Tyk Dashboard 5.4 Release Notes

Last updated: 5 minutes read.

This page contains all release notes for version 5.4.X displayed in a reverse chronological order

Support Lifetime

Our minor releases are supported until our next minor comes out.


5.4.0 Release Notes

Release Date 2 July 2024

Breaking Changes

Attention: Please read this section carefully There are no breaking changes in this release.

Dependencies

Compatibility Matrix For Tyk Components

Dashboard Version Recommended Releases Backwards Compatibility
5.4.0 MDCB v2.6.0 MDCB v2.5.1
Operator v0.18 Operator v0.17
Sync v1.5.0 Sync v1.4.3
Helm Chart v1.5.0 Helm all versions
EDP v1.10.0 EDP all versions
Pump v1.10.0 Pump all versions
TIB (if using standalone) v1.5.1 TIB all versions

3rd Party Dependencies & Tools

Third Party Dependency Tested Versions Compatible Versions Comments
GoLang 1.21 1.21 Go plugins must be built using Go 1.21
Redis 6.2.x, 7.x 6.2.x, 7.x Used by Tyk Dashboard
MongoDB 5.0.x, 6.0.x, 7.0.x 5.0.x, 6.0.x, 7.0.x Used by Tyk Dashboard
PostgreSQL 12.x - 16.x LTS 12.x - 16.x Used by Tyk Dashboard
OpenAPI Specification v3.0.x v3.0.x Supported by Tyk OAS

Deprecations

There are no deprecations in this release.

Upgrade instructions

If you are upgrading to 5.4.0, please follow the detailed upgrade instructions. Add upgrade steps here if necessary.

Release Highlights

We’re thrilled to introduce exciting enhancements in Tyk Dashboard 5.4, aimed at improving your experience with Tyk Dashboard. For a comprehensive list of changes, please refer to the change log below.

Event handling for Tyk OAS APIs

We’ve added support for you to register webhooks with your Tyk OAS APIs so that you can handle events triggered by the Gateway, including circuit breaker and quota expiry. You can also assign webhooks to be fired when using the new smoothing rate limiter to notify your systems of ongoing traffic spikes. For more details see the documentation.

Enhanced Header Handling in GraphQL APIs

Introduced a features object in API definitions for GQL APIs, including the use_immutable_headers attribute. This allows advanced header control, enabling users to add new headers, rewrite existing ones, and selectively remove specific headers. Existing APIs will have this attribute set to false by default, ensuring no change in behaviour. For new APIs, this attribute is true by default, facilitating smoother migration and maintaining backward compatibility.

Downloads

Changelog

Added

  • Introduced Rate Limit Smoothing for Redis Rate Limiter

    Implemented a rate limit smoothing mechanism to gradually adjust the rate limit as the request rate increases and decreases between an intermediate threshold and the maximum rate limit. New RateLimitSmoothingUp and RateLimitSmoothingDown events will be triggered as this smoothing occurs, supporting auto-scaling of upstream capacity. The smoothing process gradually increases the rate, thereby unblocking clients that exceed the current request rate in a staggered manner.

  • Updated API designer toolbar for GraphQL and Universal Data Graph

    Revamped the API designer toolbar for GraphQL and Universal Data Graph, consolidating all relevant actions for each API type under a single menu dropdown for improved usability.

  • Updated API designer toolbar for HTTP and TCP

    Revamped the API designer toolbar for HTTP and TCP, consolidating all relevant actions for each API type under a single menu dropdown for improved usability.

  • New Tyk OAS features

    We’ve added some more features to the Tyk OAS API, moving closer to full parity with Tyk Classic. In this release we’ve added controls that allow you: to enable or prevent generation of traffic logs at the API-level; to enable or prevent the availability of session context to middleware and to pin public key certificates to an API. We’ve also added the facility to register webhooks that will be fired in response to Gateway events.

  • New Dashboard API endpoints

    We have added a new /oas/dry-run endpoint to the Tyk Dashboard API. This uses the Dashboard’s logic to create or update a Tyk OAS API definition using an OpenAPI document without instantiating the API on the Tyk platform.

Fixed

  • Fixed template inheritance issue in API Designer

    Resolved a bug in the API Designer where certain properties, such as use_immutable_headers, were not correctly inherited from the new API template. This fix ensures all default settings from the template are properly applied when creating a new API.

  • Corrected assignment issue for API Templates in Tyk organisations

    Fixed an issue where API Templates were not correctly assigned to Tyk Organisations, preventing potential accidental sharing of secret data between Organisations through the use of incorrect templates.

  • Addressed keyboard shortcut issues in Universal Data Graph URL field configuration

    Fixed an issue where common keyboard shortcuts (Cmd + X, A, C, V) were not functioning correctly when configuring the URL field for a UDG data source.

  • Streamlined data source import endpoint in Dashboard API

    Improved the data source import endpoint in the Dashboard API by removing the need for users to convert OpenAPI/AsyncAPI documents into strings before submission. Users can now provide the documents directly, enhancing the overall user experience.

  • Enhanced password reset security

    Modified default OPA rules to fix an issue where admins were unable to reset their own password. Tyk Dashboard clients using custom OPA rules should update their rule set accordingly. Contact your assigned Tyk representative for assistance.

  • Corrected filtering for Dashboard Analytics with PostgreSQL

    Addressed an issue in the api/usage endpoint where Dashboard analytics with PostgreSQL returned unfiltered results. The endpoint now correctly filters results, eliminating the need for duplicating parameters to handle multiple tags.

  • Minor Dashboard UI fixes and improvements

    We have made some improvements to the wording used in the Dashboard user interface and fixed some minor usability issues.

Security Fixes

  • High priority CVEs fixed Fixed the following high priority CVEs identified in the Tyk Dashboard, providing increased protection against security vulnerabilities: - [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) - [CVE-2023-45283](https://nvd.nist.gov/vuln/detail/CVE-2023-45283)
---

Further Information

Upgrading Tyk

Please refer to the upgrading Tyk page for further guidance on the upgrade strategy.

API Documentation

FAQ

Please visit our Developer Support page for further information relating to reporting bugs, upgrading Tyk, technical support and how to contribute.