This is an automated email from the ASF dual-hosted git repository.
traky pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix-website.git
The following commit(s) were added to refs/heads/master by this push:
new 5a17804b412 blog: add 3.14.0 release notes (#1955)
5a17804b412 is described below
commit 5a17804b4121bad15738fa82906a3315a1d638e6
Author: Traky Deng <[email protected]>
AuthorDate: Sat Oct 11 10:26:50 2025 +0800
blog: add 3.14.0 release notes (#1955)
* add 3.14.0 release notes
* lint
---
.../2025/10/10/release-apache-apisix-3.14.0.md | 219 +++++++++++++++++++++
.../2025/10/10/release-apache-apisix-3.14.0.md | 219 +++++++++++++++++++++
2 files changed, 438 insertions(+)
diff --git a/blog/en/blog/2025/10/10/release-apache-apisix-3.14.0.md
b/blog/en/blog/2025/10/10/release-apache-apisix-3.14.0.md
new file mode 100644
index 00000000000..14633781b56
--- /dev/null
+++ b/blog/en/blog/2025/10/10/release-apache-apisix-3.14.0.md
@@ -0,0 +1,219 @@
+---
+title: "Release Apache APISIX 3.14.0"
+authors:
+ - name: "Ashish Tiwari"
+ title: "Author"
+ url: "https://github.com/Revolyssup";
+ image_url: "https://github.com/Revolyssup.png";
+ - name: "Traky Deng"
+ title: "Technical Writer"
+ url: "https://github.com/kayx23";
+ image_url: "https://github.com/kayx23.png";
+keywords:
+ - Apache APISIX
+ - API Gateway
+ - API Management Platform
+ - New Release
+ - Cloud Native
+description: The Apache APISIX 3.14.0 version is released on Oct 10, 2025.
This release includes a few changes, new features, bug fixes, and other
improvements to user experiences.
+tags: [Community]
+---
+
+We are glad to present Apache APISIX 3.14.0 with exciting new features, bug
fixes, and other improvements to user experiences.
+
+<!--truncate-->
+
+This release introduces several new features, including new AI proxy variables
for logging, support for AI/ML API providers in AI plugins, route matching
based on the request body, support for the KSUID algorithm in the `request-id`
plugin, and more.
+
+There are also a few important changes included in this release. Should you
find these changes impacting your operations, please plan your upgrade
accordingly.
+
+## Breaking Changes
+
+### Admin API no longer populates default values
+
+The Admin API will no longer automatically populate default values when
writing configurations. Previously, when users submitted configurations through
the Admin API, APISIX would automatically fill in default values for optional
fields before storing them. This behavior has been removed to prevent user
confusion and improve compatibility with tools like the APISIX Ingress
Controller.
+
+This change affects how configurations are written but not how they are read -
when retrieving configurations via GET requests, the default values will still
be present in the response as they are populated during the read operation.
+
+Users should ensure their configuration supply all necessary values in the
Admin API payload, as default values will no longer be automatically added
during write operations.
+
+For more information, see [PR
#12603](https://github.com/apache/apisix/pull/12603).
+
+### `jwt-auth` plugin requires `secret` for non-RS/ES algorithms
+
+The `jwt-auth` plugin will no longer automatically generate a secret value
when none is provided for algorithms other than RS256 and ES256. Previously,
when users configured the `jwt-auth` plugin without providing a secret for
algorithms like HS256 or HS512, APISIX would automatically generate one.
+
+Now users must explicitly configure the secret field when using algorithms
other than RS256 and ES256. If no secret is provided, the plugin will return an
error message requiring users to set this value manually.
+
+This change improves configuration transparency and prevents potential
confusion from auto-generated values. Users should review their `jwt-auth`
plugin configurations and ensure they explicitly set the secret field where
required.
+
+For more information, see [PR
#12611](https://github.com/apache/apisix/pull/12611).
+
+### `openid-connect` plugin requires explicit session secret configuration
+
+In this release, the `openid-connect` plugin no longer auto-generates a
`session.secret` when `bearer_only` is set to `false` and no `session.secret`
is provided. Instead, the user must explicitly specify `session.secret` when
`bearer_only` is set to `false`.
+
+For more information, see [PR
#12609](https://github.com/apache/apisix/pull/12609).
+
+## New Features
+
+### Support route matching based on request body
+
+You can now use `post_arg.*` in a route's `vars` to match requests based on
the request body value. `post_arg` supports JSON, multipart, and URL-encoded
request bodies, enabling flexible and dynamic routing logic based on message
payloads.
