KrakenD Changelog
List of the most relevant changes between releases
Community Edition v2.8 (released 2024-12-03)
Improvements on Lua scripts and added OTEL override capabilities
OpenTelemetry has now the ability to override configuration at endpoint and backend level
Lua - Added an error log decorator to show the line and file where an error raised
Lua - Added method
keyExists
helper to checkluaTable
types.Lua - Conversion from tables to arrays instead of maps when tables have all indexes numeric
OpenTelemetry - Several fixes on configuration overrides and multiErrors
The
letgoapp/influx
namespace, which was available for historical reasons, has been removed from the configuration schema. Rename it totelemetry/influx
for a quick fix (which is also deprecated), or upgrade to OpenTelemetry for a long-term solution.
Enterprise Edition v2.7 (released 2024-08-14, updated 2024-11-07)
Worfklows, Tier Rate Limits, Direct WebSockets, Service-level header response modifiers and more.
New component to create Workflows and nest infinite virtual endpoints.
New type of rate-limit based on tiers.
New service-level header response modifier to delete, add, or replace headers declaratively (including the
X-KrakenD
family).Direct WebSockets communication added, in addition to the existing Multiplexing option.
OpenAPI import can include
x-krakend-
metadata to configure gateway behavior on the OpenAPI spec.The gRPC server supports now token-based authorization
Added a new rate limiter based on parameters
Memory optimization of the rate-limit that greatly reduces the consumption of RAM, and new micro-optimization options added (
cleanup_period
,cleanup_threads
,num_shards
).The JWT signer can now set a new
leeway
attribute for scenarios with desynchronized clocks.A new flag
dns_cache_ttl
allows you to set a custom DNS cache TTL for Service DiscoveryAdded support to multiple TLS certificates.
Added new properties for CORS handling
options_passthrough
,options_success_status
, andallow_private_network
New properties added to the HTTP Security component
allowed_hosts_are_regex
,ssl_proxy_headers
,force_sts_header
Customizable size of maximum header via the property
max_header_bytes
. Previously fixed to1MB
.New fields
jwt_key
andparam_definition
added to OpenAPIAdded new rules to the
audit
command.OpenTelemetry - Added static labels to global and proxy layers (thanks to @ssepml)
Corrected a memory leak on some grpc connections
Corrected redirects with trailing slash when using VirtualHosts
The
request_definition
of OpenAPI was an object previously{}
, but now is an array of objects[{}]
because multiple requests are possible. Wrap the object in an array.The properties
public_key
andprivate_key
of thetls
configuration have been moved under an arraykeys
to facilitate multiple certificates and domains. Read more
v2.7.6 (released 2024-11-07)
Minor fix on WebSockets OpenTelemetry
Remove OpenTelemetry errors on WebSockets endpoints that do not configure OpenTelemetry
v2.7.5 (released 2024-11-05)
Several minor fixes on OpenAPI, OpenTelemetry, gRPC, and Security Policies
gRPC: A non-OK status could be incorrectly considered as a connection error
OpenTelemetry: Avoid double reporting the proxy layer
OpenAPI: a path parameter with a description, in some cases, changed the parameter to not required.
Security Policies: The
auto_join_policies
did not work properly with a single policy
v2.7.4 (released 2024-10-18)
Fixed a race condition when closing gRPC connections
Fixed a race condition when closing gRPC connections
v2.7.3 (released 2024-10-09)
Improvement of Service Discovery, gRPC connections and bugfixing
gRPC connections are now shared between backends if they have the same host and TLS configuration. This translates into a performance and resources improvement.
Added a new gRPC flag
read_buffer_size
to allow customization of the gRPC read buffer.The Service Discovery system accepts now a value
dns-shared
to share the DNS resolution between backends using the same host.Upgraded Go to 1.22.8 (No security isses associated to the previous version)
Fix memory management of gRPC connections
v2.7.2 (released 2024-09-23)
Fixes for Lua access to errors and memory leak on errored gRPC connections
The Lua getter function now transparently returns a table (Lua’s native data structure) when it detects that the accessed data is an error object.
Fix a memory leak when gRPC connections failed and retry logic was triggered
v2.7.1 (released 2024-09-10)
Minor security fixes and JWK caching
Updated the JOSE library to unflag the vulnerability CVE-2024-28180 from scanner, even it does not affect KrakenD.
The gocloud library has been updated to a higher version (includes minor security fixes for PubSub, Secrets, Azure and AWS integrations)
OpenTelemetry libraries updated
Go language updated to v1.22.7
The check plugin command printed unnecessarily the help command
Prevent a failing Identity Provider to be queried constantly by introducing the property
failed_jwk_key_cooldown
OpenAPI was generating incorrect URL patterns with placeholders by decoding its special chars
OpenAPI did not accept keys with dots in the schemas
OpenAPI did not have dynamic routing into account and required to manually declare input_headers and input_query_strings, which are now automatic
Tiered rate limit durations were incorrectly parsed
Inheritance in the extended flexible configuration didn’t allow special chars
Community Edition v2.7 (released 2024-07-18, updated 2024-09-23)
Improved memory consumption of endpoint rate limit and added new security options to TLS, CORS, and HTTPSecurity.
Added a new rate limiter based on parameters
Memory optimization of the rate-limit that greatly reduces the consumption of RAM, and new micro-optimization options added (
cleanup_period
,cleanup_threads
,num_shards
).The JWT signer can now set a new
leeway
attribute for scenarios with desynchronized clocks.A new flag
dns_cache_ttl
allows you to set a custom DNS cache TTL for Service DiscoveryAdded support to multiple TLS certificates.
Added new properties for CORS handling
options_passthrough
,options_success_status
, andallow_private_network
New properties added to the HTTP Security component
allowed_hosts_are_regex
,ssl_proxy_headers
,force_sts_header
Added new rules to the
audit
command.Customizable size of maximum header via the property
max_header_bytes
. Previously fixed to1MB
.OpenTelemetry - Added static labels to global and proxy layers (thanks to @ssepml)
The properties
public_key
andprivate_key
of thetls
configuration have been moved under an arraykeys
to facilitate multiple certificates and domains. Read more
v2.7.2 (released 2024-09-23)
Fixe for Lua access to errors
The Lua getter function now transparently returns a table (Lua’s native data structure) when it detects that the accessed data is an error object.
v2.7.1 (released 2024-09-10)
Minor security fixes and JWK caching
Updated the JOSE library to unflag the vulnerability CVE-2024-28180 from scanner, even it does not affect KrakenD.
