Skip to content

Tyk

API Development

An open‑source, cloud‑native API gateway that supports REST, GraphQL, TCP and gRPC with built‑in auth, rate limiting, analytics and more.

Track releases GitHub Website
Go Latest v5.12.0-alphafips5 · 3mo ago Security brief →

Features

  • Supports REST, GraphQL, TCP and gRPC protocols
  • Built‑in authentication (OIDC, JWT, etc.)
  • Rate limiting, quota management and analytics
  • Kubernetes‑native via Tyk Operator

Recent releases

View all 5 releases →
v5.11.1-rc1 Breaking risk
Security fixes
  • TT-16468: Using a JWKS URL causes memory leak in gateway 5.11.
  • CVE-2025-54388
Full changelog

What's Changed

  • [TT-11185] release docs 5.3.0 update by @titpetric in https://github.com/TykTechnologies/tyk/pull/6079
  • [TT-11405] Updating JSON tags and field names for TLS max and min versions by @mativm02 in https://github.com/TykTechnologies/tyk/pull/6078
  • TT-10962 by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6072
  • [TT-11388]: updated opentelemtry library and added tests for new span keys by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6087
  • [TT-11377] Adding “node_is_segmented” flag under “node” to complement “tags” by @mativm02 in https://github.com/TykTechnologies/tyk/pull/6093
  • [TT-11413] Fix apidef GlobalRateLimit migrations by @titpetric in https://github.com/TykTechnologies/tyk/pull/6086
  • TT-11288 Revert logger mutex by @sredxny in https://github.com/TykTechnologies/tyk/pull/6103
  • [TT-11197] Upgrade google/grpc by @titpetric in https://github.com/TykTechnologies/tyk/pull/6100
  • [TT-11440/TT-11461] Add functionName to replace name in OAS virtual endpoint and endpoint post plugin by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6098
  • [TT-11439/TT-11452] fix custom plugins contract by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6097
  • [TT-11295] Update graphql-go-tools dependency by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6112
  • [TT-11389]: moved graphql span attributes by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6088
  • TT-11443 Shim to keep compatibility in goplugins importing tyk redis by @sredxny in https://github.com/TykTechnologies/tyk/pull/6096
  • [TT-11452] remove unused migrate func by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6117
  • TT-11485, fix for global rate limit disabled flag not working by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6120
  • [SYSE-332] Fail tests reliably by @ermirizio in https://github.com/TykTechnologies/tyk/pull/6130
  • [TT-11197] Bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 by @dependabot[bot] in https://github.com/TykTechnologies/tyk/pull/6124
  • [TT-11549/TT-11597] Auto generated from templates by gromit by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6138
  • [TT-10856/TT-11593]fix quota limits not working with url rewrite to self by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6133
  • [TT-11627] Migrate failling to golangci-lint/forbidigo, fix issues by @titpetric in https://github.com/TykTechnologies/tyk/pull/6152
  • [TT-11197]update hashicorp vault by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6150
  • [TT-10909]: fix issue with missing upstream headers in graphql proxy only by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6166
  • [TT-6011] Fix non-functional coprocess apis, add tests by @titpetric in https://github.com/TykTechnologies/tyk/pull/4055
  • [TT-11684] OAS-to-UDG converter - import paths & cleanup by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6181
  • [TT-11735] Exclude testdata from sonarcloud by @titpetric in https://github.com/TykTechnologies/tyk/pull/6182
  • [TT-10104] JS middleware + ignore auth test and fix for panic by @titpetric in https://github.com/TykTechnologies/tyk/pull/6180
  • Update README.md by @letzya in https://github.com/TykTechnologies/tyk/pull/6035
  • [TT-11746] Add linter for regression test names by @titpetric in https://github.com/TykTechnologies/tyk/pull/6191
  • [TT-11585] Process DeleteAPICache event by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6190
  • [TT-10856/TT-11778] fix quota limit remaining header value when key is created from policy and API is looped by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6199
  • [SYSE-336 master] Followup from March template application by @alephnull in https://github.com/TykTechnologies/tyk/pull/6207
  • TT-7560, fixed issue with bundles loading with bad sign/checksum by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6165
  • [SYSE-353 master] Fix tyk-ci fetch mechanism by @ermirizio in https://github.com/TykTechnologies/tyk/pull/6213
  • [TT-7560] skip loading API when custom middleware bundle fetch fails by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6211
  • TT-11748 dont attempt to remove ApiCacheDeletion key from redis by @sredxny in https://github.com/TykTechnologies/tyk/pull/6215
  • [TT-9972] release resources only after specs are completely switched during hot reload by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/5535
  • [TT-11925] Reset plugin compiler build env to match gateway build env by @titpetric in https://github.com/TykTechnologies/tyk/pull/6234
  • [TT-11655] Graphql APIs are unable to handle OPTIONS requests by @rhianeKobar in https://github.com/TykTechnologies/tyk/pull/6221
  • [SYSE-358 master] April template application by @ermirizio in https://github.com/TykTechnologies/tyk/pull/6248
  • [TT-11991]: added request_headers_rewrite by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6257
  • [TT-11966/TT-12064] implement OAS webhooks events by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6258
  • [TT-10291]: support gql-go-tools verison 2 by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6240
  • [TT-12064]Update Cast function signature by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6261
  • [TT-10291]: upgrade gql-tools for v2 by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6264
  • [TT-11966/TT-12064] refactor oas events, update contract by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6263
  • [TT-11966/TT-12064] update typo in cooldown period by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6266
  • [TT-11966/TT-12064] handle edge case with empty event handlers by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6267
  • [TT-12114]update goerr113 with err113 by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6268
  • [SYSE-363 master] May template application by @alephnull in https://github.com/TykTechnologies/tyk/pull/6270
  • update graphql-go-tools (TT-9884) by @pvormste in https://github.com/TykTechnologies/tyk/pull/6274
  • [TT-5790] Update EnsureTransport and related tests by @titpetric in https://github.com/TykTechnologies/tyk/pull/6243
  • [TT-11990] Change default behaviour of request_headers by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6277
  • [TT-11954/TT-12155] add x-tyk-api-gateway.servers.contextVariables.enabled by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6281
  • [TT-7325] Enable fixed window rate limiter by @titpetric in https://github.com/TykTechnologies/tyk/pull/6253
  • [TT-11954/TT-12115]fix location of contextVariables by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6285
  • [TT-11739] Clean up rate limiting area, decouple GlobalConfig in APISpec by @titpetric in https://github.com/TykTechnologies/tyk/pull/6262
  • [TT-11914/TT-12101]Add OAS trafficLogs by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6287
  • [Test] Updates for opentelemetry test, use golang_cross in GH build cache key by @titpetric in https://github.com/TykTechnologies/tyk/pull/6282
  • [TT-11806] Respect domain and listen path by @titpetric in https://github.com/TykTechnologies/tyk/pull/6289
  • [DX-1345] Update config description for inclusive naming project by @dcs3spp in https://github.com/TykTechnologies/tyk/pull/6286
  • [TT-12153]: Fix/complexity checker and granular access checker v3-preview by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6293
  • [TT-12193] Fix poor error handling in webhook event templates by @titpetric in https://github.com/TykTechnologies/tyk/pull/6303
  • add features section to graphql proxy config by @pvormste in https://github.com/TykTechnologies/tyk/pull/6298
  • [TT-12193] Add log for event handler webhook by @titpetric in https://github.com/TykTechnologies/tyk/pull/6310
  • [TT-12193] Update error handling on webhook events when the event template has errors by @titpetric in https://github.com/TykTechnologies/tyk/pull/6312
  • [TT-11997] Backend logic for request_headers_rewrite by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6306
  • [TT-12095] Fixing unhashed API keys exposed in OTEL spans by @mativm02 in https://github.com/TykTechnologies/tyk/pull/6296
  • [TT-11470] Add human identifiable information in NodeData by @padiazg in https://github.com/TykTechnologies/tyk/pull/6229
  • add logic for use_immutable_headers (TT-12190) by @pvormste in https://github.com/TykTechnologies/tyk/pull/6315
  • [TT-11997] Header case insensitivity by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6316
  • [TT-3738] Implement rate limit smoothing by @titpetric in https://github.com/TykTechnologies/tyk/pull/6295
  • [TT-11739] Re-add gateway.RateLimitExceeded (Dashboard coupling) by @titpetric in https://github.com/TykTechnologies/tyk/pull/6318
  • [TT-11739] Fix RateLimitExceeded var name to include Event prefix by @titpetric in https://github.com/TykTechnologies/tyk/pull/6319
  • feat/TT-9462/tag-cached-response by @joshblakeley in https://github.com/TykTechnologies/tyk/pull/6308
  • [TT-12186] Fixes TestOAS_ExtractTo_ResetAPIDefinition with a valid event config by @titpetric in https://github.com/TykTechnologies/tyk/pull/6321
  • [TT-12312] update openapi spec version by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6323
  • [TT-12313, TT-12222] Update graphql-go-tools by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6326
  • [TT-12323] fix panic when webhook handler is disabled by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6334
  • [TT-12311] exp/modcheck: Update go.mod dependencies by @buger in https://github.com/TykTechnologies/tyk/pull/6337
  • [TT-12365] Add new events to validate in x-tyk-api-gateway by @titpetric in https://github.com/TykTechnologies/tyk/pull/6347
  • [TT-9864] Optimize the creation/usage of AST documents by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6345
  • [TT-12285] Add smoothing, fix duplicate x-go-name by @titpetric in https://github.com/TykTechnologies/tyk/pull/6346
  • TT-12347 fix management of custom keys in mdcb installations by @sredxny in https://github.com/TykTechnologies/tyk/pull/6353
  • [TT-12425] exp/modcheck: Update go.mod dependencies by @buger in https://github.com/TykTechnologies/tyk/pull/6363
  • [TT-11762] fix nil err return by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6365
  • [TT-10532] Update taskfile, CI tests by @titpetric in https://github.com/TykTechnologies/tyk/pull/6350
  • [TT-10532] Fix golangci-lint step to exit 0 by @titpetric in https://github.com/TykTechnologies/tyk/pull/6369
  • [DX-1084] Add documentation to protobuf source code files for review by @dcs3spp in https://github.com/TykTechnologies/tyk/pull/6251
  • [TT-12454] Extract ApplyPolicies into internal/policy scope by @titpetric in https://github.com/TykTechnologies/tyk/pull/6367
  • fix unnecessary call to DeleteRawKey if no allowance scope is defined (TT-11721) by @pvormste in https://github.com/TykTechnologies/tyk/pull/6373
  • Remove redis5 in CI pipeline by @titpetric in https://github.com/TykTechnologies/tyk/pull/6379
  • TT-12306, addressed changes suggested in the tyk-docs PR by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6377
  • [TT-12234]update go1.21 version by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6385
  • [DX-1473] Replace authorise with authorize by @dcs3spp in https://github.com/TykTechnologies/tyk/pull/6383
  • [SYSE-370 master] June template application by @alephnull in https://github.com/TykTechnologies/tyk/pull/6331
  • [TT-11032] Godoc CI lint action, config and apidef/oas by @titpetric in https://github.com/TykTechnologies/tyk/pull/6386
  • [TT-12503] Render ID type as a String by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6390
  • [TT-12318] SSE streaming is broken by @titpetric in https://github.com/TykTechnologies/tyk/pull/6391
  • [SYSE-370 master] June template application by @ermirizio in https://github.com/TykTechnologies/tyk/pull/6403
  • [SYSE-370 master] June template application by @ermirizio in https://github.com/TykTechnologies/tyk/pull/6410
  • [TT-12575] Add coverage to gitignore, add package to regression to fix api changes by @titpetric in https://github.com/TykTechnologies/tyk/pull/6400
  • [TT-1570/TT-12587]mTLS: allow validating client certificates against root certificate authority by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6405
  • [TT-1570/TT-12588] extend certs endpoint with is_ca by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6406
  • [TT-12618] Refactor/checkspec findspec by @titpetric in https://github.com/TykTechnologies/tyk/pull/6415
  • [TT-12618] Add RateLimit per-path settings to apidefinition classic, add test case by @titpetric in https://github.com/TykTechnologies/tyk/pull/6413
  • [TT-12634] Add oas contract and migrations to/from classic apidef by @titpetric in https://github.com/TykTechnologies/tyk/pull/6416
  • [TT-12519], added necessary logic for UrlVersioningPattern by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6401
  • [TT-12587] verify root CA on certificate check mw by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6422
  • [TT-12195] : Public playground still shows schema when introspection is turned off by @jay-deshmukh in https://github.com/TykTechnologies/tyk/pull/6397
  • TT-12380 Fill latency analytics field by @sredxny in https://github.com/TykTechnologies/tyk/pull/6421
  • [TT-12635] Update swagger.yml with ExtendedPathsSet.RateLimitMeta by @titpetric in https://github.com/TykTechnologies/tyk/pull/6417
  • [TT-12688] Ensure OAS API paths get applied to gateway by length, sort by path by @titpetric in https://github.com/TykTechnologies/tyk/pull/6425
  • [TT-11753] fix thelper.bug.major lint error by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6429
  • [TT-12688] extractto to honor sorting by @titpetric in https://github.com/TykTechnologies/tyk/pull/6430
  • [TT-11810] Plugin bundles: fix slow tests, improve internal signature verifier API by @titpetric in https://github.com/TykTechnologies/tyk/pull/6203
  • [TT-12698] Add linter to gateway to check for named scope conflicts by @titpetric in https://github.com/TykTechnologies/tyk/pull/6409
  • [TT-11758] fix sonarcloud reported issues on errorlint.bug.major by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6434
  • [TT-11758] fix sonarcloud reported issues on errorlint.bug.major by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6435
  • [DX-1508, DX-1511] Update config.go godoc comments with American spelling conversions by @dcs3spp in https://github.com/TykTechnologies/tyk/pull/6436
  • [TT-12762]respect response plugins contract over responsePlugin.plugins by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6441
  • [TT-12762] remove main bin by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6445
  • [TT-12816] Fix/distroless python release tests by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6455
  • [DX-1599] Update ports_whitelist config documentation by @dcs3spp in https://github.com/TykTechnologies/tyk/pull/6454
  • [TT-11726]: This optimizes the deletion of keys using a single command by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6427
  • [SYSE-370 master] June template application by @alephnull in https://github.com/TykTechnologies/tyk/pull/6418
  • [TT-12566/TT-12851] Add client endpoint rate limiter by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6462
  • [TT-12862] refactor apply policy by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6465
  • [TT-12862] apply per api rate limits from policy by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6467
  • [TT-12550] policy key path permissions problem by @titpetric in https://github.com/TykTechnologies/tyk/pull/6437
  • [TT-12886] apply per endpoint rate limits by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6468
  • [TT-12892] use same url matching logic in endpoint rate limiting as of allowed urls by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6470
  • [TT-12566/TT-12927] fix merging rate limits by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6472
  • [TT-11672] Update description of CertificatesConfig.Upstream by @dcs3spp in https://github.com/TykTechnologies/tyk/pull/6169
  • [TT-12562/TT-12815] go 1.22 upgrade by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6452
  • [TT-12452] Clear up quota gated with a distributed redis lock by @titpetric in https://github.com/TykTechnologies/tyk/pull/6448
  • [TT-12975] Fix flaky test caused by missed Close invocation by @titpetric in https://github.com/TykTechnologies/tyk/pull/6481
  • [TT-12355] added log format config, func and test cases by @LLe27 in https://github.com/TykTechnologies/tyk/pull/6344
  • [TT-1944] Fix regex matching for parameters by @titpetric in https://github.com/TykTechnologies/tyk/pull/6480
  • added a waitgroup to wait until all the pool connections are dialed by @sredxny in https://github.com/TykTechnologies/tyk/pull/6487
