19.03.01 - Apigee Edge for Public Cloud release notes

On Tuesday, October 29, 2019, we began releasing an update to this version of Apigee Edge for Public Cloud. (The original release was Thursday, April 18, 2019.)

New Features and Updates

Following are the new features and updates in this release.

Issue ID Component Name Description
Apigee began releasing the following updates on October 1, 2019
110995050 API Runtime

Load balancing - more control for removing failing servers

When configuring a load balancer for an API proxy, you can determine how many response failures occur before a server is removed from the load balancing rotation. A response failure means Apigee doesn't receive any response from a target server. When this happens, the failure counter increments by one. When Apigee does receive a response from a target, even if the response is an HTTP error (such as 500), that counts as a response from the target server, and the failure counter is reset. To help ensure that bad HTTP responses (such as 500) also increment the failure counter to take an unhealthy server out of load balancing rotation as soon as possible, you can add a new <ServerUnhealthyResponse> element with <ResponseCode> child elements to your load balancer configuration. Edge will also count responses with those codes as failures.


<HTTPTargetConnection>
  <LoadBalancer>
    <Algorithm>RoundRobin</Algorithm>
    <Server name="target1" />
    <Server name="target2" />
    <ServerUnhealthyResponse>
        <ResponseCode>500</ResponseCode>
        <ResponseCode>502</ResponseCode>
        <ResponseCode>503</ResponseCode>
    </ServerUnhealthyResponse>
    <MaxFailures>5</MaxFailures>
  </LoadBalancer>
</HTTPTargetConnection>
  
  
130416715 Security

AccessControl policy enhancements

The AccessControl policy determines which IP addresses can make calls to an API proxy. A new element on that policy give API developers more control in identifying which IP addresses to evaluate.

<IgnoreTrueClientIPHeader>: Optional (default is false). When you set this to true, the policy ignores the True-Client-IP header and evaluates IP addresses in the X-Forwarded-For header, following the X-Forwarded-For evaluation behavior you've configured.


<AccessControl async="false" continueOnError="false"
    enabled="true" name="Access-Control-1">
    <DisplayName>Access Control-1</DisplayName>
    <IgnoreTrueClientIPHeader>true</IgnoreTrueClientIPHeader>
    ...
</AccessControl>

Apigee released the following updates on April 18, 2019
117558815,
119856499,
110548137,
79526748,
72989449,
70712859,
69049041
API Runtime JWS and JWT
We've added new policies for JWS support and enhanced our existing JWT policies.

For details, see this Community post.

122610025 API Runtime Allow RaiseFault to also set fault reason, and arbitrary variables as in AssignMessage

Two new elements are available in the RaiseFault policy to make FaultRules handling cleaner and more powerful.

  • ShortFaultReason is a boolean that, when set to true, puts the policy name in the fault.reason variable.
  • AssignVariable, available in the FaultResponse, lets you assign the fault response to a variable to be used by other policies in the API proxy flow.
121149811 Hosted Targets Limits enforced for Hosted Targets

Limits are now being enforced for Hosted Targets. See Limits for limits details.

117659213 API Runtime Parameterize IP ranges in AccessControl policy

You can now use message template variables to set IP addresses and CIDR masks on the AccessControl policy. For example, if you want to store a whitelisted or blacklisted IP address and mask in a key value map (KVM), you can retrieve those values from a variable you set in the API proxy flow. This lets you change IP values more easily at runtime without having to change your policy configuration.

For example, instead of:

<MatchRule action="DENY">
    <SourceAddress mask="24">198.51.100.1</SourceAddress>
</MatchRule>
     

You could configure the policy like this, assuming the values are stored in a KVM, and you use the KeyValueMapOperations policy to retrieve the values and assign them to the variables shown here:

<MatchRule action="DENY">
    <SourceAddress mask="{kvm.mask.ref}">{kvm.ip.ref}</SourceAddress>
</MatchRule>
     
113599885 API Monitoring API Monitoring roles

API Monitoring provides two roles: API Monitoring Administrator and API Monitoring User, described in Access API Monitoring. These were made available in December 2018.

78575018 Private Cloud / OPDK Skip management server to skip gateway datastore registration when there are multiple gateway pods

Bugs Fixed

The following bugs are fixed in this release. This list is primarily for users checking to see if their support tickets have been fixed. It's not designed to provide detailed information for all users.

Issue ID Component Name Description
Apigee began releasing the following fixes on October 29, 2019
139381794 Management Server

Handle keystore deletion errors so that API call does not fail

Apigee began releasing the following fixes on October 1, 2019
140761319 API Runtime

x-apigee.edge.execution.sense.action is always set to null

139091614 API Runtime

In ResponseCache policy, NIOTheread is executing without rejection from the thread pool

131331305 Core Services

Multiple log exporters on Apigee routers cause high CPU usage

136690640 API Runtime

Intermittent 404s in specific organizations

140948100 API Runtime

Deployed Shared Flow not executing on some message processors

Apigee released the following fixes on September 13, 2019
132654321 Management Server Audit logs not showing data
131246911 Management Server For developer emails in a portal, enable support for newer domains such as *.games, *.asia
Apigee released the following fixes on April 18, 2019
123844598 Management Server Deleted app keys cannot be imported again after >24 hours
123588156 API Runtime Removing Content-Length header from response fails with a 304
122732400 API Runtime Setting api.timeout overrides io.timeout.millis
122545281 API Runtime DebugSession Data mask for JSON should consider case in which jsonPayload is an array
122355807 Management Server Incorrect permission behavior for users with multiple roles
121393556 API Runtime x_apigee_fault_code is set as "org/codehaus/jackson/map/ObjectMapper"
120998548 Edge UI Typo in error message: Cert is invalid or cannot be not be trusted
120990929 API Runtime HTTP-413 response from Nginx/Apigee-Router reveals the server type
120799489 API Runtime When using httpClient with an asynchronous JavaScript callback httpComplete(), debugsession (trace) output is muted
120794339 API Runtime Drifted MPs for organization
120277011 Management Server Need input validation: Not able to deploy the proxy if target server hostname has **
119976417 API Monitoring API Monitoring shows high proxy response time whereas analytics shows high target response time
119947481 API Runtime In exception scenario, payload to be masked is logged as plain text
119877164 Private Cloud / OPDK Routers generate errors, message processor goes offline with TLS enabled

This fix will be included in the next Edge for Private Cloud release.

119816218 API Runtime Response cache ignores Expires header if it resolves to 0 or negative number
119770242 API Runtime Router to MP communication failed causing complete downtime: Error in PostClientFlow causes infinite loop
119443145 Management Server API proxy returns 404 when ProxyEndpoint is renamed and redeployed
119260281 API Runtime \"Unable to parse as a string3000.0\" log error
118743407 Management Server Apigee proxy deployment duration
118447966 API Runtime Error on JavaScript Callouts under MP Release 180608_07
117549719 API Runtime Mismatch between the request URI and proxy base path
117219520 API Runtime MessageLogging: Syslog logger uses an incorrect date format as default, displays milliseconds incorrectly
117116435 API Runtime Intermittent errors from JavaScript file
117091520 API Runtime JavaCallouts are failing after message processor release 18.06.08
116165318 API Runtime Concurrent deployments of the same bundle causes RepositoryException
116055025 Configstore Service Message processors missing virtual hosts and applications after bootup
115614498 API Runtime Need support for ILB in OPDK

This fix will be included in the next Edge for Private Cloud release.

113972537 API Runtime Multiple P1s - NullPointerException raised from Node.js code in Trireme proxies - 500 Internal Server Error
113904969 Apigee support Issue with deletion of API proxies in demo orgs
113554802 API Runtime Validate SAML assertion fails with NullPointerException
113315737 Management Server Proxy deployment failed due to missing deployment records in Zookeeper
112767195 API Runtime Intermittent DataStore Errors while accessing KVM policy
112162179 API Runtime Caching a JavaScript object without stringifying it can lead to deadlocks
111860576 API Runtime Missing error in Quota policy
111671525 Hosted Targets Non-success response codes from hosted targets trigger fault flow in proxy
111523933 Extensions(Connectors) ExtensionCallout policy caching Issue
111420263 API Runtime ConcurrentModification exception in MessageLogging
110843526 Management Server Management API for creating/updating flow hook should validate shared flow
110805739 API Runtime TTL is not set as -1 in CPS flow when Reuserefreshtoken is true and refresh token expiry is not explicitly set
110429629 API Runtime BasicAuthentication policy emits request.headers.Authorization variable into DebugSession
110425503 API Runtime Nginx reload causes MP availability issues
110311540 API Runtime NPE when MP is shutting down
110161455 API Runtime AccessEntity should make use of fetch by app name method instead of fetch all apps for CPS orgs
90695522 API Runtime context.proxyRequest.asForm generates java.lang.ArrayIndexOutOfBoundsException: 1
79734096 Management Server Audit logs for proxies don't filter on proxies anymore
78105568 Management Server Shared flow deployments do not show up in /org/{org}/sharedflows/{sharedflow}/deployments management API calls after updating a deployed shared flow
77528868 Trireme Trireme regression: Script server.js exited with status code -1: Property 0 not found
73766568 API Runtime Upgrade 170213_02 to 171117_01 caused huge increase in latency for proxy with Trireme/Node target
72710481 API Runtime CacheServiceImpl/CacheMemoryLimiter NullPointerException
68861063 API Runtime Handle NPE during shutdown of routers
68833699 API Runtime Information about API proxy sometimes not getting removed from API Classification Tree
67377575 Hosted Targets Mismatch between analytics record and what is sent to the customer in a Node.js proxy
112481174 Hosted Targets Do not fail proxy undeploy due to Turbo error
117171470 Hosted Targets Fix invalid app.yaml error message
67169139 API Runtime MessageLogging policy syslog timestamp format is not correct
67165418 API Runtime Licensing error about more message processors being used even when using less than the licensed

This fix will be included in the next Edge for Private Cloud release.

67165195 API Runtime ValidateSAMLAssertion does not verify the signature on an Assertion embedded in a Signed Response
66214414 API Runtime The currentstep.flowstate variable always returns \"SHARED_FLOW\" when referenced from a shared flow
65731656 API Runtime Threat protection API is failing intermittently for same request
133197060 API Runtime Getting 57 Gateway timeout from MP to target
110535186 API Runtime ServiceCallout with no Response element and HTTPTargetConnection pointing to proxy: SOMETIMES no call
132443137 API Runtime Change message processor behavior to handle unknown internal x-apigee headers
125709964 API Runtime Invalidate Cache with purgeChildEntries not working as expected