This section describes version 4.18.05 of the Edge for Private Cloud Feature Release.
The following table summarizes the changes in this Feature Release:
|New Features||○ JWT Policies are now Generally Available (GA)
○ RedHat Enterprise Linux 6.9 is now supported
○ Oracle Linux 6.9 is now supported
○ CentOS 6.9 is now supported
○ New Edge experience installation configuration changes
○ Router retry options can now be set at the virtual host level
|Retirements||○ API BaaS
○ Monitoring Dashboard (Beta)
|Deprecations||○ Apigee secure stores (vaults) replaced by KVMs
○ Adding paths on the API proxy Performance tab
○ SMTPSSL property for the Developer Services portal
|Bug Fixes||○ Prevent user's email address from being changed (65550638)
○ Security vulnerability in jackson-databind (69711616)
○ Memory leak in Message Processors (71612599)
|Known Issues||○ Message Processor backup not backing up the correct set of files (121095148)
○ Hostnames not resolving (79757554)
○ Permission error message appears when stopping apigee-postgresql (72379834)
○ Create reverse proxy via Open API option is displayed (79949124)
The sections that follow describe each of these topics in detail.
The following table shows the upgrade paths for this Feature Release:
|From 4.18.01||Directly upgrade from 4.18.01 → 4.18.05|
|From 4.17.09||Directly upgrade from 4.17.09 → 4.18.05|
|From 4.17.05||Directly upgrade from 4.17.05 → 4.18.05|
|From 4.17.01||Upgrade from 4.17.01 → 4.18.01, then upgrade from 4.18.01 → 4.18.05|
|From 4.16.09||Upgrade from 4.16.09 → 4.18.01, then upgrade from 4.18.01 → 4.18.05|
|From 4.16.05||Upgrade from 4.16.05 → 4.18.01, then upgrade from 4.18.01 → 4.18.05|
|From 4.16.01||Upgrade from 4.16.01 → 4.18.01, then upgrade from 4.18.01 → 4.18.05|
|From 4.15.0x||Upgrade from 4.15.0x → 4.16.01, then upgrade from 4.16.01 → 4.18.01, then upgrade from 4.18.01 → 4.18.05|
This section describes new features in this Feature Release. In addition to these features, this release includes all features in the Edge UI, Edge Management, and Portal releases listed in Included releases.
In addition to the following enhancements, this release also contains multiple usability, performance, security, and stability enhancements.
The following JWT Policies are no longer in Beta; they are now GA:
This Feature Release includes the following changes to supported software:
- Red Hat Enterprise Linux (RHEL) 6.9 is now supported
- Oracle Linux 6.9 is now supported
- CentOS 6.9 is now supported
- RHEL/CentOS/Oracle Linux 7.2 are no longer supported
For more information, see Supported software and supported versions.
New Edge experience installation configuration changes
The 4.18.05 release of the New Edge experience contains changes to the configuration file from the 4.18.01 release. The new properties are described in Installation configuration changes from Edge 4.18.01.
Router retry options can now be set at the virtual host level
You can now set retry options for the Router's communications with the Message Processor on the virtual host. This gives you more fine-grained control than the previous options, which were only settable at the Router level.
For more information, see Virtual host configuration properties.
New analytics dimension and change to the
The way Edge sets the
in Edge Analytics has changed. Previously, if there were multiple IP addresses in the
x_forwarded_for_ip dimension contained only the last IP address listed.
Customers often used the
x_forwarded_for_ip dimension to determine the IP address of
the client making the API request to Edge.
With this release, the
x_forwarded_for_ip dimension now contains the complete list
of IP addresses in the
X-Forwarded-For header has the potential for being spoofed by a blacklisted IP,
except for the last address in the header, which is the IP address Edge received from the last external TCP handshake.
To determine the original client IP address making the API request to Edge,
this release adds a new dimension to Edge Analytics:
You can now use the
ax_resolved_client_ip dimension in a custom report or in a
filter condition in a custom report to determine the IP address of the client making the API request.
See Analytics metrics, dimensions, and filters reference
for more on the
This change also affects the way the AccessControl policy handles the
In this release, Edge automatically populates the
X-Forwarded-For HTTP header with
the single IP address it received from the last external TCP handshake (such as the client IP or router).
