[TT-15982] 5.10.1 RNs Gateway and Dashboard.md

developer-support/release-notes/dashboard.mdx

@@ -20,6 +20,131 @@ Our minor releases are supported until our next minor comes out.
 
 ## 5.10 Release Notes 
 
+### 5.10.1 Release Notes 
+
+#### Release Date 19 November 2025
+
+#### Release Highlights
+
+This patch release upgrades the Go build environment and delivers UI, analytics, and security fixes. For a comprehensive list of changes, please refer to the detailed [changelog](#Changelog-v5.10.1).
+
+#### Breaking Changes
+
+There are no breaking changes in this release.
+
+#### Dependencies
+<a id="dependencies-5.10.1"></a>
+
+| Dashboard Version | Recommended Releases | Backwards Compatibility |
+|--------|-------------------|-------------|
+| 5.10.1 | MDCB v2.8.5       | MDCB v2.8.5 |
+|        | Operator v1.2.0   | Operator v0.17 |
+|        | Sync v2.1.4       | Sync v2.1.0 |
+|        | Helm Chart v4.0   | Helm all versions |
+|        | EDP v1.14.1       | EDP all versions |
+|        | Pump v1.13.0      | Pump all versions |
+|        | TIB (if using standalone) v1.7.0 | TIB all versions |
+
+##### 3rd Party Dependencies & Tools
+<a id="3rdPartyTools-v5.10.1"></a>
+
+| Third Party Dependency | Tested Versions | Compatible Versions | Comments | 
+| ---------------------- | --------------- | ------------------- | -------- | 
+| [GoLang](https://go.dev/dl/)          | 1.24 | 1.24 | [Go plugins](/api-management/plugins/golang) must be built using Go 1.24 | 
+| [Redis](https://redis.io/download/)   | 5.x, 6.x, 7.x    |  5.x, 6.x, 7.x    | | 
+| [Valkey](https://valkey.io/download/) | 8.0.x, 8.1.x    | 7.2.x, 8.0.x, 8.1.x    | | 
+| [MongoDB](https://www.mongodb.com/try/download/community)  | 6, 7, 8  | 5, 6, 7, 8  | | 
+| [DocumentDB](https://aws.amazon.com/documentdb/)  | 4, 5  | 4, 5  | | 
+| [PostgreSQL](https://www.postgresql.org/download/) | 13.x - 17.x | 13.x - 17.x  | | 
+| [OpenAPI Specification](https://spec.openapis.org/oas/v3.0.3) | v3.0.x | v3.0.x | Supported by [Tyk OAS](/api-management/gateway-config-tyk-oas#tyk-vendor-extension-reference)|
+
+#### Deprecations
+
+There are no deprecations in this release.
+
+#### Upgrade instructions
+<a id="upgrade-5.10.1"></a>
+
+If you are upgrading to 5.10.1, please follow the detailed [upgrade instructions](#upgrading-tyk). 
+
+#### Downloads
+
+- [Docker Image to pull](https://hub.docker.com/r/tykio/tyk-dashboard/tags?page=&page_size=&ordering=&name=v5.10.1)
+  - ```bash
+    docker pull tykio/tyk-dashboard:v5.10.1
+    ```
+- Helm charts
+  - [tyk-charts v4.0.0](/developer-support/release-notes/helm-chart#400-release-notes)
+
+Please note that the Tyk Helm Charts are configured to install the LTS version of Tyk Dashboard. You will need to modify them to install v5.10.1.
+
+#### Changelog
+<a id="Changelog-v5.10.1"></a>
+
+##### Changed
+
+<AccordionGroup>
+<Accordion title='Upgraded Go build environment to Debian 12 ("Bookworm")'>
+We have updated the Go build environment from Debian 11 ("Bullseye") to Debian 12 ("Bookworm") across all pipelines. This change ensures that all builds use the latest Go 1.24 patch version, addressing recent CVEs and improving overall security and stability.
