You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: tyk-docs/content/developer-support/release-notes/dashboard.md
+211Lines changed: 211 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -321,6 +321,217 @@ Fixed an issue where the `/apis/streams/{apiID}` endpoint was expecting a `Conte
321
321
322
322
## 5.8 Release Notes
323
323
324
+
### 5.8.6 Release Notes
325
+
326
+
#### Release Date 25th September 2025
327
+
328
+
#### Release Highlights
329
+
330
+
This patch release contains various bug fixes. For a comprehensive list of changes, please refer to the detailed [changelog]({{< ref "#Changelog-v5.8.6">}}).
331
+
332
+
#### Breaking Changes
333
+
334
+
There are no breaking changes in this release.
335
+
336
+
#### Dependencies {#dependencies-5.8.6}
337
+
338
+
##### Compatibility Matrix For Tyk Components
339
+
340
+
| Gateway Version | Recommended Releases | Backwards Compatibility |
341
+
|---- |---- |---- |
342
+
| 5.8.6 | MDCB v2.8.4 | MDCB v2.8.4 |
343
+
|| Operator v1.2.0 | Operator v0.17 |
344
+
|| Sync v2.1.3 | Sync v2.1.1 |
345
+
|| Helm Chart v4.0 | Helm all versions |
346
+
|| EDP v1.14.1 | EDP all versions |
347
+
|| Pump v1.12.2 | Pump all versions |
348
+
|| TIB (if using standalone) v1.7.0 | TIB all versions |
349
+
350
+
##### 3rd Party Dependencies & Tools
351
+
352
+
| Third Party Dependency | Tested Versions | Compatible Versions | Comments |
Given the potential time difference between your upgrade and the release of this version, we recommend users verify the ongoing support of third-party dependencies they install, as their status may have changed since the release.
362
+
363
+
#### Deprecations
364
+
365
+
There are no deprecations in this release.
366
+
367
+
#### Upgrade instructions {#upgrade-5.8.6}
368
+
369
+
If you are upgrading to 5.8.6, please follow the detailed [upgrade instructions](#upgrading-tyk).
370
+
371
+
#### Downloads
372
+
373
+
- [Docker Image to pull](https://hub.docker.com/r/tykio/tyk-dashboard/tags?page=&page_size=&ordering=&name=v5.8.6)
- [Source code tarball of Tyk Gateway v5.8.6](https://github.com/TykTechnologies/tyk/releases/tag/v5.8.6)
381
+
382
+
#### Changelog {#Changelog-v5.8.6}
383
+
384
+
385
+
##### Changed
386
+
387
+
<ul>
388
+
<li>
389
+
<details>
390
+
<summary>Upgrade Tyk Dashboard to Golang 1.24 </summary>
391
+
392
+
The Tyk Dashboard has been updated to [Golang 1.24](https://tip.golang.org/doc/go1.24), improving security by staying current with the latest Go versions.
393
+
</details>
394
+
</li>
395
+
396
+
</ul>
397
+
398
+
##### Fixed
399
+
400
+
<ul>
401
+
<li>
402
+
<details>
403
+
<summary>Fixed Missing Response Middleware in Tyk OAS API Debugger</summary>
404
+
405
+
Fixed an issue where the Tyk OAS API Debugger (Test Your API panel) only displayed request middleware execution, omitting response middleware from the debug output. The test debugger now correctly shows both request and response middleware execution, providing complete visibility into the entire request-response cycle for better API testing and troubleshooting.
406
+
</details>
407
+
</li>
408
+
409
+
<li>
410
+
<details>
411
+
<summary>Fixed OpenAPI `servers` section handling for regex-based custom domains</summary>
412
+
413
+
Fixed an issue where custom domains containing regular expressions were not correctly parsed and stored in the `servers` section of OpenAPI descriptions for Tyk OAS APIs. The Dashboard now properly converts regex-based domains into valid OpenAPI `servers` entries with appropriate variables, ensuring accurate API documentation and preventing validation errors during API editing. This fix includes enhanced syntax validation for regular expression (regex) patterns and improved capture group handling, which previously could cause Gateway crashes.
