Skip to content

Latest commit

ย 

History

History
1724 lines (1294 loc) ยท 110 KB

CHANGELOG.md

File metadata and controls

1724 lines (1294 loc) ยท 110 KB
title
Changelog

Table of Contents

3.10.0

Change

  • remove core.grpc module #11427
  • add max req/resp body size attributes #11133
  • autogenerate admin api key if not passed #11080
  • enable sensitive fields encryption by default #11076
  • support more sensitive fields for encryption #11095

Plugins

  • allow set headers in introspection request #11090

Bugfixes

  • Fix: etcd sync data checker should work #11457
  • Fix: plugin metadata add id value for etcd checker #11452
  • Fix: allow trailing period in SNI and CN for SSL #11414
  • Fix: filter out illegal INT(string) formats #11367
  • Fix: make the message clearer when API key is missing #11370
  • Fix: report consumer username tag in datadog #11354
  • Fix: after updating the header, get the old value from the ctx.var #11329
  • Fix: ssl key rotation caused request failure #11305
  • Fix: validation fails causing etcd events not to be handled correctly #11268
  • Fix: stream route matcher is nil after first match #11269
  • Fix: rectify the way to fetch secret resource by id #11164
  • Fix: multi-auth raise 500 error when use default conf #11145
  • Fix: avoid overwriting Access-Control-Expose-Headers response header #11136
  • Fix: close session in case of error to avoid blocked session #11089
  • Fix: restore pb.state appropriately #11135
  • Fix: add a default limit of 100 for get_headers() #11140
  • Fix: disable features when prometheus plugin is turned off #11117
  • Fix: add post request headers only if auth request method is POST #11021
  • Fix: core.request.header return strings instead of table #11127
  • Fix: brotli partial response #11087
  • Fix: the port value greater than 65535 should not be allowed #11043

Core

  • upgrade openresty version to 1.25.3.2 #11419
  • move config-default.yaml to hardcoded lua file #11343
  • warn log when sending requests to external services insecurely #11403
  • update casbin to 1.41.9 #11400
  • update lua-resty-t1k to 1.1.5 #11391
  • support store ssl.keys ssl.certs in secrets mamager #11339
  • move tinyyaml to lyaml #11312
  • support hcv namespace #11277
  • add discovery k8s dump data interface #11111
  • make fetch_secrets use cache for performance #11201
  • replace 'string.len' with '#' #11078

3.9.0

Change

  • change: use apisix.enable_http2 to enable HTTP/2 in APISIX (#11032)
  • change: unify the keyring and key_encrypt_salt fields (#10771)

Core

Plugins

  • ๐ŸŒ… add session.cookie configuration #10919
  • ๐ŸŒ… support endpointslices in kubernetes discovery #10916
  • ๐ŸŒ… add redis and redis-cluster in limit-req #10874
  • ๐ŸŒ… support expire prometheus metrics #10869
  • ๐ŸŒ… add redis and redis-cluster in limit-conn #10866
  • ๐ŸŒ… allow configuring allow-headers in grpc-web plugin #10904
  • ๐ŸŒ… Add forward-auth plugin exception configuration status_on_error #10898
  • ๐ŸŒ… add option to include request body and response body in log util #10888
  • ๐ŸŒ… support compressed responses in loggers #10884
  • ๐ŸŒ… add http-dubbo plugin #10703
  • ๐ŸŒ… support built-in variables in response_headers in mocking plugin #10872
  • ๐ŸŒ… support other data formats without warnings #10862
  • ๐ŸŒ… add ocsp-stapling plugin #10817

Bug Fixes

  • Fix: wrong namespace related endpoint in k8s #10917
  • Fix: when delete the secret cause 500 error #10902
  • Fix: jwe-decrypt secret length restriction #10928
  • Fix: unnecessary YAML Config reloads #9065
  • Fix: real_payload was overridden by malicious payload #10982
  • Fix: all origins could pass when allow_origins_by_metadata is set #10948
  • Fix: add compatibility headers #10828
  • Fix: missing trailers issue #10851
  • Fix: decryption failure #10843
  • Fix: server-side sessions locked by not calling explicit session:close() #10788
  • Fix: skip brotli compression for upstream compressed response #10740
  • Fix: use_jwks breaking authentication header #10670
  • Fix: authz_keycloak plugin giving 500 error #10763