+</Accordion>
+
+</AccordionGroup>
+
+##### Added
+
+<AccordionGroup>
+
+<Accordion title='Enabled Gzip Compression for Static Assets to Improve Dashboard Load Performance'>
+Implemented gzip compression for static assets (JavaScript, CSS, images, etc.) when the browser client requests for gzip with the `Accepted-Encoding` header. This significantly reduces the file size transferred when loading the Dashboard, reducing bandwidth usage and improving page load times for users.
+</Accordion>
+
+</AccordionGroup>
+
+##### Fixed
+
+<AccordionGroup>
+
+<Accordion title='API Editor UI Glitch When Scrolling in Import Mode'>
+Fixed an issue introduced in 5.10.0 where there was a graphical glitch with the code editor in the API Designer.
+</Accordion>
+
+<Accordion title='Dashboard Analytics and Monitoring Fixes'>
+- **Fixed non-clickable endpoint rows in the Activity page**: Fixed an issue where selecting an endpoint in the "Most Popular Endpoints" list on the "Activity Overview" screen did not direct the user to the "Activity by Endpoint" screen.
+- **Fixed incorrect error code descriptions in API activity dashboard**: Error codes now display correct descriptions (409 shows "Conflict" instead of "Rate limit or quota exceeded", and missing descriptions for 502, 504, 499, and 422 have been added).
+- **Fixed unicode character display in Activity Logs view**: Non-ASCII characters (Cyrillic, Arabic, Hindi, Telugu, Yoruba, etc.) now display correctly instead of showing garbled text when viewing request/response logs.
+- **Fixed date range filtering showing extra day in analytics charts**: Date range selectors now accurately reflect the selected end date instead of automatically including the following day's data in charts and legends.
+- **Fixed Log Browser querying wrong tables when SQL table sharding is enabled**: Dashboard now correctly queries sharded tables (tyk_analytics_YYYYMMDD) instead of the main tyk_analytics table when `TYK_DB_STORAGE_LOGS_TABLESHARDING=true` is configured, ensuring analytics data displays properly with SQL database sharding.
+- **Fixed incorrect date labels and data aggregation in analytics charts**: Fixed multiple issues in the analytics aggregation layer when using PostgreSQL backend that caused incorrect chart rendering and service problems. Resolved problems, including hourly charts showing nonsensical dates like "30 Nov 1899", monthly charts displaying incorrect months, incomplete time-series data due to improper date padding, and API activity being incorrectly split across multiple rows.
+</Accordion>
+</AccordionGroup>
+
+##### Security Fixes
+
+<AccordionGroup>
+
+<Accordion title='CVE fixed'>
+Fixed the following high-priority CVEs, providing increased protection against security
+vulnerabilities:
+
+- <a href="https://www.cve.org/CVERecord?id=CVE-2025-47912" target="_blank">CVE-2025-47912</a>
+- <a href="https://www.cve.org/CVERecord?id=CVE-2025-58183" target="_blank">CVE-2025-58183</a>
+- <a href="https://www.cve.org/CVERecord?id=CVE-2025-58185" target="_blank">CVE-2025-58185</a>
+- <a href="https://www.cve.org/CVERecord?id=CVE-2025-58186" target="_blank">CVE-2025-58186</a>
+- <a href="https://www.cve.org/CVERecord?id=CVE-2025-58187" target="_blank">CVE-2025-58187</a>
+- <a href="https://www.cve.org/CVERecord?id=CVE-2025-58188" target="_blank">CVE-2025-58188</a>
+- <a href="https://www.cve.org/CVERecord?id=CVE-2025-58189" target="_blank">CVE-2025-58189</a>
+- <a href="https://www.cve.org/CVERecord?id=CVE-2025-61723" target="_blank">CVE-2025-61723</a>
+- <a href="https://www.cve.org/CVERecord?id=CVE-2025-61724" target="_blank">CVE-2025-61724</a>
+- <a href="https://www.cve.org/CVERecord?id=CVE-2025-61725" target="_blank">CVE-2025-61725</a>
+- <a href="https://nvd.nist.gov/vuln/detail/CVE-2025-63811" target="_blank">CVE-2025-63811</a>
+- <a href="https://nvd.nist.gov/vuln/detail/CVE-2025-31133" target="_blank">CVE-2025-31133</a>
+- <a href="https://nvd.nist.gov/vuln/detail/CVE-2025-52565" target="_blank">CVE-2025-52565</a>
+- <a href="https://nvd.nist.gov/vuln/detail/CVE-2025-52881" target="_blank">CVE-2025-52881</a>
+
+</Accordion>
+
+</AccordionGroup>
+
 ### 5.10.0 Release Notes 
 
 #### Release Date 13th October 2025

developer-support/release-notes/gateway.mdx

@@ -16,6 +16,154 @@ Our minor releases are supported until our next minor comes out.
 ---
 ## 5.10 Release Notes 
 
+### 5.10.1 Release Notes 
+
+#### Release Date 19 November 2025
+
+#### Release Highlights
+
+This patch release contains various bug and security fixes. For a comprehensive list of changes, please refer to the detailed [changelog](#Changelog-v5.10.1).
+
+#### Breaking Changes
+
+There are no breaking changes in this release.
+
+#### Dependencies 
+<a id="dependencies-5.10.1"></a>
+
+##### Compatibility Matrix For Tyk Components
+
+| Gateway Version | Recommended Releases | Backwards Compatibility |
+|--------|-------------------|---- |
+| 5.10.1 | MDCB v2.8.5       | MDCB v2.8.5 |
+|        | Operator v1.2.0   | Operator v0.17 |
+|        | Sync v2.1.4       | Sync v2.1.0 |
+|        | Helm Chart v4.0   | Helm all versions |
+|        | Pump v1.13.0      | Pump all versions |
+
+##### 3rd Party Dependencies & Tools
+
+| Third Party Dependency | Tested Versions | Compatible Versions | Comments | 
+| ---------------------- | --------------- | ------------------- | -------- | 
+| [Go](https://go.dev/dl/)               | 1.24                   |  1.24  | [Go plugins](/api-management/plugins/golang) must be built using Go 1.24 | 
+| [Redis](https://redis.io/download/)    | 6.2.x, 7.x, 7.4.x      | 6.2.x, 7.x, 7.4.x      | | 
+| [Valkey](https://valkey.io/download/)  | 7.2.x, 8.0.x, 8.1.x    | 7.2.x, 8.0.x, 8.1.x    | | 
+| [OpenAPI Specification](https://spec.openapis.org/oas/v3.0.3)| v3.0.x  | v3.0.x | Supported by [Tyk OAS](/api-management/gateway-config-tyk-oas) |
+
+Given the potential time difference between your upgrade and the release of this version, we recommend users verify the ongoing support of third-party dependencies they install, as their status may have changed since the release.
+
+#### Deprecations
+
+There are no deprecations in this release.
+
+#### Upgrade instructions
+<a id="upgrade-5.10.1"></a>
+
+If you are upgrading to 5.10.1, please follow the detailed [upgrade instructions](#upgrading-tyk).
+
+#### Downloads
+
+- [Docker image to pull](https://hub.docker.com/r/tykio/tyk-gateway/tags?page=&page_size=&ordering=&name=v5.10.1)
+  - ```bash
+    docker pull tykio/tyk-gateway:v5.10.1
+    ``` 
+- Helm charts
+  - [tyk-charts v4.0.0](/developer-support/release-notes/helm-chart#400-release-notes)
+
+Please note that the Tyk Helm Charts are configured to install the LTS version of Tyk Gateway. You will need to modify them to install v5.10.1.
+
+- [Source code tarball of Tyk Gateway v5.10.1](https://github.com/TykTechnologies/tyk/releases/tag/v5.10.1)
+
+#### Changelog
+<a id="Changelog-v5.10.1"></a>
+
+##### Fixed
+
+<AccordionGroup>
+
+<Accordion title='Fixed Custom Authentication fallback when custom plugin bundle is disabled'>
+Fixed an issue where [Custom Authentication](/api-management/authentication/custom-auth) could fall back to a previously configured alternative authentication method if the custom plugin bundle was not loaded. Now this is treated as for any other failed plugin load, and requests to the API will be rejected with `HTTP 500 Internal Server Error` to prevent access to an improperly configured endpoint.
