We have identified an issue affecting Tyk Gateway deployed as a data plane connecting to the Multi-Data Center Bridge (MDCB) control plane or Tyk Cloud. In the above mentioned Gateway versions a panic may occur when gateway reconnect to the control plane after the control plane is restarted. +
Our engineering team is actively working on a fix, and a patch (versions 5.6.1, 5.3.7, and 5.0.15) will be released soon.
+Recommendations:
+
We appreciate your understanding and patience as we work to resolve this. Please stay tuned for the upcoming patch release, which will address this issue.
+{{< /note >}}
+
### Breaking Changes
+
**Attention:** Please read this section carefully.
There are no breaking changes in this release.
@@ -25,12 +100,13 @@ There are no breaking changes in this release.
This release is not tightly coupled with Tyk Dashboard v5.0.14, so you do not have to upgrade both together.
-
-Go to the [Upgrading Tyk](https://tyk.io/docs/product-stack/tyk-gateway/release-notes/version-5.0/#upgrading-tyk) section for detailed upgrade instructions.
+Go to the [Upgrading Tyk](https://tyk.io/docs/product-stack/tyk-gateway/release-notes/version-5.0/#upgrading-tyk)
+section for detailed upgrade instructions.
### Release Highlights
-This release fixes some issues related to the way that Tyk performs URL path matching, introducing two new Gateway configuration options to control path matching strictness.
+This release fixes some issues related to the way that Tyk performs URL path matching, introducing two new Gateway
+configuration options to control path matching strictness.
### Changelog {#Changelog-v5.0.14}
@@ -41,15 +117,24 @@ This release fixes some issues related to the way that Tyk performs URL path mat
Implemented Gateway configuration options to set URL path matching strictness
-We have introduced two new options in the `http_server_options` [Gateway configuration]({{< ref "tyk-oss-gateway/configuration#http_server_options" >}}) that will enforce prefix and/or suffix matching when Tyk performs checks on whether middleware or other logic should be applied to a request:
+We have introduced two new options in the `http_server_options` [Gateway
+configuration]({{< ref "tyk-oss-gateway/configuration#http_server_options" >}}) that will enforce prefix and/or suffix matching
+when Tyk performs checks on whether middleware or other logic should be applied to a request:
-- `enable_path_prefix_matching` ensures that the start of the request path must match the path defined in the API definition
-- `enable_path_suffix_matching` ensures that the end of the request path must match the path defined in the API definition
-- combining `enable_path_prefix_matching` and `enable_path_suffix_matching` will ensure an exact (explicit) match is performed
+- `enable_path_prefix_matching` ensures that the start of the request path must match the path defined in the API
+ definition
+- `enable_path_suffix_matching` ensures that the end of the request path must match the path defined in the API
+ definition
+- combining `enable_path_prefix_matching` and `enable_path_suffix_matching` will ensure an exact (explicit) match is
+ performed
-These configuration options provide control to avoid unintended matching of paths from Tyk's default *wildcard* match. Use of regex special characters when declaring the endpoint path in the API definition will automatically override these settings for that endpoint.
+These configuration options provide control to avoid unintended matching of paths from Tyk's default _wildcard_ match.
+Use of regex special characters when declaring the endpoint path in the API definition will automatically override these
+settings for that endpoint.
+
+**Tyk recommends that exact matching is employed, but both options default to `false` to avoid introducing a breaking
+change for existing users.**
-**Tyk recommends that exact matching is employed, but both options default to `false` to avoid introducing a breaking change for existing users.**
Incorrectly configured regex in policy affected Path-Based Permissions authorization
-Fixed an issue when using granular [Path-Based Permissions]({{< ref "security/security-policies/secure-apis-method-path" >}}) in access policies and keys that led to authorization incorrectly being granted to endpoints if an invalid regular expression was configured in the key/policy. Also fixed an issue where path-based parameters were not correctly handled by Path-Based Permissions. Now Tyk's authorization check correctly handles both of these scenarios granting access only to the expected resources.
+Fixed an issue when using granular [Path-Based
+Permissions]({{< ref "security/security-policies/secure-apis-method-path" >}}) in access policies and keys that led to authorization
+incorrectly being granted to endpoints if an invalid regular expression was configured in the key/policy. Also fixed an issue
+where path-based parameters were not correctly handled by Path-Based Permissions. Now Tyk's authorization check correctly
+handles both of these scenarios granting access only to the expected resources.
+
We have identified an issue affecting Tyk Gateway deployed as a data plane connecting to the Multi-Data Center Bridge (MDCB) control plane or Tyk Cloud. In the above mentioned Gateway versions a panic may occur when gateway reconnect to the control plane after the control plane is restarted. +
Our engineering team is actively working on a fix, and a patch (versions 5.6.1, 5.3.7, and 5.0.15) will be released soon.
+Recommendations:
+
We appreciate your understanding and patience as we work to resolve this. Please stay tuned for the upcoming patch release, which will address this issue.
+{{< /note >}}
+
+### Release Highlights
+
+This release primarily focuses on bug fixes. For a comprehensive list of changes, please refer to the detailed
+[changelog]({{< ref "#Changelog-v5.3.6">}}) below.
+
+### Breaking Changes
+
+Docker images are now based on [distroless](https://github.com/GoogleContainerTools/distroless). No shell is shipped in
+the image.
+
+If moving from an version of Tyk older than 5.3.0 please read the explanation provided with [5.3.0 release]({{< ref "#TykOAS-v5.3.0">}}).
+
+### Deprecations
+
+There are no deprecations in this release.
+
+### Upgrade Instructions
+
+When upgrading to 5.3.6 please follow the [detailed upgrade instructions](#upgrading-tyk).
### Dependencies
@@ -56,16 +301,16 @@ Version compatibility with other components in the Tyk stack. This takes the for
-| Gateway Version | Recommended Releases | Backwards Compatibility |
-|---- |---- |---- |
-| 5.3.5 | MDCB v2.5.1 | MDCB v2.5.1 |
-| | Operator v0.17 | Operator v0.16 |
-| | Sync v1.4.3 | Sync v1.4.3 |
-| | Helm Chart (tyk-stack, tyk-oss, tyk-dashboard, tyk-gateway) v2.0.0 | Helm all versions |
-| | EDP v1.8.3 | EDP all versions |
-| | Pump v1.9.0 | Pump all versions |
-| | TIB (if using standalone) v1.5.1 | TIB all versions |
+| Gateway Version | Recommended Releases | Backwards Compatibility |
+| --------------- | ------------------------------------------------------------------ | ----------------------- |
+| 5.3.6 | MDCB v2.5.1 | MDCB v2.5.1 |
+| | Operator v0.17 | Operator v0.16 |
+| | Sync v1.4.3 | Sync v1.4.3 |
+| | Helm Chart (tyk-stack, tyk-oss, tyk-dashboard, tyk-gateway) v2.0.0 | Helm all versions |
+| | EDP v1.8.3 | EDP all versions |
+| | Pump v1.9.0 | Pump all versions |
+| | TIB (if using standalone) v1.5.1 | TIB all versions |
#### 3rd Party Dependencies & Tools
@@ -75,16 +320,206 @@ Additionally, a disclaimer statement was added below the table, for customers to
An example is given below for illustrative purposes only. Tested Versions and Compatible Versions information will require discussion with relevant squads and QA. -->
+| Third Party Dependency | Tested Versions | Compatible Versions | Comments |
+| ------------------------------------------------------------- | --------------- | ------------------- | ------------------------------------------------------------------------------------------ |
+| [Go](https://go.dev/dl/) | 1.22 | 1.22 | [Go plugins]({{< ref "plugins/supported-languages/golang" >}}) must be built using Go 1.22 |
+| [Redis](https://redis.io/download/) | 6.2.x, 7.x | 6.2.x, 7.x | Used by Tyk Gateway |
+| [OpenAPI Specification](https://spec.openapis.org/oas/v3.0.3) | v3.0.x | v3.0.x | Supported by [Tyk OAS]({{< ref "tyk-apis/tyk-gateway-api/oas/x-tyk-oas-doc" >}}) |
+
+Given the potential time difference between your upgrade and the release of this version, we recommend users verify the
+ongoing support of third-party dependencies they install, as their status may have changed since the release.
