description |
---|
This page contains the changelog entries for APIM 4.0.x and any future patch APIM 4.0.x releases |
Bug fixes
Gateway
- Gateway monitoring page has no data #9677
- The Assign Content policy seems to be broken when using with Retry policy #9737
Management API
Bug fixes
Management API
- Portal global API search is returning a 500 "maxClauseCount is set to 1024" #9730
Other
- [gravitee-policy-ratelimit] Thread Blocked on AsyncRateLimitRepository #9717
Improvements
Helm Charts
- Enhance the experience of deploying Gateway with Redis SSL using Helm Chart #9726
Bug fixes
Management API
Console
- Cannot create Backend-to-Backend Application from UI Console #9636
Portal
- Problem of swagger interpretation with redocly #9673
Other
Bug fixes
Gateway
- Secret Provider Setup #9586
- 431 (Request Header Fields Too Large) when submitting large JWT to gRPC API #9652
Console
- Performance issue with the analytics dashboard #9658
Portal
- Cannot Scroll in Markdown Documents #9634
- Showing Gravitee.io in Dev Portal browser tab only while the page loads #9663
Other
- Fail to enable the service on SUSE #9501
- Upgrade 3.20.22 to 4.2.2 - File report missing node metrics #9589
- [gravitee-policy-cache] Concurrency issue with v4 emulation engine #9635
- [gravitee-resource-auth-provider-http] Timeout when body parsing is failing #9640
- API List showing type as "Undefined" for v4 APIs in Postgres env #9643
- Authentication Provider table column too small #9664
Bug fixes
Management API
- Update import remove all members when a group is defined as a PO #9596
- Gravitee 4.2 OpenAPI issues #9632
Other
- [gravitee-policy-ipfiltering] DNS Lookup fails with some DNS servers #9592
- [gravitee-resource-auth-provider-http] Timeout when authentication condition is failing #9611
- Liquibase changelog 4.0.20-dashboards adding NOT NULL column without default value #9626
- APIM DashboardTypeUpgrader raises an error when used with DocumentDB #9631
Bug fixes
Gateway
- Improve HealthCheck service for v2 APIs #9543
Management API
- Condition field in JDBC dbs is too short #9595
Console
- [shared API key] API key mode not displayed on application screen #9612
Other
- API v4 proxy - problem with client SSL certificate
Bug fixes
Gateway
- Override HTTP Method #9526
Management API
- Shared API Key Does Not Always Bind to Subscriptions When Concurrent Requests Are Made #9502
- NullPointer Exception when importing an API with group as PO and members #9507
- APIM: Creating application with "@" in name automatically converts it to "@" #9514
- API description required with POST /apis/ on mAPI v2 #9527
- Importing an API with a group as PO but no PO user in this group should not be possible #9587
Console
- No longer possible to compare "published" and "to deploy" status #9491
- Re: Error when clicking on top failed API in platform dashbaord #9498
- Remove last user in group shows error #9517
Portal
- Documentation menu hidden #9590
Bug fixes
Management API
- Excluded groups on plan are not displayed after being imported or promoted to a new environment #9116
- Private APIs on the Portal are wrongly displayed #9513
- Modifying API definition causes loss of endpoint configuration #9520
Console
- When validating a JWT subscription, I'm asked to customize an APIkey #9489
Portal
- Documentation gets encoded after deployment #9490
- Customization problems in the Developer Portal #9495
- Subscriptions Not Visible in Portal If There Is a Push Plan #9511
Other
- "Propagate client Accept-Encoding header" option missing in V4 #9475
Bug fixes
Gateway
Bug fixes
Gateway
- Sometimes path-mapping is not working #9450
- Management API does not encode a value in the URL used in a pipe #9461
- gRPC backend received unexpected headers #9463
Management API
- Unable to switch to gRPC endpoint type from the Console UI #9456
- Updating an API reset the gRPC type of the endpoint #9464
- Can't create 2 virtualhosts having the same path but different host #9466
Console
- Can't create 2 virtualhosts having the same path but different host #9466
- Navigation in a multi-environments console is messed up #9467
Portal
- Docs not loaded instantly #9452
Helm Charts
- Backward incompatibility during Helm upgrade with old
