Releases: TykTechnologies/tyk
Releases · TykTechnologies/tyk
Tyk Gateway 5.0.12 and Tyk Dashboard 5.0.12
Tyk Gateway 5.0.12
Fixed
- Fixed a bug where Tyk failed to properly reject custom plugin bundles with signature verification failures, allowing APIs to load without necessary plugins, potentially exposing upstream services. With the fix, if the plugin bundle fails to load (for example, due to failed signature verification) the API will not be loaded and an error will be logged in the Gateway.
- Fixed a panic scenario that occurred when a custom JavaScript plugin that requests access to the session metadata (
require_session:true) is assigned to the same endpoint as the Ignore Authentication middleware. While the custom plugin expects access to a valid session, the configuration flag doesn't guarantee its presence, only that it's passed if available. As such, the custom plugin should be coded to verify that the session metadata is present before attempting to use it. - Fixed a bug where the Gateway could crash when using custom Python plugins that access the Redis storage. The Tyk Python API methods
store_dataandget_datacould fail due to connection issues with the Redis. With this fix, the Redis connection will be created if required, avoiding the crash. - Fixed a bug where in some instances users were noticing gateway panics when using the "Persist GQL" middleware without arguments defined. This issue has been fixed and the gateway will not throw panics in these cases anymore.
- Fixed a bug where in some cases
detailed_tracingwas set tofalseand the client was sending a malformed request to a GraphQL API, the traces were missing GraphQL attributes (operation name, type and document). This has been corrected and debugging GraphQL with OTel will be easier for users. - Fixed a bug where GQL Open Telemetry semantic conventions attribute names were missing
graphqlprefix and therefore were not in line with the community standard. This has been fixed and all attributes have the correct prefix. - Fixed two bugs in the handling of usage quotas by the URL rewrite middleware when it was configured to rewrite to itself (e.g. to
tyk://self). Quota limits were not observed and the quota related response headers always contained0. - Fixed a bug where in distributed deployments where the MDCB data plane gateway counter was inaccurately incremented when a Gateway was stopped and restarted.
- Addressed a bug where clearing the API cache from the Tyk Dashboard failed to invalidate the cache in distributed data plane (MDCB) gateways.
- Fixed a bug introduced in 5.3.0 which prevented custom Go plugins compiled in RHEL8 environments from loading into Tyk Gateway. An automation issue had caused the build environments for the Gateway and Plugin Compiler to use different base images. This fix restores the plugin functionality on RHEL8 environments, by fixing the plugin compiler base image to match the gateway build environment: Go 1.21 and Debian Bullseye.
- Removed several unused packages from the plugin compiler image. The packages include: docker, buildkit, ruc, sqlite, curl, wget, and other build tooling. The removal was done in order to address invalid CVE reporting, none of the removed dependencies are used to provide plugin compiler functionality.
Tyk Dashboard 5.0.12
Fixed
- Improved the behaviour of the Dashboard when searching for users to avoid transmitting sensitive information (user email addresses) in the request query parameters. Deprecated the
GETmethod for the/api/users/searchendpoint in favour of aPOSTmethod with the same logic but with parameters supplied in the request body. - As Tyk Dashboard and Tyk Classic Portal do not accept cross origin requests we have removed the
Access-Control-Allow-Credentialsheader from Dashboard API responses to prevent any potential misuse of the header by attackers. This allows simplification of the web application’s security configuration. - Implemented a randomised delay to obscure login response times, mitigating brute force attacks that rely on response time analysis.
- Fixed a bug where a user was still able to log into an Organisation on the Tyk Dashboard after that Organisation had been deleted. Now, when an Organisation is deleted, it will not be offered as an option when logging in.
- Fixed an issue where access keys could accidentally also be printed to the Dashboard’s stdout when a call was made to /api/keys to retrieve the keys. This has now been suppressed.
- The Endpoint Designer did not correctly display a GraphQL policy’s allow or block list if a wildcard character () was used in the list’s definition. This has been fixed and now, if the wildcard () is present in the allow/block list definition, the UI correctly displays the list of allowed/blocked fields.
- Fixed an issue that was preventing the OPA editor from being visible using the keyboard shortcut when using Microsoft Windows.
- Fixed an issue where common keyboard shortcuts (Cmd + X, A, C, V) were not working correctly when configuring the URL field for a UDG data source.
- Fixed an issue in the Tyk OAS API Designer where there was no input validation of the OAuth Introspection URL. The Gateway reported an HTTP 400 error when attempting to save an API with an illegal value, however the API Designer did not guide the user to the source of the error. Now there is automatic validation of the text entered in the Introspection URL field.
