Changelog History
Page 7
-
v1.0.1 Changes
๐ > Released on: 2019/01/16
๐ This is a patch release in the 1.0 series. Being a patch release, it strictly ๐ contains performance improvements and bugfixes. The are no new features or ๐ฅ breaking changes.
:red_circle: Post-release note (as of 2019/01/17): A regression has been observed with this version, preventing Kong from starting when connecting to its datastore over TLS. Installing this version is discouraged; consider โฌ๏ธ upgrading to 1.0.2.
๐ Changes
Core
- :rocket: Assorted changes for warmup time improvements over Kong 1.0.0 #4138, #4164, #4178, #4179, #4182
๐ Fixes
๐ง Configuration
- Ensure
lua_ssl_verify_depth
works even whenlua_ssl_trusted_certificate
is not set #4165. Thanks @rainest for the patch. - Ensure Kong starts when only a
stream
listener is enabled #4195 - Ensure Postgres works with non-
public
schemas #4198
Core
- ๐ Fix an artifact in upstream migrations where
created_at
timestamps would occasionally display fractional values #4183, #4204 - ๐ Fixed issue with HTTP/2 support advertisement #4203
Admin API
- ๐ Fixed handling of invalid targets in
/upstreams
endpoints for health checks #4132, #4205 - ๐ Fixed the
/plugins/schema/:name
endpoint, as it was failing in some cases (e.g. thedatadog
plugin) and producing incorrect results in others (e.g.request-transformer
). #4136, #4137 #4151, #4162
๐ Plugins
-
v1.0.0 Changes
๐ > Released on: 2018/12/18
This is a major release, introducing new features such as Service Mesh and Stream Routing support, as well as a New Migrations framework. It also ๐ includes version 1.0.0 of the Plugin Development Kit. It contains a large ๐ number of other features and fixes, listed below. Also, all plugins included โก๏ธ with Kong 1.0 are updated to use version 1.0 of the PDK.
โฌ๏ธ As usual, major version upgrades require database migrations and changes to the ๐ง Nginx configuration file (if you customized the default template). Please take โฌ๏ธ a few minutes to read the 1.0 Upgrade โฌ๏ธ Path for more details โฌ๏ธ regarding breaking changes and migrations before planning to upgrade your Kong cluster.
๐ Being a major version, all entities and concepts that were marked as deprecated ๐ in Kong 0.x are now removed in Kong 1.0. The deprecated features are retained in Kong 0.15, the final entry in the Kong 0.x series, which is being ๐ released simultaneously to Kong 1.0.
๐ Changes
Kong 1.0 includes all breaking changes from 0.15, as well as the removal ๐ of deprecated concepts.
Dependencies
- The required OpenResty version is still 1.13.6.2, but for a full feature set including stream routing and Service Mesh abilities with mutual TLS, Kong's openresty-patches must be applied (those patches are already bundled with our official distribution packages). Kong in HTTP(S) Gateway scenarios does not require these patches.
- Service Mesh abilities require at least OpenSSL version 1.1.1. In our official distribution packages, OpenSSL has been bumped to 1.1.1. #4005
๐ง Configuration
- ๐ :warning: The
custom_plugins
directive is removed (deprecated since 0.14.0, July 2018). Useplugins
instead. - ๐ง Modifications must be applied to the Nginx configuration. You are not affected by this change if you do not use a custom Nginx template. See the 1.0 Upgrade Path for a diff of changes to apply.
- The default value for
cassandra_lb_policy
changed fromRoundRobin
toRequestRoundRobin
. This helps reducing the amount of new connections being opened during a request when using the Cassandra strategy. #4004
Core
- :warning: The API entity and related concepts such as the
/apis
endpoint, are removed (deprecated since 0.13.0, March 2018). Use Routes and Services instead. - :warning: The old DAO implementation is removed, along with the
old schema validation library (
apis
was the last entity using it). Use the new schema format instead in custom plugins. To ease the transition of plugins, the plugin loader in 1.0 includes a best-effort schema auto-translator, which should be sufficient for many plugins. - Timestamps now bear millisecond precision in their decimal part. #3660
- The PDK function
kong.request.get_body
will now returnnil, err, mime
when the body is valid JSON but neither an object nor an array. #4063
CLI
- โ :warning: The new migrations framework (detailed below) has a different usage (and subcommands) compared to its predecessor. #3802
Admin API
- ๐ :warning: In the 0.14.x release, Upstreams, Targets, and Plugins were still
implemented using the old DAO and Admin API. In 0.15.0 and 1.0.0, all core
entities use the new
kong.db
DAO, and their endpoints have been upgraded to the new Admin API (see below for details). #3689 #3739 #3778
A summary of the changes introduced in the new Admin API:
- Pagination has been included in all "multi-record" endpoints, and pagination control fields are different than in 0.14.x.
