Changelog
This changelog lists all of the information for F5 WAF for NGINX releases in 2025.
For older releases, check the changelogs for previous years: 2024.
September 29th, 2025
- Added Kubernetes operations improvements as early availability
- Renamed NGINX App Protect WAF to F5 for NGINX
- Aligned F5 WAF for NGINX versions
- Package and container artefacts now share the same version numbers
- Upgrade processes remain the same as earlier releases
- No breaking changes
- Restructured documentation
- Product name change
- Version alignment
- Grouped use cases into sections with single-purpose documents
- Upgrade Go compiler to 1.23.12
| Distribution name | NGINX Open Source | NGINX Plus | NGINX Plus (Virtual/Single container) |
|---|---|---|---|
| Alpine 3.19 | app-protect-module-oss-1.29.0+5.527.0-r1.apk | app-protect-module-plus-35+5.527.0-r1.apk | app-protect-35.5.527.0-r1.apk |
| Amazon Linux 2023 | app-protect-module-oss-1.29.0+5.527.0-1.amzn2023.ngx.x86_64.rpm | app-protect-module-plus-35+5.527.0-1.amzn2023.ngx.x86_64.rpm | app-protect-35+5.527.0-1.amzn2023.ngx.x86_64.rpm |
| Debian 11 | app-protect-module-oss_1.29.0+5.527.0-1~bullseye_amd64.deb | app-protect-module-plus_35+5.527.0-1~bullseye_amd64.deb | app-protect_35+5.527.0-1~bullseye_amd64.deb |
| Debian 12 | app-protect-module-oss_1.29.0+5.527.0-1~bookworm_amd64.deb | app-protect-module-plus_35+5.527.0-1~bookworm_amd64.deb | app-protect_35+5.527.0-1~bookworm_amd64.deb |
| Oracle Linux 8.1 | app-protect-module-oss-1.29.0+5.527.0-1.el8.ngx.x86_64.rpm | app-protect-module-plus-35+5.527.0-1.el8.ngx.x86_64.rpm | app-protect-35+5.527.0-1.el8.ngx.x86_64.rpm |
| RHEL 8 and Rocky Linux 8 | app-protect-module-oss-1.29.0+5.527.0-1.el8.ngx.x86_64.rpm | app-protect-module-plus-35+5.527.0-1.el8.ngx.x86_64.rpm | app-protect-35+5.527.0-1.el8.ngx.x86_64.rpm |
| RHEL 9 and Rocky Linux 9 | app-protect-module-oss-1.29.0+5.527.0-1.el9.ngx.x86_64.rpm | app-protect-module-plus-35+5.527.0-1.el8.ngx.x86_64.rpm | app-protect-35+5.527.0-1.el9.ngx.x86_64.rpm |
| Ubuntu 22.04 | app-protect-module-oss_1.29.0+5.527.0-1~jammy_amd64.deb | app-protect-module-plus_35+5.527.0-1~jammy_amd64.deb | app-protect_35+5.527.0-1~jammy_amd64.deb |
| Ubuntu 24.04 | app-protect-module-oss_1.29.0+5.527.0-1~noble_amd64.deb | app-protect-module-plus_35+5.527.0-1~noble_amd64.deb | app-protect_35+5.527.0-1~noble_amd64.deb |
August 13th, 2025
- Added support for NGINX Plus R35
| Distribution name | NGINX Open Source (5.8) | NGINX Plus (5.8) | NGINX Plus (4.16) |
|---|---|---|---|
| Alpine 3.19 | app-protect-module-oss-1.29.0+5.498.0-r1.apk | app-protect-module-plus-35+5.498.0-r1.apk | app-protect-35.5.498.0-r1.apk |
| Amazon Linux 2023 | app-protect-module-oss-1.29.0+5.498.0-1.amzn2023.ngx.x86_64.rpm | app-protect-module-plus-35+5.498.0-1.amzn2023.ngx.x86_64.rpm | app-protect-35+5.498.0-1.amzn2023.ngx.x86_64.rpm |
| Debian 11 | app-protect-module-oss_1.29.0+5.498.0-1~bullseye_amd64.deb | app-protect-module-plus_35+5.498.0-1~bullseye_amd64.deb | app-protect_35+5.498.0-1~bullseye_amd64.deb |
