TykTechnologies/tyk v5.11.1-alpha2 on GitHub

What's Changed

[TT-11185] release docs 5.3.0 update by @titpetric in #6079
[TT-11405] Updating JSON tags and field names for TLS max and min versions by @mativm02 in #6078
TT-10962 by @kofoworola in #6072
[TT-11388]: updated opentelemtry library and added tests for new span keys by @kofoworola in #6087
[TT-11377] Adding “node_is_segmented” flag under “node” to complement “tags” by @mativm02 in #6093
[TT-11413] Fix apidef GlobalRateLimit migrations by @titpetric in #6086
TT-11288 Revert logger mutex by @sredxny in #6103
[TT-11197] Upgrade google/grpc by @titpetric in #6100
[TT-11440/TT-11461] Add functionName to replace name in OAS virtual endpoint and endpoint post plugin by @jeffy-mathew in #6098
[TT-11439/TT-11452] fix custom plugins contract by @jeffy-mathew in #6097
[TT-11295] Update graphql-go-tools dependency by @buraksezer in #6112
[TT-11389]: moved graphql span attributes by @kofoworola in #6088
TT-11443 Shim to keep compatibility in goplugins importing tyk redis by @sredxny in #6096
[TT-11452] remove unused migrate func by @jeffy-mathew in #6117
TT-11485, fix for global rate limit disabled flag not working by @andrei-tyk in #6120
[SYSE-332] Fail tests reliably by @ermirizio in #6130
[TT-11197] Bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 by @dependabot[bot] in #6124
[TT-11549/TT-11597] Auto generated from templates by gromit by @jeffy-mathew in #6138
[TT-10856/TT-11593]fix quota limits not working with url rewrite to self by @jeffy-mathew in #6133
[TT-11627] Migrate failling to golangci-lint/forbidigo, fix issues by @titpetric in #6152
[TT-11197]update hashicorp vault by @jeffy-mathew in #6150
[TT-10909]: fix issue with missing upstream headers in graphql proxy only by @kofoworola in #6166
[TT-6011] Fix non-functional coprocess apis, add tests by @titpetric in #4055
[TT-11684] OAS-to-UDG converter - import paths & cleanup by @buraksezer in #6181
[TT-11735] Exclude testdata from sonarcloud by @titpetric in #6182
[TT-10104] JS middleware + ignore auth test and fix for panic by @titpetric in #6180
Update README.md by @letzya in #6035
[TT-11746] Add linter for regression test names by @titpetric in #6191
[TT-11585] Process DeleteAPICache event by @jeffy-mathew in #6190
[TT-10856/TT-11778] fix quota limit remaining header value when key is created from policy and API is looped by @jeffy-mathew in #6199
[SYSE-336 master] Followup from March template application by @alephnull in #6207
TT-7560, fixed issue with bundles loading with bad sign/checksum by @andrei-tyk in #6165
[SYSE-353 master] Fix tyk-ci fetch mechanism by @ermirizio in #6213
[TT-7560] skip loading API when custom middleware bundle fetch fails by @jeffy-mathew in #6211
TT-11748 dont attempt to remove ApiCacheDeletion key from redis by @sredxny in #6215
[TT-9972] release resources only after specs are completely switched during hot reload by @jeffy-mathew in #5535
[TT-11925] Reset plugin compiler build env to match gateway build env by @titpetric in #6234
[TT-11655] Graphql APIs are unable to handle OPTIONS requests by @rhianeKobar in #6221
[SYSE-358 master] April template application by @ermirizio in #6248
[TT-11991]: added request_headers_rewrite by @kofoworola in #6257
[TT-11966/TT-12064] implement OAS webhooks events by @jeffy-mathew in #6258
[TT-10291]: support gql-go-tools verison 2 by @kofoworola in #6240
[TT-12064]Update Cast function signature by @jeffy-mathew in #6261
[TT-10291]: upgrade gql-tools for v2 by @kofoworola in #6264
[TT-11966/TT-12064] refactor oas events, update contract by @jeffy-mathew in #6263
[TT-11966/TT-12064] update typo in cooldown period by @jeffy-mathew in #6266
[TT-11966/TT-12064] handle edge case with empty event handlers by @jeffy-mathew in #6267
[TT-12114]update goerr113 with err113 by @jeffy-mathew in #6268
[SYSE-363 master] May template application by @alephnull in #6270
update graphql-go-tools (TT-9884) by @pvormste in #6274
[TT-5790] Update EnsureTransport and related tests by @titpetric in #6243
[TT-11990] Change default behaviour of request_headers by @buraksezer in #6277
[TT-11954/TT-12155] add x-tyk-api-gateway.servers.contextVariables.enabled by @jeffy-mathew in #6281
[TT-7325] Enable fixed window rate limiter by @titpetric in #6253
[TT-11954/TT-12115]fix location of contextVariables by @jeffy-mathew in #6285
[TT-11739] Clean up rate limiting area, decouple GlobalConfig in APISpec by @titpetric in #6262
[TT-11914/TT-12101]Add OAS trafficLogs by @jeffy-mathew in #6287
[Test] Updates for opentelemetry test, use golang_cross in GH build cache key by @titpetric in #6282
[TT-11806] Respect domain and listen path by @titpetric in #6289
[DX-1345] Update config description for inclusive naming project by @dcs3spp in #6286
[TT-12153]: Fix/complexity checker and granular access checker v3-preview by @kofoworola in #6293
[TT-12193] Fix poor error handling in webhook event templates by @titpetric in #6303
add features section to graphql proxy config by @pvormste in #6298
[TT-12193] Add log for event handler webhook by @titpetric in #6310
[TT-12193] Update error handling on webhook events when the event template has errors by @titpetric in #6312
[TT-11997] Backend logic for request_headers_rewrite by @buraksezer in #6306
[TT-12095] Fixing unhashed API keys exposed in OTEL spans by @mativm02 in #6296
[TT-11470] Add human identifiable information in NodeData by @padiazg in #6229
add logic for use_immutable_headers (TT-12190) by @pvormste in #6315
[TT-11997] Header case insensitivity by @buraksezer in #6316
[TT-3738] Implement rate limit smoothing by @titpetric in #6295
[TT-11739] Re-add gateway.RateLimitExceeded (Dashboard coupling) by @titpetric in #6318
[TT-11739] Fix RateLimitExceeded var name to include Event prefix by @titpetric in #6319
feat/TT-9462/tag-cached-response by @joshblakeley in #6308
[TT-12186] Fixes TestOAS_ExtractTo_ResetAPIDefinition with a valid event config by @titpetric in #6321
