Release notes: https://tyk.io/docs/release-notes/version-2.8/

Tyk Gateway 2.7.7:

• Handle Redis timeouts. Configurable via storage.timeout.
• Fix Redis initialization if event handlers are defined in tyk.conf
• Fix requests with Content-Type application/x-www-form-urlencoded when JSVM plugins are used
• Cache failed org keys lookups for MDCB installations

Tyk Dashboard 1.7.6:

• Handle Redis timeout. Configurable via storage.timeout.
• Fix reset cache functionality, when Gateway use a self-signed certificate
• Allow existing dashboard users during SSO lookup. Set sso_enable_user_lookup to true enable.
• Fix event handler duplication
• Content Security Policy support. To enable, set security.enable_content_security_policy to true and extend security.allowed_content_sources with list of allowed sources (space separated string).
• Fix saving event handlers
• Fixed hashed key removal
• Fixed UI for service discovery
• Fixed oAuth analytics endpoint
• By default, for charts, show number of requests instead of latency

Tyk Gateway 2.7.6

• Fixed dynamic SSL certificates behavior

Tyk Dashboard 1.7.5

• Fix issues with managing basic auth keys
• Fixed API validation issues

Tyk Gateway 2.7.5

• Allow dynamic certificate loading for APIs with custom domains. Added new API definition field certificates, which is a string array, accepting certificate IDs or certificate paths. Once set, Gateway will dynamically load certificates, without restarting the process.
• HMAC plugin now support all of the following algorithms: “hmac-sha1", "hmac-sha256", "hmac-sha384", "hmac-sha512”. You can limit supported algorithms by setting new API definition variable: ”hmac_allowed_algorithms”: [“hmac-sha256”].
• Fix using body transforms and virtual endpoints when method transformation is used
• Allow body transforms, e.g. template, if request or response body is empty
• Fix endpoints which path conflicts with API listen path
• Advanced URL rewriter now support matching by request context, via new request_context_matches field. Can be used for matching by IP, or JWT scope.
• Fix handling of URL rewrites based on dynamic values, which are empty.
• Add way to disable stripping slash suffix from URL using proxy.disable_strip_slash API definition boolean variable.
• Fix basic auth keys when new hashing algorithm set
• Fix logstash reconnection handling
• Add way to re-name /hello endpoint via health_check_endpoint_name option.
• HTTP clients who close the connection without reading response now marked with 499 HTTP code in analytics.
• Enforce timeout plugin now returns 504 code instead of 408
• Use murmur64 inside basic auth middleware to avoid collisions
• Fix host checker bug when it enables host before it went live.

Tyk Dashboard 1.7.4

• Add support for specifying certificates for custom domains
• Added support for URL rewrites based on context
• Allow existing Dashboard user lookup during SSO flow. Can be enabled with sso_enable_user_lookup boolean option.
• Fix key search by user name when custom hashing algorithm is used
• Dashboard bootstrap script now supports both Python 2 and 3
• Fix passwords with ‘\’ characters
• Fix corruption of API version names when updating webhooks

Tyk Gateway 2.6.4

• Fixed multiple issues related to failover of Hybrid gateways in cases when Hybird cloud layer experiencing issues. Added protection that last safe configuration should always be remembered and loaded.

Tyk Gateway 2.7.4

• Fixed multiple issues related to failover of Hybrid gateways in cases when Hybrid cloud layer experiencing issues. Added protection that last safe configuration should always be remembered and loaded.
• Gateway now should properly close connections to the Dashboard, when configured in TLS mode
• Deb and Rpm packages now include additional Tyk version compiled with Python 3.6 support. New package name: tyk-gateway-python36

