Maintained with ☕️ by
IcePanel logo
StackFeed logo
Google Cloud Platform logo
Original post

We released an updated version of the Apigee hybrid software, 1.12.4

Share

Services

## Announcement ### hybrid v1.12.4 On March 1, 2025 we released an updated version of the Apigee hybrid software, 1.12.4. This release enhances the security posture within the [JavaCallout](https://cloud.google.com/apigee/docs/api-platform/reference/policies/java-callout-policy) and [PythonScript](https://cloud.google.com/apigee/docs/api-platform/reference/policies/python-script-policy) policies. This release does not include any new features or general bug fixes. * For information on upgrading, see [Upgrading Apigee hybrid to version 1.12](https://cloud.google.com/apigee/docs/hybrid/v1.12/upgrade). * For information on new installations, see [The big picture](https://cloud.google.com/apigee/docs/hybrid/v1.12/big-picture). * For recommended actions after upgrading, see [Validate policies after upgrade to 1.12.4](https://cloud.google.com/apigee/docs/hybrid/v1.12/upgrade#recommended-actions-upgrade-1124). ## Fix | Bug ID | Description | | ---------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **390258745**, **388608440** | **Any left over Cassandra snapshots are automatically removed. This fixes [known issue 388608440](https://cloud.google.com/apigee/docs/release/known-issues#388608440).** | ## Security **Stricter class instantiation checks included in this release.** JavaCallout policy now includes additional security during Java class instantiation. The enhanced security measure prevents the deployment of policies that directly or indirectly attempt actions that require permissions that are not allowed. In most cases, existing policies will continue to function as expected without any issues. However, there is a possibility that policies relying on third-party libraries, or those with custom code that indirectly triggers operations requiring elevated permissions, could be affected. To test your installation, follow the procedure in [Validate policies after upgrade to 1.12.4](https://cloud.google.com/apigee/docs/hybrid/v1.12/upgrade#recommended-actions-upgrade-1124) to validate policy behavior. | Bug ID | Description | | ------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | **391923260** | **Security fixes for apigee-watcher.** This addresses the following vulnerabilities: [CVE-2024-24789](https://nvd.nist.gov/vuln/detail/CVE-2024-24789) [CVE-2024-45337](https://nvd.nist.gov/vuln/detail/CVE-2024-45337) [CVE-2024-45338](https://nvd.nist.gov/vuln/detail/CVE-2024-45338) [CVE-2024-24790](https://nvd.nist.gov/vuln/detail/CVE-2024-24790) [CVE-2022-23635](https://nvd.nist.gov/vuln/detail/CVE-2022-23635) [CVE-2022-31045](https://nvd.nist.gov/vuln/detail/CVE-2022-31045) [CVE-2021-39156](https://nvd.nist.gov/vuln/detail/CVE-2021-39156) [CVE-2021-39155](https://nvd.nist.gov/vuln/detail/CVE-2021-39155) [CVE-2019-14993](https://nvd.nist.gov/vuln/detail/CVE-2019-14993) | | **385394193**, **383850393**, **383778273** | **Security fixes for apigee-cassandra-backup-utility, apigee-cassandra-client, and apigee-hybrid-cassandra.** This addresses the following vulnerabilities: [CVE-2024-0727](https://nvd.nist.gov/vuln/detail/CVE-2024-0727) [CVE-2023-5678](https://nvd.nist.gov/vuln/detail/CVE-2023-5678) [CVE-2022-3715](https://nvd.nist.gov/vuln/detail/CVE-2022-3715) | | **382967738** | **Fixed a vulnerability in PythonScript policy.** | | **365178914** | **Security fixes for apigee-cassandra-backup-utility and apigee-hybrid-cassandra.** This addresses the following vulnerability: [CVE-2023-37920](https://nvd.nist.gov/vuln/detail/CVE-2023-37920) | | **N/A** | **Security fixes for apigee-fluent-bit.** This addresses the following vulnerability: [CVE-2024-10979](https://nvd.nist.gov/vuln/detail/CVE-2024-10979) | | **N/A** | **Security fixes for apigee-kube-rbac-proxy.** This addresses the following vulnerabilities: [CVE-2024-24790](https://nvd.nist.gov/vuln/detail/CVE-2024-24790) [CVE-2019-9192](https://nvd.nist.gov/vuln/detail/CVE-2019-9192) [CVE-2019-1010023](https://nvd.nist.gov/vuln/detail/CVE-2019-1010023) [CVE-2019-1010022](https://nvd.nist.gov/vuln/detail/CVE-2019-1010022) [CVE-2018-20796](https://nvd.nist.gov/vuln/detail/CVE-2018-20796) | | **N/A** | **Security fixes for apigee-fluent-bit.