Kong Enterprise Changelog

0.31

Kong Enterprise 0.31 is shipped with all the changes present in Kong Community Edition 0.12.3, as well as with the following additions:

Changes

  • Galileo plugin is disabled by default in this version, needing to be explicitly enabled via the custom_plugins configuration
    • NOTE: If a user had the Galileo plugin applied in an older version and migrate to 0.31, Kong will fail to restart unless the user enables it via the custom_plugins configuration; however, it is still possible to enable the plugin per API or globally without adding it to custom_plugins
  • OpenID Connect plugin:
    • Change config.client_secret from required to optional
  • Change config.client_id from required to optional
  • If anonymous consumer is not found Internal Server Error is returned instead of Forbidden
  • Breaking Change - config.anonymous now behaves similarly to other plugins and doesn't halt execution or proxying (previously it was used just as a fallback for consumer mapping) and the plugin always needed valid credentials to be allowed to proxy if the client wasn't already authenticated by higher priority auth plugin
  • Anonymous consumer now uses a simple cache key that is used in other plugins
  • In case of auth plugins concatenation, the OpenID Connect plugin now removes remnants of anonymous

Fixes

  • Admin GUI

    • Remove deprecated orderlist field from Admin GUI Upstreams entity settings
    • Fix issue where Admin GUI would break when running Kong in a custom prefix
    • Fix issue where Healthchecks had a field typed as number instead of string.
    • Fix issue where Healthchecks form had incorrect default values.
    • Fix issue where table row text was overflowing and expanding the page.
    • Fix issue where notification bar in mobile view could have text overflow beyond the container.
    • Fix issue where deleting multiple entities in a list would cause the delete modal to not show.
    • Fix issue where cards on the dashboard were not evenly sized and spaced.
    • Fix issue where cards on the dashboard in certain widths could have text overflow beyond their container.
    • Fix issue where Array's on Plugin Entities were not being processed and sent to the Admin API.
    • Fix issue where Models were improperly handled when not updated and not sending default values properly.
    • Fix issue where Plugin lists were not displaying config object.
    • Fix issue where Kong was not processing SSL configuration for Admin GUI
  • OpenID Connect plugin

    • Fixed anonymous consumer mapping
  • Vitals

    • Correct the stats returned in the "metadata" attribute of the /vitals/consumers/:consumer_id/* endpoints
    • Correct a problem where workers get out of sync when adding their data to cache
    • Correct inconsistencies in chart axes when toggling between views or when Kong has no traffic
  • Proxy Cache

    • Fix issue that prevented cached requests from showing up in Vitals or Total Requests graphs
    • Fixes inherited from Kong Community Edition 0.12.3.

Features

  • Admin GUI

    • Add notification bar alerting users that their license is about to expire, and has expired.
    • Add new design to vitals overview, table breakdown, and a new tabbed chart interface.
    • Add top-level vitals section to the sidebar.
  • Requires migration - Vitals

    • New datastore support: Cassandra 2.1+
    • Support for averages for Proxy Request Latency and Upstream Latency
  • Requires migration - Dev Portal

    • Not-production-ready feature preview of:
    • "Public only" Portal - no authentication (eg. the portal is fully accessible to anyone who can access it)
    • Authenticated Portal - Developers must log in, and then they can see what they are entitled to see

0.30

Kong Enterprise 0.30 is shipped with all the changes present in Kong Community Edition 0.12.1, as well as with the following additions:

Notifications

  • EE 0.30 inherits dependency deprecation notices from CE 0.12. See the "Deprecation Notes" section of Kong 0.12.0 changelog
  • ⚠️ By default, the Admin API now only listens on the local interface. We consider this change to be an improvement in the default security policy of Kong. If you are already using Kong, and your Admin API still binds to all interfaces, consider updating it as well. You can do so by updating the admin_listen configuration value, like so: admin_listen = 127.0.0.1:8001.

  • 🔴 Note to Docker users: Beware of this change as you may have to ensure that your Admin API is reachable via the host's interface. You can use the -e KONG_ADMIN_LISTEN argument when provisioning your container(s) to update this value; for example, -e KONG_ADMIN_LISTEN=0.0.0.0:8001.

