├── .gitignore
├── README.md
├── SECURITY.md
├── changelogs
    ├── api-management-service.md
    ├── media-api-management-service
    │   ├── 2020-12-backends.png
    │   ├── 2021-01-azure-portal-overview.png
    │   ├── 2021-07-azure-portal-power-platform.png
    │   └── 2021-10-azure-container-app-import.png
    └── self-hosted-gateway.md
├── media
    ├── apim-logo.png
    └── button.svg
└── open-source-policies
    ├── CODE_OF_CONDUCT.md
    ├── CONTRIBUTIONS.md
    ├── LEGAL.MD
    ├── LICENSE
    ├── LICENSE-CODE
    └── SECURITY.md


/.gitignore:
--------------------------------------------------------------------------------
  1 | ## Ignore Visual Studio temporary files, build results, and
  2 | ## files generated by popular Visual Studio add-ons.
  3 | ##
  4 | ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
  5 | 
  6 | # User-specific files
  7 | *.rsuser
  8 | *.suo
  9 | *.user
 10 | *.userosscache
 11 | *.sln.docstates
 12 | 
 13 | # User-specific files (MonoDevelop/Xamarin Studio)
 14 | *.userprefs
 15 | 
 16 | # Mono auto generated files
 17 | mono_crash.*
 18 | 
 19 | # Build results
 20 | [Dd]ebug/
 21 | [Dd]ebugPublic/
 22 | [Rr]elease/
 23 | [Rr]eleases/
 24 | x64/
 25 | x86/
 26 | [Aa][Rr][Mm]/
 27 | [Aa][Rr][Mm]64/
 28 | bld/
 29 | [Bb]in/
 30 | [Oo]bj/
 31 | [Ll]og/
 32 | [Ll]ogs/
 33 | 
 34 | # Visual Studio 2015/2017 cache/options directory
 35 | .vs/
 36 | # Uncomment if you have tasks that create the project's static files in wwwroot
 37 | #wwwroot/
 38 | 
 39 | # Visual Studio 2017 auto generated files
 40 | Generated\ Files/
 41 | 
 42 | # MSTest test Results
 43 | [Tt]est[Rr]esult*/
 44 | [Bb]uild[Ll]og.*
 45 | 
 46 | # NUnit
 47 | *.VisualState.xml
 48 | TestResult.xml
 49 | nunit-*.xml
 50 | 
 51 | # Build Results of an ATL Project
 52 | [Dd]ebugPS/
 53 | [Rr]eleasePS/
 54 | dlldata.c
 55 | 
 56 | # Benchmark Results
 57 | BenchmarkDotNet.Artifacts/
 58 | 
 59 | # .NET Core
 60 | project.lock.json
 61 | project.fragment.lock.json
 62 | artifacts/
 63 | 
 64 | # StyleCop
 65 | StyleCopReport.xml
 66 | 
 67 | # Files built by Visual Studio
 68 | *_i.c
 69 | *_p.c
 70 | *_h.h
 71 | *.ilk
 72 | *.meta
 73 | *.obj
 74 | *.iobj
 75 | *.pch
 76 | *.pdb
 77 | *.ipdb
 78 | *.pgc
 79 | *.pgd
 80 | *.rsp
 81 | *.sbr
 82 | *.tlb
 83 | *.tli
 84 | *.tlh
 85 | *.tmp
 86 | *.tmp_proj
 87 | *_wpftmp.csproj
 88 | *.log
 89 | *.vspscc
 90 | *.vssscc
 91 | .builds
 92 | *.pidb
 93 | *.svclog
 94 | *.scc
 95 | 
 96 | # Chutzpah Test files
 97 | _Chutzpah*
 98 | 
 99 | # Visual C++ cache files
100 | ipch/
101 | *.aps
102 | *.ncb
103 | *.opendb
104 | *.opensdf
105 | *.sdf
106 | *.cachefile
107 | *.VC.db
108 | *.VC.VC.opendb
109 | 
110 | # Visual Studio profiler
111 | *.psess
112 | *.vsp
113 | *.vspx
114 | *.sap
115 | 
116 | # Visual Studio Trace Files
117 | *.e2e
118 | 
119 | # TFS 2012 Local Workspace
120 | $tf/
121 | 
122 | # Guidance Automation Toolkit
123 | *.gpState
124 | 
125 | # ReSharper is a .NET coding add-in
126 | _ReSharper*/
127 | *.[Rr]e[Ss]harper
128 | *.DotSettings.user
129 | 
130 | # TeamCity is a build add-in
131 | _TeamCity*
132 | 
133 | # DotCover is a Code Coverage Tool
134 | *.dotCover
135 | 
136 | # AxoCover is a Code Coverage Tool
137 | .axoCover/*
138 | !.axoCover/settings.json
139 | 
140 | # Visual Studio code coverage results
141 | *.coverage
142 | *.coveragexml
143 | 
144 | # NCrunch
145 | _NCrunch_*
146 | .*crunch*.local.xml
147 | nCrunchTemp_*
148 | 
149 | # MightyMoose
150 | *.mm.*
151 | AutoTest.Net/
152 | 
153 | # Web workbench (sass)
154 | .sass-cache/
155 | 
156 | # Installshield output folder
157 | [Ee]xpress/
158 | 
159 | # DocProject is a documentation generator add-in
160 | DocProject/buildhelp/
161 | DocProject/Help/*.HxT
162 | DocProject/Help/*.HxC
163 | DocProject/Help/*.hhc
164 | DocProject/Help/*.hhk
165 | DocProject/Help/*.hhp
166 | DocProject/Help/Html2
167 | DocProject/Help/html
168 | 
169 | # Click-Once directory
170 | publish/
171 | 
172 | # Publish Web Output
173 | *.[Pp]ublish.xml
174 | *.azurePubxml
175 | # Note: Comment the next line if you want to checkin your web deploy settings,
176 | # but database connection strings (with potential passwords) will be unencrypted
177 | *.pubxml
178 | *.publishproj
179 | 
180 | # Microsoft Azure Web App publish settings. Comment the next line if you want to
181 | # checkin your Azure Web App publish settings, but sensitive information contained
182 | # in these scripts will be unencrypted
183 | PublishScripts/
184 | 
185 | # NuGet Packages
186 | *.nupkg
187 | # NuGet Symbol Packages
188 | *.snupkg
189 | # The packages folder can be ignored because of Package Restore
190 | **/[Pp]ackages/*
191 | # except build/, which is used as an MSBuild target.
192 | !**/[Pp]ackages/build/
193 | # Uncomment if necessary however generally it will be regenerated when needed
194 | #!**/[Pp]ackages/repositories.config
195 | # NuGet v3's project.json files produces more ignorable files
196 | *.nuget.props
197 | *.nuget.targets
198 | 
199 | # Microsoft Azure Build Output
200 | csx/
201 | *.build.csdef
202 | 
203 | # Microsoft Azure Emulator
204 | ecf/
205 | rcf/
206 | 
207 | # Windows Store app package directories and files
208 | AppPackages/
209 | BundleArtifacts/
210 | Package.StoreAssociation.xml
211 | _pkginfo.txt
212 | *.appx
213 | *.appxbundle
214 | *.appxupload
215 | 
216 | # Visual Studio cache files
217 | # files ending in .cache can be ignored
218 | *.[Cc]ache
219 | # but keep track of directories ending in .cache
220 | !?*.[Cc]ache/
221 | 
222 | # Others
223 | ClientBin/
224 | ~$*
225 | *~
226 | *.dbmdl
227 | *.dbproj.schemaview
228 | *.jfm
229 | *.pfx
230 | *.publishsettings
231 | orleans.codegen.cs
232 | 
233 | # Including strong name files can present a security risk
234 | # (https://github.com/github/gitignore/pull/2483#issue-259490424)
235 | #*.snk
236 | 
237 | # Since there are multiple workflows, uncomment next line to ignore bower_components
238 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
239 | #bower_components/
240 | 
241 | # RIA/Silverlight projects
242 | Generated_Code/
243 | 
244 | # Backup & report files from converting an old project file
245 | # to a newer Visual Studio version. Backup files are not needed,
246 | # because we have git ;-)
247 | _UpgradeReport_Files/
248 | Backup*/
249 | UpgradeLog*.XML
250 | UpgradeLog*.htm
251 | ServiceFabricBackup/
252 | *.rptproj.bak
253 | 
254 | # SQL Server files
255 | *.mdf
256 | *.ldf
257 | *.ndf
258 | 
259 | # Business Intelligence projects
260 | *.rdl.data
261 | *.bim.layout
262 | *.bim_*.settings
263 | *.rptproj.rsuser
264 | *- [Bb]ackup.rdl
265 | *- [Bb]ackup ([0-9]).rdl
266 | *- [Bb]ackup ([0-9][0-9]).rdl
267 | 
268 | # Microsoft Fakes
269 | FakesAssemblies/
270 | 
271 | # GhostDoc plugin setting file
272 | *.GhostDoc.xml
273 | 
274 | # Node.js Tools for Visual Studio
275 | .ntvs_analysis.dat
276 | node_modules/
277 | 
278 | # Visual Studio 6 build log
279 | *.plg
280 | 
281 | # Visual Studio 6 workspace options file
282 | *.opt
283 | 
284 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
285 | *.vbw
286 | 
287 | # Visual Studio LightSwitch build output
288 | **/*.HTMLClient/GeneratedArtifacts
289 | **/*.DesktopClient/GeneratedArtifacts
290 | **/*.DesktopClient/ModelManifest.xml
291 | **/*.Server/GeneratedArtifacts
292 | **/*.Server/ModelManifest.xml
293 | _Pvt_Extensions
294 | 
295 | # Paket dependency manager
296 | .paket/paket.exe
297 | paket-files/
298 | 
299 | # FAKE - F# Make
300 | .fake/
301 | 
302 | # CodeRush personal settings
303 | .cr/personal
304 | 
305 | # Python Tools for Visual Studio (PTVS)
306 | __pycache__/
307 | *.pyc
308 | 
309 | # Cake - Uncomment if you are using it
310 | # tools/**
311 | # !tools/packages.config
312 | 
313 | # Tabs Studio
314 | *.tss
315 | 
316 | # Telerik's JustMock configuration file
317 | *.jmconfig
318 | 
319 | # BizTalk build output
320 | *.btp.cs
321 | *.btm.cs
322 | *.odx.cs
323 | *.xsd.cs
324 | 
325 | # OpenCover UI analysis results
326 | OpenCover/
327 | 
328 | # Azure Stream Analytics local run output
329 | ASALocalRun/
330 | 
331 | # MSBuild Binary and Structured Log
332 | *.binlog
333 | 
334 | # NVidia Nsight GPU debugger configuration file
335 | *.nvuser
336 | 
337 | # MFractors (Xamarin productivity tool) working folder
338 | .mfractor/
339 | 
340 | # Local History for Visual Studio
341 | .localhistory/
342 | 
343 | # BeatPulse healthcheck temp database
344 | healthchecksdb
345 | 
346 | # Backup folder for Package Reference Convert tool in Visual Studio 2017
347 | MigrationBackup/
348 | 
349 | # Ionide (cross platform F# VS Code tools) working folder
350 | .ionide/
351 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | <img src="./media/apim-logo.png" alt="Azure API Management" width="96" style="margin-bottom: 40px;"> 
 2 | 
 3 | # Azure API Management 
 4 | 
 5 | This repository is used for publishing [Azure API Management release notes](https://github.com/Azure/API-Management/releases). Developer portal release notes are published in [the developer portal repository](https://aka.ms/apimdevportal/releases).
 6 | 
 7 | [![Browse release notes](./media/button.svg)](https://github.com/Azure/API-Management/releases)
 8 | 
 9 | ## Related resources
10 | 
11 | Explore other resources about Azure API Management:
12 | 
13 | - [Blog posts](https://aka.ms/apim/blogs)
14 | - [Product overview](https://aka.ms/apimrocks)
15 | - [Pricing](https://aka.ms/apimpricing)
16 | - [Documentation](https://aka.ms/apimdocs)
17 | 
18 | ## Related repositories
19 | 
20 | Explore other Azure API Management repositories:
21 | 
22 | - [Developer portal](https://aka.ms/apimdevportal)
23 | - [Self-hosted API gateway resources](https://aka.ms/apim/shgw/repo)
24 | - [Policy snippets and examples](https://aka.ms/apimpolicyexamples)
25 | 


--------------------------------------------------------------------------------
/SECURITY.md:
--------------------------------------------------------------------------------
 1 | <!-- BEGIN MICROSOFT SECURITY.MD V0.0.7 BLOCK -->
 2 | 
 3 | ## Security
 4 | 
 5 | Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/).
 6 | 
 7 | If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://aka.ms/opensource/security/definition), please report it to us as described below.
 8 | 
 9 | ## Reporting Security Issues
10 | 
11 | **Please do not report security vulnerabilities through public GitHub issues.**
12 | 
13 | Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://aka.ms/opensource/security/create-report).
14 | 
15 | If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com).  If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://aka.ms/opensource/security/pgpkey).
16 | 
17 | You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://aka.ms/opensource/security/msrc). 
18 | 
19 | Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
20 | 
21 |   * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
22 |   * Full paths of source file(s) related to the manifestation of the issue
23 |   * The location of the affected source code (tag/branch/commit or direct URL)
24 |   * Any special configuration required to reproduce the issue
25 |   * Step-by-step instructions to reproduce the issue
26 |   * Proof-of-concept or exploit code (if possible)
27 |   * Impact of the issue, including how an attacker might exploit the issue
28 | 
29 | This information will help us triage your report more quickly.
30 | 
31 | If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://aka.ms/opensource/security/bounty) page for more details about our active programs.
32 | 
33 | ## Preferred Languages
34 | 
35 | We prefer all communications to be in English.
36 | 
37 | ## Policy
38 | 
39 | Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://aka.ms/opensource/security/cvd).
40 | 
41 | <!-- END MICROSOFT SECURITY.MD BLOCK -->
42 | 


--------------------------------------------------------------------------------
/changelogs/api-management-service.md:
--------------------------------------------------------------------------------
  1 | # Azure API Management service changelog
  2 | 
  3 | ## Release - API Management service: May, 2025
  4 | 
  5 | ### New Features and Improvements
  6 | 
  7 | #### Workspaces
  8 | - Workspaces are now supported in **Norway East** and **West Europe**. See the [documentation](https://learn.microsoft.com/en-us/azure/api-management/api-management-region-availability#supported-regions-for-v2-tiers-and-workspace-gateways) for details and instructions for accessing workspaces in West Europe.
  9 | - You can now [associate multiple workspaces](https://techcommunity.microsoft.com/blog/integrationsonazureblog/announcing-general-availability-of-shared-workspace-gateways-in-azure-api-manage/4292221) with a single workspace gateway.
 10 | 
 11 | #### Gateway & Traffic Management
 12 | - **Quota-by-key policy** is now available in v2 service tiers, enabling more flexible and fine-grained rate limiting. [More info](https://learn.microsoft.com/en-us/azure/api-management/quota-by-key-policy).
 13 | - **Circuit breaker configuration** in backends now supports an optional `failureResponse` property, allowing you to define fallback HTTP status codes (100–599). [More info](https://learn.microsoft.com/en-us/azure/api-management/backends).
 14 | - **Data-plane events** in Azure Event Grid (Public Preview) are now enabled by default in the gateway, allowing for richer event notifications and diagnostics.
 15 | - You can now **configure the same URL suffix** for both HTTP REST and WebSocket APIs, simplifying endpoint design.
 16 | 
 17 | #### Platform & Portal Enhancements
 18 | - **Authoring API Management policies with Microsoft Copilot** in Azure is now **Generally Available**.
 19 | - The **Network Status** page in the Azure Portal now displays new monitoring endpoints for **national cloud regions**, improving visibility into service health and diagnostics. [More info](https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/metrics-store-custom-rest-api).
 20 | 
 21 | #### LLM & Semantic Caching
 22 | - **Launched enhanced logging** for large language model (LLM) scenarios, including new fields — `resourceId`, `workspaceId`, and `region` — for improved traceability. Log timestamps are now emitted in **date-time format** instead of long integers, aligning with standard observability practices.
 23 | - **Semantic caching** has been updated to support **GPT-4o** prompts that include multiple content types and now correctly identifies `max-message-count` of the most recent messages.
 24 | 
 25 | #### Observability Enhancements
 26 | - The [emit-metric](https://learn.microsoft.com/en-us/azure/api-management/emit-metric-policy), [azure-openai-emit-token-metric](https://learn.microsoft.com/en-us/azure/api-management/azure-openai-emit-token-metric-policy)  , and [llm-emit-token-metric](https://learn.microsoft.com/en-us/azure/api-management/llm-emit-token-metric-policy) policies now treat **dimension keys as case-insensitive**, ensuring consistent metric grouping and reducing casing-related issues.  
 27 | - **Backend pool failures** now include a `Retry-After` header to support client-side resiliency strategies.
 28 | - **Self-hosted gateway** now emits additional debug logs, including snapshot decompression, manglers, and listeners to assist with diagnostics. [More info](https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-log-event-hubs).
 29 | 
 30 | ---
 31 | 
 32 | ### ⚠️ Change
 33 | - You may need to **associate a workspace with a workspace gateway** before managing resources in that workspace. [More info](https://learn.microsoft.com/en-us/azure/api-management/breaking-changes/workspaces-breaking-changes-march-2025)
 34 | 
 35 | ---
 36 | 
 37 | ### Bug Fixes
 38 | 
 39 | #### Gateway & Traffic Management
 40 | - Fixed a bug where **VNet-integrated Standard v2 services** required blob storage access to be unblocked via NSG for management operations.
 41 | - Fixed delivery issues in **log-to-eventhub policy** in Basic v2 and Standard v2 SKUs.
 42 | - Fixed inaccurate detection and counting of **backend connectivity errors** in the Circuit Breaker policy.
 43 | - Fixed **bandwidth calculation** in quota-by-key policy on self-hosted gateway to include transferred bytes.
 44 | 
 45 | #### Telemetry and Monitoring
 46 | - Fixed a bug where `backendTime` reported in **Azure Monitor and Application Insights** was higher than expected.
 47 | - Resolved startup and connection failures in **self-hosted gateway** when telemetry or feature-flagged endpoints were not fully rolled out.
 48 | - Fixed **missing WebSocket Azure Monitor logs** due to lowercase resource IDs.
 49 | 
 50 | #### OpenAPI Specification Handling
 51 | - Resolved an issue where OpenAPI definition did not include a **response description**. If omitted, it is now auto-filled as an empty string.
 52 | - OpenAPI **'format' properties** are now preserved correctly during import (previously could appear in the description).
 53 | - **Required formData fields** are now properly enforced.
 54 | 
 55 | #### Workspace & Product Configuration
 56 | - Fixed an issue preventing **workspace deletion** after failed gateway activation.
 57 | - **Deleting an API Management service** now requires removal of all associated workspace gateways.
 58 | - When a product is configured to limit subscriptions, the **limit must now be greater than zero**.
 59 | 
 60 | #### Other Reliability Improvements
 61 | - Improved reliability of the **llm-content-safety policy** and added support for multiple blocklists and categories.
 62 | - Import of API specifications from a **localhost address** is no longer supported.
 63 | - Improved formatting of **error responses** for management API requests that fail due to **minimum API version enforcement**.
 64 | 
 65 | ### Developer Portal
 66 | - [2.33.0](https://github.com/Azure/api-management-developer-portal/releases)
 67 | 
 68 | ### Self-hosted Gateway
 69 | - **Container Image**: [2.8.1](https://github.com/Azure/api-management-self-hosted-gateway/releases)
 70 | - **Helm Chart**: [1.12.1](https://github.com/Azure/api-management-self-hosted-gateway/releases)
 71 | 
 72 | 
 73 | ## Release - API Management service: January, 2025
 74 | 
 75 | This release will be deployed gradually in phases and batches, [following the safe deployment practices framework](https://learn.microsoft.com/en-us/azure/api-management/validate-service-updates). The rollout will span several weeks across all Azure regions, so your services may not have the new features and fixes until the deployment is complete.
 76 | 
 77 | ### Featured content
 78 | 
 79 | - Discover the latest announcements and demos in [our Microsoft Ignite session "Effective API governance in the era of AI with Azure API Management"](https://aka.ms/apim/ignite/2024).
 80 | - Watch the recording of [our YouTube live stream in December](https://aka.ms/apim/live/2024-12), featuring deep-dives into recent features and industry developments.
 81 | 
 82 | ### New features and improvements
 83 | 
 84 | - [Azure OpenAI token limit policy](https://learn.microsoft.com/azure/api-management/azure-openai-token-limit-policy) now fully supports prompts that include images.
 85 | - [Azure OpenAI token limit policy](https://learn.microsoft.com/azure/api-management/azure-openai-token-limit-policy) and [LLM token limit](https://learn.microsoft.com/azure/api-management/llm-token-limit-policy) policies can now also enforce overall token quota.
 86 | - [Backend identifier](https://learn.microsoft.com/azure/api-management/backends) can now be used as a dimension in any of the emit metric policies.
 87 | - [Workspaces](https://learn.microsoft.com/azure/api-management/workspaces-overview) are now available in the Germany West Central region.
 88 | - Synthetic GraphQL requests, especially those with large schemas or multiple complex resolvers, perform much faster now.
 89 | 
 90 | ### Bug fixes
 91 | 
 92 | - Requests to an API in an [open product](https://learn.microsoft.com/azure/api-management/api-management-howto-add-products?tabs=azure-portal&pivots=interactive#access-to-product-apis) and containing a subscription key for a different product are not being rejected anymore.
 93 | - [Validate content policy](https://learn.microsoft.com/azure/api-management/validate-content-policy) now works correctly with nullable properties in JSON payloads, including those defined by the `oneOf`, `anyOf`, and `allOf` schema constructs.
 94 | - [Redirect content URLs policy](https://learn.microsoft.com/azure/api-management/redirect-content-urls-policy) doesn't add redundant slashes to the output URLs like it used to in some cases.
 95 | - [Validate Entra ID token policy](https://learn.microsoft.com/azure/api-management/validate-azure-ad-token-policy) now correctly puts decrypted token into the context variable specified in the `output-token-variable-name` attribute.
 96 | - [Rate limit by key policy](https://learn.microsoft.com/en-us/azure/api-management/rate-limit-by-key-policy) now returns correct value in the `Retry-After` header in all cases.
 97 | - Array fields are now returned when included in Synthetic GraphQL subscriptions.
 98 | - You can now successfully add a workspace to a service configured with a custom hostname.
 99 | 
100 | ### Self-hosted developer portal releases
101 | 
102 | - [2.30.0](https://github.com/Azure/api-management-developer-portal/releases/tag/2.30.0)
103 | 
104 | ### Self-hosted gateway container image releases
105 | 
106 | - None
107 | 
108 | ### Self-hosted gateway Helm chart releases
109 | 
110 | - None
111 | 
112 | ## Release - API Management service: August, 2024
113 | 
114 | ### Announcements
115 | 
116 | - Workspaces are now generally available. [Learn how to empower API teams and federate the management of APIs with workspaces](https://aka.ms/apim/workspaces/ga-announcement).
117 | - [GenAI gateway capabilities are now expanded to support a wider range of large language models through Azure AI Model Inference API](https://aka.ms/apim/genai/llm-policies).
118 | - [Developer portal audit logging is now generally available](http://aka.ms/AzureAPIMDeveloperPortalLogs).
119 | - [WordPress plugin to build customized developer portals is now in preview](https://aka.ms/apim-wordpressblog).
120 | - You can watch [the recording of our July live stream on YouTube](https://aka.ms/apim/standups/2024-07). We'll be hosting another live stream in September—stay tuned to [our blog](https://aka.ms/apim/blogs) for the upcoming announcement.
121 | 
122 | ### Changes
123 | 
124 | * ~If an API does not require subscription authentication, any API request that includes a subscription key will now be treated the same as a request without a subscription key. Previously, if a request included a subscription key associated with a different API or product, API Management would return a `401 Unauthorized` response. This change improves the security of your APIs by preventing the accidental exposure of subscription keys linked to other products.~ Update Sep 3, 2024: This change will be rolled out with another release.
125 | * As part of the general availability of workspaces, we are discontinuing support for preview workspaces in API Management. You can learn more about these changes [in the last section of the workspaces general availability announcement](https://aka.ms/apim/workspaces/ga-announcement) and [in this documentation article](https://aka.ms/apimdocs/workspaces/changes-ga).
126 | 
127 | ### New features
128 | 
129 | * We added support for serializing a single child XML element into a JSON array using [the `XML-to-JSON` policy](https://learn.microsoft.com/azure/api-management/xml-to-json-policy).
130 | * We added support for case-insensitive property names comparison with the optional `case-insensitive-property-names` attribute in [the `validate-content` policy](https://learn.microsoft.com/azure/api-management/validate-content-policy). The default value is `false`.
131 | * We added support for the `2024-02-01` and `2024-06-01` [Azure OpenAI API versions]( https://learn.microsoft.com/azure/ai-services/openai/reference#data-plane-inference) in the [`azure-openai-token-limit`](https://learn.microsoft.com/azure/api-management/azure-openai-token-limit-policy) and [`azure-openai-emit-token-metric`](https://learn.microsoft.com/azure/api-management/azure-openai-emit-token-metric-policy) policies.
132 | * We added support for integer and integer arrays as output of [Azure OpenAI embeddings calls](https://github.com/Azure/azure-rest-api-specs/blob/main/specification/cognitiveservices/data-plane/AzureOpenAI/inference/stable/2024-06-01/inference.yaml) in the [`azure-openai-token-limit`](https://learn.microsoft.com/azure/api-management/azure-openai-token-limit-policy) and [`azure-openai-emit-token-metric`](https://learn.microsoft.com/azure/api-management/azure-openai-emit-token-metric-policy) policies.
133 | * We added support for managed identity authentication for newly created backends.
134 | * We added support for the ES256 token signing algorithm in [the `validate-jwt` policy](https://learn.microsoft.com/azure/api-management/validate-jwt-policy).
135 | 
136 | ### Fixes and improvements
137 | 
138 | * We fixed an issue with [the `retry` policy](https://learn.microsoft.com/azure/api-management/retry-policy) not working correctly with [load balancer backends](https://learn.microsoft.com/azure/api-management/backends?tabs=bicep#load-balanced-pool).
139 | * We fixed a bug with [the backend reconnect action](https://learn.microsoft.com/rest/api/apimanagement/backend/reconnect?view=rest-apimanagement-2022-08-01&tabs=HTTP) not working properly.
140 | * We fixed a bug with the decrypted token not being included in a context variable when using the [`validate-azure-ad-token` policy](https://learn.microsoft.com/azure/api-management/validate-azure-ad-token-policy).
141 | * We made the `certificate-id` attribute of the `decryption-keys` element in [the `validate-azure-ad-token` policy](https://learn.microsoft.com/azure/api-management/validate-azure-ad-token-policy) optional.
142 | * We fixed a bug that caused refresh failures for certificates in a key vault referenced within a policy fragment.
143 | * We optimized the performance of deleting users. Previously, the operation could time out if there were thousands or more users in the API Management service.
144 | * We fixed a bug that caused an incorrect date-time format to be returned when testing GraphQL resolvers.
145 | * We removed internal runtime exception details from GraphQL resolver error messages.
146 | * The developer portal `delegationUrl` setting now defaults to `null`. Previously, it defaulted to an empty string, causing payload validation errors on `PUT` calls to the management API.
147 | 
148 | ### Self-hosted developer portal releases
149 | 
150 | - [2.29.0](https://github.com/Azure/api-management-developer-portal/releases/tag/2.29.0)
151 | 
152 | ### Self-hosted gateway container image releases
153 | 
154 | - [2.7.1](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/Container-v2.7.1)
155 | - [2.7.0](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/Container-v2.7.0)
156 | 
157 | ### Self-hosted gateway Helm chart releases
158 | 
159 | - [1.11.0](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/v1.11.0)
160 | 
161 | ## Release - API Management service: June, 2024
162 | 
163 | ### New features, improvements, and changes
164 | 
165 | - HTTP/2 connections are now drained and gracefully terminated before node restarts
166 | - We added support for decryption keys to the [`validate-azure-ad-token`](https://learn.microsoft.com/azure/api-management/validate-azure-ad-token-policy) policy
167 | - [`azure-openai-semantic-cache-lookup`](https://learn.microsoft.com/azure/api-management/azure-openai-semantic-cache-lookup-policy) and [`azure-openai-semantic-cache-store`](https://learn.microsoft.com/azure/api-management/azure-openai-semantic-cache-store-policy) policies now work in both V2 and Classic tiers.
168 | - We've improved prompt token estimation accuracy for GPT-4 models in the [`azure-openai-token-limit `](https://learn.microsoft.com/azure/api-management/azure-openai-token-limit-policy) policy
169 | - We've made [request tracing](https://learn.microsoft.com/azure/api-management/api-management-howto-api-inspector) more secure and it's now available in both Classic and V2 tiers
170 | - Now customers can use Azure portal to [migrate](https://learn.microsoft.com/azure/api-management/migrate-stv1-to-stv2-vnet?#trigger-migration-of-a-network-injected-api-management-instance) their VNet-injected stv1 service instances to stv2
171 | 
172 | ### Fixes
173 | 
174 | - We fixed an issue which caused GraphQL resolver runtime errors when primitive type fileds had null value
