Home
Deployment and Operations
API Management
Product Stack
Developer Support
APIM Best Practice

Tyk Dashboard 5.3 Release Notes

Last updated: 17 minutes read.

This page contains all release notes for version 5.3.X displayed in a reverse chronological order

Support Lifetime

Our minor releases are supported until our next minor comes out.

5.3.1 Release Notes

Release Date 24 April 2024

Breaking Changes

Attention: Please read this section carefully.

There are no breaking changes in this release, however if moving from an version of Tyk older than 5.3.0 please read the explanation provided with 5.3.0 release.

Deprecations

There are no deprecations in this release.

Upgrade Instructions

If you are using 5.3.0 we advise you to upgrade ASAP and if you are on an older version you should first upgrade to 5.3.0 and then upgrade directly to this release. Go to the Upgrading Tyk section for detailed upgrade instructions.

Release Highlights

This release primarily focuses on bug fixes. For a comprehensive list of changes, please refer to the detailed changelog below.

Dependencies

Compatibility Matrix For Tyk Components

Dashboard Version Recommended Releases Backwards Compatibility
5.3.1 MDCB v2.5.1 MDCB v2.5.1
Operator v0.17 Operator v0.16
Sync v1.4.3 Sync v1.4.3
Helm Chart (tyk-stack, tyk-oss, tyk-dashboard, tyk-gateway) v1.3.0 Helm all versions
EDP v1.8.3 EDP all versions
Pump v1.9.0 Pump all versions
TIB (if using standalone) v1.5.1 TIB all versions

3rd Party Dependencies & Tools

Third Party Dependency Tested Versions Compatible Versions Comments
GoLang 1.21 1.21 Go plugins must be built using Go 1.21
Redis 6.2.x, 7.x 6.2.x, 7.x Used by Tyk Dashboard
MongoDB 5.0.x, 6.0.x, 7.0.x 4.4.x, 5.0.x, 6.0.x, 7.0.x Used by Tyk Dashboard
PostgreSQL 11.x - 15.x LTS 11.x - 15.x Used by Tyk Dashboard
OpenAPI Specification v3.0.x v3.0.x Supported by Tyk OAS

Downloads

Changelog

Fixed

  • Improved security: user search method transitioned to POST

    Improved the behaviour of the Dashboard when searching for users to avoid transmitting sensitive information (user email addresses) in the request query parameters. Deprecated the GET method for the /api/users/search endpoint in favour of a POST method with the same logic but with parameters supplied in the request body.

  • Improved security: removal of Access-Control-Allow-Credentials header

    As Tyk Dashboard and Tyk Classic Portal do not accept cross origin requests we have removed the Access-Control-Allow-Credentials header from Dashboard API responses to prevent any potential misuse of the header by attackers. This allows simplification of the web application’s security configuration.

  • Improved security: mitigation against brute force attacks based on login response time analysis

    Implemented a randomised delay to obscure login response times, mitigating brute force attacks that rely on response time analysis.

  • Improved security: now unable to log into deleted Orgs

    Fixed a bug where a user was still able to log into an Organisation on the Tyk Dashboard after that Organisation had been deleted. Now, when an Organisation is deleted, it will not be offered as an option when logging in.

  • Improved security: suppressed accidental exposure of access keys to stdout

    Fixed an issue where access keys could accidentally also be printed to the Dashboard’s stdout when a call was made to /api/keys to retrieve the keys. This has now been suppressed.

  • Endpoint Designer does not handle wildcards in GraphQL policy allow/block lists

    The Endpoint Designer did not correctly display a GraphQL policy’s allow or block list if a wildcard character (*) was used in the list’s definition. This has been fixed and now, if the wildcard (*) is present in the allow/block list definition, the UI correctly displays the list of allowed/blocked fields.

  • Open Policy Agent editor fails to open on Windows platform

    Fixed an issue that was preventing the OPA editor from being visible using the keyboard shortcut when using Microsoft Windows.

  • Common keyboard shortcuts not working with UDG URL field in Data Graph Designer

    Fixed an issue where common keyboard shortcuts (Cmd + X, A, C, V) were not working correctly when configuring the URL field for a UDG data source.