- Fixed an issue with the text editor in the Tyk OAS API Designer where the cursor was misaligned with where characters would be entered. We have replaced the text editor module throughout the Tyk Dashboard to use a more modern, supported library.
- The ‘Top 5 Errors by Graph’ bar chart in the Activity by Graph dashboard experienced display issues with long graph names and sometimes showed empty bars. This has been resolved, and the chart now displays accurately.
- Fixed a bug where some Tyk Dashboard analytics screens stopped working when the analytics aggregates collection grew too large.
- In Tyk 5.0.7/5.2.2 we fixed an issue in the policy-API link deletion code. This introduced an unintended side-effect for users of DocumentDB such that they were unable to delete APIs from the persistent storage. We identified that this was due to the use of the
$exproperator in the solution - and discovered that this is supported by MongoDB but not by DocumentDB. We have now reimplemented the fix and removed the limitation introduced for DocumentDB users. - Fixed an issue when using MongoDB and Tyk Security Policies where Tyk could incorrectly grant access to an API after that API had been deleted from the associated policy. This introduced an unintended side-effect for users of DocumentDB such that they were unable to delete APIs from the persistent storage. We identified that this was due to the use of the $expr operator in the solution - and discovered that this is supported by MongoDB but not by DocumentDB. We have now reimplemented the fix and removed the limitation introduced for DocumentDB users.
- Addressed a bug where clearing the API cache from the Tyk Dashboard failed to invalidate the cache in distributed data plane gateways.
Tyk Gateway 5.3.1 and Tyk Dashboard 5.3.1
Tyk Gateway 5.3.1
Fixed
- Fixed a bug where Tyk failed to properly reject custom plugin bundles with signature verification failures, allowing APIs to load without necessary plugins, potentially exposing upstream services. With the fix, if the plugin bundle fails to load (for example, due to failed signature verification) the API will not be loaded and an error will be logged in the Gateway.
- Fixed a panic scenario that occurred when a custom JavaScript plugin that requests access to the session metadata (
require_session:true) is assigned to the same endpoint as the Ignore Authentication middleware. While the custom plugin expects access to a valid session, the configuration flag doesn't guarantee its presence, only that it's passed if available. As such, the custom plugin should be coded to verify that the session metadata is present before attempting to use it. - Fixed a bug where the Gateway could crash when using custom Python plugins that access the Redis storage. The Tyk Python API methods
store_dataandget_datacould fail due to connection issues with the Redis. With this fix, the Redis connection will be created if required, avoiding the crash. - Fixed a bug where in some instances users were noticing gateway panics when using the "Persist GQL" middleware without arguments defined. This issue has been fixed and the gateway will not throw panics in these cases anymore.
- Fixed a bug where in some cases
detailed_tracingwas set tofalseand the client was sending a malformed request to a GraphQL API, the traces were missing GraphQL attributes (operation name, type and document). This has been corrected and debugging GraphQL with OTel will be easier for users. - Fixed a bug where GQL Open Telemetry semantic conventions attribute names were missing
graphqlprefix and therefore were not in line with the community standard. This has been fixed and all attributes have the correct prefix. - Fixed two bugs in the handling of usage quotas by the URL rewrite middleware when it was configured to rewrite to itself (e.g. to
tyk://self). Quota limits were not observed and the quota related response headers always contained0. - Fixed a bug where in distributed deployments where the MDCB data plane gateway counter was inaccurately incremented when a Gateway was stopped and restarted.
- Addressed a bug where clearing the API cache from the Tyk Dashboard failed to invalidate the cache in distributed data plane (MDCB) gateways.
- Fixed a bug introduced in 5.3.0 which prevented custom Go plugins compiled in RHEL8 environments from loading into Tyk Gateway. An automation issue had caused the build environments for the Gateway and Plugin Compiler to use different base images. This fix restores the plugin functionality on RHEL8 environments, by fixing the plugin compiler base image to match the gateway build environment: Go 1.21 and Debian Bullseye.
- Removed several unused packages from the plugin compiler image. The packages include: docker, buildkit, ruc, sqlite, curl, wget, and other build tooling. The removal was done in order to address invalid CVE reporting, none of the removed dependencies are used to provide plugin compiler functionality.