414
+
415
+
</details>
416
+
</li>
417
+
418
+
<li>
419
+
<details>
420
+
<summary>Fixed false error reporting forResponse Body Transform middlewarein API Debugger</summary>
421
+
422
+
Fixed an issue where the Tyk OAS API Debugger (Test Your API panel) incorrectly reported errors for endpoints using Response Body Transform middleware, even when API calls completed successfully. The debugger now accurately displays the execution status and eliminates false error messages that could mislead developers during API testing and troubleshooting.
423
+
</details>
424
+
</li>
425
+
426
+
<li>
427
+
<details>
428
+
<summary>Fixed PATCH endpoint validation to reject Tyk OAS API definitions when expecting OpenAPI description</summary>
429
+
430
+
Fixed an inconsistency where the Dashboard API's `PATCH /api/apis/oas/{apiId}` endpoint incorrectly accepted full Tyk OAS API definitions containing Tyk Vendor Extensions, when it should only accept standard OpenAPI descriptions. The endpoint now properly validates incoming requests and returns `HTTP 400 Bad Request` if the Tyk Vendor Extension is present, ensuring consistent behavior with the Dashboard UI and maintaining the intended separation between OpenAPI description updates and full API configuration changes.
431
+
</details>
432
+
</li>
433
+
434
+
<li>
435
+
<details>
436
+
<summary>Fixed Dashboard API panic when accessing logs without timestamp parameters in PostgreSQL</summary>
437
+
438
+
Fixed an issue where the Tyk Dashboard API would panic and return `HTTP 500 Internal Server Error` when accessing the `/api/logs` endpoint without the required `start` and `end` timestamp parameters in PostgreSQL environments using table sharding. The API now properly handles missing parameters by returning `HTTP 400 Bad Request` with a descriptive error message, improving error handling and API reliability.
439
+
</details>
440
+
</li>
441
+
442
+
<li>
443
+
<details>
444
+
<summary>Fixed orphaned Tyk OAS API versions visibility when using PostgreSQL</summary>
445
+
446
+
Fixed an issue where orphaned child versions of a Tyk OAS API would disappear from the Dashboard UI after their base API was deleted, specifically when using PostgreSQL as the datastore. Orphaned Tyk OAS API versions now remain visible in the Dashboard, ensuring consistent behavior across all supported datastores and preventing loss of access to existing API versions.
447
+
</details>
448
+
</li>
449
+
450
+
<li>
451
+
<details>
452
+
<summary>Fixed cross-interface compatibility for keys and policies with Tyk OAS and non-versioned Tyk Classic APIs</summary>
453
+
454
+
Fixed an issue where keys and policies created or updated via the Dashboard API were sometimes rejected by the Dashboard UI, and vice versa, due to inconsistent handling of the `versions` field for non-versioned Tyk Classic APIs. The issue occurred because the API and UI used different formats when populating the versions list in access rights. Both interfaces now consistently accept either `null` or `[]` (empty array) values in the `versions` field of the access control list, ensuring seamless interoperability between API and UI workflows for policy and key management. Tyk OAS APIs use a [different approach]({{< ref "api-management/api-versioning#how-api-versioning-works-with-tyk" >}}) to versioning, with each (base or child) version having a unique API ID that is added to the access list.
455
+
</details>
456
+
</li>
457
+
458
+
<li>
459
+
<details>
460
+
<summary>Fixed Policy and Key Management UI for versioned APIs</summary>
461
+
462
+
Fixed UI issues in policy and key management that caused confusion and unnecessary validation errors. The API Versions field in the Dashboard UI now appears only when relevant - specifically for versioned Tyk Classic APIs. The field is no longer displayed for Tyk OAS APIs or non-versioned Tyk Classic APIs, eliminating confusion about when version selection is required and preventing policies and keys from failing to save due to irrelevant validation requirements.
