Skip to content
This repository has been archived by the owner on Jun 27, 2023. It is now read-only.

Latest commit

 

History

History
302 lines (221 loc) · 14.4 KB

CHANGELOG.md

File metadata and controls

302 lines (221 loc) · 14.4 KB

Change Log

All notable changes to this project will be documented in this file.

Fixes

  • ensure migrations are/can-be run when NODE_ENV=production is set
  • set allowNull: true on columns in KongNode model
  • parse KONGA_HOOK_TIMEOUT as integer

Refactoring

  • Removed code related netdata - looks like the work was started but never finished as it doesn't seem to be exposed anywhere.

Fixes

  • Use standard application configuration for migrations
    • No need to specify the --adapter and --uri parameters when running ./bin/konga.js prepare. The configuration will be loaded in the same manner as when running the application itself.

Fixes

  • Workaround (special) character encoding issues for passwords in sails-postgresql.

Features

  • Upgraded to Sails 1.5.2
    • Lots of manual testing done post-upgrade. Potentially fixed some things - probably broke others. Ran into multiple issues with minified (NODE_ENV=production) JS code post-upgrade. Hopefully fixed all issues but who knows...
  • Add support for newer versions of Postgres (i.e. >11).
  • Implement session expiry - see KONGA_JWT_TOKEN_EXPIRY.
  • Restrict management of users to admin
    • This was done to simplify resolution of security issues in fixes below. Allowing "regular" users to manage/access other users just introduces too many questions around if/when/what they should be allowed to do.
  • Use allow and deny as terms for access control

Fixes

  • Prevent non-admin user from escalating privileges to admin. Kudos to whokilleddb for the disclosure to the upstream repo via huntr.dev.
  • Prevent account take-over on websocket requests. Kudos to salmankhwaja for the disclosure to the upstream repo.

Dependencies

  • Upgraded from node 12 to 16
  • Bumped dependencies across the board
v0.15.2:

found 567 vulnerabilities (88 low, 150 moderate, 247 high, 82 critical)
  run `npm audit fix` to fix them, or `npm audit` for details

v0.16.0:

66 vulnerabilities (6 low, 12 moderate, 36 high, 12 critical)

Breaking Changes

  • Dropped support for MongoDB - don't use it, didn't feel like figuring it out during the upgrade process 🤷
  • Remove the deprecated support for APIs. Kong 2.x is required!

Fixes

  • Strip optional attributes when creating OAuth2 credentials
  • No changes - just republishing 0.15.0 on new tag
  • Added support for client_type and hash_secret to OAuth Credentials management
    • Requires Kong 2.something (I think)...
  • Allow postgres db to be prepared in NODE:ENV=production
  • Upgraded base container image to node12.22-alpine
  • Fix security issue that allowed a user to escalate to admin status. (Kudos to j3ssie).
  • Fix XSS vulnerabity on alerts and notifications. (Kudos to j3ssie).
  • Fix issues #555, #562. Initial registration allows multiple admin users to be created
  • Implemented missing headers, snis, sources, destingations and path_handling fields on routes.
  • Implemented missing client_certificate field on services.
  • Added the ability to seed initial user and node data via configmaps and mounts PR: #522
  • Added Basic Auth credentials support on Connections PR: #393
  • Implemented ACME plugin configuration
  • Updated project dependencies
  • Fix some typos PRs: #551, #546
  • Fixed NO_AUTH onboarding problems related to #474 when using a database.
  • Fixed NO_AUTH onboarding problems related to #474.
  • Minor improvements.
  • Fix issue #473 concerning password length validation on first user registration.
  • Added support for TAGS in all major Kong Entities (Starting from Kong 1.1.0-rc1).
  • Konga can now be used without authentication. In order to do that, simply set the env var NO_AUTH=true.
  • You can now seed default Users and Kong Connections on first install. Check out the docs.
  • The new env var BASE_URL, allows you to run Konga behind a reverse proxy on a relative path. For example, if you configure your proxy to route requests to example.com/konga you will need to set BASE_URL=/konga/
  • Fix compatibility with new response-ratelimiting plugin schema. Ref issue #363.
  • Add ENV HOST support for sails host to bind host by IP address. Ref pull req #451. Big ups to narate!
  • Updated Dockerfile node.js version to 10.16
  • Various minor fixes and improvements

0.14.1 - 27-01-2019

Starting from version 0.14.0, Konga won't be compatible with Kong versions prior to 1.0.0 due to the breaking changes on Kong's API and plugin schemas.

  • [Compatibility] Kong 1.0.0 compatibility.
  • [Deprecation] APIs and related implementations are deprecated.
  • [Fix] Missing fields are included on the upstream form.
  • [Fix] The bundled Kong plugins are no longer needed in order features like Accessible Consumer Routes and Snapshots to work properly.
  • [Enhancement] You can now set up alert triggers and dispatch notifications when upstream targets are not healthy.

0.13.0 - 29-09-2018

  • Better onboarding experience on first install.
  • User accounts are not auto-generated by default. You need to manually register the admin account on first run.
  • The default Kong connection (http://kong:8001) is not auto-generated on first install.
  • Login and Sign up pages got a clean redesign.
  • Fix minor issues

0.12.3 - 26-09-2018

  • [Fix] Solved some routing issues when running Konga behind a reverse proxy at a sub-path. #278
  • [Fix] Fix Glitch that prevented editing services or routes on first login. #281
  • Other minor issues

0.12.2 - 22-08-2018

  • [Fix] Fix wrong require path on db prepare.
  • Other minor issues

0.12.1 - 28-07-2018

  • [Deprecation] Deprecated consumer imports. This feature was not adopted and provided unnecessary complexity to maintenance as well as increased the overall project's size.
  • [Fix] Fixed the trailing slash issue. Konga is now able to communicate with Kong even if a trailing slash exists in the connection url.
  • Cleaned up unused dependencies.
  • When installing Konga from source, the confing/local.js file is deprecated in favor of a .env file. Check the README.md for details.

