<?xml version="1.0" encoding="UTF-8"?>
<!-- AUTOGENERATED FILE. DO NOT EDIT. -->
<feed xmlns="http://www.w3.org/2005/Atom">
  <id>tag:google.com,2016:apigee-release-notes</id>
  <title>Apigee - Release notes</title>
  <link rel="self" href="https://docs.cloud.google.com/feeds/apigee-release-notes.xml"/>
  <author>
    <name>Google Cloud Platform</name>
  </author>
  <updated>2026-07-10T00:00:00-07:00</updated>

  <entry>
    <title>July 10, 2026</title>
    <id>tag:google.com,2016:apigee-release-notes#July_10_2026</id>
    <updated>2026-07-10T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/apigee/docs/release-notes#July_10_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Apigee Advanced API Security</h2>
<h3>Deprecated</h3>
<p><strong>Deprecation and shutdown of GenAI Incident Summary (generative AI Insights)</strong></p>
<p>The standalone <strong>GenAI Incident Summary</strong> (generative AI Insights) feature in
Apigee Advanced API Security Abuse Detection, currently in Preview, is
deprecated and shut down as of July 9, 2026. This feature used Google Cloud
generative AI large language models (LLMs) to provide automated summaries and
mitigation guidance for security incidents identified by the Abuse Detection
clustering tool.</p>
<p>For more information, see <a href="https://docs.cloud.google.com/apigee/docs/deprecations/genai-incident-summary">GenAI Incident Summary deprecation</a>.</p>
<h2 class="release-note-product-title">Apigee hybrid</h2>
<strong class="release-note-product-version-title">v1.16.7</strong>
<h3>Announcement</h3>
<h3 id="v1167">v1.16.7</h3>
<p>On July 10, 2026 we released an updated version of the Apigee hybrid software, v1.16.7.</p>
<ul>
<li>For information on upgrading, see <a href="https://docs.cloud.google.com/apigee/docs/hybrid/v1.16/upgrade">Upgrading Apigee hybrid to version v1.16.7</a>.</li>
<li>For information on new installations, see <a href="https://docs.cloud.google.com/apigee/docs/hybrid/v1.16/big-picture">The big picture</a>.</li>
</ul>
<aside class="note"><strong>Note:</strong><span> This is a patch release: The container images used in patch releases are integrated with the Apigee hybrid Helm charts. Upgrading to a patch via the Helm chart automatically updates the images. No manual image changes are typically needed. For information on container image support in Apigee hybrid releases, see <a href="https://docs.cloud.google.com/apigee/docs/release/apigee-release-process#apigee-hybrid-container-images">Apigee release process</a>.</span></aside>
<h3>Security</h3>
<p>Various security and CVE fixes are included in this release.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>July 08, 2026</title>
    <id>tag:google.com,2016:apigee-release-notes#July_08_2026</id>
    <updated>2026-07-08T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/apigee/docs/release-notes#July_08_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Apigee X</h2>
<h3>Security</h3>
<p>An Improper Input Validation vulnerability in BigQuery DAO in Google Cloud Apigee versions prior to 2026-06-12 on Google Cloud Platform allowed an authenticated attacker to exfiltrate cross-tenant data.</p>
<p>This vulnerability was patched on 12 June 2026 on the Apigee Servers, and no customer action is needed. Apigee hybrid was not affected.</p>
<p>For more information, see <a href="http://cve.org/CVERecord?id=CVE-2026-12879">CVE-2026-12879</a>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>July 06, 2026</title>
    <id>tag:google.com,2016:apigee-release-notes#July_06_2026</id>
    <updated>2026-07-06T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/apigee/docs/release-notes#July_06_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Apigee UI</h2>
<h3>Announcement</h3>
<p>On July 6, 2026, we released an updated version of the Apigee UI.</p>
<h3>Feature</h3>
<p><strong>ParsePayload policy and payload operations matching in the Apigee UI</strong></p>
<p>The Apigee UI now supports the new payload operations matching feature:</p>
<ul>
<li>The new <strong>ParsePayload</strong> policy is now available in the proxy editor for API
proxy authoring. You can use it to extract logical operations from
structured payloads at runtime.</li>
<li>The API Product page now displays payload-based operations, allowing you to
configure and manage access control and quotas based on request payload
content.</li>
</ul>
<p>For more information, see <a href="https://docs.cloud.google.com/apigee/docs/api-platform/apigee-mcp/manage-mcp-tool-access">Manage MCP tool access with API
products</a>.</p>
<h2 class="release-note-product-title">Apigee X</h2>
<h3>Feature</h3>
<p><strong>Support for payload operations matching in API Products</strong></p>
<p>Apigee now supports payload operations matching (<code>payloadOperationGroup</code>) in API
Products, powered by the new <strong>ParsePayload</strong> policy.</p>
<p>Payload operations matching allows you to define API Product operations that
match fields within request payloads, such as JSON-RPC requests used by the
Model Context Protocol (MCP). Apigee can then route, monetize, authorize, and
apply distinct quota limits to traffic based on the derived payload operation.</p>
<p>This feature is available to all Apigee X customers in all supported regions
with no additional charge. For more information, see <a href="https://docs.cloud.google.com/apigee/docs/api-platform/apigee-mcp/manage-mcp-tool-access">Manage MCP tool access
with API products</a>
and the <a href="https://docs.cloud.google.com/apigee/docs/api-platform/reference/policies/parse-payload-policy">ParsePayload policy
reference</a>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>July 03, 2026</title>
    <id>tag:google.com,2016:apigee-release-notes#July_03_2026</id>
    <updated>2026-07-03T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/apigee/docs/release-notes#July_03_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Apigee hybrid</h2>
<strong class="release-note-product-version-title">v1.15.5</strong>
<h3>Announcement</h3>
<h3 id="v1155">v1.15.5</h3>
<p>On July 3, 2026 we released an updated version of the Apigee hybrid software, v1.15.5.</p>
<ul>
<li>For information on upgrading, see <a href="https://docs.cloud.google.com/apigee/docs/hybrid/v1.15/upgrade">Upgrading Apigee hybrid to version v1.15.5</a>.</li>
<li>For information on new installations, see <a href="https://docs.cloud.google.com/apigee/docs/hybrid/v1.15/big-picture">The big picture</a>.</li>
</ul>
<aside class="note"><strong>Note:</strong><span> This is a patch release: The container images used in patch releases are integrated with the Apigee hybrid Helm charts. Upgrading to a patch via the Helm chart automatically updates the images. No manual image changes are typically needed. For information on container image support in Apigee hybrid releases, see <a href="https://docs.cloud.google.com/apigee/docs/release/apigee-release-process#apigee-hybrid-container-images">Apigee release process</a>.</span></aside>
