Kong v0.10.2 Release Notes
Release Date: 2017-05-01 // almost 7 years ago-
π Changed
- π The Kong DNS resolver now honors the
MAXNS
setting (3) when parsing the nameservers specified inresolv.conf
. #2290 - Kong now matches incoming requests via the
$request_uri
property, instead of$uri
, in order to better handle percent-encoded URIS. A more detailed explanation will be included in the below "Fixed" section. #2377 - π Upstream calls do not unconditionally include a trailing
/
anymore. See the below "Added" section for more details. #2315 - Admin API:
- The "active targets" endpoint now only return the most recent nonzero weight Targets, instead of all nonzero weight targets. This is to provide a better picture of the Targets currently in use by the Kong load balancer. #2310
β Added
- π :fireworks: Plugins can implement a new
rewrite
handler to execute code in the Nginx rewrite phase. This phase is executed prior to matching a registered Kong API, and prior to any authentication plugin. As such, only global plugins (neither tied to an API or Consumer) will execute this phase. #2354 - Ability for the client to chose whether the upstream request (Kong <-> upstream) should contain a trailing slash in its URI. Prior to this change, Kong 0.10 would unconditionally append a trailing slash to all upstream requests. The added functionality is described in #2211, and was implemented in #2315.
- π§ Ability to hide Kong-specific response headers. Two new configuration fields:
server_tokens
andlatency_tokens
will respectively toggle whether theServer
andX-Kong-*-Latency
headers should be sent to downstream clients. #2259 - New
cassandra_schema_consensus_timeout
configuration property, to allow for Kong to wait for the schema consensus of your Cassandra cluster during migrations. #2326 - Serf commands executed by a running Kong node are now logged in the Nginx
error logs with a
DEBUG
level. #2410 - Ensure the required shared dictionaries are defined in the Nginx configuration. This will prevent custom Nginx templates from potentially resulting in a breaking upgrade for users. #2466
- Admin API:
- Target Objects can now be deleted with their ID as well as their name. The
endpoint becomes:
/upstreams/:name_or_id/targets/:target_or_id
. #2304
- Target Objects can now be deleted with their ID as well as their name. The
endpoint becomes:
- π Plugins:
- :fireworks: New Request termination plugin. This plugin allows to temporarily disable an API and return a pre-configured response status and body to your client. Useful for use-cases such as maintenance mode for your upstream services. Thanks to @pauldaustin for the contribution. #2051
- Logging plugins: The produced logs include two new fields: a
consumer
field, which contains the properties of the authenticated Consumer (id
,custom_id
, andusername
), if any, and atries
field, which includes the upstream connection successes and failures of the load- balancer. #2367 #2429 - http-log: Now set an upstream HTTP basic access authentication header if
the configured
conf.http_endpoint
parameter includes an authentication section. Thanks @amir for the contribution. #2432 - file-log: New
config.reopen
property to close and reopen the log file on every request, in order to effectively rotate the logs. #2348 - jwt: Returns
401 Unauthorized
on invalid claims instead of the previous403 Forbidden
status. #2433 - key-auth: Allow setting API key header names with an underscore. #2370
- cors: When
config.credentials = true
, we do not send an ACAO header with value*
. The ACAO header value will be that of the request'sOrigin:
header. #2451
π Fixed
- Upstream connections over TLS now set their Client Hello SNI field. The SNI
value is taken from the upstream
Host
header value, and thus also depends on thepreserve_host
setting of your API. Thanks @konrade for the original patch. #2225 - Correctly match APIs with percent-encoded URIs in their
uris
property. Generally, this change also avoids normalizing (and thus, potentially altering) the request URI when trying to match an API'suris
value. Instead of relying on the Nginx$uri
variable, we now use$request_uri
. #2377 - π Handle a routing edge-case under some conditions with the
uris
matching rule of APIs that would falsely lead Kong into believing no API was matched for what would actually be a valid request. #2343 - π§ If no API was configured with a
hosts
matching rule, then thepreserve_host
flag would never be honored. #2344 - The
X-Forwarded-For
header sent to your upstream services by Kong is not set from the Nginx$proxy_add_x_forwarded_for
variable anymore. Instead, Kong uses the$realip_remote_addr
variable to append the real IP address of a client, instead of$remote_addr
, which can come from a previous proxy hop. #2236 - CNAME records are now properly being cached by the DNS resolver. This results in a performance improvement over previous 0.10 versions. #2303
- When using Cassandra, some migrations would not be performed on the same coordinator as the one originally chosen. The same migrations would also require a response from other replicas in a cluster, but were not waiting Β for a schema consensus beforehand, causing indeterministic failures in the migrations, especially if the cluster's inter-nodes communication is slow. #2326
- π§ The
cassandra_timeout
configuration property is now correctly taken into consideration by Kong. #2326 - π§ Correctly trigger plugins configured on the anonymous Consumer for anonymous
requests (from auth plugins with the new
config.anonymous
parameter). #2424 - π§ When multiple auth plugins were configured with the recent
config.anonymous
parameter for "OR" authentication, such plugins would override each other's results and response headers, causing false negatives. #2222 - Ensure the
cassandra_contact_points
property does not contain any port information. Those should be specified incassandra_port
. Thanks @Vermeille for the contribution. #2263 - Prevent an upstream or legitimate internal error in the load balancing code from throwing a Lua-land error as well. #2327
- π Allow backwards compatibility with custom Nginx configurations that still
define the
resolver ${{DNS_RESOLVER}}
directive. Vales from the Kongdns_resolver
property will be flattened to a string and appended to the directive. #2386 - π Plugins:
- hmac: Better handling of invalid base64-encoded signatures. Previously Kong would return an HTTP 500 error. We now properly return HTTP 403 Forbidden. #2283
- Admin API:
- Detect conflicts between SNI Objects in the
/snis
and/certificates
endpoint. #2285 - The
/certificates
route used to not return thetotal
anddata
JSON fields. We now send those fields back instead of a root list of certificate objects. #2463 - Endpoints with path parameters like
/xxx_or_id
will now also yield the proper result if thexxx
field is formatted as a UUID. Most notably, this fixes a problem for Consumers whoseusername
is a UUID, that could not be found when requesting/consumers/{username_as_uuid}
. #2420 - The "active targets" endpoint does not require a trailing slash anymore. #2307
- Upstream Objects can now be deleted properly when using Cassandra. #2404
- Detect conflicts between SNI Objects in the
- π The Kong DNS resolver now honors the