Our release notes provide information on changes and enhancements in each release.

Note: Unless otherwise specified, the changes described here are rolled out throughout the week and may not be immediately available in all accounts.

In this release:

Heads up: Deprecation of v1 APIs for custom certificate upload

To align with industry standards for RESTful APIs, the following v1 API endpoints documented here will be deprecated on November 3, 2024.

  • POST /api/prov/v1/sites/customCertificate/upload
  • POST /api/prov/v1/sites/customCertificate/remove

The functionality is already available using the PUT and DELETE methods with the improved, more reliable v2 /sites/{extSiteId}/customCertificate endpoint. For details, see Cloud WAF v2 API Definition.

Continued support: The v1 APIs will remain in the Deprecated status until further notice. They will be available for use, but we will no longer provide support for them and new bugs will not be fixed.

Action required: If you are using the v1 APIs to manage your custom certificates, we encourage you to start using the new v2 APIs at your earliest convenience.

Heads up: Deprecation of v1 log integration APIs

On November 3, 2024 the following v1 SIEM log integration API endpoints documented here will be deprecated:

  • /api/prov/v1/accounts/setDefaultSiemStorage
  • /api/prov/v1/accounts/setAmazonSiemStorage
  • /api/prov/v1/accounts/setSftpSiemStorage
  • /api/logscollector/change/status
  • /api/logscollector/upload/publickey
  • /api/prov/v1/waf-log-setup/change/status
  • /api/prov/v1/accounts/testS3Connection
  • /api/prov/v1/accounts/testSftpConnection
  • /api/prov/v1/waf-log-setup/activate (will no longer be required)

On or before that date, the v3 SIEM Log Configuration API Definition used for the Near Real-Time SIEM Log Integration will support all the functionality of the legacy APIs that are planned for deprecation. The Near Real-Time SIEM Log integration provides a significantly faster and more reliable service.

Deprecated APIs are supported for six months from the deprecation date. For more details, see API Lifecycle & Deprecation Policy for SaaS.

Introducing managed site certificates

You can now onboard a new website with a dedicated SSL certificate provided by Imperva.

Maintaining SSL/TLS certificates requires constant vigilance and expertise. With the addition of managed site certificates, Imperva now offers a service that makes certificate management even easier, taking the burden of certificate management off your shoulders.

Benefits of a managed site certificate

  • Dedicated certificate per site: A dedicated certificate lowers the exposure of your other domains through the certificate, as compared to the managed account-level certificate. While account certificates offer full certificate management, they are shared, supporting many domains/SANs across different sites. The use of dedicated site certificates removes dependencies and complexities during certificate renewal, thereby significantly elevating the reliability of your sites and certificates.
  • Automated certificate renewal and domain validation: As with the managed account certificate, Imperva handles the maintenance and renewal process, saving you time and resources. When you enable the automatic domain validation feature for a domain, Imperva automatically validates domain ownership for subdomains that are subsequently onboarded. (If you are not using the CNAME validation method, you may be required to revalidate ownership of the domain during renewal.)
  • Industry compliance: Imperva actively monitors and responds to shifts in the certificate landscape to ensure your site remains compliant and secure.
  • Visibility: Gain full visibility into the status of all your certificates directly from the Cloud Security Console, including upcoming expirations, renewal status, and notification of potential issues

Limitations

  • Site certificates are currently available for newly created sites only. Moving forward, Imperva will support the migration of existing sites that are using custom certificates, or managed account certificates provided by Imperva.

  • Creating new sites with a managed site certificate is currently available using the Imperva API, with Terraform support coming soon. UI support is planned for the future.

For full details on onboarding a site with a dedicated site certificate, see Imperva Site Certificates.

SIEM: New v3 connection test endpoint

Use the new connection test API to check that Imperva can access your destination log storage location.

Endpoint: /v3/connections/test-connection

For full details, see the SIEM Log Configuration API Definition.

This endpoint is supported by the Near Real-Time SIEM log integration service, replacing the legacy v1 endpoints which are scheduled for deprecation in November 2024. (As described in the "heads up" release note above)

API Security: Delete and rediscover endpoints

We've made it easier to maintain a tidy, up-to-date API inventory with the ability to delete and rediscover endpoints. There are several options for deleting and rediscovering endpoints.

  • Deleting an endpoint enables you to remove unnecessary endpoints, for example, ones used for testing.

  • For existing endpoints, rediscovery enables you to update endpoint data without having to re-upload the API specification file.

Where it's located

  • To delete or rediscover a subset of endpoints, go to Application > API Security > Inventory. Select one or more endpoints to delete or rediscover.

  • To rediscover all endpoints for a site, go to Application > API Security > Settings.

Recently mitigated CVEs

Mitigation for new Common Vulnerabilities and Exposures (CVEs) is added weekly by Imperva Research Labs.

To view the latest CVEs for which coverage was added, see Recently Mitigated CVEs.

 

 

More about the release notes

  • Tip: Open the latest release notes directly from the Cloud Security Console's Help menu.

  • Subscribe: Choose one of these options to subscribe to updates about weekly releases: