Release date 2026/04/07
Added WebSocket protocol support (ws/wss). The plugin now enforces allow/deny group rules during the WebSocket handshake phase.
Fixed an issue where the ACL plugin did not check consumer groups from all sources, causing it to incorrectly deny access when consumer groups were set by other plugins like ACE in ngx.ctx.authenticated_consumer_groups.
Release date 2026/04/08
Fixed an issue where anonymous consumers with valid legacy ACL group credentials were rejected with 403 when include_consumer_groups was enabled and no enterprise consumer groups were assigned.
Release date 2026/02/01
Fixed an issue where the ACL plugin did not check consumer groups from all sources, causing it to incorrectly deny access when consumer groups were set by other plugins like ACE in ngx.ctx.authenticated_consumer_groups.
Release date 2025/12/18
Fixed an issue where the cache was not being invalidated for incremental sync in certain scenarios, leading to stale data being served.
Release date 2025/11/18
Fixed an issue where the cache was not being invalidated for incremental sync in certain scenarios, leading to stale data being served.
Release date 2025/10/23
Fixed an issue where the cache was not being invalidated for incremental sync in certain scenarios, leading to stale data being served.
Release date 2025/12/09
Fixed an issue where the cache was not being invalidated for incremental sync in certain scenarios, leading to stale data being served.
Release date 2024/09/11
Added a new config always_use_authenticated_groups to support using authenticated groups even when an authenticated consumer already exists.
Release date 2022/09/09
Removed the deprecated blacklist and whitelist configuration parameters. #8560
