Skip to main content
Version: 7.2505.x.x LTS

Release notes

nevisProxy 7.2505.2 LTS2024 - 08.08.2025

Changes and new features

  • UPGRADED: We upgraded to Apache HTTP Server 2.4.65. (NEVISPROXY-7657)
  • UPGRADED: We upgraded to nghttp2 1.66.0. (NEVISPROXY-7626)

Notes

Upgrade to apache httpd/2.4.65

The security issue CVE-2025-23048 fixed with apache httpd 2.4.64 had to be weakened because it would block some requests if using a Kubernetes setup. See also https://bz.apache.org/bugzilla/show_bug.cgi?id=69743

You're concerned if you have configured more than one web application on the same host and port (at least one nameVirtualHost configured in navajo.xml). If you're concerned you can change the configuration as follows:

  • for classic setup, set the apache directive SSLStrictSNIVHostCheck to on to allow only browsers which support SNI.
  • for Kubernetes, usually the Ingress verifies the hosts. For more security and if the Ingress supports it, you can enable SNI on your Ingress and set the apache directive SSLStrictSNIVHostCheck on nevisproxy, to on.

nevisProxy 7.2505.1 LTS2024 - 26.06.2025

Changes and new features

  • UPGRADED: We upgraded to libxml2 2.13.8. (NEVISPROXY-7614)

nevisProxy 7.2505.0 LTS2024 - 21.05.2025

Changes and new features

  • NEW: We added the parameter LoadExternalEntity to the SoapFilter. (NEVISPROXY-7578)
  • FIXED: We fixed a bug where the SynchronizeLoginRequests parameter of the IdentityCreationFilter did not synchronize the certificate based login requests. (NEVISPROXY-7579)
  • FIXED: We fixed multi-value dTB tracing with OpenTelemetry. (NEVISPROXY-7434)
  • CHANGED: The InputValidationFilter's DefaultDecodingRule now supports multiple rules. As a result, the InputValidationFilter is stricter than before. (NEVISPROXY-7568)
  • CHANGED: The number of active WebSocket connections are now regularly traced on INFO level. (NEVISPROXY-7444)
  • UPGRADED: We upgraded to nghttp2 1.65.0. (NEVISPROXY-7535)
  • UPGRADED: We upgraded to ModSecurity 3.0.14. (NEVISPROXY-7530)
  • UPGRADED: We upgraded to the libunblufilter 1.7.7. (NEVISPROXY-7509)
  • UPGRADED: We upgraded to OpenSSL version 3.0.16. (NEVISPROXY-7506)
  • UPGRADED: We upgraded to APR 1.7.5. (NEVISPROXY-7495)
  • UPGRADED: We upgraded Apache HTTP Server to 2.4.63. (NEVISPROXY-7484)
  • UPGRADED: We upgraded mod_qos to 11.76. (NEVISPROXY-7453)
  • UPGRADED: We upgraded to OpenTelemetry 1.18.0. (NEVISPROXY-7383)

Notes

Backward compatibility issues

  • The new parameter LoadExternalEntity of the SoapFilter avoids out-calls to the internet or intranet. If this was wanted, you will have to set this new parameter to true.

SLES15 support

  • This is the last version that supports SLES15/SP3 because SP3's support ends at the end of 2025. Starting from the November release, you have to install at least SP6.

nevisProxy 7.2411.2 LTS2024 - 27.03.2025

Changes and new features

  • FIXED: We added the APACHE_VERSION=2.4.gem environment variable to fix the issue that some signature algorithms didn't work when using the GemEngine with OpenSSL 3.0. (NEVISPROXY-7479)
  • CHANGED: The number of active WebSocket connections are now regularly traced on INFO level. (NEVISPROXY-7444)
  • UPGRADED: We upgraded to nghttp2 1.65.0. (NEVISPROXY-7535)
  • UPGRADED: We upgraded to ModSecurity 3.0.14. (NEVISPROXY-7530)
  • UPGRADED: We upgraded to the libunblufilter 1.7.7. (NEVISPROXY-7509)
  • UPGRADED: We upgraded to OpenSSL version 3.0.16. (NEVISPROXY-7506)
  • UPGRADED: We upgraded to APR 1.7.5. (NEVISPROXY-7495)
  • UPGRADED: We upgraded Apache HTTP Server to 2.4.63. (NEVISPROXY-7484)
  • UPGRADED: We upgraded mod_qos to 11.76. (NEVISPROXY-7453)

