> For the complete documentation index, see [llms.txt](https://sevenval.gitbook.io/flat/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://sevenval.gitbook.io/flat/changelog.md).

# Changelog

## [20220413](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags)

### Added

* provide request info as a HAR file if [`flat/collect-request-info`](/flat/reference/configuration.md) is enabled

### Fixed

* More helpful error message for misspelled type names in [`Swagger schemas`](/flat/reference/openapi.md)
* don't leak Authorization in FLAT::getRequestInfo()
* fixed a mixup of JSON DOM representation styles

## [20210623](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags)

### Added

* The [`validate-request-security` request option](/flat/reference/actions/request.md#options)

### Fixed

* [`set-env`](/flat/reference/actions/set-env.md) now does not produce unnecessary quotes for numeric values
* Problem in the [`split()` function](/flat/reference/functions/split.md), if called with a string containing an ampersand
* Send `Vary: Origin` response headers for non-preflight requests if [CORS](/flat/reference/openapi-1/cors.md) is enabled but `Origin` was not sent

## [20210107](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags)

### Added

* The [`uuid3()` and `uuid4()` functions](/flat/reference/functions/uuid.md)
* The [`ldap-query()` function](/flat/reference/functions/ldap-query.md)
* [LDAP TLS configuration](/flat/reference/configuration.md#ldap-tls-configuration) and [LDAP timeout](/flat/reference/configuration.md#ldap-timeout)
* The [`scope-claim`](/flat/reference/openapi-5/security.md#the-x-flat-jwt-field) and [`post-check-flow`](/flat/reference/openapi-5/security.md#the-x-flat-jwt-field) properties
* Specifying the [required token scope](/flat/reference/openapi-5/security.md#applying-security-schemes)
* [Merging directives into `php.ini`](/flat/administration/configuration.md#php-ini) via environment variables

### Fixed

* [Path parameters](/flat/reference/openapi-4/routing.md#path-parameters) were not usable in [error flows](/flat/reference/openapi-4/routing.md#error-flow)

## [20200828](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags)

### Added

* [`FLAT_DEBUG_ALLOW_HEADER`](/flat/reference/debugging.md#per-request-debugging) to enable debugging using the `Debug` request header, defaults to `false`
* The [request option](/flat/reference/actions/request.md#options) `force-cache-refresh`
* The [`ldap-lookup()` function](/flat/reference/functions/ldap-lookup.md)
* The `cacheHit` property in the [upstream response information (`$upstream`)](/flat/reference/variables.md#usdupstream)

### Fixed

* Empty objects are no longer [logged](/flat/cookbook/custom-logging.md#adding-a-log-field) as empty arrays.
* The [`json-to-csv()` function](/flat/reference/functions/json-to-csv.md) allows `null` values in array entry objects.

### Changed

The [`log` action](/flat/reference/actions/log.md) can no longer override [system log fields](/flat/administration/logging.md#fields).

## [20200519](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags)

### Added

* [Beta image](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags?name=beta) now publicly available. [More about Docker images…](/flat/administration/docker.md)
* Warnings in [debug log](/flat/reference/debugging.md) about invalid [Swagger definitions](https://github.com/sevenval/flat-docs/blob/master/reference/openapi/differences.md)
* Validation for the [`assert`](/flat/reference/actions/assert.md) and [`set-env`](/flat/reference/actions/set-env.md) test action configurations.
* The [`error` action](/flat/reference/actions/error.md)
* additional configuration options for the [PHP-FPM process management](/flat/administration/configuration.md)
* [`out-header`](/flat/reference/openapi-5/security.md#forwarding-jwt-upstream) property for easy JWT forwarding

### Fixed

* Calls to the [`content()` function](/flat/reference/functions/content.md) affecting the result of the [`body()` function](/flat/reference/functions/body.md)

## [20200424](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags)

### Added

* [Swagger `security` requirements](/flat/reference/openapi-5/security.md) can now also be specified at the path level.
* [`x-flat-proxy`](/flat/reference/openapi-4/routing.md#assigning-flat-proxies) to configure proxies without a flow
* Enhanced [`proxy-request` action](/flat/reference/actions/proxy-request.md) with `origin`, `query`, `stripEndpoint` and `addPrefix` properties

### Fixed

* If a client URL path is below the API base path, does not match any defined route, and a path is defined which equals the API base path, so that a matching client URL path is the concatenation of the API base path with itself (e.g. `/api/api` if the `basePath` is `/api`), the [fallback flow](/flat/reference/openapi-4/routing.md#fallback-flow) is now properly executed.
* Some PEM formatted keys could not be recognized during [JWT processing](/flat/cookbook/jwt.md).
* Multi-line values for [environment variables](/flat/cookbook/envvars.md) are now supported.