<h3>Security</h3>
<p>Various security and CVE fixes are included in this release.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>June 24, 2026</title>
    <id>tag:google.com,2016:apigee-release-notes#June_24_2026</id>
    <updated>2026-06-24T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/apigee/docs/release-notes#June_24_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Apigee X</h2>
<h3>Announcement</h3>
<p><strong>Apigee Emulator</strong></p>
<h3 id="apigee_emulator_v201">Apigee Emulator v2.0.1</h3>
<p>On June 24, 2026, we released Apigee Emulator version 2.0.1.</p>
<p>This is a security-only hotfix release on top of v2.0.0 that addresses
10 security vulnerabilities in the Netty networking library and the embedded
Cassandra Go standard library health-check binary. There are no functional,
API, or configuration changes -- v2.0.1 is a drop-in replacement for v2.0.0.</p>
<p>The emulator image is available at
<a href="https://console.cloud.google.com/artifacts/docker/apigee-release/us/gcr.io/hybrid%2Fapigee-emulator">Google Artifact Registry</a>.</p>
<p>To upgrade, update the emulator version in your VS Code Cloud Code settings
to <code>2.0.1</code>. See
<a href="https://docs.cloud.google.com/apigee/docs/api-platform/local-development/vscode/manage-apigee-emulator#choose_the_emulator_version">Manage the Apigee Emulator</a>
for details.</p>
<h3>Feature</h3>
<p><strong>Apigee Emulator</strong></p>
<h4 id="changed_in_this_release">Changed in this release</h4>
<ul>
<li>Upgraded Netty to <code>4.1.135.Final</code> (from <code>4.1.133.Final</code>) and pinned all
transitive <code>netty-*</code> artifacts via <code>netty-bom</code>.</li>
<li>Refreshed the Cassandra base image to pick up Go standard library <code>1.25.11</code>
(from <code>1.25.10</code>) in the embedded health-check binary.</li>
<li>Updated <code>netty-tcnative-boringssl-static</code> classifier variants from
<code>2.0.53.Final</code> to <code>2.0.77.Final</code>.</li>
</ul>
<h3>Security</h3>
<p><strong>Apigee Emulator</strong></p>
<h4 id="security">Security</h4>
<p>This release addresses 10 security vulnerabilities in the Netty networking
library and the embedded Go standard library. All Netty fixes come from
upgrading to <code>4.1.135.Final</code>; all Go standard library fixes come from a
Cassandra base image rebuild against Go <code>1.25.11</code>.</p>
<table>
<thead>
<tr>
<th>CVE</th>
<th>Component</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-50010">CVE-2026-50010</a></td>
<td>Netty (<code>netty-handler</code>)</td>
</tr>
<tr>
<td><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-50020">CVE-2026-50020</a></td>
<td>Netty (<code>netty-codec-http</code>)</td>
</tr>
<tr>
<td><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-50560">CVE-2026-50560</a></td>
<td>Netty (<code>netty-codec-http2</code>)</td>
</tr>
<tr>
<td><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-48043">CVE-2026-48043</a></td>
<td>Netty (<code>netty-codec-http2</code>)</td>
</tr>
<tr>
<td><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-44249">CVE-2026-44249</a></td>
<td>Netty (<code>netty-handler</code>)</td>
</tr>
<tr>
<td><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-45416">CVE-2026-45416</a></td>
<td>Netty (<code>netty-handler</code>)</td>
</tr>
<tr>
<td><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-47244">CVE-2026-47244</a></td>
<td>Netty (<code>netty-codec-http2</code>)</td>
</tr>
<tr>
<td><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27145">CVE-2026-27145</a></td>
<td>Go standard library</td>
</tr>
<tr>
<td><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-42504">CVE-2026-42504</a></td>
<td>Go standard library</td>
</tr>
<tr>
<td><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-42507">CVE-2026-42507</a></td>
<td>Go standard library</td>
</tr>
</tbody>
</table>
]]>
    </content>
  </entry>

  <entry>
    <title>June 22, 2026</title>
    <id>tag:google.com,2016:apigee-release-notes#June_22_2026</id>
    <updated>2026-06-22T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/apigee/docs/release-notes#June_22_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Apigee X</h2>
<h3>Announcement</h3>
<p>On June 22nd, 2026, we released an updated version of Apigee (1-17-0-apigee-10).</p>
<aside class="note"><strong>Note:</strong><span> Rollouts of this release began today and may take four or more business days to be completed across all Google Cloud zones. Your instances may not have the features and fixes available until the rollout is complete.</span></aside>
<h3>Security</h3>
<table>
<thead>
<tr>
<th>Bug ID</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>519996459</strong></td>
<td><strong>Security fix for Apigee.</strong> Upgraded the Apigee ingress gateway to patch the following vulnerabilities: <p><ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27143">CVE-2026-27143</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-14993">CVE-2019-14993</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-39155">CVE-2021-39155</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-39156">CVE-2021-39156</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-23635">CVE-2022-23635</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27140">CVE-2026-27140</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27144">CVE-2026-27144</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-29181">CVE-2026-29181</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-32280">CVE-2026-32280</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-32281">CVE-2026-32281</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-32283">CVE-2026-32283</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33811">CVE-2026-33811</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33814">CVE-2026-33814</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-34986">CVE-2026-34986</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-35469">CVE-2026-35469</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-39820">CVE-2026-39820</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-39836">CVE-2026-39836</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-39883">CVE-2026-39883</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-4046">CVE-2026-4046</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-42499">CVE-2026-42499</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-42501">CVE-2026-42501</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-42504">CVE-2026-42504</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-31045">CVE-2022-31045</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27145">CVE-2026-27145</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-32282">CVE-2026-32282</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-32288">CVE-2026-32288</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-32289">CVE-2026-32289</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-39350">CVE-2026-39350</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-39817">CVE-2026-39817</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-39819">CVE-2026-39819</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-39823">CVE-2026-39823</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-39825">CVE-2026-39825</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-39826">CVE-2026-39826</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-41413">CVE-2026-41413</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-42507">CVE-2026-42507</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-4437">CVE-2026-4437</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-4438">CVE-2026-4438</a></li></ul></p></td>
