Tyk MDCB v2.5 Release Notes
Last updated: 5 minutes read.
Licensed Protected Product
This page contains all release notes for version 2.5 displayed in reverse chronological order
Support Lifetime
Our minor releases are supported until our next minor comes out.
2.5.1 Release Notes
Release date 24 Apr 2024
Breaking Changes
This release has no breaking changes.
3rd Party Dependencies & Tools
| Third Party Dependency | Tested Versions | Compatible Versions | Comments |
|---|---|---|---|
| Redis | 6.2.x, 7.x | 6.2.x, 7.x | Used by MDCB |
| MongoDB | 5.0.x, 6.0.x, 7.0.x | 4.4.x, 5.0.x, 6.0.x, 7.0.x | Used by MDCB |
| PostgreSQL | 11.x - 15.x LTS | 11.x - 15.x | Used by MDCB |
Given the time difference between your upgrade and the release of this version, we recommend customers verify the ongoing support of third-party dependencies they install, as their status may have changed since the release.
Deprecations
There are no deprecations in this release.
Upgrade instructions
If you are using a 2.4.x or 2.5.0 version, we advise you to upgrade as soon as possible to this latest release. If you are on an older version, you should skip 2.5.0 and upgrade directly to this release.
Release Highlights
This release contains bug fixes as detailed in the changelog below.
Downloads
- Docker image v2.5.1
-
docker pull tykio/tyk-mdcb-docker:v2.5.1
Changelog
Fixed
-
Fixed a bug where the TYK_MDCB_HEALTHCHECKPORT was not used when MDCB was configured with TLS enabled
When MDCB was configured with TLS enabled, traffic was served over HTTPS on the listen port that was configured. However, the healthcheck endpoint was exposed on the standard HTTPS port of 443 and TYK_MDCB_HEALTHCHECKPORT was not being respected.
-
Fixed a bug where clearing the API cache from the Tyk Dashboard UI failed to invalidate the cache in distributed data plane gateways
When clearing the API cache from the Tyk Dashboard UI, the cache in distributed data plane gateways was not being invalidated. Please note that this fix requires Tyk Gateway version 5.3.1.
-
Fixed a bug where PostgreSQL could not be used with MDCB 2.4.2/2.4.3 if APIs were created with version 4.0.X of the Dashboard
MDCB v2.4.2/2.4.3 was unable to retrieve APIs when they were created using a 4.0.x Dashboard and PostgreSQL
2.5.0 Release Notes
Release date 5 Apr 2024
Breaking Changes
This release has no breaking changes.
3rd Party Dependencies & Tools
| Third Party Dependency | Tested Versions | Compatible Versions | Comments |
|---|---|---|---|
| Redis | 6.2.x, 7.x | 6.2.x, 7.x | Used by MDCB |
| MongoDB | 5.0.x, 6.0.x, 7.0.x | 4.4.x, 5.0.x, 6.0.x, 7.0.x | Used by MDCB |
| PostgreSQL | 11.x - 15.x LTS | 11.x - 15.x | Used by MDCB |
Given the time difference between your upgrade and the release of this version, we recommend customers verify the ongoing support of third-party dependencies they install, as their status may have changed since the release.
Deprecations
There are no deprecations in this release.
Upgrade instructions
If you are using a 2.4.x version, we advise you to upgrade ASAP to this latest release. If you are on an older version, you should skip 2.4.0 and upgrade directly to this release.
Release Highlights
Tyk v5.3 Compatibility
MDCB 2.5.0 is an update for compatibility for synchronisation with Tyk v5.3 API Definitions.
Redis v7.x Compatibility
We have upgraded Redis driver go-redis to v9. Subsequently, Tyk 5.3 is compatible with Redis v7.x.
MongoDB v7.0.x Compatibility
We have upgraded mongo-go driver to mongo-go v1.13.1. It allows us to benefit from the bug fixes and enhancements released by MongoDB. We have also tested that both Tyk 5.0.x+ and Tyk 5.3 are compatible with MongoDB v7.0.x.
Security Fixes
We have fixed a security issue affecting MDCB v2.2.0 to v2.4.x, where certain per-API access rights from policies are not properly relayed to edge gateways. We strongly recommend upgrading to MDCB version 2.5.0 to ensure the proper enforcement of per-API access rights across all gateways in your deployment.
Please refer to the changelog below.
Downloads
- Docker image v2.5.0
-
docker pull tykio/tyk-mdcb-docker:v2.5.0
Changelog
Fixed
-
Fixed relaying per-API access rights to gateways for MongoDB deployments
Fixed a security issue affecting MDCB v2.2.0 to v2.4.x, where certain per-API access rights from policies are not properly relayed to edge gateways. This issue exists only when using MongoDB as storage engine.
It affected GraphQL’s field-based permissions, query depth, per query depth limits, and disable introspection settings. Also it affected usage quota of both HTTP and GraphQL APIs. However, “Set per API limits and quotas” and global policy settings (e.g. query depth) are not affected by this issue.
-
Fixed CVE-2023-3978 (NVD)
Update embedded Tyk Pump to v1.9 to address CVE-2023-3978 (NVD)
-
Fixed CVE-2023-39325 (NVD)
Update embedded Tyk Pump to v1.9 to address CVE-2023-39325 (NVD)
-
Fixed CVE-2020-26160 (NVD)
Migrate MDCB JWT library to golang-jwt v4.5.0 to address CVE-2020-26160 (NVD)
-
Fixed MDCB stuck in crash loop during startup if tyk_sink.config is missing
Fix the sample MDCB configuration to stop a crash loop to allow MDCB to run without a tyk_sink.conf file
Added
-
Support Redis v7.0.x
MDCB 2.5.0 refactors Redis connection logic by using storage v1.2.2, which integrates with go-redis v9. Subsequently, this fix adds support for Redis v7.0.x.
Updated
-
Update for compatibility with API definitions for Tyk v5.3
MDCB 2.4.x supports Tyk API definitions up to Tyk Gateway v5.3.0. Please use MDCB 2.5.x with Tyk Gateway v5.3.0+.
-
Set default MongoDB driver to mongo-go
MDCB uses
mongo-goas the default MongoDB driver from v2.5.0. This provides support for MongoDB 4.4.x, 5.0.x, 6.0.x, 7.0.x. If you are using older MongoDB versions e.g. 3.x, please set MongoDB driver tomgo. MongoDB supported versions page provides details on how to configure MongoDB drivers in Tyk. -
Support MongoDB v7.0.x
MDCB integrates with storage v1.2.2, which updated mongo-go driver we use from v1.11.2 to mongo-go v1.13.1. It allows us to benefit from the bug fixes and enhancements released by MongoDB.
-
Updated to Go 1.21
MDCB updated to Go 1.21 to benefit from fixed security issues, linkers, compilers etc.
Further Information
Upgrading Tyk
Please refer to the upgrading Tyk page for further guidance with respect to the upgrade strategy.
FAQ
Please visit our Developer Support page for further information relating to reporting bugs, upgrading Tyk, technical support and how to contribute.