Tyk Dashboard 5.3 LTS Release Notes

Last updated: Nov 12, 2024 32 minutes read.

This page contains all release notes for version 5.3.X displayed in a reverse chronological order

Support Lifetime

As outlined in the LTS policy, version 5.3 is a long-term support release with full support available until May 2025. Maintenance support will continue until May 2026. Our next long-term support release will be announced at the end of April 2025.

5.3.8 Release Notes

Release Date 07 November 2024

Release Highlights

This release focuses mainly on bug fixes. For a comprehensive list of changes, please refer to the detailed changelog below.

Breaking Changes

This release has no breaking changes.

Dependencies

Compatibility Matrix For Tyk Components

Dashboard Version	Recommended Releases	Backwards Compatibility
5.3.8	MDCB v2.5.1	MDCB v2.5.1
	Operator v0.17	Operator v0.16
	Sync v1.4.3	Sync v1.4.3
	Helm Chart (tyk-stack, tyk-oss, tyk-dashboard, tyk-gateway) v2.0.0	Helm all versions
	EDP v1.8.3	EDP all versions
	Pump v1.9.0	Pump all versions
	TIB (if using standalone) v1.5.1	TIB all versions

3rd Party Dependencies & Tools

Third Party Dependency	Tested Versions	Compatible Versions	Comments
GoLang	1.22	1.22	Go plugins must be built using Go 1.22
Redis	6.2.x, 7.x	6.2.x, 7.x	Used by Tyk Dashboard
MongoDB	5.0.x, 6.0.x, 7.0.x	5.0.x, 6.0.x, 7.0.x	Used by Tyk Dashboard
PostgreSQL	12.x - 16.x LTS	12.x - 16.x	Used by Tyk Dashboard
OpenAPI Specification	v3.0.x	v3.0.x	Supported by Tyk OAS

Given the time difference between your upgrade and the release of this version, we recommend customers verify the ongoing support of third-party dependencies they install, as their status may have changed since the release.

Deprecations

This is an advanced notice that the dedicated External OAuth, OpenID Connect (OIDC) authentication options, and SQLite support will be deprecated starting in version 5.7.0. We recommend that users of the External OAuth and OpenID Connect methods migrate to Tyk’s dedicated JWT Auth method. Please review your API configurations, as the Gateway logs will provide notifications for any APIs utilizing these methods.

Upgrade Instructions

If you are upgrading to 5.3.8, please follow the detailed upgrade instructions.

Downloads

Docker Image to pull
- ```
docker pull tykio/tyk-dashboard:v5.3.8
```
Helm charts
- tyk-charts v2.0.0

Changelog

Added

Advanced notice of deprecation of dedicated External OAuth and OpenID Connect auth options

The UI now displays a deprecation notice for the dedicated External OAuth and OpenID Connect (OIDC) authentication mechanisms. This provides advanced notification that these authentication options will be deprecated in version 5.7.0. Users are advised to migrate to the JWT Auth method, which supports integration with both OAuth and OIDC providers, in preparation for future upgrade.

Fixed

User Group dropdown limitations in Dashboard

Fixed an issue with the user group dropdown in the Dashboard UI, ensuring that all available user groups are displayed when creating a new user.
Rate Limiting settings not saved when Upstream Certificates enabled for Tyk OAS API

Fixed an issue in the Tyk OAS API Designer where Rate Limiting settings were not saved when Upstream Certificates were enabled. This fix ensures that both Rate Limits and Upstream Certificates configurations can now be saved together

5.3.7 Release Notes

Release Date 22 October 2024

Release Highlights

This is a version bump to align with Gateway v5.3.7, no changes have been implemented in this release.

Breaking Changes

There are no breaking changes in this release.

Dependencies

Compatibility Matrix For Tyk Components

Dashboard Version	Recommended Releases	Backwards Compatibility
5.3.7	MDCB v2.5.1	MDCB v2.5.1
	Operator v0.17	Operator v0.16
	Sync v1.4.3	Sync v1.4.3
	Helm Chart (tyk-stack, tyk-oss, tyk-dashboard, tyk-gateway) v2.0.0	Helm all versions
	EDP v1.8.3	EDP all versions
	Pump v1.9.0	Pump all versions
	TIB (if using standalone) v1.5.1	TIB all versions

3rd Party Dependencies & Tools

Third Party Dependency	Tested Versions	Compatible Versions	Comments
GoLang	1.22	1.22	Go plugins must be built using Go 1.22
Redis	6.2.x, 7.x	6.2.x, 7.x	Used by Tyk Dashboard
MongoDB	5.0.x, 6.0.x, 7.0.x	5.0.x, 6.0.x, 7.0.x	Used by Tyk Dashboard
PostgreSQL	12.x - 16.x LTS	12.x - 16.x	Used by Tyk Dashboard
OpenAPI Specification	v3.0.x	v3.0.x	Supported by Tyk OAS

Deprecations

There are no deprecations in this release.

Upgrade instructions

If you are upgrading to 5.3.7, please follow the detailed upgrade instructions.

Downloads

Docker Image to pull
```
docker pull tykio/tyk-dashboard:v5.3.7
```
Helm charts
- Tyk Charts v2.0.0

Changelog

No changes in this release.

5.3.6 Release Notes

Release Date 04 October 2024

Release Highlights

This release primarily focuses on bug fixes. For a comprehensive list of changes, please refer to the detailed changelog below.

Breaking Changes

Attention: Please read this section carefully. Docker images are now based on distroless. No shell is shipped in the image.

If moving from a version of Tyk older than 5.3.0 please read the explanation provided with 5.3.0 release.

Deprecations

There are no deprecations in this release.

Upgrade Instructions

When upgrading to 5.3.6, please follow the detailed upgrade instructions.

Dependencies

With MongoDB 4.4 reaching EOL in February 2024, we can no longer guarantee full compatibility with this version of the database. If you are using MongoDB we recommend that you upgrade to a version that we have tested with, as indicated below.

With PostgreSQL v11 reaching EOL in November 2023, we can no longer guarantee full compatibility with this version of the database. If you are using PostgreSQL we recommend that you upgrade to a version that we have tested with, as indicated below.

Compatibility Matrix For Tyk Components

Dashboard Version	Recommended Releases	Backwards Compatibility
5.3.6	MDCB v2.5.1	MDCB v2.5.1
	Operator v0.17	Operator v0.16
	Sync v1.4.3	Sync v1.4.3
	Helm Chart (tyk-stack, tyk-oss, tyk-dashboard, tyk-gateway) v2.0.0	Helm all versions
	EDP v1.8.3	EDP all versions
	Pump v1.9.0	Pump all versions
	TIB (if using standalone) v1.5.1	TIB all versions

3rd Party Dependencies & Tools

Third Party Dependency	Tested Versions	Compatible Versions	Comments
GoLang	1.22	1.22	Go plugins must be built using Go 1.22
Redis	6.2.x, 7.x	6.2.x, 7.x	Used by Tyk Dashboard
MongoDB	5.0.x, 6.0.x, 7.0.x	5.0.x, 6.0.x, 7.0.x	Used by Tyk Dashboard
PostgreSQL	12.x - 16.x LTS	12.x - 16.x	Used by Tyk Dashboard
OpenAPI Specification	v3.0.x	v3.0.x	Supported by Tyk OAS

Downloads

Docker Image to pull
```
docker pull tykio/tyk-dashboard:v5.3.6
```
Helm charts
tyk-charts v2.0

Changelog

Changed

Upgrade to Go 1.22 for Tyk Dashboard
The Tyk Dashboard has been upgraded from Golang 1.21 to Golang 1.22, bringing enhanced performance, strengthened security, and access to the latest features available in the new Golang release.
Introducing Distroless Containers for Tyk Dashboard (2024 LTS)

In this release, we’ve enhanced the security of the Tyk Dashboard image by changing the build process to support distroless containers. This significant update addresses critical CVEs associated with Debian, ensuring a more secure and minimal runtime environment. Distroless containers reduce the attack surface by eliminating unnecessary packages, which bolsters the security of your deployments.

Fixed

Gateway secret could be exposed in debug logs

Resolved an issue where the Gateway secret was inadvertently included in the log generated by the Dashboard for a call to the /api/keys endpoint when in debug mode. This issue has been fixed to prevent sensitive information from appearing in system logs.
Dashboard didn't display correctly if more than 10 policies assigned to a key

We have resolved an issue where the Keys page would display a blank screen if a key was associated with more than 10 policies. The UI has been fixed to display the page properly, regardless of the number of policies attached to a key.
Dashboard UI did not prevent multiple versions of a Tyk Classic API from being assigned to a policy

When working with Tyk Classic APIs, you cannot permit access to multiple versions of the same API from a single policy. We have fixed an issue in the Dashboard UI where users were able to attach multiple versions to a policy leading to an unusable policy. The UI now correctly prevents the addition of multiple versions of an API to a single policy.
Dashboard didn't correctly record scope to policy mappings for JWTs

We have fixed an issue in the Dashboard UI when assigning multiple claim to policy mappings while configuring JWT auth for an API. The scope name was incorrectly recorded instead of the policy ID for the second and subsequent JWT scope mappings. The UI now correctly associates the defined claim with the appropriate policy, ensuring accurate JWT scope to policy mappings.

Security Fixes

High priority CVEs fixed

Fixed the following high-priority CVEs identified in the Tyk Dashboard, providing increased protection against security vulnerabilities:
- CVE-2024-6104

5.3.5 Release Notes

Release Date 26 September 2024

Release Highlights

This is a version bump to align with Gateway v5.3.5, no changes have been implemented in this release.

Breaking Changes

Attention: Please read this section carefully.

There are no breaking changes in this release, however, if moving from a version of Tyk older than 5.3.0 please read the explanation provided with 5.3.0 release.

Deprecations

There are no deprecations in this release.

Upgrade Instructions

When upgrading to 5.3.5, please follow the detailed upgrade instructions.

Dependencies

Compatibility Matrix For Tyk Components

Dashboard Version	Recommended Releases	Backwards Compatibility
5.3.5	MDCB v2.5.1	MDCB v2.5.1
	Operator v0.17	Operator v0.16
	Sync v1.4.3	Sync v1.4.3
	Helm Chart (tyk-stack, tyk-oss, tyk-dashboard, tyk-gateway) v2.0.0	Helm all versions
	EDP v1.8.3	EDP all versions
	Pump v1.9.0	Pump all versions
	TIB (if using standalone) v1.5.1	TIB all versions

3rd Party Dependencies & Tools

Third Party Dependency	Tested Versions	Compatible Versions	Comments
GoLang	1.21	1.21	Go plugins must be built using Go 1.21
Redis	6.2.x, 7.x	6.2.x, 7.x	Used by Tyk Dashboard
MongoDB	5.0.x, 6.0.x, 7.0.x	5.0.x, 6.0.x, 7.0.x	Used by Tyk Dashboard
PostgreSQL	12.x - 16.x LTS	12.x - 16.x	Used by Tyk Dashboard
OpenAPI Specification	v3.0.x	v3.0.x	Supported by Tyk OAS

Downloads

Docker Image to pull
```
docker pull tykio/tyk-dashboard:v5.3.5
```
Helm charts
tyk-charts v2.0.0

Changelog

No changes in this release.

5.3.4 Release Notes

Release Date August 26 2024

Breaking Changes

Attention: Please read this section carefully. There are no breaking changes in this release, however, if moving from a version of Tyk older than 5.3.0 please read the explanation provided with 5.3.0 release.

Deprecations

There are no deprecations in this release.

Upgrade Instructions

When upgrading to 5.3.4 please follow the detailed upgrade instructions.

Release Highlights

For a comprehensive list of changes, please refer to the detailed changelog below.

Dependencies

Compatibility Matrix For Tyk Components

Dashboard Version	Recommended Releases	Backwards Compatibility
5.3.4	MDCB v2.5.1	MDCB v2.5.1
	Operator v0.17	Operator v0.16
	Sync v1.4.3	Sync v1.4.3
	Helm Chart (tyk-stack, tyk-oss, tyk-dashboard, tyk-gateway) v1.4.0	Helm all versions
	EDP v1.8.3	EDP all versions
	Pump v1.9.0	Pump all versions
	TIB (if using standalone) v1.5.1	TIB all versions

3rd Party Dependencies & Tools

Third Party Dependency	Tested Versions	Compatible Versions	Comments
GoLang	1.21	1.21	Go plugins must be built using Go 1.21
Redis	6.2.x, 7.x	6.2.x, 7.x	Used by Tyk Dashboard
MongoDB	5.0.x, 6.0.x, 7.0.x	5.0.x, 6.0.x, 7.0.x	Used by Tyk Dashboard
PostgreSQL	12.x - 16.x LTS	12.x - 16.x	Used by Tyk Dashboard
OpenAPI Specification	v3.0.x	v3.0.x	Supported by Tyk OAS

Downloads

Docker Image to pull
```
docker pull tykio/tyk-dashboard:v5.3.4
```
Helm charts
tyk-charts v1.4

Changelog

Fixed

Fixed display issue for API stats

Fixed API’s stats not being shown when adding 2 or more tags in the Activity page and using Postgres
Fixed display issue of 429 status codes on the Activity page

Fixed 429 status codes not being shown on the Activity page when using Postgres
Fixed display of graphs and requests counter on Portal

Fixed wrong graphs and incorrect requests counter on Portal when using Postgres
Fixed Error Breakdown display issues with dates

Fixed Error Breakdown issues with dates (it was showing errors that happened on different dates than the one that was actually displayed)

5.3.3 Release Notes

Release Date August 2nd 2024

Breaking Changes

Deprecations

There are no deprecations in this release.

Upgrade Instructions

When upgrading to 5.3.3 please follow the detailed upgrade instructions.

Release Highlights

For a comprehensive list of changes, please refer to the detailed changelog below.

Dependencies

Compatibility Matrix For Tyk Components

Dashboard Version	Recommended Releases	Backwards Compatibility
5.3.3	MDCB v2.5.1	MDCB v2.5.1
	Operator v0.17	Operator v0.16
	Sync v1.4.3	Sync v1.4.3
	Helm Chart (tyk-stack, tyk-oss, tyk-dashboard, tyk-gateway) v1.4.0	Helm all versions
	EDP v1.8.3	EDP all versions
	Pump v1.9.0	Pump all versions
	TIB (if using standalone) v1.5.1	TIB all versions

3rd Party Dependencies & Tools

Third Party Dependency	Tested Versions	Compatible Versions	Comments
GoLang	1.21	1.21	Go plugins must be built using Go 1.21
Redis	6.2.x, 7.x	6.2.x, 7.x	Used by Tyk Dashboard
MongoDB	5.0.x, 6.0.x, 7.0.x	5.0.x, 6.0.x, 7.0.x	Used by Tyk Dashboard
PostgreSQL	12.x - 16.x LTS	12.x - 16.x	Used by Tyk Dashboard
OpenAPI Specification	v3.0.x	v3.0.x	Supported by Tyk OAS

Downloads

Docker Image to pull
```
docker pull tykio/tyk-dashboard:v5.3.3
```
Helm charts
tyk-charts v1.4

Changelog

Added

Corrected ordering of Tyk OAS API paths to prevent Middleware misapplication

Fixed an issue where nested API endpoints, such as ‘/test’ and ‘/test/abc’, might incorrectly apply middleware from the parent path to the nested path. The fix ensures that API endpoint definitions are correctly ordered, preventing this middleware misapplication and ensuring both the HTTP method and URL match accurately.

Fixed

Save API button now visible for all users

Addressed an issue in SSO where user permissions were not correctly applied, ensuring the Save API button is visible to all users in the Dashboard UI.
Dashboard blank page issue when retrieving key for API with mTLS and dynamic JWT Auth fixed

Resolved a bug causing the Dashboard UI to display a blank page when creating a key for an API using static mTLS with dynamic JWT authentication.
Empty Endpoint popularity page issue resolved in version 5.3.1

Addressed an issue where the Dashboard displayed an empty page when accessing Activity by Endpoint information after upgrading to Tyk 5.3.1. Users can now see all necessary information.

5.3.2 Release Notes

Release Date 5th June 2024

Breaking Changes

Attention: Please read this section carefully.

There are no breaking changes in this release, however if moving from a version of Tyk older than 5.3.0 please read the explanation provided with 5.3.0 release.

Deprecations

There are no deprecations in this release.

Upgrade Instructions

When upgrading to 5.3.2 please follow the detailed upgrade instructions.

Release Highlights

This release primarily focuses on bug fixes. For a comprehensive list of changes, please refer to the detailed changelog below.

Dependencies

Compatibility Matrix For Tyk Components

Dashboard Version	Recommended Releases	Backwards Compatibility
5.3.2	MDCB v2.5.1	MDCB v2.5.1
	Operator v0.17	Operator v0.16
	Sync v1.4.3	Sync v1.4.3
	Helm Chart (tyk-stack, tyk-oss, tyk-dashboard, tyk-gateway) v1.4.0	Helm all versions
	EDP v1.8.3	EDP all versions
	Pump v1.9.0	Pump all versions
	TIB (if using standalone) v1.5.1	TIB all versions

3rd Party Dependencies & Tools

Third Party Dependency	Tested Versions	Compatible Versions	Comments
GoLang	1.21	1.21	Go plugins must be built using Go 1.21
Redis	6.2.x, 7.x	6.2.x, 7.x	Used by Tyk Dashboard
MongoDB	5.0.x, 6.0.x, 7.0.x	5.0.x, 6.0.x, 7.0.x	Used by Tyk Dashboard
PostgreSQL	12.x - 16.x LTS	12.x - 16.x	Used by Tyk Dashboard
OpenAPI Specification	v3.0.x	v3.0.x	Supported by Tyk OAS

Downloads

Docker Image to pull
- ```
docker pull tykio/tyk-dashboard:v5.3.2
```
Helm charts
- tyk-charts v1.4

Changelog

Fixed

Fixed Dashboard Analytics for PostgreSQL

Resolved an issue in the api/usage endpoint where the Dashboard with PostgreSQL integration returned unfiltered results when one valid tag was used. Corrected the need for duplicating the same parameter as a workaround for filtering by multiple tags. Results are now properly filtered as expected, improving the accuracy and reliability of analytics data.
Enhanced Password Reset security

Modified default OPA rules to prevent unauthorized admins from modifying other admins’ passwords, mitigating potential ‘rogue admin’ behavior. Tyk Dashboard clients using custom OPA rules should update their rule set accordingly. Contact your assigned Tyk representative for assistance.
Fixed Universal Data Graph Schema Editor Import Issue

Resolved an issue in the GQL schema editor for Data Graphs, where users couldn’t utilize the ‘Import Schema’ button. Now, it’s possible to import files containing GQL schemas into the Dashboard.
Enhanced Dashboard UI language

Adjusted wording in Tyk’s Dashboard UI to ensure inclusivity and clarity, removing any potentially oppressive language.
API Template not associated with Tyk Organization

Fixed an issue where API Templates were not correctly assigned to Tyk Organizations allowing the potential for accidental sharing of secret data between Organizations through use of the incorrect template.
Added control over access to context variables from middleware when using Tyk OAS APIs

Addressed a potential issue when working with Tyk OAS APIs where request context variables are automatically made available to relevant Tyk and custom middleware. We have introduced a control in the Tyk OAS API definition to disable this access if required.
Resolved PostgreSQL Dashboard Analytics issue

Fixed an issue in the api/usage endpoint where Dashboard+Postgres returned unfiltered results with one valid tag, requiring duplication of the parameter as a workaround for multiple tags. Analytics now correctly filter results as expected.

5.3.1 Release Notes

Release Date 24 April 2024

Breaking Changes

Attention: Please read this section carefully.

There are no breaking changes in this release, however if moving from a version of Tyk older than 5.3.0 please read the explanation provided with 5.3.0 release.

Deprecations

There are no deprecations in this release.

Upgrade Instructions

When upgrading to 5.3.1, please follow the detailed upgrade instructions.

Release Highlights

This release primarily focuses on bug fixes. For a comprehensive list of changes, please refer to the detailed changelog below.

Dependencies

Compatibility Matrix For Tyk Components

Dashboard Version	Recommended Releases	Backwards Compatibility
5.3.1	MDCB v2.5.1	MDCB v2.5.1
	Operator v0.17	Operator v0.16
	Sync v1.4.3	Sync v1.4.3
	Helm Chart (tyk-stack, tyk-oss, tyk-dashboard, tyk-gateway) v1.3.0	Helm all versions
	EDP v1.8.3	EDP all versions
	Pump v1.9.0	Pump all versions
	TIB (if using standalone) v1.5.1	TIB all versions

3rd Party Dependencies & Tools

Third Party Dependency	Tested Versions	Compatible Versions	Comments
GoLang	1.21	1.21	Go plugins must be built using Go 1.21
Redis	6.2.x, 7.x	6.2.x, 7.x	Used by Tyk Dashboard
MongoDB	5.0.x, 6.0.x, 7.0.x	5.0.x, 6.0.x, 7.0.x	Used by Tyk Dashboard
PostgreSQL	11.x - 15.x LTS	11.x - 15.x	Used by Tyk Dashboard
OpenAPI Specification	v3.0.x	v3.0.x	Supported by Tyk OAS

Downloads

Docker Image to pull
```
docker pull tykio/tyk-dashboard:v5.3.1
```
Helm charts
- tyk-charts v1.3

Changelog

Fixed

Improved security: user search method transitioned to POST

Improved the behavior of the Dashboard when searching for users to avoid transmitting sensitive information (user email addresses) in the request query parameters. Deprecated the GET method for the /api/users/search endpoint in favor of a POST method with the same logic but with parameters supplied in the request body.
Improved security: removal of Access-Control-Allow-Credentials header

As Tyk Dashboard and Tyk Classic Portal do not accept cross origin requests we have removed the Access-Control-Allow-Credentials header from Dashboard API responses to prevent any potential misuse of the header by attackers. This allows simplification of the web application’s security configuration.
Improved security: mitigation against brute force attacks based on login response time analysis

Implemented a randomised delay to obscure login response times, mitigating brute force attacks that rely on response time analysis.
Improved security: now unable to log into deleted Orgs

Fixed a bug where a user was still able to log into an Organization on the Tyk Dashboard after that Organization had been deleted. Now, when an Organization is deleted, it will not be offered as an option when logging in.
Improved security: suppressed accidental exposure of access keys to stdout

Fixed an issue where access keys could accidentally also be printed to the Dashboard’s stdout when a call was made to /api/keys to retrieve the keys. This has now been suppressed.
Endpoint Designer does not handle wildcards in GraphQL policy allow/block lists

The Endpoint Designer did not correctly display a GraphQL policy’s allow or block list if a wildcard character (*) was used in the list’s definition. This has been fixed and now, if the wildcard (*) is present in the allow/block list definition, the UI correctly displays the list of allowed/blocked fields.
Open Policy Agent editor fails to open on Windows platform

Fixed an issue that was preventing the OPA editor from being visible using the keyboard shortcut when using Microsoft Windows.
Common keyboard shortcuts not working with UDG URL field in Data Graph Designer

Fixed an issue where common keyboard shortcuts (Cmd + X, A, C, V) were not working correctly when configuring the URL field for a UDG data source.
Unexplained HTTP 400 error reported in Tyk OAS API Designer

Fixed an issue in the Tyk OAS API Designer where there was no input validation of the OAuth Introspection URL. The Gateway reported an HTTP 400 error when attempting to save an API with an illegal value, however the API Designer did not guide the user to the source of the error. Now there is automatic validation of the text entered in the Introspection URL field.
Replaced the text editor used in Tyk Dashboard to address cursor issues

Fixed an issue with the text editor in the Tyk OAS API Designer where the cursor was misaligned with where characters would be entered. We have replaced the text editor module throughout the Tyk Dashboard to use a more modern, supported library.
Activity by Graph chart sometimes had display issues

The ‘Top 5 Errors by Graph’ bar chart in the Activity by Graph dashboard experienced display issues with long graph names and sometimes showed empty bars. This has been resolved, and the chart now displays accurately.
Analytics screens fail when too many requests are aggregated

Fixed a bug where some Tyk Dashboard analytics screens stopped working when the analytics aggregates collection grew too large.
Unable to delete APIs from DocumentDB storage

In Tyk 5.2.2 we fixed an issue when using MongoDB and Tyk Security Policies where Tyk could incorrectly grant access to an API after that API had been deleted from the associated policy. This introduced an unintended side-effect for users of DocumentDB such that they were unable to delete APIs from the persistent storage. We identified that this was due to the use of the $expr operator in the solution - and discovered that this is supported by MongoDB but not by DocumentDB. We have now reimplemented the fix and removed the limitation introduced for DocumentDB users.
Unable to clear the API cache in distributed data plane Gateways from the control plane Dashboard

Addressed a bug where clearing the API cache from the Tyk Dashboard failed to invalidate the cache in distributed data plane gateways.

5.3.0 Release Notes

Release Date 5 April 2024

Deployment Options for Tyk Dashboard

Tyk Cloud

Tyk Dashboard 5.3.0 is available on Tyk Cloud since 5th April 2024.