3.8.0

Core

  • ๐ŸŒ… Support the use of lua-resty-events module for better performance:
  • ๐ŸŒ… Upgrade OpenSSL 1.1.1 to OpenSSL 3: #10724

Plugins

  • ๐ŸŒ… Add jwe-decrypt plugin: #10252
  • ๐ŸŒ… Support brotli when use filters.regex option (response-rewrite): #10733
  • ๐ŸŒ… Add multi-auth plugin: #10482
  • ๐ŸŒ… Add required scopes configuration property to openid-connect plugin: #10493
  • ๐ŸŒ… Support for the Timing-Allow-Origin header (cors): #9365
  • ๐ŸŒ… Add brotli plugin: #10515
  • ๐ŸŒ… Body-transformer plugin enhancement(#10472): #10496
  • ๐ŸŒ… Set minLength of redis_cluster_nodes to 1 for limit-count plugin: #10612
  • ๐ŸŒ… Allow to use environment variables for limit-count plugin settings: #10607

Bugfixes

  • Fix: When the upstream nodes are of array type, the port should be an optional field: #10477
  • Fix: Incorrect variable extraction in fault-injection plugin: #10485
  • Fix: All consumers should share the same counter (limit-count): #10541
  • Fix: Safely remove upstream when sending route to opa plugin: #10552
  • Fix: Missing etcd init_dir and unable to list resource: #10569
  • Fix: Forward-auth request body is too large: #10589
  • Fix: Memory leak caused by timer that never quit: #10614
  • Fix: Do not invoke add_header if value resolved as nil in proxy-rewrite plugin: #10619
  • Fix: Frequent traversal of all keys in etcd leads to high CPU usage: #10671
  • Fix: For prometheus upstream_status metrics, mostly_healthy is healthy: #10639
  • Fix: Avoid getting a nil value in log phase in zipkin: #10666
  • Fix: Enable openid-connect plugin without redirect_uri got 500 error: #7690
  • Fix: Add redirect_after_logout_uri for ODIC that do not have an end_session_endpoint: #10653
  • Fix: Response-rewrite filters.regex does not apply when content-encoding is gzip: #10637
  • Fix: The leak of prometheus metrics: #10655
  • Fix: Authz-keycloak add return detail err: #10691
  • Fix: upstream nodes was not updated correctly by service discover: #10722
  • Fix: apisix restart failed: #10696

3.7.0

Change

  • โš ๏ธ Creating core resources does not allow passing in create_time and update_time: #10232
  • โš ๏ธ Remove self-contained info fields exptime and validity_start and validity_end from ssl schema: 10323
  • โš ๏ธ Replace route with apisix.route_name, service with apisix.service_name in the attributes of opentelemetry plugin to follow the standards for span name and attributes: #10393

Core

  • ๐ŸŒ… Added token to support access control for consul discovery: #10278
  • ๐ŸŒ… Support configuring service_id in stream_route to reference service resources: #10298
  • ๐ŸŒ… Using apisix-runtime as the apisix runtime:

Plugins

  • ๐ŸŒ… Add tests for authz-keycloak with apisix secrets: #10353
  • ๐ŸŒ… Add authorization params to openid-connect plugin: #10058
  • ๐ŸŒ… Support set variable in zipkin plugin: #10361
  • ๐ŸŒ… Support Nacos ak/sk authentication: #10445

Bugfixes

  • Fix: Use warn log for get healthcheck target status failure:
  • Fix: Keep healthcheck target state when upstream changes:
  • Fix: Add name field in plugin_config schema for consistency: #10315
  • Fix: Optimize tls in upstream_schema and wrong variable: #10269
  • Fix(consul): Failed to exit normally: #10342
  • Fix: The request header with Content-Type: application/x-www-form-urlencoded;charset=utf-8 will cause vars condition post_arg_xxx matching to failed: #10372
  • Fix: Make install failed on mac: #10403
  • Fix(log-rotate): Log compression timeout caused data loss: #8620
  • Fix(kafka-logger): Remove 0 from enum of required_acks: #10469

