The severity level of the Details are not recognized as violation
message is decreased from WARN
to DEBUG
.
Anypoint Flex Gateway Release Notes
1.8.1
September 27, 2024
MuleSoft announces the release of Anypoint Flex Gateway 1.8.1.
What’s New
-
The External Authorization policy now provides the Failure mode allow, Max message timeout, and Allow mode override parameters to further configure Flex Gateway’s communication with the external authorization service.
-
The Flex Gateway documentation now provides Flex Gateway limits outlining Flex Gateway specifications for information such as max APIs per gateway, contracts per API, and request header payload size.
See Limits.
Fixed Issues
Issue Resolution | ID |
---|---|
W-15844673 |
|
Vulnerabilities detected by scanners are now fixed. |
W-16844648 |
1.8.0
August 14, 2024
MuleSoft announces the release of Anypoint Flex Gateway 1.8.0.
What’s New
-
Flex Gateway now provides a readiness probe to ensure that a Flex Replica is configured correctly and ready for incoming traffic. Use the readiness probe to enable external entities, such as load balancers, to perform gateway health checks to ensure traffic only reaches healthy gateways.
-
The Flex Gateway documentation now provides architecture diagrams detailing best practices for multiple-region, high availability, and disaster recovery deployments.
-
Flex Gateway deployments deployed in Docker containers are now distroless images. Distroless images improve security by only containing the essential runtime components to reduce potential attack surface.
-
The JWT Validation Policy now supports multiple JWKS servers.
-
The Mastering API Integration: Salesforce, Heroku, and MuleSoft Anypoint Flex Gateway blog provides details for running Flex Gateway on the Heroku platform.
-
Fluent Bit is now updated to version 3.0.6.
-
Flex Gateway no longer supports Ubuntu Bionic, Debian Buster, and RHEL 8.
Fixed Issues
Issue Resolution | ID |
---|---|
Flex Gateway now enables you to remove the |
W-13961645 |
Flex Gateway no longer fails to download assets from Anypoint Platform after an upgrade or downgrade. |
W-15665983 |
Flex Gateway no longer fails to start after an upgrade on RPM-based systems. |
W-16285842 |
The JSON Threat Protection policy no longer fails on Windows systems when the payload contains escape characters. |
W-16124513 |
1.7.2
August 27, 2024
MuleSoft announces the release of Anypoint Flex Gateway 1.7.2.
Fixed Issues
Issue Resolution | ID |
---|---|
Vulnerabilities detected by scanners are now fixed. |
W-16188012 |
The JSON Threat Protection policy no longer fails on Windows systems when the payload contains escape characters. |
W-16124513 |
Flex Gateway no longer crashes when an API instance name exceeds the 50 character limit. |
W-15941334 |
1.7.1
June 26, 2024
MuleSoft announces the release of Anypoint Flex Gateway 1.7.1.
What’s New
-
Flex Gateway now supports SUSE Linux Enterprise 15 for
x86_64
and IBM PowerPC (ppc64le
) architectures.For more information, refer to Downloading Flex Gateway.
-
The Message Logging policy now supports additional DataWeave expressions.
For more information, refer to Message Logging Policy DataWeave Support.
-
Configure the
FLEX_FORWARD_CLIENT_CERT_DETAILS
environment variable to handlex-forwarded-client-cert
(XFCC) HTTP headers. Possible values include the following strings:-
SANITIZE
-
FORWARD_ONLY
-
APPEND_FORWARD
-
SANITIZE_SET
-
ALWAYS_FORWARD_ONLY
The
FLEX_FORWARD_CLIENT_CERT_DETAILS
environment variable configuration applies to all API instances.For more information, refer to Envoy documentation.
-
Fixed Issues
Issue Resolution | ID |
---|---|
Flex Gateway certificate renewal command no longer fails. |
W-15870723 |
Flex Gateway no longer fails when an upstream uses the |
W-15666251 |
Vulnerabilities detected by scanners are now fixed. |
W-15895967 |
Flex Gateway running in Connected Mode no longer fails if an asset name is too long. |
W-15941334 |
The severity level of the |
W-15844673 |
Flex Gateway no longer supports the TLS_RSA_WITH_NULL_SHA cipher because Envoy stopped supporting the cipher. |
W-16151550 |
1.7.0
May 6, 2024
MuleSoft announces the release of Anypoint Flex Gateway 1.7.0.