+
+### Downloads
+
+- [Docker image to pull](https://hub.docker.com/r/tykio/tyk-gateway/tags?page=&page_size=&ordering=&name=v5.3.6)
+ - ```bash
+ docker pull tykio/tyk-gateway:v5.3.6
+ ```
+- Helm charts
+ - [tyk-charts v2.0.0]({{}})
+- [Source code tarball for OSS projects](https://github.com/TykTechnologies/tyk/releases)
+
+### Changelog {#Changelog-v5.3.6}
+
+
+
+#### Changed
+
+
+
+
+
+#### Fixed
+
+Upgrade to Go 1.22 for Tyk Gateway
-| Third Party Dependency | Tested Versions | Compatible Versions | Comments |
-| ------------------------------------------------------------ | ---------------------- | ---------------------- | -------- |
-| [Go](https://go.dev/dl/) | 1.19 (GQL), 1.21 (GW) | 1.19 (GQL), 1.21 (GW) | [Go plugins]({{< ref "plugins/supported-languages/golang" >}}) must be built using Go 1.21 |
-| [Redis](https://redis.io/download/) | 6.2.x, 7.x | 6.2.x, 7.x | Used by Tyk Gateway |
-| [OpenAPI Specification](https://spec.openapis.org/oas/v3.0.3)| v3.0.x | v3.0.x | Supported by [Tyk OAS]({{< ref "tyk-apis/tyk-gateway-api/oas/x-tyk-oas-doc" >}}) |
+The Tyk Gateway has been upgraded from Golang 1.21 to Golang 1.22, bringing enhanced performance, strengthened security,
+and access to the latest features available in the new Golang release.
+Introducing Distroless Containers for Tyk Gateway (2024 LTS)
+In this release, we've enhanced the security of the Tyk Gateway image by changing the build process to support
+[distroless](https://github.com/GoogleContainerTools/distroless) containers. This significant update addresses critical
+CVEs associated with Debian, ensuring a more secure and minimal runtime environment. Distroless containers reduce the
+attack surface by eliminating unnecessary packages, which bolsters the security of your deployments.
+
+
+
+
+#### Security Fixes
+
+
+
+Custom Response Plugins not working for Tyk OAS APIs
+
+We have resolved an issue where custom [response plugins]({{< ref "plugins/plugin-types/response-plugins" >}}) were not being
+triggered for Tyk OAS APIs. This fix ensures that all [supported]({{< ref "getting-started/using-oas-definitions/oas-reference" >}})
+custom plugins are invoked as expected when using Tyk OAS APIs.
+
+Data plane gateways sometimes didn't synchronise policies and APIs on start-up
+
+We have enhanced the initial synchronization of Data Plane gateways with the Control Plane to ensure more reliable
+loading of policies and APIs on start-up. A synchronous initialization process has been implemented to avoid sync
+failures and reduce the risk of service disruptions caused by failed loads. This update ensures smoother and more
+consistent syncing of policies and APIs in distributed deployments.
+
+Quota wasn't respected under extreme load
+
+We have fixed an issue where the quota limit was not being consistently respected during request spikes, especially in
+deployments with multiple gateways. The problem occurred when multiple gateways cached the current and remaining quota
+counters at the end of quota periods. To address this, a distributed lock mechanism has been implemented, ensuring
+coordinated quota resets and preventing discrepancies across gateways.
+
+Restored Key Creation Speed in Gateway 4.0.13 and Later
+
+We have addressed a performance regression identified in Tyk Gateway versions 4.0.13 and later, where key creation for
+policies with a large number of APIs (100+) became significantly slower. The operation, which previously took around 1.5
+seconds in versions 4.0.0 to 4.0.12, was taking over 20 seconds in versions 4.0.13 and beyond. This issue has been
+resolved by optimizing Redis operations during key creation, restoring the process to its expected speed of
+approximately 1.5 seconds, even with a large number of APIs in the policy.
+
+
+
+
+---
+
+## 5.3.5 Release Notes
+
+### Release Date 26 September 2024
+
+### Release Highlights
+
+This release fixes some issues related to the way that Tyk performs URL path matching, introducing two new Gateway
+configuration options to control path matching strictness. For a comprehensive list of changes, please refer to the
+detailed [changelog]({{< ref "#Changelog-v5.3.5">}}) below.
+
+### Breaking Changes
+
+There are no breaking changes in this release, however if moving from an version of Tyk older than 5.3.0 please read the
+explanation provided with [5.3.0 release]({{< ref "#TykOAS-v5.3.0">}}).
+
+### Deprecations
+
+There are no deprecations in this release.
