- Edge for Private Cloud release notes

You're viewing Apigee Edge documentation.
Go to the Apigee X documentation.

On September 28, 2021, we released a new version of Apigee Edge for Private Cloud.

Update procedure

Updating this release will update the components in the following list of RPMs:

  • edge-analytics-4.51.00-0.0.40048.noarch.rpm
  • apigee-sso-4.51.00-0.0.21033.noarch.rpm
  • apigee-tomcat-8.5.64-0.0.916.noarch.rpm
  • apigee-machinekey-1.1.0-0.0.20007.noarch.rpm
  • apigee-cassandra-client-2.1.22-0.0.2513.noarch.rpm
  • apigee-cassandra-2.1.22-0.0.2528.noarch.rpm
  • apigee-drupal-7.82-0.0.309.noarch.rpm
  • apigee-drupal-devportal-4.51.00-0.0.411.noarch.rpm
  • apigee-sap-drupal-devportal-4.51.00-0.0.411.noarch.rpm
  • apigee-mirror-4.51.00-0.0.1020.noarch.rpm
  • apigee-mtls-4.51.00-0.0.20226.noarch.rpm
  • edge-management-ui-4.51.00-0.0.20019.noarch.rpm
  • edge-ui-4.51.00-0.0.20199.noarch.rpm
  • edge-management-ui-static-4.51.00-0.0.20034.noarch.rpm
  • apigee-adminapi-4.51.00-0.0.608.noarch.rpm
  • apigee-lib-4.51.00-0.0.1018.noarch.rpm
  • apigee-provision-4.51.00-0.0.616.noarch.rpm
  • apigee-service-4.51.00-0.0.1429.noarch.rpm
  • apigee-setup-4.51.00-0.0.1129.noarch.rpm
  • apigee-configutil-4.51.00-0.0.614.noarch.rpm
  • apigee-postgresql-10.17-0.0.2520.noarch.rpm
  • apigee-validate-4.51.00-0.0.625.noarch.rpm
  • edge-gateway-4.51.00-0.0.60142.noarch.rpm
  • edge-management-server-4.51.00-0.0.60142.noarch.rpm
  • edge-message-processor-4.51.00-0.0.60142.noarch.rpm
  • edge-postgres-server-4.51.00-0.0.60142.noarch.rpm
  • edge-qpid-server-4.51.00-0.0.60142.noarch.rpm
  • edge-router-4.51.00-0.0.60142.noarch.rpm

You can check the RPM versions you currently have installed, to see if they need to be updated, by entering:

apigee-all version

To update your installation, perform the following procedure on the Edge nodes:

  1. On all Edge nodes:

    1. Clean the Yum repos:
      sudo yum clean all
    2. Download the latest Edge 4.51.00 bootstrap_4.51.00.sh file to /tmp/bootstrap_4.51.00.sh:
      curl https://software.apigee.com/bootstrap_4.51.00.sh -o /tmp/bootstrap_4.51.00.sh
    3. Install the Edge 4.51.00 apigee-service utility and dependencies:
      sudo bash /tmp/bootstrap_4.51.00.sh apigeeuser=uName apigeepassword=pWord

      where uName:pWord are the username and password you received from Apigee. If you omit pWord, you will be prompted to enter it.

    4. Update the apigee-setup utility:
      sudo /opt/apigee/apigee-service/bin/apigee-service apigee-setup update
    5. Update the apigee-lib utility:
      sudo /opt/apigee/apigee-service/bin/apigee-service apigee-lib update
    6. Use the source command to execute the apigee-service.sh script:
      source /etc/profile.d/apigee-service.sh
  2. Update the apigee-validate utility on the Management Server:
    /opt/apigee/apigee-service/bin/apigee-service apigee-validate update
  3. Update the apigee-provision utility on the Management Server:
    /opt/apigee/apigee-service/bin/apigee-service apigee-provision update
  4. Update the apigee-adminapi utility:
    /opt/apigee/apigee-service/bin/apigee-service apigee-adminapi update
  5. Update apigee-machinekey utility:
    /opt/apigee/apigee-service/bin/apigee-service apigee-machinekey update
  6. Update apigee-config util:
    /opt/apigee/apigee-service/bin/apigee-service apigee-configutil update
  7. Update all Cassandra nodes:
    /opt/apigee/apigee-setup/bin/update.sh -c cs -f configFile

    where configFile specifies the configuration file that you used to install Apigee Edge for Private Cloud. For example, /opt/silent.conf.

  8. Update Postgres nodes (master and standby):
    /opt/apigee/apigee-setup/bin/update.sh -c ps -f /opt/silent.conf
  9. On all Edge nodes, execute the update.sh script for the edge process:
    /opt/apigee/apigee-setup/bin/update.sh -c edge -f configFile
  10. Execute the update.sh script for SSO on all nodes:
    /opt/apigee/apigee-setup/bin/update.sh -c sso -f configFile
  11. Execute the update.sh for the UI on all nodes:
    /opt/apigee/apigee-setup/bin/update.sh -c ui -f configFile
  12. If you are using the New Edge experience, execute the following command:
    /opt/apigee/apigee-setup/bin/update.sh -c ue -f configFile
  13. On all Apigee Developer Services portal nodes, update the devportal process by executing the following command:
    /opt/apigee/apigee-setup/bin/update.sh -c dp -f configFile
  14. If you are using Apigee mTLS, follow the procedure described in Upgrade Apigee mTLS. For more information, see Introduction to Apigee mTLS.