+
+For more information, see [PR
#12388](https://github.com/apache/apisix/pull/12388).
+
+### Add global switch to disable all upstream health checks
+
+This release introduces a new configuration option
`apisix.disable_upstream_healthcheck` in the `config.yaml` that allows you to
turn off all upstream health checks at once. This is useful in emergency where
health checking may interfere with routing fallback.
+
+For more information, see [PR
#12407](https://github.com/apache/apisix/pull/12407).
+
+### Support multiple objects in a single log
+
+This release increases flexibility of the `json.delay_encode` logging feature:
up to 16 distinct `delay_encode` objects can now be included in a single log
entry. This gives finer control over how and which parts of log payloads are
delayed or encoded.
+
+For more information, see [PR
#12395](https://github.com/apache/apisix/pull/12395).
+
+### Add custom claim validation in `openid-connect` plugin
+
+This release introduces the ability to configure custom claim validation in
the `openid-connect` plugin. This enhancement allows users to define validation
rules for specific claims, such as ensuring a claim matches one of a set of
predefined values. If a claim fails validation, the request will be rejected.
+
+For more information, see [PR
#11824](https://github.com/apache/apisix/pull/11824).
+
+### Support environment variables in `openid-connect` plugin
+
+This release adds support for environment variables in the configuration of
the `openid-connect` plugin. Users can now store sensitive fields, such as
`client_secret`, in environment variables, enhancing security and flexibility
during deployment.
+
+For more information, see [PR
#11451](https://github.com/apache/apisix/pull/11451).
+
+### Introduce `traffic-split` plugin for stream routes
+
+This release introduces the `traffic-split` plugin for stream routes (L4),
enabling weighted traffic distribution across multiple upstreams. This
enhancement allows more granular control over traffic routing in stream-based
applications.
+
+For more information, see [PR
#12630](https://github.com/apache/apisix/pull/12630).
+
+### Add KSUID algorithm in `request-id` plugin
+
+This release supports KSUID (K-Sortable Globally Unique Identifier) algorithm
in the `request-id` plugin for request ID generation.
+
+For more information, see [PR
#12573](https://github.com/apache/apisix/pull/12573).
+
+### Introduce fallback mechanism in `ai-proxy-multi` plugin
+
+This release enhances the `ai-proxy-multi` plugin by adding a fallback
mechanism for specific error codes. This improvement ensures more resilient AI
proxying by allowing predefined fallback behaviors when certain error
conditions are met.
+
+For more information, see [PR
#12571](https://github.com/apache/apisix/pull/12571).
+
+### Support metadata headers and HEAD method in Standalone API
+
+The standalone API has two new response metadata headers: `X-Last-Modified`
and `X-Digest`, which let clients detect which instance was last updated and
inspect a configuration digest passed by the client.
+
+In addition, HEAD requests are now supported (returning only metadata, not
full config), making lightweight polling or metadata checks possible.
+
+For more information, see [PR
#12526](https://github.com/apache/apisix/pull/12526).
+
+### Add new AI proxy variables for logging
+
+This release adds the following variables to the `ai-proxy` and
`ai-proxy-multi` plugins:
+
+* `apisix_upstream_response_time`: Time taken for APISIX to send the request
to the upstream service and receive the full response.
+* `request_type`: Type of request, where the value could be
`traditional_http`, `ai_chat`, or `ai_stream`.
+* `llm_time_to_first_token`: Duration from request sending to the first token
received from the LLM service, in milliseconds.
+* `llm_model`: LLM model name forwarded to the upstream LLM service.
+* `request_llm_model`: LLM model name specified in the request.
+* `llm_prompt_tokens`: Number of tokens in the prompt.
+* `llm_completion_tokens`: Number of chat completion tokens in the prompt.
+
+These variables can be logged in the access log, utilized with logging
plugins, or exported as Prometheus metrics. This enhancement improves
monitoring and debugging by offering insights into upstream service response
times during AI proxying.
+
+For more information, see [PR
#12555](https://github.com/apache/apisix/pull/12555), [PR
#12554](https://github.com/apache/apisix/pull/12554), [PR
#12515](https://github.com/apache/apisix/pull/12515), and [PR
#12518](https://github.com/apache/apisix/pull/12518).
+
+### Introduce `ai-aliyun-content-moderation` plugin
+
+This release introduces the new `ai-aliyun-content-moderation` plugin,
enabling integration with Aliyun's Machine-Assisted Moderation Plus for content
moderation. The plugin evaluates request bodies for profanity, hate speech,
insults, harassment, violence, and more. Any request that exceeds the specified
threshold will be rejected.
+
+For more information, see [PR
#12530](https://github.com/apache/apisix/pull/12530).
+
+### Add Azure AI and AI/ML API providers to AI plugins
+
+The `ai-proxy`, `ai-proxy-multi`, and `ai-request-rewrite` plugins now
supports Azure AI and AI/ML API as providers.
+
+When `provider` is set to `azure-openai`, the plugin proxies requests to the
custom endpoint configured in `override` and additionally removes the model
parameter from user requests.
+
+AI/ML API provides a unified OpenAI-compatible API with access to 300+ LLMs
such as GPT-4, Claude, Gemini, DeepSeek, and others. When `provider` is set to
`aimlapi`, the plugin allows users to route AI requests to AIMLAPI-compatible
endpoints, broadening the spectrum of AI providers that can be utilized within
the APISIX ecosystem.
+
+For more information, see [PR
#12565](https://github.com/apache/apisix/pull/12565) and [PR
#12379](https://github.com/apache/apisix/pull/12379).
+
+### Support healthcheck in `ai-proxy-multi` plugin
+
+The `ai-proxy-multi` plugin now includes health check support for upstream AI
services. Each backend endpoint can be monitored for availability, and requests
can be routed dynamically to healthy endpoints. This ensures high availability
and prevents requests from being sent to unresponsive AI servers, improving
reliability in production environments.
+
+For more information, see [PR
#12509](https://github.com/apache/apisix/pull/12509).
+
+### Support `limit-conn` in `workflow` plugin rules
+
+This release enhances the `workflow` plugin by allowing it to include the
`limit-conn` plugin as part of workflow rules.
+
+For more information, see [PR
#12465](https://github.com/apache/apisix/pull/12465).
+
+### Improve `datadog` plugin tagging
+
+The `datadog` plugin now provides enhanced metrics and tags to support a wider
range of observability needs. This update introduces several new tags:
+
+* `response_status`: The HTTP response status code (e.g., "200", "404", "503").
+* `response_status_class`: The class of the HTTP response status code (e.g.,
"2xx", "4xx", "5xx").
+* `path`: The HTTP path pattern, available only if the `include_path`
attribute is set to `true`.
+* `method`: The HTTP method, available only if the `include_method` attribute
is set to `true`.
+
+For more information, see [PR
#11943](https://github.com/apache/apisix/pull/11943).
+
+### Add support for `extra_headers` in `forward-auth` plugin
+
+The `forward-auth` plugin can now extract fields from the request body and
inject them as headers to the upstream service, using `extra_headers` and
`$post_arg.*`. For example, if authentication returns a user role or token in
the response body, you can now map part of that body into a header that
downstream services can consume.
+
+For more information, see [PR
#12405](https://github.com/apache/apisix/pull/12405).
+
+## Other Updates
+
+* Add healthcheck manager to decouple upstream (PR
[#12426](https://github.com/apache/apisix/pull/12426))
+* Decouple Prometheus exporter calculation and output (PR
[#12383](https://github.com/apache/apisix/pull/12383))
+* Redact encrypted fields from error logs to prevent sensitive data leakage
(PR [#12629](https://github.com/apache/apisix/pull/12629))
+* Fix inconsistent resolved nodes for health checks in the `ai-proxy-multi`
plugin (PR [#12594](https://github.com/apache/apisix/pull/12594))
+* Only trust `X-Forwarded-*` headers from configured `trusted_addresses` (PR
[#12551](https://github.com/apache/apisix/pull/12551))
+* Ensure redirects work correctly when scheme is not HTTPS (PR
[#12561](https://github.com/apache/apisix/pull/12561))
+* Fix UI redirect errors when running behind a proxy (PR
[#12566](https://github.com/apache/apisix/pull/12566))
+* Refresh stale LRU cache items for secrets in the background (PR
[#12614](https://github.com/apache/apisix/pull/12614))
+* Restore missing runtime information in health check manager (PR
[#12607](https://github.com/apache/apisix/pull/12607))
+* Support stream route configuration in Standalone Admin API mode (PR
[#12604](https://github.com/apache/apisix/pull/12604))
+* Only log response body when `include_resp_body` is enabled (PR
[#12599](https://github.com/apache/apisix/pull/12599))
+* Correct spelling of `get_healthcheck_events_module` function name (PR
[#12587](https://github.com/apache/apisix/pull/12587))
+* Prevent panic when `ai-proxy-multi` instance lacks a custom endpoint (PR
[#12584](https://github.com/apache/apisix/pull/12584))
+* Prevent message accumulation across requests in AI Prompt Decorator plugin
(PR [#12582](https://github.com/apache/apisix/pull/12582))
+* Remove stale `stream_worker_events.sock` file in Docker entrypoint (PR
[#12546](https://github.com/apache/apisix/pull/12546))
+* Add expiration time (`exptime`) to EWMA shared dictionary items (PR
[#12557](https://github.com/apache/apisix/pull/12557))
+* Catch malformed override endpoints in `ai-proxy` schema validation (PR
[#12563](https://github.com/apache/apisix/pull/12563))
+* Fix missing `ctx.llm_raw_usage` value in non-stream mode (PR
[#12564](https://github.com/apache/apisix/pull/12564))
+* Check types of `choices`, `usage`, and `content` fields in `ai-proxy` before
use (PR [#12548](https://github.com/apache/apisix/pull/12548))
+* Adjust ID length for Kubernetes service discovery (PR
[#12536](https://github.com/apache/apisix/pull/12536))
+* Make `basic-auth` scheme case-insensitive (PR
[#12539](https://github.com/apache/apisix/pull/12539))
+* Skip client certificate verification when only `tls.verify` is configured
(PR [#12527](https://github.com/apache/apisix/pull/12527))
+* Load full data from etcd when worker restarts (PR
[#12523](https://github.com/apache/apisix/pull/12523))
+* Upgrade etcd revision on watch request timeout (PR
[#12514](https://github.com/apache/apisix/pull/12514))
+* Enable EndpointSlices support for Kubernetes discovery (PR
[#11654](https://github.com/apache/apisix/pull/11654))
+* Include gRPC trailers even when response body is empty in `grpc-web` (PR
[#12490](https://github.com/apache/apisix/pull/12490))
+* Fix hostname retrieval issue on Red Hat systems (PR
[#12267](https://github.com/apache/apisix/pull/12267))
+* Fix batch processor cache not working when plugin is configured on service
level (PR [#12474](https://github.com/apache/apisix/pull/12474))
+* Resolve variable references in `$post_arg` for Forward Auth plugin’s
`extra_headers` (PR [#12435](https://github.com/apache/apisix/pull/12435))
+* Fix inconsistent circuit breaking due to premature `breaker_time` increment
in `api-breaker` plugin (PR
[#12451](https://github.com/apache/apisix/pull/12451))
+* Add missing configuration validation for Standalone Admin API mode (PR
[#12424](https://github.com/apache/apisix/pull/12424))
+* Skip writing access logs when `enable_access_log` is set to false (PR
[#11310](https://github.com/apache/apisix/pull/11310))
+* Remove unused `set_ngx_var` attribute from OpenTelemetry plugin (PR
[#12411](https://github.com/apache/apisix/pull/12411))
+* Support `Content-Type` headers with charset for URL-encoded data in Request
Validation plugin (PR [#12406](https://github.com/apache/apisix/pull/12406))
+* Fix Zipkin `trace_id` and `span_id` format in `ngx_var` (PR
[#12403](https://github.com/apache/apisix/pull/12403))
+* Fix missed consumer updates caused by incorrect cache versioning (PR
[#12413](https://github.com/apache/apisix/pull/12413))
+* Ensure `get_keys` returns all items from shared dictionary beyond default
1024 limit (PR [#12380](https://github.com/apache/apisix/pull/12380))
+
+## Changelog
+
+For a complete list of changes in this release, please see
[CHANGELOG](https://github.com/apache/apisix/blob/master/CHANGELOG.md#3140).