values.yml
#9446
Bug fixes
Gateway
- Healthcheck service never stopped when using Service Discovery #9437
Management API
- API Does Not Deploy if a Common Flow Exists with Multiple Entrypoints Selected #9415
- Cannot delete API with too many events #9439
Console
- Inconsistency on "Inheritance" flag for endpoints/groups between frontend and backend #9407
- Flow Name Display Does Not Match Gateway Behavior #9416
- Log view too wide #9429
Portal
- Tickets Inaccessible When an API with Open Tickets Is Deleted #9422
- Cannot Scroll in Markdown Documentation in Portal #9424
- Synchronization inconsistency on ALL APIs page on Portal #9432
- Sign up doesn't work anymore #9440
Other
- Make some non-migrated policies available on REQUEST phase for message APIs #9430
Bug fixes
Gateway
- EL: Request's local address is evaluated in place of remote address #9408
Management API
- Can't stop a deprecated API #9406
Console
- Deploy banner not displayed when updating details of a plan #9380
- Error in Swagger documentation both in Portal and Console #9391
- Bad management of required file in OpenAPI #9414
Portal
- Error in Swagger documentation both in Portal and Console #9391
Helm Charts
Other
- Transform Query Parameters policy #9383
Improvements
Management API
- Add a resource in management API v1 to fetch API subscribers with pagination info #9410
Portal
- Update chore dependencies of Gravitee Portal #9418
Bug fixes
Management API
- Application
api_key_mode
is automatically and incorrectly set to EXCLUSIVE mode without owner consent #9348 - Environment rights: API "update" right is not enough to edit the entrypoint #9372
- APIM: Flows table / name column / extend column size #9377
- Cannot Import API Definition with Automatic Group Association #9385
Console
- API subscription fails with insufficient rights error #9341
- History not available if too many deployments #9359
- APIM Console doc links point to old documentation site #9386
Portal
- API subscription fails with insufficient rights error #9341
- The "All rights reserved" mention on Portal is using an old date #9384
Other
Improvements
Gateway
- Health Check: Allow to use response time in assertion #9388
Helm Charts
- Allow to configure Gateway timeouts in the Helm Chart #9392
Bug fixes
Gateway
- Gateways not able to send bulk index data to ES8 #9361
- When using push plan there is no log when subscription webhook ends in error #9363
Management API
- Email related to closed, paused and resumed subscription of API_KEY plan are sent with an empty body #9355
- JDBC deadlocks on Command table when running multiple Management API #9356
- Error running graviteeio-apim-rest-api-4.1.2 #9360
- Unable to access Alerts screen when there are millions of AlertEvents #9362
- Unable to deploy an API with huge API definition and already a lot of deployments #9364
- Security - Enforce password policy for users #9374
Other
- GKO - API state does not get updated #9338
- [RabbitMQ] message not logged when Rabbit's message does not defined correlationId #9353
- Groovy policy with On-request script not working in v4 engine emulation mode #9367
- Generate JWT not working with APIM 4.x #9371
- Missing “generate JWT policy” on a v4 message API entrypoint Request phase #9373
Bug fixes
Management API
- Can't create Backend-to-Backend applications #9157
- Can't assign a group to a Backend-to-Backend application #9158
- Invalid CORS Allow Origin Can Be Imported To Create New API #9212
- Unable to create custom email notification template #9284
- Attached Media is lost when the API Documentation is renamed #9285
- User email address policy treats valid email address as invalid #9293
- Endpoint Configuration Resets to Default after Redeployment #9296
- Alert template not automatically applied to new APIs #9323
- Unable to import OpenAPI spec with unused
variables
inservers
definition #9329 - User with quotes in last name isn't properly sanitized #9336
- Listening Hosts are mandatory in Virtual Hosts mode #9343
- The OpenAPI schema to close a plan has incorrect response code #9351
Console
- Unable to Update API with Open API YAML File #9202
- Unable to edit flows once saved with an invalid configuration #9274
Portal
- Custom wide logo is too small in the Portal header #9337
Other
- IP Filtering policy blacklist does not work if there is a space in the IP address #9083
- Domain name (host) in whitelist does not work in IP Filtering policy #9198
- JWS policy doesn't work with Java 17 #9211
- Data Logging Masking policy #9215
- Jaeger not working with APIM 4+ #9331
- Quotify the namespace defined in ServiceAccount to avoid errors #9345
Bug fixes
Gateway
- Health check doesn't support endpoint with EL #8700
resource-filtering
policy does not work with debug mode #9267- Gateways take proxy configuration but should not #9278
Management API
- Emails related to closed, paused, and resumed subscription of PUSH plan are not sent #9281
- Unable to update health checks on endpoints with REST API v2 #9283
Console
- "Configure logging mode" link not working #9213
- "Add members" button does not work for group admin #9241
- Unable to remove expiration date of an API Key #9248
- Non-admin users can't see API Keys of APIs they created #9268
- Console: Add date time picker instead of only date for subscription date field #9271
Other
Bug fixes
Gateway
- 401 Error with OAuth2 plan after API synchronization #9251
- Metrics for long running connection reported only once closed #9259
- Metrics timers for message API request are not set #9263
Console
- Deprecated API is displayed as Published on Dashboard (CE only), Published appears twice #9249
- API Status shows a default API picture icon instead of the configured one #9250
- DCR Provider Does Not Appear in UI #9257
Other
- Mock Policy - Example value is not correct when the GET method returns an array #6289
- [MQTT5.x] Improve security choice #9173
- No flow in Design API #9242
- Remove SMTP default example configuration in Helm #9243
- Allow ingress wildcard in Helm chart #9246
- Getting 400 bad requests and random timeouts APIM version 3.20.14 #9266
Bug fixes
Management API
Bug fixes
Gateway
- Do not consider semicolon as query param separator #9131
- Gateway defaults to v3 execution mode while APIM defaults to v4 #9217
- APIs with
null
sharding tags shouldn't be deployed on Gateway with tags #9219
Console
- Restarting UI container leads to HTTP 301 #9186
Bug fixes
Gateway
- Override Kafka topic using attribute isn't possible at the moment #9201
Management API
- Webhook Notifier has hardcoded 200 value for status code and will not accept other 20x codes #9096
Console
Bug fixes
Management API
- Primary owner can remove himself from application with Management API #9171
- v4 API analytics sampling not mapped on get or export #9203
Console
- A right-click on an item link in the side navigation menu does not allow "open in a new tab" #9146
- 503 errors when tenants are specified #9176
- Redeploy banner not shown when new plan published #9200
Other
- ElasticSearch configuration for keystore certs and keys not mapped correctly #9208
Bug fixes
Management API
- "Export as CSV" on Subscriptions only exports displayed values #8965
- Membership duplication ignores Primary Owner of source API and can create a duplicated membership in the new API #9184
- Page duplication does not update lastContributor attribute #9185
Console
- Console Analytics & Logs: 500 error is displayed when trying to view analytics and logs using a date range greater than 90 days #6777
- Health Check Active When Configured Globally but Not Enabled on the Endpoint #9149
Other
- Improve permission granulation for environment settings #9150
Bug fixes
Gateway
- Snappy dependency error when calling Kafka API #9181
Management API
- Improve MongoDB indices #9162
- Improve v4 API import #9163
- DB upgrade fails on JDBC repositories 3.20.x to 4.x #9182
Console
Bug fixes
Portal
- Logout issue on portal #9156
Other
- API promotion fails if sharding tags applied on API #9121
For more in-depth information on what's new, please refer to the Gravitee APIM 4.0 release notes.
What's new
API Management Console
- API List support for v4 APIs
- New API General page for for v4 APIs
- New support for configuring v4 APIs:
- Dynamic Entrypoint configuration
- Dynamic Endpoint configuration
- Plan configuration
- Subscription configuration
API Creation Wizard
- New API creation wizard that supports the Gravitee v4 API definition.
