Incompatible changes
Incompatible changes impact existing functionality and may affect your migration from a previous release. Before you upgrade, review these lists and make the appropriate changes to your scripts and plugins.
Changes in Web Agent 2025.3
Content Security Policy header - frame-ancestors
By default, the Content Security Policy (CSP) frame-ancestors
directive is set to self
,
which only allows the site hosting the agent to embed pages in iframes.
If you use iframes with another source, you’ll need to set the new properties appropriately.
Learn more in Content Security Policy - frame-ancestors
.
Agent authentication to Advanced Identity Cloud and AM
The default fallback mode setting (0
) for
AM_AGENT_AUTH_MODE and
Agent Authentication Mode has been removed.
The default setting is now 1
meaning the agent always authenticates using the Agent
journey.
If the Agent
journey doesn’t exist, you should create it. Learn more in
Authenticate agents to the identity provider.
Changes in Web Agent 2024.3
NGINX binaries renamed
The operating system name in the downloadable NGINX binaries has been replaced with
Linux
. A single build is now suitable for all NGINX versions and operating
systems.
-
Example formats for previous release:
web-agent-2023.11-NGINX_r30_Rhel7_64bit.zip
web-agent-2023.11-NGINX_r30_Rhel8_64bit.zip
web-agent-2023.11-NGINX_r30_Rhel9_64bit.zip
web-agent-2023.11-NGINX_r30_Ubuntu20_64bit.zip
web-agent-2023.11-NGINX_r30_Ubuntu22_64bit.zip
-
Example format for this release:
web-agent-2024.3-NGINX_r30_Linux_64bit.zip
AES-256-GCM encryption
Because of the changes in Hardened security of agent secrets, drop-in software update to this release isn’t possible. Upgrade to this release from an earlier release is a major upgrade. Learn more in Upgrade.
Changes in Web Agent 2023.11
There are no incompatible changes in this release or any of its maintenance releases.
Changes in Web Agent 2023.6
Management of agent credentials
An encryption key in agent.conf
is used to decrypt credentials for the
following properties:
-
Agent Profile Password
-
Private Key Password
-
Proxy Server Password
When decryption failed in previous releases, sometimes the agent attempted to use the encrypted form of the password. From this release, the agent does not attempt to use the encrypted form of the password.
Changes in Web Agent 2023.3
Changes in Web Agent 5.10
Regular expression pattern matching is platform-dependent
IIS agents use Windows libraries and ECMAScript-compatible regular expressions. Adapt the regular expression settings for IIS agents to account for this change.
Fragment redirect
From Web Agent 5.8.1, when
Enable Fragment Redirect
is true
, the agent redirects the user back to the original resource using an
absolute URL. In previous Web Agent 5 versions, the agent redirects the user
using a relative URI.
Proxy rules that rely on fragment redirect to a relative URI, now result in a
redirect to a full URL. For example a redirect to /a/b#c
results in the final URL
prot://host:port/a/b#c
.
Ordered rules that rely on matching a plain URL followed by fully qualified alternatives can result in the fully qualified alternatives matching first.