News How KrakenD Solves API Gateway Security Vulnerabilities

Return to blog's homepage

Blog categories

Product UpdatesSecurity

5 min read

KrakenD Enterprise v2.3: Easing Your API Journey

by Albert Lombarte

KrakenD Enterprise is excited to announce the release of its API gateway software v2.3, available for download. This upgrade delivers an improved experience for users looking to simplify their operations.

With KrakenD v2.3, users will experience greater simplicity, eliminating the need for several plugins and adding automated processes to import OpenAPI and gRPC contracts.

This upgrade has been designed to address the joint pain points customers experience when managing their APIs.

Simplifying Operations with KrakenD Enterprise

We’ve heard you, and we’ve acted. With KrakenD v2.3, you’ll experience simplicity like never before. No more fumbling for the wildcard, gRPC, redirect, or web proxy functionalities - no plugins needed anymore!

For instance, use the /path/to/* syntax for easier wildcards instead of adding the server and client plugins mix, or create a catalog of proto files and add automatic gRPC backends.

End-to-end testing has been made easier with JSON Schema definition tests, and the multiple merge of OpenAPI contracts lets you import numerous contracts in a single operation. Plus, there’s a new OpenAPI serve command to start a KrakenD server from an OpenAPI file; no import is required.

Example of wildcard simplification: Before and After.

Easier wildcards

Resolving Your Pain Points

Our mission is to make your API management as seamless as possible. The new version includes NTLM authentication for legacy Microsoft Dynamics ERP.

Adding service-to-service authentication flow on Google Cloud and shared caching of JWK URLs enhances your security and efficiency, so you can stop managing these pieces on your own.

Finally, KrakenD Designer allows you to apply changes on a local KrakenD directly from the web.

Enhancements and Fixes

We’re always looking for ways to improve KrakenD, and we implement functionalities our customers ask for. For example, the New Relic integration now accepts additional headers to report. The new back-off strategies for AMQP make an easier administration. The API key functionality adds support for legacy API keys that don’t add a Bearer or Basic indication and per-endpoint strategy override as well. The Security Policies engine adds bitwise operations. All these new functionalities were requested by Enterprise customers.

We’ve also made several fixes, including support for JMESpath for json.Number or previous problems with WebSockets and forced Gzip, or the upgrade to Go version 1.20.4, which ensures an even safer environment with crypto packages’ security fixes.

In essence, KrakenD Enterprise v2.3 is a product of our commitment to providing you with an easy-to-use, efficient, and secure API management solution. So gear up for a hassle-free API journey with KrakenD v2.3!

Deprecation notes and migration instructions

All deprecated components continue to work as usual in v2.3, but they will be removed in future versions, so we encourage you to make the changes now.

The no-redirect and http-proxy plugins are now considered deprecated. Instead, you have the same functionality more conveniently through the native HTTP Client options component that handles all these functionalities together and frees the usage of HTTP client plugins for other usages.

The OpenAPI functionality adds a new command that defaults to OpenAPI 3, and the previous one continues to work in this version.

See the migration notes:

🚀 Summary of changes for EEv2.3

The v2.3 includes awaited new features requested by customers, such as gRPC backends without plugins, easier wildcards (simply writing a star *), and the End-to-End testing with JSON Schema contracts. It also includes all features and fixes of Community 2.3.2. Checkout the rest of features.

  • Easier wildcards using the /path/to/* syntax. Plugins are no longer needed!
  • Automatic gRPC backends based on proto files. No plugins are needed anymore.
  • End-to-end testing supports now JSON Schema definitions
  • Added Multiple merge of OpenAPI contracts. Import many contracts in one operation.
  • Added NTLM authentication for Microsoft Dynamics and similar integrations
  • The security policies add now bitwise operations to facilitate mask calculation.
  • The new OpenAPI serve command to start a KrakenD server with the OpenAPI file and no import.
  • The New Relic integration now accepts an additional list of headers to report
  • Added service-to-service authentication flow on Google Cloud
  • Support for legacy API keys that pass keys without a Bearer or Basic indication.
  • Override of API keys strategy and identifier per endpoint.
  • Retries for AMQP consumers and producers with configurable back-off strategies
  • Global caching of JWK URLs, reused between endpoints.
  • KrakenD Designer can now apply changes on a local KrakenD directly from the web.
  • New /__echo/ endpoint, to dump requests from users and test functionality.
  • Added use_h2c (clear text HTTP/2), in addition to the already supported HTTP/2 over TLS
  • Add new TLS settings for the internal HTTP client (client_tls)
  • Add per backend HTTP client settings, including no redirect, TLS, and web proxy
  • The body generator, and the soap integration support now Sprig functions.
  • The underlying Go version has been upgraded to 1.20.4, which includes security fixes to crypto packages.
  • The audit rules add more security recommendations.
  • WebSockets with forced Gzip could panic
  • JMESpath support for json.Number instead of integer
  • HTTP logger plugin panic
  • The router configuration was overwriting defaults for unexisting attributes
  • The prefetch_size flag on AMQP was never implemented, and it has been removed from the configuration
  • The prefetch_count has been removed from AMQP producers as it only makes sense in a consumer scenario
  • The krakend generate openapi command has been renamed to krakend openapi export; please replace its usages.
  • The krakend generate from openapi command has been renamed to krakend openapi import; please replace its usages.
  • The HTTP proxy plugin is deprecated as the functionality is natively supported as an HTTP Client option.
  • The no-redirect plugin is deprecated as the functionality is natively supported as an HTTP Client option.
  • The allow_insecure_connections property at the service level now moves under client_tls > allow_insecure_connections.
  • The Instana integration is deprecated and will be removed in future releases.
  • The Google Analytics integration is deprecated and will be removed in future releases.

Upgrading to the latest version is always advised.

Categories: Product UpdatesSecurity
Scarf

Stay up to date with KrakenD releases and important updates