- ๐ Filtering now happens via URL path changes (
/consumers/x/plugins
) instead of querystring fields (/plugins?consumer_id=x
). - Array values can't be coerced from comma-separated strings anymore. They must now be "proper" JSON values on JSON requests, or use a new syntax on form-url-encoded or multipart requests.
- Error messages have been been reworked from the ground up to be more consistent, precise and informative.
- The
PUT
method has been reimplemented with idempotent behavior and has been added to some entities that didn't have it.
๐ For more details about the new Admin API, please visit the official docs: ๐ https://docs.konghq.com/
๐ Plugins
- ๐ :warning: The
galileo
plugin has been removed (deprecated since 0.13.0). #3960 - โ :warning: Some internal modules that were occasionally used by plugin authors
before the introduction of the Plugin Development Kit (PDK) in 0.14.0 are now
removed:
- The
kong.tools.ip
module was removed. Usekong.ip
from the PDK instead. - The
kong.tools.public
module was removed. Use the various equivalent features from the PDK instead. - The
kong.tools.responses
module was removed. Please usekong.response.exit
from the PDK instead. You might want to usekong.log.err
to log internal server errors as well. - The
kong.api.crud_helpers
module was removed (deprecated since the introduction of the new DAO in 0.13.0). Usekong.api.endpoints
instead if you need to customize the auto-generated endpoints.
- The
- โก๏ธ All bundled plugins' schemas and custom entities have been updated to the new
kong.db
module, and their APIs have been updated to the new Admin API, which is described in the above section. #3766 #3774 #3778 #3839 - โ :warning: All plugins migrations have been converted to the new migration framework. Custom plugins must use the new migration framework from 0.15 onwards.
โ Additions
:fireworks: Service Mesh and Stream Routes
๐ Kong's Service Mesh support resulted in a number of additions to Kong's ๐ง configuration, Admin API, and plugins that deserve their own section in this changelog.
- ๐ Support for TCP & TLS Stream Routes via the new
stream_listen
config option. #4009 - A new
origins
config property allows overriding hosts from Kong. #3679 - A
transparent
suffix added to stream listeners allows for setting up a dynamic Service Mesh withiptables
. #3884 - Kong instances can now create a shared internal Certificate Authority, which is used for Service Mesh TLS traffic. #3906 #3861
- ๐ Plugins get a new
run_on
field to control how they behave in a Service Mesh environment. #3930 #4066 - There is a new phase called
preread
. This is where stream traffic routing is done.
๐ง Configuration
- A new
dns_valid_ttl
property can be set to forcefully override the TTL value of all resolved DNS records. #3730 - ๐ง A new
pg_timeout
property can be set to configure the timeout of PostgreSQL connections. #3808 upstream_keepalive
can now be disabled when set to 0. Thanks @pryorda for the patch. #3716- The new
transparent
suffix also applies to theproxy_listen
directive.
CLI
- ๐ :fireworks: New migrations framework. This new implementation supports no-downtime, Blue/Green migrations paths that will help sustain Kong 1.0's stability. It brings a considerable number of other improvements, such as new commands, better support for automation, improved CLI logging, and many more. Additionally, this new framework alleviates the old limitation around multiple nodes running concurrent migrations. See the related PR for a complete list of improvements. #3802
Core
- ๐ :fireworks: Support for TLS 1.3. The support for OpenSSL 1.1.1 (bumped in our official distribution packages) not only enabled Service Mesh features, but also unlocks support for the latest version of the TLS protocol.
- ๐ :fireworks: Support for HTTPS in active healthchecks. #3815
- :fireworks: Improved router rebuilds resiliency by reducing database accesses in high concurrency scenarios. #3782
- ๐ :fireworks: Significant performance improvements in the core's plugins runloop. #3794
- PDK improvements:
- New
kong.node
module. #3826 - New functions
kong.response.get_path_with_query()
andkong.request.get_start_time()
. #3842 - Getters and setters for Service, Route, Consumer, and Credential. #3916
kong.response.get_source()
returnserror
on nginx-produced errors. #4006kong.response.exit()
can be used in theheader_filter
phase, but only without a body. #4039
- New
- Schema improvements:
- New field validators:
distinct
,ne
,is_regex
,contains
,gt
. - Adding a new field which has a default value to a schema no longer requires a migration. #3756
- New field validators:
Admin API
- :fireworks: Routes now have a
name
field (like Services). #3764 - ๐ Multipart parsing support. #3776
- Admin API errors expose the name of the current strategy. #3612
๐ Plugins
- ๐ :fireworks: aws-lambda: Support for Lambda Proxy Integration with the new
is_proxy_integration
property. Thanks @aloisbarreras for the patch! #3427. - ๐ง http-log: Support for buffering logging messages in a configurable logging queue. #3604
- ๐ Most plugins' logic has been rewritten with the PDK instead of using internal Kong functions or ngx_lua APIs.
