You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Added new management_node boolean configuration option. When turned on, it will exclude the node from distributed rate limiter.
/tyk/api endpoint, used for managing APIs, now can be accessed without trailing slash to avoid confusion.
Tyk Dashboard v1.3.4: security focused release
Fix: Deactivating a user now disables their API access and logs them out from existing dashboard sessions.
Fix: Updating user permissions now does not empty user password.
Fix: Updating user permissions now updates both current API session and all opened dashboard sessions, and does not require user to re-login.
User access to OAuth tokens now controlled using separate permission group.
Disabled auto-completion for all forms with passwords.
Enable HSTS for all requests to improve HTTPS security.
Added new disable_parallel_sessions boolean configuration option. When turned on it allows only one active dashboard session. When a user logs in, all of their other active sessions are automatically logged out.
Using Admin API you now can set the password. If the password field is empty, it gets ignored.
