nginx
diff --git a/‎CONTRIBUTING_DOCS.md
Lines changed: 4 additions & 2 deletions b/‎CONTRIBUTING_DOCS.md
Lines changed: 4 additions & 2 deletions
diff --git a/‎content/includes/nap-waf/config/common/anti-automation.md
Lines changed: 1 addition & 1 deletion b/‎content/includes/nap-waf/config/common/anti-automation.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎content/includes/nginx-plus/install/copy-jwt-to-etc-nginx-dir.md
Lines changed: 1 addition & 3 deletions b/‎content/includes/nginx-plus/install/copy-jwt-to-etc-nginx-dir.md
Lines changed: 1 addition & 3 deletions
diff --git a/‎content/ngf/how-to/traffic-security/integrating-cert-manager.md
Lines changed: 4 additions & 3 deletions b/‎content/ngf/how-to/traffic-security/integrating-cert-manager.md
Lines changed: 4 additions & 3 deletions
diff --git a/‎content/nginx-one/changelog.md
Lines changed: 13 additions & 0 deletions b/‎content/nginx-one/changelog.md
Lines changed: 13 additions & 0 deletions
diff --git a/‎content/nginx-one/rbac/rbac-api.md
Lines changed: 6 additions & 6 deletions b/‎content/nginx-one/rbac/rbac-api.md
Lines changed: 6 additions & 6 deletions
diff --git a/‎content/nginx-one/rbac/roles.md
Lines changed: 4 additions & 3 deletions b/‎content/nginx-one/rbac/roles.md
Lines changed: 4 additions & 3 deletions
diff --git a/‎content/nginx/admin-guide/installing-nginx/installing-nginx-open-source.md
Lines changed: 31 additions & 33 deletions b/‎content/nginx/admin-guide/installing-nginx/installing-nginx-open-source.md
Lines changed: 31 additions & 33 deletions
@@ -133,12 +133,14 @@ Supported callouts:
 - `caution`
 - `warning`
 
-You can also create custom callouts using the `call-out` shortcode `{{< call-out "type" "header" "font-awesome icon >}}`. For example:
+You can also create custom callouts using the `call-out` shortcode `{{< call-out "type position" "header" "font-awesome icon >}}`. For example:
 
 ```md
-{{<call-out "important" "JWT file required for upgrade" "fa fa-exclamation-triangle">}}
+{{<call-out "important side-callout" "JWT file required for upgrade" "fa fa-exclamation-triangle">}}
 ```
 
+By default, all custom callouts are included inline, unless you add `side-callout` which places the callout to the right of the content.
+
 Here are some other shortcodes:
 
 - `fa`: Inserts a Font Awesome icon
 
@@ -131,7 +131,7 @@ This is a list of the trusted bots that are currently part of the bot signatures
 |MojeekBot | [Mojeek search engine](https://www.mojeek.com/) |
 |Yahoo! Slurp | [Yahoo search engine](https://www.yahoo.com/) |
 |Yandex | [Yandex search engine](https://yandex.com/) |
-|YioopBot | [Yioop search engine](https://www.yioop.com/) |
+|YioopBot | Yioop search engine |
 {{</bootstrap-table>}}
 
 
 
