Tyk Gateway 2.7.4

• Fixed multiple issues related to failover of Hybrid gateways in cases when Hybrid cloud layer experiencing issues. Added protection that last safe configuration should always be remembered and loaded.
• Gateway now should properly close connections to the Dashboard, when configured in TLS mode
• Deb and Rpm packages now include additional Tyk version compiled with Python 3.6 support. New package name: tyk-gateway-python36

Tyk Dashboard 1.7.3

• Fixed mongo connections leak

Tyk Gateway 2.7.3

• Fixed issue with Python plugins using multiple files

Tyk Gateway 2.7.2

• Added support for Redis 4 Clustering
• JWT clock skew made configurable using jwt_issued_at_validation_skew,jwt_expires_at_validation_skew and jwt_not_before_validation_skew API definition variables (values specified in seconds)
• Use JWT exp scope for session expiration, fallback to policy if not present
• During rewrites with dynamic values, like metadata or context, if key not found, value will be empty instead of metadata or context placeholder
• TLS renegotiation now supported by default, by you can turn it off using proxy_ssl_disable_renegotiation tyk.conf boolean option
• Fix crash when JSVM is disabled, but JSVM bundle is specified for API
• Issue warning on boot when secrets are default
• Fix connection to the dashboard when it is using self-signed certificate
• Allow same API to serve both HTTP and WebSockets
• Fix AuthFailed events when using auth plugins
• Fix enable_key_logging for some proxy log calls
• Fix using multiple python files in same bundle
• Fix TLS handshake error: no cipher suite supported by both client and server
• Fix policy changes not being propagated to OIDC keys
• Fix reading binary bodies in python plugins

Tyk Dashboard 1.7.2

• Added support for Redis 4 Clustering
• Now you can disable “X-Forwarded-For” header check, during login rate limiting checks, by using security.login_disallow_forward_proxy boolean option
• Fix custom auth option in Raw API editor
• Fix endpoint designer cache plugin
• Use strong mongo consistency by default
• Issue warning on boot when secrets are default
• Fix developers subscription keys, when custom hashing algorithm is used
• Fix developer portal reset url in text version of email
• Fix setting event handlers on api definition over API

Tyk Pump 0.5.4

• Added support for Redis 4 Clustering
• Added support for configuring using environmental variables using TYK_PMP_ prefix


Tyk MDCB 1.5.7

• Added support for Redis 4 Clustering

Tyk Gateway v2.5.5

• Fixed memory leak, happening when using Python-based plugins

Tyk Gateway 2.7.1

• Fix enable_key_loggin to work for all log entries
• Fix quota_remaining field for Tyk Keys API, which was also causing key quota usage not being displayed in Tyk Dashboard
• Fixed usage of nested key metadata in plugins
• Fixed JSVM plugins when used with bundle server
• Significantly improved performance of basic authorization
• Fixed default webhook template
• Add support for caching OPTIONS requests
• API rate limit now runs after token rate limit

Tyk Dashboard 1.7.1

• Users now can change their own password without “write” permissions
• oAuth clients page now does not require key permissions
• Fix activation of disabled developers
• Allow dashboard to accept port when setting portal domain
• Show request IP address in log browser
• Fix mock response plugin
• Fixed multi-auth mode, which was not saving in some combinations
• Various UX improvements
• Fix swagger import “as new version”
• Allow white-listing SSL ciphers for dashboard server, similar to the gateway, using http_server_options. cipher_suites
• Notifications websocket port now honor min version and cipher TLS settings

Tyk Gateway 2.6.3

• Fix license update issue, when in some cases during updating license, gateway stops receiving API changes

Tyk Dashboard 1.6.3

• Fix license update issue, when gateways can receive old node ids, during update window.
• Fix issue when viewing oAuth client details require Key permission. Not it should work only with oAuth permissions.

Our new major release is here!

Up to 160% performance boost, custom key hashing protocols, user groups and more!

