All Versions
112
Latest Version
Avg Release Cycle
22 days
Latest Release
-

Changelog History
Page 7

  • v1.0.1 Changes

    ๐Ÿš€ > Released on: 2019/01/16

    ๐Ÿš€ This is a patch release in the 1.0 series. Being a patch release, it strictly ๐Ÿ›  contains performance improvements and bugfixes. The are no new features or ๐Ÿ’ฅ breaking changes.

    :red_circle: Post-release note (as of 2019/01/17): A regression has been observed with this version, preventing Kong from starting when connecting to its datastore over TLS. Installing this version is discouraged; consider โฌ†๏ธ upgrading to 1.0.2.

    ๐Ÿ”„ Changes

    Core

    ๐Ÿ›  Fixes

    ๐Ÿ”ง Configuration
    • Ensure lua_ssl_verify_depth works even when lua_ssl_trusted_certificate is not set #4165. Thanks @rainest for the patch.
    • Ensure Kong starts when only a stream listener is enabled #4195
    • Ensure Postgres works with non-public schemas #4198
    Core
    • ๐Ÿ›  Fix an artifact in upstream migrations where created_at timestamps would occasionally display fractional values #4183, #4204
    • ๐Ÿ›  Fixed issue with HTTP/2 support advertisement #4203
    Admin API
    • ๐Ÿ›  Fixed handling of invalid targets in /upstreams endpoints for health checks #4132, #4205
    • ๐Ÿ›  Fixed the /plugins/schema/:name endpoint, as it was failing in some cases (e.g. the datadog plugin) and producing incorrect results in others (e.g. request-transformer). #4136, #4137 #4151, #4162
    ๐Ÿ”Œ Plugins
    • ๐Ÿ›  Fix PDK memory leaks in kong.service.response and kong.ctx #4143, #4172

    Back to TOC

  • v1.0.0 Changes

    ๐Ÿš€ > Released on: 2018/12/18

    This is a major release, introducing new features such as Service Mesh and Stream Routing support, as well as a New Migrations framework. It also ๐Ÿ”Œ includes version 1.0.0 of the Plugin Development Kit. It contains a large ๐Ÿ”Œ number of other features and fixes, listed below. Also, all plugins included โšก๏ธ with Kong 1.0 are updated to use version 1.0 of the PDK.

    โฌ†๏ธ As usual, major version upgrades require database migrations and changes to the ๐Ÿ”ง Nginx configuration file (if you customized the default template). Please take โฌ†๏ธ a few minutes to read the 1.0 Upgrade โฌ†๏ธ Path for more details โฌ†๏ธ regarding breaking changes and migrations before planning to upgrade your Kong cluster.

    ๐Ÿ—„ Being a major version, all entities and concepts that were marked as deprecated ๐Ÿšš in Kong 0.x are now removed in Kong 1.0. The deprecated features are retained in Kong 0.15, the final entry in the Kong 0.x series, which is being ๐Ÿš€ released simultaneously to Kong 1.0.

    ๐Ÿ”„ Changes

    Kong 1.0 includes all breaking changes from 0.15, as well as the removal ๐Ÿ—„ of deprecated concepts.

    Dependencies
    • The required OpenResty version is still 1.13.6.2, but for a full feature set including stream routing and Service Mesh abilities with mutual TLS, Kong's openresty-patches must be applied (those patches are already bundled with our official distribution packages). Kong in HTTP(S) Gateway scenarios does not require these patches.
    • Service Mesh abilities require at least OpenSSL version 1.1.1. In our official distribution packages, OpenSSL has been bumped to 1.1.1. #4005
    ๐Ÿ”ง Configuration
    • ๐Ÿšš :warning: The custom_plugins directive is removed (deprecated since 0.14.0, July 2018). Use plugins instead.
    • ๐Ÿ”ง Modifications must be applied to the Nginx configuration. You are not affected by this change if you do not use a custom Nginx template. See the 1.0 Upgrade Path for a diff of changes to apply.
    • The default value for cassandra_lb_policy changed from RoundRobin to RequestRoundRobin. This helps reducing the amount of new connections being opened during a request when using the Cassandra strategy. #4004
    Core
    • :warning: The API entity and related concepts such as the /apis endpoint, are removed (deprecated since 0.13.0, March 2018). Use Routes and Services instead.
    • :warning: The old DAO implementation is removed, along with the old schema validation library (apis was the last entity using it). Use the new schema format instead in custom plugins. To ease the transition of plugins, the plugin loader in 1.0 includes a best-effort schema auto-translator, which should be sufficient for many plugins.
    • Timestamps now bear millisecond precision in their decimal part. #3660
    • The PDK function kong.request.get_body will now return nil, err, mime when the body is valid JSON but neither an object nor an array. #4063
    CLI
    • โš  :warning: The new migrations framework (detailed below) has a different usage (and subcommands) compared to its predecessor. #3802
    Admin API
    • ๐Ÿš€ :warning: In the 0.14.x release, Upstreams, Targets, and Plugins were still implemented using the old DAO and Admin API. In 0.15.0 and 1.0.0, all core entities use the new kong.db DAO, and their endpoints have been upgraded to the new Admin API (see below for details). #3689 #3739 #3778

    A summary of the changes introduced in the new Admin API:

    • Pagination has been included in all "multi-record" endpoints, and pagination control fields are different than in 0.14.x.
    • ๐Ÿ”Œ Filtering now happens via URL path changes (/consumers/x/plugins) instead of querystring fields (/plugins?consumer_id=x).
    • Array values can't be coerced from comma-separated strings anymore. They must now be "proper" JSON values on JSON requests, or use a new syntax on form-url-encoded or multipart requests.
    • Error messages have been been reworked from the ground up to be more consistent, precise and informative.
    • The PUT method has been reimplemented with idempotent behavior and has been added to some entities that didn't have it.

