title |
---|
Changelog |
- 3.10.0
- 3.9.0
- 3.8.0
- 3.7.0
- 3.6.0
- 3.5.0
- 3.4.0
- 3.3.0
- 3.2.1
- 3.2.0
- 3.1.0
- 3.0.0
- 3.0.0-beta
- 2.15.3
- 2.15.2
- 2.15.1
- 2.15.0
- 2.14.1
- 2.14.0
- 2.13.3
- 2.13.2
- 2.13.1
- 2.13.0
- 2.12.1
- 2.12.0
- 2.11.0
- 2.10.5
- 2.10.4
- 2.10.3
- 2.10.2
- 2.10.1
- 2.10.0
- 2.9.0
- 2.8.0
- 2.7.0
- 2.6.0
- 2.5.0
- 2.4.0
- 2.3.0
- 2.2.0
- 2.1.0
- 2.0.0
- 1.5.0
- 1.4.1
- 1.4.0
- 1.3.0
- 1.2.0
- 1.1.0
- 1.0.0
- 0.9.0
- 0.8.0
- 0.7.0
- 0.6.0
- remove
core.grpc
module #11427 - add max req/resp body size attributes #11133
- autogenerate admin api key if not passed #11080
- enable sensitive fields encryption by default #11076
- support more sensitive fields for encryption #11095
- allow set headers in introspection request #11090
- Fix: etcd sync data checker should work #11457
- Fix: plugin metadata add id value for etcd checker #11452
- Fix: allow trailing period in SNI and CN for SSL #11414
- Fix: filter out illegal INT(string) formats #11367
- Fix: make the message clearer when API key is missing #11370
- Fix: report consumer username tag in datadog #11354
- Fix: after updating the header, get the old value from the ctx.var #11329
- Fix: ssl key rotation caused request failure #11305
- Fix: validation fails causing etcd events not to be handled correctly #11268
- Fix: stream route matcher is nil after first match #11269
- Fix: rectify the way to fetch secret resource by id #11164
- Fix: multi-auth raise 500 error when use default conf #11145
- Fix: avoid overwriting
Access-Control-Expose-Headers
response header #11136 - Fix: close session in case of error to avoid blocked session #11089
- Fix: restore
pb.state
appropriately #11135 - Fix: add a default limit of 100 for
get_headers()
#11140 - Fix: disable features when prometheus plugin is turned off #11117
- Fix: add post request headers only if auth request method is POST #11021
- Fix: core.request.header return strings instead of table #11127
- Fix: brotli partial response #11087
- Fix: the port value greater than 65535 should not be allowed #11043
- upgrade openresty version to 1.25.3.2 #11419
- move config-default.yaml to hardcoded lua file #11343
- warn log when sending requests to external services insecurely #11403
- update casbin to 1.41.9 #11400
- update lua-resty-t1k to 1.1.5 #11391
- support store ssl.keys ssl.certs in secrets mamager #11339
- move tinyyaml to lyaml #11312
- support hcv namespace #11277
- add discovery k8s dump data interface #11111
- make fetch_secrets use cache for performance #11201
- replace 'string.len' with '#' #11078
- change: use apisix.enable_http2 to enable HTTP/2 in APISIX (#11032)
- change: unify the keyring and key_encrypt_salt fields (#10771)
- ๐ add session.cookie configuration #10919
- ๐ support endpointslices in kubernetes discovery #10916
- ๐ add redis and redis-cluster in limit-req #10874
- ๐ support expire prometheus metrics #10869
- ๐ add redis and redis-cluster in limit-conn #10866
- ๐ allow configuring allow-headers in grpc-web plugin #10904
- ๐ Add forward-auth plugin exception configuration status_on_error #10898
- ๐ add option to include request body and response body in log util #10888
- ๐ support compressed responses in loggers #10884
- ๐ add http-dubbo plugin #10703
- ๐ support built-in variables in response_headers in mocking plugin #10872
- ๐ support other data formats without warnings #10862
- ๐ add ocsp-stapling plugin #10817
- Fix: wrong namespace related endpoint in k8s #10917
- Fix: when delete the secret cause 500 error #10902
- Fix: jwe-decrypt secret length restriction #10928
- Fix: unnecessary YAML Config reloads #9065
- Fix: real_payload was overridden by malicious payload #10982
