Kong changelog

Changelog History

Page 1

• v3.0.0 Changes

  🚀 > Released 2022/09/12

  🚀 This major release adds a new router written in Rust and a tracing API that is compatible with the OpenTelemetry API spec. Furthermore, 🐎 various internal changes have been made to improve Kong's performance 🚀 and memory consumption. As it is a major release, users are advised to review the list of braking changes to determine whether ⬆️ configuration changes are needed when upgrading.

  💥 Breaking Changes

  🚀 Deployment

  • 🚀 Blue-green deployment from Kong earlier than 2.1.0 is not supported, upgrade to 2.1.0 or later before upgrading to 3.0.0 to have blue-green deployment. Thank you [@marc-charpentier]((https://github.com/charpentier)) for reporting issue and proposing a pull-request. #8896
  • 🐧 Deprecate/stop producing Amazon Linux (1) containers and packages (EOLed December 31, 2020) Kong/docs.konghq.com #3966
  • 📦 Deprecate/stop producing Debian 8 "Jessie" containers and packages (EOLed June 2020) Kong/kong-build-tools #448 Kong/kong-distributions #766

  Core

  • Kong schema library's process_auto_fields function will not any more make a deep copy of data that is passed to it when the given context is "select". This was done to avoid excessive deep copying of tables where we believe the data most of the time comes from a driver like pgmoon or lmdb. If a custom plugin relied on process_auto_fields not overriding the given table, it must make its own copy before passing it to the function now. #8796
  • 🚚 The deprecated shorthands field in Kong Plugin or DAO schemas was removed in favor or the typed shorthand_fields. If your custom schemas still use shorthands, you need to update them to use shorthand_fields. #8815
  • 🚚 The support for legacy = true/false attribute was removed from Kong schemas and Kong field schemas. #8958
  • The deprecated alias of Kong.serve_admin_api was removed. If your custom Nginx templates still use it, please change it to Kong.admin_content. #8815
  • 🚚 The Kong singletons module "kong.singletons" was removed in favor of the PDK kong.*. #8874
  • 🚚 The dataplane config cache was removed. The config persistence is now done automatically with LMDB. #8704
  • ➕ ngx.ctx.balancer_address does not exist anymore, please use ngx.ctx.balancer_data instead. #9043
  • We have changed the normalization rules for route.path: Kong stores the unnormalized path, but regex path always pattern matches with the normalized URI. We used to replace percent-encoding in regex path pattern to ensure different forms of URI matches. That is no longer supported. Except for reserved characters defined in rfc3986, we should write all other characters without percent-encoding. #9024
  • Kong will no longer use an heuristic to guess whether a route.path is a regex pattern. From now 3.0 onwards, all regex paths must start with the "~" prefix, and all paths that don't start with "~" will be considered plain text. The migration process should automatically convert the regex paths when upgrading from 2.x to 3.0 #9027
  • Bumping version number (_format_version) of declarative configuration to "3.0" for changes on route.path. Declaritive configuration with older version are upgraded to "3.0" on the fly. #9078
  • ✂ Removed deprecated config.functions from serverless-functions plugin's schema, please use config.access phase instead. #8559
  • 🏷 Tags may now contain space characters. #9143
  • 🚀 The Secrets Management feature, which has been in beta since release 2.8.0, is now included as a regular feature. #8871 #9217

  Admin API

  • ⚡️ POST requests on Targets endpoint are no longer able to update existing entities, they are only able to create new ones. #8596, #8798. If you have scripts that use POST requests to modify Targets, you should change them to PUT requests to the appropriate endpoints before updating to Kong 3.0.
  • ⚡️ Insert and update operations on duplicated Targets returns 409. #8179, #8768
  • 🔌 The list of reported plugins available on the server now returns a table of metadata per plugin instead of a boolean true. #8810

  PDK

  • The kong.request.get_path() PDK function now performs path normalization on the string that is returned to the caller. The raw, non-normalized version of the request path can be fetched via kong.request.get_raw_path(). #8823
  • pdk.response.set_header(), pdk.response.set_headers(), pdk.response.exit() now ignore and emit warnings for manually set Transfer-Encoding headers. #8698
  • The PDK is no longer versioned #8585
  • The JavaScript PDK now returns Uint8Array for kong.request.getRawBody, kong.response.getRawBody and kong.service.response.getRawBody. The Python PDK returns bytes for kong.request.get_raw_body, kong.response.get_raw_body, kong.service.response.get_raw_body. All these funtions used to return strings in the past. #8623

  🔌 Plugins

  • 🔌 DAOs in plugins must be listed in an array, so that their loading order is explicit. Loading them in a hash-like table is no longer supported. #8988
  • 🔌 Plugins MUST now have a valid PRIORITY (integer) and VERSION ("x.y.z" format) field in their handler.lua file, otherwise the plugin will fail to load. #8836
  • 🚚 The old kong.plugins.log-serializers.basic library was removed in favor of the PDK function kong.log.serialize, please upgrade your plugins to use PDK. #8815
  • 🚚 The support for deprecated legacy plugin schemas was removed. If your custom plugins still use the old (0.x era) schemas, you are now forced to upgrade them. #8815
  • 🔌 Some plugins received new priority values. This is important for those who run custom plugins as it may affect the sequence your plugins are executed. Note that this does not change the order of execution for plugins in a standard kong installation. List of plugins and their old and new priority value:
    • acme changed from 1007 to 1705
    • basic-auth changed from 1001 to 1100
    • hmac-auth changed from 1000 to 1030
    • jwt changed from 1005 to 1450
    • key-auth changed from 1003 to 1250
    • ldap-auth changed from 1002 to 1200
    • oauth2 changed from 1004 to 1400
    • rate-limiting changed from 901 to 910
  • 🌲 HTTP-log: headers field now only takes a single string per header name, where it previously took an array of values #6992
  • AWS Lambda: aws_region field must be set through either plugin config or environment variables, allow both host and aws_region fields, and always apply SigV4 signature. #8082
  • Serverless Functions Removed deprecated config.functions, please use config.access instead. #8559
  • Serverless Functions: The pre-functions plugin changed priority from +inf to 1000000. #8836
  • JWT: The authenticated JWT is no longer put into the nginx context (ngx.ctx.authenticated_jwt_token). Custom plugins which depend on that value being set under that name must be updated to use Kong's shared context instead (kong.ctx.shared.authenticated_jwt_token) before upgrading to 3.0
  • Prometheus: The prometheus metrics have been reworked extensively for 3.0.
    • Latency has been split into 4 different metrics: kong_latency_ms, upstream_latency_ms and request_latency_ms (http) /tcp_session_duration_ms (stream). Buckets details below.
    • Separate out Kong Latency Bucket values and Upstream Latency Bucket values.
    • consumer_status removed.
    • request_count and consumer_status have been merged into just http_requests_total. If the per_consumer config is set false, the consumer label will be empty. If the per_consumer config is true, it will be filled.
    • http_requests_total has a new label source, set to either exit, error or service.
    • New Metric: node_info. Single gauge set to 1 that outputs the node's id and kong version.
    • All Memory metrics have a new label node_id
    • nginx_http_current_connections merged with nginx_stream_current_connection into nginx_current_connections #8712
  • Prometheus: The plugin doesn't export status codes, latencies, bandwidth and upstream healthcheck metrics by default. They can still be turned on manually by setting status_code_metrics, latency_metrics, bandwidth_metrics and upstream_health_metrics respectively. Enabling those metrics will impact the performance if you have a large volume of Kong entities, we recommend using the statsd plugin with the push model if that is the case. And now prometheus plugin new grafana dashboard updated #9028
  • ACME: allow_any_domain field added. It is default to false and if set to true, the gateway will ignore the domains field. #9047
  • Statsd:
    • The metric name that is related to the service has been renamed by adding a service. prefix. e.g. kong.service.<service_identifier>.request.count #9046
    • The metric kong.<service_identifier>.request.status.<status> and kong.<service_identifier>.user.<consumer_identifier>.request.status.<status> has been renamed to kong.service.<service_identifier>.status.<status> and kong.service.<service_identifier>.user.<consumer_identifier>.status.<status> #9046
    • The metric *.status.<status>.total from metrics status_count and status_count_per_user has been removed #9046
  • Proxy-cache: The plugin does not store the response data in ngx.ctx.proxy_cache_hit anymore. Logging plugins that need the response data must read it from kong.ctx.shared.proxy_cache_hit from Kong 3.0 on. #8607
  • Rate-limiting: The default policy is now local for all deployment modes. #9344
  • Response-rate-limiting: The default policy is now local for all deployment modes. #9344

