# Changelog
## [20220413](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags)
### Added
* provide request info as a HAR file if [`flat/collect-request-info`](https://sevenval.gitbook.io/flat/reference/configuration) is enabled
### Fixed
* More helpful error message for misspelled type names in [`Swagger schemas`](https://sevenval.gitbook.io/flat/reference/openapi)
* don't leak Authorization in FLAT::getRequestInfo()
* fixed a mixup of JSON DOM representation styles
## [20210623](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags)
### Added
* The [`validate-request-security` request option](https://sevenval.gitbook.io/flat/reference/actions/request#options)
### Fixed
* [`set-env`](https://sevenval.gitbook.io/flat/reference/actions/set-env) now does not produce unnecessary quotes for numeric values
* Problem in the [`split()` function](https://sevenval.gitbook.io/flat/reference/functions/split), if called with a string containing an ampersand
* Send `Vary: Origin` response headers for non-preflight requests if [CORS](https://sevenval.gitbook.io/flat/reference/openapi-1/cors) is enabled but `Origin` was not sent
## [20210107](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags)
### Added
* The [`uuid3()` and `uuid4()` functions](https://sevenval.gitbook.io/flat/reference/functions/uuid)
* The [`ldap-query()` function](https://sevenval.gitbook.io/flat/reference/functions/ldap-query)
* [LDAP TLS configuration](https://sevenval.gitbook.io/flat/reference/configuration#ldap-tls-configuration) and [LDAP timeout](https://sevenval.gitbook.io/flat/reference/configuration#ldap-timeout)
* The [`scope-claim`](https://sevenval.gitbook.io/flat/reference/openapi-5/security#the-x-flat-jwt-field) and [`post-check-flow`](https://sevenval.gitbook.io/flat/reference/openapi-5/security#the-x-flat-jwt-field) properties
* Specifying the [required token scope](https://sevenval.gitbook.io/flat/reference/openapi-5/security#applying-security-schemes)
* [Merging directives into `php.ini`](https://sevenval.gitbook.io/flat/administration/configuration#php-ini) via environment variables
### Fixed
* [Path parameters](https://sevenval.gitbook.io/flat/reference/openapi-4/routing#path-parameters) were not usable in [error flows](https://sevenval.gitbook.io/flat/reference/openapi-4/routing#error-flow)
## [20200828](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags)
### Added
* [`FLAT_DEBUG_ALLOW_HEADER`](https://sevenval.gitbook.io/flat/reference/debugging#per-request-debugging) to enable debugging using the `Debug` request header, defaults to `false`
* The [request option](https://sevenval.gitbook.io/flat/reference/actions/request#options) `force-cache-refresh`
* The [`ldap-lookup()` function](https://sevenval.gitbook.io/flat/reference/functions/ldap-lookup)
* The `cacheHit` property in the [upstream response information (`$upstream`)](https://sevenval.gitbook.io/flat/reference/variables#usdupstream)
### Fixed
* Empty objects are no longer [logged](https://sevenval.gitbook.io/flat/cookbook/custom-logging#adding-a-log-field) as empty arrays.
* The [`json-to-csv()` function](https://sevenval.gitbook.io/flat/reference/functions/json-to-csv) allows `null` values in array entry objects.
### Changed
The [`log` action](https://sevenval.gitbook.io/flat/reference/actions/log) can no longer override [system log fields](https://sevenval.gitbook.io/flat/administration/logging#fields).
## [20200519](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags)
### Added
* [Beta image](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags?name=beta) now publicly available. [More about Docker images…](https://sevenval.gitbook.io/flat/administration/docker)
* Warnings in [debug log](https://sevenval.gitbook.io/flat/reference/debugging) about invalid [Swagger definitions](https://github.com/sevenval/flat-docs/blob/master/reference/openapi/differences.md)
* Validation for the [`assert`](https://sevenval.gitbook.io/flat/reference/actions/assert) and [`set-env`](https://sevenval.gitbook.io/flat/reference/actions/set-env) test action configurations.
* The [`error` action](https://sevenval.gitbook.io/flat/reference/actions/error)
* additional configuration options for the [PHP-FPM process management](https://sevenval.gitbook.io/flat/administration/configuration)
* [`out-header`](https://sevenval.gitbook.io/flat/reference/openapi-5/security#forwarding-jwt-upstream) property for easy JWT forwarding
### Fixed
* Calls to the [`content()` function](https://sevenval.gitbook.io/flat/reference/functions/content) affecting the result of the [`body()` function](https://sevenval.gitbook.io/flat/reference/functions/body)
## [20200424](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags)
### Added
* [Swagger `security` requirements](https://sevenval.gitbook.io/flat/reference/openapi-5/security) can now also be specified at the path level.
