4.50.00.06 - Edge for Private Cloud release notes

You're viewing Apigee Edge documentation.
Go to the Apigee X documentation.
info

On January 22, 2021, we released a new version of Apigee Edge for Private Cloud.

Update procedure

Updating this release will update the components in the following list of RPMs:

  • edge-gateway-4.50.00-0.0.20107.noarch.rpm
  • edge-management-server-4.50.00-0.0.20107.noarch.rpm
  • edge-message-processor-4.50.00-0.0.20107.noarch.rpm
  • edge-postgres-server-4.50.00-0.0.20107.noarch.rpm
  • edge-qpid-server-4.50.00-0.0.20107.noarch.rpm
  • edge-router-4.50.00-0.0.20107.noarch.rpm
  • edge-analytics-4.50.00-0.0.40034.noarch.rpm
  • apigee-provision-4.50.00-0.0.611.noarch.rpm
  • apigee-validate-4.50.00-0.0.620.noarch.rpm
  • apigee-setup-4.50.00-0.0.1124.noarch.rpm
  • apigee-cassandra-2.1.22-0.0.2512.noarch.rpm
  • apigee-cassandra-client-2.1.22-0.0.2503.noarch.rpm
  • apigee-sso-4.50.00-0.0.20088.noarch.rpm
  • apigee-mtls-4.50.00-0.0.20210.noarch.rpm
  • apigee-mtls-consul-4.50.00-0.0.20130.noarch.rpm
  • edge-mint-gateway-4.50.00-0.0.30204.noarch.rpm
  • edge-mint-management-server-4.50.00-0.0.30204.noarch.rpm
  • edge-mint-message-processor-4.50.00-0.0.30204.noarch.rpm

You can check the RPM versions you currently have installed, to see if they need to be updated, by entering:

apigee-all version

To update your installation, perform the following procedure on the Edge nodes:

  1. On all Edge nodes:

    1. Clean the Yum repos:
      sudo yum clean all
    2. Download the latest Edge 4.50.00 bootstrap_4.50.00.sh file to /tmp/bootstrap_4.50.00.sh:
      curl https://software.apigee.com/bootstrap_4.50.00.sh -o /tmp/bootstrap_4.50.00.sh
    3. Install the Edge 4.50.00 apigee-service utility and dependencies:
      sudo bash /tmp/bootstrap_4.50.00.sh apigeeuser=uName apigeepassword=pWord

      where uName:pWord are the username and password you received from Apigee. If you omit pWord, you will be prompted to enter it.

    4. Update the apigee-setup utility:
      sudo /opt/apigee/apigee-service/bin/apigee-service apigee-setup update
    5. Use the source command to execute the apigee-service.sh script:
      source /etc/profile.d/apigee-service.sh
  2. Update the apigee-validate utility on the Management Server:
    /opt/apigee/apigee-service/bin/apigee-service apigee-validate update
  3. Update the apigee-provision utility on the Management Server:
    /opt/apigee/apigee-service/bin/apigee-service apigee-provision update
  4. Update all Cassandra nodes:

    /opt/apigee/apigee-setup/bin/update.sh -c cs -f configFile

    where configFile specifies the configuration file that you used to install Apigee Edge for Private Cloud. For example, /opt/silent.conf.

  5. On all Edge nodes, execute the update.sh script for the edge process. To do this, execute the following command on each node:
    /opt/apigee/apigee-setup/bin/update.sh -c edge -f configFile
  6. Execute the update.sh script for SSO on all nodes. On each node, execute the following command:
    /opt/apigee/apigee-setup/bin/update.sh -c sso -f configFile
  7. If you are using Apigee mTLS, follow the procedure described in Upgrade Apigee mTLS.

    For more information, see Introduction to Apigee mTLS.

Supported software

This release of Apigee Edge Private Cloud supports Red Hat Enterprise Linux version (Intel 64-bit) 7.9 and CentOS (Intel 64-bit) 7.9.

Deprecations and retirements

No new deprecations or retirements.

New Features

This release introduces the following new features:

  • A new installer option, 'mt', for installing the Management server separately from the Edge UI and OpenLDAP (issue 175793014). See Specifying the components to install.
  • An L1 cache expiry on a Message Processor, which specifies the time-to-live (TTL) of an entry in L1 cache. Previously you could only specify the TTL of L2 cache entries. See Set L1 cache expiry on a Message Processor.
  • An enhanced version of apigee-provision that includes a new delete-user option. Run apigee-service apigee-provision delete-user -h for help in using the option.

Bugs fixed

The following table lists the bugs fixed in this release:

Issue ID Description
162320407 Client certificate were not sent, even though clientauthenabled was set in the target server.
169401128

Sending email notifications was not working for Monetization.

158714633

Cassandra log file configuration was not working.

New logback tokens have been added for maxfilesize and maxbackupindex.

125273766

Cross-pod cache update propagation failure in multi-region pod configuration.

170656165

Apigee SSO setup was failing when management server had http disabled.

174307086

InvalidateCache generated a wrong key if the scope type was set to Proxy.

143178281

Monetization notification service was failing due to a bad SMTP configuration.

151756535 apigee-validate clean command was not cleaning the apigee_validator@apigee.com user.

apigee-validate clean now deletes the user that was created as part of validation.

174735160 A potential security vulnerability to a SQL injection through the Edge Classic UI has been fixed.
145994176 Searching notification service items by date was not working because createdDate was not populated.
142386756

setup.sh was missing an option for installing Management Server component only.

165421271

The Trace tool was showing all JSON values in the request payload as strings, even those that were integers.

169212613

Management API response contained duplicate date response headers.

171245851

mTLS installation requires all IP Addresses in the config file.

172379664

CredentialUtil no longer logs unwanted messages.

172367536

Message processors were using a self-signed certificate for mTLS even when the user provided a certificate they defined.

169020349

servicecallout.requesturi did not display the correct URI.

175313717

Potential Cassandra vulnerabilities CVE-2020-13946 and CVE-2019-2684 have have been fixed.

See Security issues fixed.

169020349

A potential vulnerability to birthday attacks against TLS ciphers with 64-bit block size has been fixed.

See Security issues fixed.

Security issues fixed

The following is a list of known security issues that have been fixed in this release. To avoid these issues, install the latest version of Edge Private Cloud.

CVE Description
CVE-2020-13946

In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorised operations. Users should also be aware of CVE-2019-2684, a JRE vulnerability that enables this issue to be exploited remotely.

CVE-2019-2684

A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite.

CVE-2016-2183

A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite.

Known issues

For a list of known issues with Edge Private Cloud, see Known issues with Edge Private Cloud.