We released an updated version of the Apigee hybrid software, 1.14.3
Share
Services
## Announcement
### hybrid v1.14.3
On September 29, 2025 we released an updated version of the Apigee hybrid software, 1.14.3.
* For information on upgrading, see [Upgrading Apigee hybrid to version 1.14](https://cloud.google.com/apigee/docs/hybrid/v1.14/upgrade).
* For information on new installations, see [The big picture](https://cloud.google.com/apigee/docs/hybrid/v1.14/big-picture).
**Note:** This is a patch release: The container images used in patch releases are integrated with the Apigee hybrid Helm charts. Upgrading to a patch via the Helm chart automatically updates the images. No manual image changes are typically needed. For information on container image support in Apigee hybrid releases, see [Apigee release process](https://cloud.google.com/apigee/docs/release/apigee-release-process#apigee-hybrid-container-images).
## Fix
| Bug ID | Description |
| ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| **423597917** | **Post of an [AppGroupAppKey](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.appgroups.apps.keys/updateAppGroupAppKey) scopes should result in insert operation instead of update.** |
| **409048431** | **Fixes a vulnerability which could allow a SAML signature verification to be bypassed.** |
| **395272878** | **Separate Forward proxy support for googleapis.com and non-googleapis.com runtime traffic.** |
| **378686709** | **The use of wildcards (\*) in Apigee proxy basepaths would conflict with other explicit basepaths, resulting in a 404 error.** To apply this fix, follow the procedure in [Known issue 378686709](https://cloud.google.com/apigee/docs/release/known-issues#378686709). |
| **367815792** | **Two new Flow Variables: app\_group\_app and app\_group\_name have been added to VerifyApiKey and Access Token policy.** |
## Security
| Bug ID | Description |
| ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| **433952146** | **Security fix.** This addresses the following vulnerability: [CVE-2024-6763](https://nvd.nist.gov/vuln/detail/CVE-2024-6763) |
| **433951774** | **Security fix.** This addresses the following vulnerability: [CVE-2024-7254](https://nvd.nist.gov/vuln/detail/CVE-2024-7254) |
| **433950558** | **Security fix.** This addresses the following vulnerability: [CVE-2024-47554](https://nvd.nist.gov/vuln/detail/CVE-2024-47554) |
| **433950370** | **Security fix.** This addresses the following vulnerability: [CVE-2025-25193](https://nvd.nist.gov/vuln/detail/CVE-2025-25193) |
| **N/A** | **Security fixes for apigee-asm-ingress.** This addresses the following vulnerability: [CVE-2025-22871](https://nvd.nist.gov/vuln/detail/CVE-2025-22871) |
| **N/A** | **Security fixes for apigee-asm-istiod.** This addresses the following vulnerability: [CVE-2025-22871](https://nvd.nist.gov/vuln/detail/CVE-2025-22871) |
| **N/A** | **Security fixes for apigee-envoy.** This addresses the following vulnerability: [CVE-2025-0395](https://nvd.nist.gov/vuln/detail/CVE-2025-0395) |
