This release improves Kura’s authentication cache so per-request headers no longer cause unnecessary introspection calls.
- Fixed authentication cache misses — the cache key now fingerprints only credential-bearing headers (
authorization,proxy-authorization,cookie,x-api-key). Previously it hashed nearly all headers, so values likegrpc-timeoutandtraceparentcreated a unique key on every request, forcing the authenticate hook to re-run and hit the control plane introspection endpoint repeatedly. You should see far higher cache hit rates and lower control plane load after updating.