Tyk Gateway 5.0.11
Fixed
- Updated Tyk OAS API definition json schema to validate the domain name in upstream certificates and public key pinning
- Prefetch session expiry information from MDCB to reduce API call duration in case gateway is temporarily disconnected from MDCB
- Fixed automated token trimming in Redis, ensuring efficient management of OAuth tokens by implementing a new hourly job within the Gateway and providing a manual trigger endpoint
- Fixed a bug in the Tyk OAS Validate Request middleware where we were not correctly validating date-time format schema, which could lead to invalid date-time values reaching the upstream services.
- Fixed a performance issue when certain claims are present in the JWT.
- Fixed a bug where the encoding from the GQL upstream cache was causing readability problems in the response body.
- Fixed an issue where reloading a bundle containing JS plugins could cause the Gateway to panic.
- Addressed a memory leak issue in Tyk Gateway linked to a logger mutex change introduced in v5.2.4. Reverting these changes has improved connection management and enhanced system performance.
- Optimised the allocation behaviour of our sliding window log rate limiter implementation (Redis Rate Limiter). Previously the complete request log would be retrieved from Redis. With this enhancement only the count of the requests in the window is retrieved, optimising the interaction with Redis and decreasing the Gateway memory usage.
Tyk Dashboard 5.0.11
Fixed
- Improved the documentation to explain the usage of PUT /admin/organisations/{ORG_ID}
- Fixed an issue where applying security policies to large numbers of APIs took a long time. We’ve implemented bulk processing in the validation step at the api/portal/policies/POLICY_ID endpoint, resulting in an 80% reduction in the time taken to apply a policy to 2000 APIs.
- Fixed SSO flow for classic developer portal
- Moved all HTML inline scripts to their own script files, to accommodate the Content security policies that have been enabled, to increase security.
- Removed strict validation over description field in mock response when using Tyk OAS, for the response status codes and headers.