Kubernetes WAF Version 1.7.1
This version includes the following modifications:
Signature Update
Protection from Log4J CVE based attacks.Bug Fixes
Custom rules bug fix. Minor fix in GUI to show Signature pattern and Expression details in Security Events.Image Vulnerabilities
Log4j CVE fixes in Elasticsearch and Logstash as per https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476. Vulnerability scanners may flag the images as vulnerable as they do not detect the mitigation but only the existence of log4j version.KWAF Image vulnerabilities fixes.