3.6.0

Change

  • โš ๏ธ Remove gRPC support between APISIX and etcd and remove etcd.use_grpc configuration option: #10015
  • โš ๏ธ Remove conf server. The data plane no longer supports direct communication with the control plane, and the configuration should be adjusted from config_provider: control_plane to config_provider: etcd: #10012
  • โš ๏ธ Enforce strict schema validation on the properties of the core APISIX resources: #10233

Core

  • ๐ŸŒ… Support configuring the buffer size of the access log: #10225
  • ๐ŸŒ… Support the use of local DNS resolvers in service discovery by configuring resolv_conf: #9770
  • ๐ŸŒ… Remove Rust dependency for installation: #10121
  • ๐ŸŒ… Support Dubbo protocol in xRPC #9660

Plugins

  • ๐ŸŒ… Support https in traffic-split plugin: #9115
  • ๐ŸŒ… Support rewrite request body in external plugin:#9990
  • ๐ŸŒ… Support set nginx variables in opentelemetry plugin: #8871
  • ๐ŸŒ… Support unix sock host pattern in the chaitin-waf plugin: #10161

Bugfixes

  • Fix GraphQL POST request route matching exception: #10198
  • Fix error on array of multiline string in apisix.yaml: #10193
  • Add error handlers for invalid cache_zone configuration in the proxy-cache plugin: #10138

3.5.0

Change

  • โš ๏ธ remove snowflake algorithm in the request-id plugin: #9715
  • โš ๏ธ No longer compatible with OpenResty 1.19, it needs to be upgraded to 1.21+: #9913
  • โš ๏ธ Remove the configuration item apisix.stream_proxy.only, the L4/L7 proxy needs to be enabled through the configuration item apisix.proxy_mode: #9607
  • โš ๏ธ The admin-api /apisix/admin/plugins?all=true marked as deprecated: #9580
  • โš ๏ธ allowlist and denylist can't be enabled at the same time in ua-restriction plugin: #9841

Core

  • ๐ŸŒ… Support host level dynamic setting of tls protocol version: #9903
  • ๐ŸŒ… Support force delete resource: #9810
  • ๐ŸŒ… Support pulling env vars from yaml keys: #9855
  • ๐ŸŒ… Add schema validate API in admin-api: #10065

Plugins

  • ๐ŸŒ… Add chaitin-waf plugin: #9838
  • ๐ŸŒ… Support vars for file-logger plugin: #9712
  • ๐ŸŒ… Support adding response headers for mock plugin: #9720
  • ๐ŸŒ… Support regex_uri with unsafe_uri for proxy-rewrite plugin: #9813
  • ๐ŸŒ… Support set client_email field for google-cloud-logging plugin: #9813
  • ๐ŸŒ… Support sending headers upstream returned by OPA server for opa plugin: #9710
  • ๐ŸŒ… Support configuring proxy server for openid-connect plugin: #9948

Bugfixes

  • Fix(log-rotate): the max_kept configuration doesn't work when using custom name: #9749
  • Fix(limit_conn): do not use the http variable in stream mode: #9816
  • Fix(loki-logger): getting an error with log_labels: #9850
  • Fix(limit-count): X-RateLimit-Reset shouldn't be set to 0 after request be rejected: #9978
  • Fix(nacos): attempt to index upvalue 'applications' (a nil value): #9960
  • Fix(etcd): can't sync etcd data if key has special character: #9967
  • Fix(tencent-cloud-cls): dns parsing failure: #9843
  • Fix(reload): worker not exited when executing quit or reload command #9909
  • Fix(traffic-split): upstream_id validity verification #10008

3.4.0

Core

  • ๐ŸŒ… Support route-level MTLS #9322
  • ๐ŸŒ… Support id schema for global_rules #9517
  • ๐ŸŒ… Support use a single long http connection to watch all resources for etcd #9456
  • ๐ŸŒ… Support max len 256 for ssl label #9301

Plugins

  • ๐ŸŒ… Support multiple regex pattern matching for proxy_rewrite plugin #9194
  • ๐ŸŒ… Add loki-logger plugin #9399
  • ๐ŸŒ… Allow user configure DEFAULT_BUCKETS for prometheus plugin #9673

