We released an updated version of Apigee. Announcing data collectors data residency (DRZ) compliance for Apigee and Apigee hybrid

## Announcement On April 14, 2025 we released an updated version of Apigee. ## Feature **Announcing data collectors data residency (DRZ) compliance for Apigee and Apigee hybrid.** Data collectors can be used with data residency for Subscription and Pay-as-you-go organizations and hybrid versions 1.14.0 and later. See [Data residency compatibility](https://cloud.google.com/apigee/docs/api-platform/get-started/drz-concepts#data-residency-compatibility) for information. ## Announcement ### hybrid 1.11.2-hotfix.3 On April 14, 2025 we released an updated version of the Apigee hybrid software, 1.11.2-hotfix.3. #### Apply this hotfix with the following steps: 1. In your overrides file, update the `image.url` and `image.tag` properties of `ao` and `runtime`: ``` runtime: image: url: "gcr.io/apigee-release/hybrid/apigee-runtime" tag: "1.11.2-hotfix.3" ``` 2. Install the hotfix release: * For Helm-managed releases, update the `apigee-env` chart with the `helm upgrade` command and your current overrides files: For each environment in your Apigee org: ``` helm upgrade ENV_RELEASE_NAME apigee-env/ \ --namespace APIGEE_NAMESPACE \ --set env=ENV_NAME \ --atomic \ -f OVERRIDES_FILE ``` * ENV\_RELEASE\_NAME is a name used to keep track of installation and upgrades of the `apigee-env chart`. This name must be unique from the other Helm release names in your installation. Usually this is the same as ENV\_NAME. However, if your environment has the same name as your environment group, you must use different release names for the environment and environment group, for example `dev-env-release` and `dev-envgroup-release`. For more information on releases in Helm, see [Three big concepts](https://helm.sh/docs/intro/using%5Fhelm/#three-big-concepts) in the Helm documentation. * APIGEE\_NAMESPACE is your installation's namespace. The default is `apigee`. * ENV\_NAME is the name of the environment you are upgrading. * OVERRIDES\_FILE is your edited overrides file. * For `apigeectl`\-managed releases: 1. Install the hotfix release with `apigeectl init` using your updated overrides file: ``` ${APIGEECTL_HOME}/apigeectl init -f OVERRIDES_FILE --dry-run=client ``` Followed by: ``` ${APIGEECTL_HOME}/apigeectl init -f OVERRIDES_FILE ``` 2. Apply the hotfix release with `apigeectl apply`: ``` ${APIGEECTL_HOME}/apigeectl apply -f OVERRIDES_FILE --all-envs --dry-run=client ``` Followed by: ``` ${APIGEECTL_HOME}/apigeectl apply -f OVERRIDES_FILE --all-envs ``` * For information on upgrading, see [Upgrading Apigee hybrid to version 1.11](https://cloud.google.com/apigee/docs/hybrid/v1.11/upgrade). * For information on new installations, see [The big picture](https://cloud.google.com/apigee/docs/hybrid/v1.11/big-picture). * For recommended actions after upgrading, see [Validate policies after upgrade to 1.12-hotfix.3](https://cloud.google.com/apigee/docs/hybrid/v1.11/upgrade#recommended-actions-upgrade-1112h3). **Note:** This is a hotfix release: For critical security and other immediate fixes, Apigee provides specific container image tags that you must manually update in your existing deployments. The Helm chart binary usually remains unchanged for hotfixes. Hotfixes are temporary and their changes will be included in the next standard release. For information on container image support in Apigee hybrid releases, see the [Apigee release process](https://cloud.google.com/apigee/docs/release/apigee-release-process#apigee-hybrid-container-images). ## Security **Stricter class instantiation checks included in this release.** JavaCallout policy now includes additional security during Java class instantiation. The enhanced security measure prevents the deployment of policies that directly or indirectly attempt actions that require permissions that are not allowed. In most cases, existing policies will continue to function as expected without any issues. However, there is a possibility that policies relying on third-party libraries, or those with custom code that indirectly triggers operations requiring elevated permissions, could be affected. To test your installation, follow the procedure in [Validate policies after upgrade to 1.11.2-hotfix.3](https://cloud.google.com/apigee/docs/hybrid/v1.11/upgrade#recommended-actions-upgrade-1112h3) to validate policy behavior. | Bug ID | Description | | ------------- | ------------------------------------------------- | | **382967738** | **Fixed a vulnerability in PythonScript policy.** | ## Announcement On April 14, 2025 we released an updated version of Apigee. ## Feature **Announcing data collectors data residency (DRZ) compliance for Apigee and Apigee hybrid.** Data collectors can be used with data residency for Subscription and Pay-as-you-go organizations and hybrid versions 1.14.0 and later. See [Data residency compatibility](https://cloud.google.com/apigee/docs/api-platform/get-started/drz-concepts#data-residency-compatibility) for information.