Incompatible changes
Incompatible changes refer to changes that affect existing functionality and migration from a previous release. Before you upgrade, make appropriate changes to your scripts and plugins.
Version | Description |
---|---|
2024.11 |
None |
2024.9 |
Zero-valued Prometheus metricsFollowing a performance improvement, the Prometheus output shows many new WebSocket proxy metrics with This could affect existing dashboards and reports. |
2024.6 |
Router now checks for directoryThe Router handler now checks
the |
ClientRegistration configurationsTo enable OpenID Connect ID token signature validation and the provider uses HMAC-based signatures, ClientRegistration configurations now require settings to access the client secret used for signature validation:
For details, refer to ClientRegistration. The Issuer for AuthorizationCodeOAuth2ClientFilter now uses asymmetric signature validation by default. |
|
Issuer configurationsWhen you enable OpenID Connect ID token signature validation, update these properties of your Issuer configurations:
For details, refer to Issuer. The Issuer for AuthorizationCodeOAuth2ClientFilter now uses asymmetric signature validation by default. |
|
2024.3 |
IG .war fileThe IG .war file is no longer created. It was deprecated in IG 6 and stopped being delivered in IG 2023.2. For information about migration, refer to Migrate from web container mode to standalone mode. |
|
|
ScriptsGroovy scripts used in the IG configuration must now use the UTF-8 character set. In previous releases, Groovy files referenced from the IG configuration could rely on default encoding or system properties. |
|
IG Java 17IG no longer supports Java 11. You must upgrade to Java 17. |
|
Vert.xUpgrade to Vert.x 4.5 renames and removes Vert.x options used by WebSocket
connections to AM and accessed through the Learn more about Vert.x changes in 4.5.0 Deprecations and breaking changes. Use the Vert.x options described in VertxOptions. |
|
Handling of failed HTTP responsesIG now fails an HTTP response promise when:
In previous releases, IG completed the response promise but the response was unreadable. |
|
JWT must be signed or encryptedThe following filters must now be configured with a SecretsProvider and signature or encryption: |
|
Improved security for CrossDomainSingleSignOnFilterWhen From this release, if In previous releases, the CrossDomainSingleSignOnFilter accepted unsigned tokens. |
|
IG .zip fileTo prevent confusion during upgrade, PingGateway-2024.11.0.zip now unpacks to a directory
containing the IG version number. For example, this release unpacks to
In previous releases, PingGateway-2024.11.0.zip unpacked to |
|
Treatment of HTTP 500 errorsHTTP 500 errors are no longer computed in Handlers or Filters. Instead, they fail the response promise with the Runtime exception that caused the failure. |
|
Inline objects can’t be referenced from the configurationIn previous releases, other objects in a configuration could refer to an inline
object through its |
|
2023.11 |
Change to host header capitalization for HTTP/2For HTTP/2, PingGateway pseudo-headers and This isn’t a breaking change. RFC 2616, 4.2 Message Headers explains, "Field names are case-insensitive." Some applications expect case-sensitive header names, such as |
Safeguard against accidental exposure of private keys with JwkSetHandlerThe new property The property is |
|
2023.9 |
None |
2023.6 |
Improved security for scriptsTo improve security, IG now runs scripts only from an absolute path, or from a path relative to the base script directory. Routes that refer to scripts otherwise, such as through a URL, fail to deploy. For more information, refer to the |
2023.4 |
None |
2023.2 |
The IG .war file is no longer delivered. Learn more in Migrate from web container mode to standalone mode. |
7.2 |
ScriptableResourceUriProvider accepts returned values only as a
|
AM 5.x.x EOLAM 5.x.x has reached product end of life and is no longer supported.
The default value of the AmService property |
|
|
|
JWT classes relocated to new packagesClasses related to JWT stateless sessions have moved from the
package Classes and functions used to validate a JWT, used with a
JwtValidatorCustomizer in a JwtValidationFilter, have moved from the
package The IG scripting engine has been updated to incorporate the changes automatically. |
|
CDSSO requires session cookies with
|