Read full release notes: https://tyk.io/docs/release-notes/version-2.7/

Gateway 2.6.2

• Fixed XML -> JSON transform bug when using mocks https://github.com/TykTechnologies/tyk/issues/1729
• Fixed request body transform when input is JSON https://github.com/TykTechnologies/tyk/issues/1751
• Fixed white-listing when it is used in combination with header modification https://github.com/TykTechnologies/tyk/issues/1732
• Improve Gateway stability when dashboard is not available https://github.com/TykTechnologies/tyk/issues/1725
• Fixed co-process auth plugin panic when session is set but token is empty https://github.com/TykTechnologies/tyk/issues/1739
• Added option to disable JWT date claims validation using following API definition options: jwt_disable_issued_at_validation, jwt_disable_expires_at_validation, jwt_disable_not_before_validation https://github.com/TykTechnologies/tyk/issues/1670
• Fixed API deletion not being propagated to Gateways for Hybrid users https://github.com/TykTechnologies/tyk/issues/1530
• Respond with HTTP 403 code on JWT expired date validation errors, instead of 401 https://github.com/TykTechnologies/tyk/issues/1243
• Fixed certificate pinning if Proxy is used (only global * scope is supported) https://github.com/TykTechnologies/tyk/issues/1717
• Do not ask client for TLS certificate unless one of APIs in the current scope requires it. Should fix bug with showing browser certificate selection popup when accessing Tyk API using web browser. https://github.com/TykTechnologies/tyk/issues/1381
• Fixed setting log level via log_level config variable https://github.com/TykTechnologies/tyk/issues/1716
• Fixed strip_auth when key param is enabled https://github.com/TykTechnologies/tyk/issues/1417
• Added minimum key length check via new min_token_length variable (default is 3) https://github.com/TykTechnologies/tyk/issues/1681
• Fixed mutual TLS key authorization when it appends org ID multiple times https://github.com/TykTechnologies/tyk/issues/1685
• Fixed “do not track” middleware https://github.com/TykTechnologies/tyk/issues/1610

Dashboard 1.6.2

• No longer modifies slug when changing listen path
• Redirects to certificate page when uploading new certificate, instead of redirecting to listing page
• Fixed Portal login for developers with high amount of subscriptions (>10)
• Fixed password validation on developer password reset form
• Fixed password validation on developer edit profile form
• Fixed domain specific certificate pinning
• Disabled fields on user form if current logged in user has no “edit” permission
• Fixed Eureka service discovery template
• Fixed listen path URL validation if it contains ( or ) symbols
• Allowed query string params when specifying uptime test URL
• Allowed wildcard URLs in CORS settings
• No longer automatically log in new developers when login is disabled
• Fixed policy selection screen for OIDC auth mode
• Fixed HMAC checkbox not being checked when HMAC is enabled

Pump 0.5.3

• Fixed issues with slow log browser by automatically creating proper indexes https://github.com/TykTechnologies/tyk-pump/issues/74


MDCB 1.5.4

• Fixed API deletion event not being propagated to Gateways

Tyk Gateway 2.6.1

• A bug was found in the tyk-gateway 2.6.0 upstart 0.x init scripts causing installations on e.g. CentOS 6, RHEL 6 and Amazon Linux using the packages fail to start the gateway service, which fixed in this update.
• A backward incompatible change has been introduced to Tyk Gateway package version 2.6.0 in the process and directories ownership. The process is was being executed by user "tyk" and group "tyk", which must have access to the mentioned locations and will fail to work properly otherwise. Tyk Gateway 2.6.1 reverts this behavior to maintain compatibility until a properly backward compatible migration path is implemented.
• Fixed issues with distributed rate limiter when tags are used
• Added way to specify custom proxy on API level using proxy.transport.proxy_url
• Added way to specify allowed SSL ciphers and minium SSL version for upstream calls using, proxy_ssl_ciphers and proxy_ssl_min_version on global level in tyk.conf and, using proxy.transport.ssl_ciphers and proxy.transport.ssl_min_version on API level.