Changes

  • Renaming of Enterprise plugin

    • request-transformer becomes request-transformer-advanced
  • Rate-limiting plugin

    • Change default config.identifier in EE's from ip to consumer
  • Vitals

    • Aggregate minutes data at the same time as seconds data
    • Breaking Change: Replace previous Vitals API (part of the Admin API) with new version. Not backwards compatible.
    • Upgrading from Kong EE (0.29) will result in the loss of previous Vitals data
  • Admin GUI

    • Vitals chart settings stored in local storage
    • Improve vital chart legends
    • Change Make A Wish email to [email protected]
  • OpenID Connect Plugins

    • Change config.login_redirect_uri from string to array
    • Add new configuration parameters
    • config.authorization_query_args_client
    • config.client_arg
    • config.logout_redirect_uri
    • config.logout_query_arg
    • config.logout_post_arg
    • config.logout_uri_suffix
    • config.logout_methods
    • config.logout_revoke
    • config.revocation_endpoint
    • config.end_session_endpoint
  • OpenID Connect Library

    • Function authorization:basic now return as a third parameter, the grant type if one was found - previously, it returned parameter location in HTTP request
    • Issuer is no longer verified on discovery as some IdPs report different value (it is still verified with claims verification)

Added

  • New Canary Release plugin

  • Vitals

    • Addition of "node-specific" dimension for previously-released metrics (Kong Request Latency and Datastore Cache)
    • New metrics and dimensions:
    • Request Count per Consumer, by Node or Cluster
    • Total Request Count, by Node or Cluster
    • Upstream Latency (the time between a request being sent upstream by Kong, and the response being received by Kong), by Node or Cluster
    • All new metrics and dimensions accessible in Admin GUI and API
    • Important limitations and notifications:
    • PostgreSQL 9.5+ only - no Cassandra support yet
    • Upgrading from the previous version of Kong EE will result in all historic Vitals data being dropped
    • The previous Vitals API (which is part of the Admin API) is replaced with a new, better one (the old API disappears, and there is no backwards compatibility)
    • Proxy Cache
    • Implement Redis (stand-alone and Sentinel) caching of proxy cache entities
    • Enterprise Rate Limiting
    • Provide fixed-window quota rate limiting (which is essentially what the CE rate-limiting plugin does) in addition to the current sliding window rate limiting
    • Add hide_client_headers configuration to disable response headers returned by the rate limiting plugin
    • Admin GUI
    • Addition of "Form Control Grouping" for the new Upstream health-check configuration options.
    • Add Healthy or Unhealthy buttons for the new health-check functionality on Upstream Targets table.
    • Add Hostname and Hostname + Id reporting and labeling functionality to Vitals components.
    • Add Total Requests per Consumer chart to individual consumer pages.
    • Add Total Requests and Upstream Latency charts to the Vitals page.
    • Add information dialogs for vital charts next to chart titles.
    • Introduced Total Requests chart on Dashboard.
    • Automatically saves chart preferences and restores on reload.
    • OpenID Connect plugins
    • Support passing dynamic arguments to authorization endpoint from client
    • Support logout with optional revocation and RP-initiated logout
    • Features inherited from Kong Community Edition 0.12.0 - includes:
    • Health checks
    • Hash-based load balancing
    • Logging plugins track unauthorized and rate-limited requests
    • And more...

Fixed

  • Proxy Cache

    • Better handling of input configuration data types. In some cases configuration sent from the GUI would case requests to be bypassed when they should have been cached.
  • OAuth2 Introspection

    • Improved error handling in TCP/HTTP connections to the introspection server.
  • Vitals

    • Aggregating minutes at the same time as seconds are being written.
    • Returning more than one minute's worth of seconds data.
  • Admin GUI

    • Input type for Certificates is now a text area box.
    • Infer types based on default values and object type from the API Schema for Plugins.
  • Fixes inherited from Kong Community Edition 0.12.0.

Keep up with the latest features