# 2.22.0 release notes April 28, 2026 NGINX Instance Manager 2.22.0 release notes ## Upgrade Paths {#2-22-0-upgrade-paths} NGINX Instance Manager 2.22.0 supports upgrades from these previous versions: - 2.19.0 - 2.21.1 If your NGINX Instance Manager version is older, you may need to upgrade to an intermediate version before upgrading to the target version. ## What's new {#2-22-0-whats-new} This release includes the following updates: - [icon: feature] **Use the default SCC on OpenShift** Starting in v2.22.0, NGINX Instance Manager Helm deployments on OpenShift use the cluster's default Security Context Constraint (SCC) when you set `openshift.enabled: true`. NGINX Instance Manager no longer requires a custom SCC with fixed UIDs (1000 and 101). This simplifies installation and improves OpenShift compatibility. For details, see [Appendix: OpenShift security constraints](/nim/deploy/kubernetes/deploy-using-helm.md#appendix-openshift-security-constraints). - [icon: feature] **New licensing flow sends raw usage data; JWT license no longer required** NGINX Instance Manager now sends raw usage data to the new licensing endpoint instead of aggregated data to the legacy endpoint. A JWT license is no longer required, and disconnected environments no longer need to upload usage report acknowledgements. For more information, see [Add a license (connected)](/nim/licensing-and-reporting/add-license-connected-deployment.md) and [Add a license (disconnected)](/nim/licensing-and-reporting/add-license-disconnected-deployment.md). - [icon: feature] **Log profiles section added to the NGINX Instance Manager UI** NGINX Instance Manager now includes a Log Profiles section in the UI, where you can view, manage, configure, compile, and download log profiles. The section includes form-based and JSON-based editors, similar to the WAF Policies section. - [icon: feature] **Custom TLS certificates now supported through Vault and external service certificates** NGINX Instance Manager now supports custom TLS certificates for its API Gateway and externally provided internal service certificates. The Helm chart supports both the existing default certificate flow and a new external certificates flow for pre-existing per-service secrets. For more information, see [Use external TLS certificates](/nim/deploy/kubernetes/configure-external-certs.md). ## Changes in default behavior{#2-22-0-changes-in-behavior} This release has the following changes in default behavior: - [icon: feature] **Saving a modified WAF policy now always creates a new version** NGINX Instance Manager now creates a new version each time a modified WAF policy is saved, even if the current version isn't deployed. Previously, a new version was created only for deployed policy versions. - The `PUT` endpoint for updating WAF policies is deprecated. - Submit WAF policy changes through `POST` requests. - [icon: feature] **Usage reporting and the NGINX Usage page have changed in version 2.22** The new licensing endpoint is: `https://product.connect.nginx.com/api/nginx-usage/batch` - In connected environments that restrict outbound access, add the new licensing endpoint to your allowlist. - In disconnected mode, use the new bash script to process the larger download file. - The NGINX Usage page no longer shows hourly aggregated data. It now shows usage reporting details such as instance and cluster IDs and last reported times. For more information, see [Report usage data to F5 (connected)](/nim/licensing-and-reporting/report-usage-connected-deployment.md) and [Report usage data to F5 (disconnected)](/nim/licensing-and-reporting/report-usage-disconnected-deployment.md). ## Known issues {#2-22-0-known-issues} You can find information about known issues in the [Known Issues](/nim/releases/known-issues.md) topic.