v4.3.8-rc1

Port connection leak fix

v5.2.1-rc2

Merge memory fixes

v5.2.1-rc1

Fix tests

v5.2.1-a1

Fix tests

Tyk Gateway v5.1.2 and Tyk Dashboard v5.1.2

Tyk Gateway 5.1.2

Fixed

• Fixed a bug where the Gateway could panic when using Tyk OAS APIs with MDCB 2.3.0.
• Fixed a bug in the Dashboard's 'Most popular endpoints' section when using SQL Aggregate analytics
• Fixed a bug where the URL Rewrite middleware did not correctly handle escaped characters in the URL. Note that Tyk does not support a deliberate mix of escaped and non-escaped characters in the URL.
• Fixed a bug where api_name and api_id were not populated when using the Gateway API to retrieve policies.
• Fixed a bug where Kafka data source has been modified to work with the new version of resolver.Context

Tyk Dashboard 5.1.2

Fixed

• Fixed a bug where locking a Dashboard account also locked any Developer Portal account with the same username despite them being separate accounts.
• Fixed a bug where the order of APIs in the Versions List could change on browser refresh
• Fixed a security issue with password reset that could expose the names of all Organisations on the Tyk deployment
• Fixed a bug where it was possible to reset the Dashboard API access key from the /users endpoint; now this can only be reset using the key reset action.
• Optimised the loading and re-loading of APIs and Policies for complex scenarios
• Fixed a bug in the Dashboard's 'Most popular endpoints' section when using SQL Aggregate analytics
• Fixed a bug where mTLS request with an expired certificate allowed the request to be proxied upstream in static mTLS and dynamic mTLS

Tyk Gateway v5.0.5 and Tyk Dashboard v5.0.5

Tyk Gateway 5.0.5

Fixed

• Fixed a bug where the Gateway could panic when using Tyk OAS APIs with MDCB 2.3.0.
• Fixed a bug in the Dashboard's 'Most popular endpoints' section when using SQL Aggregate analytics
• Fixed a bug where the URL Rewrite middleware did not correctly handle escaped characters in the URL. Note that Tyk does not support a deliberate mix of escaped and non-escaped characters in the URL.
• Fixed a bug where api_name and api_id were not populated when using the Gateway API to retrieve policies.

Tyk Dashboard 5.0.5

Fixed

• Fixed a bug where locking a Dashboard account also locked any Developer Portal account with the same username despite them being separate accounts.
• Fixed a bug where the order of APIs in the Versions List could change on browser refresh
• Fixed a security issue with password reset that could expose the names of all Organisations on the Tyk deployment
• Fixed a bug where it was possible to reset the Dashboard API access key from the /users endpoint; now this can only be reset using the key reset action.
• Optimised the loading and re-loading of APIs and Policies for complex scenarios
• Fixed a bug in the Dashboard's 'Most popular endpoints' section when using SQL Aggregate analytics

Tyk Gateway 4.3.7

Tyk Gateway 4.3.7

Fixed

• Fixed a bug where "disable_strip_slash" didn't worked for upstream requests

v5.2.0-rc3

Allow running without Redis, without printing errors

Tyk already supports running without Redis, because it support Redis failure handling, and reconnection mechanism.

What this PR adds is allow set TYK_GW_STORAGE_TYPE to empty value (actually anything non "redis"), disable auto-reconnects, and turns on fallback mode. It also makes it not print error messages every 10 seconds.