[TT-12312] update openapi spec version by @jeffy-mathew in #6323
[TT-12313, TT-12222] Update graphql-go-tools by @buraksezer in #6326
[TT-12323] fix panic when webhook handler is disabled by @jeffy-mathew in #6334
[TT-12311] exp/modcheck: Update go.mod dependencies by @buger in #6337
[TT-12365] Add new events to validate in x-tyk-api-gateway by @titpetric in #6347
[TT-9864] Optimize the creation/usage of AST documents by @buraksezer in #6345
[TT-12285] Add smoothing, fix duplicate x-go-name by @titpetric in #6346
TT-12347 fix management of custom keys in mdcb installations by @sredxny in #6353
[TT-12425] exp/modcheck: Update go.mod dependencies by @buger in #6363
[TT-11762] fix nil err return by @jeffy-mathew in #6365
[TT-10532] Update taskfile, CI tests by @titpetric in #6350
[TT-10532] Fix golangci-lint step to exit 0 by @titpetric in #6369
[DX-1084] Add documentation to protobuf source code files for review by @dcs3spp in #6251
[TT-12454] Extract ApplyPolicies into internal/policy scope by @titpetric in #6367
fix unnecessary call to DeleteRawKey if no allowance scope is defined (TT-11721) by @pvormste in #6373
Remove redis5 in CI pipeline by @titpetric in #6379
TT-12306, addressed changes suggested in the tyk-docs PR by @andrei-tyk in #6377
[TT-12234]update go1.21 version by @jeffy-mathew in #6385
[DX-1473] Replace authorise with authorize by @dcs3spp in #6383
[SYSE-370 master] June template application by @alephnull in #6331
[TT-11032] Godoc CI lint action, config and apidef/oas by @titpetric in #6386
[TT-12503] Render ID type as a String by @buraksezer in #6390
[TT-12318] SSE streaming is broken by @titpetric in #6391
[SYSE-370 master] June template application by @ermirizio in #6403
[SYSE-370 master] June template application by @ermirizio in #6410
[TT-12575] Add coverage to gitignore, add package to regression to fix api changes by @titpetric in #6400
[TT-1570/TT-12587]mTLS: allow validating client certificates against root certificate authority by @jeffy-mathew in #6405
[TT-1570/TT-12588] extend certs endpoint with is_ca by @jeffy-mathew in #6406
[TT-12618] Refactor/checkspec findspec by @titpetric in #6415
[TT-12618] Add RateLimit per-path settings to apidefinition classic, add test case by @titpetric in #6413
[TT-12634] Add oas contract and migrations to/from classic apidef by @titpetric in #6416
[TT-12519], added necessary logic for UrlVersioningPattern by @andrei-tyk in #6401
[TT-12587] verify root CA on certificate check mw by @jeffy-mathew in #6422
[TT-12195] : Public playground still shows schema when introspection is turned off by @jay-deshmukh in #6397
TT-12380 Fill latency analytics field by @sredxny in #6421
[TT-12635] Update swagger.yml with ExtendedPathsSet.RateLimitMeta by @titpetric in #6417
[TT-12688] Ensure OAS API paths get applied to gateway by length, sort by path by @titpetric in #6425
[TT-11753] fix thelper.bug.major lint error by @jeffy-mathew in #6429
[TT-12688] extractto to honor sorting by @titpetric in #6430
[TT-11810] Plugin bundles: fix slow tests, improve internal signature verifier API by @titpetric in #6203
[TT-12698] Add linter to gateway to check for named scope conflicts by @titpetric in #6409
[TT-11758] fix sonarcloud reported issues on errorlint.bug.major by @jeffy-mathew in #6434
[TT-11758] fix sonarcloud reported issues on errorlint.bug.major by @jeffy-mathew in #6435
[DX-1508, DX-1511] Update config.go godoc comments with American spelling conversions by @dcs3spp in #6436
[TT-12762]respect response plugins contract over responsePlugin.plugins by @jeffy-mathew in #6441
[TT-12762] remove main bin by @jeffy-mathew in #6445
[TT-12816] Fix/distroless python release tests by @jeffy-mathew in #6455
[DX-1599] Update ports_whitelist config documentation by @dcs3spp in #6454
[TT-11726]: This optimizes the deletion of keys using a single command by @kofoworola in #6427
[SYSE-370 master] June template application by @alephnull in #6418
[TT-12566/TT-12851] Add client endpoint rate limiter by @jeffy-mathew in #6462
[TT-12862] refactor apply policy by @jeffy-mathew in #6465
[TT-12862] apply per api rate limits from policy by @jeffy-mathew in #6467
[TT-12550] policy key path permissions problem by @titpetric in #6437
[TT-12886] apply per endpoint rate limits by @jeffy-mathew in #6468
[TT-12892] use same url matching logic in endpoint rate limiting as of allowed urls by @jeffy-mathew in #6470
[TT-12566/TT-12927] fix merging rate limits by @jeffy-mathew in #6472
[TT-11672] Update description of CertificatesConfig.Upstream by @dcs3spp in #6169
[TT-12562/TT-12815] go 1.22 upgrade by @jeffy-mathew in #6452
[TT-12452] Clear up quota gated with a distributed redis lock by @titpetric in #6448
[TT-12975] Fix flaky test caused by missed Close invocation by @titpetric in #6481
[TT-12355] added log format config, func and test cases by @LLe27 in #6344
[TT-1944] Fix regex matching for parameters by @titpetric in #6480
added a waitgroup to wait until all the pool connections are dialed by @sredxny in #6487
[TT-12964] ignore endpoint rate limit configurations when rate limit partition is disabled by @jeffy-mathew in #6491
[TT-13011] implement combining endpoint rate limits from non partitioned policies. by @jeffy-mathew in #6494
[TT-13041] Adjust quota handling of missing or expired keys by @titpetric in #6492
[TT-13048] Flaky test due to using httpbin org, improvements by @titpetric in #6504
[TT-12865] URL matching prefixes/explicit, regex support by @titpetric in #6475
[TT-12865] Rename config parameter, update usage, support mux params on legacy by @titpetric in #6506
[TT-2539] added access/transaction logs by @LLe27 in #6354
[TT-12893]: Adding first implementation of streams API by @kofoworola in #6496
Revert "[TT-12893]: Adding first implementation of streams API" by @titpetric in #6509
[TT-12494] Fix flaky TestCacheEtag and related cache tests by @titpetric in #6508