### Changed

* If the `definition` [request option](/flat/reference/actions/request.md#options) is given with either a [`proxy-request` action](/flat/reference/actions/proxy-request.md) or [`x-flat-proxy`](/flat/reference/openapi-4/routing.md#assigning-flat-proxies), the defaults for the `exit-on-error`, `validate-request` and `validate-response` request options are changed to `true`.

## [20200409](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags)

### Added

* The [`json-to-csv()` function](/flat/reference/functions/json-to-csv.md)
* The FLAT revision is shown when FLAT is started and is available in [`$env/FLAT_REVISION`](/flat/reference/variables.md)

### Changed

* Enhanced [`flat_access` log](/flat/administration/logging.md#access-log) with new fields

### Fixed

* When [testing](/flat/reference/testing.md) multiple test files with `flat test`, each test now tests its own response.
* Fatal errors when using certain combinations of [`jwt-decode()`](/flat/reference/functions/jwt-decode.md) and [`<eval/>`](/flat/reference/actions/eval.md)

## [20200323](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags)

### Fixed

* [Environment variables](/flat/cookbook/envvars.md) are shown in the debug log if the [debug topic](/flat/reference/debugging.md) is `env`
* With activated [upstream validation](/flat/tutorial.md#upstream-validation), a missing `definition` [option](/flat/reference/actions/request.md#options) or a `definition` value referencing a non-existant resource now results in a 500 response with a proper error message.
* Swagger security scheme objects without `x-flat-jwt` are ignored for [security checks](/flat/reference/openapi-5/security.md).

## [20200318](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags)

### Added

* [`body()` function](/flat/reference/functions/body.md)
* [`pass-body` action](/flat/reference/actions/pass-body.md)
* [Security checks with JWT](/flat/reference/openapi-5/security.md).

### Changed

* [`set-response-headers` action](/flat/reference/actions/set-response-headers.md) now accepts the empty object `{}`
* Reading [`swagger.yaml`](/flat/reference/openapi.md) is faster because of caching

## [20200213](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags)

### Added

* Validation for `application/x-www-form-urlencoded` encoded [`formData` parameters](https://swagger.io/docs/specification/2-0/describing-parameters/#form-parameters)
* The [`proxy-request`](/flat/reference/actions/proxy-request.md) action
* The functions [`verify-xmldsig()`](/flat/reference/functions/verify-xmldsig.md) and [`decrypt-xml()`](/flat/reference/functions/decrypt-xml.md).

### Fixed

* Parameter handling of the functions [`decrypt()`](/flat/reference/functions/decrypt.md) and [`calc-signature()`](/flat/reference/functions/calc-signature.md).

### Changed

* Padding scheme for [`encrypt()`](/flat/reference/functions/encrypt.md) and [`decrypt()`](/flat/reference/functions/decrypt.md) to [RSAES-OAEP](https://en.wikipedia.org/wiki/Optimal_asymmetric_encryption_padding).
* Relative paths in the [`json-doc()` function](/flat/reference/functions/json-doc.md) are resolved relative to the flow file's path.

## [20200110](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags)

### Added

* The [Swagger extension](/flat/reference/openapi-2/differences.md#x-flat-extensions) `x-flat-validate` is now also recognized below `paths/<path>` and `paths/<path>/<operation>`.
* The `force-cache-ttl` [request option](/flat/reference/actions/request.md#options)

### Changed

* Only allow operations defined in [OpenAPI version 2.0](https://swagger.io/specification/v2/#pathItemObject) to be used in the [`swagger.yaml`](/flat/reference/openapi.md)

### Fixed

* The default value for the `use-http-cache` [request option](/flat/reference/actions/request.md#options) is now false, even if no request options are configured.
* Segmentation fault (or double free) when [eval](/flat/reference/actions/eval.md) is used to assign nodes from a node-set variable to another variable

## [20191210](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags)

### Added

* The functions [`apply-codecs()`](/flat/reference/functions/apply-codecs.md), [`encrypt()`](/flat/reference/functions/encrypt.md), [`decrypt()`](/flat/reference/functions/decrypt.md), [`calc-signature()`](/flat/reference/functions/calc-signature.md) and [`verify-signature()`](/flat/reference/functions/verify-signature.md)
* The function [`file-exists()`](/flat/reference/functions/file-exists.md)
* The [`$error`](/flat/reference/variables.md#usderror) variable is set and [`exit-on-error`/`error flow` handling](/flat/cookbook/error-flow.md) is triggered if a request error occurs
* The [`id`](/flat/reference/actions/request.md#id) and [`encoding`](/flat/reference/actions/request.md#encoding) properties in the JSON request configuration
* More environment variables for system [configuration and tuning](/flat/administration/configuration.md)
* If a path in [`swagger.yaml`](/flat/reference/openapi-2/differences.md#wildcard-paths) ends with `/**`, this entry matches the given path as well as arbitrary paths below it.