@@ -2,10 +2,8 @@
 docs:
 ---
 
-After downloading the JWT file, copy it to the **/etc/nginx/** directory and make sure it's named **license.jwt**:
+Copy the downloaded JWT file to the **/etc/nginx/** directory and make sure it is named **license.jwt**:
 
 ```shell
 sudo cp <downloaded-file-name>.jwt /etc/nginx/license.jwt
 ```
-
-Replace `<downloaded-file-name>.jwt` with the actual name of your downloaded JWT file.
@@ -68,9 +68,10 @@ The first step is to deploy cert-manager onto the cluster.
     cert-manager jetstack/cert-manager \
     --namespace cert-manager \
     --create-namespace \
-    --version v1.12.0 \
-    --set installCRDs=true \
-    --set "extraArgs={--feature-gates=ExperimentalGatewayAPISupport=true}"
+    --set config.apiVersion="controller.config.cert-manager.io/v1alpha1" \
+    --set config.kind="ControllerConfiguration" \
+    --set config.enableGatewayAPI=true \
+    --set crds.enabled=true
   ```
 
 ---
 
@@ -34,6 +34,19 @@ Stay up-to-date with what's new and improved in the F5 NGINX One Console.
 
 ## January 20, 2025
 
+### Manage certificates with Config Sync Groups
+
+With the NGINX One Console, you can now manage certificate deployment in Config Sync Groups. 
+
+You can:
+
+- Add a certificate to a Config Sync Group
+- Remove a deployed certificate from a Config Sync Group
+
+For more information, including warnings about risks, see our documentation on how you can:
+- [Add a file]({{< ref "/nginx-one/how-to/nginx-configs/add-file.md" >}}) 
+- [Manage certificates]({{< ref "/nginx-one/how-to/certificates/manage-certificates.md" >}})
+
 ### Revert a configuration
 
 Using the NGINX One Console you can now:
 
@@ -7,15 +7,15 @@ product: NGINX One
 docs: DOCS-000
 ---
 
-Beyond [Default roles]({{< relref "/nginx-one/rbac/roles.md" >}}), you may need to set up custom roles. For convenience, we include a list of API groups that you could use to specify permissions for custom roles.
-
-These are not NGINX One APIs.
+Beyond the [Default roles]({{< relref "/nginx-one/rbac/roles.md" >}}) for NGINX One Console access, you can create [custom roles](https://docs.cloud.f5.com/docs-v2/administration/how-tos/user-mgmt/roles#custom-roles) with more precisely defined access permissions.
+You can assign custom roles to users or service accounts. You can associate these roles with specific namespaces, to help facilitate the principle of least privilege across your tenant.
+For this use-case, we include a list of API groups that you can use to specify permissions for custom roles with more granular access controls to NGINX One Console APIs.
 
 ## F5 API groups for NGINX One
 
-The following table lists the **[F5 XC roles](https://docs.cloud.f5.com/docs-v2/administration/how-tos/user-mgmt/roles)** that you can use. These are narrowly scoped API Groups that align with all the features and functionality within the NGINX One Console. These groups can help you create custom roles tailored to your specific needs.
+The following table lists the available API groups that you can use to construct a Role. These are narrowly scoped API groups that align with all the features and functionality within the NGINX One Console. These groups can help you create custom roles tailored to your specific needs.
 
-{{< note >}}If you create custom roles using the more granular API Groups, users may not have access until you add the corresponding API Groups to their roles.{{< /note >}}
+{{< note >}}If you create custom roles using these API groups, users may not have access to all capabilities of the browser web portal.{{< /note >}}
 
 | API Group Name                          | Level of Access | Description                                                                                                                   |
 |-----------------------------------------|-----------------|-------------------------------------------------------------------------------------------------------------------------------|
@@ -27,7 +27,7 @@ The following table lists the **[F5 XC roles](https://docs.cloud.f5.com/docs-v2/
 | f5xc-nginx-one-custom-all-instances-manage          | Write           | View and delete all Instances.                                                                                                |
 | f5xc-nginx-one-custom-instance-manage               | Write           | View and edit Instance details.                                                                        |
 | f5xc-nginx-one-custom-instance-read                 | Read            | View Instance and configuration details.                                                                        |
-| f5xc-nginx-one-custom-certificate-manage            | Write           | View TSL/SSL certificate details. Create, update, and delete any managed certificates.                                    |
+| f5xc-nginx-one-custom-certificate-manage            | Write           | View TLS/SSL certificate details. Create, update, and delete any managed certificates.                                    |
 | f5xc-nginx-one-custom-certificate-read              | Read            | View TLS/SSL certificates.                                                                                    |
 | f5xc-nginx-one-custom-all-certificates-manage       | Write           | View all TLS/SSL certificates. Delete managed certificates.                                               |
 | f5xc-nginx-one-custom-data-plane-key-manage         | Write           | View, create, update, and delete any Data Plane Keys. Note: The actual Data Plane Key is shown _only_ when created. |
 
@@ -13,13 +13,14 @@ We provide three default **[roles](https://docs.cloud.f5.com/docs-v2/administrat
 
 ### Admin
 
-The Admin role, identified as <code>f5xc-nginx-one-admin</code>, provides full read and write access to all endpoints and features within the NGINX One Console.
+The Admin role, identified as `f5xc-nginx-one-admin`, provides full read and write access to all endpoints and features within the NGINX One Console. 
+It also supports RBAC for related XC services, as described in [Role-based Access Control Concepts](https://flatrender.tora.reviews/docs-v2/administration/how-tos/user-mgmt/rbac).
 
 ### User
 
-Our standard User role, listed as <code>f5xc-nginx-one-user</code> in the role list, provides read and write access to all endpoints and features, save for those considered to be administrator level. An example of an administrator level feature would be **[Instance Settings](https://docs.nginx.com/nginx-one/how-to/nginx-configs/clean-up-unavailable-instances/)** where unavailable instance clean up logic is set.
+Our standard User role, listed as `f5xc-nginx-one-user` in the role list, provides read and write access to all endpoints and features, save for those considered to be administrator level. An example of an administrator level feature would be **[Instance Settings](https://docs.nginx.com/nginx-one/how-to/nginx-configs/clean-up-unavailable-instances/)** where unavailable instance clean up logic is set.
 
 ### Monitor
 
-Our read only or Monitor role, <code>f5xc-nginx-one-monitor</code>, grants read only access to all non-administrator features and endpoints within the NGINX One Console.
+Our read only or Monitor role, `f5xc-nginx-one-monitor`, grants read only access to all non-administrator features and endpoints within the NGINX One Console.
 
@@ -47,9 +47,8 @@ NGINX, Inc. provides packages for the following CentOS, Oracle Linux, RHEL, Alm
 
 |Version | Supported Platforms |
 | ---| --- |
-|7.4+ | x86_64, aarch64/arm64 |
-|8x | x86_64, aarch64/arm64, s390x |
-|9x | x86_64, aarch64/arm64, s390x |
+|8x | x86_64, aarch64/arm64 |
+|9x | x86_64, aarch64/arm64 |
 
 {{</bootstrap-table>}}
 
@@ -155,7 +154,7 @@ The package can be installed from:
     ```shell
     curl -I 127.0.0.1
     HTTP/1.1 200 OK
-    Server: nginx/1.27.0
+    Server: nginx/1.27.4
     ```
 
 <span id="prebuilt_debian"></span>
@@ -284,7 +283,7 @@ The package can be installed from:
     ```shell
     curl -I 127.0.0.1
     HTTP/1.1 200 OK
-    Server: nginx/1.27.0
+    Server: nginx/1.27.4
     ```
 
 <span id="prebuilt_ubuntu"></span>
@@ -299,8 +298,8 @@ NGINX provides packages for the following Ubuntu operating systems:
 | ---| ---| --- |
 |20.04 | focal | x86_64, aarch64/arm64, s390x |
 |22.04 | jammy | x86_64, aarch64/arm64, s390x |
-|22.10 | kinetic | x86_64, aarch64/arm64 |
-|23.04 | lunar | x86_64, aarch64/arm64 |
+|24.04 | noble | x86_64, aarch64/arm64 |
+|24.10 | oracular | x86_64, aarch64/arm64 |
 
 {{</bootstrap-table>}}
 
@@ -412,7 +411,7 @@ The package can be installed from:
     ```shell
     curl -I 127.0.0.1
     HTTP/1.1 200 OK
-    Server: nginx/1.27.0
+    Server: nginx/1.27.4
     ```
 
 <span id="prebuilt_suse"></span>
@@ -425,7 +424,6 @@ NGINX provides packages for SUSE Linux Enterprise Server:
 
 |Version | Supported Platforms |
 | ---| --- |
-|SLES 12 SP5+ | x86_64 |
 |SLES 15 SP2+ | x86_64 |
 
 {{</bootstrap-table>}}
@@ -508,10 +506,10 @@ NGINX provides packages for the following Alpine Linux operating systems:
 
 |Version | Supported Platforms |
 | ---| --- |
-|3.15 | x86_64, aarch64/arm64 |
-|3.16 | x86_64, aarch64/arm64 |
-|3.17 | x86_64, aarch64/arm64 |
 |3.18 | x86_64, aarch64/arm64 |
+|3.19 | x86_64, aarch64/arm64 |
+|3.20 | x86_64, aarch64/arm64 |
+|3.21 | x86_64, aarch64/arm64 |
 
 {{</bootstrap-table>}}
 
@@ -689,9 +687,9 @@ Prior to compiling NGINX Open Source from source, you need to install librarie
 - [PCRE](http://pcre.org/) – Supports regular expressions. Required by the NGINX [Core](https://nginx.org/en/docs/ngx_core_module.html) and [Rewrite](https://nginx.org/en/docs/http/ngx_http_rewrite_module.html) modules.
 
   ```shell
-  wget github.com/PCRE2Project/pcre2/releases/download/pcre2-10.42/pcre2-10.42.tar.gz
-  tar -zxf pcre2-10.42.tar.gz
-  cd pcre2-10.42
+  wget github.com/PCRE2Project/pcre2/releases/download/pcre2-10.43/pcre2-10.43.tar.gz
+  tar -zxf pcre2-10.43.tar.gz
+  cd pcre2-10.43
   ./configure
   make
   sudo make install
@@ -700,9 +698,9 @@ Prior to compiling NGINX Open Source from source, you need to install librarie
 - [zlib](http://www.zlib.net/) – Supports header compression. Required by the NGINX [Gzip](https://nginx.org/en/docs/http/ngx_http_gzip_module.html) module.
 