    ๐Ÿ“„ For more details about the new Admin API, please visit the official docs: ๐Ÿ“„ https://docs.konghq.com/

    ๐Ÿ”Œ Plugins
    • ๐Ÿšš :warning: The galileo plugin has been removed (deprecated since 0.13.0). #3960
    • โš  :warning: Some internal modules that were occasionally used by plugin authors before the introduction of the Plugin Development Kit (PDK) in 0.14.0 are now removed:
      • The kong.tools.ip module was removed. Use kong.ip from the PDK instead.
      • The kong.tools.public module was removed. Use the various equivalent features from the PDK instead.
      • The kong.tools.responses module was removed. Please use kong.response.exit from the PDK instead. You might want to use kong.log.err to log internal server errors as well.
      • The kong.api.crud_helpers module was removed (deprecated since the introduction of the new DAO in 0.13.0). Use kong.api.endpoints instead if you need to customize the auto-generated endpoints.
    • โšก๏ธ All bundled plugins' schemas and custom entities have been updated to the new kong.db module, and their APIs have been updated to the new Admin API, which is described in the above section. #3766 #3774 #3778 #3839
    • โš  :warning: All plugins migrations have been converted to the new migration framework. Custom plugins must use the new migration framework from 0.15 onwards.

    โž• Additions

    :fireworks: Service Mesh and Stream Routes

    ๐Ÿ‘ Kong's Service Mesh support resulted in a number of additions to Kong's ๐Ÿ”ง configuration, Admin API, and plugins that deserve their own section in this changelog.

    • ๐Ÿ‘Œ Support for TCP & TLS Stream Routes via the new stream_listen config option. #4009
    • A new origins config property allows overriding hosts from Kong. #3679
    • A transparent suffix added to stream listeners allows for setting up a dynamic Service Mesh with iptables. #3884
    • Kong instances can now create a shared internal Certificate Authority, which is used for Service Mesh TLS traffic. #3906 #3861
    • ๐Ÿ”Œ Plugins get a new run_on field to control how they behave in a Service Mesh environment. #3930 #4066
    • There is a new phase called preread. This is where stream traffic routing is done.
    ๐Ÿ”ง Configuration
    • A new dns_valid_ttl property can be set to forcefully override the TTL value of all resolved DNS records. #3730
    • ๐Ÿ”ง A new pg_timeout property can be set to configure the timeout of PostgreSQL connections. #3808
    • upstream_keepalive can now be disabled when set to 0. Thanks @pryorda for the patch. #3716
    • The new transparent suffix also applies to the proxy_listen directive.
    CLI
    • ๐Ÿ†• :fireworks: New migrations framework. This new implementation supports no-downtime, Blue/Green migrations paths that will help sustain Kong 1.0's stability. It brings a considerable number of other improvements, such as new commands, better support for automation, improved CLI logging, and many more. Additionally, this new framework alleviates the old limitation around multiple nodes running concurrent migrations. See the related PR for a complete list of improvements. #3802
    Core
    • ๐Ÿ‘Œ :fireworks: Support for TLS 1.3. The support for OpenSSL 1.1.1 (bumped in our official distribution packages) not only enabled Service Mesh features, but also unlocks support for the latest version of the TLS protocol.
    • ๐Ÿ‘Œ :fireworks: Support for HTTPS in active healthchecks. #3815
    • :fireworks: Improved router rebuilds resiliency by reducing database accesses in high concurrency scenarios. #3782
    • ๐ŸŽ :fireworks: Significant performance improvements in the core's plugins runloop. #3794
    • PDK improvements:
      • New kong.node module. #3826
      • New functions kong.response.get_path_with_query() and kong.request.get_start_time(). #3842
      • Getters and setters for Service, Route, Consumer, and Credential. #3916
      • kong.response.get_source() returns error on nginx-produced errors. #4006
      • kong.response.exit() can be used in the header_filter phase, but only without a body. #4039
    • Schema improvements:
      • New field validators: distinct, ne, is_regex, contains, gt.
      • Adding a new field which has a default value to a schema no longer requires a migration. #3756
    Admin API
    • :fireworks: Routes now have a name field (like Services). #3764
    • ๐Ÿ“œ Multipart parsing support. #3776
    • Admin API errors expose the name of the current strategy. #3612
    ๐Ÿ”Œ Plugins
    • ๐Ÿ‘Œ :fireworks: aws-lambda: Support for Lambda Proxy Integration with the new is_proxy_integration property. Thanks @aloisbarreras for the patch! #3427.
    • ๐Ÿ”ง http-log: Support for buffering logging messages in a configurable logging queue. #3604
    • ๐Ÿ”Œ Most plugins' logic has been rewritten with the PDK instead of using internal Kong functions or ngx_lua APIs.

    ๐Ÿ›  Fixes

    Core
    • ๐Ÿ›  Fix an issue which would insert an extra / in the upstream URL when the request path was longer than the configured Route's path attribute. #3780
    • ๐Ÿ‘ Ensure better backwards-compatibility between the new DAO and existing core runloop code regarding null values. #3772 #3710
    • ๐Ÿ‘ Ensure support for Datastax Enterprise 6.x. Thanks @gchristidis for the patch! #3873
    • Various issues with the PostgreSQL DAO strategy were addressed.
    • Various issues related to the new schema library bundled with the new DAO were addressed.
    • PDK improvements:
      • kong.request.get_path() and other functions now properly handle cases when $request_uri is nil. #3842
    Admin API
    • ๐Ÿ”ง Ensure the /certificates endpoints properly returns all SNIs configured on a given certificate. #3722
    • Ensure the upstreams/:upstream/targets/... endpoints returns an empty JSON array ([]) instead of an empty object ({}) when no targets exist. #4058
    • ๐Ÿ‘Œ Improved inferring of arguments with application/x-www-form-urlencoded. #3770
    • ๐Ÿ›  Fix the handling of defaults values in some cases when using PATCH. #3910
    ๐Ÿ”Œ Plugins
    • cors:
      • Ensure Vary: Origin is set when config.credentials is enabled. Thanks @marckhouzam for the patch! #3765
      • Return HTTP 200 instead of 204 for preflight requests. Thanks @aslafy-z for the patch! #4029
      • Ensure request origins specified as flat strings are safely validated. #3872
    • ๐ŸŽ acl: Minor performance improvements by ensuring proper caching of computed values. #4040
    • correlation-id: Prevent an error to be thrown when the access phase was skipped, such as on nginx-produced errors. #4006
    • aws-lambda: When the client uses HTTP/2, strip response headers that are disallowed by the protocols. #4032
    • rate-limiting & response-ratelimiting: Improve efficiency by avoiding unnecessary Redis SELECT operations. #3973

    Back to TOC

  • v0.15.0 Changes

    ๐Ÿš€ > Released on: 2018/12/18

    ๐Ÿš€ This is the last release in the 0.x series, giving users one last chance to โฌ†๏ธ upgrade while still using some of the options and concepts that were marked as ๐Ÿšš deprecated in Kong 0.x and were removed in Kong 1.0.

    ๐Ÿ‘€ For a list of additions and fixes in Kong 0.15, see the 1.0.0 ๐Ÿš€ changelog. This release includes all new features included in 1.0 (Service Mesh, Stream Routes and New Migrations), but unlike Kong 1.0, it retains a lot of the deprecated functionality, like the API entity, around. Still, Kong 0.15 does have a number of breaking changes related to functionality that has ๐Ÿ”„ changed since version 0.14 (see below).

    If you are starting with Kong, we recommend you to use 1.0.0 instead of this ๐Ÿš€ release.

    ๐Ÿšš If you are already using Kong 0.14, our recommendation is to plan to move to โฌ†๏ธ 1.0 -- see the 1.0 Upgrade โฌ†๏ธ Path document for โฌ†๏ธ details. Upgrading to 0.15.0 is only recommended if you can't do away with the ๐Ÿ—„ deprecated features but you need some fixes or new features right now.

    ๐Ÿ”„ Changes

    Dependencies
    • The required OpenResty version is still 1.13.6.2, but for a full feature set including stream routing and Service Mesh abilities with mutual TLS, Kong's openresty-patches must be applied (those patches are already bundled with our official distribution packages). Kong in HTTP(S) Gateway scenarios does not require these patches.
    • Service Mesh abilities require at least OpenSSL version 1.1.1. In our official distribution packages, OpenSSL has been bumped to 1.1.1. #4005
    ๐Ÿ”ง Configuration
    • The default value for cassandra_lb_policy changed from RoundRobin to RequestRoundRobin. This helps reducing the amount of new connections being opened during a request when using the Cassandra strategy. #4004
    Core
    • Timestamps now bear millisecond precision in their decimal part. #3660
    • The PDK function kong.request.get_body will now return nil, err, mime when the body is valid JSON but neither an object nor an array. #4063
    CLI
    • โš  :warning: The new migrations framework (detailed in the 1.0.0 changelog) has a different usage (and subcommands) compared to its predecessor. #3802
    Admin API
    • ๐Ÿš€ :warning: In the 0.14.x release, Upstreams, Targets, and Plugins were still implemented using the old DAO and Admin API. In 0.15.0 and 1.0.0, all core entities use the new kong.db DAO, and their endpoints have been upgraded to the new Admin API (see below for details). #3689 #3739 #3778

    A summary of the changes introduced in the new Admin API:

    • Pagination has been included in all "multi-record" endpoints, and pagination control fields are different than in 0.14.x.
    • ๐Ÿ”Œ Filtering now happens via URL path changes (/consumers/x/plugins) instead of querystring fields (/plugins?consumer_id=x).
    • Array values can't be coherced from comma-separated strings. They must be "proper" JSON values on JSON requests, or use a new syntax on form-url-encoded or multipart requests.
    • Error messages have been been reworked from the ground up to be more consistent, precise and informative.
    • The PUT method has been reimplemented with idempotent behavior and has been added to some entities that didn't have it.

