Flex Gateway Release Notes Archive

1.4.6

July 13, 2023

MuleSoft announces the release of Anypoint Flex Gateway 1.4.6.

Fixed Issues

Issue Resolution	ID
Custom policies in Connected Mode no longer fail with "invalid character '<' looking for beginning of value".	W-13736558

Issue Resolution

Custom policies in Connected Mode no longer fail with "invalid character '<' looking for beginning of value".

W-13736558

1.4.5

June 22, 2023

MuleSoft announces the release of Anypoint Flex Gateway 1.4.5.

What’s New

Schema Validation policy now generates more verbose logs to help with troubleshooting.
Schema Validation policy now shows meaningful information on the response after schema validation failure.
Schema Validation policy now resolves references ($ref) in schemas, up to a 10-level depth.

Fixed Issues

Issue Resolution ID

Issue Resolution	ID
Forward Proxy with outbound TLS policies no longer crashes.	W-13498787
JWT Validation policy no longer fails when using a token with the `x5t` field.	W-13074446
Schema Validation policy no longer floods logs when failing to parse a specification.	W-12636271
Schema Validation policy no longer fails to match the correct path when similar paths are defined.	W-13599735
Schema Validation policy now correctly handles encoded paths and parameters.	W-13599735
Schema Validation policy now avoids re-fetching of specifications when possible.	W-13217895
Schema Validation policy no longer rejects requests with content types containing properties.	W-13639309
CORS policy now allows the `X-Forwarded-For` header for simple requests.	W-13603025
Flex Gateway stops properly after the exit signal is received if the registration file is missing or incorrect.	W-13636262

Forward Proxy with outbound TLS policies no longer crashes.

W-13498787

JWT Validation policy no longer fails when using a token with the x5t field.

W-13074446

Schema Validation policy no longer floods logs when failing to parse a specification.

W-12636271

Schema Validation policy no longer fails to match the correct path when similar paths are defined.

W-13599735

Schema Validation policy now correctly handles encoded paths and parameters.

W-13599735

Schema Validation policy now avoids re-fetching of specifications when possible.

W-13217895

Schema Validation policy no longer rejects requests with content types containing properties.

W-13639309

CORS policy now allows the X-Forwarded-For header for simple requests.

W-13603025

Flex Gateway stops properly after the exit signal is received if the registration file is missing or incorrect.

W-13636262

1.4.4

May 03, 2023

MuleSoft announces the release of Anypoint Flex Gateway 1.4.4.

What’s New

Fluent Bit is now updated to version 1.8.15.
Flex Gateway now configures a liveness probe in Kubernetes deployments.
- Configure a Liveness Check in Connected Mode
- Configure a Liveness Check in Local Mode
Flex Gateway now supports the PROXY Protocol.
- Configure PROXY Protocol in Connected Mode
- Configure PROXY Protocol in Local Mode
Flex Gateway now supports configuring an IngressClass to manage Ingress resources in Kubernetes.
- Configure Flex Gateway as an Ingress Controller in Local Mode
Disconnected replicas now display in the Runtime Manager UI for seven days.
The Flex Gateway Helm chart now uses the new HorizontalPodAutoscaler apiVersion (autoscaling/v2) in supported Kubernetes releases.
Anypoint Platform CLI 4.x now supports automating Flex Gateway workflows for all Flex Gateway versions.
- Anypoint Platform Command-Line Interface 4.x Release Notes
- Automate Flex Gateway with a Jenkins Pipeline

Fixed Issues

Issue Resolution ID

Issue Resolution	ID
The Fluent Bit default buffer size has been increased.	W-12489632
ALPN is now respected when establishing a TLS connection to upstream services.	W-12285581
Ingress classes are now respected by the `Ingress.ingressClassName` field.	W-12726534
Already applied deployments from Connected Mode are no longer reprocessed.	W-12727484
OpenID Connect OAuth 2.0 Token Enforcement Policy no longer fails on token validation when used with a REST API in Connected Mode.	W-13091548
Flex Gateway no longer initiates a new connection when deployment parsing fails.	W-13039766
Flex Gateway no longer creates multiple replicas in Runtime Manager when there are changes in the networking configuration.	W-12976264
Flex Gateway pods in Kubernetes no longer freeze if the process crashes.	W-12289578
Schema Validation Policy no longer throws an invalid bad request error when another API is updated on the same port.	W-13081833, W-13080942
Flex Gateway no longer crashes due to a memory leak in Fluent Bit.	W-13071770

The Fluent Bit default buffer size has been increased.

W-12489632

ALPN is now respected when establishing a TLS connection to upstream services.

W-12285581

Ingress classes are now respected by the Ingress.ingressClassName field.

W-12726534

Already applied deployments from Connected Mode are no longer reprocessed.

W-12727484

OpenID Connect OAuth 2.0 Token Enforcement Policy no longer fails on token validation when used with a REST API in Connected Mode.

W-13091548

Flex Gateway no longer initiates a new connection when deployment parsing fails.

W-13039766

Flex Gateway no longer creates multiple replicas in Runtime Manager when there are changes in the networking configuration.

W-12976264

Flex Gateway pods in Kubernetes no longer freeze if the process crashes.

W-12289578

Schema Validation Policy no longer throws an invalid bad request error when another API is updated on the same port.

W-13081833, W-13080942

Flex Gateway no longer crashes due to a memory leak in Fluent Bit.

W-13071770

1.4.3

April 05, 2023

Fixed Issues

Issue Resolution ID

Issue Resolution	ID
Flex dump now includes Service policies.	W-12736424
OAS schema is now downloaded once.	W-12636298
Schema Validation Policy now returns a JSON response on failure.	W-12740457
Schema Validation Policy headers and query parameters validation is now case insensitive.	W-12636158
Rate Limiting: SLA-Based Policy now refreshes tiers correctly.	W-12651022
Flex Gateway no longer fails after deleting an API Instance with applied policies in Connected Mode.	W-11731962
The PolicyBinding `spec.targetRef` field is now correctly validated.	W-12347158

Flex dump now includes Service policies.

W-12736424

OAS schema is now downloaded once.

W-12636298

Schema Validation Policy now returns a JSON response on failure.

W-12740457

Schema Validation Policy headers and query parameters validation is now case insensitive.

W-12636158

Rate Limiting: SLA-Based Policy now refreshes tiers correctly.

W-12651022

Flex Gateway no longer fails after deleting an API Instance with applied policies in Connected Mode.

W-11731962

The PolicyBinding spec.targetRef field is now correctly validated.

W-12347158

1.4.2

March 15, 2023

Fixed Issues

Issue Resolution	ID
API Manager now correctly shows message logs for Flex Gateway running in Connected Mode.	W-12658860
Resource creation no longer fails due to a name length error for Flex Gateway running in Connected Mode.	W-12667439
The JSON Threat Protection policy no longer considers valid JSON payloads invalid.	W-12594181,W-12594229
API Manager and Monitoring Center now correctly format message logs for Flex Gateway running in Connected Mode.	W-12637178

Issue Resolution

API Manager now correctly shows message logs for Flex Gateway running in Connected Mode.

W-12658860

Resource creation no longer fails due to a name length error for Flex Gateway running in Connected Mode.

W-12667439

The JSON Threat Protection policy no longer considers valid JSON payloads invalid.

W-12594181,W-12594229

API Manager and Monitoring Center now correctly format message logs for Flex Gateway running in Connected Mode.

W-12637178

1.4.0

February 22, 2023

MuleSoft announces the release of Anypoint Flex Gateway 1.4.0.

What’s New

JSON Threat Protection Policy
Schema Validation Policy
Health Check policy for monitoring API upstream services

See the Health Check policy for more information.
Policy execution order in Connected Mode

See Reordering Policies for more information.
Forward proxy support:
- Configuring a Forward Proxy for Flex Gateway in Connected Mode
- Configuring a Forward Proxy for Flex Gateway in Local Mode
Configure TLS and mTLS contexts in Connected Mode.

See Configuring TLS Context for Flex Gateway in Connected Mode for more information.
Configure mTLS for API proxies to upstream services:
- Configuring TLS Context for Flex Gateway in Connected Mode
- Configuring TLS Context for Flex Gateway in Local Mode

Fixed Issues

Issue ID

Issue	ID
Requests with invalid upstream TLS certificates no longer automatically succeed. These requests will now result in 5xx errors. Add `skipValidation: true` to a `PolicyBinding` resource to skip the validation attempt of invalid certificates.	W-12526058
Configuring `"format": dataweaveExpression` in a custom policy schema file in Connected Mode no longer results in an error.	W-12175284

Requests with invalid upstream TLS certificates no longer automatically succeed. These requests will now result in 5xx errors. Add skipValidation: true to a PolicyBinding resource to skip the validation attempt of invalid certificates.

W-12526058

Configuring "format": dataweaveExpression in a custom policy schema file in Connected Mode no longer results in an error.

W-12175284

Known Issues

The Health Check policy does not work on Kubernetes when Flex Gateway is installed in a namespace other than default.

1.3.0

October 31, 2022

MuleSoft announces the release of Anypoint Flex Gateway 1.3.0.

What’s New

Flex Gateway now supports the following deployment targets:
- Amazon Linux 2
- CentOS 8
- RHEL 8
- RHEL 9
- OpenShift 4.8 or greater
Policies now support execution ordering in Local Mode via a new spec.order field in the PolicyBinding resource.
OAuth 2.0 Token Introspection Policy
Flex Gateway now supports inbound mutual authentication TLS (mTLS) via new requireClientCertificate and trustedCA fields in the PolicyBinding resource.

Fixed Issues

Issue	ID
Flex Gateway no longer crashes due to invalid status codes when collecting metrics or when using the HTTP Caching Policy.	W-11830114
Rate Limit Policy no longer fails when using reserved URL characters with selectors.	W-11956739

Issue

Flex Gateway no longer crashes due to invalid status codes when collecting metrics or when using the HTTP Caching Policy.

W-11830114

Rate Limit Policy no longer fails when using reserved URL characters with selectors.

W-11956739

1.2.0

September 28, 2022

MuleSoft announces the release of Anypoint Flex Gateway 1.2.0.

What’s New

Rate Limit and Rate Limit SLA policies can now be used in a distributed environment.

See Rate Limit Policy and Rate Limit SLA Policy.
HTTP Caching and LDAP policies performance is improved.
Envoy is updated to version v1.23.0.
Flex Gateway now supports port sharing across different API instances.

Fixed Issues

Issue ID

Issue	ID
The `Prefix` path type now works correctly in Kubernetes Ingress mode.	W-11554856
Missing permissions errors no longer occur when using Flex in Kubernetes Ingress mode.	W-11554823

The Prefix path type now works correctly in Kubernetes Ingress mode.

W-11554856

Missing permissions errors no longer occur when using Flex in Kubernetes Ingress mode.

W-11554823

1.1.0

Jul 31, 2022

MuleSoft announces the release of Anypoint Flex Gateway 1.1.0, which includes enhancements to the registration experience, and support for new policies.

Policies

Distributed support for the HTTP Caching policy and Shared Storage configuration.

See HTTP Caching Policy and Configuring Shared Storage for Flex Gateway in Local Mode.
LDAP Policy.
Support for the ES256 signature algorithm in the JWT Validation policy.

Enhancements

The Flex Gateway registration experience has been simplified.

The enhancements are backward compatible - the previous way to run Flex Gateway is supported.

For information about migrating to the new registration flow, refer to Registering and Running Flex Gateway in Connected Mode.
Added the ability to delete Flex Gateways via Runtime Manager. Refer to Delete a Flex Gateway.
Flex Gateway has new limits - a maximum of 200 APIs are now allowed in a Flex Gateway.

The logs display the following error when a deployment fails due to exceeding the API limit: limit of 200 API instances has already been reached.
Logging improvements:
- On startup, logs show [flex-gateway-agent][info] Gateway: Platform=https://anypoint.mulesoft.com OrgID=[org_id] EnvID=[env_id] Name=[name] Mode=offline ReplicaName=[replica_name].[namespace]
- Logs generated by policies now indicate the policy name and the associated API identifier.
- API logs are available for each API deployed in API Manager for 30 Days or 100MB.

Fixed issues

Flex Gateway now updates after changing a value in the Configuration resource. For example, adding quotes in a field: port: 443 to port: "443".
Fixed issue with Flex Gateway stopping when enabling/disabling policies in connected mode.
Fixed issue with attributes.queryString DataWeave expression returning null instead of the query string attribute.
Logs generated from certain policies now include a reference to the policy generating the log.

Known Issues

When the 200 APIs limit is reached, no message errors are displayed in API Manager. Error information is only available in the Flex Gateway logs.

1.0.1

Jun 16, 2022

Enhancements

Added distribution packages for Ubuntu Jammy.

Fixed issues

Fixed crash when PolicyBinding.spec.targetRef.selector was set to null.
Support resource-level policies with and without slash as a starting character.
Startup errors are logged less frequently when internal metrics are not ready to be sent. The "Failed to push internal metrics: http_connector: metrics service not available" Fluent Bit setup error appears less frequently.
Access to runtime properties are now cached, improving Flex reliability on long uninterrupted executions. A known issue has been identified and is described below with a workaround.
Fixed typo in payload response for rejected requests in rate limiting policies. "Too many request" was changed to "Too many requests".

Known Issues

In low-traffic environments, after disabling/enabling a policy and waiting ten minutes without applying/unapplying other policies, the next rejected request forces Flex Gateway to stop.

Workaround: Remove the policy instead of disabling it.

The issue does not occur when enabling and disabling the following policies: Client ID Enforcement, Open Id, JWT Validation and Rate Limiting - SLA based.
After disabling and then enabling a policy, the monitoring suite stops receiving data. The following message appears: "got policy violation but could not fetch policy ids context".

Workaround: Remove the policy instead of disabling it.

1.0.0

May 2, 2022

MuleSoft announces the release of Anypoint Flex Gateway 1.0.0.

Flex Gateway is an ultrafast API gateway designed to manage and secure APIs running anywhere. Built to seamlessly integrate with DevOps and CI/CD workflows, Flex Gateway delivers the performance required for the most demanding applications and microservices, while providing enterprise security and manageability across any environment.

See the Anypoint Flex Gateway documentation for more information about Flex Gateway.

Known Issues

Flex Gateway does not support adding APIs in the design environment. Use the sandbox or your production environment to add APIs.
When you apply the Rate Limiting policy to a Flex Gateway, the APIs are scoped to replicas and not to the gateway.
The Rate Limiting policy has a 24-day limit restriction.

For Rate Limiting in Connected Mode, the maximum windows size is 24 days. There is no window size limitation in Local Mode.
TLS configuration is currently supported at the API Gateway level and not at the API instance level.

Compatibility

Flex Gateway is supported on x86_64 and AMD64.