</tr>
<tr>
<td><strong>N/A</strong></td>
<td><strong>Security fix for Apigee infrastructure.</strong></td>
</tr>
</tbody>
</table>
<h3>Fixed</h3>
<table>
<thead>
<tr>
<th>Bug ID</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>515788622</strong></td>
<td>Upgraded the default outbound TLS protocol from TLSv1.2 to TLSv1.3 on JVMs that support it. Per-proxy <code>&lt;SSLInfo&gt;&lt;Protocols&gt;</code> settings continue to take precedence, and the new <code>HTTPClient.outbound.tls.protocol</code> override lets operators force a specific protocol.</td>
</tr>
<tr>
<td><strong>184266748</strong></td>
<td>Fixed an issue where ApigeeDatastore TLS certificate creation could fail in namespaces with longer names when the certificate common name exceeded the 64-byte limit.</td>
</tr>
<tr>
<td><strong>286069772</strong></td>
<td>Added a per-gateway <code>proxyProtocol.mode</code> property (strict, permissive, disable) on Apigee ingress gateway components to opt in to HAProxy PROXY-protocol parsing. The property defaults to disable.</td>
</tr>
<tr>
<td><strong>N/A</strong></td>
<td>Updates to infrastructure and libraries.</td>
</tr>
</tbody>
</table>
]]>
    </content>
  </entry>

  <entry>
    <title>June 19, 2026</title>
    <id>tag:google.com,2016:apigee-release-notes#June_19_2026</id>
    <updated>2026-06-19T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/apigee/docs/release-notes#June_19_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Apigee hybrid</h2>
<strong class="release-note-product-version-title">v1.16.6</strong>
<h3>Announcement</h3>
<h3 id="v1166">v1.16.6</h3>
<p>On June 19, 2026 we released an updated version of the Apigee hybrid software, v1.16.6.</p>
<ul>
<li>For information on upgrading, see <a href="https://docs.cloud.google.com/apigee/docs/hybrid/v1.16/upgrade">Upgrading Apigee hybrid to version v1.16.6</a>.</li>
<li>For information on new installations, see <a href="https://docs.cloud.google.com/apigee/docs/hybrid/v1.16/big-picture">The big picture</a>.</li>
</ul>
<aside class="note"><strong>Note:</strong><span> This is a patch release: The container images used in patch releases are integrated with the Apigee hybrid Helm charts. Upgrading to a patch via the Helm chart automatically updates the images. No manual image changes are typically needed. For information on container image support in Apigee hybrid releases, see <a href="https://docs.cloud.google.com/apigee/docs/release/apigee-release-process#apigee-hybrid-container-images">Apigee release process</a>.</span></aside>
<h3>Feature</h3>
<p><strong>HAProxy PROXY-protocol support on Apigee ingress gateway</strong></p>
<p>In this release, you can opt into HAProxy PROXY-protocol parsing by setting the <a href="https://docs.cloud.google.com/apigee/docs/hybrid/v1.16/config-prop-ref#ingressgateways-proxyprotocol-mode"><code>ingressGateways[].proxyProtocol.mode</code></a> property (with options <code>strict</code>, <code>permissive</code>, or <code>disable</code>) in your overrides configuration file. The property defaults to <code>disable</code>.</p>
<h3>Security</h3>
<p>Various security and CVE fixes are included in this release.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>June 18, 2026</title>
    <id>tag:google.com,2016:apigee-release-notes#June_18_2026</id>
    <updated>2026-06-18T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/apigee/docs/release-notes#June_18_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Apigee X</h2>
<h3>Announcement</h3>
<p>On June 18th, 2026, we began maintenance updates of Apigee instances <a href="https://docs.cloud.google.com/apigee/docs/api-platform/system-administration/maintenance-windows">configured for maintenance windows</a>.</p>
<p>If you set a preferred window for maintenance for your instance, and your instance version is
below <strong>1-17-0-apigee-9</strong>, your instance will be updated to <strong>1-17-0-apigee-9</strong> within the
next seven to 21 days. A notification containing the expected date of upgrade will be sent within the next two business days.</p>
<aside class="note">Note: Instances that meet either of the following two criteria will <b>not</b> be updated:
<ul>
<li>Your instance has a DNS misconfiguration, as described in <a href="https://docs.cloud.google.com/apigee/docs/release/known-issues">Known Issue 445936920</a>.</li>
<li>Your instance uses an Apigee Java Library that has been removed, as described in <a href="https://docs.cloud.google.com/apigee/docs/release/release-notes#October_16_2025">Apigee release notes dated October 16, 2025</a>.</li>
</ul></aside>
<p>For more information on participating in scheduled maintenance windows, see <a href="https://docs.cloud.google.com/apigee/docs/api-platform/system-administration/maintenance">Maintenance overview</a> and <a href="https://docs.cloud.google.com/apigee/docs/api-platform/system-administration/maintenance-windows">Manage Apigee instance maintenance windows</a>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>June 16, 2026</title>
    <id>tag:google.com,2016:apigee-release-notes#June_16_2026</id>
    <updated>2026-06-16T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/apigee/docs/release-notes#June_16_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Apigee hybrid</h2>
<strong class="release-note-product-version-title">v1.14.6</strong>
<h3>Announcement</h3>
<h3 id="v1146">v1.14.6</h3>
<p>On June 16, 2026 we released an updated version of the Apigee hybrid software, v1.14.6.</p>
<ul>
<li>For information on upgrading, see <a href="https://docs.cloud.google.com/apigee/docs/hybrid/v1.14/upgrade">Upgrading Apigee hybrid to version v1.14.6</a>.</li>
<li>For information on new installations, see <a href="https://docs.cloud.google.com/apigee/docs/hybrid/v1.14/big-picture">The big picture</a>.</li>
</ul>
<aside class="note"><strong>Note:</strong><span> This is a patch release: The container images used in patch releases are integrated with the Apigee hybrid Helm charts. Upgrading to a patch via the Helm chart automatically updates the images. No manual image changes are typically needed. For information on container image support in Apigee hybrid releases, see <a href="https://docs.cloud.google.com/apigee/docs/release/apigee-release-process#apigee-hybrid-container-images">Apigee release process</a>.</span></aside>
