JWT clock skew made configurable using jwt_issued_at_validation_skew,jwt_expires_at_validation_skew and jwt_not_before_validation_skew API definition variables (values specified in seconds)
Use JWT exp scope for session expiration, fallback to policy if not present
During rewrites with dynamic values, like metadata or context, if key not found, value will be empty instead of metadata or context placeholder
TLS renegotiation now supported by default, by you can turn it off using proxy_ssl_disable_renegotiation tyk.conf boolean option
Fix crash when JSVM is disabled, but JSVM bundle is specified for API
Issue warning on boot when secrets are default
Fix connection to the dashboard when it is using self-signed certificate
Allow same API to serve both HTTP and WebSockets
Fix AuthFailed events when using auth plugins
Fix enable_key_logging for some proxy log calls
Fix using multiple python files in same bundle
Fix TLS handshake error: no cipher suite supported by both client and server
Fix policy changes not being propagated to OIDC keys
Fix reading binary bodies in python plugins
Tyk Dashboard 1.7.2
Added support for Redis 4 Clustering
Now you can disable “X-Forwared-For” header check, during login rate limiting checks, by using security.login_disallow_forward_proxy boolean option
Fix custom auth option in Raw API editor
Fix endpoint designer cache plugin
Use strong mongo consistency by default
Issue warning on boot when secrets are default
Fix developers subscription keys, when custom hashing algorithm is used
Fix developer portal reset url in text version of email
Fix setting event handlers on api definition over API
Tyk Pump 0.5.4
Added support for Redis 4 Clustering
Added support for configuring using environmental variables using TYK_PMP_ prefix