4.18.05 Edge for Private Cloud release notes

This section describes version 4.18.05 of the Edge for Private Cloud Feature Release.

Release summary

The following table summarizes the changes in this Feature Release:

New Features ○ JWT Policies are now Generally Available (GA)
○ RedHat Enterprise Linux 6.9 is now supported
○ Oracle Linux 6.9 is now supported
○ CentOS 6.9 is now supported
○ New Edge experience installation configuration changes
○ Router retry options can now be set at the virtual host level
Included Releases
○ Edge UI:
   18.04.04
   18.03.02
   18.02.14
   17.11.06
○ Edge Management/Runtime:
   18.04.06
   18.04.04
   18.03.02
   18.02.02
   18.01.05
○ Portal:
   18.04.25.01
   18.04.25.00
   18.04.23.00
   18.03.28.00
   18.03.05.00
   18.02.15.00
   18.01.31.00
   17.12.20.00
Retirements ○ API BaaS
○ Monitoring Dashboard (Beta)
Deprecations ○ Apigee secure stores (vaults) replaced by KVMs
○ Adding paths on the API proxy Performance tab
○ SMTPSSL property for the Developer Services portal
Bug Fixes ○ Prevent user's email address from being changed (65550638)
○ Security vulnerability in jackson-databind (69711616)
○ Memory leak in Message Processors (71612599)
Known Issues ○ Hostnames not resolving (79757554)
○ Permission error message appears when stopping apigee-postgresql (72379834)
○ Create reverse proxy via Open API option is displayed (79949124)

The sections that follow describe each of these topics in detail.

Upgrade paths

The following table shows the upgrade paths for this Feature Release:

From 4.18.01 Directly upgrade from 4.18.01 → 4.18.05
From 4.17.09 Directly upgrade from 4.17.09 → 4.18.05
From 4.17.05 Directly upgrade from 4.17.05 → 4.18.05
From 4.17.01 Upgrade from 4.17.01 → 4.18.01, then upgrade from 4.18.01 → 4.18.05
From 4.16.09 Upgrade from 4.16.09 → 4.18.01, then upgrade from 4.18.01 → 4.18.05
From 4.16.05 Upgrade from 4.16.05 → 4.18.01, then upgrade from 4.18.01 → 4.18.05
From 4.16.01 Upgrade from 4.16.01 → 4.18.01, then upgrade from 4.18.01 → 4.18.05
From 4.15.0x Upgrade from 4.15.0x → 4.16.01, then upgrade from 4.16.01 → 4.18.01, then upgrade from 4.18.01 → 4.18.05

New features

This section describes new features in this Feature Release. In addition to these features, this release includes all features in the Edge UI, Edge Management, and Portal releases listed in Included releases.

In addition to the following enhancements, this release also contains multiple usability, performance, security, and stability enhancements.

JWT Policies

The following JWT Policies are no longer in Beta; they are now GA:

Supported software

This Feature Release includes the following changes to supported software:

  • Red Hat Enterprise Linux (RHEL) 6.9 is now supported
  • Oracle Linux 6.9 is now supported
  • CentOS 6.9 is now supported
  • RHEL/CentOS/Oracle Linux 7.2 are no longer supported

For more information, see Supported software and supported versions.

New Edge experience installation configuration changes

The 4.18.05 release of the New Edge experience contains changes to the configuration file from the 4.18.01 release. The new properties are described in Installation configuration changes from Edge 4.18.01.

Router retry options can now be set at the virtual host level

You can now set retry options for the Router's communications with the Message Processor on the virtual host. This gives you more fine-grained control than the previous options, which were only settable at the Router level.

For more information, see Virtual host configuration properties.

New analytics dimension and change to the x_forwarded_for_ip dimension

The way Edge sets the x_forwarded_for_ip dimension in Edge Analytics has changed. Previously, if there were multiple IP addresses in the X-Forwarded-For header, the x_forwarded_for_ip dimension contained only the last IP address listed. Customers often used the x_forwarded_for_ip dimension to determine the IP address of the client making the API request to Edge.

With this release, the x_forwarded_for_ip dimension now contains the complete list of IP addresses in the X-Forwarded-For header.

Warning: The X-Forwarded-For header has the potential for being spoofed by a blacklisted IP, except for the last address in the header, which is the IP address Edge received from the last external TCP handshake. To determine the original client IP address making the API request to Edge, this release adds a new dimension to Edge Analytics: ax_resolved_client_ip.

You can now use the ax_resolved_client_ip dimension in a custom report or in a filter condition in a custom report to determine the IP address of the client making the API request. See Analytics metrics, dimensions, and filters reference for more on the ax_resolved_client_ip dimension.

This change also affects the way the AccessControl policy handles the X-Forwarded-For header. In this release, Edge automatically populates the X-Forwarded-For HTTP header with the single IP address it received from the last external TCP handshake (such as the client IP or router). In previous releases, Edge set the X-Forwarded-For HTTP header with the single IP address it received from the first external TCP handshake (such as the client IP or router). For more, see About the X-Forwarded-For HTTP header.

Included releases

Since the previous Edge for Private Cloud Feature Release, the following releases have occurred and are included in this Feature Release:

Edge UI Edge Management/Runtime Portal
18.04.04
18.03.02
18.02.14
17.11.06
18.04.06
18.04.04
18.03.02*
18.02.02
18.01.05
18.04.25.01
18.04.25.00
18.04.23.00
18.03.28.00
18.03.05.00
18.02.15.00
18.01.31.00
17.12.20.00
* Bug fix 74622499 is not included in the Edge for Private Cloud 4.18.05 release.

Click on the links above to see bug fixes and new features from those releases that are included in this Feature Release.

Retirements

This section describes features that were retired in this Feature Release.

API BaaS

API BaaS has been retired. For more information, see Apigee deprecations, retirements, and CPS changes.

Monitoring Dashboard (Beta)

The Monitoring Dashboard (Beta) has been retired and will no longer be supported. As a result, the following components are no longer part of the installation:

  • apigee-influxdb
  • apigee-telegraf
  • apigee-grafana

To continue to get Router, Message Processor, and node metrics, Apigee recommends that you use JMX to integrate Edge for Private Cloud's data with your own monitoring tools. For more information, see What to monitor and How to monitor.

If you upgrade an existing install to version 4.18.05, you should uninstall the Monitoring Dashboard. Apigee does not guarantee that it will continue to function as expected.

Deprecations

The following features were deprecated in this Feature Release.

For more information, see Apigee deprecations, retirements, and CPS changes.

Apigee secure store (vaults)

The Apigee secure store, also known as "vaults," is being deprecated and will be retired in September of 2018.

Instead of using the secure store, use encrypted key value maps (KVMs), as described in Working with key value maps. Encrypted KVMs are just as secure as vaults and provide more options for creation and retrieval.

Adding paths on the API proxy Performance tab

Prior to this release, you could navigate to an API proxy in the management UI, go to the Performance tab, and create different paths for a chart-based comparison on the proxy's Performance tab and in the Business Transactions dashboard.

This feature is now retired and is no longer available in the UI. For an alternative to this functionality, see Alternative to Business Transactions API.

SMTPSSL property for the Developer Services portal

To set the protocol used by the SMTP server connected to the portal, you now use the SMTP_PROTOCOL property, instead of the SMTPSSL property. Valid values of SMTP_PROTOCOL are "standard", "ssl", and "tls".

For more information, see Developer Services portal installation.

Bug fixes

This section lists the Private Cloud bugs that were fixed in this Feature Release. In addition to the bugs listed below, this Feature Release includes all bug fixes in the Edge UI, Edge Management, and Portal releases shown in Included releases.

Issue ID Description
71612599

Memory leak in Message Processors

A memory leak has been fixed. It occurred in Message Processors when Qpidd was stopped.

69711616

Security vulnerability in jackson-databind

The jackson-databind library has been updated to version 2.7.9.1 to prevent a deserialization flaw.

65550638

Prevent user's email address from being changed

You can no longer change a user's email address in the message payload sent to the management API. The management API also now disallows XML in the request body.

Known issues

The following table lists known issues in this Feature Release:

Issue ID Description
79757554

Hostnames not resolving

After installating or upgrading Edge for Private Cloud, hostnames might not resolve to their addresses.

To resolve this issue, restart the Edge UI component:

/opt/apigee/apigee-service/bin/apigee-service edge-ui restart
72379834

Permission error message appears when stopping apigee-postgresql

When you use the apigee-seriver apigee-postgresql stop command to stop apigee-postgresql, you might see a message saying that apigee-serive cannot change to the user's home dir. You can ignore that message.

79949124

Create reverse proxy via Open API option is displayed

The proxy wizard currently displays an option to create a new proxy via Open API. This is not possible on Edge for Private Cloud.

79993247

HEAD requests to Node.js targets hang

HEAD requests to a Node.js target can hang, leaving connections pending.

Workaround: To work around this issue, define a handler for HEAD requests to explicitly return an empty response.

68722102

MessageLogging policy including extra information in the log message

The FormatMessage element of the MessageLogging policy controls the format of the logged message. When FormatMessage=false, the logged message is not supposed to include any Apigee-generated information. However, even if you set FormatMessage=false, the log message still includes the following information:

  • The priority score
  • The timestamp

Next step

To get started with Edge for Private Cloud 4.18.05, use the following links:

New installations:
New installation overview
Existing installations:
Upgrade from 4.18.01
Upgrade from 4.17.05 or 4.17.09
Upgrade from 4.17.01
Upgrade from 4.16.09
Upgrade from 4.16.01 or 4.16.05