diff --git a/blog/zh/blog/2025/10/10/release-apache-apisix-3.14.0.md
b/blog/zh/blog/2025/10/10/release-apache-apisix-3.14.0.md
new file mode 100644
index 00000000000..cd22bb30788
--- /dev/null
+++ b/blog/zh/blog/2025/10/10/release-apache-apisix-3.14.0.md
@@ -0,0 +1,219 @@
+---
+title: "Apache APISIX 3.14.0 正式发布"
+authors:
+ - name: "Ashish Tiwari"
+ title: "Author"
+ url: "https://github.com/Revolyssup";
+ image_url: "https://github.com/Revolyssup.png";
+ - name: "Traky Deng"
+ title: "Technical Writer"
+ url: "https://github.com/kayx23";
+ image_url: "https://github.com/kayx23.png";
+keywords:
+- Apache APISIX
+- API Gateway
+- API Management Platform
+- New Release
+- Cloud Native
+description: Apache APISIX 3.14.0 版本于 2025 年 10 月 10
日发布。该版本带来了一系列新功能、修复、以及相关用户体验优化。
+tags: [Community]
+---
+
+我们很高兴地宣布 Apache APISIX 3.14.0 版本已经发布,带来了一系列新功能、修复、以及相关用户体验优化。
+
+<!--truncate-->
+
+此版本引入了多项新功能,包括用于日志记录的新 AI 插件变量、AI 插件中对 AI/ML API
提供程序的支持、基于请求正文的路由匹配、`request-id` 插件中对 KSUID 算法的支持等等。
+
+此外,该版本还包含了一些重要的变更。如果您发现这些变更会对您的使用产生影响,请进行相应的计划升级。
+
+## 重大变更
+
+### Admin API 不再填充默认值
+
+Admin API 在写入配置时将不再自动填充默认值。以前,当用户通过 Admin API 提交配置时,APISIX
会在存储可选字段之前自动填充默认值。此行为已被移除,以避免用户混淆,并提高与 APISIX Ingress Controller 等工具的兼容性。
+
+此变更会影响配置的写入方式,但不会影响配置的读取方式——通过 GET 请求检索配置时,默认值仍会显示在响应中,因为它们是在读取操作期间填充的。
+
+用户应确保其配置在 Admin API 负载中提供所有必要值,因为在写入操作期间将不再自动添加默认值。
+
+更多信息,请参阅 [PR #12603](https://github.com/apache/apisix/pull/12603)。
+
+### `jwt-auth` 插件需要为非 RS/ES 算法提供 `secret`
+
+如果未为 RS256 和 ES256 以外的算法提供密钥,`jwt-auth` 插件将不再自动生成密钥值。以前,如果用户配置 `jwt-auth`
插件时未为 HS256 或 HS512 等算法提供密钥,APISIX 会自动生成一个密钥。
+
+现在,当用户使用 RS256 和 ES256 以外的算法时,必须明确配置密钥字段。如果未提供密钥,插件将返回错误消息,要求用户手动设置此值。
+
+此更改提高了配置透明度,并避免了自动生成的值可能造成的混淆。用户应检查其 `jwt-auth` 插件配置,并确保在需要时明确设置密钥字段。
+
+更多信息,请参阅 [PR #12611](https://github.com/apache/apisix/pull/12611)。
+
+### `openid-connect` 插件需要显式配置会话密钥
+
+在此版本中,当 `bearer_only` 设置为 `false` 且未提供 `session.secret` 时,`openid-connect`
插件不再自动生成 `session.secret`。相反,当 `bearer_only` 设置为 `false` 时,用户必须显式指定
`session.secret`。
+
+更多信息,请参阅 [PR #12609](https://github.com/apache/apisix/pull/12609)。
+
+## 新功能
+
+### 支持基于请求体匹配路由
+
+现在,您可以在路由的 `vars` 中使用 `post_arg.*`,根据请求体值匹配请求。`post_arg` 支持 JSON、multipart 和
URL 编码的请求体,从而实现基于消息负载的灵活动态路由逻辑。
+
+更多信息,请参阅 [PR #12388](https://github.com/apache/apisix/pull/12388)。
+
+### 添加全局开关以禁用所有上游健康检查
+
+此版本在 `config.yaml` 中引入了一个新的配置选项
`apisix.disable_upstream_healthcheck`,允许您一次性关闭所有上游健康检查。这在紧急情况下非常有用,因为健康检查可能会干扰路由回退。
+
+更多信息,请参阅 [PR #12407](https://github.com/apache/apisix/pull/12407)。
+
+### 支持单个日志中的多个对象
+
+此版本增强了 `json.delay_encode` 日志功能的灵活性:现在单个日志条目中最多可以包含 16 个不同的 `delay_encode`
