4.19.01.09 - Edge for Private Cloud release notes

You're viewing Apigee Edge documentation.
Go to the Apigee X documentation. info

On Sept. 29, 2020, we released a new version of Apigee Edge for Private Cloud.

Update procedure

Updating this release will update the components in the following list of RPMs:

edge-gateway-4.19.01-0.0.20095.noarch.rpm
edge-management-server-4.19.01-0.0.20095.noarch.rpm
edge-message-processor-4.19.01-0.0.20095.noarch.rpm
edge-postgres-server-4.19.01-0.0.20095.noarch.rpm
edge-qpid-server-4.19.01-0.0.20095.noarch.rpm
edge-router-4.19.01-0.0.20095.noarch.rpm
apigee-cassandra-2.1.16-0.0.2507.noarch.rpm
edge-management-ui-static-4.19.01-0.0.20017.noarch.rpm
apigee-setup-4.19.01-0.0.1123.noarch.rpm
apigee-mtls-consul-4.19.01-0.0.20129.noarch.rpm
apigee-mtls-4.19.01-0.0.20190.noarch.rpm

You can check the RPM versions you currently have installed, to see if they need to be updated, by entering:

apigee-all version

To update your installation, perform the following procedure on the Edge nodes:

On all Edge nodes:
1. Clean the Yum repos:
```
sudo yum clean all
```
2. Download the latest Edge 4.19.01 bootstrap_4.19.01.sh file to /tmp/bootstrap_4.19.01.sh:
```
curl https://software.apigee.com/bootstrap_4.19.01.sh -o /tmp/bootstrap_4.19.01.sh
```
3. Install the Edge 4.19.01 apigee-service utility and dependencies:
```
sudo bash /tmp/bootstrap_4.19.01.sh apigeeuser=uName apigeepassword=pWord
```
  Where uName:pWord are the username and password you received from Apigee. If you omit pWord, you will be prompted to enter it.
4. Update the apigee-setup utility:
```
sudo /opt/apigee/apigee-service/bin/apigee-service apigee-setup update
```
5. Use the source command to execute the apigee-service.sh script:
```
source /etc/profile.d/apigee-service.sh
```
Update all Cassandra nodes:
```
/opt/apigee/apigee-setup/bin/update.sh -c cs -f configFile
```
where configFile specifies the configuration file that you used to install Apigee Edge for Private Cloud. For example, /opt/silent.conf.
On all Edge nodes, execute the update.sh script for the edge process. To do this, execute the following command on each node:
```
/opt/apigee/apigee-setup/bin/update.sh -c edge -f configFile
```
If you are using the New Edge experience, execute the following command:
```
/opt/apigee/apigee-setup/bin/update.sh -c ue -f configFile
```
(Apigee mTLS only) To update Apigee mTLS: follow the procedure described in Upgrade Apigee mTLS.
For more information, see Introduction to Apigee mTLS.

Supported software

No changes.

Deprecations and retirements

No new deprecations or retirements.

New Features

This section lists new features in this release.

Encrypting JMX passwords

You can now encrypt JMX passwords. See Enabling JMX password encryption and Enabling JMX authentication for Cassandra for details. (150633039)

Bugs fixed

The following table lists the bugs fixed in this release:

Issue ID	Description
159360654	apigee-mtls certificates were only valid for 30 days. New certificates are now valid for one year. To upgrade an old 30-day certificate with a new certificate, valid for one year, see Upgrade Apigee MTLS.
160890634	When message processors were restarted, some proxies were not deployed.
130416715	Potential vulnerability due to "True-Client-IP" header This release introduces a new Access Control Policy element, `IgnoreTrueClientIPHeader`, which fixes the issue. See IgnoreTrueClientIPHeader element.
132654321	Audit logs were not showing users whose roles were updated. After performing role changes for existing users or adding an existing user to an org, the audit log showed "Update user undefined," which prevented you from seeing who the action was performed on.
160951701	mTLS installation was failing due to outdated Consul binary version. Consul binary upgraded from v1.6.2 to latest stable version, v1.8.0.
160916451	mTLS installation was failing due to a missing entry for the Consul `bindaddr` field. apigee-mtls now properly handles servers with multiple network interfaces and addresses.
133145969	Documentation for disabling protocols in the UI was missing For new documentation, see Disabling TLS protocols.

Known issues

The following table lists known issues in this release:

Issue ID Description

149245401

Issue ID	Description
149245401	Ldap policy connection pooling issue LDAP connection pool properties specified using LDAP resource are not taking effect. As a result, connections are being opened and closed each time for single use, creating a large number of connections per hour to the LDAP server. Workaround: In order to change the LDAP connection pool properties, do the following steps to set a global change across all LDAP policies. Create a configuration properties file if it does not already exist: /opt/apigee/customer/application/message-processor.properties Add the following to the file (replace values of Java Naming and Directory Interface (JNDI) properties based on your LDAP resource configuration requirement). bin_setenv_ext_jvm_opts="-Dcom.sun.jndi.ldap.connect.pool.maxsize=20 -Dcom.sun.jndi.ldap.connect.pool.prefsize=2 -Dcom.sun.jndi.ldap.connect.pool.initsize=2 -Dcom.sun.jndi.ldap.connect.pool.timeout=120000 -Dcom.sun.jndi.ldap.connect.pool.protocol=ssl" Make sure the file `/opt/apigee/customer/application/message-processor.properties` is owned by apigee:apigee. Restart each message processor. To verify that your connection pool JNDI properties are taking effect, you can perform a tcpdump to observe the behavior of the LDAP connection pool over time. Note: Connection pool properties specified by the above procedure are global, and so are applicable to all connection-pool-enabled LDAP connections that Apigee's Message Processor establishes.

Ldap policy connection pooling issue

LDAP connection pool properties specified using LDAP resource are not taking effect. As a result, connections are being opened and closed each time for single use, creating a large number of connections per hour to the LDAP server.

Workaround:

In order to change the LDAP connection pool properties, do the following steps to set a global change across all LDAP policies.

Create a configuration properties file if it does not already exist:
```
/opt/apigee/customer/application/message-processor.properties
```

Add the following to the file (replace values of Java Naming and Directory Interface (JNDI) properties based on your LDAP resource configuration requirement).

bin_setenv_ext_jvm_opts="-Dcom.sun.jndi.ldap.connect.pool.maxsize=20
-Dcom.sun.jndi.ldap.connect.pool.prefsize=2
-Dcom.sun.jndi.ldap.connect.pool.initsize=2
-Dcom.sun.jndi.ldap.connect.pool.timeout=120000
-Dcom.sun.jndi.ldap.connect.pool.protocol=ssl"

Make sure the file /opt/apigee/customer/application/message-processor.properties is owned by apigee:apigee.
Restart each message processor.

To verify that your connection pool JNDI properties are taking effect, you can perform a tcpdump to observe the behavior of the LDAP connection pool over time.

4.19.01.11

4.19.01.08