Update gateway.mdx

Author: JoanCamosTyk

developer-support/release-notes/gateway.mdx

@@ -1516,8 +1516,20 @@ The Gateway and Plugin Compiler have been updated to Go 1.25, providing improved
 For a comprehensive list of changes, please refer to the detailed [changelog](#Changelog-v5.8.14) below.
 
 #### Breaking Changes
+**1. Query parameter handling in Tyk internal loops (tyk://) now requires explicit configuration**
+
+In Tyk Gateway version 5.8.14, we have fixed inconsistent query parameter behavior in URL rewrites using Tyk internal loops (`tyk://api-id/path`). Previously, query parameters added to the `rewrite_to` URL were silently dropped, while original request parameters were automatically preserved. This behavior was inconsistent with standard HTTP URL rewrites and prevented proper parameter transformation during internal API routing.
+
+**Impact**
+- Original request query parameters are no longer automatically forwarded through internal loops
+- Existing URL rewrite configurations may lose query parameters that were previously passed through automatically
+- APIs relying on automatic parameter forwarding will receive incomplete requests
+
+**Migration Required**
+Update your URL rewrite configurations to explicitly include any original query parameters you want to preserve. For example:
+- **Before:** `"rewrite_to": "tyk://api-123/endpoint"` (original params auto-forwarded)
+- **After:** `"rewrite_to": "tyk://api-123/endpoint?param1=$tyk_context.request_data.param1"`
 
-There are no breaking changes in this release.
 
 #### Dependencies
 <a id="dependencies-5.8.14"></a>
@@ -1580,10 +1592,28 @@ Updated the Tyk Gateway and Plugin Compiler to use Go 1.25, ensuring compatibili
 
 <AccordionGroup>
 
-(TBR!!!!)<Accordion title='Fixed Log Level for Client TLS Certificate Requirement Errors'>
+<Accordion title='Fixed Log Level for Client TLS Certificate Requirement Errors'>
 Resolved an issue where "Client TLS certificate is required" errors were logged at WARNING level, creating unnecessary noise in production logs. Previously, these common client-side authentication failures generated excessive warning-level log entries that could trigger false alerts and obscure more critical issues. The Gateway now logs these authentication failures at INFO level, maintaining security visibility while reducing log noise and alert fatigue for operations teams.
 </Accordion>
 
+<Accordion title='Fixed malformed responses from Go plugins returning error status codes'>
+Resolved an issue where Go plugins returning error status codes caused duplicate `response.WriteHeader` calls, resulting in malformed response bodies that concatenated the original plugin response with additional Gateway error messages. 
+
+The Gateway now properly handles plugin-generated error responses without double-writing headers, ensuring response bodies contain only the original plugin content and eliminating superfluous WriteHeader warnings in logs.
+</Accordion>
+
+<Accordion title='Fixed query parameter handling in Tyk internal loops (tyk://)'>
+Resolved inconsistent query parameter handling in URL rewrites using Tyk internal loops (`tyk://api-id/path`). Previously, custom query parameters specified in the `rewrite_to` URL were silently dropped, while original request parameters were unexpectedly preserved.
+
+**What's Fixed:**
+- Query parameters explicitly added to `rewrite_to` URLs are now correctly passed to target APIs
+- Control parameters (`method`, `loop_limit`, `check_limits`) are properly consumed and removed
+- Behavior now matches standard HTTP URL rewrites for consistency
+
+Original request query parameters are no longer automatically forwarded through internal loops. Update your URL rewrite configurations to explicitly include any required parameters in the `rewrite_to` URL.
+
+</Accordion>
+
 <Accordion title='Fixed Client mTLS Authentication Between Tyk Gateways'>
 Resolved an issue where a Tyk Gateway acting as a client (using upstream mTLS) would fail to authenticate against another mTLS-protected Tyk Gateway or upstream server, resulting in `HTTP 403 Forbidden: "Client TLS certificate is required"` errors.