API Platform 4.3.1.0

Issues fixed and improvements

  • Fixed vulnerabilities on api-token-manager and api-authorization.

  • Fixed vulnerabilities that exposed sensitive information about the application (Tomcat - Databases and other types of information).

  • The level of exposed information on the Health endpoint was limited.

  • Fixed the behaviour that exposed the user’s password on the Audit screen.

  • We centralised the operation of the Spike Arrest interceptor.

  • Fixed the behaviour of MFA - when active, it prevented the list of APIs to be displayed.

  • Fixed issue of route error when the destination URL of an API was altered.

  • Fixed the behaviour that made an environment unavailable when a path was inserted without closing it inside a resource.

  • Treatment of exceptions when importing APIs.

  • Fixed the tip message exhibited on the screen Roles (option "Organization").

  • Added an option to enable/disable the module Flexible Actions.

  • Fixed the behaviour that prevented opening an API with a right click.

  • Improved the error message displayed when resetting a password on the Manager.

  • Fixed the front-end behaviour when removing environments from an API.

  • Fixed the front-end behaviour when importing APIs.

  • Fixed the front-end behaviour when that broke the layout when selecting many APIs in the "Search" field of the Plans screen.

  • Adjustment to the measurement unit used on the Cache Control screen.

  • Now there is backward compatibility for future updates regarding the Modification/exclusion of Enums.

  • Externalisation of the "Chain" field for certificates (mTLS).

  • Fixed issues of duplicate routes caused by Environment label editing not updating the "Label ID" of the T_ROUTE_DEPLOY table.

  • Adjustment to the mechanism to open and close database connection pools.

  • Fixed issue with the Login flow in the Developer Portal.

  • Fixed parameter validation on Envoy so that it respects the api-gateway timeout.

  • Grammatical corrections on the Import/Export screen.

  • Improved search mechanism for Developers and Apps on the Manager.

  • Fixed issue when attempting to crate a new version of a GraphQL API.

  • Fixed validation of required fields when creating a new version of an API.

  • Adjustment to the behaviour of altering an API when using the option "Save as New Revision".

  • Fixed the swipe behaviour on the Access Tokens screen.

  • Adjustment to the message displayed when creating a user with a blank space in the "Login" field.

  • Addition of an event destroy that closes the sideboard of the Apps and Access Tokens screens.

  • Addition of treatment for the validation of required fields when using the option "Import from Swagger" on the APIs screen.

  • Fixed the issue of information being wrongly exhibited on the API Internal Call interceptor screen.

  • Addition of error message when attempting to create an app with duplicate ClientId and Client Secret.

  • Adjustment to the subtitle font on the Certificates screen, which wasn’t following the pattern.

  • Addition of environmentId to verify duplicate routes.

Thanks for your feedback!
EDIT

Share your suggestions with us!
Click here and then [+ Submit idea]