Merge branch 'apache:master' into master

Author: bytelazy

.devcontainer/docker-compose.yml

@@ -25,7 +25,7 @@ services:
       - ..:/workspace:cached
     network_mode: service:etcd
   etcd:
-    image: bitnami/etcd:3.5
+    image: bitnamilegacy/etcd:3.5
     volumes:
       - etcd_data:/bitnami/etcd
     environment:

.github/workflows/doc-lint.yml

@@ -24,7 +24,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: 🚀 Use Node.js
-        uses: actions/setup-node@v4.0.2
+        uses: actions/setup-node@v4.4.0
         with:
           node-version: "12.x"
       - run: npm install -g [email protected]

.github/workflows/kubernetes-ci.yml

@@ -53,6 +53,8 @@ jobs:
 
           kubectl apply -f ./t/kubernetes/configs/endpoint.yaml
 
+          kubectl apply -f ./t/kubernetes/configs/endpointslices.yaml
+
           KUBERNETES_CLIENT_TOKEN_CONTENT=$(kubectl get secrets | grep apisix-test | awk '{system("kubectl get secret -o jsonpath={.data.token} "$1" | base64 --decode")}')
 
           KUBERNETES_CLIENT_TOKEN_DIR="/tmp/var/run/secrets/kubernetes.io/serviceaccount"

.github/workflows/link-check.yml

@@ -39,7 +39,7 @@ jobs:
           wget https://raw.githubusercontent.com/xuruidong/markdown-link-checker/main/link_checker.py
 
       - name: Setup python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
           python-version: '3.9'
 

.github/workflows/lint.yml

@@ -33,7 +33,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Nodejs env
-        uses: actions/setup-node@v4.0.2
+        uses: actions/setup-node@v4.4.0
         with:
           node-version: '12'
 

.github/workflows/source-install.yml

@@ -31,7 +31,7 @@ jobs:
           - redhat
     services:
       etcd:
-        image: bitnami/etcd:3.5.4
+        image: bitnamilegacy/etcd:3.5.4
         ports:
           - 2379:2379
           - 2380:2380

CHANGELOG.md

@@ -82,9 +82,13 @@ title: Changelog
 
 ## 3.13.0
 
-### Deprecation
+**The changes marked with :warning: are not backward compatible.**
+
+### Change
 
-- change: mark server-info plugin as deprecated [#12244](https://github.com/apache/apisix/pull/12244)
+- :warning: mark server-info plugin as deprecated [#12244](https://github.com/apache/apisix/pull/12244)
+- :warning: fill in the metadata of resource schema [#12224](https://github.com/apache/apisix/pull/12224).
+This PR sets additionalProperties to false for consumer credentials.
 
 ### Bugfixes
 
@@ -159,14 +163,21 @@ title: Changelog
 
 ## 3.12.0
 
+**The changes marked with :warning: are not backward compatible.**
+
 ### Change
 
-- replace plugin attribute with plugin metadata in `opentelemetry` plugin [#11940](https://github.com/apache/apisix/pull/11940)
-- refactor: ai-content-moderation to ai-aws-content-moderation [#11596](https://github.com/apache/apisix/pull/11596])
+- :warning: replace plugin attribute with plugin metadata in `opentelemetry` plugin [#11940](https://github.com/apache/apisix/pull/11940)
+- :warning: refactor: ai-content-moderation to ai-aws-content-moderation [#12010](https://github.com/apache/apisix/pull/12010)
 - add expiration time for all Prometheus metrics [#11838](https://github.com/apache/apisix/pull/11838)
 - allow workflow config without case [#11787](https://github.com/apache/apisix/pull/11787)
-- refactor: ai-content-moderation to ai-aws-content-moderation (#12010)
-- rectify business logic/code in ai-proxy [#12055](https://github.com/apache/apisix/pull/12055)
+- unify google-cloud-oauth.lua file [#11596](https://github.com/apache/apisix/pull/11596)
+- :warning: ai-proxy remove passthrough [#12014](https://github.com/apache/apisix/pull/12014)
+- :warning: remove model options' `stream` default value [#12013](https://github.com/apache/apisix/pull/12013)
+- :warning: grpc-web response contains two trailer chunks [#11988](https://github.com/apache/apisix/pull/11988).
+This PR returns `405 Method not allowed` instead of `400 Bad Request` when request HTTP method errors.
+- :warning: disallow empty key configuration attributes [#11852](https://github.com/apache/apisix/pull/11852)
+- :warning: set default value of ssl_trusted_certificate to system [#11993](https://github.com/apache/apisix/pull/11993)
 
 ### Bugfixes
 
@@ -230,10 +241,12 @@ title: Changelog
 
 ## 3.11.0
 
+**The changes marked with :warning: are not backward compatible.**
+
 ### Change
 
-- remove JWT signing endpoint and no longer require a private key to be uploaded in the jwt-auth plugin. [#11597](https://github.com/apache/apisix/pull/11597)
-- rewrite hmac-auth plugin for usability [#11581](https://github.com/apache/apisix/pull/11581)
+- :warning: remove JWT signing endpoint and no longer require a private key to be uploaded in the jwt-auth plugin. [#11597](https://github.com/apache/apisix/pull/11597)
+- :warning: rewrite hmac-auth plugin for usability [#11581](https://github.com/apache/apisix/pull/11581)
 