The gocloud library has been updated to a higher version (includes minor security fixes for PubSub, Secrets, Azure and AWS integrations)
OpenTelemetry libraries updated
Go language updated to v1.22.7
The check plugin command printed unnecessarily the help command
Prevent a failing Identity Provider to be queried constantly by introducing the property
failed_jwk_key_cooldown
Enterprise Edition v2.6 (released 2024-04-18, updated 2024-07-11)
OpenTelemetry integration, extended plugin capabilities, updated Grafana Dashboard, and JWT fixes.
New binary available with cryptographic module and testing requirements as per FIPS-140
Dynamic routing based on host
Added the OpenTelemetry integration which will eventually replace the previous OpenCensus component.
The new command
krakend test-plugin
tests if one or more given.so
files are loadable into KrakenD as the selected plugin type.New Grafana dashboard available for Prometheus via OpenTelemetry
Direct OpenTelemetry authentication against SaaS providers to avoid installing collectors.
New gRPC server, allowing you to serve gRPC even if you don’t have gPRC backends internally.
The Moesif integration allows you to set a security policy using
should_skip
to save traffic. It also allows now accessing nested claims to identify users and companies.More OpenAPI metadata options: Set an
operation_id
, and describe query string paramters and tags withquery_definition
andtag_definition
The license file can now live in a different path passing the env var
KRAKEND_LICENSE_PATH
or setting the flag--license
.Virtualhosts accept now
aliased_hosts
which allows you to create alias to reuse in the endpoint definition.Backend logs like
[BACKEND: /foo]
have mutated now to[BACKEND: GET /endpoint/{var} -> /foo]
showing their relationship with the endpoint.All plugins have now the KrakenD context, allowing you to perform operations during shutdown
Request and response modifier plugins have now access to the HTTP context. Reponse modifiers have also access to the internal request, knowing low-level details like which backend was selected.
The JWT Validator adds a new field
auth_header_name
to read tokens from custom headersThe JWT validator can read now scopes in array format in addition to the space-separated list
The JWT signer returns now the
typ
The audit command includes new validations and security recommendations, and fixes a false positive on the sequential rule.
New flags
max_payload
anddecompress_gzip
to limit the maximum size in bytes of requests and Gzipped content after decompression.Fixed hostname reporting on Logstash
Fixed a bug that prevented having multiple backends using Async Agents.
Force HTTP1.1 over NTLM as IIS doesn’t support NTLM/Kerberos over HTTP2.
Catchall endpoints to handle non-GET traffic.
Removed from schema previosuly deprecated fields
allow_insecure_connections
in the root. Must be declared underclient_tls.allow_insecure_connections
now.Removed from schema previously deprecated
prefetch_size
andprefetch_count
attributes from AMQP. These attributes did not have any effect in the software.The telemetry exporters based in
telemetry/opencensus
, although they are still available, won’t receive further updates and will be deprecated in the future. All efforts are focused on OpenTelemetry instead.The telemetry exporter
telemetry/influx
is still available, but won’t receive further updates and will be deprecated in the future. All efforts are focused on OpenTelemetry instead.
v2.6.4 (released 2024-07-11)
Minor fixes on OpenTelemetry and CVE mitigations
Rate limit respects TTL / every param at service level
Improve jwk-aggregator debug lines
Static route prefixes are checked in case they need a final slash
Virtualhosts routes are checked so they avoid adding redirections
OpenTelemetry panics when the close function of the reader is called when no reader has been done
Updated Go to 1.22.5 which fixes CVE-2024-24789, CVE-2024-24790 and CVE-2024-24791
Bumps github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.5.1 to 1.6.0 which fixes CVE-2024-35255
Bumps github.com/hashicorp/go-retryablehttp from 0.7.5 to 0.7.7 which fixes CVE-2024-6104
v2.6.3 (released 2024-05-16)
Minor fixes on OpenTelemetry and OpenAPI generation
OpenAPI generator did not take a customized LICENSE path
OpenAPI generation of endpoints without method was skipped
OpenTelemetry not respecting
skip_paths
on theglobal
layerOpenTelemetry panics on
nil
interfacesOpenTelemetry logs improved
v2.6.2 (released 2024-05-09)
Duplicated query strings on catchall endpoints
The
/__catchall
endpoint duplicated query strings when contacting the backendAvoid panics on opentelemetry components during startup when settings are partially configured
Updated Go to 1.22.3 which fixes CVE-2024-24788 (Severity pending to classify)
v2.6.1 (released 2024-04-22)
Minor fixes on OpenAPI documentation generation
Prevent headers declared under
input_headers
to be removed from the OpenAPI documentationDescription field under query_definition wasn’t populated into the documentation
Community Edition v2.6 (released 2024-03-11, updated 2024-05-16)
OpenTelemetry integration, extended plugin capabilities, updated Grafana Dashboard, and JWT fixes.
Added the OpenTelemetry integration which will eventually replace the previous OpenCensus component.
The new command
krakend test-plugin
tests if one or more given.so
files are loadable into KrakenD as the selected plugin type.New Grafana dashboard available for Prometheus via OpenTelemetry
Backend logs like
[BACKEND: /foo]
have mutated now to[BACKEND: GET /endpoint/{var} -> /foo]
showing their relationship with the endpoint.All plugins have now the KrakenD context, allowing you to perform operations during shutdown
Request and response modifier plugins have now access to the HTTP context. Reponse modifiers have also access to the internal request, knowing low-level details like which backend was selected.
The JWT Validator adds a new field
auth_header_name
to read tokens from custom headers (thanks to @rodion-goritskov)The JWT validator can read now scopes in array format in addition to the space-separated list (thanks to @pirm-in)
The JWT signer returns now the
typ
(thanks to @AlyHKafoury)The audit command includes new validations and security recommendations, and fixes a false positive on the sequential rule.
Fixed hostname reporting on Logstash (thanks to @lxdraw)
Fixed a bug that prevented having multiple backends using Async Agents
Removed from schema previosuly deprecated fields
allow_insecure_connections
in the root. Must be declared underclient_tls.allow_insecure_connections
now.Removed from schema previously deprecated
prefetch_size
andprefetch_count
attributes from AMQP. These attributes did not have any effect in the software.The telemetry exporters based in
telemetry/opencensus
, although they are still available, won’t receive further updates and will be deprecated in the future. All efforts are focused on OpenTelemetry instead.The telemetry exporter
telemetry/influx
is still available, but won’t receive further updates and will be deprecated in the future. All efforts are focused on OpenTelemetry instead.
v2.6.3 (released 2024-05-16)
Minor fixes on OpenTelemetry
OpenTelemetry not respecting
skip_paths
on theglobal
layerOpenTelemetry panics on
nil
interfacesOpenTelemetry reported the service name in the root instead of the one declared in the property
service_name
OpenTelemetry logs improved
Updated Go to 1.22.3 which fixes CVE-2024-24788 (Severity pending to classify)
v2.6.2 (released 2024-04-17)
Small improvements and minor fixes on JWT, OTEL and the Lura framework
Body not properly cloned with multiple backends with only one unsafe method
Fixed an OpenTelemetry panic on HTTP2
v2.6.1 (released 2024-04-09)
Small improvements and minor fixes on JWT, OTEL and the Lura framework
The JWT validation did not accept expired tokens by one second. In scenarios with desynchronized clocks the new field
leeway
allows you to extend a little bit that period.Canonicalize the header name in JWT validation to don’t force the developer to do it manually.
