News KrakenD 2023: Milestones and New Horizons

KrakenD Changelog

List of the most relevant changes between releases

Releases in reverse chronological order (newer to oldest). Use always the most up-to-date version.

Enterprise Edition v2.5 (released 2023-11-21, updated 2024-01-10)

The v2.5 introduces API Monetization, allows multiple POSTS in and out sequential calls, adds a license command and listening to a specific IP, and improves Flexible Configuration, E2E tests, OpenAPI, and more.

  • Bugfix
  • Deprecation
  • Feature
  • Security
  • Upgrade
  • Added the API Monetization feature (integration in partnership with Moesif)
  • Endpoints with multiple POSTs are now possible. The restriction to work with multiple unsafe methods is now removed.
  • The response body generator also has access to the request body using .req_body
  • New command license to check licenses in pipelines automatically
  • The End-to-End testing allows multiple calls in a single test case using next.
  • The Extended Flexible Configuration can work automatically now without any environment variables when you have a flexible_config.json file, accepts multiple partial dirs, adds a .meta variable in templates, and improves error logging and debugging
  • The OpenAPI generation allows you to define the request body using request_definition and also to declare component/schemas you can reuse in endpoints with the $ref attribute.
  • Added Mutual TLS from the gateway to your upstream services, both globally (all connections) or individually per backend
  • API keys declaration accepts now the hashing functions fnv128, sha256, and sha1.
  • The body request generator is now available at the endpoint level in addition to the backend. It also parses the query and path at a later stage to have the most up-to-date values.
  • The new field listen_ip can now restrict the service to listen to a specific IP.
  • Added new attribute static_routing_key on AMQP consumers (thanks to Georgios Chronis).
  • Added a second level of input_query_strings in the backend section.
  • The propagate_claims attribute for JWT claims now sets to blank those headers with missing values and does not allow the user to override via custom headers.
  • The gRPC can now use headers to construct the payload
  • The WebSockets load balancer now takes a random host when a previously established connection fails.
  • The Flexible Configuration and the --lint flag of check can work now in a single step
  • Your custom plugins (server and client) will now receive the Service Go Context, so you can cancel services started by the plugin when the gateway shuts down.
  • Identity servers returning Content-Type: application/jwk-set+json in their jwk_url are now accepted.
  • When defining a custom router section, the default settings for remote_ip_headers were reset.
  • The rate limit eviction was resetting on very large time settings
  • Fixed race conditions on global JWK URL keys cache
  • Requests with method OPTIONS (CORS module) with HTTP/2 without HTTP/1.1 Upgrade returned 405 status code instead of 204 when use_h2c flag was enabled (thanks to @anivanovic)
  • WebSocket race condition on concurrent writing
  • The use_h2c flag moves to the root level, and its usage inside the router is marked as deprecated.

v2.5.3 (released 2024-01-10)

Security fix on the Go lang crypto package and API keys

  • The JWT company information was not correctly reported to the Moesif API (Monetization)
  • API Key-enabled endpoints without defining any roles validate now against any valid API key in the settings list
  • Upgraded libraries to remove the issue CVE-2023-48795. This issue does not affect KrakenD, but scanners flag the binary

v2.5.2 (released 2023-12-06)

Security fix on the net/httppackage. OpenAPI export command fixed.

  • Fix openapi export to not require the inclusion of a service extra_config
  • Introduced a fix to address CVE-2023-39326 net/http: limit chunked data overhead

v2.5.1 (released 2023-11-30)

WebSockets and OpenAPI export bugfixes.

  • Correct problem in concurrent writes in the same WebSockets connection
  • Make global OpenAPI configuration optional
  • Abort OpenAPI generation when a schema has errors for better CI/CD integration

Community Edition v2.5 (released 2023-11-09, updated 2024-01-22)

The v2.5 binary allows multiple POSTS in and out sequential calls, restricts service listening to a specific IP, and improves JWT and AMQP.

  • Bugfix
  • Deprecation
  • Feature
  • Security
  • Upgrade
  • Endpoints with multiple POSTs are now possible. The restriction to work with multiple unsafe methods is now removed.
  • Added new attribute static_routing_key on AMQP consumers (thanks to Georgios Chronis).
  • The new field listen_ip can now restrict the service to listen to a specific IP.
  • You can now configure mTLS options globally to connect to your backends
  • Added a second level input_query_strings in the backend section.
  • The Flexible Configuration and the --lint flag of check can work now in a single step
  • Your custom plugins (server and client) will now receive the Service Go Context, so you can cancel services started by the plugin when the gateway shuts down.
  • Identity servers returning Content-Type: application/jwk-set+json in their jwk_url are now accepted
  • When definining a custom router section the default settings for remote_ip_headers were reset.
  • The rate limit eviction was resetting on very large time settings
  • Fixed race conditions on global JWK URL keys cache
  • Requests with method OPTIONS (CORS module) with HTTP/2 without HTTP/1.1 Upgrade returned 405 status code instead of 204 when use_h2c flag was enabled (thanks to @anivanovic)
  • The propagate_claims attribute for JWT claims sets now to blank those headers with missing values, and does not allow the user to override via custom headers.
  • The use_h2c flag moves to the root level, and its usage inside the router is marked as deprecated.

