Tyk Open Source API Gateway written in Go, supporting REST, GraphQL, TCP and gRPC protocols
OTHER License
Bot releases are visible (Hide)
Published by buger almost 7 years ago
http_server_options.skip_target_path_escaping
) https://github.com/TykTechnologies/tyk/issues/1374
http_server_options.ssl_ciphers
option to specify supported SSL ciphersPublished by buger almost 7 years ago
New set of bugfixes to our latest major release
proxy_ssl_insecure_skip_verify
optionPublished by buger almost 7 years ago
This is the first patch release for the Gateway and Dashboard after our major release 2 weeks ago.
Starting from this release we switching Docker "latest" tags to 2.4.X version.
+
characterPublished by buger almost 7 years ago
We exited to show you the long-awaited release of Tyk Gateway.
In fact, we updated all our products, and changelog is so big, so we have to create a separate page for it https://tyk.io/docs/release-notes/version-2.4/
Happy hacking!
Published by buger almost 7 years ago
strip_auth_data
API definition boolean option, which removes authentication data from the request when "Auth token" middleware is used. Can be useful if you do not want pass token to upstream APImiddleware.py
file. Restored default behavior, now you can use files with any name.strip_auth_data
featurePublished by buger almost 7 years ago
metadata
inside gRPC and Python plugins https://github.com/TykTechnologies/tyk/issues/1249
Published by buger almost 7 years ago
Tyk Gateway v2.3.11 continue addressing bugs in Python middleware and rate limiter.
This release is fully compatible with Dashboard v1.3.9
Published by lonelycode about 7 years ago
We have released Tyk Gateway v2.3.10 which addresses serious bugs in how Python middleware is executed and a the distributed rate limiter:
PYTHONPATH
misconfigurationThis release is fully compatible with Dashboard v1.3.9
Published by buger about 7 years ago
http_server_options.skip_url_cleaning
optionPublished by buger about 7 years ago
http_server_options.override_defaults
turned on https://github.com/TykTechnologies/tyk/issues/940
proxy_default_timeout
option to configure default proxy timeout https://github.com/TykTechnologies/tyk/pull/983
optimisations_use_async_session_write
is turned on https://github.com/TykTechnologies/tyk/issues/966
rawlog
function to properly support log hooks like syslog or graylog https://github.com/TykTechnologies/tyk/issues/998
config_data
now support complex JSON objects https://github.com/TykTechnologies/tyk/issues/951
.
symbol/portal/developers/verify_credentials
https://tyk.io/docs/tyk-dashboard-api/portal-developers/
With the new Portal API, it is now possible to create completely custom developer portals and even embed them into your own software. We prepared a guide on creating own developer portal: https://tyk.io/docs/publish/customise/custom-developer-portal/
In addition, our deb and rpm packages now properly handle config files upgrades and do not override user changes.
Published by buger over 7 years ago
rawlog
function, which prints unformatted data bypassing logger formatting https://github.com/TykTechnologies/tyk/issues/844
config_data
object https://github.com/TykTechnologies/tyk/issues/829
slave_option.use_ssl
and slave_options.ssl_insecure_skip_verify
https://github.com/TykTechnologies/tyk/pull/842
config_data
field to API designer user interfacesecurity.allow_admin_reset_password
UPGRADE NOTICE
New gateway version v2.3.7 require MDCB v1.3.0, thus MDCB should be upgraded first.
Published by buger over 7 years ago
"X-Request-ID":"$tyk_context.request_id"
.ReturnOverrides
. See https://github.com/TykTechnologies/tyk/pull/763.Added ability to reset user passwords.
By default user can reset only their own password.
Add a new permission ResetPassword
, but it can be granted only via the admin API using new endpoints: /admin/users/:userId/actions/allow_reset_passwords
/admin/users/:userId/actions/disallow_reset_passwords
You need to make the request using the PUT
HTTP method, for example:
curl -X PUT -H "admin-auth: <your secret>" http://<dashboard>/admin/users/:userId/actions/allow_reset_passwords
It's now possible for users to recover their dashboard password using email. To enable this feature, ensure that you have configured email https://tyk.io/tyk-documentation/configure/outbound-email-configuration/. Do not forget about the new email_backend.dashboard_domain
option which should be your public dashboard hostname.
mongo_ssl_insecure_skip_verify
and mongo_use_ssl
boolean variables.dashboard_session_lifetime
option and reduced to 1 hour by default.Binaries built with Go 1.7.6
Published by buger over 7 years ago
http_server_options.ssl_insecure_skip_verify
boolean option to allow self-signed certificates for Gateway. #693proxy_ssl_insecure_skip_verify
boolean option to skip SSL check for upstream APIs with self-signed certificates. #693hostname
and control_api_hostname
set. #670failure_trigger_sample_size
set to 1
. #632uptime_tests.time_wait
is not explicitly set in config. #669/keys/*
endpoint when api_id
param is provided but API not loaded on this node (due to tags). Now tagged gateways have access to all keys. #663X-Fowarder-IP
header. #704Login rate limiting applies both to dashboard and developer portal.
Once user reached limit, they will see an error, and will not be able to login into dashboard/portal.
Added new configuration section:
"security": {
"login_failure_username_limit": 3,
"login_failure_ip_limit": 10,
"login_failure_expiration": 900
}
By default, limit values are zero and login_failure_expiration
is 15 minutes (900).