OpenTelemetry includes now
resource
information into the metrics (thanks to @thinkingabouther)OpenTelemetry includes now an option to report the service version, not only the service name (thanks to @adigiorgi-clickup)
Minor performance improvements on the Lura project
OpenTelemetry spans of type “kinds” fixed (thanks to @adigiorgi-clickup)
Async agent timeouts for pipes with several backends fixed
Enterprise Edition v2.5 (released 2023-11-21, updated 2024-01-10)
The v2.5 introduces API Monetization, allows multiple POSTS in and out sequential calls, adds a license
command and listening to a specific IP, and improves Flexible Configuration, E2E tests, OpenAPI, and more.
Added the API Monetization feature (integration in partnership with Moesif)
Endpoints with multiple POSTs are now possible. The restriction to work with multiple unsafe methods is now removed.
The response body generator also has access to the request body using
.req_body
New command
license
to check licenses in pipelines automaticallyThe End-to-End testing allows multiple calls in a single test case using
next
.The Extended Flexible Configuration can work automatically now without any environment variables when you have a
flexible_config.json
file, accepts multiple partial dirs, adds a.meta
variable in templates, and improves error logging and debuggingThe OpenAPI generation allows you to define the request body using
request_definition
and also to declare component/schemas you can reuse in endpoints with the$ref
attribute.Added Mutual TLS from the gateway to your upstream services, both globally (all connections) or individually per backend
API keys declaration accepts now the hashing functions
fnv128
,sha256
, andsha1
.The body request generator is now available at the endpoint level in addition to the backend. It also parses the query and path at a later stage to have the most up-to-date values.
The new field
listen_ip
can now restrict the service to listen to a specific IP.Added new attribute
static_routing_key
on AMQP consumers (thanks to Georgios Chronis).Added a second level of
input_query_strings
in the backend section.The
propagate_claims
attribute for JWT claims now sets to blank those headers with missing values and does not allow the user to override via custom headers.The gRPC can now use headers to construct the payload
The WebSockets load balancer now takes a random host when a previously established connection fails.
The Flexible Configuration and the
--lint
flag ofcheck
can work now in a single stepYour custom plugins (server and client) will now receive the Service Go Context, so you can cancel services started by the plugin when the gateway shuts down.
Identity servers returning
Content-Type: application/jwk-set+json
in theirjwk_url
are now accepted.When defining a custom
router
section, the default settings forremote_ip_headers
were reset.The rate limit eviction was resetting on very large time settings
Fixed race conditions on global JWK URL keys cache
Requests with method OPTIONS (CORS module) with HTTP/2 without
HTTP/1.1 Upgrade
returned 405 status code instead of 204 whenuse_h2c
flag was enabled (thanks to @anivanovic)WebSocket race condition on concurrent writing
The flag
router.use_h2c
has moved to the root level asuse_h2c
, and its usage inside therouter
is marked as deprecated.
v2.5.3 (released 2024-01-10)
Security fix on the Go lang crypto
package and API keys
The JWT company information was not correctly reported to the Moesif API (Monetization)
API Key-enabled endpoints without defining any roles validate now against any valid API key in the settings list
Upgraded libraries to remove the issue CVE-2023-48795. This issue does not affect KrakenD, but scanners flag the binary
v2.5.2 (released 2023-12-06)
Security fix on the net/http
package. OpenAPI export command fixed.
Fix
openapi export
to not require the inclusion of a service extra_configIntroduced a fix to address CVE-2023-39326
net/http: limit chunked data overhead
v2.5.1 (released 2023-11-30)
WebSockets and OpenAPI export bugfixes.
Correct problem in concurrent writes in the same WebSockets connection
Make global OpenAPI configuration optional
Abort OpenAPI generation when a schema has errors for better CI/CD integration
Community Edition v2.5 (released 2023-11-09, updated 2024-01-22)
The v2.5 binary allows multiple POSTS in and out sequential calls, restricts service listening to a specific IP, and improves JWT and AMQP.
Endpoints with multiple POSTs are now possible. The restriction to work with multiple unsafe methods is now removed.
Added new attribute
static_routing_key
on AMQP consumers (thanks to Georgios Chronis).The new field
listen_ip
can now restrict the service to listen to a specific IP.You can now configure mTLS options globally to connect to your backends
Added a second level
input_query_strings
in the backend section.The Flexible Configuration and the
--lint
flag ofcheck
can work now in a single stepYour custom plugins (server and client) will now receive the Service Go Context, so you can cancel services started by the plugin when the gateway shuts down.
Identity servers returning
Content-Type: application/jwk-set+json
in theirjwk_url
are now acceptedWhen definining a custom
router
section the default settings forremote_ip_headers
were reset.The rate limit eviction was resetting on very large time settings
Fixed race conditions on global JWK URL keys cache
Requests with method OPTIONS (CORS module) with HTTP/2 without
HTTP/1.1 Upgrade
returned 405 status code instead of 204 whenuse_h2c
flag was enabled (thanks to @anivanovic)The
propagate_claims
attribute for JWT claims sets now to blank those headers with missing values, and does not allow the user to override via custom headers.The flag
router.use_h2c
has moved to the root level asuse_h2c
, and its usage inside therouter
is marked as deprecated.
v2.5.1 (released 2024-01-22)
Security fix on the Go lang crypto
package
Add parent endpoint info to backend logs
Upgraded Go lang version to 1.20.13
Upgraded the Go lang
crypto
package to remove the issue CVE-2023-48795. This issue does not affect KrakenD, but scanners flag the binaryDo not abort the loading of handler plugins when one of them fails
Enterprise Edition v2.4 (released 2023-08-29, updated 2023-10-12)
The v2.4 introduces powerful features such as the Catch All (or No-route, or Fallback), the Advanced Flexible Configuration, response manipulation using templates, improves gRPC, or the conversion of some plugins to native functionality. It also includes all features and fixes of Community 2.4.3. Check out the rest of features.
The new Catchall endpoint defines a fallback backend for any non-matching route and method
The new Advanced Flexible Configuration adds the
$ref
keyword, recursivity, behavior file and much moreResponse body transformation using templates with the
modifier/response-body-generator
A rewritten rate limit introduces the
every
component, allowing to set limits per second, minute, or hour.Add a second level of
input_headers
filtering in thebackend
section.The DNS SRV can now use protocols other than
http
through the flagsd_scheme
.Added
header_mapping
to pass headers of gRPC backends as metadata.The JWK aggregator now fetches all keys in parallel and adds the
cache
attribute to reduce network traffic.The Static Filesystem is now available natively, and the plugin is no longer needed. There is also a new flag
directory_listing
.Virtualhosts are now available natively and the plugin is no longer needed.
Log the name of endpoints that cannot register correctly during startup
The
krakend check --lint
command fetches the schema for its version.The
post
execution on Lua fixes the error handling.The static filesystem plugin has been deprecated. Upgrade to the native functionality.
The virtual host plugin has been deprecated. Upgrade to the native functionality.
The Instana integration was deprecated in previous versions and has been removed.
The Google Analytics integration was deprecated in previous versions and has been removed.
When the license is missing or expired, the Enterprise binary will not try to run in open source mode as there might be security implications, such as not understanding security policies.
The flag
tls.allow_insecure_connections
has been relocated underclient_tls.allow_insecure_connections
in v2.3, and the old location is no longer supported.The flag
prefer_server_cipher_suites
is no longer supported. Servers now select the best mutually supported cipher suite automatically based on the logic that considers inferred client hardware, server hardware, and security.
v2.4.2 (released 2023-10-12)
Addresses the Distributed Denial of Service (DDoS) vulnerability affecting several HTTP/2 server implementations, which are assigned CVE-2023-44487 and CVE-2023-39325, known as Rapid Reset Attack.
Introduced a fix to address CVE-2023-44487
Introduced a fix to address CVE-2023-39325
v2.4.1 (released 2023-09-13)
This release fixes the buffer size of WebSocket messages.
WebSocket messages larger than 4KB were split despite overriding this behavior with
max_message_size
Corrected the
$schema
URL when using the--lint
flag to point to the correct versionCorrected a continuos restart of the
:watch
Docker container when using the new Advanced Flexible Configuration for the first time
Community Edition v2.4 (released 2023-06-29, updated 2023-10-12)
The v2.4 improves the rate limit usage experience to support non-second time intervals, and offers more granularity option to improve security.
A rewritten rate limit introduces the
every
component, allowing to set limits per second, minute, or hour.Add a second level of
input_headers
filtering in thebackend
section.The DNS SRV can now use other protocols than
http
through flagsd_scheme
.Log the name of endpoints that cannot register correctly during startup
The
krakend check --lint
command fetches the schema for its version.The
post
execution on Lua fixes the error handling.The flag
allow_insecure_connections
was relocated underclient_tls
in v2.3 and the old location ontls
is no longer supported.The flag
prefer_server_cipher_suites
is no longer supported. Servers now select the best mutually supported cipher suite automatically based on the logic that considers inferred client hardware, server hardware, and security.
v2.4.6 (released 2023-10-12)
Addresses the Distributed Denial of Service (DDoS) vulnerability affecting several HTTP/2 server implementations, which are assigned CVE-2023-44487 and CVE-2023-39325, known as Rapid Reset Attack. Patches 2.4.4 and 2.4.5 are failed builds, and do not count as releases.
Introduced a fix to address CVE-2023-44487
Introduced a fix to address CVE-2023-39325
v2.4.3 (released 2023-07-27)
This release does not contain any software changes. Instead, it fixes the packaging used in on-premise installations: Azure VM, RPM, and DEB. This change is because patch 2.4.2 upgraded Debian to an unsupported version, and it has been reverted.
v2.4.2 (released 2023-07-07)
We have updated our internal libraries to rectify security issues identified in scans. While these issues do not affect KrakenD’s operations, the updated version provides clean container scans. Notably, CVE-2023-29406, related to HTTP/1 client’s Host header validation, does not impact most users due to our zero-trust security, but may affect those utilizing the non-recommended input_headers: ["*"]
policy.
Bump golang library addressing CVE-2023-29406
Bump golang library addressing CVE-2023-32731
Bump gin framework addressing CVE-2023-29401. KrakenD does not use the affected function.
v2.4.1 (released 2023-06-01)
Fix on the new rate limit component
The rate limit did not load because its namespace was internally rewritten using an ancient namespace (KrakenD v1)
Enterprise Edition v2.3 (released 2023-05-19, updated 2023-07-07)
The v2.3 includes awaited new features requested by customers, such as
gRPC backends without plugins, easier wildcards (simply writing a star *
),
and the End-to-End testing with JSON Schema contracts. It also includes all features and fixes of Community 2.3.2. Checkout the rest of features.
Easier wildcards using the
/path/to/*
syntax. Plugins are no longer needed!Automatic gRPC backends based on proto files. No plugins are needed anymore.
Added Multiple merge of OpenAPI contracts. Import many contracts in one operation.
Added NTLM authentication for Microsoft Dynamics and similar integrations
The security policies add now bitwise operations to facilitate mask calculation.
The new OpenAPI serve command to start a KrakenD server with the OpenAPI file and no import.
The New Relic integration now accepts an additional list of headers to report
Added service-to-service authentication flow on Google Cloud
Support for legacy API keys that pass keys without a
Bearer
orBasic
indication.Override of API keys strategy and identifier per endpoint.
Retries for AMQP consumers and producers with configurable back-off strategies
Global caching of JWK URLs, reused between endpoints.
KrakenD Designer can now apply changes on a local KrakenD directly from the web.
New
/__echo/
endpoint, to dump requests from users and test functionality.Added
use_h2c
(clear text HTTP/2), in addition to the already supported HTTP/2 over TLSAdd new TLS settings for the internal HTTP client (
client_tls
)Add per backend HTTP client settings, including no redirect, TLS, and web proxy
The body generator, and the soap integration support now Sprig functions.
The underlying Go version has been upgraded to 1.20.4, which includes security fixes to crypto packages.
The audit rules add more security recommendations.
WebSockets with forced Gzip could panic
JMESpath support for json.Number instead of integer
HTTP logger plugin panic
The
router
configuration was overwriting defaults for unexisting attributesThe
prefetch_size
flag on AMQP was never implemented, and it has been removed from the configurationThe
prefetch_count
has been removed from AMQP producers as it only makes sense in a consumer scenarioThe
krakend generate openapi
command has been renamed tokrakend openapi export
; please replace its usages.The
krakend generate from openapi
command has been renamed tokrakend openapi import
; please replace its usages.The HTTP proxy plugin is deprecated as the functionality is natively supported as an HTTP Client option.
The no-redirect plugin is deprecated as the functionality is natively supported as an HTTP Client option.
The
allow_insecure_connections
property at the service level now moves underclient_tls
>allow_insecure_connections
.The Instana integration is deprecated and will be removed in future releases.
The Google Analytics integration is deprecated and will be removed in future releases.
v2.3.3 (released 2023-07-07)
We have updated our internal libraries to rectify security issues identified in scans. While these issues do not affect KrakenD’s operations, the updated version provides clean container scans. Notably, CVE-2023-29406, related to HTTP/1 client’s Host header validation, does not impact most users due to our zero-trust security, but may affect those utilizing the non-recommended input_headers: ["*"]
policy.
Bump golang library addressing CVE-2023-29406
Bump golang library addressing CVE-2023-32731
Bump gin framework addressing CVE-2023-29401. KrakenD does not use the affected function.
v2.3.2 (released 2023-06-22)
Small fixes on Redis rate limiter, gRPC, API keys, and Lua
Lua: Corrected bug not preventing lists to grow, and added a special type for
nil
treatment.API Keys: When a user key is valid, but it does not have permissions to use the resource now a 403 is returned instead of the 401
gRPC: Fix types of recursive objects
Better logging on plugins
Redis rate-limit: Fix a corner-case panic during startup
v2.3.1 (released 2023-06-08)
Fixes on Redis rate limiter, Alpine security upgrade, body generator, gRPC, and added new helpers in Lua
Add list and table helpers to Lua scripts
Automatically set content-type
application/json
for GraphQL backends, no longer needing the client to pass it + fixes in formattingFix escaped chars during XML rendering
Avoid startup panic when using proxy rate limit with capacity 0
Bodygenerator: Push Content-Length header with the calculation of a generated body.
Redis rate limit: Fix on zero capacity limits
gRPC endpoints not filling data with URL parameters and query strings combinations
Avoid initial wait for client connection and add retry strategies on WebSockets
Upgrade Docker image base to Alpine 3.18
Community Edition v2.3 (released 2023-04-20, updated 2023-06-01)
The v2.3 adds more connectivity options with backends and caching and adds the possibility to load changes into a local KrakenD using the Designer (UI) directly.
AMQP consumers and producers offer now retries with several backoff strategies.
Downloading of JWK URLs now uses global caching (reused between endpoints)
KrakenD Designer can now apply changes on a local KrakenD directly from the web.
New
/__echo/
endpoint, to dump requests from users and test functionality.Added h2c protocol (clear text HTTP/2), in addition to the already supported HTTP/2 over TLS
Add new TLS settings for the internal HTTP client (
client_tls
). The flagallow_insecure_connections
moves inside it.The underlying Go version has been upgraded to 1.20.3, which includes security fixes to crypto packages.
The audit rules add more security recommendations.
The
router
configuration was overwriting defaults for unexisting attributesThe
prefetch_size
on AMQP flag was never implemented, and it has been removed from the configurationThe
prefetch_count
has been removed from AMQP producers as it only makes sense in a consumer scenarioThe flag
tls.allow_insecure_connections
is now marked as deprecated because it has moved toclient_tls.allow_insecure_connections
. The support undertls
will be removed in the next version.
v2.3.3 (released 2023-06-01)
Fixes on GraphQL, Alpine security upgrade, and added new helpers in Lua
Upgrade Lura engine to 2.2.8
Add list and table helpers to Lua scripts
Automatically set content-type
application/json
for GraphQL backends, no longer needing the client to pass it + fixes in formattingFix escaped chars during XML rendering
Fix glibc detection on macOS (by @dschanoeh)
Avoid startup panic when using proxy rate limit with capacity 0
Upgrade Docker image base to Alpine 3.18 to mitigate SSL3 CVE-2023-1255 (by @ksylvan)
v2.3.2 (released 2023-05-05)
Fixed plugin builder and corrected edge cases in JWT validation.
Custom plugins: Alpine image builder fixed for ARM64
JWT: Panic when receiving an invalid number of claims
JWT: Remove misleading error log when no global cache is defined
JWT: index out of range
Upgrade to Go version 1.20.4, which includes security fixes in the packages
crypto/subtle
,crypto/tls
,net/http
, andsyscall
v2.3.1 (released 2023-04-26)
The new TLS Client functionality was not included in the release.
The
deny
attribute did not work on the third nesting level and above.The new
client_tls
attribute was not yet included.
Enterprise Edition v2.2 (released 2023-02-27, updated 2023-04-19)
The v2.2. introduces a new security policies engine, routing based on headers, OpenAPI 3, SOAP integration with custom body generation, everything on Community 2.2.1, and more.
New Dynamic Routing based on headers and query strings.
JMESpath Query Language at the endpoint level
Support for OpenAPI 3
The Bot Detector adds the flag empty_user_agent_is_bot to define empty user agent treatment.
Output adds gzip compression
When you were loading multiple plugins, and one of them failed, the gateway did not load the rest. Now the sequence will continue excluding the failing one.
Older Docker images raised false positives when performing security scans due to an unused but included library (Thrift server). This library is no longer in the code.
v2.2.1 (released 2023-04-19)
Enables backoff strategies for AMQP producers and consumers, and fixes OpenAPI generation issues.
AMQP consumers and producers offer now retries with several backoff strategies.
Request modifier plugin loader is now hardened and is more strict to prevent human error.
Prevent showing 500 status codes when using the body-generator component that receives an empty body
OpenAPI includes basic auth information when available for the new component (not the plugin).
OpenAPI output is now deterministic. The order of elements of the output is ordered.
OpenAPI runtime error when declaring nested JSON schemas
Lua exited with semicolon characters
Conflicting treatment of floats and integers on JMESpath component
The underlying Go version has been upgraded to 1.20.3 which includes security fixes to crypto
Community Edition v2.2 (released 2023-02-03, updated 2023-04-19)
It introduces a new security audit command (krakend audit
) that parses and analyzes your configurations and outputs security recommendations. We have designed it to run as a standalone command or integrated it into your existing CI/CD pipeline to avoid dangerous configurations, such as unwillingly disabling the TLS, setting excessive timeouts, unprotected endpoints, or similar scenarios.
When you were loading multiple plugins, and one of them failed, the gateway did not load the rest. Now the sequence will continue excluding the failing one.
Older Docker images raised false positives when performing security scans due to an unused but included library (Thrift server). This library is no longer in the code.
The Flexible Configuration component upgrades Sprig from v2 to v3. This has changes in the way
^
is handled. Some of the new functions available arefromJson
,addf
,maxf
,mulf
,osBase
,osDir
,osExt
,osClean
, orosIsAbs
. It also documents how to useyaml
ortoml
to write configurations using FC.The Jaeger exporter now supports the UDP protocol to post traces to a Jaeger-agent.
