kayx23 commented on code in PR #13503: URL: https://github.com/apache/apisix/pull/13503#discussion_r3412200784
########## CHANGELOG.md: ########## @@ -84,6 +85,135 @@ title: Changelog - [0.7.0](#070) - [0.6.0](#060) +## 3.17.0 + +**The changes marked with :warning: are not backward compatible.** + +### Change + +- :warning: change(auth): require configured jwt claims, harden empty claims_to_verify and key-auth anonymous fallback [#13468](https://github.com/apache/apisix/pull/13468) +- :warning: enforce algorithm match before signature verification in jwt-auth plugin [#13182](https://github.com/apache/apisix/pull/13182) +- :warning: remove server-side token generation endpoint (`/apisix/plugin/jwe/encrypt`) from jwe-decrypt plugin [#13464](https://github.com/apache/apisix/pull/13464) +- :warning: require admin key for the schema validate endpoint [#13328](https://github.com/apache/apisix/pull/13328) +- :warning: bound batch-requests pipeline item count, timeout, and tighten request schema [#13492](https://github.com/apache/apisix/pull/13492) +- :warning: default signed_headers to ["date"] in hmac-auth plugin [#13388](https://github.com/apache/apisix/pull/13388) +- :warning: sign request URI cookie and tighten cookie attributes in cas-auth plugin (new required `cookie.secret`) [#13331](https://github.com/apache/apisix/pull/13331) +- :warning: add consumer_isolation (default true) and cache_set_cookie options to proxy-cache plugin [#13350](https://github.com/apache/apisix/pull/13350) +- :warning: add ssl_verify option (default true) and fix shared state in tencent-cloud-cls plugin [#13194](https://github.com/apache/apisix/pull/13194) +- :warning: address TLS ssl_verify hardcoding and credential encryption issues (ai-rag ssl_verify now defaults to true) [#13203](https://github.com/apache/apisix/pull/13203) +- :warning: resolve env vars before YAML parsing to preserve types in standalone mode [#13078](https://github.com/apache/apisix/pull/13078) + +### Core + +- feat: support batch TCP/UDP port ranges in stream_proxy config [#13153](https://github.com/apache/apisix/pull/13153) +- feat(admin): make /configs/validate available in all modes [#13220](https://github.com/apache/apisix/pull/13220) +- feat: add core.response.get_response_source() API for response origin classification [#13224](https://github.com/apache/apisix/pull/13224) +- feat: add rate-limiting-info variable [#13155](https://github.com/apache/apisix/pull/13155) Review Comment: The variable name in the implementation is `rate_limiting_info` / `$rate_limiting_info`, not `rate-limiting-info`. Could we use the exact variable name here? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
