Tyk Gateway 4.2.4

Fixed

• Fixed chaining APIs from external API with Tyk native API definition to internal API with Tyk OAS API definition.
• Fixed memory allocations overheads causing OOM issues in restricted memory environments
• Fixed gateway crash when bad user input is passed in query variables for GraphQL

Tyk Dashboard 4.2.4

Fixed

• Fixed portal developer search by partial text not returning developers list.
• Fixed portal developer search by email not returning portal developer.
• Fixed a limitation where API definitions were not “backwards portable” from newer to older versions of the Tyk Gateway

Tyk Gateway 4.0.9

Fixed

• Fixed chaining APIs from external API with Tyk native API definition to internal API with Tyk OAS API definition.
• Fix memory allocations overheads causing OOM issues in restricted memory environments

Tyk Dashboard 4.0.9

Fixed

• Fixed portal developer search by partial text not returning developers list.
• Fixed portal developer search by email not returning portal developer.
• Fixed a limitation where API definitions were not “backwards portable” from newer to older versions of the Tyk Gateway

Tyk Gateway 4.2.3

Fixed

• No code changes, version bump to keep release numbers aligned

Tyk Dashboard 4.2.3

Fixed

• Fixed an issue where login to the dashboard with empty username was possible.
• Fixed an issue where login to the portal with empty username was possible.

Tyk Gateway 4.0.8

Fixed

• Fixed panic while proxying traffic to internal API.

Tyk Dashboard 4.0.8

Fixed

• Fixed an issue where login to the dashboard with empty username is prevented.
• Fixed an issue where login to the portal with empty username is prevented.

Tyk Gateway 4.2.2

Fixed

• Fixed memory leaks during API reloads when using JSVM
• Fixed an issue where Response Headers deleted by a custom plugin are still received by the downstream
• Fixed an issue where the key quota stored in the MDCB worker cluster would be reset if an un-hashed key was updated via the Dashboard
• Fixed an issue where the tyk bundle command would incorrectly return an error when trying to sign custom plugin bundles
• Improved the performance of MDCB deployments when no Organisation Quota is configured in the controller/management GW

Tyk Dashboard 4.2.2

Fixed

• Fixed an issue where the security.private_certificate_encoding_secret did not default to the expected value
• Fixed an issue where the Dashboard would throw an error if the TYK_DB_HTTPSERVEROPTIONS_CERTIFICATES environment variable was not set
• Fixed API Name not found in log browser when using SQL for storage.

Tyk Gateway 4.0.7

Fixed

• Fixed memory leaks during API reloads when using JSVM
• Fixed an issue where Response Headers deleted by a custom plugin are still received by the downstream
• Fixed an issue where the key quota stored in the MDCB worker cluster would be reset if an un-hashed key was updated via the Dashboard
• Fixed an issue where the tyk bundle command would incorrectly return an error when trying to sign custom plugin bundles
• Improved the performance of MDCB deployments when no Organisation Quota is configured in the controller/management GW

Tyk Dashboard 4.0.7

Fixed

• Fixed an issue where the security.private_certificate_encoding_secret did not default to the expected value
• Fixed an issue where the Dashboard would throw an error if the TYK_DB_HTTPSERVEROPTIONS_CERTIFICATES environment variable was not set
• Fixed API Name not found in log browser when using SQL for storage.

Tyk Gateway v3.1.3

Fixed

• Fixed expiration issue for redis key used for analytics storage

Tyk Gateway 4.2.1

Fixed

• Fixed using environment variable to allow definition of ports_whitelist
• Fixed caching of responses with Transfer-Encoding set to "chunked"
• Fixed raw log analytics for responses with Transfer-Encoding set to "chunked"
• Fixed an issue where the Gateway would panic if you attempt to use JS plugins with disabled JSVM
• Fixed an issue where MDCB would automatically propagate keys to all workers if updated in the controller gateway; this meant that users were unable to constrain keys to specific data centres/worker clusters
• Fixed an issue with the calculation of TTL for keys in an MDCB deployment such that TTL could be different between worker and controller gateways
• Fixed an issue where due to incorrect validation of certificates, a defect in the client_certificates list allowed any certificate to be used against MTLS API.

