Tyk Dashboard v1.3.2 Released


Tyk Dashboard version 1.3.2 has been released, this is a patch release to beef up security of dashboard users and fix some security concerns with the users API.


Password validation and constraints

Added more verbose password rules for user creation, it is now possible to use the password.json schema in the tyk dashboard schemas/ directory to set complex

Example of password.json with full validation:

    "title": "User password schema",
    "type": "string",

    "minLength": 6,
    "multiCase": true,
    "minNumeric": 2,
    "minSpecial": 2,
    "disableSequential": true

Password hash exposed in users/ API

The users API will no longer expose the password hash as part of the call, this aplies to both portal and dashboard users.



For users that have modified their schemas, please make sure to back these up before upgrading as the installer will override them and add new ones.


Worth noticing that developer portal users use separate policy and all the rules should be put into developer_password.json file, the rest is similar to dashboard users and password.json.