Tyk Dashboard 1.7.3

• Fixed mongo connections leak

Tyk Gateway 2.7.3

• Fixed issue with Python plugins using multiple files

Tyk Gateway 2.7.2

• Added support for Redis 4 Clustering
• JWT clock skew made configurable using jwt_issued_at_validation_skew,jwt_expires_at_validation_skew and jwt_not_before_validation_skew API definition variables (values specified in seconds)
• Use JWT exp scope for session expiration, fallback to policy if not present
• During rewrites with dynamic values, like metadata or context, if key not found, value will be empty instead of metadata or context placeholder
• TLS renegotiation now supported by default, by you can turn it off using proxy_ssl_disable_renegotiation tyk.conf boolean option
• Fix crash when JSVM is disabled, but JSVM bundle is specified for API
• Issue warning on boot when secrets are default
• Fix connection to the dashboard when it is using self-signed certificate
• Allow same API to serve both HTTP and WebSockets
• Fix AuthFailed events when using auth plugins
• Fix enable_key_logging for some proxy log calls
• Fix using multiple python files in same bundle
• Fix TLS handshake error: no cipher suite supported by both client and server
• Fix policy changes not being propagated to OIDC keys
• Fix reading binary bodies in python plugins

Tyk Dashboard 1.7.2

• Added support for Redis 4 Clustering
• Now you can disable “X-Forwarded-For” header check, during login rate limiting checks, by using security.login_disallow_forward_proxy boolean option
• Fix custom auth option in Raw API editor
• Fix endpoint designer cache plugin
• Use strong mongo consistency by default
• Issue warning on boot when secrets are default
• Fix developers subscription keys, when custom hashing algorithm is used
• Fix developer portal reset url in text version of email
• Fix setting event handlers on api definition over API

Tyk Pump 0.5.4

• Added support for Redis 4 Clustering
• Added support for configuring using environmental variables using TYK_PMP_ prefix


Tyk MDCB 1.5.7

• Added support for Redis 4 Clustering

Tyk Gateway v2.5.5

• Fixed memory leak, happening when using Python-based plugins

Tyk Gateway 2.7.1

• Fix enable_key_loggin to work for all log entries
• Fix quota_remaining field for Tyk Keys API, which was also causing key quota usage not being displayed in Tyk Dashboard
• Fixed usage of nested key metadata in plugins
• Fixed JSVM plugins when used with bundle server
• Significantly improved performance of basic authorization
• Fixed default webhook template
• Add support for caching OPTIONS requests
• API rate limit now runs after token rate limit

Tyk Dashboard 1.7.1

• Users now can change their own password without “write” permissions
• oAuth clients page now does not require key permissions
• Fix activation of disabled developers
• Allow dashboard to accept port when setting portal domain
• Show request IP address in log browser
• Fix mock response plugin
• Fixed multi-auth mode, which was not saving in some combinations
• Various UX improvements
• Fix swagger import “as new version”
• Allow white-listing SSL ciphers for dashboard server, similar to the gateway, using http_server_options. cipher_suites
• Notifications websocket port now honor min version and cipher TLS settings

Tyk Gateway 2.6.3

• Fix license update issue, when in some cases during updating license, gateway stops receiving API changes

Tyk Dashboard 1.6.3

• Fix license update issue, when gateways can receive old node ids, during update window.
• Fix issue when viewing oAuth client details require Key permission. Not it should work only with oAuth permissions.

Our new major release is here!

Up to 160% performance boost, custom key hashing protocols, user groups and more!

Read full release notes: https://tyk.io/docs/release-notes/version-2.7/

Gateway 2.6.2

• Fixed XML -> JSON transform bug when using mocks https://github.com/TykTechnologies/tyk/issues/1729
• Fixed request body transform when input is JSON https://github.com/TykTechnologies/tyk/issues/1751
• Fixed white-listing when it is used in combination with header modification https://github.com/TykTechnologies/tyk/issues/1732
• Improve Gateway stability when dashboard is not available https://github.com/TykTechnologies/tyk/issues/1725
• Fixed co-process auth plugin panic when session is set but token is empty https://github.com/TykTechnologies/tyk/issues/1739
• Added option to disable JWT date claims validation using following API definition options: jwt_disable_issued_at_validation, jwt_disable_expires_at_validation, jwt_disable_not_before_validation https://github.com/TykTechnologies/tyk/issues/1670
• Fixed API deletion not being propagated to Gateways for Hybrid users https://github.com/TykTechnologies/tyk/issues/1530
• Respond with HTTP 403 code on JWT expired date validation errors, instead of 401 https://github.com/TykTechnologies/tyk/issues/1243
• Fixed certificate pinning if Proxy is used (only global * scope is supported) https://github.com/TykTechnologies/tyk/issues/1717
• Do not ask client for TLS certificate unless one of APIs in the current scope requires it. Should fix bug with showing browser certificate selection popup when accessing Tyk API using web browser. https://github.com/TykTechnologies/tyk/issues/1381
• Fixed setting log level via log_level config variable https://github.com/TykTechnologies/tyk/issues/1716
• Fixed strip_auth when key param is enabled https://github.com/TykTechnologies/tyk/issues/1417
• Added minimum key length check via new min_token_length variable (default is 3) https://github.com/TykTechnologies/tyk/issues/1681
• Fixed mutual TLS key authorization when it appends org ID multiple times https://github.com/TykTechnologies/tyk/issues/1685
• Fixed “do not track” middleware https://github.com/TykTechnologies/tyk/issues/1610

