May 2nd, 2025

We released an updated version of Apigee (1-15-0-apigee-3). Large message payload support in Apigee

Services

## Announcement On May 2, 2025, we released an updated version of Apigee (1-15-0-apigee-3). **Note:** Rollouts of this release to production instances will begin within two business days and may take four or more business days to complete across all Google Cloud zones. Your instances may not have the features and fixes available until the rollout is complete. ## Feature **Large message payload support in Apigee** Apigee now supports message payloads up to 30MB. For more information, see: * [Message payload size](https://cloud.google.com/apigee/docs/api-platform/fundamentals/best-practices-api-proxy-design-and-development#size). * `Properties` in the [ProxyEndpoint configuration elements](https://cloud.google.com/apigee/docs/api-platform/reference/api-proxy-configuration-reference#proxyendpoint-proxyendpointconfigurationelements) reference. * `Properties` in the [TargetEndpoint configuration elements](https://cloud.google.com/apigee/docs/api-platform/reference/api-proxy-configuration-reference#targetendpoint-targetendpointconfigurationelements) reference. ## Feature **Improvements to the PublishMessage policy** The [PublishMessage policy](https://cloud.google.com/apigee/docs/api-platform/reference/policies/publish-message-policy) now supports two new elements: * The **<UseMessageAsSource>** element uses request or response message content as the source of data to be written to [Pub/Sub](https://cloud.google.com/pubsub). For more information, see [<UseMessageAsSource>](https://cloud.google.com/apigee/docs/api-platform/reference/policies/publish-message-policy#umas). * The **<Attributes>** element lets you specify string attributes (key/value pairs) to include with the request or response message that is written to Pub/Sub. For more information, see [<Attributes>](https://cloud.google.com/apigee/docs/api-platform/reference/policies/publish-message-policy#attributes). ## Fix | Bug ID | Description | | ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **391140293** | **Resolved scaling issue resulting in 503 errors** Added drainDuration and updated the values for terminationDrainDuration and terminationGracePeriodSeconds. | | **N/A** | **Updates to security infrastructure and libraries.** | ## Announcement ### hybrid v1.14.2 On May 2, 2025 we released an updated version of the Apigee hybrid software, 1.14.2. * For information on upgrading, see [Upgrading Apigee hybrid to version 1.14](https://cloud.google.com/apigee/docs/hybrid/v1.14/upgrade). * For information on new installations, see [The big picture](https://cloud.google.com/apigee/docs/hybrid/v1.14/big-picture). **Note:** This is a patch release: The container images used in patch releases are integrated with the Apigee hybrid Helm charts. Upgrading to a patch via the Helm chart automatically updates the images. No manual image changes are typically needed. For information on container image support in Apigee hybrid releases, see [Apigee release process](https://cloud.google.com/apigee/docs/release/apigee-release-process#apigee-hybrid-container-images). ## Feature **Large message payload support in Apigee hybrid** Apigee now supports message payloads up to 30MB. For information see: * [Message payload size](https://cloud.google.com/apigee/docs/api-platform/fundamentals/best-practices-api-proxy-design-and-development#size) * [runtime.resources.limits.memory](https://cloud.google.com/apigee/docs/hybrid/v1.14/config-prop-ref#runtime-resources-limits-memory) in the Configuration property reference. * [runtime.resources.requests.memory](https://cloud.google.com/apigee/docs/hybrid/v1.14/config-prop-ref#runtime-resources-requests-memory) in the Configuration property reference. ## Change Starting with v1.14.2, third-party container images will be labeled with a version tag that matches the Apigee hybrid image tag. This affects the image tags returned by the [apigee-pull-push](https://cloud.google.com/apigee/docs/hybrid/v1.14/apigee-pull-push.html) command line tool. For more information, see: * [Use a private image repository with Apigee hybrid](https://cloud.google.com/apigee/docs/hybrid/v1.14/container-images#supported-platforms) * [apigee-pull-push](https://cloud.google.com/apigee/docs/hybrid/v1.14/apigee-pull-push#list-the-images-in-your-repository) * [hub](https://cloud.google.com/apigee/docs/hybrid/v1.14/config-prop-ref#hub) **Note:** You can see the original component container image tags as a label with the `docker history` and `docker inspect` commands. ## Fix | Bug ID | Description | | ------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **399447688** | **API proxy deployment could become stuck in PROGRESSING state.** | | **396571537** | **Rotating Cassandra credentials in Kubernetes secrets fixed for Multi-region deployments.** | | **368155212** | **Auto Cassandra secret rotation could fail when [Enhanced per-environment proxy limits](https://cloud.google.com/apigee/docs/hybrid/v1.14/enhanced-proxy-limits) are enabled.** | | **384937220** | **Fixed ApigeeRoute name collision on internal chaining gateway for Enhanced Proxy Limits.** | | **412324617** | **Fixed issue where Runtime container could spin at 100% cpu limit.** | ## Security | Bug ID | Description | | ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **391923260** | **Security fixes for apigee-udca.** This addresses the following vulnerabilities: [CVE-2025-27788](https://nvd.nist.gov/vuln/detail/CVE-2025-27788) [CVE-2025-22869](https://nvd.nist.gov/vuln/detail/CVE-2025-22869) [CVE-2025-22868](https://nvd.nist.gov/vuln/detail/CVE-2025-22868) [CVE-2024-45337](https://nvd.nist.gov/vuln/detail/CVE-2024-45337) [CVE-2024-34158](https://nvd.nist.gov/vuln/detail/CVE-2024-34158) [CVE-2024-34156](https://nvd.nist.gov/vuln/detail/CVE-2024-34156) [CVE-2023-6481](https://nvd.nist.gov/vuln/detail/CVE-2023-6481) | | **N/A** | **Security fixes for apigee-fluent-bit.** This addresses the following vulnerabilities: [CVE-2025-1094](https://nvd.nist.gov/vuln/detail/CVE-2025-1094) [CVE-2025-0395](https://nvd.nist.gov/vuln/detail/CVE-2025-0395) | | **N/A** | **Security fixes for apigee-hybrid-cassandra.** This addresses the following vulnerability: [CVE-2025-23015](https://nvd.nist.gov/vuln/detail/CVE-2025-23015) | | **N/A** | **Security fixes for apigee-hybrid-cassandra-client.** This addresses the following vulnerability: [CVE-2025-22868](https://nvd.nist.gov/vuln/detail/CVE-2025-22868) | | **N/A** | **Security fixes for apigee-mint-task-scheduler.** This addresses the following vulnerability: [CVE-2025-21587](https://nvd.nist.gov/vuln/detail/CVE-2025-21587) | | **N/A** | **Security fixes for apigee-open-telemetry-collector.** This addresses the following vulnerabilities: [CVE-2025-29786](https://nvd.nist.gov/vuln/detail/CVE-2025-29786) [CVE-2025-22869](https://nvd.nist.gov/vuln/detail/CVE-2025-22869) [CVE-2025-22868](https://nvd.nist.gov/vuln/detail/CVE-2025-22868) | | **N/A** | **Security fixes for apigee-operators.** This addresses the following vulnerabilities: [CVE-2025-22869](https://nvd.nist.gov/vuln/detail/CVE-2025-22869) [CVE-2025-22868](https://nvd.nist.gov/vuln/detail/CVE-2025-22868) | | **N/A** | **Security fixes for apigee-prometheus-adapter.** This addresses the following vulnerability: [CVE-2025-22868](https://nvd.nist.gov/vuln/detail/CVE-2025-22868) | | **N/A** | **Security fixes for apigee-redis.** This addresses the following vulnerabilities: [CVE-2025-22869](https://nvd.nist.gov/vuln/detail/CVE-2025-22869) [CVE-2024-56171](https://nvd.nist.gov/vuln/detail/CVE-2024-56171) [CVE-2024-24791](https://nvd.nist.gov/vuln/detail/CVE-2024-24791) | | **N/A** | **Security fixes for apigee-stackdriver-logging-agent.** This addresses the following vulnerabilities: [CVE-2025-24928](https://nvd.nist.gov/vuln/detail/CVE-2025-24928) [CVE-2025-24855](https://nvd.nist.gov/vuln/detail/CVE-2025-24855) [CVE-2025-0306](https://nvd.nist.gov/vuln/detail/CVE-2025-0306) [CVE-2024-56171](https://nvd.nist.gov/vuln/detail/CVE-2024-56171) [CVE-2024-55549](https://nvd.nist.gov/vuln/detail/CVE-2024-55549) | | **N/A** | **Security fixes for apigee-watcher.** This addresses the following vulnerabilities: [CVE-2025-22869](https://nvd.nist.gov/vuln/detail/CVE-2025-22869) [CVE-2025-22868](https://nvd.nist.gov/vuln/detail/CVE-2025-22868) |