Bugfixes

  • Fix(body-transformer): xml2lua: replace empty table with empty string #9669
  • Fix: opentelemetry and grpc-transcode plugins cannot work together #9606
  • Fix(skywalking-logger, error-log-logger): support $hostname in skywalking service_instance_name #9401
  • Fix(admin): fix secrets do not support to update attributes by PATCH #9510
  • Fix(http-logger): default request path should be '/' #9472
  • Fix: syslog plugin doesn't work #9425
  • Fix: wrong log format for splunk-hec-logging #9478
  • Fix(etcd): reuse cli and enable keepalive #9420
  • Fix: upstream key config add mqtt_client_id support #9450
  • Fix: body-transformer plugin return raw body anytime #9446
  • Fix(wolf-rbac): other plugin in consumer not effective when consumer used wolf-rbac plugin #9298
  • Fix: always parse domain when host is domain name #9332
  • Fix: response-rewrite plugin can't add only one character #9372
  • Fix(consul): support to fetch only health endpoint #9204

3.3.0

The changes marked with โš ๏ธ are not backward compatible.

Change

  • โš ๏ธ Change the default router from radixtree_uri to radixtree_host_uri: #9047
  • โš ๏ธ CORS plugin will add Vary: Origin header when allow_origin is not *: #9010

Core

  • ๐ŸŒ… Support store route's cert in secrets manager: #9247
  • ๐ŸŒ… Support bypassing Admin API Auth by configuration: #9147

Plugins

  • ๐ŸŒ… Support header injection for fault-injection plugin: #9039
  • ๐ŸŒ… Support variable when rewrite header in proxy-rewrite plugin: #9112
  • ๐ŸŒ… limit-count plugin supports username and ssl for redis policy: #9185

Bugfixes

  • Fix etcd data sync exception: #8493
  • Fix invalidate cache in core.request.add_header and fix some calls: #8824
  • Fix the high CPU and memory usage cause by healthcheck impl: #9015
  • Consider using allow_origins_by_regex only when it is not nil: #9028
  • Check upstream reference in traffic-split plugin when delete upstream: #9044
  • Fix failing to connect to etcd at startup: #9077
  • Fix health checker leak for domain nodes: #9090
  • Prevent non 127.0.0.0/24 to access admin api with empty admin_key: #9146
  • Ensure hold_body_chunk should use separate buffer for each plugin in case of pollution: #9266
  • Ensure batch-requests plugin read trailer headers if existed: #9289
  • Ensure proxy-rewrite should set ngx.var.uri: #9309

3.2.1

This is an LTS maintenance release and you can see the CHANGELOG in release/3.2 branch.

https://github.com/apache/apisix/blob/release/3.2/CHANGELOG.md#321

3.2.0

Change

  • Deprecated separate Vault configuration in jwt-auth. Users can use secret to achieve the same function: #8660

Core

Plugins

  • ๐ŸŒ… Add RESTful to graphQL conversion plugin: #8959
  • ๐ŸŒ… Supports setting the log format on each log plugin:
  • ๐ŸŒ… Add request body/response body conversion plugin: #8766
  • ๐ŸŒ… Support sending error logs to Kafka: #8693
  • ๐ŸŒ… limit-count plugin supports X-RateLimit-Reset: #8578
  • ๐ŸŒ… limit-count plugin supports setting TLS to access Redis cluster: #8558
  • ๐ŸŒ… consumer-restriction plugin supports permission control via consumer_group_id: #8567

Bugfixes

  • Fix mTLS protection when the host and SNI mismatch: #8967
  • The proxy-rewrite plugin should escape URI parameter parts if they do not come from user config: #8888
  • Admin API PATCH operation should return 200 status code after success: #8855
  • Under certain conditions, the reload after etcd synchronization failure does not take effect: #8736
  • Fix the problem that the nodes found by the Consul service discovery are incomplete: #8651
  • Fix grpc-transcode plugin's conversion of Map data: #8731
  • External plugins should be able to set the content-type response header: #8588
  • When hotloading plugins, redundant timers may be left behind if the request-id plugin initializes the snowflake generator incorrectly: #8556
  • Close previous proto synchronizer for grpc-transcode when hotloading plugins: #8557