In previous releases, Edge set the
X-Forwarded-For HTTP header with
the single IP address it received from the first external TCP handshake (such as the client IP or router).
For more, see
About the X-Forwarded-For HTTP header.
Since the previous Edge for Private Cloud Feature Release, the following releases have occurred and are included in this Feature Release:
|Edge UI||Edge Management/Runtime||Portal|
|* Bug fix 74622499 is not included in the Edge for Private Cloud 4.18.05 release.|
Click on the links above to see bug fixes and new features from those releases that are included in this Feature Release.
This section describes features that were retired in this Feature Release.
API BaaS has been retired. For more information, see Apigee deprecations, retirements, and CPS changes.
Monitoring Dashboard (Beta)
The Monitoring Dashboard (Beta) has been retired and will no longer be supported. As a result, the following components are no longer part of the installation:
To continue to get Router, Message Processor, and node metrics, Apigee recommends that you use JMX to integrate Edge for Private Cloud's data with your own monitoring tools. For more information, see What to monitor and How to monitor.
If you upgrade an existing install to version 4.18.05, you should uninstall the Monitoring Dashboard. Apigee does not guarantee that it will continue to function as expected.
The following features were deprecated in this Feature Release.
For more information, see Apigee deprecations, retirements, and CPS changes.
Apigee secure store (vaults)
The Apigee secure store, also known as "vaults," is being deprecated and will be retired in September of 2018.
Instead of using the secure store, use encrypted key value maps (KVMs), as described in Working with key value maps. Encrypted KVMs are just as secure as vaults and provide more options for creation and retrieval.
Adding paths on the API proxy Performance tab
Prior to this release, you could navigate to an API proxy in the management UI, go to the Performance tab, and create different paths for a chart-based comparison on the proxy's Performance tab and in the Business Transactions dashboard.
This feature is now retired and is no longer available in the UI. For an alternative to this functionality, see Alternative to Business Transactions API.
SMTPSSL property for the Developer Services portal
To set the protocol used by the SMTP server connected to the portal, you now use the
SMTP_PROTOCOL property, instead of the
SMTPSSL property. Valid values
SMTP_PROTOCOL are "standard", "ssl", and "tls".
For more information, see Developer Services portal installation.
This section lists the Private Cloud bugs that were fixed in this Feature Release. In addition to the bugs listed below, this Feature Release includes all bug fixes in the Edge UI, Edge Management, and Portal releases shown in Included releases.
Memory leak in Message Processors
A memory leak has been fixed. It occurred in Message Processors when Qpidd was stopped.
Security vulnerability in jackson-databind
The jackson-databind library has been updated to version 22.214.171.124 to prevent a deserialization flaw.
Prevent user's email address from being changed
You can no longer change a user's email address in the message payload sent to the management API. The management API also now disallows XML in the request body.
The following table lists known issues in this Feature Release:
Message Processor backup not backing up the correct set of files
Run the backup a second time and it should back up the correct set of files.
HEAD requests to a Node.js target can hang, leaving connections pending.
To work around this issue, define a handler for
Create reverse proxy via Open API option is displayed
The proxy wizard currently displays an option to create a new proxy via Open API. This is not possible on Edge for the Private Cloud.
Hostnames not resolving
After installing or upgrading Edge for Private Cloud, hostnames might not resolve to their addresses.
To resolve this issue, restart the Edge UI component:
/opt/apigee/apigee-service/bin/apigee-service edge-ui restart
DataAccessException in multiple data center configurations
In multiple data center configurations, if one datastore becomes unavailable, then you might see the following error:
DataAccessException: Error while accessing datastore; Please retry later
The result is that Management Server may not start because it is trying to connect to Cassandra
nodes in both dc-1 and dc-2. The
Note that the expected state is for the Management Server not to connect to datastore components across regions.
The workaround is to deregister the following Cassandra node types in the unavailable data center and then re-register them after the Cassandra nodes are available again:
To deregister and reregister these Cassandra node types:
Note that these operations register and deregister nodes from Zookeeper and do not have any impact on the Cassandra cluster. For more information about these commands, see Update datastore registrations.
Permission error message appears when stopping apigee-postgresql
When you use the
MessageLogging policy including extra information in the log message
To get started with Edge for Private Cloud 4.18.05, use the following links: