API Platform 4.10.0.0

Date: October/2022

Front-end modernization

  • The menu screens of Admin Settings have a new look and feel and now use a more advanced front-end technology. With each release, we will deliver more menu screens of the platform with the new look, which soon will completely replace the older one.

Log4j replacement

  • We finished replacing Log4j in the last modules where it was present. The platform is no longer susceptible to this vulnerability as of this version.

New feature

Advanced TLS settings

  • Now when creating an Inbound Address with the HTTPS protocol, there will be a submenu that allows to:

    • Enable or disable the TLS Session Resumption of an Inbound Address.

    • Select which TLS ciphers are accepted within the specified range of an Inbound Address.

Improvements

New character restriction when creating or editing an API

  • To avoid blocking the edit of a Plan or APP when linked to an API that contains the characters '<' and '>' in some of its fields, we restricted their use in the API Name and Description fields when creating or editing an API.

If you wish to edit an existing API with these characters in those fields, first remove them to make the changes.

Interceptors

  • It is now possible to ignore the body in the SQL Threat Protection interceptor when the Content-Type is multipart/form-data.

  • It is now possible to configure expressions to be ignored by the SQL Threat Protection interceptor.

Access Tokens

  • Added a system config that allows Refresh Tokens to be reused.

Bug fixes

  • We fixed a bug that caused the Service Mashup interceptor to not wait for the Service Callout interceptor call to end before executing it.

  • We fixed a crash in the SQL Threat Protection interceptor regex.

  • We fixed an issue that prevented revoking a token linked to an App with canceled status.

  • Removed character limitation for the username of SAML users.

  • We fixed an issue that prevented a user of one team from editing APIs with an environment linked to another team, even with permission to do so.

  • We fixed an issue that did not allow the user to edit an API linked to him and its creator through the "Only me" view.

  • We fixed an issue that prevented Access Tokens from being correctly listed by the "Owner" filter.

  • We fixed an incorrect error return by the SQL Threat Protection interceptor when handling a sizeable body.

  • We fixed a bug that prevented querying apps by queryParams using single quotes.

  • We fixed a bug that prevented Swagger from editing and creating a new revision with Adaptive Governance enabled.

  • We fixed a frontend issue that allowed a user to edit the deployment status of an environment even when that user did not have the proper permissions.

  • We fixed the IP Filtering interceptor. Now it accepts or refuses multiple source IPs.

Services changed

Application Module Version

API Platform

API Manager

4.13.0.1

API Platform

API Gateway

4.10.0.1

API Platform

API Manager Front

4.12.0.0

API Platform

API Authorization

4.5.0.0

API Platform

API Horus

4.3.0.0

API Platform

Connector Manager

4.4.0.0

API Platform

Manager Front

4.12.0.0

API Platform

Manager Front Admin Settings

4.12.0.0

API Platform

Manager Front Consumers

4.12.0.0

API Platform

API Crypto

4.1.0.0

API Platform

Agent Integration

4.2.0.0

API Platform

Agent-authorization

4.1.1.0

API Platform

Agent-gateway

4.2.1.0
Thanks for your feedback!
EDIT

Share your suggestions with us!
Click here and then [+ Submit idea]