Changelog

FLAT
Couper Sevenval Technologies Docker Image Github
Search…
master
​20210623​
Added
The validate-request-security request option​
Fixed
​set-env now does not produce unnecessary quotes for numeric values
Problem in the split() function, if called with a string containing an ampersand
Send Vary: Origin response headers for non-preflight requests if CORS is enabled but Origin was not sent
​20210107​
Added
The uuid3() and uuid4() functions​
The ldap-query() function​
​LDAP TLS configuration and LDAP timeout​
The scope-claim and post-check-flow properties
Specifying the required token scope​
​Merging directives into php.ini via environment variables
Fixed
​Path parameters were not usable in error flows​
​20200828​
Added
​FLAT_DEBUG_ALLOW_HEADER to enable debugging using the Debug request header, defaults to false
The request option force-cache-refresh
The ldap-lookup() function​
The cacheHit property in the upstream response information ($upstream)​
Fixed
Empty objects are no longer logged as empty arrays.
The json-to-csv() function allows null values in array entry objects.
Changed
The log action can no longer override system log fields.
​20200519​
Added
​Beta image now publicly available. More about Docker images…​
Warnings in debug log about invalid Swagger definitions​
Validation for the assert and set-env test action configurations.
The error action​
additional configuration options for the PHP-FPM process management​
​out-header property for easy JWT forwarding
Fixed
Calls to the content() function affecting the result of the body() function​
​20200424​
Added
​Swagger security requirements can now also be specified at the path level.
​x-flat-proxy to configure proxies without a flow
Enhanced proxy-request action with origin, query, stripEndpoint and addPrefix properties
Fixed
If a client URL path is below the API base path, does not match any defined route, and a path is defined which equals the API base path, so that a matching client URL path is the concatenation of the API base path with itself (e.g. /api/api if the basePath is /api), the fallback flow is now properly executed.
Some PEM formatted keys could not be recognized during JWT processing.
Multi-line values for environment variables are now supported.
Changed
If the definition request option is given with either a proxy-request action or x-flat-proxy, the defaults for the exit-on-error, validate-request and validate-response request options are changed to true.
​20200409​
Added
The json-to-csv() function​
The FLAT revision is shown when FLAT is started and is available in $env/FLAT_REVISION​
Changed
Enhanced flat_access log with new fields
Fixed
When testing multiple test files with flat test, each test now tests its own response.
Fatal errors when using certain combinations of jwt-decode() and <eval/>​
​20200323​
Fixed
​Environment variables are shown in the debug log if the debug topic is env
With activated upstream validation, a missing definition option or a definition value referencing a non-existant resource now results in a 500 response with a proper error message.
Swagger security scheme objects without x-flat-jwt are ignored for security checks.
​20200318​
Added
​body() function​
​pass-body action​
​Security checks with JWT.
Changed
​set-response-headers action now accepts the empty object {}
Reading swagger.yaml is faster because of caching
​20200213​
Added
Validation for application/x-www-form-urlencoded encoded formData parameters​
The proxy-request action
The functions verify-xmldsig() and decrypt-xml().
Fixed
Parameter handling of the functions decrypt() and calc-signature().
Changed
Padding scheme for encrypt() and decrypt() to RSAES-OAEP.
Relative paths in the json-doc() function are resolved relative to the flow file's path.
​20200110​
Added
The Swagger extension x-flat-validate is now also recognized below paths/<path> and paths/<path>/<operation>.
The force-cache-ttl request option​
Changed
Only allow operations defined in OpenAPI version 2.0 to be used in the swagger.yaml​
Fixed
The default value for the use-http-cache request option is now false, even if no request options are configured.
Segmentation fault (or double free) when eval is used to assign nodes from a node-set variable to another variable
​20191210​
Added
The functions apply-codecs(), encrypt(), decrypt(), calc-signature() and verify-signature()​
The function file-exists()​
The $error variable is set and exit-on-error/error flow handling is triggered if a request error occurs
The id and encoding properties in the JSON request configuration
More environment variables for system configuration and tuning​
If a path in swagger.yaml ends with /**, this entry matches the given path as well as arbitrary paths below it.
Changed
​Swagger validation now gracefully accepts empty objects in the definition.
Logging of template results for more flow actions​
Fixed
Some alert messages were logged twice
Evaluating an undefined or null variable, as a string, now returns the empty string instead of the string null
Incorrect default content-type text/xml for request bodies
The set-response-headers action now replaces Cache-Control headers instead of merging them
The serve action now correctly handles whitespace and other URL-Encoded characters in the name of the fallback-doc
​20191018​
Added
Swagger definition supports discriminator,  JSON schema $id references and JSON schema propertyNames​
The array-reverse() and sort(), xml-parse() and html-parse() functions
Validation of the request, requests and set-response-headers action JSON bodies
The expected result in an assert action's assertion can now be null
The log action, the get-log() function​
Changed
The test search for flat-test is recursive
​Logs are sent to stderr in JSON format
Fixed
The report-only validation modes​
The exit-on-error, mock and validate request options also for XML-configured requests
Relative paths for e.g. in with copy in backend-flows​
​20190919​
Added
The $error variable containing error information for client request/response validation errors
The error flow, called if an error occurs, and referenced by flow in x-flat-error in the swagger.yaml
The exit-on-error request option (for JSON-configured requests) to trigger the error flow
An additional parameter algorithm for the jwt-decode() function to limit the acceptable signing algorithms. Mandatory for RSASSA based signatures
The contains and pattern compare flags for the assert action
The flat test Framework with assert, test-request, backend-flow and set-env actions
The json-stringify() and json-parse() functions
Changed
The default User-Agent for upstream requests is FLAT
Unless terminate="false" is set, the serve action will terminate the flow
For the request action: values in headers may now also be numeric or boolean
If the signature cannot be created, the jwt-encode() function returns an empty string and an error message is logged
The key for the jwt-encode() and jwt-decode() functions must not be empty
HTML error page only if HTML is accepted; plain text otherwise
Fixed
Fatal error when creating requests with null query parameter​
Fatal error when creating requests with invalid body source​
Requests are now rejected if upstream validation is enabled, but no definition option is configured or the given definition is not found
The results of the split() function can now be used as input for join() or fit-serialize()​
Tutorial
Last modified 4mo ago
​20210623​

Added

Fixed

​20210107​

Added

Fixed

​20200828​

Added

Fixed

Changed

​20200519​

Added

Fixed

​20200424​

Added

Fixed

Changed

​20200409​

Added

Changed

Fixed

​20200323​

Fixed

​20200318​

Added

Changed

​20200213​

Added

Fixed

Changed

​20200110​

Added

Changed

Fixed

​20191210​

Added

Changed

Fixed

​20191018​

Added

Changed

Fixed

​20190919​

Added

Changed

Fixed

20210623

20210107

20200828

20200519

20200424

20200409

20200323

20200318

20200213

20200110

20191210

20191018

20190919
