The ldap-query()
function​
​LDAP TLS configuration and LDAP timeout​
The scope-claim
and post-check-flow
properties
Specifying the required token scope​
​Merging directives into php.ini
via environment variables
​Path parameters were not usable in error flows​
​FLAT_DEBUG_ALLOW_HEADER
to enable debugging using the Debug
request header, defaults to false
The request option force-cache-refresh
The ldap-lookup()
function​
The cacheHit
property in the upstream response information ($upstream
)​
Empty objects are no longer logged as empty arrays.
The json-to-csv()
function allows null
values in array entry objects.
The log
action can no longer override system log fields.
​Beta image now publicly available. More about Docker images…​
Warnings in debug log about invalid Swagger definitions​
The error
action​
additional configuration options for the PHP-FPM process management​
​out-header
property for easy JWT forwarding
Calls to the content()
function affecting the result of the body()
function​
​Swagger security
requirements can now also be specified at the path level.
​x-flat-proxy
to configure proxies without a flow
Enhanced proxy-request
action with origin
, query
, stripEndpoint
and addPrefix
properties
If a client URL path is below the API base path, does not match any defined route, and a path is defined which equals the API base path, so that a matching client URL path is the concatenation of the API base path with itself (e.g. /api/api
if the basePath
is /api
), the fallback flow is now properly executed.
Some PEM formatted keys could not be recognized during JWT processing.
Multi-line values for environment variables are now supported.
If the definition
request option is given with either a proxy-request
action or x-flat-proxy
, the defaults for the exit-on-error
, validate-request
and validate-response
request options are changed to true
.
The json-to-csv()
function​
The FLAT revision is shown when FLAT is started and is available in $env/FLAT_REVISION
​
Enhanced flat_access
log with new fields
When testing multiple test files with flat test
, each test now tests its own response.
Fatal errors when using certain combinations of jwt-decode()
and <eval/>
​
​Environment variables are shown in the debug log if the debug topic is env
With activated upstream validation, a missing definition
option or a definition
value referencing a non-existant resource now results in a 500 response with a proper error message.
Swagger security scheme objects without x-flat-jwt
are ignored for security checks.
​body()
function​
​pass-body
action​
​set-response-headers
action now accepts the empty object {}
Reading swagger.yaml
is faster because of caching
Validation for application/x-www-form-urlencoded
encoded formData
parameters​
The proxy-request
action
The functions verify-xmldsig()
and decrypt-xml()
.
Parameter handling of the functions decrypt()
and calc-signature()
.
Padding scheme for encrypt()
and decrypt()
to RSAES-OAEP.
Relative paths in the json-doc()
function are resolved relative to the flow file's path.
The Swagger extension x-flat-validate
is now also recognized below paths/<path>
and paths/<path>/<operation>
.
The force-cache-ttl
request option​
Only allow operations defined in OpenAPI version 2.0 to be used in the swagger.yaml
​
The default value for the use-http-cache
request option is now false, even if no request options are configured.
Segmentation fault (or double free) when eval is used to assign nodes from a node-set variable to another variable
The functions apply-codecs()
, encrypt()
, decrypt()
, calc-signature()
and verify-signature()
​
The function file-exists()
​
The $error
variable is set and exit-on-error
/error flow
handling is triggered if a request error occurs
More environment variables for system configuration and tuning​
If a path in swagger.yaml
ends with /**
, this entry matches the given path as well as arbitrary paths below it.
​Swagger validation now gracefully accepts empty objects in the definition.
Logging of template results for more flow actions​
Some alert messages were logged twice
Evaluating an undefined or null
variable, as a string, now returns the empty string instead of the string null
Incorrect default content-type text/xml
for request bodies
The set-response-headers
action now replaces Cache-Control
headers instead of merging them
The serve
action now correctly handles whitespace and other URL-Encoded characters in the name of the fallback-doc
Swagger definition supports discriminator
, JSON schema $id
references and JSON schema propertyNames
​
The array-reverse()
and sort()
, xml-parse()
and html-parse()
functions
Validation of the request
, requests
and set-response-headers
action JSON bodies
The expected result in an assert
action's assertion can now be null
The log
action, the get-log()
function​
The report-only
validation modes​
The exit-on-error
, mock
and validate
request options also for XML-configured requests
Relative paths for e.g. in
with copy
in backend-flows
​
The $error
variable containing error information for client request/response validation errors
The error flow, called if an error occurs, and referenced by flow
in x-flat-error
in the swagger.yaml
The exit-on-error
request option (for JSON-configured requests) to trigger the error flow
An additional parameter algorithm
for the jwt-decode()
function to limit the acceptable signing algorithms. Mandatory for RSASSA based signatures
The contains
and pattern
compare flags for the assert
action
The flat test
Framework with assert
, test-request
, backend-flow
and set-env
actions
The json-stringify()
and json-parse()
functions
The default User-Agent
for upstream requests is FLAT
Unless terminate="false"
is set, the serve
action will terminate the flow
For the request
action: values in headers
may now also be numeric or boolean
If the signature cannot be created, the jwt-encode()
function returns an empty string and an error message is logged
The key
for the jwt-encode()
and jwt-decode()
functions must not be empty
HTML error page only if HTML is accepted; plain text otherwise
Fatal error when creating requests with null
query parameter​
Fatal error when creating requests with invalid body source​
Requests are now rejected if upstream validation is enabled, but no definition
option is configured or the given definition is not found
The results of the split()
function can now be used as input for join()
or fit-serialize()
​