Release notes
nevisProxy 7.2505.2 LTS2024 - 08.08.2025
Changes and new features
- UPGRADED: We upgraded to Apache HTTP Server 2.4.65. (NEVISPROXY-7657)
- UPGRADED: We upgraded to nghttp2 1.66.0. (NEVISPROXY-7626)
Notes
Upgrade to apache httpd/2.4.65
The security issue CVE-2025-23048 fixed with apache httpd 2.4.64 had to be weakened because it would block some requests if using a Kubernetes setup. See also https://bz.apache.org/bugzilla/show_bug.cgi?id=69743
You're concerned if you have configured more than one web application on the same host and port (at least one nameVirtualHost
configured in navajo.xml). If you're concerned you can change the configuration as follows:
- for classic setup, set the apache directive SSLStrictSNIVHostCheck to
on
to allow only browsers which support SNI. - for Kubernetes, usually the Ingress verifies the hosts. For more security and if the Ingress supports it, you can enable SNI on your Ingress and set the apache directive SSLStrictSNIVHostCheck on nevisproxy, to
on
.
nevisProxy 7.2505.1 LTS2024 - 26.06.2025
Changes and new features
- UPGRADED: We upgraded to libxml2 2.13.8. (NEVISPROXY-7614)
nevisProxy 7.2505.0 LTS2024 - 21.05.2025
Changes and new features
- NEW: We added the parameter LoadExternalEntity to the SoapFilter. (NEVISPROXY-7578)
- FIXED: We fixed a bug where the SynchronizeLoginRequests parameter of the IdentityCreationFilter did not synchronize the certificate based login requests. (NEVISPROXY-7579)
- FIXED: We fixed multi-value dTB tracing with OpenTelemetry. (NEVISPROXY-7434)
- CHANGED: The InputValidationFilter's DefaultDecodingRule now supports multiple rules. As a result, the InputValidationFilter is stricter than before. (NEVISPROXY-7568)
- CHANGED: The number of active WebSocket connections are now regularly traced on INFO level. (NEVISPROXY-7444)
- UPGRADED: We upgraded to nghttp2 1.65.0. (NEVISPROXY-7535)
- UPGRADED: We upgraded to ModSecurity 3.0.14. (NEVISPROXY-7530)
- UPGRADED: We upgraded to the libunblufilter 1.7.7. (NEVISPROXY-7509)
- UPGRADED: We upgraded to OpenSSL version 3.0.16. (NEVISPROXY-7506)
- UPGRADED: We upgraded to APR 1.7.5. (NEVISPROXY-7495)
- UPGRADED: We upgraded Apache HTTP Server to 2.4.63. (NEVISPROXY-7484)
- UPGRADED: We upgraded mod_qos to 11.76. (NEVISPROXY-7453)
- UPGRADED: We upgraded to OpenTelemetry 1.18.0. (NEVISPROXY-7383)
Notes
Backward compatibility issues
- The new parameter
LoadExternalEntity
of theSoapFilter
avoids out-calls to the internet or intranet. If this was wanted, you will have to set this new parameter totrue
.
SLES15 support
- This is the last version that supports SLES15/SP3 because SP3's support ends at the end of 2025. Starting from the November release, you have to install at least SP6.