What’s New
-
Flex Gateway now supports RHEL 9 for IBM PowerPC (
ppc64le
) architecture.For more information, refer to Downloading Flex Gateway.
-
Flex Gateway now supports Debian Bookworm and Amazon Linux 2023.
-
Flex Gateway no longer supports Amazon Linux 2.
-
Flex Gateway now supports the following container orchestration services:
-
Amazon Elastic Container Service (Amazon ECS)
-
Azure Container Service (ACS)
-
Google Cloud Run
-
AWS Fargate
-
-
The
flexctl check connections
command enables debugging issues with network and registration.For more information, refer to Troubleshoot Platform Connections.
-
The
flexctl check http
command enables client URL requests.For more information, refer to Troubleshooting Request Connection.
-
External Authorization policy now supports configuring upstream headers and timeouts.
-
Envoy is now updated to version 1.29.3.
-
Fluent Bit is now updated to version 2.0.11.
Fixed Issues
Issue Resolution | ID |
---|---|
Flex Gateway now sends logs under Anypoint Platform downtime conditions. |
W-14899674 |
Flex Gateway now sets the log lines date correctly in VMs. |
W-14659532 |
OAuth policy no longer fails to initialize in the ABI WASM. |
W-14388776 |
Client ID Enforcement policy no longer uses a different shared data partition when a new policy instance is added. |
W-14584415 |
HTTP Caching policy no longer generates a duplicate serialization. |
W-14557325 |
OAS policy no longer tries to deserialize non-YAML or non-JSON files. |
W-15243907 |
Flex Gateway no longer fails when the same TLS context is used for inbound and outbound requests. |
W-14328663 |
The default connection timeout is now increased to 5 seconds. |
W-14865784 |
Vulnerabilities detected by scanners are now fixed. |
W-14856151 |
The performance of config processing is improved. |
W-14821830 |
Flex Gateway now properly handles removed contracts. |
W-14920631 |
Schema Validation policy now returns a 404 status code for resources that do not exist in the API specification. |
W-14801480 |
Rate Limit policy defined using a Selector in Local Mode no longer applies an incorrect quota when matching multiple APIs. |
W-13797100 |
Message Logging policy now attempts to parse messages using Windows-1252 charset if it fails to parse messages as UTF-8. |
W-14801403 |
Flex Gateway now blocks traffic when a policy can’t be applied. |
W-14669249 |
Fixed vulnerabilities detected by security scanners. |
W-14686172 |
Flex Gateway now prevents files from being automatically deleted during OS cleanup. |
W-14583807 |
The |
W-11194730 |
Healthcheck policy no longer fails if Flex Gateway is installed on a namespace other than |
W-14506137 |
OAS policy no longer fails when attempting to define an |
W-14496441 |
Healthcheck and JWT Validation policies no longer use HTTP for external requests when on TLS. |
W-14389347 |
Logging policy now correctly handles DataWeave expressions with variables returning |
W-14423354 |
Header Removal policy is now able to remove the |
W-14417832 |
Logging policy no longer fails when trying to print a log with non-utf8 characters. |
W-14707180 |
Flex Gateway now force-kills Fluent Bit ten seconds after a term signal is sent. |
W-14189688 |
Flex Gateway no longer sends empty log lines to the platform. |
W-14658813 |
Flex Gateway no longer supports the TLS_RSA_WITH_NULL_SHA cipher because Envoy stopped supporting the cipher. |
W-16151550 |
1.6.2
February 29, 2024
MuleSoft announces the release of Anypoint Flex Gateway 1.6.2.
What’s New
-
Flex Gateway now supports Debian Bookworm.