Tyk Dashboard 5.3.1
Fixed
- Improved the behaviour of the Dashboard when searching for users to avoid transmitting sensitive information (user email addresses) in the request query parameters. Deprecated the
GETmethod for the/api/users/searchendpoint in favour of aPOSTmethod with the same logic but with parameters supplied in the request body. - As Tyk Dashboard and Tyk Classic Portal do not accept cross origin requests we have removed the
Access-Control-Allow-Credentialsheader from Dashboard API responses to prevent any potential misuse of the header by attackers. This allows simplification of the web application’s security configuration. - Implemented a randomised delay to obscure login response times, mitigating brute force attacks that rely on response time analysis.
- Fixed a bug where a user was still able to log into an Organisation on the Tyk Dashboard after that Organisation had been deleted. Now, when an Organisation is deleted, it will not be offered as an option when logging in.
- Fixed an issue where access keys could accidentally also be printed to the Dashboard’s stdout when a call was made to /api/keys to retrieve the keys. This has now been suppressed.
- The Endpoint Designer did not correctly display a GraphQL policy’s allow or block list if a wildcard character () was used in the list’s definition. This has been fixed and now, if the wildcard () is present in the allow/block list definition, the UI correctly displays the list of allowed/blocked fields.
- Fixed an issue that was preventing the OPA editor from being visible using the keyboard shortcut when using Microsoft Windows.
- Fixed an issue where common keyboard shortcuts (Cmd + X, A, C, V) were not working correctly when configuring the URL field for a UDG data source.
- Fixed an issue in the Tyk OAS API Designer where there was no input validation of the OAuth Introspection URL. The Gateway reported an HTTP 400 error when attempting to save an API with an illegal value, however the API Designer did not guide the user to the source of the error. Now there is automatic validation of the text entered in the Introspection URL field.
- Fixed an issue with the text editor in the Tyk OAS API Designer where the cursor was misaligned with where characters would be entered. We have replaced the text editor module throughout the Tyk Dashboard to use a more modern, supported library.
- The ‘Top 5 Errors by Graph’ bar chart in the Activity by Graph dashboard experienced display issues with long graph names and sometimes showed empty bars. This has been resolved, and the chart now displays accurately.
- Fixed a bug where some Tyk Dashboard analytics screens stopped working when the analytics aggregates collection grew too large.
- In Tyk 5.07/5.22 (delete as appropriate - include link to change log) we fixed an issue in the policy-API link deletion code. This introduced an unintended side-effect for users of DocumentDB such that they were unable to delete APIs from the persistent storage. We identified that this was due to the use of the
$exproperator in the solution - and discovered that this is supported by MongoDB but not by DocumentDB. We have now reimplemented the fix and removed the limitation introduced for DocumentDB users. - In Tyk 5.2.2 we fixed an issue when using MongoDB and Tyk Security Policies where Tyk could incorrectly grant access to an API after that API had been deleted from the associated policy. This introduced an unintended side-effect for users of DocumentDB such that they were unable to delete APIs from the persistent storage. We identified that this was due to the use of the $expr operator in the solution - and discovered that this is supported by MongoDB but not by DocumentDB. We have now reimplemented the fix and removed the limitation introduced for DocumentDB users.
- Addressed a bug where clearing the API cache from the Tyk Dashboard failed to invalidate the cache in distributed data plane gateways.
Tyk Gateway 5.0.11 and Tyk Dashboard 5.0.11
Tyk Gateway 5.0.11
Fixed
- Addressed a memory leak issue in Tyk Gateway linked to a logger mutex change introduced in v5.2.4. Reverting these changes has improved connection management and enhanced system performance.
- Fixed an issue where reloading a bundle containing JS plugins could cause the Gateway to panic.
- An issue was identified where the encoding from the GQL upstream cache was causing readability problems in the response body. Specifically, the upstream GQL cache was utilizing brotli compression and not respecting the Accept-Encoding header. Consequently, larger response bodies became increasingly unreadable for the GQL engine due to compression, leading to usability issues for users accessing affected content. The issue has now been fixed by adding the brotli encoder to the GQL engine.
- We have optimised the allocation behaviour of our sliding window log rate limiter implementation (Redis Rate Limiter). Previously the complete request log would be retrieved from Redis. With this enhancement only the count of the requests in the window is retrieved, optimising the interaction with Redis and decreasing the Gateway memory usage.
- Fixed a performance issue when certain claims are present in the JWT. Tyk uses specific claims (
clientId,cidandclient_id) to identify certain external IDPs and, if the provided claim matches one of these "reserved" values then Tyk will attempt to contact that IDP. We have introduced a new flag that can be configured in the API Definition to skip this mapping:idp_client_id_mapping_disabled(Tyk Classic API Definition) /idpClientIdMappingDisabled(Tyk OAS API Definition). - We fixed a bug in the Tyk OAS Validate Request middleware where we were not correctly validating date-time format schema, which could lead to invalid date-time values reaching the upstream services.