Now you can enable audit log by setting security.audit_log_path
configuration option. It will log all user actions and responses statuses to it. Security information like password
gets removed from this log.
host_config.secure_cookie
boolean option which enables "secure" cookies, working only under https
.X-Content-Type-Options: nosniff
header.X-Frame-Options
header.enable_duplicate_slugs
option is set to false
.basePath
.Published by buger over 7 years ago
management_node
boolean configuration option. When turned on, it will exclude the node from distributed rate limiter./tyk/api
endpoint, used for managing APIs, now can be accessed without trailing slash to avoid confusion.disable_parallel_sessions
boolean configuration option. When turned on it allows only one active dashboard session. When a user logs in, all of their other active sessions are automatically logged out.Published by buger over 7 years ago
This version is a patch update and fully backwards compatible with other 2.3 releases. We recommend upgrading to this version for improved stability:
This version will work with the latest version of Tyk Dashboard, no changes are required.
Changelog for v2.3.3
This is a patch release to beef up security of dashboard users and fix some security concerns with the users API.
Changelog:
Added more verbose password rules for user creation, it is now possible to use the password.json schema in the tyk dashboard schemas/ directory to set complex
Example of password.json with full validation:
{
"title": "User password schema",
"type": "string",
"minLength": 6,
"multiCase": true,
"minNumeric": 2,
"minSpecial": 2,
"disableSequential": true
}
The users API will no longer expose the password hash as part of the call, this aplies to both portal and dashboard users.
Published by buger over 7 years ago
http_server_options.skip_url_cleaning
option to allow having double slashes in URL. Fixes #340tyk-hybrid-docker
container: ensure the docker container always restarts https://github.com/TykTechnologies/tyk-hybrid-docker/issues/1
--httpprof
command line option to enable standard HTTP Go profiler, eg: /debug/pprof/
#392Published by lonelycode about 8 years ago
Fixes a load balancer issue
Published by lonelycode over 8 years ago
xml
int he transforms section and create your template the same way you would for JSON.For this XML:
<?xml version="1.0" encoding="utf-8"?>
<servers version="1">
<server>
<serverName>Shanghai_VPN</serverName>
<serverIP>127.0.0.1</serverIP>
</server>
<server>
<serverName>Beijing_VPN</serverName>
<serverIP>127.0.0.2</serverIP>
</server>
</servers>
And this Template:
{
{{range $x, $s := .servers.server}} "{{$s.serverName}}": "{{$s.serverIP}}"{{if not $x}},{{end}}
{{end}}
}
You get this output:
{
"Shanghai_VPN": "127.0.0.1",
"Beijing_VPN": "127.0.0.2"
}
Added request method transform: This is very simple at the moment, and only chagnes the type of method, it does not data massaging, to enaqble, add to your extended paths:
method_transforms: [
{
path: "post",
method: "GET",
to_method: "POST"
}
],
Out of the box, tyk will ship with HA settings enabled where possible (this means using the new non-transactional rate limiter)
Added a new concept called "Partitioned Policies", with policies that are partitioned, only sections of the policy will be applied to the underlying token so that tokens can be generated with a dynamic ACL, but still subscribe to a fixed quota and rate limit level. THIS MEANS THAT THE TOKEN MUST HAVE A FULL SET OF ACL RULES AND QUOTAS BEFORE USING AND PARTITIONED POLICIES ARE NOT SUITABLE FOR PORTAL USE.
Add the following section to the policy object:
"partitions": {
"quota": false,
"rate_limit": false,
"acl": false
}
Then set the partitions that you want to overwrite to "true", the partitions that are marked as true will then be applied to the token instead of the full policy.
/
), and try to pull all form-related data (url-form-encoded or query string params) and put them into a context variable that is available to other middleware. Currently this is only integrated with the body transform middleware as _tyk_context
. To enable set "enable_context_vars": true
in the API Definition. Transform sample:Path: {{._tyk_context.path}}
Path Elements:
{{ range $i, $v := ._tyk_context.path_parts }}
--> {{$v}}
{{ end }}
Form/QueryString Data: {{._tyk_context.request_data}}
Token: {{._tyk_context.token}}
$tyk_context.
namespacePublished by lonelycode over 8 years ago
This is a mini-release that integrates the email driver changes to support more email back ends such as SendGrid, Mailgun and Amazon SES:
SendGrid
"email_backend": {
"enable_email_notifications": true,
"code": "sendgrid",
"settings": {
"ClientKey": "KEY"
},
"default_from_email": "[email protected]",
"default_from_name": "A guy at a place"
},
MailGun
"email_backend": {
"enable_email_notifications": true,
"code": "mailgun",
"settings": {
"Domain": "KEY",
"PrivateKey": "KEY",
"PublicKey": "KEY"
},
"default_from_email": "[email protected]",
"default_from_name": "A guy at a place"
},
AmazonSES
"email_backend": {
"enable_email_notifications": true,
"code": "amazonses",
"settings": {
"Endpoint": "Endpoint",
"AccessKeyId": "Access-key",
"SecretAccessKey": "KEY"
},
"default_from_email": "[email protected]",
"default_from_name": "A guy at a place"
},
Published by lonelycode almost 9 years ago
This is a security release to address CVE-2015-8618
Updates are available via our package repository as usual for easy upgrade an installation. Tarballs attached to this release.
Changelog:
Upgrade Notes:
Should be an in-place upgrade, no changes necessary.