Add changelog for F5 WAF for NGINX 5.12.0

content/includes/waf/policy.html

@@ -3722,8 +3722,8 @@ <h2 id="policy/override-rules">override-rules</h2>
 <td></td>
 </tr>
 <tr class="even">
-<td><code>override</code></td>
-<td>string</td>
+<td><a href="#policy/override-rules/override">override</a></td>
+<td>object</td>
 <td>The overriding security policy definition.</td>
 <td></td>
 </tr>
@@ -3735,6 +3735,25 @@ <h2 id="policy/override-rules">override-rules</h2>
 </tr>
 </tbody>
 </table>
+<h3 id="policy/override-rules/override">override</h3>
+<table>
+<colgroup>
+<col style="width: 29%" />
+<col style="width: 5%" />
+<col style="width: 47%" />
+<col style="width: 17%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th>Field Name</th>
+<th>Type</th>
+<th>Description</th>
+<th>Allowed Values</th>
+</tr>
+</thead>
+<tbody>
+</tbody>
+</table>
 <h3 id="policy/override-rules/violation">violation</h3>
 <table>
 <colgroup>

content/waf/changelog/_index.md

@@ -11,6 +11,42 @@ This changelog lists all of the information for F5 WAF for NGINX releases in 202
 
 For older releases, check the changelogs for previous years: [2025]({{< ref "/waf/changelog/2025.md" >}}), [2024]({{< ref "/waf/changelog/2024.md" >}}), [2023]({{< ref "/waf/changelog/2023.md" >}}).
 
+
+## F5 WAF for NGINX 5.12
+
+Released _March 23th, 2026_.
+
+### New features
+
+- Added support for RHEL 10
+
+### Resolved issues
+
+- 13383 - gRPC disable signatures and meta chars scan on byte fields
+- 13952 - The ip-address-lists feature doesn't work when processed by the express compiler
+- 13845 - Fix perl toolchain inclusions for RHEL 8+
+- 13466 - Make SOCK_RCV_BUF_SIZE_MAX_SIZE configurable
+- 13948 - Discrepancy in schema generation for dynamic object fields that are stored as JSON
+
+### Packages
+
+{{< table >}}
+
+| Distribution name        | NGINX Open Source (5.12)                                           |  NGINX Plus (5.12)                                              | NGINX Plus (5.12)                                |
+| ------------------------ | ----------------------------------------------------------------- | -------------------------------------------------------------- |----------------------------------------------------|
+| Alpine 3.22              | _app-protect-module-oss-1.29.3+5.607.0-r1.apk_                    | _app-protect-module-plus-36+5.607.0-r1.apk_                    | _app-protect-36.5.607.0-r1.apk_                    |
+| Amazon Linux 2023        | _app-protect-module-oss-1.29.3+5.607.0-1.amzn2023.ngx.x86_64.rpm_ | _app-protect-module-plus-36+5.607.0-1.amzn2023.ngx.x86_64.rpm_ | _app-protect-36+5.607.0-1.amzn2023.ngx.x86_64.rpm_ |
+| Debian 11                | _app-protect-module-oss_1.29.3+5.607.0-1\~bullseye_amd64.deb_     | _app-protect-module-plus_36+5.607.0--1\~bullseye_amd64.deb_    | _app-protect_36+5.607.0-1\~bullseye_amd64.deb_     |
+| Debian 12                | _app-protect-module-oss_1.29.3+5.607.0-1\~bookworm_amd64.deb_     | _app-protect-module-plus_36+5.607.0--1\~bookworm_amd64.deb_    | _app-protect_36+5.607.0-1\~bookworm_amd64.deb_     |
+| Oracle Linux 8           | _app-protect-module-oss-1.29.3+5.607.0-1.el8.ngx.x86_64.rpm_      | _app-protect-module-plus-36+5.607.0-1.el8.ngx.x86_64.rpm_      | _app-protect-36+5.607.0-1.el8.ngx.x86_64.rpm_      |
+| Ubuntu 22.04             | _app-protect-module-oss_1.29.3+5.607.0-1\~jammy_amd64.deb_        | _app-protect-module-plus_36+5.607.0--1\~jammy_amd64.deb_       | _app-protect_36+5.607.0-1\~jammy_amd64.deb_        |
+| Ubuntu 24.04             | _app-protect-module-oss_1.29.3+5.607.0-1\~noble_amd64.deb_        | _app-protect-module-plus_36+5.607.0--1\~noble_amd64.deb_       | _app-protect_36+5.607.0-1\~noble_amd64.deb_        |
+| RHEL 8 and Rocky Linux 8 | _app-protect-module-oss-1.29.3+5.607.0-1.el8.ngx.x86_64.rpm_      | _app-protect-module-plus-36+5.607.0-1.el8.ngx.x86_64.rpm_      | _app-protect-36+5.607.0-1.el8.ngx.x86_64.rpm_      |
+| RHEL 9 and Rocky Linux 9 | _app-protect-module-oss-1.29.3+5.607.0-1.el9.ngx.x86_64.rpm_      | _app-protect-module-plus-36+5.607.0-1.el9.ngx.x86_64.rpm_      | _app-protect-36+5.607.0-1.el9.ngx.x86_64.rpm_      |
+| RHEL 10                  | _app-protect-module-oss-1.29.3+5.607.0-1.el10.ngx.x86_64.rpm_      | _app-protect-module-plus-36+5.607.0-1.el10.ngx.x86_64.rpm_      | _app-protect-36+5.607.0-1.el10.ngx.x86_64.rpm_      |
+
+{{< /table >}}
+
 ## F5 WAF for NGINX 5.11.2
 