 ### Plugins
 
@@ -257,13 +270,20 @@ title: Changelog
 
 ## 3.10.0
 
+**The changes marked with :warning: are not backward compatible.**
+
 ### Change
 
-- remove `core.grpc` module [#11427](https://github.com/apache/apisix/pull/11427)
+- :warning: remove `core.grpc` module [#11427](https://github.com/apache/apisix/pull/11427)
 - add max req/resp body size attributes [#11133](https://github.com/apache/apisix/pull/11133)
-- autogenerate admin api key if not passed [#11080](https://github.com/apache/apisix/pull/11080)
-- enable sensitive fields encryption by default [#11076](https://github.com/apache/apisix/pull/11076)
+- :warning: autogenerate admin api key if not passed [#11080](https://github.com/apache/apisix/pull/11080)
+- :warning: enable sensitive fields encryption by default [#11076](https://github.com/apache/apisix/pull/11076)
 - support more sensitive fields for encryption [#11095](https://github.com/apache/apisix/pull/11095)
+- :warning: avoid overwriting `Access-Control-Expose-Headers` response header [#11136](https://github.com/apache/apisix/pull/11136)
+This change removes the default `*` value for `expose_headers` and only sets the header when explicitly configured.
+- :warning: add a default limit of 100 for `get_headers()` [#11140](https://github.com/apache/apisix/pull/11140)
+- :warning: core.request.header return strings instead of table [#11127](https://github.com/apache/apisix/pull/11127)
+This function now always returns strings, previously it returned tables when duplicate headers existed.
 
 ### Plugins
 
@@ -310,10 +330,12 @@ title: Changelog
 
 ## 3.9.0
 
+**The changes marked with :warning: are not backward compatible.**
+
 ### Change
 
-- change: use apisix.enable_http2 to enable HTTP/2 in APISIX (#11032)
-- change: unify the keyring and key_encrypt_salt fields (#10771)
+- :warning: use apisix.enable_http2 to enable HTTP/2 in APISIX [#11032](https://github.com/apache/apisix/pull/11032)
+- :warning: unify the keyring and key_encrypt_salt fields [#10771](https://github.com/apache/apisix/pull/10771)
 
 ### Core
 
@@ -404,6 +426,8 @@ title: Changelog
 
 ## 3.7.0
 
+**The changes marked with :warning: are not backward compatible.**
+
 ### Change
 
 - :warning: Creating core resources does not allow passing in `create_time` and `update_time`: [#10232](https://github.com/apache/apisix/pull/10232)
@@ -442,6 +466,8 @@ title: Changelog
 
 ## 3.6.0
 
+**The changes marked with :warning: are not backward compatible.**
+
 ### Change
 
 - :warning: Remove gRPC support between APISIX and etcd and remove `etcd.use_grpc` configuration option: [#10015](https://github.com/apache/apisix/pull/10015)
@@ -470,6 +496,8 @@ title: Changelog
 
 ## 3.5.0
 
+**The changes marked with :warning: are not backward compatible.**
+
 ### Change
 
 - :warning: remove snowflake algorithm in the request-id plugin: [#9715](https://github.com/apache/apisix/pull/9715)

apisix-master-0.rockspec

@@ -40,6 +40,7 @@ dependencies = {
     "lua-resty-balancer = 0.04",
     "lua-resty-ngxvar = 0.5.2",
     "lua-resty-jit-uuid = 0.0.7",
+    "lua-resty-ksuid = 1.0.1",
     "lua-resty-worker-events = 1.0.0",
     "lua-resty-healthcheck-api7 = 3.2.0",
     "api7-lua-resty-jwt = 0.2.5",
@@ -81,8 +82,10 @@ dependencies = {
     "lua-resty-t1k = 1.1.5",
     "brotli-ffi = 0.3-1",
     "lua-ffi-zlib = 0.6-0",
+    "jsonpath = 1.0-1",
     "api7-lua-resty-aws == 2.0.2-1",
     "multipart = 0.5.9-1",
+    "luautf8 = 0.1.6-1",
 }
 
 build = {

apisix/admin/consumers.lua

@@ -19,7 +19,8 @@ local plugins = require("apisix.admin.plugins")
 local resource = require("apisix.admin.resource")
 
 
-local function check_conf(username, conf, need_username, schema)
+local function check_conf(username, conf, need_username, schema, opts)
+    opts = opts or {}
     local ok, err = core.schema.check(schema, conf)
     if not ok then
         return nil, {error_msg = "invalid configuration: " .. err}
@@ -36,7 +37,7 @@ local function check_conf(username, conf, need_username, schema)
         end
     end
 
-    if conf.group_id then
+    if conf.group_id and not opts.skip_references_check then
         local key = "/consumer_groups/" .. conf.group_id
         local res, err = core.etcd.get(key)
         if not res then

apisix/admin/init.lua

@@ -465,7 +465,7 @@ local standalone_uri_route = {
     http_head_route,
     {
         paths = [[/apisix/admin/configs]],
-        methods = {"GET", "PUT"},
+        methods = {"GET", "PUT", "HEAD"},
         handler = standalone_run,
     },
 }