Tyk Dashboard 5.4 Release Notes
Last updated: 5 minutes read.
This page contains all release notes for version 5.4.X displayed in a reverse chronological order
Support Lifetime
Our minor releases are supported until our next minor comes out.
5.4.0 Release Notes
Release Date 2 July 2024
Breaking Changes
Attention: Please read this section carefully There are no breaking changes in this release.
Dependencies
Compatibility Matrix For Tyk Components
| Dashboard Version | Recommended Releases | Backwards Compatibility |
|---|---|---|
| 5.4.0 | MDCB v2.6.0 | MDCB v2.5.1 |
| Operator v0.18 | Operator v0.17 | |
| Sync v1.5.0 | Sync v1.4.3 | |
| Helm Chart v1.5.0 | Helm all versions | |
| EDP v1.10.0 | EDP all versions | |
| Pump v1.10.0 | Pump all versions | |
| TIB (if using standalone) v1.5.1 | TIB all versions |
3rd Party Dependencies & Tools
| Third Party Dependency | Tested Versions | Compatible Versions | Comments |
|---|---|---|---|
| GoLang | 1.21 | 1.21 | Go plugins must be built using Go 1.21 |
| Redis | 6.2.x, 7.x | 6.2.x, 7.x | Used by Tyk Dashboard |
| MongoDB | 5.0.x, 6.0.x, 7.0.x | 5.0.x, 6.0.x, 7.0.x | Used by Tyk Dashboard |
| PostgreSQL | 12.x - 16.x LTS | 12.x - 16.x | Used by Tyk Dashboard |
| OpenAPI Specification | v3.0.x | v3.0.x | Supported by Tyk OAS |
Deprecations
There are no deprecations in this release.
Upgrade instructions
If you are upgrading to 5.4.0, please follow the detailed upgrade instructions. Add upgrade steps here if necessary.
Release Highlights
We’re thrilled to introduce exciting enhancements in Tyk Dashboard 5.4, aimed at improving your experience with Tyk Dashboard. For a comprehensive list of changes, please refer to the change log below.
Event handling for Tyk OAS APIs
We’ve added support for you to register webhooks with your Tyk OAS APIs so that you can handle events triggered by the Gateway, including circuit breaker and quota expiry. You can also assign webhooks to be fired when using the new smoothing rate limiter to notify your systems of ongoing traffic spikes. For more details see the documentation.
Enhanced Header Handling in GraphQL APIs
Introduced a features object in API definitions for GQL APIs, including the use_immutable_headers attribute. This allows advanced header control, enabling users to add new headers, rewrite existing ones, and selectively remove specific headers. Existing APIs will have this attribute set to false by default, ensuring no change in behavior. For new APIs, this attribute is true by default, facilitating smoother migration and maintaining backward compatibility.
Downloads
- Docker Image to pull
-
docker pull tykio/tyk-dashboard:v5.4.0 - Helm charts
Changelog
Added
-
Introduced Rate Limit Smoothing for Redis Rate Limiter
Implemented a rate limit smoothing mechanism to gradually adjust the rate limit as the request rate increases and decreases between an intermediate threshold and the maximum rate limit. New
RateLimitSmoothingUpandRateLimitSmoothingDownevents will be triggered as this smoothing occurs, supporting auto-scaling of upstream capacity. The smoothing process gradually increases the rate, thereby unblocking clients that exceed the current request rate in a staggered manner. -
Updated API designer toolbar for GraphQL and Universal Data Graph
Revamped the API designer toolbar for GraphQL and Universal Data Graph, consolidating all relevant actions for each API type under a single menu dropdown for improved usability.
-
Updated API designer toolbar for HTTP and TCP
Revamped the API designer toolbar for HTTP and TCP, consolidating all relevant actions for each API type under a single menu dropdown for improved usability.
-
New Tyk OAS features
We’ve added some more features to the Tyk OAS API, moving closer to full parity with Tyk Classic. In this release we’ve added controls that allow you: to enable or prevent generation of traffic logs at the API-level; to enable or prevent the availability of session context to middleware and to pin public key certificates to an API. We’ve also added the facility to register webhooks that will be fired in response to Gateway events.
-
New Dashboard API endpoints
We have added a new
/oas/dry-runendpoint to the Tyk Dashboard API. This uses the Dashboard’s logic to create or update a Tyk OAS API definition using an OpenAPI document without instantiating the API on the Tyk platform.
Fixed
-
Fixed template inheritance issue in API Designer
Resolved a bug in the API Designer where certain properties, such as
use_immutable_headers, were not correctly inherited from the new API template. This fix ensures all default settings from the template are properly applied when creating a new API. -
Corrected assignment issue for API Templates in Tyk organizations
Fixed an issue where API Templates were not correctly assigned to Tyk Organizations, preventing potential accidental sharing of secret data between Organizations through the use of incorrect templates.
-
Addressed keyboard shortcut issues in Universal Data Graph URL field configuration
Fixed an issue where common keyboard shortcuts (Cmd + X, A, C, V) were not functioning correctly when configuring the URL field for a UDG data source.
-
Streamlined data source import endpoint in Dashboard API
Improved the data source import endpoint in the Dashboard API by removing the need for users to convert OpenAPI/AsyncAPI documents into strings before submission. Users can now provide the documents directly, enhancing the overall user experience.
-
Enhanced password reset security
Modified default OPA rules to fix an issue where admins were unable to reset their own password. Tyk Dashboard clients using custom OPA rules should update their rule set accordingly. Contact your assigned Tyk representative for assistance.
-
Corrected filtering for Dashboard Analytics with PostgreSQL
Addressed an issue in the api/usage endpoint where Dashboard analytics with PostgreSQL returned unfiltered results. The endpoint now correctly filters results, eliminating the need for duplicating parameters to handle multiple tags.
-
Minor Dashboard UI fixes and improvements
We have made some improvements to the wording used in the Dashboard user interface and fixed some minor usability issues.
Security Fixes
-
High priority CVEs fixed
Fixed the following high priority CVEs identified in the Tyk Dashboard, providing increased protection against security vulnerabilities: - [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) - [CVE-2023-45283](https://nvd.nist.gov/vuln/detail/CVE-2023-45283)
Further Information
Upgrading Tyk
Please refer to the upgrading Tyk page for further guidance on the upgrade strategy.
API Documentation
FAQ
Please visit our Developer Support page for further information relating to reporting bugs, upgrading Tyk, technical support and how to contribute.