Tyk Gateway 4.0.16
Fixed
- Fixed a bug where gateway logs were not honouring
enable_key_loggingsetting - Fixed a bug where enforced timeout values wouldn't be correct on a per-request basis. As we enforced timeouts only on the transport level, and created the transport only once within
max_conn_time, the timeout in effect was not deterministic. - Fixed a minor issue with Go Plugin virtual endpoints where a runtime log error was produced from a request, even if the response was successful. Thanks to @uddmorningsun for spotting this and proposing a fix.
- Fixed a bug where, when using MongoDB, Tyk could incorrectly grant access to an API using a key after that API had been deleted from a policy.
- Fixed a bug where Tyk could return the wrong error code when a websocket upstream responds with error
- Fixed a bug where keys linked to multiple policies become unusable if one of the policies is removed.
- Remove the extra chunked transfer encoding that was added to
rawResponseanalytics - Updated the default Hybrid Pump RPC pool size from 20 to 5 connections in order to reduce default CPU and memory footprint
- Fixed a bug where the Gateway did not correctly close idle upstream connections (sockets) when configured to generate a new connection after a configurable period of time (using the
max_conn_timeconfiguration option). - Fixed a bug where the URL Rewrite middleware did not correctly handle escaped characters in the URL.
- Fixed a potential performance issue related to high rates of Gateway reloads (when the Gateway is updated due to a change in APIs and/or policies)
- Fixed a memory leak that occurred when setting the strict routes option to change the routing to avoid nearest-neighbour requests on overlapping routes (
TYK_GW_HTTPSERVEROPTIONS_ENABLESTRICTROUTES) - Fixed one Critical and six High CVEs reported in the Plugin Compiler.
- Fixed automated token trimming in Redis, ensuring efficient management of OAuth tokens by implementing a new hourly job within the Gateway and providing a manual trigger endpoint.
- Fixed a bug that was introduced in the fix applied to the URL Rewrite middleware.
Tyk Dashboard 4.0.16
Fixed
- Fixed a bug where, if you created a Key which provided access to an inactive or draft API, you would be unable to subsequently modify that Key (via the Dashboard or directly via the Tyk Gateway API)
- Fixed a bug where Dashboard would take too long loading Policies to the Gateway
- Fixed a bug where the Dashboard could timeout while loading policies at startup. Added connection_timeout configuration option (defaults to 30 seconds)
- Adjusted the description for the Policy states, so that it reflects the actual behaviour of the policy, when attached to a key.
- Optimised the loading and re-loading of APIs and Policies for complex scenarios
- Fixed a bug where searching for a User in the Tyk Dashboard didn't match partial user names.
- Moved all HTML inline scripts to their own script files, to accommodate the Content security policies that have been enabled, to increase security.