42Crunch Platform release, November 4, 2019

This 42Crunch Platform release extends the support for the OpenAPI Specification (OAS) v3 to API Conformance Scan and API Protection. In addition, there have been several minor improvements and fixes.

Compatibility

This release is compatible with the following API Firewall images:

• 42crunch/apifirewall:v0.11.0

All previous image versions have been deprecated and are not compatible with this version of the platform.

New features

The following are the new features and improvements to the existing ones in this release.

OAS v3 support in API Conformance Scan and API Protection

In addition to API Security Audit, both API Conformance Scan and API Protection now support OAS v3:

• Audit, scan, protect, and monitor your APIs whether they follow OAS v2 or v3.
• Full support throughout the whole 42Crunch Platform.

For more details, see API Conformance Scan and API Protection.

Clarifications to the issue descriptions in API Security Audit

The descriptions for the audit issues in both OAS v2 and v3 on authentication with credentials (basic authentication credentials or API keys) have been improved.

In addition, the description for the audit issue OAS v3 definitions where a schema does not define the type of the values has been clarified to better explain the different behavior compared to OAS v2.

Known issues

This release has the following known issues.

API Conformance Scan returns an empty report when a scan fails

If Conformance Scan fails to reach the API it is scanning — for example, because the server is not responding, you have specified invalid or empty credentials, or a certificate is signed by an unknown authority — it does not properly report the reason of the failure. Instead, it returns an empty report with 0 issues.

This will be fixed in a future release so that you will be able to know what exactly caused the failure and fix it.