- Edge for Private Cloud release notes

You're viewing Apigee Edge documentation.
Go to the Apigee X documentation.

On September 23, 2021, we released a new version of Apigee Edge for Private Cloud.

Update procedure

Updating this release will update the components in the following list of RPMs:

  • edge-analytics-4.50.00-0.0.40046.noarch.rpm
  • apigee-sso-4.50.00-0.0.21034.noarch.rpm
  • apigee-tomcat-8.5.64-0.0.917.noarch.rpm
  • apigee-machinekey-1.1.0-0.0.20008.noarch.rpm
  • apigee-lib-4.50.00-0.0.1019.noarch.rpm
  • apigee-cassandra-2.1.22-0.0.2527.noarch.rpm
  • apigee-cassandra-client-2.1.22-0.0.2512.noarch.rpm
  • apigee-setup-4.50.00-0.0.1128.noarch.rpm
  • apigee-service-4.50.00-0.0.1428.noarch.rpm
  • apigee-configutil-4.50.00-0.0.613.noarch.rpm
  • edge-gateway-4.50.00-0.0.20140.noarch.rpm
  • edge-management-server-4.50.00-0.0.20140.noarch.rpm
  • edge-message-processor-4.50.00-0.0.20140.noarch.rpm
  • edge-postgres-server-4.50.00-0.0.20140.noarch.rpm
  • edge-qpid-server-4.50.00-0.0.20140.noarch.rpm
  • edge-router-4.50.00-0.0.20140.noarch.rpm
  • edge-mint-gateway-4.50.00-0.0.30233.noarch.rpm
  • edge-mint-management-server-4.50.00-0.0.30233.noarch.rpm
  • edge-mint-message-processor-4.50.00-0.0.30233.noarch.rpm
  • edge-management-ui-4.50.00-0.0.20020.noarch.rpm
  • edge-ui-4.50.00-0.0.20198.noarch.rpm
  • edge-management-ui-static-4.50.00-0.0.20033.noarch.rpm
  • apigee-validate-4.50.00-0.0.624.noarch.rpm
  • apigee-mtls-4.50.00-0.0.20224.noarch.rpm
  • apigee-adminapi-4.50.00-0.0.607.noarch.rpm

You can check the RPM versions you currently have installed, to see if they need to be updated, by entering:

apigee-all version

To update your installation, perform the following procedure on the Edge nodes:

  1. On all Edge nodes:

    1. Clean the Yum repos:
      sudo yum clean all
    2. Download the latest Edge 4.50.00 bootstrap_4.50.00.sh file to /tmp/bootstrap_4.50.00.sh:
      curl https://software.apigee.com/bootstrap_4.50.00.sh -o /tmp/bootstrap_4.50.00.sh
    3. Install the Edge 4.50.00 apigee-service utility and dependencies:
      sudo bash /tmp/bootstrap_4.50.00.sh apigeeuser=uName apigeepassword=pWord

      where uName:pWord are the username and password you received from Apigee. If you omit pWord, you will be prompted to enter it.

    4. Update the apigee-setup utility:
      sudo /opt/apigee/apigee-service/bin/apigee-service apigee-setup update
    5. Update the apigee-lib utility:
      sudo /opt/apigee/apigee-service/bin/apigee-service apigee-lib update
    6. Use the source command to execute the apigee-service.sh script:
      source /etc/profile.d/apigee-service.sh
  2. Update the apigee-validate utility on the Management Server:
    /opt/apigee/apigee-service/bin/apigee-service apigee-validate update
  3. Update the apigee-adminapi utility:
    /opt/apigee/apigee-service/bin/apigee-service apigee-adminapi update
  4. Update apigee-machinekey utility:
    /opt/apigee/apigee-service/bin/apigee-service apigee-machinekey update
  5. Update apigee-config util:
    /opt/apigee/apigee-service/bin/apigee-service apigee-configutil update
  6. Update all Cassandra nodes:
    /opt/apigee/apigee-setup/bin/update.sh -c cs -f configFile

    where configFile specifies the configuration file that you used to install Apigee Edge for Private Cloud. For example, /opt/silent.conf.

  7. On all Edge nodes, execute the update.sh script for the edge process:
    /opt/apigee/apigee-setup/bin/update.sh -c edge -f configFile
  8. Execute the update.sh script for SSO on all nodes:
    /opt/apigee/apigee-setup/bin/update.sh -c sso -f configFile
  9. Execute the update.sh script for the UI on all nodes:
    /opt/apigee/apigee-setup/bin/update.sh -c ui -f configFile
  10. If you are using the New Edge experience, execute the following command:
    /opt/apigee/apigee-setup/bin/update.sh -c ue -f configFile
  11. If you are using Apigee mTLS, follow the procedure described in Upgrade Apigee mTLS. For more information, see Introduction to Apigee mTLS.

Changes to supported software

There are no changes to the supported software in this release.

Deprecations and retirements

There are no new deprecations or retirements in this release.

New features

This release introduces the following new features:

New wrapper around the nodetool repair tool

The wrapper does a sanity check on disk space (where Cassandra is mounted) before running the nodetool repair. The wrapper also supports JMX authentication and SSL over JMX related configurations.

Added support in the LDAP policy for dynamic string substitution for the <BaseDN> element.

The LDAP policy's <BaseDN> element specifies the base level of LDAP under which all of your data exists. In this release, we have added a ref attribute to the element, which you can use to specify a flow variable containing the <BaseDN> value, such as apigee.baseDN. ref takes precedence over an explicit BaseDN value. If you specify both ref and value, ref has priority. If ref does not resolve at runtime, value is used.

Bug fixes

This section lists the Private Cloud bugs that were fixed in this release.

Issue ID Description

Fixed inconsistent jQuery script path in classic UI


Enhanced logging for UI was failing due to a misconfiguration of the .properties file

This has been fixed.

404 error while navigating to a developer from the developer apps page

This has been fixed.

Companies were not appearing in the Edge UI

This has been fixed.

Self-signed certs trust issues in the Edge UI

This has been fixed.

console.log() was causing excessive logging

This has been fixed.

There was a minor bug in the way data center names are sorted in Cassandra setup scripts.

This has been fixed.

Apigee SSO was incorrectly returning stack traces in responses.

This has been fixed. Note that the stack traces are still logged.

apigee-validate was failing with obscure message

This has been fixed. Error logging for apigee-validate script has been improved.

syslog messages were incorrectly being dropped

This has been fixed.

Removed legacy keys from Gateway & Machinekey components


A failure in the permissions API was causing compatibility issues between the Edge UI and Gateway

This issue, which occurred when external LDAP authentication was enabled, has been fixed.

Removed trailing and leading spaces from all the HTTP request and response limit properties


Removed some unused configurations from Gateway components


Mint Management Server needs to be updated when Postgres failover is performed

An enhanced script was created to change Postgres connection details for Mint Management Server. See Handling a PostgreSQL database failover.

A large SSL handshake message was causing issues in Java 1.8.0_3XX

This has been fixed.

The ip command was not prefixed with the absolute path

This has been fixed. Apigee scripts now fully qualify path of the commands.

Management update was failing when Cassandra JMX Authentication or SSL was enabled

Added feature to provide Cassandra JMX authentication and SSL configurations when running setup or update on Management server.

Edge UI Analytics dashboards were not able to fetch data

Fixed a bug in which Analytics queries were failing for environments with a period in their name.

Reserved keywords AND/OR within text of dimensions were causing Analytics reports to fail.

This has been fixed.

Extra whitespace in IP address list of router.properties was preventing routers from coming up

This has been fixed. The extra whitespace is now removed.

Java Management Extensions (JMX) is no longer enabled by default for the Apigee SSO module.

Security issues fixed

The following is a list of known security issues that have been fixed in this release. To avoid these issues, install the latest version of Edge Private Cloud.

Issue ID Description

Passwords were being logged in Edge for Private Cloud, due to normal logging of configuration file delta changes. You can prevent logging of configuration changes as follows:

  • If an Edge component is already installed, do either of the following steps:
    • Set LOGGER_PRINT_CONFIG_DELTA=false as an environment variable. This stops configuration delta logging for all components on that node.
    • To stop configuration delta logging for specific components, add logger.print.config.delta=false to the customer-specific configuration file for that component. This stops logging of configuration changes for that component. See How to configue Edge for more information.
  • If you are installing an Edge component, you can prevent logging of configuration changes by adding the following entry to the silent.conf file:

    This configures the component not to log configuration changes.

N/A Improved security of passwords and related data stored in the platform.
CVE-2015-9251 Cross-site Scripting (XSS) is fixed when a cross-domain Ajax request is performed without the dataType option in jQuery.
N/A Added additional protections against SAML assertion replay attacks.

Known issues

See Known issues with Edge for Private Cloud for a complete list of known issues.