Tyk Gateway 5.0.14
Fixed
- We have introduced two new options in the Gateway configuration that will enforce prefix and/or suffix matching when Tyk performs checks on whether middleware or other logic should be applied to a request.
enable_path_prefix_matching
ensures that the start of the request path must match the path defined in the API definition
enable_path_suffix_matching
ensures that the end of the request path must match the path defined in the API definition
combiningenable_path_prefix_matching
andenable_path_suffix_matching
will ensure an exact (explicit) match is performed
These configuration options provide control to avoid unintended matching of paths from Tyk's default wildcard match. Use of regex special characters when declaring the endpoint path in the API definition will automatically override these settings for that endpoint.
Tyk recommends that exact matching is employed, but both options default tofalse
to avoid introducing a breaking change for existing users. - Fixed an issue when using granular Path-Based Permissions in access policies and keys that led to authorization incorrectly being granted to endpoints if an invalid regular expression was configured in the key/policy. Also fixed an issue where path-based parameters were not correctly handled by Path-Based Permissions. Now Tyk's authorization check correctly handles both of these scenarios granting access only to the expected resources.
- Fixed an issue where a parameterized endpoint URL (e.g. /user/{id}) would be invoked if a request is made that omits the parameter. For example, a request to /user/ will now be interpreted as a request to /user and not to /user/{id}.
- Enhanced Tyk Gateway synchronization with MDCB to ensure reliable policy and API loading. Implemented synchronous initialization process to prevent startup failures and potential service disruptions.
Tyk Dashboard 5.0.14
Fixed
- We fixed the issue with 429 status codes not being shown on the
Activity Overview page - We fixed the portal graphs when using Postgres This was done by adding
a default resolution to the query (grouping by “day” by default) - The Error Breakdown was having some issues regarding dates, it's been fixed by adjusting date parameters