For more details see the file changes.

v2.5.1 (released 2024-01-22)

Security fix on the Go lang crypto package

  • Add parent endpoint info to backend logs
  • Upgraded Go lang version to 1.20.13
  • Upgraded the Go lang crypto package to remove the issue CVE-2023-48795. This issue does not affect KrakenD, but scanners flag the binary
  • Do not abort the loading of handler plugins when one of them fails

Enterprise Edition v2.4 (released 2023-08-29, updated 2023-10-12)

The v2.4 introduces powerful features such as the Catch All (or No-route, or Fallback), the Advanced Flexible Configuration, response manipulation using templates, improves gRPC, or the conversion of some plugins to native functionality. It also includes all features and fixes of Community 2.4.3. Check out the rest of features.

  • Bugfix
  • Deprecation
  • Feature
  • Security
  • Upgrade
  • The new Catchall endpoint defines a fallback backend for any non-matching route and method
  • The new Advanced Flexible Configuration adds the $ref keyword, recursivity, behavior file and much more
  • Response body transformation using templates with the modifier/response-body-generator
  • A rewritten rate limit introduces the every component, allowing to set limits per second, minute, or hour.
  • Add a second level of input_headers filtering in the backend section.
  • The DNS SRV can now use protocols other than http through the flag sd_scheme.
  • Added header_mapping to pass headers of gRPC backends as metadata.
  • The JWK aggregator now fetches all keys in parallel and adds the cache attribute to reduce network traffic.
  • The Static Filesystem is now available natively, and the plugin is no longer needed. There is also a new flag directory_listing.
  • Virtualhosts are now available natively and the plugin is no longer needed.
  • Log the name of endpoints that cannot register correctly during startup
  • The krakend check --lint command fetches the schema for its version.
  • The post execution on Lua fixes the error handling.
  • The static filesystem plugin has been deprecated. Upgrade to the native functionality.
  • The virtual host plugin has been deprecated. Upgrade to the native functionality.
  • The Instana integration was deprecated in previous versions and has been removed
  • The Google Analytics was deprecated in previous versions and has been removed
  • When the license is missing or expired, the Enterprise binary will not try to run in open source mode as there might be security implications, such as not understanding security policies.
  • The flag allow_insecure_connections was relocated under client_tls in v2.3, and the old location on tls is no longer supported.
  • The flag prefer_server_cipher_suites is no longer supported. Servers now select the best mutually supported cipher suite based on the logic that considers inferred client hardware, server hardware, and security.

v2.4.2 (released 2023-10-12)

Addresses the Distributed Denial of Service (DDoS) vulnerability affecting several HTTP/2 server implementations, which are assigned CVE-2023-44487 and CVE-2023-39325, known as Rapid Reset Attack.

v2.4.1 (released 2023-09-13)

This release fixes the buffer size of WebSocket messages.

  • WebSocket messages larger than 4KB were split despite overriding this behavior with max_message_size
  • Corrected the $schema URL when using the --lint flag to point to the correct version
  • Corrected a continuos restart of the :watch Docker container when using the new Advanced Flexible Configuration for the first time

Community Edition v2.4 (released 2023-06-29, updated 2023-10-12)

The v2.4 improves the rate limit usage experience to support non-second time intervals, and offers more granularity option to improve security.

  • Bugfix
  • Deprecation
  • Feature
  • Security
  • Upgrade
  • A rewritten rate limit introduces the every component, allowing to set limits per second, minute, or hour.
  • Add a second level of input_headers filtering in the backend section.
  • The DNS SRV can now use other protocols than http through flag sd_scheme.
  • Log the name of endpoints that cannot register correctly during startup
  • The krakend check --lint command fetches the schema for its version.
  • The post execution on Lua fixes the error handling.
  • The flag allow_insecure_connections was relocated under client_tls in v2.3 and the old location on tls is no longer supported.
  • The flag prefer_server_cipher_suites is no longer supported. Servers now select the best mutually supported cipher suite based on logic that takes into account inferred client hardware, server hardware, and security.

For more details see the file changes.

v2.4.6 (released 2023-10-12)

Addresses the Distributed Denial of Service (DDoS) vulnerability affecting several HTTP/2 server implementations, which are assigned CVE-2023-44487 and CVE-2023-39325, known as Rapid Reset Attack. Patches 2.4.4 and 2.4.5 are failed builds, and do not count as releases.

v2.4.3 (released 2023-07-27)

This release does not contain any software changes. Instead, it fixes the packaging used in on-premise installations: Azure VM, RPM, and DEB. This change is because patch 2.4.2 upgraded Debian to an unsupported version, and it has been reverted.

    v2.4.2 (released 2023-07-07)

    We have updated our internal libraries to rectify security issues identified in scans. While these issues do not affect KrakenD’s operations, the updated version provides clean container scans. Notably, CVE-2023-29406, related to HTTP/1 client’s Host header validation, does not impact most users due to our zero-trust security, but may affect those utilizing the non-recommended input_headers: ["*"] policy.

    v2.4.1 (released 2023-06-01)

    Fix on the new rate limit component

    • The rate limit did not load because its namespace was internally rewritten using an ancient namespace (KrakenD v1)

    Enterprise Edition v2.3 (released 2023-05-19, updated 2023-07-07)

    The v2.3 includes awaited new features requested by customers, such as gRPC backends without plugins, easier wildcards (simply writing a star *), and the End-to-End testing with JSON Schema contracts. It also includes all features and fixes of Community 2.3.2. Checkout the rest of features.

