Google Git
Sign in
apache / apisix-website / c2816abb30ceac7f0096e0d1c23a7c1a9c7a5775^! / .
commitc2816abb30ceac7f0096e0d1c23a7c1a9c7a5775[log] [tgz]
authorTraky Deng <trakydeng@gmail.com>Tue Jul 25 17:59:31 2023 +0800
committerGitHub <noreply@github.com>Tue Jul 25 17:59:31 2023 +0800
tree3ede52272ea7f5d7e984d89e0295c9d27d742166
parentcf9746fb70f338f449b5487de0576243ff1e647d [diff]
blog: add release notes for 3.4.1 patch release (#1642)

Co-authored-by: Yilia <114121331+Yilialinn@users.noreply.github.com>
diff --git a/blog/en/blog/2023/07/21/release-apache-apisix-3.4.1.md b/blog/en/blog/2023/07/21/release-apache-apisix-3.4.1.md
new file mode 100644
index 0000000..d49251a
--- /dev/null
+++ b/blog/en/blog/2023/07/21/release-apache-apisix-3.4.1.md

@@ -0,0 +1,36 @@
+---
+title: "Release Apache APISIX 3.4.1"
+authors:
+  - name: "Guohao Wang"
+    title: "Author"
+    url: "https://github.com/Sn0rt"
+    image_url: "https://avatars.githubusercontent.com/u/2706161?v=4"
+  - name: "Traky Deng"
+    title: "Technical Writer"
+    url: "https://github.com/kayx23"
+    image_url: "https://avatars.githubusercontent.com/u/39619599?v=4"
+keywords:
+- Apache APISIX
+- API Gateway
+- API Management Platform
+- New Release
+- Cloud Native
+description: The Apache APISIX 3.4.0 version is released on July 21, 2023. This version fixes a security vulnerability in JWT.
+tags: [Community]
+---
+
+We are pleased to present Apache APISIX 3.4.1 with a security patch for JWT.
+
+<!--truncate-->
+
+## Fix
+
+### Upgrade `lua-resty-jwt` dependency version
+
+Upgrade `lua-resty-jwt` dependency version from `0.2.4` to `0.2.5` to mitigate the risk of authentication bypass in APISIX `jwt-auth` plugin.
+
+The issue is reported in [#9809](https://github.com/apache/apisix/issues/9809) and fixed in [PR #9837](https://github.com/apache/apisix/pull/9837).
+
+## Changelog
+
+Read the changelog of this release [here](https://github.com/apache/apisix/blob/release/3.4/CHANGELOG.md#341).

diff --git a/blog/zh/blog/2023/07/21/release-apache-apisix-3.4.1.md b/blog/zh/blog/2023/07/21/release-apache-apisix-3.4.1.md
new file mode 100644
index 0000000..0d002aa
--- /dev/null
+++ b/blog/zh/blog/2023/07/21/release-apache-apisix-3.4.1.md

@@ -0,0 +1,36 @@
+---
+title: "Apache APISIX 3.4.1 正式发布"
+authors:
+  - name: "Guohao Wang"
+    title: "Author"
+    url: "https://github.com/Sn0rt"
+    image_url: "https://avatars.githubusercontent.com/u/2706161?v=4"
+  - name: "Traky Deng"
+    title: "Technical Writer"
+    url: "https://github.com/kayx23"
+    image_url: "https://avatars.githubusercontent.com/u/39619599?v=4"
+keywords:
+- Apache APISIX
+- API Gateway
+- API Management Platform
+- New Release
+- Cloud Native
+description: Apache APISIX 3.4.0 版本于 2023 年 7 月 21 日发布。该版本修复了 JWT 中一个安全漏洞。
+tags: [Community]
+---
+
+我们很高兴地宣布 Apache APISIX 3.4.1 版本已经发布,其中包含了针对 JWT 的安全补丁。
+
+<!--truncate-->
+
+## 修复
+
+### 升级 `lua-resty-jwt` 依赖版本
+
+为了解决 APISIX `jwt-auth` 插件中身份验证绕过的安全风险,将 `lua-resty-jwt` 的依赖版本从 `0.2.4` 升级到 `0.2.5`。
+
+该问题在 [issue #9809](https://github.com/apache/apisix/issues/9809) 中进行了报告,并在 [PR #9837](https://github.com/apache/apisix/pull/9837) 中得到修复。
+
+## 更新日志
+
+完整的更新日志请参见[这里](https://github.com/apache/apisix/blob/release/3.4/CHANGELOG.md#341)。