Open source API management platform
👋 Long time no release! Sorry for the long gap since our last formal release, but we have a sizable upgrade ready that fixes various bugs, and makes a lot of internal improvements. Upgrading is recommended.
If you're upgrading a previous API Umbrella version, you may upgrade the api-umbrella
package using your package manager.
nginx.shared_dicts.active_config.size
), the API backend configuration could become unloaded leading to an API outage. This is now fixed so that the new API backend configuration will only get published if there's enough available memory (otherwise, the old configuration will remain in place, and a warning will be logged). The default memory size for this configuration has also been increased to allow for 750-1000 API backends by default (up from the previous default allowing 150-300 API backends). (cb5e2c1, 3af5700, api.data.gov#385)api_key
query parameter should still be stripped, but other instances of "api_key" elsewhere in the URL (for example as a value, like ?foo=api_key
), are now retained. (de3e207)nginx.proxy_read_timeout
and nginx.proxy_connect_timeout
settings for use with API backends that are slower to respond. (#441, 17bc65c)elasticsearch.api_version
must be adjusted accordingly. (#393)log.destination: console
option can be used to log all output to stdout/stderr instead of log files. This makes API Umbrella easier to run in containerized environments. (#376)router.api_backend_required_https_regex_default
configuration option can be used to force certain API URLs to redirect to HTTPS based on a regex. (api.data.gov#457)web.api_user.email_regex
, web.api_user.first_name_exclude_regex
, web.api_user.last_name_exclude_regex
). (15f14f3, 1566eef)nginx.error_log_level
). (2b0c8ac)router.global_rate_limits.ip_connections_log_level
and router.global_rate_limits.ip_rate_log_level
, a804e0c)request_ip_location
field that was removed in v0.14.0. (c783e1c)This update contains one important fix for v0.14.3. Upgrading is recommended if you are currently running v0.14.3.
If you're upgrading a previous API Umbrella version, you may upgrade the api-umbrella
package using your package manager.
This update contains a few bug fixes and some potential security fixes. Upgrading is recommended.
If you're upgrading a previous API Umbrella version, you may upgrade the api-umbrella
package using your package manager.
web.rails_secret_token
value if you manually set that in your config). (82dfe06)This update contains a few bug fixes. Upgrading is recommended.
If you're upgrading a previous API Umbrella version, you may upgrade the api-umbrella
package using your package manager.
This update contains a few bug fixes and one potential security fix. Upgrading is recommended.
If you're upgrading a previous API Umbrella version, you may upgrade the api-umbrella
package using your package manager.
This update focuses on upgrading various internal components of API Umbrella. It also offers new features and various bug fixes. A few potential security issues are also addressed. Upgrading is recommended, but there are some potential compatibility issues to note. See the Upgrade Instructions section below.
Many thanks to everyone that contributed with pull requests and bug reports!
If you're upgrading a previous API Umbrella version, you may upgrade the api-umbrella
package using your package manager.
This version has a few potential compatibility issues, depending on your setup, so be sure to read the following upgrade notes:
sudo /etc/init.d/api-umbrella restart
).X-XSS-Protection
, X-Frame-Options
, and X-Content-Type-Options
headers have been added to website backend and web-app responses. (f15ac873)web-app
component (that provides the admin APIs) has been upgraded from Rails 3.2 to Rails 4.2. (#259)admin-ui
component (that provides the admin user interface) has been upgraded from Ember 1.7 to Ember 2.8. It has also been separate from the Rails codebase to be a standalone Ember app. (#257)X-Forwarded-Host
header by default. (api.data.gov#355)backend_response_time
, internal_gatekeeper_time
, proxy_overhead
, request_ip_location
, and request_query
. (#334)request.log.gz
log file could become correct (although this file isn't currently used). (#324)This update fixes one security issue and one small bug fix. Upgrading is recommended.
If you're upgrading a previous API Umbrella version, you may upgrade the api-umbrella
package using your package manager.
This update brings a variety of fixes and new features. A few potential security issues are also addressed. Upgrading is recommended.
Special thanks to @ThibautGery and @shaliko for their contributions to this release, and to anyone else reporting issues!
If you're upgrading a previous API Umbrella version, you may upgrade the api-umbrella
package using your package manager.
Compatibility Notes: There are two small changes in how the raw analytics data is stored in v0.12.0. This should only be relevant if you were querying the Elasticsearch analytics database directly (not via the admin UI or APIs) and interacting with the request_at
or request_query
fields. See the "Changed" section below for more details. Otherwise, v0.12.0 should be fully backwards compatible.
request_at
timestamp logged in the analytics database now reports the time the request ended, rather than when the request began. (#251)request_query
field in Elasticsearch may no longer contain dots/periods. (#253)This is a small update that fixes a couple bugs (one important one if you use the HTTP cache), makes a couple small tweaks, and updates some dependencies for security purposes. Upgrading is recommended.
If you're upgrading a previous API Umbrella version, you may upgrade the api-umbrella
package using your package manager.
This is a small update that fixes a few bugs, adds a couple small new features, and updates some dependencies for security purposes. Upgrading is recommended.
If you're upgrading a previous API Umbrella version, you may upgrade the api-umbrella
package using your package manager.
server_names_hash_bucket_size
option to be set: If you've explicitly defined hosts
in the API Umbrella config with longer hostnames, you can now adjust the nginx.server_names_hash_bucket_size
setting in /etc/api-umbrella/api-umbrella.yml
to accommodate longer hostnames. (#208)mongodb.url
setting contained additional query string options, it could cause connection failures. (#206)User-Agent
headers: If a request contained multiple User-Agent
HTTP headers, the request would fail to be logged to the analytics database. (api.data.gov#309)nofile
and noproc
resource limits to a configurable number.We've updated several dependencies with reported security issues. We're not aware of these security issues impacting API Umbrella in any significant way, but upgrading is still recommended.