Otoroshi 17.12 is available with JWT Verification, new WAF engine and plugin improvements
Otoroshi v17.12 is available with multiple improvements. It brings JWT verification support based on the settings of an OIDC authentication module with optional user session extraction through OIDCJwtVerifier. The release also allows Fail2Ban to be triggered by other plugins that can’t use the requestError phase.
This version also integrates a new WAF engine providing JVM-native implementation of ModSecurity SecLang with the OWASP Core Rule Set included. This eliminates binary dependencies and simplifies deployment in containerized environments, with flexible modes for comprehensive WAF inspection or lightweight request validation.
For plugin developers, this version introduces various internal improvements: Monaco editor support in classic forms for enhanced code editing experience, provider helpers to create customizable errors in plugins, and the ability to always display plugins even if missing from the JS plugins list.
This release includes LLM extensions 0.0.68 and 0.0.69, bringing OpenResponses-compatible endpoints for standardized LLM response handling through the OpenResponses framework. These versions embed rate limit and budget consumption data in GatewayEvents and LLMAuditEvents for enhanced tracking, and support exposing any model with an Anthropic API compatible format.
You can update through add-on’s dashboard in the Clever Cloud Console. You can also set CC_OTOROSHI_VERSION of the underlying Java application to v17.12.0_1769783775 and rebuild it, or use Clever Tools:
clever features enable operators
clever otoroshi version check yourOtoroshiNameOrId
clever otoroshi version update yourOtoroshiNameOrId
clever otoroshi version update yourOtoroshiNameOrId v17.12.0_1769783775