| **N/A** | **Security fixes for apigee-fluent-bit.** This addresses the following vulnerabilities: [CVE-2025-32990](https://nvd.nist.gov/vuln/detail/CVE-2025-32990) [CVE-2025-32988](https://nvd.nist.gov/vuln/detail/CVE-2025-32988) |
| **N/A** | **Security fixes for apigee-hybrid-cassandra.** This addresses the following vulnerabilities: [CVE-2025-23015](https://nvd.nist.gov/vuln/detail/CVE-2025-23015) [CVE-2025-22871](https://nvd.nist.gov/vuln/detail/CVE-2025-22871) [CVE-2025-24970](https://nvd.nist.gov/vuln/detail/CVE-2025-24970) |
| **N/A** | **Security fixes for apigee-hybrid-cassandra-client.** This addresses the following vulnerability: [CVE-2025-22871](https://nvd.nist.gov/vuln/detail/CVE-2025-22871) |
| **N/A** | **Security fixes for apigee-kube-rbac-proxy.** This addresses the following vulnerability: [CVE-2025-22871](https://nvd.nist.gov/vuln/detail/CVE-2025-22871) |
| **N/A** | **Security fixes for apigee-mart-server.** This addresses the following vulnerabilities: [CVE-2025-48924](https://nvd.nist.gov/vuln/detail/2025-48924) [CVE-2025-48795](https://nvd.nist.gov/vuln/detail/2025-48795) [CVE-2025-48734](https://nvd.nist.gov/vuln/detail/2025-48734) [CVE-2025-24970](https://nvd.nist.gov/vuln/detail/2025-24970) [CVE-2024-47554](https://nvd.nist.gov/vuln/detail/2024-47554) [CVE-2024-47535](https://nvd.nist.gov/vuln/detail/2024-47535) [CVE-2024-13009](https://nvd.nist.gov/vuln/detail/2024-13009) [CVE-2024-8184](https://nvd.nist.gov/vuln/detail/2024-8184) [CVE-2024-7254](https://nvd.nist.gov/vuln/detail/2024-7254) [CVE-2024-6763](https://nvd.nist.gov/vuln/detail/2024-6763) |
| **N/A** | **Security fixes for apigee-operators.** This addresses the following vulnerability: [CVE-2025-22871](https://nvd.nist.gov/vuln/detail/CVE-2025-22871) |
| **N/A** | **Security fixes for apigee-stackdriver-logging-agent.** This addresses the following vulnerabilities: [CVE-2025-43857](https://nvd.nist.gov/vuln/detail/CVE-2025-43857) [CVE-2024-41946](https://nvd.nist.gov/vuln/detail/CVE-2024-41946) [CVE-2024-41123](https://nvd.nist.gov/vuln/detail/CVE-2024-41123) [CVE-2024-25062](https://nvd.nist.gov/vuln/detail/CVE-2024-25062) [CVE-2023-42915](https://nvd.nist.gov/vuln/detail/CVE-2023-42915) [CVE-2023-33953](https://nvd.nist.gov/vuln/detail/CVE-2023-33953) [CVE-2022-34169](https://nvd.nist.gov/vuln/detail/CVE-2022-34169) [CVE-2022-32511](https://nvd.nist.gov/vuln/detail/CVE-2022-32511) [CVE-2022-32207](https://nvd.nist.gov/vuln/detail/CVE-2022-32207) [CVE-2022-29181](https://nvd.nist.gov/vuln/detail/CVE-2022-29181) [CVE-2022-28739](https://nvd.nist.gov/vuln/detail/CVE-2022-28739) [CVE-2022-27782](https://nvd.nist.gov/vuln/detail/CVE-2022-27782) [CVE-2022-24839](https://nvd.nist.gov/vuln/detail/CVE-2022-24839) [CVE-2022-24836](https://nvd.nist.gov/vuln/detail/CVE-2022-24836) [CVE-2022-23308](https://nvd.nist.gov/vuln/detail/CVE-2022-23308) [CVE-2022-0759](https://nvd.nist.gov/vuln/detail/CVE-2022-0759) [CVE-2021-41819](https://nvd.nist.gov/vuln/detail/CVE-2021-41819) [CVE-2021-41817](https://nvd.nist.gov/vuln/detail/CVE-2021-41817) [CVE-