The Bot Detector adds the flag
empty_user_agent_is_bot
to define empty user agent treatment.JWT: Extraction of JSON from paths in JWT claims has been improved
JWT is now more restrictive, and fallbacks to returning 401 error codes with incorrect configurations.
The JWK URL requests to your identity server include now a KrakenD-specific user agent.
v2.2.1 (released 2023-04-19)
Fixes a memory leak on Shadow Proxies.
Fixed memory leak on Shadow Proxies when the response wasn’t a 200
Fixed
audit
command that would still warn on some fixed issuesUpgraded Go to version 1.20.1
Enterprise Edition v2.1 (released 2022-10-28, updated 2023-01-23)
KrakenD Enterprise v2.1 brings a lot of new functionality, including advanced manipulation with a JSON Query language, a Revoke Server to manage tokens in clusters, new Kibana and Grafana dashboards, faster encoding, a rewritten and richer NewRelic exporter, Websockets balancing, everything on Community 2.1.2, and much more.
The private Amazon or Azure container registries are now publicly hosted under the repository
krakend/krakend-ee
on Docker HubNew JWT Revoke Server that pushes revoke instructions to all members in the cluster and maintains consistency between all the nodes, existing or new.
The new Service Rate Limit controls the usage of a specific user or all users against all endpoints in the API.
The new Response Schema Validator ensures that the backend responses contain at least the structure of your choice, defining the rules with a JSON schema.
The new Content Replace is a manipulation plugin that allows you to apply regular expressions to the response.
The new fast-json encoding is 140% faster on collections and 30% faster on objects on average tests, compared to the open source edition json decoder.
WebSocket servers load balancing
New repository Telemetry Dashboards, including Kibana, Grafana, Logstash, and Influx v2
The NewRelic exporter has been rewritten from scratch, including now distributed traces and richer content.
When you use OpenAPI in combination with JSON Schema, write methods add the validation requirements in the documentation.
Multiple OpenAPI exports based on the
audience
field.Add a response example to OpenAPI exports
Added a
skip
option for the static server to ignore matching sub-paths and route them to KrakenD endpointsAdded a
no_redirect
option to wildcards to let clients follow redirections (e.g: user logins)Added identifier to the API Key authentication to allow custom headers and custom query strings.
Added a krakend version command that outputs the KrakenD, Go, and Glibc versions.
Added allow_insecure_connections flag to ease development stages that use self-signed certificates.
Customizable response body for 404 and 405 errors
Added context propagation between Handler plugins and KrakenD Client plugins
Added capacity and client_capacity (token bucket size) to router rate limit, previously only on backend rate limit.
More logging consistency (Bot detector, Bloom filter, Gologging)
Better control of errors when GELF is failing
Influx client not initialized during startup randomly (namespace collision being the cause)
The
check-plugin
command could panic when analyzing malformed files.Easier logging to disk or remote server logging via the configurable syslog facility
The
--accept-eula
(or-e
) flag is no longer necessary to start KrakenD and should be removedThe
telemetry/opencensus
component for NewRelic will stop working in future versions. Usetelemetry/newrelic
instead.
v2.1.2 (released 2023-01-23)
The patch v2.1.2 updates dependencies that have security vulnerabilities.
Add the content-type header when returning errors
Upgrade from Go 1.19.3 to Go 1.19.5, which includes security fixes to the
net/http
,crypto/x509
, andos
packages, among others.Caching backends with gzipped content wasn’t working properly
Upgraded the gin router to avoid panics on certain 404 paths.
Improve render selection when negotiating XML content
Use a float instead of an integer for API keys rate limiting
Add security definitions to OpenAPI generation
v2.1.1 (released 2022-11-24)
The patch v2.1.1 fixes logging on the wildcard and a race condition on OpenAPI generation.
Fix OpenAPI race condition
Fix wildcard plugin logger messages
Community Edition v2.1 (released 2022-09-30, updated 2023-01-12)
KrakenD 2.1 brings a new ready-to-use Kibana dashboard, an updated Grafana Dashboard for InfluxDB v2 and more features and bugfixes
New repository Telemetry Dashboards, including Kibana, Grafana, Logstash, and Influx v2
Added a
krakend version
command that outputs the KrakenD, Go, and Glibc versions.Added
allow_insecure_connections
flag to ease development stages that use self-signed certificates.Added context propagation between Handler plugins and KrakenD Client plugins
Added capacity and client_capacity (token bucket size) to router rate limit, previously only on backend rate limit.
Added
capacity
andclient_capacity
(token bucket size) to router rate limit, previously only on backend rate limit.Easier logging to disk or remote server logging via the configurable syslog facility
More logging consistency (Bot detector, Bloom filter, Gologging)
Better control of errors when GELF is failing
Influx client not initialized during startup randomly (namespace collision being the cause)
The
check-plugin
command could panic when analyzing malformed files.
v2.1.4 (released 2023-01-12)
Corrects a bug when caching Gzipped content and adds the Content-Type
header when returning errors.
Add the
Content-Type
header when returning errorsUpgrade from Go 1.19.3 to Go 1.19.5, which includes security fixes to the
net/http
,crypto/x509
, andos
packages, among others.Caching backends with gzipped content wasn’t working properly
Upgraded the router to avoid panic on certain 404 paths.
Improve render selection when negotiating XML content
v2.1.3 (released 2022-11-18)
ARM64 support, and obfuscate the KrakenD version header.
Now officially supporting ARM64 architectures, releasing new Docker containers and packages.
Performance improvement on Lambda usage
A new flag,
hide_version_header
, placed in the router settings, allows obfuscating theX-Krakend-Version
header.JSON Schema: Return a 400 status code when the body is empty or a malformed JSON (thanks to @efcasado)
Reject requests with special chars in the params
v2.1.2 (released 2022-10-24)
Corrects a bug with parameters sent to the backend
Some requests sent to backend didn’t have the parameters replaced from the client URL
v2.1.1 (released 2022-10-21)
Adds a Docker image to build plugins and fixes issues with the JOSE and Lua packages.
Bot Detector: Avoid aborting with an error
Influx: Logs normalized for better consistency
JOSE: Use a sempahore to orchestrate the concurrent warm up of the JWK caches
Lambda: Upgrade the AWS SDK version used (by @boris154)
The
krakend check
command did not accept configurations with zero number of endpoints.JOSE: The SecretProvider didn’t receive the provided CacheDuration (by @mguay22)
JSON Schema: Validate schema definitions and reuse schema (by @moritzploss)
Lua: Error messages couldn’t contain the
:
character.Martian: Replace the
header.Id
modifier with a working custom implementation.