+
+### Upgrade Instructions
+
+When upgrading to 5.3.5 please follow the [detailed upgrade instructions](#upgrading-tyk).
+
+### Dependencies
+
+
+
+#### Compatibility Matrix For Tyk Components
+
+
+
+| Gateway Version | Recommended Releases | Backwards Compatibility |
+| --------------- | ------------------------------------------------------------------ | ----------------------- |
+| 5.3.5 | MDCB v2.5.1 | MDCB v2.5.1 |
+| | Operator v0.17 | Operator v0.16 |
+| | Sync v1.4.3 | Sync v1.4.3 |
+| | Helm Chart (tyk-stack, tyk-oss, tyk-dashboard, tyk-gateway) v2.0.0 | Helm all versions |
+| | EDP v1.8.3 | EDP all versions |
+| | Pump v1.9.0 | Pump all versions |
+| | TIB (if using standalone) v1.5.1 | TIB all versions |
+
+#### 3rd Party Dependencies & Tools
+
+
+
+| Third Party Dependency | Tested Versions | Compatible Versions | Comments |
+| ------------------------------------------------------------- | --------------------- | --------------------- | ------------------------------------------------------------------------------------------ |
+| [Go](https://go.dev/dl/) | 1.19 (GQL), 1.21 (GW) | 1.19 (GQL), 1.21 (GW) | [Go plugins]({{< ref "plugins/supported-languages/golang" >}}) must be built using Go 1.21 |
+| [Redis](https://redis.io/download/) | 6.2.x, 7.x | 6.2.x, 7.x | Used by Tyk Gateway |
+| [OpenAPI Specification](https://spec.openapis.org/oas/v3.0.3) | v3.0.x | v3.0.x | Supported by [Tyk OAS]({{< ref "tyk-apis/tyk-gateway-api/oas/x-tyk-oas-doc" >}}) |
+
+Given the potential time difference between your upgrade and the release of this version, we recommend users verify the
+ongoing support of third-party dependencies they install, as their status may have changed since the release.
### Downloads
@@ -96,7 +531,6 @@ Given the potential time difference between your upgrade and the release of this
- [tyk-charts v2.0.0]({{}})
- [Source code tarball for OSS projects](https://github.com/TykTechnologies/tyk/releases)
-
### Changelog {#Changelog-v5.3.5}
#### Compatibility Matrix For Tyk Components
+
-| Gateway Version | Recommended Releases | Backwards Compatibility |
-|---- |---- |---- |
-| 5.3.4 | MDCB v2.5.1 | MDCB v2.5.1 |
-| | Operator v0.17 | Operator v0.16 |
-| | Sync v1.4.3 | Sync v1.4.3 |
-| | Helm Chart (tyk-stack, tyk-oss, tyk-dashboard, tyk-gateway) v1.4.0 | Helm all versions |
-| | EDP v1.8.3 | EDP all versions |
-| | Pump v1.9.0 | Pump all versions |
-| | TIB (if using standalone) v1.5.1 | TIB all versions |
+| Gateway Version | Recommended Releases | Backwards Compatibility |
+| --------------- | ------------------------------------------------------------------ | ----------------------- |
+| 5.3.4 | MDCB v2.5.1 | MDCB v2.5.1 |
+| | Operator v0.17 | Operator v0.16 |
+| | Sync v1.4.3 | Sync v1.4.3 |
+| | Helm Chart (tyk-stack, tyk-oss, tyk-dashboard, tyk-gateway) v1.4.0 | Helm all versions |
+| | EDP v1.8.3 | EDP all versions |
+| | Pump v1.9.0 | Pump all versions |
+| | TIB (if using standalone) v1.5.1 | TIB all versions |
#### 3rd Party Dependencies & Tools
+
+| Third Party Dependency | Tested Versions | Compatible Versions | Comments |
+| ------------------------------------------------------------- | --------------------- | --------------------- | ------------------------------------------------------------------------------------------ |
+| [Go](https://go.dev/dl/) | 1.19 (GQL), 1.21 (GW) | 1.19 (GQL), 1.21 (GW) | [Go plugins]({{< ref "plugins/supported-languages/golang" >}}) must be built using Go 1.21 |
+| [Redis](https://redis.io/download/) | 6.2.x, 7.x | 6.2.x, 7.x | Used by Tyk Gateway |
+| [OpenAPI Specification](https://spec.openapis.org/oas/v3.0.3) | v3.0.x | v3.0.x | Supported by [Tyk OAS]({{< ref "tyk-apis/tyk-gateway-api/oas/x-tyk-oas-doc" >}}) |
-| Third Party Dependency | Tested Versions | Compatible Versions | Comments |
-| ------------------------------------------------------------ | ---------------------- | ---------------------- | -------- |
-| [Go](https://go.dev/dl/) | 1.19 (GQL), 1.21 (GW) | 1.19 (GQL), 1.21 (GW) | [Go plugins]({{< ref "plugins/supported-languages/golang" >}}) must be built using Go 1.21 |
-| [Redis](https://redis.io/download/) | 6.2.x, 7.x | 6.2.x, 7.x | Used by Tyk Gateway |
-| [OpenAPI Specification](https://spec.openapis.org/oas/v3.0.3)| v3.0.x | v3.0.x | Supported by [Tyk OAS]({{< ref "tyk-apis/tyk-gateway-api/oas/x-tyk-oas-doc" >}}) |
-
-
-Given the potential time difference between your upgrade and the release of this version, we recommend users verify the ongoing support of third-party dependencies they install, as their status may have changed since the release.
-
+Given the potential time difference between your upgrade and the release of this version, we recommend users verify the
+ongoing support of third-party dependencies they install, as their status may have changed since the release.
### Downloads
+
- [Docker image to pull](https://hub.docker.com/r/tykio/tyk-gateway/tags?page=&page_size=&ordering=&name=v5.3.4)
- ```bash
docker pull tykio/tyk-gateway:v5.3.4
@@ -222,42 +672,43 @@ Given the potential time difference between your upgrade and the release of this
- [tyk-charts v1.4]({{< ref "product-stack/tyk-charts/release-notes/version-1.4.md" >}})
- [Source code tarball for OSS projects](https://github.com/TykTechnologies/tyk/releases)
-
### Changelog {#Changelog-v5.3.4}
Since this release was version bumped only to align with Dashboard v5.3.4, no changes were encountered in this release.
---
-## 5.3.3 Release Notes
+## 5.3.3 Release Notes
### Release Date August 2nd 2024
-
### Breaking Changes
-**Attention**: Please read this section carefully.
-
-There are no breaking changes in this release, however if moving from an version of Tyk older than 5.3.0 please read the explanation provided with [5.3.0 release]({{< ref "#TykOAS-v5.3.0">}}).
+**Attention**: Please read this section carefully.
+There are no breaking changes in this release, however if moving from an version of Tyk older than 5.3.0 please read the
+explanation provided with [5.3.0 release]({{< ref "#TykOAS-v5.3.0">}}).
### Deprecations
-There are no deprecations in this release.
+There are no deprecations in this release.
### Upgrade Instructions
-If you are using 5.3.0 we advise you to upgrade ASAP and if you are on an older version you should first [upgrade to 5.3.0](#upgrade-5.3.0) and then upgrade directly to this release. Go to the [Upgrading Tyk](#upgrading-tyk) section for detailed upgrade instructions.
+When upgrading to 5.3.3 please follow the [detailed upgrade instructions](#upgrading-tyk).
### Release Highlights
#### Bug Fixes
-This release primarily focuses on bug fixes. For a comprehensive list of changes, please refer to the detailed [changelog]({{< ref "#Changelog-v5.3.3">}}) below.
+This release primarily focuses on bug fixes. For a comprehensive list of changes, please refer to the detailed
+[changelog]({{< ref "#Changelog-v5.3.3">}}) below.
#### FIPS Compliance
-Tyk Gateway now offers [FIPS 140-2](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf) compliance. For further details please consult [Tyk API Management FIPS support]({{< ref "developer-support/special-releases-and-features/fips-release" >}}).
+Tyk Gateway now offers [FIPS 140-2](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf) compliance. For further
+details please consult [Tyk API Management
+FIPS support]({{< ref "developer-support/special-releases-and-features/fips-release" >}}).
