Releases: ThreeMammals/Ocelot
23.4.2
📦 End of .NET 6, 7 Support (version 23.4.2)
Read the Docs: Ocelot 23.4 with PDF
Hot fixed version: 23.4.1
Milestone: November'24
This is the last patched version for .NET 6 and 7 frameworks. The upcoming major release, version 24.0, will target .NET 9 alongside the LTS .NET 8. Projects targeting .NET 6 or 7 should update to this version while considering an upgrade to .NET 8 or 9 in the future.
ℹ️ About
- All package versions have been updated to latest versions targeting the
net6.0
andnet7.0
frameworks, along with the LTSnet8.0
. - Dependabot alerts concerning reported vulnerabilities related to
IdentityServer4
have not yet been addressed; these will be resolved in the next major release (refer to Warnings further information).
❗ Warning
- Releasing a patched
23.4.*
is possible. - In the next major version, the Ocelot team will remove references to the IdentityServer4 package from testing projects due to its "Public Archive" status; the version, 4.1.2, was released on July 7, 2021.
- The main Ocelot package is not integrated with
IdentityServer4
, allowing Ocelot users to utilize any authentication provider, as Ocelot's Authentication feature is provider-agnostic. - Our plans to utilize the ASP.NET Core Identity framework in testing projects due to industry standards, instead the
IdentityServer4
library. - Following the release of .NET 9, the team will begin the deprecation of the Ocelot extension-packages:
Ocelot.Cache.CacheManager
,Ocelot.Tracing.Butterfly
, andOcelot.Tracing.OpenTracing
.
What's Changed
- Review Dependabot alerts for
net6.0
andnet7.0
target frameworks and bump all packages by @raman-m in #2220 - Release 23.4.2 | End of .NET 6, 7 Support | November'24 release | +semver: patch by @raman-m in #2221
Full Changelog: 23.4.1...23.4.2
23.4.1
📦 Routing patch (version 23.4.1)
Read the Docs: Ocelot 23.4 with PDF
Hot fixed version: 23.4.0
Milestone: November'24
❤️ A heartfelt "Thank You" to Guillaume Gnaegi (@ggnaegi)
ℹ️ About
🔥 Hot fixed issues: #2165 #2209 #2212
What's Changed
- #2165 Global configuration
SecurityOptions
by @Fabman08 in #2170 - #2209 Placeholders matching must work if RouteIsCaseSensitive = false by @ggnaegi in #2210
- File-scoped namespaces everywhere by @raman-m in #2211
- #2212 Incorrect calculation of placeholders, only the last placeholder should be allowed to match several segments by @ggnaegi in #2213
- Release 23.4.1 | Routing patch | November'24 release | +semver: patch by @raman-m in #2215
Full Changelog: 23.4.0...23.4.1
23.4.0
🔀 Routing Update (version 23.4.0) aka McDonald's release
Codenamed: McDonald's
Read the Docs: Ocelot 23.4.0
ℹ️ About
This minor release significantly upgrades the Routing feature by supporting embedded placeholders within path segments (between slashes). Additionally, the team has focused on enhancing the performance of Regex
objects.
🆕 What's new?
- Routing: Introducing the new "Embedded Placeholders" feature by @ggnaegi.
As of November 2024, Ocelot was unable to process multiple placeholders embedded between two forward slashes. It was also challenging to differentiate the placeholder from other elements within the slashes. For example,/{url}-2/
for/y-2/
would yield{url} = y-2
. We are excited to introduce an enhanced method for evaluating placeholders that allows for the resolution of placeholders within complex URLs.
For additional information, refer to PR #2200.
🆙 Focus On
Features: Routing, Core, Rate Limiting, Middleware Injection
- Routing: The new feature is "Embedded Placeholders" by @ggnaegi.
- Core: All
Regex
logic has been refactored by @EngRajabi.
The Ocelot Core now boasts improved performance ofRegex
objects, striving to adhere to the Best Practices for Regular Expressions in .NET. It is estimated that each request could save from 1 to over 10 microseconds in processing time (though no benchmarks have been developed to measure this). - Rate Limiting: The persistent issue with Rate Limiting headers has been resolved by @jlukawska.
