Apigee Release Schedule

Apigee Edge: Tue-Thu 12am to 4am in Singapore, Central European, and US Eastern time zones (learn more)

Read the release notes to learn what is new.

In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.
May 10, 21:30 PDT
Scheduled - We have an Apigee Edge Router release window scheduled from 09:30 PM (PST) Tue May 10, 2022 to address a Security fix. The releases are rolled out in phases based on regions. This release is not expected to cause any interruption to Apigee Edge.

There are no functional updates made to Apigee Edge in this release, you will not see any new release notes for this rollout.
Update - Services continue to look good post restoration. Resolving this incident.
May 7, 09:04 PDT
Monitoring - A fix has been implemented and we are monitoring the results.
May 6, 06:59 PDT
Investigating - We are currently investigating intermittent datastore errors affecting subset of customers in us-central1.
May 6, 05:18 PDT
Update - Services continue to look good post restoration. Resolving this incident.
May 7, 09:03 PDT
Monitoring - A fix has been implemented and we are monitoring the results.
May 6, 06:59 PDT
Investigating - We are investigating errors with Apigee Analytics report jobs.
May 6, 05:30 PDT
Update - Log4j v1.x:
We are aware of the recent upgrade to CVE-2021-4104 which affects versions of Log4j 1 which are used on Apigee Edge and OPDK. This CVE requires a specific configuration of Log4j 1 which Apigee Edge does not use and which Apigee OPDK does not ship as a default configuration.

User Supplied Log4j 1 Java Callouts
Apigee SaaS (X and Edge):
Customers can upload vulnerable configurations of Log4j 1 in their custom resources, but CVE-2021-4104 is mitigated due to Java Security Manager restrictions.

Apigee OPDK and Hybrid
Users should upgrade all of their custom resources of Log4j to the latest version.
Users can mitigate uploaded vulnerable versions of Log4j 1 in Hybrid and OPDK by enabling a custom java callout security policy:
Hybrid: https://cloud.google.com/apigee/docs/api-platform/develop/adding-custom-java-callout-security-policy
OPDK: https://docs.apigee.com/api-platform/reference/java-permission-reference
Dec 17, 10:40 PST
Monitoring - Updated December 15, 2021 15:22 PST

Google Apigee is actively following the security vulnerability in the open-source Apache “Log4j 2" utility (CVE-2021-44228 and CVE-2021-45046). We encourage you to update to the latest version of Log4j 2. We are currently assessing the potential impact of the vulnerability for Apigee products and services. This is an ongoing event and we will continue to provide updates through this page and our customer communications channels.

Background: The Apache Log4j 2 utility is a commonly used component for logging requests. On December 9, 2021, a vulnerability was reported that could allow a system running Apache Log4j 2 version 2.14.1 or below to be compromised and allow an attacker to execute arbitrary code.

On December 10, 2021, NIST published a critical Common Vulnerabilities and Exposure alert, CVE-2021-44228. More specifically, Java Naming Directory Interface (JNDI) features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from remote servers when message lookup substitution is enabled.

==== Platform ====

Apigee X:
Apigee X does not use Log4j 2.

Apigee Hybrid:
Current supported versions of Hybrid do not use Log4j 2.
Unsupported versions of Hybrid used Log4j 1.x, but it is not included in any of the currently supported versions. Customers on Hybrid 1.4 or lower are unaffected by this CVE but should still upgrade to a supported version.

Apigee Edge:
Apigee Edge’s default configuration contained Log4j 2 but was not vulnerable to Log4j 2 (CVE-2021-44228).

Apigee OPDK:
Apigee OPDK’s default configuration contained Log4j 2 but was not vulnerable to Log4j 2 (CVE-2021-44228).
The service “apigee-machinekey” includes Log4j 2 and does not process any user-provided input. It is not susceptible to the vulnerability CVE-2021-44228.


==== User Supplied Log4j 2 Instances ====


Apigee SaaS (X and Edge):
Customers can upload vulnerable versions of Log4j 2 in their custom resources, but CVE-2021-4228 is mitigated due to Java Security Manager restrictions.

Apigee Hybrid and OPDK:
Users can mitigate uploaded vulnerable versions of Log4j 2 in Hybrid and OPDK by enabling a custom java callout security policy:
Hybrid: https://cloud.google.com/apigee/docs/api-platform/develop/adding-custom-java-callout-security-policy
OPDK:
https://docs.apigee.com/api-platform/reference/java-permission-reference


==== Versions Updates ====

Log4j v1.x:
Apigee Edge and Apigee OPDK contain Log4j 1.x and Log4j 2.x libraries. Log4j 1 is not part of this particular assessment.
All instances of Log4j 1 will be upgraded across all Apigee products in upcoming releases to the latest version of Log4j 2. Upgrades to SaaS services and releases for OPDK are expected in January.

==== More Information ====

Information on this page is based on findings in our ongoing investigations.

