This page documents production updates to Apigee software in 2022 and later. We recommend that users periodically check this list for any new announcements, or subscribe to this page using a feed reader to get notifications of updates.
What is a feed reader?
Really simple syndication (RSS) feed readers aggregate content from websites that you specify.
Feed reader notifications can be email-, browser-, desktop-, or mobile-based. Some readers are free, or have free versions, and some require a subscription.
A few examples:
More information on RSS:
See also:
You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or programmatically access release notes in BigQuery.
To get the latest product updates delivered to you, add the URL of this page to your
feed
reader, or add the feed URL directly: https://cloud.google.com/feeds/apigee-x-release-notes.xml
April 19, 2024
On April 19, 2024, we released an updated version of Apigee.
With this release, Apigee API Management organizations with Subscription 2021 contracts have been upgraded to introduce standard and extensible API proxy features and expanded limits on deployments.
With this upgrade:
- Standard and extensible API proxy calls are counted equally when calculating overall API call entitlement for Subscription 2021 contracts.
- The maximum number of shared flow deployments is 75 per environment.
- There are no limits on the total number of API proxy deployments per environment.
- The maximum limit of total deployment units (API proxies or shared flows) per organization is 4250.
Note: The fleetwide upgrade is complete for the majority of Subscription 2021 contract organizations. Organization administrators for the remaining 5% of organizations have been contacted by Apigee representatives regarding timelines for the release.
To learn more about:
- Standard and Extensible API Proxy types, see API Proxy types.
- Expanded limits for API proxy and shared flow deployments, see Limits.
- Account level deployment limits, see Subscription 2021 entitlements.
- Viewing proxy deployment count, see View proxy deployment usage.
Subscription organizations upgraded in this release will see changes to the user experience in the Classic Apigee UI. To support management of the upgraded functionality now available to these organizations, a number of feature administration pages are now only available in the Apigee UI in Cloud console.
For more information, see Apigee UI in Cloud console navigation.
April 15, 2024
On April 15, 2024, we released an updated version of Apigee (1-12-0-apigee-4).
| Bug ID | Description |
|---|---|
| 332981542 | Optimized VerifyAPI policy execution time for high count of API products. |
April 03, 2024
On April 3, 2024, we released an updated version of Apigee.
With this release, Apigee expanded its support for data residency to additional regions in Asia-Pacific and the Middle East. Data residency for Apigee meets compliance and regulatory requirements by allowing you to specify the geographic locations (regions) where Apigee data is stored.
For more information, see Introduction to data residency.
For a list of supported geographic locations, see Apigee locations.
April 02, 2024
On April 2, 2024, we announced an increase in the rate limits for the Spike Arrest policy.
The limit on the rate you can specify increased from 1,000 requests per second, 60,000 requests per minute to 4,000 requests per second, 240,000 requests per minute.
See the Spike Arrest section of the Limits page for information on Spike Arrest limits.
April 01, 2024
On April 1, 2024, we released an updated version of Apigee.
With this release, Apigee expanded its support for data residency to additional regions in Canada. Data residency for Apigee meets compliance and regulatory requirements by allowing you to specify the geographic locations (regions) where Apigee data is stored.
For more information, see Introduction to data residency.
For a list of supported geographic locations, see Apigee locations.
March 29, 2024
On March 29, 2024, we released an updated version of Apigee (1-12-0-apigee-2).
With this release, Apigee expanded its support for data residency to additional regions in the European Union. Data residency for Apigee meets compliance and regulatory requirements by allowing you to specify the geographic locations (regions) where Apigee data is stored.
For more information, see Introduction to data residency.
For a list of supported geographic locations, see Apigee locations.
New Apigee API Monitoring Metrics
An new suite of metrics for monitoring Apigee proxies and target endpoints is now available. With improved scalability and accuracy, the new suite can support large workloads and withstand underlying infrastructure changes.
Apigee's API Monitoring tables and dashboards have been updated to include the following new metrics, which can be used to configure alerts and create custom dashboards:
proxy/request_count
proxy/response_count
proxy/latencies
target/request_count
target/response_count
target/latencies
| Bug ID | Description |
|---|---|
| 322843888 | Fixed issue with incorrect proxy routing when using base paths in proxy chaining. |
| 293933387 | KVM list operation now permits entries with null or empty values. |
| 239523766 | Removed Unable to evaluate jsonVariable, returning null error string from ExtractVariable Policy logging. |
| 285592278 | Fixed issue with deduction of recurring fees from prepaid balances. |
| 237656263 | Resolved issue with async mode in the ServiceCallout policy when the <Response> element is removed. |
| 321744310 | Added support for caching JSON results retrieved from the ExtractVariables policy. |
| 295341973 | Resolved issue causing delay in updating southbound SSL certificates in truststore and keystore references. |
March 26, 2024
On March 26, 2024, we released an updated version of Apigee (1-12-0-apigee-1).
New Apigee API Monitoring Metrics
An new suite of metrics for monitoring Apigee proxies and target endpoints is now available. With improved scalability and accuracy, the new suite can support large workloads and withstand underlying infrastructure changes.
Apigee's API Monitoring tables and dashboards have been updated to include the following new metrics, which can be used to configure alerts and create custom dashboards:
proxy/request_count
proxy/response_count
proxy/latencies
target/request_count
target/response_count
target/latencies
| Bug ID | Description |
|---|---|
| 322843888 | Fixed issue with incorrect proxy routing when using base paths in proxy chaining. |
| 293933387 | KVM list operation now permits entries with null or empty values. |
| 239523766 | Removed Unable to evaluate jsonVariable, returning null error string from ExtractVariable Policy logging. |
| 285592278 | Fixed issue with deduction of recurring fees from prepaid balances. |
| 237656263 | Resolved issue with async mode in the ServiceCallout policy when the <Response> element is removed. |
| 321744310 | Added support for caching JSON results retrieved from the ExtractVariables policy. |
| 295341973 | Resolved issue causing delay in updating southbound SSL certificates in truststore and keystore references. |
March 13, 2024
As of March 13, 2024, the conversion of Apigee API Management organizations with Pay-as-you-go pricing provisioned before October 1, 2023, to Pay-as-you-go organizations that use updated attributes for pricing is complete, with the exception of one organization that requires customer action.