Tyk Dashboard 1.6.1

• Development assets for developer portal were included by mistake in tyk-dashboard 1.6.0 packages. This caused issues with slow installation/upgrade time on some systems. In addition to this, some Debian-based OS may have corrupted /var/lib/dpkg/status file. If you installed 1.6.0 before, and experience this issue, in order to fix it on a running system, please execute the following commands and upgrade to 1.6.1:

   sudo sed -i.bak '/\/opt\/tyk-dashboard\/portal\/node_modules/d' /var/lib/dpkg/status
   sudo apt-get update

• Added support for specifying API proxy and SSL options, which added in Gateway 2.6.1, via Raw API Editor,

Tyk Gateway v2.6, Dashboard v1.6 and more

Today we are releasing Tyk Gateway v2.6, Dashboard v1.6, Pump v0.5.2, MDCB v1.5.3, and TIB v0.4

Head on over to the release notes https://tyk.io/docs/release-notes/version-2.6/ to find out more about all the goodies being released.

Tyk Gateway 2.5.4

• Improve key events propagation in Hybrid and MDCB environments.
• Add access to metadata for coprocess post and post-key middleware
• Add JWT token header claims to tyk context
• Fix access to numeric JWT claims via context
• Rollback close_connections behavior, now it controls only keep-alive behavior between client and tyk. Added new proxy_close_connections to control keep-alive between tyk and upstream.
• Fixes token update when non-partitioned policies change access rights
• Fix KeyExpired events
• Fix Modify headers and URL rewrite plugins not working together
• Fix response transformations when upstream use compression
• Fix JWT when it was applying policy changes only on the second request

Tyk Dashboard 1.5.4

• Allow specifying portal port inside domain field
• Fix developer policy updates in Hybrid environments
• Improve protection over creating admin users if no permissions set

Tyk Gateway 2.5.3

• Fixed endpoints match conflicting by path but having different HTTP methods
• Fixed max_conn_time which was breaking keep-alive connections
• Upstream health checks now obey proxy_ssl_insecure_skip_verify option

Tyk Dashboard 2.5.3

• Fixed portal domain check when original port changed due to reverse proxying
• Multiple UX fixes

Tyk Gateway 2.5.2

• Fixed Hybrid/MDCB fallback functionality if RCP layer is down
• Added support for Polices backup, when using Hybird/MDCB, so now you can use oAuth/JWT APIs even if RPC layer is down.
• Added protection over potentially infinite grows of Redis analytics storage, if RPC layer or Tyk Pump goes down. Now you can configure expiration of analytics, in case if they are not processes, using analytics_config.storage_expiration_time option. The default value is 60 seconds.
• Fixed statsd instrumentation panics happening on high load
• Apply policy to the key when it requested via API
• Fixed endpoint tracking if path is empty
• TykBatchRequest Javascript function now respect proxy_ssl_insecure_skip_verify and mutual tls upstream certificates
• Caching middleware now handle Etags, if cached upstream response contained them
• Added way to force DNS cache flush, by adding new max_conn_time option
• Do not expose HTTP handler if Redis connection not established
• JSVM timeout now configurable via jsvm_timeout option
• VirtualEndpoint now respect JSVM timeout
• Support case when JWT policy modified for active token
• URL rewriter now can use $tyk_context and $tyk_meta if they contain full url
• Fixed support for Host header in $tyk_context

Tyk Dashboard 1.5.2

• Now you can manage default API version from UI
• Remove the link between API name and slug in API Designer when editing existing API
• Limit dashboard languages API to only read language files
• Lot of small UX features
• Swagger import screen now shows all available APIs
• Inactive developers should not be allowed log into the portal
• Fix portal domain validation: now it can have more than 2 dots
• Portal cookies now “httpOnly” and respect host_config.secure_cookies option

The first wave of bug fix releases is here.
Today we are releasing Tyk Gateway 2.5.1, Tyk Dashboard 1.5.1, Tyk Pump 0.5.1 and Tyk Sink 1.5.1

We found major issues in our packages across all products:

• Fixed all the packages compatibility with Upstart 0.x (tested on 0.6.5)
• Better compatibility for different Upstart installations when removing the packages
• Fixed sysvinit script arguments for the pump package
• Fixed tyk-dashboard signature for rpm packages

Note:
Certain distributions with Upstart as their init system (especially older RedHat based, e.g. CentOS6, EL6, Amazon Linux) are utilising initctl command directly instead of passing through service to manage the Upstart services. Alternatively the generic start, stop, restart, status commands may be used. We have added a separate guide on linux init systems https://tyk.io/docs/get-started/with-tyk-on-premise/

Additional fixes:

Tyk Gateway 2.5.1

• Fixed StatsD instrumentation
• Show Gateway version if override_defaults is turned on

Tyk Dashboard 1.5.1

• Make plugin accordion headers clickable
• Fixed showing HMAC secret if key created via API
• Fixed custom domain field validation
• Do not require quota reset period, when creating a key, if quota max is not specified

Tyk Gateway v2.5, Dashboard v1.5 and more

Today we are releasing Tyk Gateway v2.5, Dashboard v1.5, Pump v0.6, MDCB v1.5, and TIB v0.3.