- Fix: all origins could pass when allow_origins_by_metadata is set #10948
- Fix: add compatibility headers #10828
- Fix: missing trailers issue #10851
- Fix: decryption failure #10843
- Fix: server-side sessions locked by not calling explicit session:close() #10788
- Fix: skip brotli compression for upstream compressed response #10740
- Fix: use_jwks breaking authentication header #10670
- Fix: authz_keycloak plugin giving 500 error #10763
- ๐ Support the use of lua-resty-events module for better performance:
- ๐ Upgrade OpenSSL 1.1.1 to OpenSSL 3: #10724
- ๐ Add jwe-decrypt plugin: #10252
- ๐ Support brotli when use filters.regex option (response-rewrite): #10733
- ๐ Add multi-auth plugin: #10482
- ๐
Add
required scopes
configuration property toopenid-connect
plugin: #10493 - ๐ Support for the Timing-Allow-Origin header (cors): #9365
- ๐ Add brotli plugin: #10515
- ๐ Body-transformer plugin enhancement(#10472): #10496
- ๐ Set minLength of redis_cluster_nodes to 1 for limit-count plugin: #10612
- ๐ Allow to use environment variables for limit-count plugin settings: #10607
- Fix: When the upstream nodes are of array type, the port should be an optional field: #10477
- Fix: Incorrect variable extraction in fault-injection plugin: #10485
- Fix: All consumers should share the same counter (limit-count): #10541
- Fix: Safely remove upstream when sending route to opa plugin: #10552
- Fix: Missing etcd init_dir and unable to list resource: #10569
- Fix: Forward-auth request body is too large: #10589
- Fix: Memory leak caused by timer that never quit: #10614
- Fix: Do not invoke add_header if value resolved as nil in proxy-rewrite plugin: #10619
- Fix: Frequent traversal of all keys in etcd leads to high CPU usage: #10671
- Fix: For prometheus upstream_status metrics, mostly_healthy is healthy: #10639
- Fix: Avoid getting a nil value in log phase in zipkin: #10666
- Fix: Enable openid-connect plugin without redirect_uri got 500 error: #7690
- Fix: Add redirect_after_logout_uri for ODIC that do not have an end_session_endpoint: #10653
- Fix: Response-rewrite filters.regex does not apply when content-encoding is gzip: #10637
- Fix: The leak of prometheus metrics: #10655
- Fix: Authz-keycloak add return detail err: #10691
- Fix: upstream nodes was not updated correctly by service discover: #10722
- Fix: apisix restart failed: #10696
โ ๏ธ Creating core resources does not allow passing increate_time
andupdate_time
: #10232โ ๏ธ Remove self-contained info fieldsexptime
andvalidity_start
andvalidity_end
from ssl schema: 10323โ ๏ธ Replaceroute
withapisix.route_name
,service
withapisix.service_name
in the attributes of opentelemetry plugin to follow the standards for span name and attributes: #10393
- ๐ Added token to support access control for consul discovery: #10278
- ๐
Support configuring
service_id
in stream_route to reference service resources: #10298 - ๐
Using
apisix-runtime
as the apisix runtime:
- ๐ Add tests for authz-keycloak with apisix secrets: #10353
- ๐ Add authorization params to openid-connect plugin: #10058
- ๐ Support set variable in zipkin plugin: #10361
- ๐ Support Nacos ak/sk authentication: #10445
- Fix: Use warn log for get healthcheck target status failure:
- Fix: Keep healthcheck target state when upstream changes:
- Fix: Add name field in plugin_config schema for consistency: #10315
- Fix: Optimize tls in upstream_schema and wrong variable: #10269
- Fix(consul): Failed to exit normally: #10342
- Fix: The request header with
Content-Type: application/x-www-form-urlencoded;charset=utf-8
will cause vars conditionpost_arg_xxx
matching to failed: #10372 - Fix: Make install failed on mac: #10403
- Fix(log-rotate): Log compression timeout caused data loss: #8620
