The 8.3 version of the Cequence Unified API Protection (UAP) platform was released January 17, 2026. This release delivers critical bug fixes and enhancements that improve data export functionality, enhance security, and improve the user experience. Key updates include resolution of the Bot Detection Events data export issue, support for HTML response templates in mitigation policies, enhanced filter capabilities in the Detection Event Stream, and SHA-256 hashing support.
Enhanced mitigation response templates
The Cequence UAP platform now supports HTML response templates for Block and Rate Limit actions. You can create customizable HTML templates to replace simple response reasons, and use new CRUD APIs to create, update, and manage policy response templates. The platform automatically detects the defender version (5.8.0 or later) to enable template support.
Improved data export capabilities
A critical issue where the Mitigator Action filter in Bot Detection Events did not export data has been resolved. Enhanced filter functionality now supports multiple query operations, including equals, does not equal, match any, and excludes.
Detection Event Stream filter enhancement
The Detection Event Stream filtering experience now includes a dropdown menu for values and expanded query support. You can filter mitigation actions using equals, not-equals, and matches-any operations.
Security hardening
Multiple security vulnerabilities have been addressed, including Sentinel vulnerabilities for version 8.3, Kafka Connect Azure Blob Sink crashes caused by a missing Netty HTTP/2 dependency, and server information exposure in HTTP response headers.
AI Gateway system pivots
New system pivots and conditional aggregates enable you to use AI Gateway header fields (mcp-session-id cookie and x-agent-user header) to support AI Gateway product capabilities.
SHA-256 support
File hashing now supports both MD5 and SHA-256 algorithms for improved security and compatibility with new defender versions. The platform provides conditional ETag header support based on hash type.
Resolved issues
8.3.1
CEQASP-10716 Configuration export improved to handle large datasets without memory exhaustion
CEQASP-10703 Configuration import preserves WAF policy placement in the correct tab
CEQASP-10696 Create and update SDE buttons removed from field names modal
CEQASP-10665 App tags attach correctly to published endpoints
8.3.0
CEQASP-10647: Data export for Mitigator Action in Bot Detection Events now works correctly when selected in Event Criteria.
CEQASP-10547: Kafka Connect Azure Blob Sink no longer crashes due to missing Netty HTTP/2 dependency.
CEQASP-10493: API Generate Preview API calls no longer fail due to empty request or response body keys.
CEQASP-10482: Hidden Rule 13 no longer appears in the UI during Elasticsearch or Kafka reloading states.
CEQASP-10349: Import failures due to Advanced Options (Query Params, request or response headers) in Traffic Filters have been resolved.
CEQASP-10247: Risk Category and Risk Contributor filters now automatically apply when navigating to the Transaction screen from the Risk or Transactions tab of the API Endpoint details modal.
CEQASP-10096: The equals operator now functions correctly in UAP 8.1.3.
CEQASP-9980: The custom date selection popup no longer loses focus and vanishes when auto-refresh is enabled on the Detection page.
CEQASP-9610: Rule Conditions can now be configured in Threat Protection > Fraud Detection Rules.
CEQASP-4151: The UI now correctly consumes the isSSL field from the /smtp API, and the SSL checkbox state displays correctly after save.
Breaking changes
Policy API Schema Change: The policy actions configuration includes a new template boolean field. When set to true, the action_response_reason field contains the response template ID instead of the response text. This change affects custom policy creation and update workflows and requires Defender version 5.8.0 or later.
Mitigator API Version Dependency: The /api/v5/mitigator/data endpoint returns template-enabled policies only for defender versions 5.8.0 and later. Older defender versions do not receive HTML template configurations.
Component Updates
This table lists the necessary updates you must perform before upgrading your Cequence UAP platform instance to the 8.3 release. Note: These components are part of the underlying Kubernetes infrastructure and are primarily relevant for on-premises deployments:
| Component | Version | Requirement |
| Strimzi | 0.44 | Strimzi is the Kafka operator that manages Apache Kafka clusters on Kubernetes. Update Strimzi and its credentials before upgrading UAP to ensure proper message streaming functionality. |
| Keycloak | 24.0.5 | Keycloak is the identity and access management system that handles user authentication and authorization. |
| Airflow | 1.15.0 | Apache Airflow is a workflow orchestration platform used for scheduling and monitoring data pipelines in UAP. Uninstall Airflow before upgrading and reinstall it after the upgrade is complete to avoid compatibility issues. |
Keycloak Update
When you update the Cequence UAP platform to release 7.7.2 and later, make the following changes in the keycloak/values.yaml file to ensure the correct theme version is deployed:
keycloakTheme:
image:
tag: 8.1.0Compatibility Matrix
The Cequence UAP platform release 8.3 requires the following minimum versions of other Cequence components to ensure proper integration and functionality:
| Component | Version |
| Cequence Defender | 5.7 + |
| Cequence Bridge | 5.7 + |
| Cequence Sensor | 4.1 + |
On-Premises Deployments
The following information is specific to on-premises deployments. SaaS customers do not need to manage these components directly:
| Package | Version | Location |
| Helm Chart | 8.3.0 | https://cequence.gitlab.io/helm-charts/ |
Helm Charts are package managers for Kubernetes applications, allowing consistent deployment and management of UAP components in on-premises environments.
Upgrade Guides:
8.1.x to 8.3.0 - Link
8.2.x to 8.3.0 - Link