Hello Tyk Community!
Tyk v5.0.1 & v4.0.13 are out now! This is a patch release and has a greater focus on making our existing features better and fixing any issues related to them.
Release Notes
Fixes
Tyk Dashboard
- Fixed a bug on the key management page where searching by key_id did not work - you can now initiate the search by pressing enter after typing in the key_id.
- Fixed a bug where Dashboard API could incorrectly return HTTP 400 when deleting an API.
- Fixed a bug that prevented Tyk Dashboard users from resetting their own passwords.
- Fixed issue with GraphQL proxy headers added via UI
- Fixed a bug in the default OPA rule that prevented users from resetting their own password
- Fixed a bug where authToken data was incorrectly stored in the JWT section of the authentication config when a new API was created
- Fixed UDG UI bug that caused duplicate data source creation on renaming
- Fixed schema validation for custom domain in Tyk OAS API definition
Tyk Gateway
- Fixed panic when JWK method was used for JWT authentication and the token didn’t include kid.
- Fixed an issue where failure to load GoPlugin middleware didn’t prevent the API from proxying traffic to the upstream; now Gateway logs an error when the plugin fails to load (during API creation/update) and responds with HTTP 500 if the API is called. At the moment fixed only for file based plugins.
- Fixed MutualTLS issue causing leak of allowed CAs during TLS handshake when there are multiple mTLS APIs
- Fixed a bug during hot reload of Tyk Gateway where APIs with JSVM plugins stored in filesystem were not reloaded.
- Fixed a bug when using Tyk OAuth 2.0 flow on Tyk Cloud where a request for an Authorization Code would fail with a 404 error.
- Fixed a bug where mTLS negotiation could fail when there are a large number of certificates and CAs; added an option (http_server_options.skip_client_ca_announcement) to use the alternative method for certificate transfer.
- Fixed a bug where rate limits were not correctly applied when policies are partitioned to separate access rights and rate limits into different scopes.
What’s new
- Added a new enable_distributed_tracing to the NewRelic config to enable support for Distributed Tracer in the Tyk gateway.
- Improved security for people using the Dashboard by adding the Referrer-Policy header with the value
no-referrer
. - Added ability to select the plugin driver within the Tyk OAS API Designer.
- When creating a new API in the Tyk OAS API Designer, caching is now disabled by default.
Useful resouces
- Check out Tyk’s GitHub Repository and try out our open source gateway!
- Tyk self managed installation: Installation guide
- Sign up for a Tyk trial: Sign up - Tyk API Management
Feedback
Tell us about your experience trying Tyk and what you thought about this new update.
Don’t forget to star us on Github and Artifacthub!