- Fix(kafka-logger): Remove 0 from enum of required_acks: #10469
โ ๏ธ Remove gRPC support between APISIX and etcd and removeetcd.use_grpc
configuration option: #10015โ ๏ธ Remove conf server. The data plane no longer supports direct communication with the control plane, and the configuration should be adjusted fromconfig_provider: control_plane
toconfig_provider: etcd
: #10012โ ๏ธ Enforce strict schema validation on the properties of the core APISIX resources: #10233
- ๐ Support configuring the buffer size of the access log: #10225
- ๐
Support the use of local DNS resolvers in service discovery by configuring
resolv_conf
: #9770 - ๐ Remove Rust dependency for installation: #10121
- ๐ Support Dubbo protocol in xRPC #9660
- ๐ Support https in traffic-split plugin: #9115
- ๐ Support rewrite request body in external plugin:#9990
- ๐ Support set nginx variables in opentelemetry plugin: #8871
- ๐ Support unix sock host pattern in the chaitin-waf plugin: #10161
- Fix GraphQL POST request route matching exception: #10198
- Fix error on array of multiline string in
apisix.yaml
: #10193 - Add error handlers for invalid
cache_zone
configuration in theproxy-cache
plugin: #10138
โ ๏ธ remove snowflake algorithm in the request-id plugin: #9715โ ๏ธ No longer compatible with OpenResty 1.19, it needs to be upgraded to 1.21+: #9913โ ๏ธ Remove the configuration itemapisix.stream_proxy.only
, the L4/L7 proxy needs to be enabled through the configuration itemapisix.proxy_mode
: #9607โ ๏ธ The admin-api/apisix/admin/plugins?all=true
marked as deprecated: #9580โ ๏ธ allowlist and denylist can't be enabled at the same time in ua-restriction plugin: #9841
- ๐ Support host level dynamic setting of tls protocol version: #9903
- ๐ Support force delete resource: #9810
- ๐ Support pulling env vars from yaml keys: #9855
- ๐ Add schema validate API in admin-api: #10065
- ๐ Add chaitin-waf plugin: #9838
- ๐ Support vars for file-logger plugin: #9712
- ๐ Support adding response headers for mock plugin: #9720
- ๐ Support regex_uri with unsafe_uri for proxy-rewrite plugin: #9813
- ๐ Support set client_email field for google-cloud-logging plugin: #9813
- ๐ Support sending headers upstream returned by OPA server for opa plugin: #9710
- ๐ Support configuring proxy server for openid-connect plugin: #9948
- Fix(log-rotate): the max_kept configuration doesn't work when using custom name: #9749
- Fix(limit_conn): do not use the http variable in stream mode: #9816
- Fix(loki-logger): getting an error with log_labels: #9850
- Fix(limit-count): X-RateLimit-Reset shouldn't be set to 0 after request be rejected: #9978
- Fix(nacos): attempt to index upvalue 'applications' (a nil value): #9960
- Fix(etcd): can't sync etcd data if key has special character: #9967
- Fix(tencent-cloud-cls): dns parsing failure: #9843
- Fix(reload): worker not exited when executing quit or reload command #9909
- Fix(traffic-split): upstream_id validity verification #10008
- ๐ Support route-level MTLS #9322
- ๐ Support id schema for global_rules #9517
- ๐ Support use a single long http connection to watch all resources for etcd #9456
- ๐ Support max len 256 for ssl label #9301
- ๐ Support multiple regex pattern matching for proxy_rewrite plugin #9194
- ๐ Add loki-logger plugin #9399
- ๐ Allow user configure DEFAULT_BUCKETS for prometheus plugin #9673
- Fix(body-transformer): xml2lua: replace empty table with empty string #9669
- Fix: opentelemetry and grpc-transcode plugins cannot work together #9606
- Fix(skywalking-logger, error-log-logger): support $hostname in skywalking service_instance_name #9401
- Fix(admin): fix secrets do not support to update attributes by PATCH #9510
- Fix(http-logger): default request path should be '/' #9472
