A fast, lightweight and more productive microservices framework
APACHE-2.0 License
Bot releases are visible (Hide)
Published by stevehu over 2 years ago
Merged pull requests:
Upgrade Guidelines:
The following middleware handlers have been changed in this release and the config file needs to be updated to leverage the new features.
For this release, we have set the default value to true for allowDefaultValueEmpty so that an empty value can be used in the template for other config files.
# For some configuration files, we have left some properties without default values as there
# would be a negative impact on the application security. The following config will ensure that
# null will be used when the default value is empty without stopping the server during the start.
allowDefaultValueEmpty: true
The errorCode is newly added to allow the users to customize the error response if the request is dropped. By default, code 503 is returned.
# If the rate limit is exposed to the Internet to prevent DDoS attacks, it will return 503
# error code to trick the DDoS client/tool to stop the attacks as it considers the server
# is down. However, if the rate limit is used internally to throttle the client requests to
# protect a slow backend API, it will return 429 error code to indicate too many requests
# for the client to wait a grace period to resent the request. By default, 503 is returned.
errorCode: ${limit.errorCode:503}
This file is changed a lot so that we can set up the encoders for both body and header separately.
---
# Sanitize request for cross-site scripting during runtime
# indicate if sanitizer is enabled or not
enabled: ${sanitizer.enabled:false}
# if it is enabled, the body needs to be sanitized
bodyEnabled: ${sanitizer.bodyEnabled:true}
# the encoder for the body. javascript, javascript-attribute, javascript-block or javascript-source
# There are other encoders that you can choose depending on your requirement. Please refer to site
# https://github.com/OWASP/owasp-java-encoder/blob/main/core/src/main/java/org/owasp/encoder/Encoders.java
bodyEncoder: ${sanitizer.bodyEncoder:javascript-source}
# pick up a list of keys to encode the values to limit the scope to only selected keys. You can
# choose this option if you want to only encode certain fields in the body. When this option is
# selected, you can not use the bodyAttributesToIgnore list.
bodyAttributesToEncode: ${sanitizer.bodyAttributesToEncode:}
# pick up a list of keys to ignore the values encoding to skip some of the values so that these
# values won't be encoded. You can choose this option if you want to encode everything except
# several values with a list of the keys. When this option is selected, you can not use the
# bodyAttributesToEncode list.
bodyAttributesToIgnore: ${sanitizer.bodyAttributesToIgnore:}
# if it is enabled, the header needs to be sanitized
headerEnabled: ${sanitizer.headerEnabled:true}
# the encoder for the header. javascript, javascript-attribute, javascript-block or javascript-source
# There are other encoders that you can choose depending on your requirement. Please refer to site
# https://github.com/OWASP/owasp-java-encoder/blob/main/core/src/main/java/org/owasp/encoder/Encoders.java
headerEncoder: ${sanitizer.headerEncoder:javascript-attribute}
# pick up a list of keys to encode the values to limit the scope to only selected keys. You can
# choose this option if you want to only encode certain fields in the body. When this option is
# selected, you can not use the headerAttributesToIgnore list.
headerAttributesToEncode: ${sanitizer.headerAttributesToEncode:}
# pick up a list of keys to ignore the values encoding to skip some of the values so that these
# values won't be encoded. You can choose this option if you want to encode everything except
# several values with a list of the keys. When this option is selected, you can not use the
# headerAttributesToEncode list.
headerAttributesToIgnore: ${sanitizer.headerAttributesToIgnore:}
router.yml
The router config in egress-router has been changed to add the query parameter for service_id and URL rewrite rules.
# support serviceId in the query parameter for routing to overwrite serviceId in header routing.
# by default, it is false and shouldn't be used unless you are dealing with a legacy client that
# doesn't support header manipulation. Once this flag is true, we are going to overwrite the header
# service_id derived with other handlers from the prefix, path, endpoint etc.
serviceIdQueryParameter: ${router.serviceIdQueryParameter:false}
# URL rewrite rules, each line will have two parts: the regex pattern and replace string separated
# with a space. The light-router has service discovery for host routing, so when working on the
# url rewrite rules, we only need to create about the path in the URL.
# Test your rules at https://www.freeformatter.com/java-regex-tester.html#ad-output
urlRewriteRules: ${router.urlRewriteRules:}
Published by stevehu almost 3 years ago
Merged pull requests:
Upgrade Guidelines:
This is a release with some bug fixes and enhancements. It is backward compatible with the 1.6.36 release. For all the changes for the entire platform, please refer to https://trello.com/b/189msq9S/release-schedule
Published by stevehu about 3 years ago
Merged pull requests:
Upgrade Guidelines:
This is a release with some bug fixes and enhancements. It is backward compatible with the 2.0.31 release. For all the changes for the entire platform, please refer to https://trello.com/b/189msq9S/release-schedule
Published by stevehu about 3 years ago
Merged pull requests:
Published by stevehu about 3 years ago
Merged pull requests:
Upgrade Guidelines:
This is a release with some bug fixes and enhancements. It is backward compatible with the 2.0.29 release. For all the changes for the entire platform, please refer to https://trello.com/b/189msq9S/release-schedule
Published by stevehu about 3 years ago
Merged pull requests:
Upgrade Guidelines:
This is a release with some bug fixes and enhancements. It is backward compatible with the 2.0.28 release. For all the changes for the entire platform, please refer to https://trello.com/b/189msq9S/release-schedule
Published by stevehu over 3 years ago
Merged pull requests:
Upgrade Guidelines:
This is a release with some bug fixes and enhancements. It is backward compatible with the 2.0.27 release. For all the changes for the entire platform, please refer to https://trello.com/b/189msq9S/release-schedule
Published by stevehu over 3 years ago
Merged pull requests:
Upgrade Guidelines:
This is a release with some bug fixes and enhancements. It is backward compatible with the 2.0.26 release. For all the changes for the entire platform, please refer to https://trello.com/b/189msq9S/release-schedule
Published by stevehu over 3 years ago
Published by stevehu over 3 years ago
Merged pull requests:
Upgrade Guidelines:
This is a release with some bug fixes and enhancements. It is backward compatible with the 2.0.24 release. For all the changes for the entire platform, please refer to https://trello.com/b/189msq9S/release-schedule
Published by stevehu over 3 years ago
Merged pull requests:
Upgrade Guidelines:
This is a release with some bug fixes and enhancements. It is backward compatible with the 2.0.23 release. Along with the PRs above, we have upgraded Undertow to 2.2.4.Final and json-schema-validator to 1.0.49.
For all the changes for the entire platform, please refer to https://trello.com/b/189msq9S/release-schedule
Published by stevehu over 3 years ago
Merged pull requests:
Upgrade Guidelines:
This is a release with some bug fixes and enhancements. It is backward compatible with the 1.6.31 release. Along with the PR above, we have upgraded Undertow to 2.2.4.Final and json-schema-validator to 1.0.49.
For all the changes for the entire platform, please refer to https://trello.com/b/189msq9S/release-schedule
Published by stevehu over 3 years ago
Merged pull requests:
Upgrade Guidelines:
This is a release with some bug fixes and enhancements. It is backward compatible with the 1.6.30 release except for the following.
For all the changes for the entire platform, please refer to https://trello.com/b/189msq9S/release-schedule
Published by stevehu over 3 years ago
Merged pull requests:
Upgrade Guidelines:
This is a release with some bug fixes and enhancements. It is backward compatible with the 1.6.30 release except for the following.
For all the changes for the entire platform, please refer to https://trello.com/b/189msq9S/release-schedule