<h3>Security</h3>
<p>Various security and CVE fixes are included in this release.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>June 08, 2026</title>
    <id>tag:google.com,2016:apigee-release-notes#June_08_2026</id>
    <updated>2026-06-08T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/apigee/docs/release-notes#June_08_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Apigee X</h2>
<h3>Announcement</h3>
<p>On June 8th, 2026, we released an updated version of Apigee (1-17-0-apigee-9).</p>
<aside class="note"><strong>Note:</strong><span> Rollouts of this release began today and may take four or more business days to be completed across all Google Cloud zones. Your instances may not have the features and fixes available until the rollout is complete.</span></aside>
<h3>Security</h3>
<table>
<thead>
<tr>
<th>Bug ID</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>514384893</strong></td>
<td><strong>Security fix for Apigee.</strong> Hardened the Script policy to block server-side request forgery (SSRF) to link-local addresses.</td>
</tr>
<tr>
<td><strong>N/A</strong></td>
<td><strong>Security fix for Apigee infrastructure.</strong></td>
</tr>
</tbody>
</table>
<h3>Fixed</h3>
<table>
<thead>
<tr>
<th>Bug ID</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>512850756</strong></td>
<td>Added observability metrics for the OpenTelemetry trace export pipeline, reporting spans exported, export latency, batch size, and dropped spans.</td>
</tr>
<tr>
<td><strong>515039499</strong></td>
<td>Fixed an issue where OpenTelemetry trace export over HTTP could fail to authenticate when sent through a forward proxy that requires basic authentication.</td>
</tr>
</tbody>
</table>
<h2 class="release-note-product-title">Apigee hybrid</h2>
<strong class="release-note-product-version-title">v1.16.5</strong>
<h3>Announcement</h3>
<h3 id="v1165">v1.16.5</h3>
<p>On June 8, 2026 we released an updated version of the Apigee hybrid software, v1.16.5.</p>
<ul>
<li>For information on upgrading, see <a href="https://docs.cloud.google.com/apigee/docs/hybrid/v1.16/upgrade">Upgrading Apigee hybrid to version v1.16.5</a>.</li>
<li>For information on new installations, see <a href="https://docs.cloud.google.com/apigee/docs/hybrid/v1.16/big-picture">The big picture</a>.</li>
</ul>
<aside class="note"><strong>Note:</strong><span> This is a patch release: The container images used in patch releases are integrated with the Apigee hybrid Helm charts. Upgrading to a patch via the Helm chart automatically updates the images. No manual image changes are typically needed. For information on container image support in Apigee hybrid releases, see <a href="https://docs.cloud.google.com/apigee/docs/release/apigee-release-process#apigee-hybrid-container-images">Apigee release process</a>.</span></aside>
<h3>Security</h3>
<p>Various security and CVE fixes are included in this release.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>June 02, 2026</title>
    <id>tag:google.com,2016:apigee-release-notes#June_02_2026</id>
    <updated>2026-06-02T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/apigee/docs/release-notes#June_02_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Apigee X</h2>
<h3>Announcement</h3>
<p>On June 2nd, 2026, we released an updated version of Apigee Cassandra.</p>
<aside class="note"><strong>Note:</strong><span> Rollouts of this release began today and may take four or more business days to be completed across all Google Cloud zones. Your instances may not have the features and fixes available until the rollout is complete.</span></aside>
<h3>Security</h3>
<table>
<thead>
<tr>
<th>Bug ID</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>Apigee Cassandra security update</strong></td>
<td><strong>Security fix for Apigee Cassandra infrastructure.</strong> <p>This addresses the following vulnerabilities:<ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-39820">CVE-2026-39820</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-42499">CVE-2026-42499</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-39836">CVE-2026-39836</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33814">CVE-2026-33814</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-42501">CVE-2026-42501</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33811">CVE-2026-33811</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-39825">CVE-2026-39825</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-39817">CVE-2026-39817</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-39823">CVE-2026-39823</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-39819">CVE-2026-39819</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-39826">CVE-2026-39826</a></li></ul></p></td>
</tr>
</tbody>
</table>
]]>
    </content>
  </entry>

  <entry>
    <title>May 30, 2026</title>
    <id>tag:google.com,2016:apigee-release-notes#May_30_2026</id>
    <updated>2026-05-30T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/apigee/docs/release-notes#May_30_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Apigee hybrid</h2>
<strong class="release-note-product-version-title">v1.15.4</strong>
<h3>Announcement</h3>
<h3 id="v1154">v1.15.4</h3>
<p>On May 30, 2026 we released an updated version of the Apigee hybrid software, v1.15.4.</p>
<ul>
<li>For information on upgrading, see <a href="https://docs.cloud.google.com/apigee/docs/hybrid/v1.15/upgrade">Upgrading Apigee hybrid to version v1.15.4</a>.</li>
<li>For information on new installations, see <a href="https://docs.cloud.google.com/apigee/docs/hybrid/v1.15/big-picture">The big picture</a>.</li>
</ul>
<aside class="note"><strong>Note:</strong><span> This is a patch release: The container images used in patch releases are integrated with the Apigee hybrid Helm charts. Upgrading to a patch via the Helm chart automatically updates the images. No manual image changes are typically needed. For information on container image support in Apigee hybrid releases, see <a href="https://docs.cloud.google.com/apigee/docs/release/apigee-release-process#apigee-hybrid-container-images">Apigee release process</a>.</span></aside>
<h3>Security</h3>
<p>Various security and CVE fixes are included in this release.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>May 29, 2026</title>
    <id>tag:google.com,2016:apigee-release-notes#May_29_2026</id>
    <updated>2026-05-29T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/apigee/docs/release-notes#May_29_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Apigee X</h2>
<h3>Announcement</h3>
<p>On May 29, 2026, we released an updated version of the Apigee UI.</p>
<h3>Feature</h3>
<p><b>Apigee EventFlow now supports the DataCapture policy</b></p>
<p>You can now use the DataCapture policy within an EventFlow to extract and
persist data from server-sent events (SSE) streams, such as token counts and
other fields from streaming LLM responses.