  • Unexplained HTTP 400 error reported in Tyk OAS API Designer

    Fixed an issue in the Tyk OAS API Designer where there was no input validation of the OAuth Introspection URL. The Gateway reported an HTTP 400 error when attempting to save an API with an illegal value, however the API Designer did not guide the user to the source of the error. Now there is automatic validation of the text entered in the Introspection URL field.

  • Replaced the text editor used in Tyk Dashboard to address cursor issues

    Fixed an issue with the text editor in the Tyk OAS API Designer where the cursor was misaligned with where characters would be entered. We have replaced the text editor module throughout the Tyk Dashboard to use a more modern, supported library.

  • Activity by Graph chart sometimes had display issues

    The ‘Top 5 Errors by Graph’ bar chart in the Activity by Graph dashboard experienced display issues with long graph names and sometimes showed empty bars. This has been resolved, and the chart now displays accurately.

  • Analytics screens fail when too many requests are aggregated

    Fixed a bug where some Tyk Dashboard analytics screens stopped working when the analytics aggregates collection grew too large.

  • Unable to delete APIs from DocumentDB storage

    In Tyk 5.2.2 we fixed an issue when using MongoDB and Tyk Security Policies where Tyk could incorrectly grant access to an API after that API had been deleted from the associated policy. This introduced an unintended side-effect for users of DocumentDB such that they were unable to delete APIs from the persistent storage. We identified that this was due to the use of the $expr operator in the solution - and discovered that this is supported by MongoDB but not by DocumentDB. We have now reimplemented the fix and removed the limitation introduced for DocumentDB users.

  • Unable to clear the API cache in distributed data plane Gateways from the control plane Dashboard

    Addressed a bug where clearing the API cache from the Tyk Dashboard failed to invalidate the cache in distributed data plane gateways.

5.3.0 Release Notes

Release Date 5 April 2024

Deployment Options for Tyk Dashboard

Tyk Cloud

Tyk 5.3.0 will be available on Tyk Cloud in the coming weeks. We’ll update this page once it’s ready.

Self-Managed

This release is ready for installation on your own infrastructure.

Breaking Changes

Attention: Please read this section carefully.

Tyk OAS APIs Compatibility Caveats

This upgrade transitions Tyk OAS APIs out of Early Access.

  • Out of Early access
    • This means that from now on, all Tyk OAS APIs will be backwards compatible and in case of a downgrade from 5.3.X to 5.3.0, the Tyk OAS API definitions will always work.
  • Not Backwards Compatible
    • Tyk OAS APIs in Tyk Dashboard v5.3.0 are not backwards compatible. This means that the new Tyk OAS API format used by Tyk Gateway/Dashboard v5.3.X does not work with older versions of Tyk Gateway/Dashboard, i.e. you cannot export these API definitions from a v5.3.X Tyk Dashboard and import to an earlier version.
    • The upgrade of Tyk OAS API definitions is not reversible, i.e. you cannot use version 5.3.X Tyk OAS API definitions with an older version of Tyk Dashboard.
    • This means that if you wish to downgrade or revert to your previous version of Tyk, you will need to restore these API definitions from a backup. Please go to the backup section for detailed instructions on backup before upgrading to v5.3.0.
    • If you are not using Tyk OAS APIs, Tyk will maintain backward compatibility standards.
  • Not Forward Compatible
    • Tyk OAS API Definitions prior to v5.3.0 are not forward compatible with Tyk Gateway v5.3.X.
    • This means that any Tyk OAS APIs created in any previous release (4.1.0-5.2.x) cannot work with the new Tyk Dashboard v5.3.X without being migrated to its latest format.
  • MDCB deployment and Tyk OAS APIs
    • Tyk OAS APIs created in Tyk v5.3.0 will not be loaded by the data plane gateways if you are using MDCB v2.4 or older. This means that MDCB users already working with Tyk OAS APIs must wait for the release of MDCB v2.5 before upgrading Tyk Gateway and Dashboard to v5.3.0.
    • Tyk Dashboard v5.3.0 managing Tyk OAS APIs requires Tyk Gateway v5.3.0 and MDCB v2.5.X for proper functionality. Older versions of Tyk Gateway may experience compatibility issues with Tyk OAS API definitions from v5.3.0.
  • After upgrade (the good news)
    • If you had a Tyk OAS API prior to v5.3.0 then Tyk Dashboard will automatically update the API definition to latest format.
    • This means that you do not have to do anything to make your Tyk OAS APIs compatible with the new 5.3.0 release as Tyk Dashboard will take care of that during start-up.
    • As mentioned above, this upgrade of Tyk OAS API definitions is irreversible.

Important: Please go to the backup section for essential instructions on how to backup before upgrading to v5.3.0

Dependencies

Compatibility Matrix For Tyk Components

Dashboard Version Recommended Releases Backwards Compatibility
5.3.0 MDCB v2.5 MDCB v2.5
Operator v0.17 Operator v0.16
Sync v1.4.3 Sync v1.4.3
Helm Chart (tyk-stack, tyk-oss, tyk-dashboard, tyk-gateway) v1.3.0 Helm all versions
EDP v1.8.3 EDP all versions
Pump v1.9.0 Pump all versions
TIB (if using standalone) v1.5.1 TIB all versions

3rd Party Dependencies & Tools

Third Party Dependency Tested Versions Compatible Versions Comments
GoLang 1.21 1.21 Go plugins must be built using Go 1.21
Redis 6.2.x, 7.x 6.2.x, 7.x Used by Tyk Dashboard
MongoDB 5.0.x, 6.0.x, 7.0.x 4.4.x, 5.0.x, 6.0.x, 7.0.x Used by Tyk Dashboard
PostgreSQL 11.x - 15.x LTS 11.x - 15.x Used by Tyk Dashboard
OpenAPI Specification v3.0.x v3.0.x Supported by Tyk OAS

Given the potential time difference between your upgrade and the release of this version, we recommend users verify the ongoing support of third-party dependencies they install, as their status may have changed since the release.

Deprecations

There are no deprecations in this release.

Upgrade Instructions

The following steps are essential to follow before upgrading

  1. For Self Managed deployments - Backup Your environment using the usual guidance documented with every release (this includes backup config file and database).
  2. For all deployments - Backup all your API definitions (Tyk OAS API and Classic Definitions):
    • For Tyk Cloud deployments - To perform the backup please use our guide for exporting APIs and policies.
    • For Self-Managed deployments - To perform the backup please use Tyk Sync.
  3. Performing the upgrade - For all deployments, follow the instructions in the upgrade guide when upgrading Tyk.

Release Highlights

We are excited to announce the release of 5.3.0, packed with new features, improvements and bug fixes to enhance your experience with Tyk Dashboard. For a comprehensive list of changes, please refer to the detailed changelog below.

Tyk OAS Feature Maturity

Tyk OAS is now out of Early Access as we have reached feature maturity. You are now able to make use of the majority of Tyk’s features from your Tyk OAS APIs, so they are a credible alternative to the legacy Tyk Classic APIs. From Tyk 5.3.0 we support the following features when using Tyk OAS APIs with Tyk Dashboard:

  • Security

    • All Tyk-supported client-gateway authentication methods including custom auth plugins
    • Automatic configuration of authentication from the OpenAPI description
    • Gateway-upstream mTLS
    • CORS

  • API-level (global) middleware including:

    • Response caching
    • Custom plugins for PreAuth, Auth, PostAuth, Post and Response hooks
    • API-level rate limits
    • Request transformation - headers
    • Response transformation - headers
    • Service discovery
    • Internal API

  • Endpoint-level (per-path) middleware including:

    • Request validation - headers and body (automatically configurable from the OpenAPI description)
    • Request transformation - method, headers and body
    • Response transformation - headers and body
    • URL rewrite and internal endpoints
    • Mock responses (automatically configurable from the OpenAPI description)
    • Response caching
    • Custom Go Post-Plugin
    • Request size limit
    • Virtual endpoint
    • Allow and block listing
    • Do-not-track
    • Circuit breakers
    • Enforced timeouts
    • Ignore authentication

  • Observability

    • Open Telemetry tracing
    • Detailed log recording (include payload in the logs)
    • Do-not-track endpoint

  • Governance

    • API Versioning
    • API Categories
    • API Ownership

API Templates

Exclusively for Tyk OAS APIs, we are pleased to announce the introduction of API Templates: an API governance feature provided to streamline the process of creating APIs. An API template is an asset managed by Tyk Dashboard that is used as the starting point - a blueprint - from which you can create a new Tyk OAS API definition. With templates you can standardise configuration of your APIs more easily, combining your service-specific OpenAPI descriptions with enterprise requirements such as health endpoints, caching and authorisation.

Enhanced User Permissions

Introducing allow list in field-based permissions via the Dashboard specifically tailored for GraphQL APIs. Users can now define granular access control for API key holders based on types and fields from a GraphQL schema. This feature enhances security and flexibility in managing API access, providing a more tailored and secure experience for users.

Global Header Management

We’ve introduced global header management specifically for UDG, simplifying header configuration across all data sources. Users can now effortlessly add, adjust, and delete multiple global headers, ensuring consistency and efficiency throughout API management, ultimately saving developers time and effort

GraphQL focused analytics

We have made the first step towards bringing our users GraphQL-focused monitoring capabilities. Users can now gain valuable insights into error trends and usage patterns for GraphQL APIs, when storing graph analytics in SQL databases. With the addition of popularity and error bar charts, users can delve deeper into their data, facilitating optimization and troubleshooting efforts.

Redis v7.x Compatibility

We have upgraded Redis driver go-redis to v9. Subsequently, Tyk 5.3 is compatible with Redis v7.x.

MongoDB v7.0.x Compatibility

We have upgraded mongo-go driver to mongo-go v1.13.1. It allows us to benefit from the bug fixes and enhancements released by MongoDB. We have also tested that both Tyk 5.0.x+ and Tyk 5.3 are compatible with MongoDB v7.0.x.

Downloads

Changelog

Added

  • Additional features now supported in Tyk OAS API Designer when working with Tyk OAS APIs

    The following features have been added in 5.3.0 to bring Tyk OAS to feature maturity:

    • Detailed log recording (include payload in the logs)
    • Enable Open Telemetry tracing
    • API-level header transforms (request and response)
    • Endpoint-level cache
    • Circuit breakers
    • Track endpoint logs for inclusion in Dashboard aggregated data
    • Do-not-track endpoint
    • Enforced upstream timeouts
    • Configure endpoint as Internal (not available externally)
    • URL rewrite
    • Per-endpoint request size limit
    • Request transformation - method, header
    • Response transformation - header
    • Custom domain certificates
  • Implemented Design Elements for GraphQL Permissions

    Support for field-based permissions allow list has been added in the Dashboard. Users can now define which types and fields from a GraphQL schema an API key holder can access by simply putting a tick next to them in the policy/key definition screens.

  • Added API Categories support for Tyk OAS APIs

    In this update, we’ve added support for API Categories for Tyk OAS APIs in the Tyk Dashboard, enhancing portfolio management by enabling efficient categorization and organisation of APIs.

  • Added API Ownership support for Tyk OAS APIs

    We’ve extended the API ownership capabilities of Tyk Dashboard to Tyk OAS APIs. This feature allows you to manage visibility of APIs deployed on the Dashboard, streamlining governance processes and enhancing internal security.

  • Added API Templates for Tyk OAS APIs

    Extended Tyk Dashboard API to support CRUD operations on API Templates, enabling users to create, apply, and manage templates programmatically.

    Added Dashboard UI functionality for creation and management of API Templates, including the ability to create templates from existing Tyk OAS APIs. You can apply templates during API creation, including when importing OpenAPI documents. Access to API templates is controlled through the introduction of a new user permission.

  • Import OpenAPI Documents from File or URL

    Now you can import the OpenAPI description from a file or URL when creating or updating your Tyk OAS APIs.

  • Introduced Global Header Management for GraphQL

    Access the new Global Header Management feature directly through the Headers Management tab. Swiftly add and configure multiple global headers or remove them with a single click, ensuring they’re forwarded to all GraphQL data sources. This enhancement streamlines header management, providing a more user-friendly experience.

  • Added monitoring capabilities for GraphQL APIs in the Dashboard

    We’ve enabled basic Graph monitoring in the Dashboard. Due to the specificity of GQL APIs, monitoring them as you would REST, is not enough. One endpoint vs multiple endpoints, multiple queries/mutations vs HTTP methods, errors that happen not only in HTTP layer but also come back in response body - that all makes monitoring GQL slightly more complex than just looking at request and error rates.