Please see these helpful articles published to the Apigee Community:

How to Detect Network Probes on Traversing Your Apigee Proxies-
https://www.googlecloudcommunity.com/gc/Apigee/Detecting-Attempts-to-Exploit-Log4j-CVE-2021-44228-on-Apigee/td-p/178123

How To Mitigate Log4Jv2 Attacks CVE-2021-44228 Traversing Apigee Proxies -
https://www.googlecloudcommunity.com/gc/Apigee/How-To-Block-requests-that-exploit-Log4j-CVE-2021-44228-on/td-p/178138
Dec 14, 09:04 PST
Monitoring - A fix has been implemented and we are monitoring the results.
Dec 21, 06:19 PST
Identified - The issue has been identified and a fix is being implemented.
Dec 21, 06:09 PST
Investigating - We are currently aware of an issue with our Management APIs resulting in "Bad Gateway Error", and are working internally to identify the cause and fix the issue.
Dec 21, 04:31 PST
API Services ? Under Maintenance
Management Services UI ? Operational
Management Services API ? Operational
Analytics Services ? Operational
Developer Services ? Operational
Apigee Edge (Developer Edition) ? Operational
API Exchange Operational
Apigee Login and Single Sign-On Operational
Apigee Sense Operational
Edge Private Cloud ? Operational
Edge Private Cloud - API Platform Operational
Edge Private Cloud - Developer Portal Operational
Edge Private Cloud - API BaaS Operational
Edge Private Cloud - Developer Services ? Operational
Developer Portal Operational
Integrated Operational
Drupal-based (alternative) Operational
Community Operational
90 days ago
100.0 % uptime
Today
Apigee Community ? Operational
90 days ago
100.0 % uptime
Today
Monitoring Operational
90 days ago
100.0 % uptime
Today
API Monitoring Operational
90 days ago
100.0 % uptime
Today
Adapter for Envoy ? Operational
90 days ago
100.0 % uptime
Today
Apigee Monetization Operational
90 days ago
100.0 % uptime
Today
Operational
Degraded Performance
Partial Outage
Major Outage
Maintenance
Major outage
Partial outage
No downtime recorded on this day.
No data exists for this day.
had a major outage.
had a partial outage.
Past Incidents
May 16, 2022

No incidents reported today.

May 15, 2022

No incidents reported.

May 14, 2022

No incidents reported.

May 13, 2022
Completed - The scheduled maintenance has been completed.
May 13, 10:06 PDT
In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.
May 13, 10:04 PDT
Scheduled - The release notes are available here: http://docs.apigee.com/release-notes/content/apigee-release-notes

For Apigee Cloud customers -
Cloud customers hosted on Pantheon should apply updates to their site using the Pantheon dashboard:
http://apigee.com/docs/developer-services/content/working-pantheon#maintainyoursite-applyanapigeeupdatetothedeveloperservicesportal

and make sure all environments have been patched using the standard workflow:
http://helpdesk.getpantheon.com/customer/portal/articles/383609-using-the-pantheon-workflow

For Apigee Private Cloud customers -
Apigee Private Cloud customers should make sure their systems are following Drupal security advisories: https://www.drupal.org/security

Follow the following process to update Drupal core and contributed modules: https://docs.apigee.com/private-cloud/v4.50.00/portal-upgrading-drupal

---
This notification has been sent to anyone subscribed to "Drupal-based (alternative)", if you you do not want to receive notifications about Developer Portal please click the "manage your subscription" link in the notification email footer to modify your subscription choices.
May 13, 10:03 PDT
May 12, 2022

No incidents reported.

May 11, 2022

No incidents reported.

May 10, 2022

Unresolved incident: Apigee Edge Router scheduled Release starting from 09:30 PM (PST) Tue May 10, 2022 to address a Security fix..

May 9, 2022

No incidents reported.

May 8, 2022

No incidents reported.

May 7, 2022

Unresolved incidents: Errors in Apigee Analytics report jobs, Intermittent Datastore errors in us-central1 region.

May 6, 2022
May 5, 2022
Resolved - This incident has been resolved.
May 5, 20:56 PDT
Monitoring - A fix has been implemented and we are monitoring the results.
May 5, 19:05 PDT
Identified - The issue has been identified and a fix has been implemented.
May 5, 17:45 PDT
Update - After further investigation, this issue is not limited to SAML enabled orgs. All of the right resources are engaged to identify and solve this issue. We'll provide an update as soon as one becomes available. Thanks again for your patience and understanding.
May 5, 17:35 PDT
Update - The Apigee team continues to investigate this issue which seems to impact SAML enabled orgs. The troubleshooting is progressing but unfortunately we do not have an ETA as this time. We do apologize for the delay in solving this issue.
May 5, 15:38 PDT
Update - We've done a partial rollback of a change in US East as a mitigating action but hasn't solved the problem. The Apigee team continues to work this critical incident, and will provide an update shortly. This issue is impacting administrative access to the Edge UI for some users, and should not be impacting runtime traffic. We apologize for this inconvenience, and appreciate your patience!
May 5, 13:35 PDT
Investigating - Users of the Apigee Edge UI and Apigee Management APIs may receive error messages accessing certain product areas.

Apigee teams are actively working to correct these errors.
May 5, 12:17 PDT
May 4, 2022
Completed - The scheduled maintenance has been completed.
May 4, 10:34 PDT
In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.
Apr 28, 08:30 PDT
Update - We will be undergoing scheduled maintenance during this time.
Apr 27, 19:17 PDT
Scheduled - We have an Apigee Edge Management Server release window scheduled from 08:30 AM (PST) Thursday Apr 28, 2022. The releases are rolled out in phases by regions. This release is not expected to cause any interruption to Apigee Edge.

Release notes :
https://docs.apigee.com/release/notes/220314-apigee-edge-public-cloud-release-notes
Apr 27, 15:33 PDT
May 3, 2022

No incidents reported.

May 2, 2022

No incidents reported.