    ๐Ÿ“„ For more details about the new Admin API, please visit the official docs: ๐Ÿ“„ https://docs.konghq.com/

    ๐Ÿ”Œ Plugins
    • โšก๏ธ All bundled plugins' schemas and custom entities have been updated to the new kong.db module, and their APIs have been updated to the new Admin API, which is described in the above section. #3766 #3774 #3778 #3839
    • โš  :warning: All plugins migrations have been converted to the new migration framework. Custom plugins must use the new migration framework from 0.15 onwards.

    โž• Additions

    ๐Ÿ‘€ Kong 0.15.0 contains the same additions as 1.0.0. See the 1.0.0 ๐Ÿ”„ changelog for a complete list.

    ๐Ÿ›  Fixes

    ๐Ÿ‘€ Kong 0.15.0 contains the same fixes as 1.0.0. See the 1.0.0 changelog for a complete list.

    Back to TOC

  • v0.14.1 Changes

    ๐Ÿš€ > Released on: 2018/08/21

    โž• Additions

    ๐Ÿ”Œ Plugins
    • ๐Ÿ‘ jwt: Support for tokens signed with HS384 and HS512. Thanks @kepkin for the patch. #3589
    • acl: Add a new hide_groups_header configuration option. If enabled, this option prevents the plugin from injecting the X-Consumer-Groups header into the upstream request. Thanks @jeremyjpj0916 for the patch! #3703

    ๐Ÿ›  Fixes

    Core
    • ๐Ÿ”Œ Prevent some plugins from breaking in subtle ways when manipulating some entities and their attributes. An example of such breaking behavior could be observed when Kong was wrongly injecting X-Consumer-Username: userdata: NULL in upstream requests headers, instead of not injecting this header at all. #3714
    • ๐Ÿ›  Fix an issue which, in some cases, prevented the use of Kong with Cassandra in environments where DNS load-balancing is in effect for contact points provided as hostnames (e.g. Kubernetes with cassandra_contact_points = cassandra). #3693
    • ๐Ÿ›  Fix an issue which prevented the use of UNIX domain sockets in some logging plugins, and custom plugins making use of such sockets. Thanks @rucciva for the patch. #3633
    • ๐Ÿ‘ท Avoid logging false-negative error messages related to worker events. #3692
    CLI
    • ๐Ÿ›  Database connectivity errors are properly prefixed with the database name again (e.g. [postgres]). #3648
    ๐Ÿ”Œ Plugins
    • zipkin
    • basic-auth: Passwords with whitespaces are not trimmed anymore. Thanks @aloisbarreras for the patch. #3650
    • hmac-auth: Ensure backward compatibility for clients generating signatures without the request's querystring, as is the case for Kong versions prior to 0.14.0, which broke this behavior. Users of this plugin on previous versions of Kong can now safely upgrade to the 0.14 family. Thanks @mlehner616 for the patch! #3699
    • ldap-auth
      • Set the WWW-Authenticate header authentication scheme accordingly with the conf.header_type property, which allows browsers to show the authentication popup automatically. Thanks @francois-maillard for the patch. #3656
      • Invalid authentication attempts do not block subsequent valid attempts anymore. #3677

    Back to TOC

  • v0.14.0 Changes

    July 05, 2018

    ๐Ÿ”Œ This release introduces the first version of the Plugin Development Kit: a Lua SDK, comprised of a set of functions to ease the development of ๐Ÿ”Œ custom plugins.

    โž• Additionally, it contains several major improvements consolidating Kong's ๐Ÿ”‹ feature set and flexibility, such as the support for PUT endpoints on the ๐Ÿ”Œ Admin API for idempotent workflows, the execution of plugins during Nginx-produced errors, and the injection of Nginx directives without having ๐Ÿ”ง to rely on the custom Nginx configuration pattern!

    ๐Ÿ”Œ Finally, new bundled plugins allow Kong to better integrate with Cloud Native environments, such as Zipkin and Prometheus.

    โฌ†๏ธ As usual, major version upgrades require database migrations and changes to the ๐Ÿ”ง Nginx configuration file (if you customized the default template). Please take โฌ†๏ธ a few minutes to read the 0.14 Upgrade โฌ†๏ธ Path for more details regarding breaking changes and migrations before planning to โฌ†๏ธ upgrade your Kong cluster.

    ๐Ÿ’ฅ Breaking Changes

    Dependencies
    • โš  :warning: The required OpenResty version has been bumped to 1.13.6.2. If you are installing Kong from one of our distribution packages, you are not affected by this change. #3498
    • ๐Ÿ—„ :warning: Support for PostgreSQL 9.4 (deprecated in 0.12.0) is now dropped. #3490
    • ๐Ÿ—„ :warning: Support for Cassandra 2.1 (deprecated in 0.12.0) is now dropped. #3490
    ๐Ÿ”ง Configuration
    • ๐Ÿšค :warning: The server_tokens and latency_tokens configuration properties have been removed. Instead, a new headers configuration properties replaces them and allows for more granular settings of injected headers (e.g. Server, Via, X-Kong-*-Latency, etc...). #3300
    • :warning: New required lua_shared_dict entries must be added to the Nginx configuration. You are not affected by this change if you do not use a custom Nginx template. #3557
    • โš  :warning: Other important modifications must be applied to the Nginx configuration. You are not affected by this change if you do not use a custom Nginx template. #3533
    ๐Ÿ”Œ Plugins
    • โš  :warning: The Runscope plugin has been dropped, based on the EoL announcement made by Runscope about their Traffic Inspector product. #3495
    Admin API
    • ๐Ÿšš :warning: The SSL Certificates and SNI entities have moved to the new DAO implementation. As such, the /certificates and /snis endpoints have received notable usability improvements, but suffer from a few breaking changes. #3386
    • ๐Ÿšš :warning: The Consumers entity has moved to the new DAO implementation. As such, the /consumers endpoint has received notable usability improvements, but suffers from a few breaking changes. #3437

    ๐Ÿ”„ Changes

    ๐Ÿ”ง Configuration
    • The default value of db_cache_ttl is now 0 (disabled). Now that our level of confidence around the new caching mechanism introduced in 0.11.0 is high enough, we consider 0 (no TTL) to be an appropriate default for production environments, as it offers a smoother cache consumption behavior and reduces database pressure. #3492
    Core
    • :fireworks: Serve stale data from the database cache when the datastore cannot be reached. Such stale items are "resurrected" for db_resurrect_ttl seconds (see configuration section). #3579
    • โฌ‡๏ธ Reduce LRU churning in the database cache against some workloads. #3550

    โž• Additions

    ๐Ÿ”ง Configuration
    • ๐Ÿ”ง :fireworks: Support for injecting Nginx directives via configuration properties (in the kong.conf file or via environment variables)! This new way of customizing the Nginx configuration should render obsolete the old way of maintaining a custom Nginx template in most cases! #3530
    • ๐Ÿ‘Œ :fireworks: Support for selectively disabling bundled plugins. A new plugins configuration property is introduced, and is used to specify which plugins should be loaded by the node. Custom plugins should now be specified in this new property, and the custom_plugins property is deprecated. If desired, Kong administrators can specify a minimal set of plugins to load (instead of the default, bundled plugins), and improve P99 latency thanks to the resulting decrease in database traffic. #3387
    • ๐Ÿ”ง The new headers configuration property allows for specifying the injection of a new header: X-Kong-Upstream-Status. When enabled, Kong will inject this header containing the HTTP status code of the upstream response in the client response. This is particularly useful for clients to distinguish upstream statuses upon rewriting of the response by Kong. #3263
    • A new db_resurrect_ttl configuration property can be set to customize the amount of time stale data can be resurrected for when it cannot be refreshed. Defaults to 30 seconds. #3579
    • Two new Cassandra load balancing policies are available: RequestRoundRobin and RequestDCAwareRoundRobin. Both policies guarantee that the same peer will be reused across several queries during the lifetime of a request, thus guaranteeing no new connection will be opened against a peer during this request. #3545
    Core
    • ๐Ÿ”Œ :fireworks: Execute plugins on Nginx-produced errors. Now, when Nginx produces a 4xx error (upon invalid requests) or 5xx (upon failure from the load balancer to connect to a Service), Kong will execute the response phases of its plugins (header_filter, body_filter, log). As such, Kong logging plugins are not blind to such Nginx-produced errors anymore, and will start properly reporting them. Plugins should be built defensively against cases where their rewrite or access phases were not executed. #3533
    • ๐Ÿ‘Œ :fireworks: Support for cookie-based load balancing! #3472
    ๐Ÿ”Œ Plugins
    • ๐Ÿ”Œ :fireworks: Introduction of the Plugin Development Kit! A set of Lua functions and variables that will greatly ease and speed up the task of developing custom plugins. The Plugin Development Kit (PDK) allows the retrieval and manipulation of the request and response objects, as well as interacting with various core components (e.g. logging, load balancing, DAO, etc...) without having to rely on OpenResty functions, and with the guarantee of their forward-compatibility with future versions of Kong. #3556
    • ๐Ÿ†• :fireworks: New bundled plugin: Zipkin! This plugin allows Kong to sample traces and report them to a running Zipkin instance. (See: https://github.com/Kong/kong-plugin-zipkin) #3434
    • ๐Ÿ†• :fireworks: New bundled plugin: Prometheus! This plugin allows Kong to expose metrics in the Prometheus Exposition format. Available metrics include HTTP status codes, latencies histogram, bandwidth, and more... (See: https://github.com/Kong/kong-plugin-prometheus) #3547
    • ๐Ÿ†• :fireworks: New bundled plugin: Azure Functions! This plugin can be used to invoke Microsoft Azure Functions, similarly to the already existing AWS Lambda and OpenWhisk plugins. (See: https://github.com/Kong/kong-plugin-azure-functions) #3428
    • ๐Ÿ†• :fireworks: New bundled plugin: Serverless Functions! Dynamically run Lua without having to write a full-fledged plugin. Lua code snippets can be uploaded via the Admin API and be executed during Kong's access phase. (See: https://github.com/Kong/kong-plugin-serverless-functions) #3551
    • ๐Ÿ‘ jwt: Support for limiting the allowed expiration period of JWT tokens. A new config.maximum_expiration property can be set to indicate the maximum number of seconds the exp claim may be ahead in the future. Thanks @mvanholsteijn for the patch! #3331
    • aws-lambda: Add us-gov-west-1 to the list of allowed regions. #3529
    Admin API
    • ๐Ÿ‘ :fireworks: Support for PUT in new endpoints (e.g. /services/{id or name}, /routes/{id}, /consumers/{id or username}), allowing the development of idempotent configuration workflows when scripting the Admin API. #3416
    • ๐Ÿ‘Œ Support for PATCH and DELETE on the /services/{name}, /consumers/{username}, and /snis/{name} endpoints. #3416

    ๐Ÿ›  Fixes

    ๐Ÿ”ง Configuration
    • Properly support IPv6 addresses in proxy_listen and admin_listen configuration properties. #3508
    Core
    • IPv6 nameservers with a scope are now ignored by the DNS resolver. #3478
    • 0๏ธโƒฃ SRV records without a port number now returns the default port instead of 0. #3478
    • Ensure DNS-based round robin load balancing starts at a randomized position to prevent all Nginx workers from starting with the same peer. #3478
    • Properly report timeouts in passive health checks. Previously, connection timeouts were counted as tcp_failures, and upstream timeouts were ignored. Health check users should ensure that their timeout settings reflect their intended behavior. #3539
    • Ensure active health check probe requests send the Host header. #3496
    • Overall, more reliable health checks healthiness counters behavior. #3496
    • Do not set Content-Type headers on HTTP 204 No Content responses. #3351
    • Ensure the PostgreSQL connector of the new DAO (used by Services, Routes, Consumers, and SSL certs/SNIs) is now fully re-entrant and properly behaves in busy workloads (e.g. scripting requests to the Admin API). #3423
    • Properly route HTTP/1.0 requests without a Host header when using the old deprecated "API" entity. #3438
    • ๐Ÿ”ง Ensure that all Kong-produced errors respect the headers configuration setting (previously server_tokens) and do not include the Server header if not configured. #3511
    • Harden an existing Cassandra migration. #3532
    • Prevent the load balancer from needlessly rebuilding its state when creating Targets. #3477
    • ๐Ÿ”Š Prevent some harmless error logs to be printed during startup when initialization takes more than a few seconds. #3443
    ๐Ÿ”Œ Plugins
    • hmac: Ensure that empty request bodies do not pass validation if there is no digest header. Thanks @mvanholsteijn for the patch! #3347
    • ๐Ÿ”Œ response-transformer: Prevent the plugin from throwing an error when its access handler did not get a chance to run (e.g. on short-circuited, unauthorized requests). #3524
    • ๐Ÿ”Œ aws-lambda: Ensure logging plugins subsequently run when this plugin terminates. #3512
    • ๐Ÿ”Œ request-termination: Ensure logging plugins subsequently run when this plugin terminates. #3513
    Admin API
    • Requests to /healthy and /unhealthy endpoints for upstream health checks now properly propagate the new state to other nodes of a Kong cluster. #3464
    • Do not produce an HTTP 500 error when POST-ing to /services with an empty url argument. #3452
    • Ensure foreign keys are required when creating child entities (e.g. service.id when creating a Route). Previously some rows could have an empty service_id field. #3548
    • ๐Ÿ‘ Better type inference in new endpoints (e.g. /services, /routes, /consumers) when using application/x-www-form-urlencoded MIME type. #3416

    Back to TOC

  • v0.13.1 Changes

    April 23, 2018

    ๐Ÿš€ This release contains numerous bug fixes and a few convenience features. Notably, a best-effort/backwards-compatible approach is followed to resolve no memory errors caused by the fragmentation of shared memory between the ๐Ÿ”Œ core and plugins.

    โž• Added

    Core
    • Cache misses are now stored in a separate shared memory zone from hits if such a zone is defined. This reduces cache turnover and can increase the cache hit ratio quite considerably. Users with a custom Nginx template are advised to define such a zone to benefit from this behavior: lua_shared_dict kong_db_cache_miss 12m;.
    • We now ensure that the Cassandra or PostgreSQL instance Kong is connecting to falls within the supported version range. Deprecated versions result in warning logs. As a reminder, Kong 0.13.x supports Cassandra 2.2+, and PostgreSQL 9.5+. Cassandra 2.1 and PostgreSQL 9.4 are supported, but deprecated. #3310
    • HTTP 494 errors thrown by Nginx are now caught by Kong and produce a native, Kong-friendly response. Thanks @ti-mo for the contribution! #3112
    CLI
    • Report errors when compiling custom Nginx templates. #3294
    Admin API
    • Friendlier behavior of Routes schema validation: PATCH requests can be made without specifying all three of methods, hosts, or paths if at least one of the three is specified in the body. #3364
    ๐Ÿ”Œ Plugins
    • ๐Ÿ‘ jwt: Support for identity providers using JWKS by ensuring the config.key_claim_name values is looked for in the token header. Thanks @brycehemme for the contribution! #3313
    • basic-auth: Allow specifying empty passwords. Thanks @zhouzhuojie and @perryao for the contributions! #3243

    ๐Ÿ›  Fixed

    Core
    • Numerous users have reported no memory errors which were caused by circumstantial memory fragmentation. Such errors, while still possible if plugin authors are not careful, should now mostly be addressed. #3311

    If you are using a custom Nginx template, be sure to define the following shared memory zones to benefit from these fixes:

      lua_shared_dict kong_db_cache_miss 12m;
  lua_shared_dict kong_rate_limiting_counters 12m;
    CLI
    • Redirect Nginx's stdout and stderr output to kong start when nginx_daemon is enabled (such as when using the Kong Docker image). This also prevents growing log files when Nginx redirects logs to /dev/stdout and /dev/stderr but nginx_daemon is disabled. #3297
    Admin API
    • Set a Service's port to 443 when the url convenience parameter uses the https:// scheme. #3358
    • Ensure PATCH requests do not return an error when un-setting foreign key fields with JSON null. #3355
    • ๐Ÿ”Œ Ensure the /plugin/schema/:name endpoint does not corrupt plugins' schemas. #3348
    • ๐Ÿ”Œ Properly URL-decode path segments of plugins endpoints accepting spaces (e.g. /consumers/<consumer>/basic-auth/John%20Doe/). #3250
    • Properly serialize boolean filtering values when using Cassandra. #3362
    ๐Ÿ”Œ Plugins
    • rate-limiting/response-rate-limiting:
      • If defined in the Nginx configuration, will use a dedicated lua_shared_dict instead of using the kong_cache shared memory zone. This prevents memory fragmentation issues resulting in no memory errors observed by numerous users. Users with a custom Nginx template are advised to define such a zone to benefit from this fix: lua_shared_dict kong_rate_limiting_counters 12m;. #3311
      • When using the Redis strategy, ensure the correct Redis database is selected. This issue could occur when several request and response rate-limiting were configured using different Redis databases. Thanks @mengskysama for the patch! #3293
    • key-auth: Respect request MIME type when re-encoding the request body if both config.key_in_body and config.hide_credentials are enabled. Thanks @p0pr0ck5 for the patch! #3213
    • oauth2: Return HTTP 400 on invalid scope type. Thanks @Gman98ish for the patch! #3206
    • ๐Ÿ”ง ldap-auth: Ensure the plugin does not throw errors when configured as a global plugin. #3354
    • hmac-auth: Verify signature against non-normalized ($request_uri) request line (instead of $uri). #3339
    • aws-lambda: Fix a typo in upstream headers sent to the function. We now properly send the X-Amz-Log-Type header. #3398

    Back to TOC

  • v0.13.0 Changes

    March 22, 2018

    ๐Ÿš€ This release introduces two new core entities that will improve the way you configure Kong: Routes & Services. Those entities replace the "API" ๐Ÿ‘ entity and simplify the setup of non-naive use-cases by providing better ๐Ÿ”Œ separation of concerns and allowing for plugins to be applied to specific endpoints.

    โฌ†๏ธ As usual, major version upgrades require database migrations and changes to ๐Ÿ”ง the Nginx configuration file (if you customized the default template). โฌ†๏ธ Please take a few minutes to read the 0.13 Upgrade โฌ†๏ธ Path for more details regarding breaking changes and migrations before planning to โฌ†๏ธ upgrade your Kong cluster.

    ๐Ÿ’ฅ Breaking Changes

    ๐Ÿ”ง Configuration
    • :warning: The proxy_listen and admin_listen configuration values have a new syntax. This syntax is more aligned with that of NGINX and is more powerful while also simpler. As a result, the following configuration values have been removed because superfluous: ssl, admin_ssl, http2, admin_http2, proxy_listen_ssl, and admin_listen_ssl. #3147
    ๐Ÿ”Œ Plugins
    • ๐Ÿ—„ :warning: galileo: As part of the Galileo deprecation path, the galileo plugin is not enabled by default anymore, although still bundled with 0.13. Users are advised to stop using the plugin, but for the time being can keep enabling it by adding it to the custom_plugin configuration value. #3233
    • โš  :warning: rate-limiting (Cassandra): The default migration for including Routes and Services in plugins will remove and re-create the Cassandra rate-limiting counters table. This means that users that were rate-limited because of excessive API consumption will be able to consume the API until they reach their limit again. There is no such data deletion in PostgreSQL. def201f

    ๐Ÿ”„ Changes

    Dependencies
    • ๐Ÿณ Note to Docker users: The latest tag on Docker Hub now points to the alpine image instead of CentOS. This also applies to the 0.13.0 tag.
    • ๐Ÿ“ฆ The OpenResty version shipped with our default packages has been bumped to 1.13.6.1. The 0.13.0 release should still be compatible with the OpenResty 1.11.2.x series for the time being.
    • โฌ†๏ธ Bumped lua-resty-dns-client to 2.0.0. #3220
    • โฌ†๏ธ Bumped lua-resty-http to 0.12. #3196
    • โฌ†๏ธ Bumped lua-multipart to 0.5.5. #3318
    • โฌ†๏ธ Bumped lua-resty-healthcheck to 0.4.0. #3321

    โž• Additions

    ๐Ÿ”ง Configuration
    • :fireworks: Support for control-plane and data-plane modes. The new syntax of proxy_listen and admin_listen supports off, which disables either one of those interfaces. It is now simpler than ever to make a Kong node "Proxy only" (data-plane) or "Admin only" (control-plane). #3147
    Core
    • :fireworks: This release introduces two new entities: Routes and Services. Those entities will provide a better separation of concerns than the "API" entity offers. Routes will define rules for matching a client's request (e.g., method, host, path...), and Services will represent upstream services (or backends) that Kong should proxy those requests to. Plugins can also be added to both Routes and Services, enabling use-cases to apply plugins more granularly (e.g., per endpoint). Following this addition, the API entity and related Admin API endpoints are now deprecated. This release is backwards-compatible with the previous model and all of your currently defined APIs and matching rules are still supported, although we advise users to migrate to Routes and Services as soon as possible. #3224
    Admin API
    • :fireworks: New endpoints: /routes and /services to interact with the new core entities. More specific endpoints are also available such as /services/{service id or name}/routes, /services/{service id or name}/plugins, and /routes/{route id}/plugins. #3224
    • ๐Ÿ‘ :fireworks: Our new endpoints (listed above) provide much better responses with regards to producing responses for incomplete entities, errors, etc... In the future, existing endpoints will gradually be moved to using this new Admin API content producer. #3224
    • ๐Ÿ“œ :fireworks: Improved argument parsing in form-urlencoded requests to the new endpoints as well. Kong now expects the following syntaxes for representing arrays: hosts[]=a.com&hosts[]=b.com, hosts[1]=a.com&hosts[2]=b.com, which avoid comma-separated arrays and related issues that can arise. In the future, existing endpoints will gradually be moved to using this new Admin API content parser. #3224
    ๐Ÿ”Œ Plugins
    • jwt: ngx.ctx.authenticated_jwt_token is available for other plugins to use. #2988
    • statsd: The fields host, port and metrics are no longer marked as "required", since they have a default value. #3209

    ๐Ÿ›  Fixes

    Core
    • ๐Ÿ›  Fix an issue causing nodes in a cluster to use the default health checks configuration when the user configured them from another node (event propagated via the cluster). #3319
    • 0๏ธโƒฃ Increase the default load balancer wheel size from 100 to 10.000. This allows for a better distribution of the load between Targets in general. #3296
    Admin API
    • ๐Ÿ›  Fix several issues with application/multipart MIME type parsing of payloads. #3318
    • ๐Ÿ›  Fix several issues with the parsing of health checks configuration values. #3306 #3321

    Back to TOC

  • v0.12.3 Changes

    March 12, 2018

    ๐Ÿ›  Fixed

    • Suppress a memory leak in the core introduced in 0.12.2. Thanks @mengskysama for the report. #3278

    Back to TOC

  • v0.12.2 Changes

    February 28, 2018

    โž• Added

    Core
    • ๐ŸŒฒ Load balancers now log DNS errors to facilitate debugging. #3177
    • Reports now can include custom immutable values. #3180
    CLI
    • The kong migrations reset command has a new --yes flag. This flag makes the command run non-interactively, and ensures no confirmation prompt will occur. #3189
    Admin API
    • A new endpoint /upstreams/:upstream_id/health will return the health of the specified upstream. #3232
    • The / endpoint in the Admin API now exposes the node_id field. #3234

    ๐Ÿ›  Fixed

    Core
    • HTTP/1.0 requests without a Host header are routed instead of being rejected. HTTP/1.1 requests without a Host are considered invalid and will still be rejected. Thanks to @rainiest for the patch! #3216
    • ๐Ÿ›  Fix the load balancer initialization when some Targets would contain hostnames. #3187
    • ๐Ÿ›  Fix incomplete handling of errors when initializing DAO objects. 637532e
    • โœ‚ Remove bogus errors in the logs provoked by healthcheckers between the time they are unregistered and the time they are garbage-collected (#3207) and when receiving an HTTP status not tracked by healthy or unhealthy lists (c8eb5ae).
    • ๐Ÿ›  Fix soft errors not being handled correctly inside the Kong cache. #3150
    Migrations
    • ๐Ÿ‘ Better handling of already existing Cassandra keyspaces in migrations. #3203. Thanks to @pamiel for the patch!
    Admin API
    • Ensure GET /certificates/{uuid} does not return HTTP 500 when the given identifier does not exist. Thanks to @vdesjardins for the patch! #3148

    Back to TOC

  • v0.12.1 Changes

    January 18, 2018

    ๐Ÿš€ This release addresses a few issues encountered with 0.12.0, including one โฌ†๏ธ which would prevent upgrading from a previous version. The 0.12 Upgrade โฌ†๏ธ Path โฌ†๏ธ is still relevant for upgrading existing clusters to 0.12.1.

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fix a migration between previous Kong versions and 0.12.0. #3159
    • Ensure Lua errors are propagated when thrown in the access handler by plugins. 38580ff

    Back to TOC