Enterprise Edition v2.0 (released 2022-05-04)
KrakenD Enterprise 2.0 is a major rework and needs migration. API Analytics, IP Filtering, GraphQL, OpenAPI importers and exporters, integration tests, specific request/modifier plugins, Async Agents, backend response logging (dumper) and improves the existing WebSockets, API Keys, configuration syntax, New Relic reporting, logging, and router to put a few examples. It also includes everything on Community 2.0.4.
The new Google Analytics integration allows you to generate API Analytics from your API activity
The new IP filtering plugin allows you to restrict the traffic to your API gateway by CIDR
REST to GraphQL conversion, or direct consumption of GraphQL through the gateway
Generate a KrakenD configuration from an OpenAPI spec file
A new command
krakend e2e
allows you to execute integration testsBackend response logging
New plugin types (request/response)
Plenty of new configurable router flags
The
krakend check
adds verbosity levelA new command
krakend check-plugin
for quicker development of custom pluginsShortened configuration namespaces.
NewRelic reporting
Better logging, with more context
Alpine-based Docker image
Community Edition v2.0 (released 2022-03-07, updated 2022-08-23)
KrakenD 2.0 is the new major version of KrakenD bringing a lot of improvements to the API Gateway. GraphQL, specific request/modifier plugins, async agents, easier configuration, better logging, and a more flexible router to put a few examples.
REST to GraphQL conversion, or direct consumption of GraphQL through the gateway
Backend response logging
New plugin types (request/response)
Plenty of new configurable router flags
The
krakend check
adds verbosity levelA new command
krakend check-plugin
for quicker development of custom pluginsShortened configuration namespaces.
Better logging, with more context
Alpine-based Docker image
To upgrade the configuration from v0.x or v1.x see the legacy migration tool
v2.0.6 (released 2022-08-23)
Adds a flag -f
to the check-plugin
to help developers fix their custom plugins.
Add
-f
flag tocheck-plugin
command to output recommendedgo get
commands after analyzing thego.mod
of the custom plugin.Caching backends with gzipped content wasn’t working properly
Fix version comparison using semantic versioning.
v2.0.5 (released 2022-06-15)
Pending renames of organizations to krakendio
Organization rename from
devopsfaith
tokrakendio
Upgrade Lura dependencies to 2.0.5
v2.0.4 (released 2022-05-03)
Fixes two bugs in the JOSE component and the new response modifier plugins.
Corrected long integers during claim extraction (krakend-jose)
Deprecate Metadata() and instead use Header() and StatusCode() for response modifier plugins
v2.0.3 (released 2022-04-28)
Security fix in the crypto/elliptic
package.
Corrected response modifier interface to create req/resp plugins
Updated the ASCII logo on command line :)
Upgrade Go lang version to 1.17.9. Includes security fixes to the crypto/elliptic and encoding/pem packages
v2.0.2 (released 2022-04-22)
Minor fixes and optimizations on several components
Add nmap scans on Makefile
Dependencies updated
Enabled DeepSource code scans
Jose: Fix integer claim formatting
Jose: use a mirror of go-auth0
Ratelimit config must use snake_case keys instead of camelCase
Other minor fixes and optimizations in Flatmap, Lua, Cobra, and AMQP components
v2.0.1 (released 2022-04-01)
Removes old syntax from rate limit.
Ratelimit using previous version syntax
Fixed AMQP logging
Community Edition v1.4 (released 2021-06-10, updated 2021-06-12)
KrakenD 1.4 is the last version of the 1.x family and primarily replaces the KrakenD Framework with the Lura Project and includes minor bug fixing and an extended flexible configuration. The next release with the new functionality will be 2.0.
All dependencies for the framework moved to Lura
The
json-collection
output encoding allows returning collections directlyAdded Sprig functions to Flexible Configuration
Allow the propagation of nested claims using dot notation (JWT)
Add the
del
method to Lua
v1.4.1 (released 2021-06-12)
Removes old syntax from rate limit.
Call to the opencensus HTTPExecutorFactory so it receives the backend configurations. Updated deps to use latest opencensus and lura version to include other bugfixes in the Lura framework.
Fix corner cases where the http cache could be ignored
Enterprise Edition v1.3 (released 2021-05-21)
First commercial version of KrakenD Enterprise. Includes everything in the Community v1.3 and adds generator commands for OpenAPI, Postman, and rendering PNG files with the configuration. It also adds support for wildcard routes.
New
generate postman
commandNew
generate openapi
commandNew
generate config2dot
commandSupport for wildcard routes
Multiple identity providers
Integration of secret providers
Community Edition v1.3 (released 2021-02-24)
KrakenD 1.3.0 makes focus on completing the RBAC system regarding JWT.
Scopes validation (thanks to @chrisdennig)
Extract and forward claims as headers (thanks to @chrisdennig)
Support for Oracle Identity Cloud Service by allowing key identifers other than
kid
such asx5t
orkid_x5t
(contribution from Oracle)Allow loading of local JWK files
Integration with secret providers such as, Amazon KMS, Azure’s Key Vault, Google Cloud KMS, Hashicorp’s Vault, Encrypted or plain base64 file
Expose router request host to Lua virtual machine (thanks to Marc Ruiz from Stayforlong)
Add
X-Forwarded-Host
header (thanks to Marc Ruiz from Stayforlong)Allow the extraction of client IP from custom headers
Add debugging information to CORS component
The Etcd component is no longer loaded in KrakenD-CE (but the repository is available for custom integrations)
The WASM-based emulator in KrakenDesigner has been removed.
Community Edition v1.2 (released 2020-10-05)
KrakenD 1.2.0 adds a health endpoint, array manipulation, safejson encoding, Datadog integration, JWT claims as url parameters, and many other features and bugfixes.