  • [TT-12964] ignore endpoint rate limit configurations when rate limit partition is disabled by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6491
  • [TT-13011] implement combining endpoint rate limits from non partitioned policies. by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6494
  • [TT-13041] Adjust quota handling of missing or expired keys by @titpetric in https://github.com/TykTechnologies/tyk/pull/6492
  • [TT-13048] Flaky test due to using httpbin org, improvements by @titpetric in https://github.com/TykTechnologies/tyk/pull/6504
  • [TT-12865] URL matching prefixes/explicit, regex support by @titpetric in https://github.com/TykTechnologies/tyk/pull/6475
  • [TT-12865] Rename config parameter, update usage, support mux params on legacy by @titpetric in https://github.com/TykTechnologies/tyk/pull/6506
  • [TT-2539] added access/transaction logs by @LLe27 in https://github.com/TykTechnologies/tyk/pull/6354
  • [TT-12893]: Adding first implementation of streams API by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6496
  • Revert "[TT-12893]: Adding first implementation of streams API" by @titpetric in https://github.com/TykTechnologies/tyk/pull/6509
  • [TT-12494] Fix flaky TestCacheEtag and related cache tests by @titpetric in https://github.com/TykTechnologies/tyk/pull/6508
  • Revert "[TT-2539] added access/transaction logs" by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6524
  • [TT-13098] [master] exp/modcheck: Update go.mod dependencies by @buger in https://github.com/TykTechnologies/tyk/pull/6523
  • [TT-13109]Generate New Swagger and Update Validator for Gateway by @yurisasuke in https://github.com/TykTechnologies/tyk/pull/6231
  • [TT-13107] Remove verbose error logging if quota is disabled by @titpetric in https://github.com/TykTechnologies/tyk/pull/6528
  • [TT-13122] build multiarch image on 1.22-bullseye by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6549
  • [TT-13128] Updated description for prefix and suffix matching config options by @lghiur in https://github.com/TykTechnologies/tyk/pull/6555
  • [TT-13087] Adjust example gateway config, to have match preficing explicit by default by @lghiur in https://github.com/TykTechnologies/tyk/pull/6564
  • TT-13130 only mark the wg as done when the connection is stablished by @sredxny in https://github.com/TykTechnologies/tyk/pull/6574
  • [TT-12893]: Adding first implementation of streams API by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6511
  • [TT-13175] Refactor apply policies test by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6585
  • [TT-13175] add t.helper to helper functions by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6587
  • [TT-13176]: update graqhql go tools by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6586
  • [TT-13136] Adjust concurrency group to CI tests, extend to all workflows by @titpetric in https://github.com/TykTechnologies/tyk/pull/6560
  • [SYSE-394 master] Fix test code base for Tyk-Analytics PRs by @konrad-sol in https://github.com/TykTechnologies/tyk/pull/6583
  • [TT-13088] Fixed godoc for path prefix and sufix configs by @lghiur in https://github.com/TykTechnologies/tyk/pull/6610
  • [TT-13186/TT-13199] implement upstream basic authentication by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6596
  • [TT-13243] Test/ci improvements by @titpetric in https://github.com/TykTechnologies/tyk/pull/6611
  • [TT-13139] Request times out in some cases when sending input via http inputs by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6601
  • [TT-13238] Clean up RPC data model by @titpetric in https://github.com/TykTechnologies/tyk/pull/6608
  • [TT-13242] Moved/Cleaned up nestedApiDefinition to model.MergedAPI by @titpetric in https://github.com/TykTechnologies/tyk/pull/6609
  • [TT-13258] exp/workflow-lint: Update to latest known actions by @buger in https://github.com/TykTechnologies/tyk/pull/6620
  • [TT-13266] Fix python tests by @titpetric in https://github.com/TykTechnologies/tyk/pull/6624
  • [TT-12897] Merge path based permissions when combining policies by @titpetric in https://github.com/TykTechnologies/tyk/pull/6597
  • [TT-13262] Fix/delete build cache for plugin compiler by @titpetric in https://github.com/TykTechnologies/tyk/pull/6623
  • [TT-8004/TT-13092]enable validate request middleware during OAS import when parameters are specified on endpoint groups by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6618
  • [TT-13186/TT-13199] replace auth header instead of adding auth header by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6631
  • [TT-13280] Adjust golangci-lint to raise up errors in PRs directly by @titpetric in https://github.com/TykTechnologies/tyk/pull/6634
  • TT-13130 updated version of gorpc library and prevent panic on reconnect edge by @sredxny in https://github.com/TykTechnologies/tyk/pull/6629
  • [TT-13184] Implement OAuth 2.0 Client Credentials Flow for GW authentication with upstream by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6633
  • [TT-12897/TT-13284] Add additional partitioned test case, fix ordering issue by @titpetric in https://github.com/TykTechnologies/tyk/pull/6635
  • [TT-12814] Make schema more flexible, don't enforce additionalProperties: false by @titpetric in https://github.com/TykTechnologies/tyk/pull/6640
  • TT-13130 update gorpc version by @sredxny in https://github.com/TykTechnologies/tyk/pull/6644
  • Tt 13184 Upstream OAuth2 updates to fix TTL issue by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6643
  • [TT-12990] fix upstream endpoint RL not considering endpoint method by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6651
  • TT-13269 - Refactor/streams by @titpetric in https://github.com/TykTechnologies/tyk/pull/6593
  • [TT-12702] revert wrappedServeHTTP to use recordDetail by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6654
  • [TT-11426/TT-13322] Add deprecation notice for external OAuth middleware by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6657
  • [TT-13185] Implement Password Flow OAuth by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6649
  • [TT-13381] Linters should only work for PRs by @titpetric in https://github.com/TykTechnologies/tyk/pull/6664
  • [TT-12417] Do not delete keys on synchronization by @mativm02 in https://github.com/TykTechnologies/tyk/pull/6642
  • [TT-13185] reorganize contract in upstream oauth by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6668
  • [TT-13271] custom oauth response fields by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6660
  • [TT-13400] Fixing OTel CI by @mativm02 in https://github.com/TykTechnologies/tyk/pull/6659
  • [TT-13359] move upstream basic auth to ee package by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6669
  • [TT-13185] upstream oauth allowed_authorize_types not being filled on API creation by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6676
  • TT-13185, fixed lines lost in merge conflicts by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6681
  • [TT-13375/TT-13422] Add validation rules for Upstream auth by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6680
  • [TT-13008]: modified default streams logger by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6682
  • [TT-13185] fix missing extracts by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6685
  • [TT-11426/TT-13322]add deprecation notice for oidc middleware by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6686
  • [TT-13201] Streams Definition Validator by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6656
  • TT-13271, fix for token metadata not being cached by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6689
  • [TT-12885] Add plugin development guide for manual builds by @titpetric in https://github.com/TykTechnologies/tyk/pull/6598
  • [TT-13391] Move upstream OAuth to EE by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6684
  • improve error handling of streams in non-ee version (TT-13269) by @pvormste in https://github.com/TykTechnologies/tyk/pull/6691
  • [TT-13375] Improved Upstream Auth validation rules by @lghiur in https://github.com/TykTechnologies/tyk/pull/6694
  • add stream analytics to ee (TT-13233) by @pvormste in https://github.com/TykTechnologies/tyk/pull/6671
  • [TT-13271] Make enabled and allowedAuthorizeTypes required fields by @lghiur in https://github.com/TykTechnologies/tyk/pull/6673
  • [TT-13508] Streams poor performance when reconnecting to a Streams API by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6697
  • [TT-13422] Do not allow empty string in upstream auth configuration strings by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6699
  • [TT-13508] Downgrade Bento to v1.2.0 and use our own fork to cherry-pick some changes from latest main branch. by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6700
  • [TT-13535/TT-13566] make upstream oauth password client secret not required by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6701
  • Revert "[TT-13422] Do not allow empty string in upstream auth configuration strings" by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6702
  • [TT-13535/TT-13566] Make upstream oauth flow client secret omitempty by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6708
  • [TT-13485] update dependencies with vulnerabilities reported by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6711
  • [TT-13475] update OAS version by @lghiur in https://github.com/TykTechnologies/tyk/pull/6712
  • [TT-13535/TT-13566] Ease up required fields in classic API schema by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6717
  • [TT-13607] Only import components/io and components/kafka by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6720
  • [TT-13507][TT-12873][TT-13141] Fix for custom domains with substring listen path by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6705
  • [TT-13658] added missing logger from provider initialisation by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6729
  • [TT-13439] update response content-length when response body is modified by coprocess response hook by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6732
  • [TT-13670] Decouple OAuthManager behind interface by @titpetric in https://github.com/TykTechnologies/tyk/pull/6735
  • [TT-13390] Silently skip loading bundle on managment node by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6739
  • [TT-13669] Add pre-commit, pre-push hooks by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6733
  • [TT-13142] Fix panic when detailed analytics is turned on with SSE streaming by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6727
  • [TT-13695] Testing fixes, skip dangerous tests by @titpetric in https://github.com/TykTechnologies/tyk/pull/6736
  • [TT-13698] Cache is handled by setup/go, this blocks by @titpetric in https://github.com/TykTechnologies/tyk/pull/6749
  • [DX-1423] Update TYK_GW_SECRETS definition by @dcs3spp in https://github.com/TykTechnologies/tyk/pull/6360
  • [TT-12775] Request size limit breaks GET and DELETE requests by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6734
  • [TT-12775] Add request size limit test for POST, PUT and PATCH methods. by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6751
  • [TT-12710]deleting All Partitioned Policies a Key is linked to does not delete the Key by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6473
  • [TT-13155] Explicitly copy BaseMiddleware for each middleware that takes it by @titpetric in https://github.com/TykTechnologies/tyk/pull/6744
  • TT-13513 TT-12767 TT-12768 ensure to save oauth clients locally when pulled from rpc by @sredxny in https://github.com/TykTechnologies/tyk/pull/6740
  • [TT-13715] Upgrade to Bento v1.4.0 by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6762
  • [TT-13608] Issues with custom scalar in query variable by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6766
  • [TT-13217] Add updated dockerfile for python, test with 5.3.0/5.3.6-rc4 by @titpetric in https://github.com/TykTechnologies/tyk/pull/6750
  • [TT-13021]Transfer encoding fix by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6770
  • [TT-11711] Fix listenpath validation by @titpetric in https://github.com/TykTechnologies/tyk/pull/6772
  • [TT-12495] Add support for RSASSA-PSS signed JWTs by @sedkis in https://github.com/TykTechnologies/tyk/pull/6368
  • [TT-13021] fixed missing lines by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6787
  • [TT-13753] Fix sonarcloud coverage via upload-artifact by @titpetric in https://github.com/TykTechnologies/tyk/pull/6790
  • [TT-12741] Looped ap is wrongfully inherit the caller's authentication key when using url rewrite by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6778
  • [TT-13741] [master] exp/modcheck: Update go.mod dependencies by @buger in https://github.com/TykTechnologies/tyk/pull/6794
  • [TT-13564] Add classic to OAS translation guide by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6774
  • [TT-13742] Update swagger to 5.7.1 by @lghiur in https://github.com/TykTechnologies/tyk/pull/6803
  • [TT-13761] add batch request to the latest open api specs by @yurisasuke in https://github.com/TykTechnologies/tyk/pull/6797
  • Merging to master: Merging to release-5.3: [TT-13769] Extend plugin compiler test with arm64 cross build (#6813) by @buger in https://github.com/TykTechnologies/tyk/pull/6815
  • [TT-13766] Bump newrelic dependency by @titpetric in https://github.com/TykTechnologies/tyk/pull/6809
  • [TT-11910]: added tag headers to traffic logs and tests by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6818
  • Add tests to verify yaml conversions work by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6819
  • [TT-13723] Update to Go 1.23 by @titpetric in https://github.com/TykTechnologies/tyk/pull/6812
  • [TT-10070] Fix/sanitize error logging by @titpetric in https://github.com/TykTechnologies/tyk/pull/6817
  • [TT-11896] Add OAS IPAccessControl by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6824
  • implement api-level request size limit for oas (TT-11459) by @pvormste in https://github.com/TykTechnologies/tyk/pull/6822
  • [TT-11912]: Added Analytics expiry period to OAS by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6825
  • [TT-11913] Add custom analytics plugins configuration to OAS by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6829
  • add load balancing to oas configuration (TT-881) by @pvormste in https://github.com/TykTechnologies/tyk/pull/6830
  • [TT-13819] Benchmark updates, session limiter workaround for test goroutine leak by @titpetric in https://github.com/TykTechnologies/tyk/pull/6826
  • [TT-11909]: Added Session Lifetime to OAS by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6835
  • fix omitempty on some fields for LoadBalancing (TT-881) by @pvormste in https://github.com/TykTechnologies/tyk/pull/6837
  • [TT-2539] Refactor hash and token apis under internal/crypto, leave aliases by @titpetric in https://github.com/TykTechnologies/tyk/pull/6838
  • [TT-12440] Clean up gojsonschema import surface, phase out internal fork by @titpetric in https://github.com/TykTechnologies/tyk/pull/6836
  • [TT-2539] Transaction logs by @LLe27 in https://github.com/TykTechnologies/tyk/pull/6841
  • [TT-13939] Embed memorycache, drop leakybucket import by @titpetric in https://github.com/TykTechnologies/tyk/pull/6843
  • [TT-13657]: Add protocol and port to oas by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6846
  • [TT-881] fix issue where upstream targets have been duplicated by @pvormste in https://github.com/TykTechnologies/tyk/pull/6847
  • TT-2539 - renamed access log fields by @LLe27 in https://github.com/TykTechnologies/tyk/pull/6849
  • [TT-13820] Fix code whitespace style consistency by @titpetric in https://github.com/TykTechnologies/tyk/pull/6844
  • [TT-11909]: fix oas bug on session lifetime and add respect expiry by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6842
  • [TT-12884] add batch requests support to OAS by @pvormste in https://github.com/TykTechnologies/tyk/pull/6853
  • [TT-14010] Linter reconfig for golangci-lint by @titpetric in https://github.com/TykTechnologies/tyk/pull/6854
  • [TT-7249] Flaky TestJWTSessionExpiresAtValidationConfigs by @titpetric in https://github.com/TykTechnologies/tyk/pull/6856
  • [TT-13910]: Removed disable expire analytics and added customRetentionPeriod OAS by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6848
  • [TT-12638] Added PreserveHostHeader to OAS functionality by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6859
  • TT-13890: request debug endpoint by @lghiur in https://github.com/TykTechnologies/tyk/pull/6862
  • [TT-11913] Implement OAS contract for analytics plugin by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6861
  • [TT-11908] add request signing to OAS upstream authentication by @pvormste in https://github.com/TykTechnologies/tyk/pull/6850
  • [TT-13998] make url of X-Tyk-Upstream optional when loadBalancing is present by @pvormste in https://github.com/TykTechnologies/tyk/pull/6860
  • [TT-13629]: OAS upstream SSL configuration by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6840
  • [DX-1780]Generate test for tyk gateway swagger by @yurisasuke in https://github.com/TykTechnologies/tyk/pull/6827
  • [TT-12957] OAS Uptime Tests migrations by @titpetric in https://github.com/TykTechnologies/tyk/pull/6852