- Fix: syslog plugin doesn't work #9425
- Fix: wrong log format for splunk-hec-logging #9478
- Fix(etcd): reuse cli and enable keepalive #9420
- Fix: upstream key config add mqtt_client_id support #9450
- Fix: body-transformer plugin return raw body anytime #9446
- Fix(wolf-rbac): other plugin in consumer not effective when consumer used wolf-rbac plugin #9298
- Fix: always parse domain when host is domain name #9332
- Fix: response-rewrite plugin can't add only one character #9372
- Fix(consul): support to fetch only health endpoint #9204
The changes marked with
โ ๏ธ Change the default router fromradixtree_uri
toradixtree_host_uri
: #9047โ ๏ธ CORS plugin will addVary: Origin
header whenallow_origin
is not*
: #9010
- ๐ Support store route's cert in secrets manager: #9247
- ๐ Support bypassing Admin API Auth by configuration: #9147
- ๐
Support header injection for
fault-injection
plugin: #9039 - ๐
Support variable when rewrite header in
proxy-rewrite
plugin: #9112 - ๐
limit-count
plugin supportsusername
andssl
for redis policy: #9185
- Fix etcd data sync exception: #8493
- Fix invalidate cache in
core.request.add_header
and fix some calls: #8824 - Fix the high CPU and memory usage cause by healthcheck impl: #9015
- Consider using
allow_origins_by_regex
only when it is notnil
: #9028 - Check upstream reference in
traffic-split
plugin when delete upstream: #9044 - Fix failing to connect to etcd at startup: #9077
- Fix health checker leak for domain nodes: #9090
- Prevent non
127.0.0.0/24
to access admin api with empty admin_key: #9146 - Ensure
hold_body_chunk
should use separate buffer for each plugin in case of pollution: #9266 - Ensure
batch-requests
plugin read trailer headers if existed: #9289 - Ensure
proxy-rewrite
should setngx.var.uri
: #9309
This is an LTS maintenance release and you can see the CHANGELOG in release/3.2
branch.
https://github.com/apache/apisix/blob/release/3.2/CHANGELOG.md#321
- Deprecated separate Vault configuration in jwt-auth. Users can use secret to achieve the same function: #8660
- ๐ Support Vault token to configure secret through environment variables: #8866
- ๐ Supports service discovery on stream subsystem:
- ๐ Add RESTful to graphQL conversion plugin: #8959
- ๐ Supports setting the log format on each log plugin:
- ๐ Add request body/response body conversion plugin: #8766
- ๐ Support sending error logs to Kafka: #8693
- ๐ limit-count plugin supports X-RateLimit-Reset: #8578
- ๐ limit-count plugin supports setting TLS to access Redis cluster: #8558
- ๐ consumer-restriction plugin supports permission control via consumer_group_id: #8567
- Fix mTLS protection when the host and SNI mismatch: #8967
- The proxy-rewrite plugin should escape URI parameter parts if they do not come from user config: #8888
- Admin API PATCH operation should return 200 status code after success: #8855
- Under certain conditions, the reload after etcd synchronization failure does not take effect: #8736
- Fix the problem that the nodes found by the Consul service discovery are incomplete: #8651
- Fix grpc-transcode plugin's conversion of Map data: #8731
- External plugins should be able to set the content-type response header: #8588
- When hotloading plugins, redundant timers may be left behind if the request-id plugin initializes the snowflake generator incorrectly: #8556
- Close previous proto synchronizer for grpc-transcode when hotloading plugins: #8557
- ๐ Support for etcd configuration synchronization via gRPC:
- ๐ Support for configuring encrypted fields in plugins:
- ๐ Support for placing partial fields in Vault or environment variable using secret resources:
- ๐ Allows upstream configuration in the stream subsystem as a domain name: #8500
