github TykTechnologies/tyk v4.0.14
Tyk Gateway v4.0.14 and Tyk Dashboard v4.0.14
on GitHub

latest releases: v5.3.8-rc2, v5.3.8-rc1, v5.3.8-alpha1...
16 months ago

Tyk Gateway 4.0.14

Fixed

  • Fixed a bug where Tyk could return HTTP 500 Internal Server Error when load balancing at very high API traffic levels
  • Fixed a bug where invalid IP addresses could be added to the IP allow list
  • Fixed a bug where an mTLS request with an expired certificate allowed the request to be proxied upstream in static mTLS and dynamic mTLS
  • Fixed a bug where OAuth access keys were physically removed from Redis on expiry; behaviour for OAuth is now the same as for other authorisation methods.
  • Added support for the :authority header when making grpc requests. Thanks to vanhtuan0409 from the Tyk Community for this contribution.
  • Fixed a bug where the global_size_limit setting didn't enable Request Size Limit middleware. Thanks to @PatrickTaibel for the contribution!
  • Fixed a bug where null on required scalar variables are now being catched as expected
  • Fixed a bug where upstream JSON error message was not passed to the consumer. It is now included in "extensions" section of GQL error response
  • Fixed an issue where failure to load Otto (JS) middleware didn’t prevent the API from proxying traffic to the upstream; now Gateway logs an error when the plugin fails to load (during API creation/update) and responds with HTTP 500 if the API is called.
  • Fixed a bug where the basic auth password hash was included in the response when GETting the details of a key
  • Fixed a bug where Tyk might not correctly complete mTLS authentication with the client before contacting the upstream service.
  • Fixed a bug where upstream certificates can be ignored when API protocol is TCP/TLS
  • Fixed a bug where gateway panics when redis cache_storage is down
  • Fixed a bug that prevented configuration of cache timeout or cached status codes if upstream cache control was enabled.
  • Fixed a bug where Edge/Worker gateway does not load api's and policies on cold start when MDCB is down
  • Fixed a bug where RAW keys were exposed in INFO log on gateway on keyspace sync

Tyk Dashboard 4.0.14

Fixed

  • Fixed a bug where the Tyk Dashboard could show a blank screen when clicking on policies on the Policy Management screen
  • Fixed a bug where Custom Authentication could not be selected to provide the base identity when multi-auth selected
  • Fixed a bug where an API could be incorrectly labelled as using multi-auth in the Tyk Developer Portal catalogue view.
  • Fixed a bug where in the API Designer when adding all API versions to a policy
  • Fixed a bug where the Tyk Dashboard did not display Key Alias on the analytics screens when using SQL for the analytics data store.
  • Fixed a bug where it was not possible to download Activity by API or Activity by Key from the Dashboard when using PostgreSQL for the analytics store.
  • Improved Dashboard Analytics experience to respect API Ownership (including versions) for log browser and some charts
  • Fixed a bug where a new user could be stuck in a password reset loop in the dashboard if TYK_DB_SECURITY_FORCEFIRSTLOGINPWRESET was enabled.
  • The "Gateway Dashboard" page showing API analytics is now hidden if the logged in user doesn't have analytics rights.
  • Fixed: Redirect unregistered user to new page when SSOOnlyForRegisteredUsers is set to true
  • Fixed a bug where the Tyk Dashboard could show a blank screen when policies with custom policy IDs were added to an API key
  • Fixed a bug where Tyk Dashboard did not properly display the list of organisations
  • Fixed a bug when migrating a portal catalogue with deleted policy from MongoDB to SQL.
  • Fixed a bug where the HEAD option was not available in the Allowed Methods dropdown in the CORS section of the API Designer
  • Fixed a bug where SSOOnlyForRegisteredUsers=true, also checks if user belongs to the organization
  • Fixed a bug where storing the ssl_force_common_name_check field in the API Definition, if this was set via raw API editor or by updating the API Definition via the GW/DB API.
  • Fixed a bug where API Ownership was not respected in the API Activity Dashboard Requests and Average Errors Over Time charts in the Tyk Dashboard; note that it is not currently possible to respect API Ownership in other aggregated charts
  • Fixed a bug where a user could update their email address to match that of another user within the same Organisation..
  • Fixed a bug where users without user:write permission were able to update their permissions through manipulation of Dashboard API calls.
  • Fixed a bug that prevented manual allocation of api_id during API creation.
  • Fixed a bug where the versions endpoint returned APIs not owned by the logged-in user.
  • Fixed a bug where the log browser showed analytics for APIs not owned by the logged-in user.
  • Fixed a bug where security headers were not present when classic portal is configured with a custom domain.
  • Fixed a bug that prevented non-admin users from seeing Endpoint Popularity data in the Tyk Dashboard
  • Fixed a bug where additional data was returned when requesting analytics with p=-1 query when using SQL for the analytics store.
  • Fixed a bug where the Dashboard granted visibility of unfiltered analytics when API Ownership is enabled. New user permission (owned_analytics) restricts visibility only to analytics for the owned APIs: API Usage, API Errors and Request Logs.
  • Fixed a bug where the Dashboard API granted unfiltered access to analytics endpoints with API Ownership enabled.
  • Fixed a bug where the Tyk Dashboard did not display the correct analytics when filtering by ‘tag’ and using SQL for the analytics data store.
  • Fixed a bug in the Dashboard Analytics where the zoom would immediately reset to default
Check out latest releases or
releases around TykTechnologies/tyk v4.0.14

Don't miss a new tyk release

NewReleases is sending notifications on new releases.

Get notifications