 Released _February 13th, 2026_.
@@ -76,3 +112,4 @@ Released _January 13th, 2026_.
 | RHEL 9 and Rocky Linux 9 | _app-protect-module-oss-1.29.3+5.575.0-1.el9.ngx.x86_64.rpm_      | _app-protect-module-plus-36+5.575.0-1.el9.ngx.x86_64.rpm_      | _app-protect-36+5.575.0-1.el9.ngx.x86_64.rpm_      |
 
 {{< /table >}}
+

content/waf/fundamentals/technical-specifications.md

@@ -30,7 +30,7 @@ You can deploy F5 WAF for NGINX in the following environments:
 | Amazon Linux       | 2023         |
 | Debian             | 11, 12       |
 | Oracle Linux       | 8            |
-| RHEL / Rocky Linux | 8, 9         |
+| RHEL / Rocky Linux | 8, 9, 10     |
 | Ubuntu             | 22.04, 24.04 |
 
 For release-specific packages, view the [Changelog]({{< ref "/waf/changelog.md" >}}).

content/waf/install/disconnected-environment.md

@@ -157,7 +157,7 @@ See the section for your operating system below:
 1. Add the F5 WAF for NGINX repository:
 
    ```shell
-   sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/app-protect-rhel8.repo
+   sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/app-protect-8.repo
    ```
 
 1. Install the `yum-utils` package if not already installed:
@@ -195,7 +195,7 @@ See the section for your operating system below:
 1. Add the F5 WAF for NGINX repository:
 
    ```shell
-   sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/app-protect-rhel9.repo
+   sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/app-protect-9.repo
    ```
 
 1. Install the `yum-utils` package if not already installed:
@@ -228,6 +228,44 @@ See the section for your operating system below:
    app-protect-threat-campaigns
    ```
 
+#### RHEL 10
+
+1. Add the F5 WAF for NGINX repository:
+
+   ```shell
+   sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/app-protect-10.repo
+   ```
+
+1. Install the `yum-utils` package if not already installed:
+
+   ```shell
+   sudo dnf install yum-utils
+   ```
+
+1. Enable codeready-builder repository through subscription manager:
+
+   ```shell
+   subscription-manager repos --enable codeready-builder-for-rhel-10-x86_64-rpms
+   ```
+
+1. Download the `epel-release` dependency package if not already installed:
+
+   ```shell
+   rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-10.noarch.rpm
+   ```
+
+1. Create a directory for packages and download app-protect:
+
+   ```shell
+   mkdir -p /offline/packages
+
+   sudo yum install --downloadonly --downloaddir=/offline/packages \
+   app-protect \
+   app-protect-attack-signatures \
+   app-protect-bot-signatures \
+   app-protect-threat-campaigns
+   ```
+
 #### Ubuntu
 
