# 2.8.0 release notes




January 30, 2023

NGINX Instance Manager 2.8.0 release notes
## Upgrade Paths {#2-8-0-upgrade-paths}

NGINX Instance Manager 2.8.0 supports upgrades from these previous versions:

- 2.5.0 - 2.7.0

If your NGINX Instance Manager version is older, you may need to upgrade to an intermediate version before upgrading to the target version.

## What's new {#2-8-0-whats-new}

This release includes the following updates:

- [icon: feature] **Enhanced details page for SSL Certificates**<a name="2-8-0-whats-new-Enhanced-details-page-for-SSL-Certificates-39334"></a>

   The Instance Manager web interface now features an improved details page for SSL Certificates. This page provides important information about the certificate and any associated instances.

- [icon: feature] **Automatic retrieval of Attack Signatures and Threat Campaign updates to Instance Manager**<a name="2-8-0-whats-new-Automatic-retrieval-of-Attack-Signatures-and-Threat-Campaign-updates-to-Instance-Manager-39629"></a>

   Instance Manager now allows you to [set up automatic downloads of the most recent Attack Signature and Threat Campaign packages](/nim/waf-integration/configuration/setup-signatures-and-threats/_index.md). By publishing these updates to your App Protect instances from Instance Manager, you can ensure your applications are shielded from all recognized attack types.

- [icon: feature] **Improved WAF Compiler error messages**<a name="2-8-0-whats-new-Improved-WAF-Compiler-error-messages-39814"></a>

   The messaging around security policy compilation errors has been improved by providing more detailed information and alerting users if the required compiler version is missing.

## Changes in default behavior{#2-8-0-changes-in-behavior}

This release has the following changes in default behavior:

- [icon: feature] **Switching between storing secrets on disk and using Vault migrates secrets**<a name="2-8-0-changes-in-behavior-Switching-between-storing-secrets-on-disk-and-using-Vault-migrates-secrets-37839"></a>

   When transitioning between storing secrets on disk or using HashiCorp Vault, any existing secrets can be easily migrated to the new storage method. For instructions, refer to the guide [Configure Vault for Storing Secrets](/nim/system-configuration/configure-vault.md).

- [icon: feature] **Create roles using either an object name or UID**<a name="2-8-0-changes-in-behavior-Create-roles-using-either-an-object-name-or-UID-39121"></a>

   You can now use either an object name or a unique identifier (UID) when assigning object-level permissions while creating or editing a role via the Instance Manager REST API.

- [icon: feature] **Upgrading from 2.7 or earlier, you must re-enable `precompiled_publication` to continue publishing security policies with Instance Manager**<a name="2-8-0-changes-in-behavior-Upgrading-from-27-or-earlier-you-must-re-enable-precompiled-publication-to-continue-publishing-security-policies-with-Instance-Manager-39614"></a>

   To continue publishing security policies with Instance Manager if you are upgrading from Instance Manager 2.7 and earlier, you must set the  `precompiled_publication` parameter to `true` in the `nginx-agent.conf` file.

   In Instance Manager 2.7 and earlier, the `pre-compiled_publication` setting was set to `true` by default. However, starting with Instance Manager 2.8, this setting is set to `false` by default. This means you will need to change this setting to `true` again when upgrading from earlier versions.

   To publish App Protect policies from Instance Manager, add the following to your `nginx-agent.conf` file:

   ```yaml
       nginx_app_protect:
          precompiled_publication: true
   ```

## Resolved issues {#2-8-0-resolved-issues}

This release fixes the following issues. Use your browser's search function to find the issue ID in the page.

- [icon: resolved] Web interface reports no license found when a license is present (30647)
- [icon: resolved] Associating instances with expired certificates causes internal error (34182)
- [icon: resolved] Publishing to an Instance/instance-group will fail when the configuration references a JSON policy or a JSON log profile  (38357)
- [icon: resolved] Missing dimension data for Advanced Metrics with modules (38634)
- [icon: resolved] Large payloads can result in disk I/O error for database operations (38827)
- [icon: resolved] The Policy API endpoint only allows NGINX App Protect policy upsert with content length upto 3.14MB. (38839)
- [icon: resolved] Deploy NGINX App Protect policy is listed as "Not Deployed" on the Policy Version detail page (38876)
- [icon: resolved] NGINX Management Suite services may lose connection to ClickHouse in a Kubernetes deployment (39285)
- [icon: resolved] NGINX App Protect status may not be displayed after publishing a configuration with a security policy and certificate reference (39382)
- [icon: resolved] Security Policy Snippet selector adds incorrect path reference for policy directive (39492)
- [icon: resolved] "Unpack: parse error" when compiling security update packages on CentOS 7, RHEL 7, and Amazon Linux 2 (39563)
- [icon: resolved] The API Connectivity Manager module won't load if the Security Monitoring module is enabled (39943)
- [icon: resolved] Automatic downloads of attack signatures and threat campaigns are not supported on CentOS 7, RHEL 7, or Amazon Linux 2 (40396)
- [icon: resolved] The API Connectivity Manager module won't load if the Security Monitoring module is enabled (44433)

## Known issues {#2-8-0-known-issues}

You can find information about known issues in the [Known Issues](/nim/releases/known-issues.md) topic.