175 | - We fixed a bug and stopped the fields of type array-of-objects from causing GraphQL resolver runtime errors
176 | - Expressions now work as expected for in the `<audience/>` elements in the [`validate-jwt`](https://learn.microsoft.com/azure/api-management/validate-jwt-policy) policy
177 | - We fixed a bug causing XML elements within Liquid templates in policy documents to be needlessly decoded
178 | - URL properties in the [Backend](https://learn.microsoft.com/rest/api/apimanagement/backend/create-or-update) entity no longer accept URLs containing query parameters. We've made the change to fix a bug. Please use [`set-query-parameter`](https://learn.microsoft.com/azure/api-management/set-query-parameter-policy) policy and [`backend.credentials.query`](https://learn.microsoft.com/rest/api/apimanagement/backend/create-or-update#backendcredentialscontract) to set query parameters
179 | - We fixed an issue preventing [backend load balancing feature](https://learn.microsoft.com/azure/api-management/backends?tabs=bicep#load-balanced-pool) from working properly with [`retry`](https://learn.microsoft.com/azure/api-management/retry-policy) policy
180 | 
181 | ### Self-hosted gateway container image releases
182 | 
183 | - [2.6.0](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/Container-v2.6.0)
184 | 
185 | ### Self-hosted gateway Helm chart releases
186 | 
187 | - [1.10.0](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/v1.10.0)
188 | 
189 | ## Release - API Management service: May, 2024
190 | 
191 | ### New features, improvements, and changes
192 | 
193 | - We added support for [Interface](https://spec.graphql.org/October2021/#sec-Interfaces) type to [GraphQL resolvers](https://learn.microsoft.com/azure/api-management/http-data-source-policy#resolver-for-a-graqhql-query-that-returns-a-list-using-a-liquid-template).
194 | - Customer-managed public IP is no longer required when [deploying a service instance into a virtual network](https://learn.microsoft.com/en-us/azure/api-management/api-management-using-with-internal-vnet?tabs=stv2). Changing the subnet will remove public IP from a previously deployed service instance.
195 | 
196 | ### Fixes
197 | 
198 | - We now correctly import schemas from OpenAPI 3.1 specifications.
199 | - API imports will no longer fail because of OData specification warnings. However, errors will still cause import failures.
200 | - Liquid template and policy expressions with XML special characters, such as "<" or ">", no longer result in runtime failures.
201 | 
202 | 
203 | ### Self-hosted developer portal releases
204 | 
205 | - [2.27.0](https://github.com/Azure/api-management-developer-portal/releases/tag/2.27.0)
206 | 
207 | ### Self-hosted gateway container image releases
208 | 
209 | - No new releases
210 | 
211 | ### Self-hosted gateway Helm chart releases
212 | 
213 | - No new releases
214 | 
215 | ## Release - API Management service: March 2024
216 | 
217 | ###  ‼️ Breaking changes ‼️
218 | 
219 | - On June 14, 2024, we’re introducing [breaking changes](https://learn.microsoft.com/azure/api-management/breaking-changes/workspaces-breaking-changes-june-2024) to the Workspaces feature. You may have to take action to continue using workspaces beyond June 14, 2024.
220 | 
221 | ### New features, improvements, and changes
222 | 
223 | - We’ve introduced several new features and improvements to workspaces:
224 |     - You can now create and manage certificates, backends, diagnostics, and loggers inside a workspace with the `2023-09-01-preview` management API version.Azure portal interface will be released soon.
225 |     - You can now use `context.Workspace` in policy expressions.
226 |     - "default-workspace" is now a reserved workspace resource name.
227 | - We now preserve the `format` and `schema` properties of the form-data parameters when importing OpenAPI APIs.
228 | - HTTP version information will now be included in the [request trace](https://learn.microsoft.com/azure/api-management/api-management-howto-api-inspector).
229 | - We’ve added support for HS512 and RS512 algorithms in the [`validate-jwt`](https://learn.microsoft.com/azure/api-management/validate-jwt-policy#usage-notes) policy.
230 | - `client-application-ids` element is now optional in [`validate-azure-ad-token`](https://learn.microsoft.com/azure/api-management/validate-azure-ad-token-policy) policy.
231 | - We've made a couple improvements to the GraphQL support:
232 |     - We've added support for [Union Type](https://spec.graphql.org/October2021/#sec-Unions) in GraphQL [resolvers](https://learn.microsoft.com/azure/api-management/http-data-source-policy#resolver-for-a-graqhql-query-that-returns-a-list-using-a-liquid-template)
233 |     - Arrays can now be used within the [`set-body`](https://learn.microsoft.com/azure/api-management/set-body-policy) policy to project the [data obtained by a resolver](https://learn.microsoft.com/azure/api-management/http-data-source-policy) onto the list of primitive data types specified in the GraphQL schema
234 | - An [Azure Advisor](https://learn.microsoft.com/azure/advisor/advisor-overview) notification will be sent to customers when they inadvertantly delete the [FQDN](https://learn.microsoft.com/azure/virtual-network/ip-services/public-ip-addresses#dns-name-label) property from the public IP resource assigned to API Management.
235 | - We've made several improvements to the [VNet integration](https://learn.microsoft.com/azure/api-management/integrate-vnet-outbound) in the Standard v2 tier:
236 |     - We will now detect if the prerequisites for VNet integration are not being met - i.e., [subnet delegation and service association link](https://learn.microsoft.com/azure/api-management/integrate-vnet-outbound#prerequisites), and fail the deployment faster.
237 |     - All traffic from the VNet-integrated Standard v2 service instances to the Internet will be now routed via the integrated VNet.
238 |     - The outbound IP will now be populated and shows its respective value.
239 | 
240 | ### Fixes
241 | 
242 | - We’ve resolved the issue where Azure API Management would incorrectly log requests that were rejected due to public network access is disabled. This fix ensures that logs and metrics in Azure Monitor now exclude these rejected requests when API Management is [set up with a private endpoint](https://learn.microsoft.com/azure/api-management/private-endpoint).
243 | - An attempt to create diagnostics in a workspace that doesn't exist will now return a `404 Not Found` error. Previously, API Management returned a `500 Internal Server Error` response.
244 | - Workspace users can no longer override diagnostics settings defined for all APIs on the service level.
245 | - Exporting APIs with empty or whitespace-only examples no longer produces an error.
246 | - Optional string query parameters are no longer added to the API operation's URL template.
247 | -`$DevPortalUrl` variable in the developer welcome email template now returns a new developer portal URL. Previously, it returned a legacy developer portal URL.
248 | - The [`authenticate-certificate`](https://learn.microsoft.com/azure/api-management/authentication-certificate-policy) policy now performs a case-insensitive certificate ID validation. Previously, request processing would fail when the casing between the certificate ID in the policy and in the request didn’t match.
249 | - We've fixed an issue preventing recovery of the [soft-deleted](https://learn.microsoft.com/azure/api-management/soft-delete#recover-a-soft-deleted-instance) Basic v2 and Standard v2 service instances.
250 | 
251 | ### Self-hosted developer portal releases
252 | 
253 | - [2.26.0](https://github.com/Azure/api-management-developer-portal/releases/tag/2.26.0)
254 | 
255 | ### Self-hosted gateway container image releases
256 | 
257 | - [2.5.0](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/Container-v2.5.0)
258 | 
259 | ### Self-hosted gateway Helm chart releases
260 | 
261 | - [1.9.0](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/v1.9.0)
262 | 
263 | ## Release - API Management service: February 2024
264 | 
265 | ### New features, improvements, and changes
266 | 
267 | - [TLS 1.3 and related cipher suites are now supported](https://techcommunity.microsoft.com/t5/azure-integration-services-blog/announcing-the-availability-of-tls-1-3-in-azure-api-management/ba-p/4047586).
268 | - The `validate-jwt` [policy](https://learn.microsoft.com/azure/api-management/validate-jwt-policy) now works with tokens signed PS256 signature algorithm.
269 | - We raised the content size limit in the `validate-content` [policy](https://learn.microsoft.com/azure/api-management/validate-content-policy) to 4MB.
270 | - A current API revision can now be addressed using a [revision-specific URL](https://learn.microsoft.com/azure/api-management/api-management-revisions#accessing-specific-revisions) in addition to the API's base URL.
271 | 
272 | ### Fixes
273 | 
274 | - Self-hosted gateway using [EntraID authentication](https://learn.microsoft.com/azure/api-management/self-hosted-gateway-enable-azure-ad) to connect to the associated Azure API Management service instance are now showing heartbeats in the Azure Portal.
275 | - We fixed the issue preventing “Scheduled Maintenance” events from being shown in the Activity log.
276 | - The `set-body` policies contained within GraphQL resolver policies (see [example](https://learn.microsoft.com/azure/api-management/http-data-source-policy#example-policy-1)) is now executed for streamed responses.
277 | - The issue making resolver get incorrect values from the cache for some GraphQL requests is now fixed.
278 | - Requests resulting in a log entry larger than 32KB, previously not logged at all, are now logged to Azure Monitor after trimming.
279 | 
280 | ### Developer portal releases
281 | 
282 | - No releases.
283 | 
284 | ### Self-hosted gateway container image releases
285 | 
286 | •	[2.5.0](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/Container-v2.5.0)
287 | 
288 | ### Self-hosted gateway Helm chart releases
289 | 
290 | •	[1.9.0](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/v1.9.0)
291 | 
292 | ## Release - API Management service: December, 2023
293 | 
294 | ### New features, improvements, and changes
295 | 
296 | - We reserved`default`[Workspace](https://learn.microsoft.com/azure/api-management/workspaces-overview) name for internal use. After the update, users will not be able to create Workspaces with that name.
297 | 
298 | ### Fixes
299 | 
300 | - We fixed an issue causing degraded performance when creating new service instance.
301 | - We fixed an issue with `DevPortalHost` property not being passed correctly into the email notification template.
302 | - We eliminated inconsistency in [Security Scheme](https://spec.openapis.org/oas/v3.1.0#security-scheme-object) and [Security Requirement](https://spec.openapis.org/oas/v3.1.0#security-requirement-object) objects in OpenAPI exports when performed by authenticated vs. anonymous users.
303 | 
304 | ### Developer portal releases
305 | 
306 | - No releases.
307 | 
308 | ### Self-hosted gateway container image releases
309 | 
310 | - [2.4.0](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/Container-v2.4.0)
311 | - [2.3.6](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/Container-v2.3.6)
312 | 
313 | ### Self-hosted gateway Helm chart releases
314 | 
315 | - [1.8.0](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/v1.8.0)
316 | - [1.7.6.](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/v1.7.6)
317 | 
318 | ## Release - API Management service: November, 2023
319 | 
320 | ### New features, improvements, and changes
321 |  
322 | - We will now provide specifics about token validation failures in `validate-azure-ad-token` policy in API Inspector.
323 | - We made the password policy stronger for users creating accounts on the developer portal - e.g., it now requires using a special character. Complete password requirements will be shown on the sign-up page.
324 | - Users now must provide their current password before changing it on the developer portal.
325 | - Pagination controls on the developer portal now feature only the Next and Previous buttons.
326 |  
327 | ### Fixes
328 |  
329 | - We fixed an issue that caused tokens of logged-out developer portal users signed in via Azure AD B2C to remain valid under some circumstances.
330 | - We fixed a regression that caused POST requests issued from the try it console on the developer portal not to work correctly.
331 | - We fixed an issue in the Content Access Control feature of the developer portal that allowed unauthorized access to pages via direct link.
332 |  
333 | ### Developer portal releases
334 |  
335 |  - No releases.
336 |  
337 | ### Self-hosted gateway container image releases
338 |  
339 |  - [2.4.0](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/Container-v2.4.0)
340 |  - [2.3.6](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/Container-v2.3.6)
341 |  
342 | ### Self-hosted gateway Helm chart releases
343 | 
344 | - [1.8.0](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/v1.8.0)
345 | - [1.7.6.](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/v1.7.6)
346 | 
347 | # Release - API Management service: October 2023
348 | 
349 | ### Highlights
350 | 
351 | - We're thrilled to announce the public preview launch of our latest Azure API Management pricing tiers: Basic v2 and Standard v2. ([Docs](https://learn.microsoft.com/azure/api-management/v2-service-tiers-overview))
352 | 
353 | ### New features, fixes and improvements
354 | 
355 | - Minor bug fixes and improvements.
356 | 
357 | ### Developer portal releases
358 | 
359 | - No releases.
360 | 
361 | ### Self-hosted gateway container image releases
362 | 
363 | - [2.3.5](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/Container-v2.3.5)
364 | 
365 | ### Self-hosted gateway Helm chart releases
366 | 
367 | - [1.7.5](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/v1.7.5)
368 | 
369 | ## Release - API Management service: September 2023
370 | 
371 | ### New features, fixes, and improvements
372 | 
373 | 1. We have introduced new Azure Advisor recommendations:
374 |     - Use Azure AD authentication instead of gateway token for Configuration API
375 |     - Identity self-hosted gateways using gateway tokens that will expire in < 7 days
376 |     - Identity validate-jwt policy usage with insecure key size   
377 | 2. We have removed support for the [retired set-graphql-resolver policy](https://learn.microsoft.com/en-us/azure/api-management/set-graphql-resolver-policy) which had already been replaced with GraphQL API resolvers.
378 | 3. We have fixed an issue where the OpenAPI would fail if the parameter names where empty.
379 | 4. We have fixed an issue where nested objects were being overridden when import OpenAPI was used.
380 | 5. We have fixed an issue where the FixOpenApi parameter schema can now import complex schemas.
381 | 6. We have fixed a bug where validate-azure-token policy was not properly using expressions to resolve tenant-id.
382 | 7. We have fixed an issue where deleting the API release will now return 204 instead of 404 if release does not exist.
383 | 8. We have fixed an issue where the Deletion of API was not removing all of the releases. When deleting an API it will now delete all of its releases.
384 | 9. We have fixed an issue where the DELETE operation for API endpoint was synchronous and timing out. The DELETE operation has been made asynchronous to fix this issue.
385 | 
386 | ### Self-hosted gateway container image releases
387 | 
388 | 1. [2.3.4](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/Container-v2.3.4)
389 | 2. [2.3.3](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/Container-v2.3.3)
390 | 3. [2.3.2](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/Container-v2.3.2)
391 | 4. [2.3.1](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/Container-v2.3.1)
392 | 5. [2.3.0](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/Container-v2.3.0)
393 | 
394 | ### Self-hosted gateway Helm chart releases
395 | 
396 | 1. [1.7.4](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/v1.7.4)
397 | 2. [1.7.3](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/v1.7.3)
398 | 3. [1.7.2](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/v1.7.2)
399 | 4. [1.7.1](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/v1.7.1)
400 | 5. [1.7.0](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/v1.7.0)
401 | 
402 | ## Release - API Management service: April 2023
403 | 
404 | ### Highlights
405 | 
406 | 1. [Azure API Management and Microsoft Defender for APIs integration is now in preview](https://azure.microsoft.com/updates/public-preview-azure-api-management-and-microsoft-defender-for-apis-integration/). [Learn how Microsoft bolsters cloud-native security in Defender for Cloud with new API security capabilities](https://aka.ms/DfAPIlaunch).
