4.15.01.00 - Apigee Edge on-premises release notes

On Tuesday, January 27, 2015, we released a quarterly version of Apigee Edge on-premises.

Version 4.15.01.00 includes a large number of new features, many of which were addressed in the context of the latest holiday season and in previous cloud releases. New feature areas include the management UI framework, LDAP, installation and upgrade, analytics, and response error configuration and compression. See the full list the follows.

If you have questions, go to Apigee Customer Support.

For a list of all Apigee Edge release notes, see Apigee Release Notes.

New features and enhancements

Following are the new features and enhancements in this release.

  • OpenLDAP replaces ApacheDS
    Edge now provides OpenLDAP to authenticate users in your API management environment. Among the benefits of OpenLDAP is a password policy that lets you configure various password authentication options, such as the number of consecutive failed login attempts after which a password can no longer be used to authenticate a user to the directory. For more information, see the Edge OPDK Operations Guide.

    OpenLDAP is now the only LDAP server supported by Edge for new installations. Existing installations of Edge that upgrade to 4.15.01.00 can continue to use ApacheDS, but all new installations of 4.15.01.00 use OpenLDAP.

    If you choose to upgrade to OpenLDAP as port of the 4.15.01.00 installation procedure, all data from ApacheDS is migrated to OpenLDAP. See the Known Issues section for more upgrade information.
  • Security improvements
    Improvements to security in this release address path injection and traversal vulnerabilities, role-based access permissions, cross-site request forgery vulnerabilities, authorization bypass in the Edge management UI, and external entity vulnerabilities.
  • Apache Cassandra performance and stability improvements
    This release includes performance improvements in the way the Edge product accesses the NoSQL Cassandra database, as well as improvements to Cassandra itself, which is being upgraded from version 1.2.11 to 1.2.19.
  • Token management improvements
    In addition to enhancements around returning OAuth tokens and cleaning them up in the database, you can now retrieve and revoke OAuth 2.0 access tokens by end user ID, app ID, or both. See the following for more information:
  • Analytics enhancements
    This release includes many analytics enhancements, including:
    • Expanded metrics on the use of cache in API proxies.
    • Latency analytics. In addition to the Latency analysis dashboard (Apigee Edge plan only), new top percentile (TP*) metrics in custom reports let you see the time threshold under which a certain percentage of transactions complete. For example, the TP99 metric shows the time threshold under which 99% of transactions complete.
    • Virtual Dimensions - User-agents, timestamps, and IP addresses are automatically mapped to dimensions such as OS version, device family, day of the week, city, country, and timezone.
    • Newly designed interface for Custom Reports (Beta)
    • Support for Apigee 127 built proxies
    • New "Apigee Fault" and "Target Fault" boolean flags captured by analytics
  • Runtime resiliency improvements
    This release includes many runtime resiliency improvements, including policy availability on Cassandra failure, Netty router stability, and SSL thread stability.
  • Node.js enhancements
    The following Node.js enhancements are included in this release:
    • A new Get Cached Node.js Logs API, which lets you retrieve the last several hundred log records from a Node.js script.
    • Support for the "trireme-support" module (Node.js modules written in Java). For more information, see https://www.npmjs.com/package/trireme-support.
    • Organization and environment names stripped from virtual paths and moved to variables.
    • Upgrade to Java 7.
    • Upgrade to Trireme 0.8.4, which addresses issues with HTTP request parsing and handling of non-UTF-8 character sets.
  • Play Framework upgraded to 2.0
    The Play Framework used by Edge, including monetization, has been upgraded to Play 2.0.
  • JMX monitoring statistics can now be configured to require a password
    The monitoring process for the Management Server, Router, Message Processor, QPID, and Postgres all use JMX. JMX is enabled by default and remote JMX access does not require a password. However, you can now apply password protection to the JMX statistics to control access. See the Edge Operations Guide for more.
  • Wildcards in API proxy resources
    You can use wildcard characters (asterisks *) when defining API proxy resources. For example, /developers/*/apps or /developers/**. For more information on API proxy resources, see Mapping conditional flows to backend API resources.
  • "/" resource on productsAPIRT-667
    When you add a resource to an API product as a single forward slash "/", by default Apigee treats it the same as "/**", which gives developers access to all URIs under the base path. A new organization-level features.isSingleForwardSlashBlockingEnabled property lets you change the default behavior of "/". By changing the property to "true" (cloud customers must contact Apigee Support to do this), "/" gives developers access to only the base path as a resource.

    For more information, see Configuring the behavior of a Resource Path.
  • HTTP response error configuration for Quota and Spike ArrestAPIRT-664
    Apigee Edge organizations can now be configured to return an HTTP status code of 429 (Too Many Requests) for all requests that exceed a rate limit set by a Quota or Spike Arrest policy. The default configuration returns an HTTP status code of 500 (Internal Server Error).

    Contact Apigee Support to have the features.isHTTPStatusTooManyRequestEnabled property set to true for organizations for which you want Quota and Spike Arrest violations to return an HTTP status code of 429.
  • The HealthMonitor now supports SSL
    A HealthMonitor assigned to a load balancer now supports SSL. See Load balancing across backend servers for more.
  • The Edge Monetization installer now supports silent installation
    Monetization now supports silent, or unattended, installation. For more information, see the Edge Install and Configuration Guide.
  • gzip compression on API responsesMGMT-1127
    Calls to the management API support gzip compression on responses that have a Content-Length of at least 1024 bytes. Use:
    'Accept-Encoding: gzip, deflate'

Bugs fixed

The following bugs are fixed in this release.

Topic Issue ID Description
High memory utilization CORERT-362 High memory utilization was being caused by stop shell scripts that were being triggered prior to process completion by message processors. This issue has been fixed.
SOAP WSDL proxy creation MGMT-1526 Creating a SOAP-based API proxy in the management UI was causing the browser to hang. This issue has been fixed.
Developer app with periods in the name MGMT-1236 In the management UI, if a developer app name contained periods, the app couldn't be updated. This issue has been fixed.
Increased MP CPU and latency CORERT-384 Message processor CPU and response latencies increased whenever the target responses contained a "Connection: close" header. This issue has been fixed.
HTTP request and response statistics CORERT-364 Statistics on cumulative HTTP requests and responses were incorrect. This issue has been fixed.
Quota policy enforcement APIRT-909 Calendar-based quota policies were erroneously rejecting API calls made before the quota period was set to begin. This issue has been fixed.

This release also contains bug fixes from the following releases. See the individual release notes for details.

Edge Cloud Edge On-premises

Known issues

This release has the following known issues.

Topic Issue ID Description
LDAP upgrade DOC-1262

When upgrading from release 4.14.07 to 4.15.01 and upgrading from ApacheDS to OpenLDAP, role names containing spaces (such as "Read Only") aren't properly recreated in OpenLDAP.

Before upgrading, delete and recreate roles that have spaces in their names.

If you've already upgraded, run the following command to delete problem roles in OpenLDAP:

ldapdelete -H ldap://localhost:10389 -D 'cn=manager,dc=apigee,dc=com' -r -W 'cn=<role>,ou=userroles,o=<org>,ou=organizations,dc=apigee,dc=com'

Then recreate the roles.

SMTP email failure OPDK-900 If an SMTP email validation failure occurs, check that the values of the following properties in apigee4/conf/ui/apigee.conf are set to the same value: apigee.mgmt.mailFrom and mail.smtp.user. Alternatively, disable SMTP email validation.