  • TT-12965: Improve performance of ctx.GetOASDefinition/GetDefinition by @titpetric in https://github.com/TykTechnologies/tyk/pull/6855
  • [TT-13477] upstream oauth event handling by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6867
  • TT-14070: [Testing/Concurrency] Test gateway lifecycle, enable start/stop parallelism by @titpetric in https://github.com/TykTechnologies/tyk/pull/6677
  • TT-14085: Remove the pmylund/go-cache dependency by @titpetric in https://github.com/TykTechnologies/tyk/pull/6871
  • [TT-13659] add support for custom event handlers in OAS definitions by @pvormste in https://github.com/TykTechnologies/tyk/pull/6870
  • [TT-13657]: modified json schema for protocol by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6878
  • TT-14089 load apis from emergency mode, wait for connection considers emergency mode by @sredxny in https://github.com/TykTechnologies/tyk/pull/6873
  • [TT-13440] correctly sync multi-value response headers with coprocess middleware by @edsonmichaque in https://github.com/TykTechnologies/tyk/pull/6883
  • TT-14059: Add migration test fixtures by @titpetric in https://github.com/TykTechnologies/tyk/pull/6879
  • TT-14132: Update sonarcloud sonarqube scan by @titpetric in https://github.com/TykTechnologies/tyk/pull/6888
  • [TT-14100] fix requireSession in OAS for custom auth plugins by @pvormste in https://github.com/TykTechnologies/tyk/pull/6893
  • TT-14110, TT-14112, TT-14103: Implement ignoreCase, preserveTrailingSlash, remove multipleOf by @titpetric in https://github.com/TykTechnologies/tyk/pull/6889
  • TT-14154: [test only] fix golangci-lint base branch for merges by @titpetric in https://github.com/TykTechnologies/tyk/pull/6896
  • [TT-13836] Key Rotation for MDCB Data Planes by @mativm02 in https://github.com/TykTechnologies/tyk/pull/6868
  • [TT-14084] External OAuth is migrated as Keyless by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6895
  • [TT-14178] Temporarily revert strict oas schema usage by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6900
  • [TT-14111] add support for rate limit and quota flags in OAS by @pvormste in https://github.com/TykTechnologies/tyk/pull/6899
  • [TT-13660] add support for log event handler to OAS definitions by @pvormste in https://github.com/TykTechnologies/tyk/pull/6880
  • [TT-13936] Improve RPC connection handling for user key reset events by @mativm02 in https://github.com/TykTechnologies/tyk/pull/6904
  • TT-14192: Consistent use of imported package for gojsonschema, lint by @titpetric in https://github.com/TykTechnologies/tyk/pull/6902
  • TT-14110: Cover migration of ignoreCase for classic by @titpetric in https://github.com/TykTechnologies/tyk/pull/6906
  • TT-7306: Migrate Mock Response from Classic API Definition to OAS API Definition by @edsonmichaque in https://github.com/TykTechnologies/tyk/pull/6894
  • [TT-8876], set "policies.allow_explicity_policy_id " to true by default by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6905
  • [TT-14200] add support to disable log event handlers and custom event handlers by @pvormste in https://github.com/TykTechnologies/tyk/pull/6907
  • TT-14059: Extend service discovery tests and fixtures by @titpetric in https://github.com/TykTechnologies/tyk/pull/6909
  • TT-14183: Fix uptimetests migrations, add fixtures, enabled flag by @titpetric in https://github.com/TykTechnologies/tyk/pull/6908
  • TT-14221: Refactor for clean usage of httputil by @titpetric in https://github.com/TykTechnologies/tyk/pull/6911
  • [TT-7306] [fix] Migrate Mock Response from Classic API Definition to OAS API Definition by @edsonmichaque in https://github.com/TykTechnologies/tyk/pull/6914
  • [TT-14169] Review and address CVEs by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6917
  • [TT-14170] Config and swagger description updates by @lghiur in https://github.com/TykTechnologies/tyk/pull/6919
  • [TT-14214]: added milisecond duration to readable duration by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6916
  • [TT-14169] Upgrade github.com/go-jose/go-jose/v3 by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6925
  • [TT-12957] fix some issues with uptime_tests migrations to OAS by @pvormste in https://github.com/TykTechnologies/tyk/pull/6924
  • TT-14170 Update missing Tyk OAS API go doc on fields by @lghiur in https://github.com/TykTechnologies/tyk/pull/6926
  • TT-14163 when start the rpc set as default in emergency mode by @sredxny in https://github.com/TykTechnologies/tyk/pull/6910
  • [TT-7306] Ensure ignoreAuthentication is only enabled in migration scenario by @edsonmichaque in https://github.com/TykTechnologies/tyk/pull/6923
  • [SYSE-401 master] Model builds as a concept by @konrad-sol in https://github.com/TykTechnologies/tyk/pull/6728
  • TT-14170 adjusted godoc for gw config by @lghiur in https://github.com/TykTechnologies/tyk/pull/6938
  • [TT-12957] fixed issue when migrating from classic to oas that was leaving a broken url by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6947
  • [TT-7306] Revert allow list to migrated mock response by @edsonmichaque in https://github.com/TykTechnologies/tyk/pull/6946
  • [TT-14102] fix api level and endpoint level cache migration by @edsonmichaque in https://github.com/TykTechnologies/tyk/pull/6931
  • [TT-12957] oas uptime testing migration fails on timeout field by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6956
  • [TT-14276] Gateway panics if Uptime Tests are disabled in config but enabled in API definition by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6960
  • [TT-14244] Bump go, set godebug for compatibility by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6963
  • CI fix for linter failing when PR target branch is not master by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6964
  • Tt 14350 fix gateway linter using wrong branch causing ci to mailfunction on release p rs by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6965
  • [TT-7815] ensure path params are migrated to OAS by @edsonmichaque in https://github.com/TykTechnologies/tyk/pull/6966
  • [TT-14413] Check for existing params before generating new ones by @edsonmichaque in https://github.com/TykTechnologies/tyk/pull/6973
  • [TT-12343] Use API endpoint hard timeouts over global timeout setting by @mativm02 in https://github.com/TykTechnologies/tyk/pull/6976
  • TT-14452, fixed CVEs for v5.8 by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6978
  • [TT-14357]: fixed issue with stale context in UDG by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6977
  • [TT-13365] Create json schema script for Bento config validation by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6690
  • [TT-12442] necessary changes for new licensing logic by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6984
  • [TT-12442] changes required in gateway for new licensing to work by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6985
  • [TT-12442] Force gw reload after registration to have synced polciies and apis by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6988
  • [TT-14518] Exclude swagger.yml from sonarcloud analysis by @lghiur in https://github.com/TykTechnologies/tyk/pull/6991
  • Create force-merge.yaml by @buger in https://github.com/TykTechnologies/tyk/pull/6993
  • Update README.md by @buger in https://github.com/TykTechnologies/tyk/pull/6994
  • [TT-13277] Improve API listen path sorting to prioritize static segments over parameters by @edsonmichaque in https://github.com/TykTechnologies/tyk/pull/6987
  • [TT-12343] Improve Timeout Test Coverage and Consistency in TestTimeoutPrioritization by @edsonmichaque in https://github.com/TykTechnologies/tyk/pull/6992
  • [DX-1906]add images to the source swagger by @yurisasuke in https://github.com/TykTechnologies/tyk/pull/6957
  • [TT-14149] Added more details to the ssl_certificate config by @letzya in https://github.com/TykTechnologies/tyk/pull/3726
  • TT-14365: internal/policy: add restricted_types behaviour test by @titpetric in https://github.com/TykTechnologies/tyk/pull/6972
  • [TT-1428]: added bloblang to test for json schema by @kofoworola in https://github.com/TykTechnologies/tyk/pull/7003
  • [SYSE-372 master] Implement custom rules for enterprise artifacts in package promotion by @alephnull in https://github.com/TykTechnologies/tyk/pull/7005
  • [TT-14300] Add support for AMQP 0.9 and 1.0 by @buraksezer in https://github.com/TykTechnologies/tyk/pull/7004
  • [ TT-14298]: Added support for bloblang by @kofoworola in https://github.com/TykTechnologies/tyk/pull/7009
  • [TT-14431]: add mqtt to json schema by @kofoworola in https://github.com/TykTechnologies/tyk/pull/7010
  • [TT-14300] Simple AMQP load generator tool for amqp_1 and amqp_0_9 by @buraksezer in https://github.com/TykTechnologies/tyk/pull/7012
  • [TT-14435]: add mqtt test cases by @kofoworola in https://github.com/TykTechnologies/tyk/pull/7021
  • [TT-14365]Test/apply policies restricted types fix by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7020
  • [TT-14596] Investigate flaky amqp integration tests by @buraksezer in https://github.com/TykTechnologies/tyk/pull/7019
  • [TT-14446] Add an integration test for Input (http_server) → Output(amqp_1) scenario by @buraksezer in https://github.com/TykTechnologies/tyk/pull/7026
  • TT-14590 kinopenapi CVE fix - Use internal fork of kinopen-api and import update gql translator by @lghiur in https://github.com/TykTechnologies/tyk/pull/7024
  • [TT-14666], fix for panic on gateway side when upgrading old oas file by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7034
  • [TT-14794] fix issue where an invalid stream path results in 500 by @pvormste in https://github.com/TykTechnologies/tyk/pull/7047
  • [TT-14666] gw panics after updating from 5 0 with oas api by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7046
  • [TT-14253] Unload Streams Properly by @buraksezer in https://github.com/TykTechnologies/tyk/pull/7033
  • [ TT-14504] Tyk OAS API definition is not available to Response Plugin if no Request Plugin loaded by @shults in https://github.com/TykTechnologies/tyk/pull/7053
  • [TT-14829] Added External OAuth Deprecated mark in godoc by @lghiur in https://github.com/TykTechnologies/tyk/pull/7050
  • [TT-14252] Add customValidationRule interface to generate_bento_config_schema script by @buraksezer in https://github.com/TykTechnologies/tyk/pull/7057
  • [TT-13779] POST form parameters are not logged for Tyk OAS APIs by @MaciekMis in https://github.com/TykTechnologies/tyk/pull/7054
  • [TT-13924]: updated go mod for kafka datasource by @kofoworola in https://github.com/TykTechnologies/tyk/pull/7058
  • [TT-14868] Request Body Not Recorded When Transfer-Encoding: chunked by @MaciekMis in https://github.com/TykTechnologies/tyk/pull/7061
  • TT-8176: implement authorisation using multiple JWK URIs by @olamilekan000 in https://github.com/TykTechnologies/tyk/pull/7060
  • Tyk OAS API definition is not available to Response Plugin if no Request Plugin loaded by @shults in https://github.com/TykTechnologies/tyk/pull/7064
  • [TT-11387] Unhelpful error messages in UI when creating APIs via OpenAPI import by @MaciekMis in https://github.com/TykTechnologies/tyk/pull/7067
  • [TT-14731] Add a flag to enable all bento inputs/outputs by @buraksezer in https://github.com/TykTechnologies/tyk/pull/7065
  • [TT-14470] update bento to v1.7.1 that includes SSE browser fix by @pvormste in https://github.com/TykTechnologies/tyk/pull/7072
  • [TT-10496] GRPC plugins do not work with service names by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7052
  • TT-8176: use centeral JWT centralised process method for JWKs by @olamilekan000 in https://github.com/TykTechnologies/tyk/pull/7071
  • [TT-11387] Unhelpful error messages in UI when creating APIs via OpenAPI import by @MaciekMis in https://github.com/TykTechnologies/tyk/pull/7080
  • Disabled/empty uptime test fields migrated to Tyk OAS by @shults in https://github.com/TykTechnologies/tyk/pull/7069
  • [TT-11975] Lack of clear error message during failed import when API definition is not valid by @MaciekMis in https://github.com/TykTechnologies/tyk/pull/7077
  • [TT-14879] Tyk Dashboard should use /api/apis/streams endpoints to create and import Tyk Stream APIs by @buraksezer in https://github.com/TykTechnologies/tyk/pull/7088
  • [TT-9234] graceful shutdown of gateway by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7076
  • [TT-14582]: Update go mod to fix issue with sending arguments from interface fields in gql by @kofoworola in https://github.com/TykTechnologies/tyk/pull/7082
  • TT-14948: fix caching issue with JWKs-URIs by @olamilekan000 in https://github.com/TykTechnologies/tyk/pull/7079
  • [TT-12308] Query parameters not respected by OAS import endpoint by @MaciekMis in https://github.com/TykTechnologies/tyk/pull/7087
  • [TT-14731] Add a flag to enable all bento inputs/outputs by @buraksezer in https://github.com/TykTechnologies/tyk/pull/7092
  • [TT-14863] Replace github.com/TykTechnologies/kin-openapi with github.com/getkin/kin-openapi by @edsonmichaque in https://github.com/TykTechnologies/tyk/pull/7041
  • [TT-14621]corrected prefix for certificates by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7094
  • [TT-11335] OAS URL rewrite schema update by @MaciekMis in https://github.com/TykTechnologies/tyk/pull/7099
  • TT-8317 Add KeyID to Protobuf by @nerdydread in https://github.com/TykTechnologies/tyk/pull/6488
  • [Debugger MVP] Some middleware doesn't work for OAS debugger by @shults in https://github.com/TykTechnologies/tyk/pull/7093
  • [TT-15043] Exclude generated files from Sonarqube analysis by @edsonmichaque in https://github.com/TykTechnologies/tyk/pull/7103
  • [TT-13740]: update mod and updated apidef by @kofoworola in https://github.com/TykTechnologies/tyk/pull/7104
  • [TT-14731] Add a flag to enable all bento inputs/outputs by @buraksezer in https://github.com/TykTechnologies/tyk/pull/7116
  • [TT-10496] gRPC plugins do not terminate gracefully and cannot be load balanced by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7111
  • [TT-15065] Mock response stops working after kin-openapi upgrade by @shults in https://github.com/TykTechnologies/tyk/pull/7120
  • [TT-14299] add mqtt and websocket load generator for streams testing by @pvormste in https://github.com/TykTechnologies/tyk/pull/7126
  • [TT-14857] Updating dependencies to fix CVEs by @mativm02 in https://github.com/TykTechnologies/tyk/pull/7119
  • [TT-9234] graceful shutdown of gateway improvments and bug fix for mdcb scenario by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7117
  • TT-15095: ensure jwks URI field works only for OAS API by @olamilekan000 in https://github.com/TykTechnologies/tyk/pull/7129
  • [TT-7932] Errors migrating some versioned APIs to OAS by @MaciekMis in https://github.com/TykTechnologies/tyk/pull/7101
  • [TT-14914] No response middleware information in Tyk OAS API Debugger by @shults in https://github.com/TykTechnologies/tyk/pull/7113
  • [QA-1608 master] Github template update by @konrad-sol in https://github.com/TykTechnologies/tyk/pull/7108
  • [TT-14839] Update version on swagger yml by @lghiur in https://github.com/TykTechnologies/tyk/pull/7141
  • [TT-8963] Unable to loop mocked endpoint by @shults in https://github.com/TykTechnologies/tyk/pull/7105
  • [TT-14838] Addressed gw documentation reviews by @lghiur in https://github.com/TykTechnologies/tyk/pull/7157
  • [TT-14914] No response middleware information in Tyk OAS API Debugger by @shults in https://github.com/TykTechnologies/tyk/pull/7158
  • [TT-15059][TT-11285] MDCB DNS critical fix and policy sync cherrypick by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7167
  • [TT-14990] Update GetCiphers to restore support for legacy TLS cipher suites by @edsonmichaque in https://github.com/TykTechnologies/tyk/pull/7173
  • 5.8.3 docs review by @lghiur in https://github.com/TykTechnologies/tyk/pull/7188
  • [TT-9234] fixes for graceful shutdown regression bugs by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7163
  • [TT-15111] connectivity reviewer by @lghiur in https://github.com/TykTechnologies/tyk/pull/7186
  • [TT-9234] regression fixes with incorrect behaviour by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7202
  • [TT-9234] regression fixes by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7207
  • [TT-15111] probe AI PR reviewers by @lghiur in https://github.com/TykTechnologies/tyk/pull/7209
  • [TT-9234][TT-15257] regression fixes for failing mdcb readiness check by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7215
  • TT-14838 Addressed comments on GW docs improvements by @lghiur in https://github.com/TykTechnologies/tyk/pull/7225
  • [TT-15216] Optimised the probe review prompts to stick to important messages by @lghiur in https://github.com/TykTechnologies/tyk/pull/7222
  • [TT-15216] Fix GH action lint issues by @lghiur in https://github.com/TykTechnologies/tyk/pull/7232
  • [TT-15251] GW prints body decompression error when when you enable analytics by @buraksezer in https://github.com/TykTechnologies/tyk/pull/7230
  • [TT-10273] CORS check should be performed after API Version check by @MaciekMis in https://github.com/TykTechnologies/tyk/pull/7179
  • [TT-14914] No response middleware information in Tyk OAS API Debugger by @shults in https://github.com/TykTechnologies/tyk/pull/7208
  • [TT-14254] The logs produced by the gateway about streams APIs should be in the same format as the other gateway logs by @buraksezer in https://github.com/TykTechnologies/tyk/pull/7245