    A new section of the Dashboard offers the following information:

    • top 5 most popular graphs and operations requested within them within a specified period of time
    • top 5 graphs with errors within a specified period of time
    • summary of number of requests, number of successful responses, number of errors, average latency and last access date within a specified period of time for all graphs
  • Support MongoDB v7.0.x

    Tyk 5.3 integrates with storage v1.2.2, which updated mongo-go driver we use from v1.11.2 to mongo-go v1.13.1. It allows us to benefit from the bug fixes and enhancements released by MongoDB. We have also tested that Tyk 5.0.x+ is compatible with MongoDB v7.0.x

  • Support Redis v7.0.x

    Tyk 5.3 refactors Redis connection logic by using storage v1.2.2, which integrates with go-redis v9. Subsequently, support now exists for Redis v7.0.x.

Changed

  • Enhanced Dashboard Navigation: Introducing Favourite Screens

    Every Dashboard menu item can now be flagged as a favourite so that it is pinned to the top of the menu navigation bar for easier access. We’ve also made a few changes in styling, so that the navigation menu is nicer to look at.

  • Improved UI for GraphQL Data Source Headers Management

    We have moved data source header management to a separate tab, so that it is easy to configure global headers that will be forwarded to all data sources by default. The data source configuration screen displays all headers that will be sent with the upstream request in read-only mode now and changes can be made by switching to Headers Management tab.

  • Go 1.21 upgrade for Dashboard

    We have updated Tyk Dashboard to use Go 1.21, matching the upgrade in Tyk Gateway 1.21. Remember to recompile any custom Go plugins with the matching version of Go to avoid incompatibility problems.

  • The internal TIB session secret defaults to admin_secret if it is not set explicitly

    If internal TIB is enabled in Dashboard and the TYK_IB_SESSION_SECRET environment variable is not set, it will be default to Dashboard admin_secret. It provides better security and user experience because SSO flow would not work if TYK_IB_SESSION_SECRET is not set.

  • Set default MongoDB driver to mongo-go

    Tyk uses mongo-go as the default MongoDB driver from v5.3. This provides support for MongoDB 4.4.x, 5.0.x, 6.0.x and 7.0.x. If you are using older MongoDB versions e.g. 3.x, please set MongoDB driver to mgo. The MongoDB supported versions page provides details on how to configure MongoDB drivers in Tyk.

Fixed

  • Resolved OPA rule restriction on UDG OAS import endpoint

    We fixed an issue where OPA rules were preventing users from importing an OpenAPI document as a UDG data source using the /api/data-graphs/data-sources/import endpoint. The endpoint has now been included into the correct user permission group and will be accessible for users who have api:write permissions.

  • Optimised Policy Creation Endpoint

    Fixed an issue where applying security policies to large numbers of APIs took a long time. We’ve implemented bulk processing in the validation step at the api/portal/policies/POLICY_ID endpoint, resulting in an 80% reduction in the time taken to apply a policy to 2000 APIs.

  • Improved Security for Classic Portal

    Moved all HTML inline scripts to their own script files, to accommodate the content security policies that have been enabled, to increase security.

  • Errors importing larger OpenAPI Documents

    Fixed an issue when importing reasonably large OpenAPI documents via the Dashboard would fail due to MongoDB storage limitation of 16 MB per document.

  • Removed the need for a Description to be provided in the OpenAPI schema when autogenerating a Tyk OAS mock response

    Relaxed the strict validation for mock response so that the Description field is now optional for response, responses and schema within the OpenAPI description. Automatically configuring mock responses when using Tyk OAS APIs is now even easier.

  • Fixed SSO flow for Classic Developer Portal

    For Classic Portal cookies and Dashboard, use SameSite = SameSiteLaxMode so that SSO flows can be performed

  • Remove unnecessary warning output from `tyk-dashboard --version`

    Remove the following unnecessary warning output when users use the tyk-dashboard --version command to check dashboard version.

    WARN toth/tothic: no TYK_IB_SESSION_SECRET environment variable is set. The default cookie store is not available and any calls will fail. Ignore this warning if you are using a different store.

Security Fixes

  • High priority CVEs fixed

    Fixed the following high priority CVEs identified in the Tyk Dashboard, providing increased protection against security vulnerabilities:

Further Information

Upgrading Tyk

Please refer to the upgrading Tyk page for further guidance on the upgrade strategy.

API Documentation

FAQ

Please visit our Developer Support page for further information relating to reporting bugs, upgrading Tyk, technical support and how to contribute.

See also

Return to Top
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.
   Read More