The latest from the Apiman Blog
The Apiman blog presents the latest Apiman release news and insights. We also share relevant API and software engineering content that we think you will find interesting.
Apiman 3.1.2 released!
I’m delighted to announce that I have released Apiman 3.1.2.Final.
One particularly useful change I’d like to highlight is that the Vert.x Gateway’s API, when secured by Keycloak, now accepts a list of additionally accepted issuers using
allowed-issuers, which is useful for users with more complex auth setups.
Apiman 3.1.0 released!
I’m delighted to announce that I have released Apiman 3.1.0.Final.
Aside from numerous bug fixes and a few interesting new features, this includes a security fix for CVE-2023-28640.
Due to an issue with the release pipeline, we ended up having to cut a 3.1.1.Final release also, but it’s identical to 3.1.0.Final.
Potential permissions bypass in Apiman 3.0.0.Final (CVE-2023-28640)
A vulnerability in Apiman has been disclosed that you need to be aware of and respond to. It has CVE ID CVE-2023-28640.
Potential permissions bypass in Apiman 1.5.7 through Apiman 2.2.3.Final (CVE-2022-47551)
A vulnerability in Apiman has been disclosed that you need to be aware of and respond to. It has CVE ID CVE-2022-47551.
Leaping forwards with Apiman 3
I’m delighted to announce that I have released Apiman 3.0.0.Final.
This is one of the most significant releases in Apiman’s history, with a considerable number of new features and behind-the-scenes improvements.
Oh, and I’ve created a completely new Jekyll-based website for Apiman that will help me better automate releases — I hope you like it!
Apiman 2.2.0.Final has been released (updates Keycloak to 15.1.1 & WildFly to 23.0.2.Final)
Happy Holidays, Apiman fans!
I’ve released Apiman 2.2.0.Final to upgrade Keycloak to 15.1.1 and WildFly to 23.0.2.Final. This is primarily because of another significant security vulnerability that has been disclosed in those platforms.
Apiman 2.1.5.Final has been released - please update if you’re on an old version
Hi, Apiman fans!
I hope you’re all well, and Season’s Greetings to those of you who celebrate Christmas 🎄.
I’d like to remind Apiman users to consider updating to Apiman 2.1.5 promptly, as it contains fixes for the now well-known log4j2 bugs.
Apiman 2.1.0.Final has been released 🚀
I’m very pleased to say that we’ve released Apiman 2.1.0.Final 👏. We’ve splatted a huge number of bugs and made a lot of improvements to stability, performance, and security.
Please consult the migration guide here if you are planning to upgrade from an earlier version if Apiman (especially if you’re using Elasticsearch).
Version 1.5 of Apiman is released!
I’m happy to announce that Apiman 1.5.1.Final is out.
It contains an important new policy feature: the ability to modify policy failures before they are returned to users (even if they are thrown by another policy).
This means that policies such as CORS can add their headers, irrespective of whether the request was successful or not (e.g. due to rate limiting).
Customising path patterns for your Apiman Gateway
One common request we hear is how to create custom URL patterns for the Apiman Gateway.
For example, this means allowing changing the (Public API) default:
To a custom alternative. As a simple example we’re going to hard-code an organisation in. We’ll assume that we’ve established a convention to always publish our APIs to a particular org. That will change the pattern to:
|If you’re using the Vert.x Gateway you should use Apiman 1.4.3.Final or later as a bug prevented plugins from loading from static config.
Version 1.4.3 of Apiman is released!
Apiman 1.4.3.Final is out. It contains a couple of bug-fixes. Most notably, a bug in the Vert.x Gateway that prevented plugins specified in static config (
conf.json) from being loaded properly.
Version 1.4 of Apiman is released!
I’m delighted to announce that Apiman 1.4 has been released (actually, 1.4.1.Final as of this blog post ).
The most important change in this release is that we’ve upgraded support for Elasticsearch from 1.x to 5.x. It may also support Elasticsearch 2.x, but this isn’t officially supported (let us know your experiences).