### Changed

* [Swagger validation](/flat/reference/openapi-7/validation.md) now gracefully accepts empty objects in the definition.
* Logging of [template results](/flat/reference/templating.md) for more [flow actions](/flat/reference/actions.md)

### Fixed

* Some alert messages were [logged](/flat/administration/logging.md) twice
* Evaluating an undefined or `null` [variable](/flat/reference/variables.md), as a string, now returns the empty string instead of the string `null`
* Incorrect default content-type `text/xml` for request bodies
* The [`set-response-headers` action](/flat/reference/actions/set-response-headers.md) now replaces `Cache-Control` headers instead of merging them
* The [`serve` action](/flat/reference/actions/serve.md) now correctly handles whitespace and other URL-Encoded characters in the name of the `fallback-doc`

## [20191018](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags)

### Added

* Swagger definition supports [`discriminator`](https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#composition-and-inheritance-polymorphism), [JSON schema `$id` references](https://json-schema.org/understanding-json-schema/structuring.html#using-id-with-ref) and [JSON schema `propertyNames`](https://json-schema.org/understanding-json-schema/reference/object.html#property-names)
* The [`array-reverse()`](/flat/reference/functions/array-reverse.md) and [`sort()`](/flat/reference/functions/sort.md), [`xml-parse()`](/flat/reference/functions/xml-parse.md) and [`html-parse()`](/flat/reference/functions/html-parse.md) functions
* Validation of the [`request`](/flat/reference/actions/request.md), [`requests`](/flat/reference/actions/requests.md) and [`set-response-headers` action](/flat/reference/actions/set-response-headers.md) JSON bodies
* The expected result in an [`assert` action](/flat/reference/actions/assert.md)'s assertion can now be `null`
* The [`log` action](/flat/reference/actions/log.md), the [`get-log()` function](/flat/reference/functions/get-log.md)

### Changed

* The test search for [flat-test](/flat/reference/testing.md) is recursive
* [Logs](/flat/administration/logging.md) are sent to stderr in JSON format

### Fixed

* The `report-only` [validation modes](/flat/reference/openapi-7/validation.md)
* The `exit-on-error`, `mock` and `validate` [request options](/flat/reference/actions/request.md#options) also for XML-configured requests
* Relative paths for e.g. `in` with `copy` in [`backend-flows`](/flat/reference/actions/backend-flow.md)

## [20190919](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags)

### Added

* The [`$error`](/flat/reference/variables.md#usderror) variable containing error information for client request/response validation errors
* The [error flow](/flat/cookbook/error-flow.md), called if an error occurs, and referenced by `flow` in `x-flat-error` in the swagger.yaml
* The `exit-on-error` [request option](/flat/reference/actions/request.md#options) (for JSON-configured requests) to trigger the error flow
* An additional parameter `algorithm` for the [`jwt-decode()`](/flat/reference/functions/jwt-decode.md) function to limit the acceptable signing algorithms. Mandatory for RSASSA based signatures
* The `contains` and `pattern` [compare flags](/flat/reference/actions/assert.md#compare-flags) for the `assert` action
* The `flat test` Framework with [`assert`](/flat/reference/actions/assert.md), [`test-request`](/flat/reference/actions/test-request.md), [`backend-flow`](/flat/reference/actions/backend-flow.md) and [`set-env`](/flat/reference/actions/set-env.md) actions
* The [`json-stringify()`](/flat/reference/functions/json-stringify.md) and [`json-parse()`](/flat/reference/functions/json-parse.md) functions

### Changed

* The default `User-Agent` for [upstream requests](/flat/reference/actions/request.md) is `FLAT`
* Unless `terminate="false"` is set, the [`serve` action](/flat/reference/actions/serve.md) will terminate the flow
* For the [`request` action](/flat/reference/actions/request.md): values in [`headers`](/flat/reference/actions/request.md#headers) may now also be numeric or boolean
* If the signature cannot be created, the [`jwt-encode()`](/flat/reference/functions/jwt-encode.md) function returns an empty string and an error message is logged
* The `key` for the [`jwt-encode()`](/flat/reference/functions/jwt-encode.md) and [`jwt-decode()`](/flat/reference/functions/jwt-decode.md) functions must not be empty
* HTML [error page](/flat/tutorial.md#getting-started) only if HTML is accepted; plain text otherwise

### Fixed

* Fatal error when creating requests with `null` [query parameter](/flat/reference/actions/request.md#query)
* Fatal error when creating requests with invalid [body source](/flat/reference/actions/request.md#body)
* Requests are now rejected if upstream validation is enabled, but no [`definition` option](/flat/reference/actions/request.md#options) is configured or the given definition is not found
* The results of the [`split()`](/flat/reference/functions/split.md) function can now be used as input for [`join()`](/flat/reference/functions/join.md) or [`fit-serialize()`](/flat/reference/functions/fit-serialize.md)
