42Crunch Platform release, April 17, 2020
This 42Crunch Platform release extends YAML support to editing OpenAPI definitions in YAML format, adds mutual TLS authentication to API Conformance Scan, and a new check in API Security Audit.
In addition, API Firewall has been released as a container image for Azure Kubernetes Service (AKS).
New features
The following are the new features and improvements to the existing ones in this release.
YAML support in Security Editor
The YAML support in 42Crunch Platform has now been extended to cover also editing YAML files.
By default, the editor opens your API definition in the format you imported it to the platform. You can switch between JSON and YAML in the editor, and choose the view that suits you best. Saving your changes in the different view automatically converts your API definition to that format.
In addition, you can now also import API definitions as .yml files.
For more details, see Security Editor.
Mutual TLS authentication in Conformance Scan
If your API requires mutual TLS authentication, you can now configure mutual TLS for client authentication in the scan configuration wizard in API Conformance Scan.
This feature is optional and off by default, so if your API does not need it, you can simply skip that step.
For more details, see Scan API conformance.
New check in Security Audit
A new check on media type objects has been added to Security Audit. The audit now checks that the media type objects with multipart/form-data have a schema defined.
This check applies only to the OpenAPI Specification (OAS) v3.
API Firewall Container image for AKS
42Crunch API Firewall is now also available as a container image for AKS on Azure Marketplace.
Compatibility
This release is compatible with the following API Firewall images:
42crunch/apifirewall:v0.16.342crunch/apifirewall:v0.16.442crunch/apifirewall:v0.16.542crunch/apifirewall:v0.16.642crunch/apifirewall:v0.16.7
All previous image versions have been deprecated and are not compatible with this version of the platform.
When you switch the version of the API Firewall image, you must reconfigure any existing protection configurations so that they work with the new version. For more details, see Reconfigure API Protection.
Known issues
This release has the following known issues.
Removing an API does not stop the API Firewall instance
If you delete an API from 42Crunch Platform and that API has an active API Firewall instance protecting it, API Firewall continues to run unless you specifically stop it. Same happens if the protection token that the API Firewall instance uses is deleted or otherwise becomes invalid.
This will be fixed in a future release.