Skip to content

v5.14.0

Latest

Choose a tag to compare

@ilijabojanovic ilijabojanovic released this 07 Jul 17:34
2e94501

What's Changed

  • [TT-13727] Add RFC3339 compliant option for consistent GW application logs by @shults in #8157
  • [TT-17137] Support remote MCPs as upstream — routing fix + auto-mirror PRM + OAuth proxy by @andrei-tyk in #8181
  • [TT-16865]: Gateway reads node id and nonce on 409 by @kofoworola in #8137
  • [TT-17190] Upgrade apache/thrift to 0.23.0 by @MFCaballero in #8194
  • TT-17162: update github-actions workflow by @probelabs[bot] in #8213
  • [TT-17172] OAuth2 security scheme: foundation container by @lghiur in #8198
  • [TT-4023] Track 404 logs not showing in listening port when changing control api port by @MaciekMis in #7976
  • TT-17147: fix: remove unconditional break in memorycache cleanup timer by @probelabs[bot] in #8180
  • [TT-12339] [BE] Implement sub-second timeout for the Enforced Timeout middleware by @MaciekMis in #8151
  • [TT-17154] Docs update by @MFCaballero in #8214
  • [TT-17154] Bump opentelemetry to post-v0.0.25 doc-comment fixes by @mativm02 in #8240
  • [TT-17173] OAuth2 scope check (API-level / global) by @lghiur in #8199
  • [TT-16823] Filter MCP discovery with OAS middleware rules by @andrei-tyk in #8246
  • [TT-17173] apidef classic schema: declare security_requirement_scopes by @lghiur in #8253
  • [TT-17049] Replace unbounded regex caches with a bounded LRU cache to prevent memory leaks by @MFCaballero in #8239
  • [TT-17174] OAuth2 scope check (per-operation / per-MCP-primitive) by @lghiur in #8203
  • [TT-17339 master] Implement Floating tags in github actions by @konrad-sol in #8270
  • [TT-17312] Gateway: client-IdP registry for JWT key & scope resolution by @mativm02 in #8268
  • [TT-17065] Fix MinTokenLength: reject silent-accept on create + correct off-by-one operator by @sedkis in #8154
  • [TT-17175] OAuth2 Protected Resource Metadata — new structure inside oauth2 (gateway) by @lghiur in #8209
  • TT-17333 gromit sync templates by @probelabs[bot] in #8293
  • [TT-16017] Fix issue with strip auth data GQL APIs by @LLe27 in #7831
  • [TT-17176] Mirror upstream PRM from the new oauth2.protectedResourceMetadata block by @lghiur in #8297
  • [TT-17356] Join the MCP agent's trace from params._meta and propagate upstream by @lghiur in #8276
  • [TT-7519] add "original_path" and "listen_path" to observability by @sedkis in #7791
  • [TT-17312] Resolve JWT scope claim name from client-IdP registry by @mativm02 in #8296
  • [TT-12339] Rename OAS enforceTimeout field timeout to duration by @jay-deshmukh in #8278
  • [TT-16259] [Security] Unable to delete Session that uses a quota and is under heavy load [Plan A] by @shults in #8254
  • [TT-16068] Enhance Graceful Shutdown Sequence to introduce a waiting period for Gateway Deregistration by @MaciekMis in #8241
  • [TT-15935] Feature Request - Standardize Log Message Key Across All Tyk Components by @shults in #8236
  • [TT-17442] Upstream WebSocket connection reuse ignores per-request auth headers by @MaciekMis in #8303
  • [TT-17295] feat: support embedded PEM certificate content in Gateway by @mativm02 in #8256
  • TT-17297: support file based kv references by @vladzabolotnyi in #8267
  • Revert TT-16259 by @shults in #8307
  • TT-15813: add api-level timeout configuration by @vladzabolotnyi in #8282
  • TT-17495 Fix span Original Path by @tbuchaillot in #8311
  • [TT-12339] Missing schema updates for enforce timeout by @MaciekMis in #8319
  • [TT-17486] fix: stop liveness probe blocking on node re-registration by @mativm02 in #8314
  • TT-5486: Fix session cache access rights race by @andrei-tyk in #8320
  • TT-17527: add timeout to test CI job by @olamilekan000 in #8331
  • TT-17508: Add restriction to absolute paths when base_path is provided by @vladzabolotnyi in #8322
  • [TT-17515] Rename Tyk Classic hard_timeouts duration wire field by @mativm02 in #8335
  • [TT-17446] Tyk Gateway 5.13.1/5.14.0 CVEs by @MFCaballero in #8315
  • [TT-17569] Bump storage to v1.3.4 (CVE fixes) by @lghiur in #8336
  • TT-17607: Fix dep-guard running on tag push by @probelabs[bot] in #8355
  • Merging to release-5.14.0: [TT-17578] Bump graphql-go-tools to fix Federation subscription-then-query null regression (#8345) by @probelabs[bot] in #8362
  • Merging to release-5.14.0: TT-17622: cherry-pick goreleaser timeout bump (#8377) by @probelabs[bot] in #8378
  • Merging to release-5.14.0: [TT-17585] MinTokenLength: apply the default floor of 3 to the create-time guard (#8346) by @probelabs[bot] in #8376
  • fix: bump aws-sdk-go-v2/service/s3 to v1.97.3 (release-5.14.0) by @probelabs[bot] in #8385
  • [releng release-5.14.0] Fix VEX attachment for ee by @probelabs[bot] in #8397
  • [releng release-5.14.0] gromit: sync templates by @probelabs[bot] in #8406
  • TT-17684 [5.14.0] Fix vulnerable stream dependencies by @buger in #8415
  • TT-17688: test: add local httpbin.org mock to smoke tests (backport #8409) by @probelabs[bot] in #8418
  • [TT-17689] Update httpbin image to mccutchen/go-httpbin in tests by @probelabs[bot] in #8428
  • TT-17689: Fix httpbin port mismatch (renamed branch) by @probelabs[bot] in #8440
  • DX-2386: Revert httpbin test-infra migration to pre-migration baseline (5.14.0) by @probelabs[bot] in #8450
  • Update aws-sdk-go-v2 dependencies in go.mod and go.sum by @ilijabojanovic in #8457
  • [TT-17417] docs: update swagger version to 5.14.0 by @bsten-tyk in #8460

Full Changelog: v5.13.1...v5.14.0