4.50.00.07 - Edge for Private Cloud release notes

You're viewing Apigee Edge documentation.
Go to the Apigee X documentation. info

On February 19, 2021, we released a new version of Apigee Edge for Private Cloud.

Update procedure

Updating this release will update the components in the following list of RPMs:

edge-analytics-4.50.00-0.0.40037.noarch.rpm
edge-gateway-4.50.00-0.0.20110.noarch.rpm
edge-management-server-4.50.00-0.0.20110.noarch.rpm
edge-message-processor-4.50.00-0.0.20110.noarch.rpm
edge-postgres-server-4.50.00-0.0.20110.noarch.rpm
edge-qpid-server-4.50.00-0.0.20110.noarch.rpm
edge-router-4.50.00-0.0.20110.noarch.rpm
apigee-tomcat-7.0.105-0.0.910.noarch.rpm
apigee-sso-4.50.00-0.0.20135.noarch.rpm
apigee-cassandra-2.1.22-0.0.2513.noarch.rpm

You can check the RPM versions you currently have installed, to see if they need to be updated, by entering:

apigee-all version

To update your installation, perform the following procedure on the Edge nodes:

On all Edge nodes:
1. Clean the Yum repos:
```
sudo yum clean all
```
2. Download the latest Edge 4.50.00 bootstrap_4.50.00.sh file to /tmp/bootstrap_4.50.00.sh:
```
curl https://software.apigee.com/bootstrap_4.50.00.sh -o /tmp/bootstrap_4.50.00.sh
```
3. Install the Edge 4.50.00 apigee-service utility and dependencies:
```
sudo bash /tmp/bootstrap_4.50.00.sh apigeeuser=uName apigeepassword=pWord
```
  where uName:pWord are the username and password you received from Apigee. If you omit pWord, you will be prompted to enter it.
4. Update the apigee-setup utility:
```
sudo /opt/apigee/apigee-service/bin/apigee-service apigee-setup update
```
5. Use the source command to execute the apigee-service.sh script:
```
source /etc/profile.d/apigee-service.sh
```
Update all Cassandra nodes:
```
/opt/apigee/apigee-setup/bin/update.sh -c cs -f configFile
```
where configFile specifies the configuration file that you used to install Apigee Edge for Private Cloud. For example, /opt/silent.conf.
On all Edge nodes, execute the update.sh script for the edge process. To do this, execute the following command on each node:
```
/opt/apigee/apigee-setup/bin/update.sh -c edge -f configFile
```
Execute the update.sh script for SSO on all nodes. On each node, execute the following command:
```
/opt/apigee/apigee-setup/bin/update.sh -c sso -f configFile
```

Changes to supported software

Tomcat has been upgraded to version 7.0.105 in this release.

Deprecations and retirements

There are no new deprecations or retirements in this release.

New Features

This release introduces the following new features:

Apigee now supports setting connection timeouts with LDAP resources. By default, there is no timeout. See Managing LDAP Resources.
Added support for JMX with SSL for Cassandra authentication, which provides additional security and encryption.

Bugs fixed

The following table lists the bugs fixed in this release:

Issue ID	Description
171452815	Apigee SSO module was not marking `X-Uaa-Csrf` cookie as Secure This has been fixed.
166766984	Apache Tomcat has been upgraded to version 7.0.105.
165843063	Management server was listening on the wrong port (8080) in response to the `wait_for_ready` command.
172587165	Custom variables were sometimes not shown in UI reports. This process has been improved and made more robust.
174241354	Empty messages to the MessageLogging policy were causing it to flood logs with warnings. Empty messages are now handled correctly.
168258482	Some incorrect directory permissions in `apigee-tomcat` were causing `apigee-service` commands to fail.
161858295	Some silent variables were misspelled. The silent install variable `SSO_JWT_SIGNING_KEY_FILEPATH` is now spelled correctly.
168904909	It wasn't possible to configure a read timeout for the LDAP policy. A feature has been added to support I/O connection timeout with LDAP resource in case of JNDI. The default is that there is no timeout.
177527888	The `features.strictSSLEnforcement` property was not working for the target server.
157521855	Configuring cipher suites when enabling TLS for Management API was not working correctly.
178627968	Message processors were sending unused fields to Analytics by default.

Security issues fixed

The following is a list of known security issues that have been fixed in this release. To avoid these issues, install the latest version of Edge Private Cloud.

Issue ID	Description
CVE-2020-13935	The payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. Affected Versions: Apache Tomcat 10.0.0-M1 to 10.0.0-M6, Apache Tomcat 9.0.0.M1 to 9.0.36, Apache Tomcat 8.5.0 to 8.5.56, and Apache Tomcat 7.0.27 to 7.0.104.
178784031	Assertions that are used to validate HTTP responses were not required to be signed, leading to a potential security issue. Assertions are now required to be signed.

Issue ID

Description

CVE-2020-13935

The payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.

Affected Versions: Apache Tomcat 10.0.0-M1 to 10.0.0-M6, Apache Tomcat 9.0.0.M1 to 9.0.36, Apache Tomcat 8.5.0 to 8.5.56, and Apache Tomcat 7.0.27 to 7.0.104.

178784031

Assertions that are used to validate HTTP responses were not required to be signed, leading to a potential security issue.

Assertions are now required to be signed.

Known issues

For a list of known issues with Edge Private Cloud, see Known issues with Edge Private Cloud.

4.50.00.08

4.50.00.06

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2024-04-30 UTC.