Our release notes provide information on changes and enhancements in each release.

Note: Unless otherwise specified, the changes described here are rolled out throughout the week and may not be immediately available in all accounts.

In this release:

Limited validity period for CSR files

As announced in the September 1, 2024 Release Notes, the validity of Certificate Signing Request (CSR) files are now limited to 3 months to further enhance security and comply with PCI requirements. Once the CSR has expired, you cannot upload custom certificates generated via this CSR, and must generate a new CSR file.

  • This change applies to any new CSR file that is generated after September 1, 2024. The expiration date is listed in the Audit Trail New CSR generated event when the CSR is generated.

  • Heads up: Existing CSR files in our system that were generated before September 1st will be valid until December 31, 2024. After that date, you will not be able to upload custom certificates using a CSR generated before September 1st, and you will need to generate a new CSR file.

Generating a CSR file is the first step if you choose to upload a custom certificate to Imperva without providing a private key. For details, see Upload a Certificate without a Private Key.

Client classification: New client type for AI bots

After detecting a minor issue in this feature and temporarily disabling it, the issue has been fixed and the functionality restored.

A new AIBot client application type has been added to Imperva's client classification system.

A client application will be classified as an AI bot if we have identified it as a bot used by generative AI for LLM (large language model) training.

What changed:

  • Existing AI bot client applications have been reclassified from the Crawler client type to the new AIBot client type, including: ChatGPT, ClaudeBot, Perplexity AI, Google Gemini, Apple Bot, ByteSpider Bot, Cohere AI, Timpi Bot, CCBot, and ImagesiftBot.

    Note: If you currently have a custom rule that filters by the Crawler type and would like to preserve the same behavior, duplicate the rule using the new type, such as ClientType == AIBot or ClientType != AIBot

  • If additional AI bots are added to the client application list in the future, they will automatically be assigned to the AIBot client type.

  • Events that occur after this change will be listed on the Security Events page with the new client type.

Note: The client type categorization is owned by Imperva and subject to change in the future without advance notice.

Where it’s located: When creating custom rules, you can filter for the AIBot client type on the Rules page. (Application > Websites > Security > Rules.)

For more details, see:

DNS: Dashboard updates

The following changes were made in the DNS dashboard. These enhancements provide you with a higher level of granularity, and enhanced performance for a better user experience and faster loading times.

  • Data resolution: Dashboard data is available at a maximum resolution of 15 seconds (compared to 1 minute previously) for time period selections of up to 1 hour. Peak values are now calculated on the basis of this 15 second data resolution.

  • Attack data: The DDoS Threshold configured for the zone and the Attack Start RPS value were added to the statistics provided for attacked DNS zones.

Where it’s located: On the DNS Dashboard (Network > DNS > Dashboard).

For more details, see DNS Protection Dashboard.

Recently mitigated CVEs

Mitigation for new Common Vulnerabilities and Exposures (CVEs) is added weekly by Imperva Research Labs.

To view the latest CVEs for which coverage was added, see Recently Mitigated CVEs.

 

 

More about the release notes

  • Tip: Open the latest release notes directly from the Cloud Security Console's Help menu.

  • Subscribe: Choose one of these options to subscribe to updates about weekly releases: