Releases: TykTechnologies/tyk
Releases · TykTechnologies/tyk
v5.12.0-alphafips5
fix(ci): add ca-certificates and hardening for s390x fallback in Dock…
v5.11.1-rc1
What's Changed
- [TT-11185] release docs 5.3.0 update by @titpetric in #6079
- [TT-11405] Updating JSON tags and field names for TLS max and min versions by @mativm02 in #6078
- TT-10962 by @kofoworola in #6072
- [TT-11388]: updated opentelemtry library and added tests for new span keys by @kofoworola in #6087
- [TT-11377] Adding “node_is_segmented” flag under “node” to complement “tags” by @mativm02 in #6093
- [TT-11413] Fix apidef GlobalRateLimit migrations by @titpetric in #6086
- TT-11288 Revert logger mutex by @sredxny in #6103
- [TT-11197] Upgrade google/grpc by @titpetric in #6100
- [TT-11440/TT-11461] Add functionName to replace name in OAS virtual endpoint and endpoint post plugin by @jeffy-mathew in #6098
- [TT-11439/TT-11452] fix custom plugins contract by @jeffy-mathew in #6097
- [TT-11295] Update graphql-go-tools dependency by @buraksezer in #6112
- [TT-11389]: moved graphql span attributes by @kofoworola in #6088
- TT-11443 Shim to keep compatibility in goplugins importing tyk redis by @sredxny in #6096
- [TT-11452] remove unused migrate func by @jeffy-mathew in #6117
- TT-11485, fix for global rate limit disabled flag not working by @andrei-tyk in #6120
- [SYSE-332] Fail tests reliably by @ermirizio in #6130
- [TT-11197] Bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 by @dependabot[bot] in #6124
- [TT-11549/TT-11597] Auto generated from templates by gromit by @jeffy-mathew in #6138
- [TT-10856/TT-11593]fix quota limits not working with url rewrite to self by @jeffy-mathew in #6133
- [TT-11627] Migrate failling to golangci-lint/forbidigo, fix issues by @titpetric in #6152
- [TT-11197]update hashicorp vault by @jeffy-mathew in #6150
- [TT-10909]: fix issue with missing upstream headers in graphql proxy only by @kofoworola in #6166
- [TT-6011] Fix non-functional coprocess apis, add tests by @titpetric in #4055
- [TT-11684] OAS-to-UDG converter - import paths & cleanup by @buraksezer in #6181
- [TT-11735] Exclude testdata from sonarcloud by @titpetric in #6182
- [TT-10104] JS middleware + ignore auth test and fix for panic by @titpetric in #6180
- Update README.md by @letzya in #6035
- [TT-11746] Add linter for regression test names by @titpetric in #6191
- [TT-11585] Process DeleteAPICache event by @jeffy-mathew in #6190
- [TT-10856/TT-11778] fix quota limit remaining header value when key is created from policy and API is looped by @jeffy-mathew in #6199
- [SYSE-336 master] Followup from March template application by @alephnull in #6207
- TT-7560, fixed issue with bundles loading with bad sign/checksum by @andrei-tyk in #6165
- [SYSE-353 master] Fix tyk-ci fetch mechanism by @ermirizio in #6213
- [TT-7560] skip loading API when custom middleware bundle fetch fails by @jeffy-mathew in #6211
- TT-11748 dont attempt to remove ApiCacheDeletion key from redis by @sredxny in #6215
- [TT-9972] release resources only after specs are completely switched during hot reload by @jeffy-mathew in #5535
- [TT-11925] Reset plugin compiler build env to match gateway build env by @titpetric in #6234
- [TT-11655] Graphql APIs are unable to handle OPTIONS requests by @rhianeKobar in #6221
- [SYSE-358 master] April template application by @ermirizio in #6248
- [TT-11991]: added request_headers_rewrite by @kofoworola in #6257
- [TT-11966/TT-12064] implement OAS webhooks events by @jeffy-mathew in #6258
- [TT-10291]: support gql-go-tools verison 2 by @kofoworola in #6240
- [TT-12064]Update Cast function signature by @jeffy-mathew in #6261
- [TT-10291]: upgrade gql-tools for v2 by @kofoworola in #6264
- [TT-11966/TT-12064] refactor oas events, update contract by @jeffy-mathew in #6263
- [TT-11966/TT-12064] update typo in cooldown period by @jeffy-mathew in #6266
- [TT-11966/TT-12064] handle edge case with empty event handlers by @jeffy-mathew in #6267
- [TT-12114]update goerr113 with err113 by @jeffy-mathew in #6268
- [SYSE-363 master] May template application by @alephnull in #6270
- update graphql-go-tools (TT-9884) by @pvormste in #6274
- [TT-5790] Update EnsureTransport and related tests by @titpetric in #6243
- [TT-11990] Change default behaviour of request_headers by @buraksezer in #6277
- [TT-11954/TT-12155] add x-tyk-api-gateway.servers.contextVariables.enabled by @jeffy-mathew in #6281
- [TT-7325] Enable fixed window rate limiter by @titpetric in #6253
- [TT-11954/TT-12115]fix location of contextVariables by @jeffy-mathew in #6285
- [TT-11739] Clean up rate limiting area, decouple GlobalConfig in APISpec by @titpetric in #6262
- [TT-11914/TT-12101]Add OAS trafficLogs by @jeffy-mathew in #6287
- [Test] Updates for opentelemetry test, use golang_cross in GH build cache key by @titpetric in #6282
- [TT-11806] Respect domain and listen path by @titpetric in #6289
- [DX-1345] Update config description for inclusive naming project by @dcs3spp in #6286
- [TT-12153]: Fix/complexity checker and granular access checker v3-preview by @kofoworola in #6293
- [TT-12193] Fix poor error handling in webhook event templates by @titpetric in #6303
- add features section to graphql proxy config by @pvormste in #6298
- [TT-12193] Add log for event handler webhook by @titpetric in #6310
- [TT-12193] Update error handling on webhook events when the event template has errors by @titpetric in #6312
- [TT-11997] Backend logic for request_headers_rewrite by @buraksezer in #6306
- [TT-12095] Fixing unhashed API keys exposed in OTEL spans by @mativm02 in #6296
- [TT-11470] Add human identifiable information in NodeData by @padiazg in #6229
- add logic for use_immutable_headers (TT-12190) by @pvormste in #6315
- [TT-11997] Header case insensitivity by @buraksezer in #6316
- [TT-3738] Implement rate limit smoothing by @titpetric in #6295
- [TT-11739] Re-add gateway.RateLimitExceeded (Dashboard coupling) by @titpetric in #6318
- [TT-11739] Fix RateLimitExceeded var name to include Event prefix by @titpetric in #6319
- feat/TT-9462/tag-cached-response by @joshblakeley in #6308
- [TT-12186] Fixes TestOAS_ExtractTo_ResetAPIDefinition with a valid event config by @titpetric in #6321
- [TT-12312] update openapi spec version by @jeffy-mathew in #6323
- [TT-12313, TT-12222] Update graphql-go-tools by @buraksezer in #6326
- [TT-12323] fix panic when webhook handler is disabled by @jeffy-mathew in #6334
- [TT-12311] exp/modcheck: Update go.mod dependencies by @buger in #6337
- [TT-12365] Add new events to validate in x-tyk-api-gateway by @titpetric in #6347
- [TT-9864] Optimize the cre...
Contributors
buger, titpetric, and 33 other contributors
Assets 2
v5.11.1-alpha2
What's Changed
- [TT-11185] release docs 5.3.0 update by @titpetric in #6079
- [TT-11405] Updating JSON tags and field names for TLS max and min versions by @mativm02 in #6078
- TT-10962 by @kofoworola in #6072
- [TT-11388]: updated opentelemtry library and added tests for new span keys by @kofoworola in #6087
- [TT-11377] Adding “node_is_segmented” flag under “node” to complement “tags” by @mativm02 in #6093
- [TT-11413] Fix apidef GlobalRateLimit migrations by @titpetric in #6086
- TT-11288 Revert logger mutex by @sredxny in #6103
- [TT-11197] Upgrade google/grpc by @titpetric in #6100
- [TT-11440/TT-11461] Add functionName to replace name in OAS virtual endpoint and endpoint post plugin by @jeffy-mathew in #6098
- [TT-11439/TT-11452] fix custom plugins contract by @jeffy-mathew in #6097
- [TT-11295] Update graphql-go-tools dependency by @buraksezer in #6112
- [TT-11389]: moved graphql span attributes by @kofoworola in #6088
- TT-11443 Shim to keep compatibility in goplugins importing tyk redis by @sredxny in #6096
- [TT-11452] remove unused migrate func by @jeffy-mathew in #6117
- TT-11485, fix for global rate limit disabled flag not working by @andrei-tyk in #6120
- [SYSE-332] Fail tests reliably by @ermirizio in #6130
- [TT-11197] Bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 by @dependabot[bot] in #6124
- [TT-11549/TT-11597] Auto generated from templates by gromit by @jeffy-mathew in #6138
- [TT-10856/TT-11593]fix quota limits not working with url rewrite to self by @jeffy-mathew in #6133
- [TT-11627] Migrate failling to golangci-lint/forbidigo, fix issues by @titpetric in #6152
- [TT-11197]update hashicorp vault by @jeffy-mathew in #6150
- [TT-10909]: fix issue with missing upstream headers in graphql proxy only by @kofoworola in #6166
- [TT-6011] Fix non-functional coprocess apis, add tests by @titpetric in #4055
- [TT-11684] OAS-to-UDG converter - import paths & cleanup by @buraksezer in #6181
- [TT-11735] Exclude testdata from sonarcloud by @titpetric in #6182
- [TT-10104] JS middleware + ignore auth test and fix for panic by @titpetric in #6180
- Update README.md by @letzya in #6035
- [TT-11746] Add linter for regression test names by @titpetric in #6191
- [TT-11585] Process DeleteAPICache event by @jeffy-mathew in #6190
- [TT-10856/TT-11778] fix quota limit remaining header value when key is created from policy and API is looped by @jeffy-mathew in #6199
- [SYSE-336 master] Followup from March template application by @alephnull in #6207
- TT-7560, fixed issue with bundles loading with bad sign/checksum by @andrei-tyk in #6165
- [SYSE-353 master] Fix tyk-ci fetch mechanism by @ermirizio in #6213
- [TT-7560] skip loading API when custom middleware bundle fetch fails by @jeffy-mathew in #6211
- TT-11748 dont attempt to remove ApiCacheDeletion key from redis by @sredxny in #6215
- [TT-9972] release resources only after specs are completely switched during hot reload by @jeffy-mathew in #5535
- [TT-11925] Reset plugin compiler build env to match gateway build env by @titpetric in #6234
- [TT-11655] Graphql APIs are unable to handle OPTIONS requests by @rhianeKobar in #6221
- [SYSE-358 master] April template application by @ermirizio in #6248
- [TT-11991]: added request_headers_rewrite by @kofoworola in #6257
- [TT-11966/TT-12064] implement OAS webhooks events by @jeffy-mathew in #6258
- [TT-10291]: support gql-go-tools verison 2 by @kofoworola in #6240
- [TT-12064]Update Cast function signature by @jeffy-mathew in #6261
- [TT-10291]: upgrade gql-tools for v2 by @kofoworola in #6264
- [TT-11966/TT-12064] refactor oas events, update contract by @jeffy-mathew in #6263
- [TT-11966/TT-12064] update typo in cooldown period by @jeffy-mathew in #6266
- [TT-11966/TT-12064] handle edge case with empty event handlers by @jeffy-mathew in #6267
- [TT-12114]update goerr113 with err113 by @jeffy-mathew in #6268
