Layer7 API Security

  • Private Community
 View Only

Layer7 Work in Progess Update - PI 43

By Gregory Thompson posted Jan 15, 2026 10:06 AM

  

PI Planning for PI43 is now complete and development has kicked off. Below you will find the list of items that are included in this PI and a summary of the releases completed in the previous PI. As always, we invite you to provide feedback. We would love feedback on both the current and future PI items to help us prioritize the items that will have the most benefit for our customers.

 

Recent Releases 

The following product versions were released during PI42:

 

Release and EOS Calendar

The following image provides a timeline view of past and planned releases (future releases are prefixed with “+”). For planned releases, the timeline, release name/version, and release content are subject to change. End of Service (EOS) dates are shown in gray on the bottom half of the image.

 





Planned Releases for PI43

The following product versions are planned to be released during the PI. The marquee features for each release are included. For planned releases, the timeline, release name/version, and release content are subject to change.

 

  • API Gateway 11.2.1 (February 2026)

    • JSON Patch assertion

    • OpenAPI 3.1 support

    • OpenAPI response validation

    • Route via HTTP timeout enhancement

    • JDBC connection support for Windows Integrated Authentication

    • Microsoft Active Directory 2022 certification

    • Ability to set separate default client and server TLS keys

    • Arm64 compatible Siteminder integration

    • Enhanced support for GemFire kubernetes deployments

    • New Web Policy Manager enhancements including:

      • Ability to publish a SOAP service with or without a WSDL

      • Ability to publish internal services

      • Ability to create policy fragments

      • Ability to create folders

      • Ability to search policies

      • Ability to manage listener ports

      • Ability to manage trusted certificates

      • Full ability to manage private keys

      • Enhancements to managing stored passwords

      • Enhancements to managing cluster-wide properties

      • Ability to save and load managed entity views

      • Ability to render custom assertions in policy

      • Ability to rename, move, copy, paste and delete services, policies and folders

      • Enhancements to the import/export dependency analysis graphs

      • VPAT compliance enhancements

  • API Portal 5.4.1 (February 2026)

    • Configuration Intelligence for API Gateway Entities

    • API Catalog for non-managed APIs

    • Custom Fields for User Registration

    • Bulk API Editing: Tags, Management Permissions, & Custom Fields

    • PAPI: Single endpoint for API CRUD (graphql)

    • Multi Language Support in main Portal (UI + Backend) - Excludes PAPI Swagger

    • Ability to change portal hostname

    • Bulk Product Updates (Add to all apps, remove from all apps)

    • Bulk Product Updates (tier add to all, tier replace, add unassigned apps)

    • API Key Format Configuration

    • Portal Swarm Installation Improvements

    • Core Stack Updates

      • Update to latest GW11.2 for ingress container

      • SeaweedFS for on-prem

      • Analytics Update for Kafka 4.x

      • Portal OVA - Debian 13 Patch (PPP)

      • Spring Update - Spring 3.5.4 (or newer)

  • OAuth Toolkit (OTK) 4.7 (March 2026)

    • Support mTLS with Load Balancers with client certificates provided in header

    • Support for Resources and Custom fields in DCR

    • Layer7 Operator support for OTK - Dual GW Ephemeral

    • Provide Refresh Token based on offline_access scope

    • Support for DPoP

    • K8S JDBC SSL Configuration Support

    • OIDC/FAPI certification

  • SDK 2.6 (March 2026)

    • Multi host support without re-registration

    • Transition to Google play's 16 KB page size restriction

    • Android-MAS-SDK - JReleaser plugin integration (Maven Central Portal publishing)



PI43 Key Capabilities

The sections below provide a listing of the key capabilities being worked on across the Layer7 family of products. Note that some capabilities will span multiple PIs. 

 

API Gateway:

  • [CCE] Common Criteria evaluation for GW 11.1.2 and Debian 12+ for PI43

  • arm64 Compatible Siteminder integration

  • Support MSPs together with MPPs

  • Use new signer12 certificate to sign 11.1.x artifacts

  • MS AD 2022 certification

  • Consolidate Gateway Key & Certificate Management documentation

  • Support for separate default client and server TLS keys

  • Support for OpenAPI 3.1 and response validation

  • Route HTTP assertion timeout enhancement

  • Enhanced support for GemFire k8s deployments

  • Gateway 11.2.1 Release

  • Enhance Gateway Key & Certificate Management lifecycle

  • Support UTF8 Encoded Authorization Headers

  • SNI support for HTTPS in Gateway

  • Graphman Support certificate updates for LDAP IDP users

  • PAPIM compatibility with 11.2

  • Graphman Add support for SOCKS proxy to graphman-client

  • graphman-client enhancements

  • Policy as Code Completion

  • Support ARN based access in AWS Solution Kit

  • OpenTelemetry service level trace config

  • OpenTelemetry Enhancements

  • Distributed state enhancements

  • Throughput Quota Assertion Enhancements

  • Digitally Signed Policy Manager

  • GemFire counter function enhancement

 

