/
operator-0.17.md
134 lines (94 loc) · 5.5 KB
/
operator-0.17.md
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
---
title: Tyk Operator 0.17 Release Notes
tag: ["Tyk Operator", "Release notes", "v0.17", "changelog" ]
description: "Release notes documenting updates, enhancements, fixes and changes for Tyk Operator versions within the 0.17.x series."
---
**Open Source ([Mozilla Public License](https://github.com/TykTechnologies/tyk/blob/master/LICENSE.md))**
**This page contains all release notes for version 0.17 displayed in reverse chronological order**
## Support Lifetime
Our minor releases are supported until our next minor comes out.
## 0.17.1 Release Notes
##### Release date 6 May 2024
#### Breaking Changes
This release has no breaking changes.
#### Deprecations
There are no deprecations in this release.
#### Upgrade Instructions
Go to the [Upgrading Tyk Operator]({{<ref "tyk-stack/tyk-operator/installing-tyk-operator#upgrading-tyk-operator">}}) section for detailed upgrade instructions.
#### Release Highlights
This release is focused on bug fixes. For details please refer to the [changelog]({{< ref "#Changelog-v0.17.1">}}) below.
#### Downloads
- [Docker image v0.17](https://hub.docker.com/r/tykio/tyk-operator/tags?page=&page_size=&ordering=&name=v0.17.1)
- ```bash
docker pull tykio/tyk-operator:v0.17.1
```
- Source code tarball - [Tyk Operator Repo](https://github.com/TykTechnologies/tyk-operator/releases/tag/v0.17.1)
#### Changelog {#Changelog-v0.17.1}
##### Fixed
<ul>
<li>
<details>
<summary>Fixed ApiDefinition Custom Resources generated by the Ingress Controller used a wrong certificate</summary>
When using Tyk as an Ingress Controller with TLS enabled, the ApiDefinition Custom Resources generated by the Ingress Controller is missing the OrgID field. As a result, Tyk Gateway used a wrong certificate when serving a request. It is fixed by adding back OrgID field to ApiDefinition CRs created by Ingress Controller.</summary>
</details>
</li>
<li>
<details>
<summary>Added Webhook and RBAC port configurations in Tyk Operator Helm chart</summary>
Users can configure Tyk Operator webhook and RBAC port via helm chart values `.Values.webhookPort` and `.Values.rbac.port` respectively.
</details>
</li>
<li>
<details>
<summary>Addressed security vulnerabilities CVE-2023-45288</summary>
Addressed security vulnerabilities [CVE-2023-45288](https://nvd.nist.gov/vuln/detail/CVE-2023-45288) where an attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.
</details>
</li>
<li>
<details>
<summary>Addressed security vulnerabilities CVE-2024-24786</summary>
Addressed security vulnerabilities [CVE-2024-24786](https://nvd.nist.gov/vuln/detail/CVE-2024-24786) where the `protojson.Unmarshal` function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a `google.protobuf.Any` value, or when the `UnmarshalOptions.DiscardUnknown` option is set.
</details>
</li>
</ul>
## 0.17.0 Release Notes
##### Release date 05 Apr 2024
#### Breaking Changes
This release has no breaking changes.
#### Deprecations
There are no deprecations in this release.
#### Upgrade Instructions
Go to the [Upgrading Tyk Operator]({{<ref "tyk-stack/tyk-operator/installing-tyk-operator#upgrading-tyk-operator">}}) section for detailed upgrade Instructions.
#### Release Highlights
This release added support for `GraphQLIntrospectionConfig` in API definition and fixed an issue where the Tyk Operator creates duplicate APIs on Tyk.
For details please refer to the [changelog]({{< ref "#Changelog-v0.17.0">}}) below.
#### Downloads
- [Docker image v0.17](https://hub.docker.com/r/tykio/tyk-operator/tags?page=&page_size=&ordering=&name=v0.17.0)
- ```bash
docker pull tykio/tyk-operator:v0.17.0
```
- Source code tarball - [Tyk Operator Repo](https://github.com/TykTechnologies/tyk-operator/releases/tag/v0.17.0)
#### Changelog {#Changelog-v0.17.0}
##### Fixed
<ul>
<li>
<details>
<summary>Fixed creating duplicated API definitions on Tyk </summary>
Fix creating duplicated API definitions on Tyk in case of cluster failures. If network errors happen while updating the API definition, the Tyk Operator retries the reconciliation based on the underlying error type.
</details>
</li>
</ul>
##### Added
<ul>
<li>
<details>
<summary>Added support of GraphQLIntrospectionConfig in API definition CRD </summary>
Added to ApiDefinition CRD: support of `GraphQLIntrospectionConfig` field at `graphql.introspection.disabled`. This feature will be enabled in future Tyk releases.
</details>
</li>
</ul>
## Further Information
### Upgrading Tyk
Please refer to the [upgrading Tyk]({{< ref "upgrading-tyk" >}}) page for further guidance with respect to the upgrade strategy.
### FAQ
Please visit our [Developer Support]({{< ref "frequently-asked-questions/faq" >}}) page for further information relating to reporting bugs, upgrading Tyk, technical support and how to contribute.