3.1.0

Core

  • ๐ŸŒ… Support for etcd configuration synchronization via gRPC:
  • ๐ŸŒ… Support for configuring encrypted fields in plugins:
  • ๐ŸŒ… Support for placing partial fields in Vault or environment variable using secret resources:
  • ๐ŸŒ… Allows upstream configuration in the stream subsystem as a domain name: #8500
  • ๐ŸŒ… Support Consul service discovery: #8380

Plugin

  • ๐ŸŒ… Optimize resource usage for prometheus collection: #8434
  • ๐ŸŒ… Add inspect plugin for easy debugging: #8400
  • ๐ŸŒ… jwt-auth plugin supports parameters to hide authentication token from upstream : #8206
  • ๐ŸŒ… proxy-rewrite plugin supports adding new request headers without overwriting existing request headers with the same name: #8336
  • ๐ŸŒ… grpc-transcode plugin supports setting the grpc-status-details-bin response header into the response body: #7639
  • ๐ŸŒ… proxy-mirror plugin supports setting the prefix: #8261

Bugfix

  • Fix the problem that the plug-in configured under service object cannot take effect in time under some circumstances: #8482
  • Fix an occasional 502 problem when http and grpc share the same upstream connection due to connection pool reuse: #8364
  • file-logger should avoid buffer-induced log truncation when writing logs: #7884
  • max_kept parameter of log-rotate plugin should take effect on compressed files: #8366
  • Fix userinfo not being set when use_jwks is true in the openid-connect plugin: #8347
  • Fix an issue where x-forwarded-host cannot be changed in the proxy-rewrite plugin: #8200
  • Fix a bug where disabling the v3 admin API resulted in missing response bodies under certain circumstances: #8349
  • In zipkin plugin, pass trace ID even if there is a rejected sampling decision: #8099
  • Fix _meta.filter in plugin configuration not working with variables assigned after upstream response and custom variables in APISIX.

3.0.0

Change

  • enable_cpu_affinity is disabled by default to avoid this configuration affecting the behavior of APSISIX deployed in the container: #8074

Core

  • ๐ŸŒ… Added Consumer Group entity to manage multiple consumers: #7980
  • ๐ŸŒ… Supports configuring the order in which DNS resolves domain name types: #7935
  • ๐ŸŒ… Support configuring multiple key_encrypt_salt for rotation: #7925

Plugin

  • ๐ŸŒ… Added ai plugin to dynamically optimize the execution path of APISIX according to the scene:
  • ๐ŸŒ… Support session_secret in openid-connect plugin to resolve the inconsistency of session_secret among multiple workers: #8068
  • ๐ŸŒ… Support sasl config in kafka-logger plugin: #8050
  • ๐ŸŒ… Support set resolve domain in proxy-mirror plugin: #7861
  • ๐ŸŒ… Support brokers property in kafka-logger plugin, which supports different broker to set the same host: #7999
  • ๐ŸŒ… Support get response body in ext-plugin-post-resp: #7947
  • ๐ŸŒ… Added cas-auth plugin to support CAS authentication: #7932

Bugfix

  • Conditional expressions of workflow plugin should support operators: #8121
  • Fix loading problem of batch processor plugin when prometheus plugin is disabled: #8079
  • When APISIX starts, delete the old conf server sock file if it exists: #8022
  • Disable core.grpc when gRPC-client-nginx-module module is not compiled: #8007

3.0.0-beta

Here we use 2.99.0 as the version number in the source code instead of the code name 3.0.0-beta for two reasons:

  1. avoid unexpected errors when some programs try to compare the version, as 3.0.0-beta contains 3.0.0 and is longer than it.
  2. some package system might not allow package which has a suffix after the version number.

Change

Moves the config_center, etcd and Admin API configuration to the deployment

We've adjusted the configuration in the static configuration file, so you need to update the configuration in config.yaml as well:

  • The config_center function is now implemented by config_provider under deployment: #7901
  • The etcd field is moved to deployment: #7860
  • The following Admin API configuration is moved to the admin field under deployment: #7823
    • admin_key
    • enable_admin_cors
    • allow_admin
    • admin_listen
    • https_admin
    • admin_api_mtls
    • admin_api_version

You can refer to the latest config-default.yaml for details.