The problem was the absence of unofficialX-Rate-Limit-*
headers (found in the RateLimitingHeaders class) in theRateLimitingMiddleware
's response. For more details, see PR #1307.
Note that these unofficial headers have not yet been documented, so they may be subject to change since Ocelot's RateLimiting headers do not align with industry standards. - Middleware Injection: The
OcelotPipelineConfiguration.ClaimsToHeadersMiddleware
property has been introduced by @kesskalli.
This new property enables the overriding of the ClaimsToHeadersMiddleware. For additional information, refer to PR #1403.
Documentation for v23.4.0
- Routing: Introducing a new section on Embedded Placeholders
- Middleware Injection: Documentation now includes the ClaimsToHeadersMiddleware feature
Honoring 🏅 aka Top Contributors 👏
1st 🥇 goes to Mohsen Rajabi for delivering 1 feature in 12 files changed
2nd 🥈 goes to Jolanta Łukawska for delivering 1 feature in 8 files changed
3rd 🥉 goes to Karim Esskalli for delivering 1 feature in 6 files changed
Starring ⭐ aka Release Influencers
⭐ Mohsen Rajabi, @EngRajabi
⭐ Jolanta Łukawska, @jlukawska
⭐ Raman Maksimchuk, @raman-m
⭐ Karim Esskalli, @kesskalli
⭐ Guillaume Gnaegi, @ggnaegi
Features in Release 23.4.0
Logbook
- 41fc9bd by Raman Maksimchuk on Monday, November 18 at 23:40 →
Release 23.4 | Routing Update | MGGA release | +semver: minor (#2206) - 27d3df2 by Guillaume Gnaegi on Sunday, November 17 at 15:24 →
#2199 Adding support of placeholder matching between slashes👍 (#2200) - d76fc95 by Mohsen Rajabi on Saturday, November 16 at 21:39 →
Best practices for regular expressions versusRegex
performance review (#1348) - da9d6fa by jlukawska on Saturday, November 9 at 18:09 →
#1305 Populate RateLimiting headers in the originalHttpContext
response accessed viaIHttpContextAccessor
(#1307) - d310508 by kesskalli on Tuesday, November 5 at 19:09 →
Override theClaimsToHeadersMiddleware
by theOcelotPipelineConfiguration
settings (#1403)
What's Changed
- Override the
ClaimsToHeadersMiddleware
by theOcelotPipelineConfiguration
settings by @kesskalli in #1403 - #1305 Populate RateLimiting headers in the original
HttpContext
response accessed viaIHttpContextAccessor
by @jlukawska in #1307 - Best practices for regular expressions versus
Regex
performance review by @EngRajabi in #1348 - #2199 Adding support of placeholder matching between slashes👍 by @ggnaegi in #2200
- Release 23.4 | Routing Update | MGGA release | +semver: minor by @raman-m in #2206
New Contributors
- @kesskalli made their first contribution in #1403
Full Changelog: 23.3.6...23.4.0
23.3.6
🔥 Hot fixing v23.3.4 (version 23.3.6) aka October'24 release
Read the Docs: Ocelot 23.3
Hot fixed version: 23.3.4
Milestone: October'24
❤️ A heartfelt "Thank You" to Nikolai Masson (@Niksson) and Nikolay Kuksov (@kick2nick) for their contributions!
ℹ️ About
This release provides minor bug fixes from the previous 23.3.4 release. All bugs have been addressed in the October'24 milestone.
📓 For projects utilizing the Service Discovery feature, it is recommended to update to this version to benefit from the unstable release 23.3.4, which includes fixes for both Consul
and Kube
discovery providers.
🧑💻 Technical Information
The Ocelot solution encountered a significant issue with the disabled scope validation of services in the DI-container, affecting both testing projects and the core library. Initially, this was not problematic when services were designed as singletons by previous contributors and our team. However, with the introduction of more scoped services by the Ocelot team, it became clear that our testing projects could not adequately handle them.