- In this release, we fixed automated token trimming in Redis, ensuring efficient management of OAuth tokens by implementing a new hourly job within the Gateway and providing a manual trigger endpoint.
- Update Tyk OAS API definition json schema to validate the domain name in upstream certificates and public key pinning
Tyk Dashboard 5.0.11
Fixed
- Removed strict validation over description field in mock response when using Tyk OAS, for the response status codes and headers
- Moved all HTML inline scripts to their own script files, to accommodate the Content security policies that have been enabled, to increase security.
- Fixed an issue where applying security policies to large numbers of APIs took a long time. We’ve implemented bulk processing in the validation step at the api/portal/policies/POLICY_ID endpoint, resulting in an 80% reduction in the time taken to apply a policy to 2000 APIs.
- Improved the documentation to explain the usage of PUT /admin/organisations/{ORG_ID}
Tyk Gateway 5.3.0 and Tyk Dashboard 5.3.0
Tyk Gateway v5.2.6 and Tyk Dashboard v5.2.6
Tyk Gateway v5.2.6
Fixed
- Fixed a memory leak happening on high concurrency; improved connection management and enhanced system performance.
Tyk Dashboard v5.2.6
No changes
v5.3.0-rc5: Merging to release-5.3.0: [TT-11405] Updating JSON tags and field nam…
Pre-release
…es for TLS max and min versions (#6078) (#6083)
## **User description**
[TT-11405] Updating JSON tags and field names for TLS max and min
versions (#6078)
## **User description**
<!-- Provide a general summary of your changes in the Title above -->
## Description
Updating JSON tags and field names for TLS max and min versions.
https://tyktech.atlassian.net/browse/TT-11405
<!-- Describe your changes in detail -->
## Related Issue
https://tyktech.slack.com/archives/C02AS4BP5HN/p1709041100516449
<!-- This project only accepts pull requests related to open issues. -->
<!-- If suggesting a new feature or change, please discuss it in an
issue first. -->
<!-- If fixing a bug, there should be an issue describing it with steps
to reproduce. -->
<!-- OSS: Please link to the issue here. Tyk: please create/link the
JIRA ticket. -->
## Motivation and Context
<!-- Why is this change required? What problem does it solve? -->
## How This Has Been Tested
<!-- Please describe in detail how you tested your changes -->
<!-- Include details of your testing environment, and the tests -->
<!-- you ran to see how your change affects other areas of the code,
etc. -->
<!-- This information is helpful for reviewers and QA. -->
## Screenshots (if appropriate)
## Types of changes
<!-- What types of changes does your code introduce? Put an `x` in all
the boxes that apply: -->
- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing
functionality to change)
- [ ] Refactoring or add test (improvements in base code or adds test
coverage to functionality)
## Checklist
<!-- Go over all the following points, and put an `x` in all the boxes
that apply -->
<!-- If there are no documentation updates required, mark the item as
checked. -->
<!-- Raise up any additional concerns not covered by the checklist. -->
- [ ] I ensured that the documentation is up to date
- [ ] I explained why this PR updates go.mod in detail with reasoning
why it's required
- [ ] I would like a code coverage CI quality gate exception and have
explained why
___
## **Type**
enhancement
___
## **Description**
- Updated JSON tags and field names related to TLS version configuration
across multiple files to improve clarity and consistency.
- Renamed `MinVersion` and `MaxVersion` to `TLSMinVersion` and
`TLSMaxVersion` in `HttpServerOptionsConfig` for better readability.
- Adjusted references in the TLS configuration setup in various parts of
the codebase to align with the new field names.
- Ensured TLS version consistency and updated the default TLS max
version to `VersionTLS12` in the gateway server configuration.
___
## **Changes walkthrough**
<table><thead><tr><th></th><th align="left">Relevant
files</th></tr></thead><tbody><tr><td><strong>Enhancement</strong></td><td><table>
<tr>
<td>
<details>
<summary><strong>config.go</strong><dd><code>Update TLS version field
names and JSON tags</code>
</dd></summary>
<hr>
config/config.go
<li>Updated JSON tags for <code>MaxVersion</code> and
<code>MinVersion</code> to <code>tls_max_version</code> and
<br><code>tls_min_version</code> respectively in
<code>StorageOptionsConf</code>.<br> <li> Renamed fields
<code>MinVersion</code> and <code>MaxVersion</code> to
<code>TLSMinVersion</code> and <br><code>TLSMaxVersion</code> in
<code>HttpServerOptionsConfig</code>.