Revert "[TT-2539] added access/transaction logs" by @jeffy-mathew in #6524
[TT-13098] [master] exp/modcheck: Update go.mod dependencies by @buger in #6523
[TT-13109]Generate New Swagger and Update Validator for Gateway by @yurisasuke in #6231
[TT-13107] Remove verbose error logging if quota is disabled by @titpetric in #6528
[TT-13122] build multiarch image on 1.22-bullseye by @jeffy-mathew in #6549
[TT-13128] Updated description for prefix and suffix matching config options by @lghiur in #6555
[TT-13087] Adjust example gateway config, to have match preficing explicit by default by @lghiur in #6564
TT-13130 only mark the wg as done when the connection is stablished by @sredxny in #6574
[TT-12893]: Adding first implementation of streams API by @kofoworola in #6511
[TT-13175] Refactor apply policies test by @jeffy-mathew in #6585
[TT-13175] add t.helper to helper functions by @jeffy-mathew in #6587
[TT-13176]: update graqhql go tools by @kofoworola in #6586
[TT-13136] Adjust concurrency group to CI tests, extend to all workflows by @titpetric in #6560
[SYSE-394 master] Fix test code base for Tyk-Analytics PRs by @konrad-sol in #6583
[TT-13088] Fixed godoc for path prefix and sufix configs by @lghiur in #6610
[TT-13186/TT-13199] implement upstream basic authentication by @jeffy-mathew in #6596
[TT-13243] Test/ci improvements by @titpetric in #6611
[TT-13139] Request times out in some cases when sending input via http inputs by @buraksezer in #6601
[TT-13238] Clean up RPC data model by @titpetric in #6608
[TT-13242] Moved/Cleaned up nestedApiDefinition to model.MergedAPI by @titpetric in #6609
[TT-13258] exp/workflow-lint: Update to latest known actions by @buger in #6620
[TT-13266] Fix python tests by @titpetric in #6624
[TT-12897] Merge path based permissions when combining policies by @titpetric in #6597
[TT-13262] Fix/delete build cache for plugin compiler by @titpetric in #6623
[TT-8004/TT-13092]enable validate request middleware during OAS import when parameters are specified on endpoint groups by @jeffy-mathew in #6618
[TT-13186/TT-13199] replace auth header instead of adding auth header by @jeffy-mathew in #6631
[TT-13280] Adjust golangci-lint to raise up errors in PRs directly by @titpetric in #6634
TT-13130 updated version of gorpc library and prevent panic on reconnect edge by @sredxny in #6629
[TT-13184] Implement OAuth 2.0 Client Credentials Flow for GW authentication with upstream by @andrei-tyk in #6633
[TT-12897/TT-13284] Add additional partitioned test case, fix ordering issue by @titpetric in #6635
[TT-12814] Make schema more flexible, don't enforce additionalProperties: false by @titpetric in #6640
TT-13130 update gorpc version by @sredxny in #6644
Tt 13184 Upstream OAuth2 updates to fix TTL issue by @andrei-tyk in #6643
[TT-12990] fix upstream endpoint RL not considering endpoint method by @jeffy-mathew in #6651
TT-13269 - Refactor/streams by @titpetric in #6593
[TT-12702] revert wrappedServeHTTP to use recordDetail by @jeffy-mathew in #6654
[TT-11426/TT-13322] Add deprecation notice for external OAuth middleware by @jeffy-mathew in #6657
[TT-13185] Implement Password Flow OAuth by @andrei-tyk in #6649
[TT-13381] Linters should only work for PRs by @titpetric in #6664
[TT-12417] Do not delete keys on synchronization by @mativm02 in #6642
[TT-13185] reorganize contract in upstream oauth by @andrei-tyk in #6668
[TT-13271] custom oauth response fields by @andrei-tyk in #6660
[TT-13400] Fixing OTel CI by @mativm02 in #6659
[TT-13359] move upstream basic auth to ee package by @jeffy-mathew in #6669
[TT-13185] upstream oauth allowed_authorize_types not being filled on API creation by @andrei-tyk in #6676
TT-13185, fixed lines lost in merge conflicts by @andrei-tyk in #6681
[TT-13375/TT-13422] Add validation rules for Upstream auth by @jeffy-mathew in #6680
[TT-13008]: modified default streams logger by @kofoworola in #6682
[TT-13185] fix missing extracts by @andrei-tyk in #6685
[TT-11426/TT-13322]add deprecation notice for oidc middleware by @jeffy-mathew in #6686
[TT-13201] Streams Definition Validator by @buraksezer in #6656
TT-13271, fix for token metadata not being cached by @andrei-tyk in #6689
[TT-12885] Add plugin development guide for manual builds by @titpetric in #6598
[TT-13391] Move upstream OAuth to EE by @andrei-tyk in #6684
improve error handling of streams in non-ee version (TT-13269) by @pvormste in #6691
[TT-13375] Improved Upstream Auth validation rules by @lghiur in #6694
add stream analytics to ee (TT-13233) by @pvormste in #6671
[TT-13271] Make enabled and allowedAuthorizeTypes required fields by @lghiur in #6673
[TT-13508] Streams poor performance when reconnecting to a Streams API by @buraksezer in #6697
[TT-13422] Do not allow empty string in upstream auth configuration strings by @jeffy-mathew in #6699
[TT-13508] Downgrade Bento to v1.2.0 and use our own fork to cherry-pick some changes from latest main branch. by @buraksezer in #6700
[TT-13535/TT-13566] make upstream oauth password client secret not required by @jeffy-mathew in #6701
Revert "[TT-13422] Do not allow empty string in upstream auth configuration strings" by @jeffy-mathew in #6702
[TT-13535/TT-13566] Make upstream oauth flow client secret omitempty by @jeffy-mathew in #6708
[TT-13485] update dependencies with vulnerabilities reported by @jeffy-mathew in #6711
[TT-13475] update OAS version by @lghiur in #6712
[TT-13535/TT-13566] Ease up required fields in classic API schema by @jeffy-mathew in #6717
[TT-13607] Only import components/io and components/kafka by @buraksezer in #6720
[TT-13507][TT-12873][TT-13141] Fix for custom domains with substring listen path by @andrei-tyk in #6705
[TT-13658] added missing logger from provider initialisation by @andrei-tyk in #6729
[TT-13439] update response content-length when response body is modified by coprocess response hook by @jeffy-mathew in #6732
[TT-13670] Decouple OAuthManager behind interface by @titpetric in #6735
