Changelog
​20200519​
​Beta image now publicly available. More about Docker images…​
Warnings in debug log about invalid Swagger definitions​
The
erroraction​additional configuration options for the PHP-FPM process management​
​
out-headerproperty for easy JWT forwarding
Calls to the
content()function affecting the result of thebody()function​
​20200424​
​Swagger
securityrequirements can now also be specified at the path level.​
x-flat-proxyto configure proxies without a flowEnhanced
proxy-requestaction withorigin,query,stripEndpointandaddPrefixproperties
If a client URL path is below the API base path, does not match any defined route, and a path is defined which equals the API base path, so that a matching client URL path is the concatenation of the API base path with itself (e.g.
/api/apiif thebasePathis/api), the fallback flow is now properly executed.Some PEM formatted keys could not be recognized during JWT processing.
Multi-line values for environment variables are now supported.
If the
definitionrequest option is given with either aproxy-requestaction orx-flat-proxy, the defaults for theexit-on-error,validate-requestandvalidate-responserequest options are changed totrue.
​20200409​
The
json-to-csv()function​The FLAT revision is shown when FLAT is started and is available in
$env/FLAT_REVISION​
Enhanced
flat_accesslog with new fields
When testing multiple test files with
flat test, each test now tests its own response.Fatal errors when using certain combinations of
jwt-decode()and<eval/>​
​20200323​
​Environment variables are shown in the debug log if the debug topic is
envWith activated upstream validation, a missing
definitionoption or adefinitionvalue referencing a non-existant resource now results in a 500 response with a proper error message.Swagger security scheme objects without
x-flat-jwtare ignored for security checks.
​20200318​
​
body()function​​
pass-bodyaction​
​
set-response-headersaction now accepts the empty object{}Reading
swagger.yamlis faster because of caching
​20200213​
Validation for
application/x-www-form-urlencodedencodedformDataparameters​The
proxy-requestactionThe functions
verify-xmldsig()anddecrypt-xml().
Parameter handling of the functions
decrypt()andcalc-signature().
Padding scheme for
encrypt()anddecrypt()to RSAES-OAEP.Relative paths in the
json-doc()function are resolved relative to the flow file's path.
​20200110​
The Swagger extension
x-flat-validateis now also recognized belowpaths/<path>andpaths/<path>/<operation>.The
force-cache-ttlrequest option​
Only allow operations defined in OpenAPI version 2.0 to be used in the
swagger.yaml​
The default value for the
use-http-cacherequest option is now false, even if no request options are configured.Segmentation fault (or double free) when eval is used to assign nodes from a node-set variable to another variable
​20191210​
The functions
apply-codecs(),encrypt(),decrypt(),calc-signature()andverify-signature()​The function
file-exists()​The
$errorvariable is set andexit-on-error/error flowhandling is triggered if a request error occursMore environment variables for system configuration and tuning​
If a path in
swagger.yamlends with/**, this entry matches the given path as well as arbitrary paths below it.
​Swagger validation now gracefully accepts empty objects in the definition.
Logging of template results for more flow actions​
Some alert messages were logged twice
Evaluating an undefined or
nullvariable, as a string, now returns the empty string instead of the stringnullIncorrect default content-type
text/xmlfor request bodiesThe
set-response-headersaction now replacesCache-Controlheaders instead of merging themThe
serveaction now correctly handles whitespace and other URL-Encoded characters in the name of thefallback-doc
​20191018​
Swagger definition supports
discriminator, JSON schema$idreferences and JSON schemapropertyNames​The
array-reverse()andsort(),xml-parse()andhtml-parse()functionsValidation of the
request,requestsandset-response-headersaction JSON bodiesThe expected result in an
assertaction's assertion can now benullThe
logaction, theget-log()function​
The
report-onlyvalidation modes​The
exit-on-error,mockandvalidaterequest options also for XML-configured requestsRelative paths for e.g.
inwithcopyinbackend-flows​
​20190919​
The
$errorvariable containing error information for client request/response validation errorsThe error flow, called if an error occurs, and referenced by
flowinx-flat-errorin the swagger.yamlThe
exit-on-errorrequest option (for JSON-configured requests) to trigger the error flowAn additional parameter
algorithmfor thejwt-decode()function to limit the acceptable signing algorithms. Mandatory for RSASSA based signaturesThe
containsandpatterncompare flags for theassertactionThe
flat testFramework withassert,test-request,backend-flowandset-envactionsThe
json-stringify()andjson-parse()functions
The default
User-Agentfor upstream requests isFLATUnless
terminate="false"is set, theserveaction will terminate the flowFor the
requestaction: values inheadersmay now also be numeric or booleanIf the signature cannot be created, the
jwt-encode()function returns an empty string and an error message is loggedThe
keyfor thejwt-encode()andjwt-decode()functions must not be emptyHTML error page only if HTML is accepted; plain text otherwise
Fatal error when creating requests with
nullquery parameter​Fatal error when creating requests with invalid body source​
Requests are now rejected if upstream validation is enabled, but no
definitionoption is configured or the given definition is not foundThe results of the
split()function can now be used as input forjoin()orfit-serialize()​