- ๐ Support Consul service discovery: #8380
- ๐ Optimize resource usage for prometheus collection: #8434
- ๐ Add inspect plugin for easy debugging: #8400
- ๐ jwt-auth plugin supports parameters to hide authentication token from upstream : #8206
- ๐ proxy-rewrite plugin supports adding new request headers without overwriting existing request headers with the same name: #8336
- ๐ grpc-transcode plugin supports setting the grpc-status-details-bin response header into the response body: #7639
- ๐ proxy-mirror plugin supports setting the prefix: #8261
- Fix the problem that the plug-in configured under service object cannot take effect in time under some circumstances: #8482
- Fix an occasional 502 problem when http and grpc share the same upstream connection due to connection pool reuse: #8364
- file-logger should avoid buffer-induced log truncation when writing logs: #7884
- max_kept parameter of log-rotate plugin should take effect on compressed files: #8366
- Fix userinfo not being set when use_jwks is true in the openid-connect plugin: #8347
- Fix an issue where x-forwarded-host cannot be changed in the proxy-rewrite plugin: #8200
- Fix a bug where disabling the v3 admin API resulted in missing response bodies under certain circumstances: #8349
- In zipkin plugin, pass trace ID even if there is a rejected sampling decision: #8099
- Fix
_meta.filter
in plugin configuration not working with variables assigned after upstream response and custom variables in APISIX.
enable_cpu_affinity
is disabled by default to avoid this configuration affecting the behavior of APSISIX deployed in the container: #8074
- ๐ Added Consumer Group entity to manage multiple consumers: #7980
- ๐ Supports configuring the order in which DNS resolves domain name types: #7935
- ๐
Support configuring multiple
key_encrypt_salt
for rotation: #7925
- ๐ Added ai plugin to dynamically optimize the execution path of APISIX according to the scene:
- ๐
Support
session_secret
in openid-connect plugin to resolve the inconsistency ofsession_secret
among multiple workers: #8068 - ๐ Support sasl config in kafka-logger plugin: #8050
- ๐ Support set resolve domain in proxy-mirror plugin: #7861
- ๐
Support
brokers
property in kafka-logger plugin, which supports different broker to set the same host: #7999 - ๐ Support get response body in ext-plugin-post-resp: #7947
- ๐ Added cas-auth plugin to support CAS authentication: #7932
- Conditional expressions of workflow plugin should support operators: #8121
- Fix loading problem of batch processor plugin when prometheus plugin is disabled: #8079
- When APISIX starts, delete the old conf server sock file if it exists: #8022
- Disable core.grpc when gRPC-client-nginx-module module is not compiled: #8007
Here we use 2.99.0 as the version number in the source code instead of the code name
3.0.0-beta
for two reasons:
- avoid unexpected errors when some programs try to compare the
version, as
3.0.0-beta
contains3.0.0
and is longer than it. - some package system might not allow package which has a suffix after the version number.
We've adjusted the configuration in the static configuration file, so you need to update the configuration in config.yaml
as well:
- The
config_center
function is now implemented byconfig_provider
underdeployment
: #7901 - The
etcd
field is moved todeployment
: #7860 - The following Admin API configuration is moved to the
admin
field underdeployment
: #7823- admin_key
- enable_admin_cors
- allow_admin
- admin_listen
- https_admin
- admin_api_mtls
- admin_api_version
You can refer to the latest config-default.yaml
for details.
With the new 3.0 release, we took the opportunity to clean out many configurations that were previously marked as deprecated.
