Nemesida WAF Release Notes 2025 | Nemesida WAF

Nemesida WAF Release Notes 2025

A list of updates of Nemesida WAF modules for 2025 information about installing, updating and diagnosing the software is available in the manual.

24.03.2025

Nemesida WAF Cabinet 3.1.699 (nwaf-cabinet)
  • Added functionality for advanced settings for detecting brute-force and flood attacks;
  • Other fixes and improvements

18.03.2025

Nemesida WAF API 3.0.879 (nwaf-api)
Fixes related to synchronization of blocked IP addresses between filtering nodes.
Dynamic module 5.1.5065 (nwaf-dyn)
Dynamic module:

  • Added the option to send a message about closing a Websocket connection specifying the request ID, source IP address, and block type based on the returned headers using the values of the variables $request_id, $remote_addr, and $nwaf_block_type;
  • Improved algorithm for detecting and blocking attacks when analyzed by the machine learning module and antivirus software for Websocket connections;
  • Added support for regular expressions to the advanced URL blocking rules;
  • Other fixes and improvements.

Nemesida AI MLA:

  • Fixes related to the transfer of functionality to interact with the new Nemesida WAF API URLs.

13.03.2025

Nemesida WAF API 3.0.877 (nwaf-api)
  • Added the functionality necessary for the Nemesida AI MLC component to work in distributed mode;
  • Added the URL /nw-api/get_attack_vhost_stats to get advanced attack statistics;
  • For the URL /nw-api/get_attack, the field name signatureType (type of detected attack) has been replaced with description;
  • Added regular expression support for advanced blocking rules (ERL v2);
  • Corrections related to the output of information about the extended blocking rules (ERL v2) have been made;
  • Other fixes and improvements.
Nemesida AI MLC 6.1.1594 (nwaf-mlc)
  • Added support a distributed mode operation;
  • Other fixes and improvements.

Before updating the component, you must update the Nemesida WAF API component.

05.03.2025

Nemesida WAF API 3.0.847 (nwaf-api)
Fixes related to processing the contents of the brute__bf_detect value when accessing the URL /nw-api/v2/get_mlc_settings to get information about the component settings.
Nemesida AI MLC 6.1.1583 (nwaf-mlc)
  • Fixes related to the exclusion of duplicate records of certain types of events when sending to Nemesida WAF API;
  • Cumulative package of fixes and improvements related, among other things, to the detection of Brute-force/Flood/DDoS/Web scraping events.

23.02.2025

Dynamic module 5.1.4937 (nwaf-dyn)
Dynamic module:

  • Added support for antivirus software analysis for data sent over an established Websocket connection;
  • Added fields no_ua (no header User-Agent), no_referer (no header Referer) to create extended blocking rules (ERL);
  • Added functionality that allows you to record all requests received by the filtering node;
  • Other fixes and improvements.

Nemesida AI MLA:

  • Improvements related to determining the country by IP address;
  • Corrections related to the processing of the request body.

20.02.2025

Nemesida WAF API 3.0.832 (nwaf-api)
  • Fixes related to generating settings for the dynamic module;
  • Fixes related to copying behavioral models;
  • Added support for checking the absence of User-Agent (no_ua) and Referrer (no_referer) headers when creating an extended blocking rule (ERL);
  • Other fixes and improvements.

After updating the component, it is recommended to restart the Nemesida AI MLA component on the filtering node:

# systemctl restart mla_main

17.02.2025

Nemesida WAF Cabinet 3.1.663 (nwaf-cabinet)
Fixes related to interaction with the Nemesida WAF API.

14.02.2025

Nemesida AI MLC 6.1.1556 (nwaf-mlc)
  • Improvements related to determining the country by IP address;
  • Fixes related to the processing of the request body.
Nemesida WAF API 3.0.819 (nwaf-api)
  • Using the FastAPI framework instead of Flask;
  • Added support for the nwaf_log_request option to register all requests (including unblocked ones) processed by the filtering node;
  • The log file storage directory has been changed from /var/log/uwsgi/nw-api to /var/log/nw-api;
  • Added the WORKERS parameter to the configuration file that regulates the number of parallel processes;
  • Other fixes and improvements.

After updating the component, make sure that the new proxy_pass method is set in the virtual host file /etc/nginx/conf.d/nwaf-api.conf http://127.0.0.1:8088 instead of uwsgi_pass unix:/var/www/nw-api/nw-api.sock.

If the old proxying method is set, change the virtual host file to the following format yourself from /etc/nginx/conf.d/nwaf-api.conf.disabled files.

To correctly display IP addresses in the component’s log, add include proxy_params to the /nw-api/ section.

06.02.2025

Dynamic module 5.1.4776 (nwaf-dyn)
Dynamic module:

  • Added support for Nginx 1.26.3 Stable and Nginx 1.27.4 Mainline.
Updating the digital signature of Nemesida WAF packages
All subsequent Nemesida WAF packages will be signed with a new digital key. Until the new key is imported, an error like this will occur during the update.:

The following signatures couldn't be verified because the public key is not available: NO_PUBKEY AF1A0FD3216F3F05

In order to avoid errors when updating packages, it is necessary to update the digital signature for distributions.:

Debian/UbuntuRHEL

1. Import the key:

# curl -s https://nemesida-security.com/repo/nw/gpg.key | gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/trusted.gpg --import

2. Update the package information:

# apt update

When updating a digital signature for RHEL-based distributions, the key must be imported during the update of package information, when the corresponding prompt is displayed.
Example:

# dnf update
...
Nemesida WAF Packages for RHEL                                                                                                                                                                                                        63 kB/s | 5.0 kB     00:00    
GPG key at https://nemesida-security.com/repo/nw/gpg.key (0x1929CEB1) is already installed
Importing GPG key 0x216F3F05:
 Userid     : "nemesida-waf.com (Pentestit LLC) "
 Fingerprint: 24F7 AFDC 3535 C76F 7A7E F4F1 AF1A 0FD3 216F 3F05
 From       : https://nemesida-security.com/repo/nw/gpg.key
Is this ok [y/N]: y
...

31.01.2025

According to RFC when transmitting data over the Websocket protocol, by default supports 2 types of compression: without compression and permessage-deflate. If you need to add a new data compression method for the correct operation of the application, please inform the technical support service to implement the functionality.

Dynamic module 5.1.4724 (nwaf-dyn)
Dynamic module:

  • Added support for analyzing requests sent over an established Websocket connection;
  • Added functionality for monitoring the operation of the component;
  • Improved the mechanism of interaction with antivirus software;
  • Other fixes and improvements.

Nemesida AI MLA:

  • Added support for analyzing requests sent over an established Websocket connection;
  • Added functionality for monitoring the operation of the component.
Nemesida AI MLC 6.1.1551 (nwaf-mlc)
  • Added support for request analysis using the Websocket protocol;
  • Added functionality for monitoring the operation of the component;
  • Minor improvements.

29.01.2025

Nemesida WAF API 3.0.789 (nwaf-api)
  • Fixes related to date processing;
  • Added support for the nwaf_ws_proxy_pass option for management of the web server virtual host settings.

21.01.2025

Nemesida WAF API 3.0.785 (nwaf-api)
  • Added the request_type field when receiving information about attacks;
  • Added functionality for monitoring the operation of components;
  • Fixed an error that occurs when rotating log files;
  • Other fixes and improvements.
Nemesida WAF Scanner 7.0.255 (nwaf-scanner)
Added functionality for components operation monitoring.