EcosystemEven more OpenTelemetry!I continue to work on my Opentelemetry demo. Its main idea is to showcase traces across various technology stacks, including asynchronous communication via an MQTT queue. This week, I added a couple of components and changed the architecture. Here are some noteworthy learnings; note that some of them might not be entirely connected to OpenTelemetry.
CommunityMonthly Report (May 01 - May 31)We have recently made some additions and improvements to specific features within Apache APISIX. These include supporting the hcv namespace in HashiCorp Vault and allowing setting headers in introspec...
VulnerabilitiesHTTP Request Smuggling in forward-auth Plugin (CVE-2024-32638)For APISIX versions 3.8.0 and 3.9.0, enabling the forward-auth plugin allows APISIX to trigger illegal requests (HTTP Request Smuggling).
EcosystemFive ways to pass parameters to Apache APISIXI recently read 6 Ways To Pass Parameters to Spring REST API. Though the title is a bit misleading, as it's unrelated to REST, it does an excellent job listing all ways to send parameters to a Spring application. I want to do the same for Apache APISIX; it's beneficial when you write a custom plugin.
CommunityMonthly Report (April 01 - April 30)We have recently made some additions and improvements to specific features within Apache APISIX. These include adding discovery k8s dump data interface, adding max req/resp body size attributes (max_resp_body_bytes and max_req_body_bytes) in the kafka-logger plugin, and autogenerating the admin API key if they are not configured in the configuration file. For detailed information, please read the monthly report.
CommunityRelease Apache APISIX 3.8.1We are glad to release Apache APISIX 3.8.1 with a bug fix to improve user experiences.
CommunityRelease Apache APISIX 3.9.1We are glad to release Apache APISIX 3.9.1 with a bug fix to improve user experiences.
PluginImplementing the Idempotency-Key specification on Apache APISIXLast week, I wrote an analysis of the IETF Idempotency-Key specification. The specification aims to avoid duplicated requests. In short, the idea is for the client to send a unique key along with the request:If the server doesn't know the key, it proceeds as usual and then stores the responseIf the server knows the key, it short-circuits any further processing and immediately returns the stored responseThis post shows how to implement it with Apache APISIX.
EcosystemHow to build APISIX in SLES 15By reading this article you will learn how to build Apache APISIX SLES 15 from source code. The build process will be done in the SLE BCI 15 SP5 Base Container