    • Bugfix
    • Deprecation
    • Feature
    • Security
    • Upgrade
    • Easier wildcards using the /path/to/* syntax. Plugins are no longer needed!
    • Automatic gRPC backends based on proto files. No plugins are needed anymore.
    • End-to-end testing supports now JSON Schema definitions
    • Added Multiple merge of OpenAPI contracts. Import many contracts in one operation.
    • Added NTLM authentication for Microsoft Dynamics and similar integrations
    • The security policies add now bitwise operations to facilitate mask calculation.
    • The new OpenAPI serve command to start a KrakenD server with the OpenAPI file and no import.
    • The New Relic integration now accepts an additional list of headers to report
    • Added service-to-service authentication flow on Google Cloud
    • Support for legacy API keys that pass keys without a Bearer or Basic indication.
    • Override of API keys strategy and identifier per endpoint.
    • Retries for AMQP consumers and producers with configurable back-off strategies
    • Global caching of JWK URLs, reused between endpoints.
    • KrakenD Designer can now apply changes on a local KrakenD directly from the web.
    • New /__echo/ endpoint, to dump requests from users and test functionality.
    • Added use_h2c (clear text HTTP/2), in addition to the already supported HTTP/2 over TLS
    • Add new TLS settings for the internal HTTP client (client_tls)
    • Add per backend HTTP client settings, including no redirect, TLS, and web proxy
    • The body generator, and the soap integration support now Sprig functions.
    • The underlying Go version has been upgraded to 1.20.4, which includes security fixes to crypto packages.
    • The audit rules add more security recommendations.
    • WebSockets with forced Gzip could panic
    • JMESpath support for json.Number instead of integer
    • HTTP logger plugin panic
    • The router configuration was overwriting defaults for unexisting attributes
    • The prefetch_size flag on AMQP was never implemented, and it has been removed from the configuration
    • The prefetch_count has been removed from AMQP producers as it only makes sense in a consumer scenario
    • The krakend generate openapi command has been renamed to krakend openapi export; please replace its usages.
    • The krakend generate from openapi command has been renamed to krakend openapi import; please replace its usages.
    • The HTTP proxy plugin is deprecated as the functionality is natively supported as an HTTP Client option.
    • The no-redirect plugin is deprecated as the functionality is natively supported as an HTTP Client option.
    • The allow_insecure_connections property at the service level now moves under client_tls > allow_insecure_connections.
    • The Instana integration is deprecated and will be removed in future releases.
    • The Google Analytics integration is deprecated and will be removed in future releases.

    v2.3.3 (released 2023-07-07)

    We have updated our internal libraries to rectify security issues identified in scans. While these issues do not affect KrakenD’s operations, the updated version provides clean container scans. Notably, CVE-2023-29406, related to HTTP/1 client’s Host header validation, does not impact most users due to our zero-trust security, but may affect those utilizing the non-recommended input_headers: ["*"] policy.

    v2.3.2 (released 2023-06-22)

    Small fixes on Redis rate limiter, gRPC, API keys, and Lua

    • Lua: Corrected bug not preventing lists to grow, and added a special type for nil treatment.
    • API Keys: When a user key is valid, but it does not have permissions to use the resource now a 403 is returned instead of the 401
    • gRPC: Fix types of recursive objects
    • Better logging on plugins
    • Redis rate-limit: Fix a corner-case panic during startup

    v2.3.1 (released 2023-06-08)

    Fixes on Redis rate limiter, Alpine security upgrade, body generator, gRPC, and added new helpers in Lua

    • Add list and table helpers to Lua scripts
    • Automatically set content-type application/json for GraphQL backends, no longer needing the client to pass it + fixes in formatting
    • Fix escaped chars during XML rendering
    • Avoid startup panic when using proxy rate limit with capacity 0
    • Bodygenerator: Push Content-Length header with the calculation of a generated body.
    • Redis rate limit: Fix on zero capacity limits
    • gRPC endpoints not filling data with URL parameters and query strings combinations
    • Avoid initial wait for client connection and add retry strategies on WebSockets
    • Upgrade Docker image base to Alpine 3.18

    Community Edition v2.3 (released 2023-04-20, updated 2023-06-01)

    The v2.3 adds more connectivity options with backends and caching and adds the possibility to load changes into a local KrakenD using the Designer (UI) directly.

    • Bugfix
    • Deprecation
    • Feature
    • Security
    • Upgrade
    • AMQP consumers and producers offer now retries with several backoff strategies.
    • Downloading of JWK URLs now uses global caching (reused between endpoints)
    • KrakenD Designer can now apply changes on a local KrakenD directly from the web.
    • New /__echo/ endpoint, to dump requests from users and test functionality.
    • Added h2c protocol (clear text HTTP/2), in addition to the already supported HTTP/2 over TLS
    • Add new TLS settings for the internal HTTP client (client_tls). The flag allow_insecure_connections moves inside it.
    • The underlying Go version has been upgraded to 1.20.3, which includes security fixes to crypto packages.
    • The audit rules add more security recommendations.
    • The router configuration was overwriting defaults for unexisting attributes
    • The prefetch_size on AMQP flag was never implemented, and it has been removed from the configuration
    • The prefetch_count has been removed from AMQP producers as it only makes sense in a consumer scenario
    • The flag allow_insecure_connections under tls is now drepecated because moves inside client_tls.

