Changelog History
Page 1
-
v3.0.0 Changes
π > Released 2022/09/12
π This major release adds a new router written in Rust and a tracing API that is compatible with the OpenTelemetry API spec. Furthermore, π various internal changes have been made to improve Kong's performance π and memory consumption. As it is a major release, users are advised to review the list of braking changes to determine whether β¬οΈ configuration changes are needed when upgrading.
π₯ Breaking Changes
π Deployment
- π Blue-green deployment from Kong earlier than
2.1.0
is not supported, upgrade to2.1.0
or later before upgrading to3.0.0
to have blue-green deployment. Thank you [@marc-charpentier]((https://github.com/charpentier)) for reporting issue and proposing a pull-request. #8896 - π§ Deprecate/stop producing Amazon Linux (1) containers and packages (EOLed December 31, 2020) Kong/docs.konghq.com #3966
- π¦ Deprecate/stop producing Debian 8 "Jessie" containers and packages (EOLed June 2020) Kong/kong-build-tools #448 Kong/kong-distributions #766
Core
- Kong schema library's
process_auto_fields
function will not any more make a deep copy of data that is passed to it when the given context is"select"
. This was done to avoid excessive deep copying of tables where we believe the data most of the time comes from a driver likepgmoon
orlmdb
. If a custom plugin relied onprocess_auto_fields
not overriding the given table, it must make its own copy before passing it to the function now. #8796 - π The deprecated
shorthands
field in Kong Plugin or DAO schemas was removed in favor or the typedshorthand_fields
. If your custom schemas still useshorthands
, you need to update them to useshorthand_fields
. #8815 - π The support for
legacy = true/false
attribute was removed from Kong schemas and Kong field schemas. #8958 - The deprecated alias of
Kong.serve_admin_api
was removed. If your custom Nginx templates still use it, please change it toKong.admin_content
. #8815 - π The Kong singletons module
"kong.singletons"
was removed in favor of the PDKkong.*
. #8874 - π The dataplane config cache was removed. The config persistence is now done automatically with LMDB. #8704
- β
ngx.ctx.balancer_address
does not exist anymore, please usengx.ctx.balancer_data
instead. #9043 - We have changed the normalization rules for
route.path
: Kong stores the unnormalized path, but regex path always pattern matches with the normalized URI. We used to replace percent-encoding in regex path pattern to ensure different forms of URI matches. That is no longer supported. Except for reserved characters defined in rfc3986, we should write all other characters without percent-encoding. #9024 - Kong will no longer use an heuristic to guess whether a
route.path
is a regex pattern. From now 3.0 onwards, all regex paths must start with the"~"
prefix, and all paths that don't start with"~"
will be considered plain text. The migration process should automatically convert the regex paths when upgrading from 2.x to 3.0 #9027 - Bumping version number (
_format_version
) of declarative configuration to "3.0" for changes onroute.path
. Declaritive configuration with older version are upgraded to "3.0" on the fly. #9078 - β Removed deprecated
config.functions
from serverless-functions plugin's schema, please useconfig.access
phase instead. #8559 - π· Tags may now contain space characters. #9143
- π The Secrets Management feature, which has been in beta since release 2.8.0, is now included as a regular feature. #8871 #9217
Admin API
- β‘οΈ
POST
requests on Targets endpoint are no longer able to update existing entities, they are only able to create new ones. #8596, #8798. If you have scripts that usePOST
requests to modify Targets, you should change them toPUT
requests to the appropriate endpoints before updating to Kong 3.0. - β‘οΈ Insert and update operations on duplicated Targets returns 409. #8179, #8768
- π The list of reported plugins available on the server now returns a table of
metadata per plugin instead of a boolean
true
. #8810
PDK
- The
kong.request.get_path()
PDK function now performs path normalization on the string that is returned to the caller. The raw, non-normalized version of the request path can be fetched viakong.request.get_raw_path()
. #8823 pdk.response.set_header()
,pdk.response.set_headers()
,pdk.response.exit()
now ignore and emit warnings for manually setTransfer-Encoding
headers. #8698- The PDK is no longer versioned #8585
- The JavaScript PDK now returns
Uint8Array
forkong.request.getRawBody
,kong.response.getRawBody
andkong.service.response.getRawBody
. The Python PDK returnsbytes
forkong.request.get_raw_body
,kong.response.get_raw_body
,kong.service.response.get_raw_body
. All these funtions used to return strings in the past. #8623
π Plugins
- π DAOs in plugins must be listed in an array, so that their loading order is explicit. Loading them in a hash-like table is no longer supported. #8988
- π Plugins MUST now have a valid
PRIORITY
(integer) andVERSION
("x.y.z" format) field in theirhandler.lua
file, otherwise the plugin will fail to load. #8836 - π The old
kong.plugins.log-serializers.basic
library was removed in favor of the PDK functionkong.log.serialize
, please upgrade your plugins to use PDK. #8815 - π The support for deprecated legacy plugin schemas was removed. If your custom plugins
still use the old (
0.x era
) schemas, you are now forced to upgrade them. #8815 - π Some plugins received new priority values.
This is important for those who run custom plugins as it may affect the sequence your plugins are executed.
Note that this does not change the order of execution for plugins in a standard kong installation.
List of plugins and their old and new priority value:
acme
changed from 1007 to 1705basic-auth
changed from 1001 to 1100hmac-auth
changed from 1000 to 1030jwt
changed from 1005 to 1450key-auth
changed from 1003 to 1250ldap-auth
changed from 1002 to 1200oauth2
changed from 1004 to 1400rate-limiting
changed from 901 to 910
- π² HTTP-log:
headers
field now only takes a single string per header name, where it previously took an array of values #6992 - AWS Lambda:
aws_region
field must be set through either plugin config or environment variables, allow bothhost
andaws_region
fields, and always apply SigV4 signature. #8082 - Serverless Functions Removed deprecated
config.functions
, please useconfig.access
instead. #8559 - Serverless Functions: The pre-functions plugin changed priority from
+inf
to1000000
. #8836 - JWT: The authenticated JWT is no longer put into the nginx context (ngx.ctx.authenticated_jwt_token). Custom plugins which depend on that value being set under that name must be updated to use Kong's shared context instead (kong.ctx.shared.authenticated_jwt_token) before upgrading to 3.0
- Prometheus: The prometheus metrics have been reworked extensively for 3.0.
- Latency has been split into 4 different metrics: kong_latency_ms, upstream_latency_ms and request_latency_ms (http) /tcp_session_duration_ms (stream). Buckets details below.
- Separate out Kong Latency Bucket values and Upstream Latency Bucket values.
consumer_status
removed.request_count
andconsumer_status
have been merged into justhttp_requests_total
. If theper_consumer
config is set false, the consumer label will be empty. If theper_consumer
config is true, it will be filled.http_requests_total
has a new labelsource
, set to eitherexit
,error
orservice
.- New Metric:
node_info
. Single gauge set to 1 that outputs the node's id and kong version. - All Memory metrics have a new label
node_id
nginx_http_current_connections
merged withnginx_stream_current_connection
intonginx_current_connections
#8712
- Prometheus: The plugin doesn't export status codes, latencies, bandwidth and upstream
healthcheck metrics by default. They can still be turned on manually by setting
status_code_metrics
,latency_metrics
,bandwidth_metrics
andupstream_health_metrics
respectively. Enabling those metrics will impact the performance if you have a large volume of Kong entities, we recommend using the statsd plugin with the push model if that is the case. And nowprometheus
plugin new grafana dashboard updated #9028 - ACME:
allow_any_domain
field added. It is default to false and if set to true, the gateway will ignore thedomains
field. #9047 - Statsd:
- The metric name that is related to the service has been renamed by adding a
service.
prefix. e.g.kong.service.<service_identifier>.request.count
#9046 - The metric
kong.<service_identifier>.request.status.<status>
andkong.<service_identifier>.user.<consumer_identifier>.request.status.<status>
has been renamed tokong.service.<service_identifier>.status.<status>
andkong.service.<service_identifier>.user.<consumer_identifier>.status.<status>
#9046 - The metric
*.status.<status>.total
from metricsstatus_count
andstatus_count_per_user
has been removed #9046
- The metric name that is related to the service has been renamed by adding a
- Proxy-cache: The plugin does not store the response data in
ngx.ctx.proxy_cache_hit
anymore. Logging plugins that need the response data must read it fromkong.ctx.shared.proxy_cache_hit
from Kong 3.0 on. #8607 - Rate-limiting: The default policy is now
local
for all deployment modes. #9344 - Response-rate-limiting: The default policy is now
local
for all deployment modes. #9344
π Deprecations
- π The
go_pluginserver_exe
andgo_plugins_dir
directives are no longer supported. #8552. If you are using Go plugin server, please migrate your plugins to use the Go PDK before upgrading. - The migration helper library (mostly used for Cassandra migrations) is no longer supplied with Kong #8781
- π The path_handling algorithm
v1
is deprecated and only supported whenrouter_flavor
config option is set totraditional
. #9290
π§ Configuration
- The Kong constant
CREDENTIAL_USERNAME
with value ofX-Credential-Username
was removed. Kong plugins in general have moved (since #5516) to use constantCREDENTIAL_IDENTIFIER
with value ofX-Credential-Identifier
when setting the upstream headers for a credential. #8815 - Change the default of
lua_ssl_trusted_certificate
tosystem
#8602 to automatically load trusted CA list from system CA store. - β Remove a warning of
AAAA
being experimental withdns_order
. - It is no longer possible to use a .lua format to import a declarative config from the
kong
command-line tool, only json and yaml are supported. If your update procedure with kong involves executingkong config db_import config.lua
, please create aconfig.json
orconfig.yml
and use that before upgrading. #8898 - We bumped the version number (
_format_version
) of declarative configuration to "3.0" because of changes onroute.path
. Declarative configuration with older version shoudl be upgraded to "3.0" on the fly. #9078
Migrations
- Postgres migrations can now have an
up_f
part like Cassandra migrations, designating a function to call. Theup_f
part is invoked after theup
part has been executed against the database for both Postgres and Cassandra. - A new CLI command,
kong migrations status
, generates the status on a JSON file.
Dependencies
- β¬οΈ Bumped OpenResty from 1.19.9.1 to 1.21.4.1 #8850
- β¬οΈ Bumped pgmoon from 1.13.0 to 1.15.0 #8908 #8429
- β¬οΈ Bumped OpenSSL from 1.1.1n to 1.1.1q #9074 #8544 #8752 #8994
- β¬οΈ Bumped resty.openssl from 0.8.8 to 0.8.10 #8592 #8753 #9023
- β¬οΈ Bumped inspect from 3.1.2 to 3.1.3 #8589
- β¬οΈ Bumped resty.acme from 0.7.2 to 0.8.1 #8680 #9165
- β¬οΈ Bumped luarocks from 3.8.0 to 3.9.1 #8700 #9204
- β¬οΈ Bumped luasec from 1.0.2 to 1.2.0 #8754 #8754
- β¬οΈ Bumped resty.healthcheck from 1.5.0 to 1.6.1 #8755 #9018 #9150
- β¬οΈ Bumped resty.cassandra from 1.5.1 to 1.5.2 #8845
- β¬οΈ Bumped penlight from 1.12.0 to 1.13.1 #9206
- β¬οΈ Bumped lua-resty-mlcache from 2.5.0 to 2.6.0 #9287
β Additions
π Performance
- Do not register unnecessary event handlers on Hybrid mode Control Plane nodes #8452.
- π Use the new timer library to improve performance, except for the plugin server. #8912
- 0οΈβ£ Increased use of caching for DNS queries by activating
additional_section
by default #8895 pdk.request.get_header
changed to a faster implementation, not to fetch all headers every time it's called #8716- π Conditional rebuilding of router, plugins iterator and balancer on DP #8519, #8671
- Made config loading code more cooperative by yielding #8888
- π Use LuaJIT encoder instead of JSON to serialize values faster in LMDB #8942
- π Move inflating and JSON decoding non-concurrent, which avoids blocking and makes DP reloads faster #8959
- Stop duplication of some events #9082
- π Improve performance of config hash calculation by using string buffer and tablepool #9073
- β¬οΈ Reduce cache usage in dbless by not using the kong cache for Routes and Services in LMDB #8972
Core
- Implemented delayed response in stream mode #6878
- β Added
cache_key
on target entity for uniqueness detection. #8179 - Introduced the tracing API which compatible with OpenTelemetry API spec and
add build-in instrumentations.
The tracing API is intend to be used with a external exporter plugin.
Build-in instrumentation types and sampling rate are configuable through
opentelemetry_tracing
andopentelemetry_tracing_sampling_rate
options. #8724 - Added
path
,uri_capture
, andquery_arg
options to upstreamhash_on
for load balancing. #8701 - Introduced unix domain socket based
lua-resty-events
to replace shared memory basedlua-resty-worker-events
. #8890 - Introduced a new router implementation
atc-router
, which is written in Rust. #8938 - Introduce a new field for entities
table_name
that allows to specify a table name. Before the name was deduced by the entityname
attribute. #9182 - β Added
headers
on active healthcheck for upstreams. #8255 - Target entities using hostnames were resolved when they were not needed. Now when a target is removed or updated, the DNS record associated with it is removed from the list of hostnames to be resolved. #8497 9265
- π Improved error handling and debugging info in the DNS code #8902
- Kong will now attempt to recover from an unclean shutdown by detecting and removing dangling unix sockets in the prefix directory #9254
Admin API
- β Added a new API
/timers
to get the timer statistics. #8912 and worker info #8999 - π
/
endpoint now includes plugin priority #8821
Hybrid Mode
- β Add wRPC protocol support. Now configuration synchronization is over wRPC. wRPC is an RPC protocol that encodes with ProtoBuf and transports with WebSocket. #8357
- To keep compatibility with earlier versions, add support for CP to fall back to the previous protocol to support old DP. #8834
- β Add support to negotiate services supported with wRPC protocol. We will support more services than config sync over wRPC in the future. #8926
- Declarative config exports happen inside a transaction in Postgres #8586
π Plugins
- π Sync all plugin versions to the Kong version #8772
- Introduced the new OpenTelemetry plugin that export tracing instrumentations
to any OTLP/HTTP compatible backend.
opentelemetry_tracing
configuration should be enabled to collect the core tracing spans of Kong. #8826 - Zipkin: add support for including HTTP path in span name
through configuration property
http_span_name
. #8150 - Zipkin: add support for socket connect and send/read timeouts
through configuration properties
connect_timeout
,send_timeout
, andread_timeout
. This can help mitigatengx.timer
saturation when upstream collectors are unavailable or slow. #8735 - AWS-Lambda: add support for cross account invocation through
configuration properties
aws_assume_role_arn
andaws_role_session_name
.#8900 #8900 - AWS-Lambda: accept string type
statusCode
as valid return when working in proxy integration mode. #8765 - AWS-Lambda: separate aws credential cache by IAM role ARN #8907
- Statsd: :fireworks: Newly open-sourced plugin capabilities: All capabilities of Statsd Advanced are now bundled in Statsd. #9046
π§ Configuration
- π§ A new configuration item (
openresty_path
) has been added to allow developers/operators to specify the OpenResty installation to use when running Kong (instead of using the system-installed OpenResty) #8412 - Add
ipv6only
to listen options (e.g.KONG_PROXY_LISTEN
) #9225 - Add
so_keepalive
to listen options (e.g.KONG_PROXY_LISTEN
) #9225 - β Add LMDB dbless config persistence and removed the JSON based config cache for faster startup time #8670
nginx_events_worker_connections=auto
has a lower bound of 1024 #9276nginx_main_worker_rlimit_nofile=auto
has a lower bound of 1024 #9276
PDK
- Added new PDK function:
kong.request.get_start_time()
#8688 kong.db.*.cache_key()
falls back to.id
if nothing fromcache_key
is found #8553
π Fixes
Core
- The schema validator now correctly converts
null
from declarative configurations tonil
. #8483 - β± Only reschedule router and plugin iterator timers after finishing previous execution, avoiding unnecessary concurrent executions. #8567
- π External plugins now handle returned JSON with null member correctly. #8611
- π Fixed an issue where the address of the environ variable could change but the code didn't assumed it was fixed after init #8581
- π Fix issue where the Go plugin server instance would not be updated after a restart (e.g., upon a plugin server crash). #8547
- π Fixed an issue on trying to reschedule the DNS resolving timer when Kong was being reloaded. #8702
- π° The private stream API has been rewritten to allow for larger message payloads #8641
- π Fixed an issue that the client certificate sent to upstream was not updated when calling PATCH Admin API #8934
- Fixed an issue where the CP and wRPC modules would cause Kong to crash when calling
export_deflated_reconfigure_payload
without a pcall #8668 - π Moved all
.proto
files to/usr/local/kong/include
and ordered by priority. #8914 - π Fixed an issue that cause unexpected 404 error on creating/updating configs with invalid options #8831
- π Fixed an issue that causes crashes when calling some PDK APIs #8604
- π Fixed an issue that cause crashes when go PDK calls return arrays #8891
- π Plugin servers now shutdowns gracefully when Kong exits #8923
- 0οΈβ£ CLI now prompts with
[y/n]
instead of[Y/n]
, as it does not takey
as default #9114 - π Improved the error message when Kong cannot connect to Cassandra on init #8847
- π Fixed an issue where Vault Subschema wasn't loaded in
off
strategy #9174 - The Schema now runs select transformations before process_auto_fields #9049
- π Fixed an issue where Kong would use too many timers to keep track of upstreams when
worker_consistency
=eventual
#8694, #8858 - π Fixed an issue where it wasn't possible to set target status using only a hostname for targets set only by their hostname #8797
- π Fixed pagination issue when getting to the second page while iterationg over a foreign key field using the DAO #9255
- π Fixed an issue where cache entries of some entities were not being properly invalidated after a cascade delete #9261
- β Running
kong start
when Kong is already running will no longer clobber the existing.kong_env
file #9254
Admin API
- π Support HTTP/2 when requesting
/status
#8690
π Plugins
- π Plugins with colliding priorities have now deterministic sorting based on their name #8957
- π External Plugins: better handling of the logging when a plugin instance loses the instances_id in an event handler #8652
- ACME:
auth_method
default value is set totoken
#8565 - ACME: Added cache for
domains_matcher
#9048 - syslog:
conf.facility
default value is now set touser
#8564 - AWS-Lambda: Removed
proxy_scheme
field from schema #8566 - AWS-Lambda: Change path from request_uri to upstream_uri, fix uri can not follow the rule defined in the request-transformer configuration #9058 #9129
- hmac-auth: Removed deprecated signature format using
ngx.var.uri
#8558 - β Remove deprecated
blacklist
/whitelist
config fields from bot-detection, ip-restriction and ACL plugins. #8560 - Zipkin: Correct the balancer spans' duration to include the connection time from Nginx to the upstream. #8848
- Zipkin: Correct the calculation of the header filter start time #9230
- Zipkin: Compatibility with the latest Jaeger header spec, which makes
parent_id
optional #8352 - LDAP-Auth: Refactored ASN.1 parser using OpenSSL API through FFI. #8663
- Rate-Limiting and Response-ratelimiting: Fix a disordered behaviour caused by
pairs
function which may cause Postgres DEADLOCK problem #8968 - Response-rate-Limiting: Fix a disordered behaviour caused by
pairs
function which may cause Postgres DEADLOCK problem #8968 - gRPC gateway: Fix the handling of boolean fields from URI arguments #9180
- Serverless Functions: Fix problem that could result in a crash #9269
- Azure-functions: Support working without dummy service #9177
Clustering
- The cluster listener now uses the value of
admin_error_log
for its log file instead ofproxy_error_log
#8583 - π Fixed a typo in some business logic that checks the Kong role before setting a value in cache at startup #9060
- π Fixed DP get zero size config while service with plugin-enabled route is disabled #8816
- Localize
config_version
to avoid a race condition from the new yielding config loading code #8188
PDK
- π Blue-green deployment from Kong earlier than
-
v2.8.1 Changes
Dependencies
- β¬οΈ Bumped lua-resty-healthcheck from 1.5.0 to 1.5.1 #8584
- β¬οΈ Bumped
OpenSSL
from 1.1.1l to 1.1.1n #8635
π Fixes
Core
- β± Only reschedule router and plugin iterator timers after finishing previous execution, avoiding unnecessary concurrent executions. #8634
- π Implements conditional rebuilding of router, plugins iterator and balancer on data planes. This means that DPs will not rebuild router if there were no changes in routes or services. Similarly, the plugins iterator will not be rebuilt if there were no changes to plugins, and, finally, the balancer will not be reinitialized if there are no changes to upstreams or targets. #8639
-
v2.8.0 Changes
π Deprecations
- π The external go-pluginserver project π is considered deprecated in favor of the embedded server approach described in π the docs.
Dependencies
- OpenSSL bumped to 1.1.1m #8191
- β¬οΈ Bumped resty.session from 3.8 to 3.10 #8294
- β¬οΈ Bumped lua-resty-openssl to 0.8.5 #8368
β Additions
Core
- Customizable transparent dynamic TLS SNI name. Thanks, @zhangshuaiNB! #8196
- π Routes now support matching headers with regular expressions Thanks, @vanhtuan0409! #6079
Beta
- π Secrets Management and Vault support as been introduced as a Beta feature. This means it is intended for testing in staging environments. It not intended for use in Production environments. You can read more about Secrets Management in our docs page. #8403
π Performance
- π Improved the calculation of declarative configuration hash for big configurations The new method is faster and uses less memory #8204
- Multiple improvements in the Router. Amongst others:
- Prometheus plugin export performance is improved, it now has less impact to proxy side traffic when being scrapped. #9028
π Plugins
- Response-ratelimiting: Redis ACL support, and genenarized Redis connection support for usernames. Thanks, @27ascii for the original contribution! #8213
- ACME: Add rsa_key_size config option Thanks, lodrantl! #8114
- Prometheus: Added gauges to track
ngx.timer.running_count()
andngx.timer.pending_count()
#8387
Clustering
CLUSTERING_MAX_PAYLOAD
is now configurable in kong.conf Thanks, @andrewgkew! #8337
Admin API
- π§ The current declarative configuration hash is now returned by the
status
endpoint when Kong node is running in dbless or data-plane mode. #8214 #8425
π Fixes
Core
- When the Router encounters an SNI FQDN with a trailing dot (
.
), the dot will be ignored, since according to RFC-3546 said dot is not part of the hostname. #8269 - π Fixed a bug in the Router that would not prioritize the routes with
both a wildcard and a port (
route.*:80
) over wildcard-only routes (route.*
), which have less specificity #8233 - The internal DNS client isn't confused by the single-dot (
.
) domain which can appear in/etc/resolv.conf
in special cases likesearch .
#8307 - Cassandra connector now records migration consistency level. Thanks, @mpenick! #8226
Balancer
- β‘οΈ Targets keep their health status when upstreams are updated. #8394
- π² One debug message which was erroneously using the
error
log level has been downgraded to the appropiatedebug
log level. #8410
Clustering
- Replaced cryptic error message with more useful one when there is a failure on SSL when connecting with CP: #8260
Admin API
- π Fix incorrect
next
field in when paginating Upstreams #8249
PDK
- Phase names are correctly selected when performing phase checks #8208
- π Fixed a bug in the go-PDK where if
kong.request.getrawbody
was big enough to be buffered into a temporary file, it would return an an empty string. #8390
π Plugins
- π External Plugins: Fixed incorrect handling of the Headers Protobuf Structure and representation of null values, which provoked an error on init with the go-pdk. #8267
- π External Plugins: Unwrap
ConsumerSpec
andAuthenticateArgs
. Thanks, @raptium! #8280 - π External Plugins: Fixed a problem in the stream subsystem would attempt to load HTTP headers. #8414
- CORS: The CORS plugin does not send the
Vary: Origin
header any more when the headerAccess-Control-Allow-Origin
is set to*
. Thanks, @jkla-dr! #8401 - AWS-Lambda: Fixed incorrect behavior when configured to use an http proxy
and deprecated the
proxy_scheme
config attribute for removal in 3.0 #8406 - oauth2: The plugin clears the
X-Authenticated-UserId
andX-Authenticated-Scope
headers when it configured in logical OR and is used in conjunction with another authentication plugin. #8422 - Datadog: The plugin schema now lists the default values for configuration options in a single place instead of in two separate places. #8315
-
v2.7.0 Changes
Dependencies
- β¬οΈ Bumped
kong-plugin-session
from 0.7.1 to 0.7.2 #7910 - β¬οΈ Bumped
resty.openssl
from 0.7.4 to 0.7.5 #7909 - β¬οΈ Bumped
go-pdk
used in tests from v0.6.0 to v0.7.1 #7964 - π Cassandra support is deprecated with 2.7 and will be fully removed with 4.0.
β Additions
π§ Configuration
- π Deprecated the
worker_consistency
directive, and changed its default toeventual
. Future versions of Kong will remove the option and act witheventual
consistency only.
π Performance
π In this release we continued our work on better performance:
- π Improved the plugin iterator performance and JITability #7912 #7979
- π Simplified the Kong core context read and writes for better performance #7919
- β¬οΈ Reduced proxy long tail latency while reloading DB-less config #8133
Core
- π DAOs in plugins must be listed in an array, so that their loading order is explicit. Loading them in a hash-like table is now deprecated. #7942
- π Postgres credentials
pg_user
andpg_password
, andpg_ro_user
andpg_ro_password
now support automatic secret rotation when used together with Kong Secrets Management vault references. #8967
PDK
- New functions:
kong.response.get_raw_body
andkong.response.set_raw_body
#7887
π Plugins
- IP-Restriction: response status and message can now be customized
through configurations
status
andmessage
. #7728 Thanks timmkelley for the patch! - Datadog: add support for the
distribution
metric type. #6231 Thanks onematchfox for the patch! - Datadog: allow service, consumer, and status tags to be customized through
plugin configurations
service_tag
,consumer_tag
, andstatus_tag
. #6230 Thanks onematchfox for the patch! - gRPC Gateway and gRPC Web: Now share most of the ProtoBuf definitions.
Both plugins now share the Timestamp transcoding and included
.proto
files features. #7950 - gRPC Gateway: processes services and methods defined in imported
.proto
files. #8107 - Rate-Limiting: add support for Redis SSL, through configuration properties
redis_ssl
(can be set totrue
orfalse
),ssl_verify
, andssl_server_name
. #6737 Thanks gabeio for the patch! - LDAP: basic authentication header was not parsed correctly when
the password contained colon (
:
). #7977 Thanks beldahanit for reporting the issue! - π Old
BasePlugin
is deprecated and will be removed in a future version of Kong. Porting tips in the documentation - π The deprecated BasePlugin has been removed. #7961
π§ Configuration
- β Removed the following config options, which had been deprecated in previous versions, in favor of other config names. If you have any of these options in your config you will have to rename them: (removed option -> current option).
- upstream_keepalive -> nginx_upstream_keepalive + nginx_http_upstream_keepalive
- nginx_http_upstream_keepalive -> nginx_upstream_keepalive
- nginx_http_upstream_keepalive_requests -> nginx_upstream_keepalive_requests
- nginx_http_upstream_keepalive_timeout -> nginx_upstream_keepalive_timeout
- nginx_http_upstream_directives -> nginx_upstream_directives
- nginx_http_status_directives -> nginx_status_directives
- nginx_upstream_keepalive -> upstream_keepalive_pool_size
- nginx_upstream_keepalive_requests -> upstream_keepalive_max_requests
- nginx_upstream_keepalive_timeout -> upstream_keepalive_idle_timeout
- client_max_body_size -> nginx_http_client_max_body_size
- client_body_buffer_size -> nginx_http_client_max_buffer_size
- cassandra_consistency -> cassandra_write_consistency / cassandra_read_consistency
- router_update_frequency -> worker_state_update_frequency
- β Removed the nginx_optimizations config option. If you have it in your configuration, please remove it before updating to 3.0.
π Fixes
Core
- π§ Balancer caches are now reset on configuration reload. #7924
- π§ Configuration reload no longer causes a new DNS-resolving timer to be started. #7943
- π Fixed problem when bootstrapping multi-node Cassandra clusters, where migrations could attempt insertions before schema agreement occurred. #7667
- π Fixed intermittent botting error which happened when a custom plugin had inter-dependent entity schemas on its custom DAO and they were loaded in an incorrect order #7911
- π Fixed problem when the consistent hash header is not found, the balancer tries to hash a nil value. #8141
- Fixed DNS client fails to resolve unexpectedly in
ssl_cert
andssl_session_fetch
phases. #8161
PDK
- π²
kong.log.inspect
log level is now debug instead of warn. It also renders text boxes more cleanly now #7815
π Plugins
- Prometheus: Control Plane does not show Upstream Target health metrics #7992
Dependencies
- β¬οΈ Bumped
lua-pack
from 1.0.5 to 2.0.0 #8004
- β¬οΈ Bumped
-
v2.6.0 Changes
π > Release date: 2021/10/04
Dependencies
- β¬οΈ Bumped
openresty
from 1.19.3.2 to 1.19.9.1 #7430 - β¬οΈ Bumped
openssl
from1.1.1k
to1.1.1l
7767 - β¬οΈ Bumped
lua-resty-http
from 0.15 to 0.16.1 #7797 - β¬οΈ Bumped
Penlight
to 1.11.0 #7736 - β¬οΈ Bumped
lua-resty-http
from 0.15 to 0.16.1 #7797 - β¬οΈ Bumped
lua-protobuf
from 0.3.2 to 0.3.3 #7656 - β¬οΈ Bumped
lua-resty-openssl
from 0.7.3 to 0.7.4 #7657 - β¬οΈ Bumped
lua-resty-acme
from 0.6 to 0.7.1 #7658 - β¬οΈ Bumped
grpcurl
from 1.8.1 to 1.8.2 #7659 - β¬οΈ Bumped
luasec
from 1.0.1 to 1.0.2 #7750 - β¬οΈ Bumped
lua-resty-ipmatcher
to 0.6.1 #7703 Thanks EpicEric for the patch!
π All Kong Gateway OSS plugins will be moved from individual repositories and centralized into the main Kong Gateway (OSS) repository. We are making a gradual transition. On this π release:
- π Moved AWS-Lambda inside the Kong repo #7464.
- π Moved ACME inside the Kong repo #7464.
- π Moved Prometheus inside the Kong repo #7666.
- π Moved Session inside the Kong repo #7738.
- π Moved GRPC-web inside the Kong repo #7782.
- π Moved Serverless functions inside the Kong repo #7792.
β Additions
Core
- π New schema entity validator:
mutually_exclusive
. It accepts a list of fields. If more than 1 of those fields is set simultaneously, the entity is considered invalid. #7765
π Performance
π On this release we've done some special efforts with regards to performance.
π There's a new performance workflow which periodically checks new code additions against some typical scenarios #7030 #7547
π In addition to that, the following changes were specifically included to improve performance:
- β¬οΈ Reduced unnecessary reads of
ngx.var
#7840 - Loaded more indexed variables #7849
- β‘οΈ Optimized table creation in Balancer #7852
- β‘οΈ Reduce calls to
ngx.update_time
#7853 - π Use read-only replica for PostgreSQL meta-schema reading #7454
- URL escaping detects cases when it's not needed and early-exits #7742
- Accelerated variable loading via indexes #7818
- β Removed unnecessary call to
get_phase
in balancer #7854
π§ Configuration
- π Enable IPV6 on
dns_order
as unsupported experimental feature. Please give it a try and report back any issues #7819. - The template renderer can now use
os.getenv
#6872.
Hybrid Mode
- Data plane is able to eliminate some unknown fields when Control Plane is using a more modern version #7827.
Admin API
- β Added support for the HTTP HEAD method for all Admin API endpoints #7796
- β Added better support for OPTIONS requests. Previously, the Admin API replied the same on all OPTIONS requests, where as now OPTIONS request will only reply to routes that our Admin API has. Non-existing routes will have a 404 returned. It also adds Allow header to responses, both Allow and Access-Control-Allow-Methods now contain only the methods that the specific API supports. #7830
π Plugins
- AWS-Lambda: The plugin will now try to detect the AWS region by using
AWS_REGION
andAWS_DEFAULT_REGION
environment variables (when not specified with the plugin configuration). This allows to specify a 'region' on a per Kong node basis, hence adding the ability to invoke the Lamda in the same region where Kong is located. #7765 - Datadog:
host
andport
config options can be configured from environment variablesKONG_DATADOG_AGENT_HOST
andKONG_DATADOG_AGENT_PORT
. This allows to set different destinations on a per Kong node basis, which makes multi-DC setups easier and in Kubernetes allows to run the datadog agents as a daemon-set. #7463 Thanks rallyben for the patch! - Prometheus: A new metricΒ
data_plane_cluster_cert_expiry_timestamp
Β is added to expose the Data Plane'sΒ cluster_certΒ expiry timestamp for improved monitoring in Hybrid Mode.Β #7800.
Request Termination:
- π New
trigger
config option, which makes the plugin only activate for any requests with a header or query parameter named like the trigger. This can be a great debugging aid, without impacting actual traffic being processed. #6744. - π The
request-echo
config option was added. If set, the plugin responds with a copy of the incoming request. This eases troubleshooting when Kong is behind one or more other proxies or LB's, especially when combined with the new 'trigger' option. #6744.
GRPC-Gateway:
- Fields of type
.google.protobuf.Timestamp
on the gRPC side are now transcoded to and from ISO8601 strings in the REST side. #7538 - URI arguments like
..?foo.bar=x&foo.baz=y
are interpreted as structured fields, equivalent to{"foo": {"bar": "x", "baz": "y"}}
#7564 Thanks git-torrent for the patch!
π Fixes
Core
- Balancer retries now correctly set the
:authority
pseudo-header on balancer retries #7725. - Healthchecks are now stopped while the Balancer is being recreated #7549.
- π Fixed an issue in which a malformed
Accept
header could cause unexpected HTTP 500 #7757. - π Kong no longer removes
Proxy-Authentication
request header andProxy-Authenticate
response header #7724. - π Fixed an issue where Kong would not sort correctly Routes with both regex and prefix paths #7695 Thanks jiachinzhao for the patch!
Hybrid Mode
- Ensure data plane config thread is terminated gracefully, preventing a semi-deadlocked state #7568 Thanks flrgh for the patch!
- π Older data planes using
aws-lambda
,grpc-web
orrequest-termination
plugins can now talk with newer control planes by ignoring new plugin fields. #7881
CLI
- π
kong config parse
no longer crashes when there's a Go plugin server enabled #7589.
π§ Configuration
- π§ Declarative Configuration parser now prints more correct errors when pointing unknown foreign references #7756.
- π§ YAML anchors in Declarative Configuration are properly processed #7748.
Admin API
GET /upstreams/:upstreams/targets/:target
no longer returns 404 when target weight is 0 #7758.
PDK
kong.response.exit
now uses customized "Content-Length" header when found #7828.
π Plugins
- β¬οΈ Bumped
-
v2.5.1 Changes
π > Release date: 2021/09/07
π This is the first patch release in the 2.5 series. Being a patch release, π it strictly contains bugfixes. There are no new features or breaking changes.
Dependencies
- β¬οΈ Bumped
grpcurl
from 1.8.1 to 1.8.2 #7659 - β¬οΈ Bumped
lua-resty-openssl
from 0.7.3 to 0.7.4 #7657 - β¬οΈ Bumped
penlight
from 1.10.0 to 1.11.0 #7736 - β¬οΈ Bumped
luasec
from 1.0.1 to 1.0.2 #7750 - β¬οΈ Bumped
OpenSSL
from 1.1.1k to 1.1.1l #7767
π Fixes
Core
- You can now successfully delete workspaces after deleting all entities associated with that workspace.
Previously, Kong Gateway was not correctly cleaning up parent-child relationships. For example, creating
an Admin also creates a Consumer and RBAC user. When deleting the Admin, the Consumer and RBAC user are
also deleted, but accessing the
/workspaces/workspace_name/meta
endpoint would show counts for Consumers and RBAC users, which prevented the workspace from being deleted. Now deleting entities correctly updates the counts, allowing an empty workspace to be deleted. #7560 - When an upstream event is received from the DAO,
handler.lua
now gets the workspace ID from the request and adds it to the upstream entity that will be used in the worker and cluster events. Before this change, when posting balancer CRUD events, the workspace ID was lost and the balancer used the default workspace ID as a fallback. #7778
CLI
- π Fixes regression that included an issue where Go plugins prevented CLI commands like
kong config parse
orkong config db_import
from working as expected. #7589
CI / Process
- π Improves tests reliability. (#7578 #7704)
- β Adds Github Issues template forms. #7774
- π Moves "Feature Request" link from Github Issues to Discussions. #7777
Admin API
- Kong Gateway now validates workspace names, preventing the use of reserved names on workspaces. #7380
- β¬οΈ Bumped
-
v2.5.0 Changes
π > Release date: 2021-07-13
π This is the final release of Kong 2.5.0, with no breaking changes with respect to the 2.x series.
π This release includes Control Plane resiliency to database outages and the new
declarative_config_string
config option, among other features and fixes.Distribution
- π¦ :warning: Since 2.4.1, Kong packages are no longer distributed through Bintray. Please visit the installation docs for more details.
Dependencies
- β¬οΈ Bumped
openresty
from 1.19.3.1 to 1.19.3.2 #7430 - β¬οΈ Bumped
luasec
from 1.0 to 1.0.1 #7126 - β¬οΈ Bumped
luarocks
from 3.5.0 to 3.7.0 #7043 - β¬οΈ Bumped
grpcurl
from 1.8.0 to 1.8.1 #7128 - β¬οΈ Bumped
penlight
from 1.9.2 to 1.10.0 #7127 - β¬οΈ Bumped
lua-resty-dns-client
from 6.0.0 to 6.0.2 #7539 - β¬οΈ Bumped
kong-plugin-prometheus
from 1.2 to 1.3 #7415 - β¬οΈ Bumped
kong-plugin-zipkin
from 1.3 to 1.4 #7455 - β¬οΈ Bumped
lua-resty-openssl
from 0.7.2 to 0.7.3 #7509 - β¬οΈ Bumped
lua-resty-healthcheck
from 1.4.1 to 1.4.2 #7511 - β¬οΈ Bumped
hmac-auth
from 2.3.0 to 2.4.0 #7522 - π Pinned
lua-protobuf
to 0.3.2 (previously unpinned) #7079
π All Kong Gateway OSS plugins will be moved from individual repositories and centralized into the main Kong Gateway (OSS) repository. We are making a gradual transition, starting with the π grpc-gateway plugin first:
- π Moved grpc-gateway inside the Kong repo. #7466
β Additions
Core
- β‘οΈ Control Planes can now send updates to new data planes even if the control planes lose connection to the database. #6938
- Kong now automatically adds
cluster_cert
(cluster_mtls=shared
) orcluster_ca_cert
(cluster_mtls=pki
) intolua_ssl_trusted_certificate
when operating in Hybrid mode. Before, Hybrid mode users needed to configurelua_ssl_trusted_certificate
manually as a requirement for Lua to verify the Control Planeβs certificate. See Starting Data Plane Nodes in the Hybrid Mode guide for more information. #7044 - New
declarative_config_string
option allows loading a declarative config directly from a string. See the Loading The Declarative Configuration File section of the DB-less and Declarative Configuration guide for more information. #7379
PDK
- The Kong PDK now accepts tables in the response body for Stream subsystems, just as it does for the HTTP subsystem.
Before developers had to check the subsystem if they wrote code that used the
exit()
function before calling it, because passing the wrong argument type would break the request response. #7082
π Plugins
- hmac-auth: The HMAC Authentication plugin now includes support for the
@request-target
field in the signature string. Before, the plugin used therequest-line
parameter, which contains the HTTP request method, request URI, and the HTTP version number. The inclusion of the HTTP version number in the signature caused requests to the same target but using different request methods(such as HTTP/2) to have different signatures. The newly added request-target field only includes the lowercase request method and request URI when calculating the hash, avoiding those issues. See the HMAC Authentication documentation for more information. #7037 - syslog: The Syslog plugin now includes facility configuration options, which are a way for the plugin to group error messages from different sources. See the description for the facility parameter in the Parameters section of the Syslog documentation for more information. #6081. Thanks, jideel!
- Prometheus: The Prometheus plugin now exposes connected data planes' status on the control plane. New metrics include the
following:
data_plane_last_seen
,data_plane_config_hash
anddata_plane_version_compatible
. These metrics can be useful for troubleshooting when data planes have inconsistent configurations across the cluster. See the Available metrics section of the Prometheus plugin documentation for more information. 98 - Zipkin: The Zipkin plugin now includes the following tags:
kong.route
,kong.service_name
andkong.route_name
. See the Spans section of the Zipkin plugin documentation for more information. 115
Hybrid Mode
- π Kong now exposes an upstream health checks endpoint (using the status API) on the data plane for better observability. #7429
- π Control Planes are now more lenient when checking Data Planes' compatibility in Hybrid mode. See the Version compatibility section of the Hybrid Mode guide for more information. #7488
- π This release starts the groundwork for Hybrid Mode 2.0 Protocol. This code isn't active by default in Kong 2.5, but it allows future development. #7462
π Fixes
Core
- When using DB-less mode,
select_by_cache_key
now finds entities by using the providedfield
directly inselect_by_key
and does not complete unnecessary cache reads. #7146 - π Kong can now finish initialization even if a pluginβs
init_worker
handler fails, improving stability. #7099 - TLS keepalive requests no longer share their context. Before when two calls were made to the same "server+hostname"
but different routes and using a keepalive connection, plugins that were active in the first call were also sometimes
(incorrectly) active in the second call. The wrong plugin was active because Kong was passing context in the SSL phase
to the plugin iterator, creating connection-wide structures in that context, which was then shared between different
keepalive requests. With this fix, Kong does not pass context to plugin iterators with the
certificate
phase, avoiding plugin mixups.#7102 - The HTTP status 405 is now handled by Kong's error handler. Before accessing Kong using the TRACE method returned a standard NGINX error page because the 405 wasnβt included in the error page settings of the NGINX configuration. #6933. Thanks, yamaken1343!
- β‘οΈ Custom
ngx.sleep
implementation ininit_worker
phase now invokesupdate_time
in order to prevent time-based deadlocks #7532 Proxy-Authorization
header is removed when it is part of the original request or when a plugin sets it to the same value as the original request #7533- π
HEAD
requests don't provoke an error when a Plugin implements theresponse
phase #7535
Hybrid Mode
- Control planes no longer perform health checks on CRUD upstreamsβ and targetsβ events. #7085
- To prevent unnecessary cache flips on data planes, Kong now checks
dao:crud
events more strictly and has a new cluster event,clustering:push_config
for configuration pushes. These updates allow Kong to filter invalidation events that do not actually require a database change. Furthermore, the clustering module does not subscribe to the genericinvalidations
event, which has a more broad scope than database entity invalidations. #7112 - Data Planes ignore null fields coming from Control Planes when doing schema validation. #7458
- π Kong now includes the source in error logs produced by Control Planes. #7494
- Data Plane config hash calculation and checking is more consistent now: it is impervious to changes in table iterations, hashes are calculated in both CP and DP, and DPs send pings more immediately and with the new hash now #7483
Balancer
- All targets are returned by the Admin API now, including targets with a
weight=0
, or disabled targets. Before disabled targets were not included in the output when users attempted to list all targets. Then when users attempted to add the targets again, they recieved an error message telling them the targets already existed. #7094 - β‘οΈ Upserting existing targets no longer fails. Before, because of updates made to target configurations since Kong v2.2.0, upserting older configurations would fail. This fix allows older configurations to be imported. #7052
- The last balancer attempt is now correctly logged. Before balancer tries were saved when retrying, which meant the last retry state was not saved since there were no more retries. This update saves the failure state so it can be correctly logged. #6972
- β‘οΈ Kong now ensures that the correct upstream event is removed from the queue when updating the balancer state. #7103
CLI
- The
prefix
argument in thekong stop
command now takes precedence over environment variables, as it does in thekong start
command. #7080
π§ Configuration
- π§ Declarative configurations now correctly parse custom plugin entities schemas with attributes called "plugins". Before when using declarative configurations, users with custom plugins that included a "plugins" field would encounter startup exceptions. With this fix, the declarative configuration can now distinguish between plugins schema and custom plugins fields. #7412
- π§ The stream access log configuration options are now properly separated from the HTTP access log. Before when users
used Kong with TCP, they couldnβt use a custom log format. With this fix,
proxy_stream_access_log
andproxy_stream_error_log
have been added to differentiate stream access log from the HTTP subsystem. Seeproxy_stream_access_log
andproxy_stream_error
in the Configuration Property Reference for more information. #7046
Migrations
- Kong no longer assumes that
/?/init.lua
is in the Lua path when doing migrations. Before, when users created a custom plugin in a non-standard location and setlua_package_path = /usr/local/custom/?.lua
, migrations failed. Migrations failed because the Kong core file isinit.lua
and it is required as part ofkong.plugins.<name>.migrations
. With this fix, migrations no longer expectinit.lua
to be a part of the path. #6993 - Kong no longer emits errors when doing
ALTER COLUMN
operations in Apache Cassandra 4.0. #7490
PDK
- β‘οΈ With this update,
kong.response.get_XXX()
functions now work in the log phase on external plugins. Beforekong.response.get_XXX()
functions required data from the response object, which was not accessible in the post-log timer used to call log handlers in external plugins. Now these functions work by accessing the required data from the set saved at the start of the log phase. Seekong.response
in the Plugin Development Kit for more information. #7048 - π External plugins handle certain error conditions better while the Kong balancer is being refreshed. Before
when an
instance_id
of an external plugin changed, and the plugin instance attempted to reset and retry, it was failing because of a typo in the comparison. #7153. Thanks, ealogar! - π With this release,
kong.log
's phase checker now accounts for the existence of the newresponse
pseudo-phase. Before users may have erroneously received a safe runtime error for using a function out-of-place in the PDK. #7109 - Kong no longer sandboxes the
string.rep
function. Beforestring.rep
was sandboxed to disallow a single operation from allocating too much memory. However, a single operation allocating too much memory is no longer an issue because in LuaJIT there are no debug hooks and it is trivial to implement a loop to allocate memory on every single iteration. Additionally, since thestring
table is global and obtainable by any sandboxed string, its sandboxing provoked issues on global state. #7167 - The
kong.pdk.node
function can now correctly iterates over all the shared dict metrics. Before this fix, users using thekong.pdk.node
function could not see all shared dict metrics under the Stream subsystem. #7078
π Plugins
- π All custom plugins that are using the deprecated
BasePlugin
class have to remove this inheritance. - LDAP-auth: The LDAP Authentication schema now includes a default value for the
config.ldap_port
parameter that matches the documentation. Before the plugin documentation Parameters section included a reference to a default value for the LDAP port; however, the default value was not included in the plugin schema. #7438 - Prometheus: The Prometheus plugin exporter now attaches subsystem labels to memory stats. Before, the HTTP and Stream subsystems were not distinguished, so their metrics were interpreted as duplicate entries by Prometheus. https://github.com/Kong/kong-plugin-prometheus/pull/118
- π External Plugins: the return code 127 (command not found) is detected and appropriate error is returned #7523
-
v2.4.1 Changes
π > Released 2021/05/11
π This is a patch release in the 2.4 series. Being a patch release, it π strictly contains bugfixes. There are no new features or breaking changes.
