Tyk Gateway 2.9.2, Tyk Dashboard 1.9.2, Tyk Pump 0.8.3, Tyk MDCB 1.7.1

Tyk Gateway 2.9.2

  • Fixed Open Tracing issues [#2655, #2685, #2688]
    This Addresses an issue where middleware such as mocked responses, url rewrites, method transform & versioning would stop working when tracing is enabled.
  • Added ignore case feature for Whitelist , Blacklist and Ignore plugins [#2330]
    When whitelisting a getuser path, the plugin would only accept a lowercase request for getuser . Now If getuser is whitelisted, getUser , GetUser and getuser will all be whitelisted.
  • Ignore plugin can now be used with URL rewrite [#2579]
    The purpose of the ignore plugin is to bypass authentication. This had an adverse effect in that it also bypassed several other middleware such as URL rewrite . The Ignore plugin no longer causes relevant middleware to be bypassed.
  • OAuth client metadata is now applied to OAuth token [#2682]
  • OAuth error code is now configurable [#2381]
    It is now possible to tune the error status code by modifying oauth_error_status_code in tyk.conf . If no value is set, it defaults to a 403 error.
  • Added RSA support in request signing middleware [#2452]
    Request Signing middleware previously only supported HMAC. This is now extended to support RSA.
  • Circuit Breaker plugin now trips for any 5xx status code, not just 500 [#2660]
  • :warning: Deprecated auth field in favour of auth_configs in api definition object [#2580]
  "auth_configs": {
    "authToken": {"auth_header_name": "My-Auth-Header-Key"}
    "basic": {"auth_header_name": "My-Basic-Auth-Header-Key"},

This enables better control with multiple chained authentication mechanisms enabled for an API. Now we can set distinct Headers for different auth modes.

  • Redis MGET driver fix in cluster mode [#2703]
    Commands performing multiple keys operations (such as MGET) cannot be supported when using a cluster of Redis nodes because they are commands meant to operate atomically on a single node. MGET has been resolved by aggregating the result of several GET commands.

Tyk Dashboard 1.9.2

  • Resolved a UI error which made it impossible to delete a portal navigation item from the admin dashboard
  • Improved guidance for custom domains regex in Dashboard API Designer
  • Updating the developer portal catalogue no longer generates a new URL for portal documentation. This allows portal documentation to be shared publicly and updated without causing 404 broken links
  • Converted API version expiry date to UTC format to handle timezone differences
  • Fixed catalogue issues during a key request in a multi-selection flow
    Require Key Approval feature wasn’t working correctly in a multi API flow. Now, all cases are fixed.
  • Fixed pagination issues
    Page count was wrong on some lists such policies, APIs etc.
  • Showed policy name along with ID for OIDC authentication
    On OIDC authentication, once a policy is added, it is identified by the policy ID, rather than the name. Now, It displays both the policy name and ID.
  • Fixed the issue that a user can login to multiple sessions through TIB even with disable_parallel_sessions is set to true
  • Fixed URL rewrite triggers in case of API update
    When updating an API through the dashboard, the API was incorrectly modified and the advanced rewrite “match” value was incorrectly changed from true to false .
  • Fixed broken key update/delete events that affect Multi-Cloud installations
    Internal key event names were refactored but this broke backwards compatibility so we have returned back to the previous event names.

Tyk Pump 0.8.3

  • Handled unsupported MongoDB characters [TykTechnologies/tyk-pump/issues/113]
    MongoDB doesn’t support . in parent field names. Should a path contain . , mongoDB would get corrupted. We have now replaced the . character with its Unicode equivalent.
  • Added support for pumping to an Elasticsearch Cluster [TykTechnologies/tyk-pump/pull/180]
    Previously, it was only possible to pump analytics to a single Elasticsearch endpoint. Due to this limitation, it was not previously possible to support Elasticsearch clusters.
  • Resolved issue where aggregate TCP proxy analytics were incorrectly calculated [TykTechnologies/tyk-pump/issues/182]

Tyk MDCB 1.7.1

  • Enable http profiling by setting "enable_http_profiler": true in tyk_sink.conf
  • Added new configuration options:
    ignore_tag_prefix_list (in mongo aggregate and hybrid pump) : It will not store analytics for tags having a prefix specified in the list. Note: The prefix “key-” is added in the list by default. This tag is added by the Gateway for keys. threshold_len_tag_list (in mongo aggregate pump) : If the number of tags in a document grows beyond a specified value, the pump will throw a warning. The warning will print the top 5 common tag prefixes. The default value is 1000 . To disable alerts set it to -1 . store_analytics_per_minute : Currently, aggregate data is generated per hour. If this option is enabled, aggregate data will be generated per minute. track_all_paths : Currently, analytics for an endpoint is stored only if the Track Endpoint plugin is enabled on that endpoint. If track_all_paths is enabled, it will store analytics for all the endpoints, irrespective of Track Endpoint plugin.
  • Fixed Redis connection leak