For more information, see
<a href="https://docs.cloud.google.com/apigee/docs/api-platform/develop/server-sent-events#datacapture-token-counts">Use the DataCapture policy to capture token counts</a>.</p>
<h3>Feature</h3>
<p><b>Manage Spaces in the Apigee UI</b></p>
<p>You can now create, view, update, and delete spaces, and manage their Identity and Access Management (IAM) policies directly in the Apigee UI.
Previously, these actions could only be performed using the Apigee API.
For more information, see
<a href="https://docs.cloud.google.com/apigee/docs/api-platform/system-administration/spaces/apigee-spaces-overview">Apigee Spaces overview</a>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>May 22, 2026</title>
    <id>tag:google.com,2016:apigee-release-notes#May_22_2026</id>
    <updated>2026-05-22T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/apigee/docs/release-notes#May_22_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Apigee X</h2>
<h3>Announcement</h3>
<p><strong>Apigee Emulator</strong></p>
<h3 id="apigee_emulator_v200">Apigee Emulator v2.0.0</h3>
<p>On May 22, 2026, we released Apigee Emulator version 2.0.0.</p>
<p>Starting with this release, the Apigee Emulator is versioned and released
independently from Apigee hybrid. This enables faster delivery of security
patches and updates without waiting for hybrid release cycles. The emulator
image continues to be available at
<a href="https://console.cloud.google.com/artifacts/docker/apigee-release/us/gcr.io/hybrid%2Fapigee-emulator">Google Artifact Registry</a>.</p>
<p>To use the new version, update the emulator version in your VS Code Cloud Code
settings to <code>2.0.0</code>. See
<a href="https://docs.cloud.google.com/apigee/docs/api-platform/local-development/vscode/manage-apigee-emulator#choose_the_emulator_version">Manage the Apigee Emulator</a>
for details.</p>
<h3>Feature</h3>
<p><strong>Apigee Emulator</strong></p>
<h4 id="changed_in_this_release_2">Changed in this release</h4>
<ul>
<li>The Apigee Emulator now follows independent semantic versioning
(MAJOR.MINOR.PATCH), decoupled from Apigee hybrid versioning.</li>
<li>Updated base Cassandra image to version 4.0.19.</li>
<li>Updated Java runtime to Eclipse Temurin JRE 11.0.31.</li>
</ul>
<h3>Security</h3>
<p><strong>Apigee Emulator</strong></p>
<h4 id="security_2">Security</h4>
<p>This release addresses 78 security vulnerabilities across Cassandra base image,
Go standard library, Java dependencies, and Python packages. Key fixes include:</p>
<table>
<thead>
<tr>
<th>CVE</th>
<th>Component</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-42003">CVE-2022-42003</a></td>
<td>Jackson Databind</td>
</tr>
<tr>
<td><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-42004">CVE-2022-42004</a></td>
<td>Jackson Databind</td>
</tr>
<tr>
<td><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-38749">CVE-2022-38749</a></td>
<td>SnakeYAML</td>
</tr>
<tr>
<td><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-38750">CVE-2022-38750</a></td>
<td>SnakeYAML</td>
</tr>
<tr>
<td><a href="https://nvd.nist.gov/vuln/detail/CVE-2023-2976">CVE-2023-2976</a></td>
<td>Google Guava</td>
</tr>
<tr>
<td><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-8908">CVE-2020-8908</a></td>
<td>Google Guava</td>
</tr>
<tr>
<td><a href="https://nvd.nist.gov/vuln/detail/CVE-2024-12798">CVE-2024-12798</a></td>
<td>Logback</td>
</tr>
<tr>
<td><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-22866">CVE-2025-22866</a></td>
<td>Go stdlib</td>
</tr>
<tr>
<td><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-22870">CVE-2025-22870</a></td>
<td>Go stdlib</td>
</tr>
<tr>
<td><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-40897">CVE-2022-40897</a></td>
<td>Python setuptools</td>
</tr>
</tbody>
</table>
<p>And 68 additional CVEs fixed through updated upstream dependencies.</p>
<h2 class="release-note-product-title">Apigee hybrid</h2>
<strong class="release-note-product-version-title">v1.14.5</strong>
<h3>Announcement</h3>
<h3 id="v1145">v1.14.5</h3>
<p>On May 22, 2026 we released an updated version of the Apigee hybrid software, v1.14.5.</p>
<ul>
<li>For information on upgrading, see <a href="https://docs.cloud.google.com/apigee/docs/hybrid/v1.14/upgrade">Upgrading Apigee hybrid to version v1.14.5</a>.</li>
<li>For information on new installations, see <a href="https://docs.cloud.google.com/apigee/docs/hybrid/v1.14/big-picture">The big picture</a>.</li>
</ul>
<aside class="note"><strong>Note:</strong><span> This is a patch release: The container images used in patch releases are integrated with the Apigee hybrid Helm charts. Upgrading to a patch via the Helm chart automatically updates the images. No manual image changes are typically needed. For information on container image support in Apigee hybrid releases, see <a href="https://docs.cloud.google.com/apigee/docs/release/apigee-release-process#apigee-hybrid-container-images">Apigee release process</a>.</span></aside>
<h3>Security</h3>
<p>Various security and CVE fixes are included in this release.</p>
<strong class="release-note-product-version-title">v1.16.0</strong>
<h3>Announcement</h3>
<p>On May 22, 2026 we released an updated version of the Apigee UI.</p>
<p>The <b>Management <span aria-label="and then">&gt;</span> Instances</b> page now displays Apigee hybrid instances. The display includes the instance name, location, and runtime version.</p>
<p>See <a href="https://docs.cloud.google.com/apigee/docs/api-platform/system-administration/instances">Managing instances</a>.</p>
<h3>Announcement</h3>
<h3 id="apigee_emulator_is_now_released_independently">Apigee Emulator is now released independently</h3>
<p>Starting May 22, 2026, the Apigee Emulator is versioned and released
independently from Apigee hybrid. Emulator updates, including security patches,
are no longer tied to hybrid release cycles.</p>
<p>The emulator image continues to be available at
