Tyk Gateway 5.5 Release Notes
Last updated: 5 minutes read.
Open Source (Mozilla Public License)
This page contains all release notes for version 5.5.X displayed in a reverse chronological order
Support Lifetime
Our minor releases are supported until our next minor comes out.
5.5.0 Release Notes
Release Date 12 August 2024
Breaking Changes
Docker images are now based on distroless. No shell is shipped in the image.
Dependencies
Compatibility Matrix For Tyk Components
Gateway Version | Recommended Releases | Backwards Compatibility |
---|---|---|
5.5.0 | MDCB v2.7 | MDCB v2.4.2 |
Operator v0.18 | Operator v0.17 | |
Sync v1.5 | Sync v1.4.3 | |
Helm Chart v1.6 | Helm all versions | |
EDP v1.10 | EDP all versions | |
Pump v1.11 | Pump all versions | |
TIB (if using standalone) v1.5.1 | TIB all versions |
3rd Party Dependencies & Tools
Third Party Dependency | Tested Versions | Compatible Versions | Comments |
---|---|---|---|
Go | 1.21 | 1.21 | Go plugins must be built using Go 1.21 |
Redis | 6.2.x, 7.x | 6.2.x, 7.x | Used by Tyk Gateway |
OpenAPI Specification | v3.0.x | v3.0.x | Supported by Tyk OAS |
Given the potential time difference between your upgrade and the release of this version, we recommend users verify the ongoing support of third-party dependencies they install, as their status may have changed since the release.
Deprecations
There are no deprecations in this release.
Upgrade instructions
If you are upgrading to 5.5.0, please follow the detailed upgrade instructions.
Release Highlights
We are thrilled to introduce Tyk Gateway 5.5, bringing advanced rate-limiting capabilities, enhanced certificate authentication, and performance optimizations. For a comprehensive list of changes, please refer to the changelog below.
Per Endpoint Rate Limiting
Now configure rate limits at the endpoint level for both Tyk OAS and Tyk Classic APIs, providing granular protection for upstream services against overloading and abuse.
Root CA Support for Client Certificates
Simplify certificate management with support for root Certificate Authority (CA) certificates, enabling clients to authenticate using certificates signed by the configured root CA.
Optimised AST Document Handling
Experience improved performance with optimised creation and usage of Abstract Syntax Tree (AST) documents in our GQL library, reducing memory usage and enhancing efficiency.
Downloads
- Docker image to pull
-
docker pull tykio/tyk-gateway:v5.5.0
-
- Helm charts
- Source code tarball for OSS projects
Changelog
Added
-
Added root CA support for client certificate authentication
We’ve added support for you to register Certificate Authority (CA) certificates in your API definitions when using static mutual TLS (mTLS). Tyk can now authenticate clients presenting certificates signed by the registered root CA, simplifying certificate management for multiple clients sharing a common CA.
-
Optimised creation and usage of AST documents in GQL library
Optimised the creation and usage of AST documents in our GQL library to reduce significant memory allocations caused by pre-allocations during initial creation. These optimizations free up resources more efficiently, minimising performance penalties with increased requests to the Gateway.
-
Implemented upstream endpoint rate limits
Introduced new more granular controls for request rate limiting. Rate limits can now be configured at the endpoint level in Tyk OAS and Tyk Classic API definitions.
-
Improved handling of requests to non-existent versions of APIs when using URL path versioning
When using the URL path to indicate the API version (for example
/v1/my-api
) it is common to strip the version identifier (e.g./v1
) from the path before proxying the request to the upstream. If the client doesn’t provide any version identifier this could lead to an invalid target URL and failed requests, rather than correctly redirecting to the default version. We have introduced an optional configurationurl_versioning_pattern
where you can specify a regex that Tyk will use to identify if the URL contains a version identifier and avoiding the accidental stripping of valid upstream path.
Fixed
-
Fixed an issue where transformation middleware could incorrectly be applied to Tyk OAS API endpoints with nested paths
Fixed an issue when using Tyk OAS APIs where nested API endpoints, such as ‘/test’ and ‘/test/abc’, might incorrectly apply middleware from the parent path to the nested path. The fix ensures that API endpoint definitions are correctly ordered so that the standard behaviour of Tyk is followed, whereby path matching is performed starting from the longest path, preventing middleware misapplication and ensuring both the HTTP method and URL match accurately.
-
Optimised key creation process to avoid unnecessary Redis `DeleteRawKey` commands
Previously, key creation or reset led to an exponential number of Redis
DeleteRawKey
commands; this was especially problematic for access lists with over 100 entries. The key creation sequence now runs only once, eliminating redundant deletion of non-existent keys in Redis. This optimization significantly reduces deletion events, enhancing performance and stability for larger access lists. -
Resolved SSE streaming issue
Addressed a bug that caused Server Side Event (SSE) streaming responses to be considered for caching, which required buffering the response and prevented SSE from being correctly proxied.
-
Fixed analytics latency reporting for MDCB setups
Resolved an issue where Host and Latency fields (Total and Upstream) were not correctly reported for Tyk Gateways in MDCB data planes. The fix ensures accurate Host values and Latency measurements are now captured and displayed in the generated traffic logs.
Security Fixes
-
High priority CVEs fixed
Fixed the following high priority CVEs identified in the Tyk Gateway, providing increased protection against security vulnerabilities:
Further Information
Upgrading Tyk
Please refer to the upgrading Tyk page for further guidance on the upgrade strategy.
API Documentation
FAQ
Please visit our Developer Support page for further information relating to reporting bugs, upgrading Tyk, technical support and how to contribute.