​20210107​

Added

• The uuid3() and uuid4() functions​

• The ldap-query() function​

• ​LDAP TLS configuration and LDAP timeout​

• The scope-claim and post-check-flow properties

• Specifying the required token scope​

• ​Merging directives into php.ini via environment variables

Fixed

• ​Path parameters were not usable in error flows​

​20200828​

Added

• ​FLAT_DEBUG_ALLOW_HEADER to enable debugging using the Debug request header, defaults to false

• The request option force-cache-refresh

• The ldap-lookup() function​

• The cacheHit property in the upstream response information ($upstream)​

Fixed

• Empty objects are no longer logged as empty arrays.

• The json-to-csv() function allows null values in array entry objects.

Changed

The log action can no longer override system log fields.

​20200519​

Added

• ​Beta image now publicly available. More about Docker images…​

• Warnings in debug log about invalid Swagger definitions​

• Validation for the assert and set-env test action configurations.

• The error action​

• additional configuration options for the PHP-FPM process management​

• ​out-header property for easy JWT forwarding

Fixed

• Calls to the content() function affecting the result of the body() function​

​20200424​

Added

• ​Swagger security requirements can now also be specified at the path level.

• ​x-flat-proxy to configure proxies without a flow

• Enhanced proxy-request action with origin, query, stripEndpoint and addPrefix properties

Fixed

• If a client URL path is below the API base path, does not match any defined route, and a path is defined which equals the API base path, so that a matching client URL path is the concatenation of the API base path with itself (e.g. /api/api if the basePath is /api), the fallback flow is now properly executed.

• Some PEM formatted keys could not be recognized during JWT processing.

• Multi-line values for environment variables are now supported.

Changed

• If the definition request option is given with either a proxy-request action or x-flat-proxy, the defaults for the exit-on-error, validate-request and validate-response request options are changed to true.

​20200409​

Added

• The json-to-csv() function​

• The FLAT revision is shown when FLAT is started and is available in $env/FLAT_REVISION​

Changed

• Enhanced flat_access log with new fields

Fixed

• When testing multiple test files with flat test, each test now tests its own response.

• Fatal errors when using certain combinations of jwt-decode() and <eval/>​

​20200323​

Fixed

• ​Environment variables are shown in the debug log if the debug topic is env

• With activated upstream validation, a missing definition option or a definition value referencing a non-existant resource now results in a 500 response with a proper error message.

• Swagger security scheme objects without x-flat-jwt are ignored for security checks.

​20200318​

Added

• ​body() function​

• ​pass-body action​

• ​Security checks with JWT.

Changed

• ​set-response-headers action now accepts the empty object {}

• Reading swagger.yaml is faster because of caching

​20200213​

Added

• Validation for application/x-www-form-urlencoded encoded formData parameters​

• The proxy-request action

• The functions verify-xmldsig() and decrypt-xml().

Fixed

• Parameter handling of the functions decrypt() and calc-signature().

Changed

• Padding scheme for encrypt() and decrypt() to RSAES-OAEP.

• Relative paths in the json-doc() function are resolved relative to the flow file's path.

​20200110​

Added

• The Swagger extension x-flat-validate is now also recognized below paths/<path> and paths/<path>/<operation>.

• The force-cache-ttl request option​

Changed

• Only allow operations defined in OpenAPI version 2.0 to be used in the swagger.yaml​

Fixed

• The default value for the use-http-cache request option is now false, even if no request options are configured.

• Segmentation fault (or double free) when eval is used to assign nodes from a node-set variable to another variable

​20191210​

Added

• The functions apply-codecs(), encrypt(), decrypt(), calc-signature() and verify-signature()​

• The function file-exists()​

• The $error variable is set and exit-on-error/error flow handling is triggered if a request error occurs

• The id and encoding properties in the JSON request configuration

• More environment variables for system configuration and tuning​

• If a path in swagger.yaml ends with /**, this entry matches the given path as well as arbitrary paths below it.

Changed

• ​Swagger validation now gracefully accepts empty objects in the definition.

• Logging of template results for more flow actions​

Fixed

• Some alert messages were logged twice

• Evaluating an undefined or null variable, as a string, now returns the empty string instead of the string null

• Incorrect default content-type text/xml for request bodies

• The set-response-headers action now replaces Cache-Control headers instead of merging them

• The serve action now correctly handles whitespace and other URL-Encoded characters in the name of the fallback-doc

​20191018​

Added

• Swagger definition supports discriminator, JSON schema $id references and JSON schema propertyNames​

• The array-reverse() and sort(), xml-parse() and html-parse() functions

• Validation of the request, requests and set-response-headers action JSON bodies

• The expected result in an assert action's assertion can now be null

• The log action, the get-log() function​

Changed

• The test search for flat-test is recursive

• ​Logs are sent to stderr in JSON format

Fixed

• The report-only validation modes​

• The exit-on-error, mock and validate request options also for XML-configured requests

• Relative paths for e.g. in with copy in backend-flows​

​20190919​

Added

• The $error variable containing error information for client request/response validation errors

• The error flow, called if an error occurs, and referenced by flow in x-flat-error in the swagger.yaml

• The exit-on-error request option (for JSON-configured requests) to trigger the error flow

• An additional parameter algorithm for the jwt-decode() function to limit the acceptable signing algorithms. Mandatory for RSASSA based signatures

• The contains and pattern compare flags for the assert action

• The flat test Framework with assert, test-request, backend-flow and set-env actions

• The json-stringify() and json-parse() functions

Changed

• The default User-Agent for upstream requests is FLAT

• Unless terminate="false" is set, the serve action will terminate the flow

• For the request action: values in headers may now also be numeric or boolean

• If the signature cannot be created, the jwt-encode() function returns an empty string and an error message is logged

• The key for the jwt-encode() and jwt-decode() functions must not be empty

• HTML error page only if HTML is accepted; plain text otherwise

Fixed

• Fatal error when creating requests with null query parameter​

• Fatal error when creating requests with invalid body source​

• Requests are now rejected if upstream validation is enabled, but no definition option is configured or the given definition is not found

• The results of the split() function can now be used as input for join() or fit-serialize()​