   ```shell
-  wget http://zlib.net/zlib-1.2.13.tar.gz
-  tar -zxf zlib-1.2.13.tar.gz
-  cd zlib-1.2.13
+  wget http://zlib.net/zlib-1.3.1.tar.gz
+  tar -zxf zlib-1.3.1.tar.gz
+  cd zlib-1.3.1
   ./configure
   make
   sudo make install
@@ -711,9 +709,9 @@ Prior to compiling NGINX Open Source from source, you need to install librarie
 - [OpenSSL](https://www.openssl.org/) – Supports the HTTPS protocol. Required by the NGINX [SSL](https://nginx.org/en/docs/http/ngx_http_ssl_module.html) module and others.
 
   ```shell
-  wget http://www.openssl.org/source/openssl-1.1.1v.tar.gz
-  tar -zxf openssl-1.1.1v.tar.gz
-  cd openssl-1.1.1v
+  wget http://www.openssl.org/source/openssl-3.0.13.tar.gz
+  tar -zxf openssl-3.0.13.tar.gz
+  cd openssl-3.0.13
   ./Configure darwin64-x86_64-cc --prefix=/usr
   make
   sudo make install
@@ -727,17 +725,17 @@ Download the source files for both the stable and mainline versions from [**ngin
 To download and unpack the source for the latest _mainline_ version, run:
 
 ```shell
-wget https://nginx.org/download/nginx-1.27.0.tar.gz
-tar zxf nginx-1.27.0.tar.gz
-cd nginx-1.27.0
+wget https://nginx.org/download/nginx-1.27.4.tar.gz
+tar zxf nginx-1.27.4.tar.gz
+cd nginx-1.27.4
 ```
 
