Tyk Gateway 3.0.9
- Improved Mutual TLS auth, now it reads full client certificate directly from HTTP request, instead of relying on its fingerprint
- Fixed removal of keys from workers gateways in MDCB environment, when key gets updated
- Add support for using query parameters in request signature validation. Signature configuration options now have new options, example:
{“use_param”: true, “param”: “foo”}
- In MDCB environment ensure that certificate removal gets propagated to worker gateways.
- Fixed uptime checks when threshold is bigger then time_wait values (30s+)
- Fixed stripping authentication value from cookies
- Fixed SSE and websockets working together
- Fixed cache invalidation in MDCB environment
- Fixed using of uploaded certificates when specifying them in gateway config via
http_server_options.ssl_certificates
option - Make JWT errors lets verbose in order to not expose security configuration
- Ensure that duplicate analytics tags is removed
- Fix HTTP version in analytics when using Virtual Endpoints
Tyk Dashboard 3.0.9
- Fixed CosmosDB 4.0 issues
- Added support for new request signature configuration options (see above)
- Fixed adding multiple advanced URL triggers of the same type
- Fixed SSO SAML vulnerability CVE-2020-29509 CVE-2020-29510 CVE-2020-29511
- Fixed errors in the dashboard logs during SSO login for temporary users