</details>
</td>
<td><a
href="https:/TykTechnologies/tyk/pull/6078/files#diff-fe44f09c4d5977b5f5eaea29170b6a0748819c9d02271746a20d81a5f3efca17">+4/-4</a>
</td>
</tr>
<tr>
<td>
<details>
<summary><strong>dashboard_register.go</strong><dd><code>Align TLS
version configuration references</code>
</dd></summary>
<hr>
gateway/dashboard_register.go
<li>Updated references from <code>MinVersion</code> and
<code>MaxVersion</code> to <code>TLSMinVersion</code> and
<br><code>TLSMaxVersion</code> in the TLS configuration.
</details>
</td>
<td><a
href="https:/TykTechnologies/tyk/pull/6078/files#diff-f504c88b3d2fa3b56b74c252aab41a934156879ef1150d33714225749e6cc94c">+2/-2</a>
</td>
</tr>
<tr>
<td>
<details>
<summary><strong>proxy_muxer.go</strong><dd><code>Update TLS version
configuration in proxy muxer</code>
</dd></summary>
<hr>
gateway/proxy_muxer.go
<li>Adjusted TLS configuration to use the new <code>TLSMinVersion</code>
and <br><code>TLSMaxVersion</code> fields.
</details>
</td>
<td><a
href="https:/TykTechnologies/tyk/pull/6078/files#diff-89fb6731880400cb95ba8860c935a308de5f55aaa41aa2c76abf3ee4773d7a87">+2/-2</a>
</td>
</tr>
<tr>
<td>
<details>
<summary><strong>rpc_storage_handler.go</strong><dd><code>Update RPC
storage handler TLS version configuration</code>
</dd></summary>
<hr>
gateway/rpc_storage_handler.go
<li>Updated RPC configuration to use <code>TLSMinVersion</code> and
<code>TLSMaxVersion</code> for <br>SSL version control.
</details>
</td>
<td><a
href="https:/TykTechnologies/tyk/pull/6078/files#diff-8875f75b602664c44b62b67a4da41d748124ad270573a44db4ec977ee5d68021">+2/-2</a>
</td>
</tr>
<tr>
<td>
<details>
<summary><strong>server.go</strong><dd><code>Enforce TLS version
consistency and update defaults</code>
</dd></summary>
<hr>
gateway/server.go
<li>Ensured TLS version consistency and updated the default TLS max
<br>version to <code>VersionTLS12</code>.<br> <li> Updated checks and
assignments to use <code>TLSMinVersion</code> and
<code>TLSMaxVersion</code>.
</details>
</td>
<td><a
href="https:/TykTechnologies/tyk/pull/6078/files#diff-4652d1bf175a0be8f5e61ef7177c9666f23e077d8626b73ac9d13358fa8b525b">+4/-4</a>
</td>
</tr>
</table></td></tr></tr></tbody></table>
___
> ✨ **PR-Agent usage**:
>Comment `/help` on the PR to get a list of all available PR-Agent tools
and their descriptions
___
## **Type**
enhancement
___
## **Description**
- Renamed JSON tags and field names for TLS max and min versions to
`TLSMaxVersion` and `TLSMinVersion` respectively.
- Updated all references in the codebase to match the new field names.
___
## **Changes walkthrough**
<table><thead><tr><th></th><th align="left">Relevant
files</th></tr></thead><tbody><tr><td><strong>Enhancement</strong></td><td><table>
<tr>
<td>
<details>
<summary><strong>config.go</strong><dd><code>Update JSON tags and field
names for TLS versions</code>
</dd></summary>
<hr>
config/config.go
<li>Renamed <code>MaxVersion</code> to <code>TLSMaxVersion</code>.<br>
<li> Renamed <code>MinVersion</code> to <code>TLSMinVersion</code>.
</details>
</td>
<td><a
href="https:/TykTechnologies/tyk/pull/6083/files#diff-fe44f09c4d5977b5f5eaea29170b6a0748819c9d02271746a20d81a5f3efca17">+2/-2</a>
</td>
</tr>
<tr>
<td>
<details>
<summary><strong>connection_handler.go</strong><dd><code>Adapt TLS
version field references in connection handler</code>
</dd></summary>
<hr>
storage/connection_handler.go
<li>Updated references from <code>MaxVersion</code> to
<code>TLSMaxVersion</code>.<br> <li> Updated references from
<code>MinVersion</code> to <code>TLSMinVersion</code>.