对象。这可以更精细地控制日志负载的延迟或编码方式以及部分内容。
+
+更多信息,请参阅 [PR #12395](https://github.com/apache/apisix/pull/12395)。
+
+### 在 `openid-connect` 插件中添加自定义声明验证
+
+此版本引入了在 `openid-connect`
插件中配置自定义声明验证的功能。此增强功能允许用户为特定声明定义验证规则,例如确保声明与一组预定义值中的某个值匹配。如果声明未通过验证,则请求将被拒绝。
+
+更多信息,请参阅 [PR #11824](https://github.com/apache/apisix/pull/11824)。
+
+### 在 `openid-connect` 插件中支持环境变量
+
+此版本在 `openid-connect` 插件的配置中添加了对环境变量的支持。用户现在可以将敏感字段(例如
`client_secret`)存储在环境变量中,从而增强部署期间的安全性和灵活性。
+
+更多信息,请参阅 [PR #11451](https://github.com/apache/apisix/pull/11451)。
+
+### 为 stream 路由引入 `traffic-split` 插件
+
+此版本为 stream 路由 (L4) 引入了 `traffic-split`
插件,支持跨多个上游的加权流量分配。此增强功能允许在基于流的应用程序中更精细地控制流量路由。
+
+更多信息,请参阅 [PR #12630](https://github.com/apache/apisix/pull/12630)。
+
+### 在 `request-id` 插件中添加 KSUID 算法
+
+此版本支持在 `request-id` 插件中使用 KSUID(K 排序全局唯一标识符)算法生成请求 ID。
+
+更多信息,请参阅 [PR #12573](https://github.com/apache/apisix/pull/12573)。
+
+### 在 `ai-proxy-multi` 插件中引入回退机制
+
+此版本增强了 `ai-proxy-multi` 插件的功能,添加了针对特定错误代码的回退机制。此改进允许在满足特定错误条件时执行预定义的回退行为,从而确保
AI 代理更具弹性。
+
+更多信息,请参阅 [PR #12571](https://github.com/apache/apisix/pull/12571)。
+
+### 在独立 API 中支持元数据标头和 HEAD 方法
+
+独立 API 新增了两个响应元数据标头:`X-Last-Modified` 和
`X-Digest`,它们允许客户端检测哪个实例的最后更新,并检查客户端传递的配置摘要。
+
+此外,现在支持 HEAD 请求(仅返回元数据,不返回完整配置),从而可以进行轻量级轮询或元数据检查。
+
+更多信息,请参阅 [PR #12526](https://github.com/apache/apisix/pull/12526)。
+
+### 添加新的 AI 代理变量用于日志记录
+
+此版本在 `ai-proxy` 和 `ai-proxy-multi` 插件中添加了以下变量:
+
+* `apisix_upstream_response_time`:APISIX 将请求发送到上游服务并接收完整响应所需的时间。
+* `request_type`:请求类型,其值可以是 `traditional_http`、`ai_chat` 或 `ai_stream`。
+* `llm_time_to_first_token`:从请求发送到从 LLM 服务收到第一个令牌的时长,以毫秒为单位。
+* `llm_model`:转发到上游 LLM 服务的 LLM 模型名称。
+* `request_llm_model`:请求中指定的 LLM 模型名称。
+* `llm_prompt_tokens`:提示中的令牌数量。
+* `llm_completion_tokens`:提示中的聊天完成令牌数量。
+
+这些变量可以记录在访问日志中,与日志插件一起使用,或导出为 Prometheus 指标。此增强功能通过提供 AI
代理期间上游服务响应时间的洞察,改进了监控和调试功能。
+
+更多信息,请参阅 [PR #12555](https://github.com/apache/apisix/pull/12555)、[PR
#12554](https://github.com/apache/apisix/pull/12554)、[PR
#12515](https://github.com/apache/apisix/pull/12515) 和 [PR
#12518](https://github.com/apache/apisix/pull/12518)。
+
+### 新增 `ai-aliyun-content-moderation` 插件
+
+此版本引入了全新的 `ai-aliyun-content-moderation` 插件,可与阿里云的 Machine-Assisted Moderation
Plus 集成,进行内容审核。该插件会评估请求主体中是否存在亵渎、仇恨言论、侮辱、骚扰、暴力等内容。任何超过指定阈值的请求都将被拒绝。
+
+更多信息,请参阅 [PR #12530](https://github.com/apache/apisix/pull/12530)。
+
+### 将 Azure AI 和 AI/ML API 提供程序添加到 AI 插件
+
+`ai-proxy`、`ai-proxy-multi` 和 `ai-request-rewrite` 插件现在支持 Azure AI 和 AI/ML API
作为提供程序。
+
+当 `provider` 设置为 `azure-openai` 时,该插件会将请求代理到 `override`
中配置的自定义端点,并从用户请求中移除模型参数。
+
