OpenResty Edge™ Changelog

Admin, Log Server, Node

1.3.0
bugfix
Fix the problem that the pagination of expired certificates is invalid.
bugfix
Fixed bad condition of auto renew cert for application.
change
FE: update texts on Global change log page and rename it to Audit Log, also add Audit log table on the application’s release page.
bugfix
Fix the problem that global lua module can not be updated.
change
FE: global error log page: filter nodes after selecting a gateway.
bugfix
Fix DNS runtime error when dns query for invalid domain.
change
FE: adjust editor height for Lua module and Lua extension.
bugfix
Fix an error in matching the IP address of X-Forwarded-For request header.
change
Rest api search_by_name support k8s upstreams.
change
FE: lmdb backup page show processing nodes and adjust some wordings.
bugfix
Support new EdgeLang actions:set-req-cookie and rm-req-cookie.
change
FE: upgrade components to update the functions hints for EdgeLang editor.
bugfix
Fix the problem of failure of adding gateway cluster conditions to global rewrite rules and global custom actions.
bugfix
Fix failure to find pending apps after gray release.
bugfix
Fix Append-proxy-header-value action submit with validation errors.
feature
Custom certificate issuers can show account information.
feature
Add 'IP-address-match' operator to X-Forwarded-For.
feature
Support LMDB backup for edge nodes.
feature
Recompile tool: Support for parallel compilation of all HTTP/HTTPS applications.
bugfix
Add concurrent locks for application publish/rollback operations to avoid unexpected changes caused by concurrent operations.
bugfix
Should finally retry the local machine When enabling gateway cluster level cache sharing and all cluster nodes failed.
feature
Support for cleaning dynamic metrics data.
feature
Support to config k8s upstream in application and global.
feature
Added release log to global configuration.
bugfix
Fix the problem of missing configuration in application release log description.
change
Changes to k8s upstream do not affect release.
feature
Support global page template.
feature
Support serving static resources.
bugfix
The "Rewrite Proxy URI Prefix" action does not encode the URI and may not be recognized upstream.
change
Need to delete load SSL certificate by IP addresses and load application by IP addresses  configuration before deleting applications.
feature
Support ECC for ACME (i.e. Let’s encrypt).
change
Skip domain match checking for default application.
change
Apply pan-domain semantic change, multi-level domain matching is no longer supported. For example, *.foo.com will only match a.foo.com and not a.b.foo.com.
bugfix
Fixing a mismatch in the results of searching for upstream names.
bugfix
Fix creating app with proxy to global upstream but not creating rule automatically.
change
k8s background threads add support for dual admin and grayscale admin.
feature
Add sidebar on applications’s config page like in global config page.
feature
Added two builtin dymetrics: Request count and Request flow.
optimize
improvement: move the is_gray flag from gateway cluster level to gateway node level.Make it easier to change one gateway node to gray/main.
feature
The request rate limit supports the use of HTTP request headers as key.
bugfix
Fixed failure when uploading certificate by SDK / edge-cli.
bugfix
value of check_script field of the keepalived configuration should be full-path.
bugfix
Remove the second useless balancer when the interface is reduced to 1 upstream.
change
Added operator ip match to first-x-forwarded-addr and last-x-forwarded-addr.
optimize
Reduced configuration synchronization latency.
bugfix
k8s rest api data return format is not standardized.
feature
Added IP-List for application level.
bugfix
Added upstream recursive detection to prevent dead loops caused by it.
bugfix
Fix to prevent unnecessary requests with undefined params when routing back to application list page.
change
Convert toggle button with negation meaning labels to be affirmative.
bugfix
Fix DNS record validation wrong on the web page.
bugfix
A later defer resp-body under the same application will overwrite the previous one.
bugfix
Log Server down cause incorrect sync status display.
change
K8s upstream adds support for binding multiple k8s services.
bugfix
When multiple k8s clusters are configured, monitoring one k8s cluster will use the other k8s cluster configuration.
bugfix
The offline http application will no longer automatically renew the certificate issued by ACME.
change
Change the way package_created_time is fetched.
feature
Show world map for DNS A/AAAA records.