</details>
</td>
<td><a
href="https:/TykTechnologies/tyk/pull/6083/files#diff-72363b0f8dc68eaf5cbf796451f0363df87931fc33077d8c1f1e7f0a2def928f">+2/-2</a>
</td>
</tr>
</table></td></tr></tr></tbody></table>
___
> ✨ **PR-Agent usage**:
>Comment `/help` on the PR to get a list of all available PR-Agent tools
and their descriptions
Co-authored-by: Matias <matipvp02@gmail.com>
v5.3.0-rc3
Merging to release-5.3.0: [TT-11405] Updating JSON tags and field nam…
…es for TLS max and min versions (#6078) (#6083)
## **User description**
[TT-11405] Updating JSON tags and field names for TLS max and min
versions (#6078)
## **User description**
<!-- Provide a general summary of your changes in the Title above -->
## Description
Updating JSON tags and field names for TLS max and min versions.
https://tyktech.atlassian.net/browse/TT-11405
<!-- Describe your changes in detail -->
## Related Issue
https://tyktech.slack.com/archives/C02AS4BP5HN/p1709041100516449
<!-- This project only accepts pull requests related to open issues. -->
<!-- If suggesting a new feature or change, please discuss it in an
issue first. -->
<!-- If fixing a bug, there should be an issue describing it with steps
to reproduce. -->
<!-- OSS: Please link to the issue here. Tyk: please create/link the
JIRA ticket. -->
## Motivation and Context
<!-- Why is this change required? What problem does it solve? -->
## How This Has Been Tested
<!-- Please describe in detail how you tested your changes -->
<!-- Include details of your testing environment, and the tests -->
<!-- you ran to see how your change affects other areas of the code,
etc. -->
<!-- This information is helpful for reviewers and QA. -->
## Screenshots (if appropriate)
## Types of changes
<!-- What types of changes does your code introduce? Put an `x` in all
the boxes that apply: -->
- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing
functionality to change)
- [ ] Refactoring or add test (improvements in base code or adds test
coverage to functionality)
## Checklist
<!-- Go over all the following points, and put an `x` in all the boxes
that apply -->
<!-- If there are no documentation updates required, mark the item as
checked. -->
<!-- Raise up any additional concerns not covered by the checklist. -->
- [ ] I ensured that the documentation is up to date
- [ ] I explained why this PR updates go.mod in detail with reasoning
why it's required
- [ ] I would like a code coverage CI quality gate exception and have
explained why
___
## **Type**
enhancement
___
## **Description**
- Updated JSON tags and field names related to TLS version configuration
across multiple files to improve clarity and consistency.
- Renamed `MinVersion` and `MaxVersion` to `TLSMinVersion` and
`TLSMaxVersion` in `HttpServerOptionsConfig` for better readability.
- Adjusted references in the TLS configuration setup in various parts of
the codebase to align with the new field names.
- Ensured TLS version consistency and updated the default TLS max
version to `VersionTLS12` in the gateway server configuration.
___
## **Changes walkthrough**
<table><thead><tr><th></th><th align="left">Relevant
files</th></tr></thead><tbody><tr><td><strong>Enhancement</strong></td><td><table>
<tr>
<td>
<details>
<summary><strong>config.go</strong><dd><code>Update TLS version field
names and JSON tags</code>
</dd></summary>
<hr>
config/config.go
<li>Updated JSON tags for <code>MaxVersion</code> and
<code>MinVersion</code> to <code>tls_max_version</code> and
<br><code>tls_min_version</code> respectively in
<code>StorageOptionsConf</code>.<br> <li> Renamed fields
<code>MinVersion</code> and <code>MaxVersion</code> to
<code>TLSMinVersion</code> and <br><code>TLSMaxVersion</code> in
<code>HttpServerOptionsConfig</code>.
</details>
</td>
<td><a
href="https:/TykTechnologies/tyk/pull/6078/files#diff-fe44f09c4d5977b5f5eaea29170b6a0748819c9d02271746a20d81a5f3efca17">+4/-4</a>
</td>
</tr>
<tr>
<td>
<details>
<summary><strong>dashboard_register.go</strong><dd><code>Align TLS
version configuration references</code>
</dd></summary>
<hr>
gateway/dashboard_register.go
<li>Updated references from <code>MinVersion</code> and
<code>MaxVersion</code> to <code>TLSMinVersion</code> and
<br><code>TLSMaxVersion</code> in the TLS configuration.
