Skip to main content

Release Notes

What's new in Traefik Hub.

July 2024

What's New

  • Native Coraza WAF integration: Secure APIs with the Coraza Web Application Firewall (endorsed by OWASP). The native WAF integration in Traefik Hub provides more than 23x performance improvement over Traefik Proxy's WASM-based WAF plugin.
  • Distributed ACME on all platforms using Vault: Simplify certificate management and ensure that certificates are always up-to-date by automatically obtaining and renewing TLS certificates with ACME from Certificate Authorities like Let's Encrypt. The Hub-exclusive distributed ACME is more efficient for large-scale or high-availability setups, as it reduces duplication and ensures consistency across all Gateway instances by leveraging HashiCorp Vault as shared secure certificate storage. Now available for all supported installation platforms.
  • Vault Public Key Infrastructure: Create your own private certificate authority (CA) with the HashiCorp Vault PKI secret engine to issue, manage, and revoke digital certificates. Combine it with the gateway's ACME resolvers for automated certificate management, even in a distributed way.
  • LDAP middleware: Secure your APIs by delegating the authentication to an external LDAP server with the LDAP middleware.
  • OPA middleware: The Open Policy Agent middleware restricts access to your APIs and allows you to enrich request headers with data extracted from policies.
  • Cache middleware: Add cache middleware to your routers and improve the performance of your infrastructure by reducing latency, network traffic, and the time needed to interact with an API.
  • FIPS-compliant Docker image: Traefik Hub is now compliant with FIPS 140-2, a U.S. Federal Government security standard used to approve cryptographic modules.
  • Multi-platform install snippets: A newly added platform selector helps you in the new gateway creation wizard to get tailored installation snippets for Kubernetes, Docker Compose, Docker Swarm, HashiCorp Nomad, and Systemd for Linux-based virtual machines, bare-metal hardware or cloud computing instances like AWS EC2.
  • The embedded Traefik Proxy version has been updated to bring the latest open-source improvements for Hub.

API Management-exclusive features:

  • Add any third-party Identity Provider with OIDC: User management has never been easier. Secure your API Developer Portals and API Gateways with any third-party Identity Provider you already have, such as Okta or Azure Entra ID, using enterprise-grade OIDC. Check the documentation about how to configure it on the online Hub dashboard.
  • Metrics overview in the online dashboard: The Hub online dashboard gives you an overview of your APIs' overall consumption and health. You can also filter for every API, user, and API Management-enabled gateway. Fine-grained metrics are still available on the gateway with OpenTelemetry.

May 2024

What's New

  • Traefik Hub now embeds all Traefik Proxy v3.0 features (compatible with Traefik v2).
  • Capacity to install Traefik Hub as a drop-in replacement of Traefik Proxy, with additional Enterprise features such as authentication, authorization, distributed rate limit, and more.
  • Traefik Hub provides robust API management capabilities for API publishers and consumers. The features include API versioning, user and fine-grained access management, rate limiting, declarative configuration linting, API developer portals, API observability metrics, and many more.
  • Promote any Ingress or IngressRoute to become a managed API. This means one can now attach any built-in gateway middleware or plugins to APIs, unlocking Traefik's entire network power for APIs.
  • Extend Traefik Hub with your custom WebAssembly (WASM) plugins.
  • Leverage the new Coraza Web Application Firewall, a plugin Traefik Labs supports.
  • OpenTelemetry (OTel) metrics are now available on both ingresses and managed APIs.
  • Operate API Gateways fully offline without reliance on any SaaS platform.

February 2024

What's New

  • We've added a new filtering concept in the APIAccess CRD that enables you to select sets of OpenAPI operations defined on APIs or APIVersions. You can find more information in the API CRD reference.
  • All-new API Portal. We've refreshed the API Portal UI to create a better user experience. New API Portal UI.
  • It is now possible to turn off the generation and usage of traefikhub.io domains for your API Gateways and Portals.
  • Error logs generated by the Traefik Hub agent are now transmitted to the Traefik Hub platform and stored for 24 hours to assist in resolving support requests quickly. You can turn off sending error logs by adjusting the default configuration.
  • We've enhanced the API and the APIVersion CRDs. Both CRDs support now naming of the API Service port service.port.name.

December 2023

What's New

  • You can now publish APIs without an OpenAPI specification. No OAS spec required.
  • We've published a complete Traefik Hub GitOps demo. Follow the tutorial to learn how to deploy and manage APIs on a local Kubernetes cluster with Flux. Example Grafana dashboard.
  • We've updated the dashboard to make it more effortless for you to get an overview about configured access policies and rate limits. This information is now displayed in the API details page, as in the user and groups details pages. Computed values.

