v2.1.3

Addressed Issues

• Previously a random API product would be uploaded based on the credential alone, meaning the product used for analytics may not have matched the associated operation. Now the product used for analytics records is based on a single product based on the credential and a matching API operation. Note, if the credential matches multiple products with overlapping operations, only the first matching operation will be uploaded.

Changelog

• 5e77c4c Merge pull request #146 from apigee/releaser/fix
• 2afef26 Fix go releaser workflow to use non-deprecated flag '--clean'. See https://goreleaser.com/deprecations/\#-rm-dist
• 8221ec6 Merge pull request #145 from apigee/product/ax
• 7699aa1 For analytics records, upload a singular product that was used for an authorized operation. This replaces the existing functionality that picked a random matching product from the credential

v2.1.2

Addressed Issues

• Fixes issue where quota buckets were deleted while in use, causing a brief period between refreshes where quota was prematurely reset.

Changelog

• 647d526 Merge pull request #140 from apigee/b/315997176
• 6dc54b0 Add condition to bucket delete check to ensure an in-use bucket is not pre-maturely deleted

This change only affects the Envoy Adapter runtime (binary / docker image), there is no need to re-provision Apigee.

v2.1.1

Addressed Issues

• panic can occur during quota sync

Changelog

• 777c318 fix panic during quota sync (#137)

This change only affects the Envoy Adapter runtime (binary / docker image), there is no need to re-provision Apigee.

v2.1.0

Breaking Change

• Quota IDs have changed and values within the current window will be lost.

Addressed Issues

• Quotas may be applied per operation instead of at Product level
• Quota is shared across apps of the same name

Changelog

• c9a3d3e namespace app by developer for quota id (#135)
• e73eb0c operation shares product quota unless override (#134)

v2.0.7

New Features

• JWTs can now add a claim named "customattributes" that will pass the value on to the target in a header called "x-apigee-customattributes" (if "append_metadata_headers" is configured to be true).

Addressed Issues

• Addresses an issue where an invalid api key could create spurious log entries and analytics records

• Changelog

• 6db69e2 Added new header to capture customattributes (#131)

• ba684bc fix handling of bad authentication error (#129)

v2.0.6

Tag only, no changes.

v2.0.5

Security release to address a Denial of Service (DoS) risk in the promethus library. See the following notice for more details:

https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPROMETHEUSCLIENTGOLANGPROMETHEUSPROMHTTP-2401819

Note: This change only affects the Envoy Adapter runtime (binary / docker image), there is no change to the CLI or Apigee proxies, thus there is no need to re-provision Apigee.

Changelog

• 9878495 Upgrade prometheus/client_golang (#124)

v2.0.4

Details of the internal error that may occur during authorization will be logged at the debug level. Specifically, the token fetching error for API key will be logged at the error level.

Changelog

• be663b8 log internal error (#104)

v2.0.3

Tagged for v2.0.3 release. No changes from v2.0.2.

Changelog

v2.0.2

Envoy Adapter v2.0.2 is a patch release to fix a race condition that could cause 403 errors and panics when JWT claims scopes are nil.

Changelog

65bc176 race-audit (#83)
1f5ba3f claims map must be treated as const