-2024-45338 vulnerabilities

• Fixed an issue where some requests were processed unsuccessfully, potentially affecting API Sessions, Credential Stuffing, and API Abuse Prevention

5.2.2 (2024-12-11)¶

• Re-apply the fix for the GHSA-c5pj-mqfh-rvc3 vulnerability

5.2.1 (2024-12-07)¶

• Upgraded to Community Ingress NGINX Controller version 1.11.3, aligning with the upstream Helm chart version 4.11.3

• Breaking changes introduced by the Community Ingress NGINX Controller upgrade:

  • Discontinued support for Opentracing and Zipkin modules, now only supporting Opentelemetry
  • Dropped support for PodSecurityPolicy

• Compatibility extended up to Kubernetes version 1.30

• Updated to NGINX 1.25.5

• Minor bug fixes

5.1.1 (2024-11-14)¶

• Fixed the GHSA-c5pj-mqfh-rvc3 vulnerability

• Fixed some bugs in the wallarm-status service operation

5.1.0 (2024-11-06)¶

• Added support for API Sessions

• Improved limiting request processing time

• Reduced memory usage during node registration

• Added new settings for API Specification Enforcement:

  • readBufferSize
  • writeBufferSize
  • maxRequestBodySize
  • disableKeepalive
  • maxConnectionsPerIp
  • maxRequestsPerConnection

  See descriptions and default values here.

5.0.3 (2024-10-10)¶

• Added support for customizing sensitive data detection in API Discovery

• Fixed memory leak on duplicate response headers in libproton

• Fixed memory leak related to IP addresses that are not in IP lists but have known source

5.0.2 (2024-09-18)¶

• Fixed installation failure issue when no WAAP + API Security subscription is activated

• Fixed delays in attack export

5.0.1 (2024-08-21)¶

• Initial release 5.0, see changelog

Helm chart for Sidecar¶

How to upgrade

5.3.7 (2025-02-10)¶

• Fix for the invalid_xml attack detection in responses

• Minor GraphQL parser fixes

5.3.0 (2025-01-29)¶

• Added support for response parameters in API Sessions for providing the full context of user activities and more precise session grouping (see detailed change description)

• Added a full-fledged GraphQL parser (see detailed change description) that allows:

  • Improved detection of the input validation attacks in GraphQL-specific request points
  • Fine-tuning attack detection for specific GraphQL points (e.g. disable detection of specific attack types in specific points)
  • Analyzing specific parts of GraphQL requests in API sessions

• Fixed invalid time value in serialized requests to properly display the resource overlimit attacks

• Added new settings for API Specification Enforcement:

  • readBufferSize
  • writeBufferSize
  • maxRequestBodySize
  • disableKeepalive
  • maxConnectionsPerIp
  • maxRequestsPerConnection

  See descriptions and default values here.

• Added the config.nginx.logs.extended and config.nginx.logs.format Helm chart values for extended logging in NGINX

5.2.11 (2024-12-27)¶

• Added support for sensitive business flows in API Discovery and API Sessions

• Resolved the CVE-2024-45337 and CVE-2024-45338 vulnerabilities

• Fixed an issue where some requests were processed unsuccessfully, potentially affecting API Sessions, Credential Stuffing, and API Abuse Prevention

5.2.1 (2024-12-09)¶

• New $wallarm_attack_point_list and $wallarm_attack_stamp_list variables for extended logging

  These variables log request points containing malicious payloads and attack sign IDs, thereby enabling advanced debugging of Node behavior.

• Minor bug fixes

5.1.0 (2024-11-06)¶

• Added support for API Sessions

• Improved limiting request processing time

• Reduced memory usage during node registration

5.0.3 (2024-10-10)¶

• Added support for customizing sensitive data detection in API Discovery

• Fixed memory leak on duplicate response headers in libproton

• Fixed memory leak related to IP addresses that are not in IP lists but have known source

5.0.2 (2024-09-19)¶

• Fixed installation failure issue when no WAAP + API Security subscription is activated

• Fixed delays in attack export

5.0.1 (2024-08-21)¶

• Initial release 5.0, see changelog

NGINX-based Docker image¶

How to upgrade

5.3.7 (2025-02-04)¶

• Added support for the WALLARM_APID_ONLY environment variable which enables API Discovery-only mode while running the Docker image

  In this mode, attacks are blocked locally (if enabled) but not exported to Wallarm Cloud, while API Discovery, API session tracking, and security vulnerability detection remain fully functional. This mode is rarely needed, in most environments, using this mode is unnecessary.

