Relay Proxy

[6.7.12] - 2022-07-28

Fixed:

• When using DynamoDB with Big Segments, if the configuration specified a different table name for each environment, that name was being ignored. The Relay Proxy was only respecting the per-environment table name setting for regular data storage, not for Big Segments. This has been fixed so Big Segments data now uses the correct table name. (#199)

[6.7.11] - 2022-07-20

Fixed:

• Updated Alpine version in Docker image to 3.16.1 and patched Go packages to address several vulnerability warnings. (#197)

[6.7.10] - 2022-07-12

Fixed:

• Updated libcrypto and libssl in the Docker image to address an OpenSSL vulnerability. Although the Relay Proxy does not use OpenSSL (it uses the Go runtime's TLS implementation), our policy is to patch all vulnerabilities detected in the Alpine OS used in our Docker image. (#195)

[6.7.9] - 2022-07-01

Changed:

• If the Relay Proxy receives multiple server-side SDK connections for the same environment at nearly the same time, it can now prepare the flag/segment payload for all of them at once using a single buffer. Previously, a new buffer was always used for each connection, which could cause high transient memory usage if many SDKs connected in rapid succession and if the flag/segment data was large. (Thanks, moshegood!)

[6.7.8] - 2022-06-13

Fixed:

• Updated Alpine version to 3.16.0 to address an OpenSSL vulnerability. Although the Relay Proxy does not use OpenSSL (it uses the Go runtime's TLS implementation), our policy is to patch all vulnerabilities detected in the Alpine OS used in our Docker image. (#191)
• Removed the unnecessary installation of curl in the Docker image, which caused security warnings about a vulnerable version of libcurl even though it was not being used. (#191)

[6.7.7] - 2022-05-10

Fixed:

• Fixed an inefficiency in the SSE server implementation that could cause unnecessarily large temporary memory usage spikes when the Relay Proxy was sending large flag data sets to server-side SDK clients.

[6.7.6] - 2022-04-29

Fixed:

• Setting allowable CORS origin domains with any of the allowedOrigin/ALLOWED_ORIGIN configuration options did not work correctly: requests with a matching domain would return empty responses. (Thanks, joshuaeilers!)

[6.7.5] - 2022-04-21

Fixed:

• Updated the golang.org/x/crypto package to address CVE-2022-27191. (#183)

[6.7.4] - 2022-04-15

Fixed:

• Updated the Go version for release builds to 1.17.9 to address security warnings about earlier Go runtimes. (#181)
• Updated the version of the Consul API client due to a vulnerability warning. (#181)

[6.7.3] - 2022-04-08

Fixed:

• When using DynamoDB, if the Relay Proxy attempts to store a feature flag or segment whose total data size is over the 400KB limit for DynamoDB items, it will now log (at Error level) a message like The item "my-flag-key" in "features" was too large to store in DynamoDB and was dropped but will still process all other data updates. Previously, it would cause the Relay Proxy to enter an error state in which the oversized item would be pointlessly retried and other updates might be lost.
• In flag evaluations for client-side SDKs, fixed an edge case where a circular reference in flag prerequisites (not allowed in a flag configuration, but possible to exist briefly under unlikely circumstances) could have caused a crash. See Go SDK 5.7.0 release notes.

[6.7.2] - 2022-04-04

Fixed:

• Updated Docker image to use Alpine 3.14.6. The previous Alpine version, 3.14.5, was reported to have security vulnerability CVE-2022-28391. See also the Alpine 3.14.6 changelog. (#178)

[6.7.1] - 2022-03-28

Fixed:

• Updated Docker image to use Alpine 3.14.5. The previous Alpine version, 3.14.4, was reported to have security vulnerabilities CVE-2022-0778 and CVE-2018-25032. See also the Alpine 3.14.5 changelog. (#175)

[6.7.0] - 2022-03-24

Added:

• The Relay Proxy will now forward application metadata information that is included in HTTP headers from any SDKs that have this feature, if the application configures such data.

[6.6.5] - 2022-03-17

Fixed:

• Updated Docker image to use Alpine 3.14.4. The previous Alpine version, 3.14.3, was reported to have security vulnerability CVE-2022-0778 in OpenSSL, although the Relay Proxy itself uses Go's implementation of TLS rather than OpenSSL.

[6.6.4] - 2022-02-07

Fixed:

• In auto-configuration mode, if the auto-configuration key is invalid, the Relay Proxy should exit with an error code just as it would for other kinds of invalid configuration properties, since there is no way for it to perform any useful functions without having environment information. (#165)

[6.6.3] - 2022-01-19

Changed:

• Updated the Docker image to use Go 1.17.6. The previous Go version, 1.16.10, was reported to have security vulnerabilities CVE-2021-29923 and CVE-2021-44716.

[6.6.2] - 2022-01-11

Changed:

• A security scan with Trivy is now included in every CI build, including both the compiled Relay Proxy executable and the Docker image.

Fixed:

• Updated dependency golang.org/x/text to v0.3.7 due to vulnerability GO-2021-0113.

[6.6.1] - 2022-01-06

Fixed:

• The Relay Proxy status resource could incorrectly report the overall status as "degraded" if a database was enabled, even if everything was working normally. This was due to incorrectly assuming that Big Segments data would be present, when the Big Segments feature was not being used. This has been fixed so that now if there are no Big Segments, the status resource does not include a bigSegmentStatus property and the overall status is calculated correctly.

[6.6.0] - 2022-01-05

Added:

• New configuration property clientSideBaseURI (environment variable CLIENT_SIDE_BASE_URI) for unusual cases where a custom domain is being used specifically for client-side SDK polling requests. This and other base URI options will never need to be set by most users.

Changed:

• If the base URI properties are not overridden with custom settings, the Relay Proxy now uses the hostnames sdk.launchdarkly.com and clientsdk.launchdarkly.com instead of app.launchdarkly.com when making requests to certain LaunchDarkly endpoints. This has no effect on the Relay Proxy's functionality, but allows LaunchDarkly's load-balancing behavior to work more efficiently.

[6.5.2] - 2021-11-19

Changed:

• Building the Relay Proxy from source code now requires Go 1.16 or higher.

Fixed:

• Queries for Big Segment data were failing if BaseURI had not been explicitly set in the configuration. This error would appear in the log as "BigSegmentSynchronizer: Synchronization failed ... unsupported protocol scheme".
• Updated dependencies to remove a transitive dependency on jwt-go. This had previously required a replace directive as a workaround (https://github.com/launchdarkly/ld-relay/issues/150), which is no longer necessary.
• Updated the golang.org/x/crypto package to a newer version that does not have the vulnerability CVE-2020-29652. Practically speaking this was not a vulnerability in the Relay Proxy, because the potential attack involved a feature of that package that the Relay Proxy does not use (SSH).