Tyk Dashboard version 1.3.2 has been released, this is a patch release to beef up security of dashboard users and fix some security concerns with the users API.
Changelog:
Password validation and constraints
Added more verbose password rules for user creation, it is now possible to use the password.json
schema in the tyk dashboard schemas/
directory to set complex
Example of password.json
with full validation:
{
"title": "User password schema",
"type": "string",
"minLength": 6,
"multiCase": true,
"minNumeric": 2,
"minSpecial": 2,
"disableSequential": true
}
Password hash exposed in users/
API
The users API will no longer expose the password hash as part of the call, this aplies to both portal and dashboard users.