Distribution
- π :warning: Starting with this release, Kong packages are no longer distributed through Bintray. Please download from download.konghq.com.
Dependencies
- β¬οΈ Bump
luasec
from 1.0.0 to 1.0.1 #7126 - β¬οΈ Bump
prometheus
plugin from 1.2.0 to 1.2.1 #7061
π Fixes
Core
- Ensure healthchecks and balancers are not created on control plane nodes. #7085
- β‘οΈ Optimize URL normalization code. #7100
- π Fix issue where control plane nodes would needlessly invalidate and send new configuration to data plane nodes. #7112
- Ensure HTTP code
405
is handled by Kong's error page. #6933 - π Ensure errors in plugins
init_worker
do not break Kong's worker initialization. #7099 - π Fix issue where two subsequent TLS keepalive requests would lead to incorrect plugin execution. #7102
- Ensure Targets upsert operation behaves similarly to other entities' upsert method. #7052
- π² Ensure failed balancer retry is saved and accounted for in log data. #6972
CLI
- Ensure
kong start
andkong stop
prioritize CLI flag--prefix
over environment variableKONG_PREFIX
. #7080
π§ Configuration
- π§ Ensure Stream subsystem allows for configuration of access logs format. #7046
Admin API
- Ensure targets with weight 0 are displayed in the Admin API. #7094
PDK
- Ensure new
response
phase is accounted for in phase checkers. #7109
π Plugins
-
v2.4.0 Changes
π > Released 2021/04/06
π This is the final release of Kong 2.4.0, with no breaking changes with respect to the 2.x series. π This release includes JavaScript PDK, improved CP/DP updates and UTF-8 Tags, amongst other improvements π and fixes.
Dependencies
- β :warning: For Kong 2.4, the required OpenResty version has been bumped to 1.19.3.1, and the set of patches included has changed, including the latest release of lua-kong-nginx-module. If you are installing Kong from one of our distribution packages, you are not affected by this change.
Note: if you are not using one of our distribution packages and compiling OpenResty from source, you must still apply Kong's OpenResty π patches (and, as highlighted above, compile OpenResty with the new π lua-kong-nginx-module). Our kong-build-tools repository will allow you to do both easily.
- β¬οΈ Bump luarocks from 3.4.0 to 3.5.0. #6699
- β¬οΈ Bump luasec from 0.9 to 1.0. #6814
- β¬οΈ Bump lua-resty-dns-client from 5.2.1 to 6.0.0. #6999
- β¬οΈ Bump kong-lapis from 1.8.1.2 to 1.8.3.1. #6925
- β¬οΈ Bump pgmoon from 1.11.0 to 1.12.0. #6741
- β¬οΈ Bump lua-resty-openssl from 0.6.9 to 0.7.2. #6967
- β¬οΈ Bump kong-plugin-zipkin from 1.2 to 1.3. #6936
- β¬οΈ Bump kong-prometheus-plugin from 1.0 to 1.2. #6958
- β¬οΈ Bump lua-cassandra from 1.5.0 to 1.5.1 #6857
- β¬οΈ Bump luasyslog from 1.0.0 to 2.0.1 #6957
β Additions
Core
- π Relaxed version check between Control Planes and Data Planes, allowing Data Planes that are missing minor updates to still connect to the Control Plane. Also, now Data Plane is allowed to have a superset of Control Plane plugins. 6932
- π Allowed UTF-8 in Tags 6784
- β Added support for Online Certificate Status Protocol responder found in cluster. 6887
PDK
- π JavaScript Plugin Development Kit (PDK) is released alongside with Kong 2.4. It allows users to write Kong plugins in JavaScript and TypeScript.
- π Beta release of Protobuf plugin communication protocol, which can be used in place of MessagePack to communicate with non-Lua plugins. 6941
- π Enabled
ssl_certificate
phase on plugins with stream module. 6873
π Plugins
- π Zipkin: support for Jaeger style uber-trace-id headers. 101 Thanks nvx for the patch!
- π Zipkin: support for OT headers. 103 Thanks ishg for the patch!
- Zipkin: allow insertion of custom tags on the Zipkin request trace. 102
- Zipkin: creation of baggage items on child spans is now possible. 98 Thanks Asafb26 for the patch!
- π JWT: Add ES384 support 6854 Thanks pariviere for the patch!
- π Several plugins: capability to set new log fields, or unset existing fields, by executing custom Lua code in the Log phase. 6944
π Fixes
Core
- π Changed default values and validation rules for plugins that were not well-adjusted for dbless or hybrid modes. 6885
- Kong 2.4 ensures that all the Core entities are loaded before loading any plugins. This fixes an error in which Plugins to could not link to or modify Core entities because they would not be loaded yet 6880
- β‘οΈ If needed,
Host
header is now updated between balancer retries, using the value configured in the correct upstream entity. 6796 - π² Schema validations now log more descriptive error messages when types are invalid. 6593 Thanks WALL-E for the patch!
- Kong now ignores tags in Cassandra when filtering by multiple entities, which is the expected behavior and the one already existent when using Postgres databases. 6931
- β¬οΈ
Upgrade
header is not cleared anymore when responseConnection
header containsUpgrade
. 6929 - Accept fully-qualified domain names ending in dots. 6864
- Kong does not try to warmup upstream names when warming up DNS entries. 6891
- Migrations order is now guaranteed to be always the same. 6901
- β¬οΈ Buffered responses are disabled on connection upgrades. 6902
- π Make entity relationship traverse-order-independent. 6743
- β‘οΈ The host header is updated between balancer retries. 6796
- The router prioritizes the route with most matching headers when matching headers. 6638
- π Fixed an edge case on multipart/form-data boundary check. 6638
- Paths are now properly normalized inside Route objects. 6976
- Do not cache empty upstream name dictionary. 7002
- Do not assume upstreams do not exist after init phase. 7010
- π§ Do not overwrite configuration files when running migrations. 7017
PDK
- π Now Kong does not leave plugin servers alive after exiting and does not try to start them in the unsupported stream subsystem. 6849
- π² Go does not cache
kong.log
methods 6701 - The
response
phase is included on the list of public phases 6638 - π Config file style and options case are now consistent all around. 6981
- β Added right protobuf MacOS path to enable external plugins in Homebrew installations. 6980
- Auto-escape upstream path to avoid proxying errors. 6978
- Ports are now declared as
Int
. 6994
π Plugins
- π oauth2: better handling more cases of client invalid token generation. 6594 Thanks jeremyjpj0916 for the patch!
- π Zipkin: the w3c parsing function was returning a non-used extra value, and it now early-exits. 100 Thanks nvx for the patch!
- π Zipkin: fixed a bug in which span timestamping could sometimes raise an error. 105 Thanks Asafb26 for the patch!