This patch introduces scope validation across all domains: unit tests, acceptance tests, and the core library itself. We advise always enabling scope validation in your custom Ocelot solutions, especially when dealing with numerous C# overridden classes in the DI-container and any attached custom functionality.
The patch enhances functionality for two primary Service Discovery providers:
- The Ocelot.Provider.Consul provider. The addressed bug is issue #2178, reported on October 17, 2024.
TheSystem.InvalidOperationException
error stating "Cannot resolve scoped service 'Ocelot.Provider.Consul.Interfaces.IConsulServiceBuilder' from root provider" has been resolved.
To clarify, theIConsulServiceBuilder
service is a scoped service in DI, injected via theAddConsul()
or AddConsul<T>() methods. Therefore, theDefaultConsulServiceBuilder
should also be a scoped service, withHttpContext
injected to meet your development requirements. - The Ocelot.Provider.Kubernetes provider had an issue reported as #977 on August 1, 2019.
It involved aSystem.InvalidOperationException
with the message: "Cannot resolve scoped service 'KubeClient.IKubeApiClient' from root provider." This "invalid scopes" error occurred only in development mode, as release mode DLLs do not validate scopes. However, theKubeApiClient
is designed to have a scoped lifetime. Acceptance tests passed because scope validation was disabled, and theKubeClient
was replaced with a singleton. This inconsistency was identified and reproduced by the old 977 issue. As a temporary solution, theIKubeApiClient
was registered as a singleton.
Looking ahead, our team intends to redesign the Kubernetes provider to have a default service builder that is scoped, similar to the Consul provider.
❗ Breaking Changes
Upgrading from 23.3.4 to 23.3.6 introduces no breaking changes. However, upgrading from 23.3.0 or earlier versions may result in some incompatibilities. For further information, please refer to the release notes of v23.3.4.
Starring ⭐ aka Release Influencers
⭐⭐ Raman Maksimchuk, @raman-m
⭐ Henrique Holtz, @henriqueholtz
⭐ Nikolay, @kick2nick
⭐ Nikolai Masson, @Niksson
⭐ Emmanuel Ferdman, @emmanuel-ferdman
⭐ dependabot[bot], @dependabot
What's Changed
- Bump everything | Hot fixing Microsoft.Extensions.Caching.Memory | Microsoft Security Advisory CVE-2024-43483 by @dependabot in #2175
- Coding best practices:
async
vsawait
improvements by @henriqueholtz in #2156 - #2178 DI service resolution from scoped
HttpContext
request services for theIConsulServiceBuilder
service by @Niksson in #2179 - #977 Enable validation of DI scopes in
Kube
andPollKube
discovery providers by @kick2nick in #2180 - Follow up #2179 #2180 : Enable validation of DI scopes everywhere, in commit e4bc9ff by @raman-m
- Correct broken references in
servicediscovery.rst
by @emmanuel-ferdman in #2187 - Release 23.3.6 | v23.3.4 Hotfixes | October'24 release | +semver: patch by @raman-m in #2185
New Contributors
- @henriqueholtz made their first contribution in #2156
- @Niksson made their first contribution in #2179
- @kick2nick made their first contribution in #2180
Full Changelog: 23.3.5...23.3.6
23.3.5
📦 Documentation patch (version 23.3.5), technical release
Read the Docs: Ocelot 23.3
PDF Doc: Ocelot 23.3
Hot fixed version: 23.3.4
ℹ️ About
This documentation patch pertains to HTML and PDF document layouts.
No NuGet packages have been uploaded.
23.3.4
🔥 Hot fixing v23.3 (version 23.3.4) aka Blue Olympic Balumbes release
Codenamed: Blue Olympic Fiend
Read the Docs: Ocelot 23.3
Hot fixed versions: 23.3.0, 23.3.3
Milestone: v23.3 Hotfixes
❤️ A heartfelt "Thank You" to Roman Shevchik and Massimiliano Innocenti for their contributions in testing and reporting the Service Discovery issues, #2110 and #2119, respectively!
ℹ️ About
This release delivers a number of bug fixes for the predecessor's 23.3.0 release, which is full of new features but was not tested well. All bugs were combined into the v23.3 Hotfixes milestone.