[TT-13390] Silently skip loading bundle on managment node by @jeffy-mathew in #6739
[TT-13669] Add pre-commit, pre-push hooks by @jeffy-mathew in #6733
[TT-13142] Fix panic when detailed analytics is turned on with SSE streaming by @jeffy-mathew in #6727
[TT-13695] Testing fixes, skip dangerous tests by @titpetric in #6736
[TT-13698] Cache is handled by setup/go, this blocks by @titpetric in #6749
[DX-1423] Update TYK_GW_SECRETS definition by @dcs3spp in #6360
[TT-12775] Request size limit breaks GET and DELETE requests by @buraksezer in #6734
[TT-12775] Add request size limit test for POST, PUT and PATCH methods. by @buraksezer in #6751
[TT-12710]deleting All Partitioned Policies a Key is linked to does not delete the Key by @andrei-tyk in #6473
[TT-13155] Explicitly copy BaseMiddleware for each middleware that takes it by @titpetric in #6744
TT-13513 TT-12767 TT-12768 ensure to save oauth clients locally when pulled from rpc by @sredxny in #6740
[TT-13715] Upgrade to Bento v1.4.0 by @buraksezer in #6762
[TT-13608] Issues with custom scalar in query variable by @buraksezer in #6766
[TT-13217] Add updated dockerfile for python, test with 5.3.0/5.3.6-rc4 by @titpetric in #6750
[TT-13021]Transfer encoding fix by @andrei-tyk in #6770
[TT-11711] Fix listenpath validation by @titpetric in #6772
[TT-12495] Add support for RSASSA-PSS signed JWTs by @sedkis in #6368
[TT-13021] fixed missing lines by @andrei-tyk in #6787
[TT-13753] Fix sonarcloud coverage via upload-artifact by @titpetric in #6790
[TT-12741] Looped ap is wrongfully inherit the caller's authentication key when using url rewrite by @buraksezer in #6778
[TT-13741] [master] exp/modcheck: Update go.mod dependencies by @buger in #6794
[TT-13564] Add classic to OAS translation guide by @jeffy-mathew in #6774
[TT-13742] Update swagger to 5.7.1 by @lghiur in #6803
[TT-13761] add batch request to the latest open api specs by @yurisasuke in #6797
Merging to master: Merging to release-5.3: [TT-13769] Extend plugin compiler test with arm64 cross build (#6813) by @buger in #6815
[TT-13766] Bump newrelic dependency by @titpetric in #6809
[TT-11910]: added tag headers to traffic logs and tests by @kofoworola in #6818
Add tests to verify yaml conversions work by @jeffy-mathew in #6819
[TT-13723] Update to Go 1.23 by @titpetric in #6812
[TT-10070] Fix/sanitize error logging by @titpetric in #6817
[TT-11896] Add OAS IPAccessControl by @jeffy-mathew in #6824
implement api-level request size limit for oas (TT-11459) by @pvormste in #6822
[TT-11912]: Added Analytics expiry period to OAS by @kofoworola in #6825
[TT-11913] Add custom analytics plugins configuration to OAS by @buraksezer in #6829
add load balancing to oas configuration (TT-881) by @pvormste in #6830
[TT-13819] Benchmark updates, session limiter workaround for test goroutine leak by @titpetric in #6826
[TT-11909]: Added Session Lifetime to OAS by @kofoworola in #6835
fix omitempty on some fields for LoadBalancing (TT-881) by @pvormste in #6837
[TT-2539] Refactor hash and token apis under internal/crypto, leave aliases by @titpetric in #6838
[TT-12440] Clean up gojsonschema import surface, phase out internal fork by @titpetric in #6836
[TT-2539] Transaction logs by @LLe27 in #6841
[TT-13939] Embed memorycache, drop leakybucket import by @titpetric in #6843
[TT-13657]: Add protocol and port to oas by @kofoworola in #6846
[TT-881] fix issue where upstream targets have been duplicated by @pvormste in #6847
TT-2539 - renamed access log fields by @LLe27 in #6849
[TT-13820] Fix code whitespace style consistency by @titpetric in #6844
[TT-11909]: fix oas bug on session lifetime and add respect expiry by @kofoworola in #6842
[TT-12884] add batch requests support to OAS by @pvormste in #6853
[TT-14010] Linter reconfig for golangci-lint by @titpetric in #6854
[TT-7249] Flaky TestJWTSessionExpiresAtValidationConfigs by @titpetric in #6856
[TT-13910]: Removed disable expire analytics and added customRetentionPeriod OAS by @kofoworola in #6848
[TT-12638] Added PreserveHostHeader to OAS functionality by @andrei-tyk in #6859
TT-13890: request debug endpoint by @lghiur in #6862
[TT-11913] Implement OAS contract for analytics plugin by @kofoworola in #6861
[TT-11908] add request signing to OAS upstream authentication by @pvormste in #6850
[TT-13998] make url of X-Tyk-Upstream optional when loadBalancing is present by @pvormste in #6860
[TT-13629]: OAS upstream SSL configuration by @kofoworola in #6840
[DX-1780]Generate test for tyk gateway swagger by @yurisasuke in #6827
[TT-12957] OAS Uptime Tests migrations by @titpetric in #6852
TT-12965: Improve performance of ctx.GetOASDefinition/GetDefinition by @titpetric in #6855
[TT-13477] upstream oauth event handling by @andrei-tyk in #6867
TT-14070: [Testing/Concurrency] Test gateway lifecycle, enable start/stop parallelism by @titpetric in #6677
TT-14085: Remove the pmylund/go-cache dependency by @titpetric in #6871
[TT-13659] add support for custom event handlers in OAS definitions by @pvormste in #6870
[TT-13657]: modified json schema for protocol by @kofoworola in #6878
TT-14089 load apis from emergency mode, wait for connection considers emergency mode by @sredxny in #6873
[TT-13440] correctly sync multi-value response headers with coprocess middleware by @edsonmichaque in #6883
TT-14059: Add migration test fixtures by @titpetric in #6879
TT-14132: Update sonarcloud sonarqube scan by @titpetric in #6888
[TT-14100] fix requireSession in OAS for custom auth plugins by @pvormste in #6893
TT-14110, TT-14112, TT-14103: Implement ignoreCase, preserveTrailingSlash, remove multipleOf by @titpetric in #6889
TT-14154: [test only] fix golangci-lint base branch for merges by @titpetric in #6896
[TT-13836] Key Rotation for MDCB Data Planes by @mativm02 in #6868
[TT-14084] External OAuth is migrated as Keyless by @buraksezer in #6895