* [`x-flat-proxy`](https://sevenval.gitbook.io/flat/reference/openapi-4/routing#assigning-flat-proxies) to configure proxies without a flow
* Enhanced [`proxy-request` action](https://sevenval.gitbook.io/flat/reference/actions/proxy-request) with `origin`, `query`, `stripEndpoint` and `addPrefix` properties
### Fixed
* If a client URL path is below the API base path, does not match any defined route, and a path is defined which equals the API base path, so that a matching client URL path is the concatenation of the API base path with itself (e.g. `/api/api` if the `basePath` is `/api`), the [fallback flow](https://sevenval.gitbook.io/flat/reference/openapi-4/routing#fallback-flow) is now properly executed.
* Some PEM formatted keys could not be recognized during [JWT processing](https://sevenval.gitbook.io/flat/cookbook/jwt).
* Multi-line values for [environment variables](https://sevenval.gitbook.io/flat/cookbook/envvars) are now supported.
### Changed
* If the `definition` [request option](https://sevenval.gitbook.io/flat/reference/actions/request#options) is given with either a [`proxy-request` action](https://sevenval.gitbook.io/flat/reference/actions/proxy-request) or [`x-flat-proxy`](https://sevenval.gitbook.io/flat/reference/openapi-4/routing#assigning-flat-proxies), the defaults for the `exit-on-error`, `validate-request` and `validate-response` request options are changed to `true`.
## [20200409](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags)
### Added
* The [`json-to-csv()` function](https://sevenval.gitbook.io/flat/reference/functions/json-to-csv)
* The FLAT revision is shown when FLAT is started and is available in [`$env/FLAT_REVISION`](https://sevenval.gitbook.io/flat/reference/variables)
### Changed
* Enhanced [`flat_access` log](https://sevenval.gitbook.io/flat/administration/logging#access-log) with new fields
### Fixed
* When [testing](https://sevenval.gitbook.io/flat/reference/testing) multiple test files with `flat test`, each test now tests its own response.
* Fatal errors when using certain combinations of [`jwt-decode()`](https://sevenval.gitbook.io/flat/reference/functions/jwt-decode) and [``](https://sevenval.gitbook.io/flat/reference/actions/eval)
## [20200323](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags)
### Fixed
* [Environment variables](https://sevenval.gitbook.io/flat/cookbook/envvars) are shown in the debug log if the [debug topic](https://sevenval.gitbook.io/flat/reference/debugging) is `env`
* With activated [upstream validation](https://sevenval.gitbook.io/flat/tutorial#upstream-validation), a missing `definition` [option](https://sevenval.gitbook.io/flat/reference/actions/request#options) or a `definition` value referencing a non-existant resource now results in a 500 response with a proper error message.
* Swagger security scheme objects without `x-flat-jwt` are ignored for [security checks](https://sevenval.gitbook.io/flat/reference/openapi-5/security).
## [20200318](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags)
### Added
* [`body()` function](https://sevenval.gitbook.io/flat/reference/functions/body)
* [`pass-body` action](https://sevenval.gitbook.io/flat/reference/actions/pass-body)
* [Security checks with JWT](https://sevenval.gitbook.io/flat/reference/openapi-5/security).
### Changed
* [`set-response-headers` action](https://sevenval.gitbook.io/flat/reference/actions/set-response-headers) now accepts the empty object `{}`
* Reading [`swagger.yaml`](https://sevenval.gitbook.io/flat/reference/openapi) is faster because of caching
## [20200213](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags)
### Added
* Validation for `application/x-www-form-urlencoded` encoded [`formData` parameters](https://swagger.io/docs/specification/2-0/describing-parameters/#form-parameters)
* The [`proxy-request`](https://sevenval.gitbook.io/flat/reference/actions/proxy-request) action
* The functions [`verify-xmldsig()`](https://sevenval.gitbook.io/flat/reference/functions/verify-xmldsig) and [`decrypt-xml()`](https://sevenval.gitbook.io/flat/reference/functions/decrypt-xml).
### Fixed
* Parameter handling of the functions [`decrypt()`](https://sevenval.gitbook.io/flat/reference/functions/decrypt) and [`calc-signature()`](https://sevenval.gitbook.io/flat/reference/functions/calc-signature).