    For more details see the file changes.

    v2.3.3 (released 2023-06-01)

    Fixes on GraphQL, Alpine security upgrade, and added new helpers in Lua

    • Upgrade Lura engine to 2.2.8
    • Add list and table helpers to Lua scripts
    • Automatically set content-type application/json for GraphQL backends, no longer needing the client to pass it + fixes in formatting
    • Fix escaped chars during XML rendering
    • Fix glibc detection on macOS (by @dschanoeh)
    • Avoid startup panic when using proxy rate limit with capacity 0
    • Upgrade Docker image base to Alpine 3.18 to mitigate SSL3 CVE-2023-1255 (by @ksylvan)

    v2.3.2 (released 2023-05-05)

    Fixed plugin builder and corrected edge cases in JWT validation.

    • Custom plugins: Alpine image builder fixed for ARM64
    • JWT: Panic when receiving an invalid number of claims
    • JWT: Remove misleading error log when no global cache is defined
    • JWT: index out of range
    • Upgrade to Go version 1.20.4, which includes security fixes in the packages crypto/subtle, crypto/tls, net/http, and syscall

    v2.3.1 (released 2023-04-26)

    The new TLS Client functionality was not included in the release.

    • The deny attribute did not work on the third nesting level and above.
    • The new client_tls attribute was not yet included.

    Enterprise Edition v2.2 (released 2023-02-27, updated 2023-04-19)

    The v2.2. introduces a new security policies engine, routing based on headers, OpenAPI 3, SOAP integration with custom body generation, everything on Community 2.2.1, and more.

    • Bugfix
    • Deprecation
    • Feature
    • Security
    • Upgrade

    v2.2.1 (released 2023-04-19)

    Enables backoff strategies for AMQP producers and consumers, and fixes OpenAPI generation issues.

    • AMQP consumers and producers offer now retries with several backoff strategies.
    • Request modifier plugin loader is now hardened and is more strict to prevent human error.
    • Prevent showing 500 status codes when using the body-generator component that receives an empty body
    • OpenAPI includes basic auth information when available for the new component (not the plugin).
    • OpenAPI output is now deterministic. The order of elements of the output is ordered.
    • OpenAPI runtime error when declaring nested JSON schemas
    • Lua exited with semicolon characters
    • Conflicting treatment of floats and integers on JMESpath component
    • The underlying Go version has been upgraded to 1.20.3 which includes security fixes to crypto

    Community Edition v2.2 (released 2023-02-03, updated 2023-04-19)

    It introduces a new security audit command (krakend audit) that parses and analyzes your configurations and outputs security recommendations. We have designed it to run as a standalone command or integrated it into your existing CI/CD pipeline to avoid dangerous configurations, such as unwillingly disabling the TLS, setting excessive timeouts, unprotected endpoints, or similar scenarios.

    • Bugfix
    • Deprecation
    • Feature
    • Security
    • Upgrade
    • When you were loading multiple plugins, and one of them failed, the gateway did not load the rest. Now the sequence will continue excluding the failing one.
    • Older Docker images raised false positives when performing security scans due to an unused but included library (Thrift server). This library is no longer in the code.
    • The krakend audit command.
    • The Flexible Configuration component upgrades Sprig from v2 to v3. This has changes in the way ^ is handled. Some of the new functions available are fromJson, addf, maxf, mulf, osBase, osDir, osExt, osClean, or osIsAbs. It also documents how to use yaml or toml to write configurations using FC.
    • The Jaeger exporter now supports the UDP protocol to post traces to a Jaeger-agent.
    • The Bot Detector adds the flag empty_user_agent_is_bot to define empty user agent treatment.
    • JWT: Extraction of JSON from paths in JWT claims has been improved
    • JWT is now more restrictive, and fallbacks to returning 401 error codes with incorrect configurations.
    • The JWK URL requests to your identity server include now a KrakenD-specific user agent.

    For more details see the file changes.

    v2.2.1 (released 2023-04-19)

    Fixes a memory leak on Shadow Proxies.

    • Fixed memory leak on Shadow Proxies when the response wasn’t a 200
    • Fixed audit command that would still warn on some fixed issues
    • Upgraded Go to version 1.20.1

    Enterprise Edition v2.1 (released 2022-10-28, updated 2023-01-23)

    KrakenD Enterprise v2.1 brings a lot of new functionality, including advanced manipulation with a JSON Query language, a Revoke Server to manage tokens in clusters, new Kibana and Grafana dashboards, faster encoding, a rewritten and richer NewRelic exporter, Websockets balancing, everything on Community 2.1.2, and much more.