The Apigee API Analytics add-on is enabled in converted organizations.The Analytics add-on can be disabled if it is not required. In addition, you can update your Pay-as-you-go environment types using the API.
For more information on the updated pricing and enhanced features now available for these organizations, see Pay-as-you-go (updated attributes) overview.
Updated pricing attributes will be reflected in March invoices. For billing questions related to this change, contact Google Cloud Billing support.
February 12, 2024
On February 12, 2024, we released an updated version of Apigee (1-11-0-apigee-17).
This release addresses the security concerns in GCP-2024-007 from Google Anthos Service Mesh.
| Bug ID | Description |
|---|---|
| 322389251 | Security fix for apigee-ingress. This addresses the following vulnerabilities: |
| Bug ID | Description |
|---|---|
| 230082910 | Fixed issue causing null values for system.timestamp and system.time.millisecond proxy variables. |
This note is incorrect; this fix is not included in this release.
| 285592278 | Fixed issue with deduction of recurring fees from prepaid balances.
This note is incorrect; see entry for March 26, 2024.
February 08, 2024
On February 8, 2024 we released an updated version of the Apigee APIs.
API support for update operations on KeyValueMap entries
Starting with this release, the Apigee APIs support update operations for KeyValueMap entries. See the API reference page for REST Resource: organizations.environments.keyvaluemaps.entries for information.
February 02, 2024
On February 2, 2024, we released an updated version of Apigee.
We modified or added these limits:
- Changed the maximum API proxy endpoints per API proxy from 5 to 10
- Specified the maximum API base paths per organization as 21,250
See the Limits page for details.
February 01, 2024
On February 1, 2024, we released an updated version of Apigee.
With this release, Apigee API Management organizations with Pay-as-you-go pricing provisioned before October 1, 2023, will be converted to Pay-as-you-go organizations that use updated attributes for pricing.
Prior to the conversion, these organizations were billed for API runtimes based on Apigee gateway node usage and the total number of API requests processed by Apigee analytics.
Once converted, these organizations will be billed for the following:
- Volume of API calls processed by a given proxy type
- Usage of deployment environments (per hour per region)
- Usage of additional deployment units (API proxies or shared flows)
- Any additional add-on capabilities (Advanced API security, Monetization, Analytics)
The conversion process is expected to last about 5 minutes and traffic will continue to be processed normally during this time. If proxy revision deployments are interrupted during this time frame, revisions can be deployed after conversion completes.
The Apigee API Analytics add-on will be enabled by default in converted organizations.The Analytics add-on can be disabled after the pricing change if it is not required.
For more information on the updated pricing and enhanced features now available for these organizations, see Pay-as-you-go (updated attributes) overview.
Updated pricing attributes will be reflected in March invoices. For billing questions related to this change, contact Google Cloud Billing support.
January 22, 2024
On January 22, 2023, we released an updated version of Apigee (1-11-0-apigee-14).
Note: Rollouts of this release to production instances will begin within two business days and may take four or more business days to be completed across all Google Cloud zones. Your instances may not have the features and fixes available until the rollout is complete.
| Bug ID | Description |
|---|---|
| 316093865 | Fixed issue where empty LoadBalancer configuration in the Target Endpoint results in a failed proxy deployment with NullPointerException. |
| 312966965 | Resolved proxy chaining issue resulting in incorrect post-target service callout hostnames. |
| 318909276 | Fixed issue withLookupCache policy failures under certain circumstances. |
| 262071551 | Resolved issue with the use of combinators such as allOf in the OASValidation Policy. |
| 311049371 | Resolved issue causing SSL error in proxy chaining and path chaining flows. |
| 308196929 | Use of target.header.host flow variable with gRPC targets is now fixed. |
December 15, 2023
On December 15, 2023, we released an updated version of Apigee.
Update Pay-as-you-go environment types with Apigee APIs.
Use Apigee APIs to upgrade or downgrade the type of an existing environment to add or remove feature capabilities and manage your Apigee Pay-as-you-go billing and resource usage. For more information, see Update Pay-as-you-go environment types.
Apigee Advanced API Security add-on for Pay-as-you-go organizations is generally available (GA).
With this release, Apigee Advanced API Security is available as a paid add-on capability for Pay-as-you-go organizations. The add-on can be enabled in any Apigee Intermediate or Comprehensive environment from the Apigee UI in Cloud Console or using the Apigee APIs. For more information, see Manage the Advanced API Security add-on.
December 13, 2023
On December 13, 2023, we released an updated version of Apigee.
Note: Rollouts of this release to production instances will begin within two business days and may take four or more business days to be completed across all Google Cloud zones. Your instances may not have the features and fixes available until the rollout is complete.
You can now restrict the creation of Apigee location based resources (Organization, Instances and EndpointAttachments) to specific locations using an Organization Policy Service constraint. This feature is generally available. To learn more, see Restricting Resource Locations.
Apigee now supports data residency. Data residency for Apigee meets compliance and regulatory requirements by allowing you to specify the geographic locations (regions) where Apigee data is stored. See Introduction to data residency.
Apigee now supports Forward Proxying. Forward Proxying provides the ability to forward traffic received in a particular environment to a specified URI. See Forward proxying.
Apigee now supports CMEK for the control plane. If you have specific compliance or regulatory requirements related to the keys that protect your data, you can use customer-managed encryption keys (CMEK). See Introduction to CMEK.
December 07, 2023
On December 7, 2023, we released an updated version of Apigee X.
General Availability (GA) of Apigee gRPC passthrough
Apigee's gRPC proxy passthrough functionality provides the ability to create proxies which receive gRPC client requests and pass them through to a gRPC target server.