</details>
</td>
<td><a
href="https:/TykTechnologies/tyk/pull/6078/files#diff-f504c88b3d2fa3b56b74c252aab41a934156879ef1150d33714225749e6cc94c">+2/-2</a>
</td>
</tr>
<tr>
<td>
<details>
<summary><strong>proxy_muxer.go</strong><dd><code>Update TLS version
configuration in proxy muxer</code>
</dd></summary>
<hr>
gateway/proxy_muxer.go
<li>Adjusted TLS configuration to use the new <code>TLSMinVersion</code>
and <br><code>TLSMaxVersion</code> fields.
</details>
</td>
<td><a
href="https:/TykTechnologies/tyk/pull/6078/files#diff-89fb6731880400cb95ba8860c935a308de5f55aaa41aa2c76abf3ee4773d7a87">+2/-2</a>
</td>
</tr>
<tr>
<td>
<details>
<summary><strong>rpc_storage_handler.go</strong><dd><code>Update RPC
storage handler TLS version configuration</code>
</dd></summary>
<hr>
gateway/rpc_storage_handler.go
<li>Updated RPC configuration to use <code>TLSMinVersion</code> and
<code>TLSMaxVersion</code> for <br>SSL version control.
</details>
</td>
<td><a
href="https:/TykTechnologies/tyk/pull/6078/files#diff-8875f75b602664c44b62b67a4da41d748124ad270573a44db4ec977ee5d68021">+2/-2</a>
</td>
</tr>
<tr>
<td>
<details>
<summary><strong>server.go</strong><dd><code>Enforce TLS version
consistency and update defaults</code>
</dd></summary>
<hr>
gateway/server.go
<li>Ensured TLS version consistency and updated the default TLS max
<br>version to <code>VersionTLS12</code>.<br> <li> Updated checks and
assignments to use <code>TLSMinVersion</code> and
<code>TLSMaxVersion</code>.
</details>
</td>
<td><a
href="https:/TykTechnologies/tyk/pull/6078/files#diff-4652d1bf175a0be8f5e61ef7177c9666f23e077d8626b73ac9d13358fa8b525b">+4/-4</a>
</td>
</tr>
</table></td></tr></tr></tbody></table>
___
> ✨ **PR-Agent usage**:
>Comment `/help` on the PR to get a list of all available PR-Agent tools
and their descriptions
___
## **Type**
enhancement
___
## **Description**
- Renamed JSON tags and field names for TLS max and min versions to
`TLSMaxVersion` and `TLSMinVersion` respectively.
- Updated all references in the codebase to match the new field names.
___
## **Changes walkthrough**
<table><thead><tr><th></th><th align="left">Relevant
files</th></tr></thead><tbody><tr><td><strong>Enhancement</strong></td><td><table>
<tr>
<td>
<details>
<summary><strong>config.go</strong><dd><code>Update JSON tags and field
names for TLS versions</code>
</dd></summary>
<hr>
config/config.go
<li>Renamed <code>MaxVersion</code> to <code>TLSMaxVersion</code>.<br>
<li> Renamed <code>MinVersion</code> to <code>TLSMinVersion</code>.
</details>
</td>
<td><a
href="https:/TykTechnologies/tyk/pull/6083/files#diff-fe44f09c4d5977b5f5eaea29170b6a0748819c9d02271746a20d81a5f3efca17">+2/-2</a>
</td>
</tr>
<tr>
<td>
<details>
<summary><strong>connection_handler.go</strong><dd><code>Adapt TLS
version field references in connection handler</code>
</dd></summary>
<hr>
storage/connection_handler.go
<li>Updated references from <code>MaxVersion</code> to
<code>TLSMaxVersion</code>.<br> <li> Updated references from
<code>MinVersion</code> to <code>TLSMinVersion</code>.
</details>
</td>
<td><a
href="https:/TykTechnologies/tyk/pull/6083/files#diff-72363b0f8dc68eaf5cbf796451f0363df87931fc33077d8c1f1e7f0a2def928f">+2/-2</a>
</td>
</tr>
</table></td></tr></tr></tbody></table>
___
> ✨ **PR-Agent usage**:
>Comment `/help` on the PR to get a list of all available PR-Agent tools
and their descriptions
Co-authored-by: Matias <matipvp02@gmail.com>
v5.3.0-rc2
[TT-11371] Move leaky-bucket behind the dev build flag (5.3.0) (#6073)
## **User description**
https://tyktech.atlassian.net/browse/TT-11371
___
## **Type**
enhancement, configuration changes
___
## **Description**
- Moved the Leaky Bucket rate limiter configuration behind a development
build flag.