| Debian 12 | app-protect-module-oss_1.29.0+5.498.0-1~bookworm_amd64.deb | app-protect-module-plus_35+5.498.0-1~bookworm_amd64.deb | app-protect_35+5.498.0-1~bookworm_amd64.deb |
| Oracle Linux 8.1 | app-protect-module-oss-1.29.0+5.498.0-1.el8.ngx.x86_64.rpm | app-protect-module-plus-35+5.498.0-1.el8.ngx.x86_64.rpm | app-protect-35+5.498.0-1.el8.ngx.x86_64.rpm |
| Ubuntu 22.04 | app-protect-module-oss_1.29.0+5.498.0-1~jammy_amd64.deb | app-protect-module-plus_35+5.498.0-1~jammy_amd64.deb | app-protect_35+5.498.0-1~jammy_amd64.deb |
| Ubuntu 24.04 | app-protect-module-oss_1.29.0+5.498.0-1~noble_amd64.deb | app-protect-module-plus_35+5.498.0-1~noble_amd64.deb | app-protect_35+5.498.0-1~noble_amd64.deb |
| RHEL 8 and Rocky Linux 8 | app-protect-module-oss-1.29.0+5.498.0-1.el8.ngx.x86_64.rpm | app-protect-module-plus-35+5.498.0-1.el8.ngx.x86_64.rpm | app-protect-35+5.498.0-1.el8.ngx.x86_64.rpm |
| RHEL 9 and Rocky Linux 9 | app-protect-module-oss-1.29.0+5.498.0-1.el9.ngx.x86_64.rpm | app-protect-module-plus-35+5.498.0-1.el8.ngx.x86_64.rpm | app-protect-35+5.498.0-1.el9.ngx.x86_64.rpm |
June 24th, 2025
- Added support for Rocky Linux 9
- Added support for IP Intelligence
- Added support for Override rules for IP Address Lists
- Ubuntu 20.04 is no longer supported
- (12447) Upgrade libk5crypto3 package
- (12520) Upgrade Go compiler to 1.23.8
- (12527) Remove CPAN - installed certs and source files
- (11112) Remove systemd/init.d leftovers in NAP WAF v5 pkgs
- (12400) Cookie attributes are not added to a TS cookie when there is more than one TS cookie
- (12498) Undefined behavior when using huge XFF
- (12731) Multiple clean_resp_reset internal error messages in logs when loading NAP
| Distribution name | NGINX Open Source (5.7) | NGINX Plus (5.7) | NGINX Plus (4.15) |
|---|---|---|---|
| Alpine 3.19 | app-protect-module-oss-1.27.4+5.442.0-r1.apk | app-protect-module-plus-34+5.442.0-r1.apk | app-protect-34.5.442.0-r1.apk |
| Amazon Linux 2023 | app-protect-module-oss-1.27.4+5.442.0-1.amzn2023.ngx.x86_64.rpm | app-protect-module-plus-34+5.442.0-1.amzn2023.ngx.x86_64.rpm | app-protect-34+5.442.0-1.amzn2023.ngx.x86_64.rpm |
| Debian 11 | app-protect-module-oss_1.27.4+5.442.0-1~bullseye_amd64.deb | app-protect-module-plus_34+5.442.0-1~bullseye_amd64.deb | app-protect_34+5.442.0-1~bullseye_amd64.deb |
| Debian 12 | app-protect-module-oss_1.27.4+5.442.0-1~bookworm_amd64.deb | app-protect-module-plus_34+5.442.0-1~bookworm_amd64.deb | app-protect_34+5.442.0-1~bookworm_amd64.deb |
| Oracle Linux 8.1 | app-protect-module-oss-1.27.4+5.442.0-1.el8.ngx.x86_64.rpm | app-protect-module-plus-34+5.442.0-1.el8.ngx.x86_64.rpm | app-protect-34+5.442.0-1.el8.ngx.x86_64.rpm |
| Ubuntu 22.04 | app-protect-module-oss_1.27.4+5.442.0-1~jammy_amd64.deb | app-protect-module-plus_34+5.442.0-1~jammy_amd64.deb | app-protect_34+5.442.0-1~jammy_amd64.deb |
| Ubuntu 24.04 | app-protect-module-oss_1.27.4+5.442.0-1~noble_amd64.deb | app-protect-module-plus_34+5.442.0-1~noble_amd64.deb | app-protect_34+5.442.0-1~noble_amd64.deb |