Fixed Issues
Issue Resolution | ID |
---|---|
The default connection timeout is now increased to 5 seconds. |
W-14865784 |
Vulnerabilities detected by scanners are now fixed. |
W-14856151 |
The performance of config processing is improved. |
W-14821830 |
Flex Gateway now properly handles removed contracts. |
W-14920631 |
Schema Validation policy now returns a 404 status code for resources that do not exist in the API specification. |
W-14801480 |
Rate Limit policy defined using a Selector in Local Mode no longer applies an incorrect quota when matching multiple APIs. |
W-13797100 |
Message Logging policy now attempts to parse messages using Windows-1252 charset if it fails to parse messages as UTF-8. |
W-14801403 |
Flex Gateway no longer crashes when configuring the External Authentication policy’s Allowed headers parameter. |
W-15058123 |
1.6.1
January 10, 2024
MuleSoft announces the release of Anypoint Flex Gateway 1.6.1.
Fixed Issues
Issue Resolution | ID |
---|---|
Flex Gateway now blocks traffic when a policy cannot be applied. |
W-14669249 |
Fixed vulnerabilities detected by security scanners. |
W-14686172 |
Flex Gateway now prevents files from being automatically deleted during OS cleanup. |
W-14583807 |
The |
W-11194730 |
Healthcheck policy no longer fails if Flex Gateway is installed on a namespace other than |
W-14506137 |
OAS policy no longer fails when attempting to define an |
W-14496441 |
Healthcheck and JWT Validation policies no longer use HTTP for external requests when on TLS. |
W-14389347 |
Logging policy now correctly handles DataWeave expressions with variables returning |
W-14423354 |
Header Removal policy is now able to remove the |
W-14417832 |
Logging policy no longer fails when trying to print a log with non-utf8 characters. |
W-14707180 |
Flex Gateway now force-kills Fluent Bit ten seconds after a term signal is sent. |
W-14189688 |
Flex Gateway no longer sends empty log lines to the platform. |
W-14658813 |
1.6.0
November 29, 2023
MuleSoft announces the release of Anypoint Flex Gateway 1.6.0.
What’s New
-
A Flex Gateway instance now supports 600 APIs.
-
The certificate that Flex Gateway uses to connect to Anypoint Platform expires January 15th, 2024. You can ensure the continued operation of your applications by renewing registration. Flex Gateway now includes two CLI commands:
-
To renew your registration, use
flexctl registration renew
. -
To verify (inspect) the status of your registration certificate, use
flexctl registration inspect
.
For information about these CLI commands, refer to Renewing Flex Gateway Registration.
-
-
You can now configure Flex Gateway to send formatted runtime and access logs to a Dynatrace environment
HTTP
output.-
For Flex Gateway running in Connected Mode, refer to Configuring Flex Gateway Log Output for Third-Party Services.
-
For Flex Gateway running in Local Mode, refer to Configuring External Logs for Flex Gateway in Local Mode.
-
-
You can now configure connection idle timeout through the
FLEX_CONNECTION_IDLE_TIMEOUT_SECONDS
environment variable. -
Envoy is now updated to version 1.25.16.
-
Flex Gateway now supports configuring shared storage with Redis Sentinel.
For Flex Gateway running in Connected Mode, refer to Configuring Shared Storage for Flex Gateway in Connected Mode.
For Flex Gateway running in Local Mode, refer to Configuring Shared Storage for Flex Gateway in Local Mode.
-
You can now disable log forwarding to Anypoint Platform via the
logging.runtimeLogs.outputs.default
andlogging.accessLogs.outputs.default
options in theConfiguration
resource.For more information, refer to Disabling Flex Gateway Log Output to Anypoint Platform.
-
Flex Gateway now supports forwarding incoming client HTTP requests to an external authentication service.
For more information, refer to External Authorization Policy
-
Flex Gateway now supports forwarding HTTP requests or responses to an external gRPC service, for applying transformations.