Following the substantial refactoring of Service Discovery providers in the 23.3.0 release, the community identified and we have acknowledged several critical service discovery defects with providers such as Kube and Consul. The Kube
provider, while somewhat unstable, remained operational; however, the Consul
provider was entirely non-functional.
📓 If your projects rely on the Service Discovery feature and cannot function without it, please upgrade to this version to utilize the full list of features of version 23.3.0.
🧑💻 Technical Information
A comprehensive explanation of the technical details would span several pages; therefore, it is advisable for fans of Ocelot to review all pertinent technical information within the issue descriptions associated with the milestone.
Our team has implemented some Breaking Changes which we urge you to review carefully (details follow).
⚠️ Breaking Changes
Listed by priority:
ILoadBalancer
interface alteration: MethodLease
is nowLeaseAsync
.
Interface FQN:Ocelot.LoadBalancer.LoadBalancers.ILoadBalancer
Method FQN:Ocelot.LoadBalancer.LoadBalancers.ILoadBalancer.LeaseAsync
DefaultConsulServiceBuilder
constructor modification: The first parameter's type has been changed fromFunc<ConsulRegistryConfiguration>
toIHttpContextAccessor
.
Class FQN:Ocelot.Provider.Consul.DefaultConsulServiceBuilder
Constructor signature:public DefaultConsulServiceBuilder(IHttpContextAccessor contextAccessor, IConsulClientFactory clientFactory, IOcelotLoggerFactory loggerFactory)
- Adjustments to
Lease
type: TheLease
has been restructured from a class to a structure and elevated in the namespace hierarchy.
Struct FQN:Ocelot.LoadBalancer.Lease
📓 Should your custom solutions involve overriding default Ocelot classes and their behavior, redevelopment or at least recompilation of the solution, followed by deployment, will be necessary.
Honoring 🏅 aka Top Contributors 👏
1st 🥇 goes to Roman Shevchik for delivering 1 feature in 25 files changed
2nd 🥈 goes to Ben Bartholomew for delivering 1 feature in 7 files changed
3rd 🥉 goes to Paul Roy for delivering 1 feature in 5 files changed
Starring ⭐ aka Release Influencers
⭐⭐ Raman Maksimchuk, @raman-m
⭐ Roman Shevchik, @antikorol
⭐ Ben Bartholomew, @ben-bartholomew
⭐ Paul Roy, @PaulARoy
⭐ Finn Fiedler, @int0x81
⭐ Emmanuel Ferdman, @emmanuel-ferdman
⭐ dependabot[bot], @dependabot
Features in Release 23.3.4
Milestone: v23.3 Hotfixes
Logbook
- acda395 by Raman Maksimchuk on Thursday, October 3 at 23:05 →
Release 23.3.4 artifacts | +semver: patch (#2161) - 09f2b1a by Raman Maksimchuk on Thursday, October 3 at 11:48 →
#2119 Review load balancing (2nd round) and redesignDefaultConsulServiceBuilder
withConsulProviderFactory
refactoring to make it thread safe and friendly (#2151) - 58d87c9 by Finn on Friday, September 20 at 13:59 →
#2116 Escaping unsafe pattern values ofRegex
constructor derived from URL query parameter values containing specialRegex
chars (#2150) - 8e66be7 by Emmanuel Ferdman on Saturday, September 14 at 20:15 →
Correct the broken link to the GraphQL sample'sREADME.md
(#2149) - c502e4f by Paul Roy on Saturday, September 14 at 18:47 →
Downgrade the Warning to Information on missingContent-Length
header inMultiplexingMiddleware
(#2146) - 19a8e2f by Roman on Wednesday, August 7 at 16:44 →
#2110 Review load balancing and independent fetching the list of services inKube
provider (#2111) - b4e21c4 by dependabot[bot] on Thursday, July 18 at 16:48 →
Bump Steeltoe.Discovery.Eureka from 3.2.5 to 3.2.8 in /src/Ocelot.Provider.Eureka (#2122) - d418b3f by Ben Bartholomew on Tuesday, July 16 at 11:52 →
#2084 Apply default config file paths inGetMergedOcelotJson
when providing thefolder
argument ofAddOcelot
(#2120)
What's Changed
- #2084 Apply default config file paths in
GetMergedOcelotJson
when providing thefolder
argument ofAddOcelot
by @ben-bartholomew in #2120 - Bump Steeltoe.Discovery.Eureka from 3.2.5 to 3.2.8 in /src/Ocelot.Provider.Eureka by @dependabot in #2122
