Layer7 API Security

 View Only

Layer7 Work in Progress Update - PI36

By Gregory Thompson posted Feb 09, 2024 12:50 PM


PI Planning for PI36 is now complete and development has kicked off. Below you will find the list of items that are included in this PI and a summary of the releases completed in the previous PI. As always, we invite you to provide feedback. We would love feedback on both the current and future PI items to help us prioritize the items that will have the most benefit for our customers.

Recent Releases

The following product versions were released during PI35:

• API Gateway 11.0 CR 2 - Release Notes

• API Gateway 10.1 CR 4 - Release Notes

• OAuth Toolkit (OTK) 4.6.2 - Release Notes

• Mobile SDK 2.4 - Release Notes


Release and EOS Calendar


The following image provides a timeline view of past and planned releases (future releases are prefixed with “+”). For planned releases, the timeline, release name/version, and release content are subject to change. End of Service (EOS) dates are shown in gray on the bottom half of the image.


Planned Releases for PI36

The following product versions are planned to be released during PI 36. The marquee features for each release are included. For planned releases, the timeline, release name/version, and release content are subject to change.

  • Layer7 Operator (Preview) - February 2024

  • API Gateway 11.1 - April 2024

    • In-place Upgrade

    • Debian 12 Upgrade

    • JDK 17 Upgrade

    • MySQL Enterprise with Group Replication Support

    • Percona XtraDB Cluster Support

    • [Preview] OpenTelemetry

    • [Preview] Distributed Throughput Quota via Redis

    • [Preview] Key Value Storage

    • [Preview] Require and Introspect OAuth Token

    • [Preview] Policy as Code

    • [Preview] New End-to-End WebSockets Support

  • API Portal 5.2.3  - Late February/Early March 2024

    • [Preview] PAPI Support for GraphMan Bundles for Policy Templates

    • Template Management Improvements

    • Secret field support for API Templates

    • [Preview] API Products: API Versioning Enhancements

    • Backend routing (API Location) definition per API Proxy

PI36 Key Capabilities

The sections below provide a listing of the key capabilities being worked on across the Layer7 family of products. Note that some capabilities will span multiple PIs. 

API Gateway:

  • Gateway Monthly OS Patches - February 2024

  • Gateway Monthly OS Patches - March 2024

  • Gateway Monthly OS Patches - April 2024

  • Debian 12 Upgrade (in-place)

  • Extend Graphman entity coverage (post 11.0 CR2)

  • [Preview] OpenTelemetry [Part 2]

  • [Preview] Enhanced Throughput Quota Assertion for Redis using CRDT

  • [Preview] Require and Introspect OAuth Token Assertion

  • [Preview] Key Value Storage Assertion

  • [Preview] Policy as Code

  • [Preview] Complete WebSocket support over the same HTTP port via Tomcat

  • KB article for deleting network interfaces from SSGCONFIG menu

  • SSO SDK 12.8.08 update

  • Support for ESXi 8.0 in GW 11.1

  • Gateway 11.1 Release Activities

  • Common Criteria evaluation for GW11.1+ and Debian 12+

  • [Experimental] Distributed Circuit Breaker Assertion

OAuth Toolkit:

  • Correct at_hash generation when using JWT tokens

  • Enhance OAuth Client Store API to support partial updates

  • UTFMB4 Support for DB

  • OpenID Hybrid Conformance Updates Part 1

API Portal:

  • Portal 5.2.3 Release Activities

  • Portal SaaS GKE Upgrade

  • [Preview] Support GraphMan Bundles for Policy Templates UI Updates

  • [Preview] Distributed Rate Limit support for Redis

  • Enhance API Key Deployments to support a shared API Key Repository Part 1

  • Scan Swagger files for code injection

  • Portal OVA - Debian 12

  • Template Management - Enhancements and Support for Organization Assignments

  • UI Standardization on React-17 part-2

  • Deploy API Tag data with APIs on Gateway

  • PSSG Removal Part 1

  • Define Application in Portal along with Client Cert to support mTLS

  • [Experimental] Portal Cloud Native Architecture


Note that some larger capabilities may span multiple PIs and, as always, plans are subject to change based on a number of different factors.


Candidates for PI37 and Beyond

While the capabilities to be included in the next PI are not yet set, please see below for a list of candidates being considered. Of course, not all of these will fit and we will select a subset of these based on your feedback. We'd love to know if there is a capability in the list you are eagerly awaiting and/or plan to use. We also would love to know if there is something missing from the list that is important to you. Please comment in the comments section below with your feedback.


API Gateway:

  • Support Policy Manager silent installs

  • Support Policy Manager on Windows 11

  • HTTP and HTTP/2 over shared port

  • gRPC

  • SNI

  • [Experimental] Gateway as k8s ingress controller

  • [Container gateway optimizations] Securing sensitive data

  • [Container gateway optimizations] Loading of Services and Policies after boot-up

  • [Container gateway optimizations] Concurrent loading of assertions

  • [Container gateway optimizations] Minimal and full images

  • Container gateway optimizations (smaller, faster, more secure, more cloud native)

  • HTTP Client Upgrade

  • Common Criteria evaluation for GW11.1+ and Debian 12+

  • Add Graphman client to NPM registry

  • Support for non-RHEL OS for Software Gateway

  • Next generation management interface


OAuth Toolkit:

  • Layer7 Operator Support

  • FAPI 2.0 Support

  • Token Validation Improvements to Leverage Token Revocation Capabilities

  • OAuth 2.0 Rich Authorization Requests (RAR)

  • Revise the trade-off between OTK runtime and management capabilities

  • Revise Token Count Capability


Mobile SDK:

  • iOS 18 

  • Android 15


API Portal:

  • PSSG Removal

  • API Products General Availability

  • Productization - Decouple OTK from Portal

  • Layer7 Operator Support

  • API Notification Management

  • Portal Standardization on React 17 (completion of ongoing work)

  • Workflow for API Publishing

  • Custom Roles

  • API Catalog for non-managed APIs