Skip to content

Inventory of node artifact versions

This document lists available patch versions of Wallarm node 4.10 in different form-factors. You can track new patch version releases and plan timely upgrades based on this document.

All-in-one installer

Since version 4.10, installation and upgrading of Wallarm nodes is performed only with all all-in-one installer Manual upgrade with individual Linux packages is not supported any more.

History of all-in-one installer updates simultaneously applies to it's x86_64 and ARM64 (beta) versions.

How to migrate from DEB/RPM packages

How to migrate from previous all-in-one installer version

4.10.13 (2024-10-11)

4.10.11 (2024-09-02)

  • Added support for NGINX v1.26.2 stable

4.10.9 (2024-07-19)

4.10.8 (2024-07-12)

4.10.7 (2024-07-03)

  • Added support for NGINX v1.26.1 stable

  • Added support for NGINX v1.25.5 mainline

  • Added support for NGINX Plus R32

  • Fixed the syncnode issue Could not update (TypeError): no implicit conversion of nil into String that sometimes appeared when registering a node in Wallarm Cloud using a node token

  • API Specification Enforcement no longer requires manual NGINX configuration changes in server sections

  • Optimized OpenAPI data type detection by the API Discovery module

4.10.6 (2024-05-16)

  • Enhanced OpenAPI data type detection by the API Discovery module

  • Introduced the wallarm_http_v2_stream_max_len directive to control the maximum length of HTTP/2 streams, helping prevent excessive memory consumption in long-lived gRPC connections

  • Added support for NGINX v1.26.0

  • Fixed compatibility issues with the Kong Gateway

  • Resolved a memory leak issue where memory continued to be consumed after an overlimit attack was triggered, even when no further attack checks were conducted

  • Return proper non-zero exit codes during installation errors, addressing previous issues

  • Include the cpire-runner utility, which facilitates testing of regular expressions intended for user-defined attack detectors

  • Introduced distinct search tags for the account_takeover, scraping, and security_crawlers attack types, improving specificity over the previous general api_abuse tag

4.10.5 (2024-04-23)

  • Fixed the API Abuse Prevention module logging issues

4.10.4 (2024-04-18)

4.10.3 (2024-03-18)

  • The readahead parameter value for Tarantool has been decreased to 32KB

4.10.2 (2024-03-08)

  • Internal improvements for higher reliability and security, including better synchronization between the filtering node and Wallarm Cloud, securing the wallarm user with a non-interactive shell, and other changes that do not affect the usage flow

  • Updated the appstructure package

  • Updated the api-firewall package

  • The readahead parameter value for Tarantool has been decreased to 32KB

  • Fixed the vulnerabilities:

  • Required access to the IP addresses below for downloading updates to attack detection rules and API specifications, as well as retrieving precise IPs for your allowlisted, denylisted, or graylisted countries, regions, or data centers

    34.96.64.17
34.110.183.149
35.235.66.155
34.102.90.100
34.94.156.115
35.235.115.105

    34.160.38.183
34.144.227.90
34.90.110.226

4.10.1 (2024-02-21)

4.10.0 (2024-02-02)

Helm chart for Wallarm NGINX Ingress controller

How to upgrade

4.10.13 (2024-10-11)

4.10.9 (2024-07-19)

4.10.8 (2024-07-12)

4.10.7 (2024-07-03)

  • Fixed the syncnode issue Could not update (TypeError): no implicit conversion of nil into String that sometimes appeared when registering a node in Wallarm Cloud using a node token

  • Optimized OpenAPI data type detection by the API Discovery module

  • Upgraded the controller to Go 1.21.11 for the CVE-2024-24790 fix

4.10.6 (2024-05-22)

  • Added the controller.wallarm.container_name.extraEnvs chart values to allow passing additional environment variables to Docker containers utilized by the solution

  • Enhanced OpenAPI data type detection by the API Discovery module

  • Introduced the wallarm_http_v2_stream_max_len directive to control the maximum length of HTTP/2 streams, helping prevent excessive memory consumption in long-lived gRPC connections

    To apply this directive during Ingress controller deployment, include it in the controller.config.http-snippet, server-snippet, or location-snippet values. Alternatively, use the nginx.ingress.kubernetes.io/server-snippet Ingress annotation.