  • [TT-15321]: added documentation to dev docs for OAS only feature and added helper method by @kofoworola in https://github.com/TykTechnologies/tyk/pull/7246
  • [TT-11244] Custom domain regex causing problems with servers by @shults in https://github.com/TykTechnologies/tyk/pull/7233
  • [TT-7523] [OAS Versioning] Gateway CE allows to create version without new_version_name by @MaciekMis in https://github.com/TykTechnologies/tyk/pull/7244
  • [TT-14370] [OAS] ReadableDuration converts some values to decimals causing a schema problem by @shults in https://github.com/TykTechnologies/tyk/pull/7256
  • [TT-15019] Update Gateway and Plugin Compiler to Go 1.24 by @buraksezer in https://github.com/TykTechnologies/tyk/pull/7265
  • [TT-15505] Remove negate field as mandatory from the OAS API schema by @lghiur in https://github.com/TykTechnologies/tyk/pull/7284
  • [TT-15359]: Added extra jwt validation by @kofoworola in https://github.com/TykTechnologies/tyk/pull/7269
  • [TT-5588] [OAS] gateway apiKey import generates unnecessary object by @MaciekMis in https://github.com/TykTechnologies/tyk/pull/7270
  • [TT-7524] [OAS] Gateway CE behaves differently from Dashboard for middleware and PATCH by @MaciekMis in https://github.com/TykTechnologies/tyk/pull/7261
  • [TT-15507] Revert changes to the "/hello" health check endpoint by @mativm02 in https://github.com/TykTechnologies/tyk/pull/7295
  • [TT-15359]improve backwards compatibility of Jwt claim validation by @kofoworola in https://github.com/TykTechnologies/tyk/pull/7294
  • Revert "[TT-5588] [OAS] gateway apiKey import generates unnecessary object" by @radkrawczyk in https://github.com/TykTechnologies/tyk/pull/7299
  • [TT-14564] Fix: Add mutual TLS support for dedicated rate limiter Redis connection by @buger in https://github.com/TykTechnologies/tyk/pull/7301
  • [TT-15398] added basic configuration for ExternalServiceConfig by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7272
  • Custom domain regex causing problems with servers (bugfix) by @shults in https://github.com/TykTechnologies/tyk/pull/7310
  • [TT-5588] [OAS] gateway apiKey import generates unnecessary object by @MaciekMis in https://github.com/TykTechnologies/tyk/pull/7303
  • [TT-7524] [OAS] Gateway CE behaves differently from Dashboard for middleware and PATCH by @MaciekMis in https://github.com/TykTechnologies/tyk/pull/7305
  • [TT-15568] fix flaky sort logic by @pvormste in https://github.com/TykTechnologies/tyk/pull/7316
  • [TT-15190] feat: Gateway Resilience Enhancement - Intelligent Auto-Recovery for Nonce Desynchronization by @buger in https://github.com/TykTechnologies/tyk/pull/7267
  • Body transform middleware not applied when URL rewrite pattern contains regex by @shults in https://github.com/TykTechnologies/tyk/pull/7302
  • The debugger reports error traces on the endpoint where the 'Response Body Transform' middleware is used. by @shults in https://github.com/TykTechnologies/tyk/pull/7321
  • Custom domain regex causing problems with servers by @shults in https://github.com/TykTechnologies/tyk/pull/7322
  • [TT-15359]: updated documentation for core claims update by @kofoworola in https://github.com/TykTechnologies/tyk/pull/7333
  • Deleting an API with the 'Uptime test' feature enabled crashes the Gateway by @shults in https://github.com/TykTechnologies/tyk/pull/7320
  • [TT-15360]: Custom Claims Validation Framework by @kofoworola in https://github.com/TykTechnologies/tyk/pull/7318
  • [TT-14369] ReadableDuration does not handle time values that "mix" subsecond units - extending tests duration_test.go by @radkrawczyk in https://github.com/TykTechnologies/tyk/pull/7293
  • [OAS] gateway apiKey import generates unnecessary object by @MaciekMis in https://github.com/TykTechnologies/tyk/pull/7328
  • [TT-15379][TT-15383] introduce certificate expiry checks and events by @pvormste in https://github.com/TykTechnologies/tyk/pull/7332
  • [TT-2378] Implementing OAS OR auth logic by @mativm02 in https://github.com/TykTechnologies/tyk/pull/7306
  • Body transform middleware not applied when URL rewrite pattern contains regex by @shults in https://github.com/TykTechnologies/tyk/pull/7330
  • [TT-14665]: Update OAS spec to allow empty versions by @kofoworola in https://github.com/TykTechnologies/tyk/pull/7340
  • [TT-15399] feat: Gateway Resilience Enhancement - Service Integration for External Service Config (Phase 2) by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7325
  • [TT-15380] Enhance JWKS caching by @buraksezer in https://github.com/TykTechnologies/tyk/pull/7339
  • [TT-15684]: Add normalize step to OAS api by @kofoworola in https://github.com/TykTechnologies/tyk/pull/7344
  • [TT-15399] minimal godocs update on external services config by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7346
  • [TT-15662] Review and address GW & Dash CVEs by @buraksezer in https://github.com/TykTechnologies/tyk/pull/7347
  • [TT-15379] fix shared cooldowns for event handlers and use global cooldown cache by @pvormste in https://github.com/TykTechnologies/tyk/pull/7348
  • [TT-15399] fix for fallback behaviour when configs are not set by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7350
  • Request Body Transform MW and Header Transform MW are not sufficiently logged in the debugger by @shults in https://github.com/TykTechnologies/tyk/pull/7338
  • [TT-11960] Incorrect handling of unexpected query parameters by @MaciekMis in https://github.com/TykTechnologies/tyk/pull/7345
  • [TT-15747] OAS versioning identifier key is conditionally required based on the location by @lghiur in https://github.com/TykTechnologies/tyk/pull/7358
  • [TT-15671] Add securityProcessingMode field to support legacy/compliant auth processing by @mativm02 in https://github.com/TykTechnologies/tyk/pull/7349
  • Replace probe workflows with visor by @buger in https://github.com/TykTechnologies/tyk/pull/7364
  • Add security_requirements field to schema and refactor JWT and Basic Auth handling by @mativm02 in https://github.com/TykTechnologies/tyk/pull/7363
  • [TT-15742] Fix certificate expiry handling for recently expired certificates by @edsonmichaque in https://github.com/TykTechnologies/tyk/pull/7365
  • [TT-15852] fix days as integer for expiry events by @pvormste in https://github.com/TykTechnologies/tyk/pull/7371
  • [TT-15798] fix schema for jtiValidation by @pvormste in https://github.com/TykTechnologies/tyk/pull/7375
  • [TT-15718] Upgrade graphql-go-tools dependency to fix CVE-2025-54388 by @buraksezer in https://github.com/TykTechnologies/tyk/pull/7377
  • [TT-15868] Fixing panic when using JWT as a second authentication method in compliant mode by @mativm02 in https://github.com/TykTechnologies/tyk/pull/7384
  • [TT-15719] GW docs 5.10 review by @lghiur in https://github.com/TykTechnologies/tyk/pull/7385
  • [TT-15869] cooldown defaults not working and minor datetime format adjustments by @pvormste in https://github.com/TykTechnologies/tyk/pull/7386
  • [TT-15860] Missing httpclient for upstream oauth by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7381
  • [TT-15863] fix random version picking for not versioned API by @pvormste in https://github.com/TykTechnologies/tyk/pull/7380
  • [TT-15860] initial fix for tls log by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7395
  • [TT-15901] Adding AND support for auth method groups by @mativm02 in https://github.com/TykTechnologies/tyk/pull/7399
  • [Regression]Mock response requests produce a warning level message "session not found. sending inappropriate rate-limit headers" by @shults in https://github.com/TykTechnologies/tyk/pull/7403
  • [TT-15891] made jwkruris cache_timeout ReadableDuration by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7406
  • [TT-15904] Remove redundant task lint from CI test step by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/7401
  • [TT-15904] revert golangcilint return exit code 0 to run ci tests on push to master by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/7413
  • [TT-15901] Enhance AuthORWrapper to support authentication methods without SecuritySchemes by @mativm02 in https://github.com/TykTechnologies/tyk/pull/7411
  • [DX-2102] Bug Fixes and Improvements in Tyk OAS by @sharadregoti in https://github.com/TykTechnologies/tyk/pull/7419
  • [TT-11125] Add trace id request header by @lghiur in https://github.com/TykTechnologies/tyk/pull/7402
  • [TT-15956] Proprietary auth methods are auto populated to OAS Security when changing to compliant mode by @mativm02 in https://github.com/TykTechnologies/tyk/pull/7425
  • Refactor error messages in OAS security validation for consistency by @mativm02 in https://github.com/TykTechnologies/tyk/pull/7440
  • [TT-15953] fix: Make EnforceOrgDataAge respect EnforceOrgQuotas configuration by @buger in https://github.com/TykTechnologies/tyk/pull/7434
  • [TT-15830, TT-7735] Plugin loading failure error is ignored for certain types of plugins by @MaciekMis in https://github.com/TykTechnologies/tyk/pull/7391
  • [TT-15839] Adding bundle validation by @imogenkraak in https://github.com/TykTechnologies/tyk/pull/7422
  • [TT-15141] Toggling default policy from inactive to active does not activate JWT in some cases by @MaciekMis in https://github.com/TykTechnologies/tyk/pull/7431
  • [TT-15141] Toggling default policy from inactive to active does not activate JWT in some cases - revert session save by @MaciekMis in https://github.com/TykTechnologies/tyk/pull/7449
  • [TT-14814] fix bundle loading issue by @pvormste in https://github.com/TykTechnologies/tyk/pull/7436
  • [TT-15415] Added response body size validation by @imogenkraak in https://github.com/TykTechnologies/tyk/pull/7430
  • TT-15867 - rollout new Jira linter by @bsten-tyk in https://github.com/TykTechnologies/tyk/pull/7439
  • [TT-15734] Handle big.Int JSON marshaling errors in logrus formatter by @lghiur in https://github.com/TykTechnologies/tyk/pull/7465
  • TT-15781: add aggregator job to ci-test.yml by @sredxny in https://github.com/TykTechnologies/tyk/pull/7458
  • Update docs for Gateway changes by @jay-deshmukh in https://github.com/TykTechnologies/tyk/pull/7475
  • [TT-15955] Inefficient DNS change detection causes unnecessary RPC retries and request blocking by @mativm02 in https://github.com/TykTechnologies/tyk/pull/7473
  • [TT-16002] fixed context propagation in grpc calls by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7481
  • [TT-14871] Expose Gateway-Only Latency in Tyk Metrics by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7464
  • [TT-14871] fixed go.mod not having latest available pump commit by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7488
  • [TT-15201] Sometimes the data plane gateway returns 404 page not found by @buraksezer in https://github.com/TykTechnologies/tyk/pull/7487
  • [TT-16055] upgrade golangcilint to v2.5.0 by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/7491
  • [TT-16055] remove redundant codegen:smart by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/7495
  • [TT-16032] Add DNS monitoring feature for worker gateway by @mativm02 in https://github.com/TykTechnologies/tyk/pull/7485
  • [TT-15967] add alias packages by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/7463
  • [TT-15595, fixed the gateway API not accepting 0 weight and not being … by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7498
  • [TT-14871] fix in-gateway time measurement being measured wrong by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7500
  • [TT-15606] fix certificate chain mTLS handshake by @pvormste in https://github.com/TykTechnologies/tyk/pull/7505
  • TT-15793 added workflow to Suggest target branches by @sredxny in https://github.com/TykTechnologies/tyk/pull/7511
  • [TT-15473] Generate proper OAS server URLs by @lghiur in https://github.com/TykTechnologies/tyk/pull/7509
  • [TT-15595] temporarily remove upstream target from load balancing by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7524
  • [TT-14359] fix nested scopes for identity base field by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7522
  • [TT-16109] Export GenerateTykServers so it can be used by Dashboard API by @lghiur in https://github.com/TykTechnologies/tyk/pull/7532
  • [TT-6613] JWT authentication should not require a base policy if scope-to-policy mapping is used by @mativm02 in https://github.com/TykTechnologies/tyk/pull/7504
  • [TT-15426]fixed go.mod not having latest graphql-go-tools version by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7534
  • [TT-15354]: Improve logging in JWT Middleware by @imogenkraak in https://github.com/TykTechnologies/tyk/pull/7528
  • [TT-15825] [BE] Address inconsistencies with use of Policy identifiers by @shults in https://github.com/TykTechnologies/tyk/pull/7424
  • TT-14891 - adds client ip from XFF by depth by @sedkis in https://github.com/TykTechnologies/tyk/pull/7063
  • [TT-15100][TT-15091] adjusted swagger enum and tyk vendor extension schema name by @lghiur in https://github.com/TykTechnologies/tyk/pull/7535
  • when worker node is on emergency node, do not panic when using a new jwt token by @sredxny in https://github.com/TykTechnologies/tyk/pull/5534
  • [TT-15683] Add JWKS cache flush to the Dashboard API and MDCB by @buraksezer in https://github.com/TykTechnologies/tyk/pull/7523
  • [TT-16119][TT-15473] Fix URL generation bugs by @lghiur in https://github.com/TykTechnologies/tyk/pull/7541
  • [TT-16142] fix CVEs for v5.10.1 by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7543
  • [TT-15966] Update storage library to v1.3.0 by @mativm02 in https://github.com/TykTechnologies/tyk/pull/7539
  • Gromit sync with tyk repo TT-16131 by @Razeen-Abdal-Rahman in https://github.com/TykTechnologies/tyk/pull/7542
  • [TT-16121] Generate relative server urls for APIs with no matching tags by @lghiur in https://github.com/TykTechnologies/tyk/pull/7544
  • [TT-15942]: Integrate Sentinel One CNS scanner workflow by @asutosh in https://github.com/TykTechnologies/tyk/pull/7529
  • [TT-16121] Always generate relative paths except when custom domains are configured by @lghiur in https://github.com/TykTechnologies/tyk/pull/7553
  • [TT-15954]: Make org session fetch non-blocking by @imogenkraak in https://github.com/TykTechnologies/tyk/pull/7531
  • [TT-16109][TT-16149] Fix fallback URLs and disabled domain handling after relative path changes by @lghiur in https://github.com/TykTechnologies/tyk/pull/7557
  • [TT-15683] Add NoticeInvalidateJWKSCacheForAPI event processing logic… by @buraksezer in https://github.com/TykTechnologies/tyk/pull/7562
  • [TT-16172] Fixes bug where OAS server URLs endpoint returned "self" instead of actual version name in headers/query parameters. by @lghiur in https://github.com/TykTechnologies/tyk/pull/7561
  • [TT-16176] respect gateway tags disabled state in server URL generation by @lghiur in https://github.com/TykTechnologies/tyk/pull/7560
  • TT-15780 Auto generated from templates by gromit by @sredxny in https://github.com/TykTechnologies/tyk/pull/7554
  • [TT-12827] A gateway using a redis rate limiter panics if any Gateway sharing the same Redis is using the DRL by @MaciekMis in https://github.com/TykTechnologies/tyk/pull/7558
  • [TT-16176] Generate relative patsh when tags are disabled or 0 by @lghiur in https://github.com/TykTechnologies/tyk/pull/7564
  • [TT-15971] Add cross-repo dashboard build workflow for API tests by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/7563
  • FIPS Docker Images for LTS releases only TT-16023 by @Razeen-Abdal-Rahman in https://github.com/TykTechnologies/tyk/pull/7571
  • [TT-16013]Fix/oas security scheme race condition 7573 by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7579
  • Merging to release-5.11: [TT-16188] Update info.version (#7598) by @probelabs[bot] in https://github.com/TykTechnologies/tyk/pull/7601
  • Merging to release-5.11: [DX-2045] docs: clarify TYK_GW_MAXIDLECONNSPERHOST default value and recommendation (#7604) by @probelabs[bot] in https://github.com/TykTechnologies/tyk/pull/7610
  • Merging to release-5.11: [DX-2128] docs: clarify TYK_GW_USEREDISLOG requires shared Redis instance (#7607) by @probelabs[bot] in https://github.com/TykTechnologies/tyk/pull/7614
  • Merging to release-5.11: Fix Docs (#7624) by @probelabs[bot] in https://github.com/TykTechnologies/tyk/pull/7627
  • Merging to release-5.11: [TT-16285] Auto generated from templates by gromit (#7630) by @probelabs[bot] in https://github.com/TykTechnologies/tyk/pull/7634
  • Merging to release-5.11: TT-16290 rename the ci aggregator (#7635) by @probelabs[bot] in https://github.com/TykTechnologies/tyk/pull/7640
  • Merging to release-5.11: [TT-16296] fixed keys being set automatically as active (#7642) by @probelabs[bot] in https://github.com/TykTechnologies/tyk/pull/7648
  • Merging to release-5.11: Remove mercurial from plugin compiler Dockerfile (#7670) by @probelabs[bot] in https://github.com/TykTechnologies/tyk/pull/7674
  • Merging to release-5.11: [TT-16468] Using a JWKS URL causes memory leak in gateway 5.11 (#7703) by @probelabs[bot] in https://github.com/TykTechnologies/tyk/pull/7707
  • Merging to release-5.11.1: Merging to release-5.11: [TT-16532] Bundle Verification Significantly Increases Resource Consumption (#7731) (#7732) by @probelabs[bot] in https://github.com/TykTechnologies/tyk/pull/7737
  • Merging to release-5.11.1: [TT-16554]: Change bundle loading logic when reloaded (#7745) by @probelabs[bot] in https://github.com/TykTechnologies/tyk/pull/7763