| RHEL 8 and Rocky Linux 8 | app-protect-module-oss-1.27.4+5.442.0-1.el8.ngx.x86_64.rpm | app-protect-module-plus-34+5.442.0-1.el8.ngx.x86_64.rpm | app-protect-34+5.442.0-1.el8.ngx.x86_64.rpm |
| RHEL 9 and Rocky Linux 9 | app-protect-module-oss-1.27.4+5.442.0-1.el9.ngx.x86_64.rpm | app-protect-module-plus-34+5.442.0-1.el9.ngx.x86_64.rpm | app-protect-34+5.442.0-1.el9.ngx.x86_64.rpm |
April 1st, 2025
- Added support for NGINX Plus R34
- 5.6 Only: You can now deploy F5 WAF for NGINX 5+ using a Helm chart
- Alpine 3.17 is no longer supported
- Upgraded the Go compiler to 1.23.7
- (12140) Changed the maximum memory of the XML processing engine to 8GB
- (12254) A modified YAML file referenced by a JSON policy file causes a reload error when running
nginx -t - (12296) “Violation Bad Unescape” is not enabled by default
- (12297) “Violation Encoding” is not enabled by default
| Distribution name | NGINX Open Source (5.6) | NGINX Plus (5.6) | NGINX Plus (4.14) |
|---|---|---|---|
| Alpine 3.19 | app-protect-module-oss-1.27.4+5.342.0-r1.apk | app-protect-module-plus-34+5.342.0-r1.apk | app-protect-34.5.342.0-r1.apk |
| Amazon Linux 2023 | app-protect-module-oss-1.27.4+5.342.0-1.amzn2023.ngx.x86_64.rpm | app-protect-module-plus-34+5.342.0-1.amzn2023.ngx.x86_64.rpm | app-protect-34+5.342.0-1.amzn2023.ngx.x86_64.rpm |
| Debian 11 | app-protect-module-oss_1.27.4+5.342.0-1~bullseye_amd64.deb | app-protect-module-plus_34+5.342.0-1~bullseye_amd64.deb | app-protect_34+5.342.0-1~bullseye_amd64.deb |
| Debian 12 | app-protect-module-oss_1.27.4+5.342.0-1~bookworm_amd64.deb | app-protect-module-plus_34+5.342.0-1~bookworm_amd64.deb | app-protect_34+5.342.0-1~bookworm_amd64.deb |
| Oracle Linux 8.1 | app-protect-module-oss-1.27.4+5.342.0-1.el8.ngx.x86_64.rpm | app-protect-module-plus-34+5.342.0-1.el8.ngx.x86_64.rpm | app-protect-34+5.342.0-1.el8.ngx.x86_64.rpm |
| Ubuntu 20.04 | app-protect-module-oss_1.27.4+5.342.0-1~focal_amd64.deb | app-protect-module-plus_34+5.342.0-1~focal_amd64.deb | app-protect_34+5.342.0-1~focal_amd64.deb |
| Ubuntu 22.04 | app-protect-module-oss_1.27.4+5.342.0-1~jammy_amd64.deb | app-protect-module-plus_34+5.342.0-1~jammy_amd64.deb | app-protect_34+5.342.0-1~jammy_amd64.deb |
| Ubuntu 24.04 | app-protect-module-oss_1.27.4+5.342.0-1~noble_amd64.deb | app-protect-module-plus_34+5.342.0-1~noble_amd64.deb | app-protect_34+5.342.0-1~noble_amd64.deb |
| RHEL 8 and Rocky Linux 8 | app-protect-module-oss-1.27.4+5.342.0-1.el8.ngx.x86_64.rpm | app-protect-module-plus-34+5.342.0-1.el8.ngx.x86_64.rpm | app-protect-34+5.342.0-1.el8.ngx.x86_64.rpm |
| RHEL 9 | app-protect-module-oss-1.27.4+5.342.0-1.el9.ngx.x86_64.rpm | app-protect-module-plus-34+5.342.0-1.el9.ngx.x86_64.rpm | app-protect-34+5.342.0-1.el9.ngx.x86_64.rpm |
January 30th, 2025
- Added support for Alpine 3.19
- Added support for Brute force attack preventions
- 5.5 Only: Enforcer can now upgrade without requiring policies to be recompiled
- 5.5 Only: The standalone converter within the Compiler now supports user-defined signatures.
