Layer7 API Security

  • Private Community
 View Only

Layer7 Work in Progess Update - PI 44

By Gregory Thompson posted 20 days ago

  

PI Planning for PI44 is now complete and development has kicked off. Below you will find the list of items that are included in this PI and a summary of the releases completed in the previous PI. As always, we invite you to provide feedback. We would love feedback on both the current and future PI items to help us prioritize the items that will have the most benefit for our customers.

 

Recent Releases

The following product versions were released during PI43:

 

Release and EOS Calendar

The following image provides a timeline view of past and planned releases (future releases are prefixed with “+”). For planned releases, the timeline, release name/version, and release content are subject to change. End of Service (EOS) dates are shown in gray on the bottom half of the image.

 

Planned Releases for PI44

The following product versions are planned to be released during the PI. The marquee features for each release are included. For planned releases, the timeline, release name/version, and release content are subject to change.

 

  • API Gateway 11.1.4 (May 2026)

    • Validate Percona XtraDB Cluster 8.4

    • Validate MySQL Enterprise 8.4 with Group Replication

    • Validate MS SQL 2022

    • graphman-client enhancements

    • AWS SDK upgrade from v1.x to v2.x

    • Digitally Signed Policy Manager

    • Resolve MITM vulnerability in Policy Manager

  • API Portal 5.4.2 (June 2026)

    • Swagger/Open API Specifications in multiple languages

    • Multi Language Support for Email Templates

    • Multi Language Support for API Documentation

    • List Gateway Versions

    • Details Page

    • Monitor Patch Upgrade Status for Gateway MPP and MSP

    • Support for minor gateway upgrades

    • Logging and Auditing Improvements to capture source IP and other important info

    • API Revision History Management

    • Removal of Processed Request Objects

    • Redesign API edit/add pages to remove Wizard

    • Multi Language Support in main Portal:

    • PAPI: Single endpoint for Applications create/edit/read/delete

    • Support of Kafka to replace RabbitMQ

    • Email Notifications for new user Registrations

    • Applications List Page - ability to search by API Key

    • Version Management

    • Configuration Intelligence: Support for remaining gateway entities

    • Global Quota Limits for all portal endpoints

    • Provide ability to view NOT_DEPLOYED entities

    • Support GW registration per major functional area (APIM, Intelligence, Infrastructure Mgmt)

    • Feature Flag Control of Key Features via Portal UI

    • Remote Key Store support for GemFire (except Operator)

  • Layer7 Operator 1.3.0 (April 2026)

    • Repository controller

    • Gateway controller

    • Dual OTK Support for Ephemeral Gateways

    • Added configMap support for externalCerts

    • Graphman 11.2.0 schema (supports 11.2.x)

    • Enhanced logging



PI44 Key Capabilities

The sections below provide a listing of the key capabilities being worked on across the Layer7 family of products. Note that some capabilities will span multiple PIs. 

API Gateway:

  • AWS SDK upgrade from v1.x to v2.x

  • Validate Percona XtraDB Cluster 8.4

  • Validate MySQL Enterprise 8.4 with Group Replication

  • Validate MS SQL 2022

  • Common Criteria evaluation for GW 11.1.2 and Debian 12+

  • Add H2 as alternative to Derby

  • Fix MITM vulnerability in Policy Manager

  • Support for context variables references for multiple properties of multiple assertions

  • Limit trusted CAs to specific listener ports

  • OpenTelemetry service level metric config

  • Additional OpenTelemetry enhancements

  • Performance optimizations when using Throughput Quota with Redis

  • Enhancements to reduce database lock issues on container gateway startup

  • Support multiple secrets for IDP users

  • Support negative comparisons for permission object selection

  • TLS connection logging

  • Global TLS settings

  • Certificate attribute context variable enhancements

  • Support TLS for MySQL in headless gateway node deployment

  • Support TLS 1.3 for FTPS

  • Address MySQL via SSL problems related to gateway configuration

  • Support graceful gateway shutdown across form factors [Part 1]

  • [Upgrade] Hibernate ORM from 6.6 to 7.x

  • [JDK25] Java 25 ready develop branch

  • OCSP stapling updates

 

OAuth Toolkit:

  • MCP Flows with OAuth2.1 (except CIMD)

  • K8S JDBC SSL Configuration Support - Oracle

  • OTK - OAuth 2.0 Rich Authorization Requests (RAR)