  🗄 Deprecations

  • 🔌 The go_pluginserver_exe and go_plugins_dir directives are no longer supported. #8552. If you are using Go plugin server, please migrate your plugins to use the Go PDK before upgrading.
  • The migration helper library (mostly used for Cassandra migrations) is no longer supplied with Kong #8781
  • 🗄 The path_handling algorithm v1 is deprecated and only supported when router_flavor config option is set to traditional. #9290

  🔧 Configuration

  • The Kong constant CREDENTIAL_USERNAME with value of X-Credential-Username was removed. Kong plugins in general have moved (since #5516) to use constant CREDENTIAL_IDENTIFIER with value of X-Credential-Identifier when setting the upstream headers for a credential. #8815
  • Change the default of lua_ssl_trusted_certificate to system #8602 to automatically load trusted CA list from system CA store.
  • ✂ Remove a warning of AAAA being experimental with dns_order.
  • It is no longer possible to use a .lua format to import a declarative config from the kong command-line tool, only json and yaml are supported. If your update procedure with kong involves executing kong config db_import config.lua, please create a config.json or config.yml and use that before upgrading. #8898
  • We bumped the version number (_format_version) of declarative configuration to "3.0" because of changes on route.path. Declarative configuration with older version shoudl be upgraded to "3.0" on the fly. #9078

  Migrations

  • Postgres migrations can now have an up_f part like Cassandra migrations, designating a function to call. The up_f part is invoked after the up part has been executed against the database for both Postgres and Cassandra.
  • A new CLI command, kong migrations status, generates the status on a JSON file.

  Dependencies

  • ⬆️ Bumped OpenResty from 1.19.9.1 to 1.21.4.1 #8850
  • ⬆️ Bumped pgmoon from 1.13.0 to 1.15.0 #8908 #8429
  • ⬆️ Bumped OpenSSL from 1.1.1n to 1.1.1q #9074 #8544 #8752 #8994
  • ⬆️ Bumped resty.openssl from 0.8.8 to 0.8.10 #8592 #8753 #9023
  • ⬆️ Bumped inspect from 3.1.2 to 3.1.3 #8589
  • ⬆️ Bumped resty.acme from 0.7.2 to 0.8.1 #8680 #9165
  • ⬆️ Bumped luarocks from 3.8.0 to 3.9.1 #8700 #9204
  • ⬆️ Bumped luasec from 1.0.2 to 1.2.0 #8754 #8754
  • ⬆️ Bumped resty.healthcheck from 1.5.0 to 1.6.1 #8755 #9018 #9150
  • ⬆️ Bumped resty.cassandra from 1.5.1 to 1.5.2 #8845
  • ⬆️ Bumped penlight from 1.12.0 to 1.13.1 #9206
  • ⬆️ Bumped lua-resty-mlcache from 2.5.0 to 2.6.0 #9287

  ➕ Additions

  🐎 Performance

  • Do not register unnecessary event handlers on Hybrid mode Control Plane nodes #8452.
  • 🐎 Use the new timer library to improve performance, except for the plugin server. #8912
  • 0️⃣ Increased use of caching for DNS queries by activating additional_section by default #8895
  • pdk.request.get_header changed to a faster implementation, not to fetch all headers every time it's called #8716
  • 🔌 Conditional rebuilding of router, plugins iterator and balancer on DP #8519, #8671
  • Made config loading code more cooperative by yielding #8888
  • 👉 Use LuaJIT encoder instead of JSON to serialize values faster in LMDB #8942
  • 🚚 Move inflating and JSON decoding non-concurrent, which avoids blocking and makes DP reloads faster #8959
  • Stop duplication of some events #9082
  • 👌 Improve performance of config hash calculation by using string buffer and tablepool #9073
  • ⬇️ Reduce cache usage in dbless by not using the kong cache for Routes and Services in LMDB #8972

  Core

  • Implemented delayed response in stream mode #6878
  • ➕ Added cache_key on target entity for uniqueness detection. #8179
  • Introduced the tracing API which compatible with OpenTelemetry API spec and add build-in instrumentations. The tracing API is intend to be used with a external exporter plugin. Build-in instrumentation types and sampling rate are configuable through opentelemetry_tracing and opentelemetry_tracing_sampling_rate options. #8724
  • Added path, uri_capture, and query_arg options to upstream hash_on for load balancing. #8701
  • Introduced unix domain socket based lua-resty-events to replace shared memory based lua-resty-worker-events. #8890
  • Introduced a new router implementation atc-router, which is written in Rust. #8938
  • Introduce a new field for entities table_name that allows to specify a table name. Before the name was deduced by the entity name attribute. #9182
  • ➕ Added headers on active healthcheck for upstreams. #8255
  • Target entities using hostnames were resolved when they were not needed. Now when a target is removed or updated, the DNS record associated with it is removed from the list of hostnames to be resolved. #8497 9265
  • 👌 Improved error handling and debugging info in the DNS code #8902
  • Kong will now attempt to recover from an unclean shutdown by detecting and removing dangling unix sockets in the prefix directory #9254

  Admin API

  • ➕ Added a new API /timers to get the timer statistics. #8912 and worker info #8999
  • 🔌 / endpoint now includes plugin priority #8821

  Hybrid Mode

  • ➕ Add wRPC protocol support. Now configuration synchronization is over wRPC. wRPC is an RPC protocol that encodes with ProtoBuf and transports with WebSocket. #8357
  • To keep compatibility with earlier versions, add support for CP to fall back to the previous protocol to support old DP. #8834
  • ➕ Add support to negotiate services supported with wRPC protocol. We will support more services than config sync over wRPC in the future. #8926
  • Declarative config exports happen inside a transaction in Postgres #8586