463
+
</details>
464
+
</li>
465
+
466
+
<li>
467
+
<details>
468
+
<summary>Fixed `/versions` endpoint to only accept valid Tyk OAS base APIs</summary>
469
+
470
+
Fixed an issue where the `/api/apis/oas/{apiId}/versions` endpoint incorrectly returned version data for Tyk Classic APIs and non-versioned Tyk OAS APIs. The endpoint now properly validates requests and returns `HTTP 422 Unprocessable Entity` when the target API is not a valid Tyk OAS base API, ensuring the endpoint only returns meaningful version information.
471
+
</details>
472
+
</li>
473
+
474
+
<li>
475
+
<details>
476
+
<summary>Fixed multiple issues with the creation of child versions of Tyk OAS APIs</summary>
477
+
478
+
Fixed several issues that affected the creation of new child versions of Tyk OAS APIs to ensure reliable version creation and proper validation:
479
+
480
+
UI and API Creation:
481
+
- Resolved an issue that prevented users from creating new versions via the API Designer's Manage Versions screen
482
+
- Added validation forthe `base_api_id` parameter - providing a non-existent ID would previously create the API successfully, but leave it invisiblein the Dashboard UI
483
+
- Added stricter validation for version names - users can no longer create API versions without specifying a valid `new_version_name`, preventing unusable or empty version entries
484
+
- Improved error messaging when the `base_api_version_name` parameter is missing or incorrectly specified
485
+
486
+
Version Management:
487
+
- Fixed an issue where creating new child versions would incorrectly reset the default version back to the base API, overriding previously configured settings
488
+
489
+
The system now provides comprehensive validation with clear error responses (`HTTP 400 Bad Request` and `HTTP 422 Unprocessable Entity`), ensures that all API versions have meaningful identifiers, and maintains proper default version settings during the creation of child versions.
Fixed an issue where the Tyk Dashboard did not correctly apply a default `page_size` value when none was specified in the Dashboard configuration, potentially causing unexpected pagination behavior. The Dashboard now properly defaults to a page size of 10 items as documented, ensuring consistent and predictable pagination across all Dashboard views.
498
+
</details>
499
+
</li>
500
+
501
+
<li>
502
+
<details>
503
+
<summary>Fixed delayed application of global webhook changes for Tyk OAS APIs</summary>
504
+
505
+
Fixed an issue where updates to [global webhooks]({{< ref "api-management/gateway-events#local-and-global-webhooks">}}) were not immediately applied to Tyk OAS APIs using those webhooks. When global webhook configurations were modified, the Gateway would continue using the previous settings for affected Tyk OAS APIs until a manual reload occurred. The system now automatically triggers a Gateway reload for all impacted Tyk OAS APIs when global webhook configurations are updated, ensuring that the new webhook settings take effect immediately.
506
+
</details>
507
+
</li>
508
+
509
+
<li>
510
+
<details>
511
+
<summary>Fixed GraphQL API creation via upstream introspection when OPA rules modify requests</summary>
512
+
513
+
Fixed an issue where creating GraphQL APIs using upstream introspection in the Dashboard could fail with `HTTP 502 Bad Gateway` errors when OPA rules (typically using `patch_request`) modified the introspection request body. The problem occurred because the Dashboard did not recalculate the `Content-Length` header after OPA modifications, causing length mismatches that resulted in proxy errors. The Dashboard now correctly recalculates the content length for modified introspection requests, ensuring reliable GraphQL API creation regardless of OPA rule configurations.
514
+
</details>
515
+
</li>
516
+
517
+
</ul>
518
+
519
+
520
+
##### Security Fixes
521
+
522
+
<ul>
523
+
<li>
524
+
<details>
525
+
<summary>High priority CVEs fixed</summary>
526
+
527
+
Fixed the following high-priority CVEs identified in the Tyk Dashboard, providing increased protection against security
0 commit comments