# 2.22.0 release notes
April 28, 2026
NGINX Instance Manager 2.22.0 release notes
## Upgrade Paths {#2-22-0-upgrade-paths}
NGINX Instance Manager 2.22.0 supports upgrades from these previous versions:
- 2.19.0 - 2.21.1
If your NGINX Instance Manager version is older, you may need to upgrade to an intermediate version before upgrading to the target version.
## What's new {#2-22-0-whats-new}
This release includes the following updates:
- [icon: feature] **Use the default SCC on OpenShift**
Starting in v2.22.0, NGINX Instance Manager Helm deployments on OpenShift use the cluster's default Security Context Constraint (SCC) when you set `openshift.enabled: true`. NGINX Instance Manager no longer requires a custom SCC with fixed UIDs (1000 and 101). This simplifies installation and improves OpenShift compatibility. For details, see [Appendix: OpenShift security constraints](/nim/deploy/kubernetes/deploy-using-helm.md#appendix-openshift-security-constraints).
- [icon: feature] **New licensing flow sends raw usage data; JWT license no longer required**
NGINX Instance Manager now sends raw usage data to the new licensing endpoint instead of aggregated data to the legacy endpoint. A JWT license is no longer required, and disconnected environments no longer need to upload usage report acknowledgements.
For more information, see [Add a license (connected)](/nim/licensing-and-reporting/add-license-connected-deployment.md) and [Add a license (disconnected)](/nim/licensing-and-reporting/add-license-disconnected-deployment.md).
- [icon: feature] **Log profiles section added to the NGINX Instance Manager UI**
NGINX Instance Manager now includes a Log Profiles section in the UI, where you can view, manage, configure, compile, and download log profiles. The section includes form-based and JSON-based editors, similar to the WAF Policies section.
- [icon: feature] **Custom TLS certificates now supported through Vault and external service certificates**
NGINX Instance Manager now supports custom TLS certificates for its API Gateway and externally provided internal service certificates. The Helm chart supports both the existing default certificate flow and a new external certificates flow for pre-existing per-service secrets.
For more information, see [Use external TLS certificates](/nim/deploy/kubernetes/configure-external-certs.md).
## Changes in default behavior{#2-22-0-changes-in-behavior}
This release has the following changes in default behavior:
- [icon: feature] **Saving a modified WAF policy now always creates a new version**
NGINX Instance Manager now creates a new version each time a modified WAF policy is saved, even if the current version isn't deployed. Previously, a new version was created only for deployed policy versions.
- The `PUT` endpoint for updating WAF policies is deprecated.
- Submit WAF policy changes through `POST` requests.
- [icon: feature] **Usage reporting and the NGINX Usage page have changed in version 2.22**
The new licensing endpoint is: `https://product.connect.nginx.com/api/nginx-usage/batch`
- In connected environments that restrict outbound access, add the new licensing endpoint to your allowlist.
- In disconnected mode, use the new bash script to process the larger download file.
- The NGINX Usage page no longer shows hourly aggregated data. It now shows usage reporting details such as instance and cluster IDs and last reported times.
For more information, see [Report usage data to F5 (connected)](/nim/licensing-and-reporting/report-usage-connected-deployment.md) and [Report usage data to F5 (disconnected)](/nim/licensing-and-reporting/report-usage-disconnected-deployment.md).
## Known issues {#2-22-0-known-issues}
You can find information about known issues in the [Known Issues](/nim/releases/known-issues.md) topic.