New Contributors

  • @padiazg made their first contribution in https://github.com/TykTechnologies/tyk/pull/6229
  • @LLe27 made their first contribution in https://github.com/TykTechnologies/tyk/pull/6344
  • @olamilekan000 made their first contribution in https://github.com/TykTechnologies/tyk/pull/7060
  • @nerdydread made their first contribution in https://github.com/TykTechnologies/tyk/pull/6488

Full Changelog: https://github.com/TykTechnologies/tyk/compare/v5.3.0-rc2...v5.11.1-rc1

View release on GitHub
v5.11.1-alpha2 Breaking risk
Security fixes
  • CVE-2025-54388
Full changelog

What's Changed

  • [TT-11185] release docs 5.3.0 update by @titpetric in https://github.com/TykTechnologies/tyk/pull/6079
  • [TT-11405] Updating JSON tags and field names for TLS max and min versions by @mativm02 in https://github.com/TykTechnologies/tyk/pull/6078
  • TT-10962 by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6072
  • [TT-11388]: updated opentelemtry library and added tests for new span keys by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6087
  • [TT-11377] Adding “node_is_segmented” flag under “node” to complement “tags” by @mativm02 in https://github.com/TykTechnologies/tyk/pull/6093
  • [TT-11413] Fix apidef GlobalRateLimit migrations by @titpetric in https://github.com/TykTechnologies/tyk/pull/6086
  • TT-11288 Revert logger mutex by @sredxny in https://github.com/TykTechnologies/tyk/pull/6103
  • [TT-11197] Upgrade google/grpc by @titpetric in https://github.com/TykTechnologies/tyk/pull/6100
  • [TT-11440/TT-11461] Add functionName to replace name in OAS virtual endpoint and endpoint post plugin by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6098
  • [TT-11439/TT-11452] fix custom plugins contract by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6097
  • [TT-11295] Update graphql-go-tools dependency by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6112
  • [TT-11389]: moved graphql span attributes by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6088
  • TT-11443 Shim to keep compatibility in goplugins importing tyk redis by @sredxny in https://github.com/TykTechnologies/tyk/pull/6096
  • [TT-11452] remove unused migrate func by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6117
  • TT-11485, fix for global rate limit disabled flag not working by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6120
  • [SYSE-332] Fail tests reliably by @ermirizio in https://github.com/TykTechnologies/tyk/pull/6130
  • [TT-11197] Bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 by @dependabot[bot] in https://github.com/TykTechnologies/tyk/pull/6124
  • [TT-11549/TT-11597] Auto generated from templates by gromit by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6138
  • [TT-10856/TT-11593]fix quota limits not working with url rewrite to self by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6133
  • [TT-11627] Migrate failling to golangci-lint/forbidigo, fix issues by @titpetric in https://github.com/TykTechnologies/tyk/pull/6152
  • [TT-11197]update hashicorp vault by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6150
  • [TT-10909]: fix issue with missing upstream headers in graphql proxy only by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6166
  • [TT-6011] Fix non-functional coprocess apis, add tests by @titpetric in https://github.com/TykTechnologies/tyk/pull/4055
  • [TT-11684] OAS-to-UDG converter - import paths & cleanup by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6181
  • [TT-11735] Exclude testdata from sonarcloud by @titpetric in https://github.com/TykTechnologies/tyk/pull/6182
  • [TT-10104] JS middleware + ignore auth test and fix for panic by @titpetric in https://github.com/TykTechnologies/tyk/pull/6180
  • Update README.md by @letzya in https://github.com/TykTechnologies/tyk/pull/6035
  • [TT-11746] Add linter for regression test names by @titpetric in https://github.com/TykTechnologies/tyk/pull/6191
  • [TT-11585] Process DeleteAPICache event by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6190
  • [TT-10856/TT-11778] fix quota limit remaining header value when key is created from policy and API is looped by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6199
  • [SYSE-336 master] Followup from March template application by @alephnull in https://github.com/TykTechnologies/tyk/pull/6207
  • TT-7560, fixed issue with bundles loading with bad sign/checksum by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6165
  • [SYSE-353 master] Fix tyk-ci fetch mechanism by @ermirizio in https://github.com/TykTechnologies/tyk/pull/6213
  • [TT-7560] skip loading API when custom middleware bundle fetch fails by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6211
  • TT-11748 dont attempt to remove ApiCacheDeletion key from redis by @sredxny in https://github.com/TykTechnologies/tyk/pull/6215
  • [TT-9972] release resources only after specs are completely switched during hot reload by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/5535
  • [TT-11925] Reset plugin compiler build env to match gateway build env by @titpetric in https://github.com/TykTechnologies/tyk/pull/6234
  • [TT-11655] Graphql APIs are unable to handle OPTIONS requests by @rhianeKobar in https://github.com/TykTechnologies/tyk/pull/6221
  • [SYSE-358 master] April template application by @ermirizio in https://github.com/TykTechnologies/tyk/pull/6248
  • [TT-11991]: added request_headers_rewrite by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6257
  • [TT-11966/TT-12064] implement OAS webhooks events by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6258
  • [TT-10291]: support gql-go-tools verison 2 by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6240
  • [TT-12064]Update Cast function signature by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6261
  • [TT-10291]: upgrade gql-tools for v2 by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6264
  • [TT-11966/TT-12064] refactor oas events, update contract by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6263
  • [TT-11966/TT-12064] update typo in cooldown period by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6266
  • [TT-11966/TT-12064] handle edge case with empty event handlers by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6267
  • [TT-12114]update goerr113 with err113 by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6268
  • [SYSE-363 master] May template application by @alephnull in https://github.com/TykTechnologies/tyk/pull/6270
  • update graphql-go-tools (TT-9884) by @pvormste in https://github.com/TykTechnologies/tyk/pull/6274
  • [TT-5790] Update EnsureTransport and related tests by @titpetric in https://github.com/TykTechnologies/tyk/pull/6243
  • [TT-11990] Change default behaviour of request_headers by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6277
  • [TT-11954/TT-12155] add x-tyk-api-gateway.servers.contextVariables.enabled by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6281
  • [TT-7325] Enable fixed window rate limiter by @titpetric in https://github.com/TykTechnologies/tyk/pull/6253
  • [TT-11954/TT-12115]fix location of contextVariables by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6285
  • [TT-11739] Clean up rate limiting area, decouple GlobalConfig in APISpec by @titpetric in https://github.com/TykTechnologies/tyk/pull/6262
  • [TT-11914/TT-12101]Add OAS trafficLogs by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6287
  • [Test] Updates for opentelemetry test, use golang_cross in GH build cache key by @titpetric in https://github.com/TykTechnologies/tyk/pull/6282
  • [TT-11806] Respect domain and listen path by @titpetric in https://github.com/TykTechnologies/tyk/pull/6289
  • [DX-1345] Update config description for inclusive naming project by @dcs3spp in https://github.com/TykTechnologies/tyk/pull/6286
  • [TT-12153]: Fix/complexity checker and granular access checker v3-preview by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6293
  • [TT-12193] Fix poor error handling in webhook event templates by @titpetric in https://github.com/TykTechnologies/tyk/pull/6303
  • add features section to graphql proxy config by @pvormste in https://github.com/TykTechnologies/tyk/pull/6298
  • [TT-12193] Add log for event handler webhook by @titpetric in https://github.com/TykTechnologies/tyk/pull/6310
  • [TT-12193] Update error handling on webhook events when the event template has errors by @titpetric in https://github.com/TykTechnologies/tyk/pull/6312
  • [TT-11997] Backend logic for request_headers_rewrite by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6306
  • [TT-12095] Fixing unhashed API keys exposed in OTEL spans by @mativm02 in https://github.com/TykTechnologies/tyk/pull/6296
  • [TT-11470] Add human identifiable information in NodeData by @padiazg in https://github.com/TykTechnologies/tyk/pull/6229
  • add logic for use_immutable_headers (TT-12190) by @pvormste in https://github.com/TykTechnologies/tyk/pull/6315
  • [TT-11997] Header case insensitivity by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6316
  • [TT-3738] Implement rate limit smoothing by @titpetric in https://github.com/TykTechnologies/tyk/pull/6295
  • [TT-11739] Re-add gateway.RateLimitExceeded (Dashboard coupling) by @titpetric in https://github.com/TykTechnologies/tyk/pull/6318
  • [TT-11739] Fix RateLimitExceeded var name to include Event prefix by @titpetric in https://github.com/TykTechnologies/tyk/pull/6319
  • feat/TT-9462/tag-cached-response by @joshblakeley in https://github.com/TykTechnologies/tyk/pull/6308
  • [TT-12186] Fixes TestOAS_ExtractTo_ResetAPIDefinition with a valid event config by @titpetric in https://github.com/TykTechnologies/tyk/pull/6321
  • [TT-12312] update openapi spec version by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6323
  • [TT-12313, TT-12222] Update graphql-go-tools by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6326
  • [TT-12323] fix panic when webhook handler is disabled by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6334
  • [TT-12311] exp/modcheck: Update go.mod dependencies by @buger in https://github.com/TykTechnologies/tyk/pull/6337
  • [TT-12365] Add new events to validate in x-tyk-api-gateway by @titpetric in https://github.com/TykTechnologies/tyk/pull/6347
  • [TT-9864] Optimize the creation/usage of AST documents by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6345
  • [TT-12285] Add smoothing, fix duplicate x-go-name by @titpetric in https://github.com/TykTechnologies/tyk/pull/6346
  • TT-12347 fix management of custom keys in mdcb installations by @sredxny in https://github.com/TykTechnologies/tyk/pull/6353
  • [TT-12425] exp/modcheck: Update go.mod dependencies by @buger in https://github.com/TykTechnologies/tyk/pull/6363
  • [TT-11762] fix nil err return by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6365
  • [TT-10532] Update taskfile, CI tests by @titpetric in https://github.com/TykTechnologies/tyk/pull/6350
  • [TT-10532] Fix golangci-lint step to exit 0 by @titpetric in https://github.com/TykTechnologies/tyk/pull/6369
  • [DX-1084] Add documentation to protobuf source code files for review by @dcs3spp in https://github.com/TykTechnologies/tyk/pull/6251
  • [TT-12454] Extract ApplyPolicies into internal/policy scope by @titpetric in https://github.com/TykTechnologies/tyk/pull/6367
  • fix unnecessary call to DeleteRawKey if no allowance scope is defined (TT-11721) by @pvormste in https://github.com/TykTechnologies/tyk/pull/6373
  • Remove redis5 in CI pipeline by @titpetric in https://github.com/TykTechnologies/tyk/pull/6379
  • TT-12306, addressed changes suggested in the tyk-docs PR by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6377
  • [TT-12234]update go1.21 version by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6385
  • [DX-1473] Replace authorise with authorize by @dcs3spp in https://github.com/TykTechnologies/tyk/pull/6383
  • [SYSE-370 master] June template application by @alephnull in https://github.com/TykTechnologies/tyk/pull/6331
  • [TT-11032] Godoc CI lint action, config and apidef/oas by @titpetric in https://github.com/TykTechnologies/tyk/pull/6386
  • [TT-12503] Render ID type as a String by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6390
  • [TT-12318] SSE streaming is broken by @titpetric in https://github.com/TykTechnologies/tyk/pull/6391
  • [SYSE-370 master] June template application by @ermirizio in https://github.com/TykTechnologies/tyk/pull/6403
  • [SYSE-370 master] June template application by @ermirizio in https://github.com/TykTechnologies/tyk/pull/6410
  • [TT-12575] Add coverage to gitignore, add package to regression to fix api changes by @titpetric in https://github.com/TykTechnologies/tyk/pull/6400
  • [TT-1570/TT-12587]mTLS: allow validating client certificates against root certificate authority by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6405
  • [TT-1570/TT-12588] extend certs endpoint with is_ca by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6406
  • [TT-12618] Refactor/checkspec findspec by @titpetric in https://github.com/TykTechnologies/tyk/pull/6415
  • [TT-12618] Add RateLimit per-path settings to apidefinition classic, add test case by @titpetric in https://github.com/TykTechnologies/tyk/pull/6413
  • [TT-12634] Add oas contract and migrations to/from classic apidef by @titpetric in https://github.com/TykTechnologies/tyk/pull/6416
  • [TT-12519], added necessary logic for UrlVersioningPattern by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6401
  • [TT-12587] verify root CA on certificate check mw by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6422
  • [TT-12195] : Public playground still shows schema when introspection is turned off by @jay-deshmukh in https://github.com/TykTechnologies/tyk/pull/6397
  • TT-12380 Fill latency analytics field by @sredxny in https://github.com/TykTechnologies/tyk/pull/6421
  • [TT-12635] Update swagger.yml with ExtendedPathsSet.RateLimitMeta by @titpetric in https://github.com/TykTechnologies/tyk/pull/6417
  • [TT-12688] Ensure OAS API paths get applied to gateway by length, sort by path by @titpetric in https://github.com/TykTechnologies/tyk/pull/6425
  • [TT-11753] fix thelper.bug.major lint error by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6429
  • [TT-12688] extractto to honor sorting by @titpetric in https://github.com/TykTechnologies/tyk/pull/6430
  • [TT-11810] Plugin bundles: fix slow tests, improve internal signature verifier API by @titpetric in https://github.com/TykTechnologies/tyk/pull/6203
  • [TT-12698] Add linter to gateway to check for named scope conflicts by @titpetric in https://github.com/TykTechnologies/tyk/pull/6409
  • [TT-11758] fix sonarcloud reported issues on errorlint.bug.major by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6434
  • [TT-11758] fix sonarcloud reported issues on errorlint.bug.major by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6435
  • [DX-1508, DX-1511] Update config.go godoc comments with American spelling conversions by @dcs3spp in https://github.com/TykTechnologies/tyk/pull/6436
  • [TT-12762]respect response plugins contract over responsePlugin.plugins by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6441
  • [TT-12762] remove main bin by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6445
  • [TT-12816] Fix/distroless python release tests by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6455
  • [DX-1599] Update ports_whitelist config documentation by @dcs3spp in https://github.com/TykTechnologies/tyk/pull/6454
  • [TT-11726]: This optimizes the deletion of keys using a single command by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6427
  • [SYSE-370 master] June template application by @alephnull in https://github.com/TykTechnologies/tyk/pull/6418
  • [TT-12566/TT-12851] Add client endpoint rate limiter by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6462
  • [TT-12862] refactor apply policy by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6465
  • [TT-12862] apply per api rate limits from policy by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6467
  • [TT-12550] policy key path permissions problem by @titpetric in https://github.com/TykTechnologies/tyk/pull/6437
  • [TT-12886] apply per endpoint rate limits by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6468
  • [TT-12892] use same url matching logic in endpoint rate limiting as of allowed urls by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6470
  • [TT-12566/TT-12927] fix merging rate limits by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6472
  • [TT-11672] Update description of CertificatesConfig.Upstream by @dcs3spp in https://github.com/TykTechnologies/tyk/pull/6169
  • [TT-12562/TT-12815] go 1.22 upgrade by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6452
  • [TT-12452] Clear up quota gated with a distributed redis lock by @titpetric in https://github.com/TykTechnologies/tyk/pull/6448
  • [TT-12975] Fix flaky test caused by missed Close invocation by @titpetric in https://github.com/TykTechnologies/tyk/pull/6481
  • [TT-12355] added log format config, func and test cases by @LLe27 in https://github.com/TykTechnologies/tyk/pull/6344
  • [TT-1944] Fix regex matching for parameters by @titpetric in https://github.com/TykTechnologies/tyk/pull/6480
  • added a waitgroup to wait until all the pool connections are dialed by @sredxny in https://github.com/TykTechnologies/tyk/pull/6487
  • [TT-12964] ignore endpoint rate limit configurations when rate limit partition is disabled by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6491
