Apigee release notes

This page documents production updates to all Apigee software in 2022 and later. We recommend that users periodically check this list for any new announcements, or subscribe to this page using a feed reader to get notifications of updates.

What is a feed reader?

Really simple syndication (RSS) feed readers aggregate content from websites that you specify.

Feed reader notifications can be email-, browser-, desktop-, or mobile-based. Some readers are free, or have free versions, and some require a subscription.

A few examples:

More information on RSS:

See also:

Subscribe:

You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly: https://cloud.google.com/feeds/apigee-release-notes.xml

February 23, 2024

Application Integration

Application Integration now supports private triggers that enable you to break large flows into various subflows. This feature is in preview.

February 19, 2024

Application Integration

Data masking in logs

You can now prevent sensitive data from appearing the integration execution logs. For more information, see Mask sensitive data in logs.

February 12, 2024

Apigee X

On February 12, 2024, we released an updated version of Apigee (1-11-0-apigee-17).

This release addresses the security concerns in GCP-2024-007 from Google Anthos Service Mesh.

Bug ID Description
322389251 Security fix for apigee-ingress.
This addresses the following vulnerabilities:
Bug ID Description
230082910 Fixed issue causing null values for system.timestamp and system.time.millisecond proxy variables.
285592278 Fixed issue with deduction of recurring fees from prepaid balances.
Application Integration

You can now also view the integration execution logs in Cloud Logging. For more information, see View logs in Cloud Logging.

February 09, 2024

Apigee hybrid

hybrid v1.11.1-hotfix.1

On February 9, 2024 we released an updated version of the Apigee hybrid software, v1.11.1-hotfix.1.

This release addresses the security concerns in GCP-2024-007 from Google Anthos Service Mesh.

Bug ID Description
324460830 Security fix for apigee-ingress.
This addresses the following vulnerabilities:

hybrid v1.10.4-hotfix.1

On February 9, 2024 we released an updated version of the Apigee hybrid software, v1.10.4-hotfix.1.

This release addresses the security concerns in GCP-2024-007 from Google Anthos Service Mesh.

Bug ID Description
324460830 Security fix for apigee-ingress.
This addresses the following vulnerabilities:

February 08, 2024

Apigee X

On February 8, 2024 we released an updated version of the Apigee APIs.

API support for update operations on KeyValueMap entries

Starting with this release, the Apigee APIs support update operations for KeyValueMap entries. See the API reference page for REST Resource: organizations.environments.keyvaluemaps.entries for information.

February 07, 2024

Apigee Integrated Portal

On February 07, 2024 we released an updated version of Apigee integrated portal.

Bug ID Description
323278335 A security issue was fixed.
192987085 Fixed an issue where switching API spec pages in the public developer portal resulted in an error. Note, this issue was erroneously mentioned in the 12/7/23 release notes.

February 02, 2024

Apigee X

On February 2, 2024, we released an updated version of Apigee.

We modified or added these limits:

  • Changed the maximum API proxy endpoints per API proxy from 5 to 10
  • Specified the maximum API base paths per organization as 21,250

See the Limits page for details.

February 01, 2024

Apigee X

On February 1, 2024, we released an updated version of Apigee.

With this release, Apigee API Management organizations with Pay-as-you-go pricing provisioned before October 1, 2023, will be converted to Pay-as-you-go organizations that use updated attributes for pricing.

Prior to the conversion, these organizations were billed for API runtimes based on Apigee gateway node usage and the total number of API requests processed by Apigee analytics.

Once converted, these organizations will be billed for the following:

  • Volume of API calls processed by a given proxy type
  • Usage of deployment environments (per hour per region)
  • Usage of additional deployment units (API proxies or shared flows)
  • Any additional add-on capabilities (Advanced API security, Monetization, Analytics)

The conversion process is expected to last about 5 minutes and traffic will continue to be processed normally during this time. If proxy revision deployments are interrupted during this time frame, revisions can be deployed after conversion completes.

The Apigee API Analytics add-on will be enabled by default in converted organizations.The Analytics add-on can be disabled after the pricing change if it is not required.

For more information on the updated pricing and enhanced features now available for these organizations, see Pay-as-you-go (updated attributes) overview.

Updated pricing attributes will be reflected in March invoices. For billing questions related to this change, contact Google Cloud Billing support.

January 24, 2024

Application Integration

Custom connectors [Preview]

Application Integration now supports custom connectors. The custom connectors feature (based on the Open API specification) lets you create your own connectors that aren't a part of the standard connectors provided by Integration Connectors. You can use these connectors in your integrations. For more information, see Custom connectors.

January 23, 2024

Apigee UI

On January 23, 2024 we released an updated version of the Apigee UI.

Bug ID Description
317739341 In some cases the navigation menu for Monetization was hidden when Monetization was enabled in the Apigee organization. This has been fixed.
Application Integration

The following new data transformer functions are available:

January 22, 2024

Apigee Integrated Portal

On January 22, 2024 we released an updated version of Apigee integrated portal.

Bug ID Description
311491188 API requests to add a category to a catalog item now validate that the category ID exists.
Apigee X

On January 22, 2023, we released an updated version of Apigee (1-11-0-apigee-14).

Note: Rollouts of this release to production instances will begin within two business days and may take four or more business days to be completed across all Google Cloud zones. Your instances may not have the features and fixes available until the rollout is complete.

Bug ID Description
316093865 Fixed issue where empty LoadBalancer configuration in the Target Endpoint results in a failed proxy deployment with NullPointerException.
312966965 Resolved proxy chaining issue resulting in incorrect post-target service callout hostnames.
318909276 Fixed issue withLookupCache policy failures under certain circumstances.
262071551 Resolved issue with the use of combinators such as allOf in the OASValidation Policy.
311049371 Resolved issue causing SSL error in proxy chaining and path chaining flows.
308196929 Use of target.header.host flow variable with gRPC targets is now fixed.

January 16, 2024

Apigee Advanced API Security

On January 16, 2024 we released an updated version of Advanced API Security.

Training machine learning models for abuse detection on your data

You now have the option to allow Apigee to train your organization's machine learning models for abuse detection on your data. Training the models on your data helps improve their accuracy for detecting security incidents.

Application Integration

Webhook triggers are now supported in preview. With webhook triggers, you can build integrations for your data sources that don't have specific triggers but support webhook for event listening.

December 21, 2023

Apigee hybrid

hybrid 1.11.1

On December 21, 2023 we released an updated version of the Apigee hybrid software, 1.11.1.

Bug ID Description
311705715 Use a non-default service account for the remove-dc component.
306341401 Fixed regression where virtualhost cipherSuites overrides weren't being used.
Bug ID Description
315034009 Security fixes: apigee-asm-ingress and apigee-asm-istiod (ingressgateway and ingressgateway-controller) are upgraded to Service Mesh version 1.17.8-asm.4.
This addresses the following vulnerabilities:
303460289 Security fixes to apigee-prometheus-adapter.
This addresses the following vulnerabilities:
303459588 Security fixes to apigee-prom-prometheus.
This addresses the following vulnerabilities:
303292806 Restrict connections from the Cassandra backup utility to Cassandra server pods in the apigee namespace.
N/A Security fixes to apigee-cassandra-backup-utility.
This addresses the following vulnerabilities:
N/A Security fixes to apigee-fluent-bit.
This addresses the following vulnerabilities:
N/A Security fixes to apigee-hybrid-cassandra.
This addresses the following vulnerabilities:
N/A Security fixes to apigee-hybrid-cassandra-client.
This addresses the following vulnerabilities:
N/A Security fixes to apigee-kube-rbac-proxy.
This addresses the following vulnerabilities:
N/A Security fixes to apigee-installer, apigee-operators, and apigee-watcher.
This addresses the following vulnerabilities:

December 18, 2023

Apigee hybrid

hybrid v1.10.4

On December 18, 2023 we released an updated version of the Apigee hybrid software, 1.10.4.

Bug ID Description
311705715 Use a non-default service account for the remove-dc component.
306341401 Fixed regression where virtualhost cipherSuites overrides weren't being used.
302186503 Add the missing HTTP proxy template settings to the Apigee Hybrid Helm datastore component.
300542690 Added dedicated service accounts for Apigee Connect, Redis, and UDCA to prevent Kubernetes from automatically injecting credentials for a specified Service Account or the default Service Account.
277353680 Fixed issue causing target server HealthMonitors to continue beyond revision or deletion of the proxy.

Target health checks are now terminated as soon as the proxy is removed from the runtime (undeployed or deleted). Note: There may be a delay between removal of the proxy and termination of the target server health checks.

Bug ID Description
315034009 Security fixes: apigee-asm-ingress and apigee-asm-istiod (ingressgateway and ingressgateway-controller) are upgraded to Service Mesh version 1.17.8-asm.4.
This addresses the following vulnerabilities:
311167948 A security issue was addressed.
303460289 Security fixes for apigee-prometheus-adapter.
This addresses the following vulnerabilities:
303459588 Security fixes for apigee-prom-prometheus.
This addresses the following vulnerabilities:
300319489 Security fixes for fluentd.
This addresses the following vulnerabilities:
294892189 Security fixes for apigee-diagnostics-collector.
This addresses the Guava vulnerability:
N/A Security fixes for apigee-cassandra-backup-utility and apigee-prom-prometheus.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-fluent-bit.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-hybrid-cassandra and apigee-hybrid-cassandra-client.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-installer, apigee-operators, and apigee-watcher.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-kube-rbac-proxy.
This addresses the following vulnerabilities:

December 15, 2023

Apigee X

On December 15, 2023, we released an updated version of Apigee.

Update Pay-as-you-go environment types with Apigee APIs.

Use Apigee APIs to upgrade or downgrade the type of an existing environment to add or remove feature capabilities and manage your Apigee Pay-as-you-go billing and resource usage. For more information, see Update Pay-as-you-go environment types.

Apigee Advanced API Security add-on for Pay-as-you-go organizations is generally available (GA).

With this release, Apigee Advanced API Security is available as a paid add-on capability for Pay-as-you-go organizations. The add-on can be enabled in any Apigee Intermediate or Comprehensive environment from the Apigee UI in Cloud Console or using the Apigee APIs. For more information, see Manage the Advanced API Security add-on.

December 13, 2023

Apigee Advanced API Security

On December 13, 2023 we released an updated version of Advanced API Security.

Public preview of archiving security incidents

With this release, you can now archive security incidents that you no longer want to see displayed in the incidents list. For example, you might want to archive incidents that you have already dealt with and no longer need to track. Archiving incidents can help you focus on those incidents that still require your attention. Archiving does not delete the incident: you can always unarchive it whenever you want.

Performance improvements to Risk Assessment security scores

Risk Assessment security scores now load faster in the Apigee UI, due to improved server side caching of scores.

Apigee X

On December 13, 2023, we released an updated version of Apigee.

Note: Rollouts of this release to production instances will begin within two business days and may take four or more business days to be completed across all Google Cloud zones. Your instances may not have the features and fixes available until the rollout is complete.

You can now restrict the creation of Apigee location based resources (Organization, Instances and EndpointAttachments) to specific locations using an Organization Policy Service constraint. This feature is generally available. To learn more, see Restricting Resource Locations.

Apigee now supports data residency. Data residency for Apigee meets compliance and regulatory requirements by allowing you to specify the geographic locations (regions) where Apigee data is stored. See Introduction to data residency.

Apigee now supports Forward Proxying. Forward Proxying provides the ability to forward traffic received in a particular environment to a specified URI. See Forward proxying.

Apigee now supports CMEK for the control plane. If you have specific compliance or regulatory requirements related to the keys that protect your data, you can use customer-managed encryption keys (CMEK). See Introduction to CMEK.

Application Integration

Application Integration is now available in the following regions:

  • asia-east2 (Taiwan)
  • asia-northeast2 (Osaka)
  • asia-northeast3 (Seoul)
  • asia-south2 (Delhi)
  • asia-southeast2 (Jakarta)
  • europe-central2 (Warsaw)
  • europe-west10 (Berlin)
  • europe-west12 (Turin)
  • northamerica-northeast2 (Toronto)
  • southamerica-west1 (Santiago)
  • us-east5 (Columbus)
  • us-west3 (Salt Lake City)
  • us-west4 (Las Vegas)
  • us-south1 (Dallas)

For the list of all the supported regions, see Locations.

December 07, 2023

Apigee Integrated Portal

On December 7, 2023 we released an updated version of Apigee integrated portal.

Bug ID Description
313803133 Fixed an issue where switching API spec pages in the public developer portal resulted in an error.
310865440 Fixed an issue where updating the documentation of a CatalogItem could timeout.
Apigee X

On December 7, 2023, we released an updated version of Apigee X.

General Availability (GA) of Apigee gRPC passthrough

Apigee's gRPC proxy passthrough functionality provides the ability to create proxies which receive gRPC client requests and pass them through to a gRPC target server.

For information, see Creating gRPC API proxies.

December 06, 2023

Apigee Advanced API Security

On December 6, 2023 we released an updated version of Advanced API Security.

New button to create a security action is now in several places in the Abuse detection and Risk assessment pages

The new button links directly to the Security actions page from the Abuse detection or Risk assessment pages, so you can easily create a security action for the environment you are currently viewing. The button is in the following locations:

  • The Source assessment view in the Risk assessment page
  • The Detected Traffic, Incident, and Incident details views in the Abuse detection page

December 05, 2023

Apigee Advanced API Security

On December 5, 2023 we released an updated version of Advanced API Security.

Changes to proxy security scores

The following changes have been made to the way proxy security scores are calculated:

  • Previously, adding a policy to a proxy or shared flow, but not attaching the policy to any flow (preflow, postflow or conditional flow), could affect the proxy's score.

    With this release, you must attach a policy in a flow in order for the policy to affect the proxy's score. A policy that is not attached in a flow is treated as if no policy were present for scoring.

  • Previously, proxies with no policies were not considered in scoring.

    With this release, proxies with no policies are considered in scoring.

See How policies affect proxy security scores to learn more.

December 01, 2023

Apigee X

On December 1, 2023, we released an updated version of Apigee (1-11-0-apigee-8).

Note: Rollouts of this release to production instances will begin within two business days and may take four or more business days to be completed across all Google Cloud zones. Your instances may not have the features and fixes available until the rollout is complete.

Dynamic endpoint target metrics aggregated into a single metric.

