Here are the release notes for Spring Cloud Gateway for Kubernetes.
v2.1.11
Release Date: July 23, 2024
Included in this release:
- Update to Spring Boot 3.1.12 and Spring Cloud 2022.0.7
- Explicitly fail on invalid Redis Binding configuration
- Fix SCG labels not reconciling to the StatefulSet on updates
- Fix a case where routes were not configured and validation did not report it
Security issues resolved in this release:
- CVE-2024-21147 (Java 17)
v2.1.10
Release Date: Apr 18, 2024
Included in this release:
- Resolved issue that prevented successful CORS validation of URL scheme on CircuitBreaker filter forwarded requests
v2.1.9
Release Date: Mar 8, 2024
Included in this release:
- Upgrade to Spring Boot 3.1.9
- Improved Hazelcast in-memory data store graceful shutdown
- JAVA_* and JDK_JAVA_OPTIONS no longer accepted as valid environment variables
Fixed CVEs:
- CVE-2023-51775 - jose4j
- CVE-2024-22234 - spring-security-core
- CVE-2024-22243 - spring-web
v2.1.8
Release Date: Feb 12, 2024
Included in this release:
- Upgrade to Spring Cloud 2022.0.5 and Spring Boot 3.1.8
- Security fixes
v2.1.7
Release Date: Jan 26, 2024
Included in this release:
- Fix issue where no SslProvider was returned when host is null, when the gateway was configured for server TLS
- Upgrade to Spring Boot 3.1.7
- Patch bumps
v2.1.6
Release Date: Dec 12, 2023
Included in this release:
- Resolved security vulnerabilities
- Upgrade to Spring Boot 3.1.6
v2.1.5
Release Date: Nov 16, 2023
Included in this release:
- Resolved security vulnerabilities
- Upgraded to Spring Cloud Gateway 4.0.8
- Fixed cache issue to set max-age=0 when no cache
- Improvements API route updates
v2.1.4
Release Date: Oct 24, 2023
Included in this release:
- Fixed missing gateway endpoints during less than a second when routes are updated
- Fixed security issues
v2.1.3
Release Date: Oct 13, 2023
Included in this release:
- Improved logging and troubleshooting when configuring secretProviders
- Improved CRD descriptions
v2.1.2
Release Date: Sep 27, 2023
Included in this release:
- Resolves CVE-2023-42503 - apache commons-compress
- Adjusts POD security contexts to pass restricted POD Security policy
v2.1.1
Release Date: August 29, 2023
Included in this release:
- Fixes in Open API Route Config generation
- Fixes in Open API generation
- Fix gateway not getting routes after pod restart
- Fix the Leader Election process to continue alive when multiple replicas start switching leadership
v2.1.0
Release Date: August 21, 2023
Included in this release:
- Added JsonToXml and XmlToJson filters to transform requests and responses for specific API routes
- Added Replay filter to duplicate traffic to an additional API route
- Added RestrictRequestHeaders filter to restrict which Headers are allowed on incoming request
- Added hot loading of secret changes for client and server TLS configurations
- Added ability to configure TLS for connection with OpenID Connect provider to support Single Sign-On
- Added filtering to specific OpenAPI specification to the OpenAPI auto-generation endpoint
- Added ability to remove specific API routes from generated OpenAPI specification
- Added annotations for defining API metadata information via
metadata.annotationsconfiguration:apis.tanzu.vmware.com/api-titleapis.tanzu.vmware.com/api-descriptionapis.tanzu.vmware.com/api-documentation- Support for equivalent
spec.apiattributes will be continued based on product deprecation policy
- Added ability to configure Hazelcast join IP ranges in High Availability mode
- Added access to loggers actuator to support log level management in API gateway on management endpoint
- Added ability to deactivate Custom Extensions
- Upgrade to Spring Boot 3.1.2 and Spring Cloud 2022.0.4
- Early access support for External Secrets Operator integration to manage secrets referenced in API gateway instances for:
- JwtKey filter
- ApiKey filter
- TLS certs for ingress and upstream application communication