  • [TT-13011] implement combining endpoint rate limits from non partitioned policies. by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6494
  • [TT-13041] Adjust quota handling of missing or expired keys by @titpetric in https://github.com/TykTechnologies/tyk/pull/6492
  • [TT-13048] Flaky test due to using httpbin org, improvements by @titpetric in https://github.com/TykTechnologies/tyk/pull/6504
  • [TT-12865] URL matching prefixes/explicit, regex support by @titpetric in https://github.com/TykTechnologies/tyk/pull/6475
  • [TT-12865] Rename config parameter, update usage, support mux params on legacy by @titpetric in https://github.com/TykTechnologies/tyk/pull/6506
  • [TT-2539] added access/transaction logs by @LLe27 in https://github.com/TykTechnologies/tyk/pull/6354
  • [TT-12893]: Adding first implementation of streams API by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6496
  • Revert "[TT-12893]: Adding first implementation of streams API" by @titpetric in https://github.com/TykTechnologies/tyk/pull/6509
  • [TT-12494] Fix flaky TestCacheEtag and related cache tests by @titpetric in https://github.com/TykTechnologies/tyk/pull/6508
  • Revert "[TT-2539] added access/transaction logs" by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6524
  • [TT-13098] [master] exp/modcheck: Update go.mod dependencies by @buger in https://github.com/TykTechnologies/tyk/pull/6523
  • [TT-13109]Generate New Swagger and Update Validator for Gateway by @yurisasuke in https://github.com/TykTechnologies/tyk/pull/6231
  • [TT-13107] Remove verbose error logging if quota is disabled by @titpetric in https://github.com/TykTechnologies/tyk/pull/6528
  • [TT-13122] build multiarch image on 1.22-bullseye by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6549
  • [TT-13128] Updated description for prefix and suffix matching config options by @lghiur in https://github.com/TykTechnologies/tyk/pull/6555
  • [TT-13087] Adjust example gateway config, to have match preficing explicit by default by @lghiur in https://github.com/TykTechnologies/tyk/pull/6564
  • TT-13130 only mark the wg as done when the connection is stablished by @sredxny in https://github.com/TykTechnologies/tyk/pull/6574
  • [TT-12893]: Adding first implementation of streams API by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6511
  • [TT-13175] Refactor apply policies test by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6585
  • [TT-13175] add t.helper to helper functions by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6587
  • [TT-13176]: update graqhql go tools by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6586
  • [TT-13136] Adjust concurrency group to CI tests, extend to all workflows by @titpetric in https://github.com/TykTechnologies/tyk/pull/6560
  • [SYSE-394 master] Fix test code base for Tyk-Analytics PRs by @konrad-sol in https://github.com/TykTechnologies/tyk/pull/6583
  • [TT-13088] Fixed godoc for path prefix and sufix configs by @lghiur in https://github.com/TykTechnologies/tyk/pull/6610
  • [TT-13186/TT-13199] implement upstream basic authentication by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6596
  • [TT-13243] Test/ci improvements by @titpetric in https://github.com/TykTechnologies/tyk/pull/6611
  • [TT-13139] Request times out in some cases when sending input via http inputs by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6601
  • [TT-13238] Clean up RPC data model by @titpetric in https://github.com/TykTechnologies/tyk/pull/6608
  • [TT-13242] Moved/Cleaned up nestedApiDefinition to model.MergedAPI by @titpetric in https://github.com/TykTechnologies/tyk/pull/6609
  • [TT-13258] exp/workflow-lint: Update to latest known actions by @buger in https://github.com/TykTechnologies/tyk/pull/6620
  • [TT-13266] Fix python tests by @titpetric in https://github.com/TykTechnologies/tyk/pull/6624
  • [TT-12897] Merge path based permissions when combining policies by @titpetric in https://github.com/TykTechnologies/tyk/pull/6597
  • [TT-13262] Fix/delete build cache for plugin compiler by @titpetric in https://github.com/TykTechnologies/tyk/pull/6623
  • [TT-8004/TT-13092]enable validate request middleware during OAS import when parameters are specified on endpoint groups by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6618
  • [TT-13186/TT-13199] replace auth header instead of adding auth header by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6631
  • [TT-13280] Adjust golangci-lint to raise up errors in PRs directly by @titpetric in https://github.com/TykTechnologies/tyk/pull/6634
  • TT-13130 updated version of gorpc library and prevent panic on reconnect edge by @sredxny in https://github.com/TykTechnologies/tyk/pull/6629
  • [TT-13184] Implement OAuth 2.0 Client Credentials Flow for GW authentication with upstream by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6633
  • [TT-12897/TT-13284] Add additional partitioned test case, fix ordering issue by @titpetric in https://github.com/TykTechnologies/tyk/pull/6635
  • [TT-12814] Make schema more flexible, don't enforce additionalProperties: false by @titpetric in https://github.com/TykTechnologies/tyk/pull/6640
  • TT-13130 update gorpc version by @sredxny in https://github.com/TykTechnologies/tyk/pull/6644
  • Tt 13184 Upstream OAuth2 updates to fix TTL issue by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6643
  • [TT-12990] fix upstream endpoint RL not considering endpoint method by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6651
  • TT-13269 - Refactor/streams by @titpetric in https://github.com/TykTechnologies/tyk/pull/6593
  • [TT-12702] revert wrappedServeHTTP to use recordDetail by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6654
  • [TT-11426/TT-13322] Add deprecation notice for external OAuth middleware by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6657
  • [TT-13185] Implement Password Flow OAuth by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6649
  • [TT-13381] Linters should only work for PRs by @titpetric in https://github.com/TykTechnologies/tyk/pull/6664
  • [TT-12417] Do not delete keys on synchronization by @mativm02 in https://github.com/TykTechnologies/tyk/pull/6642
  • [TT-13185] reorganize contract in upstream oauth by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6668
  • [TT-13271] custom oauth response fields by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6660
  • [TT-13400] Fixing OTel CI by @mativm02 in https://github.com/TykTechnologies/tyk/pull/6659
  • [TT-13359] move upstream basic auth to ee package by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6669
  • [TT-13185] upstream oauth allowed_authorize_types not being filled on API creation by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6676
  • TT-13185, fixed lines lost in merge conflicts by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6681
  • [TT-13375/TT-13422] Add validation rules for Upstream auth by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6680
  • [TT-13008]: modified default streams logger by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6682
  • [TT-13185] fix missing extracts by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6685
  • [TT-11426/TT-13322]add deprecation notice for oidc middleware by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6686
  • [TT-13201] Streams Definition Validator by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6656
  • TT-13271, fix for token metadata not being cached by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6689
  • [TT-12885] Add plugin development guide for manual builds by @titpetric in https://github.com/TykTechnologies/tyk/pull/6598
  • [TT-13391] Move upstream OAuth to EE by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6684
  • improve error handling of streams in non-ee version (TT-13269) by @pvormste in https://github.com/TykTechnologies/tyk/pull/6691
  • [TT-13375] Improved Upstream Auth validation rules by @lghiur in https://github.com/TykTechnologies/tyk/pull/6694
  • add stream analytics to ee (TT-13233) by @pvormste in https://github.com/TykTechnologies/tyk/pull/6671
  • [TT-13271] Make enabled and allowedAuthorizeTypes required fields by @lghiur in https://github.com/TykTechnologies/tyk/pull/6673
  • [TT-13508] Streams poor performance when reconnecting to a Streams API by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6697
  • [TT-13422] Do not allow empty string in upstream auth configuration strings by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6699
  • [TT-13508] Downgrade Bento to v1.2.0 and use our own fork to cherry-pick some changes from latest main branch. by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6700
  • [TT-13535/TT-13566] make upstream oauth password client secret not required by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6701
  • Revert "[TT-13422] Do not allow empty string in upstream auth configuration strings" by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6702
  • [TT-13535/TT-13566] Make upstream oauth flow client secret omitempty by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6708
  • [TT-13485] update dependencies with vulnerabilities reported by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6711
  • [TT-13475] update OAS version by @lghiur in https://github.com/TykTechnologies/tyk/pull/6712
  • [TT-13535/TT-13566] Ease up required fields in classic API schema by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6717
  • [TT-13607] Only import components/io and components/kafka by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6720
  • [TT-13507][TT-12873][TT-13141] Fix for custom domains with substring listen path by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6705
  • [TT-13658] added missing logger from provider initialisation by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6729
  • [TT-13439] update response content-length when response body is modified by coprocess response hook by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6732
  • [TT-13670] Decouple OAuthManager behind interface by @titpetric in https://github.com/TykTechnologies/tyk/pull/6735
  • [TT-13390] Silently skip loading bundle on managment node by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6739
  • [TT-13669] Add pre-commit, pre-push hooks by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6733
  • [TT-13142] Fix panic when detailed analytics is turned on with SSE streaming by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6727
  • [TT-13695] Testing fixes, skip dangerous tests by @titpetric in https://github.com/TykTechnologies/tyk/pull/6736
  • [TT-13698] Cache is handled by setup/go, this blocks by @titpetric in https://github.com/TykTechnologies/tyk/pull/6749
  • [DX-1423] Update TYK_GW_SECRETS definition by @dcs3spp in https://github.com/TykTechnologies/tyk/pull/6360
  • [TT-12775] Request size limit breaks GET and DELETE requests by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6734
  • [TT-12775] Add request size limit test for POST, PUT and PATCH methods. by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6751
  • [TT-12710]deleting All Partitioned Policies a Key is linked to does not delete the Key by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6473
  • [TT-13155] Explicitly copy BaseMiddleware for each middleware that takes it by @titpetric in https://github.com/TykTechnologies/tyk/pull/6744
  • TT-13513 TT-12767 TT-12768 ensure to save oauth clients locally when pulled from rpc by @sredxny in https://github.com/TykTechnologies/tyk/pull/6740
  • [TT-13715] Upgrade to Bento v1.4.0 by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6762
  • [TT-13608] Issues with custom scalar in query variable by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6766
  • [TT-13217] Add updated dockerfile for python, test with 5.3.0/5.3.6-rc4 by @titpetric in https://github.com/TykTechnologies/tyk/pull/6750
  • [TT-13021]Transfer encoding fix by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6770
  • [TT-11711] Fix listenpath validation by @titpetric in https://github.com/TykTechnologies/tyk/pull/6772
  • [TT-12495] Add support for RSASSA-PSS signed JWTs by @sedkis in https://github.com/TykTechnologies/tyk/pull/6368
  • [TT-13021] fixed missing lines by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6787
  • [TT-13753] Fix sonarcloud coverage via upload-artifact by @titpetric in https://github.com/TykTechnologies/tyk/pull/6790
  • [TT-12741] Looped ap is wrongfully inherit the caller's authentication key when using url rewrite by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6778
  • [TT-13741] [master] exp/modcheck: Update go.mod dependencies by @buger in https://github.com/TykTechnologies/tyk/pull/6794
  • [TT-13564] Add classic to OAS translation guide by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6774
  • [TT-13742] Update swagger to 5.7.1 by @lghiur in https://github.com/TykTechnologies/tyk/pull/6803
  • [TT-13761] add batch request to the latest open api specs by @yurisasuke in https://github.com/TykTechnologies/tyk/pull/6797
  • Merging to master: Merging to release-5.3: [TT-13769] Extend plugin compiler test with arm64 cross build (#6813) by @buger in https://github.com/TykTechnologies/tyk/pull/6815
  • [TT-13766] Bump newrelic dependency by @titpetric in https://github.com/TykTechnologies/tyk/pull/6809
  • [TT-11910]: added tag headers to traffic logs and tests by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6818
  • Add tests to verify yaml conversions work by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6819
  • [TT-13723] Update to Go 1.23 by @titpetric in https://github.com/TykTechnologies/tyk/pull/6812
  • [TT-10070] Fix/sanitize error logging by @titpetric in https://github.com/TykTechnologies/tyk/pull/6817
  • [TT-11896] Add OAS IPAccessControl by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6824
  • implement api-level request size limit for oas (TT-11459) by @pvormste in https://github.com/TykTechnologies/tyk/pull/6822
  • [TT-11912]: Added Analytics expiry period to OAS by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6825
  • [TT-11913] Add custom analytics plugins configuration to OAS by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6829
  • add load balancing to oas configuration (TT-881) by @pvormste in https://github.com/TykTechnologies/tyk/pull/6830
  • [TT-13819] Benchmark updates, session limiter workaround for test goroutine leak by @titpetric in https://github.com/TykTechnologies/tyk/pull/6826
  • [TT-11909]: Added Session Lifetime to OAS by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6835
  • fix omitempty on some fields for LoadBalancing (TT-881) by @pvormste in https://github.com/TykTechnologies/tyk/pull/6837
  • [TT-2539] Refactor hash and token apis under internal/crypto, leave aliases by @titpetric in https://github.com/TykTechnologies/tyk/pull/6838
  • [TT-12440] Clean up gojsonschema import surface, phase out internal fork by @titpetric in https://github.com/TykTechnologies/tyk/pull/6836
  • [TT-2539] Transaction logs by @LLe27 in https://github.com/TykTechnologies/tyk/pull/6841
  • [TT-13939] Embed memorycache, drop leakybucket import by @titpetric in https://github.com/TykTechnologies/tyk/pull/6843
  • [TT-13657]: Add protocol and port to oas by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6846
  • [TT-881] fix issue where upstream targets have been duplicated by @pvormste in https://github.com/TykTechnologies/tyk/pull/6847
  • TT-2539 - renamed access log fields by @LLe27 in https://github.com/TykTechnologies/tyk/pull/6849
  • [TT-13820] Fix code whitespace style consistency by @titpetric in https://github.com/TykTechnologies/tyk/pull/6844
  • [TT-11909]: fix oas bug on session lifetime and add respect expiry by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6842
  • [TT-12884] add batch requests support to OAS by @pvormste in https://github.com/TykTechnologies/tyk/pull/6853
  • [TT-14010] Linter reconfig for golangci-lint by @titpetric in https://github.com/TykTechnologies/tyk/pull/6854
  • [TT-7249] Flaky TestJWTSessionExpiresAtValidationConfigs by @titpetric in https://github.com/TykTechnologies/tyk/pull/6856
  • [TT-13910]: Removed disable expire analytics and added customRetentionPeriod OAS by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6848
  • [TT-12638] Added PreserveHostHeader to OAS functionality by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6859
  • TT-13890: request debug endpoint by @lghiur in https://github.com/TykTechnologies/tyk/pull/6862
  • [TT-11913] Implement OAS contract for analytics plugin by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6861
  • [TT-11908] add request signing to OAS upstream authentication by @pvormste in https://github.com/TykTechnologies/tyk/pull/6850
  • [TT-13998] make url of X-Tyk-Upstream optional when loadBalancing is present by @pvormste in https://github.com/TykTechnologies/tyk/pull/6860
  • [TT-13629]: OAS upstream SSL configuration by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6840
  • [DX-1780]Generate test for tyk gateway swagger by @yurisasuke in https://github.com/TykTechnologies/tyk/pull/6827
  • [TT-12957] OAS Uptime Tests migrations by @titpetric in https://github.com/TykTechnologies/tyk/pull/6852
  • TT-12965: Improve performance of ctx.GetOASDefinition/GetDefinition by @titpetric in https://github.com/TykTechnologies/tyk/pull/6855
  • [TT-13477] upstream oauth event handling by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6867
  • TT-14070: [Testing/Concurrency] Test gateway lifecycle, enable start/stop parallelism by @titpetric in https://github.com/TykTechnologies/tyk/pull/6677
