A new patch version KrakenD 2.2.1 is available to download page. Upgrading from any 2.x does not require changes in the configuration. What’s changed in v2.2.1 vs 2.2.0 This patch version includes the following fixes: [bugfix] Fixed memory leak on Shadow Proxies when the response wasn’t a 200 [bugfix] Fixed audit command that would still warn on some fixed issues [security] Upgraded Go to version 1.20.1 Full Changelog: https://github.

Continue reading →

The KrakenD team is pleased to announce the release of KrakenD Community Edition v2.2. It introduces a new security audit command (krakend audit) that parses and analyzes your configurations and outputs security recommendations. We have designed it to run as a standalone command or integrated it into your existing CI/CD pipeline to avoid dangerous configurations, such as unwillingly disabling the TLS, setting excessive timeouts, unprotected endpoints, or similar scenarios. You can get v2.

Continue reading →

The new KrakenD version 2.1.4 is now available. This patch version does not bring significant new functionality but updates dependencies that have security vulnerabilities and adds a few fixes: [security]: Upgrade from Go 1.19.3 to Go 1.19.5, which includes security fixes to the net/http, crypto/x509, and os packages amongst others. [fix]: Caching backends with gzipped content wasn’t working properly [fix]: Upgraded the gin router to avoid panics on certain 404 paths.

Continue reading →

The new KrakenD version 2.1.3 is now available. This patch version does not bring new API Gateway functionality but adds support for ARM64 and other improvements. What’s changed in v2.1.3 vs 2.1.2 This version includes the following changes: Architectures: Now officially supporting ARM64 architectures, releasing new Docker containers and packages. A new flag, hide_version_header, placed in the router settings, allows obfuscating the X-Krakend-Version header. Performance improvement on Lambda usage Bugfix: Return a 400 status code when the body is empty or a malformed JSON (thanks to @efcasado Bugfix: Reject requests with special chars in the params (@Lura)

Continue reading →

The Spanish National Cybersecurity Institute (INCIBE) announces today the addition of KrakenD as a CNA (CVE Numbering Authority). KrakenD assumes as its own, from this date, the best practices of this program. KrakenD is now authorized by the CVE Program to assign CVE identifiers within its scope and its corresponding publication in the CNA section. Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritize and address the vulnerabilities.

Continue reading →

A new patch version KrakenD 2.1.2 is available to download page. This release fixes a bug while parsing placeholders in endpoint. What’s changed in v2.1.2 vs 2.1.1 This patch version includes the following changes: Bugfix: Some requests sent to backend don’t have the parameters replaced from the client URL

Continue reading →

A new patch version KrakenD 2.1.1 is available to download page. In addition to the patch, we have created a new plugin-builder Docker image for those who compile custom plugins. What’s changed in v2.1.1 vs 2.1.0 This patch version includes the following changes: Bot detector: Avoid aborting with an error by @taik0 (changelog) krakend check: Configs should be able to have 0 endpoints. by @taik0 (changelog) Influx: Logs normalized by @kpacha (changelog) Json Schema: validate schema definitions and reuse schema by @moritzploss (changelog) JOSE: Add cacheDuration by @mguay22 JOSE: use a sempahore to orchestrate the concurrent warm up of the JWK caches by @kpacha (changelog) Lambda: AWS SDK version update by @boris154 (changelog) Lua: deps updated so error messages can contain the : char by @kpacha (changelog) Martian: Replace the header.

Continue reading →

The KrakenD team is pleased to announce the release of KrakenD 2.1. You can get it packaged from the download page. KrakenD 2.1 brings a new ready-to-use Kibana dashboard, an updated Grafana Dashboard for InfluxDB v2 and more features and bugfixes described below: New features: Added a krakend version command that outputs the KrakenD, Go, and Glibc versions. Added allow_insecure_connections flag to ease development stages that use self-signed certificates. Easier logging to disk or remote server logging via the configurable syslog facility Customizable response body for 404 and 405 errors Added context propagation between Handler plugins and KrakenD Client plugins (router gin 1.

Continue reading →

Barcelona, September 19th 2022.- KrakenD announces today the partnership with Child Rescue Coalition. Child Rescue Coalition (CRC) is a nonprofit organization whose mission is to rescue children from sexual abuse by building technology for law enforcement to track, arrest and prosecute child predators. KrakenD has donated an unlimited commercial license (KrakenD Enterprise) to CRC to help them build and scale their APIs-oriented technological platform. CRC has contributed to rescuing more than 3,200 children from sexual exploitation and abuse.

Continue reading →

BARCELONA, Spain — April 7, 2022 KrakenD today announced the availability of KrakenD API Gateway in the Microsoft Azure Marketplace, an online store providing applications and services for use on Microsoft Azure. KrakenD customers can now take advantage of the scalability, high availability, and security of Azure, with streamlined deployment and management. The KrakenD API Gateway serves as a unified interface for managing incoming API requests and connecting to the correct destination, while supporting functionalities across security, authorization, traffic management, observability, and load balancing, among other services.

Continue reading →