0.12.0 - 07-07-2018

  • [Fix] Fix snapshots implementation. Use auto generated entity ids for proper relationships mapping.
  • [Compatibility] Implement new Kong plugins properly.
  • [Compatibility] Only handle plugins available on server. Starting with Kong 0.14, the list of available plugins can be defined in KONG_PLUGINS env var.
  • [Enhancement] Implemented Accessible Services and Routes logic on Consumer page.
  • [Enhancement] Implemented Eligible consumers listing based on ACLs and Authentication plugins in Services & Routes
  • [Compatibility] Changed certificates and snis logic for compatibility with Kong 0.14
  • [Fix] Changed the db prepare command
  • Updated dependencies.
  • Various other fixes and improvements.

0.11.2 - 15-06-2018

  • Various Fixes.

0.11.0 - 08-06-2018

  • [Compatibility] Services and Routes support (Kong 0.13+).
  • [Fix #217] Api health checks are now deleted as they should when deleting an api.
  • [Enhancement] Added the ability to set description and tags to Kong's services for better management.
  • [Enhancement] In plugin management forms, all text inputs are changed to textareas so that custom plugins can be better integrated #189.
  • [Enhancement] Database integrations can now be setup by only using the connection url as well as defining connection attributes separately.
  • Various other fixes and improvements.

This update introduces changes in db schema. If you have integrated Konga with a database other than mongoDB, you will have to apply the migrations as described in README.md

0.10.4 - 08-03-2018

  • Better assets caching

0.10.3 - 07-03-2018

  • Added passive health checks configuration in upstreams

0.10.2 - 03-03-2018

  • [Fix #178] Fix issue that produced hook timeouts.
  • [Fix #175] Health checks are now removed when an API is deleted.
  • [Fix] Fix GET targets AND Add possibility to select Hash_on for Upstreams for Kong 0.12.x.
  • [Fix] Fix SSL connection to Postgres.
  • [Fix] Fix api timeouts to match Kong defaults.
  • [Fix #146] Update active Connection's version automatically when Kong version changes.
  • [Fix #131] Statsd plugin management is working as expected again for versions of Kong >= 0.11.x. As a result, Kong versions < 0.11.x are not supported.
  • [Enhancement] Feature to change Konga default users #168. See details
  • [0.12.x compat] Show Upstream health for node when Kong >=0.12.2
  • Various other minor bug fixes and improvements.

0.9.1 - 06-12-2017

  • [Fix] Fix certificate uploads.
  • [Enhancement] Reveal all of oauth credential info in consumer credentials list.
  • [Fix] Address connection ui issues.
  • [Fix] Fix user signup.
  • [Enhancement] [Add environment variables for socket adapter configuration to allow easy socket configuration in docker.](Add environment variables for socket adapter configuration to allow easy socket configuration in docker.)

0.9.0 - 23-10-2017

A database update is required! Make sure you run Konga in dev mode once so that the migrations will take place.

  • [Enhancement] Only admin users can access snapshots.
  • [Enhancement] You don't have to manually specify Kong version when creating a connection anymore. It is now retrieved automatically throughout the application.
  • [Enhancement] You can now schedule your Kong node snapshots and leave Konga to do the rest.
  • [Enhancement] Introducing connection types (Breaking change).
  • [Enhancement] Added support for JWT Auth Loopback API.
  • [Fix] Fixed some issues with snapshots and snapshot restoration.
  • [Fix] Consumer imports are working again.
  • [Fix] Fixed database info display on dashboard page when using Cassandra.

Breaking Changes

Due to the new Connection types logic, the existing connections to Kong admin API are likely to stop working. You will need to create new ones using the new forms. No data or settings will be lost.

0.8.9 - 8-10-2017

  • Allow certificates deletion.
  • Manage SNIs from certificates detail modal.

0.8.8 - 8-10-2017

  • When starting the app for the first time using postgres or MySQL adapters, Konga will now create the databases automatically.
  • Parts of UI are redesigned in a cleaner way.
  • Consumer page now also displays the APIs a consumer can access based on his ACLs.
  • Slack integration. You can now configure Konga to send notifications to slack.
  • Fix issue which prevented consumer creation with empty username or custom_id.
  • Other minor bug fixes and improvements.

0.8.0 - 23-5-2017

  • UI/UX revamp.
  • Massive refactoring and logic improvements.
  • Configurable user permissions.
  • Various bug fixes and improvements.

0.8.7 - 29-9-2017

  • [FIX] Tests are working again.
  • [FIX] Better error handling when adding groups and credentials to consumers.
  • [FIX] kongadata dir is now created inside the project folder by default. The docker volume now becomes /app/kongadata

0.8.6 - 24-9-2017

0.8.5 - 23-9-2017

  • Fix docker automated builds failure.
  • Removed kong admin url from connections chooser.
  • Sails js hookTimeout is now configurable via env var KONGA_HOOK_TIMEOUT.

0.8.4 - 19-9-2017

  • Fix bug where a new user could not be created when users where not allowed to sign up.
  • Hide API keys in connections when logged in as a simple user.

0.8.3 - 20-8-2017

  • Kong 0.11.x compatibility.
  • Added the ability to manage consumer plugins directly from the consumer edit page.
  • More dynamic backwards compatibility logic.
  • Other minor fixes and improvements.

0.8.1 - 3-7-2017