The Cequence Unified API Protection (UAP) platform 8.7 release focuses on stabilizing the Mitigation Policies experience and improving UI and platform reliability. This release resolves issues with Challenge Templates and global policy handling, hardens reporting with append-only writes and stale-state recovery, and addresses a range of dashboard, session, and connection issues.
Mitigation Policies and Challenge Templates receive the most significant attention in this release. Fixed issues include templates that could not be opened or edited after an import, global policies cleared unintentionally when flushing the mitigation cache, and critical Challenge Template defects. The Enable/Disable toggle on the Policy Edit page is restored, and Response Template and Challenge Action support in the Policies UI is verified.
Reporting is hardened in this release with the introduction of append-only writes for generated reports and recovery from stale GENERATING states. Dashboard reliability improvements address time-filter drag and custom-date controls on the Detection and Mitigation dashboard, and the Usage Dashboard Security Testing card is renamed.
Platform and UI reliability fixes address Airflow DAG path handling, connection resets from IPVS Kubernetes clusters, premature session logouts, and the recurring hide-unselect defect across Fraud Detection Rules, Data Export, and Clear Mitigator Cache screens.
Mitigation policies and challenge templates
Release 8.7 resolves several issues in the Mitigation Policies experience. Challenge Templates that could not be opened or edited following an import are now fully accessible. Global policies are no longer cleared when the mitigation cache is flushed. Critical defects in Challenge Templates, including red alert states and white screen rendering failures, are resolved. The Enable/Disable toggle on the Policy Edit page is restored and visible. Response Template and Challenge Action support in the Policies UI is verified as functional.
Reporting hardening
Generated reports now use append-only writes, preventing data loss during concurrent report generation. Stale GENERATING state recovery is added, ensuring reports that fail to complete do not remain indefinitely in a generating state.
Dashboard and UI reliability
Time-filter drag and custom-date controls on the Detection and Mitigation dashboard now function correctly. The Security Testing card in the Usage Dashboard is renamed. The hide-unselect control now works correctly on the Fraud Detection Rules Notifications screen, the Data Export Audit Log Events screen, and the Clear Mitigator Cache All Policies screen.
Platform reliability
Airflow common DAGs are refactored to remove hard-coded paths, improving portability across deployment configurations. Connection resets from IPVS Kubernetes clusters are resolved. Sessions no longer log out before the configured expiry time.
Release 8.7 introduces a new Helm flag, readOnlyRootFilesystem: false, for Airflow's gitSync component. This flag is required because a read-only filesystem prevents runtime updates to the common-dags package. A read-only filesystem combined with gitSync is not otherwise supported.
Defender compatibility
The following table summarizes Defender compatibility requirements for this release.
| UAP release | Defender release | Compatibility |
| 8.5.x and 8.6.x | 6.0.x or later; 6.0.1 or later | Compatible |
| 8.7.0 or later | 6.3.0 or later | Required |
Fixed issues
Release 8.7.0
Challenge Templates that could not be opened or edited following an import are now accessible.
Global policies are no longer cleared when the mitigation cache is flushed.
The Enable/Disable toggle on the Policy Edit page is restored and visible.
Response Template and Challenge Action support in the Policies UI is verified as functional.
Generated reports now use append-only writes. Stale GENERATING state recovery is added.
Airflow common DAGs are refactored to remove hard-coded paths.
Critical Challenge Template defects, including red alert states and white screen rendering failures, are resolved.
Time-filter drag and custom-date controls on the Detection and Mitigation dashboard now function correctly.
Sessions no longer log out before the configured expiry time.
Connection resets from IPVS Kubernetes clusters are resolved.
The Security Testing card in the Usage Dashboard is renamed.
The hide-unselect control now works correctly on the Fraud Detection Rules Notifications screen and the Data Export Audit Log Events screen.
The hide-unselect control now works correctly on the Mitigation Policies Clear Mitigator Cache All Policies screen.
Upgrade guides
Upgrade and rollback guides are available for the following paths.