---
title: New in Web Agent 2023.x
description: Web Agent 2023.11.3 is a maintenance release that introduces security enhancements and fixes.
component: web-agents
version: release-notes
page_id: web-agents::whats-new-2023
canonical_url: https://docs.pingidentity.com/web-agents/release-notes/whats-new-2023.html
section_ids:
  web_agent_2023_11_x: Web Agent 2023.11.x
  whats-new-2023.11.3: Web Agent 2023.11.3
  whats-new-2023.11.2: Web Agent 2023.11.2
  request-handling-2023112: Request handling
  tls13-security-protocol-2023112: TLSv1.3 security protocol
  whats-new-2023.11.1: Web Agent 2023.11.1
  whats-new-2023.11: Web Agent 2023.11
  hardened_security_of_agent_responses_with_javascript: Hardened security of agent responses with JavaScript
  deployment_with_docker: Deployment with Docker
  whats-new-2023.9: Web Agent 2023.9
  supported_platforms: Supported platforms
  whats-new-2023.6: Web Agent 2023.6
  use_apache_web_agent_with_apache_directives: Use Apache Web Agent with Apache directives
  authentication_of_web_agent_to_pingone_advanced_identity_cloud_and_am: Authentication of Web Agent to PingOne Advanced Identity Cloud and AM
  management_of_agent_credentials: Management of agent credentials
  nginx_plus_r29: NGINX Plus R29
  whats-new-2023.3: Web Agent 2023.3
  remove_http_server_header_in_iis: Remove HTTP Server header in IIS
  limit_the_number_of_stored_log_files: Limit the number of stored log files
  suse_linux_enterprise: SUSE Linux Enterprise
  log_agent_errors_in_the_apache_log_system: Log agent errors in the Apache log system
---

# New in Web Agent 2023.x

## Web Agent 2023.11.x

### Web Agent 2023.11.3

Web Agent 2023.11.3 is a maintenance release that introduces security enhancements and fixes.

### Web Agent 2023.11.2

Web Agent 2023.11.2 is a maintenance release that introduces security enhancements and fixes.

#### Request handling

We've made changes to the Web Agent to improve the security of handling requests from upstream Java servers.

The agent now rejects unsafe uses of path parameters with an `HTTP 400` in the following scenarios:

* The request contains one or more `%2F` or `%2f` (encoded forward slash) characters in the path parameters.

* The request contains one or more `%5C` or `%5c` (encoded backslash) characters in the path parameters on a Windows server.

* The request includes empty path segments or dot path segments with path parameters. Some example unsafe uses include:

  * `/;/`

  * `/..;`

  * `/.;`

  * `/..;parameter/`

  Legitimate uses of `;` as a path parameter are still permitted. For example, the agent won't reject this request with the `jessionid` parameter: `/segment1/segment2/;jsessionid=1234`

|   |                                                                                                                |
| - | -------------------------------------------------------------------------------------------------------------- |
|   | Path parameters (also known as matrix parameters) are used by J2EE and Spring-based Java servers in URL paths. |

Learn more in [Path traversal attempts](https://docs.pingidentity.com/web-agents/2023.11/security-guide/threats.html#path-traversal-attempts).

#### TLSv1.3 security protocol

The TLS 1.3 security protocol can now be disabled for OpenSSL if required by adding `-TLSv1.3` to the [Security Protocol List](https://docs.pingidentity.com/web-agents/2023.11/properties-reference/org.forgerock.agents.config.tls.html).

### Web Agent 2023.11.1

Web Agent 2023.11.1 is a maintenance release. It contains no new features.

### Web Agent 2023.11

Web Agent 2023.11 is a minor release that introduces new features, functional enhancements, and fixes.

#### Hardened security of agent responses with JavaScript

All agent responses that contain JavaScript are now protected by a [Content-Security-Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) header.

Examples of responses protected by this change include:

* HTML forms returned by the agent during POST data preservation

* Preserved browser fragments returned by the agent during authentication

#### Deployment with Docker

A Dockerfile is now provided to deploy Apache Web Agent to extend and protect an application. For more information, refer to [Deploy Web Agent with Docker](https://docs.pingidentity.com/web-agents/2023.11/installation-guide/docker.html).

## Web Agent 2023.9

Web Agent 2023.9 is a minor release that introduces new features, functional enhancements, and fixes.

### Supported platforms

Web Agent 2023.9 supports the following additional platforms:

* IBM HTTP Server 8.5 for Linux

* Red Hat JBoss Core Services for Red Hat Enterprise Linux

* NGINX Plus R30

For more information, refer to [Supported operating systems and web servers Web Agent 2023.9](requirements.html#supported_operating_systems_and_web_servers_projectname_2023_9).

## Web Agent 2023.6

Web Agent 2023.6 is a minor release that introduces new features, functional enhancements, and fixes.

### Use Apache Web Agent with Apache directives

Apache Web Agent can now be configured with the following Apache directives, globally or independently for different server locations:

* `AmAgent` to switch the agent on or off

* `AmAuthProvider` to use Apache as the policy enforcement point

For more information, refer to *Configure Apache Web Agent*.

### Authentication of Web Agent to PingOne Advanced Identity Cloud and AM

Web Agent agents are automatically authenticated to PingOne Advanced Identity Cloud and AM by a non-configurable authentication module. Authentication chains and modules are deprecated and replaced by nodes, trees, and journeys.

You can now authenticate Web Agent to PingOne Advanced Identity Cloud and AM 7.3 with a journey. The procedure is currently optional, but will be required when authentication chains and modules are removed in a future release.

For more information, refer to *Authenticate agents to PingOne Advanced Identity Cloud* and *Authenticate agents to AM*.

### Management of agent credentials

An encryption key in `agent.conf` is used to decrypt credentials for the agent profile, the SSL certificate, and the HTTP proxy. By default, the agent caches the encryption key. A new property `Disable Caching of Agent Profile Password Encryption Key` is available to disable caching and require the agent to securely wipe the encryption key after it is read.

Use the `agentadmin --V` command to verify that the agent can decrypt the credentials correctly.

### NGINX Plus R29

The NGINX Plus R29 platform is available in this release.

## Web Agent 2023.3

Web Agent 2023.3 is a major release that introduces new features, functional enhancements, and fixes.

### Remove HTTP Server header in IIS

In IIS, the agent can now remove the `Server` header from all responses. To enable the feature, set the `Remove IIS HTTP Server Header` property to `true`.

### Limit the number of stored log files

To help manage the amount of stored data, the new property `Maximum Number of Debug Log Files` is now available to limit the number of rotated log files that the agent stores.

### SUSE Linux Enterprise

Apache Web Agent now supports SUSE Linux Enterprise 15.

### Log agent errors in the Apache log system

In Apache Web Agent, it is now possible to cause the agent error logs to appear in the Apache log system. For more information, refer to *Configure error logs*.