  🔌 Plugins

  • 🔀 Sync all plugin versions to the Kong version #8772
  • Introduced the new OpenTelemetry plugin that export tracing instrumentations to any OTLP/HTTP compatible backend. opentelemetry_tracing configuration should be enabled to collect the core tracing spans of Kong. #8826
  • Zipkin: add support for including HTTP path in span name through configuration property http_span_name. #8150
  • Zipkin: add support for socket connect and send/read timeouts through configuration properties connect_timeout, send_timeout, and read_timeout. This can help mitigate ngx.timer saturation when upstream collectors are unavailable or slow. #8735
  • AWS-Lambda: add support for cross account invocation through configuration properties aws_assume_role_arn and aws_role_session_name.#8900 #8900
  • AWS-Lambda: accept string type statusCode as valid return when working in proxy integration mode. #8765
  • AWS-Lambda: separate aws credential cache by IAM role ARN #8907
  • Statsd: :fireworks: Newly open-sourced plugin capabilities: All capabilities of Statsd Advanced are now bundled in Statsd. #9046

  🔧 Configuration

  • 🔧 A new configuration item (openresty_path) has been added to allow developers/operators to specify the OpenResty installation to use when running Kong (instead of using the system-installed OpenResty) #8412
  • Add ipv6only to listen options (e.g. KONG_PROXY_LISTEN) #9225
  • Add so_keepalive to listen options (e.g. KONG_PROXY_LISTEN) #9225
  • ➕ Add LMDB dbless config persistence and removed the JSON based config cache for faster startup time #8670
  • nginx_events_worker_connections=auto has a lower bound of 1024 #9276
  • nginx_main_worker_rlimit_nofile=auto has a lower bound of 1024 #9276

  PDK

  • Added new PDK function: kong.request.get_start_time() #8688
  • kong.db.*.cache_key() falls back to .id if nothing from cache_key is found #8553

  🛠 Fixes

  Core

  • The schema validator now correctly converts null from declarative configurations to nil. #8483
  • ⏱ Only reschedule router and plugin iterator timers after finishing previous execution, avoiding unnecessary concurrent executions. #8567
  • 🔌 External plugins now handle returned JSON with null member correctly. #8611
  • 🛠 Fixed an issue where the address of the environ variable could change but the code didn't assumed it was fixed after init #8581
  • 🛠 Fix issue where the Go plugin server instance would not be updated after a restart (e.g., upon a plugin server crash). #8547
  • 🛠 Fixed an issue on trying to reschedule the DNS resolving timer when Kong was being reloaded. #8702
  • 🛰 The private stream API has been rewritten to allow for larger message payloads #8641
  • 🛠 Fixed an issue that the client certificate sent to upstream was not updated when calling PATCH Admin API #8934
  • Fixed an issue where the CP and wRPC modules would cause Kong to crash when calling export_deflated_reconfigure_payload without a pcall #8668
  • 🚚 Moved all .proto files to /usr/local/kong/include and ordered by priority. #8914
  • 🛠 Fixed an issue that cause unexpected 404 error on creating/updating configs with invalid options #8831
  • 🛠 Fixed an issue that causes crashes when calling some PDK APIs #8604
  • 🛠 Fixed an issue that cause crashes when go PDK calls return arrays #8891
  • 🔌 Plugin servers now shutdowns gracefully when Kong exits #8923
  • 0️⃣ CLI now prompts with [y/n] instead of [Y/n], as it does not take y as default #9114
  • 👌 Improved the error message when Kong cannot connect to Cassandra on init #8847
  • 🛠 Fixed an issue where Vault Subschema wasn't loaded in off strategy #9174
  • The Schema now runs select transformations before process_auto_fields #9049
  • 🛠 Fixed an issue where Kong would use too many timers to keep track of upstreams when worker_consistency=eventual #8694, #8858
  • 🛠 Fixed an issue where it wasn't possible to set target status using only a hostname for targets set only by their hostname #8797
  • 🛠 Fixed pagination issue when getting to the second page while iterationg over a foreign key field using the DAO #9255
  • 🛠 Fixed an issue where cache entries of some entities were not being properly invalidated after a cascade delete #9261
  • ⚙ Running kong start when Kong is already running will no longer clobber the existing .kong_env file #9254

  Admin API

  • 👌 Support HTTP/2 when requesting /status #8690

  🔌 Plugins

  • 🔌 Plugins with colliding priorities have now deterministic sorting based on their name #8957
  • 🔌 External Plugins: better handling of the logging when a plugin instance loses the instances_id in an event handler #8652
  • ACME: auth_method default value is set to token #8565
  • ACME: Added cache for domains_matcher #9048
  • syslog: conf.facility default value is now set to user #8564
  • AWS-Lambda: Removed proxy_scheme field from schema #8566
  • AWS-Lambda: Change path from request_uri to upstream_uri, fix uri can not follow the rule defined in the request-transformer configuration #9058 #9129
  • hmac-auth: Removed deprecated signature format using ngx.var.uri #8558
  • ✂ Remove deprecated blacklist/whitelist config fields from bot-detection, ip-restriction and ACL plugins. #8560
  • Zipkin: Correct the balancer spans' duration to include the connection time from Nginx to the upstream. #8848
  • Zipkin: Correct the calculation of the header filter start time #9230
  • Zipkin: Compatibility with the latest Jaeger header spec, which makes parent_id optional #8352
  • LDAP-Auth: Refactored ASN.1 parser using OpenSSL API through FFI. #8663
  • Rate-Limiting and Response-ratelimiting: Fix a disordered behaviour caused by pairs function which may cause Postgres DEADLOCK problem #8968
  • Response-rate-Limiting: Fix a disordered behaviour caused by pairs function which may cause Postgres DEADLOCK problem #8968
  • gRPC gateway: Fix the handling of boolean fields from URI arguments #9180
  • Serverless Functions: Fix problem that could result in a crash #9269
  • Azure-functions: Support working without dummy service #9177

  Clustering

  • The cluster listener now uses the value of admin_error_log for its log file instead of proxy_error_log #8583
  • 🛠 Fixed a typo in some business logic that checks the Kong role before setting a value in cache at startup #9060
  • 🛠 Fixed DP get zero size config while service with plugin-enabled route is disabled #8816
  • Localize config_version to avoid a race condition from the new yielding config loading code #8188

  PDK

  • 🔌 kong.response.get_source() now return an error instead of an exit when plugin throws runtime exception on access phase #8599
  • kong.tools.uri.normalize() now does escaping of reserved and unreserved characters more correctly #8140

• v2.8.1 Changes

  Dependencies

  • ⬆️ Bumped lua-resty-healthcheck from 1.5.0 to 1.5.1 #8584
  • ⬆️ Bumped OpenSSL from 1.1.1l to 1.1.1n #8635

  🛠 Fixes

  Core

  • ⏱ Only reschedule router and plugin iterator timers after finishing previous execution, avoiding unnecessary concurrent executions. #8634
  • 🔌 Implements conditional rebuilding of router, plugins iterator and balancer on data planes. This means that DPs will not rebuild router if there were no changes in routes or services. Similarly, the plugins iterator will not be rebuilt if there were no changes to plugins, and, finally, the balancer will not be reinitialized if there are no changes to upstreams or targets. #8639

• v2.8.0 Changes

  🗄 Deprecations

  • 🔌 The external go-pluginserver project 🗄 is considered deprecated in favor of the embedded server approach described in 🔌 the docs.

