Skip to content

Latest commit

 

History

History
393 lines (280 loc) · 19.1 KB

3.7.0.md

File metadata and controls

393 lines (280 loc) · 19.1 KB

Kong

Performance

Performance

  • Improved proxy performance by refactoring internal hooking mechanism. #12784 KAG-3653

  • Sped up the router matching when the router_flavor is traditional_compatible or expressions. #12467 KAG-3653

Plugin

  • Opentelemetry: Increased queue max batch size to 200. #12488 KAG-3173

Breaking Changes

Plugin

  • AI Proxy: To support the new messages API of Anthropic, the upstream path of the Anthropic for llm/v1/chat route type has changed from /v1/complete to /v1/messages. #12699 FTI-5770

Dependencies

Core

Default

  • Added package tzdata to DEB Docker image for convenient timezone setting. #12609 FTI-5698

  • Bumped lua-resty-http to 0.17.2. #12908

  • Bumped LuaRocks from 3.9.2 to 3.11.0 #12662 KAG-3883

  • Bumped ngx_wasm_module to 91d447ffd0e9bb08f11cc69d1aa9128ec36b4526 #12011

  • Bumped V8 version to 12.0.267.17 #12704

  • Bumped Wasmtime version to 19.0.0 #12011

  • Improved the robustness of lua-cjson when handling unexpected input. #12904 KAG-4275

Features

Configuration

  • TLSv1.1 and lower versions are disabled by default in OpenSSL 3.x. #12420 KAG-3259

  • Introduced nginx_wasm_main_shm_kv configuration parameter, which enables Wasm filters to use the Proxy-Wasm operations get_shared_data and set_shared_data without namespaced keys. #12663

  • Schema: Added a deprecation field attribute to identify deprecated fields #12686 KAG-3915

  • Added the wasm_filters configuration parameter for enabling individual filters #12843 KAG-4211

Core

  • Added events:ai:response_tokens, events:ai:prompt_tokens and events:ai:requests to the anonymous report to start counting AI usage #12924

  • Improved config handling when the CP runs with the router set to the expressions flavor:

    • If mixed config is detected and a lower DP is attached to the CP, no config will be sent at all
    • If the expression is invalid on the CP, no config will be sent at all
    • If the expression is invalid on a lower DP, it will be sent to the DP and DP validation will catch this and communicate back to the CP (this could result in partial config application) #12967 KAG-3806
  • The route entity now supports the following fields when the router_flavor is expressions: methods, hosts, paths, headers, snis, sources, destinations, and regex_priority. The meaning of these fields are consistent with the traditional route entity. #12667 KAG-3805 KAG-3807

PDK

  • Added the latencies.receive property to the log serializer #12730 KAG-3798

Plugin

  • AI Proxy now reads most prompt tuning parameters from the client, while the plugin config parameters under model_options are now just defaults. This fixes support for using the respective provider's native SDK. #12903 KAG-4126

  • AI Proxy now has a preserve option for route_type, where the requests and responses are passed directly to the upstream LLM. This is to enable compatibility with any and all models and SDKs that may be used when calling the AI services. #12903 KAG-4126

  • Prometheus: Added workspace label to Prometheus plugin metrics. #12836 FTI-5573

  • AI Proxy: Added support for streaming event-by-event responses back to the client on supported providers. #12792 KAG-4124

  • AI Prompt Guard: Increased the maximum length of regex expressions to 500 for the allow and deny parameters. #12731 FTI-5767

  • Addded support for EdDSA algorithms in JWT plugin #12726

  • Added support for ES512, PS256, PS384, PS512 algorithms in JWT plugin #12638 KAG-3821

  • OpenTelemetry, Zipkin: The propagation module has been reworked. The new options allow better control over the configuration of tracing headers propagation. #12670 KAG-1886 KAG-1887

Default

  • Added support for debugging with EmmyLuaDebugger. This feature is a tech preview and not officially supported by Kong Inc. for now. #12899 KAG-4316

Fixes

CLI Command

  • Fixed an issue where the pg_timeout was overridden to 60s even if --db-timeout was not explicitly passed in CLI arguments. #12981 KAG-4416

Configuration

  • Fixed the default value in kong.conf.default documentation from 1000 to 10000 for the upstream_keepalive_max_requests option. #12643 KAG-3360

  • Fixed an issue where an external plugin (Go, Javascript, or Python) would fail to apply a change to the plugin config via the Admin API. #12718 KAG-3949

  • Disabled usage of the Lua DNS resolver from proxy-wasm by default. #12825 KAG-4277

  • Set security level of gRPC's TLS to 0 when ssl_cipher_suite is set to old. #12613 KAG-3259

Core

  • Fixed an issue where POST /config?flatten_errors=1 could not return a proper response if the input included duplicate upstream targets. #12797 KAG-4144

  • DNS Client: Ignore a non-positive values on resolv.conf for options timeout, and use a default value of 2 seconds instead. #12640 FTI-5791

