Kong Gateway 3.10.x
- Added the schema field
allow_duplicate_object_entry_nameto allow or disallow duplicate object keys in JSON payloads. When set tofalse, the plugin will reject JSON payloads with duplicate object keys. The default value istrue, which is same as the previous behavior. - This plugin now accurately supports proxying for non-
POST/PUT/PATCHrequests.
Kong Gateway 3.9.x
- Fixed an issue where the length counting of escape sequences, non-ASCII characters, and object entry names in JSON strings was incorrect. The plugin now uses UTF-8 character count instead of bytes.
- Fixed an issue where certain default parameter values were incorrectly interpreted as 0 in some environments (for example, ARM64-based):
max_container_depthmax_object_entry_countmax_object_entry_name_lengthmax_array_element_countmax_string_value_length
Kong Gateway 3.8.x
- Introduced the new JSON Threat Protection plugin.
Known issues:
- In the JSON Threat Protection plugin, the default value of
-1for any of themax_*parameters indicates unlimited. In some environments (such as ARM64-based environments), the default value is interpreted incorrectly. The plugin can erroneously block valid requests if any of the parameters continue with the default values. To mitigate this issue, configure the JSON Threat Protection plugin with limits for all of themax_*parameters.