Notes

Gemalto Engine Support

Because of the OpenSSL upgrade to version 3.0 some signature algorithms using the Gemalto engine didn't work any more. To fix this, add this line in the env.conf file:

 APACHE_VERSION=2.4.gem

nevisProxy 7.2411.1 LTS2024 - 30.01.2025

Changes and new features

  • FIXED: We added the property 'ch.nevis.bc.net.AllowResponseWithoutContentLengthNorChunk' to fix the handling of responses without Content-Length or Transfer-Encoding headers. (NEVISPROXY-7473)
  • FIXED: We fixed multi-value dTB tracing with OpenTelemetry. (NEVISPROXY-7434)
  • FIXED: We fixed a possible dead-lock in the MySQLSessionStoreServlet, and we added the error code 2014 to the default ConnectionErrorCodes. (NEVISPROXY-7431)
  • UPGRADED: We upgraded to OpenTelemetry 1.18.0. (NEVISPROXY-7383)

nevisProxy 7.2411.0 LTS2024 - 20.11.2024

Changes and new features

  • NEW: We added the parameter Sampler to the OpenTelemetry tracing. (NEVISPROXY-7243)
  • FIXED: We fixed the possible ModSecurityFilter segmentation fault when DelegateFromTx parameter was configured. (NEVISPROXY-7362)
  • FIXED: We fixed the issue where the ErrorFilter did only replace placeholders for text/* Content-Types when the Resource was a Servlet. See the new parameter PlaceHolders.ContentTypes.. (NEVISPROXY-7313)
  • FIXED: We fixed the error which may have occurred if a ModSecurityFilter was mapped before an ICAPFilter. (NEVISPROXY-7170)
  • FIXED: We fixed a possible memory leak if SSLCheckPeerHostname.AllowWildcards was set to true in the HttpsConnectorServlet. (NEVISPROXY-7162)
  • FIXED: We fixed the issue that op tracing wasn't working anymore in some nevis components. This issue has been introduced in version 7.2405.2.0. (NEVISPROXY-7341)
  • CHANGED: We added experimental support for client certificates with HTTP/2 frontend connections. (NEVISPROXY-7160)
  • CHANGED: We improved the nevisproxy version written in telemetry reports. (NEVISPROXY-7129)
  • UPGRADED: We upgraded to nghttp2 1.64.0. (NEVISPROXY-7353)
  • UPGRADED: We upgraded to OpenTelemetry 1.16.1. (NEVISPROXY-7238)
  • UPGRADED: We upgraded to nghttp2 1.62.1. (NEVISPROXY-7156)
  • UPGRADED: We upgraded to Lua 5.4.6. (NEVISPROXY-7147)
  • UPGRADED: We upgraded to mod_qos 11.75. (NEVISPROXY-6705)
  • DOCUMENTATION: We improved the documentation for Securosys integration. (NEVISPROXY-7277)