  • Resolved a memory leak issue where memory continued to be consumed after an overlimit attack was triggered, even when no further attack checks were conducted

  • Introduced distinct search tags for the account_takeover, scraping, and security_crawlers attack types, improving specificity over the previous general api_abuse tag

4.10.5 (2024-04-30)

  • Fixed the API Abuse Prevention module logging issues

4.10.4 (2024-04-19)

4.10.3 (2024-03-08)

  • Internal improvements for higher reliability and security, including better synchronization between the filtering node and Wallarm Cloud, securing the wallarm user with a non-interactive shell, and other changes that do not affect the usage flow

  • Updated the appstructure package

  • Updated the api-firewall package

  • Fixed the vulnerabilities:

4.10.2 (2024-02-21)

  • Restored OpenTracing

  • Required access to the IP addresses below for downloading updates to attack detection rules and API specifications, as well as retrieving precise IPs for your allowlisted, denylisted, or graylisted countries, regions, or data centers

    34.96.64.17
34.110.183.149
35.235.66.155
34.102.90.100
34.94.156.115
35.235.115.105

    34.160.38.183
34.144.227.90
34.90.110.226

4.10.1 (2024-02-21)

4.10.0 (2024-02-01)

Helm chart for Sidecar

How to upgrade

4.10.13 (2024-10-11)

4.10.10 (2024-07-22)

4.10.9 (2024-07-18)

  • Fixed issues preventing sidecar proxy container from starting

4.10.8 (2024-07-17)

4.10.7 (2024-07-03) - Breaking changes

  • Breaking change: The default method for generating the admission webhook certificate is now certgen, replacing the previous method. Multiple options for self-provisioning certificates have been introduced.

    Due to this breaking change, you need to follow specific upgrade instructions, including removing old certificate artifacts and applying the new configuration.

  • As of Docker image release 4.10.7, the Sidecar solution now uses Alpine Linux version 3.20 with NGINX stable version 1.26.1

  • Fixed the syncnode issue Could not update (TypeError): no implicit conversion of nil into String that sometimes appeared when registering a node in Wallarm Cloud using a node token

  • Optimized OpenAPI data type detection by the API Discovery module

4.10.6 (2024-05-22)

  • Enhanced OpenAPI data type detection by the API Discovery module

  • Introduced the wallarm_http_v2_stream_max_len directive to control the maximum length of HTTP/2 streams, helping prevent excessive memory consumption in long-lived gRPC connections

    To apply this directive during Sidecar controller deployment, include it in the per-pod snippets or includes.

  • Resolved a memory leak issue where memory continued to be consumed after an overlimit attack was triggered, even when no further attack checks were conducted

  • Introduced distinct search tags for the account_takeover, scraping, and security_crawlers attack types, improving specificity over the previous general api_abuse tag

4.10.5 (2024-04-30)

  • Fixed the API Abuse Prevention module logging issues

  • Fixed Docker labels

4.10.4 (2024-04-29)

4.10.2 (2024-04-19)

Helm chart for Wallarm eBPF‑based solution

0.10.28 (2024-04-24)

  • Added support for API Specification Enforcement (using the functionality increases CPU consumption normally by about 20%)

  • Added support for GraphQL API Protection

  • Added support for NGINX v1.25.4

  • Required access to the IP addresses below for downloading updates to attack detection rules and API specifications, as well as retrieving precise IPs for your allowlisted, denylisted, or graylisted countries, regions, or data centers

    34.96.64.17
34.110.183.149
35.235.66.155
34.102.90.100
34.94.156.115
35.235.115.105

    34.160.38.183
34.144.227.90
34.90.110.226

0.10.27 (2024-03-29)

  • Fixed incorrect behavior in case of processing/aggregation init container fail

0.10.26 (2024-03-27)

  • Implemented Certificate Authority (CA) verification for traffic from the eBPF agent to the Wallarm processing node

  • Added mutual TLS (mTLS) support, enabling the processing node to authenticate the security of traffic from the eBPF agent

    This is controlled by the config.mutualTLS value in the Helm chart, disabled by default.

