Release alert - Tyk v5.0.1 & v4.0.13 out now!

Hello Tyk Community!

Tyk v5.0.1 & v4.0.13 are out now! This is a patch release and has a greater focus on making our existing features better and fixing any issues related to them.

Release Notes

• Tyk v4.0.13
• Tyk v5.0.1

Fixes

Tyk Dashboard

1. Fixed a bug on the key management page where searching by key_id did not work - you can now initiate the search by pressing enter after typing in the key_id.
2. Fixed a bug where Dashboard API could incorrectly return HTTP 400 when deleting an API.
3. Fixed a bug that prevented Tyk Dashboard users from resetting their own passwords.
4. Fixed issue with GraphQL proxy headers added via UI
5. Fixed a bug in the default OPA rule that prevented users from resetting their own password
6. Fixed a bug where authToken data was incorrectly stored in the JWT section of the authentication config when a new API was created
7. Fixed UDG UI bug that caused duplicate data source creation on renaming
8. Fixed schema validation for custom domain in Tyk OAS API definition

Tyk Gateway

1. Fixed panic when JWK method was used for JWT authentication and the token didn’t include kid.
2. Fixed an issue where failure to load GoPlugin middleware didn’t prevent the API from proxying traffic to the upstream; now Gateway logs an error when the plugin fails to load (during API creation/update) and responds with HTTP 500 if the API is called. At the moment fixed only for file based plugins.
3. Fixed MutualTLS issue causing leak of allowed CAs during TLS handshake when there are multiple mTLS APIs
4. Fixed a bug during hot reload of Tyk Gateway where APIs with JSVM plugins stored in filesystem were not reloaded.
5. Fixed a bug when using Tyk OAuth 2.0 flow on Tyk Cloud where a request for an Authorization Code would fail with a 404 error.
6. Fixed a bug where mTLS negotiation could fail when there are a large number of certificates and CAs; added an option (http_server_options.skip_client_ca_announcement) to use the alternative method for certificate transfer.
7. Fixed a bug where rate limits were not correctly applied when policies are partitioned to separate access rights and rate limits into different scopes.

What’s new

1. Added a new enable_distributed_tracing to the NewRelic config to enable support for Distributed Tracer in the Tyk gateway.
2. Improved security for people using the Dashboard by adding the Referrer-Policy header with the value no-referrer.
3. Added ability to select the plugin driver within the Tyk OAS API Designer.
4. When creating a new API in the Tyk OAS API Designer, caching is now disabled by default.

Useful resouces

• Check out Tyk’s GitHub Repository and try out our open source gateway!
• Tyk self managed installation: Installation guide
• Sign up for a Tyk trial: Sign up - Tyk API Management

Feedback
Tell us about your experience trying Tyk and what you thought about this new update.
Don’t forget to star us on Github and Artifacthub!