    • Bugfix
    • Deprecation
    • Feature
    • Security
    • Upgrade
    • The private Amazon or Azure container registries are now publicly hosted under the repository krakend/krakend-ee on Docker Hub
    • New JMESpath Query Language
    • New JWT Revoke Server that pushes revoke instructions to all members in the cluster and maintains consistency between all the nodes, existing or new.
    • The new Service Rate Limit controls the usage of a specific user or all users against all endpoints in the API.
    • The new Response Schema Validator ensures that the backend responses contain at least the structure of your choice, defining the rules with a JSON schema.
    • The new Content Replace is a manipulation plugin that allows you to apply regular expressions to the response.
    • The new fast-json encoding is 140% faster on collections and 30% faster on objects on average tests, compared to the open source edition json decoder.
    • WebSocket servers load balancing
    • New repository Telemetry Dashboards, including Kibana, Grafana, Logstash, and Influx v2
    • The NewRelic exporter has been rewritten from scratch, including now distributed traces and richer content.
    • When you use OpenAPI in combination with JSON Schema, write methods add the validation requirements in the documentation.
    • Multiple OpenAPI exports based on the audience field.
    • Add a response example to OpenAPI exports
    • Added a skip option for the static server to ignore matching sub-paths and route them to KrakenD endpoints
    • Added a no_redirect option to wildcards to let clients follow redirections (e.g: user logins)
    • Added identifier to the API Key authentication to allow custom headers and custom query strings.
    • Added a krakend version command that outputs the KrakenD, Go, and Glibc versions.
    • Added allow_insecure_connections flag to ease development stages that use self-signed certificates.
    • Customizable response body for 404 and 405 errors
    • Added context propagation between Handler plugins and KrakenD Client plugins
    • Added capacity and client_capacity (token bucket size) to router rate limit, previously only on backend rate limit.
    • More logging consistency (Bot detector, Bloom filter, Gologging)
    • Better control of errors when GELF is failing
    • Influx client not initialized during startup randomly (namespace collision being the cause)
    • The check-plugin command could panic when analyzing malformed files.
    • Easier logging to disk or remote server logging via the configurable syslog facility
    • The --accept-eula (or -e) flag is no longer necessary to start KrakenD and should be removed
    • The telemetry/opencensus component for NewRelic will stop working in future versions. Use telemetry/newrelic instead.

    v2.1.2 (released 2023-01-23)

    The patch v2.1.2 updates dependencies that have security vulnerabilities.

    • Add the content-type header when returning errors
    • Upgrade from Go 1.19.3 to Go 1.19.5, which includes security fixes to the net/http, crypto/x509, and os packages, among others.
    • Caching backends with gzipped content wasn’t working properly
    • Upgraded the gin router to avoid panics on certain 404 paths.
    • Improve render selection when negotiating XML content
    • Use a float instead of an integer for API keys rate limiting
    • Add security definitions to OpenAPI generation

    v2.1.1 (released 2022-11-24)

    The patch v2.1.1 fixes logging on the wildcard and a race condition on OpenAPI generation.

    • Fix OpenAPI race condition
    • Fix wildcard plugin logger messages

    Community Edition v2.1 (released 2022-09-30, updated 2023-01-12)

    KrakenD 2.1 brings a new ready-to-use Kibana dashboard, an updated Grafana Dashboard for InfluxDB v2 and more features and bugfixes

    • Bugfix
    • Deprecation
    • Feature
    • Security
    • Upgrade
    • New repository Telemetry Dashboards, including Kibana, Grafana, Logstash, and Influx v2
    • Added a krakend version command that outputs the KrakenD, Go, and Glibc versions.
    • Added allow_insecure_connections flag to ease development stages that use self-signed certificates.
    • Customizable response body for 404 and 405 errors
    • Added context propagation between Handler plugins and KrakenD Client plugins
    • Added capacity and client_capacity (token bucket size) to router rate limit, previously only on backend rate limit.
    • Added capacity and client_capacity (token bucket size) to router rate limit, previously only on backend rate limit.
    • Easier logging to disk or remote server logging via the configurable syslog facility
    • More logging consistency (Bot detector, Bloom filter, Gologging)
    • Better control of errors when GELF is failing
    • Influx client not initialized during startup randomly (namespace collision being the cause)
    • The check-plugin command could panic when analyzing malformed files.

    For more details see the file changes.

    v2.1.4 (released 2023-01-12)

    Corrects a bug when caching Gzipped content and adds the Content-Type header when returning errors.

    • Add the Content-Type header when returning errors
    • Upgrade from Go 1.19.3 to Go 1.19.5, which includes security fixes to the net/http, crypto/x509, and os packages, among others.
    • Caching backends with gzipped content wasn’t working properly
    • Upgraded the router to avoid panic on certain 404 paths.
    • Improve render selection when negotiating XML content

    v2.1.3 (released 2022-11-18)

    ARM64 support, and obfuscate the KrakenD version header.

    • Now officially supporting ARM64 architectures, releasing new Docker containers and packages.
    • Performance improvement on Lambda usage
    • A new flag, hide_version_header, placed in the router settings, allows obfuscating the X-Krakend-Version header.
    • JSON Schema: Return a 400 status code when the body is empty or a malformed JSON (thanks to @efcasado)
    • Reject requests with special chars in the params

    v2.1.2 (released 2022-10-24)

    Corrects a bug with parameters sent to the backend

    • Some requests sent to backend didn’t have the parameters replaced from the client URL

    v2.1.1 (released 2022-10-21)

    Adds a Docker image to build plugins and fixes issues with the JOSE and Lua packages.

    • Bot Detector: Avoid aborting with an error
    • Influx: Logs normalized for better consistency
    • JOSE: Use a sempahore to orchestrate the concurrent warm up of the JWK caches
    • Lambda: Upgrade the AWS SDK version used (by @boris154)
    • The krakend check command did not accept configurations with zero number of endpoints.
    • JOSE: The SecretProvider didn’t receive the provided CacheDuration (by @mguay22)
    • JSON Schema: Validate schema definitions and reuse schema (by @moritzploss)
    • Lua: Error messages couldn’t contain the : character.
    • Martian: Replace the header.Id modifier with a working custom implementation.

    Enterprise Edition v2.0 (released 2022-05-04)

    KrakenD Enterprise 2.0 is a major rework and needs migration. API Analytics, IP Filtering, GraphQL, OpenAPI importers and exporters, integration tests, specific request/modifier plugins, Async Agents, backend response logging (dumper) and improves the existing WebSockets, API Keys, configuration syntax, New Relic reporting, logging, and router to put a few examples. It also includes everything on Community 2.0.4.