Removing multiple deprecated configurations

With the new 3.0 release, we took the opportunity to clean out many configurations that were previously marked as deprecated.

In the static configuration, we removed several fields as follows:

  • Removed enable_http2 and listen_port from apisix.ssl: #7717
  • Removed apisix.port_admin: #7716
  • Removed etcd.health_check_retry: #7676
  • Removed nginx_config.http.lua_shared_dicts: #7677
  • Removed apisix.real_ip_header: #7696

In the dynamic configuration, we made the following adjustments:

  • Moved disable of the plugin configuration under _meta: #7707
  • Removed service_protocol from the Route: #7701

There are also specific plugin level changes:

  • Removed audience field from authz-keycloak: #7683
  • Removed upstream field from mqtt-proxy: #7694
  • tcp-related configuration placed under the tcp field in error-log-logger: #7700
  • Removed max_retry_times and retry_interval fields from syslog: #7699
  • The scheme field has been removed from proxy-rewrite: #7695

New Admin API response format

We have adjusted the response format of the Admin API in several PRs as follows:

The new response format is shown below:

Returns a single configuration:

{
  "modifiedIndex": 2685183,
  "value": {
    "id": "1",
    ...
  },
  "key": "/apisix/routes/1",
  "createdIndex": 2684956
}

Returns multiple configurations:

{
  "list": [
    {
      "modifiedIndex": 2685183,
      "value": {
        "id": "1",
        ...
      },
      "key": "/apisix/routes/1",
      "createdIndex": 2684956
    },
    {
      "modifiedIndex": 2685163,
      "value": {
        "id": "2",
        ...
      },
      "key": "/apisix/routes/2",
      "createdIndex": 2685163
    }
  ],
  "total": 2
}

Other

  • Port of Admin API changed to 9180: #7806
  • We only support OpenResty 1.19.3.2 and above: #7625
  • Adjusted the priority of the Plugin Config object so that the priority of a plugin configuration with the same name changes from Consumer > Plugin Config > Route > Service to Consumer > Route > Plugin Config > Service: #7614

Core

  • Integrating grpc-client-nginx-module to APISIX: #7917
  • k8s service discovery support for configuring multiple clusters: #7895

Plugin

  • Support for injecting header with specified prefix in opentelemetry plugin: #7822
  • Added openfunction plugin: #7634
  • Added elasticsearch-logger plugin: #7643
  • response-rewrite plugin supports adding response bodies: #7794
  • log-rorate supports specifying the maximum size to cut logs: #7749
  • Added workflow plug-in.
  • Added Tencent Cloud Log Service plugin: #7593
  • jwt-auth supports ES256 algorithm: #7627
  • ldap-auth internal implementation, switching from lualdap to lua-resty-ldap: #7590
  • http request metrics within the prometheus plugin supports setting additional labels via variables: #7549
  • The clickhouse-logger plugin supports specifying multiple clickhouse endpoints: #7517

Bugfix

  • gRPC proxy sets :authority request header to configured upstream Host: #7939
  • response-rewrite writing to an empty body may cause AIPSIX to fail to respond to the request: #7836
  • Fix the problem that when using Plugin Config and Consumer at the same time, there is a certain probability that the plugin configuration is not updated: #7965
  • Only reopen log files once when log cutting: #7869
  • Passive health checks should not be enabled by default: #7850
  • The zipkin plugin should pass trace IDs upstream even if it does not sample: #7833
  • Correction of opentelemetry span kind to server: #7830
  • in limit-count plugin, different routes with the same configuration should not share the same counter: #7750
  • Fix occasional exceptions thrown when removing clean_handler: #7648
  • Allow direct use of IPv6 literals when configuring upstream nodes: #7594
  • The wolf-rbac plugin adjusts the way it responds to errors:
  • the phases after proxy didn't run when 500 error happens before proxy: #7703
  • avoid error when multiple plugins associated with consumer and have rewrite phase: #7531
  • upgrade lua-resty-etcd to 1.8.3 which fixes various issues: #7565

2.15.3

This is an LTS maintenance release and you can see the CHANGELOG in release/2.15 branch.

https://github.com/apache/apisix/blob/release/2.15/CHANGELOG.md#2153

2.15.2

This is an LTS maintenance release and you can see the CHANGELOG in release/2.15 branch.

