Kong v0.10.3 Release Notes
Release Date: 2017-05-24 // almost 7 years ago-
๐ Changed
- ๐ฆ We noticed that some distribution packages were not building OpenResty against a JITable PCRE library. This happened on Ubuntu and RHEL environments where OpenResty was built against the system's PCRE installation. We now compile OpenResty against a JITable PCRE source for those platforms, which should result in significant performance improvements in regex matching. Mashape/kong-distributions #9
- TLS connections are now handled with a modern list of accepted ciphers, as per the Mozilla recommended TLS ciphers list. See https://wiki.mozilla.org/Security/Server_Side_TLS. This behavior is configurable via the newly introduced configuration properties described in the below "Added" section.
- ๐ Plugins:
- rate-limiting: Performance improvements when using the
cluster
policy. The number of round trips to the database has been limited to the number of configured limits. #2488
- rate-limiting: Performance improvements when using the
โ Added
- New
ssl_cipher_suite
andssl_ciphers
configuration properties to configure the desired set of accepted ciphers, based on the Mozilla recommended TLS ciphers list. #2555 - New
proxy_ssl_certificate
andproxy_ssl_certificate_key
configuration properties. These properties configure the Nginx directives bearing the same name, to set client certificates to Kong when connecting to your upstream services. #2556 - ๐ฒ Proxy and Admin API access and error log paths are now configurable. Access logs can be entirely disabled if desired. #2552
- ๐ Plugins:
๐ Fixed
- APIs matching: prioritize APIs with longer
uris
when said APIs also definehosts
and/ormethods
as well. Thanks @leonzz for the patch. #2523 - SSL connections to Cassandra can now properly verify the
certificate in use (when
cassandra_ssl_verify
is enabled). #2531 - The DNS resolver no longer sends a A or AAAA DNS queries for SRV records. This should improve performance by avoiding unnecessary lookups. #2563 & Mashape/lua-resty-dns-client #12
- ๐ Plugins
- All authentication plugins don't throw an error anymore when
invalid credentials are given and the
anonymous
user isn't configured. #2508 - rate-limiting: Effectively use the desired Redis database when
the
redis
policy is in use and theconfig.redis_database
property is set. #2481 - cors: The regression introduced in 0.10.1 regarding not
sending the
*
wildcard whenconf.origin
was not specified has been fixed. #2518 - oauth2: properly check the client application ownership of a token before refreshing it. #2461
- All authentication plugins don't throw an error anymore when
invalid credentials are given and the