WHY GARTNER’S “CONTEXT MESH” CHANGES EVERYTHING AI CONNECTIVITY: THE ROAD AHEAD DON’T MISS API + AI SUMMIT 2026 SEPT 30 – OCT 1
We're Entering the Age of AI Connectivity [Read more](/blog/news/the-age-of-ai-connectivity)Read moreProducts & Agents:
[Product Releases](/blog/product-releases)Product Releases
August 26, 2021
2 min read

# Kuma 1.3 and Kong Mesh 1.4 Released With Service Map, CA Rotation, mTLS Permissive and 10+ features.

Marco Palladino
CTO and Co-Founder of Kong

We are happy to announce a new major release of Kuma, and a new major release of Kong Mesh built on Kuma! Kuma 1.3 ships with 10+ new features and countless improvements. Kong Mesh ships we enterprise capabilities for large scale service mesh deployments.

We strongly suggest to upgrade, in order to take advantage of the latest and greatest when it comes to service mesh.

## Improvements in Kuma 1.3 and Mesh 1.4

  • - 🚀 Kong Mesh ships with a new fully automated CA rotation when mTLS is enabled that – in addition to the pre-existing mTLS data plane proxy certificate rotation – fully automates the entire lifecycle of managing TLS and zero-trust in a service mesh. With the new CA rotation, Kong Mesh will automatically replace CAs in a “Mesh” resource without downtime and it will automatically re-provision the data plane proxy certificates with the new CA. [Read more](https://docs.konghq.com/mesh/1.4.x/features/ca-rotation)Read more.
  • - 🚀 We are finally shipping a service map topology view that will visualize all of our service traffic dependencies in a visual way, with information such as number of requests and error rates. This new feature ships as a new official Grafana dashboard and can be automatically installed by running kumactl install metrics:

  • - 🚀 Kuma finally supports mTLS in “permissive” mode, in addition to the traditional “strict” mode. This new mode allows for an easier migration of existing applications into the service mesh, by allowing more flexibility into how the data plane proxy certificates are being validated on incoming requests. Below an example on Kubernetes:
apiVersion: kuma.io/v1alpha1
kind: Mesh
metadata:
  name: default
spec:
  mtls:
    enabledBackend: ca-1
    backends:
      - name: ca-1
        type: builtin
        mode: PERMISSIVE # or STRICT
  • - 🚀 A new “Virtual Outbound” policy to customize hostnames and ports when communicating with data plane proxies.
  • - We have improved support for intermediate CAs when using mTLS.
  • - Improved SNI support for ExternalServices.

For a complete list of features and updates, take a look at the [full changelog](https://docs.konghq.com/mesh/changelog)full changelog.

## Upgrading

Be sure to carefully read the [Upgrade Guide](https://github.com/kumahq/kuma/blob/master/UPGRADE.md)Upgrade Guide before upgrading Kuma.
**Topics**
- [Service Mesh](/blog/tag/service-mesh)Service Mesh- [Kuma](/blog/tag/kuma)Kuma
Marco Palladino
CTO and Co-Founder of Kong

Recommended posts

# Kuma 1.7.0 and Kong Mesh 1.8.0 Released with Builtin Gateway

[Product Releases](/blog)Product Releases

We’re excited to announce the latest release for both Kuma and Kong Mesh. This cycle, we focused on simplifying enterprise-wide mesh deployments. We strongly suggest upgrading, in order to take advantage of the latest and greatest when it comes to s

Marco Palladino
[](https://konghq.com/blog/product-releases/kuma-1-7-0-and-kong-mesh-1-8-0-released-with-builtin-gateway-for-cross-mesh-communication-arm-support-cert-manger-and-more)

## Ready to see Kong in action?

Get a personalized walkthrough of Kong's platform tailored to your architecture, use cases, and scale requirements.

[Get a Demo](/contact-sales)Get a Demo