In the static configuration, we removed several fields as follows:
- Removed
enable_http2
andlisten_port
fromapisix.ssl
: #7717 - Removed
apisix.port_admin
: #7716 - Removed
etcd.health_check_retry
: #7676 - Removed
nginx_config.http.lua_shared_dicts
: #7677 - Removed
apisix.real_ip_header
: #7696
In the dynamic configuration, we made the following adjustments:
- Moved
disable
of the plugin configuration under_meta
: #7707 - Removed
service_protocol
from the Route: #7701
There are also specific plugin level changes:
- Removed
audience
field from authz-keycloak: #7683 - Removed
upstream
field from mqtt-proxy: #7694 - tcp-related configuration placed under the
tcp
field in error-log-logger: #7700 - Removed
max_retry_times
andretry_interval
fields from syslog: #7699 - The
scheme
field has been removed from proxy-rewrite: #7695
We have adjusted the response format of the Admin API in several PRs as follows:
The new response format is shown below:
Returns a single configuration:
{
"modifiedIndex": 2685183,
"value": {
"id": "1",
...
},
"key": "/apisix/routes/1",
"createdIndex": 2684956
}
Returns multiple configurations:
{
"list": [
{
"modifiedIndex": 2685183,
"value": {
"id": "1",
...
},
"key": "/apisix/routes/1",
"createdIndex": 2684956
},
{
"modifiedIndex": 2685163,
"value": {
"id": "2",
...
},
"key": "/apisix/routes/2",
"createdIndex": 2685163
}
],
"total": 2
}
- Port of Admin API changed to 9180: #7806
- We only support OpenResty 1.19.3.2 and above: #7625
- Adjusted the priority of the Plugin Config object so that the priority of a plugin configuration with the same name changes from Consumer > Plugin Config > Route > Service to Consumer > Route > Plugin Config > Service: #7614
- Integrating grpc-client-nginx-module to APISIX: #7917
- k8s service discovery support for configuring multiple clusters: #7895
- Support for injecting header with specified prefix in opentelemetry plugin: #7822
- Added openfunction plugin: #7634
- Added elasticsearch-logger plugin: #7643
- response-rewrite plugin supports adding response bodies: #7794
- log-rorate supports specifying the maximum size to cut logs: #7749
- Added workflow plug-in.
- Added Tencent Cloud Log Service plugin: #7593
- jwt-auth supports ES256 algorithm: #7627
- ldap-auth internal implementation, switching from lualdap to lua-resty-ldap: #7590
- http request metrics within the prometheus plugin supports setting additional labels via variables: #7549
- The clickhouse-logger plugin supports specifying multiple clickhouse endpoints: #7517
- gRPC proxy sets :authority request header to configured upstream Host: #7939
- response-rewrite writing to an empty body may cause AIPSIX to fail to respond to the request: #7836
- Fix the problem that when using Plugin Config and Consumer at the same time, there is a certain probability that the plugin configuration is not updated: #7965
- Only reopen log files once when log cutting: #7869
- Passive health checks should not be enabled by default: #7850
- The zipkin plugin should pass trace IDs upstream even if it does not sample: #7833
- Correction of opentelemetry span kind to server: #7830
- in limit-count plugin, different routes with the same configuration should not share the same counter: #7750
- Fix occasional exceptions thrown when removing clean_handler: #7648
- Allow direct use of IPv6 literals when configuring upstream nodes: #7594
- The wolf-rbac plugin adjusts the way it responds to errors:
- the phases after proxy didn't run when 500 error happens before proxy: #7703
- avoid error when multiple plugins associated with consumer and have rewrite phase: #7531
- upgrade lua-resty-etcd to 1.8.3 which fixes various issues: #7565
This is an LTS maintenance release and you can see the CHANGELOG in release/2.15
branch.
https://github.com/apache/apisix/blob/release/2.15/CHANGELOG.md#2153
This is an LTS maintenance release and you can see the CHANGELOG in release/2.15
branch.