- [SYSE-363 master] May template application by @alephnull in #6270
- update graphql-go-tools (TT-9884) by @pvormste in #6274
- [TT-5790] Update EnsureTransport and related tests by @titpetric in #6243
- [TT-11990] Change default behaviour of request_headers by @buraksezer in #6277
- [TT-11954/TT-12155] add x-tyk-api-gateway.servers.contextVariables.enabled by @jeffy-mathew in #6281
- [TT-7325] Enable fixed window rate limiter by @titpetric in #6253
- [TT-11954/TT-12115]fix location of contextVariables by @jeffy-mathew in #6285
- [TT-11739] Clean up rate limiting area, decouple GlobalConfig in APISpec by @titpetric in #6262
- [TT-11914/TT-12101]Add OAS trafficLogs by @jeffy-mathew in #6287
- [Test] Updates for opentelemetry test, use golang_cross in GH build cache key by @titpetric in #6282
- [TT-11806] Respect domain and listen path by @titpetric in #6289
- [DX-1345] Update config description for inclusive naming project by @dcs3spp in #6286
- [TT-12153]: Fix/complexity checker and granular access checker v3-preview by @kofoworola in #6293
- [TT-12193] Fix poor error handling in webhook event templates by @titpetric in #6303
- add features section to graphql proxy config by @pvormste in #6298
- [TT-12193] Add log for event handler webhook by @titpetric in #6310
- [TT-12193] Update error handling on webhook events when the event template has errors by @titpetric in #6312
- [TT-11997] Backend logic for request_headers_rewrite by @buraksezer in #6306
- [TT-12095] Fixing unhashed API keys exposed in OTEL spans by @mativm02 in #6296
- [TT-11470] Add human identifiable information in NodeData by @padiazg in #6229
- add logic for use_immutable_headers (TT-12190) by @pvormste in #6315
- [TT-11997] Header case insensitivity by @buraksezer in #6316
- [TT-3738] Implement rate limit smoothing by @titpetric in #6295
- [TT-11739] Re-add gateway.RateLimitExceeded (Dashboard coupling) by @titpetric in #6318
- [TT-11739] Fix RateLimitExceeded var name to include Event prefix by @titpetric in #6319
- feat/TT-9462/tag-cached-response by @joshblakeley in #6308
- [TT-12186] Fixes TestOAS_ExtractTo_ResetAPIDefinition with a valid event config by @titpetric in #6321
- [TT-12312] update openapi spec version by @jeffy-mathew in #6323
- [TT-12313, TT-12222] Update graphql-go-tools by @buraksezer in #6326
- [TT-12323] fix panic when webhook handler is disabled by @jeffy-mathew in #6334
- [TT-12311] exp/modcheck: Update go.mod dependencies by @buger in #6337
- [TT-12365] Add new events to validate in x-tyk-api-gateway by @titpetric in #6347
- [TT-9864] Optimize the cre...
Contributors
buger, titpetric, and 33 other contributors
Assets 2
v5.12.0-alphafips4
Add FIPS build configuration and Docker image workflow - Add fips-amd64 and fips-arm64 build targets with boringcrypto - Add tyk-gateway-fips nfpm package configuration - Add FIPS publisher for packagecloud - Add FIPS Docker image build steps for CI and production - FIPS images built for amd64/arm64 only, pushed to tykio/tyk-gateway-fips Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
v5.12.0-alphafips3
Use conditional base images: FIPS for amd64/arm64, standard for s390x The FIPS base image (tykio/dhi-debian-base:trixie-debian13-fips) only supports amd64 and arm64 platforms. This change uses Docker's TARGETARCH to conditionally select the appropriate base image, allowing s390x builds to continue using the original debian/distroless images. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
v5.12.0-alphafips2
Update Dockerfile.distroless
v5.12.0-alphafips1
Update Dockerfile.distroless
Tyk Gateway v5.11.0, Tyk Dashboard v5.11.0
v5.8.8-rc1
FIPS images: Add ARM64 docker images TT-16216 (#7576)
### **User description**
## Description
add arm64 builds for fips docker images
## Related Issue
[TT-16216](https://tyktech.atlassian.net/browse/TT-16216)
## Motivation and Context
Adds arm64 architecture as required by customers.
## Types of changes
<!-- What types of changes does your code introduce? Put an `x` in all
the boxes that apply: -->
- [ ] Bug fix (non-breaking change which fixes an issue)
- [x] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing
functionality to change)
- [ ] Refactoring or add test (improvements in base code or adds test
coverage to functionality)
## Checklist
<!-- Go over all the following points, and put an `x` in all the boxes
that apply -->
<!-- If there are no documentation updates required, mark the item as
checked. -->
<!-- Raise up any additional concerns not covered by the checklist. -->
- [ ] I ensured that the documentation is up to date
- [ ] I explained why this PR updates go.mod in detail with reasoning
why it's required
- [ ] I would like a code coverage CI quality gate exception and have
explained why
[TT-16216]:
https://tyktech.atlassian.net/browse/TT-16216?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
___
### **PR Type**
Enhancement
___
### **Description**
- Add ARM64 platform to FIPS images
- Introduce dashboard image resolution workflow
- Conditional dashboard build and ECR publish
- Pass resolved dashboard image into tests
___
### Diagram Walkthrough
```mermaid
flowchart LR
gore["goreleaser builds (amd64 + arm64 FIPS)"]
pushci["Docker push FIPS CI (amd64, arm64)"]
pushprod["Docker push FIPS Prod (amd64, arm64)"]
resolve["Resolve dashboard image strategy"]
builddash["Build and push dashboard image (per-arch)"]
tests["API tests with resolved dashboard image"]
gore -- "produces dist artifacts" --> pushci
gore -- "produces dist artifacts" --> pushprod
gore -- "needs" --> resolve
resolve -- "needs_build=true" --> builddash
resolve -- "outputs dashboard_image" --> tests
builddash -- "image tag: tyk-<PR#>" --> tests
```
<details> <summary><h3> File Walkthrough</h3></summary>
<table><thead><tr><th></th><th align="left">Relevant
files</th></tr></thead><tbody><tr><td><strong>Enhancement</strong></td><td><table>
<tr>
<td>
<details>
<summary><strong>release.yml</strong><dd><code>ARM64 FIPS push and
PR-based dashboard image flow</code>
</dd></summary>
<hr>
.github/workflows/release.yml
<ul><li>Enable linux/arm64 for FIPS image pushes.<br> <li> Add
resolve-dashboard-image job with strategy logic.<br> <li> Add
conditional build-dashboard-image job targeting current arch.<br> <li>
Feed resolved dashboard image into api-tests environment.</ul>
</details>
</td>
<td><a
href="https://github.com/TykTechnologies/tyk/pull/7576/files#diff-87db21a973eed4fef5f32b267aa60fcee5cbdf03c67fafdc2a9b553bb0b15f34">+364/-2</a>
</td>
</tr>
<tr>
<td>
<details>
<summary><strong>goreleaser.yml</strong><dd><code>Add FIPS ARM64 build
and packaging</code>
</dd></summary>
<hr>
ci/goreleaser/goreleaser.yml
<ul><li>Add fips-arm64 build with boringcrypto flags.<br> <li> Configure
cross-CC for arm64 (aarch64 gcc).<br> <li> Include fips-arm64 in nfpm
package IDs.</ul>
</details>
</td>
<td><a
href="https://github.com/TykTechnologies/tyk/pull/7576/files#diff-fb944a05459e4d713bc7541efd6e721cbe992a556353c09c4eb66a8eae9b856e">+18/-0</a>
</td>
</tr>
</table></td></tr></tr></tbody></table>
</details>
___
---------
Co-authored-by: Gromit <policy@gromit>
v5.8.7-alpha-performance-1: misc performance optimizations
1. Replace chained withFields to use a single WithFields 2. check for debug log enabled before invoking debug logs 3. store request logger in the context to minimize amount of instantiation calls.