๐ Fixes
Core
- ๐ Fix an issue which would insert an extra
/
in the upstream URL when the request path was longer than the configured Route'spath
attribute. #3780 - ๐ Ensure better backwards-compatibility between the new DAO and existing core runloop code regarding null values. #3772 #3710
- ๐ Ensure support for Datastax Enterprise 6.x. Thanks @gchristidis for the patch! #3873
- Various issues with the PostgreSQL DAO strategy were addressed.
- Various issues related to the new schema library bundled with the new DAO were addressed.
- PDK improvements:
kong.request.get_path()
and other functions now properly handle cases when$request_uri
is nil. #3842
Admin API
- ๐ง Ensure the
/certificates
endpoints properly returns all SNIs configured on a given certificate. #3722 - Ensure the
upstreams/:upstream/targets/...
endpoints returns an empty JSON array ([]
) instead of an empty object ({}
) when no targets exist. #4058 - ๐ Improved inferring of arguments with
application/x-www-form-urlencoded
. #3770 - ๐ Fix the handling of defaults values in some cases when using
PATCH
. #3910
๐ Plugins
- cors:
- Ensure
Vary: Origin
is set whenconfig.credentials
is enabled. Thanks @marckhouzam for the patch! #3765 - Return HTTP 200 instead of 204 for preflight requests. Thanks @aslafy-z for the patch! #4029
- Ensure request origins specified as flat strings are safely validated. #3872
- Ensure
- ๐ acl: Minor performance improvements by ensuring proper caching of computed values. #4040
- correlation-id: Prevent an error to be thrown when the access phase was skipped, such as on nginx-produced errors. #4006
- aws-lambda: When the client uses HTTP/2, strip response headers that are disallowed by the protocols. #4032
- rate-limiting & response-ratelimiting: Improve efficiency by avoiding
unnecessary Redis
SELECT
operations. #3973
-
v0.15.0 Changes
๐ > Released on: 2018/12/18
๐ This is the last release in the 0.x series, giving users one last chance to โฌ๏ธ upgrade while still using some of the options and concepts that were marked as ๐ deprecated in Kong 0.x and were removed in Kong 1.0.
๐ For a list of additions and fixes in Kong 0.15, see the 1.0.0 ๐ changelog. This release includes all new features included in 1.0 (Service Mesh, Stream Routes and New Migrations), but unlike Kong 1.0, it retains a lot of the deprecated functionality, like the API entity, around. Still, Kong 0.15 does have a number of breaking changes related to functionality that has ๐ changed since version 0.14 (see below).
If you are starting with Kong, we recommend you to use 1.0.0 instead of this ๐ release.
๐ If you are already using Kong 0.14, our recommendation is to plan to move to โฌ๏ธ 1.0 -- see the 1.0 Upgrade โฌ๏ธ Path document for โฌ๏ธ details. Upgrading to 0.15.0 is only recommended if you can't do away with the ๐ deprecated features but you need some fixes or new features right now.
๐ Changes
Dependencies
- The required OpenResty version is still 1.13.6.2, but for a full feature set including stream routing and Service Mesh abilities with mutual TLS, Kong's openresty-patches must be applied (those patches are already bundled with our official distribution packages). Kong in HTTP(S) Gateway scenarios does not require these patches.
- Service Mesh abilities require at least OpenSSL version 1.1.1. In our official distribution packages, OpenSSL has been bumped to 1.1.1. #4005
๐ง Configuration
- The default value for
cassandra_lb_policy
changed fromRoundRobin
toRequestRoundRobin
. This helps reducing the amount of new connections being opened during a request when using the Cassandra strategy. #4004
Core
- Timestamps now bear millisecond precision in their decimal part. #3660
- The PDK function
kong.request.get_body
will now returnnil, err, mime
when the body is valid JSON but neither an object nor an array. #4063
CLI
- โ :warning: The new migrations framework (detailed in the 1.0.0 changelog) has a different usage (and subcommands) compared to its predecessor. #3802
Admin API
- ๐ :warning: In the 0.14.x release, Upstreams, Targets, and Plugins were still
implemented using the old DAO and Admin API. In 0.15.0 and 1.0.0, all core
entities use the new
kong.db
DAO, and their endpoints have been upgraded to the new Admin API (see below for details). #3689 #3739 #3778
A summary of the changes introduced in the new Admin API:
- Pagination has been included in all "multi-record" endpoints, and pagination control fields are different than in 0.14.x.
- ๐ Filtering now happens via URL path changes (
/consumers/x/plugins
) instead of querystring fields (/plugins?consumer_id=x
). - Array values can't be coherced from comma-separated strings. They must be "proper" JSON values on JSON requests, or use a new syntax on form-url-encoded or multipart requests.
- Error messages have been been reworked from the ground up to be more consistent, precise and informative.
- The
PUT
method has been reimplemented with idempotent behavior and has been added to some entities that didn't have it.
๐ For more details about the new Admin API, please visit the official docs: ๐ https://docs.konghq.com/
๐ Plugins
- โก๏ธ All bundled plugins' schemas and custom entities have been updated to the new
kong.db
module, and their APIs have been updated to the new Admin API, which is described in the above section. #3766 #3774 #3778 #3839 - โ :warning: All plugins migrations have been converted to the new migration framework. Custom plugins must use the new migration framework from 0.15 onwards.
โ Additions
๐ Kong 0.15.0 contains the same additions as 1.0.0. See the 1.0.0 ๐ changelog for a complete list.
๐ Fixes
๐ Kong 0.15.0 contains the same fixes as 1.0.0. See the 1.0.0 changelog for a complete list.
-
v0.14.1 Changes
๐ > Released on: 2018/08/21
โ Additions
๐ Plugins
- ๐ jwt: Support for tokens signed with HS384 and HS512. Thanks @kepkin for the patch. #3589
- acl: Add a new
hide_groups_header
configuration option. If enabled, this option prevents the plugin from injecting theX-Consumer-Groups
header into the upstream request. Thanks @jeremyjpj0916 for the patch! #3703
๐ Fixes
Core
- ๐ Prevent some plugins from breaking in subtle ways when manipulating some
entities and their attributes. An example of such breaking behavior could be
observed when Kong was wrongly injecting
X-Consumer-Username: userdata: NULL
in upstream requests headers, instead of not injecting this header at all. #3714 - ๐ Fix an issue which, in some cases, prevented the use of Kong with Cassandra
in environments where DNS load-balancing is in effect for contact points
provided as hostnames (e.g. Kubernetes with
cassandra_contact_points = cassandra
). #3693 - ๐ Fix an issue which prevented the use of UNIX domain sockets in some logging plugins, and custom plugins making use of such sockets. Thanks @rucciva for the patch. #3633
- ๐ท Avoid logging false-negative error messages related to worker events. #3692
CLI
- ๐ Database connectivity errors are properly prefixed with the database name
again (e.g.
[postgres]
). #3648
๐ Plugins
- zipkin
- Allow usage of the plugin with the deprecated "API" entity, and introduce
a new
kong.api
tag. kong-plugin-zipkin/commit/4a645e9 - Properly report the
kong.credential
tag. kong-plugin-zipkin/commit/c627c36 - Ensure the plugin does not throw errors when no Route was matched. kong-plugin-zipkin#19
- Allow usage of the plugin with the deprecated "API" entity, and introduce
a new
- basic-auth: Passwords with whitespaces are not trimmed anymore. Thanks @aloisbarreras for the patch. #3650
- hmac-auth: Ensure backward compatibility for clients generating signatures without the request's querystring, as is the case for Kong versions prior to 0.14.0, which broke this behavior. Users of this plugin on previous versions of Kong can now safely upgrade to the 0.14 family. Thanks @mlehner616 for the patch! #3699
- ldap-auth
- Set the WWW-Authenticate header authentication scheme accordingly with
the
conf.header_type
property, which allows browsers to show the authentication popup automatically. Thanks @francois-maillard for the patch. #3656 - Invalid authentication attempts do not block subsequent valid attempts anymore. #3677
- Set the WWW-Authenticate header authentication scheme accordingly with
the
-
v0.14.0 Changes
July 05, 2018๐ This release introduces the first version of the Plugin Development Kit: a Lua SDK, comprised of a set of functions to ease the development of ๐ custom plugins.
โ Additionally, it contains several major improvements consolidating Kong's ๐ feature set and flexibility, such as the support for
PUT
endpoints on the ๐ Admin API for idempotent workflows, the execution of plugins during Nginx-produced errors, and the injection of Nginx directives without having ๐ง to rely on the custom Nginx configuration pattern!๐ Finally, new bundled plugins allow Kong to better integrate with Cloud Native environments, such as Zipkin and Prometheus.
โฌ๏ธ As usual, major version upgrades require database migrations and changes to the ๐ง Nginx configuration file (if you customized the default template). Please take โฌ๏ธ a few minutes to read the 0.14 Upgrade โฌ๏ธ Path for more details regarding breaking changes and migrations before planning to โฌ๏ธ upgrade your Kong cluster.
๐ฅ Breaking Changes
Dependencies
- โ :warning: The required OpenResty version has been bumped to 1.13.6.2. If you are installing Kong from one of our distribution packages, you are not affected by this change. #3498
- ๐ :warning: Support for PostgreSQL 9.4 (deprecated in 0.12.0) is now dropped. #3490
- ๐ :warning: Support for Cassandra 2.1 (deprecated in 0.12.0) is now dropped. #3490
๐ง Configuration
- ๐ค :warning: The
server_tokens
andlatency_tokens
configuration properties have been removed. Instead, a newheaders
configuration properties replaces them and allows for more granular settings of injected headers (e.g.Server
,Via
,X-Kong-*-Latency
, etc...). #3300 - :warning: New required
lua_shared_dict
entries must be added to the Nginx configuration. You are not affected by this change if you do not use a custom Nginx template. #3557 - โ :warning: Other important modifications must be applied to the Nginx configuration. You are not affected by this change if you do not use a custom Nginx template. #3533
๐ Plugins
- โ :warning: The Runscope plugin has been dropped, based on the EoL announcement made by Runscope about their Traffic Inspector product. #3495
Admin API
- ๐ :warning: The SSL Certificates and SNI entities have moved to the new DAO
implementation. As such, the
/certificates
and/snis
endpoints have received notable usability improvements, but suffer from a few breaking changes. #3386 - ๐ :warning: The Consumers entity has moved to the new DAO implementation. As
such, the
/consumers
endpoint has received notable usability improvements, but suffers from a few breaking changes. #3437
๐ Changes
๐ง Configuration
- The default value of
db_cache_ttl
is now0
(disabled). Now that our level of confidence around the new caching mechanism introduced in 0.11.0 is high enough, we consider0
(no TTL) to be an appropriate default for production environments, as it offers a smoother cache consumption behavior and reduces database pressure. #3492
Core
- :fireworks: Serve stale data from the database cache when the datastore
cannot be reached. Such stale items are "resurrected" for
db_resurrect_ttl
seconds (see configuration section). #3579 - โฌ๏ธ Reduce LRU churning in the database cache against some workloads. #3550
โ Additions
๐ง Configuration
- ๐ง :fireworks: Support for injecting Nginx directives via configuration
properties (in the
kong.conf
file or via environment variables)! This new way of customizing the Nginx configuration should render obsolete the old way of maintaining a custom Nginx template in most cases! #3530 - ๐ :fireworks: Support for selectively disabling bundled plugins. A new
plugins
configuration property is introduced, and is used to specify which plugins should be loaded by the node. Custom plugins should now be specified in this new property, and thecustom_plugins
property is deprecated. If desired, Kong administrators can specify a minimal set of plugins to load (instead of the default, bundled plugins), and improve P99 latency thanks to the resulting decrease in database traffic. #3387 - ๐ง The new
headers
configuration property allows for specifying the injection of a new header:X-Kong-Upstream-Status
. When enabled, Kong will inject this header containing the HTTP status code of the upstream response in the client response. This is particularly useful for clients to distinguish upstream statuses upon rewriting of the response by Kong. #3263 - A new
db_resurrect_ttl
configuration property can be set to customize the amount of time stale data can be resurrected for when it cannot be refreshed. Defaults to 30 seconds. #3579 - Two new Cassandra load balancing policies are available:
RequestRoundRobin
andRequestDCAwareRoundRobin
. Both policies guarantee that the same peer will be reused across several queries during the lifetime of a request, thus guaranteeing no new connection will be opened against a peer during this request. #3545
Core
- ๐ :fireworks: Execute plugins on Nginx-produced errors. Now, when Nginx
produces a 4xx error (upon invalid requests) or 5xx (upon failure from the
load balancer to connect to a Service), Kong will execute the response phases
of its plugins (
header_filter
,body_filter
,log
). As such, Kong logging plugins are not blind to such Nginx-produced errors anymore, and will start properly reporting them. Plugins should be built defensively against cases where theirrewrite
oraccess
phases were not executed. #3533 - ๐ :fireworks: Support for cookie-based load balancing! #3472
๐ Plugins
- ๐ :fireworks: Introduction of the Plugin Development Kit! A set of Lua functions and variables that will greatly ease and speed up the task of developing custom plugins. The Plugin Development Kit (PDK) allows the retrieval and manipulation of the request and response objects, as well as interacting with various core components (e.g. logging, load balancing, DAO, etc...) without having to rely on OpenResty functions, and with the guarantee of their forward-compatibility with future versions of Kong. #3556
- ๐ :fireworks: New bundled plugin: Zipkin! This plugin allows Kong to sample traces and report them to a running Zipkin instance. (See: https://github.com/Kong/kong-plugin-zipkin) #3434
- ๐ :fireworks: New bundled plugin: Prometheus! This plugin allows Kong to expose metrics in the Prometheus Exposition format. Available metrics include HTTP status codes, latencies histogram, bandwidth, and more... (See: https://github.com/Kong/kong-plugin-prometheus) #3547
- ๐ :fireworks: New bundled plugin: Azure Functions! This plugin can be used to invoke Microsoft Azure Functions, similarly to the already existing AWS Lambda and OpenWhisk plugins. (See: https://github.com/Kong/kong-plugin-azure-functions) #3428
- ๐ :fireworks: New bundled plugin: Serverless Functions! Dynamically run Lua
without having to write a full-fledged plugin. Lua code snippets can be
uploaded via the Admin API and be executed during Kong's
access
phase. (See: https://github.com/Kong/kong-plugin-serverless-functions) #3551 - ๐ jwt: Support for limiting the allowed expiration period of JWT tokens. A new
config.maximum_expiration
property can be set to indicate the maximum number of seconds theexp
claim may be ahead in the future. Thanks @mvanholsteijn for the patch! #3331 - aws-lambda: Add
us-gov-west-1
to the list of allowed regions. #3529
Admin API
- ๐ :fireworks: Support for
PUT
in new endpoints (e.g./services/{id or name}
,/routes/{id}
,/consumers/{id or username}
), allowing the development of idempotent configuration workflows when scripting the Admin API. #3416 - ๐ Support for
PATCH
andDELETE
on the/services/{name}
,/consumers/{username}
, and/snis/{name}
endpoints. #3416
๐ Fixes
๐ง Configuration
- Properly support IPv6 addresses in
proxy_listen
andadmin_listen
configuration properties. #3508
Core
- IPv6 nameservers with a scope are now ignored by the DNS resolver. #3478
- 0๏ธโฃ SRV records without a port number now returns the default port instead of
0
. #3478 - Ensure DNS-based round robin load balancing starts at a randomized position to prevent all Nginx workers from starting with the same peer. #3478
- Properly report timeouts in passive health checks. Previously, connection
timeouts were counted as
tcp_failures
, and upstream timeouts were ignored. Health check users should ensure that theirtimeout
settings reflect their intended behavior. #3539 - Ensure active health check probe requests send the
Host
header. #3496 - Overall, more reliable health checks healthiness counters behavior. #3496
- Do not set
Content-Type
headers on HTTP 204 No Content responses. #3351 - Ensure the PostgreSQL connector of the new DAO (used by Services, Routes, Consumers, and SSL certs/SNIs) is now fully re-entrant and properly behaves in busy workloads (e.g. scripting requests to the Admin API). #3423
- Properly route HTTP/1.0 requests without a Host header when using the old deprecated "API" entity. #3438
- ๐ง Ensure that all Kong-produced errors respect the
headers
configuration setting (previouslyserver_tokens
) and do not include theServer
header if not configured. #3511 - Harden an existing Cassandra migration. #3532
- Prevent the load balancer from needlessly rebuilding its state when creating Targets. #3477
- ๐ Prevent some harmless error logs to be printed during startup when initialization takes more than a few seconds. #3443
๐ Plugins
- hmac: Ensure that empty request bodies do not pass validation if there is no digest header. Thanks @mvanholsteijn for the patch! #3347
- ๐ response-transformer: Prevent the plugin from throwing an error when its
access
handler did not get a chance to run (e.g. on short-circuited, unauthorized requests). #3524 - ๐ aws-lambda: Ensure logging plugins subsequently run when this plugin terminates. #3512
- ๐ request-termination: Ensure logging plugins subsequently run when this plugin terminates. #3513
Admin API
- Requests to
/healthy
and/unhealthy
endpoints for upstream health checks now properly propagate the new state to other nodes of a Kong cluster. #3464 - Do not produce an HTTP 500 error when POST-ing to
/services
with an emptyurl
argument. #3452 - Ensure foreign keys are required when creating child entities (e.g.
service.id
when creating a Route). Previously some rows could have an emptyservice_id
field. #3548 - ๐ Better type inference in new endpoints (e.g.
/services
,/routes
,/consumers
) when usingapplication/x-www-form-urlencoded
MIME type. #3416
-
v0.13.1 Changes
April 23, 2018๐ This release contains numerous bug fixes and a few convenience features. Notably, a best-effort/backwards-compatible approach is followed to resolve
no memory
errors caused by the fragmentation of shared memory between the ๐ core and plugins.โ Added
Core
- Cache misses are now stored in a separate shared memory zone from hits if
such a zone is defined. This reduces cache turnover and can increase the
cache hit ratio quite considerably.
Users with a custom Nginx template are advised to define such a zone to
benefit from this behavior:
lua_shared_dict kong_db_cache_miss 12m;
. - We now ensure that the Cassandra or PostgreSQL instance Kong is connecting to falls within the supported version range. Deprecated versions result in warning logs. As a reminder, Kong 0.13.x supports Cassandra 2.2+, and PostgreSQL 9.5+. Cassandra 2.1 and PostgreSQL 9.4 are supported, but deprecated. #3310
- HTTP 494 errors thrown by Nginx are now caught by Kong and produce a native, Kong-friendly response. Thanks @ti-mo for the contribution! #3112
CLI
- Report errors when compiling custom Nginx templates. #3294
Admin API
- Friendlier behavior of Routes schema validation: PATCH requests can be made
without specifying all three of
methods
,hosts
, orpaths
if at least one of the three is specified in the body. #3364
๐ Plugins
- ๐ jwt: Support for identity providers using JWKS by ensuring the
config.key_claim_name
values is looked for in the token header. Thanks @brycehemme for the contribution! #3313 - basic-auth: Allow specifying empty passwords. Thanks @zhouzhuojie and @perryao for the contributions! #3243
๐ Fixed
Core
- Numerous users have reported
no memory
errors which were caused by circumstantial memory fragmentation. Such errors, while still possible if plugin authors are not careful, should now mostly be addressed. #3311
If you are using a custom Nginx template, be sure to define the following shared memory zones to benefit from these fixes:
lua_shared_dict kong_db_cache_miss 12m; lua_shared_dict kong_rate_limiting_counters 12m;
CLI
- Redirect Nginx's stdout and stderr output to
kong start
whennginx_daemon
is enabled (such as when using the Kong Docker image). This also prevents growing log files when Nginx redirects logs to/dev/stdout
and/dev/stderr
butnginx_daemon
is disabled. #3297
Admin API
- Set a Service's
port
to443
when theurl
convenience parameter uses thehttps://
scheme. #3358 - Ensure PATCH requests do not return an error when un-setting foreign key
fields with JSON
null
. #3355 - ๐ Ensure the
/plugin/schema/:name
endpoint does not corrupt plugins' schemas. #3348 - ๐ Properly URL-decode path segments of plugins endpoints accepting spaces
(e.g.
/consumers/<consumer>/basic-auth/John%20Doe/
). #3250 - Properly serialize boolean filtering values when using Cassandra. #3362
๐ Plugins
- rate-limiting/response-rate-limiting:
- If defined in the Nginx configuration, will use a dedicated
lua_shared_dict
instead of using thekong_cache
shared memory zone. This prevents memory fragmentation issues resulting inno memory
errors observed by numerous users. Users with a custom Nginx template are advised to define such a zone to benefit from this fix:lua_shared_dict kong_rate_limiting_counters 12m;
. #3311 - When using the Redis strategy, ensure the correct Redis database is selected. This issue could occur when several request and response rate-limiting were configured using different Redis databases. Thanks @mengskysama for the patch! #3293
- If defined in the Nginx configuration, will use a dedicated
- key-auth: Respect request MIME type when re-encoding the request body
if both
config.key_in_body
andconfig.hide_credentials
are enabled. Thanks @p0pr0ck5 for the patch! #3213 - oauth2: Return HTTP 400 on invalid
scope
type. Thanks @Gman98ish for the patch! #3206 - ๐ง ldap-auth: Ensure the plugin does not throw errors when configured as a global plugin. #3354
- hmac-auth: Verify signature against non-normalized (
$request_uri
) request line (instead of$uri
). #3339 - aws-lambda: Fix a typo in upstream headers sent to the function. We now
properly send the
X-Amz-Log-Type
header. #3398
- Cache misses are now stored in a separate shared memory zone from hits if
such a zone is defined. This reduces cache turnover and can increase the
cache hit ratio quite considerably.
Users with a custom Nginx template are advised to define such a zone to
benefit from this behavior:
-
v0.13.0 Changes
March 22, 2018๐ This release introduces two new core entities that will improve the way you configure Kong: Routes & Services. Those entities replace the "API" ๐ entity and simplify the setup of non-naive use-cases by providing better ๐ separation of concerns and allowing for plugins to be applied to specific endpoints.
โฌ๏ธ As usual, major version upgrades require database migrations and changes to ๐ง the Nginx configuration file (if you customized the default template). โฌ๏ธ Please take a few minutes to read the 0.13 Upgrade โฌ๏ธ Path for more details regarding breaking changes and migrations before planning to โฌ๏ธ upgrade your Kong cluster.
๐ฅ Breaking Changes
๐ง Configuration
- :warning: The
proxy_listen
andadmin_listen
configuration values have a new syntax. This syntax is more aligned with that of NGINX and is more powerful while also simpler. As a result, the following configuration values have been removed because superfluous:ssl
,admin_ssl
,http2
,admin_http2
,proxy_listen_ssl
, andadmin_listen_ssl
. #3147
๐ Plugins
- ๐ :warning: galileo: As part of the Galileo deprecation path, the galileo
plugin is not enabled by default anymore, although still bundled with 0.13.
Users are advised to stop using the plugin, but for the time being can keep
enabling it by adding it to the
custom_plugin
configuration value. #3233 - โ :warning: rate-limiting (Cassandra): The default migration for including Routes and Services in plugins will remove and re-create the Cassandra rate-limiting counters table. This means that users that were rate-limited because of excessive API consumption will be able to consume the API until they reach their limit again. There is no such data deletion in PostgreSQL. def201f
๐ Changes
Dependencies
- ๐ณ Note to Docker users: The
latest
tag on Docker Hub now points to the alpine image instead of CentOS. This also applies to the0.13.0
tag. - ๐ฆ The OpenResty version shipped with our default packages has been bumped to
1.13.6.1
. The 0.13.0 release should still be compatible with the OpenResty1.11.2.x
series for the time being. - โฌ๏ธ Bumped lua-resty-dns-client
to
2.0.0
. #3220 - โฌ๏ธ Bumped lua-resty-http to
0.12
. #3196 - โฌ๏ธ Bumped lua-multipart to
0.5.5
. #3318 - โฌ๏ธ Bumped lua-resty-healthcheck
to
0.4.0
. #3321
โ Additions
๐ง Configuration
- :fireworks: Support for control-plane and data-plane modes. The new
syntax of
proxy_listen
andadmin_listen
supportsoff
, which disables either one of those interfaces. It is now simpler than ever to make a Kong node "Proxy only" (data-plane) or "Admin only" (control-plane). #3147
Core
- :fireworks: This release introduces two new entities: Routes and Services. Those entities will provide a better separation of concerns than the "API" entity offers. Routes will define rules for matching a client's request (e.g., method, host, path...), and Services will represent upstream services (or backends) that Kong should proxy those requests to. Plugins can also be added to both Routes and Services, enabling use-cases to apply plugins more granularly (e.g., per endpoint). Following this addition, the API entity and related Admin API endpoints are now deprecated. This release is backwards-compatible with the previous model and all of your currently defined APIs and matching rules are still supported, although we advise users to migrate to Routes and Services as soon as possible. #3224
Admin API
- :fireworks: New endpoints:
/routes
and/services
to interact with the new core entities. More specific endpoints are also available such as/services/{service id or name}/routes
,/services/{service id or name}/plugins
, and/routes/{route id}/plugins
. #3224 - ๐ :fireworks: Our new endpoints (listed above) provide much better responses with regards to producing responses for incomplete entities, errors, etc... In the future, existing endpoints will gradually be moved to using this new Admin API content producer. #3224
- ๐ :fireworks: Improved argument parsing in form-urlencoded requests to the new
endpoints as well.
Kong now expects the following syntaxes for representing
arrays:
hosts[]=a.com&hosts[]=b.com
,hosts[1]=a.com&hosts[2]=b.com
, which avoid comma-separated arrays and related issues that can arise. In the future, existing endpoints will gradually be moved to using this new Admin API content parser. #3224
๐ Plugins
- jwt:
ngx.ctx.authenticated_jwt_token
is available for other plugins to use. #2988 - statsd: The fields
host
,port
andmetrics
are no longer marked as "required", since they have a default value. #3209
๐ Fixes
Core
- ๐ Fix an issue causing nodes in a cluster to use the default health checks configuration when the user configured them from another node (event propagated via the cluster). #3319
- 0๏ธโฃ Increase the default load balancer wheel size from 100 to 10.000. This allows for a better distribution of the load between Targets in general. #3296
Admin API
- :warning: The
-
v0.12.3 Changes
March 12, 2018๐ Fixed
- Suppress a memory leak in the core introduced in 0.12.2. Thanks @mengskysama for the report. #3278
-
v0.12.2 Changes
February 28, 2018โ Added
Core
- ๐ฒ Load balancers now log DNS errors to facilitate debugging. #3177
- Reports now can include custom immutable values. #3180
CLI
- The
kong migrations reset
command has a new--yes
flag. This flag makes the command run non-interactively, and ensures no confirmation prompt will occur. #3189
Admin API
- A new endpoint
/upstreams/:upstream_id/health
will return the health of the specified upstream. #3232 - The
/
endpoint in the Admin API now exposes thenode_id
field. #3234
๐ Fixed
Core
- HTTP/1.0 requests without a Host header are routed instead of being rejected. HTTP/1.1 requests without a Host are considered invalid and will still be rejected. Thanks to @rainiest for the patch! #3216
- ๐ Fix the load balancer initialization when some Targets would contain hostnames. #3187
- ๐ Fix incomplete handling of errors when initializing DAO objects. 637532e
- โ Remove bogus errors in the logs provoked by healthcheckers between the time they are unregistered and the time they are garbage-collected (#3207) and when receiving an HTTP status not tracked by healthy or unhealthy lists (c8eb5ae).
- ๐ Fix soft errors not being handled correctly inside the Kong cache. #3150
Migrations
- ๐ Better handling of already existing Cassandra keyspaces in migrations. #3203. Thanks to @pamiel for the patch!
Admin API
- Ensure
GET /certificates/{uuid}
does not return HTTP 500 when the given identifier does not exist. Thanks to @vdesjardins for the patch! #3148
-
v0.12.1 Changes
January 18, 2018๐ This release addresses a few issues encountered with 0.12.0, including one โฌ๏ธ which would prevent upgrading from a previous version. The 0.12 Upgrade โฌ๏ธ Path โฌ๏ธ is still relevant for upgrading existing clusters to 0.12.1.
๐ Fixed