Kong 网关
middleware
kong
Table of Contents

Table of Contents

Looking for recent releases? Please see CHANGELOG.md instead.

2.8.1 (opens in a new tab)

Dependencies

Fixes

Core

  • Only reschedule router and plugin iterator timers after finishing previous execution, avoiding unnecessary concurrent executions. #8634 (opens in a new tab)
  • Implements conditional rebuilding of router, plugins iterator and balancer on data planes. This means that DPs will not rebuild router if there were no changes in routes or services. Similarly, the plugins iterator will not be rebuilt if there were no changes to plugins, and, finally, the balancer will not be reinitialized if there are no changes to upstreams or targets. #8639 (opens in a new tab)

2.8.0 (opens in a new tab)

Deprecations

Dependencies

Additions

Core

Beta

  • Secrets Management and Vault support as been introduced as a Beta feature. This means it is intended for testing in staging environments. It not intended for use in Production environments. You can read more about Secrets Management in our docs page (opens in a new tab). #8403 (opens in a new tab)

Performance

  • Improved the calculation of declarative configuration hash for big configurations The new method is faster and uses less memory #8204 (opens in a new tab)
  • Multiple improvements in the Router. Amongst others:
    • The router builds twice as fast compared to prior Kong versions
    • Failures are cached and discarded faster (negative caching)
    • Routes with header matching are cached These changes should be particularly noticeable when rebuilding on db-less environments #8087 (opens in a new tab) #8010 (opens in a new tab)
  • Prometheus plugin export performance is improved, it now has less impact to proxy side traffic when being scrapped. #9028 (opens in a new tab)

Plugins

Clustering

Admin API

Fixes

Core

Balancer

Clustering

  • Replaced cryptic error message with more useful one when there is a failure on SSL when connecting with CP: #8260 (opens in a new tab)

Admin API

PDK

  • Phase names are correctly selected when performing phase checks #8208 (opens in a new tab)
  • Fixed a bug in the go-PDK where if kong.request.getrawbody was big enough to be buffered into a temporary file, it would return an an empty string. #8390 (opens in a new tab)

Plugins

2.7.1 (opens in a new tab)

Fixes

  • Reschedule resolve timer only when the previous one has finished. #8344 (opens in a new tab)
  • Plugins, and any entities implemented with subchemas, now can use the transformations and shorthand_fields properties, which were previously only available for non-subschema entities. #8146 (opens in a new tab)

2.7.0 (opens in a new tab)

Dependencies

Additions

Configuration

  • Deprecated the worker_consistency directive, and changed its default to eventual. Future versions of Kong will remove the option and act with eventual consistency only.

Performance

In this release we continued our work on better performance:

Core

PDK

Plugins

Configuration

  • Removed the following config options, which had been deprecated in previous versions, in favor of other config names. If you have any of these options in your config you will have to rename them: (removed option -> current option).
    • upstream_keepalive -> nginx_upstream_keepalive + nginx_http_upstream_keepalive
    • nginx_http_upstream_keepalive -> nginx_upstream_keepalive
    • nginx_http_upstream_keepalive_requests -> nginx_upstream_keepalive_requests
    • nginx_http_upstream_keepalive_timeout -> nginx_upstream_keepalive_timeout
    • nginx_http_upstream_directives -> nginx_upstream_directives
    • nginx_http_status_directives -> nginx_status_directives
    • nginx_upstream_keepalive -> upstream_keepalive_pool_size
    • nginx_upstream_keepalive_requests -> upstream_keepalive_max_requests
    • nginx_upstream_keepalive_timeout -> upstream_keepalive_idle_timeout
    • client_max_body_size -> nginx_http_client_max_body_size
    • client_body_buffer_size -> nginx_http_client_max_buffer_size
    • cassandra_consistency -> cassandra_write_consistency / cassandra_read_consistency
    • router_update_frequency -> worker_state_update_frequency
  • Removed the nginx_optimizations config option. If you have it in your configuration, please remove it before updating to 3.0.

Fixes

Core

  • Balancer caches are now reset on configuration reload. #7924 (opens in a new tab)
  • Configuration reload no longer causes a new DNS-resolving timer to be started. #7943 (opens in a new tab)
  • Fixed problem when bootstrapping multi-node Cassandra clusters, where migrations could attempt insertions before schema agreement occurred. #7667 (opens in a new tab)
  • Fixed intermittent botting error which happened when a custom plugin had inter-dependent entity schemas on its custom DAO and they were loaded in an incorrect order #7911 (opens in a new tab)
  • Fixed problem when the consistent hash header is not found, the balancer tries to hash a nil value. #8141 (opens in a new tab)
  • Fixed DNS client fails to resolve unexpectedly in ssl_cert and ssl_session_fetch phases. #8161 (opens in a new tab)

PDK

Plugins

Dependencies

Back to TOC

2.6.0 (opens in a new tab)

Release date: 2021/10/04

Dependencies

All Kong Gateway OSS plugins will be moved from individual repositories and centralized into the main Kong Gateway (OSS) repository. We are making a gradual transition. On this release:

Additions

Core

  • New schema entity validator: mutually_exclusive. It accepts a list of fields. If more than 1 of those fields is set simultaneously, the entity is considered invalid. #7765 (opens in a new tab)

Performance

On this release we've done some special efforts with regards to performance.

There's a new performance workflow which periodically checks new code additions against some typical scenarios #7030 (opens in a new tab) #7547 (opens in a new tab)

In addition to that, the following changes were specifically included to improve performance:

Configuration

Hybrid Mode

  • Data plane is able to eliminate some unknown fields when Control Plane is using a more modern version #7827 (opens in a new tab).

Admin API

  • Added support for the HTTP HEAD method for all Admin API endpoints #7796 (opens in a new tab)
  • Added better support for OPTIONS requests. Previously, the Admin API replied the same on all OPTIONS requests, where as now OPTIONS request will only reply to routes that our Admin API has. Non-existing routes will have a 404 returned. It also adds Allow header to responses, both Allow and Access-Control-Allow-Methods now contain only the methods that the specific API supports. #7830 (opens in a new tab)

Plugins

  • AWS-Lambda: The plugin will now try to detect the AWS region by using AWS_REGION and AWS_DEFAULT_REGION environment variables (when not specified with the plugin configuration). This allows to specify a 'region' on a per Kong node basis, hence adding the ability to invoke the Lamda in the same region where Kong is located. #7765 (opens in a new tab)
  • Datadog: host and port config options can be configured from environment variables KONG_DATADOG_AGENT_HOST and KONG_DATADOG_AGENT_PORT. This allows to set different destinations on a per Kong node basis, which makes multi-DC setups easier and in Kubernetes allows to run the datadog agents as a daemon-set. #7463 (opens in a new tab) Thanks rallyben (opens in a new tab) for the patch!
  • Prometheus: A new metric data_plane_cluster_cert_expiry_timestamp is added to expose the Data Plane's cluster_cert expiry timestamp for improved monitoring in Hybrid Mode. #7800 (opens in a new tab).

Request Termination:

  • New trigger config option, which makes the plugin only activate for any requests with a header or query parameter named like the trigger. This can be a great debugging aid, without impacting actual traffic being processed. #6744 (opens in a new tab).
  • The request-echo config option was added. If set, the plugin responds with a copy of the incoming request. This eases troubleshooting when Kong is behind one or more other proxies or LB's, especially when combined with the new 'trigger' option. #6744 (opens in a new tab).

GRPC-Gateway:

Fixes

Core

Hybrid Mode

CLI
Configuration
Admin API
PDK
Plugins

Back to TOC

2.5.1 (opens in a new tab)

Release date: 2021/09/07

This is the first patch release in the 2.5 series. Being a patch release, it strictly contains bugfixes. There are no new features or breaking changes.

Dependencies

Fixes

Core
  • You can now successfully delete workspaces after deleting all entities associated with that workspace. Previously, Kong Gateway was not correctly cleaning up parent-child relationships. For example, creating an Admin also creates a Consumer and RBAC user. When deleting the Admin, the Consumer and RBAC user are also deleted, but accessing the /workspaces/workspace_name/meta endpoint would show counts for Consumers and RBAC users, which prevented the workspace from being deleted. Now deleting entities correctly updates the counts, allowing an empty workspace to be deleted. #7560 (opens in a new tab)
  • When an upstream event is received from the DAO, handler.lua now gets the workspace ID from the request and adds it to the upstream entity that will be used in the worker and cluster events. Before this change, when posting balancer CRUD events, the workspace ID was lost and the balancer used the default workspace ID as a fallback. #7778 (opens in a new tab)
CLI
  • Fixes regression that included an issue where Go plugins prevented CLI commands like kong config parse or kong config db_import from working as expected. #7589 (opens in a new tab)
CI / Process
Admin API

Back to TOC

2.5.0 (opens in a new tab)

Release date: 2021-07-13

This is the final release of Kong 2.5.0, with no breaking changes with respect to the 2.x series.

This release includes Control Plane resiliency to database outages and the new declarative_config_string config option, among other features and fixes.

Distribution

Dependencies

All Kong Gateway OSS plugins will be moved from individual repositories and centralized into the main Kong Gateway (OSS) repository. We are making a gradual transition, starting with the grpc-gateway plugin first:

Additions

Core

PDK

  • The Kong PDK now accepts tables in the response body for Stream subsystems, just as it does for the HTTP subsystem. Before developers had to check the subsystem if they wrote code that used the exit() function before calling it, because passing the wrong argument type would break the request response. #7082 (opens in a new tab)

Plugins

  • hmac-auth: The HMAC Authentication plugin now includes support for the @request-target field in the signature string. Before, the plugin used the request-line parameter, which contains the HTTP request method, request URI, and the HTTP version number. The inclusion of the HTTP version number in the signature caused requests to the same target but using different request methods(such as HTTP/2) to have different signatures. The newly added request-target field only includes the lowercase request method and request URI when calculating the hash, avoiding those issues. See the HMAC Authentication (opens in a new tab) documentation for more information. #7037 (opens in a new tab)
  • syslog: The Syslog plugin now includes facility configuration options, which are a way for the plugin to group error messages from different sources. See the description for the facility parameter in the Parameters (opens in a new tab) section of the Syslog documentation for more information. #6081 (opens in a new tab). Thanks, jideel (opens in a new tab)!
  • Prometheus: The Prometheus plugin now exposes connected data planes' status on the control plane. New metrics include the following: data_plane_last_seen, data_plane_config_hash and data_plane_version_compatible. These metrics can be useful for troubleshooting when data planes have inconsistent configurations across the cluster. See the Available metrics (opens in a new tab) section of the Prometheus plugin documentation for more information. 98 (opens in a new tab)
  • Zipkin: The Zipkin plugin now includes the following tags: kong.route,kong.service_name and kong.route_name. See the Spans (opens in a new tab) section of the Zipkin plugin documentation for more information. 115 (opens in a new tab)

Hybrid Mode

Fixes

Core

  • When using DB-less mode, select_by_cache_key now finds entities by using the provided field directly in select_by_key and does not complete unnecessary cache reads. #7146 (opens in a new tab)
  • Kong can now finish initialization even if a plugin’s init_worker handler fails, improving stability. #7099 (opens in a new tab)
  • TLS keepalive requests no longer share their context. Before when two calls were made to the same "server+hostname" but different routes and using a keepalive connection, plugins that were active in the first call were also sometimes (incorrectly) active in the second call. The wrong plugin was active because Kong was passing context in the SSL phase to the plugin iterator, creating connection-wide structures in that context, which was then shared between different keepalive requests. With this fix, Kong does not pass context to plugin iterators with the certificate phase, avoiding plugin mixups.#7102 (opens in a new tab)
  • The HTTP status 405 is now handled by Kong's error handler. Before accessing Kong using the TRACE method returned a standard NGINX error page because the 405 wasn’t included in the error page settings of the NGINX configuration. #6933 (opens in a new tab). Thanks, yamaken1343 (opens in a new tab)!
  • Custom ngx.sleep implementation in init_worker phase now invokes update_time in order to prevent time-based deadlocks #7532 (opens in a new tab)
  • Proxy-Authorization header is removed when it is part of the original request or when a plugin sets it to the same value as the original request #7533 (opens in a new tab)
  • HEAD requests don't provoke an error when a Plugin implements the response phase #7535 (opens in a new tab)

Hybrid Mode

  • Control planes no longer perform health checks on CRUD upstreams’ and targets’ events. #7085 (opens in a new tab)
  • To prevent unnecessary cache flips on data planes, Kong now checks dao:crud events more strictly and has a new cluster event, clustering:push_config for configuration pushes. These updates allow Kong to filter invalidation events that do not actually require a database change. Furthermore, the clustering module does not subscribe to the generic invalidations event, which has a more broad scope than database entity invalidations. #7112 (opens in a new tab)
  • Data Planes ignore null fields coming from Control Planes when doing schema validation. #7458 (opens in a new tab)
  • Kong now includes the source in error logs produced by Control Planes. #7494 (opens in a new tab)
  • Data Plane config hash calculation and checking is more consistent now: it is impervious to changes in table iterations, hashes are calculated in both CP and DP, and DPs send pings more immediately and with the new hash now #7483 (opens in a new tab)

Balancer

  • All targets are returned by the Admin API now, including targets with a weight=0, or disabled targets. Before disabled targets were not included in the output when users attempted to list all targets. Then when users attempted to add the targets again, they received an error message telling them the targets already existed. #7094 (opens in a new tab)
  • Upserting existing targets no longer fails. Before, because of updates made to target configurations since Kong v2.2.0, upserting older configurations would fail. This fix allows older configurations to be imported. #7052 (opens in a new tab)
  • The last balancer attempt is now correctly logged. Before balancer tries were saved when retrying, which meant the last retry state was not saved since there were no more retries. This update saves the failure state so it can be correctly logged. #6972 (opens in a new tab)
  • Kong now ensures that the correct upstream event is removed from the queue when updating the balancer state. #7103 (opens in a new tab)

CLI

  • The prefix argument in the kong stop command now takes precedence over environment variables, as it does in the kong start command. #7080 (opens in a new tab)

Configuration

  • Declarative configurations now correctly parse custom plugin entities schemas with attributes called "plugins". Before when using declarative configurations, users with custom plugins that included a "plugins" field would encounter startup exceptions. With this fix, the declarative configuration can now distinguish between plugins schema and custom plugins fields. #7412 (opens in a new tab)
  • The stream access log configuration options are now properly separated from the HTTP access log. Before when users used Kong with TCP, they couldn’t use a custom log format. With this fix, proxy_stream_access_log and proxy_stream_error_log have been added to differentiate stream access log from the HTTP subsystem. See proxy_stream_access_log (opens in a new tab) and proxy_stream_error (opens in a new tab) in the Configuration Property Reference for more information. #7046 (opens in a new tab)

Migrations

  • Kong no longer assumes that /?/init.lua is in the Lua path when doing migrations. Before, when users created a custom plugin in a non-standard location and set lua_package_path = /usr/local/custom/?.lua, migrations failed. Migrations failed because the Kong core file is init.lua and it is required as part of kong.plugins.<name>.migrations. With this fix, migrations no longer expect init.lua to be a part of the path. #6993 (opens in a new tab)
  • Kong no longer emits errors when doing ALTER COLUMN operations in Apache Cassandra 4.0. #7490 (opens in a new tab)

PDK

  • With this update, kong.response.get_XXX() functions now work in the log phase on external plugins. Before kong.response.get_XXX() functions required data from the response object, which was not accessible in the post-log timer used to call log handlers in external plugins. Now these functions work by accessing the required data from the set saved at the start of the log phase. See kong.response (opens in a new tab) in the Plugin Development Kit for more information. #7048 (opens in a new tab)
  • External plugins handle certain error conditions better while the Kong balancer is being refreshed. Before when an instance_id of an external plugin changed, and the plugin instance attempted to reset and retry, it was failing because of a typo in the comparison. #7153 (opens in a new tab). Thanks, ealogar (opens in a new tab)!
  • With this release, kong.log's phase checker now accounts for the existence of the new response pseudo-phase. Before users may have erroneously received a safe runtime error for using a function out-of-place in the PDK. #7109 (opens in a new tab)
  • Kong no longer sandboxes the string.rep function. Before string.rep was sandboxed to disallow a single operation from allocating too much memory. However, a single operation allocating too much memory is no longer an issue because in LuaJIT there are no debug hooks and it is trivial to implement a loop to allocate memory on every single iteration. Additionally, since the string table is global and obtainable by any sandboxed string, its sandboxing provoked issues on global state. #7167 (opens in a new tab)
  • The kong.pdk.node function can now correctly iterates over all the shared dict metrics. Before this fix, users using the kong.pdk.node function could not see all shared dict metrics under the Stream subsystem. #7078 (opens in a new tab)

Plugins

  • All custom plugins that are using the deprecated BasePlugin class have to remove this inheritance.
  • LDAP-auth: The LDAP Authentication schema now includes a default value for the config.ldap_port parameter that matches the documentation. Before the plugin documentation Parameters (opens in a new tab) section included a reference to a default value for the LDAP port; however, the default value was not included in the plugin schema. #7438 (opens in a new tab)
  • Prometheus: The Prometheus plugin exporter now attaches subsystem labels to memory stats. Before, the HTTP and Stream subsystems were not distinguished, so their metrics were interpreted as duplicate entries by Prometheus. https://github.com/Kong/kong-plugin-prometheus/pull/118 (opens in a new tab)
  • External Plugins: the return code 127 (command not found) is detected and appropriate error is returned #7523 (opens in a new tab)

2.4.1 (opens in a new tab)

Released 2021/05/11

This is a patch release in the 2.4 series. Being a patch release, it strictly contains bugfixes. There are no new features or breaking changes.

Distribution

Dependencies

Fixes

Core
CLI
Configuration
Admin API
PDK
Plugins

Back to TOC

2.4.0 (opens in a new tab)

Released 2021/04/06

This is the final release of Kong 2.4.0, with no breaking changes with respect to the 2.x series. This release includes JavaScript PDK, improved CP/DP updates and UTF-8 Tags, amongst other improvements and fixes.

Dependencies

Note: if you are not using one of our distribution packages and compiling OpenResty from source, you must still apply Kong's OpenResty patches (opens in a new tab) (and, as highlighted above, compile OpenResty with the new lua-kong-nginx-module). Our kong-build-tools (opens in a new tab) repository will allow you to do both easily.

Additions

Core
  • Relaxed version check between Control Planes and Data Planes, allowing Data Planes that are missing minor updates to still connect to the Control Plane. Also, now Data Plane is allowed to have a superset of Control Plane plugins. 6932 (opens in a new tab)
  • Allowed UTF-8 in Tags 6784 (opens in a new tab)
  • Added support for Online Certificate Status Protocol responder found in cluster. 6887 (opens in a new tab)
PDK
Plugins

Fixes

Core
PDK
Plugins

Back to TOC

2.3.3 (opens in a new tab)

Released 2021/03/05

This is a patch release in the 2.3 series. Being a patch release, it strictly contains bugfixes. The are no new features or breaking changes.