[TT-14178] Temporarily revert strict oas schema usage by @jeffy-mathew in #6900
[TT-14111] add support for rate limit and quota flags in OAS by @pvormste in #6899
[TT-13660] add support for log event handler to OAS definitions by @pvormste in #6880
[TT-13936] Improve RPC connection handling for user key reset events by @mativm02 in #6904
TT-14192: Consistent use of imported package for gojsonschema, lint by @titpetric in #6902
TT-14110: Cover migration of ignoreCase for classic by @titpetric in #6906
TT-7306: Migrate Mock Response from Classic API Definition to OAS API Definition by @edsonmichaque in #6894
[TT-8876], set "policies.allow_explicity_policy_id " to true by default by @andrei-tyk in #6905
[TT-14200] add support to disable log event handlers and custom event handlers by @pvormste in #6907
TT-14059: Extend service discovery tests and fixtures by @titpetric in #6909
TT-14183: Fix uptimetests migrations, add fixtures, enabled flag by @titpetric in #6908
TT-14221: Refactor for clean usage of httputil by @titpetric in #6911
[TT-7306] [fix] Migrate Mock Response from Classic API Definition to OAS API Definition by @edsonmichaque in #6914
[TT-14169] Review and address CVEs by @buraksezer in #6917
[TT-14170] Config and swagger description updates by @lghiur in #6919
[TT-14214]: added milisecond duration to readable duration by @kofoworola in #6916
[TT-14169] Upgrade github.com/go-jose/go-jose/v3 by @buraksezer in #6925
[TT-12957] fix some issues with uptime_tests migrations to OAS by @pvormste in #6924
TT-14170 Update missing Tyk OAS API go doc on fields by @lghiur in #6926
TT-14163 when start the rpc set as default in emergency mode by @sredxny in #6910
[TT-7306] Ensure ignoreAuthentication is only enabled in migration scenario by @edsonmichaque in #6923
[SYSE-401 master] Model builds as a concept by @konrad-sol in #6728
TT-14170 adjusted godoc for gw config by @lghiur in #6938
[TT-12957] fixed issue when migrating from classic to oas that was leaving a broken url by @andrei-tyk in #6947
[TT-7306] Revert allow list to migrated mock response by @edsonmichaque in #6946
[TT-14102] fix api level and endpoint level cache migration by @edsonmichaque in #6931
[TT-12957] oas uptime testing migration fails on timeout field by @andrei-tyk in #6956
[TT-14276] Gateway panics if Uptime Tests are disabled in config but enabled in API definition by @buraksezer in #6960
[TT-14244] Bump go, set godebug for compatibility by @andrei-tyk in #6963
CI fix for linter failing when PR target branch is not master by @andrei-tyk in #6964
Tt 14350 fix gateway linter using wrong branch causing ci to mailfunction on release p rs by @andrei-tyk in #6965
[TT-7815] ensure path params are migrated to OAS by @edsonmichaque in #6966
[TT-14413] Check for existing params before generating new ones by @edsonmichaque in #6973
[TT-12343] Use API endpoint hard timeouts over global timeout setting by @mativm02 in #6976
TT-14452, fixed CVEs for v5.8 by @andrei-tyk in #6978
[TT-14357]: fixed issue with stale context in UDG by @kofoworola in #6977
[TT-13365] Create json schema script for Bento config validation by @buraksezer in #6690
[TT-12442] necessary changes for new licensing logic by @andrei-tyk in #6984
[TT-12442] changes required in gateway for new licensing to work by @andrei-tyk in #6985
[TT-12442] Force gw reload after registration to have synced polciies and apis by @andrei-tyk in #6988
[TT-14518] Exclude swagger.yml from sonarcloud analysis by @lghiur in #6991
Create force-merge.yaml by @buger in #6993
Update README.md by @buger in #6994
[TT-13277] Improve API listen path sorting to prioritize static segments over parameters by @edsonmichaque in #6987
[TT-12343] Improve Timeout Test Coverage and Consistency in TestTimeoutPrioritization by @edsonmichaque in #6992
[DX-1906]add images to the source swagger by @yurisasuke in #6957
[TT-14149] Added more details to the ssl_certificate config by @letzya in #3726
TT-14365: internal/policy: add restricted_types behaviour test by @titpetric in #6972
[TT-1428]: added bloblang to test for json schema by @kofoworola in #7003
[SYSE-372 master] Implement custom rules for enterprise artifacts in package promotion by @alephnull in #7005
[TT-14300] Add support for AMQP 0.9 and 1.0 by @buraksezer in #7004
[ TT-14298]: Added support for bloblang by @kofoworola in #7009
[TT-14431]: add mqtt to json schema by @kofoworola in #7010
[TT-14300] Simple AMQP load generator tool for amqp_1 and amqp_0_9 by @buraksezer in #7012
[TT-14435]: add mqtt test cases by @kofoworola in #7021
[TT-14365]Test/apply policies restricted types fix by @andrei-tyk in #7020
[TT-14596] Investigate flaky amqp integration tests by @buraksezer in #7019
[TT-14446] Add an integration test for Input (http_server) → Output(amqp_1) scenario by @buraksezer in #7026
TT-14590 kinopenapi CVE fix - Use internal fork of kinopen-api and import update gql translator by @lghiur in #7024
[TT-14666], fix for panic on gateway side when upgrading old oas file by @andrei-tyk in #7034
[TT-14794] fix issue where an invalid stream path results in 500 by @pvormste in #7047
[TT-14666] gw panics after updating from 5 0 with oas api by @andrei-tyk in #7046
[TT-14253] Unload Streams Properly by @buraksezer in #7033
[ TT-14504] Tyk OAS API definition is not available to Response Plugin if no Request Plugin loaded by @shults in #7053
[TT-14829] Added External OAuth Deprecated mark in godoc by @lghiur in #7050
[TT-14252] Add customValidationRule interface to generate_bento_config_schema script by @buraksezer in #7057
[TT-13779] POST form parameters are not logged for Tyk OAS APIs by @MaciekMis in #7054
[TT-13924]: updated go mod for kafka datasource by @kofoworola in #7058
[TT-14868] Request Body Not Recorded When Transfer-Encoding: chunked by @MaciekMis in #7061
TT-8176: implement authorisation using multiple JWK URIs by @olamilekan000 in #7060
Tyk OAS API definition is not available to Response Plugin if no Request Plugin loaded by @shults in #7064