nevisProxy 7.2411.2 LTS2024 - 27.03.2025
Changes and new features
- FIXED: We added the APACHE_VERSION=2.4.gem environment variable to fix the issue that some signature algorithms didn't work when using the GemEngine with OpenSSL 3.0. (NEVISPROXY-7479)
- CHANGED: The number of active WebSocket connections are now regularly traced on INFO level. (NEVISPROXY-7444)
- UPGRADED: We upgraded to nghttp2 1.65.0. (NEVISPROXY-7535)
- UPGRADED: We upgraded to ModSecurity 3.0.14. (NEVISPROXY-7530)
- UPGRADED: We upgraded to the libunblufilter 1.7.7. (NEVISPROXY-7509)
- UPGRADED: We upgraded to OpenSSL version 3.0.16. (NEVISPROXY-7506)
- UPGRADED: We upgraded to APR 1.7.5. (NEVISPROXY-7495)
- UPGRADED: We upgraded Apache HTTP Server to 2.4.63. (NEVISPROXY-7484)
- UPGRADED: We upgraded mod_qos to 11.76. (NEVISPROXY-7453)
Notes
Gemalto Engine Support
Because of the OpenSSL upgrade to version 3.0 some signature algorithms using the Gemalto engine didn't work any more. To fix this, add this line in the env.conf file:
APACHE_VERSION=2.4.gem
nevisProxy 7.2411.1 LTS2024 - 30.01.2025
Changes and new features
- FIXED: We added the property 'ch.nevis.bc.net.AllowResponseWithoutContentLengthNorChunk' to fix the handling of responses without Content-Length or Transfer-Encoding headers. (NEVISPROXY-7473)
- FIXED: We fixed multi-value dTB tracing with OpenTelemetry. (NEVISPROXY-7434)
- FIXED: We fixed a possible dead-lock in the MySQLSessionStoreServlet, and we added the error code 2014 to the default
ConnectionErrorCodes
. (NEVISPROXY-7431) - UPGRADED: We upgraded to OpenTelemetry 1.18.0. (NEVISPROXY-7383)
nevisProxy 7.2411.0 LTS2024 - 20.11.2024
Changes and new features
- NEW: We added the parameter
Sampler
to the OpenTelemetry tracing. (NEVISPROXY-7243) - FIXED: We fixed the possible ModSecurityFilter segmentation fault when DelegateFromTx parameter was configured. (NEVISPROXY-7362)
- FIXED: We fixed the issue where the ErrorFilter did only replace placeholders for
text/*
Content-Types when the Resource was a Servlet. See the new parameterPlaceHolders.ContentTypes
.. (NEVISPROXY-7313) - FIXED: We fixed the error which may have occurred if a ModSecurityFilter was mapped before an ICAPFilter. (NEVISPROXY-7170)
- FIXED: We fixed a possible memory leak if
SSLCheckPeerHostname.AllowWildcards
was set totrue
in the HttpsConnectorServlet. (NEVISPROXY-7162) - FIXED: We fixed the issue that op tracing wasn't working anymore in some nevis components. This issue has been introduced in version 7.2405.2.0. (NEVISPROXY-7341)
- CHANGED: We added experimental support for client certificates with HTTP/2 frontend connections. (NEVISPROXY-7160)
- CHANGED: We improved the nevisproxy version written in telemetry reports. (NEVISPROXY-7129)
- UPGRADED: We upgraded to nghttp2 1.64.0. (NEVISPROXY-7353)
- UPGRADED: We upgraded to OpenTelemetry 1.16.1. (NEVISPROXY-7238)
- UPGRADED: We upgraded to nghttp2 1.62.1. (NEVISPROXY-7156)
- UPGRADED: We upgraded to Lua 5.4.6. (NEVISPROXY-7147)
- UPGRADED: We upgraded to mod_qos 11.75. (NEVISPROXY-6705)
- DOCUMENTATION: We improved the documentation for Securosys integration. (NEVISPROXY-7277)
Notes
SLES15 support
- Support for SLES15 SP3 ends in December 2025 (see: https://www.suse.com/lifecycle/#suse-linux-enterprise-server-15). We recommend to upgrade to the latest service pack (SP) as soon as possible. Starting from the November 2025 LTS24 release, we will only support SP6 or higher. Currently we support SP3 or higher.