    • Bugfix
    • Deprecation
    • Feature
    • Security
    • Upgrade
    • The new Google Analytics integration allows you to generate API Analytics from your API activity
    • The new IP filtering plugin allows you to restrict the traffic to your API gateway by CIDR
    • REST to GraphQL conversion, or direct consumption of GraphQL through the gateway
    • Generate a KrakenD configuration from an OpenAPI spec file
    • A new command krakend e2e allows you to execute integration tests
    • Backend response logging
    • New plugin types (request/response)
    • Plenty of new configurable router flags
    • The krakend check adds verbosity level
    • A new command krakend check-plugin for quicker development of custom plugins
    • Shortened configuration namespaces.
    • NewRelic reporting
    • Async agents
    • Better logging, with more context
    • Alpine-based Docker image

    Community Edition v2.0 (released 2022-03-07, updated 2022-08-23)

    KrakenD 2.0 is the new major version of KrakenD bringing a lot of improvements to the API Gateway. GraphQL, specific request/modifier plugins, async agents, easier configuration, better logging, and a more flexible router to put a few examples.

    • Bugfix
    • Deprecation
    • Feature
    • Security
    • Upgrade
    • REST to GraphQL conversion, or direct consumption of GraphQL through the gateway
    • Backend response logging
    • New plugin types (request/response)
    • Plenty of new configurable router flags
    • The krakend check adds verbosity level
    • A new command krakend check-plugin for quicker development of custom plugins
    • Shortened configuration namespaces.
    • Async agents
    • Better logging, with more context
    • Alpine-based Docker image

    v2.0.6 (released 2022-08-23)

    Adds a flag -f to the check-plugin to help developers fix their custom plugins.

    • Add -f flag to check-plugin command to output recommended go get commands after analyzing the go.mod of the custom plugin.
    • Caching backends with gzipped content wasn’t working properly
    • Fix version comparison using semantic versioning.

    v2.0.5 (released 2022-06-15)

    Pending renames of organizations to krakendio

    • Organization rename from devopsfaith to krakendio
    • Upgrade Lura dependencies to 2.0.5

    v2.0.4 (released 2022-05-03)

    Fixes two bugs in the JOSE component and the new response modifier plugins.

    • Corrected long integers during claim extraction (krakend-jose)
    • Deprecate Metadata() and instead use Header() and StatusCode() for response modifier plugins

    v2.0.3 (released 2022-04-28)

    Security fix in the crypto/elliptic package.

    • Corrected response modifier interface to create req/resp plugins
    • Updated the ASCII logo on command line :)
    • Upgrade Go lang version to 1.17.9. Includes security fixes to the crypto/elliptic and encoding/pem packages

    v2.0.2 (released 2022-04-22)

    Minor fixes and optimizations on several components

    • Add nmap scans on Makefile
    • Dependencies updated
    • Enabled DeepSource code scans
    • Jose: Fix integer claim formatting
    • Jose: use a mirror of go-auth0
    • Ratelimit config must use snake_case keys instead of camelCase
    • Other minor fixes and optimizations in Flatmap, Lua, Cobra, and AMQP components

    v2.0.1 (released 2022-04-01)

    Removes old syntax from rate limit.

    • Ratelimit using previous version syntax
    • Fixed AMQP logging

    Community Edition v1.4 (released 2021-06-10, updated 2021-06-12)

    KrakenD 1.4 is the last version of the 1.x family and primarily replaces the KrakenD Framework with the Lura Project and includes minor bug fixing and an extended flexible configuration. The next release with the new functionality will be 2.0.

    • Bugfix
    • Deprecation
    • Feature
    • Security
    • Upgrade
    • All dependencies for the framework moved to Lura
    • The json-collection output encoding allows returning collections directly
    • Added Sprig functions to Flexible Configuration
    • Allow the propagation of nested claims using dot notation (JWT)
    • Add the del method to Lua

    For more details see the file changes.

    v1.4.1 (released 2021-06-12)

    Removes old syntax from rate limit.

    • Call to the opencensus HTTPExecutorFactory so it receives the backend configurations. Updated deps to use latest opencensus and lura version to include other bugfixes in the Lura framework.
    • Fix corner cases where the http cache could be ignored

    Enterprise Edition v1.3 (released 2021-05-21)

    KrakenD Enterprise 1.3 includes everything in the Community v1.3 and adds generator commands for OpenAPI, Postman, and rendering PNG files with the configuration. It also adds support for wildcard routes.

    • Bugfix
    • Deprecation
    • Feature
    • Security
    • Upgrade
    • New generate postman command
    • New generate openapi command
    • New generate config2dot command
    • Support for wildcard routes
    • Multiple identity providers
    • Integration of secret providers

    Community Edition v1.3 (released 2021-02-24)

    KrakenD 1.3.0 makes focus on completing the RBAC system regarding JWT.

