1.4.15

Otoroshi version 1.4.15

This version fix a routing bug on /.well-known/otoroshi/* routes

1.4.14

Otoroshi version 1.4.14

https://github.com/MAIF/otoroshi/milestone/25?closed=1
v1.4.13...v1.4.14
https://github.com/MAIF/otoroshi/releases/tag/v1.4.14

Added

• Added scripts status in /health (#403)
• Add detailed client informations based on User-Agent (#335)
• Add more user related user info (identity) in events (#336)
• Add client geo info (from ip) in events (#337)
• [plugin] introduce pre-routing plugins (#398)
• [plugin] introduce request sink plugins (#407)
• [plugin] add a plugin to expose prometheus metrics per service (#312)
• [plugin] add body logger with graphical debugger (#400)
• [plugin] add information extraction based on user-agent (#401)
• [plugin] add geolocation extraction based on ip address (#402)
• [plugin] add a plugin to pass OIDC tokens and profile in headers (#404)
• [plugin] add a plugin to pass client cert. chain in headers (#405)
• [plugin] add CLF logger (#406)
• [plugin] resources caching (#76)
• [plugin] support some kind of real time debugging (#94)
• create new events (#334)
• allow path strip or not (#393)
• allow multi host (#394)
• allow multi matching root (#395)

Changed

• use another default domain name (#294)
• use Parcel.js to build Otoroshi UI (#105)
• update front build (#392)

Fixed

• filter with dates range don't return expected events (#385)
• sometimes services can't be found (#391)
• // in services events (#396)
• fix bad behavior for /metrics and /health (#397)
• enhance UDP tunneling support (#399)

1.4.13

Otoroshi version 1.4.13

https://github.com/MAIF/otoroshi/milestone/24?closed=1
v1.4.12...v1.4.13
https://github.com/MAIF/otoroshi/releases/tag/v1.4.13

Added

• Add an "all events" view (#374)
• Support Webauthn authentication for backoffice login (#352)
• Integration of mTLS tests (#359)
• Chaining transformers enhancement (#313)
• Support DefaultToken strategy in JWT Verifiers (#373)
• Early apikey extraction even if service is public (#351)
• Expression language in targets (#353)
• Introducing global validators and transformers (#372)
• Support UDP tunneling (#361)
• Use webauthn for U2F login of the backoffice (#340)
• Addionnal headers only if missing (#364)
• Use webauthn for U2F login of private apps (#358)
• Global EL (#369)
• Add extra metadata in auth modules (#370)

Changed

• Improve tunneling (#354)
• Improve request transformer request object (#299)
• Can we use external access validation without client cert ? (#333)
• Handle multiple JWT verifiers refs, with matchOne strategy (#363)
• Rewrite validation authorities (#360)
• Refactor transformer to only take a context as param like AccessValidator (#366)
• Replace all in EL for multiple values (#371)

Fixed

• Issues with target component (#355)
• Created Global Jwt Verifiers not appears in global list (#362)
• Fix overflow of icons in public column of services page (#365)
• JWTVerifier cannot be saved (#368)
• Case sensitivity issue in headers manipulation bug (#367)

1.4.12

Otoroshi version 1.4.12

v1.4.11...v1.4.12
https://github.com/MAIF/otoroshi/releases/tag/v1.4.12

Fixed

• Fixed version display in UI

1.4.11

Otoroshi version 1.4.11

https://github.com/MAIF/otoroshi/milestone/23?closed=1
v1.4.10...v1.4.11
https://github.com/MAIF/otoroshi/releases/tag/v1.4.11

Added

• Experimental: Identity aware TCP tunneling over HTTPS (#349)
• Otoroshi version available on the dashboard (#346)
• Support something like urn:ietf:wg:oauth:2.0:oob in private apps. (#297)

Fixed

• Weird behavior with chunked transfer encoding (#350)
• Logout does not work properly when using a In Memory Basic Auth config (#348)
• Use 'storageRoot' when deleting all keys from Redis Storage (#347)
• Cannot set Api Keys Restrictions (#345)
• Allow multiple master nodes (ip address) in cluster config with client loadbalancing to avoid DNS setup (#342)
• Delete Elastic config (#341)

1.4.10

Otoroshi version 1.4.10

https://github.com/MAIF/otoroshi/milestone/22?closed=1
v1.4.9...v1.4.10
https://github.com/MAIF/otoroshi/releases/tag/v1.4.10

Added

• Removing incoming and outgoing headers (#326)

Changed

• Improve cassandra support (#325)

Fixed

• Api Keys could have a ttl (#328)
• Fix empty String and Option[String] JSON parsing (#330)
• Navigating on a group cause a 'Page not found' page (#329)
• Some apiKeys disappears after apiKey creation (#322)
• Problem to empty the Url field of Service Targets (#327)
• Remove bintray links (#324)

1.4.9

Otoroshi version 1.4.9

https://github.com/MAIF/otoroshi/milestone/21?closed=1
v1.4.8...v1.4.9
https://github.com/MAIF/otoroshi/releases/tag/v1.4.9

Added

• Http method and path validation per apikey (#315)
• Add new new concepts on targets like matcher, manual DNS resolution, etc (#309, #310)
• Support new loadbalancing policies (#80, #79, #77)
• Add expression language to headers in/out values (#308)
• Routing based on apikey roles and metadata (#307)
• Live switching of the default http client (#300)

Changed

• Improve otoroshi exchange protocol (#320)
• Support CIDR notation in ip address whitelists / blacklists (#318)
• Add "items in arrays" validation in JWT verifiers (#290)
• Transfer more tags and metadata in third party api key from OIDC tokens (#317)
• Remove support for ahc: http client (#302)
• Better timeout management with the akka http client (#301)

Fixed

• Enforce TTL on secured exchange protocol v2 bug (#316)
• Remove default ssl context dump (#303)
• APP_STORAGE is missing for AWS configuration (#304)
• Cannot read property 'data.dataIn' of null in Analytics (#305)

1.4.8

Otoroshi version 1.4.8

https://github.com/MAIF/otoroshi/milestone/20?closed=1
v1.4.7...v1.4.8
https://github.com/MAIF/otoroshi/releases/tag/v1.4.8

Added

• Support datastores other than redis for clusterings
• Support enterprise proxy to access outside world enterprise
• Introduce secure exchange v2 enhancement
• Provide a "serverless" trait for request transformer
• Disable HTTP/1.0 per service
• Provide a root CA to trust at startup through config.
• Add api key constraints
• Third party apikeys (OIDC) verification module
• Support Mailjet as alert mailer
• Implements /me endpoint for private apps

Changed

• Drop support for leveldb store datastore
• Consider using a JsValue instead of Option[String, String] in private apps sesssions
• Remove dev centric features
• Add last sync date in /health of cluster workers
• OAuth: do not send client_secret if not specified
• Display event content in service events
• Add query param to filter response body on analytics apis
• Add documentation about /metrics and /health

Fixed

• Use password input in 'in memory auth. module'
• Fix missing doc in request transformer scripts section
• Fix self signed certificate
• Fix certificate generation at startup
• Disabled service should not be used in routing

1.4.7

Otoroshi version 1.4.7

https://github.com/MAIF/otoroshi/milestone/19?closed=1
v1.4.6...v1.4.7
https://github.com/MAIF/otoroshi/releases/tag/v1.4.7

Added

• documentation to deploy otoroshi en AWS Elastic Beanstalk
• Support for Mailgun EU
• Support for Prometheus metrics
• Support for json metrics
• New analytics apis that are more flexible
• Header value verification post routing
• additional headers out
• shortcut to add security headers
• gzip support

Changed

• Show sessions profile and metadata in modal window
• Do not use native modals in browser anymore
• OIDC auto config is more reliable
• Chunked response handling has been rewritten

Fixed

• reload admins table after adding a new admin
• Content-Encoding is not missing anymore in responses

1.4.6

Otoroshi version 1.4.6

https://github.com/MAIF/otoroshi/milestone/18?closed=1
v1.4.5...v1.4.6

Changed

• Updated swagger according to last API changes
• Fixed OAuth / OIDC scope settings reading from datastore