# Changelog

## [20220413](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags)

### Added

* provide request info as a HAR file if [`flat/collect-request-info`](/flat/reference/configuration.md) is enabled

### Fixed

* More helpful error message for misspelled type names in [`Swagger schemas`](/flat/reference/openapi.md)
* don't leak Authorization in FLAT::getRequestInfo()
* fixed a mixup of JSON DOM representation styles

## [20210623](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags)

### Added

* The [`validate-request-security` request option](/flat/reference/actions/request.md#options)

### Fixed

* [`set-env`](/flat/reference/actions/set-env.md) now does not produce unnecessary quotes for numeric values
* Problem in the [`split()` function](/flat/reference/functions/split.md), if called with a string containing an ampersand
* Send `Vary: Origin` response headers for non-preflight requests if [CORS](/flat/reference/openapi-1/cors.md) is enabled but `Origin` was not sent

## [20210107](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags)

### Added

* The [`uuid3()` and `uuid4()` functions](/flat/reference/functions/uuid.md)
* The [`ldap-query()` function](/flat/reference/functions/ldap-query.md)
* [LDAP TLS configuration](/flat/reference/configuration.md#ldap-tls-configuration) and [LDAP timeout](/flat/reference/configuration.md#ldap-timeout)
* The [`scope-claim`](/flat/reference/openapi-5/security.md#the-x-flat-jwt-field) and [`post-check-flow`](/flat/reference/openapi-5/security.md#the-x-flat-jwt-field) properties
* Specifying the [required token scope](/flat/reference/openapi-5/security.md#applying-security-schemes)
* [Merging directives into `php.ini`](/flat/administration/configuration.md#php-ini) via environment variables

### Fixed

* [Path parameters](/flat/reference/openapi-4/routing.md#path-parameters) were not usable in [error flows](/flat/reference/openapi-4/routing.md#error-flow)

## [20200828](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags)

### Added

* [`FLAT_DEBUG_ALLOW_HEADER`](/flat/reference/debugging.md#per-request-debugging) to enable debugging using the `Debug` request header, defaults to `false`
* The [request option](/flat/reference/actions/request.md#options) `force-cache-refresh`
* The [`ldap-lookup()` function](/flat/reference/functions/ldap-lookup.md)
* The `cacheHit` property in the [upstream response information (`$upstream`)](/flat/reference/variables.md#usdupstream)

### Fixed

* Empty objects are no longer [logged](/flat/cookbook/custom-logging.md#adding-a-log-field) as empty arrays.
* The [`json-to-csv()` function](/flat/reference/functions/json-to-csv.md) allows `null` values in array entry objects.

### Changed

The [`log` action](/flat/reference/actions/log.md) can no longer override [system log fields](/flat/administration/logging.md#fields).

## [20200519](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags)

### Added

* [Beta image](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags?name=beta) now publicly available. [More about Docker images…](/flat/administration/docker.md)
* Warnings in [debug log](/flat/reference/debugging.md) about invalid [Swagger definitions](https://github.com/sevenval/flat-docs/blob/master/reference/openapi/differences.md)
* Validation for the [`assert`](/flat/reference/actions/assert.md) and [`set-env`](/flat/reference/actions/set-env.md) test action configurations.
* The [`error` action](/flat/reference/actions/error.md)
* additional configuration options for the [PHP-FPM process management](/flat/administration/configuration.md)
* [`out-header`](/flat/reference/openapi-5/security.md#forwarding-jwt-upstream) property for easy JWT forwarding

### Fixed

* Calls to the [`content()` function](/flat/reference/functions/content.md) affecting the result of the [`body()` function](/flat/reference/functions/body.md)

## [20200424](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags)

### Added

* [Swagger `security` requirements](/flat/reference/openapi-5/security.md) can now also be specified at the path level.
* [`x-flat-proxy`](/flat/reference/openapi-4/routing.md#assigning-flat-proxies) to configure proxies without a flow
* Enhanced [`proxy-request` action](/flat/reference/actions/proxy-request.md) with `origin`, `query`, `stripEndpoint` and `addPrefix` properties

### Fixed

* If a client URL path is below the API base path, does not match any defined route, and a path is defined which equals the API base path, so that a matching client URL path is the concatenation of the API base path with itself (e.g. `/api/api` if the `basePath` is `/api`), the [fallback flow](/flat/reference/openapi-4/routing.md#fallback-flow) is now properly executed.
* Some PEM formatted keys could not be recognized during [JWT processing](/flat/cookbook/jwt.md).
* Multi-line values for [environment variables](/flat/cookbook/envvars.md) are now supported.

### Changed

* If the `definition` [request option](/flat/reference/actions/request.md#options) is given with either a [`proxy-request` action](/flat/reference/actions/proxy-request.md) or [`x-flat-proxy`](/flat/reference/openapi-4/routing.md#assigning-flat-proxies), the defaults for the `exit-on-error`, `validate-request` and `validate-response` request options are changed to `true`.