    • Bugfix
    • Deprecation
    • Feature
    • Security
    • Upgrade
    • Scopes validation (thanks to @chrisdennig)
    • Extract and forward claims as headers (thanks to @chrisdennig)
    • Support for Oracle Identity Cloud Service by allowing key identifers other than kid such as x5t or kid_x5t (contribution from Oracle)
    • Allow loading of local JWK files
    • Integration with secret providers such as, Amazon KMS, Azure’s Key Vault, Google Cloud KMS, Hashicorp’s Vault, Encrypted or plain base64 file
    • Expose router request host to Lua virtual machine (thanks to Marc Ruiz from Stayforlong)
    • Add X-Forwarded-Host header (thanks to Marc Ruiz from Stayforlong)
    • Allow the extraction of client IP from custom headers
    • Add debugging information to CORS component
    • The Etcd component is no longer loaded in KrakenD-CE (but the repository is available for custom integrations)
    • The WASM-based emulator in KrakenDesigner has been removed.

    For more details see the file changes.

    Community Edition v1.2 (released 2020-10-05)

    KrakenD 1.2.0 adds a health endpoint, array manipulation, safejson encoding, Datadog integration, JWT claims as url parameters, and many other features and bugfixes.

    • Bugfix
    • Deprecation
    • Feature
    • Security
    • Upgrade
    • Added a /__health endpoint
    • Removed the wording whitelist and blacklist from all our products (#BlackLivesMatter)
    • Datadog integration
    • Array manipulation available after merging multiple backends
    • All KRAKEND_-like environment vars to override configuration
    • A lot of small features and bugfixes
    • Flatmap (array manipulation) now also at endpoint level
    • Removed wording with racist connotations whitelist and blacklist. Now using allow and deny instead.
    • Upgrade go to 1.15.
    • support for the append operation added
    • Added a new supported encoding safejson
    • support for nested targets added
    • Client plugin example fixed
    • Do not copy nil readers on no-op
    • Nested sequential params
    • Clone also the request body in the CloneRequest method
    • The /__debug/ endpoint accepts now any method
    • Use the weight of the SRV record to generate the list of hosts when resolving a service name
    • Decompress gzipped responses before parsing them
    • Added a /__health endpoint
    • Ability to use collections in sequential proxy as input (collection filters)
    • Support using JWT claims as backend url params
    • Mutual TLS between KrakenD and clients added
    • Check that headers aren’t nil on Lua scripts
    • Pub/sub module ignores empty hosts
    • Lua scripts can now send custom errors
    • The RunServer can be injected into the executor builder
    • Integration test for CORS with auto-redirects added
    • CORS mw for gin removed and added as a RunServer wrapper so it’s always executed
    • Support for namespaced custom claims added
    • Added more integration tests
    • Bad request status code added on JSON Schema validation
    • Configuration can be overriden with KRAKEND_-like environment vars
    • Integration with Datadog
    • Add ca-certificates as dependency on debian
    • Allow “sequential proxy” to work with a POST, PUT and DELETE if there are only GET methods before (thanks to Alphyron)
    • Updated CEL engine with more features
    • Added a label name to circuit breakers to identify activity from different circuits in the logs and traces.
    • XML encoder supports now ISO-8859-1 encoding (in addition to UTF8)

    For more details see the file changes.

    Community Edition v1.1 (released 2020-04-02)

    KrakenD 1.1.0 adds Kafka integration, an extended Docker image, telemetry for Azure Monitor and performance improvements.

    • Bugfix
    • Deprecation
    • Feature
    • Security
    • Upgrade
    • Corrected a bug in the httpsecure module.
    • Lambda context as base64 json-encoded context
    • Lua request and response helpers
    • Upgraded to Go 1.14
    • Optimization of the rate-limit module
    • Optimization of the load-balancer
    • Added Opencensus exporter to send metrics to Azure
    • Added Apache Kafka integration
    • FIFO HTTP handler plugin loader (adding more than one HTTP handler plugin to the gateway)
    • Add metrics for Go and process to Prometheus exporter (Thanks to Lucas Bremgartner)
    • Docker image supporting plugins (Thanks to Alexandr Hacicheant)

    For more details see the file changes.

    Community Edition v1.0 (released 2019-09-21)

    In November 2016, we released KrakenD framework to the public. After three years serving traffic around the world, and a lot of lessons learned on the way, KrakenD 1.0 is out 🎉🎉🎉

    • Bugfix
    • Deprecation
    • Feature
    • Security
    • Upgrade
    • dedicated plugin loader function added
    • return all headers from proxy response
    • botdetector module added
    • pass the gelf writer to the gin logger
    • lua module
    • support for handler plugins added
    • support for http request executor plugins added
    • krakend-lambda module added
    • pubsub module added
    • forward the user-agent header
    • opencensus upgraded to 0.21.0
    • send the XML response without a final line break
    • alpine version upgraded
    • integration tests extended
    • xml render improved
    • upgrade to 1.13.1
    • moving from dep to go mod

    For more details see the file changes.

    Community Edition v0.9 (released 2019-04-07)

    Integration with AMQP, traffic shadowing, and flatmaps!

    • Bugfix
    • Deprecation
    • Feature
    • Security
    • Upgrade
    • AMQP client (producer and consumer)
    • Shadow proxy factory added to the proxy factory stack
    • CEL: upgraded to 0.2.0
    • Flexibleconfig: accept partial templates
    • martian: status package included
    • ratelimit: cleanup unused limiters after some TTL
    • cobra: krakend check exits with a non zero status code when the configuration fails
    • usage: timeout added to every request
    • Flexibleconfig: fix ‘invalid cross-device link’

    For more details see the file changes.

    Community Edition v0.8 (released 2019-03-08)

    New validation module (CEL), wildcard option to forward all query strings and headers to the backend.

