Swagger security scheme objects without
x-flat-jwt are ignored for security checks.
set-response-headers action now accepts the empty object
swagger.yaml is faster because of caching
Relative paths in the
json-doc() function are resolved relative to the flow file's path.
The Swagger extension
x-flat-validate is now also recognized below
force-cache-ttl request option
The default value for the
use-http-cache request option is now false, even if no request options are configured.
Segmentation fault (or double free) when eval is used to assign nodes from a node-set variable to another variable
More environment variables for system configuration and tuning
If a path in
swagger.yaml ends with
/**, this entry matches the given path as well as arbitrary paths below it.
Swagger validation now gracefully accepts empty objects in the definition.
Some alert messages were logged twice
Evaluating an undefined or
null variable, as a string, now returns the empty string instead of the string
Incorrect default content-type
text/xml for request bodies
set-response-headers action now replaces
Cache-Control headers instead of merging them
serve action now correctly handles whitespace and other URL-Encoded characters in the name of the
The expected result in an
assert action's assertion can now be
report-only validation modes
validate request options also for XML-configured requests
Relative paths for e.g.
$error variable containing error information for client request/response validation errors
The error flow, called if an error occurs, and referenced by
x-flat-error in the swagger.yaml
exit-on-error request option (for JSON-configured requests) to trigger the error flow
An additional parameter
algorithm for the
jwt-decode() function to limit the acceptable signing algorithms. Mandatory for RSASSA based signatures
pattern compare flags for the
User-Agent for upstream requests is
terminate="false" is set, the
serve action will terminate the flow
If the signature cannot be created, the
jwt-encode() function returns an empty string and an error message is logged
HTML error page only if HTML is accepted; plain text otherwise