16.01.20 - Apigee Edge for Public Cloud release notes

On Tuesday, February 2, 2016, we released a new cloud version of Apigee Edge for Public Cloud.

New features and enhancements

Following are the new features and enhancements in this release.

Redesigned API proxy wizard

The API proxy wizard has been redesigned. When you click "+ API Proxy" on the API Proxies page in the management UI, the new wizard guides you through the API proxy creation process. All the same settings as the previous API proxy wizard are available. (MGMT-1376)

Create API proxies with OpenAPI (Swagger) documents

As part of the new API proxy wizard redesign, you can now create an API proxy from a OpenAPI (Swagger) document. On the first page of the API proxy wizard, click Use OpenAPI when selecting Reverse Proxy, Node.js App, or No Target. In the field that appears, enter the URL to your OpenAPI document. For more information, see Build a simple API proxy. (MGMT-1376)

WSDL 1.2 support for SOAP proxies

Apigee Edge supports WSDL 1.2 in creating API proxies to call SOAP services. (MGMT-2835)

SSLInfo variables in TargetEndpoint configurations

In an API proxy TargetEndpoint, you can dynamically set SSL/TLS details to support flexible runtime requirements. In the following example of how SSLInfo would be set in a TargetEndpoint configuration, the values can be supplied at runtime by a Java Callout, a JavaScript policy, or an Assign Message policy. Use whichever message variables contain the values you want to set.

<TargetEndpoint>
...
  <SSLInfo>
    <Enabled>{myvars.ssl.enabled}</Enabled>
    <ClientAuthEnabled>{myvars.ssl.client.auth.enabled}</ClientAuthEnabled>
    <KeyStore>{myvars.ssl.keystore}</KeyStore>
    <KeyAlias>{myvars.ssl.keyAlias}</KeyAlias>
    <TrustStore>{myvars.ssl.trustStore}</TrustStore>
  </SSLInfo>
...
</TargetEndpoint>

This feature is covered in the following docs:

(APIRT-1475)

RSA_SHA256 algorithm support for SAML assertion policies

The SAML assertion policies now support the RSA_SHA256 algorithm in addition to RSA_SHA1. (APIRT-1779)

Validation on certificate uploads

To help prevent the uploading of expired or invalid certificates to keystores and truststores, the management API validates certificates on upload. Certificates are validated to ensure that the size of the file is not larger than 50KB and that the format is either PEM or DER. Certificate expiry is also validated. To override the default expiry validation (to not validate for certificate expiration on upload), use the following query parameter: ?ignoreExpiryValidation=true

For more information, see Upload a JAR file to a Keystore and Upload a Certificate to a Truststore. (SECENG-516) and (APIRT-2213)

Auto-polling on Node.js Logs page

When viewing Node.js logs from the proxy editor, the Node.js Logs page is automatically refreshed periodically to list new logs that are available. Click "Stop Auto Refresh" to turn off auto-refresh. (MGMT-1692)

API product page performance, no developer apps listed

When viewing an API product in the management UI, the developer apps associated with that product are listed. To improve UI performance, the list of developer apps is not shown when editing the API product. (MGMT-2869)

Subscription to daily analytics emails

Organization administrators must now explicitly subscribe to daily analytics report emails. Subscribe/unsubscribe by setting a user preference in the management UI, or with the management API. For more information, see Subscribe to daily analytics emails. (AXAPP-1949)

sum( ) function on response time metrics

In analytics custom reports and API calls, the "sum" aggregate function is now available for Target Response Time, Total Response Time, and end_point_response_time. For example, in the /stats API (http://docs.apigee.com/management/apis/get/organizations/%7Borg_name%7D/environments/%7Benv_name%7D/stats/%7Bdimension_name%7D-0), you can now use the following "select" query parameter: ?select=sum(total_response_time). (AXAPP-2006)

Latency Analysis report: API proxy names sorted

In the Latency Analysis report UI (Apigee Edge enterprise plans only), the API proxies are listed alphabetically in the Proxy drop-down list. (MGMT-2858)

Developer Apps on dashboard shown by display name

On the management UI dashboard, the Developer Apps bar chart lists developer apps by display name rather than internal name. (MGMT-2853)

New date/time widget on custom reports

The date/time picker widget on a custom reports page in the management UI has been enhanced. (MGMT-2881)

Monetization: Edit API package names

You can update the name of an API package at any point during the monetization lifecycle, even when the API package contains a published rate plan. (DEVRT-2177)

Monetization: Decimals allowed in custom attributes

When using a "Rate Card with Custom Attribute" plan, the custom attribute in the message header that is used as a multiplier for the transaction can now be a decimal value of up to four decimal places. For more information on this type of plan, see http://docs.apigee.com/monetization/content/specify-rate-card-custom-attribute-details. ( DEVRT-2191)

General improvements

This release also contains multiple usability, performance, security, and stability enhancements.