2021-4044](https://nvd.nist.gov/vuln/detail/CVE-2021-4044) [CVE-2021-3518](https://nvd.nist.gov/vuln/detail/CVE-2021-3518) [CVE-2021-3517](https://nvd.nist.gov/vuln/detail/CVE-2021-3517) [CVE-2021-32740](https://nvd.nist.gov/vuln/detail/CVE-2021-32740) [CVE-2021-32066](https://nvd.nist.gov/vuln/detail/CVE-2021-32066) [CVE-2021-31799](https://nvd.nist.gov/vuln/detail/CVE-2021-31799) [CVE-2021-30560](https://nvd.nist.gov/vuln/detail/CVE-2021-30560) [CVE-2021-28966](https://nvd.nist.gov/vuln/detail/CVE-2021-28966) [CVE-2021-28965](https://nvd.nist.gov/vuln/detail/CVE-2021-28965) [CVE-2021-23214](https://nvd.nist.gov/vuln/detail/CVE-2021-23214) [CVE-2021-22926](https://nvd.nist.gov/vuln/detail/CVE-2021-22926) [CVE-2020-7595](https://nvd.nist.gov/vuln/detail/CVE-2020-7595) [CVE-2020-25695](https://nvd.nist.gov/vuln/detail/CVE-2020-25695) [CVE-2020-25694](https://nvd.nist.gov/vuln/detail/CVE-2020-25694) [CVE-2020-25613](https://nvd.nist.gov/vuln/detail/CVE-2020-25613) [CVE-2019-9193](https://nvd.nist.gov/vuln/detail/CVE-2019-9193) [CVE-2019-3881](https://nvd.nist.gov/vuln/detail/CVE-2019-3881) [CVE-2019-20388](https://nvd.nist.gov/vuln/detail/CVE-2019-20388) [CVE-2019-10211](https://nvd.nist.gov/vuln/detail/CVE-2019-10211) [CVE-2019-10210](https://nvd.nist.gov/vuln/detail/CVE-2019-10210) [CVE-2019-10128](https://nvd.nist.gov/vuln/detail/CVE-2019-10128) [CVE-2019-10127](https://nvd.nist.gov/vuln/detail/CVE-2019-10127) [CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032) [CVE-2018-1115](https://nvd.nist.gov/vuln/detail/CVE-2018-1115) [CVE-2018-10915](https://nvd.nist.gov/vuln/detail/CVE-2018-10915) [CVE-2018-1058](https://nvd.nist.gov/vuln/detail/CVE-2018-1058) [CVE-2018-1053](https://nvd.nist.gov/vuln/detail/CVE-2018-1053) [CVE-2017-7546](https://nvd.nist.gov/vuln/detail/CVE-2017-7546) [CVE-2017-7486](https://nvd.nist.gov/vuln/detail/CVE-2017-7486) [CVE-2017-7484](https://nvd.nist.gov/vuln/detail/CVE-2017-7484) [CVE-2017-17405](https://nvd.nist.gov/vuln/detail/CVE-2017-17405) [CVE-2017-15098](https://nvd.nist.gov/vuln/detail/CVE-2017-15098) [CVE-2017-14798](https://nvd.nist.gov/vuln/detail/CVE-2017-14798) [CVE-2016-7954](https://nvd.nist.gov/vuln/detail/CVE-2016-7954) [CVE-2016-7048](https://nvd.nist.gov/vuln/detail/CVE-2016-7048) [CVE-2016-5424](https://nvd.nist.gov/vuln/detail/CVE-2016-5424) [CVE-2016-5423](https://nvd.nist.gov/vuln/detail/CVE-2016-5423) [CVE-2016-0766](https://nvd.nist.gov/vuln/detail/CVE-2016-0766) [CVE-2015-3167](https://nvd.nist.gov/vuln/detail/CVE-2015-3167) [CVE-2015-3166](https://nvd.nist.gov/vuln/detail/CVE-2015-3166) [CVE-2015-0244](https://nvd.nist.gov/vuln/detail/CVE-2015-0244) [CVE-2015-0243](https://nvd.nist.gov/vuln/detail/CVE-2015-0243) [CVE-2015-0242](https://nvd.nist.gov/vuln/detail/CVE-2015-0242) [CVE-2015-0241](https://nvd.nist.gov/vuln/detail/CVE-2015-0241) |
| **N/A** | **Security fixes for apigee-watcher.** This addresses the following vulnerability: [CVE-2025-22871](https://nvd.nist.gov/vuln/detail/CVE-2025-22871) |
What else is happening at Google Cloud Platform?