Added a
/__health
endpointRemoved the wording
whitelist
andblacklist
from all our products (#BlackLivesMatter)Datadog integration
Array manipulation available after merging multiple backends
All
KRAKEND_
-like environment vars to override configurationA lot of small features and bugfixes
Flatmap (array manipulation) now also at endpoint level
Removed wording with racist connotations
whitelist
andblacklist
. Now usingallow
anddeny
instead.Upgrade go to 1.15.
support for the append operation added
Added a new supported encoding
safejson
support for nested targets added
Client plugin example fixed
Do not copy nil readers on
no-op
Nested sequential params
Clone also the request body in the CloneRequest method
The
/__debug/
endpoint accepts now any methodUse the weight of the SRV record to generate the list of hosts when resolving a service name
Decompress gzipped responses before parsing them
Added a
/__health
endpointAbility to use collections in sequential proxy as input (collection filters)
Support using JWT claims as backend url params
Mutual TLS between KrakenD and clients added
Check that headers aren’t
nil
on Lua scriptsPub/sub module ignores empty hosts
Lua scripts can now send custom errors
The
RunServer
can be injected into the executor builderIntegration test for CORS with auto-redirects added
CORS mw for gin removed and added as a RunServer wrapper so it’s always executed
Support for namespaced custom claims added
Added more integration tests
Bad request status code added on JSON Schema validation
Configuration can be overriden with
KRAKEND_
-like environment varsIntegration with Datadog
Add ca-certificates as dependency on debian
Allow “sequential proxy” to work with a POST, PUT and DELETE if there are only GET methods before (thanks to Alphyron)
Updated CEL engine with more features
Added a label
name
to circuit breakers to identify activity from different circuits in the logs and traces.XML encoder supports now ISO-8859-1 encoding (in addition to UTF8)
Community Edition v1.1 (released 2020-04-02)
KrakenD 1.1.0 adds Kafka integration, an extended Docker image, telemetry for Azure Monitor and performance improvements.
Corrected a bug in the httpsecure module.
Lambda context as base64 json-encoded context
Lua request and response helpers
Upgraded to Go 1.14
Optimization of the rate-limit module
Optimization of the load-balancer
Added Opencensus exporter to send metrics to Azure
Added Apache Kafka integration
FIFO HTTP handler plugin loader (adding more than one HTTP handler plugin to the gateway)
Add metrics for Go and process to Prometheus exporter (Thanks to Lucas Bremgartner)
Docker image supporting plugins (Thanks to Alexandr Hacicheant)
Community Edition v1.0 (released 2019-09-21)
In November 2016, we released KrakenD framework to the public. After three years serving traffic around the world, and a lot of lessons learned on the way, KrakenD 1.0 is out 🎉🎉🎉
dedicated plugin loader function added
return all headers from proxy response
botdetector module added
pass the gelf writer to the gin logger
lua module
support for handler plugins added
support for http request executor plugins added
krakend-lambda module added
pubsub module added
forward the user-agent header
opencensus upgraded to 0.21.0
send the XML response without a final line break
alpine version upgraded
integration tests extended
xml render improved
upgrade to 1.13.1
moving from dep to go mod
Community Edition v0.9 (released 2019-04-07)
Integration with AMQP, traffic shadowing, and flatmaps!
AMQP client (producer and consumer)
Shadow proxy factory added to the proxy factory stack
CEL: upgraded to 0.2.0
Flexibleconfig: accept partial templates
martian: status package included
ratelimit: cleanup unused limiters after some TTL
cobra:
krakend check
exits with a non zero status code when the configuration failsusage: timeout added to every request
Flexibleconfig: fix ‘invalid cross-device link’
Community Edition v0.8 (released 2019-03-08)
New validation module (CEL), wildcard option to forward all query strings and headers to the backend.
Updated to Go 1.12
Logging GELF formatter,
Logstash logger integration
Added logging to the circuit breaker to warn every time the circuit is opened/closed
Metrics log removed
Forbidden and unauthorized responses
New CEL module (JWT, request and response)
Client headers are now case insensitive
Added a wildcard option to forward all query strings and headers to the backend
Possibility to include error details into the response
Etcd client updated to 3.3
Influx client updated
Reuse OAuth2 client sessions
JWK client supports local CA
Chained token rejecters
Community Edition v0.7 (released 2018-11-08)
Integration with Graylog Clusters, schema validation and metrics exporter to Stack Driver.
Support for sending structured events in GELF format (Graylog Cluster)
Added a json schema validator to valid endpoint inputs before reaching the backends
Added the sequential proxy merger (Use input from a previous backend response)
Added StackDriver as a new backend for metrics and traces
Added a usage stats report (can be disabled passing env var USAGE_DISABLE=1 when starting)
Community Edition v0.6 (released 2018-09-07, updated 2018-10-04)
Adds the JOSE component that validates and signs JWT tokens, and a bloomfilter to facilitated decentralized revoke.
Added JOSE component. Validation and signing of JWT tokens
Added the Bloomfilter component to facilitate decentralized revoke of tokens at a massive rate.
Added the Cross-origin resource sharing (CORS) component
Golang updated to 1.10.3
Updated Opencensus component, adding an exporter to AWS XRay
v0.6.1 (released 2018-10-04)
Upgrade to Go 1.11 and Hombrebew release with Go 1.11
Updated to Go 1.11
Specific Mac OSX changes to release homebrew with Go 1.11.
HTTP secure component updated
Updated bloomfilter to 0.6.1
Community Edition v0.5 (released 2018-06-08, updated 2018-06-16)
This release focuses heavily on metrics and its export options to different backend systems such as Zipkin, InfluxDB, Prometheus or Jaeger. It also adds the NoOp logger and exposes all the advanced settings of the http client and server, giving all the power to the user.
Updated golang version to 1.10.2.
Fully configurable custom metrics module. Also with influxdb exporter
Support for flexible configuration in the krakend.json
Opencensus integration (with 5 exporters: Zipkin, Prometheus, Jaeger, InfluxDB, Logger)
Added more output decoders in addition to JSON
Enabled advanced HTTP Client settings
Custom combiners for merging the backend responses.
Added static responses behavior to several strategies
v0.5.1 (released 2018-06-16)
Fix an error on OpenCensus
OpenCensus returned an error if the exporter wasn’t defined
Community Edition v0.4 (released 2018-01-20, updated 2018-03-08)
Open sourcing all the 1st-year enterprise components!
KrakenD 0.4 core with the
gin
routerCircuit breaker
Rate limit
Oauth2 client
Service, router, proxy and backend metrics
Security router
Google’s Martian library integration (Injections via DSL)
JSON, RSS and XML encoding
Logging
Service discovery integrations: etcd, DNS SRV
Cobra prowered CLI
Enterprise Edition v0.3 (released 2017-09-08)
Add service discovery through etcd
Added etcd service discovery
Improved support for custom transport layers for the backend communication
More data collected from the backend responses
Support for Go 1.9
Gin router update
Enterprise Edition v0.2 (released 2017-05-26)
Add service discovery through DNS SRV and decoding of RSS responses.
DNS SRV Service Discovery
Accept collections in the backend responses (as opposed to objects)
RSS decoder added
Enterprise Edition v0.1 (released 2017-01-29)
First version of the functional gateway.
Process endpoints with Gin router
Fully functional gateway with aggregation of multiple backends
Community Edition v0.0 (released 2016-11-04)
Initial commit of KrakenD Framework open-source libraries. No ready-to-use gateway yet.