github TykTechnologies/tyk v5.0.3
Tyk Gateway v5.0.3 and Tyk Dashboard v5.0.3
on GitHub

latest releases: v5.3.6, v5.5.2, v5.5.2-rc2...
15 months ago

Tyk Gateway 5.0.3 and Tyk Dashboard 5.0.3

Fixed

  • Fixed a bug where invalid IP addresses could be added to the IP allow list
  • Fixed a bug where the Go Plugin compiler created output files with the wrong names
    -Fixed a bug when the control API is not protected with mTLS then we should not ask for a cert even if all the apis registered have mtls as authorization mechanism.
  • Fixed a bug where an mTLS request with an expired certificate allowed the request to be proxied upstream in static mTLS and dynamic mTLS
  • Fixed a bug where OAuth access keys were physically removed from Redis on expiry; behaviour for OAuth is now the same as for other authorisation methods.
  • Added support for the :authority header when making grpc requests. Thanks to vanhtuan0409 from the Tyk Community for this contribution.
  • Fixed a bug where the global_size_limit setting didn't enable Request Size Limit middleware. Thanks to @PatrickTaibel for the contribution!
  • Fixed a bug where null on required scalar variables are now being catched as expected
  • Fixed a bug where upstream JSON error message was not passed to the consumer. It is now included in "extensions" section of GQL error response
  • Fixed an issue where failure to load Otto (JS) middleware didn’t prevent the API from proxying traffic to the upstream; now Gateway logs an error when the plugin fails to load (during API creation/update) and responds with HTTP 500 if the API is called.
  • Fixed a bug where Tyk could return the wrong error code when a websocket upstream responds with error
  • Fixed a bug where the basic auth password hash was included in the response when GETting the details of a key
  • Fixed a bug where Tyk might not correctly complete mTLS authentication with the client before contacting the upstream service.
  • Fixed a bug where upstream certificates can be ignored when API protocol is TCP/TLS
  • Fixed a bug where gateway panics when redis cache_storage is down
  • Updated the default Hybrid Pump RPC pool size from 20 to 5 connections in order to reduce default CPU and memory footprint. See [Pump configurations]({{< ref "tyk-pump/tyk-pump-configuration/tyk-pump-environment-variables.md" >}})
  • Fixed a bug that prevented configuration of cache timeout or cached status codes if upstream cache control was enabled.
  • Fixed a bug where Edge/Worker gateway does not load api's and policies on cold start when MDCB is down
  • Fixed a bug where RAW keys were exposed in INFO log on gateway on keyspace sync
  • Fixed a bug where the Dashboard could timeout while loading policies at startup. Added connection_timeout configuration option (defaults to 30 seconds)

Tyk Dashboard 5.0.3

Fixed

  • Fixed a bug where the Tyk Dashboard could show a blank screen when clicking on policies on the Policy Management screen
  • Fixed a bug where an API could be incorrectly labelled as using multi-auth in the Tyk Developer Portal catalogue view.
  • Fix a UI bug in the API Designer when adding all API versions to a policy
  • Fixed a bug where the Tyk Dashboard did not display Key Alias on the analytics screens when using SQL for the analytics data store.
  • Fixed a bug where it was not possible to download Activity by API or Activity by Key from the Dashboard when using PostgreSQL for the analytics store.
  • Improved Dashboard Analytics experience to respect API Ownership (including versions) for log browser and some charts
  • Fixed a bug where a new user could be stuck in a password reset loop in the dashboard if TYK_DB_SECURITY_FORCEFIRSTLOGINPWRESET was enabled.
  • Changed service discover cache settings contract, in the OAS API definition, so that it matches all the other cache contracts, defined in the definition. Both the Dasbhoard UI and API, offer support for backwards compatibility.
  • The "Gateway Dashboard" page showing API analytics is now hidden if the logged in user doesn't have analytics rights.
  • Feature: Improve portal performance by pre-fetching required data by a few calls instead of thousands.
  • Fixed a bug where the Tyk Dashboard could show a blank screen when policies with custom policy IDs were added to an API key
  • Fixed a bug where Tyk Dashboard did not properly display the list of organisations
  • Fixed a bug where the HEAD option was not available in the Allowed Methods dropdown in the CORS section of the API Designer
  • Fixed a bug where SSOOnlyForRegisteredUsers=true, also checks if user belongs to the organization
  • Fixed storing the ssl_force_common_name_check field in the API Definition, if this was set via raw API editor or by updating the API Definition via the GW/DB API.
  • Fixed a bug where ui data graph is created with multiple words
  • Fixed a bug where API Ownership was not respected in the API Activity Dashboard Requests and Average Errors Over Time charts in the Tyk Dashboard; note that it is not currently possible to respect API Ownership in other aggregated charts
  • Fixed a bug where a user could update their email address to match that of another user within the same Organisation..
  • Fixed a bug where users without user:write permission were able to update their permissions through manipulation of Dashboard API calls.
  • Fixed a bug that prevented manual allocation of api_id during API creation.
  • Fixed a bug where the versions endpoint returned APIs not owned by the logged-in user.
  • Fixed a bug where the log browser showed analytics for APIs not owned by the logged-in user.
  • Fixed a bug where security headers were not present when classic portal is configured with a custom domain.
  • Fixed a bug that prevented non-admin users from seeing Endpoint Popularity data in the Tyk Dashboard
  • Fixed a bug where additional data was returned when requesting analytics with p=-1 query when using SQL for the analytics store.
  • Fixed a bug where the Dashboard granted visibility of unfiltered analytics when API Ownership is enabled. New user permission (owned_analytics) restricts visibility only to analytics for the owned APIs: API Usage, API Errors and Request Logs.
  • Fixed a bug where the Dashboard API granted unfiltered access to analytics endpoints with API Ownership enabled.
  • Fixed a bug where the Tyk Dashboard did not display the correct analytics when filtering by ‘tag’ and using SQL for the analytics data store.
  • Fixed a bug in the Dashboard Analytics where the zoom would immediately reset to default
  • Fixed a bug where in Tyk 5.0.2, Dashboard goes into panic when portal manifest file is applied via Tyk Operator
Check out latest releases or
releases around TykTechnologies/tyk v5.0.3

Don't miss a new tyk release

NewReleases is sending notifications on new releases.

Get notifications