[TT-11387] Unhelpful error messages in UI when creating APIs via OpenAPI import by @MaciekMis in #7067
[TT-14731] Add a flag to enable all bento inputs/outputs by @buraksezer in #7065
[TT-14470] update bento to v1.7.1 that includes SSE browser fix by @pvormste in #7072
[TT-10496] GRPC plugins do not work with service names by @andrei-tyk in #7052
TT-8176: use centeral JWT centralised process method for JWKs by @olamilekan000 in #7071
[TT-11387] Unhelpful error messages in UI when creating APIs via OpenAPI import by @MaciekMis in #7080
Disabled/empty uptime test fields migrated to Tyk OAS by @shults in #7069
[TT-11975] Lack of clear error message during failed import when API definition is not valid by @MaciekMis in #7077
[TT-14879] Tyk Dashboard should use /api/apis/streams endpoints to create and import Tyk Stream APIs by @buraksezer in #7088
[TT-9234] graceful shutdown of gateway by @andrei-tyk in #7076
[TT-14582]: Update go mod to fix issue with sending arguments from interface fields in gql by @kofoworola in #7082
TT-14948: fix caching issue with JWKs-URIs by @olamilekan000 in #7079
[TT-12308] Query parameters not respected by OAS import endpoint by @MaciekMis in #7087
[TT-14731] Add a flag to enable all bento inputs/outputs by @buraksezer in #7092
[TT-14863] Replace github.com/TykTechnologies/kin-openapi with github.com/getkin/kin-openapi by @edsonmichaque in #7041
[TT-14621]corrected prefix for certificates by @andrei-tyk in #7094
[TT-11335] OAS URL rewrite schema update by @MaciekMis in #7099
TT-8317 Add KeyID to Protobuf by @nerdydread in #6488
[Debugger MVP] Some middleware doesn't work for OAS debugger by @shults in #7093
[TT-15043] Exclude generated files from Sonarqube analysis by @edsonmichaque in #7103
[TT-13740]: update mod and updated apidef by @kofoworola in #7104
[TT-14731] Add a flag to enable all bento inputs/outputs by @buraksezer in #7116
[TT-10496] gRPC plugins do not terminate gracefully and cannot be load balanced by @andrei-tyk in #7111
[TT-15065] Mock response stops working after kin-openapi upgrade by @shults in #7120
[TT-14299] add mqtt and websocket load generator for streams testing by @pvormste in #7126
[TT-14857] Updating dependencies to fix CVEs by @mativm02 in #7119
[TT-9234] graceful shutdown of gateway improvments and bug fix for mdcb scenario by @andrei-tyk in #7117
TT-15095: ensure jwks URI field works only for OAS API by @olamilekan000 in #7129
[TT-7932] Errors migrating some versioned APIs to OAS by @MaciekMis in #7101
[TT-14914] No response middleware information in Tyk OAS API Debugger by @shults in #7113
[QA-1608 master] Github template update by @konrad-sol in #7108
[TT-14839] Update version on swagger yml by @lghiur in #7141
[TT-8963] Unable to loop mocked endpoint by @shults in #7105
[TT-14838] Addressed gw documentation reviews by @lghiur in #7157
[TT-14914] No response middleware information in Tyk OAS API Debugger by @shults in #7158
[TT-15059][TT-11285] MDCB DNS critical fix and policy sync cherrypick by @andrei-tyk in #7167
[TT-14990] Update GetCiphers to restore support for legacy TLS cipher suites by @edsonmichaque in #7173
5.8.3 docs review by @lghiur in #7188
[TT-9234] fixes for graceful shutdown regression bugs by @andrei-tyk in #7163
[TT-15111] connectivity reviewer by @lghiur in #7186
[TT-9234] regression fixes with incorrect behaviour by @andrei-tyk in #7202
[TT-9234] regression fixes by @andrei-tyk in #7207
[TT-15111] probe AI PR reviewers by @lghiur in #7209
[TT-9234][TT-15257] regression fixes for failing mdcb readiness check by @andrei-tyk in #7215
TT-14838 Addressed comments on GW docs improvements by @lghiur in #7225
[TT-15216] Optimised the probe review prompts to stick to important messages by @lghiur in #7222
[TT-15216] Fix GH action lint issues by @lghiur in #7232
[TT-15251] GW prints body decompression error when when you enable analytics by @buraksezer in #7230
[TT-10273] CORS check should be performed after API Version check by @MaciekMis in #7179
[TT-14914] No response middleware information in Tyk OAS API Debugger by @shults in #7208
[TT-14254] The logs produced by the gateway about streams APIs should be in the same format as the other gateway logs by @buraksezer in #7245
[TT-15321]: added documentation to dev docs for OAS only feature and added helper method by @kofoworola in #7246
[TT-11244] Custom domain regex causing problems with servers by @shults in #7233
[TT-7523] [OAS Versioning] Gateway CE allows to create version without new_version_name by @MaciekMis in #7244
[TT-14370] [OAS] ReadableDuration converts some values to decimals causing a schema problem by @shults in #7256
[TT-15019] Update Gateway and Plugin Compiler to Go 1.24 by @buraksezer in #7265
[TT-15505] Remove negate field as mandatory from the OAS API schema by @lghiur in #7284
[TT-15359]: Added extra jwt validation by @kofoworola in #7269
[TT-5588] [OAS] gateway apiKey import generates unnecessary object by @MaciekMis in #7270
[TT-7524] [OAS] Gateway CE behaves differently from Dashboard for middleware and PATCH by @MaciekMis in #7261
[TT-15507] Revert changes to the "/hello" health check endpoint by @mativm02 in #7295
[TT-15359]improve backwards compatibility of Jwt claim validation by @kofoworola in #7294
Revert "[TT-5588] [OAS] gateway apiKey import generates unnecessary object" by @radkrawczyk in #7299
[TT-14564] Fix: Add mutual TLS support for dedicated rate limiter Redis connection by @buger in #7301
[TT-15398] added basic configuration for ExternalServiceConfig by @andrei-tyk in #7272
Custom domain regex causing problems with servers (bugfix) by @shults in #7310
[TT-5588] [OAS] gateway apiKey import generates unnecessary object by @MaciekMis in #7303
[TT-7524] [OAS] Gateway CE behaves differently from Dashboard for middleware and PATCH by @MaciekMis in #7305
[TT-15568] fix flaky sort logic by @pvormste in #7316