  • Upgraded agent dependencies

0.10.25 (2024-03-19)

0.10.23 (2024-03-07)

  • Fixed http2 streams mirroring issues in some cases

  • Internal fixes and stability improvements

0.10.22 (2024-03-01)

NGINX-based Docker image

How to upgrade

4.10.13-1 (2024-10-11)

4.10.9-1 (2024-07-22)

4.10.8-1 (2024-07-12)

4.10.7-1 (2024-07-03)

  • Upgraded the Alpine Linux version used in the Docker image to 3.20, which includes NGINX stable 1.26.1

  • Fixed the syncnode issue Could not update (TypeError): no implicit conversion of nil into String that sometimes appeared when registering a node in Wallarm Cloud using a node token

  • API Specification Enforcement no longer requires manual NGINX configuration changes in server sections

  • Optimized OpenAPI data type detection by the API Discovery module

4.10.6-1 (2024-05-17)

  • Enhanced OpenAPI data type detection by the API Discovery module

  • Introduced the wallarm_http_v2_stream_max_len directive to control the maximum length of HTTP/2 streams, helping prevent excessive memory consumption in long-lived gRPC connections

    To use this variable in a Docker container, specify it in your NGINX configuration file and mount the file into the container.

  • Resolved a memory leak issue where memory continued to be consumed after an overlimit attack was triggered, even when no further attack checks were conducted

  • Include the cpire-runner utility, which facilitates testing of regular expressions intended for user-defined attack detectors

  • Introduced distinct search tags for the account_takeover, scraping, and security_crawlers attack types, improving specificity over the previous general api_abuse tag

4.10.5-1 (2024-04-30)

  • Fixed the API Abuse Prevention module logging issues

4.10.4-1 (2024-04-18)

4.10.2-1 (2024-03-08)

  • Internal improvements for higher reliability and security, including better synchronization between the filtering node and Wallarm Cloud, securing the wallarm user with a non-interactive shell, and other changes that do not affect the usage flow

  • Updated the appstructure package

  • Updated the api-firewall package

  • Fixed the vulnerabilities:

  • Required access to the IP addresses below for downloading updates to attack detection rules and API specifications, as well as retrieving precise IPs for your allowlisted, denylisted, or graylisted countries, regions, or data centers

    34.96.64.17
34.110.183.149
35.235.66.155
34.102.90.100
34.94.156.115
35.235.115.105

    34.160.38.183
34.144.227.90
34.90.110.226

4.10.1-1 (2024-02-21)

4.10.0-1 (2024-02-02)

  • Initial release 4.10, including optimizations, and security enhancements for the Docker image. See changelog

Amazon Machine Image (AMI)

How to upgrade

4.10.13-1 (2024-07-22)

4.10.8-1 (2024-07-12)

4.10.7-1 (2024-07-03)

  • Fixed the syncnode issue Could not update (TypeError): no implicit conversion of nil into String that sometimes appeared when registering a node in Wallarm Cloud using a node token

  • Optimized OpenAPI data type detection by the API Discovery module

4.10.6-1 (2024-05-22)

  • Enhanced OpenAPI data type detection by the API Discovery module

  • Introduced the wallarm_http_v2_stream_max_len directive to control the maximum length of HTTP/2 streams, helping prevent excessive memory consumption in long-lived gRPC connections

  • Resolved a memory leak issue where memory continued to be consumed after an overlimit attack was triggered, even when no further attack checks were conducted

  • Include the cpire-runner utility, which facilitates testing of regular expressions intended for user-defined attack detectors

  • Introduced distinct search tags for the account_takeover, scraping, and security_crawlers attack types, improving specificity over the previous general api_abuse tag

4.10.5-1 (2024-05-16)

  • Fixed the API Abuse Prevention module logging issues

4.10.4-1 (2024-04-19)

4.10.2-2 (2024-03-20)

  • The readahead parameter value for Tarantool has been decreased to 32KB

4.10.2-1 (2024-03-08)

  • Internal improvements for higher reliability and security, including better synchronization between the filtering node and Wallarm Cloud, securing the wallarm user with a non-interactive shell, and other changes that do not affect the usage flow

  • Updated the appstructure package

  • Updated the api-firewall package

  • Fixed the vulnerabilities:

  • Required access to the IP addresses below for downloading updates to attack detection rules and API specifications, as well as retrieving precise IPs for your allowlisted, denylisted, or graylisted countries, regions, or data centers

    34.96.64.17
34.110.183.149
35.235.66.155
34.102.90.100
34.94.156.115
35.235.115.105

    34.160.38.183
34.144.227.90
34.90.110.226

4.10.1-2 (2024-02-21)

4.10.0-1 (2024-02-02)

  • Initial release 4.10, including optimizations for the image. See changelog

Google Cloud Platform Image

How to upgrade

wallarm-node-4-10-20240220-234618

wallarm-node-4-10-20240126-175315 (2024-02-02)

  • Initial release 4.10, including optimizations for the image. See changelog