Dependencies

Fixes

Core
  • Ensure control plane nodes do not execute healthchecks. 6805 (opens in a new tab)
  • Ensure only one worker executes active healthchecks. 6844 (opens in a new tab)
  • Declarative config can be now loaded as an inline yaml file by kong config (previously it was possible only as a yaml string inside json). JSON declarative config is now parsed with the cjson library, instead of with libyaml. 6852 (opens in a new tab)
  • When using eventual worker consistency now every Nginx worker deals with its upstreams changes, avoiding unnecessary synchronization among workers. 6833 (opens in a new tab)
Admin API
PDK
Plugins
  • HMAC-Auth: fix issue where the plugin would check if both a username and signature were specified, rather than either. 6826 (opens in a new tab)

Back to TOC

2.3.2 (opens in a new tab)

Released 2021/02/09

This is a patch release in the 2.3 series. Being a patch release, it strictly contains bugfixes. The are no new features or breaking changes.

Fixes

Core
  • Fix an issue where certain incoming URI may make it possible to bypass security rules applied on Route objects. This fix make such attacks more difficult by always normalizing the incoming request's URI before matching against the Router. #6821 (opens in a new tab)
  • Properly validate Lua input in sandbox module. #6765 (opens in a new tab)
  • Mark boolean fields with default values as required. #6785 (opens in a new tab)
CLI
Plugins

Back to TOC

2.3.1 (opens in a new tab)

Released 2021/01/26

This is a patch release in the 2.3 series. Being a patch release, it strictly contains bugfixes. The are no new features or breaking changes.

Fixes

Core
  • lua-resty-dns-client was bumped to 5.2.1, which fixes an issue that could lead to a busy loop when renewing addresses. #6760 (opens in a new tab)
  • Fixed an issue that made Kong return HTTP 500 Internal Server Error instead of HTTP 502 Bad Gateway on upstream connection errors when using buffered proxying. #6735 (opens in a new tab)

Back to TOC

2.3.0 (opens in a new tab)

Released 2021/01/08

This is a new release of Kong, with no breaking changes with respect to the 2.x series, with Control Plane/Data Plane version checks, UTF-8 names for Routes and Services, and a Plugin Servers.

Distributions

Dependencies

Additions

Core
  • Introduce version checks between Control Plane and Data Plane nodes in Hybrid Mode. Sync will be stopped if the major/minor version differ or if installed plugin versions differ between Control Plane and Data Plane nodes. #6612 (opens in a new tab)
  • Kong entities with a name field now support utf-8 characters. #6557 (opens in a new tab)
  • The certificates entity now has cert_alt and key_alt fields, used to specify an alternative certificate and key pair. #6536 (opens in a new tab)
  • The go-pluginserver stderr and stdout are now written into Kong's logs. #6503 (opens in a new tab)
  • Introduce support for multiple pluginservers. This feature is backwards-compatible with the existing single Go pluginserver. #6600 (opens in a new tab)
PDK
  • Introduce a kong.node.get_hostname method that returns current's node host name. #6613 (opens in a new tab)
  • Introduce a kong.cluster.get_id method that returns a unique ID for the current Kong cluster. If Kong is running in DB-less mode without a cluster ID explicitly defined, then this method returns nil. For Hybrid mode, all Control Planes and Data Planes belonging to the same cluster returns the same cluster ID. For traditional database based deployments, all Kong nodes pointing to the same database will also return the same cluster ID. #6576 (opens in a new tab)
  • Introduce a kong.log.set_serialize_value, which allows for customizing the output of kong.log.serialize. #6646 (opens in a new tab)
Plugins
  • http-log: the plugin now has a headers configuration, so that custom headers can be specified for the log request. #6449 (opens in a new tab)
  • key-auth: the plugin now has two additional boolean configurations:
    • key_in_header: if false, the plugin will ignore keys passed as headers.
    • key_in_query: if false, the plugin will ignore keys passed as query arguments. Both default to true. #6590 (opens in a new tab)
  • request-size-limiting: add new configuration require_content_length, which causes the plugin to ensure a valid Content-Length header exists before reading the request body. #6660 (opens in a new tab)
  • serverless-functions: introduce a sandboxing capability, and it has been enabled by default, where only Kong PDK, OpenResty ngx APIs, and Lua standard libraries are allowed. #32 (opens in a new tab)
Configuration
  • client_max_body_size and client_body_buffer_size, that previously hardcoded to 10m, are now configurable through nginx_admin_client_max_body_size and nginx_admin_client_body_buffer_size. #6597 (opens in a new tab)
  • Kong-generated SSL privates keys now have 600 file system permission. #6509 (opens in a new tab)
  • Properties ssl_cert, ssl_cert_key, admin_ssl_cert, admin_ssl_cert_key, status_ssl_cert, and status_ssl_cert_key is now an array: previously, only an RSA certificate was generated by default; with this change, an ECDSA is also generated. On intermediate and modern cipher suites, the ECDSA certificate is set as the default fallback certificate; on old cipher suite, the RSA certificate remains as the default. On custom certificates, the first certificate specified in the array is used. #6509 (opens in a new tab)
  • Kong now runs as a kong user if it exists; it said user does not exist in the system, the nobody user is used, as before. #6421 (opens in a new tab)

Fixes

Core
  • Fix issue where a Go plugin would fail to read kong.ctx.shared values set by Lua plugins. #6490 (opens in a new tab)
  • Properly trigger dao:delete_by:post hook. #6567 (opens in a new tab)
  • Fix issue where a route that supports both http and https (and has a hosts and snis match criteria) would fail to proxy http requests, as it does not contain an SNI. #6517 (opens in a new tab)
  • Fix issue where a nil request context would lead to errors attempt to index local 'ctx' being shown in the logs
  • Reduced the number of needed timers to active health check upstreams and to resolve hosts.
  • Schemas for full-schema validations are correctly cached now, avoiding memory leaks when reloading declarative configurations. #6713 (opens in a new tab)
  • The schema for the upstream entities now limits the highest configurable number of successes and failures to 255, respecting the limits imposed by lua-resty-healthcheck. #6705 (opens in a new tab)
  • Certificates for database connections now are loaded in the right order avoiding failures to connect to Postgres databases. #6650 (opens in a new tab)
CLI
PDK
Plugins

Back to TOC

2.2.2 (opens in a new tab)

Released 2021/03/01

This is a patch release in the 2.2 series. Being a patch release, it strictly contains bugfixes. The are no new features or breaking changes.

Fixes

Plugins

Back to TOC

2.2.1 (opens in a new tab)

Released 2020/12/01

This is a patch release in the 2.2 series. Being a patch release, it strictly contains bugfixes. The are no new features or breaking changes.

Fixes

Distribution
Core
  • Fix issue where Kong would fail to start a Go plugin instance with a starting instance: nil error. #6507 (opens in a new tab)
  • Fix issue where a route that supports both http and https (and has a hosts and snis match criteria) would fail to proxy http requests, as it does not contain an SNI. #6517 (opens in a new tab)
  • Fix issue where a Go plugin would fail to read kong.ctx.shared values set by Lua plugins. #6426 (opens in a new tab)
  • Fix issue where gRPC requests would fail to set the :authority pseudo-header in upstream requests. #6603 (opens in a new tab)
CLI

Back to TOC

2.2.0 (opens in a new tab)

Released 2020/10/23

This is a new major release of Kong, including new features such as UDP support, Configurable Request and Response Buffering, Dynamically Loading of OS Certificates, and much more.

Distributions

  • Added support for running Kong as the non-root user kong on distributed systems.

Dependencies

Note: if you are not using one of our distribution packages and compiling OpenResty from source, you must still apply Kong's OpenResty patches (opens in a new tab) (and, as highlighted above, compile OpenResty with the new lua-kong-nginx-module). Our kong-build-tools (opens in a new tab) repository will allow you to do both easily.

  • :warning: Cassandra 2.x support is now deprecated. If you are still using Cassandra 2.x with Kong, we recommend you to upgrade, since this series of Cassandra is about to be EOL with the upcoming release of Cassandra 4.0.

Additions

Core
  • :fireworks: UDP support: Kong now features support for UDP proxying in its stream subsystem. The "udp" protocol is now accepted in the protocols attribute of Routes and the protocol attribute of Services. Load balancing and logging plugins support UDP as well. #6215 (opens in a new tab)
  • Configurable Request and Response Buffering: The buffering of requests or responses can now be enabled or disabled on a per-route basis, through setting attributes Route.request_buffering or Route.response_buffering to true or false. Default behavior remains the same: buffering is enabled by default for requests and responses. #6057 (opens in a new tab)
  • Option to Automatically Load OS Certificates: The configuration attribute lua_ssl_trusted_certificate was extended to accept a comma-separated list of certificate paths, as well as a special system value, which expands to the "system default" certificates file installed by the operating system. This follows a very simple heuristic to try to use the most common certificate file in most popular distros. #6342 (opens in a new tab)
  • Consistent-Hashing load balancing algorithm does not require to use the entire target history to build the same proxying destinations table on all Kong nodes anymore. Now deleted targets are actually removed from the database and the targets entities can be manipulated by the Admin API as any other entity. #6336 (opens in a new tab)
  • Add X-Forwarded-Path header: if a trusted source provides a X-Forwarded-Path header, it is proxied as-is. Otherwise, Kong will set the content of said header to the request's path. #6251 (opens in a new tab)
  • Hybrid mode synchronization performance improvements: Kong now uses a new internal synchronization method to push changes from the Control Plane to the Data Plane, drastically reducing the amount of communication between nodes during bulk updates. #6293 (opens in a new tab)
  • The Upstream.client_certificate attribute can now be used from proxying: This allows client_certificate setting used for mTLS handshaking with the Upstream server to be shared easily among different Services. However, Service.client_certificate will take precedence over Upstream.client_certificate if both are set simultaneously. In previous releases, Upstream.client_certificate was only used for mTLS in active health checks. #6348 (opens in a new tab)
  • New shorthand_fields top-level attribute in schema definitions, which deprecates shorthands and includes type definitions in addition to the shorthand callback. #6364 (opens in a new tab)
  • Hybrid Mode: the table of Data Plane nodes at the Control Plane is now cleaned up automatically, according to a delay value configurable via the cluster_data_plane_purge_delay attribute, set to 14 days by default. #6376 (opens in a new tab)
  • Hybrid Mode: Data Plane nodes now apply only the last config when receiving several updates in sequence, improving the performance when large configs are in use. #6299 (opens in a new tab)
Admin API
  • Hybrid Mode: new endpoint /clustering/data-planes which returns complete information about all Data Plane nodes that are connected to the Control Plane cluster, regardless of the Control Plane node to which they connected. #6308 (opens in a new tab)
    • :warning: The /clustering/status endpoint is now deprecated, since it returns only information about Data Plane nodes directly connected to the Control Plane node to which the Admin API request was made, and is superseded by /clustering/data-planes.
  • Admin API responses now honor the headers configuration setting for including or removing the Server header. #6371 (opens in a new tab)
PDK
  • New function kong.request.get_forwarded_prefix: returns the prefix path component of the request's URL that Kong stripped before proxying to upstream, respecting the value of X-Forwarded-Prefix when it comes from a trusted source. #6251 (opens in a new tab)
  • kong.response.exit now honors the headers configuration setting for including or removing the Server header. #6371 (opens in a new tab)
  • kong.log.serialize function now can be called using the stream subsystem, allowing various logging plugins to work under TCP and TLS proxy modes. #6036 (opens in a new tab)
  • Requests with multipart/form-data MIME type now can use the same part name multiple times. #6054 (opens in a new tab)
Plugins
  • New Response Phase: both Go and Lua pluggins now support a new plugin phase called response in Lua plugins and Response in Go. Using it automatically enables response buffering, which allows you to manipulate both the response headers and the response body in the same phase. This enables support for response handling in Go, where header and body filter phases are not available, allowing you to use PDK functions such as kong.Response.GetBody(), and provides an equivalent simplified feature for handling buffered responses from Lua plugins as well. #5991 (opens in a new tab)
  • aws-lambda: bump to version 3.5.0: #6379 (opens in a new tab)
    • support for 'isBase64Encoded' flag in Lambda function responses
  • grpc-web: introduce configuration pass_stripped_path, which, if set to true, causes the plugin to pass the stripped request path (see the strip_path Route attribute) to the upstream gRPC service.
  • rate-limiting: Support for rate limiting by path, by setting the limit_by = "path" configuration attribute. Thanks KongGuide (opens in a new tab) for the patch! #6286 (opens in a new tab)
  • correlation-id: the plugin now generates a correlation-id value by default if the correlation id header arrives but is empty. #6358 (opens in a new tab)

2.1.4 (opens in a new tab)

Released 2020/09/18

This is a patch release in the 2.0 series. Being a patch release, it strictly contains bugfixes. The are no new features or breaking changes.

Fixes

Core
Plugins

Back to TOC

CLI
  • kong hybrid gen_cert now reports "permission denied" errors correctly when it fails to write the certificate files. #6368 (opens in a new tab)
Plugins
  • acl: bumped to 3.0.1
    • Fix regression in a scenario where an ACL plugin with a deny clause was configured for a group that does not exist would cause a HTTP 401 when an authenticated plugin would match the anonymous consumer. The behavior is now restored to that seen in Kong 1.x and 2.0. #6354 (opens in a new tab)
  • request-transformer: bumped to 1.2.7

2.1.3 (opens in a new tab)

Released 2020/08/19

This is a patch release in the 2.0 series. Being a patch release, it strictly contains bugfixes. The are no new features or breaking changes.

Fixes

Core
  • Fix behavior of X-Forwarded-Prefix header with stripped path prefixes: the stripped portion of path is now added in X-Forwarded-Prefix, except if it is / or if it is received from a trusted client. #6222 (opens in a new tab)
Migrations
Admin API
  • DB-less: fix concurrency issues with /config endpoint. It now waits for the configuration to update across workers before returning, and returns HTTP 429 on attempts to perform concurrent updates and HTTP 504 in case of update timeouts. #6121 (opens in a new tab)
Plugins

2.1.2 (opens in a new tab)

Released 2020/08/13

:white_check_mark: Update (2020/08/13): This release fixed a balancer bug that may cause incorrect request payloads to be sent to unrelated upstreams during balancer retries, potentially causing responses for other requests to be returned. Therefore it is highly recommended that Kong users running versions 2.1.0 and 2.1.1 to upgrade to this version as soon as possible, or apply mitigation from the 2.1.0 section below.

Fixes

Core
  • Fix a bug that balancer retries causes incorrect requests to be sent to subsequent upstream connections of unrelated requests. #6224 (opens in a new tab)
  • Fix an issue where plugins iterator was being built before setting the default workspace id, therefore indexing the plugins under the wrong workspace. #6206 (opens in a new tab)
Migrations
PDK

2.1.1 (opens in a new tab)

Released 2020/08/05

:red_circle: Post-release note (as of 2020/08/13): A faulty behavior has been observed with this change. When Kong proxies using the balancer and a request to one of the upstream Target fails, Kong might send the same request to another healthy Target in a different request later, causing response for the failed request to be returned.

This bug could be mitigated temporarily by disabling upstream keepalive pools. It can be achieved by either:

  1. In kong.conf, set upstream_keepalive_pool_size=0, or
  2. Setting the environment KONG_UPSTREAM_KEEPALIVE_POOL_SIZE=0 when starting Kong with the CLI.

Then restart/reload the Kong instance.

Thanks Nham Le (@nhamlh) for reporting it in #6212 (opens in a new tab).

:white_check_mark: Update (2020/08/13): A fix to this regression has been released as part of 2.1.2. See the section of the Changelog related to this release for more details.

Dependencies

Fixes

Core
  • No longer reject valid characters (as specified in the RFC 3986) in the path attribute of the Service entity. #6183 (opens in a new tab)
Migrations
Admin API
  • Fix issue where consumed worker memory as reported by the kong.node.get_memory_stats() PDK method would be incorrectly reported in kilobytes, rather than bytes, leading to inaccurate values in the /status Admin API endpoint (and other users of said PDK method). #6170 (opens in a new tab)
Plugins

Back to TOC

2.1.0 (opens in a new tab)

Released 2020/07/16

:red_circle: Post-release note (as of 2020/08/13): A faulty behavior has been observed with this change. When Kong proxies using the balancer and a request to one of the upstream Target fails, Kong might send the same request to another healthy Target in a different request later, causing response for the failed request to be returned.

This bug could be mitigated temporarily by disabling upstream keepalive pools. It can be achieved by either:

  1. In kong.conf, set upstream_keepalive_pool_size=0, or
  2. Setting the environment KONG_UPSTREAM_KEEPALIVE_POOL_SIZE=0 when starting Kong with the CLI.

Then restart/reload the Kong instance.

Thanks Nham Le (@nhamlh) for reporting it in #6212 (opens in a new tab).

:white_check_mark: Update (2020/08/13): A fix to this regression has been released as part of 2.1.2. See the section of the Changelog related to this release for more details.

Distributions

Dependencies

Changes

Core
Configuration
  • :warning: The configuration properties router_consistency and router_update_frequency have been renamed to worker_consistency and worker_state_update_frequency, respectively. The new properties allow for configuring the consistency settings of additional internal structures, see below for details. #5325 (opens in a new tab)
  • :warning: The nginx_upstream_keepalive_* configuration properties have been renamed to upstream_keepalive_*. This is due to the introduction of dynamic upstream keepalive pools, see below for details. #5771 (opens in a new tab)
  • :warning: The default value of worker_state_update_frequency (previously router_update_frequency) was changed from 1 to 5. #5325 (opens in a new tab)
Plugins
  • :warning: Change authentication plugins to standardize on allow and deny as terms for access control. Previous nomenclature is deprecated and support will be removed in Kong 3.0.
    • ACL: use allow and deny instead of whitelist and blacklist
    • bot-detection: use allow and deny instead of whitelist and blacklist
    • ip-restriction: use allow and deny instead of whitelist and blacklist #6014 (opens in a new tab)

Additions

Core

  • :fireworks: Asynchronous upstream updates: Kong's load balancer is now able to update its internal structures asynchronously instead of onto the request/stream path.

    This change required the introduction of new configuration properties and the deprecation of older ones:

    • New properties:
      • worker_consistency
      • worker_state_update_frequency
    • Deprecated properties:
      • router_consistency
      • router_update_frequency

    The new worker_consistency property is similar to router_consistency and accepts either of strict (default, synchronous) or eventual (asynchronous). Unlike its deprecated counterpart, this new property aims at configuring the consistency of all internal structures of Kong, and not only the router. #5325 (opens in a new tab)

  • :fireworks: Read-Only Postgres: Kong users are now able to configure a read-only Postgres replica. When configured, Kong will attempt to fulfill read operations through the read-only replica instead of the main Postgres connection. #5584 (opens in a new tab)

  • Introducing dynamic upstream keepalive pools. This change prevents virtual host confusion when Kong proxies traffic to virtual services (hosted on the same IP/port) over TLS. Keepalive pools are now created by the upstream IP/upstream port/SNI/client certificate tuple instead of IP/port only. Users running Kong in front of virtual services should consider adjusting their keepalive settings appropriately.

    This change required the introduction of new configuration properties and the deprecation of older ones:

    • New properties:
      • upstream_keepalive_pool_size
      • upstream_keepalive_max_requests
      • upstream_keepalive_idle_timeout
    • Deprecated properties:
      • nginx_upstream_keepalive
      • nginx_upstream_keepalive_requests
      • nginx_upstream_keepalive_timeout

    Additionally, this change allows for specifying an indefinite amount of max requests and idle timeout threshold for upstream keepalive connections, a capability that was previously removed by Nginx 1.15.3. #5771 (opens in a new tab)

  • The default certificate for the proxy can now be configured via Admin API using the /certificates endpoint. A special * SNI has been introduced which stands for the default certificate. #5404 (opens in a new tab)

  • Add support for PKI in Hybrid Mode mTLS. #5396 (opens in a new tab)

  • Add X-Forwarded-Prefix to set of headers forwarded to upstream requests. #5620 (opens in a new tab)

  • Introduce a _transform option to declarative configuration, which allows importing basicauth credentials with and without hashed passwords. This change is only supported in declarative configuration format version 2.1. #5835 (opens in a new tab)

  • Add capability to define different consistency levels for read and write operations in Cassandra. New configuration properties cassandra_write_consistency and cassandra_read_consistency were introduced and the existing cassandra_consistency property was deprecated. Thanks Abhishekvrshny (opens in a new tab) for the patch! #5812 (opens in a new tab)

  • Introduce certificate expiry and CA constraint checks to Hybrid Mode certificates (cluster_cert and cluster_ca_cert). #6000 (opens in a new tab)

  • Introduce new attributes to the Services entity, allowing for customizations in TLS verification parameters: #5976 (opens in a new tab)

    • tls_verify: whether TLS verification is enabled while handshaking with the upstream Service
    • tls_verify_depth: the maximum depth of verification when validating upstream Service's TLS certificate
    • ca_certificates: the CA trust store to use when validating upstream Service's TLS certificate

  • Introduce new attribute client_certificate in Upstreams entry, used for supporting mTLS in active health checks. #5838 (opens in a new tab)

CLI
Configuration
PDK
  • Support kong.response.exit in Stream (L4) proxy mode. #5524 (opens in a new tab)
  • Introduce kong.request.get_forwarded_path method, which returns the path component of the request's URL, but also considers X-Forwarded-Prefix if it comes from a trusted source. #5620 (opens in a new tab)
  • Introduce kong.response.error method, that allows PDK users to exit with an error while honoring the Accept header or manually forcing a content-type. #5562 (opens in a new tab)
  • Introduce kong.client.tls module, which provides the following methods for interacting with downstream mTLS:
    • kong.client.tls.request_client_certificate(): request client to present its client-side certificate to initiate mutual TLS authentication between server and client.
    • kong.client.tls.disable_session_reuse(): prevent the TLS session for the current connection from being reused by disabling session ticket and session ID for the current TLS connection.
    • kong.client.tls.get_full_client_certificate_chain(): return the PEM encoded downstream client certificate chain with the client certificate at the top and intermediate certificates (if any) at the bottom. #5890 (opens in a new tab)
  • Introduce kong.log.serialize method. #5995 (opens in a new tab)
  • Introduce new methods to the kong.service PDK module:
    • kong.service.set_tls_verify(): set whether TLS verification is enabled while handshaking with the upstream Service
    • kong.service.set_tls_verify_depth(): set the maximum depth of verification when validating upstream Service's TLS certificate
    • kong.service.set_tls_verify_store(): set the CA trust store to use when validating upstream Service's TLS certificate
Plugins

Fixes

Core
Admin API
  • Disallow PATCH on /upstreams/:upstreams/targets/:targets
Plugins

Back to TOC

2.0.5 (opens in a new tab)

Released 2020/06/30

Dependencies

Fixes

Core
CLI
Configuration
  • Fix issue where the Postgres password from the Kong configuration file would be truncated if it contained a # character. #5822 (opens in a new tab)
Admin API
  • Fix issue where a PUT request on /upstreams/:upstreams/targets/:targets would result in HTTP 500 Internal Server Error. #6012 (opens in a new tab)
PDK
Plugins

Back to TOC

2.0.4 (opens in a new tab)

Released 2020/04/22

Fixes

Core
Configuration

Back to TOC

2.0.3 (opens in a new tab)

Released 2020/04/06

This is a patch release in the 2.0 series. Being a patch release, it strictly contains performance improvements and bugfixes. The are no new features or breaking changes.

Fixes

Core
CLI
Configuration
Admin API
  • Fixed the sni is duplicated error when sending multiple SNIs as body arguments and an SNI on URL that matched one from the body. #5660 (opens in a new tab).

Back to TOC

2.0.2 (opens in a new tab)

Released 2020/02/27

This is a patch release in the 2.0 series. Being a patch release, it strictly contains performance improvements and bugfixes. The are no new features or breaking changes.

Fixes

Core
Plugins

Back to TOC

2.0.1 (opens in a new tab)

Released 2020/02/04

This is a patch release in the 2.0 series. Being a patch release, it strictly contains performance improvements and bugfixes. The are no new features or breaking changes.

Fixes

Core
Plugins

Back to TOC

2.0.0 (opens in a new tab)

Released 2020/01/20

This is a new major release of Kong, including new features such as Hybrid mode, Go language support for plugins and buffered proxying, and much more.

Kong 2.0.0 removes the deprecated service mesh functionality, which was been retired in favor of Kuma (opens in a new tab), as Kong continues to focus on its core gateway capabilities.

Please note that Kong 2.0.0 also removes support for migrating from versions below 1.0.0. If you are running Kong 0.x versions below 0.14.1, you need to migrate to 0.14.1 first, and once you are running 0.14.1, you can migrate to Kong 1.5.0, which includes special provisions for migrating from Kong 0.x, such as the kong migrations migrate-apis command, and then finally to Kong 2.0.0.

Dependencies

Note: if you are not using one of our distribution packages and compiling OpenResty from source, you must still apply Kong's OpenResty patches (opens in a new tab) (and, as highlighted above, compile OpenResty with the new lua-kong-nginx-module). Our kong-build-tools (opens in a new tab) repository will allow you to do both easily.

Packaging

Additions

Core
  • :fireworks: Hybrid mode for management of control-plane and data-plane nodes. This allows running control-plane nodes using a database and have them deliver configuration updates to DB-less data-plane nodes. #5294 (opens in a new tab)
  • :fireworks: Buffered proxying - plugins can now request buffered reading of the service response (as opposed to the streaming default), allowing them to modify headers based on the contents of the body #5234 (opens in a new tab)
  • The transformations in DAO schemas now also support on_read, allowing for two-way (read/write) data transformations between Admin API input/output and database storage. #5100 (opens in a new tab)
  • Added threshold attribute for health checks #5206 (opens in a new tab)
  • Caches for core entities and plugin-controlled entities (such as credentials, etc.) are now separated, protecting the core entities from cache eviction caused by plugin behavior. #5114 (opens in a new tab)
  • Cipher suite was updated to the Mozilla v5 release. #5342 (opens in a new tab)
  • Better support for using already existing Cassandra keyspaces when migrating #5361 (opens in a new tab)
  • Better log messages when plugin modules fail to load #5357 (opens in a new tab)
  • stream_listen now supports the backlog option. #5346 (opens in a new tab)
  • The internal cache was split into two independent segments, kong.core_cache and kong.cache. The core_cache region is used by the Kong core to store configuration data that doesn't change often. The other region is used to store plugin runtime data that is dependent on traffic pattern and user behavior. This change should decrease the cache contention between Kong core and plugins and result in better performance overall.
    • :warning: Note that both structures rely on the already existent mem_cache_size configuration option to set their size, so when upgrading from a previous Kong version, the cache memory consumption might double if this value is not adjusted #5114 (opens in a new tab)
CLI
Configuration
  • :fireworks: Extended support for Nginx directive injections via Kong configurations, reducing the needs for custom Nginx templates. New injection contexts were added: nginx_main_, nginx_events and nginx_supstream_ (upstream in stream mode). #5390 (opens in a new tab)
  • Enable reuseport option in the listen directive by default and allow specifying both reuseport and backlog=N in the listener flags. #5332 (opens in a new tab)
  • Check existence of lua_ssl_trusted_certificate at startup #5345 (opens in a new tab)
Admin API
  • Added /upstreams/<id>/health?balancer_health=1 attribute for detailed information about balancer health based on health threshold configuration #5206 (opens in a new tab)
PDK
  • New functions kong.service.request.enable_buffering, kong.service.response.get_raw_body and kong.service.response.get_body for use with buffered proxying #5315 (opens in a new tab)
Plugins

Fixes

Core
Admin API
Core
  • :warning: Removed Service Mesh support - That has been deprecated in Kong 1.4 and made off-by-default already, and the code is now gone in 2.0. For Service Mesh, we now have Kuma (opens in a new tab), which is something designed for Mesh patterns from day one, so we feel at peace with removing Kong's native Service Mesh functionality and focus on its core capabilities as a gateway.
Configuration
  • Routes using tls are now supported in stream mode by adding an entry in stream_listen with the ssl keyword enabled. #5346 (opens in a new tab)
  • As part of service mesh removal, serviceless proxying was removed. You can still set service = null when creating a route for use with serverless plugins such as aws-lambda, or request-termination. #5353 (opens in a new tab)
  • Removed the origins property which was used for service mesh. #5351 (opens in a new tab)
  • Removed the transparent property which was used for service mesh. #5350 (opens in a new tab)
  • Removed the nginx_optimizations property; the equivalent settings can be performed via Nginx directive injections. #5390 (opens in a new tab)
  • The Nginx directive injection prefixes nginx_http_upstream_ and nginx_http_status_ were renamed to nginx_upstream_ and nginx_status_ respectively. #5390 (opens in a new tab)
Plugins

Back to TOC

1.5.1 (opens in a new tab)

Released 2020/02/19

This is a patch release over 1.5.0, fixing a minor issue in the kong migrations migrate-apis command, which assumed execution in a certain order in the migration process. This now allows the command to be executed prior to running the migrations from 0.x to 1.5.1.

Fixes

CLI

Back to TOC

1.5.0 (opens in a new tab)

Released 2020/01/20

Kong 1.5.0 is the last release in the Kong 1.x series, and it was designed to help Kong 0.x users upgrade out of that series and into more current releases. Kong 1.5.0 includes two features designed to ease the transition process: the new kong migrations migrate-apis commands, to help users migrate away from old apis entities which were deprecated in Kong 0.13.0 and removed in Kong 1.0.0, and a compatibility flag to provide better router compatibility across Kong versions.

Additions

Core
  • New path_handling attribute in Routes entities, which selects the behavior the router will have when combining the Service Path, the Route Path, and the Request path into a single path sent to the upstream. This attribute accepts two values, v0 or v1, making the router behave as in Kong 0.x or Kong 1.x, respectively. #5360 (opens in a new tab)
CLI
  • New command kong migrations migrate-apis, which converts any existing apis from an old Kong 0.x installation and generates Route, Service and Plugin entities with equivalent configurations. The converted routes are set to use path_handling = v0, to ensure compatibility. #5176 (opens in a new tab)

Fixes

Core

Back to TOC

1.4.3 (opens in a new tab)

Released 2020/01/09

:warning: This release includes a security fix to address potentially sensitive information being written to the error log file. This affects certain uses of the Admin API for DB-less mode, described below.

This is a patch release in the 1.4 series, and as such, strictly contains bugfixes. There are no new features nor breaking changes.

Fixes

Core
Admin API
  • Do not make a debugging dump of the declarative config input into error.log when posting it with /config and using _format_version as a top-level parameter (instead of embedded in the config parameter). #5411 (opens in a new tab)
  • Fix incorrect behavior of PUT for /certificates #5321 (opens in a new tab)
Plugins

Back to TOC

1.4.2 (opens in a new tab)

Released 2019/12/10

This is another patch release in the 1.4 series, and as such, strictly contains bugfixes. There are no new features nor breaking changes.

Fixes

Core
Plugins

Back to TOC

1.4.1 (opens in a new tab)

Released 2019/12/03

This is a patch release in the 1.4 series, and as such, strictly contains bugfixes. There are no new features nor breaking changes.

Fixes

Core
CLI
  • Fixed an issue with kong config db_export when reading entities that are ttl-enabled and whose ttl value is null. #5185 (opens in a new tab)
Admin API
Plugins

Back to TOC

1.4.0 (opens in a new tab)

Released on 2019/10/22

Installation

  • :warning: All Bintray assets have been renamed from .all. / .noarch. to be architecture specific namely .arm64. and .amd64.

Additions

Core
  • :fireworks: New configuration option cassandra_refresh_frequency to set the frequency that Kong will check for Cassandra cluster topology changes, avoiding restarts when Cassandra nodes are added or removed. #5071 (opens in a new tab)
  • New transformations property in DAO schemas, which allows adding functions that run when database rows are inserted or updated. #5047 (opens in a new tab)
  • The new attribute hostname has been added to upstreams entities. This attribute is used as the Host header when proxying requests through Kong to servers that are listening on server names that are different from the names to which they resolve. #4959 (opens in a new tab)
  • New status interface has been introduced. It exposes insensitive health, metrics and error read-only information from Kong, which can be consumed by other services in the infrastructure to monitor Kong's health. This removes the requirement of the long-used workaround to monitor Kong's health by injecting a custom server block. #4977 (opens in a new tab)
  • New Admin API response header X-Kong-Admin-Latency, reporting the time taken by Kong to process an Admin API request. #4966 (opens in a new tab)
Configuration
  • :warning: New configuration option service_mesh which enables or disables the Service Mesh functionality. The Service Mesh is being deprecated and will not be available in the next releases of Kong. #5124 (opens in a new tab)
  • New configuration option router_update_frequency that allows setting the frequency that router and plugins will be checked for changes. This new option avoids performance degradation when Kong routes or plugins are frequently changed. #4897 (opens in a new tab)
Plugins

Fixes

Core
  • :warning: Service Mesh is known to cause HTTPS requests to upstream to ignore proxy_ssl* directives, so it is being discontinued in the next major release of Kong. In this release it is disabled by default, avoiding this issue, and it can be enabled as aforementioned in the configuration section. #5124 (opens in a new tab)
  • Fixed an issue on reporting the proper request method and URL arguments on NGINX-produced errors in logging plugins. #5073 (opens in a new tab)
  • Fixed an issue where targets were not properly updated in all Kong workers when they were removed. #5041 (opens in a new tab)
  • Deadlocks cases in database access functions when using Postgres and cleaning up cluster_events in high-changing scenarios were fixed. #5118 (opens in a new tab)
  • Fixed issues with tag-filtered GETs on Cassandra-backed nodes. #5105 (opens in a new tab)
Configuration
Plugins

Back to TOC

1.3.0 (opens in a new tab)

Released on 2019/08/21

Kong 1.3 is the first version to officially support gRPC proxying!

Following our vision for Kong to proxy modern Web services protocols, we are excited for this newest addition to the family of protocols already supported by Kong (HTTP(s), WebSockets, and TCP). As we have recently stated in our latest Community Call (opens in a new tab), more protocols are to be expected in the future.

Additionally, this release includes several highly-requested features such as support for upstream mutual TLS, header-based routing (not only Host), database export, and configurable upstream keepalive timeouts.

Changes

Dependencies
  • :warning: The required OpenResty version has been bumped to 1.15.8.1 (opens in a new tab). If you are installing Kong from one of our distribution packages, you are not affected by this change. See #4382 (opens in a new tab). With this new version comes a number of improvements:
    1. The new ngx_http_grpc_module (opens in a new tab).
    2. Configurable of upstream keepalive connections by timeout or number of requests.
    3. Support for ARM64 architectures.
    4. LuaJIT GC64 mode for x86_64 architectures, raising the LuaJIT GC-managed memory limit from 2GB to 128TB and producing more predictable GC performance.
  • :warning: From this version on, the new lua-kong-nginx-module (opens in a new tab) Nginx module is required to be built into OpenResty for Kong to function properly. This new module allows Kong to support new features such as mutual TLS authentication. If you are installing Kong from one of our distribution packages, you are not affected by this change. openresty-build-tools#26 (opens in a new tab)

Note: if you are not using one of our distribution packages and compiling OpenResty from source, you must still apply Kong's OpenResty patches (opens in a new tab) (and, as highlighted above, compile OpenResty with the new lua-kong-nginx-module). Our new openresty-build-tools (opens in a new tab) repository will allow you to do both easily.

