Tyk Gateway
Added
- Added a new
enable_distributed_tracingto the NewRelic config to enable support for Distributed Tracer
Fixed
- Fixed panic when JWK method was used for JWT authentication and the token didn't include kid.
- Fixed an issue where failure to load GoPlugin middleware didn’t prevent the API from proxying traffic to the upstream; now Gateway logs an error when the plugin fails to load (during API creation/update) and responds with HTTP 500 if the API is called. At the moment fixed only for file based plugins.
- Fixed MutualTLS issue causing leak of allowed CAs during TLS handshake when there are multiple mTLS APIs
- Fixed a bug during hot reload of Tyk Gateway where APIs with JSVM plugins stored in filesystem were not reloaded.
- Fixed a bug where the gateway would remove the trailing
/at the end of a URL - Fixed a bug where nested field-mappings in UDG weren't working as intended
- Fixed a bug when using Tyk OAuth 2.0 flow on Tyk Cloud where a request for an Authorization Code would fail with a 404 error.
- Fixed a bug where mTLS negotiation could fail when there are a large number of certificates and CAs; added an option (http_server_options.skip_client_ca_announcement) to use the alternative method for certificate transfer.
- Fixed CVE issue with go.uuid package
- Fixed a bug where rate limits were not correctly applied when policies are partitioned to separate access rights and rate limits into different scopes.
Tyk Dashboard
Added
- Improved security for people using the Dashboard by adding the Referrer-Policy header with the value
no-referrer. - Added ability to select the plugin driver within the Tyk OAS API Designer.
Changed
- When creating a new API in the Tyk OAS API Designer, caching is now disabled by default.
Fixed
- Fixed a bug where a call to the
/helloendpoint would unnecessarily loghttp: superfluous response.WriteHeader call. - Fixed a bug where the Dashboard was showing Average usage over time for all Developers, rather than just those relevant to the logged in developer.
- Fixed a bug where logged in users could see Identity Management pages, even if they didn't had the rights to use these features.
- Fixed a bug that prevented Tyk Dashboard users from resetting their own passwords.
- Fixed issue with GraphQL proxy headers added via UI
- Fixed a bug where the Dashboard would not allow access to any screens if a logged in user didn’t have access to the APIs resource regardless of other access rights.
- Fixed a bug on the key management page where searching by key_id did not work - you can now initiate the search by pressing enter after typing in the key_id.
- Fixed a bug where Dashboard API could incorrectly return HTTP 400 when deleting an API.
- Fixed UDG UI bug that caused duplicate data source creation on renaming
- Fixed schema validation for custom domain in Tyk OAS API definition
- Fixed a bug where the left menu did not change when Dashboard language was changed.
- Fixed a bug that caused the Dashboard to report errors when decoding multiple APIs associated with a policy.
- Fixed a bug where it was not possible to disable the Use Scope Claim option when using JWT authentication
- Fixed a bug in the default OPA rule that prevented users from resetting their own password
- Fixed a bug where authToken data was incorrectly stored in the JWT section of the authentication config when a new API was created