Tyk Gateway v4.3.6

Tyk Gateway 4.3.6

Fixed

• Fixed a bug where url was not decoded when we enable url-rewrite middleware

Tyk Gateway v5.1.1 and Tyk Dashboard v5.1.1

Tyk Gateway 5.1.1

Fixed

• Fixed a bug where the Go Plugin compiler created output files with the wrong names
• Fixed a bug where Python Rich Plugin truncates HTTP headers with same name and returns just the first one. Multiple headers with same name can be supported now for Go, Python and Ruby plugin
• Fixed a bug where gateway logs were not honouring enable_key_logging setting
• Fixed a bug where Tyk could return HTTP 500 Internal Server Error when load balancing at very high API traffic levels
• Fixed a bug where URL rewrite failed when the request contains absolute URL as HTTP verb argument
• Fixed a bug with the Go plugin compiler not working on ARM64 architecture
• Fixed a bug where an mTLS request with an expired certificate allowed the request to be proxied upstream in static mTLS and dynamic mTLS
• Fixed a typo (log-intrumentation) in CLI flag (log-instrumentation) name and comment; thanks to WolfusFlow for the contribution.
• Fixed a bug where introspection not working for custom root operation types
• Fixed an issue where failure to load Otto (JS) middleware didn’t prevent the API from proxying traffic to the upstream; now Gateway logs an error when the plugin fails to load (during API creation/update) and responds with HTTP 500 if the API is called.
• Fixed a bug where UDG was not handling query parameters for REST data source correctly, when parameter was an array
• Fixed a bug where Tyk could return the wrong error code when a websocket upstream responds with error
• Fixed a bug where the basic auth password hash was included in the response when GETting the details of a key
• Fixed a bug where Tyk might not correctly complete mTLS authentication with the client before contacting the upstream service.
• Fixed a bug where upstream certificates can be ignored when API protocol is TCP/TLS
• Fixed a bug that prevented configuration of cache timeout or cached status codes if upstream cache control was enabled.
• Fixed a bug where Edge/Worker gateway does not load api's and policies on cold start when MDCB is down
• Fixed a bug where RAW keys were exposed in INFO log on gateway on keyspace sync
• Fixed a bug where the Dashboard could timeout while loading policies at startup. Added connection_timeout configuration option (defaults to 30 seconds)
• Adjusted the description for the Policy states, so that it reflects the actual behaviour of the policy, when attached to a key.
• Fixed a bug where Tyk might incorrectly apply rounding to 64-bit integer values provided in context. Thanks to @mortymacs for the contribution.

Tyk Dashboard 5.1.1

Fixed

• Fixed a bug where the Tyk Dashboard could show a blank screen when clicking on policies on the Policy Management screen
• Fixed a bug where an API could be incorrectly labelled as using multi-auth in the Tyk Developer Portal catalogue view.
• Fixed a bug where UI bug in the API Designer when adding all API versions to a policy
• Fixed a ui bug when running mutiple operations containing subscriptions from graphiql
• Fixed a bug where the Tyk Dashboard did not display Key Alias on the analytics screens when using SQL for the analytics data store.
• Fixed a bug where when a JWT contains a claim as array and the values containing spaces, those not being parsed correctly
• When importing/creating and API by providing an API Definition that has Event handlers attached, we now store all the events properly in the definition
• When updating, using the Dashboard, an API that has custom event handlers, we now do not clear them anymore.
• Changed service discover cache settings contract, in the OAS API definition, so that it matches all the other cache contracts, defined in the definition. Both the Dasbhoard UI and API, offer support for backwards compatibility.
• The "Gateway Dashboard" page showing API analytics is now hidden if the logged in user doesn't have analytics rights.
• Fixed a bug where it was not possible to configure the rate limiter to count over a shorter period than 60 seconds when set by a partitioned policy.
• Fixed a bug where the Tyk Dashboard could show a blank screen when policies with custom policy IDs were added to an API key
• Fixed a bug where Tyk Dashboard did not properly display the list of organisations
• Fixed a bug where the HEAD option was not available in the Allowed Methods dropdown in the CORS section of the API Designer
• Fixed a bug when SSOOnlyForRegisteredUsers=true, also checks if user belongs to the organization
• Fixed a bug where keys linked to multiple policies become unusable if one of the policies is removed.
• Fixed a security bug where the key_id was unnecessarily returned when a hashed key is created for an API using basic auth.
• Fixed a bug that prevented manual allocation of api_id during API creation.
• Fixed a bug where security headers were not present when classic portal is configured with a custom domain.
• Fixed a bug where the Dashboard granted visibility of unfiltered analytics when API Ownership is enabled. New user permission (owned_analytics) restricts visibility only to analytics for the owned APIs: API Usage, API Errors and Request Logs.
• Fixed a bug where the Dashboard API granted unfiltered access to analytics endpoints with API Ownership enabled.
• Added processor to fill the MainStorage with the mongo configs in the root
• Fixed a bug where Dashboard would take too long loading Policies to the Gateway
• Fixed a bug where the Tyk Dashboard did not display the correct analytics when filtering by ‘tag’ and using SQL for the analytics data store.
• Fixed a bug in the Dashboard Analytics where the zoom would immediately reset to default
• Fixed a potential security issue which allowed search for keys by username; new flag disable_key_actions_by_username added to restrict this
• [Security] Set dashboard session cookies to be HttpOnly with SameSite: Strict
• [Security] Set classic portal session cookies to be HttpOnly with SameSite: Strict
• Fixed a security bug where node secret could be output in the Removed debug-level logging when authorizing requests.
• Fixed a bug where display API Activities by hour was not responding
• Fixed a bug where in Tyk 5.0.2, Dashboard goes into panic when portal manifest file is applied via Tyk Operator