### Dependencies
@@ -266,38 +717,39 @@ Version compatibility with other components in the Tyk stack. This takes the for
3rd party dependencies and tools -->
#### Compatibility Matrix For Tyk Components
+
-| Gateway Version | Recommended Releases | Backwards Compatibility |
-|---- |---- |---- |
-| 5.3.3 | MDCB v2.5.1 | MDCB v2.5.1 |
-| | Operator v0.17 | Operator v0.16 |
-| | Sync v1.4.3 | Sync v1.4.3 |
-| | Helm Chart (tyk-stack, tyk-oss, tyk-dashboard, tyk-gateway) v1.4.0 | Helm all versions |
-| | EDP v1.8.3 | EDP all versions |
-| | Pump v1.9.0 | Pump all versions |
-| | TIB (if using standalone) v1.5.1 | TIB all versions |
+| Gateway Version | Recommended Releases | Backwards Compatibility |
+| --------------- | ------------------------------------------------------------------ | ----------------------- |
+| 5.3.3 | MDCB v2.5.1 | MDCB v2.5.1 |
+| | Operator v0.17 | Operator v0.16 |
+| | Sync v1.4.3 | Sync v1.4.3 |
+| | Helm Chart (tyk-stack, tyk-oss, tyk-dashboard, tyk-gateway) v1.4.0 | Helm all versions |
+| | EDP v1.8.3 | EDP all versions |
+| | Pump v1.9.0 | Pump all versions |
+| | TIB (if using standalone) v1.5.1 | TIB all versions |
#### 3rd Party Dependencies & Tools
+
+| Third Party Dependency | Tested Versions | Compatible Versions | Comments |
+| ------------------------------------------------------------- | --------------------- | --------------------- | ------------------------------------------------------------------------------------------ |
+| [Go](https://go.dev/dl/) | 1.19 (GQL), 1.21 (GW) | 1.19 (GQL), 1.21 (GW) | [Go plugins]({{< ref "plugins/supported-languages/golang" >}}) must be built using Go 1.21 |
+| [Redis](https://redis.io/download/) | 6.2.x, 7.x | 6.2.x, 7.x | Used by Tyk Gateway |
+| [OpenAPI Specification](https://spec.openapis.org/oas/v3.0.3) | v3.0.x | v3.0.x | Supported by [Tyk OAS]({{< ref "tyk-apis/tyk-gateway-api/oas/x-tyk-oas-doc" >}}) |
-| Third Party Dependency | Tested Versions | Compatible Versions | Comments |
-| ------------------------------------------------------------ | ---------------------- | ---------------------- | -------- |
-| [Go](https://go.dev/dl/) | 1.19 (GQL), 1.21 (GW) | 1.19 (GQL), 1.21 (GW) | [Go plugins]({{< ref "plugins/supported-languages/golang" >}}) must be built using Go 1.21 |
-| [Redis](https://redis.io/download/) | 6.2.x, 7.x | 6.2.x, 7.x | Used by Tyk Gateway |
-| [OpenAPI Specification](https://spec.openapis.org/oas/v3.0.3)| v3.0.x | v3.0.x | Supported by [Tyk OAS]({{< ref "tyk-apis/tyk-gateway-api/oas/x-tyk-oas-doc" >}}) |
-
-
-Given the potential time difference between your upgrade and the release of this version, we recommend users verify the ongoing support of third-party dependencies they install, as their status may have changed since the release.
-
+Given the potential time difference between your upgrade and the release of this version, we recommend users verify the
+ongoing support of third-party dependencies they install, as their status may have changed since the release.
