Tyk Gateway v5.5.1, Tyk Dashboard v5.5.1

Tyk Gateway 5.5.1

Fixed

• We have introduced two new options in the Gateway configuration that will enforce prefix and/or suffix matching when Tyk performs checks on whether middleware or other logic should be applied to a request.
  enable_path_prefix_matching ensures that the start of the request path must match the path defined in the API definition
  enable_path_suffix_matching ensures that the end of the request path must match the path defined in the API definition
  combining enable_path_prefix_matching and enable_path_suffix_matching will ensure an exact (explicit) match is performed
  These configuration options provide control to avoid unintended matching of paths from Tyk's default wildcard match. Use of regex special characters when declaring the endpoint path in the API definition will automatically override these settings for that endpoint.
  Tyk recommends that exact matching is employed, but both options default to false to avoid introducing a breaking change for existing users.
• Fixed an issue when using granular Path-Based Permissions in access policies and keys that led to authorization incorrectly being granted to endpoints if an invalid regular expression was configured in the key/policy. Also fixed an issue where path-based parameters were not correctly handled by Path-Based Permissions. Now Tyk's authorization check correctly handles both of these scenarios granting access only to the expected resources.
• Fixed an issue where a parameterized endpoint URL (e.g. /user/{id}) would be invoked if a request is made that omits the parameter. For example, a request to /user/ will now be interpreted as a request to /user and not to /user/{id}.
• Enhanced Tyk Gateway synchronization with MDCB to ensure reliable policy and API loading. Implemented synchronous initialization process to prevent startup failures and potential service disruptions.

Tyk Dashboard 5.5.1

• Version alignment (no code changes)