| CARVIEW |
Select Language
HTTP/2 200
date: Fri, 25 Jul 2025 21:05:32 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With,Accept-Encoding, Accept, X-Requested-With
etag: W/"fcbcc020967797149b691fb20f646205"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
server: github.com
content-encoding: gzip
accept-ranges: bytes
set-cookie: _gh_sess=ZAp6Fl%2FLDG1cTMcw0vRtnvdqbeKStNkLNDebyEDIMPTDHElTMtPdzVeL04jBOGRgczqjkCycLWk3q57XaPKsd%2Fs%2B2Quvo8tGZucyTLUe9VpnfbPdcnPiZqEnhlaJh9ZglAK9leO4g9FgpS9hK%2BAFJsozB%2FEmBQmyo28HM3JlghEwaknSfJL4RtoGkRcfpnhaMPwqgzC2RHkfAk8fVosCrwD6WdNZcuijpSZ3jJSU%2B1sgTf7wQS9DkJk0tTwy8%2FeLq81cWILt6EyuRkYNz1M76Q%3D%3D--%2Fxzc38cVWyruyTLq--u2tBXihAHLq7GvctNP9%2Fog%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
set-cookie: _octo=GH1.1.1187553850.1753477531; Path=/; Domain=github.com; Expires=Sat, 25 Jul 2026 21:05:31 GMT; Secure; SameSite=Lax
set-cookie: logged_in=no; Path=/; Domain=github.com; Expires=Sat, 25 Jul 2026 21:05:31 GMT; HttpOnly; Secure; SameSite=Lax
x-github-request-id: 98A2:17C58D:CE6CF:1190EE:6883F19B
Releases · membrane/api-gateway · GitHub
22 Jul 14:28
Loading
07 Jul 10:09
Loading
03 Jul 12:47
Loading
03 Jul 11:20
Loading
30 Jun 16:44
Loading
11 Jun 15:07
Loading
07 May 16:10
Loading
07 May 16:10
Loading
06 May 08:05
Loading
06 May 08:46
Loading
Skip to content
Navigation Menu
{{ message }}
-
Notifications
You must be signed in to change notification settings - Fork 138
Releases: membrane/api-gateway
Releases · membrane/api-gateway
v6.2.4
Compare
Release Tag 6.2.4
Assets 5
1 person reacted
v6.2.3
Compare
Changes since 6.2.2:
Features:
- Support OpenAPI 3
discriminatorwith amapping.
Improvements:
- Do not log Exceptions for unroutable HTTP requests avoiding log spam.
- Do not log empty Exceptions.
- Added a few missing JavaDoc comments.
- Improved JavaDoc syntax description (describing what the
annotsubmodule does to auto generate the documentation). - Upgraded dependencies (jackson-core to 2.19.1, opentelemetry-sdk to 1.51.0, log4j-core to 2.25.0)
Fixes:
- Fixed #1951: Load Balancer API now supports case insensitive cluster names.
Assets 5
v6.2.2
Compare
Changes since 6.2.1:
Fixes:
- Fixed
membrane.shto support RPM deployment (where file system layout is not the extracted ZIP file, but references/etc/membrane/proxies.xml).
Features:
- added command to extract a public JWK from a private JWK file:
membrane.sh private-jwk-to-public -i private.jwk -o public.jwk
Assets 5
v6.2.1
Compare
Changes since 6.2.0:
Changes:
<jsonProtection/>now blocks JSON objects with a key"__proto__"by default. (Set<jsonProtection blockProto="false"/>to get back the old behavior.)- Set
showSSLExceptionsdefault tofalseto avoid log spam. (Documented the suggestion that users should set it totruewhen debugging SSL/TLS setup problems.)
Improvements:
- Added a few missing Javadoc comments.
- Upgraded dependencies (maven-plugin-api)
Assets 5
v6.2.0
Compare
Changes since 6.1.0:
Features:
- publish JSON Schema for YAML-based configuration (@christiangoerdes)
- added
<setCookies ...>which can compute cookie expiration times (@christiangoerdes)
Improvements:
- made some OpenAPI validation corner cases spec-compliant
- avoid
NullPointerExceptionduring validation for certain schemas - support
"type": "null" - support missing
"type"while still enforcing constraints - do not allow
"5.3"as a"type": "number"because it is only a"string" patterns are not anchored (use^...$to anchor them)- support
patternProperties
- avoid
- improved lock contention in
LimitedMemoryExchangeStoreandHttpEndpointListener(thanks, @Lucamadio!) <databaseApiKeyStore>: avoid error when table already exists<oauth2Resource2>: issue new session id after login (preventing possible session fixation attacks) (@rrayst)<oauth2Resource2>: convert error reconstructing the exchange (e.g. when clickingBackafter the login) to anOAuth2Exception, which can be handled by a customafterErrorUrl. (@rrayst)- upgrade dependencies (spring-web to 6.2.8, commons-fileupload to 1.6.0, bcpkix-jdk18on to 1.81 and others)
- improved examples
Contributors
rrayst, Lucamadio, and christiangoerdes
Assets 5
1 person reacted
v6.1.0
Compare
Since 6.0.4:
Breaks:
- Default scripting language is now
SpEL. You can still uselanguage="GROOVY"to switch back.
Fixes:
- remove RFC7540-based protocol upgrade headers
- fixed
<acme><fileStorage>locking - use 302 for OAuth2 redirects
- fixed OAuth2 state encoding
Improvements:
- added
membrane.sh generate-jwkto generate an RSA key (e.g. to encrypt session data) - introduced
<idempotency> - introduced
<chain>,<global> - added
<cors> - added
<mongoDBExchangeStore> - support expressions in
<target/>(seeexamples/routing-traffic/dynamic-routing) - improved examples
examples/orchestration/call-authenticationandexamples/orchestration/for-loop - bumped libraries (e.g. json-smart to 2.5.2, soa-model to 2.2.0)
- improvements for
<call/> - improvements for
<adminApi/> - test: added tests for OAuth2 Client using form_post
- improved OAuth2 Client: added PKCE
- refactor: SSLContext
- refactor: OAuth2 B2C tests
- refactor: OAuth2 Client
- refactor: HTTP
Headerclass - improved examples
- introduced optional byte stream logging
- support loading configuration from
proxies.yamlinstead ofproxies.xml - reduced flakiness of
Loadbalancing4XmlSessionExampleTest
Assets 4
v5.8.8
Compare
Change:
<oauth2Resource2>: In case of 'CSRF token mismatch.', log both tokens being compared to aid in analysis of root cause<oauth2Resource2>: Log if stored token gets overwritten after successful login
Assets 4
v5.5.14
Compare
Change:
<oauth2Resource2>: In case of 'CSRF token mismatch.', log both tokens being compared to aid in analysis of root cause<oauth2Resource2>: Log if stored token gets overwritten after successful login
Assets 4
v5.8.6
Compare
Change:
<oauth2Resource2>: Split 'CSRF token mismatch.' into 3 separate error cases. Enable usage ofafterErrorUrlalso for these 3 error cases.
Assets 4
v5.5.13
Compare
Change:
<oauth2Resource2>: Split 'CSRF token mismatch.' into 3 separate error cases. Enable usage ofafterErrorUrlalso for these 3 error cases.
Assets 4
Previous Next
You can’t perform that action at this time.