    • Bugfix
    • Deprecation
    • Feature
    • Security
    • Upgrade
    • Updated to Go 1.12
    • Logging GELF formatter,
    • Logstash logger integration
    • Added logging to the circuit breaker to warn every time the circuit is opened/closed
    • Metrics log removed
    • Forbidden and unauthorized responses
    • New CEL module (JWT, request and response)
    • Client headers are now case insensitive
    • Added a wildcard option to forward all query strings and headers to the backend
    • Possibility to include error details into the response
    • Etcd client updated to 3.3
    • Influx client updated
    • Reuse OAuth2 client sessions
    • JWK client supports local CA
    • Chained token rejecters

    For more details see the file changes.

    Community Edition v0.7 (released 2018-11-08)

    Integration with Graylog Clusters, schema validation and metrics exporter to Stack Driver.

    • Bugfix
    • Deprecation
    • Feature
    • Security
    • Upgrade
    • Support for sending structured events in GELF format (Graylog Cluster)
    • Added a json schema validator to valid endpoint inputs before reaching the backends
    • Added the sequential proxy merger (Use input from a previous backend response)
    • Added StackDriver as a new backend for metrics and traces
    • Added a usage stats report (can be disabled passing env var USAGE_DISABLE=1 when starting)

    For more details see the file changes.

    Community Edition v0.6 (released 2018-09-07, updated 2018-10-04)

    Adds the JOSE component that validates and signs JWT tokens, and a bloomfilter to facilitated decentralized revoke.

    • Bugfix
    • Deprecation
    • Feature
    • Security
    • Upgrade
    • Added JOSE component. Validation and signing of JWT tokens
    • Added the Bloomfilter component to facilitate decentralized revoke of tokens at a massive rate.
    • Added the Cross-origin resource sharing (CORS) component
    • Golang updated to 1.10.3
    • Updated Opencensus component, adding an exporter to AWS XRay

    For more details see the file changes.

    v0.6.1 (released 2018-10-04)

    Upgrade to Go 1.11 and Hombrebew release with Go 1.11

    • Updated to Go 1.11
    • Specific Mac OSX changes to release homebrew with Go 1.11.
    • HTTP secure component updated
    • Updated bloomfilter to 0.6.1

    Community Edition v0.5 (released 2018-06-08, updated 2018-06-16)

    This release focuses heavily on metrics and its export options to different backend systems such as Zipkin, InfluxDB, Prometheus or Jaeger. It also adds the NoOp logger and exposes all the advanced settings of the http client and server, giving all the power to the user.

    • Bugfix
    • Deprecation
    • Feature
    • Security
    • Upgrade
    • Updated golang version to 1.10.2.
    • Fully configurable custom metrics module. Also with influxdb exporter
    • Support for flexible configuration in the krakend.json
    • Opencensus integration (with 5 exporters: Zipkin, Prometheus, Jaeger, InfluxDB, Logger)
    • Added more output decoders in addition to JSON
    • Enabled advanced HTTP Client settings
    • Custom combiners for merging the backend responses.
    • Added static responses behavior to several strategies

    For more details see the file changes.

    v0.5.1 (released 2018-06-16)

    Fix an error on OpenCensus

    • OpenCensus returned an error if the exporter wasn’t defined

    Community Edition v0.4 (released 2018-01-20, updated 2018-03-08)

    Open sourcing all the 1st-year enterprise components!

    • Bugfix
    • Deprecation
    • Feature
    • Security
    • Upgrade
    • KrakenD 0.4 core with the gin router
    • Circuit breaker
    • Rate limit
    • Oauth2 client
    • Service, router, proxy and backend metrics
    • Security router
    • Google’s Martian library integration (Injections via DSL)
    • JSON, RSS and XML encoding
    • Logging
    • Service discovery integrations: etcd, DNS SRV
    • Cobra prowered CLI

    v0.4.2 (released 2018-03-08)

    Fix an error on OpenCensus

    • Request headers should be copied

    v0.4.1 (released 2018-03-02)

    Add HTTP cache!

    • Recursive whitelist definition
    • Editable list of headers to pass to the backend
    • Added in-memory http cache
    • Logger initialization bug fixed
    • Update of components version

    Enterprise Edition v0.3 (released 2017-09-08)

    Add service discovery through etcd

    • Bugfix
    • Deprecation
    • Feature
    • Security
    • Upgrade
    • Added etcd service discovery
    • Improved support for custom transport layers for the backend communication
    • More data collected from the backend responses
    • Support for Go 1.9
    • Gin router update

    Enterprise Edition v0.2 (released 2017-05-26)

    Add service discovery through DNS SRV and decoding of RSS responses.

    • Bugfix
    • Deprecation
    • Feature
    • Security
    • Upgrade
    • DNS SRV Service Discovery
    • Accept collections in the backend responses (as opposed to objects)
    • RSS decoder added

    Enterprise Edition v0.1 (released 2017-01-29)

    First version of the functional gateway.

    • Bugfix
    • Deprecation
    • Feature
    • Security
    • Upgrade
    • Process endpoints with Gin router
    • Fully functional gateway with aggregation of multiple backends

    Community Edition v0.0 (released 2016-11-04)

    Initial commit of KrakenD Framework open-source libraries. No ready-to-use gateway yet.

    • Bugfix
    • Deprecation
    • Feature
    • Security
    • Upgrade
       Stay up to date with KrakenD releases and important updates

      We use cookies to understand how you use our site and to improve your overall experience. By continuing to use our site, you accept our Privacy Policy. More information