change
Show offline status of application.
feature
Support for ngx2edge tools.
feature
Show blog articles in tab Help.
bugfix
Fix search and select component error.
bugfix
When updating the manually uploaded SSL certificate, the certificate also needs to be verified.
feature
Support for the Brotli compression of responses.
feature
Support for purge cached resources in mlcache based on prefixes (for scenarios with custom use of mlcache Lua modules).
bugfix
Fix HTTP response body match error in health check.
feature
Support proxy protocol in tcp and tls applications.
bugfix
Handling of IPv6 errors in address matching.
bugfix
Fixed the bug when matching multiple IP lists in whitelist mode.
optimize
Optimized database writes for health checks and upstream metrics.
feature
Remind user to refresh current page when new admin version is available.
bugfix
Fixed the problem that tag of gateway cluster not shown.
change
Add new filters operation, user and keyword to global changelog page.
change
Added column response status to app waf logs page.
feature
New hit rule statistics chart in WAF log page.
feature
Support batch delete.
feature
Add new action enable basic authentication, support creating global basic auth accounts and application basic auth accounts.
1.1.0
bugfix
when multiple k8s clusters are configured, monitoring one k8s cluster will use the other k8s cluster configuration.
change
when the internal k8s service is updated, the call to its own interface does not need to verify ssl.
change
internal k8s service updates using https.
change
internal k8s service update using port 443
bugfix
page rule conditions caseless option does not work.
bugfix
fix nginx.conf template error.
change
add admin_api_port config in ini.
bugfix
fix bug of whitelist mode for ip-list.
bugfix
the global changelog path is not decoded.
bugfix
the global change log does not use the UTC time zone.
feature
support search global change log.
bugfix
gateway cluster healthcheck template rendering error.
change
licensing method changes, support offline licensing.
feature
support user to upload their custom IP database by uploading csv file.
optimize
all filled domain names are automatically converted to lowercase.
optimize
k8s watch thread reset every 10 minutes.
1.0.1
feature
support for creating global IP lists and matching IP addresses with IP lists by name.
feature
add intercept actions to the limit request rate action.
bugfix
fix the problem of wrong time unit of dns health check request timeout.
change
enable ffi in global lua module.
feature
add new action: user-agent-is-mobile.
bugfix
fix the problem of default binding port 80 when there is no http application.
bugfix
fix the problem that hcaptcha cache time cannot be modified.
change
page rule: Support multiple WAF rules take effect at the same time instead the overwriting the old WAF rule.
feature
support qqzeng IP database.
bugfix
fixed debug level waf rules that will cause other rules to fail to hit.
feature
support always_check option in the global upstreams health check.
feature
the upstream health check adds PostgreSQL and MySQL check types.
feature
the upstream health check supports determining whether the content of the response body contains the specified string.
feature
support enable gateway node health checker.
change
only used the backup upstream when all upstream is retied or marked down by health check.
feature
dns banding to k8s cluster.
feature
support global dynamic metrics.
feature
support Lua extensions for admin.
feature
support application dynamic metrics.
feature
support two edge-admin server at the same time, for high availability.
0.4.2
feature
gateway binding to k8s cluster, so as to support edge-node auto approve from k8s cluster.
change
remove the trusted_client and trusted_uid configurations.
optimize
improved the performance of edge node, the QPS increased 26% in the simple proxy case.
optimize
add blacklist to global lua module and custom share zone.
change
split http and stream applications.
bugfix
fix the issue of global action modification triggering node binary upgrade.
feature
upstream binding to service of k8s cluster.
optimize
limit the frequency of repeated error messages, w hen sending queue is full, each worker print one log entry every 30 seconds at most.
feature
support calling third-party module from a third-party module.
feature
support SRV type records in DNS application.
feature
add lua-resty-mlcache library to openresty-plus.
optimize
limit the request rate to the configuration update API to avoid multiple nodes doing whole synchronise at the same time.
feature
add support to specifying customise certificate issuer, with EAB support for ACME services.
feature
support decoded_proxy_authorization variable in the http forward proxy access log.
feature
collect more upstream metrics (such as http status codes).
feature
support per Application configurations of: client-max-body-size, proxy-cache-revalidate, proxy-cache-use-stale, gateway-gzip and enable-websocket.
optimize
fix the problem that the some pages cannot be loaded when log-server crashes.
optimize
support filtering error logs by time range.
optimize
optimise the concurrency control of health check, fixed “timer is not enough” error when there are many upstreams with health check enabled.
bugfix
do not report health check results repeatedly.
feature
add WAF rules in v3.3
feature
add new action sorted-query-string to EdgeLang.
feature
sticky Cookie support.
change
move entrance of licences page from Gateway Cluster to the upper left corner besides logo in home page.
change
rearrange main navigation menu.
feature
support displaying source code for WAF rule sets.
bugfix
fix a failure case when manual uploading application level certificates: when application is wildcard domain and the certificate is non-wildcard domain will cause the failure.
feature
add the API for certbot plug-in.
bugfix
support binding local ipv6 address.
optimize
log up to 3 entries when no IP database token is provided.
change
apply pan-domain semantic change, multi-level domain matching is no longer supported. For example, -.foo.com will only match a.foo.com and not a.b.foo.com. (It is still compatible for the current version, but will be deprecated and removed in future versions.).
optimize
optimize most of the GET interfaces. It takes only 100ms now instead of original 1.2 seconds for some interfaces.
optimize
optimise Application list loading time, the interface time is reduced by about 900ms.
change
switch to TimescaleDB for log server database (need to install TimescaleDB extension).
bugfix
after DNS health check failed, the resolution result list will not returning failed IPs.
feature
keepalived integration, support high-availability on IP layer.
feature
support binding local IP.
feature
support binding local IP when forwarding.
feature
support node level enabling QAT.
bugfix
fix the 500 response code issue when uploading certificate.
feature
DNS health check support enabling and configuring ports within independent record.
bugfix
forward proxy support multiple ports.
bugfix
fix incorrect remote address in user session on Admin.
feature
EdgeLang source code viewing support of hitting WAF rules in WAF log page.
feature
pick and disable WAF rule WAF ruleset under WAF log page.
feature
DNS records management support in the application page.
feature
support upstream health check for TCP/TLS applications.
