Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release v2.7.0 #902

Merged
merged 17 commits into from
Jul 18, 2024
Merged

Release v2.7.0 #902

merged 17 commits into from
Jul 18, 2024

Conversation

kpacha
Copy link
Member

@kpacha kpacha commented Jul 10, 2024
edited by dhontecillas
Loading

Release v2.7.0

JWT

audit rules

  • add OpenTelemetry recommendations:
    • mark as deprecated opencensus, ganalytics, and instana
    • check if more than one system is reporting metrics
  • add check for deprectade plugins.
  • check gRPC server number of exposed services
  • fix false positive rule for no rate limit control

rate limit

  • improved memory usage
  • add num_shards param to configure the sharding for each rate limit (impacts the supported parallel access to rate limit counters)
  • Added the params to tweak the expiration with cleanup_period (how often we run the cleanup process, defaults to 1 minute) and cleanup_threads (the number of parallel clean threads, that defaults to 1, and should not be changed except if an extreme case is detected).
  • Added param token extractor: a param from the gin.Request can be used as a "token" (until now we had ip and header)

set DNS Cache TTL

support multiple certs

At the service level, under the tls section, we add a keys property, that is a list of { "public_key": "publick_key_file_path", "private_key": "private_key_file_path" } , and the exisitng public_key / private_key under the tls sections are deprecated. From the Lura PR: luraproject/lura#725

set max header bytes

Checked with 🟢 that works on the playground

CORS changes:

  • 🟢 options_success_status: allows to define the options success status code.
  • 🟢 options_passthrough: Instructs preflight to let other potential next handlers to process the OPTIONS method. Turn this on if you have enabled auto_options in the extra_options/router
  • allow_private_network: Indicates whether to accept cross-origin requests over a private network.

HTTP Secure changes:

  • ⚠️ removed / ignored the public_key value, as public key pinning is a deprecated feature
  • 🟢 ssl_proxy_headers : map of header → values
  • 🟢 allowed_hosts_are_regex : boolean indicating that allowed_hosts are regex instead of simple strings
  • 🟢 force_sts_header : boolean indicating we want the STSHeader even for HTTP requests

Audit changes:

  • add deprecated rule for private_key / public_key : now that several certificate pairs are supported, we have them in an array field.

Cobra changes:

  • fix: check command with extra verbose -ddd displays new fields in root config.

Tagged versions of the following libs:

Fixes

Other

  • added trivy actions to the repo

dependabot bot and others added 9 commits June 24, 2024 22:14
@dependabot
Bump github.com/hashicorp/go-retryablehttp from 0.7.5 to 0.7.7
59b97e3 
Bumps [github.com/hashicorp/go-retryablehttp](https://github.com/hashicorp/go-retryablehttp) from 0.7.5 to 0.7.7.
- [Changelog](https://github.com/hashicorp/go-retryablehttp/blob/main/CHANGELOG.md)
- [Commits](hashicorp/go-retryablehttp@v0.7.5...v0.7.7)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-retryablehttp
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dhontecillas
update krakend audit rules
0dc158d
@dhontecillas
update ratelimit library to v3.2: mem usage improvements
dfca09b
@dhontecillas
update krakend-jose library (leeway param was already included in 2.5)
38e9513
@dhontecillas
update to go-auth0 v1.2.0
b7ab762
@dhontecillas
set DNS Cache TTL time on startup
528c4d8
@kpacha
v2.7.0 bumped
4691e6a
@kpacha
Merge pull request #894 from krakend/update_deps_for_2_7
420d801 
Update deps for 2 7
@kpacha
Merge pull request #893 from krakend/dependabot/go_modules/github.com…
3f0b52d 
…/hashicorp/go-retryablehttp-0.7.7

Bump github.com/hashicorp/go-retryablehttp from 0.7.5 to 0.7.7
@kpacha kpacha changed the title v2.7.0 bumped [WiP] Release v2.7.0 Jul 10, 2024
@kpacha kpacha changed the title [WiP] Release v2.7.0 Release v2.7.0 Jul 18, 2024
@kpacha kpacha merged commit 58d2c20 into master Jul 18, 2024
8 checks passed
@kpacha kpacha deleted the dev-v2.7.0 branch July 18, 2024 14:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kpacha @dhontecillas