Core
  • :warning: Bugfixes in the router may, in some edge-cases, result in different Routes being matched. It was reported to us that the router behaved incorrectly in some cases when configuring wildcard Hosts and regex paths (e.g. #3094 (opens in a new tab)). It may be so that you are subject to these bugs without realizing it. Please ensure that wildcard Hosts and regex paths Routes you have configured are matching as expected before upgrading. See 9ca4dc0 (opens in a new tab), 2683b86 (opens in a new tab), and 6a03e1b (opens in a new tab) for details.
  • Upstream connections are now only kept-alive for 100 requests or 60 seconds (idle) by default. Previously, upstream connections were not actively closed by Kong. This is a (non-breaking) change in behavior, inherited from Nginx 1.15, and configurable via new configuration properties (see below).
Configuration
  • :warning: The upstream_keepalive configuration property is deprecated, and replaced by the new nginx_http_upstream_keepalive property. Its behavior is almost identical, but the notable difference is that the latter leverages the injected Nginx directives (opens in a new tab) feature added in Kong 0.14.0. In future releases, we will gradually increase support for injected Nginx directives. We have high hopes that this will remove the occasional need for custom Nginx configuration templates. #4382 (opens in a new tab)

Additions

Core
  • :fireworks: Native gRPC proxying. Two new protocol types; grpc and grpcs correspond to gRPC over h2c and gRPC over h2. They can be specified on a Route or a Service's protocol attribute (e.g. protocol = grpcs). When an incoming HTTP/2 request matches a Route with a grpc(s) protocol, the request will be handled by the ngx_http_grpc_module (opens in a new tab), and proxied to the upstream Service according to the gRPC protocol specifications. :warning: Note that not all Kong plugins are compatible with gRPC requests yet. #4801 (opens in a new tab)
  • :fireworks: Mutual TLS handshake with upstream services. The Service entity now has a new client_certificate attribute, which is a foreign key to a Certificate entity. If specified, Kong will use the Certificate as a client TLS cert during the upstream TLS handshake. #4800 (opens in a new tab)
  • :fireworks: Route by any request header. The router now has the ability to match Routes by any request header (not only Host). The Route entity now has a new headers attribute, which is a map of headers names and values. E.g. { "X-Forwarded-Host": ["example.org"], "Version": ["2", "3"] }. #4758 (opens in a new tab)
  • :fireworks: Least-connection load-balancing. A new algorithm attribute has been added to the Upstream entity. It can be set to "round-robin" (default), "consistent-hashing", or "least-connections". #4528 (opens in a new tab)
  • A new core entity, "CA Certificates" has been introduced and can be accessed via the new /ca_certificates Admin API endpoint. CA Certificates entities will be used as CA trust store by Kong. Certificates stored by this entity need not include their private key. #4798 (opens in a new tab)
  • Healthchecks now use the combination of IP + Port + Hostname when storing upstream health information. Previously, only IP + Port were used. This means that different virtual hosts served behind the same IP/port will be treated differently with regards to their health status. New endpoints were added to the Admin API to manually set a Target's health status. #4792 (opens in a new tab)
Configuration
  • :fireworks: A new section in the kong.conf file describes injected Nginx directives (opens in a new tab) (added to Kong 0.14.0) and specifies a few default ones. In future releases, we will gradually increase support for injected Nginx directives. We have high hopes that this will remove the occasional need for custom Nginx configuration templates. #4382 (opens in a new tab)
  • :fireworks: New configuration properties allow for controlling the behavior of upstream keepalive connections. nginx_http_upstream_keepalive_requests and nginx_http_upstream_keepalive_timeout respectively control the maximum number of proxied requests and idle timeout of an upstream connection. #4382 (opens in a new tab)
  • New flags have been added to the *_listen properties: deferred, bind, and reuseport. #4692 (opens in a new tab)
CLI
  • :fireworks: Database export via the new kong config db_export CLI command. This command will export the configuration present in the database Kong is connected to (Postgres or Cassandra) as a YAML file following Kong's declarative configuration syntax. This file can thus be imported later on in a DB-less Kong node or in another database via kong config db_import. #4809 (opens in a new tab)
Admin API
  • Many endpoints now support more levels of nesting for ease of access. For example: /services/:services/routes/:routes is now a valid API endpoint. #4713 (opens in a new tab)
  • The API now accepts form-urlencoded payloads with deeply nested data structures. Previously, it was only possible to send such data structures via JSON payloads. #4768 (opens in a new tab)
Plugins
PDK
  • New function kong.service.set_tls_cert_key(). This functions sets the client TLS certificate used while handshaking with the upstream service. #4797 (opens in a new tab)

Fixes

Core
Plugins
CLI
  • Fixed an issue when running kong restart and Kong was not running, causing stdout/stderr logging to turn off. #4772 (opens in a new tab)
Admin API
PDK

Back to TOC

1.2.2 (opens in a new tab)

Released on 2019/08/14

:warning: This release includes patches to the NGINX core (1.13.6) fixing vulnerabilities in the HTTP/2 module (CVE-2019-9511 CVE-2019-9513 CVE-2019-9516).

This is a patch release in the 1.2 series, and as such, strictly contains bugfixes. There are no new features nor breaking changes.

Fixes

Core

Performance

Core

1.2.1 (opens in a new tab)

Released on 2019/06/26

This is a patch release in the 1.2 series, and as such, strictly contains bugfixes. There are no new features nor breaking changes.

Fixes

Core
  • Fix an issue preventing WebSocket connections from being established by clients. This issue was introduced in Kong 1.1.2, and would incorrectly clear the Upgrade response header. #4719 (opens in a new tab)
  • Fix a memory usage growth issue in the /config endpoint when configuring Upstream entities. This issue was mostly observed by users of the Kong Ingress Controller (opens in a new tab). #4733 (opens in a new tab)
  • Cassandra: ensure serial consistency is LOCAL_SERIAL when a datacenter-aware load balancing policy is in use. This fixes unavailability exceptions sometimes experienced when connecting to a multi-datacenter cluster with cross-datacenter connectivity issues. #4734 (opens in a new tab)
  • Schemas: fix an issue in the schema validator that would not allow specifying false in some schema rules, such a { type = "boolean", eq = false }. #4708 (opens in a new tab) #4727 (opens in a new tab)
  • Fix an underlying issue with regards to database entities cache keys generation. #4717 (opens in a new tab)
Configuration
  • Ensure the cassandra_local_datacenter configuration property is specified when a datacenter-aware Cassandra load balancing policy is in use. #4734 (opens in a new tab)
Plugins

Back to TOC

1.2.0 (opens in a new tab)

Released on: 2019/06/07

This release brings improvements to reduce long latency tails, consolidates declarative configuration support, and comes with newly open sourced plugins previously only available to Enterprise customers. It also ships with new features improving observability and usability.

This release includes database migrations. Please take a few minutes to read the 1.2 Upgrade Path (opens in a new tab) for more details regarding changes and migrations before planning to upgrade your Kong cluster.

Installation

  • :warning: All Bintray repositories have been renamed from kong-community-edition-* to kong-*.
  • :warning: All Kong packages have been renamed from kong-community-edition to kong.

For more details about the updated installation, please visit the official docs: https://konghq.com/install (opens in a new tab).

Additions

Core
  • :fireworks: Support for wildcard SNI matching: the ssl_certificate_by_lua phase and the stream preread phase) is now able to match a client hello SNI against any registered wildcard SNI. This is particularly helpful for deployments serving a certificate for multiple subdomains. #4457 (opens in a new tab)
  • :fireworks: HTTPS Routes can now be matched by SNI: the snis Route attribute (previously only available for tls Routes) can now be set for https Routes and is evaluated by the HTTP router. #4633 (opens in a new tab)
  • :fireworks: Native support for HTTPS redirects: Routes have a new https_redirect_status_code attribute specifying the status code to send back to the client if a plain text request was sent to an https Route. #4424 (opens in a new tab)
  • The loading of declarative configuration is now done atomically, and with a safety check to verify that the new configuration fits in memory. #4579 (opens in a new tab)
  • Schema fields can now be marked as immutable. #4381 (opens in a new tab)
  • Support for loading custom DAO strategies from plugins. #4518 (opens in a new tab)
  • Support for IPv6 to tcp and tls Routes. #4333 (opens in a new tab)
Configuration
  • :fireworks: Asynchronous router updates: a new configuration property router_consistency accepts two possible values: strict and eventual. The former is the default setting and makes router rebuilds highly consistent between Nginx workers. It can result in long tail latency if frequent Routes and Services updates are expected. The latter helps preventing long tail latency issues by instructing Kong to rebuild the router asynchronously (with eventual consistency between Nginx workers). #4639 (opens in a new tab)
  • :fireworks: Database cache warmup: Kong can now preload entities during its initialization. A new configuration property (db_cache_warmup_entities) was introduced, allowing users to specify which entities should be preloaded. DB cache warmup allows for ahead-of-time DNS resolution for Services with a hostname. This feature reduces first requests latency, improving the overall P99 latency tail. #4565 (opens in a new tab)
  • Improved PostgreSQL connection management: two new configuration properties have been added: pg_max_concurrent_queries sets the maximum number of concurrent queries to the database, and pg_semaphore_timeout allows for tuning the timeout when acquiring access to a database connection. The default behavior remains the same, with no concurrency limitation. #4551 (opens in a new tab)
Admin API
  • :fireworks: Add declarative configuration hash checking avoiding reloading if the configuration has not changed. The /config endpoint now accepts a check_hash query argument. Hash checking only happens if this argument's value is set to 1. #4609 (opens in a new tab)
  • :fireworks: Add a schema validation endpoint for entities: a new endpoint /schemas/:entity_name/validate can be used to validate an instance of any entity type in Kong without creating the entity itself. #4413 (opens in a new tab)
  • :fireworks: Add memory statistics to the /status endpoint. The response now includes a memory field, which contains the lua_shared_dicts and workers_lua_vms fields with statistics on shared dictionaries and workers Lua VM memory usage. #4592 (opens in a new tab)
PDK
  • New function kong.node.get_memory_stats(). This function returns statistics on shared dictionaries and workers Lua VM memory usage, and powers the memory statistics newly exposed by the /status endpoint. #4632 (opens in a new tab)
Plugins

Fixes

Core
  • Active healthchecks: http checks are not performed for tcp and tls Services anymore; only tcp healthchecks are performed against such Services. #4616 (opens in a new tab)
  • Fix an issue where updates in migrations would not correctly populate default values. #4635 (opens in a new tab)
  • Improvements in the reentrancy of Cassandra migrations. #4611 (opens in a new tab)
  • Fix an issue causing the PostgreSQL strategy to not bootstrap the schema when using a PostgreSQL account with limited permissions. #4506 (opens in a new tab)
CLI
  • Fix kong db_import to support inserting entities without specifying a UUID for their primary key. Entities with a unique identifier (e.g. name for Services) can have their primary key omitted. #4657 (opens in a new tab)
  • The kong migrations [up|finish] -f commands does not run anymore if there are no previously executed migrations. #4617 (opens in a new tab)
Plugins

Back to TOC

1.1.2 (opens in a new tab)

Released on: 2019/04/24

This is a patch release in the 1.0 series. Being a patch release, it strictly contains bugfixes. The are no new features or breaking changes.

Fixes

Back to TOC

1.1.1 (opens in a new tab)

Released on: 2019/03/28

This release contains a fix for 0.14 Kong clusters using Cassandra to safely migrate to Kong 1.1.

Fixes

Back to TOC

1.1.0 (opens in a new tab)

Released on: 2019/03/27

This release introduces new features such as Declarative Configuration, DB-less Mode, Bulk Database Import, Tags, as well as Transparent Proxying. It contains a large number of other features and fixes, listed below. Also, the Plugin Development kit also saw a minor updated, bumped to version 1.1.

This release includes database migrations. Please take a few minutes to read the 1.1 Upgrade Path (opens in a new tab) for more details regarding changes and migrations before planning to upgrade your Kong cluster.

:large_orange_diamond: Post-release note (as of 2019/03/28): an issue has been found when migrating from a 0.14 Kong cluster to 1.1.0 when running on top of Cassandra. Kong 1.1.1 has been released to address this issue. Kong clusters running on top of PostgreSQL are not affected by this issue, and can migrate to 1.1.0 or 1.1.1 safely.

Additions

Core
  • :fireworks: Kong can now run without a database, using in-memory storage only. When running Kong in DB-less mode, entities are loaded via a declarative configuration file, specified either through Kong's configuration file, or uploaded via the Admin API. #4315 (opens in a new tab)
  • :fireworks: Transparent proxying - the service attribute on Routes is now optional; a Route without an assigned Service will proxy transparently #4286 (opens in a new tab)
  • Support for tags in entities #4275 (opens in a new tab)
    • Every core entity now adds a tags field
  • New protocols field in the Plugin entity, allowing plugin instances to be set for specific protocols only (http, https, tcp or tls). #4248 (opens in a new tab)
    • It filters out plugins during execution according to their protocols field
    • It throws an error when trying to associate a Plugin to a Route which is not compatible, protocols-wise, or to a Service with no compatible routes.
Configuration
  • New option in kong.conf: database=off to start Kong without a database
  • New option in kong.conf: declarative_config=kong.yml to load a YAML file using Kong's new declarative config format (opens in a new tab)
  • New option in kong.conf: pg_schema to specify Postgres schema to be used
  • The Stream subsystem now supports Nginx directive injections #4148 (opens in a new tab)
    • nginx_stream_* (or KONG_NGINX_STREAM_* environment variables) for injecting entries to the stream block
    • nginx_sproxy_* (or KONG_NGINX_SPROXY_* environment variables) for injecting entries to the server block inside stream
CLI
  • :fireworks: Bulk database import using the same declarative configuration format as the in-memory mode, using the new command: kong config db_import kong.yml. This command upserts all entities specified in the given kong.yml file in bulk #4284 (opens in a new tab)
  • New command: kong config init to generate a template kong.yml file to get you started
  • New command: kong config parse kong.yml to verify the syntax of the kong.yml file before using it
  • New option --wait in kong quit to ease graceful termination when using orchestration tools #4201 (opens in a new tab)
Admin API
  • New Admin API endpoint: /config to replace the configuration of Kong entities entirely, replacing it with the contents of a new declarative config file
    • When using the new database=off configuration option, the Admin API endpoints for entities (such as /routes and /services) are read-only, since the configuration can only be updated via /config #4308 (opens in a new tab)
  • Admin API endpoints now support searching by tag (for example, /consumers?tags=example_tag)
    • You can search by multiple tags:
      • /services?tags=serv1,mobile to search for services matching tags serv1 and mobile
      • /services?tags=serv1/serv2 to search for services matching tags serv1 or serv2
  • New Admin API endpoint /tags/ for listing entities by tag: /tags/example_tag
PDK
  • New PDK function: kong.client.get_protocol for obtaining the protocol in use during the current request #4307 (opens in a new tab)
  • New PDK function: kong.nginx.get_subsystem, so plugins can detect whether they are running on the HTTP or Stream subsystem #4358 (opens in a new tab)
Plugins

Changes

Dependencies
  • The required OpenResty version is still 1.13.6.2, but for a full feature set including stream routing and Service Mesh abilities with mutual TLS, Kong's openresty-patches (opens in a new tab) must be applied (those patches are already bundled with our official distribution packages). The openresty-patches bundle was updated in Kong 1.1.0 to include the stream_realip_module as well. Kong in HTTP(S) Gateway scenarios does not require these patches. #4163 (opens in a new tab)
  • Service Mesh abilities require at least OpenSSL version 1.1.1. In our official distribution packages, OpenSSL has been bumped to 1.1.1b. #4345 (opens in a new tab), #4440 (opens in a new tab)

Fixes

Core
Admin API
Plugins

Back to TOC

1.0.3 (opens in a new tab)

Released on: 2019/01/31

This is a patch release addressing several regressions introduced some plugins, and improving the robustness of our migrations and core components.

Core

Plugins
  • request-transformer: fix a regression causing the upstream Host header to be unconditionally set to that of the client request (effectively, as if the Route had preserve_host enabled). #4253 (opens in a new tab)
  • cors: fix a regression that prevented regex origins from being matched. Regexes such as (.*[.])?example\.org can now be used to match all sub-domains, while regexes containing : will be evaluated against the scheme and port of an origin (i.e. ^https?://(.*[.])?example\.org(:8000)?$). #4261 (opens in a new tab)
  • oauth2: fix a runtime error when using a global token against a plugin not configured as global (i.e. with global_credentials = false). #4262 (opens in a new tab)
Admin API
  • Improve performance of the PUT method in auth plugins endpoints (e.g. /consumers/:consumers/basic-auth/:basicauth_credentials) by preventing a unnecessary read-before-write. #4206 (opens in a new tab)

Back to TOC

1.0.2 (opens in a new tab)

Released on: 2019/01/18

This is a hotfix release mainly addressing an issue when connecting to the datastore over TLS (Cassandra and PostgreSQL).

Fixes

Core
Plugins

Back to TOC

1.0.1 (opens in a new tab)

Released on: 2019/01/16

This is a patch release in the 1.0 series. Being a patch release, it strictly contains performance improvements and bugfixes. The are no new features or breaking changes.

:red_circle: Post-release note (as of 2019/01/17): A regression has been observed with this version, preventing Kong from starting when connecting to its datastore over TLS. Installing this version is discouraged; consider upgrading to 1.0.2.

Changes

Core

Fixes

Configuration
Core
Admin API
Plugins

Back to TOC

1.0.0 (opens in a new tab)

Released on: 2018/12/18

This is a major release, introducing new features such as Service Mesh and Stream Routing support, as well as a New Migrations framework. It also includes version 1.0.0 of the Plugin Development Kit. It contains a large number of other features and fixes, listed below. Also, all plugins included with Kong 1.0 are updated to use version 1.0 of the PDK.

As usual, major version upgrades require database migrations and changes to the Nginx configuration file (if you customized the default template). Please take a few minutes to read the 1.0 Upgrade Path (opens in a new tab) for more details regarding breaking changes and migrations before planning to upgrade your Kong cluster.

Being a major version, all entities and concepts that were marked as deprecated in Kong 0.x are now removed in Kong 1.0. The deprecated features are retained in Kong 0.15, the final entry in the Kong 0.x series, which is being released simultaneously to Kong 1.0.

Changes

Kong 1.0 includes all breaking changes from 0.15, as well as the removal of deprecated concepts.

Dependencies
  • The required OpenResty version is still 1.13.6.2, but for a full feature set including stream routing and Service Mesh abilities with mutual TLS, Kong's openresty-patches (opens in a new tab) must be applied (those patches are already bundled with our official distribution packages). Kong in HTTP(S) Gateway scenarios does not require these patches.
  • Service Mesh abilities require at least OpenSSL version 1.1.1. In our official distribution packages, OpenSSL has been bumped to 1.1.1. #4005 (opens in a new tab)
Configuration
  • :warning: The custom_plugins directive is removed (deprecated since 0.14.0, July 2018). Use plugins instead.
  • Modifications must be applied to the Nginx configuration. You are not affected by this change if you do not use a custom Nginx template. See the 1.0 Upgrade Path (opens in a new tab) for a diff of changes to apply.
  • The default value for cassandra_lb_policy changed from RoundRobin to RequestRoundRobin. This helps reducing the amount of new connections being opened during a request when using the Cassandra strategy. #4004 (opens in a new tab)
Core
  • :warning: The API entity and related concepts such as the /apis endpoint, are removed (deprecated since 0.13.0, March 2018). Use Routes and Services instead.
  • :warning: The old DAO implementation is removed, along with the old schema validation library (apis was the last entity using it). Use the new schema format instead in custom plugins. To ease the transition of plugins, the plugin loader in 1.0 includes a best-effort schema auto-translator, which should be sufficient for many plugins.
  • Timestamps now bear millisecond precision in their decimal part. #3660 (opens in a new tab)
  • The PDK function kong.request.get_body will now return nil, err, mime when the body is valid JSON but neither an object nor an array. #4063 (opens in a new tab)
CLI
  • :warning: The new migrations framework (detailed below) has a different usage (and subcommands) compared to its predecessor. #3802 (opens in a new tab)
Admin API

A summary of the changes introduced in the new Admin API:

  • Pagination has been included in all "multi-record" endpoints, and pagination control fields are different than in 0.14.x.
  • Filtering now happens via URL path changes (/consumers/x/plugins) instead of querystring fields (/plugins?consumer_id=x).
  • Array values can't be coerced from comma-separated strings anymore. They must now be "proper" JSON values on JSON requests, or use a new syntax on form-url-encoded or multipart requests.
  • Error messages have been been reworked from the ground up to be more consistent, precise and informative.
  • The PUT method has been reimplemented with idempotent behavior and has been added to some entities that didn't have it.

For more details about the new Admin API, please visit the official docs: https://docs.konghq.com/ (opens in a new tab)

Plugins
  • :warning: The galileo plugin has been removed (deprecated since 0.13.0). #3960 (opens in a new tab)
  • :warning: Some internal modules that were occasionally used by plugin authors before the introduction of the Plugin Development Kit (PDK) in 0.14.0 are now removed:
    • The kong.tools.ip module was removed. Use kong.ip from the PDK instead.
    • The kong.tools.public module was removed. Use the various equivalent features from the PDK instead.
    • The kong.tools.responses module was removed. Please use kong.response.exit from the PDK instead. You might want to use kong.log.err to log internal server errors as well.
    • The kong.api.crud_helpers module was removed (deprecated since the introduction of the new DAO in 0.13.0). Use kong.api.endpoints instead if you need to customize the auto-generated endpoints.
  • All bundled plugins' schemas and custom entities have been updated to the new kong.db module, and their APIs have been updated to the new Admin API, which is described in the above section. #3766 (opens in a new tab) #3774 (opens in a new tab) #3778 (opens in a new tab) #3839 (opens in a new tab)
  • :warning: All plugins migrations have been converted to the new migration framework. Custom plugins must use the new migration framework from 0.15 onwards.

Additions

:fireworks: Service Mesh and Stream Routes

Kong's Service Mesh support resulted in a number of additions to Kong's configuration, Admin API, and plugins that deserve their own section in this changelog.

Configuration
CLI
  • :fireworks: New migrations framework. This new implementation supports no-downtime, Blue/Green migrations paths that will help sustain Kong 1.0's stability. It brings a considerable number of other improvements, such as new commands, better support for automation, improved CLI logging, and many more. Additionally, this new framework alleviates the old limitation around multiple nodes running concurrent migrations. See the related PR for a complete list of improvements. #3802 (opens in a new tab)
Core
  • :fireworks: Support for TLS 1.3. The support for OpenSSL 1.1.1 (bumped in our official distribution packages) not only enabled Service Mesh features, but also unlocks support for the latest version of the TLS protocol.
  • :fireworks: Support for HTTPS in active healthchecks. #3815 (opens in a new tab)
  • :fireworks: Improved router rebuilds resiliency by reducing database accesses in high concurrency scenarios. #3782 (opens in a new tab)
  • :fireworks: Significant performance improvements in the core's plugins runloop. #3794 (opens in a new tab)
  • PDK improvements:
  • Schema improvements:
    • New field validators: distinct, ne, is_regex, contains, gt.
    • Adding a new field which has a default value to a schema no longer requires a migration. #3756 (opens in a new tab)
Admin API
Plugins

Fixes

Core
Admin API
Plugins

Back to TOC

0.15.0 (opens in a new tab)

Released on: 2018/12/18

This is the last release in the 0.x series, giving users one last chance to upgrade while still using some of the options and concepts that were marked as deprecated in Kong 0.x and were removed in Kong 1.0.

For a list of additions and fixes in Kong 0.15, see the 1.0.0 changelog. This release includes all new features included in 1.0 (Service Mesh, Stream Routes and New Migrations), but unlike Kong 1.0, it retains a lot of the deprecated functionality, like the API entity, around. Still, Kong 0.15 does have a number of breaking changes related to functionality that has changed since version 0.14 (see below).

If you are starting with Kong, we recommend you to use 1.0.0 instead of this release.

If you are already using Kong 0.14, our recommendation is to plan to move to 1.0 -- see the 1.0 Upgrade Path (opens in a new tab) document for details. Upgrading to 0.15.0 is only recommended if you can't do away with the deprecated features but you need some fixes or new features right now.

Changes

Dependencies
  • The required OpenResty version is still 1.13.6.2, but for a full feature set including stream routing and Service Mesh abilities with mutual TLS, Kong's openresty-patches (opens in a new tab) must be applied (those patches are already bundled with our official distribution packages). Kong in HTTP(S) Gateway scenarios does not require these patches.
  • Service Mesh abilities require at least OpenSSL version 1.1.1. In our official distribution packages, OpenSSL has been bumped to 1.1.1. #4005 (opens in a new tab)
Configuration
  • The default value for cassandra_lb_policy changed from RoundRobin to RequestRoundRobin. This helps reducing the amount of new connections being opened during a request when using the Cassandra strategy. #4004 (opens in a new tab)
Core
CLI
Admin API

A summary of the changes introduced in the new Admin API:

  • Pagination has been included in all "multi-record" endpoints, and pagination control fields are different than in 0.14.x.
  • Filtering now happens via URL path changes (/consumers/x/plugins) instead of querystring fields (/plugins?consumer_id=x).
  • Array values can't be coherced from comma-separated strings. They must be "proper" JSON values on JSON requests, or use a new syntax on form-url-encoded or multipart requests.
  • Error messages have been been reworked from the ground up to be more consistent, precise and informative.
  • The PUT method has been reimplemented with idempotent behavior and has been added to some entities that didn't have it.

For more details about the new Admin API, please visit the official docs: https://docs.konghq.com/ (opens in a new tab)

Plugins

Additions

Kong 0.15.0 contains the same additions as 1.0.0. See the 1.0.0 changelog for a complete list.

Fixes

Kong 0.15.0 contains the same fixes as 1.0.0. See the 1.0.0 changelog for a complete list.

Back to TOC

0.14.1 (opens in a new tab)

Released on: 2018/08/21

Additions

Plugins

Fixes

Core
  • Prevent some plugins from breaking in subtle ways when manipulating some entities and their attributes. An example of such breaking behavior could be observed when Kong was wrongly injecting X-Consumer-Username: userdata: NULL in upstream requests headers, instead of not injecting this header at all. #3714 (opens in a new tab)
  • Fix an issue which, in some cases, prevented the use of Kong with Cassandra in environments where DNS load-balancing is in effect for contact points provided as hostnames (e.g. Kubernetes with cassandra_contact_points = cassandra). #3693 (opens in a new tab)
  • Fix an issue which prevented the use of UNIX domain sockets in some logging plugins, and custom plugins making use of such sockets. Thanks @rucciva (opens in a new tab) for the patch. #3633 (opens in a new tab)
  • Avoid logging false-negative error messages related to worker events. #3692 (opens in a new tab)
CLI
Plugins

Back to TOC

0.14.0 (opens in a new tab) - 2018/07/05

This release introduces the first version of the Plugin Development Kit: a Lua SDK, comprised of a set of functions to ease the development of custom plugins.

Additionally, it contains several major improvements consolidating Kong's feature set and flexibility, such as the support for PUT endpoints on the Admin API for idempotent workflows, the execution of plugins during Nginx-produced errors, and the injection of Nginx directives without having to rely on the custom Nginx configuration pattern!

Finally, new bundled plugins allow Kong to better integrate with Cloud Native environments, such as Zipkin and Prometheus.

As usual, major version upgrades require database migrations and changes to the Nginx configuration file (if you customized the default template). Please take a few minutes to read the 0.14 Upgrade Path (opens in a new tab) for more details regarding breaking changes and migrations before planning to upgrade your Kong cluster.

Breaking Changes

Dependencies
  • :warning: The required OpenResty version has been bumped to 1.13.6.2. If you are installing Kong from one of our distribution packages, you are not affected by this change. #3498 (opens in a new tab)
  • :warning: Support for PostgreSQL 9.4 (deprecated in 0.12.0) is now dropped. #3490 (opens in a new tab)
  • :warning: Support for Cassandra 2.1 (deprecated in 0.12.0) is now dropped. #3490 (opens in a new tab)
Configuration
  • :warning: The server_tokens and latency_tokens configuration properties have been removed. Instead, a new headers configuration properties replaces them and allows for more granular settings of injected headers (e.g. Server, Via, X-Kong-*-Latency, etc...). #3300 (opens in a new tab)
  • :warning: New required lua_shared_dict entries must be added to the Nginx configuration. You are not affected by this change if you do not use a custom Nginx template. #3557 (opens in a new tab)
  • :warning: Other important modifications must be applied to the Nginx configuration. You are not affected by this change if you do not use a custom Nginx template. #3533 (opens in a new tab)
Plugins
  • :warning: The Runscope plugin has been dropped, based on the EoL announcement made by Runscope about their Traffic Inspector product. #3495 (opens in a new tab)
Admin API
  • :warning: The SSL Certificates and SNI entities have moved to the new DAO implementation. As such, the /certificates and /snis endpoints have received notable usability improvements, but suffer from a few breaking changes. #3386 (opens in a new tab)
  • :warning: The Consumers entity has moved to the new DAO implementation. As such, the /consumers endpoint has received notable usability improvements, but suffers from a few breaking changes. #3437 (opens in a new tab)

Changes

Configuration
  • The default value of db_cache_ttl is now 0 (disabled). Now that our level of confidence around the new caching mechanism introduced in 0.11.0 is high enough, we consider 0 (no TTL) to be an appropriate default for production environments, as it offers a smoother cache consumption behavior and reduces database pressure. #3492 (opens in a new tab)
Core
  • :fireworks: Serve stale data from the database cache when the datastore cannot be reached. Such stale items are "resurrected" for db_resurrect_ttl seconds (see configuration section). #3579 (opens in a new tab)
  • Reduce LRU churning in the database cache against some workloads. #3550 (opens in a new tab)

Additions

Configuration
  • :fireworks: Support for injecting Nginx directives via configuration properties (in the kong.conf file or via environment variables)! This new way of customizing the Nginx configuration should render obsolete the old way of maintaining a custom Nginx template in most cases! #3530 (opens in a new tab)
  • :fireworks: Support for selectively disabling bundled plugins. A new plugins configuration property is introduced, and is used to specify which plugins should be loaded by the node. Custom plugins should now be specified in this new property, and the custom_plugins property is deprecated. If desired, Kong administrators can specify a minimal set of plugins to load (instead of the default, bundled plugins), and improve P99 latency thanks to the resulting decrease in database traffic. #3387 (opens in a new tab)
  • The new headers configuration property allows for specifying the injection of a new header: X-Kong-Upstream-Status. When enabled, Kong will inject this header containing the HTTP status code of the upstream response in the client response. This is particularly useful for clients to distinguish upstream statuses upon rewriting of the response by Kong. #3263 (opens in a new tab)
  • A new db_resurrect_ttl configuration property can be set to customize the amount of time stale data can be resurrected for when it cannot be refreshed. Defaults to 30 seconds. #3579 (opens in a new tab)
  • Two new Cassandra load balancing policies are available: RequestRoundRobin and RequestDCAwareRoundRobin. Both policies guarantee that the same peer will be reused across several queries during the lifetime of a request, thus guaranteeing no new connection will be opened against a peer during this request. #3545 (opens in a new tab)
Core
  • :fireworks: Execute plugins on Nginx-produced errors. Now, when Nginx produces a 4xx error (upon invalid requests) or 5xx (upon failure from the load balancer to connect to a Service), Kong will execute the response phases of its plugins (header_filter, body_filter, log). As such, Kong logging plugins are not blind to such Nginx-produced errors anymore, and will start properly reporting them. Plugins should be built defensively against cases where their rewrite or access phases were not executed. #3533 (opens in a new tab)
  • :fireworks: Support for cookie-based load balancing! #3472 (opens in a new tab)
Plugins
Admin API
  • :fireworks: Support for PUT in new endpoints (e.g. /services/{id or name}, /routes/{id}, /consumers/{id or username}), allowing the development of idempotent configuration workflows when scripting the Admin API. #3416 (opens in a new tab)
  • Support for PATCH and DELETE on the /services/{name}, /consumers/{username}, and /snis/{name} endpoints. #3416 (opens in a new tab)

Fixes

Configuration
Core
  • IPv6 nameservers with a scope are now ignored by the DNS resolver. #3478 (opens in a new tab)
  • SRV records without a port number now returns the default port instead of 0. #3478 (opens in a new tab)
  • Ensure DNS-based round robin load balancing starts at a randomized position to prevent all Nginx workers from starting with the same peer. #3478 (opens in a new tab)
  • Properly report timeouts in passive health checks. Previously, connection timeouts were counted as tcp_failures, and upstream timeouts were ignored. Health check users should ensure that their timeout settings reflect their intended behavior. #3539 (opens in a new tab)
  • Ensure active health check probe requests send the Host header. #3496 (opens in a new tab)
  • Overall, more reliable health checks healthiness counters behavior. #3496 (opens in a new tab)
  • Do not set Content-Type headers on HTTP 204 No Content responses. #3351 (opens in a new tab)
  • Ensure the PostgreSQL connector of the new DAO (used by Services, Routes, Consumers, and SSL certs/SNIs) is now fully re-entrant and properly behaves in busy workloads (e.g. scripting requests to the Admin API). #3423 (opens in a new tab)
  • Properly route HTTP/1.0 requests without a Host header when using the old deprecated "API" entity. #3438 (opens in a new tab)
  • Ensure that all Kong-produced errors respect the headers configuration setting (previously server_tokens) and do not include the Server header if not configured. #3511 (opens in a new tab)
  • Harden an existing Cassandra migration. #3532 (opens in a new tab)
  • Prevent the load balancer from needlessly rebuilding its state when creating Targets. #3477 (opens in a new tab)
  • Prevent some harmless error logs to be printed during startup when initialization takes more than a few seconds. #3443 (opens in a new tab)
Plugins
Admin API
  • Requests to /healthy and /unhealthy endpoints for upstream health checks now properly propagate the new state to other nodes of a Kong cluster. #3464 (opens in a new tab)
  • Do not produce an HTTP 500 error when POST-ing to /services with an empty url argument. #3452 (opens in a new tab)
  • Ensure foreign keys are required when creating child entities (e.g. service.id when creating a Route). Previously some rows could have an empty service_id field. #3548 (opens in a new tab)
  • Better type inference in new endpoints (e.g. /services, /routes, /consumers) when using application/x-www-form-urlencoded MIME type. #3416 (opens in a new tab)

Back to TOC

0.13.1 (opens in a new tab) - 2018/04/23

This release contains numerous bug fixes and a few convenience features. Notably, a best-effort/backwards-compatible approach is followed to resolve no memory errors caused by the fragmentation of shared memory between the core and plugins.

Added

Core
  • Cache misses are now stored in a separate shared memory zone from hits if such a zone is defined. This reduces cache turnover and can increase the cache hit ratio quite considerably. Users with a custom Nginx template are advised to define such a zone to benefit from this behavior: lua_shared_dict kong_db_cache_miss 12m;.
  • We now ensure that the Cassandra or PostgreSQL instance Kong is connecting to falls within the supported version range. Deprecated versions result in warning logs. As a reminder, Kong 0.13.x supports Cassandra 2.2+, and PostgreSQL 9.5+. Cassandra 2.1 and PostgreSQL 9.4 are supported, but deprecated. #3310 (opens in a new tab)
  • HTTP 494 errors thrown by Nginx are now caught by Kong and produce a native, Kong-friendly response. Thanks @ti-mo (opens in a new tab) for the contribution! #3112 (opens in a new tab)
CLI
Admin API
  • Friendlier behavior of Routes schema validation: PATCH requests can be made without specifying all three of methods, hosts, or paths if at least one of the three is specified in the body. #3364 (opens in a new tab)
Plugins

Fixed

Core

  • Numerous users have reported no memory errors which were caused by circumstantial memory fragmentation. Such errors, while still possible if plugin authors are not careful, should now mostly be addressed. #3311 (opens in a new tab)

    If you are using a custom Nginx template, be sure to define the following shared memory zones to benefit from these fixes:

    lua_shared_dict kong_db_cache_miss 12m;
lua_shared_dict kong_rate_limiting_counters 12m;
CLI
  • Redirect Nginx's stdout and stderr output to kong start when nginx_daemon is enabled (such as when using the Kong Docker image). This also prevents growing log files when Nginx redirects logs to /dev/stdout and /dev/stderr but nginx_daemon is disabled. #3297 (opens in a new tab)
Admin API
Plugins
  • rate-limiting/response-rate-limiting:
    • If defined in the Nginx configuration, will use a dedicated lua_shared_dict instead of using the kong_cache shared memory zone. This prevents memory fragmentation issues resulting in no memory errors observed by numerous users. Users with a custom Nginx template are advised to define such a zone to benefit from this fix: lua_shared_dict kong_rate_limiting_counters 12m;. #3311 (opens in a new tab)
    • When using the Redis strategy, ensure the correct Redis database is selected. This issue could occur when several request and response rate-limiting were configured using different Redis databases. Thanks @mengskysama (opens in a new tab) for the patch! #3293 (opens in a new tab)
  • key-auth: Respect request MIME type when re-encoding the request body if both config.key_in_body and config.hide_credentials are enabled. Thanks @p0pr0ck5 (opens in a new tab) for the patch! #3213 (opens in a new tab)
  • oauth2: Return HTTP 400 on invalid scope type. Thanks @Gman98ish (opens in a new tab) for the patch! #3206 (opens in a new tab)
  • ldap-auth: Ensure the plugin does not throw errors when configured as a global plugin. #3354 (opens in a new tab)
  • hmac-auth: Verify signature against non-normalized ($request_uri) request line (instead of $uri). #3339 (opens in a new tab)
  • aws-lambda: Fix a typo in upstream headers sent to the function. We now properly send the X-Amz-Log-Type header. #3398 (opens in a new tab)

Back to TOC

0.13.0 (opens in a new tab) - 2018/03/22

This release introduces two new core entities that will improve the way you configure Kong: Routes & Services. Those entities replace the "API" entity and simplify the setup of non-naive use-cases by providing better separation of concerns and allowing for plugins to be applied to specific endpoints.

As usual, major version upgrades require database migrations and changes to the Nginx configuration file (if you customized the default template). Please take a few minutes to read the 0.13 Upgrade Path (opens in a new tab) for more details regarding breaking changes and migrations before planning to upgrade your Kong cluster.