 To download and unpack source files for the latest _stable_ version, run:
 
 ```shell
-wget https://nginx.org/download/nginx-1.26.1.tar.gz
-tar zxf nginx-1.26.1.tar.gz
-cd nginx-1.26.1
+wget https://nginx.org/download/nginx-1.26.3.tar.gz
+tar zxf nginx-1.26.3.tar.gz
+cd nginx-1.26.3
 ```
 
 <span id="configure"></span>
@@ -752,8 +750,8 @@ An example of options to the `configure` script (should be typed as a single lin
 --sbin-path=/usr/local/nginx/nginx
 --conf-path=/usr/local/nginx/nginx.conf
 --pid-path=/usr/local/nginx/nginx.pid
---with-pcre=../pcre2-10.42
---with-zlib=../zlib-1.2.13
+--with-pcre=../pcre2-10.43
+--with-zlib=../zlib-1.3.1
 --with-http_ssl_module
 --with-stream
 --with-mail=dynamic
@@ -841,8 +839,8 @@ If you do not need a module that is built by default, you can disable it by nami
 --pid-path=/usr/local/nginx/nginx.pid
 --with-http_ssl_module
 --with-stream
---with-pcre=../pcre2-10.42
---with-zlib=../zlib-1.2.13
+--with-pcre=../pcre2-10.43
+--with-zlib=../zlib-1.3.1
 --without-http_empty_gif_module
 ```
 
@@ -896,8 +894,8 @@ An example of the `configure` command that includes nondefault modules (should b
 --sbin-path=/usr/local/nginx/nginx
 --conf-path=/usr/local/nginx/nginx.conf
 --pid-path=/usr/local/nginx/nginx.pid
---with-pcre=../pcre2-10.42
---with-zlib=../zlib-1.2.13
+--with-pcre=../pcre2-10.43
+--with-zlib=../zlib-1.3.1
 --with-http_ssl_module
 --with-stream
 --with-mail