Nav

API Gateway Runtime 2.1.2 Release Notes

API Gateway Rutime 2.2.1 includes bug fixes and the following enhancements:

  • Two new block definitions on the policies are defined: After and Before exception blocks.

    Similar to the functionality of HTTP after and before blocks, these blocks enhance the catch exception strategy of a flow without the need to modify it.

  • Increased security by upgrading Gatekeeper to v2.0.

    The enhancements include cluster support with improved performance, zero security gaps while the feature is in active mode, and small improvements in runtime startup when the feature is in active mode. Several corner cases have been fixed.

  • Several security risks are addressed, including XXe vulnerability.

  • Throttling algorithm improvements backported from v3.8.3. Old algorithm can be used instead of the new one by specifying the following system properties: throttling.compatibility_enabled

  • Performance improvements.

Compatibility

  • Mule ESB Runtime 3.7.3

  • APIkit 1.7.5

  • Anypoint Studio 5.4.3

  • Anypoint Runtime Manager 1.3.1

Enhancements

  • AGW-1041: Implement Gatekeeper synchronizing nodes through Hazelcast

  • AGW-1106: Add before-exception and after-exception injection points

  • AGW-958: Throttling/RateLimit - Migrate new algorithm to 2.2.x and 2.1.x.

Fixed in This Release

  • AGW-806: When on cluster, QuotaManager should be always located on primary node.

  • AGW-813: When using Basic Auth policy with JDK7 and TLSv1 disabled, user authentication fails.

  • AGW-835: Remove client secret from logs

  • AGW-836: External Token Policy fails in OpenAM when scopes are configured

  • AGW-869: Failed policies are not updated until runtime is restarted.

  • AGW-880: All policies are parsed for every deployed application

  • AGW-881: Log detailed policy application time per app and policy polling time.

  • AGW-883: Support Mule parallel app deployment

  • AGW-886: Moving client credentials logic to initialize breaks fast deploy.

  • AGW-904: Stop autodiscovery from updating API values.

  • AGW-911: Issue with 'api-platform-gw:api' and 'apikit:config'

  • AGW-919: Configure XML parsers to disable external entities.

  • AGW-934: Existing policies are not re-applied after stopping and starting the API.

  • AGW-936: Small insecurity window when deploying app with Gatekeeper enabled.

  • AGW-941: RejectedExecutionException when throttling on cluster after application restart.

  • AGW-942: Backport Get Policies per API feature.

  • AGW-944: No quota manager is defined when throttling on cluster.

  • AGW-1014: When trying to track an API and return code is not 200, policies of that API are deleted.