Breaking Changes

Configuration
  • :warning: The proxy_listen and admin_listen configuration values have a new syntax. This syntax is more aligned with that of NGINX and is more powerful while also simpler. As a result, the following configuration values have been removed because superfluous: ssl, admin_ssl, http2, admin_http2, proxy_listen_ssl, and admin_listen_ssl. #3147 (opens in a new tab)
Plugins
  • :warning: galileo: As part of the Galileo deprecation path, the galileo plugin is not enabled by default anymore, although still bundled with 0.13. Users are advised to stop using the plugin, but for the time being can keep enabling it by adding it to the custom_plugin configuration value. #3233 (opens in a new tab)
  • :warning: rate-limiting (Cassandra): The default migration for including Routes and Services in plugins will remove and re-create the Cassandra rate-limiting counters table. This means that users that were rate-limited because of excessive API consumption will be able to consume the API until they reach their limit again. There is no such data deletion in PostgreSQL. def201f (opens in a new tab)

Changes

Dependencies

Additions

Configuration
  • :fireworks: Support for control-plane and data-plane modes. The new syntax of proxy_listen and admin_listen supports off, which disables either one of those interfaces. It is now simpler than ever to make a Kong node "Proxy only" (data-plane) or "Admin only" (control-plane). #3147 (opens in a new tab)
Core
  • :fireworks: This release introduces two new entities: Routes and Services. Those entities will provide a better separation of concerns than the "API" entity offers. Routes will define rules for matching a client's request (e.g., method, host, path...), and Services will represent upstream services (or backends) that Kong should proxy those requests to. Plugins can also be added to both Routes and Services, enabling use-cases to apply plugins more granularly (e.g., per endpoint). Following this addition, the API entity and related Admin API endpoints are now deprecated. This release is backwards-compatible with the previous model and all of your currently defined APIs and matching rules are still supported, although we advise users to migrate to Routes and Services as soon as possible. #3224 (opens in a new tab)
Admin API
  • :fireworks: New endpoints: /routes and /services to interact with the new core entities. More specific endpoints are also available such as /services/{service id or name}/routes, /services/{service id or name}/plugins, and /routes/{route id}/plugins. #3224 (opens in a new tab)
  • :fireworks: Our new endpoints (listed above) provide much better responses with regards to producing responses for incomplete entities, errors, etc... In the future, existing endpoints will gradually be moved to using this new Admin API content producer. #3224 (opens in a new tab)
  • :fireworks: Improved argument parsing in form-urlencoded requests to the new endpoints as well. Kong now expects the following syntaxes for representing arrays: hosts[]=a.com&hosts[]=b.com, hosts[1]=a.com&hosts[2]=b.com, which avoid comma-separated arrays and related issues that can arise. In the future, existing endpoints will gradually be moved to using this new Admin API content parser. #3224 (opens in a new tab)
Plugins

Fixes

Core
  • Fix an issue causing nodes in a cluster to use the default health checks configuration when the user configured them from another node (event propagated via the cluster). #3319 (opens in a new tab)
  • Increase the default load balancer wheel size from 100 to 10.000. This allows for a better distribution of the load between Targets in general. #3296 (opens in a new tab)
Admin API

Back to TOC

0.12.3 (opens in a new tab) - 2018/03/12

Fixed

Back to TOC

0.12.2 (opens in a new tab) - 2018/02/28

Added

Core
CLI
  • The kong migrations reset command has a new --yes flag. This flag makes the command run non-interactively, and ensures no confirmation prompt will occur. #3189 (opens in a new tab)
Admin API

Fixed

Core
Migrations
Admin API

Back to TOC

0.12.1 (opens in a new tab) - 2018/01/18

This release addresses a few issues encountered with 0.12.0, including one which would prevent upgrading from a previous version. The 0.12 Upgrade Path (opens in a new tab) is still relevant for upgrading existing clusters to 0.12.1.

Fixed

Back to TOC

0.12.0 (opens in a new tab) - 2018/01/16

This major release focuses on two new features we are very excited about: health checks and hash based load balancing!

We also took this as an opportunity to fix a few prominent issues, sometimes at the expense of breaking changes but overall improving the flexibility and usability of Kong! Do keep in mind that this is a major release, and as such, that we require of you to run the migrations step, via the kong migrations up command.

Please take a few minutes to thoroughly read the 0.12 Upgrade Path (opens in a new tab) for more details regarding breaking changes and migrations before planning to upgrade your Kong cluster.

Deprecation notices

Starting with 0.12.0, we are announcing the deprecation of older versions of our supported databases:

  • Support for PostgreSQL 9.4 is deprecated. Users are advised to upgrade to 9.5+
  • Support for Cassandra 2.1 and below is deprecated. Users are advised to upgrade to 2.2+

Note that the above deprecated versions are still supported in this release, but will be dropped in subsequent ones.

Breaking changes

Core
  • :warning: The required OpenResty version has been bumped to 1.11.2.5. If you are installing Kong from one of our distribution packages, you are not affected by this change. #3097 (opens in a new tab)
  • :warning: As Kong now executes subsequent plugins when a request is being short-circuited (e.g. HTTP 401 responses from auth plugins), plugins that run in the header or body filter phases will be run upon such responses from the access phase. We consider this change a big improvement in the Kong run-loop as it allows for more flexibility for plugins. However, it is unlikely, but possible that some of these plugins (e.g. your custom plugins) now run in scenarios where they were not previously expected to run. #3079 (opens in a new tab)
Admin API

  • :warning: By default, the Admin API now only listens on the local interface. We consider this change to be an improvement in the default security policy of Kong. If you are already using Kong, and your Admin API still binds to all interfaces, consider updating it as well. You can do so by updating the admin_listen configuration value, like so: admin_listen = 127.0.0.1:8001. Thanks @pduldig-at-tw (opens in a new tab) for the suggestion and the patch. #3016 (opens in a new tab)

    :red_circle: Note to Docker users: Beware of this change as you may have to ensure that your Admin API is reachable via the host's interface. You can use the -e KONG_ADMIN_LISTEN argument when provisioning your container(s) to update this value; for example, -e KONG_ADMIN_LISTEN=0.0.0.0:8001.

  • :warning: To reduce confusion, the /upstreams/:upstream_name_or_id/targets/ has been updated to not show the full list of Targets anymore, but only the ones that are currently active in the load balancer. To retrieve the full history of Targets, you can now query /upstreams/:upstream_name_or_id/targets/all. The /upstreams/:upstream_name_or_id/targets/active endpoint has been removed. Thanks @hbagdi (opens in a new tab) for tackling this backlog item! #3049 (opens in a new tab)

  • :warning: The orderlist property of Upstreams has been removed, along with any confusion it may have brought. The balancer is now able to fully function without it, yet with the same level of entropy in its load distribution. #2748 (opens in a new tab)

CLI
Plugins

Added

Core
  • :fireworks: Support for health checks! Kong can now short-circuit some of your upstream Targets (replicas) from its load balancer when it encounters too many TCP or HTTP errors. You can configure the number of failures, or the HTTP status codes that should be considered invalid, and Kong will monitor the failures and successes of proxied requests to each upstream Target. We call this feature passive health checks. Additionally, you can configure active health checks, which will make Kong perform periodic HTTP test requests to actively monitor the health of your upstream services, and pre-emptively short-circuit them. Upstream Targets can be manually taken up or down via two new Admin API endpoints: /healthy and /unhealthy. #3096 (opens in a new tab)
  • :fireworks: Support for hash based load balancing! Kong now offers consistent hashing/sticky sessions load balancing capabilities via the new hash_* attributes of the Upstream entity. Hashes can be based off client IPs, request headers, or Consumers! #2875 (opens in a new tab)
  • :fireworks: Logging plugins now log requests that were short-circuited by Kong! (e.g. HTTP 401 responses from auth plugins or HTTP 429 responses from rate limiting plugins, etc.) Kong now executes any subsequent plugins once a request has been short-circuited. Your plugin must be using the kong.tools.responses module for this behavior to be respected. #3079 (opens in a new tab)
  • Kong is now compatible with OpenResty up to version 1.13.6.1. Be aware that the recommended (and default) version shipped with this release is still 1.11.2.5. #3070 (opens in a new tab)
CLI
  • $ kong start now considers the commonly used /opt/openresty prefix when searching for the nginx executable. #3074 (opens in a new tab)
Admin API
  • Two new endpoints, /healthy and /unhealthy can be used to manually bring upstream Targets up or down, as part of the new health checks feature of the load balancer. #3096 (opens in a new tab)
Plugins

Fixed

CLI
  • Fix a potential vulnerability in which an attacker could read the Kong configuration file with insufficient permissions for a short window of time while Kong is being started. #3057 (opens in a new tab)
  • Proper log message upon timeout in $ kong quit. #3061 (opens in a new tab)
Admin API
Plugins

Back to TOC

0.11.2 (opens in a new tab) - 2017/11/29

Added

Plugins
  • key-auth: New endpoints to manipulate API keys. Thanks @hbagdi (opens in a new tab) for the contribution. #2955 (opens in a new tab)
    • /key-auths/ to paginate through all keys.
    • /key-auths/:credential_key_or_id/consumer to retrieve the Consumer associated with a key.
  • basic-auth: New endpoints to manipulate basic-auth credentials. Thanks @hbagdi (opens in a new tab) for the contribution. #2998 (opens in a new tab)
    • /basic-auths/ to paginate through all basic-auth credentials.
    • /basic-auths/:credential_username_or_id/consumer to retrieve the Consumer associated with a credential.
  • jwt: New endpoints to manipulate JWTs. Thanks @hbagdi (opens in a new tab) for the contribution. #3003 (opens in a new tab)
    • /jwts/ to paginate through all JWTs.
    • /jwts/:jwt_key_or_id/consumer to retrieve the Consumer associated with a JWT.
  • hmac-auth: New endpoints to manipulate hmac-auth credentials. Thanks @hbagdi (opens in a new tab) for the contribution. #3009 (opens in a new tab)
    • /hmac-auths/ to paginate through all hmac-auth credentials.
    • /hmac-auths/:hmac_username_or_id/consumer to retrieve the Consumer associated with a credential.
  • acl: New endpoints to manipulate ACLs. Thanks @hbagdi (opens in a new tab) for the contribution. #3039 (opens in a new tab)
    • /acls/ to paginate through all ACLs.
    • /acls/:acl_id/consumer to retrieve the Consumer associated with an ACL.

Fixed

Core
Configuration
Admin API
Plugins

0.11.1 (opens in a new tab) - 2017/10/24

Changed

Configuration
  • Drop the lua_code_cache configuration property. This setting has been considered harmful since 0.11.0 as it interferes with Kong's internals. #2854 (opens in a new tab)

Fixed

Core
  • DNS: SRV records pointing to an A record are now properly handled by the load balancer when preserve_host is disabled. Such records used to throw Lua errors on the proxy code path. Kong/lua-resty-dns-client#19 (opens in a new tab)
  • Fixed an edge-case where preserve_host would sometimes craft an upstream request with a Host header from a previous client request instead of the current one. #2832 (opens in a new tab)
  • Ensure APIs with regex URIs are evaluated in the order that they are created. #2924 (opens in a new tab)
  • Fixed a typo that caused the load balancing components to ignore the Upstream slots property. #2747 (opens in a new tab)
CLI
  • Fixed the verification of self-signed SSL certificates for PostgreSQL and Cassandra in the kong migrations command. Self-signed SSL certificates are now properly verified during migrations according to the lua_ssl_trusted_certificate configuration property. #2908 (opens in a new tab)
Admin API
  • The /upstream/{upstream}/targets/active endpoint used to return HTTP 405 Method Not Allowed when called with a trailing slash. Both notations (with and without the trailing slash) are now supported. #2884 (opens in a new tab)
Plugins
  • bot-detection: Fixed an issue which would prevent the plugin from running and result in an HTTP 500 error if configured globally. #2906 (opens in a new tab)
  • ip-restriction: Fixed support for the 0.0.0.0/0 CIDR block. This block is now supported and won't trigger an error when used in this plugin's properties. #2918 (opens in a new tab)

Added

Plugins
  • aws-lambda: Added support to forward the client request's HTTP method, headers, URI, and body to the Lambda function. #2823 (opens in a new tab)
  • key-auth: New run_on_preflight configuration option to control authentication on preflight requests. #2857 (opens in a new tab)
  • jwt: New run_on_preflight configuration option to control authentication on preflight requests. #2857 (opens in a new tab)
Plugin development

Improved

Migrations & Deployments
Plugins

Back to TOC

0.10.4 (opens in a new tab) - 2017/10/24

Fixed

Core
  • DNS: SRV records pointing to an A record are now properly handled by the load balancer when preserve_host is disabled. Such records used to throw Lua errors on the proxy code path. Kong/lua-resty-dns-client#19 (opens in a new tab)
  • HTTP 400 errors thrown by Nginx are now correctly caught by Kong and return a native, Kong-friendly response. #2476 (opens in a new tab)
  • Fix an edge-case where an API with multiple uris and strip_uri = true would not always strip the client URI. #2562 (opens in a new tab)
  • Fix an issue where Kong would match an API with a shorter URI (from its uris value) as a prefix instead of a longer, matching prefix from another API. #2662 (opens in a new tab)
  • Fixed a typo that caused the load balancing components to ignore the Upstream slots property. #2747 (opens in a new tab)
Configuration
  • Octothorpes (#) can now be escaped (\#) and included in the Kong configuration values such as your datastore passwords or usernames. #2411 (opens in a new tab)
Admin API
  • The data response field of the /upstreams/{upstream}/targets/active Admin API endpoint now returns a list ([]) instead of an object ({}) when no active targets are present. #2619 (opens in a new tab)
Plugins

Back to TOC

0.11.0 (opens in a new tab) - 2017/08/16

The latest and greatest version of Kong features improvements all over the board for a better and easier integration with your infrastructure!

The highlights of this release are:

  • Support for regex URIs in routing, one of the oldest requested features from the community.
  • Support for HTTP/2 traffic from your clients.
  • Kong does not depend on Serf anymore, which makes deployment and networking requirements considerably simpler.
  • A better integration with orchestration tools thanks to the support for non FQDNs in Kong's DNS resolver.

As per usual, our major releases include datastore migrations which are considered breaking changes. Additionally, this release contains numerous breaking changes to the deployment process and proxying behavior that you should be familiar with.

We strongly advise that you read this changeset thoroughly, as well as the 0.11 Upgrade Path (opens in a new tab) if you are planning to upgrade a Kong cluster.

Breaking changes

Configuration
  • :warning: Numerous updates were made to the Nginx configuration template. If you are using a custom template, you must apply those modifications. See the 0.11 Upgrade Path (opens in a new tab) for a complete list of changes to apply.
Migrations & Deployment
  • :warning: Migrations are not executed automatically by kong start anymore. Migrations are now a manual process, which must be executed via the kong migrations command. In practice, this means that you have to run kong migrations up [-c kong.conf] in one of your nodes before starting your Kong nodes. This command should be run from a single node/container to avoid several nodes running migrations concurrently and potentially corrupting your database. Once the migrations are up-to-date, it is considered safe to start multiple Kong nodes concurrently. #2421 (opens in a new tab)
  • :warning: :fireworks: Serf is not a dependency anymore. Kong nodes now handle cache invalidation events via a built-in database polling mechanism. See the new "Datastore Cache" section of the configuration file which contains 3 new documented properties: db_update_frequency, db_update_propagation, and db_cache_ttl. If you are using Cassandra, you should pay a particular attention to the db_update_propagation setting, as you should not use the default value of 0. #2561 (opens in a new tab)
Core
  • :warning: Kong now requires OpenResty 1.11.2.4. OpenResty's LuaJIT can now be built with Lua 5.2 compatibility. #2489 (opens in a new tab) #2790 (opens in a new tab)
  • :warning: Previously, the X-Forwarded-* and X-Real-IP headers were trusted from any client by default, and forwarded upstream. With the introduction of the new trusted_ips property (see the below "Added" section) and to enforce best security practices, Kong does not trust any client IP address by default anymore. This will make Kong not forward incoming X-Forwarded-* headers if not coming from configured, trusted IP addresses blocks. This setting also affects the API check_https field, which itself relies on trusted X-Forwarded-Proto headers only. #2236 (opens in a new tab)
  • :warning: The API Object property http_if_terminated is now set to false by default. For Kong to evaluate the client X-Forwarded-Proto header, you must now configure Kong to trust the client IP (see above change), and you must explicitly set this value to true. This affects you if you are doing SSL termination somewhere before your requests hit Kong, and if you have configured https_only on the API, or if you use a plugin that requires HTTPS traffic (e.g. OAuth2). #2588 (opens in a new tab)
  • :warning: The internal DNS resolver now honours the search and ndots configuration options of your resolv.conf file. Make sure that DNS resolution is still consistent in your environment, and consider eventually not using FQDNs anymore. #2425 (opens in a new tab)
Admin API
  • :warning: As a result of the Serf removal, Kong is now entirely stateless, and as such, the /cluster endpoint has disappeared. #2561 (opens in a new tab)
  • :warning: The Admin API /status endpoint does not return a count of the database entities anymore. Instead, it now returns a database.reachable boolean value, which reflects the state of the connection between Kong and the underlying database. Please note that this flag does not reflect the health of the database itself. #2567 (opens in a new tab)
Plugin development

Deprecated

CLI

Changed

Core
Plugin development
  • The marshall_event function on schemas is now ignored by Kong, and can be safely removed as the new cache invalidation mechanism natively handles safer events broadcasting. #2561 (opens in a new tab)

Added

Core
  • :fireworks: Support for regex URIs! You can now define regexes in your APIs uris property. Those regexes can have capturing groups which can be extracted by Kong during a request, and accessed later in the plugins (useful for URI rewriting). See the Proxy Guide (opens in a new tab) for documentation on how to use regex URIs. #2681 (opens in a new tab)
  • :fireworks: Support for HTTP/2. A new http2 directive now enables HTTP/2 traffic on the proxy_listen_ssl address. #2541 (opens in a new tab)
  • :fireworks: Support for the search and ndots configuration options of your resolv.conf file. #2425 (opens in a new tab)
  • Kong now forwards new headers to your upstream services: X-Forwarded-Host, X-Forwarded-Port, and X-Forwarded-Proto. #2236 (opens in a new tab)
  • Support for the PROXY protocol. If the new real_ip_header configuration property is set to real_ip_header = proxy_protocol, then Kong will append the proxy_protocol parameter to the Nginx listen directive of the Kong proxy port. #2236 (opens in a new tab)
  • Support for BDR compatibility in the PostgreSQL migrations. Thanks @AlexBloor (opens in a new tab) for the patch! #2672 (opens in a new tab)
Configuration
  • Support for DNS nameservers specified in IPv6 format. #2634 (opens in a new tab)
  • A few new DNS configuration properties allow you to tweak the Kong DNS resolver, and in particular, how it handles the resolution of different record types or the eviction of stale records. #2625 (opens in a new tab)
  • A new trusted_ips configuration property allows you to define a list of trusted IP address blocks that are known to send trusted X-Forwarded-* headers. Requests from trusted IPs will make Kong forward those headers upstream. Requests from non-trusted IP addresses will make Kong override the X-Forwarded-* headers with its own values. In addition, this property also sets the ngx_http_realip_module set_real_ip_from directive(s), which makes Kong trust the incoming X-Real-IP header as well, which is used for operations such as rate-limiting by IP address, and that Kong forwards upstream as well. #2236 (opens in a new tab)
  • You can now configure the ngx_http_realip_module from the Kong configuration. In addition to trusted_ips which sets the set_real_ip_from directives(s), two new properties, real_ip_header and real_ip_recursive allow you to configure the ngx_http_realip_module directives bearing the same name. #2236 (opens in a new tab)
  • Ability to hide Kong-specific response headers. Two new configuration fields: server_tokens and latency_tokens will respectively toggle whether the Server and X-Kong-*-Latency headers should be sent to downstream clients. #2259 (opens in a new tab)
  • New configuration property to tune handling request body data via the client_max_body_size and client_body_buffer_size directives (mirroring their Nginx counterparts). Note these settings are only defined for proxy requests; request body handling in the Admin API remains unchanged. #2602 (opens in a new tab)
  • New error_default_type configuration property. This setting is to specify a MIME type that will be used as the error response body format when Nginx encounters an error, but no Accept header was present in the request. The default value is text/plain for backwards compatibility. Thanks @therealgambo (opens in a new tab) for the contribution! #2500 (opens in a new tab)
  • New nginx_user configuration property, which interfaces with the Nginx user directive. Thanks @depay (opens in a new tab) for the contribution! #2180 (opens in a new tab)
CLI
  • New kong prepare command to prepare the Kong running prefix (creating log files, SSL certificates, etc...) and allow for Kong to be started via the nginx binary. This is useful for environments like containers, where the foreground process should be the Nginx master process. The kong compile command has been deprecated as a result of this addition. #2706 (opens in a new tab)
Admin API
  • Ability to retrieve plugins added to a Consumer via two new endpoints: /consumers/:username_or_id/plugins/ and /consumers/:username_or_id/plugins/:plugin_id. #2714 (opens in a new tab)
  • Support for JSON null in PATCH requests to unset a value on any entity. #2700 (opens in a new tab)
Plugins

