Our release notes provide information on changes and enhancements in each release.

Note: Unless otherwise specified, the changes described here are rolled out throughout the week and may not be immediately available in all accounts.

In this release:

Heads Up: New Imperva IP addresses

New IPv4 address space is being added to support our growing network footprint. The new address range is 131.125.128.0/17 (131.125.128.1-131.125.255.254). These new addresses may be deployed in an Imperva PoP any time beginning October 1, 2023.

What does this mean for you?

  • If you use an allowlist, firewall, or ACL to limit direct access to your origin server, you must update your allowlist to permit the new /17 before October 1st. If you don't permit the new IPs, you may experience a site outage after that date, as any Imperva devices using the new IP space will be unable to access your server.

  • If you do not restrict access to your origin server by source IP, your origin is not protected and is subject to DDoS and other attacks. We strongly recommend that you restrict access from non-Imperva IP addresses.

For more details, see Allowlisting Imperva IP addresses & Setting IP restriction rules. The full, updated list of Imperva IP addresses is available on this page.

You can also retrieve the full list of Imperva IP addresses by executing the following API call: https://my.imperva.com/api/integration/v1/ips

Heads Up: Deprecation of API authentication using query parameters

In September 2020, we introduced support for API authentication using request headers instead of sending them as query parameters.

For backward compatibility, we continued support for sending the authentication parameters in the query string as well.

What’s changing: On April 7, 2024, support for API authentication by sending the API Key and API ID as query parameters will be discontinued. At that point, API calls using the authentication query parameters will no longer work.

For more details on API authentication, see Authentication.

Heads Up: End of support for legacy SSO

In February 2023, for enhanced security, we introduced an upgrade to our SSO mechanism. Imperva SSO enables your users to log in to the Cloud Security Console using your organization’s SSO.

If you were already using our SSO integration, you were required to update your Imperva account’s SSO configuration.

What’s changing: As of January 1, 2024, we will no longer support our current user management platform, and any SSO login request will fail.

If you have not yet done so, we encourage you to upgrade to the new SSO mechanism at your earliest convenience.

For instructions, see the Upgrade section here: Single Sign-On (SSO).

Recently mitigated CVEs

Mitigation for new Common Vulnerabilities and Exposures (CVEs) is added weekly by Imperva Research Labs.

To view the latest CVEs for which coverage was added, see Recently Mitigated CVEs.

 

 

More about the release notes

  • Tip: Open the latest release notes directly from the Cloud Security Console's Help menu.

  • Subscribe: Choose one of these options to subscribe to updates about weekly releases: