The latest from the Apiman Blog

The Apiman blog presents the latest Apiman release news and insights. We also share relevant API and software engineering content that we think you will find interesting.

Apiman 3.1.2 released!

I’m delighted to announce that I have released Apiman 3.1.2.Final.

One particularly useful change I’d like to highlight is that the Vert.x Gateway’s API, when secured by Keycloak, now accepts a list of additionally accepted issuers using allowed-issuers, which is useful for users with more complex auth setups.

apiman, release

Apiman 3.1.0 released!

I’m delighted to announce that I have released Apiman 3.1.0.Final.

Aside from numerous bug fixes and a few interesting new features, this includes a security fix for CVE-2023-28640.

Due to an issue with the release pipeline, we ended up having to cut a 3.1.1.Final release also, but it’s identical to 3.1.0.Final.

apiman, release

Potential permissions bypass in Apiman 3.0.0.Final (CVE-2023-28640)

A vulnerability in Apiman has been disclosed that you need to be aware of and respond to. It has CVE ID CVE-2023-28640.


Potential permissions bypass in Apiman 1.5.7 through Apiman 2.2.3.Final (CVE-2022-47551)

A vulnerability in Apiman has been disclosed that you need to be aware of and respond to. It has CVE ID CVE-2022-47551.


Leaping forwards with Apiman 3

I’m delighted to announce that I have released Apiman 3.0.0.Final.

This is one of the most significant releases in Apiman’s history, with a considerable number of new features and behind-the-scenes improvements.

There is also a new Docker Compose distribution that makes Apiman easier than ever to try out; please give it a go and let us know your thoughts.

Oh, and I’ve created a completely new Jekyll-based website for Apiman that will help me better automate releases β€” I hope you like it!

apiman, release

Apiman 2.2.0.Final has been released (updates Keycloak to 15.1.1 & WildFly to 23.0.2.Final)

Happy Holidays, Apiman fans!

I’ve released Apiman 2.2.0.Final to upgrade Keycloak to 15.1.1 and WildFly to 23.0.2.Final. This is primarily because of another significant security vulnerability that has been disclosed in those platforms.

apiman, release

Apiman 2.1.5.Final has been released - please update if you’re on an old version

Hi, Apiman fans!

I hope you’re all well, and Season’s Greetings to those of you who celebrate Christmas πŸŽ„.

I’d like to remind Apiman users to consider updating to Apiman 2.1.5 promptly, as it contains fixes for the now well-known log4j2 bugs.

apiman, release

Apiman 2.1.0.Final has been released πŸš€

I’m very pleased to say that we’ve released Apiman 2.1.0.Final πŸ‘. We’ve splatted a huge number of bugs and made a lot of improvements to stability, performance, and security.

Please consult the migration guide here if you are planning to upgrade from an earlier version if Apiman (especially if you’re using Elasticsearch).

apiman, release

Version 1.5 of Apiman is released!

I’m happy to announce that Apiman 1.5.1.Final is out.

It contains an important new policy feature: the ability to modify policy failures before they are returned to users (even if they are thrown by another policy).

This means that policies such as CORS can add their headers, irrespective of whether the request was successful or not (e.g. due to rate limiting).

apiman, release

Customising path patterns for your Apiman Gateway

One common request we hear is how to create custom URL patterns for the Apiman Gateway.

For example, this means allowing changing the (Public API) default:


To a custom alternative. As a simple example we’re going to hard-code an organisation in. We’ll assume that we’ve established a convention to always publish our APIs to a particular org. That will change the pattern to:

If you’re using the Vert.x Gateway you should use Apiman 1.4.3.Final or later as a bug prevented plugins from loading from static config.
apiman, gateway, manager, plugin, extensibility

Version 1.4.3 of Apiman is released!

Apiman 1.4.3.Final is out. It contains a couple of bug-fixes. Most notably, a bug in the Vert.x Gateway that prevented plugins specified in static config (conf.json) from being loaded properly.

apiman, release

Version 1.4 of Apiman is released!

I’m delighted to announce that Apiman 1.4 has been released (actually, 1.4.1.Final as of this blog post [1]).

The most important change in this release is that we’ve upgraded support for Elasticsearch from 1.x to 5.x. It may also support Elasticsearch 2.x, but this isn’t officially supported (let us know your experiences).

1. We fixed a couple of bugs spotted in 1.4.0.Final by the community before the blog was written
apiman, release