With this release, all request, response, and latency target metrics for dynamically-configured endpoints are aggregated and presented as a single metric per proxy, using the endpoint label Dynamic Target. This feature does not change monitoring behavior for statically configured endpoints.

Bug ID Description
294882858 Fixed issue with ServiceCallout policy overriding target_ip value in proxy.
279037851 Improved performance when running debug sessions with masked payload.
312026988 Resolved possible usage counting issue for monetization prepaid developers using proxies with multiple proxy endpoints configured.
Apigee hybrid

hybrid v1.10.3-hotfix.4

On December 1, 2023 we released an updated version of the Apigee hybrid software, v1.10.3-hotfix.4.

Bug ID Description
311705715 Mount a dedicated service account to the remove-dc component.
Bug ID Description
311167948 A security issue was addressed.
Application Integration

Cloud Pub/Sub trigger supports cross-project topics

You can now configure your Cloud Pub/Sub trigger for a Pub/Sub topic that isn't in the same Google Cloud project as your integration. The Pub/Sub topic can be in any Google Cloud project.

Starting with this release, you must specify a service account when configuring the Cloud Pub/Sub trigger. Your existing Cloud Pub/Sub triggers, that don't have any service account associated with them, will continue to work as before. However, if you want to modify the Pub/Sub topic in any of the existing Cloud Pub/Sub triggers, you must also configure a service account for those triggers to continue using them.

November 29, 2023

Application Integration

The Database persistence feature is now renamed to Local logging, which also supports logging in ASYNC mode. For more information, see Local logging.

Application Integration is now available in the Dammam (me-central2) region. For the list of all the supported regions, see Locations.

November 23, 2023

Application Integration

HubSpot trigger is now available in preview.

November 21, 2023

Application Integration

November 17, 2023

Apigee hybrid

hybrid v1.11.0

On November 17, 2023 we released an updated version of the Apigee hybrid software, v1.11.0.

Helm charts management for Apigee hybrid

Starting in version v1.11.0, you have the choice of installing and managing your clusters with either Helm or apigeectl. You cannot manage a cluster with both. Apigee recommends using Helm for new hybrid installations. See Apigee hybrid Helm charts reference.

Vault integration for Cassandra credentials (preview)

Starting in version v1.11.0, you can store Cassandra credentials in Hashicorp Vault.
Note: Using Vault requires Helm management of your Apigee installation.
See Storing Cassandra credentials in Hashicorp Vault.

Vault integration is in preview as of the Apigee hybrid 1.11.0 release.

Apigee Advance API Security Actions for Apigee hybrid

Advanced API Security's new Security Actions feature is now available in Apigee hybrid.

Bug ID Description
295929616 Installation of Hybrid 1.10.x would fail on OpenShift due to out of memory issues. (Fixed in Apigee hybrid v1.10.3)
294069799 Updated the security context settings for the Apigee Hybrid Backup and Restore pod.
292571089 An error with support for CSI backup and restore for Cassandra was fixed. (Fixed in Apigee hybrid v1.10.3)
292118812 Fixed UDCA regression in Hybrid 1.10.1 where UDCA would ignore forward proxy configuration. (Fixed in Apigee hybrid v1.10.2)
289254725 Implemented a fix to prevent failure of proxy deployments that include the OASValidation policy. (Fixed in Apigee hybrid v1.10.1)
287321226 Security context has been corrected for apigee-prom-prometheus to avoid privilege escalation. (Fixed in Apigee hybrid v1.10.3)
277353680 Fixed issue causing target server HealthMonitors to continue beyond revision or deletion of the proxy.

Target health checks are now terminated as soon as the proxy is removed from the runtime (undeployed or deleted). Note: There may be a delay between removal of the proxy and termination of the target server health checks. (Fixed in Apigee X)

240180122 Disable privilege escalation on the cassandra container by moving the ulimit settings to the newly introduced initContainer "apigee-cassandra-ulimit-init".

If you are using security controls with gatekeeper, ensure that apigee-cassandra-ulimit-init initContainer can runAs user, group as 0 and allow capabilities IPC_LOCK and SYS_RESOURCES. (Fixed in Apigee hybrid v1.11.0)

205666368 Fixed issue with default validation of TLS target endpoint certificates.

To enable strict SSL on southbound connections to a proxy target endpoint, add the tag <Enforce>true</Enforce> in the target <SSLInfo> block.

See About setting TLS options in a target endpoint or target server.

See also Known Issue #205666368.

(Fixed in Apigee hybrid v1.10.3-hotfix.1)
158132963 Added improvements to capture relevant target flow variables in trace and analytics in case of target timeouts. (Fixed in Apigee hybrid v1.10.2)
Bug ID Description
303292806 Set backup utility to only connect to Cassandra server pods in the apigee namespace. (Fixed in Apigee hybrid v1.10.3-hotfix.3)
300542690 Added dedicated service accounts for Apigee Connect, Redis, and UDCA to prevent Kubernetes from automatically injecting credentials for a specified ServiceAccount or the default ServiceAccount. (Fixed in Apigee hybrid v1.10.3-hotfix.3)
297938600,
297938559,
297938486,
294892344
Security fixes for apigee-diagnostics-collector. (Fixed in Apigee hybrid v1.10.3)
This addresses the following vulnerabilities:
297938498,
297938487
Security fixes for apigee-fluent-bit.(Fixed in Apigee hybrid v1.10.3)
This addresses the following vulnerabilities:
297938441 Security fixes for apigee-runtime. (Fixed in Apigee hybrid v1.10.3)
This addresses the following vulnerabilities:
297286274 Security fixes for apigee-installer. (Fixed in Apigee hybrid v1.10.3)
This addresses the following vulnerabilities:
296719459,
296719400,
296719348,
296719307,
296719306,
296719188,
296719187,
296719186,
296719115,
296719018,
296718937,
296718918,
296718917,
296718916,
296716670,
296716669,
296716472,
296716471,
296715155
Security fixes for apigee-hybrid-cassandra. (Fixed in Apigee hybrid v1.10.3)
This addresses the following vulnerabilities:
296717666,
296717283,
296716668,
296716667,
296716650,
296716635,
296716634,
296716633,
296716470,
296716234,
296715734,
296715733,
296715154,
296715153
Security fixes for apigee-hybrid-cassandra-client. (Fixed in Apigee hybrid v1.10.3)
This addresses the following vulnerabilities:
296717665,
296717664,
296717663,
296717662,
296717185,
296716666,
296716649,
296716632,
296716468,
296716467,
296716232,
296715152,
296715151,
296714218
Security fixes for apigee-cassandra-backup-utility. (Fixed in Apigee hybrid v1.10.3)
This addresses the following vulnerabilities:
295936113 Security fixes for apigee-mart-server. (Fixed in Apigee hybrid v1.10.3)
This addresses the following vulnerability:
294906706 Security fixes for apigee-prom-prometheus. (Fixed in Apigee hybrid v1.10.3)
This addresses the following vulnerabilities:
293925856 Security fixes for apigee-prometheus-adapter. (Fixed in Apigee hybrid v1.10.3)
This addresses the following vulnerabilities:
293348130 Security fixes for apigee-udca. (Fixed in Apigee hybrid v1.10.2)
This addresses the following vulnerabilities:
291994501 Security fixes for apigee-operator and apigee-watcher. (Fixed in Apigee hybrid v1.10.2)
This addresses the following vulnerabilities:
291994501 Security fixes for apigee-installer. (Fixed in Apigee hybrid v1.10.2)
This addresses the following vulnerabilities:
290829031 Security fixes for apigee-hybrid-cassandra, apigee-cassandra-client, and cassandra-backup-utility. (Fixed in Apigee hybrid v1.10.2)
This addresses the following vulnerabilities:
290829028 Security fixes for Apigee Connect and apigee-connect-agent and apigee-redis. (Fixed in Apigee hybrid v1.10.2)
This addresses the following vulnerabilities:
290068742 Security fixes for apigee-udca. (Fixed in Apigee hybrid v1.10.1)
This addresses the following vulnerability:
290067464, 297938583 Security fixes for apigee-stackdriver-logging-agent. (Fixed in Apigee hybrid v1.10.1)
This addresses the following vulnerabilities:
290065830 Security fixes for apigee-udca. (Fixed in Apigee hybrid v1.10.1)
This addresses the following vulnerability:
281561243 Security fixes for apigee-diagnostics-collector, apigee-mart-server, apigee-mint-task-scheduler, apigee-runtime, and apigee-synchronizer. (Fixed in Apigee hybrid v1.10.1)
This addresses the following vulnerability:
N/A Security fixes for apigee-prometheus-adapter. (Fixed in Apigee hybrid hybrid v1.11)
This addresses the following vulnerabilities:
N/A Security fixes for apigee-prom-prometheus/master. (Fixed in Apigee hybrid v1.11)
This addresses the following vulnerabilities:
N/A Security fixes for apigee-kube-rbac-proxy. (Fixed in Apigee hybrid hybrid v1.11)
This addresses the following vulnerabilities:
N/A Security fixes for apigee-hybrid-cassandra. (Fixed in Apigee hybrid hybrid v1.11)
This addresses the following vulnerabilities:
N/A Security fixes for apigee-fluent-bit. (Fixed in Apigee hybrid hybrid v1.11)
This addresses the following vulnerabilities:
N/A Security fixes for apigee-diagnostics-collector, apigee-mart-server, apigee-mint-task-scheduler, apigee-runtime, and apigee-synchronizer. (Fixed in Apigee hybrid hybrid v1.11)
This addresses the following vulnerabilities:
N/A Security fixes for apigee-cassandra-backup-utility, apigee-hybrid-cassandra-client, and apigee-connect-agent. (Fixed in Apigee hybrid v1.11)
This addresses the following vulnerabilities:
N/A Security fixes for apigee-asm-ingress and apigee-asm-istiod. (Fixed in Apigee hybrid v1.11)
This addresses the following vulnerabilities:

November 10, 2023

Apigee Integrated Portal

On November 10, 2023 we released an updated version of Apigee integrated portal.

This release includes the public preview of integrated portal APIs which allow you to manage your integrated portal APIs and reference documentation using API calls.

The catalog items list view now uses pagination when making requests to the portals service, examples have been added to Publishing your APIs, and new reference documentation is available:

Apigee X

As of November 10, 2023, Configurable API Proxies (preview) is no longer available. For more information, see Configurable API Proxies (preview) deprecation.

On November 10, 2023 we released an updated version of Apigee.

Apigee is now available in a new region: Middle East - Dammam (me-central2).

See Apigee locations for more information about available regions.

November 08, 2023

Apigee Integrated Portal

On November 8, 2023 we released an updated version of Apigee integrated portal.

Bug ID Description
305287906 Fixed links to an API product from the API details, User account details, or Team details page in the Apigee UI.
307600672 Fixed issue where the name of the documentation was not populated in the Documentation column on the Apigee UI, API catalog page.
307599975 Improved pagination through large API catalogs on the Apigee UI, API catalog page.

November 03, 2023

Apigee X

On November 3, 2023, we updated the following security bulletin:

Bug ID Description
304599411 Security bulletin updated
GCP-2023-32
A Denial-of-Service (DoS) vulnerability was recently discovered in multiple implementations of the HTTP/2 protocol (CVE-2023-44487), including the Apigee Ingress (Anthos Service Mesh) server used by Apigee X. The vulnerability could lead to a DoS of Apigee API management functionality.

The shutdown of the Configurable API Proxy (Preview) feature is approaching. On or after November 10, 2023, the preview feature will no longer be available. For more information, see Configurable API proxies (preview) deprecation.

November 01, 2023

Apigee Advanced API Security

On December 6, 2024 we release an updated version of Advanced API Security.

Public preview of Advanced API Security custom profiles in the Apigee UI

With this release, you can now create and edit custom security profiles in the Apigee UI. Custom profiles let you specify the security categories that your security scores are based on.

The Security scores page in the Apigee UI has been renamed to the Risk assessment page, and the page now has tabs for security scores and security profiles.

October 26, 2023

Apigee Integrated Portal

On October 26, 2023 we released an updated version of Apigee integrated portal.

Bug ID Description
5400261 Improve confirmation dialog text when user clicks the button to revoke an app key from the portal UI.

This dialog is displayed when you:
  1. Select Apps from the user account drop-down in the portal.
  2. Click an app.
  3. Click the Revoke button in the API Keys row.
Apigee UI

On October 26, 2023 we released an updated version of the Apigee UI.

Bug ID Description
287028804, 291942702 Fixed issue where customers with a mismatched with Google Cloud project and Apigee organization ID would be presented with the Apigee welcome screen instead of the management UI in the Apigee UI in Google Cloud console.

The above fix requires a change in permissions for users managing Apigee through the Google Cloud console with a custom role.

Custom roles must now include the apigee.projectorganizations.get role for users who manage Apigee organizations via the Apigee UI in Cloud console. Without this role, users see a provisioning prompt in the console rather than the standard UI actions.

See UI-based Apigee management permissions for instructions.

October 24, 2023

Apigee UI

On October 24, 2023 we released an updated version of the Apigee UI.

Bug ID Description
301458133 Fixed an issue in which saving a previously deployed proxy or shared flow revision resulted in the error "revision revision_name is immutable." You are now prompted to create a new revision in this case.
Apigee X

On October 24, 2023, we released an updated version of Apigee (1-11-0-apigee-7).

Note: Rollouts of this release to production instances will begin within two business days and may take four or more business days to be completed across all Google Cloud zones. Your instances may not have the features and fixes available until the rollout is complete.

With this release, the HeaderName element is available as a child element of Authentication. This element appears in the ServiceCallout and ExternalCallout policies, and in the TargetEndpoint proxy configuration.

By default, when an Authentication configuration is present, Apigee generates and injects a bearer token into the Authorization header, in the message sent to the target system. The new HeaderName element allows the configuration to specify the name of a different header to hold that bearer token.

Bug ID Description
294293907 Fixed issue with Google authentication for gRPC-based target servers.
292454825 Fixed issue causing Null Pointer Exception when creating or updating an API product.
291784631 Implemented fix to permit the use of hyphens (-) in flow variables used to define target URLs in <HTTPTargetConnection>.
267229604 Fixed issue where updates to a TLS truststore reference were not reflected for in-use southbound target server connections.
277353680 Fixed issue causing target server HealthMonitors to continue beyond revision or deletion of the proxy.

Target health checks are now terminated as soon as the proxy is removed from the runtime (undeployed or deleted). Note: There may be a delay between removal of the proxy and termination of the target server health checks.