Fixed

Core
  • Kong now ensures that your clients URIs are transparently proxied upstream. No percent-encoding/decoding or querystring stripping will occur anymore. #2519 (opens in a new tab)
  • Fix an issue where Kong would match an API with a shorter URI (from its uris value) as a prefix instead of a longer, matching prefix from another API. #2662 (opens in a new tab)
  • Fix an edge-case where an API with multiple uris and strip_uri = true would not always strip the client URI. #2562 (opens in a new tab)
  • HTTP 400 errors thrown by Nginx are now correctly caught by Kong and return a native, Kong-friendly response. #2476 (opens in a new tab)
Configuration
  • Octothorpes (#) can now be escaped (\#) and included in the Kong configuration values such as your datastore passwords or usernames. #2411 (opens in a new tab)
Admin API
  • The data response field of the /upstreams/{upstream}/targets/active Admin API endpoint now returns a list ([]) instead of an object ({}) when no active targets are present. #2619 (opens in a new tab)
Plugins
  • The unique constraint on OAuth2 client_secrets has been removed. #2447 (opens in a new tab)
  • The unique constraint on JWT Credentials secrets has been removed. #2548 (opens in a new tab)
  • oauth2: When requesting a token from /oauth2/token, one can now pass the client_id as a request body parameter, while client_id:client_secret is passed via the Authorization header. This allows for better integration with some OAuth2 flows proposed out there, such as from Cloudflare Apps. Thanks @cedum (opens in a new tab) for the patch! #2577 (opens in a new tab)
  • datadog: Avoid a runtime error if the plugin is configured as a global plugin but the downstream request did not match any configured API. Thanks @kjsteuer (opens in a new tab) for the fix! #2702 (opens in a new tab)
  • Logging plugins: the produced logs latencies.kong field used to omit the time Kong spent in its Load Balancing logic, which includes DNS resolution time. This latency is now included in latencies.kong. #2494 (opens in a new tab)

Back to TOC

0.10.3 (opens in a new tab) - 2017/05/24

Changed

  • We noticed that some distribution packages were not building OpenResty against a JITable PCRE library. This happened on Ubuntu and RHEL environments where OpenResty was built against the system's PCRE installation. We now compile OpenResty against a JITable PCRE source for those platforms, which should result in significant performance improvements in regex matching. Mashape/kong-distributions #9 (opens in a new tab)
  • TLS connections are now handled with a modern list of accepted ciphers, as per the Mozilla recommended TLS ciphers list. See https://wiki.mozilla.org/Security/Server_Side_TLS (opens in a new tab). This behavior is configurable via the newly introduced configuration properties described in the below "Added" section.
  • Plugins:
    • rate-limiting: Performance improvements when using the cluster policy. The number of round trips to the database has been limited to the number of configured limits. #2488 (opens in a new tab)

Added

  • New ssl_cipher_suite and ssl_ciphers configuration properties to configure the desired set of accepted ciphers, based on the Mozilla recommended TLS ciphers list. #2555 (opens in a new tab)
  • New proxy_ssl_certificate and proxy_ssl_certificate_key configuration properties. These properties configure the Nginx directives bearing the same name, to set client certificates to Kong when connecting to your upstream services. #2556 (opens in a new tab)
  • Proxy and Admin API access and error log paths are now configurable. Access logs can be entirely disabled if desired. #2552 (opens in a new tab)
  • Plugins:

Fixed

Back to TOC

0.10.2 (opens in a new tab) - 2017/05/01

Changed

  • The Kong DNS resolver now honors the MAXNS setting (3) when parsing the nameservers specified in resolv.conf. #2290 (opens in a new tab)
  • Kong now matches incoming requests via the $request_uri property, instead of $uri, in order to better handle percent-encoded URIS. A more detailed explanation will be included in the below "Fixed" section. #2377 (opens in a new tab)
  • Upstream calls do not unconditionally include a trailing / anymore. See the below "Added" section for more details. #2315 (opens in a new tab)
  • Admin API:
    • The "active targets" endpoint now only return the most recent nonzero weight Targets, instead of all nonzero weight targets. This is to provide a better picture of the Targets currently in use by the Kong load balancer. #2310 (opens in a new tab)

Added

  • :fireworks: Plugins can implement a new rewrite handler to execute code in the Nginx rewrite phase. This phase is executed prior to matching a registered Kong API, and prior to any authentication plugin. As such, only global plugins (neither tied to an API or Consumer) will execute this phase. #2354 (opens in a new tab)
  • Ability for the client to chose whether the upstream request (Kong <-> upstream) should contain a trailing slash in its URI. Prior to this change, Kong 0.10 would unconditionally append a trailing slash to all upstream requests. The added functionality is described in #2211 (opens in a new tab), and was implemented in #2315 (opens in a new tab).
  • Ability to hide Kong-specific response headers. Two new configuration fields: server_tokens and latency_tokens will respectively toggle whether the Server and X-Kong-*-Latency headers should be sent to downstream clients. #2259 (opens in a new tab)
  • New cassandra_schema_consensus_timeout configuration property, to allow for Kong to wait for the schema consensus of your Cassandra cluster during migrations. #2326 (opens in a new tab)
  • Serf commands executed by a running Kong node are now logged in the Nginx error logs with a DEBUG level. #2410 (opens in a new tab)
  • Ensure the required shared dictionaries are defined in the Nginx configuration. This will prevent custom Nginx templates from potentially resulting in a breaking upgrade for users. #2466 (opens in a new tab)
  • Admin API:
    • Target Objects can now be deleted with their ID as well as their name. The endpoint becomes: /upstreams/:name_or_id/targets/:target_or_id. #2304 (opens in a new tab)
  • Plugins:
    • :fireworks: New Request termination plugin. This plugin allows to temporarily disable an API and return a pre-configured response status and body to your client. Useful for use-cases such as maintenance mode for your upstream services. Thanks to @pauldaustin (opens in a new tab) for the contribution. #2051 (opens in a new tab)
    • Logging plugins: The produced logs include two new fields: a consumer field, which contains the properties of the authenticated Consumer (id, custom_id, and username), if any, and a tries field, which includes the upstream connection successes and failures of the load- balancer. #2367 (opens in a new tab) #2429 (opens in a new tab)
    • http-log: Now set an upstream HTTP basic access authentication header if the configured conf.http_endpoint parameter includes an authentication section. Thanks @amir (opens in a new tab) for the contribution. #2432 (opens in a new tab)
    • file-log: New config.reopen property to close and reopen the log file on every request, in order to effectively rotate the logs. #2348 (opens in a new tab)
    • jwt: Returns 401 Unauthorized on invalid claims instead of the previous 403 Forbidden status. #2433 (opens in a new tab)
    • key-auth: Allow setting API key header names with an underscore. #2370 (opens in a new tab)
    • cors: When config.credentials = true, we do not send an ACAO header with value *. The ACAO header value will be that of the request's Origin: header. #2451 (opens in a new tab)

Fixed

  • Upstream connections over TLS now set their Client Hello SNI field. The SNI value is taken from the upstream Host header value, and thus also depends on the preserve_host setting of your API. Thanks @konrade (opens in a new tab) for the original patch. #2225 (opens in a new tab)
  • Correctly match APIs with percent-encoded URIs in their uris property. Generally, this change also avoids normalizing (and thus, potentially altering) the request URI when trying to match an API's uris value. Instead of relying on the Nginx $uri variable, we now use $request_uri. #2377 (opens in a new tab)
  • Handle a routing edge-case under some conditions with the uris matching rule of APIs that would falsely lead Kong into believing no API was matched for what would actually be a valid request. #2343 (opens in a new tab)
  • If no API was configured with a hosts matching rule, then the preserve_host flag would never be honored. #2344 (opens in a new tab)
  • The X-Forwarded-For header sent to your upstream services by Kong is not set from the Nginx $proxy_add_x_forwarded_for variable anymore. Instead, Kong uses the $realip_remote_addr variable to append the real IP address of a client, instead of $remote_addr, which can come from a previous proxy hop. #2236 (opens in a new tab)
  • CNAME records are now properly being cached by the DNS resolver. This results in a performance improvement over previous 0.10 versions. #2303 (opens in a new tab)
  • When using Cassandra, some migrations would not be performed on the same coordinator as the one originally chosen. The same migrations would also require a response from other replicas in a cluster, but were not waiting for a schema consensus beforehand, causing indeterministic failures in the migrations, especially if the cluster's inter-nodes communication is slow. #2326 (opens in a new tab)
  • The cassandra_timeout configuration property is now correctly taken into consideration by Kong. #2326 (opens in a new tab)
  • Correctly trigger plugins configured on the anonymous Consumer for anonymous requests (from auth plugins with the new config.anonymous parameter). #2424 (opens in a new tab)
  • When multiple auth plugins were configured with the recent config.anonymous parameter for "OR" authentication, such plugins would override each other's results and response headers, causing false negatives. #2222 (opens in a new tab)
  • Ensure the cassandra_contact_points property does not contain any port information. Those should be specified in cassandra_port. Thanks @Vermeille (opens in a new tab) for the contribution. #2263 (opens in a new tab)
  • Prevent an upstream or legitimate internal error in the load balancing code from throwing a Lua-land error as well. #2327 (opens in a new tab)
  • Allow backwards compatibility with custom Nginx configurations that still define the resolver ${{DNS_RESOLVER}} directive. Vales from the Kong dns_resolver property will be flattened to a string and appended to the directive. #2386 (opens in a new tab)
  • Plugins:
    • hmac: Better handling of invalid base64-encoded signatures. Previously Kong would return an HTTP 500 error. We now properly return HTTP 403 Forbidden. #2283 (opens in a new tab)
  • Admin API:
    • Detect conflicts between SNI Objects in the /snis and /certificates endpoint. #2285 (opens in a new tab)
    • The /certificates route used to not return the total and data JSON fields. We now send those fields back instead of a root list of certificate objects. #2463 (opens in a new tab)
    • Endpoints with path parameters like /xxx_or_id will now also yield the proper result if the xxx field is formatted as a UUID. Most notably, this fixes a problem for Consumers whose username is a UUID, that could not be found when requesting /consumers/{username_as_uuid}. #2420 (opens in a new tab)
    • The "active targets" endpoint does not require a trailing slash anymore. #2307 (opens in a new tab)
    • Upstream Objects can now be deleted properly when using Cassandra. #2404 (opens in a new tab)

Back to TOC

0.10.1 (opens in a new tab) - 2017/03/27

Changed

  • :warning: Serf has been downgraded to version 0.7 in our distributions, although versions up to 0.8.1 are still supported. This fixes a problem when automatically detecting the first non-loopback private IP address, which was defaulted to 127.0.0.1 in Kong 0.10.0. Greater versions of Serf can still be used, but the IP address needs to be manually specified in the cluster_advertise configuration property.

  • :warning: The CORS Plugin (opens in a new tab) parameter config.origin is now config.origins. #2203 (opens in a new tab)

    :red_circle: Post-release note (as of 2017/05/12): A faulty behavior has been observed with this change. Previously, the plugin would send the * wildcard when config.origin was not specified. With this change, the plugin does not send the * wildcard by default anymore. You will need to specify it manually when configuring the plugin, with config.origins=*. This behavior is to be fixed in a future release.

    :white_check_mark: Update (2017/05/24): A fix to this regression has been released as part of 0.10.3. See the section of the Changelog related to this release for more details.

  • Admin API:

Added

  • Admin API:
    • Active targets can be pulled with GET /upstreams/{name}/targets/active. #2230 (opens in a new tab)
    • Provide a convenience endpoint to disable targets at: DELETE /upstreams/{name}/targets/{target}. Under the hood, this creates a new target with weight = 0 (the correct way of disabling targets, which used to cause confusion). #2256 (opens in a new tab)
  • Plugins:

Fixed

  • Use an LRU cache for Lua-land entities caching to avoid exhausting the Lua VM memory in long-running instances. #2246 (opens in a new tab)
  • Avoid potential deadlocks upon callback errors in the caching module for database entities. #2197 (opens in a new tab)
  • Relax multipart MIME type parsing. A space is allowed in between values of the Content-Type header. #2215 (opens in a new tab)
  • Admin API:
    • Better handling of non-supported HTTP methods on endpoints of the Admin API. In some cases this used to throw an internal error. Calling any endpoint with a non-supported HTTP method now always returns 405 Method Not Allowed as expected. #2213 (opens in a new tab)
  • CLI:
  • Plugins:
    • hmac: Generate an HMAC secret value if none is provided. #2158 (opens in a new tab)
    • oauth2: Don't try to remove credential values from request bodies if the MIME type is multipart, since such attempts would result in an error. #2176 (opens in a new tab)
    • ldap: This plugin should not be applied to a single Consumer, however, this was not properly enforced. It is now impossible to apply this plugin to a single Consumer (as per all authentication plugin). #2237 (opens in a new tab)
    • aws-lambda: Support for us-west-2 region in schema. #2257 (opens in a new tab)

Back to TOC

0.10.0 (opens in a new tab) - 2017/03/07

Kong 0.10 is one of most significant releases to this day. It ships with exciting new features that have been heavily requested for the last few months, such as load balancing, Cassandra 3.0 compatibility, Websockets support, internal DNS resolution (A and SRV records without Dnsmasq), and more flexible matching capabilities for APIs routing.

On top of those new features, this release received a particular attention to performance, and brings many improvements and refactors that should make it perform significantly better than any previous version.

Changed

  • :warning: API Objects (as configured via the Admin API) do not support the request_host and request_uri fields anymore. The 0.10 migrations should upgrade your current API Objects, but make sure to read the new 0.10 Proxy Guide (opens in a new tab) to learn the new routing capabilities of Kong. On the good side, this means that Kong can now route incoming requests according to a combination of Host headers, URIs, and HTTP methods.
  • :warning: Final slashes in upstream_url are no longer allowed. #2115 (opens in a new tab)
  • :warning: The SSL plugin has been removed and dynamic SSL capabilities have been added to Kong core, and are configurable via new properties on the API entity. See the related PR for a detailed explanation of this change. #1970 (opens in a new tab)
  • :warning: Drop the Dnsmasq dependency. We now internally resolve both A and SRV DNS records. #1587 (opens in a new tab)
  • :warning: Dropping support for insecure TLS/1.0 and defaulting Upgrade responses to TLS/1.2. #2119 (opens in a new tab)
  • Bump the compatible OpenResty version to 1.11.2.1 and 1.11.2.2. Support for OpenResty 1.11.2.2 requires the --without-luajit-lua52 compilation flag.
  • Separate Admin API and Proxy error logs. Admin API logs are now written to logs/admin_access.log. #1782 (opens in a new tab)
  • Auto-generates stronger SHA-256 with RSA encryption SSL certificates. #2117 (opens in a new tab)

Added

  • :fireworks: Support for Cassandra 3.x. #1709 (opens in a new tab)
  • :fireworks: SRV records resolution. #1587 (opens in a new tab)
  • :fireworks: Load balancing. When an A or SRV record resolves to multiple entries, Kong now rotates those upstream targets with a Round-Robin algorithm. This is a first step towards implementing more load balancing algorithms. Another way to specify multiple upstream targets is to use the newly introduced /upstreams and /targets entities of the Admin API. #1587 (opens in a new tab) #1735 (opens in a new tab)
  • :fireworks: Multiple hosts and paths per API. Kong can now route incoming requests to your services based on a combination of Host headers, URIs and HTTP methods. See the related PR for a detailed explanation of the new properties and capabilities of the new router. #1970 (opens in a new tab)
  • :fireworks: Maintain upstream connection pools which should greatly improve performance, especially for HTTPS upstream connections. We now use HTTP/1.1 for upstream connections as well as an nginx upstream block with a configurablekeepalive directive, thanks to the new nginx_keepalive configuration property. #1587 (opens in a new tab) #1827 (opens in a new tab)
  • :fireworks: Websockets support. Kong can now upgrade client connections to use the ws protocol when Upgrade: websocket is present. #1827 (opens in a new tab)
  • Use an in-memory caching strategy for database entities in order to reduce CPU load during requests proxying. #1688 (opens in a new tab)
  • Provide negative-caching for missed database entities. This should improve performance in some cases. #1914 (opens in a new tab)
  • Support for serving the Admin API over SSL. This introduces new properties in the configuration file: admin_listen_ssl, admin_ssl, admin_ssl_cert and admin_ssl_cert_key. #1706 (opens in a new tab)
  • Support for upstream connection timeouts. APIs now have 3 new fields: upstream_connect_timeout, upstream_send_timeout, upstream_read_timeout to specify, in milliseconds, a timeout value for requests between Kong and your APIs. #2036 (opens in a new tab)
  • Support for clustering key rotation in the underlying Serf process:
    • new cluster_keyring_file property in the configuration file.
    • new kong cluster keys .. CLI commands that expose the underlying serf keys .. commands. #2069 (opens in a new tab)
  • Support for lua_socket_pool_size property in configuration file. #2109 (opens in a new tab)
  • Plugins:

Fixed

  • Looking for Serf in known installation paths. #1997 (opens in a new tab)
  • Including port in upstream Host header. #2045 (opens in a new tab)
  • Clarify the purpose of the cluster_listen_rpc property in the configuration file. Thanks Jeremy Monin for the patch. #1860 (opens in a new tab)
  • Admin API:
  • CLI:
    • Avoid double-prefixing migration error messages with the database name (PostgreSQL/Cassandra).
  • Plugins:
    • Fix fault tolerance logic and error reporting in rate-limiting plugins.
    • CORS: Properly return Access-Control-Allow-Credentials: false if Access-Control-Allow-Origin: *. #2104 (opens in a new tab)
    • key-auth: enforce key_names to be proper header names according to Nginx. #2142 (opens in a new tab)

Back to TOC

0.9.9 (opens in a new tab) - 2017/02/02

Fixed

Back to TOC

0.9.8 (opens in a new tab) - 2017/01/19

Fixed

  • Properly set the admin IP in the Serf script.

