additional configuration options for the PHP-FPM process management
out-header property for easy JWT forwarding
security requirements can now also be specified at the path level.
x-flat-proxy to configure proxies without a flow
proxy-request action with
If a client URL path is below the API base path, does not match any defined route, and a path is defined which equals the API base path, so that a matching client URL path is the concatenation of the API base path with itself (e.g.
/api/api if the
/api), the fallback flow is now properly executed.
Some PEM formatted keys could not be recognized during JWT processing.
Multi-line values for environment variables are now supported.
The FLAT revision is shown when FLAT is started and is available in
flat_access log with new fields
When testing multiple test files with
flat test, each test now tests its own response.
Swagger security scheme objects without
x-flat-jwt are ignored for security checks.
set-response-headers action now accepts the empty object
swagger.yaml is faster because of caching
Relative paths in the
json-doc() function are resolved relative to the flow file's path.
The Swagger extension
x-flat-validate is now also recognized below
force-cache-ttl request option
The default value for the
use-http-cache request option is now false, even if no request options are configured.
Segmentation fault (or double free) when eval is used to assign nodes from a node-set variable to another variable
More environment variables for system configuration and tuning
If a path in
swagger.yaml ends with
/**, this entry matches the given path as well as arbitrary paths below it.
Swagger validation now gracefully accepts empty objects in the definition.
Some alert messages were logged twice
Evaluating an undefined or
null variable, as a string, now returns the empty string instead of the string
Incorrect default content-type
text/xml for request bodies
set-response-headers action now replaces
Cache-Control headers instead of merging them
serve action now correctly handles whitespace and other URL-Encoded characters in the name of the
The expected result in an
assert action's assertion can now be
report-only validation modes
validate request options also for XML-configured requests
Relative paths for e.g.
$error variable containing error information for client request/response validation errors
The error flow, called if an error occurs, and referenced by
x-flat-error in the swagger.yaml
exit-on-error request option (for JSON-configured requests) to trigger the error flow
An additional parameter
algorithm for the
jwt-decode() function to limit the acceptable signing algorithms. Mandatory for RSASSA based signatures
pattern compare flags for the
User-Agent for upstream requests is
terminate="false" is set, the
serve action will terminate the flow
If the signature cannot be created, the
jwt-encode() function returns an empty string and an error message is logged
HTML error page only if HTML is accepted; plain text otherwise