  • TT-14085: Remove the pmylund/go-cache dependency by @titpetric in https://github.com/TykTechnologies/tyk/pull/6871
  • [TT-13659] add support for custom event handlers in OAS definitions by @pvormste in https://github.com/TykTechnologies/tyk/pull/6870
  • [TT-13657]: modified json schema for protocol by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6878
  • TT-14089 load apis from emergency mode, wait for connection considers emergency mode by @sredxny in https://github.com/TykTechnologies/tyk/pull/6873
  • [TT-13440] correctly sync multi-value response headers with coprocess middleware by @edsonmichaque in https://github.com/TykTechnologies/tyk/pull/6883
  • TT-14059: Add migration test fixtures by @titpetric in https://github.com/TykTechnologies/tyk/pull/6879
  • TT-14132: Update sonarcloud sonarqube scan by @titpetric in https://github.com/TykTechnologies/tyk/pull/6888
  • [TT-14100] fix requireSession in OAS for custom auth plugins by @pvormste in https://github.com/TykTechnologies/tyk/pull/6893
  • TT-14110, TT-14112, TT-14103: Implement ignoreCase, preserveTrailingSlash, remove multipleOf by @titpetric in https://github.com/TykTechnologies/tyk/pull/6889
  • TT-14154: [test only] fix golangci-lint base branch for merges by @titpetric in https://github.com/TykTechnologies/tyk/pull/6896
  • [TT-13836] Key Rotation for MDCB Data Planes by @mativm02 in https://github.com/TykTechnologies/tyk/pull/6868
  • [TT-14084] External OAuth is migrated as Keyless by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6895
  • [TT-14178] Temporarily revert strict oas schema usage by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/6900
  • [TT-14111] add support for rate limit and quota flags in OAS by @pvormste in https://github.com/TykTechnologies/tyk/pull/6899
  • [TT-13660] add support for log event handler to OAS definitions by @pvormste in https://github.com/TykTechnologies/tyk/pull/6880
  • [TT-13936] Improve RPC connection handling for user key reset events by @mativm02 in https://github.com/TykTechnologies/tyk/pull/6904
  • TT-14192: Consistent use of imported package for gojsonschema, lint by @titpetric in https://github.com/TykTechnologies/tyk/pull/6902
  • TT-14110: Cover migration of ignoreCase for classic by @titpetric in https://github.com/TykTechnologies/tyk/pull/6906
  • TT-7306: Migrate Mock Response from Classic API Definition to OAS API Definition by @edsonmichaque in https://github.com/TykTechnologies/tyk/pull/6894
  • [TT-8876], set "policies.allow_explicity_policy_id " to true by default by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6905
  • [TT-14200] add support to disable log event handlers and custom event handlers by @pvormste in https://github.com/TykTechnologies/tyk/pull/6907
  • TT-14059: Extend service discovery tests and fixtures by @titpetric in https://github.com/TykTechnologies/tyk/pull/6909
  • TT-14183: Fix uptimetests migrations, add fixtures, enabled flag by @titpetric in https://github.com/TykTechnologies/tyk/pull/6908
  • TT-14221: Refactor for clean usage of httputil by @titpetric in https://github.com/TykTechnologies/tyk/pull/6911
  • [TT-7306] [fix] Migrate Mock Response from Classic API Definition to OAS API Definition by @edsonmichaque in https://github.com/TykTechnologies/tyk/pull/6914
  • [TT-14169] Review and address CVEs by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6917
  • [TT-14170] Config and swagger description updates by @lghiur in https://github.com/TykTechnologies/tyk/pull/6919
  • [TT-14214]: added milisecond duration to readable duration by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6916
  • [TT-14169] Upgrade github.com/go-jose/go-jose/v3 by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6925
  • [TT-12957] fix some issues with uptime_tests migrations to OAS by @pvormste in https://github.com/TykTechnologies/tyk/pull/6924
  • TT-14170 Update missing Tyk OAS API go doc on fields by @lghiur in https://github.com/TykTechnologies/tyk/pull/6926
  • TT-14163 when start the rpc set as default in emergency mode by @sredxny in https://github.com/TykTechnologies/tyk/pull/6910
  • [TT-7306] Ensure ignoreAuthentication is only enabled in migration scenario by @edsonmichaque in https://github.com/TykTechnologies/tyk/pull/6923
  • [SYSE-401 master] Model builds as a concept by @konrad-sol in https://github.com/TykTechnologies/tyk/pull/6728
  • TT-14170 adjusted godoc for gw config by @lghiur in https://github.com/TykTechnologies/tyk/pull/6938
  • [TT-12957] fixed issue when migrating from classic to oas that was leaving a broken url by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6947
  • [TT-7306] Revert allow list to migrated mock response by @edsonmichaque in https://github.com/TykTechnologies/tyk/pull/6946
  • [TT-14102] fix api level and endpoint level cache migration by @edsonmichaque in https://github.com/TykTechnologies/tyk/pull/6931
  • [TT-12957] oas uptime testing migration fails on timeout field by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6956
  • [TT-14276] Gateway panics if Uptime Tests are disabled in config but enabled in API definition by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6960
  • [TT-14244] Bump go, set godebug for compatibility by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6963
  • CI fix for linter failing when PR target branch is not master by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6964
  • Tt 14350 fix gateway linter using wrong branch causing ci to mailfunction on release p rs by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6965
  • [TT-7815] ensure path params are migrated to OAS by @edsonmichaque in https://github.com/TykTechnologies/tyk/pull/6966
  • [TT-14413] Check for existing params before generating new ones by @edsonmichaque in https://github.com/TykTechnologies/tyk/pull/6973
  • [TT-12343] Use API endpoint hard timeouts over global timeout setting by @mativm02 in https://github.com/TykTechnologies/tyk/pull/6976
  • TT-14452, fixed CVEs for v5.8 by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6978
  • [TT-14357]: fixed issue with stale context in UDG by @kofoworola in https://github.com/TykTechnologies/tyk/pull/6977
  • [TT-13365] Create json schema script for Bento config validation by @buraksezer in https://github.com/TykTechnologies/tyk/pull/6690
  • [TT-12442] necessary changes for new licensing logic by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6984
  • [TT-12442] changes required in gateway for new licensing to work by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6985
  • [TT-12442] Force gw reload after registration to have synced polciies and apis by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/6988
  • [TT-14518] Exclude swagger.yml from sonarcloud analysis by @lghiur in https://github.com/TykTechnologies/tyk/pull/6991
  • Create force-merge.yaml by @buger in https://github.com/TykTechnologies/tyk/pull/6993
  • Update README.md by @buger in https://github.com/TykTechnologies/tyk/pull/6994
  • [TT-13277] Improve API listen path sorting to prioritize static segments over parameters by @edsonmichaque in https://github.com/TykTechnologies/tyk/pull/6987
  • [TT-12343] Improve Timeout Test Coverage and Consistency in TestTimeoutPrioritization by @edsonmichaque in https://github.com/TykTechnologies/tyk/pull/6992
  • [DX-1906]add images to the source swagger by @yurisasuke in https://github.com/TykTechnologies/tyk/pull/6957
  • [TT-14149] Added more details to the ssl_certificate config by @letzya in https://github.com/TykTechnologies/tyk/pull/3726
  • TT-14365: internal/policy: add restricted_types behaviour test by @titpetric in https://github.com/TykTechnologies/tyk/pull/6972
  • [TT-1428]: added bloblang to test for json schema by @kofoworola in https://github.com/TykTechnologies/tyk/pull/7003
  • [SYSE-372 master] Implement custom rules for enterprise artifacts in package promotion by @alephnull in https://github.com/TykTechnologies/tyk/pull/7005
  • [TT-14300] Add support for AMQP 0.9 and 1.0 by @buraksezer in https://github.com/TykTechnologies/tyk/pull/7004
  • [ TT-14298]: Added support for bloblang by @kofoworola in https://github.com/TykTechnologies/tyk/pull/7009
  • [TT-14431]: add mqtt to json schema by @kofoworola in https://github.com/TykTechnologies/tyk/pull/7010
  • [TT-14300] Simple AMQP load generator tool for amqp_1 and amqp_0_9 by @buraksezer in https://github.com/TykTechnologies/tyk/pull/7012
  • [TT-14435]: add mqtt test cases by @kofoworola in https://github.com/TykTechnologies/tyk/pull/7021
  • [TT-14365]Test/apply policies restricted types fix by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7020
  • [TT-14596] Investigate flaky amqp integration tests by @buraksezer in https://github.com/TykTechnologies/tyk/pull/7019
  • [TT-14446] Add an integration test for Input (http_server) → Output(amqp_1) scenario by @buraksezer in https://github.com/TykTechnologies/tyk/pull/7026
  • TT-14590 kinopenapi CVE fix - Use internal fork of kinopen-api and import update gql translator by @lghiur in https://github.com/TykTechnologies/tyk/pull/7024
  • [TT-14666], fix for panic on gateway side when upgrading old oas file by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7034
  • [TT-14794] fix issue where an invalid stream path results in 500 by @pvormste in https://github.com/TykTechnologies/tyk/pull/7047
  • [TT-14666] gw panics after updating from 5 0 with oas api by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7046
  • [TT-14253] Unload Streams Properly by @buraksezer in https://github.com/TykTechnologies/tyk/pull/7033
  • [ TT-14504] Tyk OAS API definition is not available to Response Plugin if no Request Plugin loaded by @shults in https://github.com/TykTechnologies/tyk/pull/7053
  • [TT-14829] Added External OAuth Deprecated mark in godoc by @lghiur in https://github.com/TykTechnologies/tyk/pull/7050
  • [TT-14252] Add customValidationRule interface to generate_bento_config_schema script by @buraksezer in https://github.com/TykTechnologies/tyk/pull/7057
  • [TT-13779] POST form parameters are not logged for Tyk OAS APIs by @MaciekMis in https://github.com/TykTechnologies/tyk/pull/7054
  • [TT-13924]: updated go mod for kafka datasource by @kofoworola in https://github.com/TykTechnologies/tyk/pull/7058
  • [TT-14868] Request Body Not Recorded When Transfer-Encoding: chunked by @MaciekMis in https://github.com/TykTechnologies/tyk/pull/7061
  • TT-8176: implement authorisation using multiple JWK URIs by @olamilekan000 in https://github.com/TykTechnologies/tyk/pull/7060
  • Tyk OAS API definition is not available to Response Plugin if no Request Plugin loaded by @shults in https://github.com/TykTechnologies/tyk/pull/7064
  • [TT-11387] Unhelpful error messages in UI when creating APIs via OpenAPI import by @MaciekMis in https://github.com/TykTechnologies/tyk/pull/7067
  • [TT-14731] Add a flag to enable all bento inputs/outputs by @buraksezer in https://github.com/TykTechnologies/tyk/pull/7065
  • [TT-14470] update bento to v1.7.1 that includes SSE browser fix by @pvormste in https://github.com/TykTechnologies/tyk/pull/7072
  • [TT-10496] GRPC plugins do not work with service names by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7052
  • TT-8176: use centeral JWT centralised process method for JWKs by @olamilekan000 in https://github.com/TykTechnologies/tyk/pull/7071
  • [TT-11387] Unhelpful error messages in UI when creating APIs via OpenAPI import by @MaciekMis in https://github.com/TykTechnologies/tyk/pull/7080
  • Disabled/empty uptime test fields migrated to Tyk OAS by @shults in https://github.com/TykTechnologies/tyk/pull/7069
  • [TT-11975] Lack of clear error message during failed import when API definition is not valid by @MaciekMis in https://github.com/TykTechnologies/tyk/pull/7077
  • [TT-14879] Tyk Dashboard should use /api/apis/streams endpoints to create and import Tyk Stream APIs by @buraksezer in https://github.com/TykTechnologies/tyk/pull/7088
  • [TT-9234] graceful shutdown of gateway by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7076
  • [TT-14582]: Update go mod to fix issue with sending arguments from interface fields in gql by @kofoworola in https://github.com/TykTechnologies/tyk/pull/7082
  • TT-14948: fix caching issue with JWKs-URIs by @olamilekan000 in https://github.com/TykTechnologies/tyk/pull/7079
  • [TT-12308] Query parameters not respected by OAS import endpoint by @MaciekMis in https://github.com/TykTechnologies/tyk/pull/7087
  • [TT-14731] Add a flag to enable all bento inputs/outputs by @buraksezer in https://github.com/TykTechnologies/tyk/pull/7092
  • [TT-14863] Replace github.com/TykTechnologies/kin-openapi with github.com/getkin/kin-openapi by @edsonmichaque in https://github.com/TykTechnologies/tyk/pull/7041
  • [TT-14621]corrected prefix for certificates by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7094
  • [TT-11335] OAS URL rewrite schema update by @MaciekMis in https://github.com/TykTechnologies/tyk/pull/7099
  • TT-8317 Add KeyID to Protobuf by @nerdydread in https://github.com/TykTechnologies/tyk/pull/6488
  • [Debugger MVP] Some middleware doesn't work for OAS debugger by @shults in https://github.com/TykTechnologies/tyk/pull/7093
  • [TT-15043] Exclude generated files from Sonarqube analysis by @edsonmichaque in https://github.com/TykTechnologies/tyk/pull/7103
  • [TT-13740]: update mod and updated apidef by @kofoworola in https://github.com/TykTechnologies/tyk/pull/7104
  • [TT-14731] Add a flag to enable all bento inputs/outputs by @buraksezer in https://github.com/TykTechnologies/tyk/pull/7116
  • [TT-10496] gRPC plugins do not terminate gracefully and cannot be load balanced by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7111
  • [TT-15065] Mock response stops working after kin-openapi upgrade by @shults in https://github.com/TykTechnologies/tyk/pull/7120
  • [TT-14299] add mqtt and websocket load generator for streams testing by @pvormste in https://github.com/TykTechnologies/tyk/pull/7126
  • [TT-14857] Updating dependencies to fix CVEs by @mativm02 in https://github.com/TykTechnologies/tyk/pull/7119
  • [TT-9234] graceful shutdown of gateway improvments and bug fix for mdcb scenario by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7117
  • TT-15095: ensure jwks URI field works only for OAS API by @olamilekan000 in https://github.com/TykTechnologies/tyk/pull/7129
  • [TT-7932] Errors migrating some versioned APIs to OAS by @MaciekMis in https://github.com/TykTechnologies/tyk/pull/7101
  • [TT-14914] No response middleware information in Tyk OAS API Debugger by @shults in https://github.com/TykTechnologies/tyk/pull/7113
  • [QA-1608 master] Github template update by @konrad-sol in https://github.com/TykTechnologies/tyk/pull/7108
  • [TT-14839] Update version on swagger yml by @lghiur in https://github.com/TykTechnologies/tyk/pull/7141
  • [TT-8963] Unable to loop mocked endpoint by @shults in https://github.com/TykTechnologies/tyk/pull/7105
  • [TT-14838] Addressed gw documentation reviews by @lghiur in https://github.com/TykTechnologies/tyk/pull/7157
  • [TT-14914] No response middleware information in Tyk OAS API Debugger by @shults in https://github.com/TykTechnologies/tyk/pull/7158
  • [TT-15059][TT-11285] MDCB DNS critical fix and policy sync cherrypick by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7167
  • [TT-14990] Update GetCiphers to restore support for legacy TLS cipher suites by @edsonmichaque in https://github.com/TykTechnologies/tyk/pull/7173
  • 5.8.3 docs review by @lghiur in https://github.com/TykTechnologies/tyk/pull/7188
  • [TT-9234] fixes for graceful shutdown regression bugs by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7163
  • [TT-15111] connectivity reviewer by @lghiur in https://github.com/TykTechnologies/tyk/pull/7186
  • [TT-9234] regression fixes with incorrect behaviour by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7202
  • [TT-9234] regression fixes by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7207
  • [TT-15111] probe AI PR reviewers by @lghiur in https://github.com/TykTechnologies/tyk/pull/7209
  • [TT-9234][TT-15257] regression fixes for failing mdcb readiness check by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7215
  • TT-14838 Addressed comments on GW docs improvements by @lghiur in https://github.com/TykTechnologies/tyk/pull/7225
  • [TT-15216] Optimised the probe review prompts to stick to important messages by @lghiur in https://github.com/TykTechnologies/tyk/pull/7222
  • [TT-15216] Fix GH action lint issues by @lghiur in https://github.com/TykTechnologies/tyk/pull/7232
  • [TT-15251] GW prints body decompression error when when you enable analytics by @buraksezer in https://github.com/TykTechnologies/tyk/pull/7230
  • [TT-10273] CORS check should be performed after API Version check by @MaciekMis in https://github.com/TykTechnologies/tyk/pull/7179
  • [TT-14914] No response middleware information in Tyk OAS API Debugger by @shults in https://github.com/TykTechnologies/tyk/pull/7208
  • [TT-14254] The logs produced by the gateway about streams APIs should be in the same format as the other gateway logs by @buraksezer in https://github.com/TykTechnologies/tyk/pull/7245
  • [TT-15321]: added documentation to dev docs for OAS only feature and added helper method by @kofoworola in https://github.com/TykTechnologies/tyk/pull/7246
  • [TT-11244] Custom domain regex causing problems with servers by @shults in https://github.com/TykTechnologies/tyk/pull/7233
