# 2.8.0 release notes January 30, 2023 NGINX Instance Manager 2.8.0 release notes ## Upgrade Paths {#2-8-0-upgrade-paths} NGINX Instance Manager 2.8.0 supports upgrades from these previous versions: - 2.5.0 - 2.7.0 If your NGINX Instance Manager version is older, you may need to upgrade to an intermediate version before upgrading to the target version. ## What's new {#2-8-0-whats-new} This release includes the following updates: - [icon: feature] **Enhanced details page for SSL Certificates** The Instance Manager web interface now features an improved details page for SSL Certificates. This page provides important information about the certificate and any associated instances. - [icon: feature] **Automatic retrieval of Attack Signatures and Threat Campaign updates to Instance Manager** Instance Manager now allows you to [set up automatic downloads of the most recent Attack Signature and Threat Campaign packages](/nim/waf-integration/configuration/setup-signatures-and-threats/_index.md). By publishing these updates to your App Protect instances from Instance Manager, you can ensure your applications are shielded from all recognized attack types. - [icon: feature] **Improved WAF Compiler error messages** The messaging around security policy compilation errors has been improved by providing more detailed information and alerting users if the required compiler version is missing. ## Changes in default behavior{#2-8-0-changes-in-behavior} This release has the following changes in default behavior: - [icon: feature] **Switching between storing secrets on disk and using Vault migrates secrets** When transitioning between storing secrets on disk or using HashiCorp Vault, any existing secrets can be easily migrated to the new storage method. For instructions, refer to the guide [Configure Vault for Storing Secrets](/nim/system-configuration/configure-vault.md). - [icon: feature] **Create roles using either an object name or UID** You can now use either an object name or a unique identifier (UID) when assigning object-level permissions while creating or editing a role via the Instance Manager REST API. - [icon: feature] **Upgrading from 2.7 or earlier, you must re-enable `precompiled_publication` to continue publishing security policies with Instance Manager** To continue publishing security policies with Instance Manager if you are upgrading from Instance Manager 2.7 and earlier, you must set the `precompiled_publication` parameter to `true` in the `nginx-agent.conf` file. In Instance Manager 2.7 and earlier, the `pre-compiled_publication` setting was set to `true` by default. However, starting with Instance Manager 2.8, this setting is set to `false` by default. This means you will need to change this setting to `true` again when upgrading from earlier versions. To publish App Protect policies from Instance Manager, add the following to your `nginx-agent.conf` file: ```yaml nginx_app_protect: precompiled_publication: true ``` ## Resolved issues {#2-8-0-resolved-issues} This release fixes the following issues. Use your browser's search function to find the issue ID in the page. - [icon: resolved] Web interface reports no license found when a license is present (30647) - [icon: resolved] Associating instances with expired certificates causes internal error (34182) - [icon: resolved] Publishing to an Instance/instance-group will fail when the configuration references a JSON policy or a JSON log profile (38357) - [icon: resolved] Missing dimension data for Advanced Metrics with modules (38634) - [icon: resolved] Large payloads can result in disk I/O error for database operations (38827) - [icon: resolved] The Policy API endpoint only allows NGINX App Protect policy upsert with content length upto 3.14MB. (38839) - [icon: resolved] Deploy NGINX App Protect policy is listed as "Not Deployed" on the Policy Version detail page (38876) - [icon: resolved] NGINX Management Suite services may lose connection to ClickHouse in a Kubernetes deployment (39285) - [icon: resolved] NGINX App Protect status may not be displayed after publishing a configuration with a security policy and certificate reference (39382) - [icon: resolved] Security Policy Snippet selector adds incorrect path reference for policy directive (39492) - [icon: resolved] "Unpack: parse error" when compiling security update packages on CentOS 7, RHEL 7, and Amazon Linux 2 (39563) - [icon: resolved] The API Connectivity Manager module won't load if the Security Monitoring module is enabled (39943) - [icon: resolved] Automatic downloads of attack signatures and threat campaigns are not supported on CentOS 7, RHEL 7, or Amazon Linux 2 (40396) - [icon: resolved] The API Connectivity Manager module won't load if the Security Monitoring module is enabled (44433) ## Known issues {#2-8-0-known-issues} You can find information about known issues in the [Known Issues](/nim/releases/known-issues.md) topic.