Gateway 2.6.2
- Fixed XML → JSON transform bug when using mocks bug: XML -> JSON transform on a mocked xml response. · Issue #1729 · TykTechnologies/tyk · GitHub
- Fixed request body transform when input is JSON Request body transform not working if input is JSON · Issue #1751 · TykTechnologies/tyk · GitHub
- Fixed white-listing when it is used in combination with header modification Whitelists let through unwhitelisted methods when used with other middleware · Issue #1732 · TykTechnologies/tyk · GitHub
- Improve Gateway stability when dashboard is not available A failed API response from the dashboard can stop gateway routing correctly · Issue #1725 · TykTechnologies/tyk · GitHub
- Fixed co-process auth plugin panic when session is set but token is empty Coprocess auth panics if session is set but token is empty · Issue #1739 · TykTechnologies/tyk · GitHub
- Added option to disable JWT date claims validation using following API definition options:
jwt_disable_issued_at_validation,jwt_disable_expires_at_validation,jwt_disable_not_before_validationJWT validation error: Token is not valid yet - Unable to cope with distributed system clock skew · Issue #1670 · TykTechnologies/tyk · GitHub - Fixed API deletion not being propagated to Gateways for Hybrid users Hybrid: deletes of API def in cloud, do not get pushed to gateways · Issue #1530 · TykTechnologies/tyk · GitHub
- Respond with HTTP 403 code on JWT expired date validation errors, instead of 401 JWT `exp` claim errors incorrect · Issue #1243 · TykTechnologies/tyk · GitHub
- Fixed certificate pinning if Proxy is used (only global
*scope is supported) Certificate pinning does not work if Proxy is used · Issue #1717 · TykTechnologies/tyk · GitHub - Do not ask client for TLS certificate unless one of APIs in the current scope requires it. Should fix bug with showing browser certificate selection popup when accessing Tyk API using web browser. If Tyk configured to terminate SSL, and tyk service accessed using web browser it shows client certificate window · Issue #1381 · TykTechnologies/tyk · GitHub
- Fixed setting log level via
log_levelconfig variable Setting log level via config does not work · Issue #1716 · TykTechnologies/tyk · GitHub - Fixed
strip_authwhen key param is enabled Strip_auth doesn't strip key when key param is enabled · Issue #1417 · TykTechnologies/tyk · GitHub - Added minimum key length check via new
min_token_lengthvariable (default is 3) Tyk Gateways Allows Invalid 3 Character Authorization Tokens · Issue #1681 · TykTechnologies/tyk · GitHub - Fixed mutual TLS key authorization when it appends org ID multiple times bug: mutual-tls auth mode appends organization_id twice · Issue #1685 · TykTechnologies/tyk · GitHub
- Fixed “do not track” middleware Do not track plugin does not work as expected · Issue #1610 · TykTechnologies/tyk · GitHub
Dashboard 1.6.2
- No longer modifies slug when changing listen path
- Redirects to certificate page when uploading new certificate, instead of redirecting to listing page
- Fixed Portal login for developers with high amount of subscriptions (>10)
- Fixed password validation on developer password reset form
- Fixed password validation on developer edit profile form
- Fixed domain specific certificate pinning
- Disabled fields on user form if current logged in user has no “edit” permission
- Fixed Eureka service discovery template
- Fixed listen path URL validation if it contains
(or)symbols - Allowed query string params when specifying uptime test URL
- Allowed wildcard URLs in CORS settings
- No longer automatically log in new developers when login is disabled
- Fixed policy selection screen for OIDC auth mode
- Fixed HMAC checkbox not being checked when HMAC is enabled
Pump 0.5.3
- Fixed issues with slow log browser by automatically creating proper indexes Add log browser index to analytics collections · Issue #74 · TykTechnologies/tyk-pump · GitHub
MDCB 1.5.4
- Fixed API deletion event not being propagated to Gateways