- #2110 Review load balancing and independent fetching the list of services in
Kube
provider by @antikorol in #2111 - Downgrade the Warning to Information on missing
Content-Length
header inMultiplexingMiddleware
by @PaulARoy in #2146 - Correct the broken link to the GraphQL sample's
README.md
by @emmanuel-ferdman in #2149 - #2116 Escaping unsafe pattern values of
Regex
constructor derived from URL query parameter values containing specialRegex
chars by @int0x81 in #2150 - #2119 Review load balancing (2nd round) and redesign
DefaultConsulServiceBuilder
withConsulProviderFactory
refactoring to make it thread safe and friendly by @raman-m in #2151 - Release 23.3.4 artifacts | +semver: patch by @raman-m in #2161
- Release 23.3.4 | v23.3 Hotfixes | Blue Olympic Balumbes release by @raman-m in #2162
New Contributors
- @dependabot made their first contribution in #2122
- @antikorol made their first contribution in #2111
- @emmanuel-ferdman made their first contribution in #2149
- @int0x81 made their first contribution in #2150
Full Changelog: 23.3.3...23.3.4
22.0.0
October 2023 (version 22.0.0) aka Swiss Locomotive release
Codenamed as Swiss Locomotive
Read the Docs: Ocelot 22.0
Focused On
Logging feature. Performance review, redesign and improvements with new best practices to log
- Proposing a centralized
WriteLog
method for theOcelotLogger
- Factory methods for computed strings such as
string.Format
or interpolated strings - Using
ILogger.IsEnabled
before calling the nativeWriteLog
implementation and invoking string factory method
Quality of Service feature. Redesign and stabilization, and it produces less log records now.
Documentation for Logging, Request ID, Routing and Websockets
Testing improvements and stabilization aka bug fixing
Honoring 🏅 aka Top Contributors 👏
1st 🥇 goes to Guillaume Gnaegi for delivering 2 features in 99 files changed
2nd 🥈 goes to Raynald Messié for delivering 2 features in 15 files changed
3rd 🥉 goes to @jlukawska for delivering 1 feature in 51 files changed
Starring ⭐ aka Release Influencers
⭐⭐⭐ @raman-m
⭐⭐ Guillaume Gnaegi, @ggnaegi
⭐⭐ Raynald Messié, @RaynaldM
⭐ Samuel Poirier, @sam9291
⭐ Stjepan, @wast
⭐ @jlukawska
Features in Release 22.0.0
Logbook
- 349825f by raman-m on Tuesday, November 28 at 15:45 →
Switch off the PublishToNuget task - 22bc5b6 by raman-m on Monday, November 27 at 22:05 →
Release 22.0 | +semver: breaking - b2246a5 by Raynald Messié on Friday, November 24 at 23:21 →
#1783 Less logs for circuit breakers (Polly exceptions) (#1786) - 388ebc3 by Guillaume Gnaegi on Friday, November 24 at 21:59 →
#1744 Avoid calls to 'Logger.Log' if LogLevel not enabled in appsettings.json (#1745) - 04ad9bf by raman-m on Tuesday, November 21 at 19:56 →
Resolve issues with projects after auto-merging. Format Document - ec55504 by Samuel Poirier on Saturday, November 04 at 13:15 →
#1179 Add missing documentation for Secured WebSocket #1180 - dabb4b5 by Guillaume Gnaegi on Saturday, November 04 at 09:27 →
#1550 #1706 Addressing the QoS options ExceptionsAllowedBeforeBreaking issue (#1753) - ae43f32 by Stjepan on Wednesday, November 01 at 12:41 →
#952 #1174 Merge query strings without duplicate values (#1182) - ab3d8e6 by jlukawska on Friday, October 27 at 21:20 →
Find available port in integration tests (#1173) - 3b776a7 by Raynald Messié on Friday, October 13 at 18:40 →
#1712 Bump to Polly 8.0 (#1714)
23.3.3
23.3.0
Spring 2024 (version 23.3.0) aka Twilight Texas release
Codenamed: Twilight Texas
Read the Docs: Ocelot 23.3
⚠️ Important information about Service Discovery❗
Following the substantial refactoring of Service Discovery providers in this release, the community has identified and we have acknowledged several critical service discovery defects with providers such as Consul
, Kube
, and potentially others. The Kube
provider, while somewhat unstable, remains operational; however, the Consul
provider is entirely non-functional. We apologize to the projects and clients affected by these issues.