- v4 API Creation wizard support for the following Endpoints:
- Kafka
- MQTT
- RabbitMQ (if using AMQP 0-9-1 protocol)
- Mock
- v4 API Creation wizard support for the following Entrypoints:
- WebSocket
- Webhooks
- Server-sent Events (SSE)
- HTTP GET
- HTTP POST
- Support for Gravitee protocol mediation in the new v4 API Creation Wizard
- New RabbitMQ endpoint
Policy Design and Enforcement
- New Policy Studio that supports v4 APIs
- v4 Policy Studio support for message-level policies
- v4 Policy Studio support for policy enforcement on publish and subscribe phases for pub/sub communication
- Made existing Gravitee policies enforceable for v4 APIs:
- API key policy
- JWT policy
- Keyless policy
- OAuth2 policy
- JSON to JSON policy
- JSON to XML policy
- XML to JSON
- Assign attributes policy
- Latency policy
- Circuit breaker policy
- Retry policy
- Cache policy
- Transform headers policy
- New Cloud Events policy
- New serialization and deserialization policies
- JSON to Avro policy
- Avro to JSON policy
Developer Portal
- Configure Webhook subscription details in the Developer Portal (by the consumer/subscriber)
Integrations
- Datadog reporter
Management API
- v2 Management API that supports actions for v4 APIs
Kubernetes Operator
- Use the Kubernetes Operator as a Kubernetes ingress controller
- Maintain a unique custom resource definition (CRD) for your API across all Gravitee environments
- Manage application-level CRDs through the Gravitee Kubernetes Operator
- Define the ManagementContext for your CRD and control whether the API should be local or global
MongoDB Migration Scripts
- MongoDB migration scripts are now embedded and automatically executed when starting APIM. There is no longer a need to run JavaScript scripts manually.
Breaking Changes
EE plugins
- Starting with APIM 4.0, particular plugins are only available to enterprise customers. See Gravitee APIM Enterprise Edition for additional information.
Running APIM
- APIM now requires a minimum of JDK 17.
- Starting with 4.0.0, there will no longer be enterprise tags (i.e. suffixed by
-ee
). - Cluster managers are now available as plugins. Therefore, Hazelcast Cluster Manager has been removed from the default distribution.
- TLS 1.0 and TLS 1.1 protocols are disabled by default. You can still enable these protocols with the proper TCP SSL configuration of the Gateway:
{% code title="gravitee.yaml" %}
http:
ssl:
tlsProtocols: TLSv1.0, TLSv1.1, TLSv1.2
{% endcode %}
or using environment variables:
GRAVITEE_HTTP_SSL_TLSPROTOCOLS=TLSv1.0,TLSv1.1,TLSv1.2
Docker images
To be compliant with CIS_Docker_v1.5.0_L1, the Docker images are now using a dedicated user: graviteeio
.
This means that if you:
- Use the official images and deploy them to Kubernetes, nothing changes.
- Build your own Dockerfile based on Gravitee images, you must ensure the correct rights are set on the files and directories you add to the image.
- Deploy in
openshift
, you have to add the following configuration to your deployment:
securityContext:
runAsGroup: 1000
Monitoring APIM
- The name of the sync probe has been changed from
api-sync
tosync-process
to make it explicit when all sync processes have been completed. - The content of the sync handler has changed slightly to align with new concepts:
initialDone
:true
if the first initial synchronization is donecounter
: The number of iterationsnextSyncTime
: Time of the next synchronizationlastOnError
: The latest synchronization with an errorlastErrorMessage
: IflastOnError
istrue
, the content of the error messagetotalOnErrors
: The number of iterations with an error
- v4 APIs currently only support the ElasticSearch reporter. If any other reporter is configured at the Gateway level, each v4 API call will produce an error log.
- When using a different reporter, it remains possible to disable analytics on a per-API basis to avoid generating error logs for v4 APIs.
Managing APIs
-
The endpoint configuration is now split into:
- A shared configuration that can be used at the group level
- A configuration dedicated to the endpoint that can override the shared configuration.
Existing v4 APIs need to be updated and reconfigured accordingly.
-
An unused and outdated feature regarding file synchronization known as
localregistry
has been removed. -
Subscriptions with
type: SUBSCRIPTION
have been renamed totype: PUSH
. Plans have a new field calledmode
that isSTANDARD
by default but needs to bePUSH
for all Push plans.- A mongo script is available to migrate the data in MongoDB.
-
Jupiter mode has been replaced with the v4 emulation engine:
jupiterModeEnabled
configuration has been removed and can no longer be disabled.- By default, any v2 API created or imported will emulate V4 Engine.
- All new requests will use the new
HttpProtocolVerticle
introduced with the V4 engine. The oldReactorVerticle
has been removed. - The default timeout is set to 30s for any request.
