Tyk Dashboard v1.3.2 Released


#1

Tyk Dashboard version 1.3.2 has been released, this is a patch release to beef up security of dashboard users and fix some security concerns with the users API.

Changelog:

Password validation and constraints

Added more verbose password rules for user creation, it is now possible to use the password.json schema in the tyk dashboard schemas/ directory to set complex

Example of password.json with full validation:

{
    "title": "User password schema",
    "type": "string",

    "minLength": 6,
    "multiCase": true,
    "minNumeric": 2,
    "minSpecial": 2,
    "disableSequential": true
}

Password hash exposed in users/ API

The users API will no longer expose the password hash as part of the call, this aplies to both portal and dashboard users.


#2

[UPDATE]

For users that have modified their schemas, please make sure to back these up before upgrading as the installer will override them and add new ones.


#3

Worth noticing that developer portal users use separate policy and all the rules should be put into developer_password.json file, the rest is similar to dashboard users and password.json.