Hi Community,
Take a look at the latest release notes below, and feel free to share any questions or feedback in the comments!
These release notes provide information on changes and enhancements in each release.
Unless otherwise specified, the changes described here are rolled out throughout the week and may not be immediately available in all accounts.
You can also view the customer-facing release notes online here.
Replacement of the Imperva Data Center in London
We are starting to roll out a new data center (PoP) in London which will replace the current London 1 PoP. The rollout and migration to the new PoP is expected to be fully completed within the next few weeks.
As part of our commitment to building a future-facing network, Imperva is launching our Next Generation Architecture in this new PoP, with improved capacity, connectivity, and services.
The new London (LCY) PoP, located in the Telehouse West data center is the newest addition to our world-wide network of data centers, helping you deliver your applications securely and optimally across the globe
We are dedicated to migrating all customers smoothly to this new PoP. The new PoP will temporarily be labeled London 3 until migration is complete.
Migration notes for Cloud WAF customers:
- For Cloud WAF customers, who are not using Dynamic Content Acceleration, this will be a transparent migration.
- For Cloud WAF customers using Dynamic Content Acceleration, the Origin PoP setting will be automatically migrated.
Migration notes for DDoS Protection for Networks customers:
During this period, Imperva will migrate GRE connections from the LON PoP to the new LCY PoP. During the migration, GRE connections to LON will go down and will be automatically brought back up, fully configured on the LCY PoP.
What you need to do:
- The migration itself does not require any action from you. It will be performed automatically during a maintenance window which will be announced on the Imperva Status Page. In order to prevent service failure during the maintenance activity, you should verify that your protected networks are also advertised to an additional PoP (as communicated during PoP maintenance activities).
- Performance Monitoring enabled: If Performance Monitoring is enabled on the connections, you will notice a change in the IP address of the PM servers that are sending ICMP echo messages. This might require you to modify ACL/firewall configurations to allow ICMP traffic from the new IPs. To learn more, see Configure Performance Monitoring: DDoS Protection for Networks.
For additional details and the full list of PoPs, see:
CDN: Option to hide user position in line in Waiting Rooms
You can now choose to hide the user’s position in the waiting room queue. By default, the position is shown.
Why the change:
This enhancement gives you more control over the waiting room experience by allowing you to decide whether to display or hide queue positions.
Where it’s located: Application > Websites > CDN > Waiting Rooms > Hide Position in Line
This setting can also be configured via API. For details, see Waiting Room API Definition.
API Security: Addition of Current Threshold to BOLA visualization
An indicator of the BOLA policy per-parameter threshold was added to the endpoint detail’s visualization graph. This gives you better context at a glance, to compare the behavior of the detected traffic against your expectations.
Where it's located: Inventory > Discovered APIs > Endpoint detail view > Vulnerabilities and Risks
New version of the Imperva Terraform Provider
Announcing version 3.35.0 of the Imperva Terraform Provider.
For the list of changes included in this version, see changelog.md.
For more details on the Imperva resources, see the Terraform Registry.
Known issues
Attack report delivery issue
We are aware of cases where monthly account attack reports may not be sent.
What this means for you: Imperva’s monthly Attack Reports are sent on the first Monday of each month. If you haven't received your expected monthly report within one day of this scheduled time, the delay may be due to a processing issue on our end rather than an email delivery problem.
What we're doing: We are actively working to improve the reliability of our report generation and delivery process to minimize these occurrences.
What you can do: If you notice that you haven't received your monthly attack report when expected, contact Imperva Support. We will do our best to resolve the issue and generate a new report for you.
DDoS Protection for Networks: Allowlist traffic visibility in historical view
In the November 24, 2024 release, we added the ability to view historical data on allowlist traffic. This traffic was displayed on the Security Dashboard as a separate traffic type called Custom.
An issue with this enhancement was recently identified. Until it is resolved, we are temporarily disabling the Custom traffic type in the historical view. We will update in future release notes when it is fixed and enabled
The Custom traffic type continues to be displayed in the real-time view.
For more details, see:
Recently mitigated CVEs
Imperva Research Labs regularly adds mitigation for new Common Vulnerabilities and Exposures (CVEs).
To view the full list, see
Imperva Cloud WAF Mitigated CVEs. The list is automatically updated when new mitigation is added, displaying the most recently mitigated CVEs first.
#AllImperva#CloudWAF(formerlyIncapsula)#DDoSProtectionforNetworks