<code>gcr.io/apigee-release/hybrid/apigee-emulator</code>. The first independent release
is <strong>v2.0.0</strong>.</p>
<p>For emulator release notes going forward, see
<a href="https://docs.cloud.google.com/apigee/docs/release/release-notes">Apigee release notes</a>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>May 21, 2026</title>
    <id>tag:google.com,2016:apigee-release-notes#May_21_2026</id>
    <updated>2026-05-21T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/apigee/docs/release-notes#May_21_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Apigee X</h2>
<h3>Announcement</h3>
<p>On May 21st, 2026, we released an updated version of Apigee (1-17-0-apigee-8).</p>
<aside class="note"><strong>Note:</strong><span> Rollouts of this release began today and may take four or more business days to be completed across all Google Cloud zones. Your instances may not have the features and fixes available until the rollout is complete.</span></aside>
<h3>Fixed</h3>
<table>
<thead>
<tr>
<th>Bug ID</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>514973778</strong></td>
<td>Fixed Model Armor response parsing to gracefully handle unknown fields, so future Model Armor field additions no longer cause policy failures.</td>
</tr>
</tbody>
</table>
<h2 class="release-note-product-title">Apigee hybrid</h2>
<strong class="release-note-product-version-title">v1.16.4</strong>
<h3>Announcement</h3>
<h3 id="v1164">v1.16.4</h3>
<p>On May 21, 2026 we released an updated version of the Apigee hybrid software, v1.16.4.</p>
<ul>
<li>For information on upgrading, see <a href="https://docs.cloud.google.com/apigee/docs/hybrid/v1.16/upgrade">Upgrading Apigee hybrid to version v1.16.4</a>.</li>
<li>For information on new installations, see <a href="https://docs.cloud.google.com/apigee/docs/hybrid/v1.16/big-picture">The big picture</a>.</li>
</ul>
<aside class="note"><strong>Note:</strong><span> This is a patch release: The container images used in patch releases are integrated with the Apigee hybrid Helm charts. Upgrading to a patch via the Helm chart automatically updates the images. No manual image changes are typically needed. For information on container image support in Apigee hybrid releases, see <a href="https://docs.cloud.google.com/apigee/docs/release/apigee-release-process#apigee-hybrid-container-images">Apigee release process</a>.</span></aside>
<h3>Fixed</h3>
<h4 id="fixed_in_this_release">Fixed in this release</h4>
<table>
<thead>
<tr>
<th>Bug ID</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>515424331</strong></td>
<td><strong>Fixed an issue with missing container images in the <code>gcr.io/apigee-release/hybrid/</code> repository.</strong></td>
</tr>
</tbody>
</table>
]]>
    </content>
  </entry>

  <entry>
    <title>May 20, 2026</title>
    <id>tag:google.com,2016:apigee-release-notes#May_20_2026</id>
    <updated>2026-05-20T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/apigee/docs/release-notes#May_20_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Apigee X</h2>
<h3>Security</h3>
<p><strong>On May 20, 2026, we published a security bulletin for Apigee.</strong></p>
<p>A vulnerability was found in Apigee
(<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2264">CVE-2026-2264</a>)
where the <code>IntegrationRegion</code>
parameter in the <code>SetIntegrationRequest</code> policy lacks validation,
allowing for Server-Side Request Forgery (SSRF) and service account token
exfiltration. The issue arises when an attacker can control a flow variable used
for <code>IntegrationRegion</code>, leading to requests being sent to an
attacker-controlled host with the service account token.</p>
<p><strong>Security bulletin published: <a href="https://docs.cloud.google.com/apigee/docs/security-bulletins/security-bulletins#gcp-2026-034">GCP-2026-034</a></strong></p>
]]>
    </content>
  </entry>

  <entry>
    <title>May 19, 2026</title>
    <id>tag:google.com,2016:apigee-release-notes#May_19_2026</id>
    <updated>2026-05-19T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/apigee/docs/release-notes#May_19_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Apigee hybrid</h2>
<strong class="release-note-product-version-title">v1.16.3</strong>
<h3>Announcement</h3>
<h3 id="v1163">v1.16.3</h3>
<p>On May 19, 2026 we released an updated version of the Apigee hybrid software, v1.16.3.</p>
<ul>
<li>For information on upgrading, see <a href="https://docs.cloud.google.com/apigee/docs/hybrid/v1.16/upgrade">Upgrading Apigee hybrid to version v1.16.3</a>.</li>
<li>For information on new installations, see <a href="https://docs.cloud.google.com/apigee/docs/hybrid/v1.16/big-picture">The big picture</a>.</li>
</ul>
<aside class="note"><strong>Note:</strong><span> This is a patch release: The container images used in patch releases are integrated with the Apigee hybrid Helm charts. Upgrading to a patch via the Helm chart automatically updates the images. No manual image changes are typically needed. For information on container image support in Apigee hybrid releases, see <a href="https://docs.cloud.google.com/apigee/docs/release/apigee-release-process#apigee-hybrid-container-images">Apigee release process</a>.</span></aside>
<h3>Fixed</h3>
<h4 id="fixed_in_this_release_2">Fixed in this release</h4>
<table>
<thead>
<tr>
<th>Bug ID</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>512866352</strong></td>
<td><strong>Fixed an issue where the <code>apigee-redis</code> pod entered a <code>CrashLoopBackOff</code> state when deployed with Vault-based secret injection due to a GLIBC version mismatch in the bundled <code>/bin/sh</code> and <code>/bin/cat</code> binaries.</strong></td>
</tr>
</tbody>
</table>
<h3>Feature</h3>
<p><strong>Custom environment variables for Guardrail pods (<code>guardrails.envVars</code>)</strong></p>
