All Versions
112
Latest Version
Avg Release Cycle
22 days
Latest Release
-

Changelog History
Page 2

  • v2.3.3 Changes

    ๐Ÿš€ > Released 2021/03/05

    ๐Ÿš€ This is a patch release in the 2.3 series. Being a patch release, it ๐Ÿ›  strictly contains bugfixes. The are no new features or breaking changes.

    Dependencies

    • โฌ†๏ธ Bump OpenSSL from 1.1.1i to 1.1.1j. 6859

    ๐Ÿ›  Fixes

    Core
    • Ensure control plane nodes do not execute healthchecks. 6805
    • ๐Ÿ‘ท Ensure only one worker executes active healthchecks. 6844
    • Declarative config can be now loaded as an inline yaml file by kong config (previously it was possible only as a yaml string inside json). JSON declarative config is now parsed with the cjson library, instead of with libyaml. 6852
    • ๐Ÿ‘ท When using eventual worker consistency now every Nginx worker deals with its upstreams changes, avoiding unnecessary synchronization among workers. 6833
    Admin API
    • โœ‚ Remove prng_seed from the Admin API and add PIDs instead. 6842
    PDK
    • ๐ŸŒฒ Ensure kong.log.serialize properly calculates reported latencies. 6869
    ๐Ÿ”Œ Plugins
    • ๐Ÿ”Œ HMAC-Auth: fix issue where the plugin would check if both a username and signature were specified, rather than either. 6826

    Back to TOC

  • v2.3.2 Changes

    ๐Ÿš€ > Released 2021/02/09

    ๐Ÿš€ This is a patch release in the 2.3 series. Being a patch release, it ๐Ÿ›  strictly contains bugfixes. The are no new features or breaking changes.

    ๐Ÿ›  Fixes

    Core
    • ๐Ÿ›  Fix an issue where certain incoming URI may make it possible to bypass security rules applied on Route objects. This fix make such attacks more difficult by always normalizing the incoming request's URI before matching against the Router. #6821
    • Properly validate Lua input in sandbox module. #6765
    • 0๏ธโƒฃ Mark boolean fields with default values as required. #6785
    CLI
    • kong migrations now accepts a -p/--prefix flag. #6819
    ๐Ÿ”Œ Plugins
    • ๐Ÿ”Œ JWT: disallow plugin on consumers. #6777
    • rate-limiting: improve counters accuracy. #6802

    Back to TOC

  • v2.3.1 Changes

    ๐Ÿš€ > Released 2021/01/26

    ๐Ÿš€ This is a patch release in the 2.3 series. Being a patch release, it ๐Ÿ›  strictly contains bugfixes. The are no new features or breaking changes.

    ๐Ÿ›  Fixes

    Core
    • ๐Ÿ›  lua-resty-dns-client was bumped to 5.2.1, which fixes an issue that could lead to a busy loop when renewing addresses. #6760
    • ๐Ÿ›  Fixed an issue that made Kong return HTTP 500 Internal Server Error instead of HTTP 502 Bad Gateway on upstream connection errors when using buffered proxying. #6735

    Back to TOC

  • v2.3.0 Changes

    ๐Ÿš€ > Released 2021/01/08

    ๐Ÿš€ This is a new release of Kong, with no breaking changes with respect to the 2.x series, with Control Plane/Data Plane version checks, UTF-8 names for Routes and Services, ๐Ÿ”Œ and a Plugin Servers.

    Distributions

    • ๐Ÿšš :warning: Support for Centos 6 has been removed, as said distro entered EOL on Nov 30. #6641

    Dependencies

    • โฌ†๏ธ Bump kong-plugin-serverless-functions from 1.0 to 2.1. #6715
    • โฌ†๏ธ Bump lua-resty-dns-client from 5.1.0 to 5.2.0. #6711
    • โฌ†๏ธ Bump lua-resty-healthcheck from 1.3.0 to 1.4.0. #6711
    • โฌ†๏ธ Bump OpenSSL from 1.1.1h to 1.1.1i. #6639
    • โฌ†๏ธ Bump kong-plugin-zipkin from 1.1 to 1.2. #6576
    • โฌ†๏ธ Bump kong-plugin-request-transformer from 1.2 to 1.3. #6542

