CVE-2026-39999 matters to anyone fronting services with Apache APISIX and the jwt-auth plugin. The authentication-bypass-by-spoofing flaw spans versions 2.2 through 3.16.0, a range broad enough that long-running production gateways are likely in scope. Upgrading to 3.17.0 closes it; the advisory claims CVSS v4.0 7.0. Beyond patching, do you have a way to detect spoofed tokens that already got through?
#APISIX #security
The Apache APISIX project published CVE-2026-39999 on June 19, 2026: an authentication-bypass-by-spoofing flaw in the jwt-auth plugin. It affects versions 2.2 through 3.16.0 and is fixed in 3.17.0, with a claimed CVSS v4.0 score of 7.0. If your API gateway leans on jwt-auth to keep callers out, this one moves to the top of the patch queue. What is your rollback plan if 3.17.0 changes plugin behavior?
#APISIX #security

[Перевод] Как вырасти до 2000 тенантов: почему Sealos перешла с Nginx на Envoy

Sealos Cloud столкнулась с критическими проблемами при работе с Nginx Ingress в кластерах с большим числом пользователей. В статье — подробный рассказ о поиске нового, более подходящего API-шлюза.

https://habr.com/ru/companies/flant/articles/917216/

#kubernetes #nginx #envoy #envoyproxy #ingress #higress #api_gateway #шлюз_api #cilium_gateway #apisix

Как вырасти до 2000 тенантов: почему Sealos перешла с Nginx на Envoy

Команда Sealos Cloud успешно разобралась в запутанном мире популярных опенсорсных API-шлюзов. Мы перевели статью, в которой компания помогает понять, с какими вызовами можно столкнуться при выборе...

Хабр

Bych nečekal, že největší problém s celým #APISIX bude rozjet tam pořádně podporu SSL. 😐 Se asi začnu učit Lua, abych z kódu pochopil, co je vlastně špatně.

init.lua:212: http_ssl_client_hello_phase(): failed to match any SSL certificate by SNI: apisix, context: ssl_client_hello_by_lua*, client: 172.22.0.1, server: 0.0.0.0:9443

In June, I was at a talk by @frankel at Devconf where he talked about #APISIX, and I thought "hmm, this could be useful".
And a month later I'm starting a prototype to try out APISIX on, and we'll probably want to use it as an API Gateway with #Keycloak.
Sometimes those conferences are useful, it seems!

#技术栈黑名单 #APISIX 技术没多好,瓜倒是不少

=========

再一次见证了一些“开源”商业公司的下限
在公司实习生对其余开源项目贡献代码后,公司 CEO 在 PR 下回复说,这个PR属于公司商业产权,要求关闭 PR。
与此同时,要求 HR 追回已离职实习生当天薪资
真是开了眼界了(

https://twitter.com/Manjusaka_Lee/status/1775380071496421819?s=19

NadeshikoManju@摇曳露营 S3 2023年四月放送 (@Manjusaka_Lee) on X

https://t.co/cUT9Zbrzzt 再一次见证了一些“开源”商业公司的下限 在公司实习生对其余开源项目贡献代码后,公司 CEO 在 PR 下回复说,这个PR属于公司商业产权,要求关闭 PR。 与此同时,要求 HR 追回已离职实习生当天薪资 真是开了眼界了(

X (formerly Twitter)
Apache APISIX を触ってみる - Qiita

この記事の目的以下の記事で Kong Gateway の公式ドキュメントを読んで動作確認を行いました.https://qiita.com/caunu-s/items/636aff1d04778f…

Qiita
Resizing images on-the-fly

As a web architect, one of the many issues is asset management. And the most significant issue in assets is images. A naive approach would be to set an image and let the browser resize the image via CSS: img { height: 100%; width: 100%; object-fit: contain; } However, it means that you download the original image. It entails two problems: the size of the original image and the suboptimal browser-based resizing. This post will cover two alternatives: traditional and brand-new s

A Java geek
System Architecture: Move Authentication to the API Gateway

When exposing an application to the outside world, consider a Reverse-Proxy or an API Gateway to protect it from attacks.

foojay
Apache APISIX is a high-performance API gateway with enough #MQTT protocol awareness to do loadbalancing based on the MQTT ClientID.
You have to terminate TLS on Apisix to allow for protocol awareness.
#MQTT #VerneMQ #ApacheApisix #apisix
https://github.com/apache/apisix
GitHub - apache/apisix: The Cloud-Native API Gateway

The Cloud-Native API Gateway. Contribute to apache/apisix development by creating an account on GitHub.

GitHub