Relay Proxy

[6.5.1] - 2021-11-16

Fixed:

• Updated the Go runtime version in the Docker image to 1.16.10. This addresses known security issues in earlier versions of Go as reported in the CVE database.
• Updated the Alpine version in the Docker image to 3.14.3. See Alpine 3.14.3 release notes regarding issues addressed in this release.
• Updated the dependency version of github.com/hashicorp/consul/api to v1.11.0. This was to address vulnerabilities that have been reported against earlier versions of Consul. We believe that those CVE reports are somewhat misleading since they refer to the Consul server, rather than the API library, but vulnerability scanners often conflate the two and the only known workaround is to update the API version (see https://github.com/hashicorp/consul/issues/10674).

[6.5.0] - 2021-10-11

Added:

• It is now possible to add custom values for the Access-Control-Allow-Headers header that the Relay Proxy returns for cross-origin requests from browser clients, using a new per-environment configuration option allowedHeader or $LD_ALLOWED_HEADER_EnvName. This might be necessary to avoid cross-origin requests being rejected if you have an Internet gateway that uses a custom header for authentication.

[6.4.5] - 2021-10-08

Fixed:

• The options for setting allowable CORS origins for browser requests (allowedOrigin/LD_ALLOWED_ORIGIN_envname, etc.) were being ignored.

[6.4.4] - 2021-10-05

Fixed:

• Updated Docker base image to Alpine 3.14.2, to fix openssl vulnerabilities CVE-2021-3711 and CVE-2021-3712.

[6.4.3] - 2021-09-22

Fixed:

• The Redis password and Redis TLS options, when set as separate configuration variables rather than as part of the Redis URL, did not work when using Redis for Big Segment data. This could also cause misleading log warnings even if Big Segments were not being used.
• When using Redis, if the Redis URL contains a password, the password is now replaced with xxxxx in log messages and in the Relay Proxy status resource.

[6.4.2] - 2021-08-24

Fixed:

• When using big segments, the Relay Proxy was not correctly notifying already-connected client-side SDKs (mobile or browser apps) to get updated flag values if there was a live update to a big segment.

[6.4.1] - 2021-07-29

Fixed:

• Updated a dependency to address a vulnerability (CVE-2020-26160) in a module used by the Prometheus metrics integration. (#150)
• Fixed a problem (introduced in v6.4.0) that was causing Relay Proxy to log error messages if Redis or DynamoDB was enabled and you were not using the new big segments feature.
• When using big segments, log messages related to the processing of big segment data were hard to interpret because they did not indicate which environment they were for. Now, they have an environment name or ID prefix like other Relay Proxy log messages that are environment-specific.

[6.4.0] - 2021-07-22

Added:

• The Relay Proxy now supports evaluation of Big Segments. An Early Access Program for creating and syncing Big Segments from customer data platforms is available to enterprise customers.

[6.3.1] - 2021-07-08

Fixed:

• The base OS image for the Docker image has been changed from alpine:3.12.0 to alpine:3.14.0, the latest stable version of Alpine. This fixes known vulnerabilities in Alpine 3.12.0 (here is one list of them). There are no changes to the Relay Proxy itself in this release.

[6.3.0] - 2021-06-17

Added:

• The internal SDK logic used in evaluating flags for client-side SDKs now supports the ability to control the proportion of traffic allocation to an experiment. This works in conjunction with a new platform feature now available to early access customers.

[6.2.2] - 2021-06-07

Changed:

• Updated the third-party packages that provide metrics integration for DataDog, Prometheus, and StackDriver to their latest releases. These are the latest versions of the OpenCensus integrations; the Relay Proxy is not yet using OpenTelemetry, the newer API that will replace OpenCensus. This update does not fix any known bugs or add any new metrics capabilities to the Relay Proxy; its purpose is to fix potential dependency conflicts in the build.

[6.2.1] - 2021-06-03

Fixed:

• Fixed a bug in JSON parsing that could cause floating-point numbers (in flag variation values, rule values, or user attributes) to be read incorrectly if the number format included an exponent and did not include a decimal point (for instance, 1e5). Since there are several equally valid number formats in JSON (so 1e5 is exactly equivalent to 100000), whether this bug showed up would depend on the format chosen by whatever software had most recently converted the number to JSON before it was re-read, which is hard to predict, but it would only be likely to happen with either integers that had more than four trailing zeroes or floating-point numbers with leading zeroes. This bug also existed in the LaunchDarkly Go SDK prior to version 5.3.1, so anyone who uses both the Relay Proxy and the Go SDK should update both.

[6.2.0] - 2021-05-07

Added:

• New configuration option InitTimeout, controlling how long the Relay Proxy will wait for its initial connection to LaunchDarkly; this was previously always 10 seconds.

[6.1.7] - 2021-04-30

Added:

• In the "Proxy mode" and "Daemon mode" documentation pages, there is now a description of how the Relay Proxy behaves if it can't connect to LaunchDarkly, or if there is an invalid SDK key.