https://github.com/apache/apisix/blob/release/2.15/CHANGELOG.md#2152

2.15.1

This is an LTS maintenance release and you can see the CHANGELOG in release/2.15 branch.

https://github.com/apache/apisix/blob/release/2.15/CHANGELOG.md#2151

2.15.0

Change

  • We now map the grpc error code OUT_OF_RANGE to http code 400 in grpc-transcode plugin: #7419
  • Rename health_check_retry configuration in etcd section of config-default.yaml to startup_retry: #7304
  • Remove upstream.enable_websocket which is deprecated since 2020: #7222

Core

  • Support running plugins conditionally: #7453
  • Allow users to specify plugin execution priority: #7273
  • Support getting upstream certificate from ssl object: #7221
  • Allow customizing error response in the plugin: #7128
  • Add metrics to xRPC Redis proxy: #7183
  • Introduce deployment role to simplify the deployment of APISIX:

Plugin

  • Add ngx.shared.dict statistic in promethues plugin: #7412
  • Allow using unescaped raw URL in proxy-rewrite plugin: #7401
  • Add PKCE support to the openid-connect plugin: #7370
  • Support custom log format in sls-logger plugin: #7328
  • Export some params for kafka-client in kafka-logger plugin: #7266
  • Add support for capturing OIDC refresh tokens in openid-connect plugin: #7220
  • Add prometheus plugin in stream subsystem: #7174

Bugfix

  • clear remain state from the latest try before retrying in Kubernetes discovery: #7506
  • the query string was repeated twice when enabling both http_to_https and append_query_string in the redirect plugin: #7433
  • don't send empty Authorization header by default in http-logger: #7444
  • ensure both group and disable configurations can be used in limit-count: #7384
  • adjust the execution priority of request-id so the tracing plugins can use the request id: #7281
  • correct the transcode of repeated Message in grpc-transcode: #7231
  • var missing in proxy-cache cache key should be ignored: #7168
  • reduce memory usage when abnormal weights are given in chash: #7103
  • cache should be bypassed when the method mismatch in proxy-cache: #7111
  • Upstream keepalive should consider TLS param: ย  ย  - #7054 ย  ย  - #7466
  • The redirect plugin sets a correct port during redirecting HTTP to HTTPS: ย  ย  - #7065

2.14.1

Bugfix

  • The "unix:" in the real_ip_from configuration should not break the batch-requests plugin: #7106

2.14.0

Change

  • To adapt the change of OpenTelemetry spec, the default port of OTLP/HTTP is changed to 4318: #7007

Core

  • Introduce an experimental feature to allow subscribing Kafka message via APISIX. This feature is based on the pubsub framework running above websocket:
  • Introduce an experimental framework called xRPC to manage non-HTTP L7 traffic:
  • Now we support adding delay according to the command & key during proxying Redis traffic, which is built above xRPC:
  • Introduce an experimental support to configure APISIX via xDS:
  • Add normalize_uri_like_servlet option to normalize uri like servlet: #6984
  • Zookeeper service discovery via apisix-seed: #6751

Plugin

  • The real-ip plugin supports recursive IP search like real_ip_recursive: #6988
  • The api-breaker plugin allows configuring response: #6949
  • The response-rewrite plugin supports body filters: #6750
  • The request-id plugin adds nanoid algorithm to generate ID: #6779
  • The file-logger plugin can cache & reopen file handler: #6721
  • Add casdoor plugin: #6382
  • The authz-keycloak plugin supports password grant: #6586

Bugfix

  • Upstream keepalive should consider TLS param: #7054
  • Do not expose internal error message to the client:
  • DNS supports SRV record with port 0: #6739
  • client mTLS was ignored sometimes in TLS session reuse: #6906
  • The grpc-web plugin doesn't override Access-Control-Allow-Origin header in response: #6842
  • The syslog plugin's default timeout is corrected: #6807
  • The authz-keycloak plugin's access_denied_redirect_uri was bypassed sometimes: #6794
  • Handle USR2 signal properly: #6758
  • The redirect plugin set a correct port during redirecting HTTP to HTTPS:
  • Admin API rejects unknown stream plugin: #6813

2.13.3