Tyk Dashboard 5.7 Release Notes

Last updated: 7 minutes read.

This page contains all release notes for version 5.7.X displayed in a reverse chronological order

Support Lifetime

Our minor releases are supported until our next minor comes out.

5.7.0 Release Notes

Release Date 03 December 2024

Release Highlights

We are thrilled to announce new updates and improvements in Tyk 5.7.0, bringing more control, flexibility, and performance. For a comprehensive list of changes, please refer to the detailed changelog below.

Tyk Streams can be configured through Tyk Dashboard

With this release we are adding a possibility for users to configure their Stream & Events APIs using Tyk Dashboard. The new API designer leads users step-by-step to create a new Stream configuration easily. Pre-filled stream configurations for different inputs and outputs make it easy to make sure that the Stream is configured correctly.

Improved Audit Log Management

Tyk 5.7.0 enhances Audit Log management with new features designed for efficiency and security. Users can now store Dashboard Audit Logs in a database for persistent retention and access them via the new /audit-logs API, which supports advanced filtering by attributes like action, IP, status, and user. Additionally, a dedicated Audit Log RBAC group ensures secure access to sensitive log data. These improvements simplify monitoring and compliance workflows, particularly in containerized environments.

Breaking Changes

There are no breaking changes in this release.

Dependencies

Compatibility Matrix For Tyk Components

Dashboard Version Recommended Releases Backwards Compatibility
5.7.0 MDCB v2.7.2 MDCB v2.5.1
Operator v1.1.0 Operator v0.17
Sync v2.0.1 Sync v1.4.3
Helm Chart v2.2 Helm all versions
EDP v1.12 EDP all versions
Pump v1.11.1 Pump all versions
TIB (if using standalone) v1.6.1 TIB all versions

3rd Party Dependencies & Tools

Third Party Dependency Tested Versions Compatible Versions Comments
GoLang 1.22 1.22 Go plugins must be built using Go 1.22
Redis 6.2.x, 7.x 6.2.x, 7.x Used by Tyk Dashboard
MongoDB 5.0.x, 6.0.x, 7.0.x 5.0.x, 6.0.x, 7.0.x Used by Tyk Dashboard
PostgreSQL 12.x - 16.x LTS 12.x - 16.x Used by Tyk Dashboard
OpenAPI Specification v3.0.x v3.0.x Supported by Tyk OAS

Deprecations

In 5.7.0, we have deprecated the dedicated External OAuth (Tyk Classic: external_oauth, Tyk OAS: server.authentication.securitySchemes.externalOAuth) and OpenID Connect (Tyk Classic: auth_configs.oidc, Tyk OAS: server.authentication.oidc) authentication methods. We advise users to switch to JWT Authentication.

Additionally, SQLite has reached its End of Life in this release, enabling a fully static, CGO-free Tyk Dashboard optimised for RHEL8. Sqlite was previously recommended only to be used in basic proofs of concept. Now, for such scenarios and for production, we recommend migrating to PostgreSQL or MongoDB for better scalability and support.

Upgrade instructions

If you are upgrading to 5.7.0, please follow the detailed upgrade instructions.

Downloads

Changelog

Added

  • Added confirmation prompt for Stream deletion

    Introduced a confirmation prompt when deleting a stream, notifying users that this action will stop all data streaming and cannot be undone. This change ensures users are fully aware of the impact before proceeding with deletion.

  • Displayed Streaming API in API overview table

    Added “Streams” as an API type in the API Overview table, making it easier for API developers to identify APIs categorised as Streams & Events.

  • Implemented logic for config framework selection in Streaming API creation

    Added logic for the Streaming API creation process, allowing users to select config frameworks for inputs, processors, and outputs. An ‘Advanced’ option is also available, which leaves the code editor empty while generating and displaying the YAML Bento config based on the user’s selections.

  • Enhanced info messages for securing Streaming & Events APIs in policies & keys

    Included new info messages and tooltips in the Policies & Keys section to guide users on securing Streaming & Events APIs. Updated messaging clarifies the combination of API types and revised copy in the Global Rate Limiting and Quota sections to better explain usage limits for keys and plans.

  • Enabled URL view and copy functionality in external playgrounds tab

    Enabled URL view and copy functionality in the External Playgrounds tab, supporting scenarios with multiple organisations and URLs for playgrounds.

  • Introduced /streams endpoint to Tyk Dashboard API

    Rolled out the /streams endpoint to the Tyk Dashboard API, dedicated to creating Stream and Events APIs in Tyk Streams. Documentation for the endpoint and its methods is available in the Tyk Docs.

  • Split Streaming API into new type in API designer

    Separated Streaming API into its own type in the API Designer, introducing a new selection card for easier creation and configuration. Navigation enhancements, including a shortcut menu item, provide quicker access to the streaming configuration UI.

  • Integrated step-by-step UI for Config framework selection in Streaming API creation

    Developed a step-by-step UI for Streaming API creation, enabling users to select a config framework for inputs, processors, and outputs. The dynamic wizard steps are integrated into the Tyk UI library to prefill configurations based on selections and prevent the combination of ‘Custom’ with other frameworks.

  • Easily contact Tyk Support during Tyk Cloud trial

    Introduced a form on the Tyk Dashboard that allows users to easily contact Tyk support during their trial period.

  • Support for JWE in OIDC SSO

    We have enhanced security for customers in highly regulated industries by introducing JSON Web Encryption (JWE) support for OIDC single sign-on (SSO). This ensures that tokens used in authentication flows are securely encrypted, providing an additional layer of protection.

    Setup guide for JWE OIDC SSO

  • Store Audit Logs in a Database

    Users can now choose to store Dashboard Audit Logs directly in a database, enabling efficient and reliable log storage. This feature is particularly beneficial for organizations needing persistent audit log retention to meet compliance requirements or for forensic purposes.

  • Access Audit Logs via /audit-logs endpoint

    A new API endpoint, /audit-logs, has been introduced to provide programmatic access to audit logs stored in database. This allows users to retrieve, filter, and analyze logs more effectively. The API supports filtering logs by key attributes like action, IP address, URL accessed, date range, user, and page number.

    For detail usage of the /audit-logs endpoint, please see Dashboard API documentation.

  • New Role-Based Access Control (RBAC) for Audit Logs

    To secure access to audit logs, we’ve added a new Audit Log RBAC group. This ensures that only authorized users can view or retrieve sensitive log information. Administrators can assign this permission as part of their security and compliance strategy.

Changed

  • Removed AJV validation for Streams config editor

    Eliminated AJV validation in the Streams Config Editor to prevent false positives on valid YAML configurations. The frontend now solely checks the YAML structure, providing users with greater flexibility without enforcing strict Bento-specific schema rules

  • Hide unnecessary field from API Designer page for Streams

    Removed an unnecessary field from the API Designer page under the Streams section to enhance clarity. This update impacts the Event Handlers, Detailed Activity Logs, Caching, and Endpoints tabs.

  • Automatic configuration of request validation for path-level parameters during import of OpenAPI description

    Tyk will now detect path-level parameters in the OpenAPI description and can be set to enable and configure the Request Validation middleware automatically for these. Previously this automatic detection only worked for method-level parameters in the OpenAPI description.

  • Deprecated SQLite support from Dashboard for RHEL8 compatibility

    Removed SQLite support to enhance portability and security, ensuring the released binary can now be built statically and no longer relies on system libraries. This change supports continued compatibility with RHEL8.

  • Deprecated External OAuth and OpenID Connect Options in Tyk Dashboard

    The External OAuth and OpenID Connect authentication options have been deprecated in the Tyk Dashboard. Users are advised to utilize JWT Auth with external IDPs for a more complete integration, while existing functionality remains operational to avoid breaking changes.

  • Updated NPM package dependencies

    Updated NPM package dependencies of Dashboard, to address security vulnerabilities.

Fixed

  • Fixed navigation issue with "Back to APIs Page" Button on Streams API page

    Resolved an issue where the “Back to APIs Page” button was unresponsive on the Streams API page. The button now correctly redirects users to the main APIs page for all API types.

  • Resolved search box limitation on Tyk OAS and Streams API pages

    Corrected an issue where the search box on the Tyk OAS and Streams API pages only accepted a single character. Users can now input complete search terms, allowing for more accurate searches.

  • Unable to see all *user groups* in Dashboard dropdown

    Fixed an issue with the user group dropdown in the Dashboard UI, ensuring that all available user groups are displayed when creating a new user.

Further Information

Upgrading Tyk

Please refer to the upgrading Tyk page for further guidance on the upgrade strategy.

API Documentation

FAQ

Please visit our Developer Support page for further information relating to reporting bugs, upgrading Tyk, technical support and how to contribute.

See also

Return to Top
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.
   Read More