Changes to supported software

There are no changes to supported software in this release.

Deprecations and retirements

There are no new deprecations or retirements in this release.

New features

This release introduces the following new features:

Ability to enable encryption of developer App credential secrets

We have added the ability to enable encryption of developer App credential secrets. See Enabling secret key encryption for more details.

Added support for OASValidation policy in the Edge UI

The OASValidation (OpenAPI Specification Validation) policy enables you to validate an incoming request or response message against an OpenAPI 3.0 Specification (JSON or YAML). This policy is already available through the Edge API. WIth this release, you can now add the policy in the Edge UI.l

New wrapper around the nodetool repair tool

The wrapper does a sanity check on disk space (where Cassandra is mounted) before running the nodetool repair. The wrapper also supports JMX authentication and SSL over JMX related configurations.

Added support in the LDAP policy for dynamic string substitution for the <BaseDN> element.

The LDAP policy's <BaseDN> element specifies the base level of LDAP under which all of your data exists. In this release, we have added a ref attribute to the element, which you can use to specify a flow variable containing the <BaseDN> value, such as apigee.baseDN. ref takes precedence over an explicit BaseDN value. If you specify both ref and value, ref has priority. If ref does not resolve at runtime, value is used.

New diagnostic tool, sosreport

Added Sosreport, a new system level diagnostic and data collection tool.

Bug fixes

This section lists the Private Cloud bugs that were fixed in this release.

Issue ID Description

There was a minor bug in the way data center names are sorted in Cassandra setup scripts.

This has been fixed.

Fixed an issue with certain spike arrest policy configurations failing with 5XX errors


Fixed inconsistent jQuery script path in classic UI


Enhanced logging for UI was failing due to a misconfiguration of the .properties file

This has been fixed.

404 error while navigating to a developer from the developer apps page

This has been fixed.

Companies were not appearing in the Edge UI

This has been fixed.

Self-signed certs trust issues in the Edge UI

This has been fixed.

console.log() was causing excessive logging

This has been fixed.

Apigee SSO was incorrectly returning stack traces in responses.

This has been fixed. Note that the stack traces are still logged.

apigee-validate was failing with obscure message

This has been fixed. Error logging for apigee-validate script has been improved.

syslog messages were incorrectly being dropped

This has been fixed.

Removed legacy keys from Gateway & Machinekey components


A failure in the permissions API was causing compatibility issues between the Edge UI and Gateway

This issue, which occurred when external LDAP authentication was enabled, has been fixed.

Removed trailing and leading spaces from all the HTTP request and response limit properties


Removed some unused configurations from Gateway components


Enhanced script to change Postgres connection details for Mint Management server


A large SSL handshake message was causing issues in Java 1.8.0_3XX

This has been fixed.

The ip command was not prefixed with the absolute path

This has been fixed. Apigee scripts now fully qualify path of the command.

Management update was failing when Cassandra JMX Authentication or SSL was enabled

This has been fixed. A feature was added to provide Cassandra JMX Authentication & SSL configurations when running setup or update on Management server.

Edge UI Analytics dashboards were not able to fetch data

Fixed a bug in which Analytics queries were failing for environments with a period in their name.

Reserved keywords AND/OR within text of dimensions were causing Analytics reports to fail.

This has been fixed.

Extra whitespace in IP address list of router.properties was preventing routers from coming up

This has been fixed. The extra whitespace is now removed.

Users were able to download inc files based on Nginx configuration files

This has been fixed. A file not found error is now displayed when a user tries to access a configuration file.

Issue with upgrading Message Processors from older Edge for Private Cloud versions

When upgrading Message Processors from older Edge versions to 4.51, it was possible to encounter an error with runtime requests containing KVM operations. This has been fixed.

Security issues fixed

The following is a list of known security issues that have been fixed in this release. To avoid these issues, install the latest version of Edge Private Cloud.

Issue ID Description

Passwords were being logged in Edge for Private Cloud, due to normal logging of configuration file delta changes. You can prevent logging of configuration changes as follows:

  • If an Edge component is already installed, do either of the following steps:
    • Set LOGGER_PRINT_CONFIG_DELTA=false as an environment variable. This stops configuration delta logging for all components on that node.
    • To stop configuration delta logging for specific components, add logger.print.config.delta=false to the customer-specific configuration file for that component. This stops logging of configuration changes for that component. See How to configue Edge for more information.
  • If you are installing an Edge component, you can prevent logging of configuration changes by adding the following entry to the silent.conf file:

    This configures the component not to log configuration changes.

CVE-2021-23337 A command injection vulnerability has been fixed in Lodash 2.4.1
N/A Improved security of passwords and related data stored in the platform.
CVE-2015-9251 Cross-site Scripting (XSS) is fixed when a cross-domain Ajax request is performed without the dataType option in jQuery.
N/A Added additional protections against SAML assertion replay attacks.

Known issues

See Known issues with Edge for Private Cloud for a complete list of known issues.