Hi Community,
Check out latest release notes below and feel free to ask any questions or make any comments in the comment section below!
These release notes provide information on changes and enhancements in each release.
Unless otherwise specified, the changes described here are rolled out throughout the week and may not be immediately available in all accounts.
You can also view the customer-facing release notes online here.
Heads up - Advanced Bot Protection: Deprecation of Internet Explorer support
Effective date: December 20, 2025
This serves as a 90-day notice. To ensure optimal performance and security, Advanced Bot Protection will no longer support Internet Explorer, effective December 20, 2025. This change allows us to align with modern web standards and focus on providing improved performance on supported browsers.
What you need to do:
To avoid degradation in your site user experience, please notify and transition your visitors to a modern, supported browser before the deprecation date, if you haven’t already done so.
Quick reminder: Microsoft ended support for Internet Explorer for supported consumer versions of Windows on January 10, 2023.
Heads up - Advanced Bot Protection: Deprecation of allowlisted traffic in SIEM logs
Effective date: December 20, 2025
Starting December 20, 2025, the allow directive traffic from Advanced Bot Protection (ABP) policies will no longer be included in the ABP SIEM log traffic feed.
This change ensures that only actionable security events, such as blocked or suspicious requests, are sent to your SIEM.
Benefits:
- Reduced SIEM log size: Excluding allow directive traffic decreases overall SIEM log volume, helping reduce storage costs and improve log processing efficiency.
- Improved log relevance: Your SIEM feed will focus on meaningful security events, helping security teams identify and respond to threats more effectively.
If you foresee any issues with this upcoming change, please contact Imperva Support.
Announcing Elastic WAF version 2.1.0
We’re excited to announce the release of Elastic WAF 2.1.0, a major milestone that empowers security and DevOps teams with greater flexibility, speed, and integration capabilities.
Elastic WAF 2.1.0 delivers increased control, improved security enforcement, and streamlined operations across hybrid, containerized, and on-premises environments. This version includes expanded gateway compatibility, stronger policy management, and enhanced observability to support modern application security needs at scale.
Elastic WAF is a local Kubernetes-based solution that provide instant, automatic protection without any specific per-app setup. It works across any cloud or CDN, combining centralized SaaS management with local enforcement for better control and compliance.
By moving security closer to your applications, it offers real-time protection in hybrid environments, enabling faster DevOps workflows and stronger security.
For full details on the new version, see What’s New in Version 2.1.0.
New audit events for site certificate lifecycle
Five new audit events have been added to the Audit Trail to give you greater transparency into the lifecycle of your Imperva-managed site certificates:
- Domain validated for site certificate – Logged when domain ownership is successfully validated for a site certificate.
- Site certificate issued – Logged when a new site certificate is issued.
- Site certificate renewal started – Logged when the renewal process for a site certificate begins.
- SAN coverage lost on site certificate renewal – Logged when a Subject Alternative Name (SAN) is no longer covered during the renewal process.
- Site certificate renewal ended – Logged when the renewal process for a site certificate is complete.
Why the change:
To give you clear, trackable records of important SSL/TLS certificate events, helping you monitor certificate health and respond promptly to changes that may affect SSL coverage.
Where it's located:
You can view these audit events in the Audit Trail in the Cloud Security Console, under Account Management. To learn more, see Audit Trail.
You can also integrate the Audit Trail with your SIEM for centralized monitoring. For details, see Audit Trail SIEM Log Integration.
Known issues
Attack report delivery issue
We are aware of cases where monthly account attack reports may not be sent.
What this means for you: Imperva’s monthly Attack Reports are sent on the first Monday of each month. If you haven't received your expected monthly report within one day of this scheduled time, the delay may be due to a processing issue on our end rather than an email delivery problem.
What we're doing: We are actively working to improve the reliability of our report generation and delivery process to minimize these occurrences.
What you can do: If you notice that you haven't received your monthly attack report when expected, contact Imperva Support. We will do our best to resolve the issue and generate a new report for you.
DDoS Protection for Networks: Allowlist traffic visibility in historical view
In the November 24, 2024 release, we added the ability to view historical data on allowlist traffic. This traffic was displayed on the Security Dashboard as a separate traffic type called Custom.
An issue with this enhancement was recently identified. Until it is resolved, we are temporarily disabling the Custom traffic type in the historical view. We will update in future release notes when it is fixed and enabled.
The Custom traffic type continues to be displayed in the real-time view.
For more details, see:
Recently mitigated CVEs
Imperva Research Labs regularly adds mitigation for new Common Vulnerabilities and Exposures (CVEs).
CVE mitigation added this week:
- CVE-2025-57819
- CVE-2025-5086
To view the full list, see Imperva Cloud WAF Mitigated CVEs. The list is automatically updated when new mitigation is added, displaying the most recently mitigated CVEs first.
#AdvancedBotProtection#AllImperva#DDoSProtectionforNetworks