We're thrilled to announce the general availability of Kong Gateway Enterprise 3.6. This version brings security, efficiency, and standards conformance to enterprise applications. Plus, Kong AI Gateway, which you can learn more about here. Let’s dive into the enhancements and explore the tangible benefits these features bring your organization.

Security enhancements: Enable a Zero Trust model

• mTLS client Authentication in OpenID Connect plugin: With 3.6, you can now establish a zero trust architecture more effectively. By enabling mutual TLS (mTLS) client authentication, Kong Gateway ensures secure and trusted communication between your API gateway and Identity Providers. This enhancement not only bolsters your security posture, but also streamlines identity verification processes and enhances overall system reliability.

Efficiency gains: Streamlining operations and workflows

• AppRole Authentication for Hashicorp Vault: Kong Gateway 3.6 introduces AppRole Authentication for Hashicorp Vault. AppRole Authentication is specifically designed for automated workflows. This feature complements existing Kubernetes authentication and client ID/secret authentication methods, offering a more robust and flexible approach to secrets management. The integration with Hashicorp Vault via AppRole streamlines access management, significantly reducing the time and effort required for secure operations.

• Expanded Consumer-Groups scoped plugins: Building on the foundation set in version 3.4, Kong Gateway 3.6 release expands the range of plugins supporting Consumer Groups. This enhancement simplifies API ecosystem management by allowing better organization and categorization of consumers (which in the Kong configuration model represent API clients). The expansion of Consumer Groups to plugins like ACL, Proxy Cache, Rate Limiting, and more, translates into less overhead for developers and adherence to DRY (Don’t Repeat Yourself) principles, making your API management more efficient and less prone to errors. Less configuration is required when you group similar Kong Consumers into Consumer Groups.

Conformance and compliance: Setting industry standards

• FIPS-Certified Kong Gateway Enterprise: Achieving FIPS certification demonstrates our commitment to high-security standards. The Kong Cryptographic Module v1.0.0, integral to Kong Gateway Enterprise 3.6, has been rigorously tested and validated under NIST’s Cryptographic Algorithm Validation Program (CAVP). This certification ensures that your data is protected by industry-approved cryptographic algorithms, providing peace of mind and meeting stringent compliance requirements.

Performance benchmarks: Transparency and trust 

• Detailed Performance Benchmarks: Understanding the importance of performance in enterprise environments, we're releasing comprehensive benchmarks for Kong Gateway. These benchmarks, along with our testing methodology, offer clear insights into the performance capabilities of our gateway. Additionally, we're open-sourcing the entire testing framework on GitHub, fostering transparency and community collaboration. 

Kong Gateway Enterprise 3.6 is more than just an update — it's a strategic enhancement to your enterprise's security, efficiency, and compliance posture. We're excited for you to experience these benefits firsthand and look forward to your feedback as we continue to innovate and lead in the API management space.

Next steps

Begin your journey with Kong Gateway 3.6 by signing up for Kong Konnect for free!

If you’re interested in Kong Gateway Enterprise 3.6, you can download it for free here. To explore the comprehensive list of features, fixes, and updates, please see the Docs and the CHANGELOG.