[TT-15190] feat: Gateway Resilience Enhancement - Intelligent Auto-Recovery for Nonce Desynchronization by @buger in #7267
Body transform middleware not applied when URL rewrite pattern contains regex by @shults in #7302
The debugger reports error traces on the endpoint where the 'Response Body Transform' middleware is used. by @shults in #7321
Custom domain regex causing problems with servers by @shults in #7322
[TT-15359]: updated documentation for core claims update by @kofoworola in #7333
Deleting an API with the 'Uptime test' feature enabled crashes the Gateway by @shults in #7320
[TT-15360]: Custom Claims Validation Framework by @kofoworola in #7318
[TT-14369] ReadableDuration does not handle time values that "mix" subsecond units - extending tests duration_test.go by @radkrawczyk in #7293
[OAS] gateway apiKey import generates unnecessary object by @MaciekMis in #7328
[TT-15379][TT-15383] introduce certificate expiry checks and events by @pvormste in #7332
[TT-2378] Implementing OAS OR auth logic by @mativm02 in #7306
Body transform middleware not applied when URL rewrite pattern contains regex by @shults in #7330
[TT-14665]: Update OAS spec to allow empty versions by @kofoworola in #7340
[TT-15399] feat: Gateway Resilience Enhancement - Service Integration for External Service Config (Phase 2) by @andrei-tyk in #7325
[TT-15380] Enhance JWKS caching by @buraksezer in #7339
[TT-15684]: Add normalize step to OAS api by @kofoworola in #7344
[TT-15399] minimal godocs update on external services config by @andrei-tyk in #7346
[TT-15662] Review and address GW & Dash CVEs by @buraksezer in #7347
[TT-15379] fix shared cooldowns for event handlers and use global cooldown cache by @pvormste in #7348
[TT-15399] fix for fallback behaviour when configs are not set by @andrei-tyk in #7350
Request Body Transform MW and Header Transform MW are not sufficiently logged in the debugger by @shults in #7338
[TT-11960] Incorrect handling of unexpected query parameters by @MaciekMis in #7345
[TT-15747] OAS versioning identifier key is conditionally required based on the location by @lghiur in #7358
[TT-15671] Add securityProcessingMode field to support legacy/compliant auth processing by @mativm02 in #7349
Replace probe workflows with visor by @buger in #7364
Add security_requirements field to schema and refactor JWT and Basic Auth handling by @mativm02 in #7363
[TT-15742] Fix certificate expiry handling for recently expired certificates by @edsonmichaque in #7365
[TT-15852] fix days as integer for expiry events by @pvormste in #7371
[TT-15798] fix schema for jtiValidation by @pvormste in #7375
[TT-15718] Upgrade graphql-go-tools dependency to fix CVE-2025-54388 by @buraksezer in #7377
[TT-15868] Fixing panic when using JWT as a second authentication method in compliant mode by @mativm02 in #7384
[TT-15719] GW docs 5.10 review by @lghiur in #7385
[TT-15869] cooldown defaults not working and minor datetime format adjustments by @pvormste in #7386
[TT-15860] Missing httpclient for upstream oauth by @andrei-tyk in #7381
[TT-15863] fix random version picking for not versioned API by @pvormste in #7380
[TT-15860] initial fix for tls log by @andrei-tyk in #7395
[TT-15901] Adding AND support for auth method groups by @mativm02 in #7399
[Regression]Mock response requests produce a warning level message "session not found. sending inappropriate rate-limit headers" by @shults in #7403
[TT-15891] made jwkruris cache_timeout ReadableDuration by @andrei-tyk in #7406
[TT-15904] Remove redundant task lint from CI test step by @jeffy-mathew in #7401
[TT-15904] revert golangcilint return exit code 0 to run ci tests on push to master by @jeffy-mathew in #7413
[TT-15901] Enhance AuthORWrapper to support authentication methods without SecuritySchemes by @mativm02 in #7411
[DX-2102] Bug Fixes and Improvements in Tyk OAS by @sharadregoti in #7419
[TT-11125] Add trace id request header by @lghiur in #7402
[TT-15956] Proprietary auth methods are auto populated to OAS Security when changing to compliant mode by @mativm02 in #7425
Refactor error messages in OAS security validation for consistency by @mativm02 in #7440
[TT-15953] fix: Make EnforceOrgDataAge respect EnforceOrgQuotas configuration by @buger in #7434
[TT-15830, TT-7735] Plugin loading failure error is ignored for certain types of plugins by @MaciekMis in #7391
[TT-15839] Adding bundle validation by @imogenkraak in #7422
[TT-15141] Toggling default policy from inactive to active does not activate JWT in some cases by @MaciekMis in #7431
[TT-15141] Toggling default policy from inactive to active does not activate JWT in some cases - revert session save by @MaciekMis in #7449
[TT-14814] fix bundle loading issue by @pvormste in #7436
[TT-15415] Added response body size validation by @imogenkraak in #7430
TT-15867 - rollout new Jira linter by @bsten-tyk in #7439
[TT-15734] Handle big.Int JSON marshaling errors in logrus formatter by @lghiur in #7465
TT-15781: add aggregator job to ci-test.yml by @sredxny in #7458
Update docs for Gateway changes by @jay-deshmukh in #7475
[TT-15955] Inefficient DNS change detection causes unnecessary RPC retries and request blocking by @mativm02 in #7473
[TT-16002] fixed context propagation in grpc calls by @andrei-tyk in #7481
[TT-14871] Expose Gateway-Only Latency in Tyk Metrics by @andrei-tyk in #7464
[TT-14871] fixed go.mod not having latest available pump commit by @andrei-tyk in #7488
[TT-15201] Sometimes the data plane gateway returns 404 page not found by @buraksezer in #7487
[TT-16055] upgrade golangcilint to v2.5.0 by @jeffy-mathew in #7491
[TT-16055] remove redundant codegen:smart by @jeffy-mathew in #7495
[TT-16032] Add DNS monitoring feature for worker gateway by @mativm02 in https://github.com/TykTechnologies/tyk/pull/7485
[TT-15967] add alias packages by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/7463
[TT-15595, fixed the gateway API not accepting 0 weight and not being … by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7498
