Layer7 API Security

 View Only

Layer7 Work in Progress Update - PI39

By Gregory Thompson posted 15 days ago

  

PI Planning for PI39 is now complete and development has kicked off. Below you will find the list of items that are included in this PI and a summary of the releases completed in the previous PI. As always, we invite you to provide feedback. We would love feedback on both the current and future PI items to help us prioritize the items that will have the most benefit for our customers.

 

Recent Releases

The following product versions were released during PI38:

• API Gateway 11.0 CR03 - Release Notes

• API Portal 5.3.1 - Release Notes

• SDK 2.5 - Release Notes

 

Release and EOS Calendar

The following image provides a timeline view of past and planned releases (future releases are prefixed with “+”). For planned releases, the timeline, release name/version, and release content are subject to change. End of Service (EOS) dates are shown in gray on the bottom half of the image.

 





Planned Releases for PI39

The following product versions are planned to be released during PI 37. The marquee features for each release are included. For planned releases, the timeline, release name/version, and release content are subject to change.

 

  • API Portal 5.3.2  - Late February/Early March 2025

    • K8S Platform support for Tanzu

    • Portal SaaS SSO Migration from Okta to AuthHub

    • Portal UI Breadcrumbs for Improved Navigation

    • Spring Update

    • Deprecate all OData Endpoints

    • Update DRUID Stack

    • API Key Expiry Notification options for Org Publishers

    • Portal Debian 12 OVA Platform Patch

    • Portal support for OAuth DCR based API-Keys for integrating with external OAuth Providers

    • Rate/Quota enforcement for /login and /token endpoint

    • UI updates to no longer use any deprecated endpoints



PI39 Key Capabilities

The sections below provide a listing of the key capabilities being worked on across the Layer7 family of products. Note that some capabilities will span multiple PIs. 

 

API Gateway:

  • SHA-256 support in S/MIME assertion

  • MySQL 8.4 support

  • Publish container gateway to Iron Bank

  • [OTel] Support custom attributes for service metrics

  • [OTel] Support custom attributes for traces & spans

  • [OTel] Support reading/writing baggage

  • [OTel] Enhanced granularity of default identifying attributes

  • [OTel] Update span status to indicate all policy assertion failures

  • Configurable default ciphers

  • Audit user and group role assignments

  • [Lib Upgrade] Apache HTTP Client Upgrade [Part 1]

  • Update/Productize Return SFTP Response assertion

  • Support configurable chunk sizes when streaming messaging

  • New audit codes for CORS error events

  • [Graphman] Add support for managing folders

  • [Graphman] Partial update support for specific entities

  • [Graphman] Support FIPS compliant algorithms when using OpenSSL for crypto

  • Update nShield HSM client to 13.6.3

  • Usage reporting using DCT

  • [CCE] Common Criteria evaluation for GW11.1.1 and Debian 12+ for PI39

  • [JDK21] Java 21 POC branch

  • [Experimental] JSON Patch assertion

  • [Spike] Spring Remoting Replacement

  • [Spike] Spring Framework upgrade to version 6.x [Part 2]

  • [Spike] Tomcat upgrade from 9.0 to 10.1

  • [Spike] Remove L7Platform component [Part 2]

 

OAuth Toolkit:

  • Separate DB connections for Token-related queries

  • OAuth Manager Search by combination of registered_by & name

  • Improvements for Backward compatibility


API Portal:

  • Portal Debian 12 OVA Platform Patch

  • Spring Update

  • Portal support for OAuth DCR based API-Keys (Part 2)

  • [Preview] Portal support for external key storage via Gateway remote key/value storage Assertion

  • [Preview] Layer7 Operator Support (API and Key sync)

  • Deprecate all OData Endpoints

  • Remove deprecated OData Endpoints from UI

  • Rate/Quota enforcement for /login and /token endpoint

  • Update DRUID Stack

  • Portal 5.3.2 Release Activities

  • Custom Roles: Backend and DB updates for permission-based AuthZ decisions

  • Automation Updates

  • UI: Update React Scripts and Node Version

  • K8S Platform support for Tanzu

  • API Key Expiry Notification options for Org Publishers

Note that some larger capabilities may span multiple PIs and, as always, plans are subject to change based on a number of different factors.

 

Candidates for PI40 and Beyond

While the capabilities to be included in the next PI are not yet set, please see below for a list of candidates being considered. Of course, not all of these will fit and we will select a subset of these based on your feedback. We'd love to know if there is a capability in the list you are eagerly awaiting and/or plan to use. We also would love to know if there is something missing from the list that is important to you. Please comment in the comments section below with your feedback.

 

API Gateway:

  • Policy Manager Replacement

  • GemFire support

  • Distroless container gateway

  • Javascript assertion enhancements

  • HTTP client upgrade

  • HTTP and HTTP/2 over shared port

  • gRPC

  • SNI

  • [Experimental] Gateway as k8s ingress controller

  • Container gateway optimizations (smaller, faster, more secure, more cloud native)

  • Post Quantum Crypto (PQC) Support

  • HTTP/2 streaming

  • Spring, Tomcat, JDK & MySQL Upgrades

 

OAuth Toolkit:

  • Support for Resources and Custom fields in DCR

  • MySQL 8.4 Support for OTK DB

  • [Preview] Layer7 Operator support for OTK

 

 

API Portal:

  • Configuration, Operations, API Intelligence

  • Multi-Gateway Management & Migration

  • Improved Filter Management

  • Portal Testing for IPv6

  • Custom Roles: Role specific changes for users, auth-schemes, and Orgs

  • API Hub support for API Products

  • Decommission Deprecated & Disabled PAPIs

  • Custom Role Depend - API Products - Workflow for Tier Change Requests

  • DCR Validation with Auth Provider-specific templates

  • API Revision History Management

  • Bulk API Editing

 

 

0 comments
6 views

Permalink