For more information, refer to External Processing Policy
Fixed Issues
Issue Resolution | ID |
---|---|
Policies making external HTTP requests now include a |
W-13824390 |
Upgrading Flex Gateway in a VM now correctly upgrades policies. |
W-13837035 |
Downloading custom policies no longer fails when a forwarding proxy is used. |
W-13887045 |
Fixed vulnerabilities detected by security scanners. |
W-13804226 |
The Header Removal policy can now remove the |
W-1393110 |
Flex Gateway now supports configuring |
W-13952107 |
Flex Gateway no longer fails when a long regex is used in path matching. |
W-13969574 |
The Message Logging policy no longer freezes when the JSON payload is over a certain size. |
W-13873251 |
Flex Gateway now uses legacy DNS resolver in Fluent Bit to reduce timeout errors. |
W-14067930 |
Flex Gateway no longer fails due to corrupted Fluent Bit chunks. |
W-14111714 |
The Fluent Bit process now only restarts when required. |
W-14149240 |
The OAuth 2.0 Token Introspection policy no longer uses HTTP when on TLS and the authority now contains the port for external requests. |
W-14337518 |
To work with legacy systems, the JWT Validation policy now accepts floats for the |
W-14274716 |
The Header Removal policy is now able to remove the |
W-14262338 |
Flex Gateway now fails if an invalid regex is used while configuring routing conditions. |
W-13966293 |
Flex Gateway no longer fails when defining an invalid policies list in the |
W-14162165 |
Flex Gateway no longer experiences downtime with Redis when the Redis configuration is unchanged. |
W-13946014 |
Flex Gateway no longer fails when the Exchange asset name contains non-supported characters. |
W-12720868 |
Flex Gateway now correctly fails when using a non-supported |
W-13965772 |
1.5.4
November 08, 2023
MuleSoft announces the release of Anypoint Flex Gateway 1.5.4.
What’s New
-
You can now configure connection idle timeout through the
FLEX_CONNECTION_IDLE_TIMEOUT_SECONDS
environment variable. -
Envoy is now updated to version 1.25.3.
Fixed Issues
Issue Resolution | ID |
---|---|
The Fluent Bit process now only restarts when required. |
W-14149240 |
Vulnerabilities detected by security scanners are fixed. |
W-14355714 |
The OAuth 2.0 Token Introspection policy no longer uses HTTP when on TLS and the authority now contains the port for external requests. |
W-14337518 |
To work with legacy systems, the JWT Validation policy now accepts floats for the |
W-14274716 |
The Header Removal policy is now able to remove the |
W-14262338 |
The Message Logging policy no longer freezes when the JSON payload is over a certain size. |
W-13873251 |
Flex Gateway now fails if an invalid regex is used while configuring routing conditions. |
W-13966293 |
Flex Gateway no longer fails when defining an invalid policies list in the |
W-14162165 |
The |
W-14415582 |
Flex Gateway no longer experiences downtime with Redis when the Redis configuration is unchanged. |
W-13946014 |
1.5.3
October 04, 2023
MuleSoft announces the release of Anypoint Flex Gateway 1.5.3.
What’s New
-
The certificate that Flex Gateway uses to connect to Anypoint Platform expires January 15th, 2024. You can ensure the continued operation of your applications by renewing registration. Flex Gateway now includes two CLI commands:
-
To renew your registration, use
flexctl registration renew
. -
To verify (inspect) the status of your registration certificate, use
flexctl registration inspect
.
For information about these CLI commands, refer to Renewing Flex Gateway Registration.
-
-
You can now configure Flex Gateway to send formatted runtime and access logs to a Dynatrace environment
HTTP
output.-
For Flex Gateway running in Connected Mode, refer to Configuring Flex Gateway Log Output for Third-Party Services.
-
For Flex Gateway running in Local Mode, refer to Configuring External Logs for Flex Gateway in Local Mode.
-
Fixed Issues
Issue Resolution | ID |
---|---|
Flex Gateway no longer fails when a long regex is used in path matching. |
W-13969574 |
The Message Logging policy no longer freezes when the JSON payload is over a certain size. |
W-13873251 |
Flex Gateway now uses legacy DNS resolver in Fluent Bit to reduce timeout errors. |
W-14067930 |
Flex Gateway no longer fails due to corrupted Fluent Bit chunks. |
W-14111714 |
1.5.2
August 30, 2023
MuleSoft announces the release of Anypoint Flex Gateway 1.5.2.
Fixed Issues
Issue Resolution | ID |
---|---|
Policies making external HTTP requests now include a |
W-13824390 |
Upgrading Flex Gateway in a VM now correctly upgrades policies. |
W-13837035 |
Downloading custom policies no longer fails when a forwarding proxy is used. |
W-13887045 |
Fixed vulnerabilities detected by security scanners. |
W-13804226 |
The Header Removal policy can now remove the |
W-1393110 |
Flex Gateway now supports configuring |
W-13952107 |
1.5.1
July 24, 2023
MuleSoft announces the release of Anypoint Flex Gateway 1.5.1.
Fixed Issues
Issue Resolution | ID |
---|---|
Flex Gateway now correctly shows policy violations in Monitoring Center. |
W-13804327 |
1.5.0
July 20, 2023
MuleSoft announces the release of Anypoint Flex Gateway 1.5.0.
What’s New
-
Flex Gateway now supports conditional API routing from one proxy to multiple endpoints.
-
Flex Gateway now supports TLS for Redis-based shared storage.
-
Flex Gateway now supports the Podman container runtime.
-
Fluent Bit is now updated to version 2.0.9.
-
Envoy is now updated to version 1.25.2.
-
Schema Validation policy now generates more verbose logs to help with troubleshooting.
-
Schema Validation policy now shows meaningful information on the response after schema validation failure.
-
Schema Validation policy now resolves references (
$ref
) in schemas, up to a 10-level depth.
Fixed Issues
Issue Resolution | ID |
---|---|
API Manager now correctly shows message logs for Flex Gateway running in Connected Mode. |
W-12658860 |
Resource creation no longer fails due to a name length error for Flex Gateway running in Connected Mode. |
W-12667439 |
The JSON Threat Protection policy no longer considers valid JSON payloads invalid. |
W-12594181,W-12594229 |
API Manager and Monitoring Center now correctly format message logs for Flex Gateway running in Connected Mode. |
W-12637178 |
Flex dump now includes Service policies. |
W-12736424 |
OAS schema is now downloaded once. |
W-12636298 |
Schema Validation Policy now returns a JSON response on failure. |
W-12740457 |
Schema Validation Policy headers and query parameters validation is now case insensitive. |
W-12636158 |
Rate Limiting: SLA-Based Policy now refreshes tiers correctly. |
W-12651022 |
Flex Gateway no longer fails after deleting an API Instance with applied policies in Connected Mode. |
W-11731962 |
The PolicyBinding |
W-12347158 |
The Fluent Bit default buffer size has been increased. |
W-12489632 |
ALPN is now respected when establishing a TLS connection to upstream services. |
W-12285581 |
Ingress classes are now respected by the |
W-12726534 |
Already applied deployments from Connected Mode are no longer reprocessed. |
W-12727484 |
OpenID Connect OAuth 2.0 Token Enforcement Policy no longer fails on token validation when used with a REST API in Connected Mode. |
W-13091548 |
Flex Gateway no longer initiates a new connection when deployment parsing fails. |
W-13039766 |
Flex Gateway no longer creates multiple replicas in Runtime Manager when there are changes in the networking configuration. |
W-12976264 |
Flex Gateway pods in Kubernetes no longer freeze if the process crashes. |
W-12289578 |
Schema Validation Policy no longer throws an invalid bad request error when another API is updated on the same port. |
W-13081833, W-13080942 |
Flex Gateway no longer crashes due to a memory leak in Fluent Bit. |
W-13071770 |
Forward Proxy with outbound TLS policies no longer crashes. |
W-13498787 |
JWT Validation policy no longer fails when using a token with the |
W-13074446 |
Schema Validation policy no longer floods logs when failing to parse a specification. |
W-12636271 |
Schema Validation policy no longer fails to match the correct path when similar paths are defined. |
W-13599735 |
Schema Validation policy now correctly handles encoded paths and parameters. |
W-13599735 |
Schema Validation policy now avoids re-fetching of specifications when possible. |
W-13217895 |
Schema Validation policy no longer rejects requests with content types containing properties. |
W-13639309 |
CORS policy now allows the |
W-13603025 |
Flex Gateway stops properly after the exit signal is received if the registration file is missing or incorrect. |
W-13636262 |
Custom policies in Connected Mode no longer fail with "invalid character '<' looking for beginning of value". |
W-13736558 |