For information, see Creating gRPC API proxies.
December 01, 2023
On December 1, 2023, we released an updated version of Apigee (1-11-0-apigee-8).
Note: Rollouts of this release to production instances will begin within two business days and may take four or more business days to be completed across all Google Cloud zones. Your instances may not have the features and fixes available until the rollout is complete.
Dynamic endpoint target metrics aggregated into a single metric.
With this release, all request, response, and latency target metrics for dynamically-configured endpoints are aggregated and presented as a single metric per proxy, using the endpoint label Dynamic Target. This feature does not change monitoring behavior for statically configured endpoints.
| Bug ID | Description |
|---|---|
| 294882858 | Fixed issue with ServiceCallout policy overriding target_ip value in proxy. |
| 279037851 | Improved performance when running debug sessions with masked payload. |
| 312026988 | Resolved possible usage counting issue for monetization prepaid developers using proxies with multiple proxy endpoints configured. |
November 10, 2023
As of November 10, 2023, Configurable API Proxies (preview) is no longer available. For more information, see Configurable API Proxies (preview) deprecation.
On November 10, 2023 we released an updated version of Apigee.
Apigee is now available in a new region: Middle East - Dammam (me-central2).
See Apigee locations for more information about available regions.
November 03, 2023
On November 3, 2023, we updated the following security bulletin:
| Bug ID | Description |
|---|---|
| 304599411 | Security bulletin updated GCP-2023-32 A Denial-of-Service (DoS) vulnerability was recently discovered in multiple implementations of the HTTP/2 protocol (CVE-2023-44487), including the Apigee Ingress (Anthos Service Mesh) server used by Apigee X. The vulnerability could lead to a DoS of Apigee API management functionality. |
The shutdown of the Configurable API Proxy (Preview) feature is approaching. On or after November 10, 2023, the preview feature will no longer be available. For more information, see Configurable API proxies (preview) deprecation.
October 24, 2023
On October 24, 2023, we released an updated version of Apigee (1-11-0-apigee-7).
Note: Rollouts of this release to production instances will begin within two business days and may take four or more business days to be completed across all Google Cloud zones. Your instances may not have the features and fixes available until the rollout is complete.
With this release, the HeaderName element is available as a child element of Authentication. This element appears in the ServiceCallout and ExternalCallout policies, and in the TargetEndpoint proxy configuration.
By default, when an Authentication configuration is present, Apigee generates and injects a bearer token into the Authorization header, in the message sent to the target system. The new HeaderName element allows the configuration to specify the name of a different header to hold that bearer token.
| Bug ID | Description |
|---|---|
| 294293907 | Fixed issue with Google authentication for gRPC-based target servers. |
| 292454825 | Fixed issue causing Null Pointer Exception when creating or updating an API product. |
| 291784631 | Implemented fix to permit the use of hyphens (-) in flow variables used to define target URLs in <HTTPTargetConnection>. |
| 267229604 | Fixed issue where updates to a TLS truststore reference were not reflected for in-use southbound target server connections. |
| 277353680 | Fixed issue causing target server HealthMonitors to continue beyond revision or deletion of the proxy.Target health checks are now terminated as soon as the proxy is removed from the runtime (undeployed or deleted). Note: There may be a delay between removal of the proxy and termination of the target server health checks. |
| N/A | Upgraded infrastructure and libraries. |
October 19, 2023
On October 19, 2023, we released an updated version of Apigee
Looker Studio Integration
This release includes the public preview of Looker Studio Integration, which connects Apigee data to Google's Looker Studio. Looker Studio is a powerful and flexible tool that you can use to display Apigee data in fully customizable dashboards and reports.
October 13, 2023
On October 13, 2023, we released an updated version of Apigee (1-11-0-apigee-6).
| Bug ID | Description |
|---|---|
| 304681330 | Security fix for apigee-ingress. This addresses the following vulnerability: CVE-2023-44487 |
| 305127632 | Security bulletin published. GCP-2023-032 |
Description
A Denial-of-Service (DoS) vulnerability was recently discovered in multiple implementations of the HTTP/2 protocol (CVE-2023-44487), including the Apigee Ingress (Anthos Service Mesh) server used by Apigee X. The vulnerability could lead to a DoS of Apigee API management functionality.
Affected Products
Deployments of Apigee X that are accessible through a Google Cloud Network Load Balancer (Layer 4), or a custom layer 4 load balancer, are affected. A hotfix is being applied to all Apigee X instances. Your Apigee X instances will be automatically updated within the next few days.
Unaffected products
Apigee X instances which are accessed only via Google Cloud Application Load Balancers (Layer 7) are not affected. This includes deployments that have HTTP/2 enabled for gRPC proxies.
What Should I Do?
All Apigee X instances will be automatically updated within the next few days. Customers do not need to take any actions.
What Vulnerabilities Are Addressed By These Patches?
The vulnerability, CVE-2023-44487, allows an attacker to execute a denial-of-service attack on Apigee ingresses.
September 29, 2023
On September 29, 2023, we released an updated version of Apigee.
New attributes for Pay-as-you-go pricing are generally available (GA).
Apigee updated its Pay-as-you-go pricing model, making it possible for customers to onboard at a significantly reduced initial cost and right-size their ongoing expenses to usage.
To learn more about the updated Pay-as-you-go pricing experience, see Pay-as-you-go (updated attributes) pricing overview.
Standard and extensible API proxies are generally available (GA).
Standard and extensible API proxies are generally available for use with Apigee organizations.
For more information about standard and extensible API proxies, see API proxy types.
HTTPModifier and ReadPropertySet policies and templating support for message
The HTTPModifier policy can change an existing request or response message and provides a subset of the functionality already available in the AssignMessage policy. See HTTPModifier policy.
The ReadPropertySet policy reads property sets and populates flow variables with the results. See ReadPropertySet policy.
