Β« Changelog History


Kong v0.10.2 Release Notes

Release Date: 2017-05-01 // almost 7 years ago

  • πŸ”„ Changed

    • πŸ“œ The Kong DNS resolver now honors the MAXNS setting (3) when parsing the nameservers specified in resolv.conf. #2290
    • Kong now matches incoming requests via the $request_uri property, instead of $uri, in order to better handle percent-encoded URIS. A more detailed explanation will be included in the below "Fixed" section. #2377
    • πŸ‘€ Upstream calls do not unconditionally include a trailing / anymore. See the below "Added" section for more details. #2315
    • Admin API:
      • The "active targets" endpoint now only return the most recent nonzero weight Targets, instead of all nonzero weight targets. This is to provide a better picture of the Targets currently in use by the Kong load balancer. #2310

    βž• Added

    • πŸ”Œ :fireworks: Plugins can implement a new rewrite handler to execute code in the Nginx rewrite phase. This phase is executed prior to matching a registered Kong API, and prior to any authentication plugin. As such, only global plugins (neither tied to an API or Consumer) will execute this phase. #2354
    • Ability for the client to chose whether the upstream request (Kong <-> upstream) should contain a trailing slash in its URI. Prior to this change, Kong 0.10 would unconditionally append a trailing slash to all upstream requests. The added functionality is described in #2211, and was implemented in #2315.
    • πŸ”§ Ability to hide Kong-specific response headers. Two new configuration fields: server_tokens and latency_tokens will respectively toggle whether the Server and X-Kong-*-Latency headers should be sent to downstream clients. #2259
    • New cassandra_schema_consensus_timeout configuration property, to allow for Kong to wait for the schema consensus of your Cassandra cluster during migrations. #2326
    • Serf commands executed by a running Kong node are now logged in the Nginx error logs with a DEBUG level. #2410
    • Ensure the required shared dictionaries are defined in the Nginx configuration. This will prevent custom Nginx templates from potentially resulting in a breaking upgrade for users. #2466
    • Admin API:
      • Target Objects can now be deleted with their ID as well as their name. The endpoint becomes: /upstreams/:name_or_id/targets/:target_or_id. #2304
    • πŸ”Œ Plugins:
      • :fireworks: New Request termination plugin. This plugin allows to temporarily disable an API and return a pre-configured response status and body to your client. Useful for use-cases such as maintenance mode for your upstream services. Thanks to @pauldaustin for the contribution. #2051
      • Logging plugins: The produced logs include two new fields: a consumer field, which contains the properties of the authenticated Consumer (id, custom_id, and username), if any, and a tries field, which includes the upstream connection successes and failures of the load- balancer. #2367 #2429
      • http-log: Now set an upstream HTTP basic access authentication header if the configured conf.http_endpoint parameter includes an authentication section. Thanks @amir for the contribution. #2432
      • file-log: New config.reopen property to close and reopen the log file on every request, in order to effectively rotate the logs. #2348
      • jwt: Returns 401 Unauthorized on invalid claims instead of the previous 403 Forbidden status. #2433
      • key-auth: Allow setting API key header names with an underscore. #2370
      • cors: When config.credentials = true, we do not send an ACAO header with value *. The ACAO header value will be that of the request's Origin: header. #2451

    πŸ›  Fixed

    • Upstream connections over TLS now set their Client Hello SNI field. The SNI value is taken from the upstream Host header value, and thus also depends on the preserve_host setting of your API. Thanks @konrade for the original patch. #2225
    • Correctly match APIs with percent-encoded URIs in their uris property. Generally, this change also avoids normalizing (and thus, potentially altering) the request URI when trying to match an API's uris value. Instead of relying on the Nginx $uri variable, we now use $request_uri. #2377
    • πŸ– Handle a routing edge-case under some conditions with the uris matching rule of APIs that would falsely lead Kong into believing no API was matched for what would actually be a valid request. #2343
    • πŸ”§ If no API was configured with a hosts matching rule, then the preserve_host flag would never be honored. #2344
    • The X-Forwarded-For header sent to your upstream services by Kong is not set from the Nginx $proxy_add_x_forwarded_for variable anymore. Instead, Kong uses the $realip_remote_addr variable to append the real IP address of a client, instead of $remote_addr, which can come from a previous proxy hop. #2236
    • CNAME records are now properly being cached by the DNS resolver. This results in a performance improvement over previous 0.10 versions. #2303
    • When using Cassandra, some migrations would not be performed on the same coordinator as the one originally chosen. The same migrations would also require a response from other replicas in a cluster, but were not waiting Β for a schema consensus beforehand, causing indeterministic failures in the migrations, especially if the cluster's inter-nodes communication is slow. #2326
    • πŸ”§ The cassandra_timeout configuration property is now correctly taken into consideration by Kong. #2326
    • πŸ”§ Correctly trigger plugins configured on the anonymous Consumer for anonymous requests (from auth plugins with the new config.anonymous parameter). #2424
    • πŸ”§ When multiple auth plugins were configured with the recent config.anonymous parameter for "OR" authentication, such plugins would override each other's results and response headers, causing false negatives. #2222
    • Ensure the cassandra_contact_points property does not contain any port information. Those should be specified in cassandra_port. Thanks @Vermeille for the contribution. #2263
    • Prevent an upstream or legitimate internal error in the load balancing code from throwing a Lua-land error as well. #2327
    • πŸ‘ Allow backwards compatibility with custom Nginx configurations that still define the resolver ${{DNS_RESOLVER}} directive. Vales from the Kong dns_resolver property will be flattened to a string and appended to the directive. #2386
    • πŸ”Œ Plugins:
      • hmac: Better handling of invalid base64-encoded signatures. Previously Kong would return an HTTP 500 error. We now properly return HTTP 403 Forbidden. #2283
    • Admin API:
      • Detect conflicts between SNI Objects in the /snis and /certificates endpoint. #2285
      • The /certificates route used to not return the total and data JSON fields. We now send those fields back instead of a root list of certificate objects. #2463
      • Endpoints with path parameters like /xxx_or_id will now also yield the proper result if the xxx field is formatted as a UUID. Most notably, this fixes a problem for Consumers whose username is a UUID, that could not be found when requesting /consumers/{username_as_uuid}. #2420
      • The "active targets" endpoint does not require a trailing slash anymore. #2307
      • Upstream Objects can now be deleted properly when using Cassandra. #2404

    Back to TOC