Bugs fixed

The following bugs are fixed in this release.

Issue ID Description
MGMT-2964 New proxy editor does not accept comments inside Flows tag
MGMT-2957 Adding a new pod to an org returns the deployment status of the bundle as error for routers in the new pod
MGMT-2937 Insufficient Permissions errors with custom roles
MGMT-2875 WSDL SOAP generation has incorrect headers for SOAP 1.2
MGMT-2739 Developer Apps report, Analytics tab doesn't show anomaly graph
MGMT-2735 Refreshing Node.js logs never completes/stops
MGMT-2734 Save button doesn't get enabled after any error while trying to save a deployed bundle
MGMT-2729 Updating port for TargetServer in the UI wipes out SSLInfo
MGMT-2702 Cross-site security vulnerability for Firefox and IE
Fixed a security vulnerability that could happen because of FireFox and IE vulnerabilities that improperly allow cross-site requests.
MGMT-2681 Proxy Editor: When using a Regex match in the Condition, the Flow Navigator does not show the verb
MGMT-2361 Deployment of proxies fails with RPCException: Call timed out
MGMT-1662 API proxy deployment fails during Apigee Public Cloud releases
DEVRT-2286 sync-organization Monetization API is broken
The API used to synchronize Apigee Edge data with monetization has been fixed with the latest refresh of the 16.01.20 release.
DEVRT-2173 Need to rename the Package but unable to edit because of active rate plan
DEVRT-1661 Developer is blocked for making API requests before rate plan start date, but block is never released
If an API developer accepted a monthly flat, volume-banded, or bundle rate plat that starts at a future date, and then sends API requests before the specified start date, the API developer is blocked from making further requests. Once the rate plan start date is reached, the block is now released.
DEVRT-1643 Draft rate plan corrupted after it is saved
AXAPP-1991 OptOut of Apigee Analytics Summary and emails don't stop
AXAPP-1946 Analytics cleanup not releasing disk space
AXAPP-1708 Analytics API appears to produce different numbers for the same statistic depending on how I ask
AXAPP-1293 Non-existing Developer App names in Analytics Summary email
APIRT-2518 Problems connecting to https backend with JavaScript policy
APIRT-2398 Invalid/expired authorization code counted as Apigee error
APIRT-2397 steps.assignmessage.SetVariableFailed counted as Apigee error
APIRT-2396 IllegalArgumentException, ArrayIndexOutofBoundsException in OAuth counted as Apigee error
APIRT-2362 JavaScript compilation error
APIRT-2322 Invalid Client ID incorrectly reported as Apigee error
APIRT-2159 Add message_id to the logging prefix
APIRT-2145 High failure of transactions for Facebook API
Validation for header values starting with ':' has been removed.
APIRT-2137 MP: Chunked transfer encoding and 205 with content length 0
APIRT-2124 Nginx router does not update the MP pool for newly added MPs
APIRT-2117 Message Logging policy not respect DNS updates
APIRT-2110 Only one X-Forwarded-For header is passed on by router
APIRT-2062 Response cache doesn't work correctly when SkipCacheLookup condition is met
APIRT-2061 Message processor not pushing messages to QPID
APIRT-2052 High number of CLOSE_WAITs due to management port not responding
APIRT-2024 Nginx without a load balancer is not properly populating X-Forwarded-For HTTP headers
X-Forwarded-For deprecation notice added to the 150930 release notes and the Access Control policy.
APIRT-1933 Proxy-specific classloaders still delegate to MP classloader
APIRT-1877 Unable to mask XML responses that have namespaces
APIRT-1838 Apigee-127: VerifyAPIKey returns only one API product when multiple products exist
APIRT-1827 Low concurrent streaming limit observed
APIRT-1820 Intermittent latency (> 1%) in 4.15.04 Private Cloud environment
APIRT-707 NPE during runtime if the <GenerateResponse> element is in the VerifyAccessToken policy