Release date 2026/04/15
Bugfix
-
Fixed an issue where malformed JWT tokens (e.g. tokens without dots) caused a 500 Internal Server Error instead of returning 401 Unauthorized.
Related Documentation
Made by
Kong Inc.
Supported Gateway Topologies
hybrid
db-less
traditional
Supported Konnect Deployments
hybrid
cloud-gateways
serverless
Compatible Protocols
grpc
grpcs
http
https
Minimum Version
Kong Gateway - 1.0
Tags
3.12.0.5
3.11.0.9
Release date 2026/04/15
Bugfix
-
Fixed an issue where malformed JWT tokens (e.g. tokens without dots) caused a 500 Internal Server Error instead of returning 401 Unauthorized.
3.11.0.0
Release date 2025/07/03
Bugfix
-
Fixed an issue where the WWW-Authenticate header used an incorrect delimiter, now using a comma as specified by RFC 7235.
Performance
-
refactored plugin code to be more performant (measured to be at least three times faster).
3.10.0.0
Release date 2025/03/27
Bugfix
-
Improved the error message which occurred when an anonymous consumer was configured but did not exist.
3.1.0.0
Release date 2022/12/06
Feature
-
The
anonymousfield can now be configured as the username of the consumer. This field allows you to configure a string to use as an “anonymous” consumer if authentication fails.
3.0.0.0
Release date 2022/09/09
Breaking Change
-
Updated the priority for some plugins.:
jwtchanged from1005to1450 -
The authenticated JWT is no longer put into the nginx context (
ngx.ctx.authenticated_jwt_token). Custom plugins which depend on that value being set under that name must be updated to use Kong’s shared context instead (kong.ctx.shared.authenticated_jwt_token) before upgrading to 3.0.