If your projects rely on the Service Discovery feature and cannot function without it, please refrain from upgrading to version 23.3.0; instead, continue using or revert to the previous version 23.2.2. However, if your team does not utilize the Service Discovery feature, then upgrading to this version should be fine. The Ocelot team is currently working on the v23.3 Hotfixes milestone during the summer of 2024, and we are optimistic that the hotfixed version 23.3.4 is expected to be available at the beginning of September 2024. We appreciate your understanding and support.
What's new?
Service Discovery: Major upgrade of Kube and Consul providers: new "Customization of services creation" feature
-
Introducing a new feature for "Customization of services creation" in two primary service discovery providers: Consul and Kubernetes, developed by @raman-m.
The customization for bothConsul
andKube
providers in service creation is achieved through the overriding of virtual methods in default implementations. The recommendation was to separate the provider's logic and introducepublic virtual
andprotected virtual
methods in concrete classes, enabling:- The use of
public virtual
methods as dictated by interface definitions. - The application of
protected virtual
methods to allow developers to customize atomic operations through inheritance from existing concrete classes. - The injection of new interface objects into the provider's constructor.
- The overriding of the default behavior of classes.
Ultimately, customization relies on the virtual methods within the default implementation classes, providing developers the flexibility to override them as necessary for highly tailored Consul/K8s configurations in their specific environments.
For further details, refer to the respective pull requests for both providers:Kube
#2052,Consul
#2067 - The use of
Routing: New "Routing based on Request Header" feature
- Introducing the new "Routing based on Request Header" feature by @jlukawska.
In addition to routing viaUpstreamPathTemplate
, you can now define anUpstreamHeaderTemplates
options dictionary. For a route to match, all headers specified in this section are required to be present in the request headers.
For more details, see PR #1312.
Configuration: New "Custom Default Version Policy" and "Route Metadata" features
-
Introducing the "Custom Default Version Policy" feature by @ibnuda.
The configurableHttpRequestMessage.VersionPolicy
helps avoid HTTP protocol connection errors and stabilizes connections to downstream services, especially when you're not developing those services, documentation is scarce, or the deployed HTTP protocol version is uncertain.
For developers of downstream services, it's possible toConfigureKestrel
server and its endpoints with new protocol settings. However, attention to version policy is also required, and this feature provides precise version settings for HTTP connections.
Essentially, this feature promotes the use of HTTP protocols beyond 1.0/1.1, such as HTTP/2 or even HTTP/3.
For additional details, refer to PR #1673. -
Introducing the new "Route Metadata" feature by @vantm. Undoubtedly, this is the standout feature of the release! ⭐
Route metadata enables Ocelot developers to incorporate custom functions that address specific needs or to create their own plugins/extensions.
In versions of Ocelot prior to 23.3.0, the configuration was limited to predefined values that Ocelot used internally. This was sufficient for official extensions, but posed challenges for third-party developers who needed to implement configurations not included in the standardFileConfiguration
. Applying an option to a specific route required knowledge of the array index and other details that might not be readily accessible using the standardIConfiguration
orIOptions<FileConfiguration>
models from ASP.NET. Now, metadata can be directly accessed in theDownstreamRoute
object. Furthermore, metadata can also be retrieved from the global JSON section via theFileConfiguration.GlobalConfiguration
property.