Changed

  • Provide negative-caching for missed database entities. This should improve performance in some cases. #1914 (opens in a new tab)

Fixed

  • Plugins:
    • Fix fault tolerance logic and error reporting in rate-limiting plugins.

Back to TOC

0.9.7 (opens in a new tab) - 2016/12/21

Fixed

Back to TOC

0.9.6 (opens in a new tab) - 2016/11/29

Fixed

Back to TOC

0.9.5 (opens in a new tab) - 2016/11/07

Changed

Fixed

  • Fixed an error (introduced in 0.9.4) in the auto-clustering event

Back to TOC

0.9.4 (opens in a new tab) - 2016/11/02

Fixed

Back to TOC

0.9.3 (opens in a new tab) - 2016/10/07

Added

Fixed

Back to TOC

0.9.2 (opens in a new tab) - 2016/09/20

Fixed

Back to TOC

0.9.1 (opens in a new tab) - 2016/09/02

Added

Fixed

Back to TOC

0.9.0 (opens in a new tab) - 2016/08/18

The main focus of this release is Kong's new CLI. With a simpler configuration file, new settings, environment variables support, new commands as well as a new interpreter, the new CLI gives more power and flexibility to Kong users and allow for an easier integration in your deployment workflow, as well as better testing for developers and plugins authors. Additionally, some new plugins and performance improvements are included as well as the regular bug fixes.

Changed

  • :warning: PostgreSQL is the new default datastore for Kong. If you were using Cassandra and you are upgrading, you need to explicitly set cassandra as your database.
  • :warning: New CLI, with new commands and refined arguments. This new CLI uses the resty-cli interpreter (see lua-resty-cli (opens in a new tab)) instead of LuaJIT. As a result, the resty executable must be available in your $PATH (resty-cli is shipped in the OpenResty bundle) as well as the bin/kong executable. Kong does not rely on Luarocks installing the bin/kong executable anymore. This change of behavior is taken care of if you are using one of the official Kong packages.
  • :warning: Kong uses a new configuration file, with an easier syntax than the previous YAML file.
  • New arguments for the CLI, such as verbose, debug and tracing flags. We also avoid requiring the configuration file as an argument to each command as per the previous CLI.
  • Customization of the Nginx configuration can now be taken care of using two different approaches: with a custom Nginx configuration template and using kong start --template <file>, or by using kong compile to generate the Kong Nginx sub-configuration, and include it in a custom Nginx instance.
  • Plugins:
    • Rate Limiting: the continue_on_error property is now called fault_tolerant.
    • Response Rate Limiting: the continue_on_error property is now called fault_tolerant.

Added

  • :fireworks: Support for overriding configuration settings with environment variables.
  • :fireworks: Support for SSL connections between Kong and PostgreSQL. #1425 (opens in a new tab)
  • :fireworks: Ability to apply plugins with more granularity: per-consumer, and global plugins are now possible. #1403 (opens in a new tab)
  • New kong check command: validates a Kong configuration file.
  • Better version check for third-party dependencies (OpenResty, Serf, Dnsmasq). #1307 (opens in a new tab)
  • Ability to configure the validation depth of database SSL certificates from the configuration file. #1420 (opens in a new tab)
  • request_host: internationalized url support; utf-8 domain names through punycode support and paths through %-encoding. #1300 (opens in a new tab)
  • Implements caching locks when fetching database configuration (APIs, Plugins...) to avoid dog pile effect on cold nodes. #1402 (opens in a new tab)
  • Plugins:
    • :fireworks: New bot-detection plugin: protect your APIs by detecting and rejecting common bots and crawlers. #1413 (opens in a new tab)
    • correlation-id: new "tracker" generator, identifying requests per worker and connection. #1288 (opens in a new tab)
    • request/response-transformer: ability to add strings including colon characters. #1353 (opens in a new tab)
    • rate-limiting: support for new rate-limiting policies (cluster, local and redis), and for a new limit_by property to force rate-limiting by consumer, credential or ip.
    • response-rate-limiting: support for new rate-limiting policies (cluster, local and redis), and for a new limit_by property to force rate-limiting by consumer, credential or ip.
    • galileo: performance improvements of ALF serialization. ALFs are not discarded when exceeding 20MBs anymore. #1463 (opens in a new tab)
    • statsd: new upstream_stream latency metric. #1466 (opens in a new tab)
    • datadog: new upstream_stream latency metric and tagging support for each metric. #1473 (opens in a new tab)

Removed

Fixed

internal

  • new test suite using resty-cli and removing the need to monkey-patch the ngx global.
  • custom assertions and new helper methods (wait_until()) to gracefully fail in case of timeout.
  • increase atomicity of the testing environment.
  • lighter testing instance, only running 1 worker and not using Dnsmasq by default.

Back to TOC

0.8.3 (opens in a new tab) - 2016/06/01

This release includes some bugfixes:

Changed

  • Switched the log level of the "No nodes found in cluster" warning to INFO, that was printed when starting up the first Kong node in a new cluster.
  • Kong now requires OpenResty 1.9.7.5.

Fixed

Back to TOC

0.8.2 (opens in a new tab) - 2016/05/25

This release includes bugfixes and minor updates:

Added

  • Support for a simple slash in request_path. #1227 (opens in a new tab)
  • Plugins:
    • Response Rate Limiting: it now appends usage headers to the upstream requests in the form of X-Ratelimit-Remaining-{limit_name} and introduces a new config.block_on_first_violation property. #1235 (opens in a new tab)

Changed

Fixed

Back to TOC

0.8.1 (opens in a new tab) - 2016/04/27

This release includes some fixes and minor updates:

Added

Fixed

Back to TOC

0.8.0 (opens in a new tab) - 2016/04/18

This release includes support for PostgreSQL as Kong's primary datastore!

Breaking changes

  • Remove support for the long deprecated /consumers/:consumer/keyauth/ and /consumers/:consumer/basicauth/ routes (deprecated in 0.5.0). The new routes (available since 0.5.0 too) use the real name of the plugin: /consumers/:consumer/key-auth and /consumers/:consumer/basic-auth.

Added

Fixed

internal

  • replace globals with singleton pattern thanks to @mars (opens in a new tab).
  • fixed resolution mismatches when using deep paths in the path resolver.

Back to TOC

0.7.0 (opens in a new tab) - 2016/02/24

Breaking changes

Due to the NGINX security fixes (CVE-2016-0742, CVE-2016-0746, CVE-2016-0747), OpenResty was bumped to 1.9.7.3 which is not backwards compatible, and thus requires changes to be made to the nginx property of Kong's configuration file. See the 0.7 upgrade path (opens in a new tab) for instructions.

However by upgrading the underlying OpenResty version, source installations do not have to patch the NGINX core and use the old ssl-cert-by-lua branch of ngx_lua anymore. This will make source installations much easier.

Added

Fixed

Back to TOC

0.6.1 (opens in a new tab) - 2016/02/03

This release contains tiny bug fixes that were especially annoying for complex Cassandra setups and power users of the Admin API!

Added

  • A timeout property for the Cassandra configuration. In ms, this timeout is effective as a connection and a reading timeout. #937 (opens in a new tab)

Fixed

  • Correctly set the Cassandra SSL certificate in the Nginx configuration while starting Kong. #921 (opens in a new tab)
  • Rename the user Cassandra property to username (Kong looks for username, hence user would fail). #922 (opens in a new tab)
  • Allow Cassandra authentication with arbitrary plain text auth providers (such as Instaclustr uses), fixing authentication with them. #937 (opens in a new tab)
  • Admin API
  • Plugins
    • HTTP logging: remove the additional \r\n at the end of the logging request body. #926 (opens in a new tab)
    • Galileo: catch occasional internal errors happening when a request was cancelled by the client and fix missing shm for the retry policy. #931 (opens in a new tab)

Back to TOC

0.6.0 (opens in a new tab) - 2016/01/22

Breaking changes

We would recommended to consult the suggested 0.6 upgrade path (opens in a new tab) for this release.

  • Serf (opens in a new tab) is now a Kong dependency. It allows Kong nodes to communicate between each other opening the way to many features and improvements.
  • The configuration file changed. Some properties were renamed, others were moved, and some are new. We would recommend checking out the new default configuration file.
  • Drop the Lua 5.1 dependency which was only used by the CLI. The CLI now runs with LuaJIT, which is consistent with other Kong components (Luarocks and OpenResty) already relying on LuaJIT. Make sure the LuaJIT interpreter is included in your $PATH. #799 (opens in a new tab)

Added

One of the biggest new features of this release is the cluster-awareness added to Kong in #729 (opens in a new tab), which deserves its own section:

  • Each Kong node is now aware of belonging to a cluster through Serf. Nodes automatically join the specified cluster according to the configuration file's settings.
  • The datastore cache is not invalidated by expiration time anymore, but following an invalidation strategy between the nodes of a same cluster, leading to improved performance.
  • Admin API
    • Expose a /cache endpoint for retrieving elements stored in the in-memory cache of a node.
    • Expose a /cluster endpoint used to add/remove/list members of the cluster, and also used internally for data propagation.
  • CLI
    • New kong cluster command for cluster management.
    • New kong status command for cluster healthcheck.

Other additions include:

Changed

  • As mentioned in the breaking changes section, a new configuration file format and validation. All properties are now documented and commented out with their default values. This allows for a lighter configuration file and more clarity as to what properties relate to. It also catches configuration mistakes. #633 (opens in a new tab)
  • Replace the UUID generator library with a new implementation wrapping lib-uuid, fixing eventual conflicts happening in cases such as described in #659 (opens in a new tab). See #695 (opens in a new tab)
  • Admin API
    • Increase the maximum body size to 10MB in order to handle configuration requests with heavy payloads. #700 (opens in a new tab)
    • Disable access logs for the /status endpoint.
    • The /status endpoint now includes database statistics, while the previous stats have been moved to a server response field. #635 (opens in a new tab)

Fixed

internal

  • Event bus for local and cluster-wide events propagation. Plans for this event bus is to be widely used among Kong in the future.
  • The Kong Public Lua API (Lua helpers integrated in Kong such as DAO and Admin API helpers) is now documented with ldoc (opens in a new tab).
  • Work has been done to restore the reliability of the CI platforms.
  • Migrations can now execute DML queries (instead of DDL queries only). Handy for migrations implying plugin configuration changes, plugins renamings etc... #770 (opens in a new tab)

Back to TOC

0.5.4 (opens in a new tab) - 2015/12/03

Fixed

Back to TOC

0.5.3 (opens in a new tab) - 2015/11/16

Fixed

Added

Back to TOC

0.5.2 (opens in a new tab) - 2015/10/21

A few fixes requested by the community!

Fixed

  • Kong properly search the nginx in your $PATH variable.
  • Plugins:
    • OAuth2: can detect that the originating protocol for a request was HTTPS through the X-Forwarded-Proto header and work behind another reverse proxy (load balancer). #650 (opens in a new tab)
    • HMAC signature: support for X-Date header to sign the request for usage in browsers (since the Date header is protected). #641 (opens in a new tab)

Back to TOC

0.5.1 (opens in a new tab) - 2015/10/13

Fixing a few glitches we let out with 0.5.0!

Added

  • Basic Authentication and HMAC Authentication plugins now also send the X-Credential-Username to the upstream server.
  • Admin API now accept JSON when receiving a CORS request. #580 (opens in a new tab)
  • Add a WWW-Authenticate header for HTTP 401 responses for basic-auth and key-auth. #588 (opens in a new tab)

Changed

Fixed

Back to TOC

0.5.0 (opens in a new tab) - 2015/09/25

With new plugins, many improvements and bug fixes, this release comes with breaking changes that will require your attention.

Breaking changes

Several breaking changes are introduced. You will have to slightly change your configuration file and a migration script will take care of updating your database cluster. Please follow the instructions in UPGRADE.md for an update without downtime.

  • Many plugins were renamed due to new naming conventions for consistency. #480 (opens in a new tab)
  • In the configuration file, the Cassandra hosts property was renamed to contact_points. #513 (opens in a new tab)
  • Properties belonging to APIs entities have been renamed for clarity. #513 (opens in a new tab)
    • public_dns -> request_host
    • path -> request_path
    • strip_path -> strip_request_path
    • target_url -> upstream_url
  • plugins_configurations have been renamed to plugins, and their value property has been renamed to config to avoid confusions. #513 (opens in a new tab)
  • The database schema has been updated to handle the separation of plugins outside of the core repository.
  • The Key authentication and Basic authentication plugins routes have changed:
Old route                             New route
/consumers/:consumer/keyauth       -> /consumers/:consumer/key-auth
/consumers/:consumer/keyauth/:id   -> /consumers/:consumer/key-auth/:id
/consumers/:consumer/basicauth     -> /consumers/:consumer/basic-auth
/consumers/:consumer/basicauth/:id -> /consumers/:consumer/basic-auth/:id

The old routes are still maintained but will be removed in upcoming versions. Consider them deprecated.

  • Admin API
    • The route to retrieve enabled plugins is now under /plugins/enabled.
    • The route to retrieve a plugin's configuration schema is now under /plugins/schema/{plugin name}.

Added

Changed

Fixed

Back to TOC

0.4.2 (opens in a new tab) - 2015/08/10

Added

Changed

  • Remove cassandra.port property in configuration. Ports are specified by having cassandra.hosts addresses using the host:port notation (RFC 3986). #457 (opens in a new tab)
  • Default SSL certificate is now auto-generated and stored in the nginx_working_dir.
  • OAuth 2.0 plugin now properly forces HTTPS.

Fixed

Back to TOC

0.4.1 (opens in a new tab) - 2015/07/23

Fixed

Back to TOC

0.4.0 (opens in a new tab) - 2015/07/15

Added

Fixed

internal

Back to TOC

0.3.2 (opens in a new tab) - 2015/06/08

Fixed

Back to TOC

0.3.1 (opens in a new tab) - 2015/06/07

Fixed

Back to TOC

0.3.0 (opens in a new tab) - 2015/06/04

Added

Fixed

internal

  • Schemas: > - New property type: array. #277 (opens in a new tab)
    • Entities schemas now live in their own files and are starting to be unit tested.
    • Subfields are handled better: (notify required subfields and auto-vivify is subfield has default values).
  • Way faster unit tests. Not resetting the DB anymore between tests.
  • Improved coverage computation (exclude vendor/).
  • Travis now lints kong/.
  • Way faster Travis setup.
  • Added a new HTTP client for in-nginx usage, using the cosocket API.
  • Various refactorings.
  • Fix #196 (opens in a new tab).
  • Disabled ipv6 in resolver.

Back to TOC

0.2.1 (opens in a new tab) - 2015/05/12

This is a maintenance release including several bug fixes and usability improvements.

Added

Fixed

  • Resolver
    • More explicit "API not found" message from the resolver if the Host was not found in the system. "API not found with Host: %s".
    • If multiple hosts headers are being sent, Kong will test them all to see if one of the API is in the system. #186 (opens in a new tab)
  • Admin API: responses now have a new line after the body. #164 (opens in a new tab)
  • DAO: keepalive property is now properly passed when Kong calls set_keepalive on Cassandra sockets.
  • Multipart dependency throwing error at startup. #213 (opens in a new tab)

internal

  • Separate Migrations from the DAO factory.
  • Update dev config + Makefile rules (run becomes start).
  • Introducing an ngx stub for unit tests and CLI.
  • Switch many PCRE regexes to using patterns.

Back to TOC

0.2.0-2 (opens in a new tab) - 2015/04/27

First public release of Kong. This version brings a lot of internal improvements as well as more usability and a few additional plugins.

Added

Fixed

  • Admin API: trailing slash is not necessary anymore for core resources such as /apis or /consumers.
  • Leaner default configuration. #156 (opens in a new tab)

internal

  • All scripts moved to the CLI as "hidden" commands (kong db, kong config).
  • More tests as always, and they are structured better. The coverage went down mainly because of plugins which will later move to their own repos. We are all eagerly waiting for that!
  • src/ was renamed to kong/ for ease of development
  • All system dependencies versions for package building and travis-ci are now listed in versions.sh
  • DAO doesn't need to :prepare() prior to run queries. Queries can be prepared at runtime. #146 (opens in a new tab)

Back to TOC

0.1.1beta-2 (opens in a new tab) - 2015/03/30

Fixed

  • Wrong behavior of auto-migration in kong start.

Back to TOC

0.1.0beta-3 (opens in a new tab) - 2015/03/25

First public beta. Includes caching and better usability.

Added

  • Required Openresty is now 1.7.10.1.
  • Freshly built CLI, rewritten in Lua
  • kong start using a new DB keyspace will automatically migrate the schema. #68 (opens in a new tab)
  • Anonymous error reporting on Proxy and API. #64 (opens in a new tab)
  • Configuration
    • Simplified configuration file (unified in kong.yml).
    • In configuration, plugins_installed was renamed to plugins_available. #59 (opens in a new tab)
    • Order of plugins_available doesn't matter anymore. #17 (opens in a new tab)
    • Better handling of plugins: Kong now detects which plugins are configured and if they are installed on the current machine.
    • bin/kong now defaults on /etc/kong.yml for config and /var/logs/kong for output. #71 (opens in a new tab)
  • Proxy: APIs/Consumers caching with expiration for faster authentication.
  • Admin API: Plugins now use plain form parameters for configuration. #70 (opens in a new tab)
  • Keep track of already executed migrations. rollback now behaves as expected. #8 (opens in a new tab)

Fixed

  • Server header now sends Kong. #57 (opens in a new tab)
  • migrations not being executed in order on Linux. This issue wasn't noticed until unit testing the migrations because for now we only have 1 migration file.
  • Admin API: Errors responses are now sent as JSON. #58 (opens in a new tab)

internal

  • We now have code linting and coverage.
  • Faker and Migrations instances don't live in the DAO Factory anymore, they are only used in scripts and tests.
  • scripts/config.lua allows environment based configurations. make dev generates a kong.DEVELOPMENT.yml and kong_TEST.yml. Different keyspaces and ports.
  • spec_helpers.lua allows tests to not rely on the Makefile anymore. Integration tests can run 100% from busted.
  • Switch integration testing from [httpbin.org] to [mockbin.com].
  • core plugin was renamed to resolver.

Back to TOC

0.0.1alpha-1 (opens in a new tab) - 2015/02/25

First version running with Cassandra.

Added

  • Basic proxying.
  • Built-in authentication plugin (api key, HTTP basic).
  • Built-in ratelimiting plugin.
  • Built-in TCP logging plugin.
  • Configuration API (for consumers, apis, plugins).
  • CLI bin/kong script.
  • Database migrations (using db.lua).
说明从 0.11.0 升级到 1.2.0