<p>Starting in version v1.16.3, you can inject custom environment variables into Apigee hybrid Guardrail pods using the new <code>guardrails.envVars</code> property in <code>overrides.yaml</code>. This is most commonly used to set <code>NO_PROXY</code> (or <code>no_proxy</code>) so that Guardrail pods bypass a configured forward HTTP proxy when calling internal in-cluster endpoints such as the Kubernetes API server, which previously failed in restricted-network environments with a global <code>httpProxy</code> configured. The property is supported on Guardrail pods for the following components: <code>apigee-datastore</code>, <code>apigee-env</code>, <code>apigee-ingress-manager</code>, <code>apigee-operator</code>, <code>apigee-org</code>, <code>apigee-redis</code>, <code>apigee-telemetry</code>, and <code>apigee-virtualhost</code>.</p>
<p>Example:</p>
<pre class="prettyprint lang-yaml"><code>guardrails:
  envVars:
    NO_PROXY: 'kubernetes.default.svc,172.20.0.1'
</code></pre>
]]>
    </content>
  </entry>

  <entry>
    <title>May 13, 2026</title>
    <id>tag:google.com,2016:apigee-release-notes#May_13_2026</id>
    <updated>2026-05-13T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/apigee/docs/release-notes#May_13_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Apigee hybrid</h2>
<strong class="release-note-product-version-title">v1.16.2</strong>
<h3>Announcement</h3>
<h3 id="v1162">v1.16.2</h3>
<p>On May 13, 2026 we released an updated version of the Apigee hybrid software, v1.16.2.</p>
<ul>
<li>For information on upgrading, see <a href="https://docs.cloud.google.com/apigee/docs/hybrid/v1.16/upgrade">Upgrading Apigee hybrid to version v1.16.2</a>.</li>
<li>For information on new installations, see <a href="https://docs.cloud.google.com/apigee/docs/hybrid/v1.16/big-picture">The big picture</a>.</li>
</ul>
<aside class="note"><strong>Note:</strong><span> This is a patch release: The container images used in patch releases are integrated with the Apigee hybrid Helm charts. Upgrading to a patch via the Helm chart automatically updates the images. No manual image changes are typically needed. For information on container image support in Apigee hybrid releases, see <a href="https://docs.cloud.google.com/apigee/docs/release/apigee-release-process#apigee-hybrid-container-images">Apigee release process</a>.</span></aside>
<h3>Feature</h3>
<p><strong>Basic Auth credential support for forward proxies</strong></p>
<p>Starting in version v1.16.2, Apigee hybrid runtime components can accept credentials for an upstream forward proxy that enforces HTTP Basic Auth. You can now configure a Basic Auth username and password for the forward proxy in your overrides.yaml. This resolves known issue tracked in b/499322601. See <a href="https://docs.cloud.google.com/apigee/docs/hybrid/v1.16/forward-proxy">Configure Apigee hybrid to use a forward proxy</a>.</p>
<h3>Feature</h3>
<p><strong>Sidecar authentication for Workload Identity Federation on AKS and EKS</strong></p>
<p>Starting in version v1.16.2, you can now use a sidecar along with Workload Identity Federation on AKS and EKS to mount security tokens from your preferred identity provider (IDP) for service account authentication. This method is an alternative to using Kubernetes Projected Service Account Tokens, and is useful when you need to integrate with a custom Identity Provider. See <a href="https://docs.cloud.google.com/apigee/docs/hybrid/v1.16/use-sidecar-for-wif">Use sidecar authentication for Workload Identity Federation on AKS and EKS</a>.</p>
<h3>Fixed</h3>
<h4 id="fixed_in_this_release_3">Fixed in this release</h4>
<table>
<thead>
<tr>
<th>Bug ID</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>485738013</strong></td>
<td><strong>Fixed an issue where API products with <code>LLMTokenQuota</code> operations were not enforcing model-based access restrictions, allowing requests to models not listed in the product to bypass the operations check.</strong></td>
</tr>
<tr>
<td><strong>479288727</strong></td>
<td><strong>Fixed an issue where the Apigee UI and API reported a 10+ minute delay in deployment status after performing a proxy deployment.</strong></td>
</tr>
<tr>
<td><strong>499223890</strong></td>
<td><strong>Fixed an issue where the runtime could not handle HTTP proxy passwords containing special characters in Apigee hybrid 1.16.0-hotfix-1 configurations.</strong></td>
</tr>
<tr>
<td><strong>500861814</strong></td>
<td><strong>Fixed an issue that caused excessive Message Processor (MP) upscaling and failure to downscale.</strong></td>
</tr>
<tr>
<td><strong>510438578</strong></td>
<td><strong>Fixed an ingestion-blocking issue with <code>apigee-stackdriver-prometheus-sidecar</code> in Apigee hybrid 1.16.1.</strong></td>
</tr>
</tbody>
</table>
<h3>Security</h3>
<p>Various security and CVE fixes are included in this release.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>May 12, 2026</title>
    <id>tag:google.com,2016:apigee-release-notes#May_12_2026</id>
    <updated>2026-05-12T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/apigee/docs/release-notes#May_12_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Apigee API hub</h2>
<strong class="release-note-product-version-title">VERSION_UNSPECIFIED</strong>
<h3>Feature</h3>
<p><strong>MCP tools support for Agentic AI workflows (Preview)</strong></p>
<p>API hub now exposes read-only APIs as Model Context Protocol (MCP) tools. Agentic AI applications can now use the standard MCP <code>tools/list</code> and <code>tools/call</code> methods to list and inspect API hub resources, including APIs, specs, versions, and deployments.</p>
<p>This feature is in <a href="https://cloud.google.com/products#product-launch-stages">Public Preview</a>. For more information, see <a href="https://docs.cloud.google.com/apigee/docs/reference/apis/apihub/mcp">API hub MCP reference</a>.</p>
<h2 class="release-note-product-title">Apigee X</h2>
