All release notes
v10.29.0v10.31.0
2025-08-28

v10.30.0

Summary

  • HTTP2 support for HTTP Backend and HTTP Servers

  • Configuration directory support - pass directory to -c, loads all *.radconf files recursively with numeric prefix ordering

  • Format strings support in OAuth2 client credential flows (e.g., vars in token-url)

  • Status code and headers mapping in HTTP Backend

  • RADIATOR_CONFIGURATION_FILE environment variable for specifying config file

  • Add radiator-client --timeout option, increase default timeout from 1 to 5 seconds

  • Improve debug statement - multivalue attributes now pretty-printed as JSON arrays

  • Mask HTTP Management Errors - responses now only show status codes, full errors logged with X-Context-Id header for correlation

  • JSON log format support for application files with --json-log-format flag or json_log keyword

  • Prometheus metrics export endpoint at /api/v1/metrics/prometheus

  • Add TimeSpentMicros (microseconds) metrics across handlers, policies, servers, and backends

  • JSON log format support for syslog

  • Full configuration checking with --test <level> command line option

  • Format configuration filenames as <filename>:<line num> on parsing errors. Many editors support navigating to the line number from this format.

Support format strings in "client credential oauth2" flows

For example vars can be used in the token-url field like this:

authentication oauth2 {
    token-url "%{vars.token_url}"; # Now works ✅
    client "7e2b9f84-3d15-4a6c-9e8f-2c4a5b7d9e10";
    secret "xxx";
    resource "https://adnotifications.windowsazure.com/StrongAuthenticationService.svc/Connector";
    scope "openid";
}

Status code and headers mapping in HTTP Backend

Add support for mapping status code and headers to the context from a HTTP Backend.

Example:

mapping head {
    vars.status = status_code;
    vars.test_header = headers.x-test-header;
}

RADIATOR_CONFIGURATION_FILE environment variable

The RADIATOR_CONFIGURATION_FILE environment variable can be used to specify the configuration file to use when running the radiator command. Overrides the --configuration-file command line option.

--timeout option for radiator-client

The --timeout option can be used to set the timeout for the radiator-client when issuing RADIUS requests.

This also increases the default timeout from 1 to 5 seconds.

Improve debug statement

Now when using debug statement with a multivalue it will be pretty formated like an JSON array.

debug tacacsplus.request.args;

Now produces output like this:

Getter 'tacacsplus.request.args' -> Values ["service=shell", "cmd=clear", "cmd-arg=whatever"]

instead of just joining the values with commas.

Configuration directory support

  • You can now pass a directory to -c in addition to a single file.
  • When a directory is given, all *.radconf files are loaded recursively.
  • Files are ordered by leading numeric prefixes (e.g. 1*, 9*, 10_), Files without a numeric prefix load after numbered files.
  • Directories can also be prefixed with a numeric prefix to control their order.
  • Files and directories can be prefixed with an underscore to disable loading.
  • Existing file-based configuration continues to work unchanged.

Mask HTTP Management Errors

Error responses are now only in the form of HTTP status codes, without any additional error messages in the body. This change is made to enhance security by preventing the exposure of sensitive information through error messages.

The original error messages are now logged to the application logs. HTTP Management responses now include a X-Context-Id header that can be used to correlate requests with the corresponding log entries.

JSON log format of application files

Application logging can now be set to json log format by setting the flag --json-log-format or adding json_log keyword to app logging configuration blocks.

For example to get console logging to be in json format:

console {
  loglevel debug;
  json_log;
}

Note that if you don't set the command line option --json-log-format console logging will have some lines without json formatting while configuration files are being parsed.

This change only impacts application generated logs. Logs from AAA activities are formatted as set in their configuration blocks.

Application log json format is:

{
  "timestamp": "2025-08-07T16:16:23.888823+03:00",
  "target": "main",
  "level": "INFO",
  "message": "Loading configuration done"
}

There might be additional fields in the future.

Monitoring: Prometheus metrics export

Radiator Server now exposes a Prometheus-compatible metrics endpoint for scraping runtime statistics.

  • Endpoint: GET /api/v1/metrics/prometheus
  • Format: Prometheus text format 0.0.4
  • Content-Type: text/plain; version=0.0.4; charset=utf-8
  • Auth: Requires HTTP Management API authentication with the Monitor permission
  • Availability: Endpoint is available when the Management API is enabled

All metrics visible on the UI are exported to prometheus. These are in memory counters so scraping is inexpensive.

Example (for local testing)

TimeSpentMicros metrics

Add TimeSpentMicros (micro seconds) metrics across the stack: handlers, policies, servers (HTTP, RADIUS UDP/TCP), and backends. These are exposed in the management API and OpenMetrics.

JSON log format for syslog

Similarly to console and file you can also set syslog payload to json format. Either command line that sets everything to json or per protocol as below:

syslog {
    loglevel debug;
    facility "local1";
    json_log;
}

If you push logs to a separate syslog service using unix datagram sockets these will also be formatted in json. For example:

syslog {
    loglevel debug;
    facility "user";
    filename "/dev/log";
    json_log;
}