 1. Install required packages:

content/waf/install/docker.md

@@ -834,7 +834,7 @@ Create a file for the F5 WAF for NGINX repository:
 ```shell
 [app-protect-x-oss]
 name=nginx-app-protect repo
-baseurl=https://pkgs.nginx.com/app-protect-x-oss/centos/7/$basearch/
+baseurl=https://pkgs.nginx.com/app-protect-x-oss/centos/9/$basearch/
 sslclientcert=/etc/ssl/nginx/nginx-repo.crt
 sslclientkey=/etc/ssl/nginx/nginx-repo.key
 gpgcheck=0
@@ -844,7 +844,7 @@ enabled=1
 Install the F5 WAF for NGINX package and its dependencies:
 
 ```shell
-sudo yum install app-protect-module-oss
+sudo dnf install app-protect-module-oss
 ```
 
 {{% /tab %}}
@@ -858,7 +858,61 @@ Create a file for the F5 WAF for NGINX repository:
 ```shell
 [app-protect-x-plus]
 name=nginx-app-protect repo
-baseurl=https://pkgs.nginx.com/app-protect-x-plus/centos/8/$basearch/
+baseurl=https://pkgs.nginx.com/app-protect-x-plus/centos/9/$basearch/
+sslclientcert=/etc/ssl/nginx/nginx-repo.crt
+sslclientkey=/etc/ssl/nginx/nginx-repo.key
+gpgcheck=0
+enabled=1
+```
+
+Install the F5 WAF for NGINX package and its dependencies:
+
+```shell
+sudo dnf install app-protect-module-plus
+```
+
+{{% /tab %}}
+
+{{< /tabs >}}
+
+#### RHEL 10
+
+{{< tabs name="rhel-hybrid-instructions" >}}
+
+{{% tab name="NGINX Open Source" %}}
+
+Create a file for the F5 WAF for NGINX repository:
+
+`/etc/yum.repos.d/app-protect-x-oss.repo`
+
+```shell
+[app-protect-x-oss]
+name=nginx-app-protect repo
+baseurl=https://pkgs.nginx.com/app-protect-x-oss/centos/10/$basearch/
+sslclientcert=/etc/ssl/nginx/nginx-repo.crt
+sslclientkey=/etc/ssl/nginx/nginx-repo.key
+gpgcheck=0
+enabled=1
+```
+
+Install the F5 WAF for NGINX package and its dependencies:
+
+```shell
+sudo dnf install app-protect-module-oss
+```
+
+{{% /tab %}}
+
+{{% tab name="NGINX Plus" %}}
+
+Create a file for the F5 WAF for NGINX repository:
+
+`/etc/yum.repos.d/app-protect-x-plus.repo`
+
+```shell
+[app-protect-x-plus]
+name=nginx-app-protect repo
+baseurl=https://pkgs.nginx.com/app-protect-x-plus/centos/10/$basearch/
 sslclientcert=/etc/ssl/nginx/nginx-repo.crt
 sslclientkey=/etc/ssl/nginx/nginx-repo.key
 gpgcheck=0

content/waf/install/virtual-environment.md

@@ -229,6 +229,26 @@ Install the F5 WAF for NGINX package and its dependencies:
 sudo dnf install app-protect
 ```
 
+### RHEL 10
+
+Add the F5 WAF for NGINX repository:
+
+```shell
+sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/app-protect-10.repo
+```
+
+Add F5 WAF for NGINX dependencies:
+
+```shell
+sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/dependencies.repo
+```
+
+Install the F5 WAF for NGINX package and its dependencies:
+
+```shell
+sudo dnf install app-protect
+```
+
 {{< details summary="Installing a specific version of F5 WAF for NGINX" >}}
 
 If you need to install a specific version of F5 WAF for NGINX, you can use `--showduplicates list` to list available versions, then append it to the package name:

content/waf/policies/ip-intelligence.md

@@ -57,6 +57,7 @@ Review the [virtual machine installation instructions]({{< ref "/waf/install/vir
 | Oracle Linux / RHEL / Rocky Linux 8 | _app-protect-ip-intelligence_ |
 | Ubuntu                              | _app-protect-ip-intelligence_ |
 | RHEL / Rocky Linux 9                | _app-protect-ip-intelligence_ |
+| RHEL 10                             | _app-protect-ip-intelligence_ |
 
 After installing the package, run the client:
 

data/nap-waf/schema/policy.json

@@ -3055,7 +3055,7 @@
                            },
                            "override" : {
                               "description" : "The overriding security policy definition.",
-                              "type" : "string"
+                              "type" : "object"
                            },
                            "violation" : {
                               "description" : "Contains the details of the raised VIOL_RULE violation.\nMandatory if action-type is violation.",