## [20200409](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags)

### Added

* The [`json-to-csv()` function](/flat/reference/functions/json-to-csv.md)
* The FLAT revision is shown when FLAT is started and is available in [`$env/FLAT_REVISION`](/flat/reference/variables.md)

### Changed

* Enhanced [`flat_access` log](/flat/administration/logging.md#access-log) with new fields

### Fixed

* When [testing](/flat/reference/testing.md) multiple test files with `flat test`, each test now tests its own response.
* Fatal errors when using certain combinations of [`jwt-decode()`](/flat/reference/functions/jwt-decode.md) and [`<eval/>`](/flat/reference/actions/eval.md)

## [20200323](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags)

### Fixed

* [Environment variables](/flat/cookbook/envvars.md) are shown in the debug log if the [debug topic](/flat/reference/debugging.md) is `env`
* With activated [upstream validation](/flat/tutorial.md#upstream-validation), a missing `definition` [option](/flat/reference/actions/request.md#options) or a `definition` value referencing a non-existant resource now results in a 500 response with a proper error message.
* Swagger security scheme objects without `x-flat-jwt` are ignored for [security checks](/flat/reference/openapi-5/security.md).

## [20200318](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags)

### Added

* [`body()` function](/flat/reference/functions/body.md)
* [`pass-body` action](/flat/reference/actions/pass-body.md)
* [Security checks with JWT](/flat/reference/openapi-5/security.md).

### Changed

* [`set-response-headers` action](/flat/reference/actions/set-response-headers.md) now accepts the empty object `{}`
* Reading [`swagger.yaml`](/flat/reference/openapi.md) is faster because of caching

## [20200213](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags)

### Added

* Validation for `application/x-www-form-urlencoded` encoded [`formData` parameters](https://swagger.io/docs/specification/2-0/describing-parameters/#form-parameters)
* The [`proxy-request`](/flat/reference/actions/proxy-request.md) action
* The functions [`verify-xmldsig()`](/flat/reference/functions/verify-xmldsig.md) and [`decrypt-xml()`](/flat/reference/functions/decrypt-xml.md).

### Fixed

* Parameter handling of the functions [`decrypt()`](/flat/reference/functions/decrypt.md) and [`calc-signature()`](/flat/reference/functions/calc-signature.md).

### Changed

* Padding scheme for [`encrypt()`](/flat/reference/functions/encrypt.md) and [`decrypt()`](/flat/reference/functions/decrypt.md) to [RSAES-OAEP](https://en.wikipedia.org/wiki/Optimal_asymmetric_encryption_padding).
* Relative paths in the [`json-doc()` function](/flat/reference/functions/json-doc.md) are resolved relative to the flow file's path.

## [20200110](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags)

### Added

* The [Swagger extension](/flat/reference/openapi-2/differences.md#x-flat-extensions) `x-flat-validate` is now also recognized below `paths/<path>` and `paths/<path>/<operation>`.
* The `force-cache-ttl` [request option](/flat/reference/actions/request.md#options)

### Changed

* Only allow operations defined in [OpenAPI version 2.0](https://swagger.io/specification/v2/#pathItemObject) to be used in the [`swagger.yaml`](/flat/reference/openapi.md)

### Fixed

* The default value for the `use-http-cache` [request option](/flat/reference/actions/request.md#options) is now false, even if no request options are configured.
* Segmentation fault (or double free) when [eval](/flat/reference/actions/eval.md) is used to assign nodes from a node-set variable to another variable

## [20191210](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags)

### Added

* The functions [`apply-codecs()`](/flat/reference/functions/apply-codecs.md), [`encrypt()`](/flat/reference/functions/encrypt.md), [`decrypt()`](/flat/reference/functions/decrypt.md), [`calc-signature()`](/flat/reference/functions/calc-signature.md) and [`verify-signature()`](/flat/reference/functions/verify-signature.md)
* The function [`file-exists()`](/flat/reference/functions/file-exists.md)
* The [`$error`](/flat/reference/variables.md#usderror) variable is set and [`exit-on-error`/`error flow` handling](/flat/cookbook/error-flow.md) is triggered if a request error occurs
* The [`id`](/flat/reference/actions/request.md#id) and [`encoding`](/flat/reference/actions/request.md#encoding) properties in the JSON request configuration
* More environment variables for system [configuration and tuning](/flat/administration/configuration.md)
* If a path in [`swagger.yaml`](/flat/reference/openapi-2/differences.md#wildcard-paths) ends with `/**`, this entry matches the given path as well as arbitrary paths below it.