+</Accordion>
+
+<Accordion title='Fixed issue with invalid or missing bundle manifests'>
+Fixed an issue where the Gateway would load and attempt to use plugin bundles even when the manifest file was invalid or missing. The Gateway now properly validates bundle manifests and fails safely by rejecting API requests when bundles cannot be properly loaded or verified. 
+This prevents risks from corrupted or tampered bundles and ensures that APIs with invalid plugin configurations are not accessible, maintaining the integrity of authentication and authorization checks implemented by plugins.
+</Accordion>
+
+<Accordion title='Fixed JWT key activation when toggling default policy from draft to active'>
+Fixed an issue where keys could remain deactivated when a policy applied to them was changed from `draft` to `active` status. When an access key/token is presented to Tyk in a request, policies linked to the key will be applied, configuring the authorization for that request. If any policy is in `draft` state, the key will be rejected. 
+Toggling the policy to the `active` state should activate any keys to which the policy is applied. Previously, if the policy had never been applied when it was in `draft` state, there was an issue where keys would incorrectly be marked as `inactive`. This has now been resolved, and the policy state is correctly mapped to keys.
+</Accordion>
+
+<Accordion title='Added new configuration option for limiting response body size'>
+Added a new configuration option, [HttpServerOptions.MaxResponseBodySize](/tyk-oss-gateway/configuration/#http_server_optionsmax_response_body_size) to limit the maximum size of the response bodies processed during any response body transformations.  When the limit is exceeded, the Gateway returns `HTTP 500 Response Body Too Large` instead of attempting to process the oversized content.
+</Accordion>
+
+<Accordion title='Fixed plugin loading failure errors being ignored for gRPC, Python, and Lua plugins'>
+Fixed an issue where plugin loading failure errors were ignored for gRPC, Python, and Lua plugins, allowing API requests to be processed even when plugins failed to load. The Gateway now properly validates plugin drivers during request processing and fails safely by returning `HTTP 500 Internal Server Error` when any plugin fails to load, ensuring consistent behavior across all plugin types.
+</Accordion>
+
+<Accordion title='Fixed random version selection when `not_versioned` is set to true'>
+Fixed an issue where a **Tyk Classic API** with inconsistent versioning configuration would process requests using a **random version’s configuration**.
+
+A non-versioned API should:
+
+- Contain a single entry in `version_data.versions` with the API configuration.
+- Have the `version_data.not_versioned` flag set to `true`.
+
+Previously, if multiple entries existed in the `version_data.versions` array while `not_versioned` was set to `true`, the Gateway would **randomly select one** of those versions to process incoming requests.
+
+**New behavior:**
+
+When `version_data.not_versioned` is set to `true` and multiple versions are present, Tyk now deterministically selects the configuration for the **default version** instead of picking one at random.
+
+Tyk determines the default version as follows:
+
+- First, it looks for an entry named `"Default"`.
+- If not found, it checks for `"default"`.
+- If neither exists, it checks for an entry with an **empty string key** (`""`).
+- If none of these are found, Tyk returns an **error**, indicating a misconfigured non-versioned API.
+</Accordion>
+
+<Accordion title='Improved path handling during bundle decompression.'>
+Tyk Gateway now validates all file paths in zip bundles before extraction, rejecting bundles that contain invalid paths. Bundle extraction fails immediately upon detecting invalid paths, with detailed error logging, ensuring that only proper bundles with valid relative paths are processed.
+</Accordion>
+
+<Accordion title='Fixed Data Plane Gateway hanging when MDCB connection is lost'>
+Fixed an issue where a Data Plane Gateway could hang for all client requests when the MDCB connection was lost. This was caused by the Gateway incorrectly checking the Organisation quota when `TYK_GW_ENFORCEORGQUOTAS` was not set. If the Organisation quota cache expired before the Gateway performed a health check, the Gateway could hang.
+
+From this release, the Gateway does not check the Organisation quota cache if this is not set. For users relying on Organisation quotas (setting `TYK_GW_ENFORCEORGQUOTAS=true`), the scenario is different and the lock does not occur.