  Dependencies

  • OpenSSL bumped to 1.1.1m #8191
  • ⬆️ Bumped resty.session from 3.8 to 3.10 #8294
  • ⬆️ Bumped lua-resty-openssl to 0.8.5 #8368

  ➕ Additions

  Core

  • Customizable transparent dynamic TLS SNI name. Thanks, @zhangshuaiNB! #8196
  • 👍 Routes now support matching headers with regular expressions Thanks, @vanhtuan0409! #6079

  Beta

  • 👍 Secrets Management and Vault support as been introduced as a Beta feature. This means it is intended for testing in staging environments. It not intended for use in Production environments. You can read more about Secrets Management in our docs page. #8403

  🐎 Performance

  • 👌 Improved the calculation of declarative configuration hash for big configurations The new method is faster and uses less memory #8204
  • Multiple improvements in the Router. Amongst others:
    • The router builds twice as fast compared to prior Kong versions
    • Failures are cached and discarded faster (negative caching)
    • Routes with header matching are cached These changes should be particularly noticeable when rebuilding on db-less environments #8087 #8010
  • Prometheus plugin export performance is improved, it now has less impact to proxy side traffic when being scrapped. #9028

  🔌 Plugins

  • Response-ratelimiting: Redis ACL support, and genenarized Redis connection support for usernames. Thanks, @27ascii for the original contribution! #8213
  • ACME: Add rsa_key_size config option Thanks, lodrantl! #8114
  • Prometheus: Added gauges to track ngx.timer.running_count() and ngx.timer.pending_count() #8387

  Clustering

  • CLUSTERING_MAX_PAYLOAD is now configurable in kong.conf Thanks, @andrewgkew! #8337

  Admin API

  • 🔧 The current declarative configuration hash is now returned by the status endpoint when Kong node is running in dbless or data-plane mode. #8214 #8425

  🛠 Fixes

  Core

  • When the Router encounters an SNI FQDN with a trailing dot (.), the dot will be ignored, since according to RFC-3546 said dot is not part of the hostname. #8269
  • 🛠 Fixed a bug in the Router that would not prioritize the routes with both a wildcard and a port (route.*:80) over wildcard-only routes (route.*), which have less specificity #8233
  • The internal DNS client isn't confused by the single-dot (.) domain which can appear in /etc/resolv.conf in special cases like search . #8307
  • Cassandra connector now records migration consistency level. Thanks, @mpenick! #8226

  Balancer

  • ⚡️ Targets keep their health status when upstreams are updated. #8394
  • 🌲 One debug message which was erroneously using the error log level has been downgraded to the appropiate debug log level. #8410

  Clustering

  • Replaced cryptic error message with more useful one when there is a failure on SSL when connecting with CP: #8260

  Admin API

  • 🛠 Fix incorrect next field in when paginating Upstreams #8249

  PDK

  • Phase names are correctly selected when performing phase checks #8208
  • 🛠 Fixed a bug in the go-PDK where if kong.request.getrawbody was big enough to be buffered into a temporary file, it would return an an empty string. #8390

  🔌 Plugins

  • 🔌 External Plugins: Fixed incorrect handling of the Headers Protobuf Structure and representation of null values, which provoked an error on init with the go-pdk. #8267
  • 🔌 External Plugins: Unwrap ConsumerSpec and AuthenticateArgs. Thanks, @raptium! #8280
  • 🔌 External Plugins: Fixed a problem in the stream subsystem would attempt to load HTTP headers. #8414
  • CORS: The CORS plugin does not send the Vary: Origin header any more when the header Access-Control-Allow-Origin is set to *. Thanks, @jkla-dr! #8401
  • AWS-Lambda: Fixed incorrect behavior when configured to use an http proxy and deprecated the proxy_scheme config attribute for removal in 3.0 #8406
  • oauth2: The plugin clears the X-Authenticated-UserId and X-Authenticated-Scope headers when it configured in logical OR and is used in conjunction with another authentication plugin. #8422
  • Datadog: The plugin schema now lists the default values for configuration options in a single place instead of in two separate places. #8315

• v2.7.1 Changes

  🛠 Fixes

  • ⏱ Reschedule resolve timer only when the previous one has finished. #8344
  • 🔌 Plugins, and any entities implemented with subchemas, now can use the transformations and shorthand_fields properties, which were previously only available for non-subschema entities. #8146

• v2.7.0 Changes

  Dependencies

  • ⬆️ Bumped kong-plugin-session from 0.7.1 to 0.7.2 #7910
  • ⬆️ Bumped resty.openssl from 0.7.4 to 0.7.5 #7909
  • ⬆️ Bumped go-pdk used in tests from v0.6.0 to v0.7.1 #7964
  • 🚚 Cassandra support is deprecated with 2.7 and will be fully removed with 4.0.

  ➕ Additions

  🔧 Configuration

  • 🚚 Deprecated the worker_consistency directive, and changed its default to eventual. Future versions of Kong will remove the option and act with eventual consistency only.

  🐎 Performance

  🚀 In this release we continued our work on better performance:

  • 👌 Improved the plugin iterator performance and JITability #7912 #7979
  • 🐎 Simplified the Kong core context read and writes for better performance #7919
  • ⬇️ Reduced proxy long tail latency while reloading DB-less config #8133

  Core

  • 🔌 DAOs in plugins must be listed in an array, so that their loading order is explicit. Loading them in a hash-like table is now deprecated. #7942
  • 👉 Postgres credentials pg_user and pg_password, and pg_ro_user and pg_ro_password now support automatic secret rotation when used together with Kong Secrets Management vault references. #8967

  PDK

  • New functions: kong.response.get_raw_body and kong.response.set_raw_body #7887

  🔌 Plugins

  • IP-Restriction: response status and message can now be customized through configurations status and message. #7728 Thanks timmkelley for the patch!
  • Datadog: add support for the distribution metric type. #6231 Thanks onematchfox for the patch!
  • Datadog: allow service, consumer, and status tags to be customized through plugin configurations service_tag, consumer_tag, and status_tag. #6230 Thanks onematchfox for the patch!
  • gRPC Gateway and gRPC Web: Now share most of the ProtoBuf definitions. Both plugins now share the Timestamp transcoding and included .proto files features. #7950
  • gRPC Gateway: processes services and methods defined in imported .proto files. #8107
  • Rate-Limiting: add support for Redis SSL, through configuration properties redis_ssl (can be set to true or false), ssl_verify, and ssl_server_name. #6737 Thanks gabeio for the patch!
  • LDAP: basic authentication header was not parsed correctly when the password contained colon (:). #7977 Thanks beldahanit for reporting the issue!
  • 🚚 Old BasePlugin is deprecated and will be removed in a future version of Kong. Porting tips in the documentation
  • 🔌 The deprecated BasePlugin has been removed. #7961

  🔧 Configuration

  • ✂ Removed the following config options, which had been deprecated in previous versions, in favor of other config names. If you have any of these options in your config you will have to rename them: (removed option -> current option).
    • upstream_keepalive -> nginx_upstream_keepalive + nginx_http_upstream_keepalive
    • nginx_http_upstream_keepalive -> nginx_upstream_keepalive
    • nginx_http_upstream_keepalive_requests -> nginx_upstream_keepalive_requests
    • nginx_http_upstream_keepalive_timeout -> nginx_upstream_keepalive_timeout
    • nginx_http_upstream_directives -> nginx_upstream_directives
    • nginx_http_status_directives -> nginx_status_directives
    • nginx_upstream_keepalive -> upstream_keepalive_pool_size
    • nginx_upstream_keepalive_requests -> upstream_keepalive_max_requests
    • nginx_upstream_keepalive_timeout -> upstream_keepalive_idle_timeout
    • client_max_body_size -> nginx_http_client_max_body_size
    • client_body_buffer_size -> nginx_http_client_max_buffer_size
    • cassandra_consistency -> cassandra_write_consistency / cassandra_read_consistency
    • router_update_frequency -> worker_state_update_frequency
  • ✂ Removed the nginx_optimizations config option. If you have it in your configuration, please remove it before updating to 3.0.

