180202 - Apigee Edge for Public Cloud release notes

On Tuesday, February 20, 2018, we began releasing a new version of Apigee Edge for Public Cloud.

New Features and Updates

Following are the new features and updates in this release.

Issue ID Component Name Description
Multiple Management Server, API Runtime

Self-service virtual hosts and TLS are now generally available

For usage details, see About virtual hosts and TLS/SSL.

71861442 Management Server

Proxy bundle import/update optimizations

Edge will perform stronger validation on API proxy bundles at deploy time. This update helps ensure faster deployments while reducing deployment failures and bundle corruptions when more than one user imports the same bundle at the same time. Following are notable changes and behaviors:

  • Each bundle must have a file system root of /apiproxy.
  • Edge no longer attempts to ignore paths in an API proxy bundle's resources folder. (For example, Edge no longer ignores .git or .svn directories.)
  • If a bundle contains an invalid configuration of more than one API proxy XML configuration file (for example, apiproxy/proxy1.xml and apiproxy/proxy2.xml), there is no guarantee which configuration is used for the API proxy.
71548711 Management Server

Deployment validations

Until this release, Edge had been passively checking API proxy deployments for specific validation errors and notifying organizations through the Advisory tool about required fixes. These advisories, described in Deployment error advisories, were to allow users time to fix issues that would later result in deployment errors when validation was turned on in the product. With this release, Edge now performs those validations and throws deployment errors accordingly.

67946045 API Runtime

Autoscaling-aware Spike Arrest policy

A new <UseEffectiveCount> element in the Spike Arrest policy lets you automatically distribute Spike Arrest counts across message processors. When set to true, each message processor divides its allowed spike rate limit by the number of currently active message processors, adjusting the rate limit as message processors are added or removed. The default value is false when the element is omitted from the policy.

For more information, see the Spike Arrest policy topic.

72698249 API Runtime

Enhance the MP logging due to connectivity failure

72454901 API Runtime

Upgrade Rhino to 1.7.8 and Trireme to 0.9.1

72449197 API Runtime

Set default API timeout for all proxies to 55 sec to avoid router timing out earlier

72236698 API Runtime

Add logging event for canary deployments

69863216 API Runtime

Allow self-signed HTTPS health checks

69503023 API Runtime

MP DNS resolution should use an async thread pool

67708726, 68148328 API Runtime

API Product security enhancements

A new organization-level property, features.keymanagement.disable.unbounded.permissions, strengthens the security of API Products in verifying API calls. When the property is set to true (the default for organizations created after this release), the following features are enforced.

App creation

When creating a developer or company app, the management API requires that the app be associated with an API product. (The management UI already enforces this.)

API Product configuration

To create or update an API Product, the API Product must include at least one API proxy or a resource path in its definition.

Runtime security

API calls are rejected by an API product in the following situations:

  • An API Product doesn't include at least one API proxy or resource path.
  • If the flow.resource.name variable in the message doesn't include a resource path that the API Product can evaluate.
  • If the app making the API call isn't associated with an API product.

For existing organizations, the property value is false and must be explicitly changed by a user with System Administrator permissions. This means Public Cloud customers must contact Apigee Support to change the property value.

66003903 API Runtime

Router-to-Message Processor communication to be secure by default

Bugs Fixed

The following bugs are fixed in this release. This list is primarily for users checking to see if their support tickets have been fixed. It's not designed to provide detailed information for all users.

Issue ID Component Name Description
72553514 API Runtime

Fix misclassification of Node.js script errors

70509295 API Runtime

AccessControl policy trusted IP

69712300 API Runtime

MessageLogging policy to re-resolve DNS on regular interval

67489895 Management Server

TLS certificate chain validation

When creating a keystore alias using a certificate chain, you must separate certificates in the chain by a newline. Edge now throws a 400 Bad Request on alias creation if your certificate chain doesn't meet this requirement.