Changed

• The cookie and query param auth sources are now enabled only if flags set to true and no longer rely on param_name and cookie_name being non empty.

Tyk Dashboard 4.2.1

Fixed

• Adding APIs with Swagger doesn't correctly combine basePath and API paths
• Fixed URL Rewrite advanced triggers in Endpoint Designer
• Fixed Dashboard UI permissions screen - now correctly the user permissions for "Identity management" and "Real-time notifications".
• Fix case sensitive email duplication checks, Dashboard now check emails case insensitive.
• Fix SMTP driver did not offering text/html multipart as preferred content for MIME enabled email clients
• Fixed a front-end issue where a dashboard graph of API endpoints didn’t populate on activity, due to issuing a GET request rather than POST.

Tyk Gateway 4.0.6

Fixed

• Fixed using environment variable to allow definition of ports_whitelist
• Fixed caching of responses with Transfer-Encoding set to "chunked"
• Fixed raw log analytics for responses with Transfer-Encoding set to "chunked"
• Fixed an issue where the Gateway would panic if you attempt to use JS plugins with disabled JSVM
• Fixed an issue where MDCB would automatically propagate keys to all workers if updated in the controller gateway; this meant that users were unable to constrain keys to specific data centres/worker clusters
• Fixed an issue with the calculation of TTL for keys in an MDCB deployment such that TTL could be different between worker and controller gateways
• Fixed an issue where due to incorrect validation of certificates, a defect in the client_certificates list allowed any certificate to be used against MTLS API.

Changed

• The cookie and query param auth sources are now enabled only if flags set to true and no longer rely on param_name and cookie_name being non empty.

Tyk Dashboard 4.0.6

Fixed

• Adding APIs with Swagger doesn't correctly combine basePath and API paths
• Fixed URL Rewrite advanced triggers in Endpoint Designer
• Fixed Dashboard UI permissions screen - now correctly the user permissions for "Identity management" and "Real-time notifications".
• Fix case sensitive email duplication checks, Dashboard now check emails case insensitive.
• Fix SMTP driver did not offering text/html multipart as preferred content for MIME enabled email clients
• Fixed a front-end issue where a dashboard graph of API endpoints didn’t populate on activity, due to issuing a GET request rather than POST.

Fixed

• Fixed an issue where the Gateway would not create the circuit breaker events (BreakerTripped and BreakerReset) for which the Tyk Dashboard offers webhooks
• Fixed an issue where GraphQL subscriptions could fail, if keep alive message was received before acknowle message.
• Fixed an issue where Gateway could panic and crash when receiving a malformed subscription with WSS protocol

Tyk Gateway v4.0.4

Added

• Requests to listen paths without trailing slash will no longer match with the closest listen path configured when http_server_options.enable_strict_routes or environment variable TYK_GW_HTTPSERVEROPTIONS_ENABLESTRICTROUTES is set to be true.
• Add new config flag to define the hashing algorithm to be used for HTTP Basic Auth, the default continues to be “bcrypt”, users can now choose a less CPU-intensive hashing algorithm, by setting basic_auth_hash_key_function to bcrypt, sha256 or murmur64, murmur128. This is a backward compatible change with default being bcrypt.

Fixed

• Fix panic in gateway with incorrect value being set to context which blocked proxy traffic if enforce_org_data_detail_logging is enabled

Tyk Gateway v3.0.12

Fixed

• Fix issue with key object growth when multiple policies with path based rules are used
• Fixed issue with mutual TLS, when there are multiple APIs with the same domain, and some APIs has mTLS and some not.
• Pinpoint version of protobuf package in Docker images, to ensure that it will work with Python 3.7/3.9

Tyk Gateway v4.0.3

Fixed

• Strip listen path option works as expected now if configured, even if there are path parameters defined using regex.
• Fixed a bug where the Tyk Gateway could return 401 errors when using multiple APIs with same domain and different mTLS rules in an MDCB deployment.
• Fixed a bug where in certain circumstances MDCB worker gateways ignore the allow_explicit_policy_id setting, resulting in "policy not found" errors.
• Fixed an issue where users were not able to introspect GraphQL APIs managed by Tyk

Tyk Dashboard v4.0.3

Fixed

• Fixed an issue where users were not able to highlight and delete text in Data Source URL field while configuring UDG
• Fixed a problem with long Data Source URL overflowing the URL field corder in UDG config page

Tyk Gateway v4.0.2

Added

• Added support for custom plugins using Python 3.9.

