Policies making external HTTP requests now include a User-Agent
header.
Anypoint Flex Gateway Release Notes
1.5.2
August 30, 2023
MuleSoft announces the release of Anypoint Flex Gateway 1.5.2.
Fixed Issues
Issue Resolution | ID |
---|---|
W-13824390 |
|
Upgrading Flex Gateway in a VM now correctly upgrades policies. |
W-13837035 |
Downloading custom policies no longer fails when a forwarding proxy is used. |
W-13887045 |
Fixed vulnerabilities detected by security scanners. |
W-13804226 |
The Header Removal policy can now remove the |
W-1393110 |
Flex Gateway now supports configuring |
W-13952107 |
1.5.0
July 20, 2023
MuleSoft announces the release of Anypoint Flex Gateway 1.5.0.
What’s New
-
Flex Gateway now supports conditional API routing from one proxy to multiple endpoints.
-
Flex Gateway now supports TLS for Redis-based shared storage.
-
Flex Gateway now supports the Podman container runtime.
-
Fluent Bit is now updated to version 2.0.9.
-
Envoy is now updated to version 1.25.2.
-
Schema Validation policy now generates more verbose logs to help with troubleshooting.
-
Schema Validation policy now shows meaningful information on the response after schema validation failure.
-
Schema Validation policy now resolves references (
$ref
) in schemas, up to a 10-level depth.
Fixed Issues
Issue Resolution | ID |
---|---|
API Manager now correctly shows message logs for Flex Gateway running in Connected Mode. |
W-12658860 |
Resource creation no longer fails due to a name length error for Flex Gateway running in Connected Mode. |
W-12667439 |
The JSON Threat Protection policy no longer considers valid JSON payloads invalid. |
W-12594181,W-12594229 |
API Manager and Monitoring Center now correctly format message logs for Flex Gateway running in Connected Mode. |
W-12637178 |
Flex dump now includes Service policies. |
W-12736424 |
OAS schema is now downloaded once. |
W-12636298 |
Schema Validation Policy now returns a JSON response on failure. |
W-12740457 |
Schema Validation Policy headers and query parameters validation is now case insensitive. |
W-12636158 |
Rate Limiting: SLA-Based Policy now refreshes tiers correctly. |
W-12651022 |
Flex Gateway no longer fails after deleting an API Instance with applied policies in Connected Mode. |
W-11731962 |
The PolicyBinding |
W-12347158 |
The Fluent Bit default buffer size has been increased. |
W-12489632 |
ALPN is now respected when establishing a TLS connection to upstream services. |
W-12285581 |
Ingress classes are now respected by the |
W-12726534 |
Already applied deployments from Connected Mode are no longer reprocessed. |
W-12727484 |
OpenID Connect OAuth 2.0 Token Enforcement Policy no longer fails on token validation when used with a REST API in Connected Mode. |
W-13091548 |
Flex Gateway no longer initiates a new connection when deployment parsing fails. |
W-13039766 |
Flex Gateway no longer creates multiple replicas in Runtime Manager when there are changes in the networking configuration. |
W-12976264 |
Flex Gateway pods in Kubernetes no longer freeze if the process crashes. |
W-12289578 |
Schema Validation Policy no longer throws an invalid bad request error when another API is updated on the same port. |
W-13081833, W-13080942 |
Flex Gateway no longer crashes due to a memory leak in Fluent Bit. |
W-13071770 |
Forward Proxy with outbound TLS policies no longer crashes. |
W-13498787 |
JWT Validation policy no longer fails when using a token with the |
W-13074446 |
Schema Validation policy no longer floods logs when failing to parse a specification. |
W-12636271 |
Schema Validation policy no longer fails to match the correct path when similar paths are defined. |
W-13599735 |
Schema Validation policy now correctly handles encoded paths and parameters. |
W-13599735 |
Schema Validation policy now avoids re-fetching of specifications when possible. |
W-13217895 |
Schema Validation policy no longer rejects requests with content types containing properties. |
W-13639309 |
CORS policy now allows the |
W-13603025 |
Flex Gateway stops properly after the exit signal is received if the registration file is missing or incorrect. |
W-13636262 |
Custom policies in Connected Mode no longer fail with "invalid character '<' looking for beginning of value". |
W-13736558 |
1.4.5
June 22, 2023
MuleSoft announces the release of Anypoint Flex Gateway 1.4.5.
What’s New
-
Schema Validation policy now generates more verbose logs to help with troubleshooting.
-
Schema Validation policy now shows meaningful information on the response after schema validation failure.
-
Schema Validation policy now resolves references (
$ref
) in schemas, up to a 10-level depth.
Fixed Issues
Issue Resolution | ID |
---|---|
Forward Proxy with outbound TLS policies no longer crashes. |
W-13498787 |
JWT Validation policy no longer fails when using a token with the |
W-13074446 |
Schema Validation policy no longer floods logs when failing to parse a specification. |
W-12636271 |
Schema Validation policy no longer fails to match the correct path when similar paths are defined. |
W-13599735 |
Schema Validation policy now correctly handles encoded paths and parameters. |
W-13599735 |
Schema Validation policy now avoids re-fetching of specifications when possible. |
W-13217895 |
Schema Validation policy no longer rejects requests with content types containing properties. |
W-13639309 |
CORS policy now allows the |
W-13603025 |
Flex Gateway stops properly after the exit signal is received if the registration file is missing or incorrect. |
W-13636262 |
1.4.4
May 03, 2023
MuleSoft announces the release of Anypoint Flex Gateway 1.4.4.
What’s New
-
Fluent Bit is now updated to version 1.8.15.
-
Flex Gateway now configures a liveness probe in Kubernetes deployments.
-
Flex Gateway now supports the PROXY Protocol.
-
Flex Gateway now supports configuring an
IngressClass
to manageIngress
resources in Kubernetes. -
Disconnected replicas now display in the Runtime Manager UI for seven days.
-
The Flex Gateway Helm chart now uses the new HorizontalPodAutoscaler apiVersion (
autoscaling/v2
) in supported Kubernetes releases. -
Anypoint Platform CLI 4.x now supports automating Flex Gateway workflows for all Flex Gateway versions.
Fixed Issues
Issue Resolution | ID |
---|---|
The Fluent Bit default buffer size has been increased. |
W-12489632 |
ALPN is now respected when establishing a TLS connection to upstream services. |
W-12285581 |
Ingress classes are now respected by the |
W-12726534 |
Already applied deployments from Connected Mode are no longer reprocessed. |
W-12727484 |
OpenID Connect OAuth 2.0 Token Enforcement Policy no longer fails on token validation when used with a REST API in Connected Mode. |
W-13091548 |
Flex Gateway no longer initiates a new connection when deployment parsing fails. |
W-13039766 |
Flex Gateway no longer creates multiple replicas in Runtime Manager when there are changes in the networking configuration. |
W-12976264 |
Flex Gateway pods in Kubernetes no longer freeze if the process crashes. |
W-12289578 |
Schema Validation Policy no longer throws an invalid bad request error when another API is updated on the same port. |
W-13081833, W-13080942 |
Flex Gateway no longer crashes due to a memory leak in Fluent Bit. |
W-13071770 |
1.4.3
April 05, 2023
Fixed Issues
Issue Resolution | ID |
---|---|
Flex dump now includes Service policies. |
W-12736424 |
OAS schema is now downloaded once. |
W-12636298 |
Schema Validation Policy now returns a JSON response on failure. |
W-12740457 |
Schema Validation Policy headers and query parameters validation is now case insensitive. |
W-12636158 |
Rate Limiting: SLA-Based Policy now refreshes tiers correctly. |
W-12651022 |
Flex Gateway no longer fails after deleting an API Instance with applied policies in Connected Mode. |
W-11731962 |
The PolicyBinding |
W-12347158 |
1.4.2
March 15, 2023
Fixed Issues
Issue Resolution | ID |
---|---|
API Manager now correctly shows message logs for Flex Gateway running in Connected Mode. |
W-12658860 |
Resource creation no longer fails due to a name length error for Flex Gateway running in Connected Mode. |
W-12667439 |
The JSON Threat Protection policy no longer considers valid JSON payloads invalid. |
W-12594181,W-12594229 |
API Manager and Monitoring Center now correctly format message logs for Flex Gateway running in Connected Mode. |
W-12637178 |
1.4.0
February 22, 2023
MuleSoft announces the release of Anypoint Flex Gateway 1.4.0.
What’s New
-
Health Check policy for monitoring API upstream services
See the Health Check policy for more information.
-
Policy execution order in Connected Mode
See Reordering Policies for more information.
-
Forward proxy support:
-
Configure TLS and mTLS contexts in Connected Mode.
See Configuring TLS Context for Flex Gateway in Connected Mode for more information.
-
Configure mTLS for API proxies to upstream services:
Fixed Issues
Issue | ID |
---|---|
Requests with invalid upstream TLS certificates no longer automatically succeed. These requests will now result in 5xx errors. Add |
W-12526058 |
Configuring |
W-12175284 |
1.3.0
October 31, 2022
MuleSoft announces the release of Anypoint Flex Gateway 1.3.0.
What’s New
-
Flex Gateway now supports the following deployment targets:
-
Amazon Linux 2
-
CentOS 8
-
RHEL 8
-
RHEL 9
-
OpenShift 4.8 or greater
-
-
Policies now support execution ordering in Local Mode via a new
spec.order
field in thePolicyBinding
resource. -
OAuth 2.0 Token Introspection Policy
-
Flex Gateway now supports inbound mutual authentication TLS (mTLS) via new
requireClientCertificate
andtrustedCA
fields in thePolicyBinding
resource.
1.2.0
September 28, 2022
MuleSoft announces the release of Anypoint Flex Gateway 1.2.0.
What’s New
-
Rate Limit and Rate Limit SLA policies can now be used in a distributed environment.
See Rate Limit Policy and Rate Limit SLA Policy.
-
HTTP Caching and LDAP policies performance is improved.
-
Envoy is updated to version v1.23.0.
-
Flex Gateway now supports port sharing across different API instances.
1.1.0
Jul 31, 2022
MuleSoft announces the release of Anypoint Flex Gateway 1.1.0, which includes enhancements to the registration experience, and support for new policies.
Policies
-
Distributed support for the HTTP Caching policy and Shared Storage configuration.
-
Support for the
ES256
signature algorithm in the JWT Validation policy.
Enhancements
-
The Flex Gateway registration experience has been simplified.
The enhancements are backward compatible - the previous way to run Flex Gateway is supported.
For information about migrating to the new registration flow, refer to Registering and Running Flex Gateway in Connected Mode.
-
Added the ability to delete Flex Gateways via Runtime Manager. Refer to Delete a Flex Gateway.
-
Flex Gateway has new limits - a maximum of 200 APIs are now allowed in a Flex Gateway.
The logs display the following error when a deployment fails due to exceeding the API limit:
limit of 200 API instances has already been reached
. -
Logging improvements:
-
On startup, logs show
[flex-gateway-agent][info] Gateway: Platform=https://anypoint.mulesoft.com OrgID=[org_id] EnvID=[env_id] Name=[name] Mode=offline ReplicaName=[replica_name].[namespace]
-
Logs generated by policies now indicate the policy name and the associated API identifier.
-
API logs are available for each API deployed in API Manager for 30 Days or 100MB.
-
Fixed issues
-
Flex Gateway now updates after changing a value in the
Configuration
resource. For example, adding quotes in a field:port: 443
toport: "443"
. -
Fixed issue with Flex Gateway stopping when enabling/disabling policies in connected mode.
-
Fixed issue with
attributes.queryString
DataWeave expression returning null instead of the query string attribute. -
Logs generated from certain policies now include a reference to the policy generating the log.