  🛠 Fixes

  Core

  • 🔧 Balancer caches are now reset on configuration reload. #7924
  • 🔧 Configuration reload no longer causes a new DNS-resolving timer to be started. #7943
  • 🛠 Fixed problem when bootstrapping multi-node Cassandra clusters, where migrations could attempt insertions before schema agreement occurred. #7667
  • 🛠 Fixed intermittent botting error which happened when a custom plugin had inter-dependent entity schemas on its custom DAO and they were loaded in an incorrect order #7911
  • 🛠 Fixed problem when the consistent hash header is not found, the balancer tries to hash a nil value. #8141
  • Fixed DNS client fails to resolve unexpectedly in ssl_cert and ssl_session_fetch phases. #8161

  PDK

  • 🌲 kong.log.inspect log level is now debug instead of warn. It also renders text boxes more cleanly now #7815

  🔌 Plugins

  • Prometheus: Control Plane does not show Upstream Target health metrics #7992

  Dependencies

  • ⬆️ Bumped lua-pack from 1.0.5 to 2.0.0 #8004

  Back to TOC

• v2.6.0 Changes

  🚀 > Release date: 2021/10/04

  Dependencies

  • ⬆️ Bumped openresty from 1.19.3.2 to 1.19.9.1 #7430
  • ⬆️ Bumped openssl from 1.1.1k to 1.1.1l 7767
  • ⬆️ Bumped lua-resty-http from 0.15 to 0.16.1 #7797
  • ⬆️ Bumped Penlight to 1.11.0 #7736
  • ⬆️ Bumped lua-resty-http from 0.15 to 0.16.1 #7797
  • ⬆️ Bumped lua-protobuf from 0.3.2 to 0.3.3 #7656
  • ⬆️ Bumped lua-resty-openssl from 0.7.3 to 0.7.4 #7657
  • ⬆️ Bumped lua-resty-acme from 0.6 to 0.7.1 #7658
  • ⬆️ Bumped grpcurl from 1.8.1 to 1.8.2 #7659
  • ⬆️ Bumped luasec from 1.0.1 to 1.0.2 #7750
  • ⬆️ Bumped lua-resty-ipmatcher to 0.6.1 #7703 Thanks EpicEric for the patch!

  🚚 All Kong Gateway OSS plugins will be moved from individual repositories and centralized into the main Kong Gateway (OSS) repository. We are making a gradual transition. On this 🚀 release:

  • 🚚 Moved AWS-Lambda inside the Kong repo #7464.
  • 🚚 Moved ACME inside the Kong repo #7464.
  • 🚚 Moved Prometheus inside the Kong repo #7666.
  • 🚚 Moved Session inside the Kong repo #7738.
  • 🚚 Moved GRPC-web inside the Kong repo #7782.
  • 🚚 Moved Serverless functions inside the Kong repo #7792.

  ➕ Additions

  Core

  • 🆕 New schema entity validator: mutually_exclusive. It accepts a list of fields. If more than 1 of those fields is set simultaneously, the entity is considered invalid. #7765

  🐎 Performance

  🚀 On this release we've done some special efforts with regards to performance.

  🐎 There's a new performance workflow which periodically checks new code additions against some typical scenarios #7030 #7547

  🐎 In addition to that, the following changes were specifically included to improve performance:

  • ⬇️ Reduced unnecessary reads of ngx.var #7840
  • Loaded more indexed variables #7849
  • ⚡️ Optimized table creation in Balancer #7852
  • ⚡️ Reduce calls to ngx.update_time #7853
  • 👉 Use read-only replica for PostgreSQL meta-schema reading #7454
  • URL escaping detects cases when it's not needed and early-exits #7742
  • Accelerated variable loading via indexes #7818
  • ✂ Removed unnecessary call to get_phase in balancer #7854

  🔧 Configuration

  • 👍 Enable IPV6 on dns_order as unsupported experimental feature. Please give it a try and report back any issues #7819.
  • The template renderer can now use os.getenv #6872.

  Hybrid Mode

  • Data plane is able to eliminate some unknown fields when Control Plane is using a more modern version #7827.

  Admin API

  • ➕ Added support for the HTTP HEAD method for all Admin API endpoints #7796
  • ➕ Added better support for OPTIONS requests. Previously, the Admin API replied the same on all OPTIONS requests, where as now OPTIONS request will only reply to routes that our Admin API has. Non-existing routes will have a 404 returned. It also adds Allow header to responses, both Allow and Access-Control-Allow-Methods now contain only the methods that the specific API supports. #7830

  🔌 Plugins

  • AWS-Lambda: The plugin will now try to detect the AWS region by using AWS_REGION and AWS_DEFAULT_REGION environment variables (when not specified with the plugin configuration). This allows to specify a 'region' on a per Kong node basis, hence adding the ability to invoke the Lamda in the same region where Kong is located. #7765
  • Datadog: host and port config options can be configured from environment variables KONG_DATADOG_AGENT_HOST and KONG_DATADOG_AGENT_PORT. This allows to set different destinations on a per Kong node basis, which makes multi-DC setups easier and in Kubernetes allows to run the datadog agents as a daemon-set. #7463 Thanks rallyben for the patch!
  • Prometheus: A new metric data_plane_cluster_cert_expiry_timestamp is added to expose the Data Plane's cluster_cert expiry timestamp for improved monitoring in Hybrid Mode. #7800.

  Request Termination:

  • 🆕 New trigger config option, which makes the plugin only activate for any requests with a header or query parameter named like the trigger. This can be a great debugging aid, without impacting actual traffic being processed. #6744.
  • 🔌 The request-echo config option was added. If set, the plugin responds with a copy of the incoming request. This eases troubleshooting when Kong is behind one or more other proxies or LB's, especially when combined with the new 'trigger' option. #6744.

  GRPC-Gateway:

  • Fields of type .google.protobuf.Timestamp on the gRPC side are now transcoded to and from ISO8601 strings in the REST side. #7538
  • URI arguments like ..?foo.bar=x&foo.baz=y are interpreted as structured fields, equivalent to {"foo": {"bar": "x", "baz": "y"}} #7564 Thanks git-torrent for the patch!

  🛠 Fixes

  Core

  • Balancer retries now correctly set the :authority pseudo-header on balancer retries #7725.
  • Healthchecks are now stopped while the Balancer is being recreated #7549.
  • 🛠 Fixed an issue in which a malformed Accept header could cause unexpected HTTP 500 #7757.
  • 🚚 Kong no longer removes Proxy-Authentication request header and Proxy-Authenticate response header #7724.
  • 🛠 Fixed an issue where Kong would not sort correctly Routes with both regex and prefix paths #7695 Thanks jiachinzhao for the patch!