nevisProxy 7.2405.2 LTS2024 - 27.09.2024
Changes and new features
- NEW: The OpenTelemetry traces now contain the
dt
andcR
values. (NEVISPROXY-7259) - NEW: We added the parameter
Sampler
to the OpenTelemetry tracing. (NEVISPROXY-7243) - FIXED: We fixed the bug where a race condition followed by a NullPointerException was triggered when using the MultiLevelSessionStoreServlet and a custom based SessionManagementFilter. (NEVISPROXY-7307)
- FIXED: We fixed the issue where the ErrorFilter did only replace placeholders for
text/*
Content-Types when the Resource was a Servlet. See the new parameterPlaceHolders.ContentTypes
. (NEVISPROXY-7313) - FIXED: We fixed the issue where Events and Logout-Cookies were not visible in LuaFilters for logout requests. (NEVISPROXY-7282)
- UPGRADED: We upgraded to OpenSSL version 3.0.15. (NEVISPROXY-7310)
- UPGRADED: We upgraded nghttp2 to version 1.63.0. (NEVISPROXY-7297)
- UPGRADED: We upgraded to Apache HTTP Server to v2.4.62. (NEVISPROXY-7247)
- UPGRADED: We upgraded the OpenTelemetry library to version 1.16.1. (NEVISPROXY-7238)
- UPGRADED: We upgraded ModSecurity to version 3.0.13. (NEVISPROXY-7009)
- DOCUMENTATION: We improved the documentation of the
H2
tag in navajo.xml. (NEVISPROXY-7232)
nevisProxy 7.2405.1 LTS2024 - 25.07.2024
Changes and new features
- FIXED: We fixed the error which may have occurred if a ModSecurityFilter was mapped before an ICAPFilter. (NEVISPROXY-7170)
- FIXED: We fixed a possible memory leak if
SSLCheckPeerHostname.AllowWildcards
was set totrue
in the HttpsConnectorServlet. (NEVISPROXY-7162) - CHANGED: We improved the startup time of nevisProxy. (NEVISPROXY-7228)
- CHANGED: We improved the MultiLevelSessionStoreServlet for parallel login requests. (NEVISPROXY-7207)
- CHANGED: We added experimental support for client certificates with HTTP/2 frontend connections. (NEVISPROXY-7160)
- CHANGED: We improved the nevisproxy version written in telemetry reports. (NEVISPROXY-7129)
- UPGRADED: We upgraded to Apache HTTP Server version 2.4.61. (NEVISPROXY-7220)
- UPGRADED: We upgraded to OpenSSL 3.0.14. (NEVISPROXY-7188)
- UPGRADED: We upgraded nghttp2 to version 1.62.1. (NEVISPROXY-7156)
- UPGRADED: We upgraded to Lua 5.4.6. (NEVISPROXY-7147)
- UPGRADED: We upgraded to mod_qos v11.75. (NEVISPROXY-6705)
nevisProxy 7.2405.0 LTS2024 - 15.05.2024
Changes and new features
- NEW: We added the parameter
CaptureResponseHeaders
to the OpenTelemetry trace configuration. (NEVISPROXY-7055) - NEW: We added the parameter
CaptureRequestHeaders
to the OpenTelemetry trace configuration. (NEVISPROXY-7045) - NEW: We added the parameter
ResourceServiceName
to the OpenTelemetry configuration. (NEVISPROXY-6964) - NEW: We added the parameter EnableMetrics to the Http[s]ConnectorServlet, Esauth4ConnectorServlet and WebSocketServlet. (NEVISPROXY-6949)
- FIXED: We trace now the correct SHA256 hashed and base64 encoded cookie value in NProxyOp. (NEVISPROXY-6989)
- UPGRADED: We upgraded zlib to 1.2.13. (NEVISPROXY-7121)
- UPGRADED: We upgraded nghttp2 to 1.61.0. (NEVISPROXY-7075)
- UPGRADED: We upgraded to Apache httpd/2.4.59. (NEVISPROXY-6880)
- REMOVED: We removed the deprecated TelemetryFilter. (NEVISPROXY-6955)
- DOCUMENTATION: We added the migration guide for LTS21 to LTS24. (NEVISPROXY-6999)
Notes
- The upgraded Apache version httpd/2.4.59 also contains the fix for the DH certificate bug.