+AI/ML API 提供统一的 OpenAI 兼容 API,可访问 300 多个 LLM,例如 GPT-4、Claude、Gemini、DeepSeek
等。当 `provider` 设置为 `aimlapi` 时,该插件允许用户将 AI 请求路由到兼容 AIMLAPI 的端点,从而扩大了 APISIX
生态系统中可使用的 AI 提供程序范围。
+
+更多信息,请参阅 [PR #12565](https://github.com/apache/apisix/pull/12565) 和 [PR
#12379](https://github.com/apache/apisix/pull/12379)。
+
+### 在 `ai-proxy-multi` 插件中支持健康检查
+
+`ai-proxy-multi` 插件现在支持对上游 AI
服务的健康检查。每个后端端点的可用性都可以监控,并且请求可以动态路由到健康的端点。这确保了高可用性,并防止请求发送到响应迟钝的 AI
服务器,从而提高了生产环境中的可靠性。
+
+更多信息,请参阅 [PR #12509](https://github.com/apache/apisix/pull/12509)。
+
+### 在 `workflow` 插件规则中支持 `limit-conn`
+
+此版本增强了 `workflow` 插件的功能,允许其将 `limit-conn` 插件作为 `workflow` 规则的一部分。
+
+更多信息,请参阅 [PR #12465](https://github.com/apache/apisix/pull/12465)。
+
+### 改进 `datadog` 插件标签
+
+`datadog` 插件现在提供增强的指标和标签,以支持更广泛的可观察性需求。此更新引入了几个新标签:
+
+* `response_status`:HTTP 响应状态代码(例如,“200”、“404”、“503”)。
+* `response_status_class`:HTTP 响应状态代码的类别(例如,“2xx”、“4xx”、“5xx”)。
+* `path`:HTTP 路径模式,仅当 `include_path` 属性设置为 `true` 时可用。
+* `method`:HTTP 方法,仅当 `include_method` 属性设置为 `true` 时可用。
+
+更多信息,请参阅 [PR #11943](https://github.com/apache/apisix/pull/11943)。
+
+### 在 `forward-auth` 插件中添加对 `extra_headers` 的支持
+
+`forward-auth` 插件现在可以从请求正文中提取字段,并使用 `extra_headers` 和 `$post_arg.*`
将它们作为标头注入上游服务。例如,如果身份验证在响应正文中返回用户角色或令牌,您现在可以将该正文的一部分映射到下游服务可以使用的标头中。
+
+更多信息,请参阅 [PR #12405](https://github.com/apache/apisix/pull/12405)。
+
+## 其他更新
+
+* 添加健康检查管理器以解耦上游 (PR [#12426](https://github.com/apache/apisix/pull/12426))
+* 解耦 Prometheus 导出器的计算和输出 (PR
[#12383](https://github.com/apache/apisix/pull/12383))
+* 删除错误日志中的加密字段,以防止敏感数据泄露 (PR
[#12629](https://github.com/apache/apisix/pull/12629))
+* 修复 `ai-proxy-multi` 插件中健康检查解析节点不一致的问题 (PR
[#12594](https://github.com/apache/apisix/pull/12594))
+* 仅信任已配置 `trusted_addresses` 中的 `X-Forwarded-*` 标头 (PR
[#12551](https://github.com/apache/apisix/pull/12551))
+* 确保当协议不是 HTTPS 时重定向能够正常工作 (PR
[#12561](https://github.com/apache/apisix/pull/12561))
+* 修复在代理后运行时 UI 重定向错误 (PR [#12566](https://github.com/apache/apisix/pull/12566))
+* 在后台刷新过期的 LRU 缓存项以获取机密信息 (PR
[#12614](https://github.com/apache/apisix/pull/12614))
+* 恢复健康检查管理器中丢失的运行时信息 (PR [#12607](https://github.com/apache/apisix/pull/12607))
+* 支持在独立管理 API 模式下配置 stream 路由 (PR)
[#12604](https://github.com/apache/apisix/pull/12604))
+* 仅在启用 `include_resp_body` 时记录响应正文 (PR
[#12599](https://github.com/apache/apisix/pull/12599))
+* 更正 `get_healthcheck_events_module` 函数名称的拼写 (PR
[#12587](https://github.com/apache/apisix/pull/12587))
+* 防止 `ai-proxy-multi` 实例缺少自定义端点时出现崩溃 (PR
[#12584](https://github.com/apache/apisix/pull/12584))
+* 防止 AI Prompt Decorator 插件中跨请求的消息累积 (PR
[#12582](https://github.com/apache/apisix/pull/12582))
+* 删除过时的消息Docker 入口点中的 `stream_worker_events.sock` 文件 (PR
[#12546](https://github.com/apache/apisix/pull/12546))
+* 为 EWMA 共享字典项添加过期时间 (`exptime`) (PR
[#12557](https://github.com/apache/apisix/pull/12557))
+* 在 `ai-proxy` 模式验证中捕获格式错误的覆盖端点 (PR
[#12563](https://github.com/apache/apisix/pull/12563))
+* 修复非 stream 模式下缺失 `ctx.llm_raw_usage` 值的问题 (PR
[#12564](https://github.com/apache/apisix/pull/12564))
+* 使用前检查 `ai-proxy` 中 `choices`、`usage` 和 `content` 字段的类型(PR
[#12548](https://github.com/apache/apisix/pull/12548))
+* 调整 Kubernetes 服务发现的 ID 长度 (PR
[#12536](https://github.com/apache/apisix/pull/12536))
+* 使 `basic-auth` 方案不区分大小写 (PR
[#12539](https://github.com/apache/apisix/pull/12539))
+* 仅配置 `tls.verify` 时跳过客户端证书验证 (PR
[#12527](https://github.com/apache/apisix/pull/12527))
+* 工作进程重启时从 etcd 加载完整数据 (PR
[#12523](https://github.com/apache/apisix/pull/12523))
+* 升级 etcd 版本以应对监视请求超时问题 (PR
[#12514](https://github.com/apache/apisix/pull/12514))
+* 为 Kubernetes 发现启用 EndpointSlices 支持 (PR
[#11654](https://github.com/apache/apisix/pull/11654))
+* 即使 `grpc-web` 中的响应正文为空,也包含 gRPC 尾部 (PR
[#12490](https://github.com/apache/apisix/pull/12490))
+* 修复 Red Hat 系统上的主机名检索问题 (PR
[#12267](https://github.com/apache/apisix/pull/12267))
+* 修复在服务级别配置插件时批处理器缓存不工作的问题 (PR
[#12474](https://github.com/apache/apisix/pull/12474))
+* 解析 `$post_arg` 中的变量引用Forward Auth 插件的 `extra_headers` (PR
[#12435](https://github.com/apache/apisix/pull/12435))
+* 修复 `api-breaker` 插件中 `breaker_time` 过早递增导致的熔断不一致问题 (PR
[#12451](https://github.com/apache/apisix/pull/12451))
+* 为 Standalone Admin API 模式添加缺失的配置验证 (PR
[#12424](https://github.com/apache/apisix/pull/12424))
+* 当 `enable_access_log` 设置为 false 时,跳过写入访问日志 (PR
[#11310](https://github.com/apache/apisix/pull/11310))
+* 从 OpenTelemetry 插件中移除未使用的 `set_ngx_var` 属性 (PR
[#12411](https://github.com/apache/apisix/pull/12411))
+* 在请求验证插件中,支持 URL 编码数据的 `Content-Type` 标头及其字符集 (PR
[#12406](https://github.com/apache/apisix/pull/12406))
+* 修复 Zipkin 在 `ngx_var` 中 `trace_id` 和 `span_id` 格式的问题 (PR
[#12403](https://github.com/apache/apisix/pull/12403))
+* 修复由于缓存版本控制不正确导致的消费者更新丢失问题 (PR
[#12413](https://github.com/apache/apisix/pull/12413))
+* 确保 `get_keys` 返回共享字典中超出默认 1024 个限制的所有项 (PR)
[#12380](https://github.com/apache/apisix/pull/12380)
+
+## 变更日志
+
+有关此版本的完整变更列表,请参阅
[CHANGELOG](https://github.com/apache/apisix/blob/master/CHANGELOG.md#3140)。
![https://github.com/Revolyssup.png"](https://github.com/Revolyssup.png"){kind=link}
![https://github.com/kayx23.png"](https://github.com/kayx23.png"){kind=link}