Fixed:

• (This bug was previously thought to have been fixed in the 6.1.3 release, but it was not fixed then; it is now.) During startup, if a timeout occurs while waiting for data from LaunchDarkly, the Relay Proxy endpoints for that environment should accept requests even though the environment is not fully initialized yet, using any last known flag data that might be available (that is, in a database). That is consistent with the behavior of the server-side SDKs, and it was the behavior of the Relay Proxy prior to the 6.0 release but it had been accidentally changed so that the endpoints continued to return 503 errors in this case.

[6.1.6] - 2021-04-23

Fixed:

• In automatic configuration mode, if a new credential was created for an already-configured environment (for instance, by using "reset SDK key" on the LaunchDarkly dashboard), the Relay Proxy did not accept subsequent SDK requests using the new credential until the next time the Relay Proxy was started. The symptom was that the SDK endpoints would return a 404 status instead of 200 (even though unknown credentials normally receive a 401). Also, if an SDK key or mobile key had already been changed prior to starting the Relay Proxy, but the older key had not yet expired, the Relay Proxy was not recognizing the old key in requests. Both of these problems have been fixed.
• Fixed a broken link in the Metrics documentation page. (Thanks, natashanwright!)

[6.1.5] - 2021-02-04

Changed:

• Updated the AWS SDK version used for DynamoDB access to 1.37.2. Among other improvements as described in the AWS Go SDK release notes, this allows it to support IAM roles for service accounts. (#127)

[6.1.4] - 2021-01-21

Fixed:

• Incorporated the fix in version 5.1.3 of the LaunchDarkly Go SDK for feature flags that use semantic version operators. This affects client-side SDKs that connect to the Relay Proxy to evaluate flags.
• A bug was introduced in version 6.1.3 causing an Info-level log message got put: {DATA} to be logged upon making a stream connection to LaunchDarkly, where {DATA} was the JSON representation of all of the feature flag data received from LaunchDarkly. This has been removed.

[6.1.3] - 2021-01-21

Changed:

• The Relay Proxy now uses a more efficient JSON reading and writing mechanism instead of Go's encoding/json when it is reading feature flag data from LaunchDarkly, and when it is creating JSON responses for SDK endpoints. Both CPU usage and the number of memory allocations have been greatly decreased for these operations. How much of a performance improvement this represents in the real world for any given Relay Proxy instance will depend on how often these operations are being done, that is, how often there are flag updates from LaunchDarkly and/or requests from SDK clients.
• When proxying events from the PHP SDK, the Relay Proxy now supports a new type of event, "alias", which will be implemented in a future release of the PHP SDK.

Fixed:

• During startup, if a timeout occurs while waiting for data from LaunchDarkly, the Relay Proxy endpoints for that environment will stop returning 503 errors (as they do while waiting for initialization), and start accepting requests even though the environment is not fully initialized yet—in case there is any last-known data (that is, in a database) from an earlier successful startup. This is the standard behavior of the server-side SDKs, and it was the behavior of the Relay Proxy prior to the 6.0 release but had been accidentally changed.
• Corrected and clarified documentation pages "Metrics" and "Service endpoints".

[6.1.2] - 2020-12-04

Fixed:

• In a load-balanced configuration where multiple Relay Proxy instances were sharing a single database for their own persistent storage, but SDK clients were connecting to the Relay Proxy streaming endpoints via HTTP instead of reading from the database, it was possible for some of the Relay Proxy instances to fail to transmit a feature flag update from LaunchDarkly to the SDK clients (because they would see that another Relay Proxy instance had already updated the database, and would incorrectly assume that this meant clients already knew about it). This problem was introduced in version 6.0.0 and is fixed in this release.

[6.1.1] - 2020-12-04

Fixed:

• In automatic configuration mode, if an environment's SDK key was changed but the old key had not yet expired, the Relay Proxy did not accept client requests with the old key as it should have. (#112)
• In automatic configuration mode, if there was a delay in obtaining the initial configuration from LaunchDarkly (due to network latency or service latency), and the Relay Proxy received client requests with valid SDK keys during that interval, it would return 401 errors because it did not yet know about those SDK keys. This has been fixed so it will return a 503 status if it does not yet have a full configuration. (#113)
• In offline mode, the Relay Proxy could still try to send analytics events to LaunchDarkly if you explicitly set sendEvents = true. Now, it will never send events to LaunchDarkly in offline mode, but enabling sendEvents will still cause the Relay Proxy to accept events, so that if SDK clients try to send events they will not get errors; the events will be discarded.
• In offline mode, the Relay Proxy would still try to send internal usage metrics unless you explicitly set disableInternalUsageMetrics = true. Now, enabling offline mode automatically disables internal usage metrics.
• Added a note in documentation to clarify that the Relay Proxy does not currently support clustered Redis or Redis Sentinel.
• Fixed broken images in documentation.