+</Accordion>
+
+</AccordionGroup>
+
+##### Security Fixes
+
+<AccordionGroup>
+
+<Accordion title='CVE fixed'>
+Fixed the following high-priority CVEs, providing increased protection against security
+vulnerabilities:
+
+- <a href="https://www.cve.org/CVERecord?id=CVE-2025-47912" target="_blank">CVE-2025-47912</a>
+- <a href="https://www.cve.org/CVERecord?id=CVE-2025-58183" target="_blank">CVE-2025-58183</a>
+- <a href="https://www.cve.org/CVERecord?id=CVE-2025-58185" target="_blank">CVE-2025-58185</a>
+- <a href="https://www.cve.org/CVERecord?id=CVE-2025-58186" target="_blank">CVE-2025-58186</a>
+- <a href="https://www.cve.org/CVERecord?id=CVE-2025-58187" target="_blank">CVE-2025-58187</a>
+- <a href="https://www.cve.org/CVERecord?id=CVE-2025-58188" target="_blank">CVE-2025-58188</a>
+- <a href="https://www.cve.org/CVERecord?id=CVE-2025-58189" target="_blank">CVE-2025-58189</a>
+- <a href="https://www.cve.org/CVERecord?id=CVE-2025-61723" target="_blank">CVE-2025-61723</a>
+- <a href="https://www.cve.org/CVERecord?id=CVE-2025-61724" target="_blank">CVE-2025-61724</a>
+- <a href="https://www.cve.org/CVERecord?id=CVE-2025-61725" target="_blank">CVE-2025-61725</a>
+- <a href="https://nvd.nist.gov/vuln/detail/CVE-2025-63811" target="_blank">CVE-2025-63811</a>
+- <a href="https://nvd.nist.gov/vuln/detail/CVE-2025-31133" target="_blank">CVE-2025-31133</a>
+- <a href="https://nvd.nist.gov/vuln/detail/CVE-2025-52565" target="_blank">CVE-2025-52565</a>
+- <a href="https://nvd.nist.gov/vuln/detail/CVE-2025-52881" target="_blank">CVE-2025-52881</a>
+
+</Accordion>
+
+</AccordionGroup>
+
 ### 5.10.0 Release Notes 
 
 #### Release Date 13th October 2025

developer-support/release-notes/overview.mdx

@@ -9,13 +9,13 @@ export const releaseData = {
       "home": "tyk-dashboard",
       "name": "Tyk Dashboard",
       "licensed": true,
-      "latest": "5.10.0",
+      "latest": "5.10.1",
       "releaseNotesPath": "developer-support/release-notes/dashboard",
       "lts": "5.8.7",
       "latestData": {
-        "name": "5.10.0",
-        "date": "13/10/2025",
-        "docker": "https://hub.docker.com/r/tykio/tyk-dashboard/tags?page=1&name=v5.10.0"
+        "name": "5.10.1",
+        "date": "19/11/2025",
+        "docker": "https://hub.docker.com/r/tykio/tyk-dashboard/tags?page=1&name=v5.10.1"
       }
     },
     {
@@ -72,14 +72,14 @@ export const releaseData = {
       "home": "tyk-oss-gateway",
       "name": "Tyk Gateway",
       "licensed": false,
-      "latest": "5.10.0",
+      "latest": "5.10.1",
       "releaseNotesPath": "developer-support/release-notes/gateway",
       "lts": "5.8.7",
       "latestData": {
-        "name": "5.10.0",
-        "date": "13/10/2025",
-        "docker": "https://hub.docker.com/r/tykio/tyk-gateway/tags?page=1&name=v5.10.0",
-        "tag": "https://github.com/TykTechnologies/tyk/releases/tag/v5.10.0"
+        "name": "5.10.1",
+        "date": "19/11/2025",
+        "docker": "https://hub.docker.com/r/tykio/tyk-gateway/tags?page=1&name=v5.10.1",
+        "tag": "https://github.com/TykTechnologies/tyk/releases/tag/v5.10.1"
       }
     },
     {