407 | 2. [Workspaces in Azure API Management are now in preview](https://azure.microsoft.com/updates/public-preview-workspaces-in-azure-api-management/).
408 | 3. [Synthetic GraphQL is now generally available](https://azure.microsoft.com/updates/generally-available-synthetic-graphql-2/).
409 | 4. [Authorizations in Azure API Management are now generally available](https://azure.microsoft.com/updates/generally-available-api-management-authorizations/).
410 | 5. [Incoming traffic to Azure API Management's gateway can be secured to clients running in a virtual network through Azure Private Link](https://azure.microsoft.com/updates/generally-available-azure-private-link-support-in-azure-api-management/).
411 | 
412 | ### New features, fixes, and improvements
413 | 
414 | 1. We fixed an issue, where the customers potentially could not change organization or email in the email notifications.
415 | 
416 | ### Developer portal releases
417 | 
418 | 1. [2.23.0](https://github.com/Azure/api-management-developer-portal/releases/tag/2.23.0)
419 | 
420 | ### Self-hosted gateway container image releases
421 | 
422 | 1. [2.2.0](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/Container-v2.2.0)
423 | 
424 | ### Self-hosted gateway Helm chart releases
425 | 
426 | 1. [1.6.0](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/v1.6.0)
427 | 
428 | ## Release - API Management service: February & March 2023
429 | 
430 | A regular Azure API Management service update was started February 9, 2023. This release concluded rollout on March 31, 2023.
431 | 
432 | ### New features, fixes, and improvements
433 | 
434 | 1. We added the new `context.Deployment.Gateway.*` object with several properties for accessing gateway information in runtime policies. [Learn more](https://learn.microsoft.com/azure/api-management/api-management-policy-expressions#ContextVariables).
435 | 2. We fixed an issue, where the definition names in the API schema would display blank spaces.
436 | 3. We fixed an issue, where the developer portal was hiding default domain, a parameter has been added to include default domain in the hostnames.
437 | 4. We fixed an issue, where the API revisions were not being properly filtered.
438 | 5. We fixed an issue, where adding API schemas with the same namespace resulted in an error.
439 | 6. We fixed an issue, where policies contained all named values which caused a problem for secrets. The policy failed to check if given user had access to secret.
440 | 7. We fixed an issue, whereby Azure Active Directory v1 tokens could be validated with `validate-azure-ad-token` policy, but v2 tokens could not be validated. With this release, both v1 and v2 tokens are supported.
441 | 8. Previously, `validate-azure-ad-token` would only validate tokens against the public cloud instance of Azure Active Directory (AD). With this release, token validation is supported in every Azure cloud where Azure Active Directory is available.
442 | 9. Previously, the gateway would not refresh the GraphQL schema when it was updated from the Azure portal. The gateway now correctly refreshes the GraphQL schema after it's updated in the Azure portal.
443 | 10. We implemented a GraphQL context variable to allow access to all portions of the GraphQL context within policy expressions. 
444 | 
445 | ### Self-hosted gateway container image release
446 | 1. [2.2.0](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/Container-v2.2.0-preview-1) (Preview 1)
447 | 2. [2.1.8](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/Container-v2.1.8)
448 | 3. [2.1.7](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/Container-v2.1.7)
449 | ### Self-hosted gateway Helm chart
450 | 1. [1.5.5](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/v1.5.5)
451 | 2. [1.5.4](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/v1.5.4)
452 | 3. [1.5.3](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/v1.5.3)
453 | 4. [1.5.2](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/v1.5.2)
454 | 
455 | ## Release - API Management service: December 2022
456 | 
457 | A regular Azure API Management service update was started on December 8, 2022. This release will continue to roll out through January 2023.
458 | 
459 | ### New features, fixes, and improvements
460 | 
461 | 1. The `log-to-eventhub` policy now supports securing connections to Azure Event Hub with managed identity.
462 | 2. We fixed an issue, where the GraphQL in API Management will no longer fail when an introspection query is added to the synthetic GraphQL resolver policy.
463 | 3. We fixed an issue, where saving some policy fragments in Consumption tier services was failing.
464 | 4. We fixed an issue, where modifying a policy using client SDKs or PowerShell was failing with a 406 Not Acceptable response. The issue was caused by the management API's failure to handle PUT requests with the wildcard (`*/*`) `Accept` header.
465 | 
466 | ### Developer portal releases
467 | 
468 | 1. [2.22.0](https://github.com/Azure/api-management-developer-portal/releases/tag/2.22.0)
469 | 
470 | ## Release - API Management service: October, 2022
471 | 
472 | A regular Azure API Management service update was started on October 31, 2022. It may take several weeks for your API Management service to receive the update.
473 | 
474 | ### Feature retirements
475 | 
476 | 1. [Support for Azure API Management self-hosted gateway version 0 and version 1 ends 1 October 2023](https://azure.microsoft.com/updates/support-for-azure-api-management-selfhosted-gateway-version-0-and-version-1-ends-1-october-2023/).
477 | 
478 | ### New features, fixes, and improvements
479 | 
480 | 1. You can now easily validate Azure Active Directory tokens on incoming requests with the new `validate-azure-ad-token` policy. Learn more in the [documentation](https://learn.microsoft.com/azure/api-management/api-management-access-restriction-policies#ValidateAAD) or [blog post](https://techcommunity.microsoft.com/t5/azure-developer-community-blog/introducing-a-better-way-to-integrate-azure-ad-with-api/ba-p/3671864).
481 | 2. We fixed an issue, where API Management didn't allow clients to open new WebSocket connections even though they didn't exceed the connections limit.
482 | 3. API Management updates are now rolled out to one Availability Zone at a time. Previously, updates were rolled out to multiple Availability Zones, reducing the service capacity by up to 50%.
483 | 4. You can now use `cors` and caching policies (`cache-store` and `cache-lookup`) inside policy fragments. Previously the `cors` policy inside policy fragments didn't correctly apply CORS configuration to the API; caching policies couldn't be configured due to an error.
484 | 5. API Management scale-out attempts that fail due to insufficient subnet capacity are now properly logged in Activity Logs.
485 | 6. XML schema validation with `validate-content` policy no longer results in validation errors for elements with type "anyType".
486 | 7. The execution time of the `send-one-way-request` policy is no longer included in the `backendTime` metric in the diagnostic logs, since it's an asynchronous, non-blocking operation. Previously, it was included in the `backendTime` metric but excluded from the `totalTime` metric.
487 | 
488 | ### Developer portal releases
489 | 
490 | 1. [2.21.0](https://github.com/Azure/api-management-developer-portal/releases/tag/2.21.0)
491 | 2. [2.20.0](https://github.com/Azure/api-management-developer-portal/releases/tag/2.20.0)
492 | 3. [2.19.1](https://github.com/Azure/api-management-developer-portal/releases/tag/2.19.1)
493 | 
494 | ### Self-hosted gateway container image releases
495 | 
496 | 1. [2.1.6](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/Container-v2.1.6)
497 | 2. [2.1.5](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/Container-v2.1.5)
498 | 
499 | ### Self-hosted gateway Helm chart releases
500 | 
501 | 1. [1.5.1](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/v1.5.1)
502 | 2. [1.5.0](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/v1.5.0)
503 | 
504 | ## Release - API Management service: September, 2022
505 | 
506 | A regular Azure API Management service update was started on September 7, 2022. It may take several weeks for your API Management service to receive the update.
507 | 
508 | ### Highlights
509 | 
510 | 1. [Custom widget support in managed developer portal is now generally available](https://azure.microsoft.com/generally-available-api-management-custom-widget-support-in-developer-portal/).
511 | 2. [Expanded support for Azure Policy definitions for Azure API Management is now generally available](https://azure.microsoft.com/updates/generally-available-azure-api-management-expanded-support-for-azure-policy-definitions/).
512 | 3. [Support for OAuth 2.0 authorization code flow using PKCE for developer portal user sign-in and sign-up is now generally available](https://azure.microsoft.com/updates/generally-available-azure-api-management-support-for-msal-in-developer-portal/).
513 | 
514 | ### New features, fixes, and improvements
515 | 
516 | 1. The new `allow-additional-properties` attribute of the `validate-content` policy lets you implement a runtime override of the `additionalProperties` value configured in the JSON schemas - for example, to always prevent requests or responses with undefined schema properties, regardless of the JSON configuration. Documentation will be released soon in the [`validate-content` policy reference](https://docs.microsoft.com/azure/api-management/validation-policies).
517 | 2. Account confirmation links in the account registration email notifications sent to developer portal users no longer include user ID and identity in the URL.
518 | 3. We fixed an issue, where request and response validation policies would skip the `on-error` policy section if multiple validations failed.
519 | 4. Azure API Management no longer depends on the SMTP endpoints for sending email notifications and those endpoints can now be removed from the VNet configuration for allowed network traffic.
520 | 5. We optimized performance of synthetic GraphQL APIs resolving multiple fields from the same endpoint.
521 | 6. We fixed an issue, where using the developer portal test console configured with authorization code grant flow and OpenID Connect resulted in an error.
522 | 7. We fixed an issue, where several properties in the "[APIs - List By Service](https://docs.microsoft.com/rest/api/apimanagement/current-ga/apis/list-by-service?tabs=HTTP)" management API response weren't propagated with values. The contract now follows the documented schema.
523 | 8. We fixed an issue where an invalid request to create an [API Schema](https://docs.microsoft.com/rest/api/apimanagement/current-ga/api-schema/create-or-update?tabs=HTTP) could result in an `500 Internal Server Error` response. API Management now returns `400 Bad Request` in such cases.
524 | 9. We fixed an issue, where an unsuccessful management operation on a policy fragment could result in failure of future management operations on that policy fragment.
525 | 10. We fixed an issue, where built-in git repository export could fail.
526 | 
527 | ### Developer portal releases
528 | 
529 | 1. [2.19.0](https://github.com/Azure/api-management-developer-portal/releases/tag/2.19.0)
530 | 2. [2.18.2](https://github.com/Azure/api-management-developer-portal/releases/tag/2.18.2)
531 | 
532 | ### Self-hosted gateway container image releases
533 | 
534 | 1. [2.1.4](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/Container-v2.1.4)
535 | 
536 | ### Self-hosted gateway Helm chart releases
537 | 
538 | 1. [1.4.1](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/v1.4.1)
539 | 
540 | ### DevOps Resource Kit releases
541 | 
542 | 1. [1.0.0 (general availability)](https://github.com/Azure/azure-api-management-devops-resource-kit/releases/tag/1.0.0)
543 | 2. [1.0.0-beta.11](https://github.com/Azure/azure-api-management-devops-resource-kit/releases/tag/1.0.0-beta.11)
544 | 3. [1.0.0-beta.10](https://github.com/Azure/azure-api-management-devops-resource-kit/releases/tag/1.0.0-beta.10)
545 | 4. [1.0.0-beta.9](https://github.com/Azure/azure-api-management-devops-resource-kit/releases/tag/1.0.0-beta.9)
546 | 5. [1.0.0-beta.8](https://github.com/Azure/azure-api-management-devops-resource-kit/releases/tag/1.0.0-beta.8)
547 | 
548 | ## Release - API Management service: July, 2022
549 | 
550 | A regular Azure API Management service update was started on July 20, 2022. It may take several weeks for your API Management service to receive the update.
551 | 
552 | ### New features, fixes, and improvements
553 | 
554 | 1. We optimized the loading time of API schemas for management plane (including Azure portal) and developer portal operations.
555 | 2. We increased the maximum length of each URL path segment from 520 to 1024 characters.
556 | 3. We fixed an issue, where API Management allowed creation of multiple API versions with empty identifiers within one API version set.
557 | 4. We fixed an issue, where API Management deserialized C-style hex strings in exported OpenAPI files as hex values.
558 | 5. We fixed an issue, where API Management failed to export OpenAPI definitions if referenced schemas didn't have the `typename` property defined.
559 | 6. The `set-body` policy now supports `xsi-nil` attribute with two values (`"blank"` and `"null"`) for controlling how elements marked with `xsi:nil="true"` are represented in XML payloads. If the value is set to `blank`, API Management uses the prior behavior, where nil is represented as an empty string. If the value is set to `null`, nil is represented with a null value.
560 | 7. You can now monitor inbound connectivity to the API Management control plane in the "Network status" tab of the "Network" page in the Azure portal interface for your API Management service.
561 | 8. [Authorizations](https://docs.microsoft.com/azure/api-management/authorizations-overview) now support Salesforce, ServiceNow, Twitter, Stripe, and Zendesk identity providers.
562 | 9. Authorizations now support PKCE authorization flow in the generic OAuth2 identity provider.
563 | 10. Improvements to the GraphQL support:
564 |     1. API Management now supports GraphQL requests with the content type `application/graphql`. Previously, such requests resulted in a `400 Bad request` error.
565 |     2. GraphQL resolvers can now be configured in policy fragments for reuse in the `backend` policy section.
566 |     3. We fixed an issue, where creating a new GraphQL API using the property `format: graphql-format` resulted in failures in execution of the management API operations or ARM templates. This property worked only for existing GraphQL APIs.
567 |     4. We fixed an issue, where accessing `context.Request` in a synthetic GraphQL API's `set-graphql-resolver` policy would overwrite the `context.Request` value.
568 |     5. We fixed an issue, where parsing of lists with scalar values resulted in runtime errors.
569 | 
570 | ### Developer portal releases
571 | 
572 | 1. [2.18.1](https://github.com/Azure/api-management-developer-portal/releases/tag/2.18.1)
573 | 2. [2.18.0](https://github.com/Azure/api-management-developer-portal/releases/tag/2.18.0)
574 | 
575 | ### Self-hosted gateway container image releases
576 | 
577 | 1. [2.1.3](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/Container-v2.1.3)
578 | 2. [2.1.2](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/Container-v2.1.2)
579 | 3. [2.1.1](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/Container-v2.1.1)
580 | 4. [2.0.4](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/Container-v2.0.4)
581 | 
582 | Browse the recently added release notes for older images:
583 | 
584 | 1. [2.1.0](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/Container-v2.1.0)
585 | 2. [2.0.3](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/Container-v2.0.3)
586 | 3. [2.0.2](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/Container-v2.0.2)
587 | 4. [2.0.1](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/Container-v2.0.1)
588 | 5. [2.0.0](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/Container-v2.0.0)
589 | 
590 | ### Self-hosted gateway Helm chart releases
591 | 
592 | 1. [1.4.0](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/v1.4.0)
593 | 2. [1.3.1](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/v1.3.1)
594 | 3. [1.3.0](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/v1.3.0)
595 | 
596 | ### DevOps Resource Kit releases
597 | 
598 | 1. [1.0.0-beta.8](https://github.com/Azure/azure-api-management-devops-resource-kit/releases/tag/1.0.0-beta.8)
599 | 2. [1.0.0-beta.7](https://github.com/Azure/azure-api-management-devops-resource-kit/releases/tag/1.0.0-beta.7)
600 | 
601 | ## Release - API Management service: June, 2022
602 | 
603 | A regular Azure API Management service update was started on June 20, 2022. It may take several weeks for your API Management service to receive the update.
604 | 
605 | ### Highlights
606 | 
