tyk

Tyk Gateway

Added

• Added a new enable_distributed_tracing to the NewRelic config to enable support for Distributed Tracer

Fixed

• Fixed panic when JWK method was used for JWT authentication and the token didn't include kid.
• Fixed an issue where failure to load GoPlugin middleware didn’t prevent the API from proxying traffic to the upstream; now Gateway logs an error when the plugin fails to load (during API creation/update) and responds with HTTP 500 if the API is called. At the moment fixed only for file based plugins.
• Fixed MutualTLS issue causing leak of allowed CAs during TLS handshake when there are multiple mTLS APIs
• Fixed a bug during hot reload of Tyk Gateway where APIs with JSVM plugins stored in filesystem were not reloaded.
• Fixed a bug where the gateway would remove the trailing /at the end of a URL
• Fixed a bug where nested field-mappings in UDG weren't working as intended
• Fixed a bug when using Tyk OAuth 2.0 flow on Tyk Cloud where a request for an Authorization Code would fail with a 404 error.
• Fixed a bug where mTLS negotiation could fail when there are a large number of certificates and CAs; added an option (http_server_options.skip_client_ca_announcement) to use the alternative method for certificate transfer.
• Fixed CVE issue with go.uuid package
• Fixed a bug where rate limits were not correctly applied when policies are partitioned to separate access rights and rate limits into different scopes.
• Fix the problem that certificate updates are not propagated to edge gateways in rpc mode

Tyk Dashboard

Added

• Improved security for people using the Dashboard by adding the Referrer-Policy header with the value no-referrer.

Fixed

• Fixed a bug where a call to the /hello endpoint would unnecessarily log http: superfluous response.WriteHeader call.
• Fixed a bug where the Dashboard was showing Average usage over time for all Developers, rather than just those relevant to the logged in developer.
• Fixed a bug where logged in users could see Identity Management pages, even if they didn't had the rights to use these features.
• Fixed a bug that prevented Tyk Dashboard users from resetting their own passwords.
• Fixed issue with GraphQL proxy headers added via UI
• Fixed a bug where the Dashboard would not allow access to any screens if a logged in user didn’t have access to the APIs resource regardless of other access rights.
• Fixed a bug on the key management page where searching by key_id did not work - you can now initiate the search by pressing enter after typing in the key_id.
• Fixed a bug where Dashboard API could incorrectly return HTTP 400 when deleting an API.
• Fixed a bug where the left menu did not change when Dashboard language was changed.
• Fixed a bug that caused the Dashboard to report errors when decoding multiple APIs associated with a policy.
• Fixed a bug where it was not possible to disable the Use Scope Claim option when using JWT authentication
• Fixed a bug in the default OPA rule that prevented users from resetting their own password
• Fixed a bug where authToken data was incorrectly stored in the JWT section of the authentication config when a new API was created

Tyk Gateway 4.3.4

Fixed

• Tyk returns wrong error code when websocket upstream respond with error

Tyk Gateway 5.0.0

https://tyk.io/docs/release-notes/version-5.0/

Tyk Dashboard 5.0.0

https://tyk.io/docs/release-notes/version-5.0/

Tyk Gateway 4.3.3

Fixed

• Tyk cache response headers (x-tyk-cached-response) are now logged in the analytics data.
• Fixed a bug where JSON validation middleware were not loading schema in distributed data plane (worker) gateways.
• Fixed an issue which allowed user to open multiple GQL subscription from Postman with the same "id" and made it impossible later to close them all. It is now only possible to open one subscription with a certain "id".
• Fixed a bug where organization level rate limits were not honored due to the session add/update operation not correctly updating last_updated field.
• Fixed OASAPI typo on the Gateway Swagger document.

Changed

• Docker: removing the curl package from the docker image to resolve a CVE issue.
• Worker Gateway now can work without group id

Tyk Dashboard 4.3.3

Fixed

• Fixed an issue in the API editor where the cursor randomly jumped to the end of the editor window when accepting auto-correct suggestions

Changed

• Updated text and corrected link on license renewal page, to reflect latest changes.

Tyk Gateway 4.0.12

Fixed

• Tyk cache response headers (x-tyk-cached-response) are now logged in the analytics data.
• Fixed a bug where JSON validation middleware were not loading schema in distributed data plane (worker) gateways.
• Fixed an issue which allowed user to open multiple GQL subscription from Postman with the same "id" and made it impossible later to close them all. It is now only possible to open one subscription with a certain "id".
• Fixed a bug where organization level rate limits were not honored due to the session add/update operation not correctly updating last_updated field.

Changed

• Docker: removing the curl package from the docker image to resolve a CVE issue.

Tyk Dashboard 4.0.12

Fixed

• Added a drop down to the API name column in the list of APIs. The dropdown contains two buttons that sort the list of APIs in ascending or descending alphabetical (ASCII) order.

Changed

• Updated text and corrected link on license renewal page, to reflect latest changes.