feature
return details of failed upstream health check.
optimize
optimize EdgeLang compilation speed.
1.3.0
修复
修复过期证书分页失效的问题。
修复
修复导致证书无法定期更新的错误条件。
变更
前端:全局变更日志页面文案并改名为审计日志,在应用发布页面新增审计日志。
修复
修复 global lua module 不能更新的问题。
变更
前端:全局错误日志页面改为先筛选集群再筛选节点。
修复
修复 DNS 查询非法域名时请求异常的问题。
变更
前端:调整 Lua 模块及 Lua 插件编辑器高度。
修复
修复 X-Forwarded-For 请求头 IP 地址匹配出错的问题。
变更
search_by_name 的接口支持搜索 k8s 上游。
变更
前端:备份功能显示正在处理的节点以及调整页面文案。
新增
新增 EdgeLang 动作:set-req-cookierm-req-cookie
变更
前端:升级组件以更新 EdgeLang 编辑器提示。
修复
修复全局改写规则和全局自定义动作添加网关集群条件失败的问题。
修复
解决恢复发布后搜索不到未发布应用的问题。
修复
修复 Append-proxy-header-value 动作无法提交的问题。
新增
自定义证书签发商,可显示帐号信息。
新增
X-Forwarded-For 增加 IP 地址匹配的操作符。
新增
支持节点 LMDB 备份。
新增
重新编译脚本支持并行编译所有的 HTTP/HTTPS 应用。
修复
增加应用发布/回滚操作的并发锁,避免并发操作带来的配置错误。
修复
开启网关集群级别的共享缓存时,如果所有节点都失败,应该最后重试一下本机。
新增
支持清理动态指标数据。
新增
页面支持分别配置应用内 k8s 上游及全局 k8s 上游。
新增
全局配置新增发布记录。
修复
修复应用发布日志描述中缺失配置的问题。
变更
k8s上游发生变更,不影响release。
新增
支持全局页面模板
新增
支持服务静态资源
修复
"重写代理URI前缀"动作没有对 URI 进行编码,可能导致上游不识别。
变更
删除应用前需要先删除 Load SSL certificate by IP addresses 和 Load application by IP addresses 配置。
新增
为 Let’s Encrypt 和 ACME 新增 ECC 证书支持。
变更
使默认应用支持证书上传和签发。
变更
应用泛域名语义变更,不再支持多级域名的匹配。比如 *.foo.com 只会匹配 a.foo.com 而不会匹配 a.b.foo.com.。
修复
修复搜索上游名称的结果不匹配的问题。
修复
前端修复创建新应用时选择全局上游作为 proxy 上游时未自动创建页面规则。
变更
k8s 后台线程添加双 admin 和灰度admin的支持。
新增
应用设置页面添加侧边栏方便跳转。
新增
新增两个内建动态指标:请求数和请求流量。
优化
node 灰度标识从网关集群级别,改为网关节点级别方便切换 node 节点是否灰度的标识。
新增
请求速率限制支持使用 HTTP 请求头作为 key。
修复
修复使用 SDK 或 edge-cli 无法上传证书的 BUG。
修复
keepalived 配置文件中 check_script 字段应该为全路径。
修复
当界面上删减至 1 个上游时,去除第二个没用的 balancer。
新增
变量 first-x-forwarded-addr 和 last-x-forwarded-addr 支持操作符 IP 匹配以及 IP 不匹配。
优化
缩短了配置同步的延迟。
修复
k8s rest api 数据返回格式不规范。
新增
支持了应用级别的 IP 列表配置。
修复
新增了递归上游的检测选项,防止出现由此造成的死循环。
修复
修复应用列表页面跳转出现多余请求及错误请求。
变更
修改所有否定意思文案的开关选项为肯定,使之更易理解。
修复
修复页面输入 DNS 记录校验错误。
修复
同一个应用下后面的 defer resp-body 会覆盖前面的 defer resp-body。
修复
Log Server 下线导致节点同步状态无法整成显示的问题。
变更
K8s 上游添加绑定多 k8s 服务的支持。
修复
已下线的 http 应用不应再自动更新 ACME 证书。
变更
修改 package_created_time 的获取方式。
新增
DNS 页面显示 A/AAAA 记录的地图展示。
变更
在应用编辑页面顶部显示 offline 状态。
新增
支持 ngx2edge 工具。
新增
在帮助中心显示博客文章。
修复
修复页面搜索选择组件报错。
修复
手动上传 SSL 证书更新时,也需要对上传的证书进行校验。
新增
支持新的 Brotli 压缩类型。
新增
支持根据前缀清理 mlcache 中的缓存资源(适用于有自定义使用 mlcache Lua 模块的场景)。
修复
修复 HTTP 健康检查响应体匹配报错的问题。
新增
tcp和tls应用支持proxy protocol。
修复
对 IPv6 在地址匹配时进行了错误处理。
修复
修复了多个 IP 列表白名单匹配时的 BUG。
优化
优化健康检查和上游指标的数据库写入方式。
新增
当 admin 有新版本时提示用户刷新页面。
修复
修复网关集群标签有时候不显示的问题。
变更
增加全局变更日志的筛选条件 操作, 用户 以及日志关键字。
变更
WAF 日志页面新增列响应状态。
新增
WAF 日志界面新增命中规则统计图表。
新增
支持 DNS 全局负载均衡
新增
支持批量删除。
新增
新加动作 启用 Basic 认证, 支持创建全局 Basic 认证账号和应用级别 Basic 认证账号。
1.1.0
修复
当配置了多个k8s集群的时候,监控某个k8s集群会使用其他的k8s集群配置。
变更
内部k8s服务更新的时候,调用自身的接口不需要验证ssl。