Dashboard 1.6.2

• No longer modifies slug when changing listen path
• Redirects to certificate page when uploading new certificate, instead of redirecting to listing page
• Fixed Portal login for developers with high amount of subscriptions (>10)
• Fixed password validation on developer password reset form
• Fixed password validation on developer edit profile form
• Fixed domain specific certificate pinning
• Disabled fields on user form if current logged in user has no “edit” permission
• Fixed Eureka service discovery template
• Fixed listen path URL validation if it contains ( or ) symbols
• Allowed query string params when specifying uptime test URL
• Allowed wildcard URLs in CORS settings
• No longer automatically log in new developers when login is disabled
• Fixed policy selection screen for OIDC auth mode
• Fixed HMAC checkbox not being checked when HMAC is enabled

Pump 0.5.3

• Fixed issues with slow log browser by automatically creating proper indexes https://github.com/TykTechnologies/tyk-pump/issues/74


MDCB 1.5.4

• Fixed API deletion event not being propagated to Gateways

Tyk Gateway 2.6.1

• A bug was found in the tyk-gateway 2.6.0 upstart 0.x init scripts causing installations on e.g. CentOS 6, RHEL 6 and Amazon Linux using the packages fail to start the gateway service, which fixed in this update.
• A backward incompatible change has been introduced to Tyk Gateway package version 2.6.0 in the process and directories ownership. The process is was being executed by user "tyk" and group "tyk", which must have access to the mentioned locations and will fail to work properly otherwise. Tyk Gateway 2.6.1 reverts this behavior to maintain compatibility until a properly backward compatible migration path is implemented.
• Fixed issues with distributed rate limiter when tags are used
• Added way to specify custom proxy on API level using proxy.transport.proxy_url
• Added way to specify allowed SSL ciphers and minium SSL version for upstream calls using, proxy_ssl_ciphers and proxy_ssl_min_version on global level in tyk.conf and, using proxy.transport.ssl_ciphers and proxy.transport.ssl_min_version on API level.

Tyk Dashboard 1.6.1

• Development assets for developer portal were included by mistake in tyk-dashboard 1.6.0 packages. This caused issues with slow installation/upgrade time on some systems. In addition to this, some Debian-based OS may have corrupted /var/lib/dpkg/status file. If you installed 1.6.0 before, and experience this issue, in order to fix it on a running system, please execute the following commands and upgrade to 1.6.1:

   sudo sed -i.bak '/\/opt\/tyk-dashboard\/portal\/node_modules/d' /var/lib/dpkg/status
   sudo apt-get update

• Added support for specifying API proxy and SSL options, which added in Gateway 2.6.1, via Raw API Editor,

Tyk Gateway v2.6, Dashboard v1.6 and more

Today we are releasing Tyk Gateway v2.6, Dashboard v1.6, Pump v0.5.2, MDCB v1.5.3, and TIB v0.4

Head on over to the release notes https://tyk.io/docs/release-notes/version-2.6/ to find out more about all the goodies being released.