### Changed
* Padding scheme for [`encrypt()`](https://sevenval.gitbook.io/flat/reference/functions/encrypt) and [`decrypt()`](https://sevenval.gitbook.io/flat/reference/functions/decrypt) to [RSAES-OAEP](https://en.wikipedia.org/wiki/Optimal_asymmetric_encryption_padding).
* Relative paths in the [`json-doc()` function](https://sevenval.gitbook.io/flat/reference/functions/json-doc) are resolved relative to the flow file's path.
## [20200110](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags)
### Added
* The [Swagger extension](https://sevenval.gitbook.io/flat/reference/openapi-2/differences#x-flat-extensions) `x-flat-validate` is now also recognized below `paths/` and `paths//`.
* The `force-cache-ttl` [request option](https://sevenval.gitbook.io/flat/reference/actions/request#options)
### Changed
* Only allow operations defined in [OpenAPI version 2.0](https://swagger.io/specification/v2/#pathItemObject) to be used in the [`swagger.yaml`](https://sevenval.gitbook.io/flat/reference/openapi)
### Fixed
* The default value for the `use-http-cache` [request option](https://sevenval.gitbook.io/flat/reference/actions/request#options) is now false, even if no request options are configured.
* Segmentation fault (or double free) when [eval](https://sevenval.gitbook.io/flat/reference/actions/eval) is used to assign nodes from a node-set variable to another variable
## [20191210](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags)
### Added
* The functions [`apply-codecs()`](https://sevenval.gitbook.io/flat/reference/functions/apply-codecs), [`encrypt()`](https://sevenval.gitbook.io/flat/reference/functions/encrypt), [`decrypt()`](https://sevenval.gitbook.io/flat/reference/functions/decrypt), [`calc-signature()`](https://sevenval.gitbook.io/flat/reference/functions/calc-signature) and [`verify-signature()`](https://sevenval.gitbook.io/flat/reference/functions/verify-signature)
* The function [`file-exists()`](https://sevenval.gitbook.io/flat/reference/functions/file-exists)
* The [`$error`](https://sevenval.gitbook.io/flat/reference/variables#usderror) variable is set and [`exit-on-error`/`error flow` handling](https://sevenval.gitbook.io/flat/cookbook/error-flow) is triggered if a request error occurs
* The [`id`](https://sevenval.gitbook.io/flat/reference/actions/request#id) and [`encoding`](https://sevenval.gitbook.io/flat/reference/actions/request#encoding) properties in the JSON request configuration
* More environment variables for system [configuration and tuning](https://sevenval.gitbook.io/flat/administration/configuration)
* If a path in [`swagger.yaml`](https://sevenval.gitbook.io/flat/reference/openapi-2/differences#wildcard-paths) ends with `/**`, this entry matches the given path as well as arbitrary paths below it.
### Changed
* [Swagger validation](https://sevenval.gitbook.io/flat/reference/openapi-7/validation) now gracefully accepts empty objects in the definition.
* Logging of [template results](https://sevenval.gitbook.io/flat/reference/templating) for more [flow actions](https://sevenval.gitbook.io/flat/reference/actions)
### Fixed
* Some alert messages were [logged](https://sevenval.gitbook.io/flat/administration/logging) twice
* Evaluating an undefined or `null` [variable](https://sevenval.gitbook.io/flat/reference/variables), as a string, now returns the empty string instead of the string `null`
* Incorrect default content-type `text/xml` for request bodies
* The [`set-response-headers` action](https://sevenval.gitbook.io/flat/reference/actions/set-response-headers) now replaces `Cache-Control` headers instead of merging them
* The [`serve` action](https://sevenval.gitbook.io/flat/reference/actions/serve) now correctly handles whitespace and other URL-Encoded characters in the name of the `fallback-doc`
## [20191018](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags)
### Added
* Swagger definition supports [`discriminator`](https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#composition-and-inheritance-polymorphism), [JSON schema `$id` references](https://json-schema.org/understanding-json-schema/structuring.html#using-id-with-ref) and [JSON schema `propertyNames`](https://json-schema.org/understanding-json-schema/reference/object.html#property-names)
* The [`array-reverse()`](https://sevenval.gitbook.io/flat/reference/functions/array-reverse) and [`sort()`](https://sevenval.gitbook.io/flat/reference/functions/sort), [`xml-parse()`](https://sevenval.gitbook.io/flat/reference/functions/xml-parse) and [`html-parse()`](https://sevenval.gitbook.io/flat/reference/functions/html-parse) functions