### Downloads
+
- [Docker image to pull](https://hub.docker.com/r/tykio/tyk-gateway/tags?page=&page_size=&ordering=&name=v5.3.3)
- ```bash
docker pull tykio/tyk-gateway:v5.3.3
@@ -306,10 +758,8 @@ Given the potential time difference between your upgrade and the release of this
- [tyk-charts v1.4]({{< ref "product-stack/tyk-charts/release-notes/version-1.4.md" >}})
- [Source code tarball for OSS projects](https://github.com/TykTechnologies/tyk/releases)
-
### Changelog {#Changelog-v5.3.3}
-
#### Compatibility Matrix For Tyk Components
+
-| Gateway Version | Recommended Releases | Backwards Compatibility |
-|---- |---- |---- |
-| 5.3.2 | MDCB v2.5.1 | MDCB v2.5.1 |
-| | Operator v0.17 | Operator v0.16 |
-| | Sync v1.4.3 | Sync v1.4.3 |
-| | Helm Chart (tyk-stack, tyk-oss, tyk-dashboard, tyk-gateway) v1.4.0 | Helm all versions |
-| | EDP v1.8.3 | EDP all versions |
-| | Pump v1.9.0 | Pump all versions |
-| | TIB (if using standalone) v1.5.1 | TIB all versions |
+| Gateway Version | Recommended Releases | Backwards Compatibility |
+| --------------- | ------------------------------------------------------------------ | ----------------------- |
+| 5.3.2 | MDCB v2.5.1 | MDCB v2.5.1 |
+| | Operator v0.17 | Operator v0.16 |
+| | Sync v1.4.3 | Sync v1.4.3 |
+| | Helm Chart (tyk-stack, tyk-oss, tyk-dashboard, tyk-gateway) v1.4.0 | Helm all versions |
+| | EDP v1.8.3 | EDP all versions |
+| | Pump v1.9.0 | Pump all versions |
+| | TIB (if using standalone) v1.5.1 | TIB all versions |
#### 3rd Party Dependencies & Tools
+
+| Third Party Dependency | Tested Versions | Compatible Versions | Comments |
+| ------------------------------------------------------------- | --------------------- | --------------------- | ------------------------------------------------------------------------------------------ |
+| [Go](https://go.dev/dl/) | 1.19 (GQL), 1.21 (GW) | 1.19 (GQL), 1.21 (GW) | [Go plugins]({{< ref "plugins/supported-languages/golang" >}}) must be built using Go 1.21 |
+| [Redis](https://redis.io/download/) | 6.2.x, 7.x | 6.2.x, 7.x | Used by Tyk Gateway |
+| [OpenAPI Specification](https://spec.openapis.org/oas/v3.0.3) | v3.0.x | v3.0.x | Supported by [Tyk OAS]({{< ref "tyk-apis/tyk-gateway-api/oas/x-tyk-oas-doc" >}}) |
-| Third Party Dependency | Tested Versions | Compatible Versions | Comments |
-| ------------------------------------------------------------ | ---------------------- | ---------------------- | -------- |
-| [Go](https://go.dev/dl/) | 1.19 (GQL), 1.21 (GW) | 1.19 (GQL), 1.21 (GW) | [Go plugins]({{< ref "plugins/supported-languages/golang" >}}) must be built using Go 1.21 |
-| [Redis](https://redis.io/download/) | 6.2.x, 7.x | 6.2.x, 7.x | Used by Tyk Gateway |
-| [OpenAPI Specification](https://spec.openapis.org/oas/v3.0.3)| v3.0.x | v3.0.x | Supported by [Tyk OAS]({{< ref "tyk-apis/tyk-gateway-api/oas/x-tyk-oas-doc" >}}) |
-
-
-Given the potential time difference between your upgrade and the release of this version, we recommend users verify the ongoing support of third-party dependencies they install, as their status may have changed since the release.
-
+Given the potential time difference between your upgrade and the release of this version, we recommend users verify the
+ongoing support of third-party dependencies they install, as their status may have changed since the release.
