TykTechnologies/tyk v5.3.2 on GitHub

Tyk Gateway 5.3.2

Enhanced error handling in webhook event template rendering to ensure proper logging and skipping of the event when errors occur, preventing invalid data from being sent.
tyk.api.apikey and tyk.api.oauthid attributes were exposing API keys when OTEL was enabled. Now, the value of this attribute is the hashed key instead.
Addressed a potential issue when working with Tyk OAS APIs where request context variables are automatically made available to relevant Tyk and custom middleware. We have introduced a control in the Tyk OAS API definition to disable this access if required.
Addressed an issue where an API with a custom domain might not be invoked if another API with the same listen path but no custom domain was also deployed on the Gateway. Now APIs with custom domain names are loaded first, so requests will be checked against these first before falling back to APIs without custom domains.
Fixed an issue with nested field mapping in UDG when used with GraphQL (GQL) operations for a field’s data source. Previously, querying only the mentioned field resulted in an error, but querying alongside another ’normal’ field from the same level worked without issue.
Addressed an issue in service discovery where an IP:port returned by Consul wasn't parsed correctly on the Gateway side, leading to errors when proxying requests to the service. The issue primarily occurred with IP:port responses, while valid domain names were unaffected.

Resolved oppressive language in Tyk's Dashboard UI, ensuring inclusive and clear wording.
In this version we have submitted a modification to our default OPA rules as we identified a scenario in which admins different from the initial bootstrapped one were allowed to modify the passwords of other admins hence enabling “rogue admin” behaviour. Tyk Dashboard clients using OPA rules are advised to apply the new change to their existing OPA ruleset to benefit from this piece of work. For any help/clarification please get in touch with your assigned Tyk representative.
There was an issue with GQL schema editor for Data Graphs, where users were not able to use the "Import Schema" button. The issue is now fixed and it is possible to import files containing GQL schemas into the Dashboard.
Addressed a potential issue when working with Tyk OAS APIs where request context variables are automatically made available to relevant Tyk and custom middleware. We have introduced a control in the Tyk OAS API definition to disable this access if required.
Fixed issue in api/usage endpoint where Dashboard+Postgres returned unfiltered results with one valid tag and required duplicating the same parameter as a workaround for multiple tags, now correctly filtering results as expected.
Fixed an issue where API Templates were not correctly assigned to Tyk Organisations allowing the potential for accidental sharing of secret data between Organisations through use of the incorrect template.