607 | 1. [GraphQL passthrough support is now generally available](https://azure.microsoft.com/updates/general-availability-graphql-passthrough-support-in-azure-api-management/)
608 | 2. [Synthetic GraphQL is now in public preview](https://azure.microsoft.com/updates/public-preview-synthetic-graphql/)
609 | 3. [Authorizations are now in public preview](https://azure.microsoft.com/updates/public-preview-api-management-authorizations/)
610 | 4. [Self-hosted gateway v2 is now generally available](https://azure.microsoft.com/updates/generally-available-api-management-selfhosted-gateway-version-2/)
611 | 5. [Reusable policy fragments are now generally available](https://azure.microsoft.com/updates/generally-available-api-management-reusable-policy-fragments/)
612 | 6. [Developer portal's support for Content Security Policy and self-hosted portal CORS configuration are now generally available](https://azure.microsoft.com/updates/generally-available-api-management-content-security-policy-and-cors-configuration-support/)
613 | 7. [Learn how to prevent or mitigate OWASP API Security Top 10 threats in Azure API Management](https://aka.ms/apimdocs/security/owasp)
614 | 
615 | ### New features, fixes, and improvements
616 | 
617 | 1. Email notifications now have valid SPF and DKIM signatures. Previously, the generated DKIM signatures were invalid.
618 | 2. `System.Net.IpAddress` and `System.Enum` namespaces are now allowed in policy expressions.
619 | 3. Scale-up operations will now fail faster if there isn't enough space in a virtual network subnet to accommodate additional API Management service units. The error will be included in the Activity Logs.
620 | 4. We fixed an issue, where scale-up operations could get stuck for multiple days in `stv1` deployments. As a precaution against other potential problems with the `stv1` architecture, we recommend migrating services to the `stv2` architecture. [Learn more about the migration process](https://docs.microsoft.com/azure/api-management/compute-infrastructure#how-do-i-migrate-to-the-stv2-platform).
621 | 5. We fixed an issue, where WebSocket connections couldn't be established for requests with multiple `Connection` headers.
622 | 6. Management API SAS token can no longer be generated with an expiration date set in the past.
623 | 7. "Dapr" is now a reserved backend entity ID.
624 | 
625 | ### Developer portal releases
626 | 
627 | 1. [2.17.0](https://github.com/Azure/api-management-developer-portal/releases/tag/2.17.0)
628 | 
629 | ### Self-hosted gateway Helm releases
630 | 
631 | 1. [1.2.0](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/v1.2.0)
632 | 
633 | ### DevOps Resource Kit releases
634 | 
635 | 1. [1.0.0-beta.6](https://github.com/Azure/azure-api-management-devops-resource-kit/releases/tag/1.0.0-beta.6)
636 | 2. [1.0.0-beta.5](https://github.com/Azure/azure-api-management-devops-resource-kit/releases/tag/1.0.0-beta.5)
637 | 
638 | ## Release - API Management service: May, 2022
639 | 
640 | A regular Azure API Management service update was started on May 10, 2022. It may take several weeks for your API Management service to receive the update.
641 | 
642 | ### New features, fixes, and improvements
643 | 
644 | 1. GraphQL support now includes [policy-based authorizations](https://docs.microsoft.com/azure/api-management/graphql-validation-policies), `graphql-ws`-based subscriptions, and improved developer portal and Azure portal interfaces.
645 | 2. Availability zone deployments are now available in the Switzerland North region.
646 | 3. You can now access the API Management service name in runtime policies with the new `context.Deployment.ServiceId` property. The `ServiceId` property is also included in Application Insights logs.
647 | 4. `validate-parameters` and `validate-content` policies now support GUID properties defined as `format: uuid`.
648 | 5. Event Hub loggers can now use managed identity authentication. Azure portal interface for configuring this authentication is coming soon.
649 | 
650 | ### Changes
651 | 
652 | 1. Values of the `server name` property in Application Insights live metrics no longer include the `.azure-api.net` suffix.
653 | 2. The value of `ServiceName` property in API inspector JSON no longer includes the `.azure-api.net` suffix.
654 | 
655 | ### Developer portal releases
656 | 
657 | 1. [2.16.0](https://github.com/Azure/api-management-developer-portal/releases/tag/2.16.0) - highlights:
658 |    * Improvements to API reference pages and test console.
659 |    * Support for GraphQL subscriptions.
660 | 2. [2.15.1](https://github.com/Azure/api-management-developer-portal/releases/tag/2.15.1) - highlights:
661 |    * Includes a fix for a regression in the API list dropdown widget introduced in version 2.15.0.
662 | 3. [2.15.0](https://github.com/Azure/api-management-developer-portal/releases/tag/2.15.0) - highlights:
663 |    * The authorization server information has been temporarily removed from the API details widget, until a more complete solution is in place.
664 |    * Terms of use are now included in the authentication pages.
665 | 
666 | ### Self-hosted gateway Helm releases
667 | 
668 | 1. [1.1.0](https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/v1.1.0)
669 | 
670 | ### DevOps Resource Kit releases
671 | 
672 | 1. [1.0.0-beta.4](https://github.com/Azure/azure-api-management-devops-resource-kit/releases/tag/1.0.0-beta.4)
673 | 2. [1.0.0-beta.3](https://github.com/Azure/azure-api-management-devops-resource-kit/releases/tag/1.0.0-beta.3)
674 | 3. [1.0.0-beta.2](https://github.com/Azure/azure-api-management-devops-resource-kit/releases/tag/1.0.0-beta.2)
675 | 
676 | ## Release - API Management service: March, 2022
677 | 
678 | A regular Azure API Management service update was started on March 28, 2022. It may take several weeks for your API Management service to receive the update.
679 | 
680 | **Starting with this service release, we will be posting regular release announcements only here, on GitHub, and we will not be posting them on [Azure Updates](https://aka.ms/apimupdates). We will continue to post feature or breaking change announcements on Azure Updates and reference them in regular release notes on GitHub.**
681 | 
682 | ### Featured
683 | 
684 | 1. [SOAP and XML request and response validation is now generally available](https://azure.microsoft.com/updates/general-availability-soap-and-xml-request-and-response-validation/).
685 | 2. [Developer portal widget for embedding custom HTML code is now generally available](https://azure.microsoft.com/updates/general-availability-developer-portal-widget-for-embedding-custom-html-code/).
686 | 3. [Azure Private Link support in Azure API Management is now in public preview](https://azure.microsoft.com/updates/public-preview-azure-private-link-support-in-azure-api-management-2/).
687 | 4. [Tools for easier import of WSDL APIs and XSD and JSON schemas are now available on GitHub](https://github.com/Azure-Samples/api-management-schema-import).
688 | 
689 | ### Breaking change advisory
690 | 
691 | 1. [Review your virtual network configuration - it may be affected by IP address changes in March 2023](https://azure.microsoft.com/updates/ip-address-changes-will-begin-affecting-your-ability-to-manage-your-virtual-networkenabled-api-management-services-on-31-marc/).
692 | 
693 | ### Fixes and improvements
694 | 
695 | 1. To protect services from username enumeration attacks, any attempt to reset user's password now results in a successful response from the API Management service. Previously, API Management returned `404 Not Found` if the username didn't exist in the service.
696 | 2. Users no longer can subscribe to products that they don't have access to. Previously, product access configuration only restricted retrieval of product details and its APIs and it didn't prevent subscription attempts.
697 | 3. If a policy expression contains a loop and takes over five seconds to execute, API Management will now terminate its execution to avoid infinite loops.
698 | 4. You can now reference JSON schema resources from another JSON schema resource. The new [schema entity](https://docs.microsoft.com/rest/api/apimanagement/current-ga/global-schema) is used for [request or response validation](https://docs.microsoft.com/azure/api-management/validation-policies#schemas-for-content-validation).
699 | 5. Null values are no longer accepted inside the `certificateIds` array when creating or updating backend entities.
700 | 6. Client disconnects from gateway are no longer reported as errors.
701 | 7. `X-Forwarded-For` header logs now include addresses added by the gateway.
702 | 8. Severity level is now correctly configured in Application Insights traces. Previously, `verbose` and `information` traces were logged to Application Insights with higher severity.
703 | 9. GraphQL request processing is now faster and more efficient thanks to a series of optimizations.
704 | 
705 | ### Developer portal releases
706 | 
707 | 1. [2.14.0](https://github.com/Azure/api-management-developer-portal/releases/tag/2.14.0) - highlights:
708 |    * Support for `contact`, `license`, and `termsOfService` OpenAPI properties in the API reference pages.
709 |    * Improvements to GraphQL API reference pages, including the _code view_.
710 | 2. [2.13.0](https://github.com/Azure/api-management-developer-portal/releases/tag/2.13.0) - highlights:
711 |     * HTML injection widget, which allows you to render custom HTML code in an iframe in your managed or self-hosted developer portal pages.
712 |     * Revised code samples in the test console and a new code sample for Swift.
713 | 
714 | ### DevOps Resource Kit releases
715 | 
716 | 1. [1.0.0-beta.1](https://github.com/Azure/azure-api-management-devops-resource-kit/releases/tag/1.0.0-beta.1):
717 |     * Major code refactoring to the Extractor to make it more maintainable and easier to contribute to.
718 |     * Update of the API version used in the Extractor to the latest generally available version (`2021-08-01`).
719 |     * Other fixes, improvements, and community contributions.
720 | 
721 | ## Release - API Management service: January, 2022
722 | 
723 | A regular Azure API Management service update was started on January 20, 2022, and included the following new features, bug fixes, and other improvements. It may take several weeks for your API Management service to receive the update.
724 | 
725 | ### Featured
726 | 
727 | 1. [Managed certificate support is now in public preview](https://azure.microsoft.com/updates/public-preview-managed-certificate-support-for-azure-api-management/).
728 | 
729 | ### New
730 | 
731 | 1. Published developer portals are now automatically upgraded to new portal releases, without the need to republish the portal manually. Automated upgrades will preserve the latest published content; they won't publish saved but unpublished content.
732 | 2. You can now use curly brackets in a SOAP action URL template (for example, `/soapAction={wildcard}`) to define a wildcard SOAP action, which will match any SOAP request that doesn't have a dedicated action defined in the API. The value inside the curly brackets doesn't affect the execution.
733 | 3. Availability zones are now supported in the East Asia region.
734 | 4. New .NET SDK for the management API [is now available in preview](https://www.nuget.org/packages/Microsoft.Azure.Management.ApiManagement/8.0.0-preview).
735 | 
736 | ### Fixed
737 | 
738 | 1. Newly created diagnostic settings will no longer be configured to log request query parameters by default. As part of this change, [`Diagnostic` entity](https://docs.microsoft.com/rest/api/apimanagement/current-ga/diagnostic/create-or-update#datamasking)'s `dataMasking.queryParams` properties will be set with the following wildcard configuration `{ "value": "*", "mode": "Hide"}`. The same wildcard configuration can also be applied to `dataMasking.headers`.
739 | 2. Self-hosted gateway now properly handles a certificate change (`certificateId`) for existing hostnames.
740 | 3. Multiple `validate-content` policies can now be specified in a single policy section.
741 | 4. It is now possible to delete a resource group with an `stv2`-based API Management service in a virtual network. Previously, the deletion could fail due to an unreleased public IP resource. [Learn more about `stv2` and API Management's infrastructure](https://docs.microsoft.com/azure/api-management/compute-infrastructure#compute-platform-versions).
742 | 5. `ConfigurationChange` event is no longer logged in [Resource Health](https://docs.microsoft.com/azure/service-health/resource-health-overview) for API Management service backups.
743 | 6. `tracestate` header values are no longer truncated after the first key-value pair.
744 | 7. An attempt to deploy an `stv2` API Management service into a virtual network subnet with an `stv1` API Management service will now result in a descriptive error message.
745 | 
746 | ## Release - API Management service: October, 2021
747 | 
748 | A regular Azure API Management service update was started on October 25, 2021, and included the following new features, bug fixes, and other improvements. It may take several weeks for your API Management service to receive the update.
749 | 
750 | ### Featured
751 | 
752 | 1. [Public preview: GraphQL passthrough support in Azure API Management](https://azure.microsoft.com/updates/public-preview-graphql-passthrough-support-in-azure-api-management/).
753 | 2. [General availability: Native support for WebSocket APIs](https://azure.microsoft.com/updates/general-availability-native-support-for-websocket-apis/).
754 | 3. [General availability: API Management and Event Grid Integration](https://azure.microsoft.com/updates/general-availability-api-management-event-grid-integration/).
755 | 
756 | ### New
757 | 
758 | 1. You can now import [Azure Container App](https://azure.microsoft.com/services/container-apps/) as an API in API Management.
759 |    ![Azure Container App import](media-api-management-service/2021-10-azure-container-app-import.png)
760 | 2. API Management now supports [managed identity authentication for communication with Application Insights](https://docs.microsoft.com/azure/azure-monitor/app/azure-ad-authentication). To configure it, specify the `identityClientId` key in the `properties.credentials` property of the `Logger` object and set the value to:
761 |     * `systemAssigned` for a system-assigned identity, or
762 |     * ID of a user-assigned identity.
763 | 3. Support for the multi-dimensional `Request` metric in Azure Monitor is now generally available.
764 | 
765 | ### Fixed
766 | 
767 | 1. We fixed an [issue](https://github.com/Azure/api-management-developer-portal/issues/1354), where the `Portal Revision` API marked all new developer portal revisions as current, regardless of the `isCurrent` parameter's value.
768 | 2. We fixed an issue, where the `specified-parameter-action` attribute of the `validate-parameters` policy was ignored.
769 | 3. Scale-outs of API Management services in the [single-tenant v2 (`stv2`) infrastructure](https://docs.microsoft.com/azure/api-management/compute-infrastructure#compute-platform-versions) no longer affect existing service capacity. Previously, each scale-out forced a restart of the existing nodes. This optimization has already been implemented in services in the `stv1` infrastructure and those services aren't affected by the change.
770 | 4. All header's schema properties are now preserved when importing an OpenAPI v3 document. Schemas for headers are supported in management API versions `2021-01-01-preview` or later.
771 | 5. Properties with `format: date` in OpenAPI documents are no longer converted to a date-time object.
772 | 6. Unknown countries are now reported as `Unknown` in the built-in API reports (*Analytics* tab in the Azure portal).
773 | 7. WebSocket APIs now support backend service URI with the WebSocket schema and a custom port.
774 | 
775 | ### Information
776 | 
777 | 1. Services deployed in a virtual network with forced tunneling need to allow an [additional dependency for Windows activations](https://docs.microsoft.com/troubleshoot/azure/virtual-machines/custom-routes-enable-kms-activation). Although this requirement wasn't documented, it is not introduced by the current release.
778 | 
779 | ## Release - API Management service: August, 2021
780 | 
781 | A regular Azure API Management service update was started on August 19, 2021, and included the following new features, bug fixes, and other improvements. It may take several weeks for your API Management service to receive the update.
782 | 
783 | ### Featured
784 | 
785 | 1. [API Management's integration with Event Grid is now in preview](https://azure.microsoft.com/updates/public-preview-api-management-and-event-grid-integration/).
786 | 
787 | ### New
788 | 
789 | 1. [The availability zones feature](https://aka.ms/apimaz) is now supported in four new regions: South Africa North, Germany West Central, Korea Central, Norway East.