### Downloads
+
- [Docker image to pull](https://hub.docker.com/r/tykio/tyk-gateway/tags?page=&page_size=&ordering=&name=v5.3.2)
- ```bash
docker pull tykio/tyk-gateway:v5.3.2
@@ -451,17 +915,15 @@ Given the potential time difference between your upgrade and the release of this
- [tyk-charts v1.4]({{< ref "product-stack/tyk-charts/release-notes/version-1.4.md" >}})
- [Source code tarball for OSS projects](https://github.com/TykTechnologies/tyk/releases)
-
### Changelog {#Changelog-v5.3.2}
-
-
#### Fixed
+
#### Compatibility Matrix For Tyk Components
+
-| Gateway Version | Recommended Releases | Backwards Compatibility |
-|---- |---- |---- |
-| 5.3.1 | MDCB v2.5.1 | MDCB v2.5.1 |
-| | Operator v0.17 | Operator v0.16 |
-| | Sync v1.4.3 | Sync v1.4.3 |
-| | Helm Chart (tyk-stack, tyk-oss, tyk-dashboard, tyk-gateway) v1.3.0 | Helm all versions |
-| | EDP v1.8.3 | EDP all versions |
-| | Pump v1.9.0 | Pump all versions |
-| | TIB (if using standalone) v1.5.1 | TIB all versions |
+
+| Gateway Version | Recommended Releases | Backwards Compatibility |
+| --------------- | ------------------------------------------------------------------ | ----------------------- |
+| 5.3.1 | MDCB v2.5.1 | MDCB v2.5.1 |
+| | Operator v0.17 | Operator v0.16 |
+| | Sync v1.4.3 | Sync v1.4.3 |
+| | Helm Chart (tyk-stack, tyk-oss, tyk-dashboard, tyk-gateway) v1.3.0 | Helm all versions |
+| | EDP v1.8.3 | EDP all versions |
+| | Pump v1.9.0 | Pump all versions |
+| | TIB (if using standalone) v1.5.1 | TIB all versions |
#### 3rd Party Dependencies & Tools
+
-| Third Party Dependency | Tested Versions | Compatible Versions | Comments |
-| ------------------------------------------------------------ | ---------------------- | ---------------------- | -------- |
-| [Go](https://go.dev/dl/) | 1.19 (GQL), 1.21 (GW) | 1.19 (GQL), 1.21 (GW) | [Go plugins]({{< ref "plugins/supported-languages/golang" >}}) must be built using Go 1.21 |
-| [Redis](https://redis.io/download/) | 6.2.x, 7.x | 6.2.x, 7.x | Used by Tyk Gateway |
-| [OpenAPI Specification](https://spec.openapis.org/oas/v3.0.3)| v3.0.x | v3.0.x | Supported by [Tyk OAS]({{< ref "tyk-apis/tyk-gateway-api/oas/x-tyk-oas-doc" >}}) |
+| Third Party Dependency | Tested Versions | Compatible Versions | Comments |
+| ------------------------------------------------------------- | --------------------- | --------------------- | ------------------------------------------------------------------------------------------ |
+| [Go](https://go.dev/dl/) | 1.19 (GQL), 1.21 (GW) | 1.19 (GQL), 1.21 (GW) | [Go plugins]({{< ref "plugins/supported-languages/golang" >}}) must be built using Go 1.21 |
+| [Redis](https://redis.io/download/) | 6.2.x, 7.x | 6.2.x, 7.x | Used by Tyk Gateway |
+| [OpenAPI Specification](https://spec.openapis.org/oas/v3.0.3) | v3.0.x | v3.0.x | Supported by [Tyk OAS]({{< ref "tyk-apis/tyk-gateway-api/oas/x-tyk-oas-doc" >}}) |
-Given the potential time difference between your upgrade and the release of this version, we recommend users verify the ongoing support of third-party dependencies they install, as their status may have changed since the release.
+Given the potential time difference between your upgrade and the release of this version, we recommend users verify the
+ongoing support of third-party dependencies they install, as their status may have changed since the release.
### Downloads
+
- [Docker image to pull](https://hub.docker.com/r/tykio/tyk-gateway/tags?page=&page_size=&ordering=&name=v5.3.1)
- ```bash
docker pull tykio/tyk-gateway:v5.3.1
- ```
+ ```
- Helm charts
- [tyk-charts v1.3]({{< ref "product-stack/tyk-charts/release-notes/version-1.3.md" >}})
- [Source code tarball for OSS projects](https://github.com/TykTechnologies/tyk/releases)
@@ -582,88 +1068,122 @@ Given the potential time difference between your upgrade and the release of this
High priority CVEs fixed
+
+Fixed the following high priority CVEs identified in the Tyk Gateway, providing increased protection against security
+vulnerabilities:
+
+- [CVE-2024-6104](https://nvd.nist.gov/vuln/detail/CVE-2024-6104)
+Improved security: don't load APIs into Gateway if custom plugin bundle fails to load
-Issues were addressed where Tyk failed to properly reject custom plugin bundles with signature verification failures, allowing APIs to load without necessary plugins, potentially exposing upstream services. With the fix, if the plugin bundle fails to load (for example, due to failed signature verification) the API will not be loaded and an error will be logged in the Gateway.
+Issues were addressed where Tyk failed to properly reject custom plugin bundles with signature verification failures,
+allowing APIs to load without necessary plugins, potentially exposing upstream services. With the fix, if the plugin
+bundle fails to load (for example, due to failed signature verification) the API will not be loaded and an error will be
+logged in the Gateway.
+