• Fix for the invalid_xml attack detection in responses

• Minor GraphQL parser fixes

5.3.0 (2025-01-29)¶

• Added support for response parameters in API Sessions for providing the full context of user activities and more precise session grouping (see detailed change description)

• Added a full-fledged GraphQL parser (see detailed change description) that allows:

  • Improved detection of the input validation attacks in GraphQL-specific request points
  • Fine-tuning attack detection for specific GraphQL points (e.g. disable detection of specific attack types in specific points)
  • Analyzing specific parts of GraphQL requests in API sessions

• Fixed invalid time value in serialized requests to properly display the resource overlimit attacks

5.2.11 (2024-12-25)¶

• Added support for sensitive business flows in API Discovery and API Sessions

• Resolved the CVE-2024-45337 and CVE-2024-45338 vulnerabilities

• Fixed an issue where some requests were processed unsuccessfully, potentially affecting API Sessions, Credential Stuffing, and API Abuse Prevention

5.2.1 (2024-12-07)¶

• New $wallarm_attack_point_list and $wallarm_attack_stamp_list variables for extended logging

  These variables log parameters containing malicious payloads and attack sign IDs enabling advanced debugging of Node behavior.

• Moved image source and Dockerfile from GitHub to an internal GitLab repository

5.1.0-1 (2024-11-06)¶

• Added support for API Sessions

• Improved limiting request processing time

• Reduced memory usage during node registration

5.0.3-1 (2024-10-10)¶

• Added support for customizing sensitive data detection in API Discovery

• Fixed memory leak on duplicate response headers in libproton

• Fixed memory leak related to IP addresses that are not in IP lists but have known source

5.0.2-1 (2024-09-18)¶

• Fixed installation failure issue when no WAAP + API Security subscription is activated

• Fixed delays in attack export

5.0.1-1 (2024-08-21)¶

• Initial release 5.0, see changelog

• Added support for NGINX v1.26.2 stable

Amazon Machine Image (AMI)¶

How to upgrade

5.3.7 (2025-02-13)¶

• Fix for the invalid_xml attack detection in responses

• Minor GraphQL parser fixes

5.3.0 (2025-01-30)¶

• Added support for response parameters in API Sessions for providing the full context of user activities and more precise session grouping (see detailed change description)

• Added a full-fledged GraphQL parser (see detailed change description) that allows:

  • Improved detection of the input validation attacks in GraphQL-specific request points
  • Fine-tuning attack detection for specific GraphQL points (e.g. disable detection of specific attack types in specific points)
  • Analyzing specific parts of GraphQL requests in API sessions

• Fixed invalid time value in serialized requests to properly display the resource overlimit attacks

5.2.11 (2024-12-28)¶

• Added support for sensitive business flows in API Discovery and API Sessions

• Resolved the CVE-2024-45337 and CVE-2024-45338 vulnerabilities

• Fixed an issue where some requests were processed unsuccessfully, potentially affecting API Sessions, Credential Stuffing, and API Abuse Prevention

5.2.1 (2024-12-07)¶

• New $wallarm_attack_point_list and $wallarm_attack_stamp_list variables for extended logging

  These variables log parameters containing malicious payloads and attack sign IDs enabling advanced debugging of Node behavior.

• Minor bug fixes

5.1.0-1 (2024-11-06)¶

• Added support for API Sessions

• Improved limiting request processing time

• Reduced memory usage during node registration

5.0.3-1 (2024-10-10)¶

• Added support for customizing sensitive data detection in API Discovery

• Fixed memory leak on duplicate response headers in libproton

• Fixed memory leak related to IP addresses that are not in IP lists but have known source

5.0.2-1 (2024-09-19)¶

• Fixed installation failure issue when no WAAP + API Security subscription is activated

• Fixed delays in attack export

5.0.1-1 (2024-08-21)¶

• Initial release 5.0, see changelog

Google Cloud Platform Image¶

How to upgrade

wallarm-node-5-3-20250213-053413 (2025-02-13)¶

• Fix for the invalid_xml attack detection in responses

• Minor GraphQL parser fixes

wallarm-node-5-3-20250129-150255 (2025-01-30)¶

• Added support for response parameters in API Sessions for providing the full context of user activities and more precise session grouping (see detailed change description)

• Added a full-fledged GraphQL parser (see detailed change description) that allows:

  • Improved detection of the input validation attacks in GraphQL-specific request points
  • Fine-tuning attack detection for specific GraphQL points (e.g. disable detection of specific attack types in specific points)
  • Analyzing specific parts of GraphQL requests in API sessions

• Fixed invalid time value in serialized requests to properly display the resource overlimit attacks

wallarm-node-5-2-20241227-095327 (2024-12-27)¶

• Resolved the CVE-2024-45337 and CVE-2024-45338 vulnerabilities

• Fixed an issue where some requests were processed unsuccessfully, potentially affecting API Sessions, Credential Stuffing, and API Abuse Prevention

wallarm-node-5-2-20241209-114655 (2024-12-07)¶

• New $wallarm_attack_point_list and $wallarm_attack_stamp_list variables for extended logging

  These variables log parameters containing malicious payloads and attack sign IDs enabling advanced debugging of Node behavior.

• Minor bug fixes

wallarm-node-5-1-20241108-120238 (2024-11-08)¶

• Initial release 5.x, see changelog

Was this page helpful?

How can we improve this article? (Optional)

Information is unclear or confusing

Insufficient information

Outdated or incorrect information

0/240

Send