Layer7 API Security

PI Planning for PI40 is now complete and development has kicked off. Below you will find the list of items that are included in this PI and a summary of the releases completed in the previous PI. As always, we invite you to provide feedback. We would love feedback on both the current and future PI items to help us prioritize the items that will have the most benefit for our customers.

Recent Releases

The following product versions were released during PI39:

• API Portal 5.3.2 - Release Notes

Release and EOS Calendar

The following image provides a timeline view of past and planned releases (future releases are prefixed with “+”). For planned releases, the timeline, release name/version, and release content are subject to change. End of Service (EOS) dates are shown in gray on the bottom half of the image.

Planned Releases for PI40

The following product versions are planned to be released during the PI. The marquee features for each release are included. For planned releases, the timeline, release name/version, and release content are subject to change.

• Gateway 11.1.2 - April 2025

• Open Telemetry Enhancements (Preview)

• Custom Attributes Metrics, Traces & Spans

• Baggage Support

• Span Status Enhancement

• Identifying Attributes Enhancements

• Graphman Enhancements

• Partial Updates

• Folder Management

• FIPS Compliance

• Global Configuration of Default Ciphers

• New TLS Ciphers

• Enhanced Non-blocking IO

• Enhanced CORS Audit Codes

• Enhanced HSTS Response Header Support

• Enhanced Kerberos Support

• ICAPS Support

• Headless Luna HSM Configuration

• Return SFTP Response Assertion

• Auditing of User and Group Role Assignments

• Increased Service Metric Counter Maximum

• RHEL UBI 9 Micro Base Image for Container Gateway

• MySQL Connector Upgrade

• nShield HSM Client Upgrade

• Mina Upgrade

• JDK Upgrade

• Gateway 11.0 CR4 - May 2025

• Maintenance release

• OTK 4.6.4 - May 2025

• OTK Usability Improvements

• Inactive Client Detection

• Provide ability to disable session cache

• Provide configurable support for authentication for the dynamic client registration endpoint

• [Preview] Layer7 Operator support for OTK - Single Ephemeral GW

• Separate DB connections for Token-related queries

• OAuth Manager Search by combination of registered_by & name

• Security Enhancements

• Improvements for Backward compatibility

• Update Policy to use latest JSON PATH assertion

PI40 Key Capabilities

The sections below provide a listing of the key capabilities being worked on across the Layer7 family of products. Note that some capabilities will span multiple PIs. 

API Gateway:

• Common Criteria evaluation for GW 11.1.2 and Debian 12+ for PI40

• Like for like replacement of embedded Hazelcast with embedded Gemfire

• [Preview] Distributed throughput quotas using external Gemfire

• [Preview] Distributed throughput quotas using embedded Gemfire

• Container gateway support for dual stack IPv4/IPv6

• Core stack updates (starting in PI40 and continuing in PI41):

• Apache HTTP Client 5.4 Upgrade

• Spring Framework 6.x Upgrade

• Jetty 12.x Upgrade

• Tomcat 10.1 Upgrade

• JDK 21 Upgrade

OAuth Toolkit:

• [Preview] Layer7 Operator support for OTK - Single Ephemeral GW

• Support for Resources and Custom fields in DCR

• Core stack updates:

• Security enhancements

• Update Policies to use latest JSON PATH assertion

API Portal:

• [Preview] Layer7 Operator Support (API and Key sync)

• [Preview] Layer7 Operator Support for RLQ and Products

• [Preview] Layer7 Operator Support for Bundles

• Rate Limits & Quotas for API per Application

• Migrate API Plans to Rate Limits & Quotas for API per Application

• Core stack updates:

• Custom Roles Framework

• UI: Update React Scripts and Node Version

• API Hub: Node and React Admin versions upgrade

• IPv6 validation

Note that some larger capabilities may span multiple PIs and, as always, plans are subject to change based on a number of different factors.

Candidates for PI41 and Beyond

While the capabilities to be included in the next PI are not yet set, please see below for a list of candidates being considered. Of course, not all of these will fit and we will select a subset of these based on your feedback. We'd love to know if there is a capability in the list you are eagerly awaiting and/or plan to use. We also would love to know if there is something missing from the list that is important to you. Please comment in the comments section below with your feedback.

API Gateway:

• Iron Bank Go Live

• [Preview] Distributed rate limits using embedded external Gemfire

• [Preview] Distributed key value storage using embedded/external Gemfire

• [Preview] Distributed circuit breakers using embedded/external Gemfire

• Distroless Container Gateway

• Arm64 Container Gateway

• Arm64 Compatible Siteminder Integration

• Mounted Secrets Formatting Enhancements

• HTTP POST Redirect Support

• XAdES Support

• Graphman and graphman-client enhancements, including SOCKS proxy support

• [Preview] JSON Patch Assertion

• Core stack updates:

• Debian 13 Upgrade

• MySQL 8.4 Upgrade

OAuth Toolkit:

• [Preview] Layer7 Operator support for OTK - Dual GW, Single DB-backed

• Enable additional customization hooks for Grant Management

• Upgrade Improvements

• Revise Token Count Capability

API Portal:

• Custom Roles: Ability to create custom roles in Portal

• Improved Filter Management

• API Revision History Management

• DCR Validation with Auth Provider-specific templates

• API Products - Workflow for Tier Change Requests

• Bulk API Editing

• API Catalog for non-managed APIs

• API Notification Management

• Workflow for API Publishing