Anypoint Flex Gateway Release Notes


October 31, 2022

MuleSoft announces the release of Anypoint Flex Gateway 1.3.0.

What’s New

  • Flex Gateway now supports the following deployment targets:

    • Amazon Linux 2

    • CentOS 8

    • RHEL 8

    • RHEL 9

    • OpenShift 4.8 or greater

  • Policies now support execution ordering in Local Mode via a new spec.order field in the PolicyBinding resource.

  • OAuth 2.0 Token Introspection Policy

  • Flex Gateway now supports inbound mutual authentication TLS (mTLS) via new requireClientCertificate and trustedCA fields in the PolicyBinding resource.

Fixed Issues

Issue ID

Flex Gateway no longer crashes due to invalid status codes when collecting metrics or when using the HTTP Caching Policy.


Rate Limit Policy no longer fails when using reserved URL characters with selectors.



September 28, 2022

MuleSoft announces the release of Anypoint Flex Gateway 1.2.0.

What’s New

  • Rate Limit and Rate Limit SLA policies can now be used in a distributed environment.

  • HTTP Caching and LDAP policies performance is improved.

  • Envoy is updated to version v1.23.0.

  • Flex Gateway now supports port sharing across different API instances.

Fixed Issues

Issue ID

The Prefix path type now works correctly in Kubernetes Ingress mode.


Missing permissions errors no longer occur when using Flex in Kubernetes Ingress mode.



Jul 31, 2022

MuleSoft announces the release of Anypoint Flex Gateway 1.1.0, which includes enhancements to the registration experience, and support for new policies.



  • The Flex Gateway registration experience has been simplified.

    The enhancements are backward compatible - the previous way to run Flex Gateway is supported.

    For information about migrating to the new registration flow, refer to Registering and Running Flex Gateway in Connected Mode.

  • Added the ability to delete Flex Gateways via Runtime Manager. Refer to Delete a Flex Gateway.

  • Flex Gateway has new limits - a maximum of 200 APIs are now allowed in a Flex Gateway.

    The logs display the following error when a deployment fails due to exceeding the API limit: limit of 200 API instances has already been reached.

  • Logging improvements:

    • On startup, logs show [flex-gateway-agent][info] Gateway: Platform=https://anypoint.mulesoft.com OrgID=[org_id] EnvID=[env_id] Name=[name] Mode=offline ReplicaName=[replica_name].[namespace]

    • Logs generated by policies now indicate the policy name and the associated API identifier.

    • API logs are available for each API deployed in API Manager for 30 Days or 100MB.

Fixed issues

  • Flex Gateway now updates after changing a value in the Configuration resource. For example, adding quotes in a field: port: 443 to port: "443".

  • Fixed issue with Flex Gateway stopping when enabling/disabling policies in connected mode.

  • Fixed issue with attributes.queryString DataWeave expression returning null instead of the query string attribute.

  • Logs generated from certain policies now include a reference to the policy generating the log.

Known Issues

  • When the 200 APIs limit is reached, no message errors are displayed in API Manager. Error information is only available in the Flex Gateway logs.


Jun 16, 2022


  • Added distribution packages for Ubuntu Jammy.

Fixed issues

  • Fixed crash when PolicyBinding.spec.targetRef.selector was set to null.

  • Support resource-level policies with and without slash as a starting character.

  • Startup errors are logged less frequently when internal metrics are not ready to be sent. The "Failed to push internal metrics: http_connector: metrics service not available" Fluent Bit setup error appears less frequently.

  • Access to runtime properties are now cached, improving Flex reliability on long uninterrupted executions. A known issue has been identified and is described below with a workaround.

  • Fixed typo in payload response for rejected requests in rate limiting policies. "Too many request" was changed to "Too many requests".

Known Issues

  • In low-traffic environments, after disabling/enabling a policy and waiting ten minutes without applying/unapplying other policies, the next rejected request forces Flex Gateway to stop.

    Workaround: Remove the policy instead of disabling it.

    The issue does not occur when enabling and disabling the following policies: Client ID Enforcement, Open Id, JWT Validation and Rate Limiting - SLA based.

  • After disabling and then enabling a policy, the monitoring suite stops receiving data. The following message appears: "got policy violation but could not fetch policy ids context".

    Workaround: Remove the policy instead of disabling it.


May 2, 2022

MuleSoft announces the release of Anypoint Flex Gateway 1.0.0.

Flex Gateway is an ultrafast API gateway designed to manage and secure APIs running anywhere. Built to seamlessly integrate with DevOps and CI/CD workflows, Flex Gateway delivers the performance required for the most demanding applications and microservices, while providing enterprise security and manageability across any environment.

See the Anypoint Flex Gateway documentation for more information about Flex Gateway.

Known Issues

  • Flex Gateway does not support adding APIs in the design environment. Use the sandbox or your production environment to add APIs.

  • When you apply the Rate Limiting policy to a Flex Gateway, the APIs are scoped to replicas and not to the gateway.

  • The Rate Limiting policy has a 24-day limit restriction.

    For Rate Limiting in Connected Mode, the maximum windows size is 24 days. There is no window size limitation in Local Mode.

  • TLS configuration is currently supported at the API Gateway level and not at the API instance level.


Flex Gateway is supported on x86_64 and AMD64.

Was this article helpful? Thanks for your feedback!