Kong v0.10.1 Release Notes
Release Date: 2017-03-27 // almost 7 years ago-
๐ Changed
- โฌ๏ธ :warning: Serf has been downgraded to version 0.7 in our distributions,
although versions up to 0.8.1 are still supported. This fixes a problem when
automatically detecting the first non-loopback private IP address, which was
defaulted to
127.0.0.1
in Kong 0.10.0. Greater versions of Serf can still be used, but the IP address needs to be manually specified in thecluster_advertise
configuration property. - โ :warning: The CORS Plugin parameter
config.origin
is nowconfig.origins
. #2203
:red_circle: Post-release note (as of 2017/05/12): A faulty behavior has been observed with this change. Previously, the plugin would send the
*
wildcard whenconfig.origin
was not specified. With this change, the plugin does not send the*
wildcard by default anymore. You will need to specify it manually when configuring the plugin, withconfig.origins=*
. This behavior is to be fixed in a future release.:white_check_mark: Update (2017/05/24): A fix to this regression has been released as part of 0.10.3. See the section of the Changelog related to this release for more details.
- Admin API:
- Disable support for TLS/1.0. #2212
โ Added
- Admin API:
- Active targets can be pulled with
GET /upstreams/{name}/targets/active
. #2230 - Provide a convenience endpoint to disable targets at:
DELETE /upstreams/{name}/targets/{target}
. Under the hood, this creates a new target withweight = 0
(the correct way of disabling targets, which used to cause confusion). #2256
- Active targets can be pulled with
- ๐ Plugins:
- cors: Support for configuring multiple Origin domains. #2203
๐ Fixed
- ๐ Use an LRU cache for Lua-land entities caching to avoid exhausting the Lua VM memory in long-running instances. #2246
- Avoid potential deadlocks upon callback errors in the caching module for database entities. #2197
- ๐ Relax multipart MIME type parsing. A space is allowed in between values of the Content-Type header. #2215
- Admin API:
- Better handling of non-supported HTTP methods on endpoints of the Admin
API. In some cases this used to throw an internal error. Calling any
endpoint with a non-supported HTTP method now always returns
405 Method Not Allowed
as expected. #2213
- Better handling of non-supported HTTP methods on endpoints of the Admin
API. In some cases this used to throw an internal error. Calling any
endpoint with a non-supported HTTP method now always returns
- CLI:
- Better error handling when missing Serf executable. #2218
- Fix a bug in the
kong migrations
command that would prevent it to run correctly. #2238 - Trim list values specified in the configuration file. #2206
- Align the default configuration file's values to the actual, hard-coded default values to avoid confusion. #2254
- ๐ Plugins:
- hmac: Generate an HMAC secret value if none is provided. #2158
- oauth2: Don't try to remove credential values from request bodies if the MIME type is multipart, since such attempts would result in an error. #2176
- ldap: This plugin should not be applied to a single Consumer, however, this was not properly enforced. It is now impossible to apply this plugin to a single Consumer (as per all authentication plugin). #2237
- aws-lambda: Support for
us-west-2
region in schema. #2257
- โฌ๏ธ :warning: Serf has been downgraded to version 0.7 in our distributions,
although versions up to 0.8.1 are still supported. This fixes a problem when
automatically detecting the first non-loopback private IP address, which was
defaulted to