Tyk Operator 0.17 Release Notes
Last updated: 3 minutes read.
Open Source (Mozilla Public License)
This page contains all release notes for version 0.17 displayed in reverse chronological order
Support Lifetime
Our minor releases are supported until our next minor comes out.
0.17.1 Release Notes
Release date 6 May 2024
Breaking Changes
This release has no breaking changes.
Deprecations
There are no deprecations in this release.
Upgrade Instructions
Go to the Upgrading Tyk Operator section for detailed upgrade instructions.
Release Highlights
This release is focused on bug fixes. For details please refer to the changelog below.
Downloads
- Docker image v0.17
-
docker pull tykio/tyk-operator:v0.17.1
-
- Source code tarball - Tyk Operator Repo
Changelog
Fixed
-
Fixed ApiDefinition Custom Resources generated by the Ingress Controller used a wrong certificate
When using Tyk as an Ingress Controller with TLS enabled, the ApiDefinition Custom Resources generated by the Ingress Controller is missing the OrgID field. As a result, Tyk Gateway used a wrong certificate when serving a request. It is fixed by adding back OrgID field to ApiDefinition CRs created by Ingress Controller.
-
Added Webhook and RBAC port configurations in Tyk Operator Helm chart
Users can configure Tyk Operator webhook and RBAC port via helm chart values
.Values.webhookPortand.Values.rbac.portrespectively. -
Addressed security vulnerabilities CVE-2023-45288
Addressed security vulnerabilities CVE-2023-45288 where an attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request’s headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.
-
Addressed security vulnerabilities CVE-2024-24786
Addressed security vulnerabilities CVE-2024-24786 where the
protojson.Unmarshalfunction can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains agoogle.protobuf.Anyvalue, or when theUnmarshalOptions.DiscardUnknownoption is set.
0.17.0 Release Notes
Release date 05 Apr 2024
Breaking Changes
This release has no breaking changes.
Deprecations
There are no deprecations in this release.
Upgrade Instructions
Go to the Upgrading Tyk Operator section for detailed upgrade Instructions.
Release Highlights
This release added support for GraphQLIntrospectionConfig in API definition and fixed an issue where the Tyk Operator creates duplicate APIs on Tyk.
For details please refer to the changelog below.
Downloads
- Docker image v0.17
-
docker pull tykio/tyk-operator:v0.17.0
-
- Source code tarball - Tyk Operator Repo
Changelog
Fixed
-
Fixed creating duplicated API definitions on Tyk
Fix creating duplicated API definitions on Tyk in case of cluster failures. If network errors happen while updating the API definition, the Tyk Operator retries the reconciliation based on the underlying error type.
Added
-
Added support of GraphQLIntrospectionConfig in API definition CRD
Added to ApiDefinition CRD: support of
GraphQLIntrospectionConfigfield atgraphql.introspection.disabled. This feature will be enabled in future Tyk releases.
Further Information
Upgrading Tyk
Please refer to the upgrading Tyk page for further guidance with respect to the upgrade strategy.
FAQ
Please visit our Developer Support page for further information relating to reporting bugs, upgrading Tyk, technical support and how to contribute.