Changelog History
Page 5
-
v1.4.2 Changes
December 11, 2019๐ > Released 2019/12/10
๐ This is another patch release in the 1.4 series, and as such, strictly ๐ contains bugfixes. There are no new features nor breaking changes.
๐ Fixes
Core
- Fixes some corner cases in the balancer behavior #5318
๐ Plugins
-
v1.4.1 Changes
December 03, 2019๐ > Released 2019/12/03
๐ This is a patch release in the 1.4 series, and as such, strictly contains ๐ bugfixes. There are no new features nor breaking changes.
๐ Fixes
Core
- Fixed a memory leak in the balancer #5229 -- Thanks zeeshen for the patch!
- Removed arbitrary limit on worker connections. #5148
- Fixed
preserve_host
behavior for gRPC routes #5225 - Fix migrations for ttl for OAuth2 tokens #5253
- Improve handling of errors when creating balancers #5284
CLI
- Fixed an issue with
kong config db_export
when reading entities that are ttl-enabled and whose ttl value isnull
. #5185
Admin API
๐ Plugins
- http-log: do not impose a retry delay on successful sends #5282
-
v1.4.0 Changes
October 23, 2019๐ > Released on 2019/10/22
Installation
- :warning: All Bintray assets have been renamed from
.all.
/.noarch.
to be architecture specific namely.arm64.
and.amd64.
โ Additions
Core
- :fireworks: New configuration option
cassandra_refresh_frequency
to set the frequency that Kong will check for Cassandra cluster topology changes, avoiding restarts when Cassandra nodes are added or removed. #5071 - New
transformations
property in DAO schemas, which allows adding functions that run when database rows are inserted or updated. #5047 - The new attribute
hostname
has been added toupstreams
entities. This attribute is used as theHost
header when proxying requests through Kong to servers that are listening on server names that are different from the names to which they resolve. #4959 - New status interface has been introduced. It exposes insensitive health, metrics and error read-only information from Kong, which can be consumed by other services in the infrastructure to monitor Kong's health. This removes the requirement of the long-used workaround to monitor Kong's health by injecting a custom server block. #4977
- New Admin API response header
X-Kong-Admin-Latency
, reporting the time taken by Kong to process an Admin API request. #4966
๐ง Configuration
- :warning: New configuration option
service_mesh
which enables or disables the Service Mesh functionality. The Service Mesh is being deprecated and will not be available in the next releases of Kong. #5124 - New configuration option
router_update_frequency
that allows setting the frequency that router and plugins will be checked for changes. This new option avoids performance degradation when Kong routes or plugins are frequently changed. #4897
๐ Plugins
- rate-limiting: in addition to consumer, credential, and IP levels, now rate-limiting plugin has service-level support. Thanks wuguangkuo for the patch! #5031
- Now rate-limiting
local
policy counters expire using the shared dictionary's TTL, avoiding to keep unnecessary counters in memory. Thanks cb372 for the patch! #5029 - Authentication plugins have support for tags now. #4945
- response-transformer plugin now supports renaming response headers. Thanks aalmazanarbs for the patch! #5040
๐ Fixes
Core
- :warning: Service Mesh is known to cause HTTPS requests to upstream to
ignore
proxy_ssl*
directives, so it is being discontinued in the next major release of Kong. In this release it is disabled by default, avoiding this issue, and it can be enabled as aforementioned in the configuration section. #5124 - Fixed an issue on reporting the proper request method and URL arguments on NGINX-produced errors in logging plugins. #5073
- Fixed an issue where targets were not properly updated in all Kong workers when they were removed. #5041
- Deadlocks cases in database access functions when using Postgres and
cleaning up
cluster_events
in high-changing scenarios were fixed. #5118 - Fixed issues with tag-filtered GETs on Cassandra-backed nodes. #5105
๐ง Configuration
- Fixed Lua parsing and error handling in declarative configurations. #5019
- Automatically escape any unescaped
#
characters in parsedKONG_*
environment variables. #5062
๐ Plugins
- file-log: creates log file with proper permissions when Kong uses declarative config. #5028
- basic-auth: fixed credentials parsing when using DB-less configurations. #5080
- jwt: plugin handles empty claims and return the correct error message. #5123 Thanks to @jeremyjpj0916 for the patch!
- serverless-functions: Lua code in declarative configurations is validated and loaded correctly. #24
- request-transformer: fixed bug on removing and then adding request headers with the same name. #9
- :warning: All Bintray assets have been renamed from
-
v1.4.0.rc2
October 15, 2019 -
v1.4.0.rc1
October 02, 2019 -
v1.3.1 Changes
January 09, 2020Download Kong 1.3.1 and run it now:
๐ Links:
-
v1.3.0 Changes
August 21, 2019๐ > Released on 2019/08/21
Kong 1.3 is the first version to officially support gRPC proxying!