790 | 2. The `rate-limit-by-key` policy now supports policy expressions in the `calls` and `renewal-period` attributes. The `renewal-period`'s upper limit of 5 minutes still applies.
791 | 3. The upper limit of the `max-size` attribute of the `validate-content` policy can now be increased beyond 100kB through Azure support.
792 | 4. API inspector's traces now include the service name property.
793 | 5. API Management is now more responsive to moves and cluster scale-outs of Service Fabric backends.
794 | 6. API Management now supports custom domain certificates encrypted with the `AES256_SHA256` algorithm.
795 | 7. The `Network Status` management API response and page in the Azure portal now include details about the connectivity to Azure Application Insights for services with configured Application Insights loggers.
796 | 8. The "Publish" button on the "Developer portal overview" page of API Management services in the Azure portal now uses the new `Portal revisions` API, which makes it easier to publish the portal for virtual-network-injected services.
797 | 9. Clicking on a grid's row in the "Subscriptions" page of Azure API Management services in the Azure portal now brings up a new subscription editing interface.
798 | 
799 | ### Fixed
800 | 
801 | 1. We fixed an issue, which could cause schema definitions to be omitted while importing APIs from OpenAPI files.
802 | 2. We fixed a paging issue for API calls for retrieving the list of APIs from the developer portal.
803 | 3. The `PublisherEmail` service property now supports email addresses with the `#` character.
804 | 
805 | ### Changed
806 | 
807 | 1. ~~The runtime `context.Deployment.ServiceName` property and the `Service Name` attribute in Azure Application Insights logs no longer include the default hostname suffix `.azure-api.net` for API Management services in the Developer, Basic, Standard, and Premium tiers.~~ This change has been reverted.
808 | 2. Consumption tier services now allow request URLs up to 16384 characters long.
809 | 3. All responses with status code lower than `400` are now considered successful in the built-in Analytics, metrics, Azure Monitor logs, and Azure Application Insights telemetry.
810 | 4. The API gateway can no longer be disabled if the API Management service is in an internal virtual network.
811 | 
812 | ## Release - API Management service: July, 2021
813 | 
814 | A regular Azure API Management service update was started on July 5, 2021, and included the following new features, bug fixes, and other improvements. It may take several weeks for your API Management service to receive the update.
815 | 
816 | ### Featured
817 | 
818 | 1. [Native support for WebSocket APIs is now in preview](https://azure.microsoft.com/updates/public-preview-native-support-for-websocket-apis-in-azure-api-management/).
819 | 2. [The cost of additional units in the Premium tier services has been reduced](https://azure.microsoft.com/updates/azure-api-management-premium-tier-price-reduction-for-incremental-purchased-units/).
820 | 
821 | ### New
822 | 
823 | 1. You can now emit custom metrics to Azure Application Insights with the new `emit-metric` policy. [Learn more](https://docs.microsoft.com/azure/api-management/api-management-advanced-policies#emit-metric).
824 | 2. Policy expressions now support `System.Net.IPAddress`.
825 | 3. The policy expressions' `context` object now includes the `context.Deployment.GatewayId` property. For managed gateways, its value is `managed`.
826 | 4. You can now export your APIs for consumption in the Power Platform through the dedicated Power Platform page in the Azure portal.
827 |    ![Power Platform page in the Azure portal](media-api-management-service/2021-07-azure-portal-power-platform.png)
828 | 
829 | ### Fixed
830 | 
831 | 1. We fixed an issue, which caused Developer tier services in a virtual network to not emit resource health events.
832 | 2. The validation policies now correctly return:
833 |    * Responses with the status code `400 Bad Request` and a precise error description in case of the schema mismatch for errors detected in the incoming requests.
834 |    * Responses with the status code `502 Bad Gateway` and a generic message in the body for errors detected in the outgoing responses, to not leak API implementation details.
835 | 3. We fixed an issue, where the validation policies ignored the `nullable` property of JSON schemas.
836 | 4. We fixed an issue, where the validate content policy didn't fail the validation for empty bodies.
837 | 5. We fixed an issue, where the validation policies modified the format of the JSON payload's properties resembling datetime strings.
838 | 6. We fixed an issue, where a character sequence `@*` prevented the policy XML document from being saved.
839 | 7. We fixed an issue, where responses with an empty payload and the `Transfer-Encoding: chunked` header were incorrectly classified as completed and the response latency was miscalculated.
840 | 8. We fixed an issue, where successful API requests were marked as non-successful in the Azure Monitor and Azure Application Insights logs if the client disconnected right after receiving the response.
841 | 9. We fixed an issue, which caused the API gateway endpoint of Consumption services to remain unavailable for a few seconds after the service activation.
842 | 
843 | ### Changed
844 | 
845 | 1. Validation policies' `error-variable-name` attribute is now optional.
846 | 2. The `firstName` and `lastName` properties of the `User` entity no longer accept special characters (for example, `<`, `>`, `:`, `;`, `(`, `)`, `\`, `/`, `@`, `!`, and more).
847 | 
848 | ## Release - API Management service: May, 2021
849 | 
850 | A regular Azure API Management service update was started on May 5, 2021, and included the following new features, bug fixes, and other improvements. It may take several weeks for your API Management service to receive the update.
851 | 
852 | ### Featured
853 | 
854 | 1. [Open-source API Portal is now generally available](https://azure.microsoft.com/updates/apiportal/).
855 | 2. [Azure API Management's support for Availability Zones is now generally available](https://azure.microsoft.com/updates/azure-api-management-support-for-availability-zones-now-generally-available/).
856 | 3. [Request and response validation policies are now generally available](https://azure.microsoft.com/updates/azure-api-management-support-for-request-and-response-validation-policies-has-reached-general-availability/).
857 | 
858 | ### New
859 | 
860 | 1. You can now validate the client certificate with the new `<validate-client-certificate>` policy. Documentation and support in the Azure portal are coming soon.
861 | 2. The Visual Studio Code extension now supports policy debugging for self-hosted gateways running locally.
862 | 3. The Visual Studio Code extension now supports Dapr and validation policies.
863 | 4. The developer portal now supports *resource owner password* grant flow.
864 | 5. The new *Ciphers + Protocols* page in the Azure portal lets you manage API gateways' cipher and protocol configuration and displays a warning if a weak cipher or protocol is enabled.
865 | 6. The *Locations* page in the Azure portal lets you now configure Availability Zones.
866 | 7. You can now apply [validation policies](https://aka.ms/apimdocs/policies/validation) with the visual policy editors in the Azure portal, without writing any policy code.
867 | 8. The `timeout` attribute of the `send-request` policy now supports policy expressions.
868 | 
869 | ### Fixed
870 | 
871 | 1. Caching issues, which might have resulted in a broken developer portal's administrative interface, are now resolved.
872 | 
873 | ### Changed
874 | 
875 | 1. The client certificate renegotiation feature is now disabled for all new and existing API Management services, except for the services that relied on it in the last 30 days (services with at least one API call that resulted in a client certificate request from a policy, not as part of an initial TLS handshake). The API gateway will request a client certificate only if [`HostnameConfiguration`'s](https://docs.microsoft.com/rest/api/apimanagement/2019-12-01/apimanagementservice/createorupdate#hostnameconfiguration) property `negotiateClientCertificate` is set to `true`. If the property is set to `false`, the client certificate won't be available in the `context.Request.Certificate` property.
876 | 
877 | ## Release - API Management service: March, 2021
878 | 
879 | A regular Azure API Management service update was started on March 8, 2021, and included the following new features, bug fixes, and other improvements. It may take several weeks for your API Management service to receive the update.
880 | 
881 | ### Featured
882 | 
883 | 1. [Integration of named values with Azure Key Vault is now generally available](https://azure.microsoft.com/updates/general-availability-azure-api-management-now-has-named-values-integration-with-azure-key-vault/).
884 | 1. [Integration of certificates with Azure Key Vault is now generally available](https://azure.microsoft.com/updates/support-for-azure-api-management-certificates-in-azure-key-vault-has-reached-general-availability/).
885 | 1. [Visual Studio Code extension is now generally available](https://marketplace.visualstudio.com/items?itemName=ms-azuretools.vscode-apimanagement).
886 | 1. [API Management diagnostics are now in public preview](https://azure.microsoft.com/updates/api-management-diagnostics-now-available-in-public-preview/).
887 | 
888 | ### New
889 | 
890 | 1. You can now add an Application Insights logger by specifying a connection string. Support for this feature in the Azure portal is coming soon.
891 | 
892 | ### Fixed
893 | 
894 | 1. List, GET, PUT, and PATCH operations on named values managed in a key vault are no longer allowed in API versions prior to `2020-06-01-preview`. Those named values will no longer be exported in ARM templates.
895 | 1. Recreating a user-assigned managed identity with the same Azure resource ID no longer results in an error.
896 | 
897 | ### Changed
898 | 
899 | 1. Metrics and monitoring endpoints now use a new DNS service with higher availability. If you have been using the hostname to filter the traffic, make sure to change it to the new address. Otherwise, no action is required; the IP address of the resources has not changed.
900 |     - `https://global.metrics.nsatc.net/` has changed to `https://global.prod.microsoftmetrics.com/`.
901 |     - `https://prod3.metrics.nsatc.net:1886/RecoveryService` has changed to `https://prod3.prod.microsoftmetrics.com:1886/RecoveryService`.
902 | 1. Managed identity no longer requires outbound access to Certificate Revocation List endpoints. If you have configured network connectivity to allow outbound traffic to CRL endpoints, you may now remove this dependency.
903 | 
904 | ## Release - API Management service: January, 2021
905 | 
906 | A regular Azure API Management service update was started on January 21, 2021, and included the following new features, bug fixes, and other improvements. It may take several weeks for your API Management service to receive the update.
907 | 
908 | ### New
909 | 
910 | 1. You can now use the `cache-response` attribute in the `cache-store` policy to specify when to cache the outgoing HTTP response. For example, `<cache-store cache-response="@{return true}" />` will cache all API responses. If the `cache-response` attribute isn't specified, only HTTP responses with the status code `200 OK` will be cached. Documentation will be updated soon.
911 | 1. You can now view service summary, explore service recommendations, and access additional resources in the redesigned overview page in the Azure portal.
912 |     ![Azure portal - overview](media-api-management-service/2021-01-azure-portal-overview.png)
913 | 1. You can now use the `isKeyVaultRefreshFailed=true` query parameter in the list certificates by service and list named values by service API calls in the API version 2020-06-01 or later to find the entities, for which the refresh from Azure Key Vault action failed. Documentation will be updated soon.
914 | 1. You can now monitor connectivity to Azure Key Vault using the network status endpoint in the API version 2020-06-01-preview or later.
915 | 
916 | ### Fixed
917 | 
918 | 1. We fixed an error, which could cause named values and certificates stored in Azure Key Vault to not be refreshed.
919 | 
920 | ## Release - API Management service: December, 2020
921 | 
922 | A regular Azure API Management service update was started on December 7, 2020, and included the following new features, bug fixes, and other improvements. It may take several weeks for your API Management service to receive the update.
923 | 
924 | ### New
925 | 
926 | 1. You can now create and manage API backends in the Azure portal.
927 |     ![Azure portal - backends view](media-api-management-service/2020-12-backends.png)
928 | 1. You can now log [API inspector traces](https://docs.microsoft.com/azure/api-management/api-management-howto-api-inspector#trace-a-call) to Application Insights and Azure Monitor by setting the `verbosity` property of [the `service/diagnostics` resource](https://docs.microsoft.com/azure/templates/microsoft.apimanagement/service/diagnostics) to `debug`. Azure portal interface for this feature will be released in early 2021.
929 | 1. You can now mask or hide sensitive query parameters and headers in diagnostic logs. The `hide` setting will remove an entity, while `mask` setting will replace it with the word "hidden". Refer to [the `service/diagnostics` API endpoint documentation](https://docs.microsoft.com/rest/api/apimanagement/2020-06-01-preview/diagnostic/createorupdate#datamasking) for more details. Azure portal interface for this feature will be released in early 2021.
930 | 1. You can now monitor database connectivity in secondary regions in the `Network Status` page in the Azure portal as well as via the respective API call, if your API Management service is deployed in multiple regions.
931 | 1. [New management API version `2020-06-01-preview`](https://docs.microsoft.com/rest/api/apimanagement/) is now available for testing.
932 | 
933 | ### Fixed
934 | 
935 | 1. Elements of collections in responses from the `Content Types` and `Content Items` management API endpoints no longer overlap between pages.
936 | 
937 | ## Release - API Management service: October, 2020
938 | 
939 | A regular Azure API Management service update was started on October 21, 2020, and included the following new features, bug fixes, and other improvements. It may take several weeks for your API Management service to receive the update.
940 | 
941 | ### New
942 | 
943 | 1. You can now create Developer, Basic, Standard, or Premium API Management services in the Brazil Southeast region.
944 | 1. `xml-to-json` policy supports two new parameters for handling empty values and trimming string values:
945 | 
946 |     ```xml
947 |     <xml-to-json empty-values="preserve|asNull" trim="true|false" />
948 |     ```
949 | 
950 | 1. `context.Request.Body` and `context.Response.Body` support three new methods:
951 |     
952 |     ```csharp
953 |     JToken AsJToken(bool preserveContent = false, JsonSerializerSettings settings = null);
954 |     JObject AsJObject(bool preserveContent = false, JsonSerializerSettings settings = null);
955 |     JArray AsJArray(bool preserveContent = false, JsonSerializerSettings settings = null);
956 |     ```
957 | 
958 | 1. Liquid templates in the `<set-body>` policy now support accessing JObject and JArray variables, for example: `context.Variables.contoso.property` or `context.Variables.contosoarray[0].property`.
959 | 1. `validate-jwt` policy now supports JWE tokens compressed with the [default algorithm](https://tools.ietf.org/html/rfc7516#section-4.1.3).
960 | 1. `Network Status` API now returns status for the Azure Active Directory endpoint.
961 | 1. `Named Values` API now supports filtering by ID.
962 | 
963 | ### Fixed
964 | 
965 | 1. Developer portal session is now correctly persisted in case of redirects to other websites. Previously, the session could have been lost when using sign-in delegation or redirecting to websites from e-mail notifications.
966 | 1. Developer portal now supports additional OAuth parameters for acquiring access tokens, which enables integration with external identity providers, like Auth0.
967 | 1. API Management now correctly handles wildcard OpenAPI parameters, such as `/sample-operation/{*rest}`.
968 | 1. We fixed several bugs, which could result in inaccurate `Network Status` API responses.
969 | 1. We fixed a bug, where API Management stored incorrect payload in the cache if a request contained conditional headers `If-Modified-Since` or `If-None-Match` and cache entry didn't exist.
970 | 
971 | ### Changed
972 | 
973 | 1. The [`Connection` header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Connection) is no longer forwarded from the backend to the client.
974 | 


--------------------------------------------------------------------------------
/changelogs/media-api-management-service/2020-12-backends.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Azure/API-Management/aa6ca0f8b9b16fd191bda0b1d5e6f939de74f731/changelogs/media-api-management-service/2020-12-backends.png


--------------------------------------------------------------------------------
/changelogs/media-api-management-service/2021-01-azure-portal-overview.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Azure/API-Management/aa6ca0f8b9b16fd191bda0b1d5e6f939de74f731/changelogs/media-api-management-service/2021-01-azure-portal-overview.png


--------------------------------------------------------------------------------
/changelogs/media-api-management-service/2021-07-azure-portal-power-platform.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Azure/API-Management/aa6ca0f8b9b16fd191bda0b1d5e6f939de74f731/changelogs/media-api-management-service/2021-07-azure-portal-power-platform.png


--------------------------------------------------------------------------------
/changelogs/media-api-management-service/2021-10-azure-container-app-import.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Azure/API-Management/aa6ca0f8b9b16fd191bda0b1d5e6f939de74f731/changelogs/media-api-management-service/2021-10-azure-container-app-import.png


--------------------------------------------------------------------------------
/changelogs/self-hosted-gateway.md:
--------------------------------------------------------------------------------
  1 | # Self-hosted API gateway changelog
  2 | 
  3 | ## Release - self-hosted gateway: 1.2.5
  4 | 
  5 | *September 29, 2021*
  6 | 
  7 | New **stable** version of the [self-hosted gateway](https://aka.ms/apim/shgw/overview) is now available. Full list of container versions can be found [here](https://mcr.microsoft.com/v2/azure-api-management/gateway/tags/list).
  8 | 
  9 | ### New
 10 | 
 11 | None
 12 | 
 13 | ### Bug fixes
 14 | 
 15 | - Concurrency bug in pooled connection acquisition logic that caused request failures under high load
 16 | - Bug causing intermittent failures of large (30MB+) requests
 17 | - Bug preventing request logs and gateway errors from appearing in standard output
 18 | 
 19 | ### Breaking changes
 20 | 
 21 | None
 22 | 
 23 | ## Release - self-hosted gateway: 1.2.4
 24 | 
 25 | *August 31, 2021*
 26 | 
 27 | New **stable** version of the [self-hosted gateway](https://aka.ms/apim/shgw/overview) is now available. Full list of container versions can be found [here](https://mcr.microsoft.com/v2/azure-api-management/gateway/tags/list).
 28 | 
 29 | ### New
 30 | 
 31 | None
 32 | 
 33 | ### Bug fixes
 34 | 
 35 | - Upgraded to use base image mcr.microsoft.com/dotnet/aspnet:3.1.18-alpine3.13 which addressed the following vulnerabilities:
 36 | 
 37 |   - CVE-2021-36159
 38 |   - CVE-2021-22924
 39 |   - CVE-2021-22922
 40 |   - CVE-2021-22926
 41 |   - CVE-2021-36222
 42 |   - CVE-2021-22922
 43 |   - CVE-2021-22924
 44 | 
 45 | - Fixed the issue causing gateway's failure to start rather than fallback to local configuration snapshot when cloud configuration endpoint is not available
 46 | 
 47 | ### Breaking changes
 48 | 
 49 | None
 50 | 
 51 | ## Release - self-hosted gateway: 1.2.4-preview-1
 52 | 
 53 | *August 25, 2021*
 54 | 
 55 | New **preview** version of the [self-hosted gateway](https://aka.ms/apim/shgw/overview) is now available. Full list of container versions can be found [here](https://mcr.microsoft.com/v2/azure-api-management/gateway/tags/list).
 56 | 
 57 | ### New
 58 | 
 59 | None
 60 | 
 61 | ### Bug fixes
 62 | 
 63 | - Upgraded to use .NET Core base image .NET Core base image 3.1.18 (nightly) which addressed the following vulnerabilities:
 64 | 
 65 |   - CVE-2021-36159
 66 |   - CVE-2021-22924
 67 |   - CVE-2021-22922
 68 |   - CVE-2021-22926
 69 |   - CVE-2021-36222
 70 |   - CVE-2021-22922
 71 |   - CVE-2021-22924
 72 | 
 73 | ### Breaking changes
 74 | 
 75 | None
 76 | 
 77 | ## Release - self-hosted gateway: 1.2.3
 78 | 
 79 | *July 8, 2021*
 80 | 
 81 | New **stable** version of the [self-hosted gateway](https://aka.ms/apim/shgw/overview) is now available. Full list of container versions can be found [here](https://mcr.microsoft.com/v2/azure-api-management/gateway/tags/list).
 82 | 
 83 | ### New
 84 | 
 85 | - Removed the 30MB request size limit
 86 | 
 87 | ### Bug fixes
 88 | 
 89 | None
 90 | 
 91 | ### Breaking changes
 92 | 
 93 | None
 94 | 
 95 | ## Release - self-hosted gateway: 1.2.2
 96 | 
 97 | *June 11, 2021*
 98 | 
 99 | New **stable** version of the [self-hosted gateway](https://aka.ms/apim/shgw/overview) is now available. Full list of container versions can be found [here](https://mcr.microsoft.com/v2/azure-api-management/gateway/tags/list).
100 | 
101 | ### New
102 | 
103 | None
104 | 
105 | ### Bug fixes
106 | 
107 | - Upgraded to use .NET Core base image 3.1.16 which addressed the following vulnerabilities:
108 | 
109 |   - CVE-2021-26701 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26701 )
110 |   - CVE-2021-24112 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24112 )
111 | 
112 | ### Breaking changes
113 | 
114 | None
115 | 
116 | ## Release - self-hosted gateway: 1.2.1
117 | 
118 | *April 22, 2021*
119 | 
120 | New **stable** version of the [self-hosted gateway](https://aka.ms/apim/shgw/overview) is now available. Full list of container versions can be found [here](https://mcr.microsoft.com/v2/azure-api-management/gateway/tags/list).
121 | 
122 | ### New
123 | 
124 | None
125 | 
126 | ### Bug fixes
127 | 
128 | - Plugged a memory leak in the backend response content processing logic.
129 | 
130 | ### Breaking changes
131 | 
132 | None
133 | 
134 | ## Release - self-hosted gateway: 1.2.0
135 | 
136 | *April 20, 2021*
137 | 
138 | New **stable** version of the [self-hosted gateway](https://aka.ms/apim/shgw/overview) is now available. Full list of container versions can be found [here](https://mcr.microsoft.com/v2/azure-api-management/gateway/tags/list).
139 | 
140 | ### New
141 | 
142 | 1. Support for Kubernetes Ingress object - see https://github.com/Azure/api-management-self-hosted-gateway-ingress.
143 | 
144 | ### Bug fixes
145 | 
146 | None
147 | 
148 | ### Breaking changes
149 | 
150 | None
151 | 
152 | ## Release - self-hosted gateway: 1.1.3
153 | 
154 | *February 18, 2021*
155 | 
156 | New **stable** version of the [self-hosted gateway](https://aka.ms/apim/shgw/overview) is now available. Full list of container versions can be found [here](https://mcr.microsoft.com/v2/azure-api-management/gateway/tags/list).
157 | 
158 | ### New
159 | 
160 | 1. Updated with support for [Dapr](https://dapr.io) [1.0 release](https://blog.dapr.io/posts/2021/02/17/announcing-dapr-v1.0/).
161 | 
162 | ### Bug fixes
163 | 
164 | None
165 | 
166 | ### Breaking changes
167 | 
168 | None
169 | 
170 | ## Release - self-hosted gateway: 1.1.2
171 | 
172 | *December 18, 2020*
173 | 
174 | New **stable** version of the [self-hosted gateway](https://aka.ms/apim/shgw/overview) is now available. Full list of container versions can be found [here](https://mcr.microsoft.com/v2/azure-api-management/gateway/tags/list).
175 | 
176 | ### New
177 | 
178 | None
179 | 
180 | ### Bug fixes
181 | 
182 | 1. Rate limit policy throttling at a lower than configured rate.
183 | 
184 | ### Breaking changes
185 | 
186 | None
187 | 
188 | ## Release - self-hosted gateway: 1.1.1
189 | 
190 | *November 3, 2020*
191 | 
192 | New **stable** version of the [self-hosted gateway](https://aka.ms/apim/shgw/overview) is now available. Full list of container versions can be found [here](https://mcr.microsoft.com/v2/azure-api-management/gateway/tags/list).
193 | 
194 | ### New
195 | 
196 | None
197 | 
198 | ### Bug fixes
199 | 
200 | 1. TLS connection to upstream is unexpectedly terminated under certain conditions.
201 | 
202 | ### Breaking changes
203 | 
204 | None
205 | 
206 | ## Release - self-hosted gateway: 1.1.0
207 | 
208 | *October 14, 2020*
209 | 
210 | New **stable** version of the [self-hosted gateway](https://aka.ms/apim/shgw/overview) is now available. Full list of container versions can be found [here](https://mcr.microsoft.com/v2/azure-api-management/gateway/tags/list).
211 | 
212 | ### New
213 | 
214 | 1. Migrated to [.NET Core 3.1](https://docs.microsoft.com/dotnet/core/whats-new/dotnet-core-3-1).
215 | 2. Migrated to [mcr.microsoft.com/dotnet/core/aspnet:3.1.8-alpine3.12]() base image.
216 | 
217 | ### Bug fixes
218 | 
219 | 1. Connection closed (not re-used) when empty response is received from the upstream.
220 | 2. External cache selection is not updated when self-hosted gateway location is changed.
221 | 
222 | ### Breaking changes
223 | 
224 | None
225 | 


--------------------------------------------------------------------------------
/media/apim-logo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Azure/API-Management/aa6ca0f8b9b16fd191bda0b1d5e6f939de74f731/media/apim-logo.png


--------------------------------------------------------------------------------
/media/button.svg:
--------------------------------------------------------------------------------
 1 | <svg fill="none" width="200" height="40" xmlns="http://www.w3.org/2000/svg">
 2 |   <foreignObject width="100%" height="100%">
 3 |     <style>
 4 |         div {
 5 |             background-color: #0078d4;
 6 |             color: #fff;
 7 |             padding: 10px 20px;
 8 |             text-align: center;
 9 |             display: inline-block;
10 |             font-family: sans-serif;
11 |             font-size: .9em;
12 |         }
13 |     </style>
14 |     <div xmlns="http://www.w3.org/1999/xhtml">
15 |       Browse release notes
16 |     </div>
17 |   </foreignObject>
18 | </svg>


--------------------------------------------------------------------------------
/open-source-policies/CODE_OF_CONDUCT.md:
--------------------------------------------------------------------------------
 1 | # Microsoft Open Source Code of Conduct
 2 | 
 3 | This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
 4 | 
 5 | Resources:
 6 | 
 7 | - [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/)
 8 | - [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/)
 9 | - Contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with questions or concerns
10 | 


--------------------------------------------------------------------------------
/open-source-policies/CONTRIBUTIONS.md:
--------------------------------------------------------------------------------
 1 | # Contributions
 2 | 
 3 | This project welcomes contributions and suggestions.  Most contributions require you to agree to a
 4 | Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
 5 | the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
 6 | 
 7 | When you submit a pull request, a CLA bot will automatically determine whether you need to provide
 8 | a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions
 9 | provided by the bot. You will only need to do this once across all repos using our CLA.
10 | 
11 | This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
12 | For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or
13 | contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.


--------------------------------------------------------------------------------
/open-source-policies/LEGAL.MD:
--------------------------------------------------------------------------------
 1 | # Legal Notices
 2 | 
 3 | Microsoft and any contributors grant you a license to the Microsoft documentation and other content
 4 | in this repository under the [Creative Commons Attribution 4.0 International Public License](https://creativecommons.org/licenses/by/4.0/legalcode),
 5 | see the [LICENSE](LICENSE) file, and grant you a license to any code in the repository under the [MIT License](https://opensource.org/licenses/MIT), see the
 6 | [LICENSE-CODE](LICENSE-CODE) file.
 7 | 
 8 | Microsoft, Windows, Microsoft Azure and/or other Microsoft products and services referenced in the documentation
 9 | may be either trademarks or registered trademarks of Microsoft in the United States and/or other countries.
10 | The licenses for this project do not grant you rights to use any Microsoft names, logos, or trademarks.
11 | Microsoft's general trademark guidelines can be found at http://go.microsoft.com/fwlink/?LinkID=254653.
12 | 
13 | Privacy information can be found at https://privacy.microsoft.com/en-us/
14 | 
15 | Microsoft and any contributors reserve all other rights, whether under their respective copyrights, patents,
16 | or trademarks, whether by implication, estoppel or otherwise.