  Hybrid Mode

  • Ensure data plane config thread is terminated gracefully, preventing a semi-deadlocked state #7568 Thanks flrgh for the patch!
  • 🔌 Older data planes using aws-lambda, grpc-web or request-termination plugins can now talk with newer control planes by ignoring new plugin fields. #7881

  CLI

  • 🔌 kong config parse no longer crashes when there's a Go plugin server enabled #7589.

  🔧 Configuration

  • 🔧 Declarative Configuration parser now prints more correct errors when pointing unknown foreign references #7756.
  • 🔧 YAML anchors in Declarative Configuration are properly processed #7748.

  Admin API

  • GET /upstreams/:upstreams/targets/:target no longer returns 404 when target weight is 0 #7758.

  PDK

  • kong.response.exit now uses customized "Content-Length" header when found #7828.

  🔌 Plugins

  • ACME: Dots in wildcard domains are escaped #7839.
  • Prometheus: Upstream's health info now includes previously missing subsystem field #7802.
  • Proxy-Cache: Fixed an issue where the plugin would sometimes fetch data from the cache but not return it #7775 Thanks agile6v for the patch!

  Back to TOC

• v2.5.1 Changes

  🚀 > Release date: 2021/09/07

  🚀 This is the first patch release in the 2.5 series. Being a patch release, 🛠 it strictly contains bugfixes. There are no new features or breaking changes.

  Dependencies

  • ⬆️ Bumped grpcurl from 1.8.1 to 1.8.2 #7659
  • ⬆️ Bumped lua-resty-openssl from 0.7.3 to 0.7.4 #7657
  • ⬆️ Bumped penlight from 1.10.0 to 1.11.0 #7736
  • ⬆️ Bumped luasec from 1.0.1 to 1.0.2 #7750
  • ⬆️ Bumped OpenSSL from 1.1.1k to 1.1.1l #7767

  🛠 Fixes

  Core

  • You can now successfully delete workspaces after deleting all entities associated with that workspace. Previously, Kong Gateway was not correctly cleaning up parent-child relationships. For example, creating an Admin also creates a Consumer and RBAC user. When deleting the Admin, the Consumer and RBAC user are also deleted, but accessing the /workspaces/workspace_name/meta endpoint would show counts for Consumers and RBAC users, which prevented the workspace from being deleted. Now deleting entities correctly updates the counts, allowing an empty workspace to be deleted. #7560
  • When an upstream event is received from the DAO, handler.lua now gets the workspace ID from the request and adds it to the upstream entity that will be used in the worker and cluster events. Before this change, when posting balancer CRUD events, the workspace ID was lost and the balancer used the default workspace ID as a fallback. #7778

  CLI

  • 🛠 Fixes regression that included an issue where Go plugins prevented CLI commands like kong config parse or kong config db_import from working as expected. #7589

  CI / Process

  • 👌 Improves tests reliability. (#7578 #7704)
  • ➕ Adds Github Issues template forms. #7774
  • 🚚 Moves "Feature Request" link from Github Issues to Discussions. #7777

  Admin API

  • Kong Gateway now validates workspace names, preventing the use of reserved names on workspaces. #7380

  Back to TOC

• v2.5.0 Changes

  🚀 > Release date: 2021-07-13

  🚀 This is the final release of Kong 2.5.0, with no breaking changes with respect to the 2.x series.

  🚀 This release includes Control Plane resiliency to database outages and the new declarative_config_string config option, among other features and fixes.

  Distribution

  • 📦 :warning: Since 2.4.1, Kong packages are no longer distributed through Bintray. Please visit the installation docs for more details.

  Dependencies

  • ⬆️ Bumped openresty from 1.19.3.1 to 1.19.3.2 #7430
  • ⬆️ Bumped luasec from 1.0 to 1.0.1 #7126
  • ⬆️ Bumped luarocks from 3.5.0 to 3.7.0 #7043
  • ⬆️ Bumped grpcurl from 1.8.0 to 1.8.1 #7128
  • ⬆️ Bumped penlight from 1.9.2 to 1.10.0 #7127
  • ⬆️ Bumped lua-resty-dns-client from 6.0.0 to 6.0.2 #7539
  • ⬆️ Bumped kong-plugin-prometheus from 1.2 to 1.3 #7415
  • ⬆️ Bumped kong-plugin-zipkin from 1.3 to 1.4 #7455
  • ⬆️ Bumped lua-resty-openssl from 0.7.2 to 0.7.3 #7509
  • ⬆️ Bumped lua-resty-healthcheck from 1.4.1 to 1.4.2 #7511
  • ⬆️ Bumped hmac-auth from 2.3.0 to 2.4.0 #7522
  • 📌 Pinned lua-protobuf to 0.3.2 (previously unpinned) #7079

  🚚 All Kong Gateway OSS plugins will be moved from individual repositories and centralized into the main Kong Gateway (OSS) repository. We are making a gradual transition, starting with the 🔌 grpc-gateway plugin first:

  • 🚚 Moved grpc-gateway inside the Kong repo. #7466

  ➕ Additions

  Core

  • ⚡️ Control Planes can now send updates to new data planes even if the control planes lose connection to the database. #6938
  • Kong now automatically adds cluster_cert(cluster_mtls=shared) or cluster_ca_cert(cluster_mtls=pki) into lua_ssl_trusted_certificate when operating in Hybrid mode. Before, Hybrid mode users needed to configure lua_ssl_trusted_certificate manually as a requirement for Lua to verify the Control Plane’s certificate. See Starting Data Plane Nodes in the Hybrid Mode guide for more information. #7044
  • New declarative_config_string option allows loading a declarative config directly from a string. See the Loading The Declarative Configuration File section of the DB-less and Declarative Configuration guide for more information. #7379

  PDK

  • The Kong PDK now accepts tables in the response body for Stream subsystems, just as it does for the HTTP subsystem. Before developers had to check the subsystem if they wrote code that used the exit() function before calling it, because passing the wrong argument type would break the request response. #7082

  🔌 Plugins

  • hmac-auth: The HMAC Authentication plugin now includes support for the @request-target field in the signature string. Before, the plugin used the request-line parameter, which contains the HTTP request method, request URI, and the HTTP version number. The inclusion of the HTTP version number in the signature caused requests to the same target but using different request methods(such as HTTP/2) to have different signatures. The newly added request-target field only includes the lowercase request method and request URI when calculating the hash, avoiding those issues. See the HMAC Authentication documentation for more information. #7037
  • syslog: The Syslog plugin now includes facility configuration options, which are a way for the plugin to group error messages from different sources. See the description for the facility parameter in the Parameters section of the Syslog documentation for more information. #6081. Thanks, jideel!
  • Prometheus: The Prometheus plugin now exposes connected data planes' status on the control plane. New metrics include the following: data_plane_last_seen, data_plane_config_hash and data_plane_version_compatible. These metrics can be useful for troubleshooting when data planes have inconsistent configurations across the cluster. See the Available metrics section of the Prometheus plugin documentation for more information. 98
  • Zipkin: The Zipkin plugin now includes the following tags: kong.route,kong.service_name and kong.route_name. See the Spans section of the Zipkin plugin documentation for more information. 115

