- provide request info as a HAR file if
flat/collect-request-infois enabled
- More helpful error message for misspelled type names in
Swagger schemas - don't leak Authorization in FLAT::getRequestInfo()
- fixed a mixup of JSON DOM representation styles
set-envnow does not produce unnecessary quotes for numeric values- Problem in the
split()function, if called with a string containing an ampersand - Send
Vary: Originresponse headers for non-preflight requests if CORS is enabled butOriginwas not sent
- The
uuid3()anduuid4()functions - The
ldap-query()function - LDAP TLS configuration and LDAP timeout
- The
scope-claimandpost-check-flowproperties - Specifying the required token scope
- Merging directives into
php.inivia environment variables
- Path parameters were not usable in error flows
FLAT_DEBUG_ALLOW_HEADERto enable debugging using theDebugrequest header, defaults tofalse- The request option
force-cache-refresh - The
ldap-lookup()function - The
cacheHitproperty in the upstream response information ($upstream)
- Empty objects are no longer logged as empty arrays.
- The
json-to-csv()function allowsnullvalues in array entry objects.
The log action can no longer override system log fields.
- Beta image now publicly available. More about Docker images…
- Warnings in debug log about invalid Swagger definitions
- Validation for the
assertandset-envtest action configurations. - The
erroraction - additional configuration options for the PHP-FPM process management
out-headerproperty for easy JWT forwarding
- Calls to the
content()function affecting the result of thebody()function
- Swagger
securityrequirements can now also be specified at the path level. x-flat-proxyto configure proxies without a flow- Enhanced
proxy-requestaction withorigin,query,stripEndpointandaddPrefixproperties
- If a client URL path is below the API base path, does not match any defined route, and a path is defined which equals the API base path, so that a matching client URL path is the concatenation of the API base path with itself (e.g.
/api/apiif thebasePathis/api), the fallback flow is now properly executed. - Some PEM formatted keys could not be recognized during JWT processing.
- Multi-line values for environment variables are now supported.
- If the
definitionrequest option is given with either aproxy-requestaction orx-flat-proxy, the defaults for theexit-on-error,validate-requestandvalidate-responserequest options are changed totrue.
- The
json-to-csv()function - The FLAT revision is shown when FLAT is started and is available in
$env/FLAT_REVISION
- Enhanced
flat_accesslog with new fields
- When testing multiple test files with
flat test, each test now tests its own response. - Fatal errors when using certain combinations of
jwt-decode()and<eval/>
- Environment variables are shown in the debug log if the debug topic is
env - With activated upstream validation, a missing
definitionoption or adefinitionvalue referencing a non-existant resource now results in a 500 response with a proper error message. - Swagger security scheme objects without
x-flat-jwtare ignored for security checks.
set-response-headersaction now accepts the empty object{}- Reading
swagger.yamlis faster because of caching
- Validation for
application/x-www-form-urlencodedencodedformDataparameters - The
proxy-requestaction - The functions
verify-xmldsig()anddecrypt-xml().
- Parameter handling of the functions
decrypt()andcalc-signature().
- Padding scheme for
encrypt()anddecrypt()to RSAES-OAEP. - Relative paths in the
json-doc()function are resolved relative to the flow file's path.
- The Swagger extension
x-flat-validateis now also recognized belowpaths/<path>andpaths/<path>/<operation>. - The
force-cache-ttlrequest option
- Only allow operations defined in OpenAPI version 2.0 to be used in the
swagger.yaml
- The default value for the
use-http-cacherequest option is now false, even if no request options are configured. - Segmentation fault (or double free) when eval is used to assign nodes from a node-set variable to another variable
- The functions
apply-codecs(),encrypt(),decrypt(),calc-signature()andverify-signature() - The function
file-exists() - The
$errorvariable is set andexit-on-error/error flowhandling is triggered if a request error occurs - The
idandencodingproperties in the JSON request configuration - More environment variables for system configuration and tuning
- If a path in
swagger.yamlends with/**, this entry matches the given path as well as arbitrary paths below it.
- Swagger validation now gracefully accepts empty objects in the definition.
- Logging of template results for more flow actions
- Some alert messages were logged twice
- Evaluating an undefined or
nullvariable, as a string, now returns the empty string instead of the stringnull - Incorrect default content-type
text/xmlfor request bodies - The
set-response-headersaction now replacesCache-Controlheaders instead of merging them - The
serveaction now correctly handles whitespace and other URL-Encoded characters in the name of thefallback-doc
- Swagger definition supports
discriminator, JSON schema$idreferences and JSON schemapropertyNames - The
array-reverse()andsort(),xml-parse()andhtml-parse()functions - Validation of the
request,requestsandset-response-headersaction JSON bodies - The expected result in an
assertaction's assertion can now benull - The
logaction, theget-log()function
- The
report-onlyvalidation modes - The
exit-on-error,mockandvalidaterequest options also for XML-configured requests - Relative paths for e.g.
inwithcopyinbackend-flows
- The
$errorvariable containing error information for client request/response validation errors - The error flow, called if an error occurs, and referenced by
flowinx-flat-errorin the swagger.yaml - The
exit-on-errorrequest option (for JSON-configured requests) to trigger the error flow - An additional parameter
algorithmfor thejwt-decode()function to limit the acceptable signing algorithms. Mandatory for RSASSA based signatures - The
containsandpatterncompare flags for theassertaction - The
flat testFramework withassert,test-request,backend-flowandset-envactions - The
json-stringify()andjson-parse()functions
- The default
User-Agentfor upstream requests isFLAT - Unless
terminate="false"is set, theserveaction will terminate the flow - For the
requestaction: values inheadersmay now also be numeric or boolean - If the signature cannot be created, the
jwt-encode()function returns an empty string and an error message is logged - The
keyfor thejwt-encode()andjwt-decode()functions must not be empty - HTML error page only if HTML is accepted; plain text otherwise
- Fatal error when creating requests with
nullquery parameter - Fatal error when creating requests with invalid body source
- Requests are now rejected if upstream validation is enabled, but no
definitionoption is configured or the given definition is not found - The results of the
split()function can now be used as input forjoin()orfit-serialize()