We advise users to run or update to the most recent release of the Ansible NGINX App Protect role. Older versions of this role may not have all enhancements and/or bug fixes applied to them.

This codebase mainly consists of an Ansible role, sprinkled with a dose of GitHub actions for CI/CD. Ansible applies security fixes to the most recent three releases. Please find more information in the Ansible docs.

If you find a security vulnerability that affects Ansible directly, we encourage you to report it according to the Ansible guidelines.

If you find a security vulnerability that affects the codebase, we encourage you to report it to the F5 Security Incident Response Team (F5 SIRT):

• If you’re an F5 customer with an active support contract, please contact F5 Technical Support.
• If you aren’t an F5 customer, please report any potential or current instances of security vulnerabilities to the F5 SIRT at F5SIRT@f5.com.

For more information visit https://www.f5.com/services/support/report-a-vulnerability