You are browsing documentation for an older version. See the latest documentation here.
Kong Gateway 3.4.x breaking changes
Before upgrading, review any configuration or breaking changes in this version and prior versions that affect your current installation.
You may need to adopt different upgrade paths depending on your deployment methods, set of features in use, custom plugins, for example.
TLS changes
3.4.3.5
In OpenSSL 3.2, the default SSL/TLS security level has been changed from 1 to 2. This means the security level is set to 112 bits of security. As a result, the following are prohibited:
- RSA, DSA, and DH keys shorter than 2048 bits
- ECC keys shorter than 224 bits
- Any cipher suite using RC4
- SSL version 3 Additionally, compression is disabled.
Deployment
Amazon Linux 2022 to 2023 rename
Amazon Linux 2022 artifacts are renamed to Amazon Linux 2023, based on AWS’s own renaming.
Alpine support removed
Alpine packages and Docker images based on Alpine are no longer supported. Starting with Kong Gateway 3.4.0.0, Kong is not building new Alpine images or packages.
Ubuntu 18.04 support removed
Support for running Kong Gateway on Ubuntu 18.04 (“Bionic”) is now deprecated, as Standard Support for Ubuntu 18.04 has ended as of June 2023. Starting with Kong Gateway 3.4.0.0, Kong is not building new Ubuntu 18.04 images or packages, and Kong will not test package installation on Ubuntu 18.04.
If you need to install Kong Gateway on Ubuntu 18.04, see the documentation for previous versions.
Cassandra DB support removed
Cassandra DB support has been removed. It is no longer supported as a data store for Kong Gateway.
You can migrate from Cassandra DB to PostgreSQL by following the migration guide, or reach out to your support representative for help.
Configuration changes
The following is a list of changes in kong.conf
in this release.
Item | Recommended action |
---|---|
LMDB encryption has been disabled. The parameter declarative_config_encryption_mode has been removed from kong.conf . |
No action needed. |
Renamed the configuration property admin_api_uri to admin_gui_api_url . The old admin_api_uri property is considered deprecated and will be fully removed in a future version of Kong Gateway. |
Update your configuration to use admin_gui_api_url . |
The database parameter no longer accepts cassandra as an option. All Cassandra options have been removed. |
If you use Cassandra DB, either migrate to PostgreSQL (postgres ) or DB-less mode (off ). |
Admin API changes
The /consumer_groups/:id/overrides
endpoint is deprecated in favor of a more generic plugin scoping mechanism.
See the new consumer groups entity.
Plugin changes
Validation for plugin queue related parameters has been improved. Certain parameters now have stricter requirements.
-
max_batch_size
,max_entries
, andmax_bytes
are now declared asinteger
instead ofnumber
. -
initial_retry_delay
andmax_retry_delay
must now be numbers greater than 0.001 (in seconds).
This affects the following plugins:
Rate Limiting Advanced
The /consumer_groups/:id/overrides
endpoint has been deprecated. While this endpoint will still function, we strongly recommend transitioning to the new and improved method for managing consumer groups, as documented in the Enforcing rate limiting tiers with the Rate Limiting Advanced plugin guide.
Known issues
Some referenceable configuration fields, such as the http_endpoint
field
of the http-log
plugin and the endpoint
field of the opentelemetry
plugin,
do not accept reference values due to incorrect field validation.
When adding new plugins to the existing installation (either manually or via the extension of bundled
plugins), the kong migrations finish
or kong migrations up
must be run with the -f
flag to forcefully upgrade the plugin schemas.