  • Updated the file permission of kong.logrotate to 644. #12629 FTI-5756

  • Fixed a problem on hybrid mode DPs, where a certificate entity configured with a vault reference may not get refreshed on time. #12868 FTI-5881

  • Fixed the missing router section for the output of the request-debugging. #12234 KAG-3438

  • Fixed an issue in the internal caching logic where mutexes could get never unlocked. #12743

  • Fixed an issue where the router didn't work correctly when the route's configuration changed. #12654 KAG-3857

  • Fixed an issue where SNI-based routing didn't work using tls_passthrough and the traditional_compatible router flavor. #12681 KAG-3922 FTI-5781

  • Fixed a bug that X-Kong-Upstream-Status didn't appear in the response headers even if it was set in the headers parameter in the kong.conf file when the response was hit and returned by the Proxy Cache plugin. #12744 FTI-5827

  • Fixed vault initialization by postponing vault reference resolving on init_worker #12554 KAG-2907

  • Fixed a bug that allowed vault secrets to refresh even when they had no TTL set. #12877 FTI-5906 FTI-5916

  • Vault: do not use incorrect (default) workspace identifier when retrieving vault entity by prefix #12572 FTI-5762

  • Core: Fixed unexpected table nil panic in the balancer's stop_healthchecks function #12865

  • Use -1 as the worker ID of privileged agent to avoid access issues. #12385 FTI-5707

  • Plugin Server: Fixed an issue where Kong failed to properly restart MessagePack-based pluginservers (used in Python and Javascript plugins, for example). #12582 KAG-3765

  • Reverted the hard-coded limitation of the ngx.read_body() API in OpenResty upstreams' new versions when downstream connections are in HTTP/2 or HTTP/3 stream modes. #12658 FTI-5766 FTI-5795

  • Each Kong cache instance now utilizes its own cluster event channel. This approach isolates cache invalidation events and reducing the generation of unnecessary worker events. #12321 FTI-5559

  • Updated telemetry collection for AI Plugins to allow multiple plugins data to be set for the same request. #12583 KAG-3759 KAG-4124

PDK

  • PDK: Fixed kong.request.get_forwarded_port to always return a number, which was caused by an incorrectly stored string value in ngx.ctx.host_port. #12806 KAG-4158

  • The value of latencies.kong in the log serializer payload no longer includes the response receive time, so it now has the same value as the X-Kong-Proxy-Latency response header. Response receive time is recorded in the new latencies.receive metric, so if desired, the old value can be calculated as latencies.kong + latencies.receive. Note: this also affects payloads from all logging plugins that use the log serializer: file-log, tcp-log, udp-log,http-log, syslog, and loggly, e.g. descriptions of JSON objects for the HTTP Log Plugin's log format. #12795 KAG-3798

  • Tracing: enhanced robustness of trace ID parsing #12848 KAG-4218

Plugin

  • AI-proxy-plugin: Fixed the bug that the route_type /llm/v1/chat didn't include the analytics in the responses. #12781 FTI-5769

  • ACME: Fixed an issue where the certificate was not successfully renewed during ACME renewal. #12773 KAG-4008

  • AWS-Lambda: Fixed an issue where the latency attributed to AWS Lambda API requests was counted as part of the latency in Kong. #12835 FTI-5261

  • Jwt: Fixed an issue where the plugin would fail when using invalid public keys for ES384 and ES512 algorithms. #12724

  • Added WWW-Authenticate headers to all 401 responses in the Key Auth plugin. #11794 KAG-321

  • Opentelemetry: Fixed an OTEL sampling mode Lua panic bug, which happened when the http_response_header_for_traceid option was enabled. #12544 FTI-5742

  • Improve error handling in AI plugins. #12991 KAG-4311

  • ACME: Fixed migration of redis configuration. #12989 KAG-4419

  • Response-RateLimiting: Fixed migration of redis configuration. #12989 KAG-4419

  • Rate-Limiting: Fixed migration of redis configuration. #12989 KAG-4419

Admin API

  • Admin API: fixed an issue where calling the endpoint POST /schemas/vaults/validate was conflicting with the endpoint /schemas/vaults/:name which only has GET implemented, hence resulting in a 405. #12607 KAG-3699

Default

  • Fixed a bug where, if the the ulimit setting (open files) was low, Kong would fail to start as the lua-resty-timer-ng exhausted the available worker_connections. Decreased the concurrency range of the lua-resty-timer-ng library from [512, 2048] to [256, 1024] to fix this bug. #12606 KAG-3779 FTI-5780

  • Fix an issue where external plugins using the protobuf-based protocol would fail to call the kong.Service.SetUpstream method with an error bad argument #2 to 'encode' (table expected, got boolean). #12727

Kong-Manager

Features

Default

  • Kong Manager now supports creating and editing Expressions routes with an interactive in-browser editor with syntax highlighting and autocompletion features for Kong's Expressions language. #217

  • Kong Manager now groups the parameters to provide a better user experience while configuring plugins. Meanwhile, several issues with the plugin form page were fixed. #195 #199 #201 #202 #207 #208 #209 #213 #216

Fixes

Default