  • [TT-7523] [OAS Versioning] Gateway CE allows to create version without new_version_name by @MaciekMis in https://github.com/TykTechnologies/tyk/pull/7244
  • [TT-14370] [OAS] ReadableDuration converts some values to decimals causing a schema problem by @shults in https://github.com/TykTechnologies/tyk/pull/7256
  • [TT-15019] Update Gateway and Plugin Compiler to Go 1.24 by @buraksezer in https://github.com/TykTechnologies/tyk/pull/7265
  • [TT-15505] Remove negate field as mandatory from the OAS API schema by @lghiur in https://github.com/TykTechnologies/tyk/pull/7284
  • [TT-15359]: Added extra jwt validation by @kofoworola in https://github.com/TykTechnologies/tyk/pull/7269
  • [TT-5588] [OAS] gateway apiKey import generates unnecessary object by @MaciekMis in https://github.com/TykTechnologies/tyk/pull/7270
  • [TT-7524] [OAS] Gateway CE behaves differently from Dashboard for middleware and PATCH by @MaciekMis in https://github.com/TykTechnologies/tyk/pull/7261
  • [TT-15507] Revert changes to the "/hello" health check endpoint by @mativm02 in https://github.com/TykTechnologies/tyk/pull/7295
  • [TT-15359]improve backwards compatibility of Jwt claim validation by @kofoworola in https://github.com/TykTechnologies/tyk/pull/7294
  • Revert "[TT-5588] [OAS] gateway apiKey import generates unnecessary object" by @radkrawczyk in https://github.com/TykTechnologies/tyk/pull/7299
  • [TT-14564] Fix: Add mutual TLS support for dedicated rate limiter Redis connection by @buger in https://github.com/TykTechnologies/tyk/pull/7301
  • [TT-15398] added basic configuration for ExternalServiceConfig by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7272
  • Custom domain regex causing problems with servers (bugfix) by @shults in https://github.com/TykTechnologies/tyk/pull/7310
  • [TT-5588] [OAS] gateway apiKey import generates unnecessary object by @MaciekMis in https://github.com/TykTechnologies/tyk/pull/7303
  • [TT-7524] [OAS] Gateway CE behaves differently from Dashboard for middleware and PATCH by @MaciekMis in https://github.com/TykTechnologies/tyk/pull/7305
  • [TT-15568] fix flaky sort logic by @pvormste in https://github.com/TykTechnologies/tyk/pull/7316
  • [TT-15190] feat: Gateway Resilience Enhancement - Intelligent Auto-Recovery for Nonce Desynchronization by @buger in https://github.com/TykTechnologies/tyk/pull/7267
  • Body transform middleware not applied when URL rewrite pattern contains regex by @shults in https://github.com/TykTechnologies/tyk/pull/7302
  • The debugger reports error traces on the endpoint where the 'Response Body Transform' middleware is used. by @shults in https://github.com/TykTechnologies/tyk/pull/7321
  • Custom domain regex causing problems with servers by @shults in https://github.com/TykTechnologies/tyk/pull/7322
  • [TT-15359]: updated documentation for core claims update by @kofoworola in https://github.com/TykTechnologies/tyk/pull/7333
  • Deleting an API with the 'Uptime test' feature enabled crashes the Gateway by @shults in https://github.com/TykTechnologies/tyk/pull/7320
  • [TT-15360]: Custom Claims Validation Framework by @kofoworola in https://github.com/TykTechnologies/tyk/pull/7318
  • [TT-14369] ReadableDuration does not handle time values that "mix" subsecond units - extending tests duration_test.go by @radkrawczyk in https://github.com/TykTechnologies/tyk/pull/7293
  • [OAS] gateway apiKey import generates unnecessary object by @MaciekMis in https://github.com/TykTechnologies/tyk/pull/7328
  • [TT-15379][TT-15383] introduce certificate expiry checks and events by @pvormste in https://github.com/TykTechnologies/tyk/pull/7332
  • [TT-2378] Implementing OAS OR auth logic by @mativm02 in https://github.com/TykTechnologies/tyk/pull/7306
  • Body transform middleware not applied when URL rewrite pattern contains regex by @shults in https://github.com/TykTechnologies/tyk/pull/7330
  • [TT-14665]: Update OAS spec to allow empty versions by @kofoworola in https://github.com/TykTechnologies/tyk/pull/7340
  • [TT-15399] feat: Gateway Resilience Enhancement - Service Integration for External Service Config (Phase 2) by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7325
  • [TT-15380] Enhance JWKS caching by @buraksezer in https://github.com/TykTechnologies/tyk/pull/7339
  • [TT-15684]: Add normalize step to OAS api by @kofoworola in https://github.com/TykTechnologies/tyk/pull/7344
  • [TT-15399] minimal godocs update on external services config by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7346
  • [TT-15662] Review and address GW & Dash CVEs by @buraksezer in https://github.com/TykTechnologies/tyk/pull/7347
  • [TT-15379] fix shared cooldowns for event handlers and use global cooldown cache by @pvormste in https://github.com/TykTechnologies/tyk/pull/7348
  • [TT-15399] fix for fallback behaviour when configs are not set by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7350
  • Request Body Transform MW and Header Transform MW are not sufficiently logged in the debugger by @shults in https://github.com/TykTechnologies/tyk/pull/7338
  • [TT-11960] Incorrect handling of unexpected query parameters by @MaciekMis in https://github.com/TykTechnologies/tyk/pull/7345
  • [TT-15747] OAS versioning identifier key is conditionally required based on the location by @lghiur in https://github.com/TykTechnologies/tyk/pull/7358
  • [TT-15671] Add securityProcessingMode field to support legacy/compliant auth processing by @mativm02 in https://github.com/TykTechnologies/tyk/pull/7349
  • Replace probe workflows with visor by @buger in https://github.com/TykTechnologies/tyk/pull/7364
  • Add security_requirements field to schema and refactor JWT and Basic Auth handling by @mativm02 in https://github.com/TykTechnologies/tyk/pull/7363
  • [TT-15742] Fix certificate expiry handling for recently expired certificates by @edsonmichaque in https://github.com/TykTechnologies/tyk/pull/7365
  • [TT-15852] fix days as integer for expiry events by @pvormste in https://github.com/TykTechnologies/tyk/pull/7371
  • [TT-15798] fix schema for jtiValidation by @pvormste in https://github.com/TykTechnologies/tyk/pull/7375
  • [TT-15718] Upgrade graphql-go-tools dependency to fix CVE-2025-54388 by @buraksezer in https://github.com/TykTechnologies/tyk/pull/7377
  • [TT-15868] Fixing panic when using JWT as a second authentication method in compliant mode by @mativm02 in https://github.com/TykTechnologies/tyk/pull/7384
  • [TT-15719] GW docs 5.10 review by @lghiur in https://github.com/TykTechnologies/tyk/pull/7385
  • [TT-15869] cooldown defaults not working and minor datetime format adjustments by @pvormste in https://github.com/TykTechnologies/tyk/pull/7386
  • [TT-15860] Missing httpclient for upstream oauth by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7381
  • [TT-15863] fix random version picking for not versioned API by @pvormste in https://github.com/TykTechnologies/tyk/pull/7380
  • [TT-15860] initial fix for tls log by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7395
  • [TT-15901] Adding AND support for auth method groups by @mativm02 in https://github.com/TykTechnologies/tyk/pull/7399
  • [Regression]Mock response requests produce a warning level message "session not found. sending inappropriate rate-limit headers" by @shults in https://github.com/TykTechnologies/tyk/pull/7403
  • [TT-15891] made jwkruris cache_timeout ReadableDuration by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7406
  • [TT-15904] Remove redundant task lint from CI test step by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/7401
  • [TT-15904] revert golangcilint return exit code 0 to run ci tests on push to master by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/7413
  • [TT-15901] Enhance AuthORWrapper to support authentication methods without SecuritySchemes by @mativm02 in https://github.com/TykTechnologies/tyk/pull/7411
  • [DX-2102] Bug Fixes and Improvements in Tyk OAS by @sharadregoti in https://github.com/TykTechnologies/tyk/pull/7419
  • [TT-11125] Add trace id request header by @lghiur in https://github.com/TykTechnologies/tyk/pull/7402
  • [TT-15956] Proprietary auth methods are auto populated to OAS Security when changing to compliant mode by @mativm02 in https://github.com/TykTechnologies/tyk/pull/7425
  • Refactor error messages in OAS security validation for consistency by @mativm02 in https://github.com/TykTechnologies/tyk/pull/7440
  • [TT-15953] fix: Make EnforceOrgDataAge respect EnforceOrgQuotas configuration by @buger in https://github.com/TykTechnologies/tyk/pull/7434
  • [TT-15830, TT-7735] Plugin loading failure error is ignored for certain types of plugins by @MaciekMis in https://github.com/TykTechnologies/tyk/pull/7391
  • [TT-15839] Adding bundle validation by @imogenkraak in https://github.com/TykTechnologies/tyk/pull/7422
  • [TT-15141] Toggling default policy from inactive to active does not activate JWT in some cases by @MaciekMis in https://github.com/TykTechnologies/tyk/pull/7431
  • [TT-15141] Toggling default policy from inactive to active does not activate JWT in some cases - revert session save by @MaciekMis in https://github.com/TykTechnologies/tyk/pull/7449
  • [TT-14814] fix bundle loading issue by @pvormste in https://github.com/TykTechnologies/tyk/pull/7436
  • [TT-15415] Added response body size validation by @imogenkraak in https://github.com/TykTechnologies/tyk/pull/7430
  • TT-15867 - rollout new Jira linter by @bsten-tyk in https://github.com/TykTechnologies/tyk/pull/7439
  • [TT-15734] Handle big.Int JSON marshaling errors in logrus formatter by @lghiur in https://github.com/TykTechnologies/tyk/pull/7465
  • TT-15781: add aggregator job to ci-test.yml by @sredxny in https://github.com/TykTechnologies/tyk/pull/7458
  • Update docs for Gateway changes by @jay-deshmukh in https://github.com/TykTechnologies/tyk/pull/7475
  • [TT-15955] Inefficient DNS change detection causes unnecessary RPC retries and request blocking by @mativm02 in https://github.com/TykTechnologies/tyk/pull/7473
  • [TT-16002] fixed context propagation in grpc calls by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7481
  • [TT-14871] Expose Gateway-Only Latency in Tyk Metrics by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7464
  • [TT-14871] fixed go.mod not having latest available pump commit by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7488
  • [TT-15201] Sometimes the data plane gateway returns 404 page not found by @buraksezer in https://github.com/TykTechnologies/tyk/pull/7487
  • [TT-16055] upgrade golangcilint to v2.5.0 by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/7491
  • [TT-16055] remove redundant codegen:smart by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/7495
  • [TT-16032] Add DNS monitoring feature for worker gateway by @mativm02 in https://github.com/TykTechnologies/tyk/pull/7485
  • [TT-15967] add alias packages by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/7463
  • [TT-15595, fixed the gateway API not accepting 0 weight and not being … by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7498
  • [TT-14871] fix in-gateway time measurement being measured wrong by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7500
  • [TT-15606] fix certificate chain mTLS handshake by @pvormste in https://github.com/TykTechnologies/tyk/pull/7505
  • TT-15793 added workflow to Suggest target branches by @sredxny in https://github.com/TykTechnologies/tyk/pull/7511
  • [TT-15473] Generate proper OAS server URLs by @lghiur in https://github.com/TykTechnologies/tyk/pull/7509
  • [TT-15595] temporarily remove upstream target from load balancing by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7524
  • [TT-14359] fix nested scopes for identity base field by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7522
  • [TT-16109] Export GenerateTykServers so it can be used by Dashboard API by @lghiur in https://github.com/TykTechnologies/tyk/pull/7532
  • [TT-6613] JWT authentication should not require a base policy if scope-to-policy mapping is used by @mativm02 in https://github.com/TykTechnologies/tyk/pull/7504
  • [TT-15426]fixed go.mod not having latest graphql-go-tools version by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7534
  • [TT-15354]: Improve logging in JWT Middleware by @imogenkraak in https://github.com/TykTechnologies/tyk/pull/7528
  • [TT-15825] [BE] Address inconsistencies with use of Policy identifiers by @shults in https://github.com/TykTechnologies/tyk/pull/7424
  • TT-14891 - adds client ip from XFF by depth by @sedkis in https://github.com/TykTechnologies/tyk/pull/7063
  • [TT-15100][TT-15091] adjusted swagger enum and tyk vendor extension schema name by @lghiur in https://github.com/TykTechnologies/tyk/pull/7535
  • when worker node is on emergency node, do not panic when using a new jwt token by @sredxny in https://github.com/TykTechnologies/tyk/pull/5534
  • [TT-15683] Add JWKS cache flush to the Dashboard API and MDCB by @buraksezer in https://github.com/TykTechnologies/tyk/pull/7523
  • [TT-16119][TT-15473] Fix URL generation bugs by @lghiur in https://github.com/TykTechnologies/tyk/pull/7541
  • [TT-16142] fix CVEs for v5.10.1 by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7543
  • [TT-15966] Update storage library to v1.3.0 by @mativm02 in https://github.com/TykTechnologies/tyk/pull/7539
  • Gromit sync with tyk repo TT-16131 by @Razeen-Abdal-Rahman in https://github.com/TykTechnologies/tyk/pull/7542
  • [TT-16121] Generate relative server urls for APIs with no matching tags by @lghiur in https://github.com/TykTechnologies/tyk/pull/7544
  • [TT-15942]: Integrate Sentinel One CNS scanner workflow by @asutosh in https://github.com/TykTechnologies/tyk/pull/7529
  • [TT-16121] Always generate relative paths except when custom domains are configured by @lghiur in https://github.com/TykTechnologies/tyk/pull/7553
  • [TT-15954]: Make org session fetch non-blocking by @imogenkraak in https://github.com/TykTechnologies/tyk/pull/7531
  • [TT-16109][TT-16149] Fix fallback URLs and disabled domain handling after relative path changes by @lghiur in https://github.com/TykTechnologies/tyk/pull/7557
  • [TT-15683] Add NoticeInvalidateJWKSCacheForAPI event processing logic… by @buraksezer in https://github.com/TykTechnologies/tyk/pull/7562
  • [TT-16172] Fixes bug where OAS server URLs endpoint returned "self" instead of actual version name in headers/query parameters. by @lghiur in https://github.com/TykTechnologies/tyk/pull/7561
  • [TT-16176] respect gateway tags disabled state in server URL generation by @lghiur in https://github.com/TykTechnologies/tyk/pull/7560
  • TT-15780 Auto generated from templates by gromit by @sredxny in https://github.com/TykTechnologies/tyk/pull/7554
  • [TT-12827] A gateway using a redis rate limiter panics if any Gateway sharing the same Redis is using the DRL by @MaciekMis in https://github.com/TykTechnologies/tyk/pull/7558
  • [TT-16176] Generate relative patsh when tags are disabled or 0 by @lghiur in https://github.com/TykTechnologies/tyk/pull/7564
  • [TT-15971] Add cross-repo dashboard build workflow for API tests by @jeffy-mathew in https://github.com/TykTechnologies/tyk/pull/7563
  • FIPS Docker Images for LTS releases only TT-16023 by @Razeen-Abdal-Rahman in https://github.com/TykTechnologies/tyk/pull/7571
  • [TT-16013]Fix/oas security scheme race condition 7573 by @andrei-tyk in https://github.com/TykTechnologies/tyk/pull/7579
  • Merging to release-5.11: [TT-16188] Update info.version (#7598) by @probelabs[bot] in https://github.com/TykTechnologies/tyk/pull/7601
  • Merging to release-5.11: [DX-2045] docs: clarify TYK_GW_MAXIDLECONNSPERHOST default value and recommendation (#7604) by @probelabs[bot] in https://github.com/TykTechnologies/tyk/pull/7610
  • Merging to release-5.11: [DX-2128] docs: clarify TYK_GW_USEREDISLOG requires shared Redis instance (#7607) by @probelabs[bot] in https://github.com/TykTechnologies/tyk/pull/7614
  • Merging to release-5.11: Fix Docs (#7624) by @probelabs[bot] in https://github.com/TykTechnologies/tyk/pull/7627
  • Merging to release-5.11: [TT-16285] Auto generated from templates by gromit (#7630) by @probelabs[bot] in https://github.com/TykTechnologies/tyk/pull/7634
  • Merging to release-5.11: TT-16290 rename the ci aggregator (#7635) by @probelabs[bot] in https://github.com/TykTechnologies/tyk/pull/7640
  • Merging to release-5.11: [TT-16296] fixed keys being set automatically as active (#7642) by @probelabs[bot] in https://github.com/TykTechnologies/tyk/pull/7648
  • Merging to release-5.11: Remove mercurial from plugin compiler Dockerfile (#7670) by @probelabs[bot] in https://github.com/TykTechnologies/tyk/pull/7674
  • Merging to release-5.11: [TT-16468] Using a JWKS URL causes memory leak in gateway 5.11 (#7703) by @probelabs[bot] in https://github.com/TykTechnologies/tyk/pull/7707

New Contributors

  • @padiazg made their first contribution in https://github.com/TykTechnologies/tyk/pull/6229
  • @LLe27 made their first contribution in https://github.com/TykTechnologies/tyk/pull/6344
  • @olamilekan000 made their first contribution in https://github.com/TykTechnologies/tyk/pull/7060
  • @nerdydread made their first contribution in https://github.com/TykTechnologies/tyk/pull/6488

Full Changelog: https://github.com/TykTechnologies/tyk/compare/v5.3.0-rc2...v5.11.1-alpha2

View release on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

About

Stars
10,728
Forks
1,151
Languages
Go Shell Python
View on GitHub Homepage Documentation

Install & Platforms

Install via
docker

Community & Support

Community

Similar tools

Fusio
Hoppscotch Community Edition
requestly
Svix
HyperSwitch

Beta — feedback welcome: [email protected]