[TT-14871] fix in-gateway time measurement being measured wrong by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7500
[TT-15606] fix certificate chain mTLS handshake by @pvormste in https://github.com/TykTechnologies/tyk/pull/7505
TT-15793 added workflow to Suggest target branches by @sredxny in https://github.com/TykTechnologies/tyk/pull/7511
[TT-15473] Generate proper OAS server URLs by @lghiur in https://github.com/TykTechnologies/tyk/pull/7509
[TT-15595] temporarily remove upstream target from load balancing by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7524
[TT-14359] fix nested scopes for identity base field by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7522
[TT-16109] Export GenerateTykServers so it can be used by Dashboard API by @lghiur in https://github.com/TykTechnologies/tyk/pull/7532
[TT-6613] JWT authentication should not require a base policy if scope-to-policy mapping is used by @mativm02 in https://github.com/TykTechnologies/tyk/pull/7504
[TT-15426]fixed go.mod not having latest graphql-go-tools version by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7534
[TT-15354]: Improve logging in JWT Middleware by @imogenkraak in https://github.com/TykTechnologies/tyk/pull/7528
[TT-15825] [BE] Address inconsistencies with use of Policy identifiers by @shults in https://github.com/TykTechnologies/tyk/pull/7424
TT-14891 - adds client ip from XFF by depth by @sedkis in https://github.com/TykTechnologies/tyk/pull/7063
[TT-15100][TT-15091] adjusted swagger enum and tyk vendor extension schema name by @lghiur in https://github.com/TykTechnologies/tyk/pull/7535
when worker node is on emergency node, do not panic when using a new jwt token by @sredxny in https://github.com/TykTechnologies/tyk/pull/5534
[TT-15683] Add JWKS cache flush to the Dashboard API and MDCB by @buraksezer in https://github.com/TykTechnologies/tyk/pull/7523
[TT-16119][TT-15473] Fix URL generation bugs by @lghiur in https://github.com/TykTechnologies/tyk/pull/7541
[TT-16142] fix CVEs for v5.10.1 by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7543
[TT-15966] Update storage library to v1.3.0 by @mativm02 in https://github.com/TykTechnologies/tyk/pull/7539
Gromit sync with tyk repo TT-16131 by @Razeen-Abdal-Rahman in https://github.com/TykTechnologies/tyk/pull/7542
[TT-16121] Generate relative server urls for APIs with no matching tags by @lghiur in https://github.com/TykTechnologies/tyk/pull/7544
[TT-15942]: Integrate Sentinel One CNS scanner workflow by @asutosh in https://github.com/TykTechnologies/tyk/pull/7529
[TT-16121] Always generate relative paths except when custom domains are configured by @lghiur in https://github.com/TykTechnologies/tyk/pull/7553
[TT-15954]: Make org session fetch non-blocking by @imogenkraak in https://github.com/TykTechnologies/tyk/pull/7531
[TT-16109][TT-16149] Fix fallback URLs and disabled domain handling after relative path changes by @lghiur in https://github.com/TykTechnologies/tyk/pull/7557
[TT-15683] Add NoticeInvalidateJWKSCacheForAPI event processing logic… by @buraksezer in https://github.com/TykTechnologies/tyk/pull/7562
[TT-16172] Fixes bug where OAS server URLs endpoint returned "self" instead of actual version name in headers/query parameters. by @lghiur in https://github.com/TykTechnologies/tyk/pull/7561
[TT-16176] respect gateway tags disabled state in server URL generation by @lghiur in https://github.com/TykTechnologies/tyk/pull/7560
TT-15780 Auto generated from templates by gromit by @sredxny in https://github.com/TykTechnologies/tyk/pull/7554
[TT-12827] A gateway using a redis rate limiter panics if any Gateway sharing the same Redis is using the DRL by @MaciekMis in https://github.com/TykTechnologies/tyk/pull/7558
[TT-16176] Generate relative patsh when tags are disabled or 0 by @lghiur in https://github.com/TykTechnologies/tyk/pull/7564
[TT-15971] Add cross-repo dashboard build workflow for API tests by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/7563
FIPS Docker Images for LTS releases only TT-16023 by @Razeen-Abdal-Rahman in https://github.com/TykTechnologies/tyk/pull/7571
[TT-16013]Fix/oas security scheme race condition 7573 by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7579
Merging to release-5.11: [TT-16188] Update info.version (#7598) by @probelabs[bot] in https://github.com/TykTechnologies/tyk/pull/7601
Merging to release-5.11: [DX-2045] docs: clarify TYK_GW_MAXIDLECONNSPERHOST default value and recommendation (#7604) by @probelabs[bot] in https://github.com/TykTechnologies/tyk/pull/7610
Merging to release-5.11: [DX-2128] docs: clarify TYK_GW_USEREDISLOG requires shared Redis instance (#7607) by @probelabs[bot] in https://github.com/TykTechnologies/tyk/pull/7614
Merging to release-5.11: Fix Docs (#7624) by @probelabs[bot] in https://github.com/TykTechnologies/tyk/pull/7627
Merging to release-5.11: [TT-16285] Auto generated from templates by gromit (#7630) by @probelabs[bot] in https://github.com/TykTechnologies/tyk/pull/7634
Merging to release-5.11: TT-16290 rename the ci aggregator (#7635) by @probelabs[bot] in https://github.com/TykTechnologies/tyk/pull/7640
Merging to release-5.11: [TT-16296] fixed keys being set automatically as active (#7642) by @probelabs[bot] in https://github.com/TykTechnologies/tyk/pull/7648
Merging to release-5.11: Remove mercurial from plugin compiler Dockerfile (#7670) by @probelabs[bot] in https://github.com/TykTechnologies/tyk/pull/7674
Merging to release-5.11: [TT-16468] Using a JWKS URL causes memory leak in gateway 5.11 (#7703) by @probelabs[bot] in https://github.com/TykTechnologies/tyk/pull/7707

New Contributors

@padiazg made their first contribution in #6229
@LLe27 made their first contribution in #6344
@olamilekan000 made their first contribution in #7060
@nerdydread made their first contribution in #6488

Full Changelog: v5.3.0-rc2...v5.11.1-alpha2