For more information, see the details in PR #1843 on this remarkable feature.
Focus On
Updates of the features: Configuration, Service Discovery, Routing and Quality of Service
-
Configuration: New features are "Custom Default Version Policy" by @ibnuda and "Route Metadata" by @vantm.
-
Service Discovery: New feature is "Customization of services creation" by @raman-m.
-
Routing: New feature is "Routing based on Request Header" by @jlukawska.
-
Quality of Service: The team has decided to remove the Polly V7 policies logic and the corresponding Ocelot
AddPollyV7
extensions (referenced in PR #2079). Furthermore, the Polly V8 Circuit Breaker has been mandated as the primary strategy (as per PR #2086).
See more detailed below in "Ocelot extra packages" paragraph.
Ocelot extra packages
-
-
Our team has resolved to eliminate the Polly V7 policies logic and the corresponding Ocelot
AddPollyV7
extensions entirely (refer to the "Polly v7 vs v8" documentation). In the previous 23.2 release, named Lunar Eclipse, we included these to maintain the legacy Polly behavior, allowing development teams to transition or retain the old Polly V7 functionality. We are now confident that it is time to progress alongside Polly, shifting our focus to the new Polly V8 resilience pipelines. For more details, see PR #2079. -
Additionally, we have implemented Polly v8 Circuit Breaker as the primary strategy. Our Quality of Service () relies on two main strategies: Circuit Breaker and Timeout. If both Circuit Breaker and Timeout are configured with their respective properties in the
QoSOptions
of the route JSON, then the Circuit Breaker strategy will take precedence in the constructed resilience pipeline. For more details, refer to PR #2086.
-
23.2.2
Hotfix release (version 23.2.2) for #2031 issue
Route path template placeholders and their validation rules
Special thanks to Guillaume Gnaegi and Fabrizio Mancin!
About
The bug is related to the Placeholders feature in Configuration and Routing.
The bug was introduced in version 23.2.0 as a part of PR #1927.
Breaking Change
The new validation rules of the FileConfigurationFluentValidator
class do not allow the Ocelot app to start when implicit placeholders are defined in custom implementations, such as middlewares, delegating handlers, and replaced services in the dependency injection (DI) container.
These new rules are capable of validating explicit placeholders only within the UpstreamPathTemplate
and DownstreamPathTemplate
properties. Unfortunately, they cannot oversee implicit placeholders in custom implementations, and they do not validate early during the Ocelot app startup process.
Ensure that you avoid using version 23.2.0. If you are currently on that version, upgrade to version 23.2.2 by applying this hotfix patch.
Technical info
With version 23.2.0, particularly if you have overridden certain service classes or implemented custom logic that manipulates placeholders, you may encounter Ocelot app crashes accompanied by the following errors in the log:
One or more errors occurred. (Unable to start Ocelot, errors are: XXX)
where XXX
are the following validation error messages:
UpstreamPathTemplate 'UUU' doesn't contain the same placeholders in DownstreamPathTemplate 'DDD'
DownstreamPathTemplate 'DDD' doesn't contain the same placeholders in UpstreamPathTemplate 'UUU'
Finally, the validation rules resulted from the incorrect assumption that placeholders are always explicit and can be validated early. Therefore, custom implementations and feature services in the dependency injection (DI) container, which rely on or manipulate placeholders, should validate the configuration JSON and appropriate options later, directly within their service implementations.
Bug Artifacts
- Released in version: 23.2.0
- Introduced in: PR #1927
- Reported bug: #2031 by @ggnaegi and tested by @Fabman08
- Hotfix PR: #2032 by @raman-m
Features in Release 23.2.2
2ded872 by Raman Maksimchuk on Friday, April 05 at 15:13 →
Release 23.2.1-2 artifacts | +semver: patch
14c6d82 by Raman Maksimchuk on Friday, April 05 at 12:57 →
#2031 Don't validate placeholders in templates (#2032)
d1855cb by Raman Maksimchuk on Thursday, April 04 at 00:17 →
#1673 #1672 Update Docker for CircleCI builds (#2030)