42Crunch Platform release, February 5, 2020

This 42Crunch Platform release improves authentication and resilience in API Conformance Scan.

New features

The following are the new features and improvements to the existing ones in this release.

Multiple authentication methods in Conformance Scan

You can now define multiple authentication methods when configuring the scan in API Conformance Scan.

  • Configure all authentication methods your API requires in one view.
  • The improved scan configuration wizards shows you what authentication methods you have defined in your OpenAPI definition — no need to trying to remember from the top of your head how the API definition looks like.
  • The context-sensitive configuration view adapts to the security requirement you choose to use.

For more details, see API Conformance Scan.

Improved resiliency in Conformance Scan

The resiliency of API Conformance Scan has been significantly improved.

Previously, a scan would fail more easily, interrupting the scan process. This meant that scan also had time to detect fewer issues in the implementation behind the API and the behavior of the backend service compared to the API contract.

Now, scan tolerates more exceptions and the process does not fail as easily. This in turn means that scan will report more issues in your API because it has more time to detect them.

Clarifications to reconfiguring API Firewall

More information has been added to the documentation, for example, on what happens to in-flight traffic when the protection configuration that an API Firewall instance uses is reconfigured. For more details, see Reconfigure API Protection.

Compatibility

This release is compatible with the following API Firewall images:

  • 42crunch/apifirewall:v0.15.1

All previous image versions have been deprecated and are not compatible with this version of the platform.

When you switch the version of the API Firewall image, you must reconfigure any existing protection configurations so that they work with the new version. For more details, see Reconfigure API Protection.

Known issues

This release has the following known issues.

Conformance Scan does not support operation-specific authentication methods

API Conformance Scan does not yet support operation-specific authentication methods. At the moment, Conformance Scan can only use security requirements defined on the global level in the OpenAPI definition of your API. Any security requirements defined on the operation level are currently ignored. This will be fixed in later releases.

Conformance Scan does not support OAuth2 or OpenID Connect

API Conformance Scan does not yet support OAuth2 or OpenID Connect authentication. Support for these authentication methods will be added later.