| Distribution name | NGINX Open Source (5.5) | NGINX Plus (5.5) | NGINX Plus (4.13) |
|---|---|---|---|
| Alpine 3.17 | app-protect-module-oss-1.27.4+5.210.0-r1.apk | app-protect-module-plus-34+5.210.0-r1.apk | app-protect-34.5.210.0-r1.apk |
| Alpine 3.19 | app-protect-module-oss-1.27.4+5.210.0-r1.apk | app-protect-module-plus-34+5.210.0-r1.apk | app-protect-34.5.210.0-r1.apk |
| Amazon Linux 2023 | app-protect-module-oss-1.27.4+5.210.0-1.amzn2023.ngx.x86_64.rpm | app-protect-module-plus-34+5.210.0-1.amzn2023.ngx.x86_64.rpm | app-protect-34+5.210.0-1.amzn2023.ngx.x86_64.rpm |
| Debian 11 | app-protect-module-oss_1.27.4+5.210.0-1~bullseye_amd64.deb | app-protect-module-plus_34+5.210.0-1~bullseye_amd64.deb | app-protect_34+5.210.0-1~bullseye_amd64.deb |
| Debian 12 | app-protect-module-oss_1.27.4+5.210.0-1~bookworm_amd64.deb | app-protect-module-plus_34+5.210.0-1~bookworm_amd64.deb | app-protect_34+5.210.0-1~bookworm_amd64.deb |
| Oracle Linux 8.1 | app-protect-module-oss-1.27.4+5.210.0-1.el8.ngx.x86_64.rpm | app-protect-module-plus-34+5.210.0-1.el8.ngx.x86_64.rpm | app-protect-34+5.210.0-1.el8.ngx.x86_64.rpm |
| Ubuntu 20.04 | app-protect-module-oss_1.27.4+5.210.0-1~focal_amd64.deb | app-protect-module-plus_34+5.210.0-1~focal_amd64.deb | app-protect_34+5.210.0-1~focal_amd64.deb |
| Ubuntu 22.04 | app-protect-module-oss_1.27.4+5.210.0-1~jammy_amd64.deb | app-protect-module-plus_34+5.210.0-1~jammy_amd64.deb | app-protect_34+5.210.0-1~jammy_amd64.deb |
| Ubuntu 24.04 | app-protect-module-oss_1.27.4+5.210.0-1~noble_amd64.deb | app-protect-module-plus_34+5.210.0-1~noble_amd64.deb | app-protect_34+5.210.0-1~noble_amd64.deb |
| RHEL 8 and Rocky Linux 8 | app-protect-module-oss-1.27.4+5.210.0-1.el8.ngx.x86_64.rpm | app-protect-module-plus-34+5.210.0-1.el8.ngx.x86_64.rpm | app-protect-34+5.210.0-1.el8.ngx.x86_64.rpm |
| RHEL 9 | app-protect-module-oss-1.27.4+5.210.0-1.el9.ngx.x86_64.rpm | app-protect-module-plus-34+5.210.0-1.el9.ngx.x86_64.rpm | app-protect-34+5.210.0-1.el9.ngx.x86_64.rpm |