<h3>Announcement</h3>
<p>On May 12th, 2026, we released an updated version of Apigee (1-17-0-apigee-7).</p>
<aside class="note"><strong>Note:</strong><span> Rollouts of this release began today and may take four or more business days to be completed across all Google Cloud zones. Your instances may not have the features and fixes available until the rollout is complete.</span></aside>
<h3>Security</h3>
<table>
<thead>
<tr>
<th>Bug ID</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>511325186, 505460952, 502250074, 491231600, 497357701, 509560467, 496969438, 495897297, 495033618, 511332617, 505183435, 500735547, 500890221</strong></td>
<td><strong>Security fix for Apigee infrastructure.</strong> <p>This addresses the following vulnerabilities: <ul> <li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-42587">CVE-2026-42587</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-5588">CVE-2026-5588</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-34480">CVE-2026-34480</a></li><li><a href="https://github.com/advisories/GHSA-72hv-8253-57qq">GHSA-72hv-8253-57qq</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33870">CVE-2026-33870</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33871">CVE-2026-33871</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-35611">CVE-2026-35611</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33170">CVE-2026-33170</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33169">CVE-2026-33169</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33176">CVE-2026-33176</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33210">CVE-2026-33210</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33186">CVE-2026-33186</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-42499">CVE-2026-42499</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-35469">CVE-2026-35469</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-32281">CVE-2026-32281</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27144">CVE-2026-27144</a></li></ul></p></td>
</tr>
</tbody>
</table>
<h3>Fixed</h3>
<table>
<thead>
<tr>
<th>Bug ID</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>480260846</strong></td>
<td>Improved XML processing security to prevent external entity injection.</td>
</tr>
<tr>
<td><strong>510061670, 505723451, 503723862, 503817773</strong></td>
<td>Improved security in OAuthV2 policy.</td>
</tr>
<tr>
<td><strong>505645076</strong></td>
<td>Fixed a security issue in OAuthV2 policy to prevent unauthorized token injection.</td>
</tr>
<tr>
<td><strong>503047744, 410026138, 496021751</strong></td>
<td>Improved security isolation for PythonScript policy execution.</td>
</tr>
<tr>
<td><strong>469694040</strong></td>
<td>Fixed an issue where custom security policies could intermittently fail to apply, and improved security policy resolution to ensure correct policy selection.</td>
</tr>
<tr>
<td><strong>502971220</strong></td>
<td>Fixed a concurrency issue to improve stability under high load.</td>
</tr>
<tr>
<td><strong>509692565</strong></td>
<td>Fixed content-length header handling in external processing to prevent incorrect values.</td>
</tr>
<tr>
<td><strong>282207038</strong></td>
<td>Improved performance while listing apps on scale.</td>
</tr>
<tr>
<td><strong>501102321</strong></td>
<td>Fixed recurring fee calculation in monetization to correctly apply rate plan overrides.</td>
</tr>
<tr>
<td><strong>449729840, 502604752</strong></td>
<td>Fixed streaming response handling to prevent race conditions in bidirectional flows.</td>
</tr>
<tr>
<td><strong>507167063</strong></td>
<td>Fixed preservation of client request IDs during proxy chaining.</td>
</tr>
<tr>
<td><strong>507580304</strong></td>
<td>Improved IPv4 address normalization for consistent access control evaluation.</td>
</tr>
<tr>
<td><strong>502692267</strong></td>
<td>MCP to handle /.well-known/oauth-protected-resource/mcp resource paths.</td>
</tr>
<tr>
<td><strong>430170696</strong></td>
<td>Changed the error response from 500 to 401 for expired consumer keys.</td>
</tr>
<tr>
<td><strong>480770263</strong></td>
<td>Fixed SpikeArrest policy to handle edge cases that previously caused 500 errors.</td>
</tr>
<tr>
<td><strong>500861814</strong></td>
<td>Gracefully handle connection failures involving the forward proxy, resolving an issue where port exhaustion could trigger aggressive retry storms, excessive CPU usage, and unnecessary scaling.</td>
</tr>
<tr>
<td><strong>500313309</strong></td>
<td>Fixed SSE streaming detection logic.</td>
</tr>
<tr>
<td><strong>494304819</strong></td>
<td>Hardened message processor management ports by blocking external access to internal management endpoints.</td>
</tr>
<tr>
<td><strong>469642464</strong></td>
<td>Improved input validation in AI protection policies to prevent Server-Side Request Forgery.</td>
</tr>
<tr>
<td><strong>472526232</strong></td>
<td>Improved SAML assertion validation.</td>
</tr>
<tr>
<td><strong>494590020</strong></td>
<td>Added enforcement for product association in OAuthV2 flow. Apps without valid products are now denied.</td>
</tr>
<tr>
<td><strong>479288727</strong></td>
<td>Improved performance and reduced redundant work in ingress status watcher.</td>
</tr>
<tr>
<td><strong>N/A</strong></td>
<td>Updates to infrastructure and libraries.</td>
</tr>
</tbody>
</table>
]]>
    </content>
  </entry>

  <entry>
    <title>May 07, 2026</title>
    <id>tag:google.com,2016:apigee-release-notes#May_07_2026</id>
    <updated>2026-05-07T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/apigee/docs/release-notes#May_07_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Apigee API hub</h2>
<strong class="release-note-product-version-title">VERSION_UNSPECIFIED</strong>
<h3>Feature</h3>
<p><strong>Unified MCP Proxy Configuration in API hub (Preview)</strong></p>
<p>API hub allows you to create and deploy Model Context Protocol (MCP) discovery proxies. