Nemesida WAF Release Notes 2025 | Nemesida WAF

Nemesida WAF Release Notes 2025

A list of updates of Nemesida WAF modules for 2025 information about installing, updating and diagnosing the software is available in the manual.

21.04.2025

Dynamic module 5.1.5290 (nwaf-dyn)
Dynamic module:

  • Added support for Nginx 1.27.5 Mainline and Nginx Plus R34;
  • Added support options for request analysis exclusion by antivirus software for IP addresses (nwaf_av_ip_wl) and URLs (nwaf_av_url_wl);
  • Added support options for activating request analysis by antivirus software in monitoring mode for IP addresses (nwaf_av_ip_lm) and URLs (nwaf_av_url_lm);
  • Other fixes and improvements.

Nemesida AI MLA:

  • Added collection of information about server system resources for checking component status;
  • Fixes related to transmitting data to the component event log.
Nemesida AI MLC 6.1.1631 (nwaf-mlc)
  • Added collection of information about server system resources for checking component status;
  • Fixed the functionality of creating a specification for automatically generated URLs;
  • Other minor improvements.
Nemesida WAF API 3.0.944 (nwaf-api)
  • Added support options for request analysis exclusion by antivirus software for IP addresses (nwaf_av_ip_wl) and URLs (nwaf_av_url_wl);
  • Added support options for activating request analysis by antivirus software in monitoring mode for IP addresses (nwaf_av_ip_lm) and URLs (nwaf_av_url_lm);
  • Added additional filtering of parameters transmitted via the URL /nw-api/v2/set_dyn_settings to configure the filtering node;
  • Fixed incorrect operation of the EC_STORAGE_PERIOD parameter (the retention period for the component event log) specified in the configuration file /var/www/nw-api/settings.py;
  • Added collection of information about server system resources for checking component status;
  • Fixed the functionality of creating a specification for URLs automatically generated by the Nemesida AI MLC component, as well as their exclusion.
Nemesida WAF Scanner 7.0.263 (nwaf-scanner)
Added collection of information about server system resources for checking component status.

18.04.2025

Changing the Python version for Nemesida WAF components

Starting from 18.04.2025, all released components of Nemesida WAF for the distribution RHEL 8/9 will use Python 3.12 version instead of Python 3.9 due to the end of its support.

08.04.2025

Dynamic module 5.1.5252 (nwaf-dyn)
Dynamic module:

  • Added support for the anti-bot mode (under attack mode);
  • Changed the processing of rules with an empty condition template;
  • Other fixes and improvements.

Nemesida AI MLA:

  • Added support for the anti-bot mode (under attack mode);
  • Corrections related to the normalization of request data;
  • Improved stability of the component in case of unavailability of the Nemesida WAF API;
  • Other minor improvements.
Nemesida AI MLC 6.1.1604 (nwaf-mlc)
  • Corrections related to the normalization of request data;
  • Improved stability of the component in case of unavailability of the Nemesida WAF API;
  • Other minor improvements.
Nemesida WAF API 3.0.917 (nwaf-api)
  • Added support for the anti-bot mode (under attack mode);
  • Fixes related to the processing of the cc (country) field for the functionality of receiving information about attacks;
  • Fixes related to the operation of the components event collector;
  • Other fixes and improvements.

03.04.2025

End of Nemesida WAF component support for Ubuntu 20.04

Nemesda WAF is discontinuing the release of components for Ubuntu 20.04 due to the end of distribution support.

24.03.2025

Nemesida WAF Cabinet 3.1.699 (nwaf-cabinet)
  • Added functionality for advanced settings for detecting brute-force and flood attacks;
  • Other fixes and improvements

18.03.2025

Nemesida WAF API 3.0.879 (nwaf-api)
Fixes related to synchronization of blocked IP addresses between filtering nodes.
Dynamic module 5.1.5065 (nwaf-dyn)
Dynamic module:

  • Added the option to send a message about closing a Websocket connection specifying the request ID, source IP address, and block type based on the returned headers using the values of the variables $request_id, $remote_addr, and $nwaf_block_type;
  • Improved algorithm for detecting and blocking attacks when analyzed by the machine learning module and antivirus software for Websocket connections;
  • Added support for regular expressions to the advanced URL blocking rules;
  • Other fixes and improvements.

Nemesida AI MLA:

  • Fixes related to the transfer of functionality to interact with the new Nemesida WAF API URLs.

13.03.2025

Nemesida WAF API 3.0.877 (nwaf-api)
  • Added the functionality necessary for the Nemesida AI MLC component to work in distributed mode;
  • Added the URL /nw-api/get_attack_vhost_stats to get advanced attack statistics;
  • For the URL /nw-api/get_attack, the field name signatureType (type of detected attack) has been replaced with description;
  • Added regular expression support for advanced blocking rules (ERL v2);
  • Corrections related to the output of information about the extended blocking rules (ERL v2) have been made;
  • Other fixes and improvements.
Nemesida AI MLC 6.1.1594 (nwaf-mlc)
  • Added support a distributed mode operation;
  • Other fixes and improvements.

Before updating the component, you must update the Nemesida WAF API component.

