24.02.05 - Apigee Edge for Public Cloud release notes

You're viewing Apigee Edge documentation.
Go to the Apigee X documentation.

On February 5, 2024, we published a Security Bulletin.

When an Apigee API Management proxy connects to a target endpoint or target server, the proxy does not perform hostname validation for the certificate presented by the target endpoint or target server by default. If hostname validation is not enabled using one of the following options, Apigee proxies connecting to a target endpoint or target server may be at risk for a man-in-the-middle attack by an authorized user. For more information, see Configuring TLS from Edge to the backend (Cloud and Private Cloud).

For instructions and more details, see the Apigee security bulletin.