You are browsing documentation for an older version. See the latest documentation here.

Kong Gateway 3.4.x breaking changes

Before upgrading, review any configuration or breaking changes in this version and prior versions that affect your current installation.

You may need to adopt different upgrade paths depending on your deployment methods, set of features in use, custom plugins, for example.

TLS changes

3.4.3.5

In OpenSSL 3.2, the default SSL/TLS security level has been changed from 1 to 2. This means the security level is set to 112 bits of security. As a result, the following are prohibited:

  • RSA, DSA, and DH keys shorter than 2048 bits
  • ECC keys shorter than 224 bits
  • Any cipher suite using RC4
  • SSL version 3 Additionally, compression is disabled.

Deployment

Amazon Linux 2022 to 2023 rename

Amazon Linux 2022 artifacts are renamed to Amazon Linux 2023, based on AWS’s own renaming.

Alpine support removed

Alpine packages and Docker images based on Alpine are no longer supported. Starting with Kong Gateway 3.4.0.0, Kong is not building new Alpine images or packages.

Ubuntu 18.04 support removed

Support for running Kong Gateway on Ubuntu 18.04 (“Bionic”) is now deprecated, as Standard Support for Ubuntu 18.04 has ended as of June 2023. Starting with Kong Gateway 3.4.0.0, Kong is not building new Ubuntu 18.04 images or packages, and Kong will not test package installation on Ubuntu 18.04.

If you need to install Kong Gateway on Ubuntu 18.04, see the documentation for previous versions.

Cassandra DB support removed

Cassandra DB support has been removed. It is no longer supported as a data store for Kong Gateway.

You can migrate from Cassandra DB to PostgreSQL by following the migration guide, or reach out to your support representative for help.

Configuration changes

The following is a list of changes in kong.conf in this release.

ItemRecommended action
LMDB encryption has been disabled.

The parameter declarative_config_encryption_mode has been removed from kong.conf.
No action needed.
Renamed the configuration property admin_api_uri to admin_gui_api_url. The old admin_api_uri property is considered deprecated and will be fully removed in a future version of Kong Gateway.Update your configuration to use admin_gui_api_url.
The database parameter no longer accepts cassandra as an option.

All Cassandra options have been removed.
If you use Cassandra DB, either migrate to PostgreSQL (postgres) or DB-less mode (off).

Admin API changes

The /consumer_groups/:id/overrides endpoint is deprecated in favor of a more generic plugin scoping mechanism. See the new consumer groups entity.

Plugin changes

Validation for plugin queue related parameters has been improved. Certain parameters now have stricter requirements.

  • max_batch_size, max_entries, and max_bytes are now declared as integer instead of number.
  • initial_retry_delay and max_retry_delay must now be numbers greater than 0.001 (in seconds).

This affects the following plugins:

Rate Limiting Advanced

The /consumer_groups/:id/overrides endpoint has been deprecated. While this endpoint will still function, we strongly recommend transitioning to the new and improved method for managing consumer groups, as documented in the Enforcing rate limiting tiers with the Rate Limiting Advanced plugin guide.

Known issues

Some referenceable configuration fields, such as the http_endpoint field of the http-log plugin and the endpoint field of the opentelemetry plugin, do not accept reference values due to incorrect field validation.


Previous Kong Gateway 3.3.x breaking changes

Next Kong Gateway 3.5.x breaking changes