    โž• Additions

    Core
    • Introduce version checks between Control Plane and Data Plane nodes in Hybrid Mode. Sync will be stopped if the major/minor version differ or if installed plugin versions differ between Control Plane and Data Plane nodes. #6612
    • ๐Ÿ‘ Kong entities with a name field now support utf-8 characters. #6557
    • The certificates entity now has cert_alt and key_alt fields, used to specify an alternative certificate and key pair. #6536
    • ๐Ÿ”Œ The go-pluginserver stderr and stdout are now written into Kong's logs. #6503
    • ๐Ÿ”Œ Introduce support for multiple pluginservers. This feature is backwards-compatible with the existing single Go pluginserver. #6600
    PDK
    • Introduce a kong.node.get_hostname method that returns current's node host name. #6613
    • Introduce a kong.cluster.get_id method that returns a unique ID for the current Kong cluster. If Kong is running in DB-less mode without a cluster ID explicitly defined, then this method returns nil. For Hybrid mode, all Control Planes and Data Planes belonging to the same cluster returns the same cluster ID. For traditional database based deployments, all Kong nodes pointing to the same database will also return the same cluster ID. #6576
    • Introduce a kong.log.set_serialize_value, which allows for customizing the output of kong.log.serialize. #6646
    ๐Ÿ”Œ Plugins
    • ๐Ÿ”ง http-log: the plugin now has a headers configuration, so that custom headers can be specified for the log request. #6449
    • ๐Ÿ”ง key-auth: the plugin now has two additional boolean configurations:
      • key_in_header: if false, the plugin will ignore keys passed as headers.
      • key_in_query: if false, the plugin will ignore keys passed as query arguments. Both default to true. #6590
    • request-size-limiting: add new configuration require_content_length, which causes the plugin to ensure a valid Content-Length header exists before reading the request body. #6660
    • serverless-functions: introduce a sandboxing capability, and it has been enabled by default, where only Kong PDK, OpenResty ngx APIs, and Lua standard libraries are allowed. #32
    ๐Ÿ”ง Configuration
    • client_max_body_size and client_body_buffer_size, that previously hardcoded to 10m, are now configurable through nginx_admin_client_max_body_size and nginx_admin_client_body_buffer_size. #6597
    • Kong-generated SSL privates keys now have 600 file system permission. #6509
    • Properties ssl_cert, ssl_cert_key, admin_ssl_cert, admin_ssl_cert_key, status_ssl_cert, and status_ssl_cert_key is now an array: previously, only an RSA certificate was generated by default; with this change, an ECDSA is also generated. On intermediate and modern cipher suites, the ECDSA certificate is set as the default fallback certificate; on old cipher suite, the RSA certificate remains as the default. On custom certificates, the first certificate specified in the array is used. #6509
    • Kong now runs as a kong user if it exists; it said user does not exist in the system, the nobody user is used, as before. #6421

    ๐Ÿ›  Fixes

    Core
    • ๐Ÿ›  Fix issue where a Go plugin would fail to read kong.ctx.shared values set by Lua plugins. #6490
    • Properly trigger dao:delete_by:post hook. #6567
    • ๐Ÿ›  Fix issue where a route that supports both http and https (and has a hosts and snis match criteria) would fail to proxy http requests, as it does not contain an SNI. #6517
    • ๐Ÿ›  Fix issue where a nil request context would lead to errors attempt to index local 'ctx' being shown in the logs
    • โฌ‡๏ธ Reduced the number of needed timers to active health check upstreams and to resolve hosts.
    • Schemas for full-schema validations are correctly cached now, avoiding memory leaks when reloading declarative configurations. #6713
    • ๐Ÿ”ง The schema for the upstream entities now limits the highest configurable number of successes and failures to 255, respecting the limits imposed by lua-resty-healthcheck. #6705
    • Certificates for database connections now are loaded in the right order avoiding failures to connect to Postgres databases. #6650
    CLI
    • ๐Ÿ›  Fix issue where kong reload -c <config> would fail. #6664
    • ๐Ÿ›  Fix issue where the Kong configuration cache would get corrupted. #6664
    PDK
    • ๐ŸŒฒ Ensure the log serializer encodes the tries field as an array when empty, rather than an object. #6632
    ๐Ÿ”Œ Plugins
    • ๐Ÿ”Œ request-transformer plugin does not allow null in config anymore as they can lead to runtime errors. #6710