Tyk Gateway 2.5.4

• Improve key events propagation in Hybrid and MDCB environments.
• Add access to metadata for coprocess post and post-key middleware
• Add JWT token header claims to tyk context
• Fix access to numeric JWT claims via context
• Rollback close_connections behavior, now it controls only keep-alive behavior between client and tyk. Added new proxy_close_connections to control keep-alive between tyk and upstream.
• Fixes token update when non-partitioned policies change access rights
• Fix KeyExpired events
• Fix Modify headers and URL rewrite plugins not working together
• Fix response transformations when upstream use compression
• Fix JWT when it was applying policy changes only on the second request

Tyk Dashboard 1.5.4

• Allow specifying portal port inside domain field
• Fix developer policy updates in Hybrid environments
• Improve protection over creating admin users if no permissions set

Tyk Gateway 2.5.3

• Fixed endpoints match conflicting by path but having different HTTP methods
• Fixed max_conn_time which was breaking keep-alive connections
• Upstream health checks now obey proxy_ssl_insecure_skip_verify option

Tyk Dashboard 2.5.3

• Fixed portal domain check when original port changed due to reverse proxying
• Multiple UX fixes

Tyk Gateway 2.5.2

• Fixed Hybrid/MDCB fallback functionality if RCP layer is down
• Added support for Polices backup, when using Hybird/MDCB, so now you can use oAuth/JWT APIs even if RPC layer is down.
• Added protection over potentially infinite grows of Redis analytics storage, if RPC layer or Tyk Pump goes down. Now you can configure expiration of analytics, in case if they are not processes, using analytics_config.storage_expiration_time option. The default value is 60 seconds.
• Fixed statsd instrumentation panics happening on high load
• Apply policy to the key when it requested via API
• Fixed endpoint tracking if path is empty
• TykBatchRequest Javascript function now respect proxy_ssl_insecure_skip_verify and mutual tls upstream certificates
• Caching middleware now handle Etags, if cached upstream response contained them
• Added way to force DNS cache flush, by adding new max_conn_time option
• Do not expose HTTP handler if Redis connection not established
• JSVM timeout now configurable via jsvm_timeout option
• VirtualEndpoint now respect JSVM timeout
• Support case when JWT policy modified for active token
• URL rewriter now can use $tyk_context and $tyk_meta if they contain full url
• Fixed support for Host header in $tyk_context

Tyk Dashboard 1.5.2

• Now you can manage default API version from UI
• Remove the link between API name and slug in API Designer when editing existing API
• Limit dashboard languages API to only read language files
• Lot of small UX features
• Swagger import screen now shows all available APIs
• Inactive developers should not be allowed log into the portal
• Fix portal domain validation: now it can have more than 2 dots
• Portal cookies now “httpOnly” and respect host_config.secure_cookies option

The first wave of bug fix releases is here.
Today we are releasing Tyk Gateway 2.5.1, Tyk Dashboard 1.5.1, Tyk Pump 0.5.1 and Tyk Sink 1.5.1

We found major issues in our packages across all products:

• Fixed all the packages compatibility with Upstart 0.x (tested on 0.6.5)
• Better compatibility for different Upstart installations when removing the packages
• Fixed sysvinit script arguments for the pump package
• Fixed tyk-dashboard signature for rpm packages

Note:
Certain distributions with Upstart as their init system (especially older RedHat based, e.g. CentOS6, EL6, Amazon Linux) are utilising initctl command directly instead of passing through service to manage the Upstart services. Alternatively the generic start, stop, restart, status commands may be used. We have added a separate guide on linux init systems https://tyk.io/docs/get-started/with-tyk-on-premise/

Additional fixes:

Tyk Gateway 2.5.1

• Fixed StatsD instrumentation
• Show Gateway version if override_defaults is turned on

Tyk Dashboard 1.5.1

• Make plugin accordion headers clickable
• Fixed showing HMAC secret if key created via API
• Fixed custom domain field validation
• Do not require quota reset period, when creating a key, if quota max is not specified

Tyk Gateway v2.5, Dashboard v1.5 and more

Today we are releasing Tyk Gateway v2.5, Dashboard v1.5, Pump v0.6, MDCB v1.5, and TIB v0.3.

This release brings a rejuvenated look-and-feel for the Dashboard, and some new key features such as MDCB support for Tyk Pump, TIB integration with OpenID providers for SSO, and Advanced URL rewriting functionality.

Head on over to the release notes https://tyk.io/docs/release-notes/version-2.5/ to find out more about all the goodies being released.