-
Security policies such as Keyless, ApiKey, JWT, and Oauth2 have been updated to return a simple Unauthorized message in case of an error. No additional details are provided to protect against a potential attacker. This impacts both v2 and v4 APIs. Error keys remain available for error templating. Here is a list of error keys by policy:
ApiKey
- API_KEY_MISSING
- API_KEY_INVALID
- JWT
- JWT_MISSING_TOKEN
- JWT_INVALID_TOKEN
Oauth2
- OAUTH2_MISSING_SERVER
- OAUTH2_MISSING_HEADER
- OAUTH2_MISSING_ACCESS_TOKEN
- OAUTH2_INVALID_ACCESS_TOKEN
- OAUTH2_INVALID_SERVER_RESPONSE
- OAUTH2_INSUFFICIENT_SCOPE
- OAUTH2_SERVER_UNAVAILABLE
-
Plan selection has been changed to reflect the actual security applied on the API:
Keyless
- Will ignore any type of security (API key, Bearer token, etc.).
- If another plan has detected a security token, valid or invalid, all flows assigned to the Keyless plan will be ignored.
API Key
- Retrieve the API key from the request header or query parameters (default header:
X-Gravitee-Api-Key
and default query parameter:api-key
). - While it was previously ignored, an empty API key is now considered invalid.
JWT
- Retrieve JWT from
Authorization
header or query parameters. - Ignore empty
Authorization
header or any type other than Bearer. - While it was previously ignored, an empty Bearer token is now considered invalid.
OAuth2
- Retrieve OAuth2 from
Authorization
header or query parameters. - Ignore empty
Authorization
header or any type other than Bearer. - While it was previously ignored, an empty Bearer token is now considered invalid.
-
Plugins are now overridden when duplicates (id/type) are found. The plugin zip file with the most recent modified time is kept and others are ignored. Notably, this allows
additionalPlugins
for Helm chart-based deployment to operate efficiently without the need to remove bundled plugins. -
The v4 API definition now expects a
FlowExecution
object instead of aFlowMode
enumeration. -
The Gravitee Expression Language (EL) syntax to access custom API properties has changed from
{#properties}
to{#api.properties}
. -
The
Endpoint
schema is now split into two schemas and theEndpoint
object contains two string fields to manage both the configuration specific to the endpoint and the configuration that may be overridden from theEndpointGroup
. -
Endpoint name and endpoint group name must be unique.
-
Analytics have been introduced and the old logging configuration has been moved. For v4 APIs only, a new
Analytics
object is available on the API allowing you to configure all aspects of analytics:"analytics": { "enabled" : true|false, "logging": { ... }, "messageSampling" : { ... } }
-
The Webhook subscription configuration structure has changed.
-
ApiType
enumeration has been renamed:SYNC
becomesPROXY
andASYNC
becomesMESSAGE
). v4 APIs and PUBLISH_API events related to V4 APIs with old values may prevent the service to start properly. The following script migrates data for MongoDB:
print('Rename ApiType from SYNC & ASYNC to PROXY & MESSAGE');
// Override this variable if you use prefix
const prefix = "";
let apisCollection = db.getCollection(`${prefix}apis`);
apisCollection.find({"definitionVersion": "V4"}).forEach((api) => {
if (api.type == "SYNC") {
api.definition = api.definition.replace('"type" : "sync"', '"type" : "proxy"');
api.type = "PROXY";
apisCollection.replaceOne({ _id: api._id }, api);
}
if (api.type == "ASYNC") {
api.definition = api.definition.replace('"type" : "async"', '"type" : "message"');
api.type = "MESSAGE";
apisCollection.replaceOne({ _id: api._id }, api);
}
});
let eventsCollection = db.getCollection(`${prefix}events`);
eventsCollection.find({"type": "PUBLISH_API"}).forEach((event) => {
event.payload = event.payload.replace('\\"type\\" : \\"sync\\"', '\\"type\\" : \\"proxy\\"');
event.payload = event.payload.replace('\\"type\\" : \\"async\\"', '\\"type\\" : \\"message\\"');
event.payload = event.payload.replace('"type" : "sync"', '"type" : "proxy"');
event.payload = event.payload.replace('"type" : "async"', '"type" : "message"');
eventsCollection.replaceOne({ _id: event._id }, event);
});
Login Endpoint
In previous versions, sending a POST request to /user/login
without an Authorization
header returned HTTP Response 200.
Starting with 4.0.0, if a POST request to /user/login
does not have an Authorization
header, it will receive an HTTP response 401 - Unauthorized.