N/A Upgraded infrastructure and libraries.

October 19, 2023

Apigee Integration

The maximum memory available for script evaluation in the Data Transformer Script task is 300 MB. For the list of all the applicable limits, see Quotas and Limits.

Apigee X

On October 19, 2023, we released an updated version of Apigee

Looker Studio Integration

This release includes the public preview of Looker Studio Integration, which connects Apigee data to Google's Looker Studio. Looker Studio is a powerful and flexible tool that you can use to display Apigee data in fully customizable dashboards and reports.

Application Integration

The maximum memory available for script evaluation in the Data Transformer Script task is 300 MB. For the list of all the applicable limits, see Quotas and Limits.

October 17, 2023

Apigee hybrid

hybrid v1.10.3-hotfix.3

On October 17, 2023 we released an updated version of the Apigee hybrid software, v1.10.3-hotfix.3.

Bug ID Description
303292806 Set backup utility to only connect to Cassandra server pods in the apigee namespace.
300542690 Added dedicated service accounts for Apigee Connect, Redis, and UDCA to prevent Kubernetes from automatically injecting credentials for a specified ServiceAccount or the default ServiceAccount.

October 13, 2023

Apigee X

On October 13, 2023, we released an updated version of Apigee (1-11-0-apigee-6).

Bug ID Description
304681330 Security fix for apigee-ingress.
This addresses the following vulnerability:
CVE-2023-44487
305127632 Security bulletin published.
GCP-2023-032

Description

A Denial-of-Service (DoS) vulnerability was recently discovered in multiple implementations of the HTTP/2 protocol (CVE-2023-44487), including the Apigee Ingress (Anthos Service Mesh) server used by Apigee X. The vulnerability could lead to a DoS of Apigee API management functionality.

Affected Products

Deployments of Apigee X that are accessible through a Google Cloud Network Load Balancer (Layer 4), or a custom layer 4 load balancer, are affected. A hotfix is being applied to all Apigee X instances. Your Apigee X instances will be automatically updated within the next few days.

Unaffected products

Apigee X instances which are accessed only via Google Cloud Application Load Balancers (Layer 7) are not affected. This includes deployments that have HTTP/2 enabled for gRPC proxies.

What Should I Do?

All Apigee X instances will be automatically updated within the next few days. Customers do not need to take any actions.

What Vulnerabilities Are Addressed By These Patches?

The vulnerability, CVE-2023-44487, allows an attacker to execute a denial-of-service attack on Apigee ingresses.

Apigee hybrid

hybrid v1.10.3-hotfix.2

On October 13, 2023 we released an updated version of the Apigee hybrid software, v1.10.3-hotfix.2.

Bug ID Description
304681330 Security fix for apigee-ingress.
This addresses the following vulnerability:
CVE-2023-44487
305127632 Security bulletin published.
GCP-2023-032

hybrid v1.9.4-hotfix.1

On October 13, 2023 we released an updated version of the Apigee hybrid software, v1.9.4-hotfix.1.

Bug ID Description
304681330 Security fix for apigee-ingress.
This addresses the following vulnerability:
CVE-2023-44487
305127632 Security bulletin published.
GCP-2023-032

Description

A Denial-of-Service (DoS) vulnerability was recently discovered in multiple implementations of the HTTP/2 protocol (CVE-2023-44487), including the Apigee Ingress (Anthos Service Mesh) server used by Apigee hybrid. The vulnerability could lead to a DoS of Apigee API management functionality.

Affected Products

Apigee hybrid instances that allow HTTP/2 requests to reach the Apigee Ingress are affected. Customers should verify if the load balancers fronting their Apigee hybrid ingresses allow for HTTP/2 requests to reach the Apigee Ingress service.

What Should I Do?

Apigee hybrid customers will need to upgrade to one of the following patch versions:

What Vulnerabilities Are Addressed By These Patches?

The vulnerability, CVE-2023-44487, allows an attacker to execute a denial-of-service attack on Apigee ingresses.

October 10, 2023

Apigee Integration

The following new data transformer functions are available:

  • Manifest XML - Converts the specified input JSON object into an XML string.

  • Parse XML - Parses the specified input XML string into a JSON object.

IAM Conditions for fine-grained access

IAM Conditions lets you define and enforce conditional, attribute-based access control for Google Cloud resources, including Application Integration resources. For more information, see Add IAM conditions.

You can now view the detailed summary of an integration from the Integration designer. For more information, see View integration details.

Application Integration

The following new data transformer functions are available:

  • Manifest XML - Converts the specified input JSON object into an XML string.

  • Parse XML - Parses the specified input XML string into a JSON object.

IAM Conditions for fine-grained access

IAM Conditions lets you define and enforce conditional, attribute-based access control for Google Cloud resources, including Application Integration resources. For more information, see Add IAM conditions.

You can now view the detailed summary of an integration from the Integration designer. For more information, see View integration details.

Support for user-defined service account

You can now configure a service account of your choice for an integration. The option to select a service account is displayed to you during the integration creation step.

October 06, 2023

Apigee Advanced API Security

On October 6, 2023, we released an updated version of Advanced API Security.

Public Preview of Advanced API Security Actions

Advanced API Security's new Security Actions feature lets you create security actions that define how Apigee handles detected traffic. You can create the following security actions:

  • Deny actions, which deny requests that meet specified conditions, for example, originating at an IP address that has been identified as a source of abuse.

  • Flag actions, which let requests pass through, but add headers to requests to identify them as suspicious.

  • Allow actions, which are used to override deny actions in specific cases when the request is trusted.

October 05, 2023

Apigee Integrated Portal

On October 5, 2023 we released an updated version of Apigee integrated portal. This release includes general improvements to performance and availability.

September 29, 2023

Apigee X

On September 29, 2023, we released an updated version of Apigee.

New attributes for Pay-as-you-go pricing are generally available (GA).

Apigee updated its Pay-as-you-go pricing model, making it possible for customers to onboard at a significantly reduced initial cost and right-size their ongoing expenses to usage.

To learn more about the updated Pay-as-you-go pricing experience, see Pay-as-you-go (updated attributes) pricing overview.

Standard and extensible API proxies are generally available (GA).

Standard and extensible API proxies are generally available for use with Apigee organizations.

For more information about standard and extensible API proxies, see API proxy types.

HTTPModifier and ReadPropertySet policies and templating support for message elements are generally available (GA).

The HTTPModifier policy can change an existing request or response message and provides a subset of the functionality already available in the AssignMessage policy. See HTTPModifier policy.

The ReadPropertySet policy reads property sets and populates flow variables with the results. See ReadPropertySet policy.

HTTPModifier and ReadPropertySet are standard policies. Proxies built exclusively with standard policies are called standard proxies and can be deployed to any environment type. See Pay-as-you-go (updated attributes) pricing overview.

With this release, template support for message elements is also generally available. See URL templating.

New environment types are generally available (GA).

With this release, Apigee introduces three distinct environments that have access to varying degrees of Apigee capabilities and costs: Base, Intermediate, and Comprehensive.

For more information, see Apigee Pay-as-you-go environment types.

Apigee API Analytics add-on for Pay-as-you-go organizations is generally available (GA).

With this release, Apigee API Analytics is available as a paid add-on capability for Pay-as-you-go organizations. The add-on can be enabled in any Apigee Intermediate or Comprehensive environment. For more information, see Manage the Apigee API Analytics add-on.

One click provisioning for Apigee Pay-as-you-go organizations is generally available (GA).

Simplify your onboarding experience with one click provisioning for new Pay-as-you-go organizations, using smart default configurations. To learn more, see Provision Apigee with one click.

Updated pricing attributes in Subscription plans are available.

To get started with subscription plans that include new pricing attributes (consistent with Pay-as-you-go pricing), contact your Google Cloud sales specialist.

For more information, see Apigee Subscription 2024 entitlements. Apigee hybrid is not available in the new subscription plan at this time.

September 27, 2023

Apigee Advanced API Security

On September 27, 2023, we released an updated version of Advanced API Security.

Public preview of Advanced API Security Alerting

Advanced API Security's new alerting feature lets you create alerts for events related to API security using Google Cloud Monitoring, such as changes to your security scores or incidents involving detected API abuse. You can configure alerts to send you notifications by email or other channels when these events occur, so you can take action to counteract them.

September 25, 2023

Apigee Advanced API Security

On September 25, 2023 we release an updated version of Advanced API Security.

If a flow hook contains any FlowCallout policies, Advanced API Security scores now processes all policies from the shared flows that the flow callouts are pointing to for scoring. Further callout chaining is not supported.

Bug ID Description
300849647 Fixed a bug in Security scores for proxies that don't contain any policies in the categories authorization, mediation, threat or CORS .
Apigee UI

On September 25, 2023, we released an updated version of the Apigee UI.

This release includes a new Overview page for Apigee API Management in the Google Cloud console.

From the Overview page, you can:

For more information, see UI overview.

September 22, 2023

Apigee Integration

Vertex AI - Predict task

Starting with this release, Apigee Integration provides the Vertex AI - Predict task that lets you perform online predictions on your ML models.

Application Integration

Vertex AI - Predict task

Starting with this release, Application Integration provides the Vertex AI - Predict task that lets you perform online predictions on your ML models.

September 20, 2023

Apigee Integration

Application Integration is now available for your Google Cloud project. You can now use both Apigee Integration and Application Integration within the same Google Cloud project. For more information, see Using Application Integration.

September 19, 2023

Apigee UI

On September 19, 2023, we released an updated version of the Apigee UI.

GA release of the Apigee UI in Cloud console

This is the GA release of the Apigee UI in Cloud console, a new version of the Apigee UI that is integrated with the Google Cloud console. The new UI makes it easier to use Apigee, while also performing related tasks in the Cloud console.

Apigee X

On September 19, 2023, we released an updated version of Apigee X (1-11-0-apigee-5).

Bug ID Description
296296456 Implemented fix to ensure that continueOnError is honored in the SpikeArest policy.
229615887 The flow variable target.scheme is now set consistently with the target server URL.
78106145 Fixed issue in the RegularExpressionProtection policy to ensure that multiple JSONPaths elements in a JSON payload are checked.
294090782 Implemented fix to allow the Apigee runtime to connect to a target server using a wildcard CNAME that references a wildcard A record.
285592278 Fixed issue with deduction of recurring fees from prepaid balances.

This note is incorrect; see entry for February 12, 2024.

N/A Upgraded infrastructure and libraries.
Bug ID Description
296506425, 295936113, 295925991, 295688738, 296110120, 281112632 Security fix for apigee-runtime.
This addresses the following vulnerabilities:
287218068 Fixed security vulnerability to prevent header injection using flow variables.

September 18, 2023

Apigee UI

On September 18, 2023, we released an updated version of the Apigee UI.

This release includes improvements to the Create Environment experience in the Apigee UI in the Cloud console.

With this release, users can create a new environment, attach the environment to an Apigee instance, and assign the environment to an environment group within the same creation flow.

In addition, users can edit or remove environment group assignments from the environment detail page in the Apigee UI, simplifying management of their Apigee implementation.

For more information, see Working with environments.

September 14, 2023

Apigee hybrid

hybrid 1.10.3-hotfix.1

On September 14, 2023 we released an updated version of the Apigee hybrid software, 1.10.3-hotfix.1.

Bug ID Description
205666368 Fixed issue with default validation of TLS target endpoint certificates.

To enable strict SSL on southbound connections to a proxy target endpoint, add the tag <Enforce>true</Enforce> in the target <SSLInfo> block.

See About setting TLS options in a target endpoint or target server.

See also Known Issue #205666368.

September 07, 2023

Apigee Integrated Portal

On September 7, 2023 we released an updated version of Apigee integrated portal. This release includes general improvements to performance and availability.

September 06, 2023

Application Integration

Application Integration Quick setup (GA)

Application Integration Quick setup is now generally available in all the supported Google Cloud locations.

Quick setup is a single-click operation that automatically provisions Application Integration with the default configurations needed to get you started with the product.

For more information, see Set up Application Integration.

August 31, 2023

Apigee hybrid

hybrid v1.10.3

On August 31, 2023 we released an updated version of the Apigee hybrid software, v1.10.3.

Bug ID Description
295929616 Installation of Hybrid 1.10.x would fail on OpenShift due to out of memory issues.
292571089 An error with support for CSI backup and restore for Cassandra was fixed.
287321226 Security context has been corrected for apigee-prom-prometheus to avoid privilege escalation.
Bug ID Description
296717665,
296717664,
296717663,
296717662,
296717185,
296716666,
296716649,
296716632,
296716468,
296716467,
296716232,
296715152,
296715151,
296714218
Security fixes for apigee-cassandra-backup-utility.
This addresses the following vulnerabilities:
297938600,
297938559,
297938486,
294892344
Security fixes for apigee-diagnostics-collector.
This addresses the following vulnerabilities:
297938498,
297938487
Security fixes for apigee-fluent-bit.
This addresses the following vulnerabilities:
296719459,
296719400,
296719348,
296719307,
296719306,
296719188,
296719187,
296719186,
296719115,
296719018,
296718937,
296718918,
296718917,
296718916,
296716670,
296716669,
296716472,
296716471,
296715155
Security fixes for apigee-hybrid-cassandra.
This addresses the following vulnerabilities:
296717666,
296717283,
296716668,
296716667,
296716650,
296716635,
296716634,
296716633,
296716470,
296716234,
296715734,
296715733,
296715154,
296715153
Security fixes for apigee-hybrid-cassandra-client.
This addresses the following vulnerabilities:
297286274 Security fixes for apigee-installer.
This addresses the following vulnerabilities:
295936113 Security fixes for apigee-mart-server.
This addresses the following vulnerability:
297938441 Security fixes for apigee-runtime.
This addresses the following vulnerabilities:
294906706 Security fixes for apigee-prom-prometheus.
This addresses the following vulnerabilities:
293925856 Security fixes for apigee-prometheus-adapter.
This addresses the following vulnerabilities:

August 25, 2023

Apigee Advanced API Security

On August 25, 2023, we released an updated version of Apigee Advanced API Security.

This release includes custom profiles for Advanced API Security scores. Custom profiles let you specify the security categories you want your security scores to be based on. In this release, you must create a security profile in the security scores API. However, you can view scores for the profile in the security scores UI.

August 15, 2023

Apigee X

On August 15, 2023, we released an updated version of Apigee X (1-11-0-apigee-1).

Bug ID Description
155498623 XPaths in maskconfigs now mask values with special characters.
291746838 Implemented fix to prevent service callouts from overwriting timeouts on clients used by other policies or target endpoints.
274663992 Fixed issue in AccessControl policy to avoid race condition.
294441215 Implemented fix to resolve quota count in the Quota policy.
287659763 Fixed issue causing incorrect target endpoint URLs to display in debug sessions.
283285631 Fixed issue where base environment debug sessions were not recorded for Pay-as-you-go (updated attributes) organizations.
196216798 Fixed issue with access to monetization flow variables in the post client flow.
N/A Upgraded infrastructure and libraries.
Bug ID Description
281112632, 294892189 Security fix for apigee-runtime.
This addresses the following vulnerability:
294891556 Security fix for apigee-emulator, apigee-mock-server, and apigee-runtime.
This addresses the following vulnerability:
287207717 Fixed sandbox bypass vulnerability.
286993631 Fixed message template injection vulnerability.

August 14, 2023

Apigee X

On August 14, 2023, we released an updated version of Apigee X.

This release includes a major redesign of the Advanced API Security scores page in the Apigee UI in Cloud console. The Security scores page now:

  • Highlights the top recommendations for improving security scores.
  • Links directly to the Apigee UI Proxy Editor and Target Server tabs , where you can implement recommended changes to your API proxies and target servers.

August 09, 2023

Apigee X

The Apigee documentation site navigation has been updated to be more consistent with other Google Cloud product documentation sites. The changes include:

  • Added a new Overview tab that provides links to Apigee documentation, training and tutorials, use cases, and videos.
  • Moved the Getting started tab content to the Guides tab.

August 07, 2023

Apigee X

On August 7, 2023, we released an updated version of Apigee X (1-10-0-apigee-7).

Bug ID Description
N/A Upgraded infrastructure and libraries.

August 03, 2023

Apigee Advanced API Security

On August 3, 2023, we released an updated version of Apigee Advanced API Security.

Previously, Advanced API Security scores didn't evaluate proxies calling shared flows via flow hooks and the FlowCallout policy in the proxy. With this release, security scores take into account proxies calling shared flows this way. As a result, your security scores may change because they now factor in the shared flows in the environment.

Apigee X

On August 3, 2023, we released an updated version of Apigee X.

Previously, Advanced API Security scores didn't evaluate proxies calling shared flows via flow hooks and the FlowCallout policy in the proxy. With this release, security scores take into account proxies calling shared flows this way. As a result, your security scores may change because they now factor in the shared flows in the environment.

July 31, 2023

Apigee hybrid

hybrid v1.10.2

On July 31, 2023 we released an updated version of the Apigee hybrid software, v1.10.2.

Bug ID Description
292118812 Fixed UDCA regression in Hybrid 1.10.1 where UDCA would ignore forward proxy configuration.
205666368 Fixed issue with default validation of TLS target endpoint certificates.

To enable strict SSL on southbound connections to a proxy target endpoint, add the tag <Enforce>true</Enforce> in the target <SSLInfo> block.

See About setting TLS options in a target endpoint or target server.

See also Known Issue #205666368.

158132963 Added improvements to capture relevant target flow variables in trace and analytics in case of target timeouts.
Bug ID Description
293348130 Security fixes for apigee-udca.
This addresses the following vulnerabilities:
291994501 Security fixes for apigee-operator and apigee-watcher.
This addresses the following vulnerabilities:
291994501 Security fixes for apigee-installer.
This addresses the following vulnerabilities:
290829031 Security fixes for apigee-hybrid-cassandra, apigee-cassandra-client, and cassandra-backup-utility.
This addresses the following vulnerabilities:
290829028 Security fixes for Apigee Connect and apigee-connect-agent and apigee-redis.
This addresses the following vulnerabilities:

July 24, 2023

Apigee X

On July 24, 2023, we released an updated version of Apigee X.

Public preview of Apigee gRPC passthrough

Apigee's new gRPC proxy passthrough functionality provides the ability to create proxies which receive gRPC client requests and pass them through to a gRPC target server.

For information, see Creating gRPC API proxies.

July 21, 2023

Apigee X

On July 21, 2023, we released an updated version of Apigee X.

The Advanced API Security Abuse detection Incident details page now displays unique IP addresses, even if more than one incident corresponds to the same IP address. Previously, the Incident details page could display the same IP address more than once for different incidents.

Also, the Attributes tab of the Incident details page no longer displays the following attributes:

  • Top App Key
  • Detected Rules
  • Top URL
Apigee hybrid

hybrid v1.9.4

On July 21, 2023 we released an updated version of the Apigee hybrid software, v1.9.4.

Bug ID Description
289254725 Implemented a fix to prevent failure of proxy deployments that include the OASValidation policy.
279712107 Added the ability to annotate apigee-ingressgateway-manager pods through overrides.yaml file.
See istiod.annotations for details.
272212164 Cassandra CSI backup could clash with Azure default configuration. The CSI backup script has been fixed to prevent a resource naming issue that could cause backups to fail.
158132963 Added improvements to capture relevant target flow variables in trace and analytics in case of target timeouts.
Bug ID Description
290709899 Security fixes for apigee-diagnostics-collector, apigee-mart-server, apigee-mint-task-scheduler, apigee-runtime, and apigee-synchronizer.
This addresses the following vulnerability:
290829028 Security fixes for Apigee Connect and apigee-connect-agent and apigee-redis.
This addresses the following vulnerabilities:

July 20, 2023

Apigee X

On July 20, 2023, we released an updated version of Apigee X (1-10-0-apigee-6).

Bug ID Description
290943249 Fixed latency issue between Istio and runtime container.
205666368 Fixed issue with default validation of TLS target endpoint certificates.

To enable strict SSL on southbound connections to a proxy target endpoint, add the tag <Enforce>true</Enforce> in the target <SSLInfo> block.

For more information about using <Enforce>true</Enforce> in <SSLInfo>, see About setting TLS options in a target endpoint or target server.

Bug ID Description
290709899 Security fix for apigee-runtime.
This addresses the following vulnerability:
N/A Security fixes for apigee-redis and apigee-connect-agent.
These address the following vulnerabilities:
N/A Security fixes for apigee-connect-agent.
These address the following vulnerabilities:
Application Integration

Connector Event triggers (Preview)

Application Integration introduces Connector Event triggers; specialized triggers that let you invoke an integration based on the event subscriptions created in various business applications using Integration Connectors.

The following Connector Event triggers are available in preview:

For more information, see Connector Event triggers.

July 19, 2023

Apigee API hub

On July 19, 2023 Apigee API hub released a new version of the software.

Lint result artifacts, or conformance reports, represent how conformant an API is with respect to the specified lint rules. Results in conformance report artifacts attached to an API spec revision are now displayed in the right pane of the API spec revision detail page. One of the following is displayed:

  • No information to display.
    No style guide conformance information has been generated for this spec.
  • No issues found.
    Style guide conformance scans found no issues with this spec.
  • Warnings and Errors.
    Any errors or warnings are explained.
    An indicator also marks the corresponding line in the spec.

See also:

July 13, 2023

Apigee hybrid

hybrid v1.10.1

On July 13, 2023 we released an updated version of the Apigee hybrid software, v1.10.1.

Bug ID Description
289254725 Implemented a fix to prevent failure of proxy deployments that include the OASValidation policy.
Bug ID Description
281561243 Security fixes for apigee-diagnostics-collector, apigee-mart-server, apigee-mint-task-scheduler, apigee-runtime, and apigee-synchronizer.
This addresses the following vulnerability:
290067464 Security fixes for apigee-stackdriver-logging-agent.
This addresses the following vulnerability:
290068742 Security fixes for apigee-udca.
This addresses the following vulnerability:
290065830 Security fixes for apigee-udca.
This addresses the following vulnerability:

July 12, 2023

Apigee X

On July 12, 2023, we released an updated version of Apigee X.

Preview release of non-VPC peering option for Apigee provisioning Apigee now supports a provisioning option that does not require VPC peering. With this approach, you are not required to provide networks and IP ranges during the Apigee provisioning process. Instead, you use Private Service Connect (PSC) for routing northbound traffic to Apigee and southbound traffic to target services running in your Google Cloud projects.

Non-VPC peering is supported for command-line (CLI) provisioning steps only. You can perform non-VPC provisioning for subscription, Pay-as-you-go, and evaluation installations of Apigee.

To learn more, see Apigee networking options.

July 10, 2023

Apigee X

On July 10, 2023, we released an updated version of Apigee X (1-10-0-apigee-5).

Bug ID Description
289254725 Implemented fix to prevent failure of proxy deployments that include the OASValidation policy.
N/A Upgraded infrastructure and libraries.
Bug ID Description
273693152 Fixed SAMLAssertion policy parsing to limit the number of entities that will be parsed to 10000.

Any attempt to parse more than 10000 entities will generate an error.

273695718 Fixed DataCapture policy to avoid evaluation of external entities during XML parsing for variable collection.
273929507 Fixed issue with potential Java security bypass in LookupCache policy.

Certain objects which implement PostDeserializer interface are now cached.

273950705 Fixed issue in PythonScript policy to prevent execution of arbitrary Java code.

With this fix, the runtime does not allow execution of python code added to a .js resource file.

July 07, 2023

Apigee Adapter for Envoy

v2.1.1

On June 7, 2023, we released version 2.1.1 of Apigee Adapter for Envoy.

An issue was fixed where quotas were being improperly duplicated between operations instead of being shared at the Product level.

July 06, 2023

Apigee X

On July 6, 2023, we released an updated version of Apigee X.

Preview release of Pay-as-you-go pricing with updated attributes

Apigee is updating its Pay-as-you-go pricing model, making it possible to start using Apigee at a significantly reduced initial cost and right-size ongoing expenses to match precise usage.

To learn how to get started with the updated Pay-as-you-go pricing experience, see Pay-as-you-go (updated attributes) pricing overview.

Preview release of new environment types

Apigee announces the Preview release of three distinct environment types: Base, Intermediate, and Comprehensive. Each environment type offers varying degrees of capabilities and costs; you can tailor pricing to suit your needs.

For more information, see Apigee Pay-as-you-go environment types.

Preview release of standard and extensible API proxies

Apigee announces the Preview release of standard and extensible API proxies, available for use with preview organizations using Pay-as-you-go (updated attributes) pricing.

For more information about standard and extensible API proxies, see API proxy types.

Preview release of new HTTPModifier and ReadPropertySet policies and templating support for message <URL> elements

Apigee announces the Preview release of the HTTPModifier and ReadPropertySet policies.

The HTTPModifier policy can change an existing request or response message and provides a subset of the functionality already available in the AssignMessage policy. See HTTPModifier policy.

The ReadPropertySet policy reads property sets and populates flow variables with the results. See ReadPropertySet policy.

HTTPModifier and ReadPropertySet are standard policies. Proxies built exclusively with standard policies are called standard proxies and can be deployed to any environment type. See Pay-as-you-go (updated attributes) pricing overview.

This release also includes template support for message <URL> elements. See URL templating.

July 05, 2023

Application Integration

June 30, 2023

Apigee hybrid

hybrid v1.10

On June 30, 2023 we released an updated version of the Apigee hybrid software, v1.10.0.

Pre-install Cluster Check Kubernetes job

Starting in version 1.10, Apigee hybrid offers a new tool that examines the hybrid cluster before you install the hybrid runtime. See Step 8: Check cluster readiness .

Automated Issue Surfacing (AIS)

Starting with Apigee hybrid 1.10, Apigee hybrid offers a new tool that examines the hybrid runtime and surfaces issues by running a kubectl command. If the tool detects errors in the cluster, it returns a detailed error message. The error message contains a link to the troubleshooting guide for that specific error. See Automated issue surfacing and Configuration property reference, watcher.

Support for AppGroups (preview)

Starting in version 1.10, Apigee hybrid supports AppGroups, which represent a relationship between one or more apps that are managed by the same set of people. For information, see Using AppGroups to organize app ownership.

AppGroups is in preview as of the Apigee hybrid 1.10 release. See the AppGroups preview launch announcement for details.

Support for environment-level scaling

Starting in version 1.9.3, Apigee hybrid added the following environment configuration properties that enable you to specify environment-specific scaling in the overrides.yaml file:

Documentation: Environment-based scaling

Bug ID Description
181569522 You can now create a new environment with the same name as a deleted environment without needing to perform manual clean-up tasks first. (Fixed in Apigee hybrid v1.8.5 and v1.7.6)
209509030 Apigee Ingressgateway cannot access K8s secret from another namespace.
218567150 The ingress gateway is now configured to consistently preserve UUID in the x-request-id header.
Note: This setting does have some impact on tracing in the ingress gateway. For more information, see pack_trace_reason in "UUID (proto)" in the envoy documentation. (Fixed in Apigee hybrid v1.7.6 and v1.8.3)
223320630 mTLS-related client variables are now set by the Apigee runtime. (Fixed in Apigee hybrid v1.8.6)
245619397 In Apigee hybrid, fluentbit support now includes the NO_PROXY environment variable. (Fixed in Apigee hybrid v1.8.5, v1.8.6, and v1.9.1)
259264961 Added support for ASM v1.15. Please see Known issue 266452840 (Fixed in Apigee hybrid v1.7.6)
260342163 Fixed a narrow scenario where threads in runtime pods ended up consuming 100% CPU. (Fixed in Apigee hybrid v1.9.1)
260372012 Requests failed with 500 response and keyvaluemap.service.ErrorDuringDecryption error after upgrade to Hybrid 1.8. Note: Fixed in Apigee hybrid 1.8.4 and newer. (Fixed in Apigee hybrid v1.8.5)
262699558 The watcher component no longer fails when using Kubernetes Secret to store hybrid service account secret. (Fixed in Apigee hybrid v1.7.6)
263840644 Fixed a conflict with an existing ASM on the cluster. (Fixed in Apigee hybrid v1.8.6)
265374889 Fixed an issue where in some circumstances the Java Callout would to fail due with the following error: Failed to execute JavaCallout. Could not initialize class org.jose4j.jwa.AlgorithmFactoryFactory2. (Fixed in Apigee hybrid v1.9.1)
266411394 Add support for Azure Front Door request headers to /healthz health check. (Fixed in Apigee hybrid v1.8.5 and v1.9.1)
266594584 Websocket was failing in asm 1.15. This was due to incompatible capitalization in variable names between the Anthos Service Mesh overlay.yaml file and the and the Envoy filter apigee-envoyfilter.yaml file. (Fixed in Apigee hybrid v1.8.5 and v1.9.1)
266814873 In certain circumstances, retrieving encrypted KVM entries could fail with an error. This fix ensures that MART will be able to successfully function for environment-scoped KVM entries, even if the encryption key is used in the Org Env configuration or when the keys contain non-UTF8 characters. There is no change to KVM data. (Fixed in Apigee hybrid v1.8.6 and v1.9.1)
266989915
266919136
In some circumstances, Apigee could return incorrect developer credentials for an app, unless the specific app was selected when requesting the credentials. (Fixed in Apigee hybrid v1.9.1)
267666187 When using a custom Kubernetes service for the Apigee ingress gateway, you can disable the creation of a default load balancer. See Managing Apigee ingress gateway. (Fixed in Apigee hybrid v1.8.6 and v1.9.1)
267691299
265295406
The Apigee controller uses a dedicated apigee-manager Kubernetes service account, instead of using the default SA. (Fixed in Apigee hybrid v1.8.6 and v1.9.1)
268445095 The validateOrg flag can be set to false to bypass upgrade validation errors when configuration includes HTTP Forward proxy. You can use this to avoid upgrade errors caused by HTTP proxy settings. (Fixed in Apigee hybrid v1.7.6)
268696297 Providing a Kubernetes secret for Cassandra and Redis components is now supported. See cassandra.auth.secret and redis.auth.secret in the Configuration properties reference. (Fixed in Apigee hybrid v1.9.1)
269451743 In certain circumstances, upgrading from Apigee hybrid v1.8.3 to v1.9.0 could fail with an error message when creating the virtual hosts. (Fixed in Apigee hybrid v1.9.1)
269738951 The example network policies are now included in the apigeectl/examples/network-policies directory. see Configuring Kubernetes network policies. (Fixed in Apigee hybrid v1.9.1)
270371160 In Apigee hybrid v1.8.7, we removed certain insecure TLS ciphers. Apigee hybrid supports the TLS cipher suites supported by the Boring FIPS build of Envoy. You can now specify specific cipher suites with the virtualhosts.cipherSuites configuration property in your overrides. (Fixed in Apigee hybrid v1.8.7)

Note: Apigee hybrid only supports the RSA ciphers listed. ECDSA ciphers are not supported.

270371160 In Apigee hybrid v1.9.0, we removed certain insecure TLS ciphers. Apigee hybrid supports the TLS cipher suites supported by the Boring FIPS build of Envoy. You can now specify specific cipher suites with the virtualhosts.cipherSuites configuration property in your overrides. (Fixed in Apigee hybrid v1.9.2)

Note: Apigee hybrid only supports the RSA ciphers listed. ECDSA ciphers are not supported.

271266079 Removed port 80 from the default Kubernetes service of Apigee Ingress Gateway. (Fixed in Apigee hybrid v1.8.6 and v1.9.1)
272212164 Cassandra CSI backup could clash with Azure default configuration. The CSI backup script has been fixed to prevent a resource naming issue that could cause backups to fail. (Fixed in Apigee hybrid v1.9.4 and v1.10.0)
273561434 Some projects were unable to run debug sessions. (Fixed in Apigee hybrid v1.8.8 and v1.9.3)
274292101 In certain circumstances, environment-scoped KVMs in hybrid could cause rollback issues for MART. (Fixed in Apigee hybrid v1.8.6)
274999014 Restrict watcher RBAC to a single K8s namespace
278646149 In certain circumstances, the logger.livenessProbe.timeoutSeconds configuration property was not working as expected. See logger.livenessProbe.timeoutSeconds in the Configuration property reference. (Fixed in Apigee hybrid v1.8.7 and v1.9.2)
279053612 x-forwarded-client-cert (XFCC) HTTP headers handled with the istiod.forwardClientCertDetails configuration property. (Fixed in Apigee hybrid v1.8.7 and v1.9.2)
See the Configuration properties reference for details:
279193831 Envoy has been updated to v1.25.6.. (Fixed in Apigee hybrid v1.8.8)
279712107 Added the ability to annotate apigee-ingressgateway-manager pods through overrides.yaml file. (Fixed in Apigee hybrid v1.8.8)
280544499 Request headers were not seen in debug sessions. (Fixed in Apigee hybrid v1.8.8)
284488296 Removed an unneeded Workload Identity on the Cassandra Schema Validation cron job. (Fixed in Apigee hybrid v1.8.8 and v1.9.3)
Bug ID Description
270371160 In Apigee hybrid v1.9.0, we removed certain insecure TLS ciphers. Apigee hybrid supports the TLS cipher suites supported by the Boring FIPS build of Envoy.

Note: Apigee hybrid only supports the RSA ciphers listed. ECDSA ciphers are not supported.
271266079 Removed port 80 from the default Kubernetes service of Apigee Ingress Gateway. Port 80 is not supported by Apigee ingress gateway. If you are migrating from ASM to Apigee ingress gateway, and followed the instructions in the community post to enable Port 80, it will not work with Apigee Ingress gateway. (Fixed in Apigee hybrid v1.8.6 and v1.9.1)
Bug ID Description
262576079 Security fix for for apigee-envoy. (Fixed in Apigee hybrid v1.10)
This addresses the following vulnerability:
273797045 Security fix for for apigee-diagnostics-collector apigee-synchronizer apigee-udca. (Fixed in Apigee hybrid v1.8.8)
This addresses the following vulnerability:
273800345, 281572616 Security fixes for apigee-diagnostics-collector, apigee-mart-server, apigee-mint-task-scheduler, apigee-runtime, apigee-synchronizer, and apigee-udca. (Fixed in Apigee hybrid v1.8.8 and v1.9.3
This addresses the following vulnerabilities:
273800717 Security fixes for apigee-emulator, apigee-diagnostics-collector, apigee-mart-server, apigee-mint-task-scheduler, apigee-mock-server, apigee-runtime, and apigee-synchronizer. (Fixed in Apigee hybrid v1.8.7 and v1.9.2)
This addresses the following vulnerabilities:
273800965 Security fix for apigee-diagnostics-collector, apigee-mart-server, apigee-mint-task-scheduler, apigee-runtime, and apigee-synchronizer. (Fixed in Apigee hybrid v1.8.7, v1.9.2, and v1.9.3)
This addresses the following vulnerability:
273801301 Security fixes for apigee-mart-server and apigee-runtime.(Fixed in Apigee hybrid v1.8.8 and v1.9.3)
This addresses the following vulnerability:
274112103 Security fixes to the Apigee Controller and Apigee Watcher. (Fixed in Apigee hybrid v1.8.6 and v1.9.1)
This addresses the following vulnerabilities:
275002360 Security fixes for fluent-bit. (Fixed in Apigee hybrid v1.8.6 and v1.9.1)
This addresses the following vulnerabilities:
277367440 Security fixes for Apigee Controller, Watcher, and apigeectl. (Fixed in Apigee hybrid v1.8.7 and v1.9.2)
This addresses the following vulnerabilities:
278313047 Security fixes for apigee-stackdriver-logging-agent. (Fixed in Apigee hybrid v1.9.2)
This addresses the following vulnerabilities:
279194142 Fixes build issues to achieve FIPS compliance. (Fixed in Apigee hybrid v1.8.7 and v1.9.2)
281561243 Security fix for apigee-diagnostics-collector, apigee-mint-task-scheduler, apigee-runtime, and apigee-synchronizer. (Fixed in Apigee hybrid v1.8.8 and v1.9.3)
This addresses the following vulnerability:
283826216 Security fixes for apigee-ingressgateway. (Fixed in Apigee hybrid v1.9.3)
This addresses the following vulnerabilities:
283826785 Security fixes for istiod. (Fixed in Apigee hybrid v1.9.3)
This addresses the following vulnerabilities:

June 27, 2023

Apigee X

On June 27, 2023 we released an updated version of Apigee X.

Public preview of AppGroups

Introduces the concept of AppGroups, which represent a relationship between one or more apps that are managed by the same set of people. For information, see Using AppGroups to organize app ownership.

Note that the purpose of this release is to support upgrades from Apigee Edge customers who used company-apps without monetization; however, it is available to any Apigee X/hybrid customer during the public preview stage.

June 26, 2023

Apigee API hub

On June 26, 2023 Apigee API hub released a new version of the software.

API hub has been upgraded to use a later version of the Registry API open-sourced project. See v0.6.13 on GitHub for changes and links to previous revisions that are also included in this update. Note that this update (like all previous updates), overwrites project-level artifacts that configure API hub displays including display settings, taxonomies, and lifecycles. In future releases, we will no longer overwrite project-level artifacts.

Application Integration

Data Transformer Script task (Preview)

The Data Transformer Script task is a template engine based data mapping feature available in Application Integration. With the Data Transformer Script task and the supported Data Transformer functions, you can create and evaluate custom Jsonnet templates in order to perform data mapping in your integration.

For more information, see Data Transformer Script task.

June 23, 2023

Apigee Integrated Portal

On April 20, 2023 we released an updated version of Apigee integrated portal. The fix below was not reported in a release note at the time. This update corrects the record.

Bug ID Description
275578252 Addressed an issue where an account could be created even though the built-in identity provider (IdP) had been disabled.

For any portal with a disabled IdP, you can review the user accounts on the Portals > Portal name > Accounts > Users page. Select an account and then change the Status to Inactive to prevent login.

Documentation: Deactivating user accounts

June 20, 2023

Apigee X

On June 20, 2023, we released an updated version of Apigee X (1-10-0-apigee-4).

Bug ID Description
284114575 Implemented fix to prevent the execution of untrusted code in Apigee policies.
279092925 Modified Cloud Logging policy to improve runtime performance.
186885918 Disabled access to external entities in XML parsing.
270764083 Default expiration for refresh tokens set to 30 days if not explicitly set in the OAuth policy.
N/A Upgraded infrastructure and libraries.
Bug ID Description
273801301 Security fix for apigee-diagnostics-collector, apigee-mart-server, apigee-runtime, and apigee-synchronizer.
This addresses the following vulnerabilities:

281561243 Security fix for apigee-diagnostics-collector, apigee-mart-server, apigee-runtime, and apigee-synchronizer.
This addresses the following vulnerabilities:

June 16, 2023

Apigee API hub

On June 16, 2023 Apigee API hub released a new version of the software.

API hub has been upgraded to use a later version of the Registry API open-sourced project. See v0.6.12 on GitHub for changes and links to previous revisions that are also included in this update.

Note that artifacts associated with API spec and deployment resources are now associated with the revisions of those resources. This allows artifacts that represent lint results and other revision-specific characteristics to be associated with those revisions. When artifacts are applied directly to the parent resource (spec or deployment), these artifacts are associated with the latest revisions of these resources. For more details, see this GitHub issue.

Migration of pre-existing spec- and deployment-related artifacts is not guaranteed in this update. In most cases, these artifacts are generated automatically by the registry controller and will be automatically recreated. If you find that manually-added artifacts are missing after the update, those will need to be reapplied with the same mechanisms that were available previously.

June 14, 2023

Apigee hybrid

hybrid v1.8.8

On June 14, 2023 we released an updated version of the Apigee hybrid software, v1.8.8.

Bug ID Description
273561434 Some projects were unable to run debug sessions..
279193831 Envoy has been updated to v1.25.6..
279712107 Added the ability to annotate apigee-ingressgateway-manager pods through overrides.yaml file.
280544499 Request headers were not seen in debug sessions.
284488296 Removed an unneeded Workload Identity on the Cassandra Schema Validation cron job.
Bug ID Description
281561243 Security fix for apigee-diagnostics-collector, apigee-mint-task-scheduler, apigee-runtime, and apigee-synchronizer.
This addresses the following vulnerability:
273797045 Security fix for for apigee-diagnostics-collector apigee-synchronizer apigee-udca.
This addresses the following vulnerability:
273800345, 281572616 Security fixes for apigee-diagnostics-collector, apigee-mart-server, apigee-mint-task-scheduler, apigee-runtime, apigee-synchronizer, and apigee-udca.
This addresses the following vulnerabilities:
273801301 Security fixes for apigee-mart-server and apigee-runtime.
This addresses the following vulnerability:

June 13, 2023

Apigee Integration Application Integration

Application Integration is now generally available (GA)

Application Integration is now generally available in all the supported Google Cloud locations.

Preview features such as Cloud Scheduler trigger, Error catcher trigger, JavaScript task, Return task, and Google-managed encryption keys are now moved to GA.

The following new features are added in this GA release:

Cloud Monitoring

Application Integration is integrated with Cloud Monitoring to provide visibility into the usage, performance, alerts, and the overall health of your integration resources.

For more information, see Monitor Application Integration resources.

Inline connection creation

You can now use the Connectors task in Application Integration to directly create a new connection in the Integration Connectors platform.

For more information, see Connectors task.

Integration designer changes

Several styling and user experience enhancements have been made to the integration designer layout and user interface. The new enhancements include a new variable pane that lets you create and manage all your integration variables in one place, a revamped designer toolbar and navigation bar design, and a refreshed Integration designer canvas.

For more information, see Integration designer.

Application Integration v2 REST API is available in preview.

For more information, see REST API reference (v2).

June 09, 2023

Apigee Analytics

On June 9, 2023 we released an updated version of Apigee X.

Bug ID Description
286452898 Previously, the Apigee Analytics topk query parameter, which returns the top k results for a query, always returned the results in descending order, even when the order parameter was ASC. This has been fixed: results are now sorted according to the order parameter before returning the top k entries.

June 05, 2023

Apigee Adapter for Envoy

v2.1.0

On June 5, 2023, we released version 2.1.0 of Apigee Adapter for Envoy.

The application_id claim was added to the /verifyApiKey response.

Apigee hybrid

ANNOUNCEMENT

hybrid v1.9.3

On June 5, 2023 we released an updated version of the Apigee hybrid software, v1.9.3.

Bug ID Description
284488296 Removed an unneeded Workload Identity on the Cassandra Schema Validation cron job.
273561434 Some projects were unable to run debug sessions.
Bug ID Description
273800965 Security fix for apigee-diagnostics-collector, apigee-mart-server, apigee-mint-task-scheduler, apigee-runtime, and apigee-synchronizer.
This addresses the following vulnerability:
273800345, 281572616 Security fixes for apigee-diagnostics-collector, apigee-mart-server, apigee-mint-task-scheduler, apigee-runtime, apigee-synchronizer, and apigee-udca.
This addresses the following vulnerabilities:
273801301 Security fixes for apigee-mart-server and apigee-runtime.
This addresses the following vulnerability:
283826216 Security fixes for apigee-ingressgateway.
This addresses the following vulnerabilities:
283826785 Security fixes for istiod.
This addresses the following vulnerabilities:
281561243 Security fix for apigee-diagnostics-collector, apigee-mint-task-scheduler, apigee-runtime, and apigee-synchronizer.
This addresses the following vulnerability:

May 30, 2023

Apigee UI

On May, 30, 2023, we released an updated version of the Apigee UI.

The following labels in the Advanced API Security abuse detection view have been changed:

  • Detection type has been changed to Detection rules.
  • Suspected bot traffic has been changed to Detected traffic.
  • Percent bot traffic has been changed to % of detected traffic.
  • Bot count has been changed to Detected IP address count.
  • Top API key has been changed to: Top app key.
  • Bot reason has been changed to Detected rules.
  • Total calls made has been changed to Detected traffic.
  • First detection time has been changed to First event detected.
  • Last detection time has been changed to Last event detected.

May 23, 2023

Apigee Integration Application Integration

May 22, 2023

Apigee Integrated Portal

On May 22, 2023 we released an updated version of Apigee integrated portal.

Bug ID Description
274916981 Fixed issue where an API specification set via URL could fail.
277265034 App names can start with numeric characters as described in Naming guidelines.
Apigee Integration

Error catcher trigger

The Error Catcher trigger lets you invoke an error catcher that is defined or customized to handle the failure of an identified trigger, task, or edge condition in your integration.

For more information, see Error catcher trigger.

Return task

The Return task lets you customize the error messages corresponding to the HTTP response codes that are returned during an integration execution failure.

For more information, see Return task.

Application Integration

Support for Google-managed encryption keys

Application Integration now uses Google-managed encryption keys as the default method of data encryption for your provisioned regions. You can optionally modify your encryption method with customer-managed encryption keys (CMEK).

For more information, see Encryption methods.

Error catcher trigger

The Error Catcher trigger lets you invoke an error catcher that is defined or customized to handle the failure of an identified trigger, task, or edge condition in your integration.

For more information, see Error catcher trigger.

Return task

The Return task lets you customize the error messages corresponding to the HTTP response codes that are returned during an integration execution failure.

For more information, see Return task.

May 17, 2023

Apigee X

On May 17, 2023, we released an updated version of Apigee X (1-10-0-apigee-1).

Bug ID Description
N/A Upgraded infrastructure and libraries.
280695936 Fixed issue with incomplete removal of form parameters when using the <Remove> element in the Assign Message policy to delete headers and form parameters simultaneously.
271217050 Fixed issue resulting in missing execution records in debug sessions for the JavaCallout policy.
271894110, 273568673, 273571029 Fix enables support for TLS 1.3 for southbound targets.
271539836 Fixed intermittent Cloud Logging failures.
277090269 Fixed encryption of internal proxy chaining headers to avoid proxy invocation misuse.
273561434 Fixed issue with incomplete debug session information for proxies deployed in the same environment.
158132963 Improved capture of relevant target flow variables in trace and analytics in the event of target timeouts.
271093461 Fixed issue with heap exhaustion when using OASValidation policy.
269514256 Fixed issue causing GoogleTokenGeneration failure.
261924658 Optimization to reduce latency in Quota policy.
252864240 Fixed issue to support bot detection with Analytics obfuscation enabled.
222024484 CORS policy now returns Access-Control-Allow-Credentials header in preflight response when <AllowCredentials> is set to true.
261205290 Optimization to reduce resource usage on Cassandra connections.
266814873 Fixed issue with retrieval of environment-scoped KVM entries containing encryption keys with non-UTF-8 characters.
260342163 Fixed issue causing 100% CPU usage by runtime pod threads under specific circumstances.
273800523, 273800717 Security fixes for Apigee.

The fixes address the following vulnerabilities:

Fixed issue with incomplete removal of form parameters when using the <Remove> element in the Assign Message policy to delete headers and form parameters simultaneously.

This fix may result in a breaking change for any customer employing an antipattern that attempts to access a form parameter after using the <Remove> element to delete the same form parameter and headers simultaneously in the policy flow.

For more information on the recommended steps for setting and removing form parameters and headers using the Assign Message policy, see the updated documentation for the Assign Message policy examples.

May 11, 2023

Apigee UI

On May 11, 2023 we released an updated version of the Apigee UI.

This release includes new Permissions Pre-check functionality and UI messaging, which is available when provisioning Apigee with Pay-as-you-go pricing in the Google Cloud console. With the release of this feature, users are alerted when any permissions required to complete the provisioning operations are missing. The missing permissions and the steps to resolve are now identified in the UI messaging.

May 09, 2023

Apigee Integration

Cloud logs support for Connectors tasks

You can now view the execution logs of a failed Connectors task in Apigee Integration.

For more information, see Execution Logs.

The issue relating to the validation of incorrect variable assignments in an integration has been resolved.

Application Integration

Cloud logs support for Connectors tasks

You can now view the execution logs of a failed Connectors task in Application Integration.

For more information, see Execution Logs.

The issue relating to the validation of incorrect variable assignments in an integration has been resolved.

May 08, 2023

Apigee hybrid

hybrid v1.8.7

On May 8, 2023 we released an updated version of the Apigee hybrid software, v1.8.7.

Bug ID Description
279053612 x-forwarded-client-cert (XFCC) HTTP headers handled with the istiod.forwardClientCertDetails configuration property. See istiod.forwardClientCertDetails in the Configuration properties reference for details.
278646149 In certain circumstances, the logger.livenessProbe.timeoutSeconds configuration property was not working as expected. See logger.livenessProbe.timeoutSeconds in the Configuration property reference.
270371160 In Apigee hybrid v1.8.7, we removed certain insecure TLS ciphers. Apigee hybrid supports the TLS cipher suites supported by the Boring FIPS build of Envoy. You can now specify specific cipher suites with the virtualhosts.cipherSuites configuration property in your overrides.

Note: Apigee hybrid only supports the RSA ciphers listed. ECDSA ciphers are not supported.

Bug ID Description
279194142 Fixes build issues to achieve FIPS compliance.
277367440 Security fixes for Apigee Controller, Watcher, and apigeectl.
This addresses the following vulnerabilities:
273800965 Security fixes for apigee-diagnostics-collector, apigee-mart-server, apigee-runtime, and synchronizer.
This addresses the following vulnerabilities:
273800717 Security fixes for apigee-emulator, apigee-diagnostics-collector, apigee-mart-serve, apigee-mint-task-scheduler, apigee-mock-server, apigee-runtime, and apigee-synchronizer.
This addresses the following vulnerabilities:

May 02, 2023

Apigee hybrid

hybrid v1.9.2

On May 2, 2023 we released an updated version of the Apigee hybrid software, v1.9.2.

Bug ID Description
279053612 x-forwarded-client-cert (XFCC) HTTP headers handled with the istiod.forwardClientCertDetails configuration property. See istiod.forwardClientCertDetails in the Configuration properties reference for details.
278646149 In certain circumstances, the logger.livenessProbe.timeoutSeconds configuration property was not working as expected. See logger.livenessProbe.timeoutSeconds in the Configuration property reference.
270371160 In Apigee hybrid v1.9.0, we removed certain insecure TLS ciphers. Apigee hybrid supports the TLS cipher suites supported by the Boring FIPS build of Envoy. You can now specify specific cipher suites with the virtualhosts.cipherSuites configuration property in your overrides.

Note: Apigee hybrid only supports the RSA ciphers listed. ECDSA ciphers are not supported.

Bug ID Description
279194142 Fixes build issues to achieve FIPS compliance.
278313047 Security fixes for apigee-stackdriver-logging-agent.
This addresses the following vulnerabilities:
277367440 Security fixes for Apigee Controller, Watcher, and apigeectl.
This addresses the following vulnerabilities:
273800965 Security fixes for apigee-diagnostics-collector, apigee-mart-server, apigee-runtime, and synchronizer.
This addresses the following vulnerabilities:
273800717 Security fixes for apigee-emulator, apigee-diagnostics-collector, apigee-mart-server, apigee-mint-task-scheduler, apigee-mock-server, apigee-runtime, and apigee-synchronizer.
This addresses the following vulnerabilities:

May 01, 2023

Apigee Integration

On May 1, 2023 we released an updated version of the Apigee Integration.

Apigee Integrations is now available in the following locations:

  • Melbourne (australia-southeast2)
  • Finland (europe-north1)
  • Paris (europe-west9)
  • Madrid (europe-southwest1)
  • Doha (me-central1)
  • Tel Aviv (me-west1)

For more information about the supported locations, see Apigee Integration supported regions.

Application Integration

Application Integration is now available in the following locations:

  • Melbourne (australia-southeast2)
  • Finland (europe-north1)
  • Paris (europe-west9)
  • Madrid (europe-southwest1)
  • Doha (me-central1)
  • Tel Aviv (me-west1)

For more information about the supported locations, see Application Integration locations.

April 26, 2023

Apigee X

Effective May 31, 2023, the default value for the OAuthv2 policy RefreshTokenExpiresIn element has new behavior. Starting May 31, RefreshTokenExpiresIn defaults to 2592000000 ms (30 days) for all policies where this element is not set.

For information on this element, see RefreshTokenExpiresIn.

April 20, 2023

Apigee Advanced API Security

On April 20, 2023 we released an updated version of Apigee Advanced API Security.

This release contains a new Advanced API Security Detected Traffic view, which displays information about API traffic originating from detected bots. This information was previously displayed in the Abuse metrics section of the Security scores view.

Apigee Integration

Apigee Integration fails to validate incorrect variable assignments in an integration. For example, you can currently assign a JSON value to an unassigned variable of String data type. This behaviour might cause data mapping and integration failures.

Until this issue is resolved, we recommend that you do the following:

  • Assign values to an integration variable as per the variable data type.
  • Verify and update existing integration variable values as per its respective variable data type.
Apigee X

On April 20, 2023 we released an updated version of Apigee.

This release contains a new Advanced API Security Detected Traffic view, which displays information about API traffic originating from detected bots. This information was previously displayed in the Abuse metrics section of the Security scores view.

Application Integration

Application Integration fails to validate incorrect variable assignments in an integration. For example, you can currently assign a JSON value to an unassigned variable of String data type. This behaviour might cause data mapping and integration failures.

Until this issue is resolved, we recommend that you do the following:

  • Assign values to an integration variable as per the variable data type.
  • Verify and update existing integration variable values as per its respective variable data type.

April 17, 2023

Apigee X

On April 17, 2023, we released an updated version of Apigee X (1-9-0-apigee-25).

Bug ID Description
N/A Upgraded infrastructure and libraries.

April 13, 2023

Apigee X

On April 13, 2023, we released an updated version of Apigee.

New features now supported in Apigee in VS Code for local development

The following features are now supported with Apigee in VS Code for local development as part of the Insiders build (as of v1.22.1-insiders.3):

  • Create multi-repository workspaces - Choose individual storage locations for artifacts, such as API proxies that are stored as individual SCMs, but develop them together using a single workspace. You no longer have to create a single repository that contains all of your API proxies. See Understanding the structure of an Apigee multi-repository workspace.
  • Use keystore - Introduces a new environment-level setting for creating the required keystores in the Apigee Emulator by using locally available keys. See Configuring the keystrokes (keystores.json).
  • Test API proxies that require service accounts (for example, calling a cloud logging process as part of an API proxy flow) - Set up your Apigee Emulators with a service account key to enable service accounts, add policies and targets that rely on service accounts, and deploy the API proxies to the Apigee Emulator to test them. See Customizing the Apigee Emulator to support service account-based authentication.

April 03, 2023

Apigee Integration

On April 3, 2023 we released an updated version of the Apigee Integration.

Secret Manager - Access task (Preview)

The Secret Manager - Access task lets you access secret versions that are stored in Cloud Secret Manager from your integration.

For more information, see Secret Manager - Access task.

Apigee hybrid

hybrid v1.8.6

On April 3, 2023 we released an updated version of the Apigee hybrid software, v1.8.6.

Bug ID Description
274292101 In certain circumstances, environment-scoped KVMs in hybrid could cause rollback issues for MART.
271266079 Removed port 80 from the default Kubernetes service of Apigee Ingress Gateway.
267691299 The Apigee controller uses a dedicated apigee-manager Kubernetes service account, instead of using the default SA.
267666187 When using a custom Kubernetes service for the Apigee ingress gateway, you can disable the creation of a default load balancer. See Managing Apigee ingress gateway.
266814873 In certain circumstances, retrieving encrypted KVM entries could fail with an error. This fix ensures that MART will be able to successfully function for environment-scoped KVM entries, even if the encryption key is used in the Org Env configuration or when the keys contain non-UTF8 characters. There is no change to KVM data.
263840644 Fixed a conflict with an existing ASM on the cluster.
245619397 In Apigee hybrid, fluentbit support now includes the NO_PROXY environment variable.
223320630 mTLS-related client variables are now set by the Apigee runtime.
Bug ID Description
275002360 Security fixes for fluent-bit.
This addresses the following vulnerabilities:
274112103 Security fixes to the Apigee Controller and Apigee Watcher.
This addresses the following vulnerabilities:
Bug ID Description
271266079 Removed port 80 from the default Kubernetes service of Apigee Ingress Gateway. Port 80 is not supported by Apigee ingress gateway. If you are migrating from ASM to Apigee ingress gateway, and followed the instructions in the community post to enable Port 80, it will not work with Apigee Ingress gateway.
Application Integration

Secret Manager - Access task

The Secret Manager - Access task lets you access secret versions that are stored in Cloud Secret Manager from your integration.

For more information, see Secret Manager - Access task.

March 27, 2023

Apigee hybrid

hybrid v1.9.1

On March 27, 2023 we released an updated version of the Apigee hybrid software, v1.9.1.

Bug ID Description
269738951 The example network policies are now included in the apigeectl/examples/network-policies directory. see Configuring Kubernetes network policies.
271266079 Removed port 80 from the default Kubernetes service of Apigee Ingress Gateway.
269451743 In certain circumstances, upgrading from Apigee hybrid v1.8.3 to v1.9.0 could fail with an error message when creating the virtual hosts.
268696297 Providing a Kubernetes secret for Cassandra and Redis components is now supported. See cassandra.auth.secret and redis.auth.secret in the Configuration properties reference.
267691299 The Apigee controller uses a dedicated apigee-manager Kubernetes service account, instead of using the default SA.
267666187 When using a custom Kubernetes service for the Apigee ingress gateway, you can disable the creation of a default load balancer. See Managing Apigee ingress gateway.
266989915
266919136
In some circumstances, Apigee could return incorrect developer credentials for an app, unless the specific app was selected when requesting the credentials.
266814873 In certain circumstances, retrieving encrypted KVM entries could fail with an error. This fix ensures that MART will be able to successfully function for environment-scoped KVM entries, even if the encryption key is used in the Org Env configuration or when the keys contain non-UTF8 characters. There is no change to KVM data.
266594584 Websocket was failing in asm 1.15. This was due to incompatible capitalization in variable names between the Anthos Service Mesh overlay.yaml file and the and the Envoy filter apigee-envoyfilter.yaml file.
266411394 Added support for Azure Front Door request headers to /healthz health check.
265374889 Fixed an issue where in some circumstances the Java Callout would to fail due with the following error: Failed to execute JavaCallout. Could not initialize class org.jose4j.jwa.AlgorithmFactoryFactory2.
260342163 Fixed a narrow scenario where threads in runtime pods ended up consuming 100% CPU.
245619397 In Apigee hybrid, fluentbit support now includes the NO_PROXY environment variable.
Bug ID Description
275002360 Security fixes for fluent-bit.
This addresses the following vulnerabilities:
274112103 **Security fixes to the Apigee Controller and Apigee Watcher. This addresses the following vulnerabilities:
Bug ID Description
271266079 Removed port 80 from the default Kubernetes service of Apigee Ingress Gateway. Port 80 is not supported by Apigee ingress gateway. If you are migrating from ASM to Apigee ingress gateway, and followed the instructions in the community post to enable Port 80, it will not work with Apigee Ingress gateway.

March 23, 2023

Apigee Advanced API Security

On March 23, 2023, we released an updated version of Apigee Advanced API Security.

Public preview release of Advanced API Security abuse detection

Advanced API Security's new abuse detection feature lets you view security incidents involving your APIs. Abuse detection uses Google's machine learning algorithms to detect API traffic patterns that are a sign of malicious activity targeting your APIs.

Abuse detection includes two new types of detection rules powered by machine learning models:

  • Advanced Anomaly Detection: Detects unusual patterns of API traffic.
  • Advanced API scraper: Detects attempts to extract information from APIs for malicious purposes.

The two new detection rules, Advanced Anomaly Detection and Advanced API Scraper, are not available for organizations with VPC Service Controls. We are actively working to resolve this issue.

Apigee Integrated Portal

On March 23, 2023 we released an updated version of Apigee integrated portal.

Users are now able to enable the content security policy feature for their portal for Apigee and Apigee hybrid. Previously, this feature was available in Apigee Edge only.

See: Configure a content security policy

Bug ID Description
272794133 When setting a user account to Inactive, a notice is now displayed indicating that this setting affects the login behavior only for built-in identity provider accounts.
267502391 Improved error messages for invalid input to various endpoints.
265051231 Default assets (images) added to a newly created portal used to show up as size 0px x 0px. Now they show their proper size.
253037871 Users are now able to enable the content security policy feature for their portal for Apigee and Apigee hybrid. Previously, this feature was available in Apigee Edge only.
Apigee X

On March 23, 2023, we released an updated version of Apigee.

Public preview release of Advanced API Security abuse detection

Advanced API Security's new abuse detection feature lets you view security incidents involving your APIs. Abuse detection uses Google's machine learning algorithms to detect API traffic patterns that are a sign of malicious activity targeting your APIs.

Abuse detection includes two new types of detection rules powered by machine learning models:

  • Advanced Anomaly Detection: Detects unusual patterns of API traffic.
  • Advanced API scraper: Detects attempts to extract information from APIs for malicious purposes.

The two new detection rules, Advanced Anomaly Detection and Advanced API Scraper, are not available for organizations with VPC Service Controls. We are actively working to resolve this issue.

March 22, 2023

Apigee X

On March 22, we released an updated version of Apigee X.

Customize SSL certs for access routing when provisioning Apigee Pay-as-you-go organizations.

Users can now select existing self-managed SSL certs when customizing access routing during Apigee Pay-as-you-go provisioning. For more information, see Step 4: Customize access routing .

Receive Cloud console notifications when Pay-as-you-go provisioning completes.

While provisioning is in progress, users can navigate away from the Apigee provisioning page and monitor notifications in the Cloud console for updates when provisioning completes.

March 17, 2023

Apigee X

On March 17, we released an updated version of Apigee X (1-9-0-apigee-23).

With this release we removed certain insecure TLS ciphers for northbound traffic. You can find the full list of supported ciphers in the FIPS build of Envoy.

Note: Apigee only supports the RSA ciphers listed. ECDSA ciphers are not supported.

Bug ID Description
N/A Upgraded infrastructure and libraries.

March 13, 2023

Apigee API hub

On March 13, 2023 Apigee API hub released a new version of the software.

FieldSet artifacts that are attached to an API are now displayed in the API overview page.

March 09, 2023

Apigee Adapter for Envoy

v2.0.7

On March 9, 2023, we released version 2.0.7 of Apigee Adapter for Envoy.

Note: If you are upgrading an existing Apigee Adapter for Envoy, you must add the --force-proxy-install flag to the provision command. This flag forces the Apigee proxy to be replaced with the latest proxy. See Apigee hybrid example.

JWTs can now add a claim named customattributes that will pass the value on to the target in a header called x-apigee-customattributes (if append_metadata_headers is configured to be true).

  • An issue was fixed where an invalid api key could create spurious log entries and analytics records.
  • A deprecated version check was removed in a proxy that caused issues in newer versions of Apigee.

March 08, 2023

Apigee API hub

On March 8, 2023, the Apigee Registry API documents were updated to include the Google APIs Explorer panel.

The Google APIs Explorer has been added to the Apigee Registry API documents. The Try this method panel acts on real data and lets you try Google API methods without writing code.

March 02, 2023

Apigee UI

On March 2, 2023, we released an updated provisioning experience for Apigee users creating Pay-as-you-go organizations from the Apigee UI. All Apigee users creating new organizations with Pay-as-you-go billing can access the simplified onboarding experience, whether they are provisioning from the Apigee UI or the Google Cloud console.

March 01, 2023

Apigee Connectors

On March 1, 2023, we released updates to connectors for Apigee.

The following new connectors are available in preview:

The IBM MQ connector now supports requestReply messages.

The Cloud Storage connector now supports the following actions for file operations:

  • UploadObject
  • DownloadObject
  • MoveObject
  • CopyObject
  • DeleteObject

The MongoDB connector now supports the following actions:

  • InsertDocument
  • UpdateDocument
  • DeleteDocument
  • GetDocument
Apigee UI

On March 1, 2023, we released an updated version of the Apigee UI.

Public preview release of the Apigee UI in the Google Cloud console

This release includes a new version of the Apigee UI that is integrated with the Google Cloud console. The new UI makes it easier to perform Apigee tasks that are managed in the Cloud console. We welcome your feedback on the new UI: click Send Feedback at the top of the UI.

For now, you can continue to use the classic Apigee UI if you wish: just click Back to Classic Apigee in the new UI.

The following tabs in the classic Apigee UI have not yet been implemented in the Apigee UI in the Cloud console, but they will be available there soon:

  • Develop > Integrations
  • API Security
  • Monetization
  • Analyze > API Metrics > Cache Performance,
  • Analyze > API Metrics > Target Performance
  • Analyze > Developers
  • Analyze > End Users
  • Publish > Portals

If you need to use these features, you can do so by switching to the classic Apigee UI.

This release will be rolled out over the next week, so you might not be able to view the new Apgee UI until the rollout is complete.

February 24, 2023

Apigee hybrid

hybrid v1.8.5

On February 24, 2023 we released an updated version of the Apigee hybrid software, v1.8.5.

For information on upgrading, see Upgrading Apigee hybrid to version 1.8.

Bug ID Description
266594584 Websocket was failing in asm 1.15. This was due to incompatible capitalization in variable names between the Anthos Service Mesh overlay.yaml file and the and the Envoy filter apigee-envoyfilter.yaml file.
266411394 Add support for Azure Front Door request headers to /healthz health check.
260372012 Requests failed with 500 response and keyvaluemap.service.ErrorDuringDecryption error after upgrade to Hybrid 1.8. Note: Fixed in Apigee hybrid 1.8.4 and newer.
245619397 In Apigee hybrid, fluentbit support now includes the NO_PROXY environment variable.
181569522 You can now create a new environment with the same name as a deleted environment without needing to perform manual clean-up tasks first.

February 20, 2023

Apigee API hub

On February 20, 2023 Apigee API hub released a new version of the software.

Bug ID Description
264686707 Vertical scrollbars would not appear if the taxonomy and lifecycle stage tables overflowed the page.
264409346 The API list failed to load if there were over 1,000 APIs registered.

February 14, 2023

Apigee hybrid

hybrid v1.7.6

On February 14, 2023 we released an updated version of the Apigee hybrid software, v1.7.6.

For information on upgrading, see Upgrading Apigee hybrid to version 1.7.

Bug ID Description
268445095 The validateOrg flag can be set to false to bypass upgrade validation errors when configuration includes HTTP Forward proxy. You can use this to avoid upgrade errors caused by HTTP proxy settings.
262699558 The watcher component no longer fails when using Kubernetes Secret to store hybrid service account secret.
181569522 You can now create a new environment with the same name as a deleted environment without needing to perform manual clean-up tasks first.
218567150 The ingress gateway is now configured to consistently preserve UUID in the x-request-id header.
Note: This setting does have some impact on tracing in the ingress gateway. For more information, see pack_trace_reason in "UUID (proto)" in the envoy documentation. (Also fixed in Apigee hybrid v1.8.3)
259264961 Added support for ASM v1.15. Please see Known issue 266452840

February 09, 2023

Apigee Integration

On February 9, 2023 we released an updated version of the Apigee Integration.

Data Mapping Editor improvements

Transform expression changes:

  • You can now add, modify, or remove a function or a function parameter in-between an existing transform expression without losing the subsequent transform functions in the expression.
  • When applying a pre-defined transform function to a variable in the Data Mapping Editor, the function selection menu now displays the list of functions as per the return type of the preceding function or the data type of the preceding parameter.

Data Mapping Editor UI changes:

  • Input rows are updated to display indent guides to improve readability and structure recognition.
  • Mapping validation errors are now highlighted for each function in an Input row.

For more information, see Data Mapping editor.

Application Integration

Data Mapping Editor improvements

Transform expression changes:

  • You can now add, modify, or remove a function or a function parameter in-between an existing transform expression without losing the subsequent transform functions in the expression.
  • When applying a pre-defined transform function to a variable in the Data Mapping Editor, the function selection menu now displays the list of functions as per the return type of the preceding function or the data type of the preceding parameter.

Data Mapping Editor UI changes:

  • Input rows are updated to display indent guides to improve readability and structure recognition.
  • Mapping validation errors are now highlighted for each function in an Input row.

For more information, see Data Mapping editor.

February 08, 2023

Apigee X

On February 8, we released an updated version of Apigee X (1-9-0-apigee-21).

The VerifyAPIKey policy and the VerifyAccessToken action of the OAuth2 policy now support CacheExpiryInSeconds. Setting this variable enforces TTL on the cache and enables customization of the time period for cached token expiry.

Bug ID Description
181569522 Fixed the environment recreate scenario without manual cleanup.
217173784 The HMAC.policy-name.error variable is populated for HMAC failing policies.
257268790 Fixed bug where invalid proxy configuration halted Message Processor boot up.
250638658 Fixed the SetIntegrationRequest policy that fails if the JSON payload contains {foo}.
265204739 Set externalTrafficPolicy:local as default for Apigee X instances to mitigate 502 errors.
N/A Upgraded infrastructure and libraries.

February 06, 2023

Apigee Integration

On February 6, 2023 we released an updated version of the Apigee Integration.

JavaScript task (Preview)

The JavaScript task lets you write custom JavaScript code snippets for your integration.

Using the JavaScript Editor, you can code complex data mapping logic for your integration, perform variable assignments, and add or modify integration variables.

For more information, see JavaScript task.

Delete integration

You can now delete an entire integration without the need to individually delete all the respective integration versions.

When you delete an integration, you permanently delete all the versions of that integration, including all the integration variables, configured triggers, tasks, and data mappings.

For more information, see Delete integrations.

Application Integration

JavaScript task

The JavaScript task lets you write custom JavaScript code snippets for your integration.

Using the JavaScript Editor, you can code complex data mapping logic for your integration, perform variable assignments, and add or modify integration variables.

For more information, see JavaScript task.

Delete integration

You can now delete an entire integration without the need to individually delete all the respective integration versions.

When you delete an integration, you permanently delete all the versions of that integration, including all the integration variables, configured triggers, tasks, and data mappings.

For more information, see Delete integrations.

New Overview page

A new Overview page is now introduced in Application Integration. It's the first place you land when opening Application Integration in your Google Cloud console, and helps you understand and get started with setting up Application Integration in your Google Cloud project.

February 01, 2023

Apigee hybrid

hybrid v1.9.0

On February 1, 2023 we released an updated version of the Apigee hybrid software, v1.9.0.

Kubernetes network policies

Starting in version 1.9, Apigee hybrid offers new Kubernetes network policies to secure Cassandra and Redis pods within an Apigee Hybrid cluster. See Configuring Kubernetes network policies.

CSI Backup and Restore

Starting with Apigee hybrid 1.9, you can back up and restore your hybrid data using CSI (Container Storage Interface) snapshots. CSI backup generates disk snapshots and stores them as encrypted data in cloud storage. See Cassandra CSI backup and restore.

Custom ingress access logs

Starting in version 1.9, Apigee hybrid offers custom log formats for the Apigee Ingress gateway. See Customize Ingress access logs.

Target separate ingress gateways to virtual hosts

Starting in version 1.9, Apigee hybrid you can control how separate Apigee Ingress gateways map to specific virtual hosts. See Targeting an Apigee ingress to a virtual host.

Support for customer-installed Anthos Service Mesh deprecated

Starting in version 1.9, Apigee hybrid only supports the Apigee Ingress gateway for ingress, and no longer supports customer-installed Anthos Service Mesh. See:

Bug ID Description
266356206 A jackson-databind library error was causing OAS Validation errors when loading applications. The jackson-databind libraries have been updated to correctly parse null vs NullMode values. (Fixed in Apigee hybrid v1.9.0)
262616276 Apigee hybrid v1.9 adds support for Kubernetes in AKS v1.24+. Also fixed in Apigee hybrid v1.8.4 and newer (Fixed in Apigee hybrid v1.9.0 and v1.8.4)
260372012 Requests failed with 500 response and keyvaluemap.service.ErrorDuringDecryption error after upgrade to Hybrid 1.8. Also fixed in Apigee hybrid v1.8.4 and newer (Fixed in Apigee hybrid v1.9.0 and v1.8.4)
260324159 Solved up to 30 minute delay proxy deployment due to socket closed error in synchronizer. (Fixed in Apigee hybrid v1.9.0)
259738092 Intermittent 404's were seen at the Apigee Ingress Gateway due to an inconsistent configuration delivery mechanism. (Fixed in Apigee hybrid v1.8.3)
258699204 The default memory requests and limits for metrics pods that were inadvertently changed in 1.8.x. have been fixed. Also fixed in Apigee hybrid v1.8.4 and newer (Fixed in Apigee hybrid v1.9.0 and v1.8.4)
255677576 In fresh installations with Apigee Ingress (instead of user-installed Anthos Service Mesh), the Apigee UI would sometimes show red (not working) status. This is because in certain circumstances Watcher did not send the correct deployment status due to using the wrong selector for the Apigee Ingress Gateway. (Fixed in Apigee hybrid v1.8.3)
251435916 Fixed an issue where in certain circumstances, MP pods would scale without traffic. (Fixed in Apigee hybrid v1.7.5)
249144084 Reuse existing target IPs if DNS resolution fail on DNS cache refresh. (Fixed in Apigee hybrid v1.8.1)
245664917 During the upgrade to Apigee hybrid 1.8.x, after running apigeectl init and confirming that check-ready succeeded, the Cassandra schema validation job was in an error state. Also fixed in Apigee hybrid v1.8.4 and newer (Fixed in Apigee hybrid v1.9.0 and v1.8.4)
243880171 Upgrade from Apigee hybrid v1.7 to v1.8 could fail when http_proxy was configured to DENY internal network traffic. (Fixed in Apigee hybrid v1.8.1)
243717191 Container restart no longer conflicts with the existing certificates.
243599452 Fixed indentation issue with ingress gateway annotations. (Fixed in Apigee hybrid v1.8.2)
243167389 Apigee now validates the length of ingressGateways[].name in overrides.yaml.
TThe value of ingressGateways:name must meet the following requirements:
  • Have a maximum length of 17 characters
  • Contain only lowercase alphanumeric characters, '-' or '.'
  • Start with an alphanumeric character
  • End with an alphanumeric character
See ingressGateways[].name in the Configuration property reference. (Fixed in Apigee hybrid v1.8.1)
243158304 'ApigeeRouteConfig' no longer looks for a cert in the istio-system namespace. (Fixed in Apigee hybrid v1.9.0)
241959053 Fixed apigeectl parsing error for serviceaccountRef. (Fixed in Apigee hybrid v1.8.2)
232529030 Replaced the Logging fluentbit container environment variable http_proxy with HTTP__PROXY to maintain compatibility with fluentbit 1.8. (Fixed in Apigee hybrid v1.8.1)
227212728 Cassandra scripts now avoid writing data to the Pod Filesystem. (Fixed in Apigee hybrid v1.8.1)
218567150 The ingress gateway is now configured to consistently preserve UUID in the x-request-id header. This applies to both Apigee Ingress gateway and to the Istio ingress gateway when are using customer-installed Anthos Service Mesh.
Note: This setting does have some impact on tracing in the ingress gateway. For more information, see pack_trace_reason in the "UUID (proto)" page in the envoy documentation. (Fixed in Apigee hybrid v1.8.3)
Bug ID Description
270371160 In Apigee hybrid v1.9.0, we removed certain insecure TLS ciphers. Apigee hybrid supports the TLS cipher suites supported by the Boring FIPS build of Envoy.

Note: Apigee hybrid only supports the RSA ciphers listed. ECDSA ciphers are not supported.

Bug ID Description
N/A Upgraded to ASM 1.12.9 to address Istio and Go language vulnerabilities in an earlier version (CVE-2022-39278). For more information, see the Service Mesh security bulletin. (Fixed in Apigee hybrid v1.8.2)
N/A Upgraded to ASM 1.12.9 to address Istio and Go language vulnerabilities in an earlier version (CVE-2022-39278). For more information, see the Service Mesh security bulletin. (Fixed in Apigee hybrid v1.7.5)
N/A Miscellaneous Security updates and fixes. (Fixed in Apigee hybrid v1.7.4)
262576073 Security fix for apigee-watcher. Also fixed in Apigee hybrid v1.8.4 and newer (Fixed in Apigee hybrid v1.9.0 and v1.8.4)
This addresses the following vulnerabilities:
262574571 Security fix for apigee-operators. Also fixed in Apigee hybrid v1.8.4 and newer (Fixed in Apigee hybrid v1.9.0 and v1.8.4)
This addresses the following vulnerabilities:
259290668 Update Kubectl in the backup utility. (Fixed in Apigee hybrid v1.8.3)
This addresses the following vulnerabilities:
256019598 Security fix for Cassandra. Also fixed in Apigee hybrid v1.8.4 and newer (Fixed in Apigee hybrid v1.9.0 and v1.8.4)
This addresses the following vulnerabilities:
254862745, 249630685 Security fix for apigee-diagnostics-runner and apigee-envoy. (Fixed in Apigee hybrid v1.8.3)
This addresses the following vulnerabilities:
254774193, 254773110 Fix for vulnerability in apigee-diagnostics-collector, apigee-mart-server, and apigee-mint-task-scheduler. (Fixed in Apigee hybrid v1.8.3)
This addresses the following vulnerability:
254774167 Fix for apigee-mart-server, apigee-mint-task-scheduler, apigee-runtime, and apigee-synchronizer. (Fixed in Apigee hybrid v1.8.3)
This addresses the following vulnerabilities:
254773838, 254773636, 254772551, 254771693 Fix for vulnerability in apigee-diagnostics-collector, apigee-mart-server, apigee-mint-task-scheduler, apigee-runtime, and apigee-synchronizer. (Fixed in Apigee hybrid v1.8.3)
This addresses the following vulnerabilities:
254770883, 249633275, 249629782 Security fixes for apigee-diagnostics-collector, apigee-mart-server, apigee-runtime, and apigee-synchronizer. (Fixed in Apigee hybrid v1.8.3)
This addresses the following vulnerabilities:
253693906 Upgraded Prometheus to 2.39.1 to address vulnerabilities in an earlier version. (Fixed in Apigee hybrid v1.8.2)
This addresses the following vulnerabilities:
253498057 Upgraded Fluent Bit to 1.9.9 to address vulnerabilities in an earlier version. (Fixed in Apigee hybrid v1.8.2)
This addresses the following vulnerabilities:
249635718, 249629771 Security fixes for Apigee Connect and apigee-redis. (Fixed in Apigee hybrid v1.8.3)
This addresses the following vulnerabilities:
249633289 Fix for apigee-prometheus-adapter. (Fixed in Apigee hybrid v1.8.3)
This addresses the following vulnerabilities:
248288668 Fixes to address apigee-installer vulnerabilities. (Fixed in Apigee hybrid v1.8.2)
247864229 upgraded kube-rbac-proxy to v0.13.0 to address vulnerabilities in an earlier version. (Fixed in Apigee hybrid v1.8.2)
240833499 Security fix for gopkg.in/yaml.v3. (Fixed in Apigee hybrid v1.7.4)
230369447 Security fix for commons-codec (Fixed in Apigee hybrid v1.7.4)
230368838 Security fix for CVE-2018-10237, auto-value:guava. (Fixed in Apigee hybrid v1.7.4)
230366823 Security fix for jackson-databind. (Fixed in Apigee hybrid v1.7.4)
230366589 Security fix for CVE-2021-22696-cxf in cxf. (Fixed in Apigee hybrid v1.7.4)
230366276 Security fix for CVE-2021-22569. (Fixed in Apigee hybrid v1.7.4)
229804717 Security fix for apigee-envoy. (Fixed in Apigee hybrid v1.7.4)
222772470, 220169963, 210116413 Security fix for CVE-2021-38297: Updated Go language version. (Fixed in Apigee hybrid v1.8.1)
222772341, 222772333, 222772261, 222771839 Security fix for CVE-2022-23806: Updated Go language version. (Fixed in Apigee hybrid v1.8.2)
202174499 Fixed Vulnerability for protobuf-java and protobuf-java-util packages. (Fixed in Apigee hybrid v1.8.2)

January 26, 2023

Apigee hybrid

hybrid v1.8.4

On January 26, 2023 we released an updated version of the Apigee hybrid software, v1.8.4. For information on upgrading, see Upgrading Apigee hybrid to version 1.8.

Bug ID Description
262699558 The watcher component failed when using Kubernetes Secret to store hybrid service account secret.
262616276 Added support for Kubernetes v1.24 and v1.25
260372012 Requests failed with 500 response and keyvaluemap.service.ErrorDuringDecryption error after upgrade to Hybrid 1.8.
258699204 The default memory requests and limits for metrics pods that were inadvertently changed in 1.8.x. have been fixed.
245664917 During the upgrade to Apigee hybrid 1.8.x, after running apigeectl init and confirming that check-ready succeeded, the Cassandra schema validation job was in an error state.
Bug ID Description
262576073 Security fix for apigee-watcher. This addresses the following vulnerabilities:
CVE-2022-41716
CVE-2022-41715
CVE-2022-2880
CVE-2022-2879
262574571 Security fix for apigee-operators. This addresses the following vulnerabilities:
CVE-2022-41716

January 17, 2023

Apigee Integrated Portal

On January 17, 2023 we released an updated version of Apigee integrated portal.

Bug ID Description
262260756 We have updated the new account notification to administrators to read:

"A new account was created by {{firstname}} {{lastname}} ({{email}}), for site {{siteurl}}. If you have enabled manual approval for new user accounts, this user will not be able to log in until you approve their account creation request by setting their status to 'active'."

This is to highlight that they need to manually activate new accounts ONLY if they have enabled manual approval for new accounts.
261788412 Updated the version of GraphiQL used in the portal.

January 11, 2023

Apigee UI

On January 11, 2023, we released an updated version of the Apigee UI.

GA release of the new Proxy Editor

The new Proxy Editor simplifies the process of adding policies to an API proxy, configuring those policies, and then deploying the proxy.

January 10, 2023

Apigee Integration

On January 10, 2023 we released an updated version of the Apigee Integrations software.

Cloud Scheduler trigger (Preview)

The Cloud Scheduler trigger lets you schedule your integration executions for defined time periods or regular intervals across multiple regions. Cloud Scheduler triggers leverage the Cloud Scheduler services to provide a fully managed enterprise-grade cron job scheduler within Apigee Integration.

For more information, see Cloud Scheduler trigger.

Application Integration

Cloud Scheduler trigger

The Cloud Scheduler trigger lets you schedule your integration executions for defined time periods or regular intervals across multiple regions. Cloud Scheduler triggers leverage the Cloud Scheduler services to provide a fully managed enterprise-grade cron job scheduler within Application Integration.

For more information, see Cloud Scheduler trigger.

January 09, 2023

Apigee UI

On January 9, 2023, we released an updated version of the Apigee UI.

Specify an IP range with prefix /28 when creating a new instance

Previously, you could only specify an IP range with prefix /22 when creating an instance. This change makes it possible to specify /28 ranges as well as /22 ranges when creating an Apigee instance in the instance manager or the provisioning wizard.

Bug ID Description
255609921 Advanced API Security table rows now use links or span tags

January 04, 2023

Apigee Connectors

On January 04, 2023, we released the preview version of new connectors for Apigee.

The following new connectors are available in preview:

December 26, 2022

Apigee Integration

On December 26, 2022 we released an updated version of the Apigee Integrations software.

Test without publishing an integration

You can now test your integration without the need to publish or create a new integration version. Testing an integration lets you experiment with the integration input variable values, and helps in identifying any faults in the integration connection flow before you finalize and publish the integration.

For more information, see Test and publish integrations.

Application Integration

Test without publishing an integration

You can now test your integration without the need to publish or create a new integration version. Testing an integration lets you experiment with the integration input variable values, and helps in identifying any faults in the integration connection flow before you finalize and publish the integration.

For more information, see Test and publish integrations.

December 22, 2022

Apigee Connectors

On December 22, 2022, we released the preview version of new connectors for Apigee.

The following new connectors are available in preview:

Connectors for Google services

Connectors for other applications

  1. Box
  2. Couchbase
  3. FTP
  4. IBM MQ
  5. Kintone
  6. MailChimp
  7. Neo4J
  8. Redshift
  9. SAP HANA
  10. SAP Netweaver Gateway
  11. SendGrid
  12. Shopify
  13. SingleStore
  14. Snowflake
  15. Streak
  16. Stripe
  17. TaxJar
  18. Trello

December 14, 2022

Apigee Integrated Portal

On December 14, 2022 we released an updated version of Apigee integrated portal.

Bug ID Description
260725456 The x-xss-protection header on portal runtime loading changed from value of "1;" to be "1; mode=block".
254053443 Fixed a bug to ensure that a Not found page is displayed whenever an invalid document path is navigated to in a portal.

December 08, 2022

Apigee X

On December 8, we released an updated version of Apigee X.

GA release of Simplified Onboarding for Apigee X (Pay-as-you-go) in the Google Cloud console.

With this release, new Apigee customers using Pay-as-you-go pricing can quickly configure Apigee using a simplified onboarding flow accessible from the Google Cloud console.

  • The new onboarding UI provides stepped navigation consistent with other products available in the console.
  • Apigee X (Pay-as-you-go) provisioning is simplified but remains flexible. Default settings are provided, with the option to customize as needed.
  • Improved contextual help streamlines decision-making during onboarding.

See Before you begin and Get started in the Cloud Console for more details on provisioning Apigee X with Pay-as-you-go pricing from the Google Cloud console.

December 05, 2022

Apigee hybrid

hybrid v1.8.3

On December 5, 2022 we released an updated version of the Apigee hybrid software, v1.8.3.

For