### Changed

* [Swagger validation](/flat/reference/openapi-7/validation.md) now gracefully accepts empty objects in the definition.
* Logging of [template results](/flat/reference/templating.md) for more [flow actions](/flat/reference/actions.md)

### Fixed

* Some alert messages were [logged](/flat/administration/logging.md) twice
* Evaluating an undefined or `null` [variable](/flat/reference/variables.md), as a string, now returns the empty string instead of the string `null`
* Incorrect default content-type `text/xml` for request bodies
* The [`set-response-headers` action](/flat/reference/actions/set-response-headers.md) now replaces `Cache-Control` headers instead of merging them
* The [`serve` action](/flat/reference/actions/serve.md) now correctly handles whitespace and other URL-Encoded characters in the name of the `fallback-doc`

## [20191018](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags)

### Added

* Swagger definition supports [`discriminator`](https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#composition-and-inheritance-polymorphism), [JSON schema `$id` references](https://json-schema.org/understanding-json-schema/structuring.html#using-id-with-ref) and [JSON schema `propertyNames`](https://json-schema.org/understanding-json-schema/reference/object.html#property-names)
* The [`array-reverse()`](/flat/reference/functions/array-reverse.md) and [`sort()`](/flat/reference/functions/sort.md), [`xml-parse()`](/flat/reference/functions/xml-parse.md) and [`html-parse()`](/flat/reference/functions/html-parse.md) functions
* Validation of the [`request`](/flat/reference/actions/request.md), [`requests`](/flat/reference/actions/requests.md) and [`set-response-headers` action](/flat/reference/actions/set-response-headers.md) JSON bodies
* The expected result in an [`assert` action](/flat/reference/actions/assert.md)'s assertion can now be `null`
* The [`log` action](/flat/reference/actions/log.md), the [`get-log()` function](/flat/reference/functions/get-log.md)

### Changed

* The test search for [flat-test](/flat/reference/testing.md) is recursive
* [Logs](/flat/administration/logging.md) are sent to stderr in JSON format

### Fixed

* The `report-only` [validation modes](/flat/reference/openapi-7/validation.md)
* The `exit-on-error`, `mock` and `validate` [request options](/flat/reference/actions/request.md#options) also for XML-configured requests
* Relative paths for e.g. `in` with `copy` in [`backend-flows`](/flat/reference/actions/backend-flow.md)

## [20190919](https://hub.docker.com/r/sevenvaltechnologies/flatrunner/tags)

### Added

* The [`$error`](/flat/reference/variables.md#usderror) variable containing error information for client request/response validation errors
* The [error flow](/flat/cookbook/error-flow.md), called if an error occurs, and referenced by `flow` in `x-flat-error` in the swagger.yaml
* The `exit-on-error` [request option](/flat/reference/actions/request.md#options) (for JSON-configured requests) to trigger the error flow
* An additional parameter `algorithm` for the [`jwt-decode()`](/flat/reference/functions/jwt-decode.md) function to limit the acceptable signing algorithms. Mandatory for RSASSA based signatures
* The `contains` and `pattern` [compare flags](/flat/reference/actions/assert.md#compare-flags) for the `assert` action
* The `flat test` Framework with [`assert`](/flat/reference/actions/assert.md), [`test-request`](/flat/reference/actions/test-request.md), [`backend-flow`](/flat/reference/actions/backend-flow.md) and [`set-env`](/flat/reference/actions/set-env.md) actions
* The [`json-stringify()`](/flat/reference/functions/json-stringify.md) and [`json-parse()`](/flat/reference/functions/json-parse.md) functions

### Changed

* The default `User-Agent` for [upstream requests](/flat/reference/actions/request.md) is `FLAT`
* Unless `terminate="false"` is set, the [`serve` action](/flat/reference/actions/serve.md) will terminate the flow
* For the [`request` action](/flat/reference/actions/request.md): values in [`headers`](/flat/reference/actions/request.md#headers) may now also be numeric or boolean
* If the signature cannot be created, the [`jwt-encode()`](/flat/reference/functions/jwt-encode.md) function returns an empty string and an error message is logged
* The `key` for the [`jwt-encode()`](/flat/reference/functions/jwt-encode.md) and [`jwt-decode()`](/flat/reference/functions/jwt-decode.md) functions must not be empty
* HTML [error page](/flat/tutorial.md#getting-started) only if HTML is accepted; plain text otherwise

### Fixed

* Fatal error when creating requests with `null` [query parameter](/flat/reference/actions/request.md#query)
* Fatal error when creating requests with invalid [body source](/flat/reference/actions/request.md#body)
* Requests are now rejected if upstream validation is enabled, but no [`definition` option](/flat/reference/actions/request.md#options) is configured or the given definition is not found
* The results of the [`split()`](/flat/reference/functions/split.md) function can now be used as input for [`join()`](/flat/reference/functions/join.md) or [`fit-serialize()`](/flat/reference/functions/fit-serialize.md)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://sevenval.gitbook.io/flat/changelog.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.