HTTPModifier and ReadPropertySet are standard policies. Proxies built exclusively with standard policies are called standard proxies and can be deployed to any environment type. See Pay-as-you-go (updated attributes) pricing overview.
With this release, template support for message
New environment types are generally available (GA).
With this release, Apigee introduces three distinct environments that have access to varying degrees of Apigee capabilities and costs: Base, Intermediate, and Comprehensive.
For more information, see Apigee Pay-as-you-go environment types.
Apigee API Analytics add-on for Pay-as-you-go organizations is generally available (GA).
With this release, Apigee API Analytics is available as a paid add-on capability for Pay-as-you-go organizations. The add-on can be enabled in any Apigee Intermediate or Comprehensive environment. For more information, see Manage the Apigee API Analytics add-on.
One click provisioning for Apigee Pay-as-you-go organizations is generally available (GA).
Simplify your onboarding experience with one click provisioning for new Pay-as-you-go organizations, using smart default configurations. To learn more, see Provision Apigee with one click.
Updated pricing attributes in Subscription plans are available.
To get started with subscription plans that include new pricing attributes (consistent with Pay-as-you-go pricing), contact your Google Cloud sales specialist.
For more information, see Apigee Subscription 2024 entitlements. Apigee hybrid is not available in the new subscription plan at this time.
September 19, 2023
On September 19, 2023, we released an updated version of Apigee X (1-11-0-apigee-5).
| Bug ID | Description |
|---|---|
| 296296456 | Implemented fix to ensure that continueOnError is honored in the SpikeArest policy. |
| 229615887 | The flow variable target.scheme is now set consistently with the target server URL. |
| 78106145 | Fixed issue in the RegularExpressionProtection policy to ensure that multiple JSONPaths elements in a JSON payload are checked. |
| 294090782 | Implemented fix to allow the Apigee runtime to connect to a target server using a wildcard CNAME that references a wildcard A record. |
| 285592278 | Fixed issue with deduction of recurring fees from prepaid balances. This note is incorrect; see entry for March 26, 2024. |
| N/A | Upgraded infrastructure and libraries. |
| Bug ID | Description |
|---|---|
| 296506425, 295936113, 295925991, 295688738, 296110120, 281112632 | Security fix for apigee-runtime. This addresses the following vulnerabilities: |
| 287218068 | Fixed security vulnerability to prevent header injection using flow variables. |
August 15, 2023
On August 15, 2023, we released an updated version of Apigee X (1-11-0-apigee-1).
| Bug ID | Description |
|---|---|
| 155498623 | XPaths in maskconfigs now mask values with special characters. |
| 291746838 | Implemented fix to prevent service callouts from overwriting timeouts on clients used by other policies or target endpoints. |
| 274663992 | Fixed issue in AccessControl policy to avoid race condition. |
| 294441215 | Implemented fix to resolve quota count in the Quota policy. |
| 287659763 | Fixed issue causing incorrect target endpoint URLs to display in debug sessions. |
| 283285631 | Fixed issue where base environment debug sessions were not recorded for Pay-as-you-go (updated attributes) organizations. |
| 196216798 | Fixed issue with access to monetization flow variables in the post client flow. |
| N/A | Upgraded infrastructure and libraries. |
| Bug ID | Description |
|---|---|
| 281112632, 294892189 | Security fix for apigee-runtime. This addresses the following vulnerability: |
| 294891556 | Security fix for apigee-emulator, apigee-mock-server, and apigee-runtime. This addresses the following vulnerability: |
| 287207717 | Fixed sandbox bypass vulnerability. |
| 286993631 | Fixed message template injection vulnerability. |
August 14, 2023
On August 14, 2023, we released an updated version of Apigee X.
This release includes a major redesign of the Advanced API Security scores page in the Apigee UI in Cloud console. The Security scores page now:
- Highlights the top recommendations for improving security scores.
- Links directly to the Apigee UI Proxy Editor and Target Server tabs , where you can implement recommended changes to your API proxies and target servers.
August 09, 2023
The Apigee documentation site navigation has been updated to be more consistent with other Google Cloud product documentation sites. The changes include:
August 07, 2023
On August 7, 2023, we released an updated version of Apigee X (1-10-0-apigee-7).
| Bug ID | Description |
|---|---|
| N/A | Upgraded infrastructure and libraries. |
August 03, 2023
On August 3, 2023, we released an updated version of Apigee X.
Previously, Advanced API Security scores didn't evaluate proxies calling shared flows via flow hooks and the FlowCallout policy in the proxy. With this release, security scores take into account proxies calling shared flows this way. As a result, your security scores may change because they now factor in the shared flows in the environment.
July 24, 2023
On July 24, 2023, we released an updated version of Apigee X.
Public preview of Apigee gRPC passthrough
Apigee's new gRPC proxy passthrough functionality provides the ability to create proxies which receive gRPC client requests and pass them through to a gRPC target server.
For information, see Creating gRPC API proxies.
July 21, 2023
On July 21, 2023, we released an updated version of Apigee X.
The Advanced API Security Abuse detection Incident details page now displays unique IP addresses, even if more than one incident corresponds to the same IP address. Previously, the Incident details page could display the same IP address more than once for different incidents.
Also, the Attributes tab of the Incident details page no longer displays the following attributes:
- Top App Key
- Detected Rules
- Top URL
July 20, 2023
On July 20, 2023, we released an updated version of Apigee X (1-10-0-apigee-6).
| Bug ID | Description |
|---|---|
| 290943249 | Fixed latency issue between Istio and runtime container. |
| 205666368 | Fixed issue with default validation of TLS target endpoint certificates. To enable strict SSL on southbound connections to a proxy target endpoint, add the tag For more information about using |
| Bug ID | Description |
|---|---|
| 290709899 | Security fix for apigee-runtime. This addresses the following vulnerability: |
| N/A | Security fixes for apigee-redis and apigee-connect-agent. These address the following vulnerabilities: |
| N/A | Security fixes for apigee-connect-agent. These address the following vulnerabilities: |
July 12, 2023
On July 12, 2023, we released an updated version of Apigee X.