Notes

SLES15 support

nevisProxy 7.2405.2 LTS2024 - 27.09.2024

Changes and new features

  • NEW: The OpenTelemetry traces now contain the dt and cR values. (NEVISPROXY-7259)
  • NEW: We added the parameter Sampler to the OpenTelemetry tracing. (NEVISPROXY-7243)
  • FIXED: We fixed the bug where a race condition followed by a NullPointerException was triggered when using the MultiLevelSessionStoreServlet and a custom based SessionManagementFilter. (NEVISPROXY-7307)
  • FIXED: We fixed the issue where the ErrorFilter did only replace placeholders for text/* Content-Types when the Resource was a Servlet. See the new parameter PlaceHolders.ContentTypes. (NEVISPROXY-7313)
  • FIXED: We fixed the issue where Events and Logout-Cookies were not visible in LuaFilters for logout requests. (NEVISPROXY-7282)
  • UPGRADED: We upgraded to OpenSSL version 3.0.15. (NEVISPROXY-7310)
  • UPGRADED: We upgraded nghttp2 to version 1.63.0. (NEVISPROXY-7297)
  • UPGRADED: We upgraded to Apache HTTP Server to v2.4.62. (NEVISPROXY-7247)
  • UPGRADED: We upgraded the OpenTelemetry library to version 1.16.1. (NEVISPROXY-7238)
  • UPGRADED: We upgraded ModSecurity to version 3.0.13. (NEVISPROXY-7009)
  • DOCUMENTATION: We improved the documentation of the H2 tag in navajo.xml. (NEVISPROXY-7232)

nevisProxy 7.2405.1 LTS2024 - 25.07.2024

Changes and new features

  • FIXED: We fixed the error which may have occurred if a ModSecurityFilter was mapped before an ICAPFilter. (NEVISPROXY-7170)
  • FIXED: We fixed a possible memory leak if SSLCheckPeerHostname.AllowWildcards was set to true in the HttpsConnectorServlet. (NEVISPROXY-7162)
  • CHANGED: We improved the startup time of nevisProxy. (NEVISPROXY-7228)
  • CHANGED: We improved the MultiLevelSessionStoreServlet for parallel login requests. (NEVISPROXY-7207)
  • CHANGED: We added experimental support for client certificates with HTTP/2 frontend connections. (NEVISPROXY-7160)
  • CHANGED: We improved the nevisproxy version written in telemetry reports. (NEVISPROXY-7129)
  • UPGRADED: We upgraded to Apache HTTP Server version 2.4.61. (NEVISPROXY-7220)
  • UPGRADED: We upgraded to OpenSSL 3.0.14. (NEVISPROXY-7188)
  • UPGRADED: We upgraded nghttp2 to version 1.62.1. (NEVISPROXY-7156)
  • UPGRADED: We upgraded to Lua 5.4.6. (NEVISPROXY-7147)
  • UPGRADED: We upgraded to mod_qos v11.75. (NEVISPROXY-6705)

nevisProxy 7.2405.0 LTS2024 - 15.05.2024

Changes and new features

  • NEW: We added the parameter CaptureResponseHeaders to the OpenTelemetry trace configuration. (NEVISPROXY-7055)
  • NEW: We added the parameter CaptureRequestHeaders to the OpenTelemetry trace configuration. (NEVISPROXY-7045)
  • NEW: We added the parameter ResourceServiceName to the OpenTelemetry configuration. (NEVISPROXY-6964)
  • NEW: We added the parameter EnableMetrics to the Http[s]ConnectorServlet, Esauth4ConnectorServlet and WebSocketServlet. (NEVISPROXY-6949)
  • FIXED: We trace now the correct SHA256 hashed and base64 encoded cookie value in NProxyOp. (NEVISPROXY-6989)
  • UPGRADED: We upgraded zlib to 1.2.13. (NEVISPROXY-7121)
  • UPGRADED: We upgraded nghttp2 to 1.61.0. (NEVISPROXY-7075)
  • UPGRADED: We upgraded to Apache httpd/2.4.59. (NEVISPROXY-6880)
  • REMOVED: We removed the deprecated TelemetryFilter. (NEVISPROXY-6955)
  • DOCUMENTATION: We added the migration guide for LTS21 to LTS24. (NEVISPROXY-6999)

Notes

  • The upgraded Apache version httpd/2.4.59 also contains the fix for the DH certificate bug.