November 2023

What's New

  • Traefik Hub now has a direct integration with Okta. IdP-Form.
  • Starting today, you're able to use JWT to secure access to APIs. UI-JWT.
  • We've added support for distributed rate limiting.
  • We've enhanced our OpenTelemetry metrics by adding support for API versions.
  • The dashboard now shows a warning sign when a Traefik Hub agent faces a connectivity issue. Dashboard showing a warning.
  • We've released a new version of the Traefik Hub agent v2.4.2 and of the Helm chart v2.5.1 v2.5.1 Changelog. Please upgrade the Traefik Hub agent to enjoy the latest enhancements. Depending on your set-up, please follow the detailed documentation about upgrading the Ingress Controller or the Sidecar Mode installation.

October 2023

What's New

  • In this release, we've added OpenTelemetry support to Traefik Hub.
  • We've added support for adjusting CORS and API header policies through CRDs and via the dashboard. UI.
  • You can now manage workspace roles through the dashboard. UI.

Security

September 2023

What's New

  • You can use Keycloak for Single Sign-On (SSO) or as an identity broker for Traefik Hub.
  • We enhanced workspace management. You can now assign roles to workspace members. Every role, Viewer, Editor and Admin has a different set of permissions.
  • Traefik Hub now supports CORS (Cross-Origin Resource Sharing) configuration via CRDs.

August 2023

What's New

  • We've added support for API versioning through CRDs and via the dashboard.
  • We've published the Traefik Hub Helm Chart on GitHub.
  • We've improved the dashboard to provide a better experience when you select Services. You can now better identify if you use an internal or external (API) Service.
  • The dashboard shows now a warning sign when the user's initial password reset has not been performed yet.
  • We've released a new version of the Traefik Hub Helm chart with an update of the Traefik Hub agent. Please find the changelog for v2.2.0 on GitHub. Please upgrade to version v2.2.0 to enjoy the latest enhancements. Depending on your set-up, please follow the detailed documentation about upgrading the Ingress Controller or the Sidecar Mode installation.

Bug Fixes

  • We've fixed a couple of tiny bugs in the user interface (dashboard).

July 2023

What's New

  • The Traefik Hub agent supports now two different installation methods, the Ingress Controller mode and the Sidecar Mode.
  • We've added Emissary (formerly Ambassador, an Envoy-based) Ingress support with Sidecar Mode.
  • We've improved API management, you can now select APIs by name and by Labels. You can combine names and Labels to filter your selections even more.
  • We've added support for rate limiting to the dashboard.
  • We've added support for Swagger v2.

Bug Fixes

  • We've fixed a couple of descriptions in the dashboard.

June 2023

What's New

  • You can now manage external APIs, hosted outside your Kubernetes cluster, for example on Virtual Machines (VMs) or third party APIs.
  • Starting today, you're able to use rate limiting for APIs.
  • We strengthened security. The Traefik Hub token is now provided as a Secret during installation.
  • If you deal with large clusters, we made your life easier with filtering Services by namespace in the dashboard, to quickly find what you look for.
  • The dashboard provide more guidance, with clear indications of which fields are required and more descriptions.
  • We've updated the dashboard to put key information right at your fingertips: information on APIs and API Collections, the API Developer Portal and Users.
    Corresponding screens have been updated for better clarity.
  • We’ve improved the API Developer Portal responsiveness by adding HTTP cache control headers.
  • For you to more quickly see how to perform given tasks, we've restructured the documentation, added more tutorials and improved the content overall.
  • Based on your feedback, we've tinkered with the internal workings and polished some rough edges.

Bug Fixes

  • If your session has expired, you will now be redirected to the login screen.
  • We've fixed a couple of bugs in the dashboard related to pop-ups, selecting Services, user groups and error pages.
  • We've fixed a bug related to TLS termination.
  • There were a few little bugs that caused performances issues, like bugs do. We fixed those, and we’ll fix the next ones too.

May 2023

What's New

  • We've changed the architecture, Hub now supports only K8s, the Agent uses a sidecar, and it is compatible with any Ingress Controller.
  • We've added a new ACP (Access Control Policy) for API Keys.
  • We've added a new OAuth Introspection ACP.
  • Starting today, you're able to use CRDs for APIs, API Collections, API Accesses, API Gateways, and API Portal objects.
  • API consumption is now protected by tokens.
  • We've added API Management, now you can use Hub as a platform for managing, routing, monitoring, and securing APIs.
  • You can use Traefik Hub as IdP (Identity Provider).
  • We've replaced freemium tiers with a new trial mechanism.
  • User deletion is now fully GDPR-compliant, no user data is retained.
  • Traefik Hub supports now team collaboration with workspaces.
  • Traefik Hub is now compatible with Traefik's IngressRoute.
  • We've added support for wildcard domains.
  • We've added the functionality to expose Prometheus compatible metrics from the Traefik Hub agent.
  • Hub errors are now leveraging K8s events.
  • We restructured and updated the documentation.
  • We adjusted the Service page in the dashboard, port numbers are now visible when they exceed more than 3 characters.

Bug Fixes

  • We fixed an issue that prevented some ACPs to be deleted.
  • We improved the process of certificate renewals.
  • We solved an issue with custom domain validation.
Last updated on