News KrakenD CE v2.9 released with improved sequential proxy and security

Return to blog's homepage

Blog categories

Product UpdatesSecurity

3 min read

KrakenD CE v2.9 released with improved sequential proxy and security

by Albert Lombarte

We are excited to announce the latest updates and improvements to our platform. Here’s a breakdown of the new features, bug fixes, and security enhancements:

Sequential Proxy enhancements

The enhanced sequential proxy functionality of v2.9.0 provides greater flexibility with multi-step API calls. We have added a parameter sequential_propagated_params that allows you to propagate parameters to the next calls, having more data available in dependent calls. With this new parameter, you can do things like passing as the body of a request any previous response, or reuse any element of a prior response in scripts without having the requirement to pass values in the url_pattern

Offline linting

The linter has always required an Internet connection to operate. We have now embedded the validation schema in the binary so you can fully check the validity of a configuration file completely offline. To do so, you can add the flag --lint-no-network (or -n) to your existing krakend check command to work locally. This also makes faster CI/CD validations that do not need to download a huge file.

In addition, there is also a --lint-schema option that allows you to set your own schema. Why would anyone need it? Because if you code your own plugins and they have complex configurations, you can merge our schema with yours and validate everything together.

Lua header management

Lua scripts have more enhancements worth mentioning. On one side, we have introduced a new headerList helper to objects response, request, http_response and ctx that allows you to access and set headers with multi-values.

In addition, the headers(header) setter function can now remove headers by passing a nil value.

Full YAML encoding support

To complement the YAML output encoding, we’ve added a new encoding type in the backend to natively handle backend responses in YAML format, like parsing Kubernetes manifests and similar, and offering them as JSON API.

Security Updates

This version upgrades the internal Go Version to 1.22.11, addressing the following vulnerabilities:

  • CVE-2024-45336: A vulnerability in the Go programming language that could allow unauthorized access under certain conditions.
  • CVE-2024-45341: A security flaw in Go that potentially permits execution of arbitrary code.
  • CVE-2024-45337: Misuse of public key may cause authorization bypass (false positive, as KrakenD does not implement SSH)

For more details on these vulnerabilities, please refer to the official CVE entries (see links in the changelog).

We encourage all users to update to the latest version to benefit from these enhancements and fixes. Thank you for your continued support!

🚀 Summary of changes for CEv2.9

Propagate parameters in the sequential proxy, new YAML encoding, offline linter, and more.

  • The sequential proxy can now propagate parameters or the entire body response of previous calls. It has also been reworked to improve its performance.
  • Added a new type of encoding to work natively with backend responses in YAML format
  • The linter can work now offline with --lint-no-network or can use a custom schema with --lint-schema
  • Lua - The function to set headers is able to destroy headers when passing a nil value.
  • Lua functions now include a headerList helper to set headers with multiple values.
  • Corrected OpenTelemetry bug where the value of router errors was always 404 even if it was a 405
  • Upgraded go to 1.22.11 fixing CVE-2024-45336, CVE-2024-45341, and CVE-2024-45337.
  • Upgrade Docker image base to Alpine 3.21

Upgrading to the latest version is always advised.

Compare versions
Upgrade to v2.9

Happy building! 🐙

Categories: Product UpdatesSecurity
Scarf

Stay up to date with KrakenD releases and important updates