You're viewing Apigee Edge documentation.
Go to the
Apigee X documentation. info
On January 22, 2021, we released a new version of Apigee Edge for Private Cloud.
Update procedure
Updating this release will update the components in the following list of RPMs:
- edge-gateway-4.19.06-0.0.20108.noarch.rpm
- edge-management-server-4.19.06-0.0.20108.noarch.rpm
- edge-message-processor-4.19.06-0.0.20108.noarch.rpm
- edge-postgres-server-4.19.06-0.0.20108.noarch.rpm
- edge-qpid-server-4.19.06-0.0.20108.noarch.rpm
- edge-router-4.19.06-0.0.20108.noarch.rpm
- edge-analytics-4.19.06-0.0.40035.noarch.rpm
- apigee-setup-4.19.06-0.0.1125.noarch.rpm
- apigee-cassandra-2.1.22-0.0.2511.noarch.rpm
- apigee-cassandra-client-2.1.22-0.0.2502.noarch.rpm
- apigee-sso-4.19.06-0.0.20089.noarch.rpm
- apigee-mtls-4.19.06-0.0.20209.noarch.rpm
- edge-mint-gateway-4.19.06-0.0.30205.noarch.rpm
- edge-mint-management-server-4.19.06-0.0.30205.noarch.rpm
- edge-mint-message-processor-4.19.06-0.0.30205.noarch.rpm
You can check the RPM versions you currently have installed, to see if they need to be updated, by entering:
apigee-all version
To update your installation, perform the following procedure on the Edge nodes:
-
On all Edge nodes:
- Clean the Yum repos:
sudo yum clean all
- Download the latest Edge 4.19.06
bootstrap_4.19.06.shfile to/tmp/bootstrap_4.19.06.sh:curl https://software.apigee.com/bootstrap_4.19.06.sh -o /tmp/bootstrap_4.19.06.sh
- Install the Edge 4.19.06
apigee-serviceutility and dependencies:sudo bash /tmp/bootstrap_4.19.06.sh apigeeuser=uName apigeepassword=pWord
where uName:pWord are the username and password you received from Apigee. If you omit pWord, you will be prompted to enter it.
- Update the
apigee-setuputility:sudo /opt/apigee/apigee-service/bin/apigee-service apigee-setup update
- Use the
sourcecommand to execute theapigee-service.shscript:source /etc/profile.d/apigee-service.sh
- Clean the Yum repos:
Update all Cassandra nodes:
/opt/apigee/apigee-setup/bin/update.sh -c cs -f configFile
where configFile specifies the configuration file that you used to install Apigee Edge for Private Cloud. For example,
/opt/silent.conf.- On all Edge nodes, execute the
update.shscript for theedgeprocess. To do this, execute the following command on each node:/opt/apigee/apigee-setup/bin/update.sh -c edge -f configFile
- Execute the
update.shscript for SSO on all nodes. On each node, execute the following command:/opt/apigee/apigee-setup/bin/update.sh -c sso -f configFile
- If you are using Apigee mTLS, follow the procedure described in
Upgrade Apigee mTLS.
For more information, see Introduction to Apigee mTLS.
Supported software
This release of Apigee Edge Private Cloud supports Red Hat Enterprise Linux version (Intel 64-bit) 7.9 and CentOS (Intel 64-bit) 7.9.
Deprecations and retirements
No new deprecations or retirements.
New Features
This release introduces the following new features:
- A new installer option,
'mt', for installing the Management server separately from the Edge UI and OpenLDAP (issue 175793014). See Specifying the components to install. - Support for multiple certificate aliases. See
Using the key alias to specify the keystore cert
for usage. A new Message Processor code with configuration property,
HTTPClient.choose.alias.by.keyalias=true(default) has been introduced in this release to enable this feature.
Bugs fixed
The following table lists the bugs fixed in this release:
| Issue ID | Description |
|---|---|
| 159858015 | GET requests were returning incorrect 408 responses. |
| 153231909 | The |
| 142141620 | Multiple certificate aliases are now supported in this release. |
| 138107618 | High rate of Router to Message Processor timeouts. |
| 169401128 | Sending email notifications was not working for Monetization. |
| 158714633 | Cassandra log file configuration was not working. New logback tokens have been added for |
| 143178281 | Monetization notification service was failing due to a bad SMTP configuration. |
| 174735160 | A potential security vulnerability to a SQL injection through the Edge Classic UI has been fixed. |
| 169212613 | Management API response contained duplicate date response headers. |
| 172379664 |
|
| 170656165 | Apigee SSO setup was failing when management server had http disabled. |
| 175313717 | Potential Cassandra vulnerabilities CVE-2020-13946 and CVE-2019-2684 have have been fixed. |
Security issues fixed
The following is a list of known security issues that have been fixed in this release. To avoid these issues, install the latest version of Edge Private Cloud.
| CVE | Description |
|---|---|
| CVE-2020-13946 |
In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorised operations. Users should also be aware of CVE-2019-2684, a JRE vulnerability that enables this issue to be exploited remotely. |
| CVE-2019-2684 |
A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. |
| CVE-2016-2183 |
A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. |
Known issues
For a list of known issues with Edge Private Cloud, see Known issues with Edge Private Cloud.