| title | Tyk Identity Broker Release Notes |
|---|---|
| description | Release notes documenting updates, enhancements, and changes for Tyk Identity Broker versions within the 1.6.x series. |
| keywords | Tyk Identity Broker, Release notes, changelog, v1.6, 1.6.1, 1.7.1 |
| sidebarTitle | Tyk Identity Broker |
Open Source (Mozilla Public License)
This page contains all release notes for Tyk Identity Broker displayed in a reverse chronological order
Our minor releases are supported until our next minor comes out.
Tyk Identity Broker has been updated to Go 1.25 for enhanced security and performance.
For a comprehensive list of changes, please refer to the detailed changelog below.
This release has no breaking changes.
| Third Party Dependency | Tested Versions | Compatible Versions | Comments |
|---|---|---|---|
| GoLang | 1.25 | 1.25 | All our binaries |
| MongoDB | 5.x, 6.x, 7.0 | 4.4.x, 5.x, 6.x and 7.0.x | Used by Tyk Identity Broker |
| Redis | 6.x - 7.0 | 6.x - 7.0 | Used by Tyk Identity Broker |
Given the time difference between your upgrade and the release of this version, we recommend customers verify the ongoing support of third-party dependencies they install, as their status may have changed since the release.
There are no deprecations in this release.
For users currently on v1.7.0, we strongly recommend promptly upgrading to the latest release. If you are working with an older version (lower major), it is advisable to bypass version 1.7.0 and proceed directly to this latest patch release.
Go to the Upgrading Tyk section for detailed upgrade Instructions.
- Docker image to pull
docker pull tykio/tyk-identity-broker:v1.7.1 - source code tarball for oss projects - TIB v1.7.1
- CVE-2026-33186</a
- CVE-2025-47913</a
- CVE-2026-33487
- CVE-2026-32285
- CVE-2025-22868
- CVE-2025-30204
- CVE-2024-45338
- CVE-2025-10543
- CVE-2025-22870
- CVE-2025-22872
- CVE-2025-27144
- CVE-2025-47911
- CVE-2025-47914
- CVE-2025-58181
- CVE-2025-58190
- CVE-2026-34986
- CVE-2026-39883
- CVE-2026-39882
- CVE-2024-51744
- CVE-2025-29923
This release introduces enhancements to TIB, improving group-based permission mapping, adding support for proxy settings from environment variables, and allowing dynamic state values in the OAuth2 flow.
For a comprehensive list of changes, please refer to the detailed changelog below.
This release has no breaking changes.
| Third Party Dependency | Tested Versions | Compatible Versions | Comments |
|---|---|---|---|
| GoLang | 1.21 | 1.21 | All our binaries |
| MongoDB | 5.x, 6.x, 7.0 | 4.4.x, 5.x, 6.x and 7.0.x | Used by Tyk Identity Broker |
| Redis | 6.x - 7.0 | 6.x - 7.0 | Used by Tyk Identity Broker |
Given the time difference between your upgrade and the release of this version, we recommend customers verify the ongoing support of third-party dependencies they install, as their status may have changed since the release.
There are no deprecations in this release.
For users currently on v1.6.0, we strongly recommend promptly upgrading to the latest release. If you are working with an older version (lower major), it is advisable to bypass version 1.6.0 and proceed directly to this latest patch release.
Go to the Upgrading Tyk section for detailed upgrade Instructions.
- Docker image to pull
docker pull tykio/tyk-identity-broker:v1.7.0 - source code tarball for oss projects - TIB v1.7.0
{/* Required. Use similar ToV to previous release notes. For example for a patch release: This release primarily focuses on bug fixes. For a comprehensive list of changes, please refer to the detailed changelog below. */}
This release introduces JSON Web Encryption (JWE) support for OpenID Connect (OIDC) Single Sign-On (SSO) in the Tyk Identity Broker (TIB). With this enhancement, organizations can achieve greater security for token handling during authentication flows. JWE token validation and processing are now seamlessly integrated, offering configurable private key support for decryption.
{/* Required. Use the following statement if there are no breaking changes, or explain if there are */} This release has no breaking changes.
{/* The following "Changed error log messages" section is Optional! Instructions: We should mention ALL changes in our application log messages in the changelog section. In case we made such changes, this section should also be added, to make sure the users don't miss this notice among other changelog lines. /} {/ ##### Changed error log messages Important for users who monitor Tyk components using the application logs (i.e. Tyk Gateway log, Tyk Dashboard log, etc.). We try to avoid making changes to our log messages, especially at error and critical levels. However, sometimes it's necessary. Please find the list of changes made to the application log in this release: */}
{/* The following "|Planned Breaking Changes" section is optional! Announce future scheduled breaking changes, e.g. Go version updates, DB driver updates, etc. /} {/ ##### Planned Breaking Changes */}
{/* Required. Use this section to announce the following types of dependencies compatible with the release:
Version compatibility with other components in the Tyk stack. This takes the form of a compatibility matrix and is only required for Gateway and Portal.
3rd party dependencies and tools */}
{/* Required. Third-party dependencies encompass tools (GoLang, Helm etc.), databases (PostgreSQL, MongoDB etc.) and external software libraries. This section should be a table that presents the third-party dependencies and tools compatible with the release. Compatible is used in the sense of those versions tested with the releases. Such information assists customers considering upgrading to a specific release.
Additionally, a disclaimer statement was added below the table, for customers to check that the third-party dependency they decide to install remains in support.
An example is given below for illustrative purposes only. Tested Versions and Compatible Versions information will require discussion with relevant squads and QA. */}
| Third Party Dependency | Tested Versions | Compatible Versions | Comments |
|---|---|---|---|
| GoLang | 1.21 | 1.21 | All our binaries |
| MongoDB | 5.x, 6.x, 7.0 | 4.4.x, 5.x, 6.x and 7.0.x | Used by Tyk Identity Broker |
| Redis | 6.x - 7.0 | 6.x - 7.0 | Used by Tyk Identity Broker |
Given the time difference between your upgrade and the release of this version, we recommend customers verify the ongoing support of third-party dependencies they install, as their status may have changed since the release.
{/* Required. Use the following statement if there are no deprecations, or explain if there are */} There are no deprecations in this release.
{/* Optional section! Used to share and notify users about our plan to deprecate features, configs etc. Once you put an item in this section, we must keep this item listed in all the following releases till the deprecation happens. /} {/ ###### Future deprecations */}
{/* Required. For patches release (Z>0) use this: */}
For users currently on v1.6.0, we strongly recommend promptly upgrading to the latest release. If you are working with an older version (lower major), it is advisable to bypass version 1.6.0 and proceed directly to this latest patch release.
Go to the Upgrading Tyk section for detailed upgrade Instructions.
- Docker image to pull
docker pull tykio/tyk-identity-broker:v1.6.1 - source code tarball for oss projects - TIB v1.6.1
{/* Required. The change log should include the following ordered set of sections below that briefly summarise the features, updates and fixed issues of the release.
Here it is important to explain the benefit of each changelog item. As mentioned by James in a previous Slack message (https://tyktech.slack.com/archives/C044R3ZTN6L/p1686812207060839?thread_ts=1686762128.651249&cid=C044R3ZTN6L): "...it is important to document the customer impact for the work delivered, so we can share it with prospects/install base. For example: "New Chart delivers x and y benefit to a and b customer use cases. The business impact for them will be this and that" */}
{/* This section should be a bullet point list of new features. Explain:
- The purpose of the new feature
- How does the new feature benefit users?
- Link to documentation of the new feature
- For OSS - Link to the corresponding issue if possible on GitHub to allow the users to see further info.
Each change log item should be expandable. The first line summarises the changelog entry. It should be then possible to expand this to reveal further details about the changelog item. This is achieved using HTML as shown in the example below. */}
This release adds support for JSON Web Encryption (JWE) in OIDC Single Sign-On (SSO) with TIB, providing enhanced security for token handling in authentication flows. This feature enables processing and validation of JWE tokens, with configuration options for setting the private key required for decryption.For more details, refer to the OIDC SSO with JWE documentation.
{/* Repeat the release notes section above for every patch here */}
{/* The footer of the release notes page. It contains a further information section with details of how to upgrade Tyk, links to API documentation and FAQs. You can copy it from the previous release. */}
Please refer to the upgrading Tyk page for further guidance on the upgrade strategy.
Please visit our Developer Support page for further information relating to reporting bugs, upgrading Tyk, technical support and how to contribute.