Tyk Gateway v2.3.4 and Dashboard v1.3.4 released

We’re happy to announce the latest Tyk update - these are patches to tighten up security in our dashboard as well as fix a few minor bugs - full release notes below and on our github releases page:

Tyk Gateway v2.3.4

  • Added new management_node boolean configuration option. When turned on, it will exclude the node from distributed rate limiter.
  • /tyk/api endpoint, used for managing APIs, now can be accessed without trailing slash to avoid confusion.

Tyk Dashboard v1.3.4: security focused release

  • Fix: Deactivating a user now disables their API access and logs them out from existing dashboard sessions.
  • Fix: Updating user permissions now does not empty user password.
  • Fix: Updating user permissions now updates both current API session and all opened dashboard sessions, and does not require user to re-login.
  • User access to OAuth tokens now controlled using separate permission group.
  • Disabled auto-completion for all forms with passwords.
  • Enable HSTS for all requests to improve HTTPS security.
  • Added new disable_parallel_sessions boolean configuration option. When turned on it allows only one active dashboard session. When a user logs in, all of their other active sessions are automatically logged out.
  • Using Admin API you now can set the password. If the password field is empty, it gets ignored.