  • OTK Upgrade Improvements


API Portal:

  • API Revision History Management

  • Support of Kafka to replace RabbitMQ

  • Multi Language Support in main Portal - Swagger

  • Global Quota Limits for all portal endpoints

  • Logging and Auditing Improvements to capture source IP and other important info

  • Multi Language Support for Email Templates

  • Multi Language Support for API Documentation

  • Provide ability to view NOT_DEPLOYED entities

  • Update Swagger UI to latest version

  • PAPI: Single endpoint for Applications create/edit/read/delete

  • DRUID upgrade

  • Remote Key Store support for GemFire (except Operator)

  • Feature Flag Control of Key Features via Portal UI

  • Minio to SeaweedFS migration without minio

  • Extend Portal Published APIs to align with GW Services Options

  • Bulk Deployment/Task Management Improvements

  • Bulk Product Access Management (remove apps with specific tier)

  • Retire Portal Enterprise Container

  • Redesign Proxy Pages to remove Wizard and Unify GW Enrollment/Registration

  • RL&Q - align options with gateway assertion options

  • Remote Key Store support for GemFire with Layer7 Operator


API Security Manager (new API Portal capabilities):

  • Version Management - Support for minor gateway version upgrades

  • Support GW registration per major functional area (APIM, Intelligence, Infrastructure mgmt)

  • Config Intelligence - support for remaining gateway entities

  • Version Management - Ability to abort  patches/upgrades

  • Version Management - Log Viewing

  • Version Management - Gateway List page updates

 

Mobile API Gateway/SDK:

  • SDK: iOS migration to Swift

 

AI Gateway & Governance:

  • Initial AI Gateway release (as part of IDSP platform and new Agentic Security Fabric solution) 

  • Proxy streaming HTTP to MCP via TLS, with full request and response processing

  • Authentication via OAuth

  • Authorization as PEP to PDP

  • Observability of metrics, traces and logs via OpenTelemetry

 

Note that some larger capabilities may span multiple PIs and, as always, plans are subject to change based on a number of different factors.

 

Candidates for PI45 and Beyond

While the capabilities to be included in the next PI are not yet set, please see below for a list of candidates being considered. Of course, not all of these will fit and we will select a subset of these based on your feedback. We'd love to know if there is a capability in the list you are eagerly awaiting and/or plan to use. We also would love to know if there is something missing from the list that is important to you. Please comment in the comments section below with your feedback.

 

API Gateway:

  • HTTP and HTTP/2 on shared listener port

  • Support HTTP/2 streaming

  • gRPC Support in Gateway

  • Remove deprecated Graphman entity types

  • Enhance Gateway Key & Certificate Management lifecycle

  • Support graceful gateway shutdown across form factors [Part 2]

  • Consolidate Siteminder integration to pure Java agent across form factors

  • Key Value Storage Assertion Enhancements

  • Support for advanced OpenAPI 3.1 features

  • OpenAPI validation performance optimization

  • Digitally Sign Software RPM

  • Support for EC keys with Luna HSM

  • Control order of GC when using DCT

  • Skip host verification for specific host names

  • Support configuration of multiple time service in ssgconfig menu

  • Optionally allow unsigned server modules

  • Dynamic selectable cipher lists

 

OAuth Toolkit:

  • OpenID for Verifiable Presentations 1.0

  • DPoP Nonce Support

  • MCP Flows with OAuth2.1 with CIMD

 

API Portal:

  • Permissions Update - Allow role assignment permission

  • Bulk Policy Template Deployments: Single Template to multiple gateways

  • Bulk Policy Template Deployments: Multiple Templates to multiple gateways

  • Ephemeral GW Support without Operator

  • Policy Template Field Level Governance

  • API Products - Workflow for Tier Change Requests

  • CSV Export of Report Data

  • Display Reports in Portal UI in a configured timezone

  • Application access control per-resource/operation

  • Workflow for API Publishing

  • Multi Language Support Remaining Entities

  • DCR Validation with Auth Provider-specific templates

  • API Notification Management

 

API Security Manager (ASM):

  • Config Intelligence - support for api mgmt entities

  • Version Management - Support for platform patch (PPP) for Portal/ASM OVA

  • Version Management - Support for major gateway upgrades

0 comments
8 views

Permalink

https://community.broadcom.com/blogs/gregory-thompson1/2026/04/21/layer7-work-in-progess-update-pi-44