* Validation of the [`request`](https://sevenval.gitbook.io/flat/reference/actions/request), [`requests`](https://sevenval.gitbook.io/flat/reference/actions/requests) and [`set-response-headers` action](https://sevenval.gitbook.io/flat/reference/actions/set-response-headers) JSON bodies
* The expected result in an [`assert` action](https://sevenval.gitbook.io/flat/reference/actions/assert)'s assertion can now be `null`
* The [`log` action](https://sevenval.gitbook.io/flat/reference/actions/log), the [`get-log()` function](https://sevenval.gitbook.io/flat/reference/functions/get-log)
### Changed
* The test search for [flat-test](https://sevenval.gitbook.io/flat/reference/testing) is recursive
* [Logs](https://sevenval.gitbook.io/flat/administration/logging) are sent to stderr in JSON format
### Fixed
* The `report-only` [validation modes](https://sevenval.gitbook.io/flat/reference/openapi-7/validation)
* The `exit-on-error`, `mock` and `validate` [request options](https://sevenval.gitbook.io/flat/reference/actions/request#options) also for XML-configured requests
* Relative paths for e.g. `in` with `copy` in [`backend-flows`](https://sevenval.gitbook.io/flat/reference/actions/backend-flow)
## [20190919](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags)
### Added
* The [`$error`](https://sevenval.gitbook.io/flat/reference/variables#usderror) variable containing error information for client request/response validation errors
* The [error flow](https://sevenval.gitbook.io/flat/cookbook/error-flow), called if an error occurs, and referenced by `flow` in `x-flat-error` in the swagger.yaml
* The `exit-on-error` [request option](https://sevenval.gitbook.io/flat/reference/actions/request#options) (for JSON-configured requests) to trigger the error flow
* An additional parameter `algorithm` for the [`jwt-decode()`](https://sevenval.gitbook.io/flat/reference/functions/jwt-decode) function to limit the acceptable signing algorithms. Mandatory for RSASSA based signatures
* The `contains` and `pattern` [compare flags](https://sevenval.gitbook.io/flat/reference/actions/assert#compare-flags) for the `assert` action
* The `flat test` Framework with [`assert`](https://sevenval.gitbook.io/flat/reference/actions/assert), [`test-request`](https://sevenval.gitbook.io/flat/reference/actions/test-request), [`backend-flow`](https://sevenval.gitbook.io/flat/reference/actions/backend-flow) and [`set-env`](https://sevenval.gitbook.io/flat/reference/actions/set-env) actions
* The [`json-stringify()`](https://sevenval.gitbook.io/flat/reference/functions/json-stringify) and [`json-parse()`](https://sevenval.gitbook.io/flat/reference/functions/json-parse) functions
### Changed
* The default `User-Agent` for [upstream requests](https://sevenval.gitbook.io/flat/reference/actions/request) is `FLAT`
* Unless `terminate="false"` is set, the [`serve` action](https://sevenval.gitbook.io/flat/reference/actions/serve) will terminate the flow
* For the [`request` action](https://sevenval.gitbook.io/flat/reference/actions/request): values in [`headers`](https://sevenval.gitbook.io/flat/reference/actions/request#headers) may now also be numeric or boolean
* If the signature cannot be created, the [`jwt-encode()`](https://sevenval.gitbook.io/flat/reference/functions/jwt-encode) function returns an empty string and an error message is logged
* The `key` for the [`jwt-encode()`](https://sevenval.gitbook.io/flat/reference/functions/jwt-encode) and [`jwt-decode()`](https://sevenval.gitbook.io/flat/reference/functions/jwt-decode) functions must not be empty
* HTML [error page](https://sevenval.gitbook.io/flat/tutorial#getting-started) only if HTML is accepted; plain text otherwise
### Fixed
* Fatal error when creating requests with `null` [query parameter](https://sevenval.gitbook.io/flat/reference/actions/request#query)
* Fatal error when creating requests with invalid [body source](https://sevenval.gitbook.io/flat/reference/actions/request#body)
* Requests are now rejected if upstream validation is enabled, but no [`definition` option](https://sevenval.gitbook.io/flat/reference/actions/request#options) is configured or the given definition is not found
* The results of the [`split()`](https://sevenval.gitbook.io/flat/reference/functions/split) function can now be used as input for [`join()`](https://sevenval.gitbook.io/flat/reference/functions/join) or [`fit-serialize()`](https://sevenval.gitbook.io/flat/reference/functions/fit-serialize)