Tyk Dashboard 5.6 Release Notes
Last updated: 6 minutes read.
This page contains all release notes for version 5.6.X displayed in a reverse chronological order
Support Lifetime
Our minor releases are supported until our next minor comes out.
5.6.0 Release Notes
Release Date 10 October 2024
Release Highlights
We are thrilled to announce new updates and improvements in Tyk 5.6.0, bringing more control, flexibility, and performance. For a comprehensive list of changes, please refer to the detailed changelog below.
Per endpoint Rate Limiting for clients
Now you can configure rate limits at the endpoint level per client, using new configuration options in the access key. Use Tyk’s powerful security policies to create templates to set appropriate rate limits for your different categories of user.
Go upgrade to 1.22
We’ve upgraded the Tyk Dashboard to Golang 1.22, bringing improved performance, better security, and enhanced stability to the core system.
Strengthened Role-Based Access Controls (RBAC) to combat privilege escalation risks
We’ve tightened up the rules that govern a user’s ability to create admin users and to reset other users’ passwords when using Tyk’s RBAC function. Now, only super-admins can create new admins, admin roles can’t be assigned to user groups, and only admin users can reset another user’s password (and only within their Tyk organization).
Breaking Changes
There are no breaking changes in this release.
Dependencies
Compatibility Matrix For Tyk Components
| Dashboard Version | Recommended Releases | Backwards Compatibility |
|---|---|---|
| 5.6.0 | MDCB v2.7.1 | MDCB v2.5.1 |
| Operator v1.0.0 | Operator v0.17 | |
| Sync v2.0 | Sync v1.4.3 | |
| Helm Chart v2.1 | Helm all versions | |
| EDP v1.11 | EDP all versions | |
| Pump v1.11 | Pump all versions | |
| TIB (if using standalone) v1.5.1 | TIB all versions |
3rd Party Dependencies & Tools
| Third Party Dependency | Tested Versions | Compatible Versions | Comments |
|---|---|---|---|
| GoLang | 1.22 | 1.22 | Go plugins must be built using Go 1.22 |
| Redis | 6.2.x, 7.x | 6.2.x, 7.x | Used by Tyk Dashboard |
| MongoDB | 5.0.x, 6.0.x, 7.0.x | 5.0.x, 6.0.x, 7.0.x | Used by Tyk Dashboard |
| PostgreSQL | 12.x - 16.x LTS | 12.x - 16.x | Used by Tyk Dashboard |
| OpenAPI Specification | v3.0.x | v3.0.x | Supported by Tyk OAS |
Deprecations
There are no deprecations in this release.
Upgrade instructions
If you are upgrading to 5.6.0, please follow the detailed upgrade instructions.
Downloads
- Docker Image to pull
-
docker pull tykio/tyk-dashboard:v5.6.0 - Helm charts
Changelog
Added
-
Per endpoint client rate limiting
Building on the per-endpoint upstream rate limits introduced in Tyk 5.5.0 we have now added per-endpoint client rate limits. This new feature allows for more granular control over client consumption of API resources by associating the rate limit with the access key, enabling you to manage and optimize API usage more effectively.
Changed
-
Upgrade to Go 1.22 for Tyk Dashboard
The Tyk Dashboard has been upgraded from Golang 1.21 to Golang 1.22, bringing enhanced performance, strengthened security, and access to the latest features available in the new Golang release.
-
Improved documentation and schema for Tyk Dashboard API
We have updated the swagger.yml schema for Tyk Dashboard API to reflect the latest changes in product endpoints, payloads, and responses. This update includes new fields and endpoints, improved examples, documentation adjustments, and fixes for schema issues. These enhancements aim to improve usability and ensure that the documentation accurately represents the current code state.
-
Renamed GraphQL "Playground" tab to "Playgrounds"
The “Playground” tab in the GraphQL API Designer has been renamed to “Playgrounds.” This change consolidates access to both internal and external playgrounds within a single section, offering a more streamlined and intuitive experience for API design and testing.
Fixed
-
Addressed some display issues in Dashboard Analytics and Classic Portal when using PostgreSQL storage
- Resolved an issue where HTTP 429 status codes were not being displayed on the Activity Overview page.
- Fixed portal graphs by adding a default “day” grouping resolution to the query.
- Corrected issues with the Error Breakdown related to date parameters, ensuring accurate date handling and display.
-
Dashboard didn't display correctly if more than 10 policies assigned to a key
We have resolved an issue where the Keys page would display a blank screen if a key was associated with more than 10 policies. The UI has been fixed to display the page properly, regardless of the number of policies attached to a key.
-
Dashboard UI did not prevent multiple versions of a Tyk Classic API from being assigned to a policy
When working with Tyk Classic APIs, you cannot permit access to multiple versions of the same API from a single policy. We have fixed an issue in the Dashboard UI where users were able to attach multiple versions to a policy leading to an unusable policy. The UI now correctly prevents the addition of multiple versions of an API to a single policy.
-
Dashboard didn't correctly record scope to policy mappings for JWTs
We have fixed an issue in the Dashboard UI when assigning multiple claim to policy mappings while configuring JWT auth for an API. The scope name was incorrectly recorded instead of the policy ID for the second and subsequent JWT scope mappings. The UI now correctly associates the defined claim with the appropriate policy, ensuring accurate JWT scope to policy mappings.
-
Gateway logs page not displaying correctly
We have fixed an issue in the Monitoring section of the Dashboard UI where the Gateway logs page was not displaying correctly. The page is now rendered properly, ensuring users with appropriate permissions can view and manage Gateway logs as expected.
Security Fixes
-
Strengthened RBAC password reset permissions
We have fixed a privilege escalation vulnerability where a user with certain permissions could potentially reset other users’ passwords, including admin accounts. The following changes have been made to tighten the behavior of the password reset permission:
- All users can reset their own passwords
- A specific permission is required to reset the password of another user within the same Tyk organization
- This permission can only be assigned by an admin or super-admin
- This permission can only be assigned to an admin and cannot be assigned to a user group
- The allow_admin_reset_password configuration option automatically grants this permission to all admin users
- Super-admins always have the password reset permission across all Tyk organization
-
Gateway secret could be exposed in debug logs
Resolved an issue where the Gateway secret was inadvertently included in the log generated by the Dashboard for a call to the
/api/keysendpoint when in debug mode. This issue has been fixed to prevent sensitive information from appearing in system logs. We do not recommend running production environments in debug mode.
Further Information
Upgrading Tyk
Please refer to the upgrading Tyk page for further guidance on the upgrade strategy.
API Documentation
FAQ
Please visit our Developer Support page for further information relating to reporting bugs, upgrading Tyk, technical support and how to contribute.