** This addresses the following vulnerability: [CVE-2024-10979](https://nvd.nist.gov/vuln/detail/CVE-2024-10979) | | **N/A** | **Security fixes for apigee-kube-rbac-proxy.** This addresses the following vulnerabilities: [CVE-2024-24790](https://nvd.nist.gov/vuln/detail/CVE-2024-24790) [CVE-2019-9192](https://nvd.nist.gov/vuln/detail/CVE-2019-9192) [CVE-2019-1010023](https://nvd.nist.gov/vuln/detail/CVE-2019-1010023) [CVE-2019-1010022](https://nvd.nist.gov/vuln/detail/CVE-2019-1010022) [CVE-2018-20796](https://nvd.nist.gov/vuln/detail/CVE-2018-20796) | | **N/A** | **Security fixes for apigee-mint-task-scheduler.** This addresses the following vulnerability: [CVE-2024-47535](https://nvd.nist.gov/vuln/detail/CVE-2024-47535) | | **N/A** | **Security fixes for apigee-open-telemetry-collector.** This addresses the following vulnerability: [CVE-2024-36129](https://nvd.nist.gov/vuln/detail/CVE-2024-36129) | | **N/A** | **Security fixes for apigee-udca.** This addresses the following vulnerability: [CVE-2024-24790](https://nvd.nist.gov/vuln/detail/CVE-2024-24790) | ## Announcement ### hybrid v1.13.3 On March 1, 2025 we released an updated version of the Apigee hybrid software, 1.13.3. This release enhances the security posture within the [JavaCallout](https://cloud.google.com/apigee/docs/api-platform/reference/policies/java-callout-policy) and [PythonScript](https://cloud.google.com/apigee/docs/api-platform/reference/policies/python-script-policy) policies. This release does not include any new features or general bug fixes. * For information on upgrading, see [Upgrading Apigee hybrid to version 1.13](https://cloud.google.com/apigee/docs/hybrid/v1.13/upgrade). * For information on new installations, see [The big picture](https://cloud.google.com/apigee/docs/hybrid/v1.13/big-picture). * For recommended actions after upgrading, see [Validate policies after upgrade to 1.13.3](https://cloud.google.com/apigee/docs/hybrid/v1.13/upgrade#recommended-actions-upgrade-1133). ## Fix | Bug ID | Description | | ---------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **396886110** | **Fixed a bug where the HPA max replicas could be lower than min.** | | **391861216** | **Restore for GCP and HYBRID Cloud Providers no longer affects system keyspaces. This fixes [Known Issue 391861216](https://cloud.google.com/apigee/docs/release/known-issues#391861216).** | | **390258745**, **388608440** | **Any left over Cassandra snapshots are automatically removed. This fixes [known issue 388608440](https://cloud.google.com/apigee/docs/release/known-issues#388608440).** | | **383441226** | **Added the following metrics configuration properties:** [metrics.adapter.resources.limits.cpu](https://cloud.google.com/apigee/docs/hybrid/v1.13/config-prop-ref#metrics-adapter-resources-limits-cpu) [metrics.adapter.resources.limits.memory](https://cloud.google.com/apigee/docs/hybrid/v1.13/config-prop-ref#metrics-adapter-resources-limits-memory) [metrics.adapter.resources.requests.cpu](https://cloud.google.com/apigee/docs/hybrid/v1.13/config-prop-ref#metrics-adapter-resources-requests-cpu) [metrics.adapter.resources.requests.memory](https://cloud.google.com/apigee/docs/hybrid/v1.13/config-prop-ref#metrics-adapter-resources-requests-memory) [metrics.prometheus.resources.limits.cpu](https://cloud.google.com/apigee/docs/hybrid/v1.13/config-prop-ref#metrics-prometheus-resources-limits-cpu) [metrics.prometheus.resources.limits.memory](https://cloud.google.com/apigee/docs/hybrid/v1.13/config-prop-ref#metrics-prometheus-resources-limits-memory) [metrics.prometheus.resources.requests.cpu](https://cloud.google.com/apigee/docs/hybrid/v1.13/config-prop-ref#metrics-prometheus-resources-requests-cpu) [metrics.prometheus.resources.requests.memory](https://cloud.google.com/apigee/docs/hybrid/v1.13/config-prop-ref#metrics-prometheus-resources-requests-memory) | ## Security **Stricter class instantiation checks included in this release.** JavaCallout policy now includes additional security during Java class instantiation. The enhanced security measure prevents the deployment of policies that directly or indirectly attempt actions that require permissions that are not allowed. In most cases, existing policies will continue to function as expected without any issues. However, there is a possibility that policies relying on third-party libraries, or those with custom code that indirectly triggers operations requiring elevated permissions, could be affected. To test your installation, follow the procedure in [Validate policies after upgrade to 1.13.3](https://cloud.google.com/apigee/docs/hybrid/v1.13/upgrade#recommended-actions-upgrade-1133) to validate policy behavior. | Bug ID | Description | | ------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **385394193**, **383850393**, **383778273** | **Security fixes for apigee-cassandra-backup-utility, apigee-cassandra-client, and apigee-hybrid-cassandra.** This addresses the following vulnerabilities: [CVE-2024-0727](https://nvd.nist.gov/vuln/detail/CVE-2024-0727) [CVE-2023-5678](https://nvd.nist.gov/vuln/detail/CVE-2023-5678) [CVE-2022-3715](https://nvd.nist.gov/vuln/detail/CVE-2022-3715) | | **382967738** | **Fixed a vulnerability in PythonScript policy.** | | **N/A** | **Security fixes for apigee-envoy.** This addresses the following vulnerability: [CVE-2019-1010024](https://nvd.nist.gov/vuln/detail/CVE-2019-1010024) | | **N/A** | **Security fixes for apigee-fluent-bit.** This addresses the following vulnerability: [CVE-2024-10979](https://nvd.nist.gov/vuln/detail/CVE-2024-10979) | | **N/A** | **Security fixes for apigee-mint-task-scheduler.** This addresses the following vulnerabilities: [CVE-2025-24970](https://nvd.nist.gov/vuln/detail/CVE-2025-24970) [CVE-2024-47535](https://nvd.nist.gov/vuln/detail/CVE-2024-47535) | | **N/A** | **Security fixes for apigee-open-telemetry-collector.** This addresses the following vulnerability: [CVE-2024-45338](https://nvd.nist.gov/vuln/detail/CVE-2024-45338) | | **N/A** | **Security fixes for apigee-redis.** This addresses the following vulnerabilities: [CVE-2022-24834](https://nvd.nist.gov/vuln/detail/CVE-2022-24834) [CVE-2022-24735](https://nvd.nist.gov/vuln/detail/CVE-2022-24735) | | **N/A** | **Security fixes for livenessprobe.** This addresses the following vulnerability: [CVE-2023-45288](https://nvd.nist.gov/vuln/detail/CVE-2023-45288) | ## Announcement ### hybrid v1.14.1 On March 1, 2025 we released an updated version of the Apigee hybrid software, 1.14.1. This release enhances the security posture within the [JavaCallout](https://cloud.google.com/apigee/docs/api-platform/reference/policies/java-callout-policy) and [PythonScript](https://cloud.google.com/apigee/docs/api-platform/reference/policies/python-script-policy) policies. This release does not include any new features or general bug fixes. * For information on upgrading, see [Upgrading Apigee hybrid to version 1.14](https://cloud.google.com/apigee/docs/hybrid/v1.14/upgrade). * For information on new installations, see [The big picture](https://cloud.google.com/apigee/docs/hybrid/v1.14/big-picture). * For recommended actions after upgrading, see [Validate policies after upgrade to 1.14.1](https://cloud.google.com/apigee/docs/hybrid/v1.14/upgrade#recommended-actions-upgrade-1141). ## Fix | Bug ID | Description | | ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **396886110** | **Fixed a bug where the HPA max replicas could be lower than min.** | | **392547038** | **Add Helm chart template checks for non-existent environments and virtualhosts.** | | **391861216** | **Restore for GCP and HYBRID Cloud Providers no longer affects system keyspaces. This fixes [Known Issue 391861216](https://cloud.google.com/apigee/docs/release/known-issues#391861216).** | | **383441226** | **Added the following metrics configuration properties:** [metrics.adapter.resources.limits.cpu](https://cloud.google.com/apigee/docs/hybrid/v1.14/config-prop-ref#metrics-adapter-resources-limits-cpu) [metrics.adapter.resources.limits.memory](https://cloud.google.com/apigee/docs/hybrid/v1.14/config-prop-ref#metrics-adapter-resources-limits-memory) [metrics.adapter.resources.requests.cpu](https://cloud.google.com/apigee/docs/hybrid/v1.14/config-prop-ref#metrics-adapter-resources-requests-cpu) [metrics.adapter.resources.requests.memory](https://cloud.google.com/apigee/docs/hybrid/v1.14/config-prop-ref#metrics-adapter-resources-requests-memory) [metrics.prometheus.resources.limits.cpu](https://cloud.google.com/apigee/docs/hybrid/v1.14/config-prop-ref#metrics-prometheus-resources-limits-cpu) [metrics.prometheus.resources.limits.memory](https://cloud.google.com/apigee/docs/hybrid/v1.14/config-prop-ref#metrics-prometheus-resources-limits-memory) [metrics.prometheus.resources.requests.cpu](https://cloud.google.com/apigee/docs/hybrid/v1.14/config-prop-ref#metrics-prometheus-resources-requests-cpu) [metrics.prometheus.resources.requests.memory](https://cloud.google.com/apigee/docs/hybrid/v1.14/config-prop-ref#metrics-prometheus-resources-requests-memory) | ## Security **Stricter class instantiation checks included in this release.** JavaCallout policy now includes additional security during Java class instantiation. The enhanced security measure prevents the deployment of policies that directly or indirectly attempt actions that require permissions that are not allowed. In most cases, existing policies will continue to function as expected without any issues. However, there is a possibility that policies relying on third-party libraries, or those with custom code that indirectly triggers operations requiring elevated permissions, could be affected. To test your installation, follow the procedure in [Validate policies after upgrade to 1.14.1](https://cloud.google.com/apigee/docs/hybrid/v1.14/upgrade#recommended-actions-upgrade-1141) to validate policy behavior. | Bug ID | Description | | ------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **385394193**, **383850393**, **383778273** | **Security fixes for apigee-cassandra-backup-utility, apigee-cassandra-client, and apigee-hybrid-cassandra.** This addresses the following vulnerabilities: [CVE-2024-0727](https://nvd.nist.gov/vuln/detail/CVE-2024-0727) [CVE-2023-5678](https://nvd.nist.gov/vuln/detail/CVE-2023-5678) [CVE-2022-3715](https://nvd.nist.gov/vuln/detail/CVE-2022-3715) | | **383113773, 382967738** | **Fixed a vulnerability in PythonScript policy.** | | **365178914** | **Security fixes for apigee-cassandra-backup-utility and apigee-hybrid-cassandra.** This addresses the following vulnerability: [CVE-2023-37920](https://nvd.nist.gov/vuln/detail/CVE-2023-37920) | | **N/A** | **Security fixes for apigee-asm-istiod.** This addresses the following vulnerability: [CVE-2024-45338](https://nvd.nist.gov/vuln/detail/CVE-2024-45338) | | **N/A** | **Security fixes for apigee-hybrid-cassandra.** This addresses the following vulnerability: [CVE-2023-37920](https://nvd.nist.gov/vuln/detail/CVE-2023-37920) | | **N/A** | **Security fixes for apigee-mint-task-scheduler.** This addresses the following vulnerabilities: [CVE-2025-24970](https://nvd.nist.gov/vuln/detail/CVE-2025-24970) [CVE-2024-47535](https://nvd.nist.gov/vuln/detail/CVE-2024-47535) | | **N/A** | **Security fixes for apigee-open-telemetry-collector.** This addresses the following vulnerability: [CVE-2024-45338](https://nvd.nist.gov/vuln/detail/CVE-2024-45338) | | **N/A** | **Security fixes for apigee-prometheus-adapter.** This addresses the following vulnerabilities: [CVE-2024-45338](https://nvd.nist.gov/vuln/detail/CVE-2024-45338) [CVE-2024-45337](https://nvd.nist.gov/vuln/detail/CVE-2024-45337) |

What else is happening at Google Cloud Platform?

Google Cloud Platform logo

Performing an in-place major version upgrade of your AlloyDB cluster is generally available (GA)

about 3 hours ago

Share
Google Cloud Platform logo

You can now use PITR to restore a Cloud SQL for MySQL instance that isn't available

about 17 hours ago

Share
Google Cloud Platform logo

Container Registry is now shut down. We recommend that you use Artifact Registry for storing and managing container images

about 21 hours ago

Share
Google Cloud Platform logo

Container Registry is now shut down. We recommend that you use Artifact Registry for storing and managing container images

about 21 hours ago

Share
Google Cloud Platform logo

Container Registry is now shut down. We recommend that you use Artifact Registry for storing and managing container images

about 21 hours ago

Share
Google Cloud Platform logo

Container Registry is now shut down. We recommend that you use Artifact Registry for storing and managing container images

about 21 hours ago

Share