--------------------------------------------------------------------------------
/open-source-policies/LICENSE:
--------------------------------------------------------------------------------
  1 | Attribution 4.0 International
  2 | 
  3 | =======================================================================
  4 | 
  5 | Creative Commons Corporation ("Creative Commons") is not a law firm and
  6 | does not provide legal services or legal advice. Distribution of
  7 | Creative Commons public licenses does not create a lawyer-client or
  8 | other relationship. Creative Commons makes its licenses and related
  9 | information available on an "as-is" basis. Creative Commons gives no
 10 | warranties regarding its licenses, any material licensed under their
 11 | terms and conditions, or any related information. Creative Commons
 12 | disclaims all liability for damages resulting from their use to the
 13 | fullest extent possible.
 14 | 
 15 | Using Creative Commons Public Licenses
 16 | 
 17 | Creative Commons public licenses provide a standard set of terms and
 18 | conditions that creators and other rights holders may use to share
 19 | original works of authorship and other material subject to copyright
 20 | and certain other rights specified in the public license below. The
 21 | following considerations are for informational purposes only, are not
 22 | exhaustive, and do not form part of our licenses.
 23 | 
 24 |      Considerations for licensors: Our public licenses are
 25 |      intended for use by those authorized to give the public
 26 |      permission to use material in ways otherwise restricted by
 27 |      copyright and certain other rights. Our licenses are
 28 |      irrevocable. Licensors should read and understand the terms
 29 |      and conditions of the license they choose before applying it.
 30 |      Licensors should also secure all rights necessary before
 31 |      applying our licenses so that the public can reuse the
 32 |      material as expected. Licensors should clearly mark any
 33 |      material not subject to the license. This includes other CC-
 34 |      licensed material, or material used under an exception or
 35 |      limitation to copyright. More considerations for licensors:
 36 | 	wiki.creativecommons.org/Considerations_for_licensors
 37 | 
 38 |      Considerations for the public: By using one of our public
 39 |      licenses, a licensor grants the public permission to use the
 40 |      licensed material under specified terms and conditions. If
 41 |      the licensor's permission is not necessary for any reason--for
 42 |      example, because of any applicable exception or limitation to
 43 |      copyright--then that use is not regulated by the license. Our
 44 |      licenses grant only permissions under copyright and certain
 45 |      other rights that a licensor has authority to grant. Use of
 46 |      the licensed material may still be restricted for other
 47 |      reasons, including because others have copyright or other
 48 |      rights in the material. A licensor may make special requests,
 49 |      such as asking that all changes be marked or described.
 50 |      Although not required by our licenses, you are encouraged to
 51 |      respect those requests where reasonable. More_considerations
 52 |      for the public: 
 53 | 	wiki.creativecommons.org/Considerations_for_licensees
 54 | 
 55 | =======================================================================
 56 | 
 57 | Creative Commons Attribution 4.0 International Public License
 58 | 
 59 | By exercising the Licensed Rights (defined below), You accept and agree
 60 | to be bound by the terms and conditions of this Creative Commons
 61 | Attribution 4.0 International Public License ("Public License"). To the
 62 | extent this Public License may be interpreted as a contract, You are
 63 | granted the Licensed Rights in consideration of Your acceptance of
 64 | these terms and conditions, and the Licensor grants You such rights in
 65 | consideration of benefits the Licensor receives from making the
 66 | Licensed Material available under these terms and conditions.
 67 | 
 68 | 
 69 | Section 1 -- Definitions.
 70 | 
 71 |   a. Adapted Material means material subject to Copyright and Similar
 72 |      Rights that is derived from or based upon the Licensed Material
 73 |      and in which the Licensed Material is translated, altered,
 74 |      arranged, transformed, or otherwise modified in a manner requiring
 75 |      permission under the Copyright and Similar Rights held by the
 76 |      Licensor. For purposes of this Public License, where the Licensed
 77 |      Material is a musical work, performance, or sound recording,
 78 |      Adapted Material is always produced where the Licensed Material is
 79 |      synched in timed relation with a moving image.
 80 | 
 81 |   b. Adapter's License means the license You apply to Your Copyright
 82 |      and Similar Rights in Your contributions to Adapted Material in
 83 |      accordance with the terms and conditions of this Public License.
 84 | 
 85 |   c. Copyright and Similar Rights means copyright and/or similar rights
 86 |      closely related to copyright including, without limitation,
 87 |      performance, broadcast, sound recording, and Sui Generis Database
 88 |      Rights, without regard to how the rights are labeled or
 89 |      categorized. For purposes of this Public License, the rights
 90 |      specified in Section 2(b)(1)-(2) are not Copyright and Similar
 91 |      Rights.
 92 | 
 93 |   d. Effective Technological Measures means those measures that, in the
 94 |      absence of proper authority, may not be circumvented under laws
 95 |      fulfilling obligations under Article 11 of the WIPO Copyright
 96 |      Treaty adopted on December 20, 1996, and/or similar international
 97 |      agreements.
 98 | 
 99 |   e. Exceptions and Limitations means fair use, fair dealing, and/or
100 |      any other exception or limitation to Copyright and Similar Rights
101 |      that applies to Your use of the Licensed Material.
102 | 
103 |   f. Licensed Material means the artistic or literary work, database,
104 |      or other material to which the Licensor applied this Public
105 |      License.
106 | 
107 |   g. Licensed Rights means the rights granted to You subject to the
108 |      terms and conditions of this Public License, which are limited to
109 |      all Copyright and Similar Rights that apply to Your use of the
110 |      Licensed Material and that the Licensor has authority to license.
111 | 
112 |   h. Licensor means the individual(s) or entity(ies) granting rights
113 |      under this Public License.
114 | 
115 |   i. Share means to provide material to the public by any means or
116 |      process that requires permission under the Licensed Rights, such
117 |      as reproduction, public display, public performance, distribution,
118 |      dissemination, communication, or importation, and to make material
119 |      available to the public including in ways that members of the
120 |      public may access the material from a place and at a time
121 |      individually chosen by them.
122 | 
123 |   j. Sui Generis Database Rights means rights other than copyright
124 |      resulting from Directive 96/9/EC of the European Parliament and of
125 |      the Council of 11 March 1996 on the legal protection of databases,
126 |      as amended and/or succeeded, as well as other essentially
127 |      equivalent rights anywhere in the world.
128 | 
129 |   k. You means the individual or entity exercising the Licensed Rights
130 |      under this Public License. Your has a corresponding meaning.
131 | 
132 | 
133 | Section 2 -- Scope.
134 | 
135 |   a. License grant.
136 | 
137 |        1. Subject to the terms and conditions of this Public License,
138 |           the Licensor hereby grants You a worldwide, royalty-free,
139 |           non-sublicensable, non-exclusive, irrevocable license to
140 |           exercise the Licensed Rights in the Licensed Material to:
141 | 
142 |             a. reproduce and Share the Licensed Material, in whole or
143 |                in part; and
144 | 
145 |             b. produce, reproduce, and Share Adapted Material.
146 | 
147 |        2. Exceptions and Limitations. For the avoidance of doubt, where
148 |           Exceptions and Limitations apply to Your use, this Public
149 |           License does not apply, and You do not need to comply with
150 |           its terms and conditions.
151 | 
152 |        3. Term. The term of this Public License is specified in Section
153 |           6(a).
154 | 
155 |        4. Media and formats; technical modifications allowed. The
156 |           Licensor authorizes You to exercise the Licensed Rights in
157 |           all media and formats whether now known or hereafter created,
158 |           and to make technical modifications necessary to do so. The
159 |           Licensor waives and/or agrees not to assert any right or
160 |           authority to forbid You from making technical modifications
161 |           necessary to exercise the Licensed Rights, including
162 |           technical modifications necessary to circumvent Effective
163 |           Technological Measures. For purposes of this Public License,
164 |           simply making modifications authorized by this Section 2(a)
165 |           (4) never produces Adapted Material.
166 | 
167 |        5. Downstream recipients.
168 | 
169 |             a. Offer from the Licensor -- Licensed Material. Every
170 |                recipient of the Licensed Material automatically
171 |                receives an offer from the Licensor to exercise the
172 |                Licensed Rights under the terms and conditions of this
173 |                Public License.
174 | 
175 |             b. No downstream restrictions. You may not offer or impose
176 |                any additional or different terms or conditions on, or
177 |                apply any Effective Technological Measures to, the
178 |                Licensed Material if doing so restricts exercise of the
179 |                Licensed Rights by any recipient of the Licensed
180 |                Material.
181 | 
182 |        6. No endorsement. Nothing in this Public License constitutes or
183 |           may be construed as permission to assert or imply that You
184 |           are, or that Your use of the Licensed Material is, connected
185 |           with, or sponsored, endorsed, or granted official status by,
186 |           the Licensor or others designated to receive attribution as
187 |           provided in Section 3(a)(1)(A)(i).
188 | 
189 |   b. Other rights.
190 | 
191 |        1. Moral rights, such as the right of integrity, are not
192 |           licensed under this Public License, nor are publicity,
193 |           privacy, and/or other similar personality rights; however, to
194 |           the extent possible, the Licensor waives and/or agrees not to
195 |           assert any such rights held by the Licensor to the limited
196 |           extent necessary to allow You to exercise the Licensed
197 |           Rights, but not otherwise.
198 | 
199 |        2. Patent and trademark rights are not licensed under this
200 |           Public License.
201 | 
202 |        3. To the extent possible, the Licensor waives any right to
203 |           collect royalties from You for the exercise of the Licensed
204 |           Rights, whether directly or through a collecting society
205 |           under any voluntary or waivable statutory or compulsory
206 |           licensing scheme. In all other cases the Licensor expressly
207 |           reserves any right to collect such royalties.
208 | 
209 | 
210 | Section 3 -- License Conditions.
211 | 
212 | Your exercise of the Licensed Rights is expressly made subject to the
213 | following conditions.
214 | 
215 |   a. Attribution.
216 | 
217 |        1. If You Share the Licensed Material (including in modified
218 |           form), You must:
219 | 
220 |             a. retain the following if it is supplied by the Licensor
221 |                with the Licensed Material:
222 | 
223 |                  i. identification of the creator(s) of the Licensed
224 |                     Material and any others designated to receive
225 |                     attribution, in any reasonable manner requested by
226 |                     the Licensor (including by pseudonym if
227 |                     designated);
228 | 
229 |                 ii. a copyright notice;
230 | 
231 |                iii. a notice that refers to this Public License;
232 | 
233 |                 iv. a notice that refers to the disclaimer of
234 |                     warranties;
235 | 
236 |                  v. a URI or hyperlink to the Licensed Material to the
237 |                     extent reasonably practicable;
238 | 
239 |             b. indicate if You modified the Licensed Material and
240 |                retain an indication of any previous modifications; and
241 | 
242 |             c. indicate the Licensed Material is licensed under this
243 |                Public License, and include the text of, or the URI or
244 |                hyperlink to, this Public License.
245 | 
246 |        2. You may satisfy the conditions in Section 3(a)(1) in any
247 |           reasonable manner based on the medium, means, and context in
248 |           which You Share the Licensed Material. For example, it may be
249 |           reasonable to satisfy the conditions by providing a URI or
250 |           hyperlink to a resource that includes the required
251 |           information.
252 | 
253 |        3. If requested by the Licensor, You must remove any of the
254 |           information required by Section 3(a)(1)(A) to the extent
255 |           reasonably practicable.
256 | 
257 |        4. If You Share Adapted Material You produce, the Adapter's
258 |           License You apply must not prevent recipients of the Adapted
259 |           Material from complying with this Public License.
260 | 
261 | 
262 | Section 4 -- Sui Generis Database Rights.
263 | 
264 | Where the Licensed Rights include Sui Generis Database Rights that
265 | apply to Your use of the Licensed Material:
266 | 
267 |   a. for the avoidance of doubt, Section 2(a)(1) grants You the right
268 |      to extract, reuse, reproduce, and Share all or a substantial
269 |      portion of the contents of the database;
270 | 
271 |   b. if You include all or a substantial portion of the database
272 |      contents in a database in which You have Sui Generis Database
273 |      Rights, then the database in which You have Sui Generis Database
274 |      Rights (but not its individual contents) is Adapted Material; and
275 | 
276 |   c. You must comply with the conditions in Section 3(a) if You Share
277 |      all or a substantial portion of the contents of the database.
278 | 
279 | For the avoidance of doubt, this Section 4 supplements and does not
280 | replace Your obligations under this Public License where the Licensed
281 | Rights include other Copyright and Similar Rights.
282 | 
283 | 
284 | Section 5 -- Disclaimer of Warranties and Limitation of Liability.
285 | 
286 |   a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE
287 |      EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS
288 |      AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF
289 |      ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS,
290 |      IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION,
291 |      WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR
292 |      PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS,
293 |      ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT
294 |      KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT
295 |      ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU.
296 | 
297 |   b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE
298 |      TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION,
299 |      NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT,
300 |      INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES,
301 |      COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR
302 |      USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN
303 |      ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR
304 |      DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR
305 |      IN PART, THIS LIMITATION MAY NOT APPLY TO YOU.
306 | 
307 |   c. The disclaimer of warranties and limitation of liability provided
308 |      above shall be interpreted in a manner that, to the extent
309 |      possible, most closely approximates an absolute disclaimer and
310 |      waiver of all liability.
311 | 
312 | 
313 | Section 6 -- Term and Termination.
314 | 
315 |   a. This Public License applies for the term of the Copyright and
316 |      Similar Rights licensed here. However, if You fail to comply with
317 |      this Public License, then Your rights under this Public License
318 |      terminate automatically.
319 | 
320 |   b. Where Your right to use the Licensed Material has terminated under
321 |      Section 6(a), it reinstates:
322 | 
323 |        1. automatically as of the date the violation is cured, provided
324 |           it is cured within 30 days of Your discovery of the
325 |           violation; or
326 | 
327 |        2. upon express reinstatement by the Licensor.
328 | 
329 |      For the avoidance of doubt, this Section 6(b) does not affect any
330 |      right the Licensor may have to seek remedies for Your violations
331 |      of this Public License.
332 | 
333 |   c. For the avoidance of doubt, the Licensor may also offer the
334 |      Licensed Material under separate terms or conditions or stop
335 |      distributing the Licensed Material at any time; however, doing so
336 |      will not terminate this Public License.
337 | 
338 |   d. Sections 1, 5, 6, 7, and 8 survive termination of this Public
339 |      License.
340 | 
341 | 
342 | Section 7 -- Other Terms and Conditions.
343 | 
344 |   a. The Licensor shall not be bound by any additional or different
345 |      terms or conditions communicated by You unless expressly agreed.
346 | 
347 |   b. Any arrangements, understandings, or agreements regarding the
348 |      Licensed Material not stated herein are separate from and
349 |      independent of the terms and conditions of this Public License.
350 | 
351 | 
352 | Section 8 -- Interpretation.
353 | 
354 |   a. For the avoidance of doubt, this Public License does not, and
355 |      shall not be interpreted to, reduce, limit, restrict, or impose
356 |      conditions on any use of the Licensed Material that could lawfully
357 |      be made without permission under this Public License.
358 | 
359 |   b. To the extent possible, if any provision of this Public License is
360 |      deemed unenforceable, it shall be automatically reformed to the
361 |      minimum extent necessary to make it enforceable. If the provision
362 |      cannot be reformed, it shall be severed from this Public License
363 |      without affecting the enforceability of the remaining terms and
364 |      conditions.
365 | 
366 |   c. No term or condition of this Public License will be waived and no
367 |      failure to comply consented to unless expressly agreed to by the
368 |      Licensor.
369 | 
370 |   d. Nothing in this Public License constitutes or may be interpreted
371 |      as a limitation upon, or waiver of, any privileges and immunities
372 |      that apply to the Licensor or You, including from the legal
373 |      processes of any jurisdiction or authority.
374 | 
375 | 
376 | =======================================================================
377 | 
378 | Creative Commons is not a party to its public
379 | licenses. Notwithstanding, Creative Commons may elect to apply one of
380 | its public licenses to material it publishes and in those instances
381 | will be considered the “Licensor.” The text of the Creative Commons
382 | public licenses is dedicated to the public domain under the CC0 Public
383 | Domain Dedication. Except for the limited purpose of indicating that
384 | material is shared under a Creative Commons public license or as
385 | otherwise permitted by the Creative Commons policies published at
386 | creativecommons.org/policies, Creative Commons does not authorize the
387 | use of the trademark "Creative Commons" or any other trademark or logo
388 | of Creative Commons without its prior written consent including,
389 | without limitation, in connection with any unauthorized modifications
390 | to any of its public licenses or any other arrangements,
391 | understandings, or agreements concerning use of licensed material. For
392 | the avoidance of doubt, this paragraph does not form part of the
393 | public licenses.
394 | 
395 | Creative Commons may be contacted at creativecommons.org.


--------------------------------------------------------------------------------
/open-source-policies/LICENSE-CODE:
--------------------------------------------------------------------------------
 1 |     MIT License
 2 | 
 3 |     Copyright (c) Microsoft Corporation.
 4 | 
 5 |     Permission is hereby granted, free of charge, to any person obtaining a copy
 6 |     of this software and associated documentation files (the "Software"), to deal
 7 |     in the Software without restriction, including without limitation the rights
 8 |     to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 |     copies of the Software, and to permit persons to whom the Software is
10 |     furnished to do so, subject to the following conditions:
11 | 
12 |     The above copyright notice and this permission notice shall be included in all
13 |     copies or substantial portions of the Software.
14 | 
15 |     THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 |     IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 |     FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 |     AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 |     LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 |     OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 |     SOFTWARE
22 | 


--------------------------------------------------------------------------------
/open-source-policies/SECURITY.md:
--------------------------------------------------------------------------------
 1 | <!-- BEGIN MICROSOFT SECURITY.MD V0.0.5 BLOCK -->
 2 | 
 3 | ## Security
 4 | 
 5 | Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/).
 6 | 
 7 | If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://docs.microsoft.com/en-us/previous-versions/tn-archive/cc751383(v=technet.10)), please report it to us as described below.
 8 | 
 9 | ## Reporting Security Issues
10 | 
11 | **Please do not report security vulnerabilities through public GitHub issues.**
12 | 
13 | Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://msrc.microsoft.com/create-report).
14 | 
15 | If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com).  If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://www.microsoft.com/en-us/msrc/pgp-key-msrc).
16 | 
17 | You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://www.microsoft.com/msrc). 
18 | 
19 | Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
20 | 
21 |   * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
22 |   * Full paths of source file(s) related to the manifestation of the issue
23 |   * The location of the affected source code (tag/branch/commit or direct URL)
24 |   * Any special configuration required to reproduce the issue
25 |   * Step-by-step instructions to reproduce the issue
26 |   * Proof-of-concept or exploit code (if possible)
27 |   * Impact of the issue, including how an attacker might exploit the issue
28 | 
29 | This information will help us triage your report more quickly.
30 | 
31 | If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://microsoft.com/msrc/bounty) page for more details about our active programs.
32 | 
33 | ## Preferred Languages
34 | 
35 | We prefer all communications to be in English.
36 | 
37 | ## Policy
38 | 
39 | Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/en-us/msrc/cvd).
40 | 
41 | <!-- END MICROSOFT SECURITY.MD BLOCK -->


--------------------------------------------------------------------------------