OAuth Toolkit:

  • OIDC/FAPI certification

  • K8S JDBC SSL Configuration Support

  • OTK 4.7 Release

  • MCP Flows with OAuth2.1 (except CIMD)

  • Enhance Partitioning of Token table for Cassandra


API Portal:

  • Multi Language Support in main Portal (UI + Backend) - Excludes PAPI Swagger

  • Bulk API Editing: Tags, Management Permissions, & Custom Fields

  • Ability to change portal hostname

  • Portal Swarm Installation Improvements

  • API Key Format Configuration

  • Custom Fields for User Registration

  • PAPI: Single endpoint for API CRUD (graphql)

  • Portal 5.4.1 Release

  • Redesign API edit/add pages to remove Wizard

  • API Revision History Management

  • Email Notifications for new user Registrations

  • Applications List Page - ability to search by API Key

  • Removal of Processed Request Objects

  • Core Stack Updates

    • Portal OVA + In-place Upgrade  - Debian 13

    • Update to latest GW11.2 for ingress container

    • Spring Update - Spring 3.5.4 (or newer)

    • Portal OVA - Debian 13 Patch (PPP)

    • Support of Kafka to replace RabbitMQ (External Usage Only)


API Security Manager (new API Portal capabilities):

  • Configuration Intelligence for Gateway entities

  • Version management for API Gateway MPP and MSP

 

Mobile API Gateway/SDK:

  • Transition to Google play's 16 KB page size restriction

  • Android-MAS-SDK - JReleaser plugin integration (Maven Central Portal publishing)

  • SDK 2.6 Release

 

AI Gateway & Governance:

  • We have staffed a new AI Gateway project that will focus on identity based access control and observability for MCP servers first, but will move quickly to include common capabilities for LLMs and MCP servers over the next year. This project will consider possible enhancements to the existing API Gateway, but it will also consider a new modern cloud-native gateway focused on AI use cases. At the same time, we’re considering providing centralized AI Governance via a control plane that may standalone and/or be another capability of API Security Manager.

 

Note that some larger capabilities may span multiple PIs and, as always, plans are subject to change based on a number of different factors.

 

Candidates for PI44 and Beyond

While the capabilities to be included in the next PI are not yet set, please see below for a list of candidates being considered. Of course, not all of these will fit and we will select a subset of these based on your feedback. We'd love to know if there is a capability in the list you are eagerly awaiting and/or plan to use. We also would love to know if there is something missing from the list that is important to you. Please comment in the comments section below with your feedback.

 

API Gateway:

  • New Web Policy Manager enhancements

  • New AI Gateway enhancements

  • Support negative comparisons for permission object selection

  • Support for context variables references for multiple properties of multiple assertions

  • Ability to limit trusted CAs to specific listener ports

  • Gateway deployment & configuration enhancements when connecting to MySQL via TLS

  • AWS SDK v2.x upgrade

  • MS SQL 2022 certification

  • Enhanced HTTP/2 streaming support

  • gRPC support

 

OAuth Toolkit:

  • OAuth 2.1 with CIMD

  • DPoP Nonce Support

 

API Portal:

  • Extend Portal Published APIs to align with GW Services Options

  • Redesign Proxy Pages to remove Wizard

  • Multi Language Support for Email Templates

  • Bulk Policy Template Deployments: Single Template to multiple gateways

  • Bulk Policy Template Deployments: Multiple Templates to multiple gateways

  • PAPI: Single endpoint for Applications create/edit/read

  • Application access control per-resource/operation

  • Bulk Product Updates (remove apps with specific tier)

  • RL&Q - align options with gateway assertion options

 

API Security Manager (ASM):

  • Configuration intelligence for API management entities

  • Configuration intelligence for additional gateway entities

  • Version management for gateway version upgrades

  • PM2 within ASM to remotely connect to gateways

  • Policy and configuration migration

 

0 comments
32 views

Permalink

https://community.broadcom.com/blogs/gregory-thompson1/2026/01/15/layer7-work-in-progess-update-pi-43