  Hybrid Mode

  • 👍 Kong now exposes an upstream health checks endpoint (using the status API) on the data plane for better observability. #7429
  • 👀 Control Planes are now more lenient when checking Data Planes' compatibility in Hybrid mode. See the Version compatibility section of the Hybrid Mode guide for more information. #7488
  • 🚀 This release starts the groundwork for Hybrid Mode 2.0 Protocol. This code isn't active by default in Kong 2.5, but it allows future development. #7462

  🛠 Fixes

  Core

  • When using DB-less mode, select_by_cache_key now finds entities by using the provided field directly in select_by_key and does not complete unnecessary cache reads. #7146
  • 🔌 Kong can now finish initialization even if a plugin’s init_worker handler fails, improving stability. #7099
  • TLS keepalive requests no longer share their context. Before when two calls were made to the same "server+hostname" but different routes and using a keepalive connection, plugins that were active in the first call were also sometimes (incorrectly) active in the second call. The wrong plugin was active because Kong was passing context in the SSL phase to the plugin iterator, creating connection-wide structures in that context, which was then shared between different keepalive requests. With this fix, Kong does not pass context to plugin iterators with the certificate phase, avoiding plugin mixups.#7102
  • The HTTP status 405 is now handled by Kong's error handler. Before accessing Kong using the TRACE method returned a standard NGINX error page because the 405 wasn’t included in the error page settings of the NGINX configuration. #6933. Thanks, yamaken1343!
  • ⚡️ Custom ngx.sleep implementation in init_worker phase now invokes update_time in order to prevent time-based deadlocks #7532
  • Proxy-Authorization header is removed when it is part of the original request or when a plugin sets it to the same value as the original request #7533
  • 🔌 HEAD requests don't provoke an error when a Plugin implements the response phase #7535

  Hybrid Mode

  • Control planes no longer perform health checks on CRUD upstreams’ and targets’ events. #7085
  • To prevent unnecessary cache flips on data planes, Kong now checks dao:crud events more strictly and has a new cluster event, clustering:push_config for configuration pushes. These updates allow Kong to filter invalidation events that do not actually require a database change. Furthermore, the clustering module does not subscribe to the generic invalidations event, which has a more broad scope than database entity invalidations. #7112
  • Data Planes ignore null fields coming from Control Planes when doing schema validation. #7458
  • 🔊 Kong now includes the source in error logs produced by Control Planes. #7494
  • Data Plane config hash calculation and checking is more consistent now: it is impervious to changes in table iterations, hashes are calculated in both CP and DP, and DPs send pings more immediately and with the new hash now #7483

  Balancer

  • All targets are returned by the Admin API now, including targets with a weight=0, or disabled targets. Before disabled targets were not included in the output when users attempted to list all targets. Then when users attempted to add the targets again, they recieved an error message telling them the targets already existed. #7094
  • ⚡️ Upserting existing targets no longer fails. Before, because of updates made to target configurations since Kong v2.2.0, upserting older configurations would fail. This fix allows older configurations to be imported. #7052
  • The last balancer attempt is now correctly logged. Before balancer tries were saved when retrying, which meant the last retry state was not saved since there were no more retries. This update saves the failure state so it can be correctly logged. #6972
  • ⚡️ Kong now ensures that the correct upstream event is removed from the queue when updating the balancer state. #7103

  CLI

  • The prefix argument in the kong stop command now takes precedence over environment variables, as it does in the kong start command. #7080

  🔧 Configuration

  • 🔧 Declarative configurations now correctly parse custom plugin entities schemas with attributes called "plugins". Before when using declarative configurations, users with custom plugins that included a "plugins" field would encounter startup exceptions. With this fix, the declarative configuration can now distinguish between plugins schema and custom plugins fields. #7412
  • 🔧 The stream access log configuration options are now properly separated from the HTTP access log. Before when users used Kong with TCP, they couldn’t use a custom log format. With this fix, proxy_stream_access_log and proxy_stream_error_log have been added to differentiate stream access log from the HTTP subsystem. See proxy_stream_access_log and proxy_stream_error in the Configuration Property Reference for more information. #7046

  Migrations

  • Kong no longer assumes that /?/init.lua is in the Lua path when doing migrations. Before, when users created a custom plugin in a non-standard location and set lua_package_path = /usr/local/custom/?.lua, migrations failed. Migrations failed because the Kong core file is init.lua and it is required as part of kong.plugins.<name>.migrations. With this fix, migrations no longer expect init.lua to be a part of the path. #6993
  • Kong no longer emits errors when doing ALTER COLUMN operations in Apache Cassandra 4.0. #7490

  PDK

  • ⚡️ With this update, kong.response.get_XXX() functions now work in the log phase on external plugins. Before kong.response.get_XXX() functions required data from the response object, which was not accessible in the post-log timer used to call log handlers in external plugins. Now these functions work by accessing the required data from the set saved at the start of the log phase. See kong.response in the Plugin Development Kit for more information. #7048
  • 🔌 External plugins handle certain error conditions better while the Kong balancer is being refreshed. Before when an instance_id of an external plugin changed, and the plugin instance attempted to reset and retry, it was failing because of a typo in the comparison. #7153. Thanks, ealogar!
  • 🚀 With this release, kong.log's phase checker now accounts for the existence of the new response pseudo-phase. Before users may have erroneously received a safe runtime error for using a function out-of-place in the PDK. #7109
  • Kong no longer sandboxes the string.rep function. Before string.rep was sandboxed to disallow a single operation from allocating too much memory. However, a single operation allocating too much memory is no longer an issue because in LuaJIT there are no debug hooks and it is trivial to implement a loop to allocate memory on every single iteration. Additionally, since the string table is global and obtainable by any sandboxed string, its sandboxing provoked issues on global state. #7167
  • The kong.pdk.node function can now correctly iterates over all the shared dict metrics. Before this fix, users using the kong.pdk.node function could not see all shared dict metrics under the Stream subsystem. #7078

  🔌 Plugins

  • 🚚 All custom plugins that are using the deprecated BasePlugin class have to remove this inheritance.
  • LDAP-auth: The LDAP Authentication schema now includes a default value for the config.ldap_port parameter that matches the documentation. Before the plugin documentation Parameters section included a reference to a default value for the LDAP port; however, the default value was not included in the plugin schema. #7438
  • Prometheus: The Prometheus plugin exporter now attaches subsystem labels to memory stats. Before, the HTTP and Stream subsystems were not distinguished, so their metrics were interpreted as duplicate entries by Prometheus. https://github.com/Kong/kong-plugin-prometheus/pull/118
  • 🔌 External Plugins: the return code 127 (command not found) is detected and appropriate error is returned #7523

• v2.4.1 Changes

  🚀 > Released 2021/05/11

  🚀 This is a patch release in the 2.4 series. Being a patch release, it 🛠 strictly contains bugfixes. There are no new features or breaking changes.

  Distribution

  • 🚀 :warning: Starting with this release, Kong packages are no longer distributed through Bintray. Please download from download.konghq.com.

  Dependencies

  • ⬆️ Bump luasec from 1.0.0 to 1.0.1 #7126
  • ⬆️ Bump prometheus plugin from 1.2.0 to 1.2.1 #7061

  🛠 Fixes

  Core

  • Ensure healthchecks and balancers are not created on control plane nodes. #7085
  • ⚡️ Optimize URL normalization code. #7100
  • 🛠 Fix issue where control plane nodes would needlessly invalidate and send new configuration to data plane nodes. #7112
  • Ensure HTTP code 405 is handled by Kong's error page. #6933
  • 🔌 Ensure errors in plugins init_worker do not break Kong's worker initialization. #7099
  • 🛠 Fix issue where two subsequent TLS keepalive requests would lead to incorrect plugin execution. #7102
  • Ensure Targets upsert operation behaves similarly to other entities' upsert method. #7052
  • 🌲 Ensure failed balancer retry is saved and accounted for in log data. #6972

  CLI

  • Ensure kong start and kong stop prioritize CLI flag --prefix over environment variable KONG_PREFIX. #7080

  🔧 Configuration

  • 🔧 Ensure Stream subsystem allows for configuration of access logs format. #7046

  Admin API

  • Ensure targets with weight 0 are displayed in the Admin API. #7094

  PDK

  • Ensure new response phase is accounted for in phase checkers. #7109

  🔌 Plugins

  • 🔌 Ensure plugins written in languages other than Lua can use kong.response.get_* methods - e.g., kong.response.get_status. #7048
  • hmac-auth: enable JIT compilation of authorization header regex. #7037

  Back to TOC

• v2.4.0 Changes

  🚀 > Released 2021/04/06

  🚀 This is the final release of Kong 2.4.0, with no breaking changes with respect to the 2.x series. 🚀 This release includes JavaScript PDK, improved CP/DP updates and UTF-8 Tags, amongst other improvements 🛠 and fixes.

  Dependencies

  • ⚠ :warning: For Kong 2.4, the required OpenResty version has been bumped to 1.19.3.1, and the set of patches included has changed, including the latest release of lua-kong-nginx-module. If you are installing Kong from one of our distribution packages, you are not affected by this change.

  Note: if you are not using one of our distribution packages and compiling OpenResty from source, you must still apply Kong's OpenResty 🏗 patches (and, as highlighted above, compile OpenResty with the new 🏗 lua-kong-nginx-module). Our kong-build-tools repository will allow you to do both easily.

  • ⬆️ Bump luarocks from 3.4.0 to 3.5.0. #6699
  • ⬆️ Bump luasec from 0.9 to 1.0. #6814
  • ⬆️ Bump lua-resty-dns-client from 5.2.1 to 6.0.0. #6999
  • ⬆️ Bump kong-lapis from 1.8.1.2 to 1.8.3.1. #6925
  • ⬆️ Bump pgmoon from 1.11.0 to 1.12.0. #6741
  • ⬆️ Bump lua-resty-openssl from 0.6.9 to 0.7.2. #6967
  • ⬆️ Bump kong-plugin-zipkin from 1.2 to 1.3. #6936
  • ⬆️ Bump kong-prometheus-plugin from 1.0 to 1.2. #6958
  • ⬆️ Bump lua-cassandra from 1.5.0 to 1.5.1 #6857
  • ⬆️ Bump luasyslog from 1.0.0 to 2.0.1 #6957

  ➕ Additions

  Core

  • 😌 Relaxed version check between Control Planes and Data Planes, allowing Data Planes that are missing minor updates to still connect to the Control Plane. Also, now Data Plane is allowed to have a superset of Control Plane plugins. 6932
  • 👍 Allowed UTF-8 in Tags 6784
  • ➕ Added support for Online Certificate Status Protocol responder found in cluster. 6887

  PDK

  • 🔌 JavaScript Plugin Development Kit (PDK) is released alongside with Kong 2.4. It allows users to write Kong plugins in JavaScript and TypeScript.
  • 🚀 Beta release of Protobuf plugin communication protocol, which can be used in place of MessagePack to communicate with non-Lua plugins. 6941
  • 🔌 Enabled ssl_certificate phase on plugins with stream module. 6873

  🔌 Plugins

  • 💅 Zipkin: support for Jaeger style uber-trace-id headers. 101 Thanks nvx for the patch!
  • 👍 Zipkin: support for OT headers. 103 Thanks ishg for the patch!
  • Zipkin: allow insertion of custom tags on the Zipkin request trace. 102
  • Zipkin: creation of baggage items on child spans is now possible. 98 Thanks Asafb26 for the patch!
  • 👍 JWT: Add ES384 support 6854 Thanks pariviere for the patch!
  • 🔌 Several plugins: capability to set new log fields, or unset existing fields, by executing custom Lua code in the Log phase. 6944

  🛠 Fixes

  Core

  • 🔄 Changed default values and validation rules for plugins that were not well-adjusted for dbless or hybrid modes. 6885
  • Kong 2.4 ensures that all the Core entities are loaded before loading any plugins. This fixes an error in which Plugins to could not link to or modify Core entities because they would not be loaded yet 6880
  • ⚡️ If needed, Host header is now updated between balancer retries, using the value configured in the correct upstream entity. 6796
  • 🌲 Schema validations now log more descriptive error messages when types are invalid. 6593 Thanks WALL-E for the patch!
  • Kong now ignores tags in Cassandra when filtering by multiple entities, which is the expected behavior and the one already existent when using Postgres databases. 6931
  • ⬆️ Upgrade header is not cleared anymore when response Connection header contains Upgrade. 6929
  • Accept fully-qualified domain names ending in dots. 6864
  • Kong does not try to warmup upstream names when warming up DNS entries. 6891
  • Migrations order is now guaranteed to be always the same. 6901
  • ⬆️ Buffered responses are disabled on connection upgrades. 6902
  • 👉 Make entity relationship traverse-order-independent. 6743
  • ⚡️ The host header is updated between balancer retries. 6796
  • The router prioritizes the route with most matching headers when matching headers. 6638
  • 🛠 Fixed an edge case on multipart/form-data boundary check. 6638
  • Paths are now properly normalized inside Route objects. 6976
  • Do not cache empty upstream name dictionary. 7002
  • Do not assume upstreams do not exist after init phase. 7010
  • 🔧 Do not overwrite configuration files when running migrations. 7017

  PDK

  • 🔌 Now Kong does not leave plugin servers alive after exiting and does not try to start them in the unsupported stream subsystem. 6849
  • 🌲 Go does not cache kong.log methods 6701
  • The response phase is included on the list of public phases 6638
  • 💅 Config file style and options case are now consistent all around. 6981
  • ➕ Added right protobuf MacOS path to enable external plugins in Homebrew installations. 6980
  • Auto-escape upstream path to avoid proxying errors. 6978
  • Ports are now declared as Int. 6994

  🔌 Plugins

  • 👍 oauth2: better handling more cases of client invalid token generation. 6594 Thanks jeremyjpj0916 for the patch!
  • 📜 Zipkin: the w3c parsing function was returning a non-used extra value, and it now early-exits. 100 Thanks nvx for the patch!
  • 🛠 Zipkin: fixed a bug in which span timestamping could sometimes raise an error. 105 Thanks Asafb26 for the patch!

  Back to TOC

• 1
• 2
• 3
• 4
• 5
• Next ›
• Last »