Kong v0.10.3 Release Notes

Release Date: 2017-05-24 // almost 7 years ago
  • ๐Ÿ”„ Changed

    • ๐Ÿ“ฆ We noticed that some distribution packages were not building OpenResty against a JITable PCRE library. This happened on Ubuntu and RHEL environments where OpenResty was built against the system's PCRE installation. We now compile OpenResty against a JITable PCRE source for those platforms, which should result in significant performance improvements in regex matching. Mashape/kong-distributions #9
    • TLS connections are now handled with a modern list of accepted ciphers, as per the Mozilla recommended TLS ciphers list. See https://wiki.mozilla.org/Security/Server_Side_TLS. This behavior is configurable via the newly introduced configuration properties described in the below "Added" section.
    • ๐Ÿ”Œ Plugins:
      • rate-limiting: Performance improvements when using the cluster policy. The number of round trips to the database has been limited to the number of configured limits. #2488

    โž• Added

    • New ssl_cipher_suite and ssl_ciphers configuration properties to configure the desired set of accepted ciphers, based on the Mozilla recommended TLS ciphers list. #2555
    • New proxy_ssl_certificate and proxy_ssl_certificate_key configuration properties. These properties configure the Nginx directives bearing the same name, to set client certificates to Kong when connecting to your upstream services. #2556
    • ๐ŸŒฒ Proxy and Admin API access and error log paths are now configurable. Access logs can be entirely disabled if desired. #2552
    • ๐Ÿ”Œ Plugins:
      • Logging plugins: The produced logs include a new tries field which contains, which includes the upstream connection successes and failures of the load-balancer. #2429
      • key-auth: Credentials can now be sent in the request body. #2493
      • cors: Origins can now be defined as regular expressions. #2482

    ๐Ÿ›  Fixed

    • APIs matching: prioritize APIs with longer uris when said APIs also define hosts and/or methods as well. Thanks @leonzz for the patch. #2523
    • SSL connections to Cassandra can now properly verify the certificate in use (when cassandra_ssl_verify is enabled). #2531
    • The DNS resolver no longer sends a A or AAAA DNS queries for SRV records. This should improve performance by avoiding unnecessary lookups. #2563 & Mashape/lua-resty-dns-client #12
    • ๐Ÿ”Œ Plugins
      • All authentication plugins don't throw an error anymore when invalid credentials are given and the anonymous user isn't configured. #2508
      • rate-limiting: Effectively use the desired Redis database when the redis policy is in use and the config.redis_database property is set. #2481
      • cors: The regression introduced in 0.10.1 regarding not sending the * wildcard when conf.origin was not specified has been fixed. #2518
      • oauth2: properly check the client application ownership of a token before refreshing it. #2461

    Back to TOC