๐ Following our vision for Kong to proxy modern Web services protocols, we are ๐ excited for this newest addition to the family of protocols already supported by Kong (HTTP(s), WebSockets, and TCP). As we have recently stated in our โ latest Community Call, more protocols are to be expected in the future.
โ Additionally, this release includes several highly-requested features such as support for upstream mutual TLS, header-based routing (not only
Host
), database export, and configurable upstream keepalive timeouts.๐ Changes
Dependencies
- โ :warning: The required OpenResty version has been bumped to
1.15.8.1. If you are
installing Kong from one of our distribution packages, you are not affected
by this change. See #4382.
With this new version comes a number of improvements:
- The new ngx_http_grpc_module.
- Configurable of upstream keepalive connections by timeout or number of requests.
- Support for ARM64 architectures.
- LuaJIT GC64 mode for x86_64 architectures, raising the LuaJIT GC-managed memory limit from 2GB to 128TB and producing more predictable GC performance.
- โ :warning: From this version on, the new lua-kong-nginx-module Nginx module is required to be built into OpenResty for Kong to function properly. This new module allows Kong to support new features such as mutual TLS authentication. If you are installing Kong from one of our distribution packages, you are not affected by this change. openresty-build-tools#26
Note: if you are not using one of our distribution packages and compiling OpenResty from source, you must still apply Kong's OpenResty patches (and, as highlighted above, compile OpenResty with the new lua-kong-nginx-module). Our new ๐ openresty-build-tools repository will allow you to do both easily.
Core
- :warning: Bugfixes in the router may, in some edge-cases, result in different Routes being matched. It was reported to us that the router behaved incorrectly in some cases when configuring wildcard Hosts and regex paths (e.g. #3094). It may be so that you are subject to these bugs without realizing it. Please ensure that wildcard Hosts and regex paths Routes you have configured are matching as expected before upgrading. See 9ca4dc0, 2683b86, and 6a03e1b for details.
- Upstream connections are now only kept-alive for 100 requests or 60 seconds (idle) by default. Previously, upstream connections were not actively closed by Kong. This is a (non-breaking) change in behavior, inherited from Nginx 1.15, and configurable via new configuration properties (see below).
๐ง Configuration
- ๐ง :warning: The
upstream_keepalive
configuration property is deprecated, and replaced by the newnginx_http_upstream_keepalive
property. Its behavior is almost identical, but the notable difference is that the latter leverages the injected Nginx directives feature added in Kong 0.14.0. In future releases, we will gradually increase support for injected Nginx directives. We have high hopes that this will remove the occasional need for custom Nginx configuration templates. #4382
โ Additions
Core
- :fireworks: Native gRPC proxying. Two new protocol types;
grpc
andgrpcs
correspond to gRPC over h2c and gRPC over h2. They can be specified on a Route or a Service'sprotocol
attribute (e.g.protocol = grpcs
). When an incoming HTTP/2 request matches a Route with agrpc(s)
protocol, the request will be handled by the ngx_http_grpc_module, and proxied to the upstream Service according to the gRPC protocol specifications. :warning: Note that not all Kong plugins are compatible with gRPC requests yet. #4801 - :fireworks: Mutual TLS handshake with upstream services. The Service
entity now has a new
client_certificate
attribute, which is a foreign key to a Certificate entity. If specified, Kong will use the Certificate as a client TLS cert during the upstream TLS handshake. #4800 - :fireworks: Route by any request header. The router now has the ability
to match Routes by any request header (not only
Host
). The Route entity now has a newheaders
attribute, which is a map of headers names and values. E.g.{ "X-Forwarded-Host": ["example.org"], "Version": ["2", "3"] }
. #4758 - :fireworks: Least-connection load-balancing. A new
algorithm
attribute has been added to the Upstream entity. It can be set to"round-robin"
(default),"consistent-hashing"
, or"least-connections"
. #4528 - A new core entity, "CA Certificates" has been introduced and can be accessed
via the new
/ca_certificates
Admin API endpoint. CA Certificates entities will be used as CA trust store by Kong. Certificates stored by this entity need not include their private key. #4798 - Healthchecks now use the combination of IP + Port + Hostname when storing upstream health information. Previously, only IP + Port were used. This means that different virtual hosts served behind the same IP/port will be treated differently with regards to their health status. New endpoints were added to the Admin API to manually set a Target's health status. #4792
๐ง Configuration
- :fireworks: A new section in the
kong.conf
file describes injected Nginx directives (added to Kong 0.14.0) and specifies a few default ones. In future releases, we will gradually increase support for injected Nginx directives. We have high hopes that this will remove the occasional need for custom Nginx configuration templates. #4382 - ๐ง :fireworks: New configuration properties allow for controlling the behavior of
upstream keepalive connections.
nginx_http_upstream_keepalive_requests
andnginx_http_upstream_keepalive_timeout
respectively control the maximum number of proxied requests and idle timeout of an upstream connection. #4382 - ๐ New flags have been added to the
*_listen
properties:deferred
,bind
, andreuseport
. #4692
CLI
- :fireworks: Database export via the new
kong config db_export
CLI command. This command will export the configuration present in the database Kong is connected to (Postgres or Cassandra) as a YAML file following Kong's declarative configuration syntax. This file can thus be imported later on in a DB-less Kong node or in another database viakong config db_import
. #4809
Admin API
- ๐ Many endpoints now support more levels of nesting for ease of access.
For example:
/services/:services/routes/:routes
is now a valid API endpoint. #4713 - ๐ฐ The API now accepts
form-urlencoded
payloads with deeply nested data structures. Previously, it was only possible to send such data structures via JSON payloads. #4768
๐ Plugins
- ๐ :fireworks: New bundled plugin: the session plugin is now bundled in Kong. It can be used to manage browser sessions for APIs proxied and authenticated by Kong. #4685
- ๐ง ldap-auth: A new
config.ldaps
property allows configuring the plugin to connect to the LDAP server via TLS. It provides LDAPS support instead of only relying on STARTTLS. #4743 - jwt-auth: The new
header_names
property accepts an array of header names the JWT plugin should inspect when authenticating a request. It defaults to["Authorization"]
. #4757 - ๐ azure-functions: Bumped to 0.4 for minor fixes and performance improvements.
- kubernetes-sidecar-injector: The plugin is now more resilient to Kubernetes schema changes.
- ๐ serverless-functions:
- Bumped to 0.3 for minor performance improvements.
- Functions can now have upvalues.
- ๐ prometheus: Bumped to 0.4.1 for minor performance improvements.
- 0๏ธโฃ cors: add OPTIONS, TRACE and CONNECT to default allowed methods #4899 Thanks to @eshepelyuk for the patch!
PDK
- New function
kong.service.set_tls_cert_key()
. This functions sets the client TLS certificate used while handshaking with the upstream service. #4797
๐ Fixes
Core
- ๐ Fix WebSocket protocol upgrades in some cases due to case-sensitive
comparisons of the
Upgrade
header. #4780 - ๐ง Router: Fixed a bug causing invalid matches when configuring two or more
Routes with a plain
hosts
attribute shadowing another Route's wildcardhosts
attribute. Details of the issue can be seen in 01b1cb8. #4775 - Router: Ensure regex paths always have priority over plain paths. Details of the issue can be seen in 2683b86. #4775
- Cleanup of expired rows in PostgreSQL is now much more efficient thanks to a new query plan. #4716
- ๐ Improved various query plans against Cassandra instances by increasing the default page size. #4770
๐ Plugins
- cors: ensure non-preflight OPTIONS requests can be proxied. #4899 Thanks to @eshepelyuk for the patch!
- ๐ Consumer references in various plugin entities are now properly marked as required, avoiding credentials that map to no Consumer. #4879
- hmac-auth: Correct the encoding of HTTP/1.0 requests. #4839
- oauth2: empty client_id wasn't checked, causing a server error. #4884
- response-transformer: preserve empty arrays correctly. #4901
CLI
- ๐ Fixed an issue when running
kong restart
and Kong was not running, causing stdout/stderr logging to turn off. #4772
Admin API
- ๐ง Ensure PUT works correctly when applied to plugin configurations. #4882
PDK
- โ :warning: The required OpenResty version has been bumped to
1.15.8.1. If you are
installing Kong from one of our distribution packages, you are not affected
by this change. See #4382.
With this new version comes a number of improvements:
-
v1.3.0.rc2
August 16, 2019 -
v1.3.0.rc1 Changes
July 30, 2019Download Kong 1.3.0rc1 and test it now:
Kong 1.3.0rc1 is the first release to officially support gRPC proxying! Also included are several highly-requested features such as support for upstream mutual TLS , header-based routing , database export , and configurable upstream keepalive timeouts.
๐ We thank in advance all of the testers for this release candidate!
๐ Links:
- ๐ 1.3.0rc1 Changelog
-
v1.2.3 Changes
January 09, 2020Download Kong 1.2.3 and run it now:
๐ Links: