v2.2.0

Release Date: Jul 31, 2024

Caution: Service disruption may occur on upgrade Please be advised that users of the SSO and Rate Limiting functionality who are not using Redis for state storage will experience service disruption when upgrading to this version. Please see the notes regarding the upgrade of Hazelcast below.

Included in this release:

  • GraphQL support (filters to restrict queries by operation count and operation depth)
  • Update to Spring Boot 3.3.2 and Spring Cloud 2023.0.3
  • Hazelcast upgraded to 5.3.8

Security issues resolved in this release:

Hazelcast upgrade:

In this release we have upgraded the Hazelcast in-memory data store library to the latest available version. Hazelcast is used by Spring Cloud Gateway for VMware Tanzu for the storage of Single Sign-On (SSO) session and rate limit data, unless you have explicitly configured your Gateway to use Redis instead.

This is a significant update to the version of Hazelcast, and so requires recreation of the internal Hazelcast cluster. This will incur the loss of any existing SSO session and rate limit state.

This will be noticeable to users of the Gateway in the following ways:

  • Users of routes which make use of SSO will need to re-authenticate.
  • Users of routes which make use of the RateLimit filter will temporarily experience inconsistent limiting behaviour due to the limiter counts being reset.

Gateway instances which are configured to use Redis instead of Hazelcast will not be affected. While we do not expect these significant Hazelcast upgrades to be frequent events, they are sometimes necessary in order to resolve security issues. Going forward, we recommend switching to Redis if you need to avoid the possibility of service interruption on future upgrades.

check-circle-line exclamation-circle-line close-line
Scroll to top icon