https://github.com/apache/apisix/blob/release/2.15/CHANGELOG.md#2152
This is an LTS maintenance release and you can see the CHANGELOG in release/2.15
branch.
https://github.com/apache/apisix/blob/release/2.15/CHANGELOG.md#2151
- We now map the grpc error code OUT_OF_RANGE to http code 400 in grpc-transcode plugin: #7419
- Rename health_check_retry configuration in etcd section of
config-default.yaml
to startup_retry: #7304 - Remove
upstream.enable_websocket
which is deprecated since 2020: #7222
- Support running plugins conditionally: #7453
- Allow users to specify plugin execution priority: #7273
- Support getting upstream certificate from ssl object: #7221
- Allow customizing error response in the plugin: #7128
- Add metrics to xRPC Redis proxy: #7183
- Introduce deployment role to simplify the deployment of APISIX:
- Add ngx.shared.dict statistic in promethues plugin: #7412
- Allow using unescaped raw URL in proxy-rewrite plugin: #7401
- Add PKCE support to the openid-connect plugin: #7370
- Support custom log format in sls-logger plugin: #7328
- Export some params for kafka-client in kafka-logger plugin: #7266
- Add support for capturing OIDC refresh tokens in openid-connect plugin: #7220
- Add prometheus plugin in stream subsystem: #7174
- clear remain state from the latest try before retrying in Kubernetes discovery: #7506
- the query string was repeated twice when enabling both http_to_https and append_query_string in the redirect plugin: #7433
- don't send empty Authorization header by default in http-logger: #7444
- ensure both
group
anddisable
configurations can be used in limit-count: #7384 - adjust the execution priority of request-id so the tracing plugins can use the request id: #7281
- correct the transcode of repeated Message in grpc-transcode: #7231
- var missing in proxy-cache cache key should be ignored: #7168
- reduce memory usage when abnormal weights are given in chash: #7103
- cache should be bypassed when the method mismatch in proxy-cache: #7111
- Upstream keepalive should consider TLS param: ย ย - #7054 ย ย - #7466
- The redirect plugin sets a correct port during redirecting HTTP to HTTPS: ย ย - #7065
- The "unix:" in the
real_ip_from
configuration should not break the batch-requests plugin: #7106
- To adapt the change of OpenTelemetry spec, the default port of OTLP/HTTP is changed to 4318: #7007
- Introduce an experimental feature to allow subscribing Kafka message via APISIX. This feature is based on the pubsub framework running above websocket:
- Introduce an experimental framework called xRPC to manage non-HTTP L7 traffic:
- Now we support adding delay according to the command & key during proxying Redis traffic, which is built above xRPC:
- Introduce an experimental support to configure APISIX via xDS:
- Add
normalize_uri_like_servlet
option to normalize uri like servlet: #6984 - Zookeeper service discovery via apisix-seed: #6751
- The real-ip plugin supports recursive IP search like
real_ip_recursive
: #6988 - The api-breaker plugin allows configuring response: #6949
- The response-rewrite plugin supports body filters: #6750
- The request-id plugin adds nanoid algorithm to generate ID: #6779
- The file-logger plugin can cache & reopen file handler: #6721
- Add casdoor plugin: #6382
- The authz-keycloak plugin supports password grant: #6586
- Upstream keepalive should consider TLS param: #7054
- Do not expose internal error message to the client:
- DNS supports SRV record with port 0: #6739
- client mTLS was ignored sometimes in TLS session reuse: #6906
- The grpc-web plugin doesn't override Access-Control-Allow-Origin header in response: #6842
- The syslog plugin's default timeout is corrected: #6807
- The authz-keycloak plugin's
access_denied_redirect_uri
was bypassed sometimes: #6794 - Handle
USR2
signal properly: #6758 - The redirect plugin set a correct port during redirecting HTTP to HTTPS:
- Admin API rejects unknown stream plugin: #6813