    Back to TOC

  • v2.3.0-alpha.1 Changes

    December 09, 2020

    Download Kong 2.3.0-alpha.1 and run it now:

    ๐Ÿ”— Links:

  • v2.2.2 Changes

    ๐Ÿš€ > Released 2021/03/01

    ๐Ÿš€ This is a patch release in the 2.2 series. Being a patch release, it ๐Ÿ›  strictly contains bugfixes. The are no new features or breaking changes.

    ๐Ÿ›  Fixes

    ๐Ÿ”Œ Plugins
    • serverless-functions: introduce a sandboxing capability, enabled by default, where only Kong PDK, OpenResty ngx APIs, and some Lua standard libraries are allowed. Read the documentation here. #32

    Back to TOC

  • v2.2.1 Changes

    December 01, 2020

    ๐Ÿš€ > Released 2020/12/01

    ๐Ÿš€ This is a patch release in the 2.2 series. Being a patch release, it ๐Ÿ›  strictly contains bugfixes. The are no new features or breaking changes.

    ๐Ÿ›  Fixes

    Distribution
    Core
    • ๐Ÿ›  Fix issue where Kong would fail to start a Go plugin instance with a starting instance: nil error. #6507
    • ๐Ÿ›  Fix issue where a route that supports both http and https (and has a hosts and snis match criteria) would fail to proxy http requests, as it does not contain an SNI. #6517
    • ๐Ÿ›  Fix issue where a Go plugin would fail to read kong.ctx.shared values set by Lua plugins. #6426
    • ๐Ÿ›  Fix issue where gRPC requests would fail to set the :authority pseudo-header in upstream requests. #6603
    CLI
    • Fix issue where kong config db_import and kong config db_export commands would fail if Go plugins were enabled. #6596 Thanks daniel-shuy for the patch!

    Back to TOC

  • v2.2.0 Changes

    October 23, 2020

    ๐Ÿš€ > Released 2020/10/23

    ๐Ÿ‘ This is a new major release of Kong, including new features such as UDP support, ๐Ÿ”ง Configurable Request and Response Buffering, Dynamically Loading of OS Certificates, and much more.

    Distributions

    • โž• Added support for running Kong as the non-root user kong on distributed systems.

    Dependencies

    • โš  :warning: For Kong 2.2, the required OpenResty version has been bumped to 1.17.8.2, and the the set of patches included has changed, including the latest release of lua-kong-nginx-module. If you are installing Kong from one of our distribution packages, you are not affected by this change.
    • โฌ†๏ธ Bump OpenSSL version from 1.1.1g to 1.1.1h. #6382

    Note: if you are not using one of our distribution packages and compiling OpenResty from source, you must still apply Kong's OpenResty ๐Ÿ— patches (and, as highlighted above, compile OpenResty with the new ๐Ÿ— lua-kong-nginx-module). Our kong-build-tools repository will allow you to do both easily.

    • ๐Ÿ—„ :warning: Cassandra 2.x support is now deprecated. If you are still using Cassandra 2.x with Kong, we recommend you to upgrade, since this series of Cassandra is about to be EOL with the upcoming release of Cassandra 4.0.

    โž• Additions

    Core
    • ๐Ÿ‘ :fireworks: UDP support: Kong now features support for UDP proxying in its stream subsystem. The "udp" protocol is now accepted in the protocols attribute of Routes and the protocol attribute of Services. Load balancing and logging plugins support UDP as well. #6215
    • ๐Ÿ”ง Configurable Request and Response Buffering: The buffering of requests or responses can now be enabled or disabled on a per-route basis, through setting attributes Route.request_buffering or Route.response_buffering to true or false. Default behavior remains the same: buffering is enabled by default for requests and responses. #6057
    • Option to Automatically Load OS Certificates: The configuration attribute lua_ssl_trusted_certificate was extended to accept a comma-separated list of certificate paths, as well as a special system value, which expands to the "system default" certificates file installed by the operating system. This follows a very simple heuristic to try to use the most common certificate file in most popular distros. #6342
    • Consistent-Hashing load balancing algorithm does not require to use the entire target history to build the same proxying destinations table on all Kong nodes anymore. Now deleted targets are actually removed from the database and the targets entities can be manipulated by the Admin API as any other entity. #6336
    • โž• Add X-Forwarded-Path header: if a trusted source provides a X-Forwarded-Path header, it is proxied as-is. Otherwise, Kong will set the content of said header to the request's path. #6251
    • ๐ŸŽ Hybrid mode synchronization performance improvements: Kong now uses a new internal synchronization method to push changes from the Control Plane to the Data Plane, drastically reducing the amount of communication between nodes during bulk updates. #6293
    • The Upstream.client_certificate attribute can now be used from proxying: This allows client_certificate setting used for mTLS handshaking with the Upstream server to be shared easily among different Services. However, Service.client_certificate will take precedence over Upstream.client_certificate if both are set simultaneously. In previous releases, Upstream.client_certificate was only used for mTLS in active health checks. #6348
    • ๐Ÿ†• New shorthand_fields top-level attribute in schema definitions, which deprecates shorthands and includes type definitions in addition to the shorthand callback. #6364
    • Hybrid Mode: the table of Data Plane nodes at the Control Plane is now cleaned up automatically, according to a delay value configurable via the cluster_data_plane_purge_delay attribute, set to 14 days by default. #6376
    • Hybrid Mode: Data Plane nodes now apply only the last config when receiving several updates in sequence, improving the performance when large configs are in use. #6299
    Admin API
    • Hybrid Mode: new endpoint /clustering/data-planes which returns complete information about all Data Plane nodes that are connected to the Control Plane cluster, regardless of the Control Plane node to which they connected. #6308
      • :warning: The /clustering/status endpoint is now deprecated, since it returns only information about Data Plane nodes directly connected to the Control Plane node to which the Admin API request was made, and is superseded by /clustering/data-planes.
    • ๐Ÿ”ง Admin API responses now honor the headers configuration setting for including or removing the Server header. #6371
    PDK
    • New function kong.request.get_forwarded_prefix: returns the prefix path component of the request's URL that Kong stripped before proxying to upstream, respecting the value of X-Forwarded-Prefix when it comes from a trusted source. #6251
    • ๐Ÿ”ง kong.response.exit now honors the headers configuration setting for including or removing the Server header. #6371
    • ๐ŸŒฒ kong.log.serialize function now can be called using the stream subsystem, allowing various logging plugins to work under TCP and TLS proxy modes. #6036
    • Requests with multipart/form-data MIME type now can use the same part name multiple times. #6054
    ๐Ÿ”Œ Plugins
    • ๐Ÿ†• New Response Phase: both Go and Lua pluggins now support a new plugin phase called response in Lua plugins and Response in Go. Using it automatically enables response buffering, which allows you to manipulate both the response headers and the response body in the same phase. This enables support for response handling in Go, where header and body filter phases are not available, allowing you to use PDK functions such as kong.Response.GetBody(), and provides an equivalent simplified feature for handling buffered responses from Lua plugins as well. #5991
    • aws-lambda: bump to version 3.5.0: #6379
      • support for 'isBase64Encoded' flag in Lambda function responses
    • grpc-web: introduce configuration pass_stripped_path, which, if set to true, causes the plugin to pass the stripped request path (see the strip_path Route attribute) to the upstream gRPC service.
    • ๐Ÿ‘ rate-limiting: Support for rate limiting by path, by setting the limit_by = "path" configuration attribute. Thanks KongGuide for the patch! #6286
    • 0๏ธโƒฃ correlation-id: the plugin now generates a correlation-id value by default if the correlation id header arrives but is empty. #6358
  • v2.2.0-rc.1 Changes

    October 19, 2020

    Download Kong 2.2.0-rc.1 and run it now:

    ๐Ÿ”— Links:

  • v2.2.0-beta.1 Changes

    October 02, 2020

    Download Kong 2.2.0-beta.1 and run it now:

    ๐Ÿ”— Links: