Changelog History
Page 2
-
v2.9.4.4 Changes
September 09, 2020Tyk Gateway v2.9.4.4
- ๐ Fixed concurrent map writes panic in session object #3274
- ๐ Fixed reload implementation #3269
- Don't encode and reset RawQuery after JSVM if no change on query params #3283
- โ Added a way to use sentinel rate limiter during Redis fallback with DRL #3298
- Implemented rw mutex for session and avoid multiple write access to the session #3274
-
v2.9.4.3 Changes
July 31, 2020Tyk Gateway 2.9.4.3
- Request signing now works with query params
- ๐ Fixed request signing if upstream do not have trailing slash #3242
- ๐ Fixed custom keys in MDCB environment #3103
- ๐ Fixed issue when update of hashed token caused generated rudimentary record in Redis #3109
Tyk Dashboard 1.9.4.3
- ๐ Fixed dashboard bootstrapping when using TLS
-
v2.9.4.2 Changes
June 09, 2020 -
v2.9.4.1 Changes
April 27, 2020๐ The last patch released introduced improved package signing changes, however, we found that some old RPM base systems, do not support signing using sub-keys. So we have released packages for all products, to fix that issue.
โ Additional changes:
Tyk Gateway 2.9.4.1
- ๐ Fixed JWT middleware with Auth0 JWKs format #3030
- ๐ Fixed OAuth token revocation inside slaved data-centers in multi-datacenter scenario #3025
- Fixed OAuth token revocation when using
bind_to_slugs
#3015 - ๐ Fixed issue with the unlimited rate limit when using Redis rate limiter https://github.com/TykTechnologies/tyk-analytics/issues/1719
Tyk Dashboard 1.9.4.1
- ๐ Fixed OAuth token revocation even propagation in multi-datacenter scenario
- ๐ Fixed bug preventing using SSO lookup together with temporary SSO users.
- ๐ Fixed UI bug which adds double OrgID to the certificate IDs when using certificate modal
Tyk MDCB 1.7.4
- ๐ Fixed OAuth token revocation even propagation in multi-datacenter scenario
-
v2.9.3 Changes
February 03, 2020Tyk Gateway 2.9.3
- ๐ฎ Added a way to force the validation of a hostname against the certificate Common Name. Added two Boolean variables to enable it on the API definition layer
proxy.transport.ssl_force_common_name_check
and the global tyk.conf levelssl_force_common_name_check
. #2774 - Now plugins can fully override the response body. Added new boolean option: for Python and gRPC plugins set
return_overrides.override_error
, or for JSVM pluginsReturnOverrides.OverrideError
. #2693 - ๐ Now, for overriding a response via plugins, use
ResponseBody
(JSVM) orresponse_body
(Python/gRPC), instead ofResponseError
andresponse_error
fields respectively. The old field still can be used for backward compatibility. #2693 - โ Added support for specifying Policy metadata, similar to Keys. All Keys created based on policy will inherit policy metadata. #2717
- Now you can configure the maximum size of gRPC plugin messages using
coprocess_options.grpc_recv_max_size
andcoprocess_options.grpc_send_max_size
variables. #2203 - ๐ Fixed the case when using throttling can lead to an infinite loop, if during throttling event if another gateway instance was added or removed from the cluster. #2687
- โ Added Redis Sentinel support, using new
storage.master_name
variable. #2769 - โ Added new
storage.addrs
string array field, to specify a list of hosts, instead ofstorage.hosts
. This allows you to specify Redis servers on the same domain but different ports. #2769 - ๐ Fixed issues when Keys and Certificate listing endpoints do not return all the data when using Redis Cluster #2760
- ๐ Fixed issue with analytics data expiration for Multi-Cloud clients #2797
- ๐ Fixed MutualTLS auth when multiple APIs are deployed on the same domain and only one of them has mutual TLS enabled #2625
- ๐ Fixed the validation of Redis event verification for inter-cluster messages #2762
- ๐ Fixed bug when CORS headers can be duplicated in the response #2629
- Added a way to set the custom header for upstream request signing, using
request_signing.signature_header
option. #2849 - ๐ Fixed detailed logging for responses generated by plugins #2367
- ๐ Now you can access an API definition inside a Go plugin, using
ctx.GetDefinition
#2624 - ๐ Fixed Reds fallback for oAuth APIs #2799
- ๐ Fixed WebSocket proxying errors on high concurrency #2708
- ๐ Fixed the combination of method transform and URL rewrite plugins #1598
- ๐ Fix python plugins crashes on concurrent calls #2760
- OAuth authorize endpoint now properly returns
state
attribute #2678 - ๐ Improved the memory consumption for the Gateways which have JSVM enabled. Now it should load JSVM VM only API actually uses it. #2702
- Distributed rate limiter now automatically switch to Redis algorithm (a bit slower but more accurate), if the DRL canโt provide enough accuracy (like low limits with high number of servers), you can control this behavior using
drl_threshold
option, which specifies the min number of requests PER gateway, for the rate limit. If it is lower then the Redis algorithm will be used. #2674
Tyk Dashboard 1.9.3
- ๐ง Now each authentication middleware can have its own configuration for authentication header name, query param, or cookie name.
- ๐ Now you can set metadata for a Policy.
- Dashboard notifications now do not require exposing a separate port.
- Added Redis Sentinel support, using the new
redis_master_name
variable. - โ Added new
storage.addrs
string array field, to specify a list of hosts, instead ofstorage.hosts
. This allows you to specify Redis servers on the same domain but different ports. - ๐ Improved form validation on Pages screen
- ๐ Disabling versioning now should not remove endpoints from the first version
- ๐ Fixed duplication when updating an OAuth client
- ๐ Fix OAuth client screen to allow you to pick a policy which has multiple APIs https://github.com/TykTechnologies/tyk-analytics-ui/issues/1572
- Fixed
disable_parallel_sessions
behavior when using Single Sign-On
Tyk Pump 0.8.4
- โ Added Redis Sentinel support, using new
storage.master_name
variable. - โ Added new
storage.addrs
string array field, to specify a list of hosts, instead ofstorage.hosts
. This allows you to specify Redis servers on the same domain but different ports. - ElasticSearch pump extended with
decode_base64
boolean option, in order to skip base64 encoding for raw request and response objects.
Tyk MDCB 1.7.2
- โ Added Redis Sentinel support, using the new
storage.master_name
variable. - โ Added new
storage.addrs
string array field, to specify a list of hosts, instead ofstorage.hosts
. This allows you to specify Redis servers on the same domain but different ports.
Tyk Identity Broker 0.7.1
- ๐ง You can now configure requested scopes for an OpenID plugin, using the โscopesโ string array TykTechnologies/tyk-identity-broker#75
- ๐ Fixed setting
UseSSL
andSSLInsecureSkipVerify
fields for Redis backend TykTechnologies/tyk-identity-broker#80 โ Added support for specifying User Group ID inside profiles. You can set the static value via
DefaultGroupID
or dynamic value based on the field of oAuth/OpenID scope usingCustomUserGroupField
andUserGroupMapping
fields. Example:{ "DefaultUserGroupID": "default-user-group", "CustomUserGroupField": "scope", "UserGroupMapping": { "admin": "", "analytics": "" } }
- ๐ฎ Added a way to force the validation of a hostname against the certificate Common Name. Added two Boolean variables to enable it on the API definition layer
-
v2.9.3-rc1
February 03, 2020 -
v2.9.3-old
February 07, 2020 -
v2.9.3.2 Changes
March 23, 2020Tyk Gateway v2.9.3.2
- ๐ Fix overriding metadata using key_rules during oAuth flow #2724
-
v2.9.3.1 Changes
February 12, 2020- ๐ Fixed usage of JWT auth middleware in multi-auth scenario
-
v2.9.2 Changes
November 29, 2019Tyk Gateway 2.9.2
๐ Fixed Open Tracing issues [#2655, #2685, #2688]
๐คก This Addresses an issue where middleware such as mocked responses, url rewrites, method transform & versioning would stop working when tracing is enabled.โ Added ignore case option for
Whitelist
/Blacklist
/Ignore
plugins [#2330]
For example, if/orderpizza
is whitelisted, then any combination of upper/lowercase can be whitelisted thanks to ignore case option-/orderPizza
,/OrderPizza
,/orDerpiZZa
etc.๐
Ignore
plugin can now be used withURL rewrite
[#2579]
๐ The purpose of the ignore plugin is to bypass authentication. This had an adverse effect in that it also bypassed several other middlewares such asURL rewrite
. The Ignore plugin no longer causes relevant middleware to be bypassed.๐ OAuth client metadata is now applied to OAuth token [#2682]
๐ง OAuth error code is now configurable [#2381]
It is now possible to tune the error status code by modifyingoauth_error_status_code
intyk.conf
. If no value is set, it defaults to a 403 error.โ Added RSA support in request signing middleware [#2452]
๐ Request Signing middleware previously only supported HMAC. This is now extended to support RSA.๐ Circuit Breaker plugin now trips for any 5xx status code, not just 500 [#2660]
๐ฑ โ ๏ธ Deprecated
auth
field in favour ofauth_configs
in api definition object [#2580]{ "auth_configs": { "authToken": {"auth_header_name": "My-Auth-Header-Key"} "basic": {"auth_header_name": "My-Basic-Auth-Header-Key"}, ... } }
๐ This enables better control with multiple chained authentication mechanisms enabled for an API. Now we can set distinct Headers for different auth modes.
- Redis
MGET
driver fix in cluster mode [#2703]
๐ Commands performing multiple keys operations (such as MGET) cannot be supported when using a cluster of Redis nodes because they are commands meant to operate atomically on a single node.MGET
has been resolved by aggregating the result of severalGET
commands.
Tyk Dashboard 1.9.2
๐ป Resolved a UI error which made it impossible to delete a portal navigation item from the admin dashboard
๐ Improved guidance for custom domains regex in Dashboard API Designer
๐ Updating the developer portal catalogue no longer generates a new URL for portal documentation. This allows portal documentation to be shared publicly and updated without causing 404 broken links
Converted API version expiry date to UTC format to handle timezone differences
๐ Fixed catalogue issues during a key request in a multi-selection flow
๐Require Key Approval
feature wasn't working correctly in a multi API flow. Now, all cases are fixed.๐ Fixed pagination issues
Page count was wrong on some lists such policies, APIs etc.๐ Showed policy name along with ID for OIDC authentication
On OIDC authentication, once a policy is added, it is identified by the policy ID, rather than the name. Now, It displays both the policy name and ID.Fixed the issue that a user can login to multiple sessions through TIB even with
disable_parallel_sessions
is set totrue
๐ Fixed
URL rewrite
triggers in case of API update
โก๏ธ When updating an API through the dashboard, the API was incorrectly modified and the advanced rewrite "match" value was incorrectly changed fromtrue
tofalse
.๐ Fixed broken key update/delete events that affect Multi-Cloud installations
๐จ Internal key event names were refactored but this broke backwards compatibility so we have returned back to the previous event names.Tyk Pump 0.8.3
๐ Handled unsupported MongoDB characters [TykTechnologies/tyk-pump/issues/113]
๐ MongoDB doesn't support.
in parent field names. Should a path contain.
, mongoDB would get corrupted. We have now replaced the.
character with its Unicode equivalent.โ Added support for pumping to an Elasticsearch Cluster [TykTechnologies/tyk-pump/pull/180]
๐ Previously, it was only possible to pump analytics to a single Elasticsearch endpoint. Due to this limitation, it was not previously possible to support Elasticsearch clusters.๐ Resolved issue where aggregate TCP proxy analytics were incorrectly calculated [TykTechnologies/tyk-pump/issues/182]
Tyk MDCB 1.7.1
Enable http profiling by setting
"enable_http_profiler": true
intyk_sink.conf
โ Added new configuration options:
๐ทignore_tag_prefix_list
(in mongo aggregate and hybrid pump): It will not store analytics for tags having a prefix specified in the list. Note: The prefix "key-" is added in the list by default. This tag is added by the Gateway for keys.threshold_len_tag_list
(in mongo aggregate pump): If the number of tags in a document grows beyond a specified value, the pump will throw a warning. The warning will print the top5
common tag prefixes. The default value is1000
. To disable alerts set it to-1
.๐
store_analytics_per_minute
: Currently, aggregate data is generated per hour. If this option is enabled, aggregate data will be generated per minute.track_all_paths
: Currently, analytics for an endpoint is stored only if theTrack Endpoint
plugin is enabled on that endpoint. Iftrack_all_paths
is enabled, it will store analytics for all the endpoints, irrespective ofTrack Endpoint
plugin.๐ Fixed Redis connection leak
- Redis