Preview release of non-VPC peering option for Apigee provisioning Apigee now supports a provisioning option that does not require VPC peering. With this approach, you are not required to provide networks and IP ranges during the Apigee provisioning process. Instead, you use Private Service Connect (PSC) for routing northbound traffic to Apigee and southbound traffic to target services running in your Google Cloud projects.
Non-VPC peering is supported for command-line (CLI) provisioning steps only. You can perform non-VPC provisioning for subscription, Pay-as-you-go, and evaluation installations of Apigee.
To learn more, see Apigee networking options.
July 10, 2023
On July 10, 2023, we released an updated version of Apigee X (1-10-0-apigee-5).
| Bug ID | Description |
|---|---|
| 289254725 | Implemented fix to prevent failure of proxy deployments that include the OASValidation policy. |
| N/A | Upgraded infrastructure and libraries. |
| Bug ID | Description |
|---|---|
| 273693152 | Fixed SAMLAssertion policy parsing to limit the number of entities that will be parsed to 10000. Any attempt to parse more than 10000 entities will generate an error. |
| 273695718 | Fixed DataCapture policy to avoid evaluation of external entities during XML parsing for variable collection. |
| 273929507 | Fixed issue with potential Java security bypass in LookupCache policy. Certain objects which implement |
| 273950705 | Fixed issue in PythonScript policy to prevent execution of arbitrary Java code. With this fix, the runtime does not allow execution of python code added to a |
July 06, 2023
On July 6, 2023, we released an updated version of Apigee X.
Preview release of Pay-as-you-go pricing with updated attributes
Apigee is updating its Pay-as-you-go pricing model, making it possible to start using Apigee at a significantly reduced initial cost and right-size ongoing expenses to match precise usage.
To learn how to get started with the updated Pay-as-you-go pricing experience, see Pay-as-you-go (updated attributes) pricing overview.
Preview release of new environment types
Apigee announces the Preview release of three distinct environment types: Base, Intermediate, and Comprehensive. Each environment type offers varying degrees of capabilities and costs; you can tailor pricing to suit your needs.
For more information, see Apigee Pay-as-you-go environment types.
Preview release of standard and extensible API proxies
Apigee announces the Preview release of standard and extensible API proxies, available for use with preview organizations using Pay-as-you-go (updated attributes) pricing.
For more information about standard and extensible API proxies, see API proxy types.
Preview release of new HTTPModifier and ReadPropertySet policies and templating support for message <URL> elements
Apigee announces the Preview release of the HTTPModifier and ReadPropertySet policies.
The HTTPModifier policy can change an existing request or response message and provides a subset of the functionality already available in the AssignMessage policy. See HTTPModifier policy.
The ReadPropertySet policy reads property sets and populates flow variables with the results. See ReadPropertySet policy.
HTTPModifier and ReadPropertySet are standard policies. Proxies built exclusively with standard policies are called standard proxies and can be deployed to any environment type. See Pay-as-you-go (updated attributes) pricing overview.
This release also includes template support for message <URL> elements. See URL templating.
June 27, 2023
On June 27, 2023 we released an updated version of Apigee X.
Public preview of AppGroups
Introduces the concept of AppGroups, which represent a relationship between one or more apps that are managed by the same set of people. For information, see Using AppGroups to organize app ownership.
Note that the purpose of this release is to support upgrades from Apigee Edge customers who used company-apps without monetization; however, it is available to any Apigee X/hybrid customer during the public preview stage.
June 20, 2023
On June 20, 2023, we released an updated version of Apigee X (1-10-0-apigee-4).
| Bug ID | Description |
|---|---|
| 284114575 | Implemented fix to prevent the execution of untrusted code in Apigee policies. |
| 279092925 | Modified Cloud Logging policy to improve runtime performance. |
| 186885918 | Disabled access to external entities in XML parsing. |
| 270764083 | Default expiration for refresh tokens set to 30 days if not explicitly set in the OAuth policy. |
| N/A | Upgraded infrastructure and libraries. |
| Bug ID | Description |
|---|---|
| 273801301 | Security fix for apigee-diagnostics-collector, apigee-mart-server, apigee-runtime, and apigee-synchronizer. This addresses the following vulnerabilities: |
| 281561243 | Security fix for apigee-diagnostics-collector, apigee-mart-server, apigee-runtime, and apigee-synchronizer. This addresses the following vulnerabilities: |
May 17, 2023
On May 17, 2023, we released an updated version of Apigee X (1-10-0-apigee-1).
| Bug ID | Description |
|---|---|
| N/A | Upgraded infrastructure and libraries. |
| 280695936 | Fixed issue with incomplete removal of form parameters when using the <Remove> element in the Assign Message policy to delete headers and form parameters simultaneously. |
| 271217050 | Fixed issue resulting in missing execution records in debug sessions for the JavaCallout policy. |
| 271894110, 273568673, 273571029 | Fix enables support for TLS 1.3 for southbound targets. |
| 271539836 | Fixed intermittent Cloud Logging failures. |
| 277090269 | Fixed encryption of internal proxy chaining headers to avoid proxy invocation misuse. |
| 273561434 | Fixed issue with incomplete debug session information for proxies deployed in the same environment. |
| 158132963 | Improved capture of relevant target flow variables in trace and analytics in the event of target timeouts. |
| 271093461 | Fixed issue with heap exhaustion when using OASValidation policy. |
| 269514256 | Fixed issue causing GoogleTokenGeneration failure. |
| 261924658 | Optimization to reduce latency in Quota policy. |
| 252864240 | Fixed issue to support bot detection with Analytics obfuscation enabled. |
| 222024484 | CORS policy now returns Access-Control-Allow-Credentials header in preflight response when <AllowCredentials> is set to true. |
| 261205290 | Optimization to reduce resource usage on Cassandra connections. |
| 266814873 | Fixed issue with retrieval of environment-scoped KVM entries containing encryption keys with non-UTF-8 characters. |
| 260342163 | Fixed issue causing 100% CPU usage by runtime pod threads under specific circumstances. |
| 273800523, 273800717 | Security fixes for Apigee. The fixes address the following vulnerabilities: |
Fixed issue with incomplete removal of form parameters when using the <Remove> element in the Assign Message policy to delete headers and form parameters simultaneously.
This fix may result in a breaking change for any customer employing an antipattern that attempts to access a form parameter after using the <Remove> element to delete the same form parameter and headers simultaneously in the policy flow.
For more information on the recommended steps for setting and removing form parameters and headers using the Assign Message policy, see the updated documentation for the Assign Message policy examples.
April 26, 2023
Effective May 31, 2023, the default value for the OAuthv2 policy RefreshTokenExpiresIn element has new behavior. Starting May 31, RefreshTokenExpiresIn defaults to 2592000000 ms (30 days) for all policies where this element is not set.
For information on this element, see RefreshTokenExpiresIn.
April 20, 2023
On April 20, 2023 we released an updated version of Apigee.
This release contains a new Advanced API Security Detected Traffic view, which displays information about API traffic originating from detected bots. This information was previously displayed in the Abuse metrics section of the Security scores view.
April 17, 2023
On April 17, 2023, we released an updated version of Apigee X (1-9-0-apigee-25).
| Bug ID | Description |
|---|---|
| N/A | Upgraded infrastructure and libraries. |
April 13, 2023
On April 13, 2023, we released an updated version of Apigee.
New features now supported in Apigee in VS Code for local development
The following features are now supported with Apigee in VS Code for local development as part of the Insiders build (as of v1.22.1-insiders.3):
- Create multi-repository workspaces - Choose individual storage locations for artifacts, such as API proxies that are stored as individual SCMs, but develop them together using a single workspace. You no longer have to create a single repository that contains all of your API proxies. See Understanding the structure of an Apigee multi-repository workspace.
- Use keystore - Introduces a new environment-level setting for creating the required keystores in the Apigee Emulator by using locally available keys. See Configuring the keystrokes (keystores.json).
- Test API proxies that require service accounts (for example, calling a cloud logging process as part of an API proxy flow) - Set up your Apigee Emulators with a service account key to enable service accounts, add policies and targets that rely on service accounts, and deploy the API proxies to the Apigee Emulator to test them. See Customizing the Apigee Emulator to support service account-based authentication.
March 23, 2023
On March 23, 2023, we released an updated version of Apigee.
Public preview release of Advanced API Security abuse detection
Advanced API Security's new abuse detection feature lets you view security incidents involving your APIs. Abuse detection uses Google's machine learning algorithms to detect API traffic patterns that are a sign of malicious activity targeting your APIs.
Abuse detection includes two new types of detection rules powered by machine learning models:
- Advanced Anomaly Detection: Detects unusual patterns of API traffic.
- Advanced API scraper: Detects attempts to extract information from APIs for malicious purposes.
The two new detection rules, Advanced Anomaly Detection and Advanced API Scraper, are not available for organizations with VPC Service Controls. We are actively working to resolve this issue.
March 22, 2023
On March 22, we released an updated version of Apigee X.
Customize SSL certs for access routing when provisioning Apigee Pay-as-you-go organizations.
Users can now select existing self-managed SSL certs when customizing access routing during Apigee Pay-as-you-go provisioning. For more information, see Step 4: Customize access routing .
Receive Cloud console notifications when Pay-as-you-go provisioning completes.
While provisioning is in progress, users can navigate away from the Apigee provisioning page and monitor notifications in the Cloud console for updates when provisioning completes.
March 17, 2023
On March 17, we released an updated version of Apigee X (1-9-0-apigee-23).
With this release we removed certain insecure TLS ciphers for northbound traffic. You can find the full list of supported ciphers in the FIPS build of Envoy.
Note: Apigee only supports the RSA ciphers listed. ECDSA ciphers are not supported.
| Bug ID | Description |
|---|---|
| N/A | Upgraded infrastructure and libraries. |
February 08, 2023
On February 8, we released an updated version of Apigee X (1-9-0-apigee-21).
The VerifyAPIKey policy and the VerifyAccessToken action of the OAuth2 policy now support CacheExpiryInSeconds. Setting this variable enforces TTL on the cache and enables customization of the time period for cached token expiry.
| Bug ID | Description |
|---|---|
| 181569522 | Fixed the environment recreate scenario without manual cleanup. |
| 217173784 | The HMAC.policy-name.error variable is populated for HMAC failing policies. |
| 257268790 | Fixed bug where invalid proxy configuration halted Message Processor boot up. |
| 250638658 | Fixed the SetIntegrationRequest policy that fails if the JSON payload contains {foo}. |
| 265204739 | Set externalTrafficPolicy:local as default for Apigee X instances to mitigate 502 errors. |
| N/A | Upgraded infrastructure and libraries. |
December 08, 2022
On December 8, we released an updated version of Apigee X.
GA release of Simplified Onboarding for Apigee X (Pay-as-you-go) in the Google Cloud console.
With this release, new Apigee customers using Pay-as-you-go pricing can quickly configure Apigee using a simplified onboarding flow accessible from the Google Cloud console.
- The new onboarding UI provides stepped navigation consistent with other products available in the console.
- Apigee X (Pay-as-you-go) provisioning is simplified but remains flexible. Default settings are provided, with the option to customize as needed.
- Improved contextual help streamlines decision-making during onboarding.
See Before you begin and Get started in the Cloud Console for more details on provisioning Apigee X with Pay-as-you-go pricing from the Google Cloud console.
November 18, 2022
On November 18, 2022, we released an updated version of Apigee X (1-9-0-apigee-16).
| Bug ID | Description |
|---|---|
| 257268790 | There is an edge case scenario where an invalid resource or bundle configuration resulting in unhandled exception will result in failure that leads to restart of runtime pods or bootup of new runtime pods. |
November 04, 2022
On November 4, 2022 we released an updated version of Apigee X.
Apigee support for using Private Service Connect (PSC) for client-to-Apigee (northbound) traffic is now GA. In addition, we now support using PSC for northbound routing in multi-region configurations. For details, see Expanding Apigee to multiple regions. See also Northbound networking with Private Service Connect and Migrate northbound routing to Private Service Connect.
October 27, 2022
On October 27, 2022 we released an updated version of Apigee X.
This release contains the General Acceptance (GA) release of Advanced API Security, which:
- Detects unwanted requests sent to your APIs, including attacks by bots or other malicious agents.
- Evaluates the security of your API configurations and provides recommendations for improvements.
Advanced API Security is a paid add-on to Apigee. You can try out Advanced API Security for free in any trial org—follow the procedure described in Enable Advanced API Security. Contact Apigee to learn more.
October 24, 2022
On October 24, 2022, we released an updated version of Apigee X (1-9-0-apigee-5).
Some runtime error messages have been improved with a reason code. To display only the error codes with a reason code, scroll down to Search and type reason. The error catalog filters the view.
| Bug ID | Description |
|---|---|
| 252818300 | Fixed issue with failing web socket connections. |
| 249580739 | This feature introduces a new filter-based mechanism to display API products. |
| 249521773 | Endpoint attachment ID naming convention change. The ID must start with a lowercase letter followed by up to 31 lowercase letters, numbers, or hyphens, and cannot end with a hyphen. The minimum length is 2. See Create an endpoint attachment. |
| 249069616 | Fixed issue where error in DebugSession could interrupt runtime flow. |
| 248631925 | The Developer List API has been enhanced to support pagination in a Google-wide consistent pattern. |
| 247540503 | Race condition with encryption key lookup causing KVM lookup failures. |
| 246774745 | io.timeout.millis not honored, causing 504 Gateway timeout for dynamic targets. |
| 246193561 | Disabling/Destroying of customer cloud KMS key impacted the runtime after 5 minutes and data that was encrypted with the key could not be accessed by Apigee data plane. |
| 241786534 | MART is able to send logs to UDCA successfully now. |
| 240618523 | Dynamically setting target.url now supports websocket protocols (ws and wss) |
| 218567150 | X-request-id headers modified at 14th character. |
| 206879901 | Fixed issue where Response headers were not visible from debug screen. |
| 173566787 | Message Processors behavior is changed. Message Processors will now reuse existing target IP addresses once if DNS resolution fails during DNS cache refresh |
| 159599332 | The flow variable servicecallout.requesturi reflects appropriately if the URI is constructed using multiple variables. |
| N/A | Upgraded infrastructure and libraries |
| Bug ID | Description |
|---|---|
| 204965286 | Security fix for CVE-2022-25647 |
| 193613381 | Security fix for CVE-2021-21290 in netty-transport |
Known issue: 257268790 - Unhandled exception results in failure that leads to restart or bootup of new runtime pods.
October 06, 2022
On October 6, 2022, Apigee announced the GA launch of Cloud Monitoring for Apigee gateway node usage for Pay-as-you-go customers.
The availability of Apigee gateway node usage metrics in Cloud Monitoring enables Pay-as-you-go customers to view node usage, create dashboards, and configure alerting policies using Cloud Monitoring interfaces. For more information, see View usage and estimate your bill.
September 26, 2022
Availability of scripts to recreate Apigee instances created before January 25, 2022.
If you have an Apigee instance that was created before January 25, 2022, Apigee recommends that you replace it with a new instance. If you do not recreate the older instance, you may experience scaling issues and the number of environments you can add to an instance will continue to be limited to 10.
For more information and detailed instructions, see Recreating an Apigee instance with zero downtime
September 14, 2022
On September 14, 2022 we released an updated version of the Apigee X software.
When using local development with Apigee in VS Code, the following pre-release features are available as part of the Insiders build (v1.21.0 and higher):
September 09, 2022
On September 09, 2022, we released an updated version of Apigee X.
With this release, Apigee support for Private Service Connect (PSC) is GA. PSC allows you to privately connect Apigee to target services running across VPC networks in addition to the peered network. For more information, see Southbound networking patterns.
August 30, 2022
On August 30, 2022, Apigee announced the GA launch of Pay-as-you-go pricing, a consumption-based model for Google's Apigee Platform.
When you use Pay-as-you-go pricing for Apigee, you are charged for the following:
- The number of Apigee gateway nodes in the Apigee organization
- The number of API requests processed by Apigee Analytics services
- The amount of network usage
For more information, see the Pay-as-you-go overview and the Pay-as-you-go Example pricing.
With this release, the Apigee Pay-as-you-go pricing model includes a maximum Apigee gateway node count of 1,000 across all environments in a region.
August 22, 2022
On August 22, 2022, we released an updated version of Apigee X (1-8-0-apigee-33).
| Bug ID | Description |
|---|---|
| N/A | Upgraded infrastructure and libraries |
Value of io.timeout.millis is not honored when used with multiple dynamic targets.
If a proxy sets two or more io.timeout.millis values in two or more flows using the same target host, only one io.timeout.millis value is honored.
August 11, 2022
On August 11, 2022 we released an updated version of Apigee X.
This release contains the new Abuse page in Advanced API Security, which displays information about bots that have been detected by analysis of your API traffic. The Abuse page displays the IP addresses of detected bots, as well as their locations, the bot rules that led to their detection, and other details.
July 25, 2022
On July 25, 2022, we released an updated version of Apigee X (1-8-0-apigee-23).
| Bug ID | Description |
|---|---|
| N/A | Upgraded infrastructure and libraries |
July 21, 2022
On July 21, 2022 we released an updated version of Apigee X.
The Advanced API Security's target assessment, which evaluates the security of target servers in your API, is now available. See Security scores in the Apigee UI to learn more.
June 30, 2022
On June 30, 2022 we released an updated version of Apigee X.
This release contains the Public Preview of Advanced API Security, which protects your APIs from unwanted requests, including attacks by malicious clients such as bots, and evaluates the security level of your API configurations.
Advanced API Security lets you:
- Create security reports to detect bots and other threats to your APIs.
- View security scores, which rate the security of your APIs and provide recommendations for improving security.
June 21, 2022
On June 21, 2022, we released an updated version of Apigee X (1-8-0-apigee-18).
| Bug ID | Description |
|---|---|
| 234355351 | Fixed issue with message processor pods restarting frequently. Added backoff polling task for Cloud KMS key listener. The listener is paused only when the flush policy is met. |
| N/A | Upgraded infrastructure and libraries. |
June 02, 2022
On June 2, 2022, we released an updated version of Apigee X.
Apigee X APIs for managing key value entries in a key value map scoped to an organization, environment, or API proxy are now available. For more information, see the Apigee API reference documentation.
May 23, 2022
On May 23, 2022, we released an updated version of Apigee X (1-8-0-apigee-9).
| Bug ID | Description |
|---|---|
| N/A | Upgraded infrastructure and libraries |
May 09, 2022
On May 9, 2022 we released an updated version of the Apigee X software (1-8-0-apigee-5).
The GoogleIDToken.Audience tag now includes the useTargetUrl attribute to simplify audience configuration of Google ID tokens for Apigee policies.
| Bug ID | Description |
|---|---|
| 221292104 | Fix to address failure to capture requests in Debug sessions involving PostClientFlow ServiceCallouts. |
| 228855520 | Upgraded ASM to the latest version. |
| Bug ID | Description |
|---|---|
| 217497793 | A security issue was addressed. |
April 22, 2022
On April 22, 2022 we released an updated version of the Apigee X software (1-7-0-apigee-34).
| Bug ID | Description |
|---|---|
| N/A | Upgraded infrastructure and libraries |
March 31, 2022
On March 31, 2022, we released an updated version of Apigee X.
You can now use Private Service Connect (PSC) to connect to Apigee. This architectural pattern eliminates the need to create managed instance groups to forward requests from the global load balancer to Apigee. For details, see Using Private Service Connect.
March 29, 2022
On March 29, 2022, we released an updated version of Apigee X (1-7-0-apigee-28).
| Bug ID | Description |
|---|---|
| N/A | Upgraded infrastructure and libraries |
March 28, 2022
On March 28, 2022 we released an updated version of Apigee X.
You can now use Private Service Connect (PSC) to connect Apigee with backend target services running in VPC networks other than the one that is peered with your Apigee organization. For details, see Southbound networking patterns.
March 22, 2022
On March 22, 2022, we released an updated version of the Apigee X software.
Support for conditions in IAM policies
You can add resource conditions in your IAM policies. A resource condition lets you have granular control over your Apigee resources. For more information, see Adding resource conditions in IAM policies.
March 15, 2022
On March15, we released version 1.7x of Apigee X (1-7-0-apigee-22).
GraphQL policy now supports JSON-encoded payloads.
KVM pagination support now available (via the API only).
Note: When using the GraphQL policy, you can only provide one graphQL schema for verification in an environment.
| Bug ID | Description |
|---|---|
| 209622008 | Dynamic updates to rate in spike arrest are now reflected immediately. |
| 219523719 | Fix to address CPU and memory consumption when debug-session is enabled with response-status as the filtering criteria. |
March 03, 2022
On March 3, 2022, we released new features for the Public Preview of configurable API proxies. To learn more, see Introduction to configurable API proxies.
HTTP request transforms are now available for use with configurable API proxies.
With HTTP request transforms, configurable API proxy developers can quickly rewrite HTTP request paths, header, and query parameters using HTTP Request Transforms. Rewriting is enabled using a simple configuration that can reference incoming path template segments, header values, or query parameter values.
For more information, see HTTP request transforms for configurable proxies.
Google authentication for securing targets is now supported when using configurable API proxies.
With this feature, configurable API proxy developers can secure their Google backend services using Google OAuth and automatically grant access to authorized API consumers. This offers the advantage of seamless integration with other Google services, without requiring API producers to manage private keys.
For more information, see Securing targets for configurable proxies.
Southbound mTLS can be enabled for use with configurable API proxies .
By adding south bound mTLS functionality to configurable proxies, Apigee customers can seamlessly maintain their current usage of mTLS when transitioning to the use of configurable proxies, or increase security for communications between existing configurable proxies and their backends.
For more information, see Enable south bound mTLS for configurable proxies.
Configurable API proxies now support the use of template variables.
Apigee property sets can be used to specify template variables for configurable API proxies in archive deployments. This feature enables customers to use string templates in their proxy configuration YAML files.
For more information, see Template variables for configurable proxies.
February 15, 2022
On February 15, 2022 we released an updated version of the Apigee X software.
Backend target routing with Private Service Connect
You can now use Private Service Connect (PSC) to connect Apigee with backend target services running in VPC networks other than the one that is peered with your Apigee organization. For details, see Southbound networking patterns.
February 08, 2022
On February 8, 2022 we released an updated version of the Apigee X software.
| Bug ID | Description |
|---|---|
| N/A | Upgraded infrastructure and libraries |
January 28, 2022
On January 28, 2022 we released an updated version of the Apigee X software.
UI updates for service networking and instance creation
UI updates were made to support changes to network IP CIDR range requirements for service networking and instance creation. These changes simplify Apigee provisioning.
January 24, 2022
On January 24, 2022 we released an updated version of the Apigee X software.
Reduce the IP range required to peer your VPC network
The required IP range needed to peer your VPC network to the Apigee network is now limited to a non-overlapping CIDR range of /22. This change simplifies Apigee provisioning. Note that the provisioning step for service network configuration has been updated to reflect this change. For more information, see Understanding peering ranges.