Changed

• Updated the version of Debian in our gateway standard and hybrid Docker images, in order to address the identified CVEs.

Fixed

• Policy object has been optimised in size, by reducing the number of duplicate data in its data structure. Fixed the methods field in the policy object to not contain duplicate http method values.
• Fixed Gateway panic, when creating an organisation level API key.
• Fixed a bug where in hashed environemnt, in MDCB worker node, full key Id was exposed in the Redis DB

Tyk Dashboard v4.0.2

Added

• Added new Dashboard configuration option: security.hide_login_failure_limit_error, which hides the login retry attempts failure message "Retry in N seconds", as exposing the number of seconds can be seen as a vulnerability.

Changed

• Replaced the REST word with HTTP on the API Creation screen, as the API definition resulted can describe different types of API structures and not only REST (i.e. TCP)

Fixed

• Fixed the request of changing the CNAME for the developer portal, from within the Dashboard. Previously this action was returning a 404 http code, which prevented the change of the CNAME.
• Fixed the leakage of Dashboard admins password history (only bcrypt hashes), when security.enforce_password_history configuration option was enabled.
• Fixed an issue where the usage of an object placeholder (e.g. {{.object.name}}) won't remove the quotes of a string in UDG resulting in undesired behavior like in URL paths /user/"johndoe"
• Fixed some displaying issues of the API listing table with some of them related to shrinking the viewport.

Tyk Gateway 4.0.1

• Tags that are configured on the api spec are now forwarded to an analytics record that can be used with the data pump.
• Added new use_param and param_name fields to the auth token signature configuration, in order to be able to pass the signature as a query parameter.
• Improved JWT Error messages response to prevent leaking information in case of wrong signing method. This will return generic error message as API response, but in logs it will be still fully visible error.
• Fixed support of GraphQL @extends directive alongside “extend” keyword - both provide the same behaviour when used
• Added a parameter disable_query_batching in API definition that controls if federation uses batching for GQL queries or not - users can choose if they want the queries to be executed with batching or not (this is connected to solving N+1 problem in federation)
• UDG Proxy config generator now supports union types
• Fixed behaviour of SSE stopping to work when websockets are enabled.
• Fixed unexpected behavior for grpc/coprocess middleware, where the request body sent from the client is not received in the grpc/coprocess application.
• Fixed invalidating cache through gateway API
• Fixed issue when client certificates enabled auth token mode, when key ID is passed as authorization header client certificate checking should work without needing to append client certificate to the request.
• Fixed same Go plugins to be referenced in multiple APIs
• Log body is now properly displayed, when enable_detailed_recording is on and 'Transfer-Encoding: chunked' is set.
• Fixed the auth data not being stripped from cookie although stripping auth data is enabled when cookie name is custom.
• Fixed an issue where GraphQL Federation was crashing gateway during performance testing
• Improved handling of optional query parameters in REST data sources, so that correct configuration is possible via GUI, not only via manual manipulation of API definition
• A GraphQL field selected by the user on an interface type is no longer ignored and is sent to the upstream
• GraphQL Engine will now correctly validate nested object variables instead of ignoring them
• Fixed an issue with templating syntax for UDG REST data sources in UDG which wasn’t working due to regression defect
• Fixed issues in the LocalTypeFieldExtractor GetAllNodes
method in graphql-go-tools which improved performance of the code and library
• Fixed an issue which was causing supergraph schema to be created incomplete when user was using @extends directive for a type that was not defined in any other subgraph
• Fixed an issue where sending arrays as variable for input types was not working
• Fixed an issue where GraphQL query failed to leave Tyk when it contained optional variables that had no value provided - it now works with a missing value or a value null
• Fixed an GraphQL issue where panic was occurring while gateway was accessing union and interface types
• Changed the way websocket connections are opened for GraphQL subscriptions - for multiple subscriptions from a single downstream just one connection is opened, for subscriptions with different auth headers separate connections are opened
• Body transformation templates now has access to new functions http://masterminds.github.io/sprig/
• Fixed concurrency issue where the wrong session object is returned when policies are applied, causing the Gateway to report an 403 error on first call
• Fixed an issue where sometimes the Gateway on first start would fail to load a certificate from Redis
• Fixed certificate revoking the in MDCB environment
• Fixed an issue where the Gateway would throw an error when you attempt to load a Python plugin with multiple modules
• Fixed an issue building Golang auth plugins

Tyk Dashboard 4.0.1

• Fixed the Oauth clients page in the Dashboard UI to render properly.
• Fixed error when creating APIs while using CosmosDB
• Fixed polices to be visible in Dashboard UI when using CosmosDB
• Fixed the dashboard license update via API when the existing license is expired.
• Fixed an issue with finding existing keys via key lookup - it is now possible to find previously created keys
• Fixed UI popups which show full Key ID
• Fixed an issue where UDG UI could cause an infinite loop and eventually app crash
• Fixed an issue that prevented users from deleting newly created UDG schema objects via GUI
• Fixed an issue where “Upstream protected” checkbox was visible for REST/TCP/Federation API types
• Fixed an issue where key search by substring in the UI stopped working after switching to graphQL query
• Fixed an issue where the Dashboard reported an error when trying to retrieve last login date for an SSO user due to Tyk not storing temporary users in its database

Tyk Gateway v3.0.11

• Fixed performance issue causing growth of Redis calls when using mutual TLS in MDCB environment #3983
  Increase time for in-memory certificate cache to 1 hour. Configurable via slave_options.rpc_cert_cache_expiration
• Fixed issue causing 403 errors on the first call if Key not found in local worker cluster cache, when using MDCB environment https://github.com/TykTechnologies/tyk/pull/3993

Tyk Gateway 3.0.10

• Fixed loading of Go plugins (and compilation), when using third party libraries

Tyk Gateway 3.2.3

• Fixed loading of APIs when dealing with large amount (>2000 APIs)

• For Hybrid Gateways added a way to configure interval for synchronizing analytics data: analytics_config.purge_interval. Default 10 seconds.

• Fixed getting and setting session inside Go plugins

• Fixed loading same Go plugin bundle for Multiple APIs

• Go plugin compiler now accepts second argument which allow setting plugin ID: `<plugin_name> <plugin_id>.

  Go plugin "unique" names are based on file names. E.g. two plugins called "plugin.so" will look like the same plugin from Tyk point of view. You need need to use unique names for different plugins, or with new change, use new optional plugin_id argument, to specify plugin unique ID. Like this: docker run --rm -v pwd:/plugin-source tykio/tyk-plugin-compiler:v3.2.3 plugin.so my_unique_plugin

Tyk Dashboard 3.2.3

• Improved SAML SSO compatibility with some servers
• Fixed SAML vulnerability CVE-2020-29509
• GraphQL: fixed selecting fields on interfaces types
• Developer Portal: Fixed issue when Developers logged via SSO can loose keys section from the UI screen
• Developer Portal: Fixed Dynamic Client Registration flow when Using Authorization Code with PKCE workflow
• Developer Portal: Now it is not possible to change developer email via developer portal (Admin UI still allows it).

Our next major release is here!

End-to-end support for your enterprise GraphQL journey through Tyk’s Federated gateway, bringing Federated Subscriptions for the first time on any APIM platform, and supporting PostgreSQL for your data management needs!

Read full annoucement and release notes
https://tyk.io/releases/v4-0/
https://tyk.io/docs/release-notes/version-4.0/