This release brings a rejuvenated look-and-feel for the Dashboard, and some new key features such as MDCB support for Tyk Pump, TIB integration with OpenID providers for SSO, and Advanced URL rewriting functionality.

Head on over to the release notes https://tyk.io/docs/release-notes/version-2.5/ to find out more about all the goodies being released.

Tyk Gateway 2.4.3

• Fix JWT remote JWK secret support when set using UI https://github.com/TykTechnologies/tyk/issues/1388
• Fix Health-check (/hello) 404 if no APIs defined https://github.com/TykTechnologies/tyk/issues/1393
• Fix unrequested URL Encoding while proxying (require setting new boolean option http_server_options.skip_target_path_escaping) https://github.com/TykTechnologies/tyk/issues/1374
• Fix Fix 404 during reloads on high load https://github.com/TykTechnologies/tyk/pull/1403
• Added wait to specify http_server_options.ssl_ciphers option to specify supported SSL ciphers
  https://github.com/TykTechnologies/tyk/issues/1372
• Add HTTP method to middleware request object https://github.com/TykTechnologies/tyk/issues/1219
• Fix websockets https://github.com/TykTechnologies/tyk/issues/1375

Dashboard 1.4.3

• Fixed updating expiry of a key in the dashboard https://github.com/TykTechnologies/tyk-analytics/issues/600
• Fixed when all auth modes are set on false, multiple auth view is displayed https://github.com/TykTechnologies/tyk-analytics-ui/issues/485

Tyk Gateway 2.4.2 and Tyk Dashboard 1.4.2

New set of bugfixes to our latest major release

Tyk Gateway

• JSVM HTTP calls now respect proxy_ssl_insecure_skip_verify option
• Fixed websockets functionality
• Fixed response transform when url rewrite is used
• Fixed VirtualPath when caching turned on

Tyk Dashboard

• Fixed webhook creation
• Fixed “whitelisted”, “ignored” and “blacklisted” plugins
• Fixed OpenID issuer url check, preventing adding path
• Remove file extension check when uploading certificates
• Fixed multiple UI edge cases on multiple pages

This is the first patch release for the Gateway and Dashboard after our major release 2 weeks ago.
Starting from this release we switching Docker "latest" tags to 2.4.X version.

Tyk Gateway

• Fixed panic when both caching and detailed analytics recording turned on
• Fixed caching when "Cache all safe headers" turned on
• Fixed organization quotas in MDCB and Hybrid environments
• Fixed various Python middleware issues
• Added additional JWT check to validate policy on each request

Tyk Dashboard

• Fixed usage of CORS allowed methods
• Fixed portal login issues with users emails containing + character
• Fixed adding webhook
• Improved security of dashboard by changing "Cache-Control" from "no-cache" to "no-store, no-cache"
• Fixed showing HMAC secret for keys
• Fixed "Filter by tag" in Activity by API report
• Lot of small UX bug fixes

We exited to show you the long-awaited release of Tyk Gateway.

In fact, we updated all our products, and changelog is so big, so we have to create a separate page for it https://tyk.io/docs/release-notes/version-2.4/

Happy hacking!

Tyk Gateway 2.3.13

• Added new strip_auth_data API definition boolean option, which removes authentication data from the request when "Auth token" middleware is used. Can be useful if you do not want pass token to upstream API
• Fix bug with wrong API load order
• Fixed Python loader issue introduced in 2.3.11, requiring middleware code be placed in fixed middleware.py file. Restored default behavior, now you can use files with any name.
• Additional improvements of DRL for small rate limits

Tyk Dashboard 1.3.10

• Added support for strip_auth_data feature
• Fixed bug when audit does not work if custom domains enabled