Kong v2.8.0 Release Notes
-
🗄 Deprecations
- 🔌 The external go-pluginserver project 🗄 is considered deprecated in favor of the embedded server approach described in 🔌 the docs.
Dependencies
- OpenSSL bumped to 1.1.1m #8191
- ⬆️ Bumped resty.session from 3.8 to 3.10 #8294
- ⬆️ Bumped lua-resty-openssl to 0.8.5 #8368
➕ Additions
Core
- Customizable transparent dynamic TLS SNI name. Thanks, @zhangshuaiNB! #8196
- 👍 Routes now support matching headers with regular expressions Thanks, @vanhtuan0409! #6079
Beta
- 👍 Secrets Management and Vault support as been introduced as a Beta feature. This means it is intended for testing in staging environments. It not intended for use in Production environments. You can read more about Secrets Management in our docs page. #8403
🐎 Performance
- 👌 Improved the calculation of declarative configuration hash for big configurations The new method is faster and uses less memory #8204
- Multiple improvements in the Router. Amongst others:
- Prometheus plugin export performance is improved, it now has less impact to proxy side traffic when being scrapped. #9028
🔌 Plugins
- Response-ratelimiting: Redis ACL support, and genenarized Redis connection support for usernames. Thanks, @27ascii for the original contribution! #8213
- ACME: Add rsa_key_size config option Thanks, lodrantl! #8114
- Prometheus: Added gauges to track
ngx.timer.running_count()
andngx.timer.pending_count()
#8387
Clustering
CLUSTERING_MAX_PAYLOAD
is now configurable in kong.conf Thanks, @andrewgkew! #8337
Admin API
- 🔧 The current declarative configuration hash is now returned by the
status
endpoint when Kong node is running in dbless or data-plane mode. #8214 #8425
🛠 Fixes
Core
- When the Router encounters an SNI FQDN with a trailing dot (
.
), the dot will be ignored, since according to RFC-3546 said dot is not part of the hostname. #8269 - 🛠 Fixed a bug in the Router that would not prioritize the routes with
both a wildcard and a port (
route.*:80
) over wildcard-only routes (route.*
), which have less specificity #8233 - The internal DNS client isn't confused by the single-dot (
.
) domain which can appear in/etc/resolv.conf
in special cases likesearch .
#8307 - Cassandra connector now records migration consistency level. Thanks, @mpenick! #8226
Balancer
- ⚡️ Targets keep their health status when upstreams are updated. #8394
- 🌲 One debug message which was erroneously using the
error
log level has been downgraded to the appropiatedebug
log level. #8410
Clustering
- Replaced cryptic error message with more useful one when there is a failure on SSL when connecting with CP: #8260
Admin API
- 🛠 Fix incorrect
next
field in when paginating Upstreams #8249
PDK
- Phase names are correctly selected when performing phase checks #8208
- 🛠 Fixed a bug in the go-PDK where if
kong.request.getrawbody
was big enough to be buffered into a temporary file, it would return an an empty string. #8390
🔌 Plugins
- 🔌 External Plugins: Fixed incorrect handling of the Headers Protobuf Structure and representation of null values, which provoked an error on init with the go-pdk. #8267
- 🔌 External Plugins: Unwrap
ConsumerSpec
andAuthenticateArgs
. Thanks, @raptium! #8280 - 🔌 External Plugins: Fixed a problem in the stream subsystem would attempt to load HTTP headers. #8414
- CORS: The CORS plugin does not send the
Vary: Origin
header any more when the headerAccess-Control-Allow-Origin
is set to*
. Thanks, @jkla-dr! #8401 - AWS-Lambda: Fixed incorrect behavior when configured to use an http proxy
and deprecated the
proxy_scheme
config attribute for removal in 3.0 #8406 - oauth2: The plugin clears the
X-Authenticated-UserId
andX-Authenticated-Scope
headers when it configured in logical OR and is used in conjunction with another authentication plugin. #8422 - Datadog: The plugin schema now lists the default values for configuration options in a single place instead of in two separate places. #8315