05.03.2025

Nemesida WAF API 3.0.847 (nwaf-api)
Fixes related to processing the contents of the brute__bf_detect value when accessing the URL /nw-api/v2/get_mlc_settings to get information about the component settings.
Nemesida AI MLC 6.1.1583 (nwaf-mlc)
  • Fixes related to the exclusion of duplicate records of certain types of events when sending to Nemesida WAF API;
  • Cumulative package of fixes and improvements related, among other things, to the detection of Brute-force/Flood/DDoS/Web scraping events.

23.02.2025

Dynamic module 5.1.4937 (nwaf-dyn)
Dynamic module:

  • Added support for antivirus software analysis for data sent over an established Websocket connection;
  • Added fields no_ua (no header User-Agent), no_referer (no header Referer) to create extended blocking rules (ERL);
  • Added functionality that allows you to record all requests received by the filtering node;
  • Other fixes and improvements.

Nemesida AI MLA:

  • Improvements related to determining the country by IP address;
  • Corrections related to the processing of the request body.

20.02.2025

Nemesida WAF API 3.0.832 (nwaf-api)
  • Fixes related to generating settings for the dynamic module;
  • Fixes related to copying behavioral models;
  • Added support for checking the absence of User-Agent (no_ua) and Referrer (no_referer) headers when creating an extended blocking rule (ERL);
  • Other fixes and improvements.

After updating the component, it is recommended to restart the Nemesida AI MLA component on the filtering node:

# systemctl restart mla_main

17.02.2025

Nemesida WAF Cabinet 3.1.663 (nwaf-cabinet)
Fixes related to interaction with the Nemesida WAF API.

14.02.2025

Nemesida AI MLC 6.1.1556 (nwaf-mlc)
  • Improvements related to determining the country by IP address;
  • Fixes related to the processing of the request body.
Nemesida WAF API 3.0.819 (nwaf-api)
  • Using the FastAPI framework instead of Flask;
  • Added support for the nwaf_log_request option to register all requests (including unblocked ones) processed by the filtering node;
  • The log file storage directory has been changed from /var/log/uwsgi/nw-api to /var/log/nw-api;
  • Added the WORKERS parameter to the configuration file that regulates the number of parallel processes;
  • Other fixes and improvements.

After updating the component, make sure that the new proxy_pass method is set in the virtual host file /etc/nginx/conf.d/nwaf-api.conf http://127.0.0.1:8088 instead of uwsgi_pass unix:/var/www/nw-api/nw-api.sock.

If the old proxying method is set, change the virtual host file to the following format yourself from /etc/nginx/conf.d/nwaf-api.conf.disabled files.

To correctly display IP addresses in the component’s log, add include proxy_params to the /nw-api/ section.

06.02.2025

Dynamic module 5.1.4776 (nwaf-dyn)
Dynamic module:

  • Added support for Nginx 1.26.3 Stable and Nginx 1.27.4 Mainline.
Updating the digital signature of Nemesida WAF packages
All subsequent Nemesida WAF packages will be signed with a new digital key. Until the new key is imported, an error like this will occur during the update.:

The following signatures couldn't be verified because the public key is not available: NO_PUBKEY AF1A0FD3216F3F05

In order to avoid errors when updating packages, it is necessary to update the digital signature for distributions.:

Debian/UbuntuRHEL

1. Import the key:

# curl -s https://nemesida-security.com/repo/nw/gpg.key | gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/trusted.gpg --import

2. Update the package information:

# apt update

When updating a digital signature for RHEL-based distributions, the key must be imported during the update of package information, when the corresponding prompt is displayed.
Example:

# dnf update
...
Nemesida WAF Packages for RHEL                                                                                                                                                                                                        63 kB/s | 5.0 kB     00:00    
GPG key at https://nemesida-security.com/repo/nw/gpg.key (0x1929CEB1) is already installed
Importing GPG key 0x216F3F05:
 Userid     : "nemesida-waf.com (Pentestit LLC) "
 Fingerprint: 24F7 AFDC 3535 C76F 7A7E F4F1 AF1A 0FD3 216F 3F05
 From       : https://nemesida-security.com/repo/nw/gpg.key
Is this ok [y/N]: y
...

31.01.2025

According to RFC when transmitting data over the Websocket protocol, by default supports 2 types of compression: without compression and permessage-deflate. If you need to add a new data compression method for the correct operation of the application, please inform the technical support service to implement the functionality.

Dynamic module 5.1.4724 (nwaf-dyn)
Dynamic module:

  • Added support for analyzing requests sent over an established Websocket connection;
  • Added functionality for monitoring the operation of the component;
  • Improved the mechanism of interaction with antivirus software;
  • Other fixes and improvements.

Nemesida AI MLA:

  • Added support for analyzing requests sent over an established Websocket connection;
  • Added functionality for monitoring the operation of the component.
Nemesida AI MLC 6.1.1551 (nwaf-mlc)
  • Added support for request analysis using the Websocket protocol;
  • Added functionality for monitoring the operation of the component;
  • Minor improvements.

29.01.2025

Nemesida WAF API 3.0.789 (nwaf-api)
  • Fixes related to date processing;
  • Added support for the nwaf_ws_proxy_pass option for management of the web server virtual host settings.

21.01.2025

Nemesida WAF API 3.0.785 (nwaf-api)
  • Added the request_type field when receiving information about attacks;
  • Added functionality for monitoring the operation of components;
  • Fixed an error that occurs when rotating log files;
  • Other fixes and improvements.
Nemesida WAF Scanner 7.0.255 (nwaf-scanner)
Added functionality for components operation monitoring.