​20200323​

Fixed

• ​Environment variables are shown in the debug log if the debug topic is env

• With activated upstream validation, a missing definition option or a definition value referencing a non-existant resource now results in a 500 response with a proper error message.

• Swagger security scheme objects without x-flat-jwt are ignored for security checks.

​20200318​

Added

• ​body() function​

• ​pass-body action​

• ​Security checks with JWT.

Changed

• ​set-response-headers action now accepts the empty object {}

• Reading swagger.yaml is faster because of caching

​20200213​

Added

• Validation for application/x-www-form-urlencoded encoded formData parameters​

• The proxy-request action

• The functions verify-xmldsig() and decrypt-xml().

Fixed

• Parameter handling of the functions decrypt() and calc-signature().

Changed

• Padding scheme for encrypt() and decrypt() to RSAES-OAEP.

• Relative paths in the json-doc() function are resolved relative to the flow file's path.

​20200110​

Added

• The Swagger extension x-flat-validate is now also recognized below paths/<path> and paths/<path>/<operation>.

• The force-cache-ttl request option​

Changed

• Only allow operations defined in OpenAPI version 2.0 to be used in the swagger.yaml​

Fixed

• The default value for the use-http-cache request option is now false, even if no request options are configured.

• Segmentation fault (or double free) when eval is used to assign nodes from a node-set variable to another variable

​20191210​

Added

• The functions apply-codecs(), encrypt(), decrypt(), calc-signature() and verify-signature()​

• The function file-exists()​

• The $error variable is set and exit-on-error/error flow handling is triggered if a request error occurs

• The id and encoding properties in the JSON request configuration

• More environment variables for system configuration and tuning​

• If a path in swagger.yaml ends with /**, this entry matches the given path as well as arbitrary paths below it.

Changed

• ​Swagger validation now gracefully accepts empty objects in the definition.

• Logging of template results for more flow actions​

Fixed

• Some alert messages were logged twice

• Evaluating an undefined or null variable, as a string, now returns the empty string instead of the string null

• Incorrect default content-type text/xml for request bodies

• The set-response-headers action now replaces Cache-Control headers instead of merging them

• The serve action now correctly handles whitespace and other URL-Encoded characters in the name of the fallback-doc

​20191018​

Added

• Swagger definition supports discriminator, JSON schema $id references and JSON schema propertyNames​

• The array-reverse() and sort(), xml-parse() and html-parse() functions

• Validation of the request, requests and set-response-headers action JSON bodies

• The expected result in an assert action's assertion can now be null

• The log action, the get-log() function​

Changed

• The test search for flat-test is recursive

• ​Logs are sent to stderr in JSON format

Fixed

• The report-only validation modes​

• The exit-on-error, mock and validate request options also for XML-configured requests

• Relative paths for e.g. in with copy in backend-flows​

​20190919​

Added

• The $error variable containing error information for client request/response validation errors

• The error flow, called if an error occurs, and referenced by flow in x-flat-error in the swagger.yaml

• The exit-on-error request option (for JSON-configured requests) to trigger the error flow

• An additional parameter algorithm for the jwt-decode() function to limit the acceptable signing algorithms. Mandatory for RSASSA based signatures

• The contains and pattern compare flags for the assert action

• The flat test Framework with assert, test-request, backend-flow and set-env actions

• The json-stringify() and json-parse() functions

Changed

• The default User-Agent for upstream requests is FLAT

• Unless terminate="false" is set, the serve action will terminate the flow

• For the request action: values in headers may now also be numeric or boolean

• If the signature cannot be created, the jwt-encode() function returns an empty string and an error message is logged

• The key for the jwt-encode() and jwt-decode() functions must not be empty

• HTML error page only if HTML is accepted; plain text otherwise

Fixed

• Fatal error when creating requests with null query parameter​

• Fatal error when creating requests with invalid body source​

• Requests are now rejected if upstream validation is enabled, but no definition option is configured or the given definition is not found

• The results of the split() function can now be used as input for join() or fit-serialize()​