4.51.00 Edge for Private Cloud release notes

You're viewing Apigee Edge documentation.
Go to the Apigee X documentation.
info

On July 29, 2021, we released version 4.51.00 of the Edge for Private Cloud Feature Release.

Release summary

The following table summarizes the changes in this release:

New Features

This release includes the following new features:

○ A new pop-up window warns you of end of life (EOL) dates
○ Option to log out users when their passwords are changed
○ Set TLS version for SMTP
○ Added an enhanced pg-data-purge script to optionally purge data from parent fact tables
○ Added sosreport, a new system level diagnostic and data collection tool.

For more information about each of these new features, see New features.

Backward Compatibility

The following issues affecting backward compatibility were introduced in this version of Apigee Edge for Private Cloud:

  • Java Management Extensions (JMX) is no longer enabled by default for the Apigee SSO (single sign-on) module.
  • Due to the fix for issue 132443137 (as described in the 19.03.01 Public Cloud release notes), Message Processors now ignore headers that begin with X-Apigee-*. As a result, you must refactor any code that uses X-Apigee-* headers and replace those headers with supported ones.
  • The name of the Cassandra log files has changed. It is now:

    /opt/apigee/var/log/apigee-cassandra/system.log
Included Releases

Since the previous Edge for Private Cloud Feature Release, the following releases have occurred and are included in this release:

○ Edge:
   20.08.03 (Router)
   20.09.18 (Management Server)
   21.03.08 (Router, Management Server, Message Processor)
Retirements None
Deprecations

With the release of 4.51.00:

  • 4.19.06: Version 4.19.06 of Apigee Edge for Private Cloud is now deprecated.

For more detailed information about the deprecations including removal timelines, see Apigee deprecations and retirements.

Known Issues

This release includes the following known issues:

For more information about each of these known issues, including workarounds, see Known issues.

Upgrade paths

For instructions on upgrading to Edge for Private Cloud 4.51.00, see Update Apigee Edge 4.19.06 or 4.50.00 to 4.51.00.

New features

This section lists new features in this release. Additionally, this release includes all features in the Edge UI, Edge Management, and Portal releases listed in Included Releases.

In addition to the following enhancements, this release also contains multiple usability, performance, security, and stability enhancements.

A new pop-up window warns you of end of life (EOL) dates for Edge for Private Cloud

Edge for Private Cloud customers will start seeing warning messages displayed six month prior to the installed version's EOL date. The EOL message will be shown once per browser session: if you close the tab or browser, the session will be lost. If you then re-open Apigee in a browser, the message will be displayed again.

New option to log out users when their passwords are changed

A new flag was added to apigee.feature.clearSessionOnPasswordUpdate, which lets you configure whether users are logged out after you change their password. The default is that users are not logged off.

New flag to set TLS version for SMTP

A new flag has been added to mail.smtp.ssl.protocols, which specifies the SSL protocol that are enabled for SMTP connections. This feature lets you configure SSL protocols based on your security requirements.

You can set this flag by adding the following entry to the properties file, /opt/apigee/customer/application/ui.properties:

conf_apigee.mail.smtp.ssl.protocols=ssl-protocol

Possible values for ssl-protocol are SSLv2Hello, SSLv3, TLSv1, TLSv1.1, and TLSv1.2.

New diagnostic tool, sosreport

Added Sosreport, a new system level diagnostic and data collection tool.

Added support for new software versions

Apigee has added support for the following software versions:

Configure forward proxy.

The following flags have been added, which let you configure a forward proxy:

  • http.proxyHost
  • http.proxyPort
  • http.proxyUser
  • http.proxyPassword

By default the values of the flags are empty.

Enhanced pg-data-purge script to purge parent fact tables from analytics

To run the script, enter the following command:

/opt/apigee/apigee-service/bin/apigee-service apigee-postgresql pg-data-purge org_name env_name number_of_days_to_retain [Delete-from-parent-fact - N/Y] [Confirm-delete-from-parent-fact - N/Y]

The script has the following options:

  • Delete-from-parent-fact Default : No. Will also delete data older than retention days from parent fact table.
  • skip-prompt. Default: No. If No, the script will prompt for confirmation before deleting data from parent fact. Set to Yes if the purge script is automated.

Option to change the user label in the login page

A new flag, apigee.feature.customLoginUserLabel allows you to configure the user label in the login page based on their preference. The default is Email address.

Supported software

This release includes the following changes to supported software:

Support Added No Longer Supported

This release supports the following software versions:

  • Red Hat Enterprise Linux (RHEL) 7.5, 7.6, 7.7, 7.8, 7.9, 8.0
  • Amazon Linux AMI 2
  • Postgres 10.17
  • Nginx 1.20.1

The following software versions are no longer supported with this release:

  • Red Hat Enterprise Linux (RHEL) 6.X
  • Amazon Linux AMI 1
  • Node.js 0.10.32

For a complete list of supported platforms, see Supported software and supported versions.

Bug fixes

This section lists the Private Cloud bugs that were fixed in this release. Additionally, this release includes all bug fixes in the Edge UI, Edge Management, and Portal releases shown in Included Releases.

Issue ID Description
112262604

Mint Management Server needs to be updated when Postgres failover is performed

An enhanced script was created to change Postgres connection details for Mint Management Server. See Handling a PostgreSQL database failover.
150844280

Without an internet connection, Apigee SSO tried to download an external font library during login.

The Google Sans font for headers, which doesn't have an open source license, has been replaced with the Noto Sans font.
161351690

The HMAC policy did not appear in the policy chooser.

The policy is now displayed in the policy chooser.
168149141

Monetization installation was failing on the second management server.

Some potential issues due to a race condition during installation of Mint Management Server have been fixed.
170089960

Unable to change the user label in the login page

A new flag has been added to apigee.feature.customLoginUserLabel. With this flag, you can configure the user label in the login page. The default is the existing label, i.e., Email Address..
170791446

In the Developers UI, a forbidden character in the developer's email address prevented editing the developer's details.

This has been fixed.
173657467

Management Server wasn't coming up if Cassandra nodes in other data centers were down.

The enable Cassandra authentication script has been enhanced to prevent this problem.
175638733

AWS Linux 1 is being deprecated

Support has been added for AWS Linux 2.
175942835

GET requests to dailysummaryreports were being allowed without CSRF protection

This has been fixed
178305317

Consul connect client was not using all the available Consul servers for automatic failover

This has been fixed
180207712

Customers weren't able to add new Cassandra nodes due to incorrect CASS_HOSTS property.

The Cassandra setup now returns an improved error message if an incorrect CASS_HOSTS property is provided.
186503861

ServiceCallout policy was incorrectly splitting the header values when the element was used.

Added a general configuration (conf_http_HTTPHeader.{ANY}) to control default multivalued & duplicate behavior of all Headers. This configuration will only apply if specific header configuration is not present.
182456858

Management server was not always connecting to the local region's Postgress server.

The Management server's Postgres selection algorithm has been optimized so that it connects to a Postgres node in local region
182857918

Log messages when Message Processor reaches its connection limit have been improved. This simplifies troubleshooting.

183147699

Customer dc-4 expansion failed due to custom region name.

A new property, REGION_MAPPING, lets you assign your custom region names to standard region names (dc-1, dc2, and so on). See Edge Configuration File Reference.
185285557

Added an optional feature to make developer emails case insensitive.

This feature is turned off by default, so developer emails continue to be case sensitive (the current behavior).
189743303

Analytics API with filter to exclude API proxies was returning an error.

An issue with parsing filters during execution of custom reports has been fixed.
171240470

Management update was failing when Cassandra JMX Authentication or SSL was enabled

Added feature to provide Cassandra JMX authentication and SSL configurations when running setup or update on Management server.
168560804

When creating a shared flow in the Edge UI, the UI was returning a 403 error for insufficient permissions.

Fixed an undefined value that was being passed to the API.
171985727

Made improvements in JMX configurations of Cassandra so configurations follow other Apigee configuration standards and changes are not overridden during Cassandra upgrade.

188526117

An IP command was not prefixed with the absolute path.

The absolute path is now included in the command.
123015330

Misformatted numbers within a component's .properties file were causing the component to fail to start

This has been fixed.
161934168

PostgreSQL PassTheHash protocol design vulnerability, by PostgreSQL to Postgres v10.17

This has been fixed.
185115206

Made enhancements to improve performance of analytics queries on Management Server

193870176

Added a Router level configuration to disable Virtual Host listen options on standard ports 80 & 443.

197331224

Get org would return a 403-unauthorized error instead of 404-not found if org is not present.

184573211

Java Management Extensions (JMX) is no longer enabled by default for the Apigee SSO module.

Security issues fixed

The following is a list of known security issues that have been fixed in this release. To avoid these issues, install the latest version of Edge Private Cloud.

Issue ID Description
CVE-2018-16131

Vulnerability: [Denial of Service (DoS)] found in for project: unified-experience/navbar (SNYK-JAVA-COMTYPESAFEAKKA-32493). This has been fixed.

CVE-2020-7676

Cross-Site Scripting (XSS) vulnerability in jQuery. A vulnerability in jQuery which reported cross-site scripting (XSS) was fixed.

CVE-2016-5388

Vulnerability in Tomcat servlet. Existing Tomcat servlet 8.0.53 had a security vulnerability. Upgrading Tomcat servlet to 8.5.34 fixed this vulnerability.

Known issues

The following table lists known issues in this release:

Issue ID Description
194249507

apigee-mirror does not work on Red Hat Enterprise Linux (RHEL) 8.0.

As a workaround, install apigee-mirror on a server running a lower version of RHEL or another supported operating system for Apigee. You can then use the mirror to add packages even if you installed Apigee on RHEL 8.0 servers.

See Known issues with Edge for Private Cloud for a complete list of known issues.

Next step

To get started with Edge for Private Cloud 4.51.00, use the following links:

New installations:

New installation overview

Existing installations

Update Apigee Edge 4.19.06 or 4.50.00 to 4.51.00.