We have completed the rollback to the original default values. Customers applying their configurations without explicitly defining ssl_verify and hide_credentials will default to `false` again.
Posted Apr 08, 2026 - 21:33 UTC
Identified
The issue has been identified and a fix is being implemented.
Posted Apr 08, 2026 - 16:20 UTC
Investigating
With the release of 3.14 and changes to default security settings for Kong’s secure by default initiatives, Konnect customers running dataplanes less than 3.14 and updating certain plugins without providing overrides to the new defaults began experiencing the following issues:
Konnect would begin reporting that a default had been overridden that did not apply to the connected dataplane. This is a warning that Konnect gives when the configuration on Konnect control plane appears to have user-defined changes that do not apply to the dataplane version the customer is using. This message is provided to avoid a user configuring properties on a plugin that their dataplane would not utilize, to make it clear to users why a new field isn’t taking effect. Since our defaults changed, this caused the reporting in some cases to see this as an ‘override’ if the configuration didn’t match the new default, causing the message. This had no impact on dataplane configurations or behavior, but it was a confusing message, and we have removed it.
The second and more impactful issue is the updating of default values in 3.14. After the 3.14 release, some fields like ssl_verify and hide_credentials in various entities started defaulting to true instead of false . This is causing customers who run a deck sync without these fields defined, will see their config values change from false to true which is an issue. Konnect is working on rolling back to the old default values. Once the default values are restored on the API, the next time the config is updated without the default values, the previous values will be applied.