变更
内部k8s服务更新使用https。
变更
内部k8s服务更新使用443端口。
修复
规则条件忽略大小写不生效。
修复
修复nginx.conf模板错误。
变更
在ini中增加admin_api_port配置。
修复
ip-list白名单模式的错误。
修复
全局更新日志路径没有解码。
修复
全局变更日志没有使用UTC时区。
新增
支持搜索全局变更日志。
修复
网关集群健康检查模板渲染的错误。
变更
许可方式变更,支持离线许可。
新增
支持用户通过上传 csv 文件使用自定义的 IP 数据库。
优化
所有输入域名都自动转成小写。
优化
k8s 后台监控线程每隔10分钟重连。
1.0.1
新增
支持创建全局 IP 列表,并支持 IP 地址与指定名称 IP 列表进行匹配。
新增
给limit request rate动作增加拦截动作。
修复
修复dns健康检查超时时间单位错误的问题。
变更
全局lua模块支持ffi。
新增
新增user-agent-is-mobile动作。
修复
修复没有http应用时默认绑定80端口的问题。
修复
修复hcaptcha缓存时间不能修改的问题。
变更
页面规则内多个 WAF 规则会同时生效,原来是后面的 WAF 规则会覆盖前面的 WAF 规则。
新增
IP 地理信息数据库支持 qqzeng 数据库。
修复
修复 debug 级别的 waf 规则会导致其他规则无法命中问题。
新增
全局上游健康检查新增始终检查的选项。
新增
上游健康检查新增 PostgreSQL 和 MySQL 检查类型。
新增
上游健康检查支持判断响应体内容是否包含指定字符串。
新增
支持网关节点健康检查。
变更
备份上游重试顺序调整:当所有的上游节点全部都失败(健康检查失败,或者当前请求尝试过了)才会重试备份上游。
新增
dns绑定到k8s集群。
新增
支持全局动态指标。
新增
Admin 支持 Lua 扩展。
新增
支持应用动态指标。
新增
支持同时部署并启用两个 admin server 服务,提高 admin 的可用性。
0.4.2
新增
gateway绑定到k8s集群,以便自动批准k8s集群中的edge-node。
变更
去掉 trusted_client 和 trusted_uid 的配置。
优化
优化 edge node 性能,简单反向代理场景 QPS 可以提升 26%。
优化
给global-lua-module和custom share zone增加黑名单。
变更
拆分 http 和 stream 应用。
修复
修复全局动作修改触发节点 binary upgrade 的问题。
新增
上游绑定到某个k8s集群服务上。
优化
限制重复错误消息频率,当 send queue 满了的时候,每个 worker 最多每 30 秒打印一条日志。
新增
支持在第三方模块中调用另一个第三方模块。
新增
DNS 应用支持添加 SRV 类型的记录。
新增
openresty-plus新增lua-resty-mlcache库。
优化
限制配置同步接口的请求频率,防止多台 node 节点同时全量同步导致 admin 节点无法服务。
新增
支持指定自定义证书签发商,新增了对 ACME 服务的 EAB 的支持。
新增
http 正向代理访问日志支持decoded_proxy_authorization。
新增
收集更多上游指标(如状态码)。
新增
支持在应用里配置 client-max-body-size,proxy-cache-revalidate,proxy-cache-use-stale,gateway-gzip 和 enable-websocket。
优化
优化log-server崩溃后,前端页面不能加载的问题。
优化
支持按照时间范围搜索错误日志。
优化
如果健康检查的上游太多,可能会报 timer 不够的错误;优化了并发控制。
修复
健康检查的状况可能会重复上报。
新增
增加 V3.3 的 WAF 规则。
新增
EdgeLang 新增动作 sorted-query-string。
新增
支持 Sticky Cookie。
变更
许可证入口位置从网管集群下移至主页面左上角logo旁。
变更
主导航顺序
修复
应用级别证书手动上传证书校验:当应用为泛域名时,上传的非泛域名证书会校验失败的 BUG。
新增
certbot 插件 API。
修复
下游监听支持绑定ipv6
优化
如果ip database没有token,最多记录3条日志。
变更
应用泛域名语义变更,不再支持多级域名的匹配。比如 -.foo.com 只会匹配 a.foo.com 而不会匹配 a.b.foo.com. (当前版本还保持兼容,但是未来版本会移除。)。
优化
优化大部分的 Get 接口,实测原来 1.2 秒的接口现在只需要 100 ms。
优化
优化应用列表的加载时间,接口耗时减少 900ms 左右。
变更
log server 切换时序库,需要安装时序库扩展,切换和归档方案看李庚 wiki。wiki链接。
修复
DNS 健康检查失败之后,解析结果列表中依然会返回失败 IP。
新增
keepalived 集成,支持 IP 层的高可用。
新增
下游监听支持绑定本地ip。
新增
上游转发支持绑定本地ip。
新增
支持节点级别开启QAT。
修复
上传证书出现 500 错误的问题。
新增
dns健康检查支持每条记录单独开启和配置端口。
修复
正向代理不支持多端口的问题。
修复
admin上用户session远程地址不对的问题。
新增
WAF 日志页面支持查看命中 WAF 规则的 edgelang 源码。
新增
WAF 日志页面支持禁用 WAF 规则集内的规则。
新增
应用页面支持 DNS 记录的管理。
新增
TCP/TLS 应用支持上游健康检查的功能。
新增
上游健康检查上报检查失败详情。
优化
优化edgelang编译速度。

Python SDK

1.2.24
change
The put_app supports setting the status of application.
1.2.23
change
The Cache part of the page rule supports more configuration options.
1.2.22
feature
Add interface to convert common upstream to k8s upstream[copy_upstream_to_k8s_upstream]copy_upstream_to_k8s_upstream.
feature
Add interface to search k8s upstreamsearch_k8s_upstream_by_name.
1.2.20
bugfix
the interface of search_upstream_by_ip, search_upstream_by_name, search_http_app_by_keyword, the page_size parameter does not work.
1.2.19
feature
Add k8s,k8s upstream interface for adding, replacing, deleting, and updatingnew_k8s_upstream,new_global_k8s_upstreamnew_global_k8s.
1.2.17
change
The proxy parameter of put_rule supports to use the data format returned by the get interface.
1.2.16
feature
Add interface to get version information get_version.
feature
Add interface to search app by domain or name search_http_app_by_keyword.
feature
Add interface to search upstream by name search_upstream_by_name.
feature
Add interface to search upstream by ip search_upstream_by_ip.
1.2.15
bugfix
Add dns_read and dns_write parameters to interfaces add_app_user, put_app_user, add_user_for_all_apps and add_all_users_for_app.
feature
Add interface to get gateway cluster get_all_gateway and gateway cluster tag get_all_gateway_tag.
change
get_all_global_users interface supports returning detailed information.
change
Removed get_all_global_user_ids interface.
feature
Added interfaces count_global_actions and get_all_global_actions.
1.2.24
变更
put_app支持设置应用状态。
1.2.23
变更
页面规则的缓存部分支持更多配置选项。
1.2.22
新增
添加普通上游转换成k8s上游接口[copy_upstream_to_k8s_upstream]copy_upstream_to_k8s_upstream
新增
添加搜索k8s上游接口search_k8s_upstream_by_name
1.2.20
修复
search_upstream_by_ip, search_upstream_by_name, search_http_app_by_keyword的page_size参数不起作用。
1.2.19
新增
添加k8s,k8s上游的增删改查接口new_k8s_upstream,new_global_k8s_upstreamnew_global_k8s
1.2.17
变更
put_rule 接口的 proxy 参数支持直接使用 get 接口返回的数据格式。
1.2.16
新增
添加获取版本信息的接口 get_version
新增
添加通过应用名称搜索应用的接口 search_http_app_by_keyword
新增
添加通过上游名称搜索上游的接口 search_upstream_by_name
新增
添加通过上游 IP 搜索上游的接口 search_upstream_by_ip
1.2.15
修复
add_app_userput_app_useradd_user_for_all_appsadd_all_users_for_app 接口添加 dns_read 和 dns_write 参数。
新增
添加获取网关集群 get_all_gateway 和网关集群标签 get_all_gateway_tag 的接口。
变更
get_all_global_users 接口支持返回详细信息。
变更
删除 get_all_global_user_ids 接口。
新增
添加获取全局动作数量 count_global_actions 和 获取全局动作 get_all_global_actions 的接口。