Self-Managed

This release is ready for installation on your own infrastructure.

Breaking Changes

Attention: Please read this section carefully.

Tyk OAS APIs Compatibility Caveats

This upgrade transitions Tyk OAS APIs out of Early Access.

Out of Early access
- This means that from now on, all Tyk OAS APIs will be backwards compatible and in case of a downgrade from 5.3.X to 5.3.0, the Tyk OAS API definitions will always work.
Not Backwards Compatible
- Tyk OAS APIs in Tyk Dashboard v5.3.0 are not backwards compatible. This means that the new Tyk OAS API format used by Tyk Gateway/Dashboard v5.3.X does not work with older versions of Tyk Gateway/Dashboard, i.e. you cannot export these API definitions from a v5.3.X Tyk Dashboard and import to an earlier version.
- The upgrade of Tyk OAS API definitions is not reversible, i.e. you cannot use version 5.3.X Tyk OAS API definitions with an older version of Tyk Dashboard.
- This means that if you wish to downgrade or revert to your previous version of Tyk, you will need to restore these API definitions from a backup. Please go to the backup section for detailed instructions on backup before upgrading to v5.3.0.
- When using MongoDB as your persistent data store, Tyk OAS APIs from v5.3.0 require a minimum version of MongoDB 5.0.
- If you are not using Tyk OAS APIs, Tyk will maintain backward compatibility standards.
Not Forward Compatible
- Tyk OAS API Definitions prior to v5.3.0 are not forward compatible with Tyk Gateway v5.3.X.
- This means that any Tyk OAS APIs created in any previous release (4.1.0-5.2.x) cannot work with the new Tyk Dashboard v5.3.X without being migrated to its latest format.
MDCB deployment and Tyk OAS APIs
- Tyk OAS APIs created in Tyk v5.3.0 will not be loaded by the data plane gateways if you are using MDCB v2.4 or older. This means that MDCB users already working with Tyk OAS APIs must wait for the release of MDCB v2.5 before upgrading Tyk Gateway and Dashboard to v5.3.0.
- Tyk Dashboard v5.3.0 managing Tyk OAS APIs requires Tyk Gateway v5.3.0 and MDCB v2.5.X for proper functionality. Older versions of Tyk Gateway may experience compatibility issues with Tyk OAS API definitions from v5.3.0.
After upgrade (the good news)
- If you had a Tyk OAS API prior to v5.3.0 then Tyk Dashboard will automatically update the API definition to latest format.
- This means that you do not have to do anything to make your Tyk OAS APIs compatible with the new 5.3.0 release as Tyk Dashboard will take care of that during start-up.
- As mentioned above, this upgrade of Tyk OAS API definitions is irreversible.

Important: Please go to the backup section for essential instructions on how to backup before upgrading to v5.3.0

Dependencies

With MongoDB 4.4 reaching EOL in February 2024, we can no longer guarantee full compatibility with this version of the database and recommend upgrading to a version that we have tested with, as indicated below.

Compatibility Matrix For Tyk Components

Dashboard Version	Recommended Releases	Backwards Compatibility
5.3.0	MDCB v2.5	MDCB v2.5
	Operator v0.17	Operator v0.16
	Sync v1.4.3	Sync v1.4.3
	Helm Chart (tyk-stack, tyk-oss, tyk-dashboard, tyk-gateway) v1.3.0	Helm all versions
	EDP v1.8.3	EDP all versions
	Pump v1.9.0	Pump all versions
	TIB (if using standalone) v1.5.1	TIB all versions

3rd Party Dependencies & Tools

Third Party Dependency	Tested Versions	Compatible Versions	Comments
GoLang	1.21	1.21	Go plugins must be built using Go 1.21
Redis	6.2.x, 7.x	6.2.x, 7.x	Used by Tyk Dashboard
MongoDB	5.0.x, 6.0.x, 7.0.x	5.0.x, 6.0.x, 7.0.x	Used by Tyk Dashboard
PostgreSQL	11.x - 15.x LTS	11.x - 15.x	Used by Tyk Dashboard
OpenAPI Specification	v3.0.x	v3.0.x	Supported by Tyk OAS

Given the potential time difference between your upgrade and the release of this version, we recommend users verify the ongoing support of third-party dependencies they install, as their status may have changed since the release.

Deprecations

There are no deprecations in this release.

Upgrade Instructions

The following steps are essential to follow before upgrading

For Self Managed deployments - Backup Your environment using the usual guidance documented with every release (this includes backup config file and database).
For all deployments - Backup all your API definitions (Tyk OAS API and Classic Definitions):
- For Tyk Cloud deployments - To perform the backup please use our guide for exporting APIs and policies.
- For Self-Managed deployments - To perform the backup please use Tyk Sync.
Performing the upgrade - For all deployments, follow the instructions in the upgrade guide when upgrading Tyk.

Release Highlights

We are excited to announce the release of 5.3.0, packed with new features, improvements and bug fixes to enhance your experience with Tyk Dashboard. For a comprehensive list of changes, please refer to the detailed changelog below.

Tyk OAS Feature Maturity

Tyk OAS is now out of Early Access as we have reached feature maturity. You are now able to make use of the majority of Tyk’s features from your Tyk OAS APIs, so they are a credible alternative to the legacy Tyk Classic APIs. From Tyk 5.3.0 we support the following features when using Tyk OAS APIs with Tyk Dashboard:

Security
- All Tyk-supported client-gateway authentication methods including custom auth plugins
- Automatic configuration of authentication from the OpenAPI description
- Gateway-upstream mTLS
- CORS
API-level (global) middleware including:
- Response caching
- Custom plugins for PreAuth, Auth, PostAuth, Post and Response hooks
- API-level rate limits
- Request transformation - headers
- Response transformation - headers
- Service discovery
- Internal API
Endpoint-level (per-path) middleware including:
- Request validation - headers and body (automatically configurable from the OpenAPI description)
- Request transformation - method, headers and body
- Response transformation - headers and body
- URL rewrite and internal endpoints
- Mock responses (automatically configurable from the OpenAPI description)
- Response caching
- Custom Go Post-Plugin
- Request size limit
- Virtual endpoint
- Allow and block listing
- Do-not-track
- Circuit breakers
- Enforced timeouts
- Ignore authentication
Observability
- Open Telemetry tracing
- Detailed log recording (include payload in the logs)
- Do-not-track endpoint
Governance
- API Versioning
- API Categories
- API Ownership

API Templates

Exclusively for Tyk OAS APIs, we are pleased to announce the introduction of API Templates: an API governance feature provided to streamline the process of creating APIs. An API template is an asset managed by Tyk Dashboard that is used as the starting point - a blueprint - from which you can create a new Tyk OAS API definition. With templates you can standardize configuration of your APIs more easily, combining your service-specific OpenAPI descriptions with enterprise requirements such as health endpoints, caching and authorization.

Enhanced User Permissions

Introducing allow list in field-based permissions via the Dashboard specifically tailored for GraphQL APIs. Users can now define granular access control for API key holders based on types and fields from a GraphQL schema. This feature enhances security and flexibility in managing API access, providing a more tailored and secure experience for users.

We’ve introduced global header management specifically for UDG, simplifying header configuration across all data sources. Users can now effortlessly add, adjust, and delete multiple global headers, ensuring consistency and efficiency throughout API management, ultimately saving developers time and effort

GraphQL focused analytics

We have made the first step towards bringing our users GraphQL-focused monitoring capabilities. Users can now gain valuable insights into error trends and usage patterns for GraphQL APIs, when storing graph analytics in SQL databases. With the addition of popularity and error bar charts, users can delve deeper into their data, facilitating optimization and troubleshooting efforts.

Redis v7.x Compatibility

We have upgraded Redis driver go-redis to v9. Subsequently, Tyk 5.3 is compatible with Redis v7.x.

MongoDB v7.0.x Compatibility

We have upgraded mongo-go driver to mongo-go v1.13.1. It allows us to benefit from the bug fixes and enhancements released by MongoDB. We have also tested that both Tyk 5.0.x+ and Tyk 5.3 are compatible with MongoDB v7.0.x.

Downloads

Docker Image to pull
```
docker pull tykio/tyk-dashboard:v5.3.0
```
Helm charts
- tyk-charts GH Repo

Changelog

Added

Additional features now supported in Tyk OAS API Designer when working with Tyk OAS APIs

The following features have been added in 5.3.0 to bring Tyk OAS to feature maturity:
- Detailed log recording (include payload in the logs)
- Enable Open Telemetry tracing
- API-level header transforms (request and response)
- Endpoint-level cache
- Circuit breakers
- Track endpoint logs for inclusion in Dashboard aggregated data
- Do-not-track endpoint
- Enforced upstream timeouts
- Configure endpoint as Internal (not available externally)
- URL rewrite
- Per-endpoint request size limit
- Request transformation - method, header
- Response transformation - header
- Custom domain certificates
Implemented Design Elements for GraphQL Permissions

Support for field-based permissions allow list has been added in the Dashboard. Users can now define which types and fields from a GraphQL schema an API key holder can access by simply putting a tick next to them in the policy/key definition screens.
Added API Categories support for Tyk OAS APIs

In this update, we’ve added support for API Categories for Tyk OAS APIs in the Tyk Dashboard, enhancing portfolio management by enabling efficient categorization and organization of APIs.
Added API Ownership support for Tyk OAS APIs

We’ve extended the API ownership capabilities of Tyk Dashboard to Tyk OAS APIs. This feature allows you to manage visibility of APIs deployed on the Dashboard, streamlining governance processes and enhancing internal security.
Added API Templates for Tyk OAS APIs

Extended Tyk Dashboard API to support CRUD operations on API Templates, enabling users to create, apply, and manage templates programmatically.

Added Dashboard UI functionality for creation and management of API Templates, including the ability to create templates from existing Tyk OAS APIs. You can apply templates during API creation, including when importing OpenAPI documents. Access to API templates is controlled through the introduction of a new user permission.
Import OpenAPI Documents from File or URL

Now you can import the OpenAPI description from a file or URL when creating or updating your Tyk OAS APIs.
Introduced Global Header Management for GraphQL

Access the new Global Header Management feature directly through the Headers Management tab. Swiftly add and configure multiple global headers or remove them with a single click, ensuring they’re forwarded to all GraphQL data sources. This enhancement streamlines header management, providing a more user-friendly experience.
Added monitoring capabilities for GraphQL APIs in the Dashboard

We’ve enabled basic Graph monitoring in the Dashboard. Due to the specificity of GQL APIs, monitoring them as you would REST, is not enough. One endpoint vs multiple endpoints, multiple queries/mutations vs HTTP methods, errors that happen not only in HTTP layer but also come back in response body - that all makes monitoring GQL slightly more complex than just looking at request and error rates.

A new section of the Dashboard offers the following information:
- top 5 most popular graphs and operations requested within them within a specified period of time
- top 5 graphs with errors within a specified period of time
- summary of number of requests, number of successful responses, number of errors, average latency and last access date within a specified period of time for all graphs
Support MongoDB v7.0.x

Tyk 5.3 integrates with storage v1.2.2, which updated mongo-go driver we use from v1.11.2 to mongo-go v1.13.1. It allows us to benefit from the bug fixes and enhancements released by MongoDB. We have also tested that Tyk 5.0.x+ is compatible with MongoDB v7.0.x
Support Redis v7.0.x

Tyk 5.3 refactors Redis connection logic by using storage v1.2.2, which integrates with go-redis v9. Subsequently, support now exists for Redis v7.0.x.

Changed

Enhanced Dashboard Navigation: Introducing Favorite Screens

Every Dashboard menu item can now be flagged as a favorite so that it is pinned to the top of the menu navigation bar for easier access. We’ve also made a few changes in styling, so that the navigation menu is nicer to look at.
Improved UI for GraphQL Data Source Headers Management

We have moved data source header management to a separate tab, so that it is easy to configure global headers that will be forwarded to all data sources by default. The data source configuration screen displays all headers that will be sent with the upstream request in read-only mode now and changes can be made by switching to Headers Management tab.
Go 1.21 upgrade for Dashboard

We have updated Tyk Dashboard to use Go 1.21, matching the upgrade in Tyk Gateway 1.21. Remember to recompile any custom Go plugins with the matching version of Go to avoid incompatibility problems.
The internal TIB session secret defaults to admin_secret if it is not set explicitly

If internal TIB is enabled in Dashboard and the TYK_IB_SESSION_SECRET environment variable is not set, it will be default to Dashboard admin_secret. It provides better security and user experience because SSO flow would not work if TYK_IB_SESSION_SECRET is not set.
Set default MongoDB driver to mongo-go

Tyk uses mongo-go as the default MongoDB driver from v5.3. This provides support for MongoDB 4.4.x, 5.0.x, 6.0.x and 7.0.x. If you are using older MongoDB versions e.g. 3.x, please set MongoDB driver to mgo. The MongoDB supported versions page provides details on how to configure MongoDB drivers in Tyk.

Fixed

Resolved OPA rule restriction on UDG OAS import endpoint

We fixed an issue where OPA rules were preventing users from importing an OpenAPI document as a UDG data source using the /api/data-graphs/data-sources/import endpoint. The endpoint has now been included into the correct user permission group and will be accessible for users who have api:write permissions.
Optimized Policy Creation Endpoint

Fixed an issue where applying security policies to large numbers of APIs took a long time. We’ve implemented bulk processing in the validation step at the api/portal/policies/POLICY_ID endpoint, resulting in an 80% reduction in the time taken to apply a policy to 2000 APIs.
Improved Security for Classic Portal

Moved all HTML inline scripts to their own script files, to accommodate the content security policies that have been enabled, to increase security.
Errors importing larger OpenAPI Documents

Fixed an issue when importing reasonably large OpenAPI documents via the Dashboard would fail due to MongoDB storage limitation of 16 MB per document.
Removed the need for a Description to be provided in the OpenAPI schema when autogenerating a Tyk OAS mock response

Relaxed the strict validation for mock response so that the Description field is now optional for response, responses and schema within the OpenAPI description. Automatically configuring mock responses when using Tyk OAS APIs is now even easier.
Fixed SSO flow for Classic Developer Portal

For Classic Portal cookies and Dashboard, use SameSite = SameSiteLaxMode so that SSO flows can be performed
Remove unnecessary warning output from `tyk-dashboard --version`

Remove the following unnecessary warning output when users use the tyk-dashboard --version command to check dashboard version.

WARN toth/tothic: no TYK_IB_SESSION_SECRET environment variable is set. The default cookie store is not available and any calls will fail. Ignore this warning if you are using a different store.

Security Fixes

High priority CVEs fixed

Fixed the following high priority CVEs identified in the Tyk Dashboard, providing increased protection against security vulnerabilities:
- CVE-2023-39325
- CVE-2023-45283

Further Information

Upgrading Tyk

Please refer to the upgrading Tyk page for further guidance on the upgrade strategy.

API Documentation

FAQ

Please visit our Developer Support page for further information relating to reporting bugs, upgrading Tyk, technical support and how to contribute.