- Removed the Leaky Bucket rate limiter option from the main
configuration, making it exclusive to development builds.
- Updated tests and internal logic to reflect the removal of the Leaky
Bucket rate limiter from the main configuration.
- Adjusted CLI linter schema to remove references to the now
development-only Leaky Bucket rate limiter.
___
## **Changes walkthrough**
<table><thead><tr><th></th><th align="left">Relevant
files</th></tr></thead><tbody><tr><td><strong>Enhancement</strong></td><td><table>
<tr>
<td>
<details>
<summary><strong>development.go</strong><dd><code>Add Leaky Bucket Rate
Limiter to Development Config</code>
</dd></summary>
<hr>
config/development.go
<li>Added <code>EnableLeakyBucketRateLimiter</code> configuration option
to <br><code>DevelopmentConfig</code>.<br>
</details>
</td>
<td><a
href="https:/TykTechnologies/tyk/pull/6073/files#diff-d2253d9377e5163d9de068a2df71738383fb97e0b07b64482404a83610cd53b8">+9/-0</a>
</td>
</tr>
</table></td></tr><tr><td><strong>Configuration
changes</strong></td><td><table>
<tr>
<td>
<details>
<summary><strong>rate_limit.go</strong><dd><code>Remove Leaky Bucket
Rate Limiter from Main Config</code>
</dd></summary>
<hr>
config/rate_limit.go
<li>Removed <code>EnableLeakyBucketRateLimiter</code> from
<code>RateLimit</code> struct.<br> <li> Adjusted string representation
logic for rate limiters.<br>
</details>
</td>
<td><a
href="https:/TykTechnologies/tyk/pull/6073/files#diff-375bf116f8d6527c50d7591d7cb01e8f821b22df4a4ca18b4da4c6f0d526f18e">+0/-13</a>
</td>
</tr>
<tr>
<td>
<details>
<summary><strong>rate_nodev.go</strong><dd><code>Adjust Rate Limiter
Handling for Release Builds</code>
</dd></summary>
<hr>
internal/rate/rate_nodev.go
- Removed Leaky Bucket rate limiter handling for release builds.
</details>
</td>
<td><a
href="https:/TykTechnologies/tyk/pull/6073/files#diff-5c08f4f86a19b6cc3d2ee94a0253749acc927b606b1c56d6b73aee46547cf4f7">+0/-3</a>
</td>
</tr>
<tr>
<td>
<details>
<summary><strong>schema.json</strong><dd><code>Update CLI Linter
Schema</code>
</dd></summary>
<hr>
cli/linter/schema.json
- Removed JSON schema entries related to Leaky Bucket rate limiter.
</details>
</td>
<td><a
href="https:/TykTechnologies/tyk/pull/6073/files#diff-103cec746d3e61d391c5a67c171963f66fea65d651d704d5540e60aa5d574f46">+0/-9</a>
</td>
</tr>
</table></td></tr><tr><td><strong>Tests</strong></td><td><table>
<tr>
<td>
<details>
<summary><strong>mw_rate_limiting_test.go</strong><dd><code>Update Rate
Limiting Middleware Tests</code>
</dd></summary>
<hr>
gateway/mw_rate_limiting_test.go
- Removed test case setup for Leaky Bucket rate limiter.
</details>
</td>
<td><a
href="https:/TykTechnologies/tyk/pull/6073/files#diff-7cf2199231924147d538ba7ad576a48a3c0e691852077e147c9b2d86ba9b7c4d">+0/-2</a>
</td>
</tr>
</table></td></tr></tr></tbody></table>
___
> ✨ **PR-Agent usage**:
>Comment `/help` on the PR to get a list of all available PR-Agent tools
and their descriptions
---------
Co-authored-by: Tit Petric <tit@tyk.io>
Tyk Gateway v5.2.5 and Tyk Dashboard v5.2.5
Tyk Gateway v5.2.5
Caveat
This version has performance regressions on high concurrency. Please upgrade to v5.2.6 for improved connection management and enhanced system performance.
Fixed
- Fixed an issue where custom keys over 24 characters in length were deleted from the Data Plane Redis on key update.
Tyk Dashboard v5.2.5
No changes
Tyk Gateway v5.0.10 and Tyk Dashboard v5.0.10
Tyk Gateway v5.0.10
Caveat
This version has performance regressions on high concurrency. Please upgrade to v5.0.11 for improved connection management and enhanced system performance.
Fixed
- Fixed an issue where custom keys over 24 characters in length were deleted from the Data Plane Redis on key update.
Tyk Dashboard v5.0.10
No changes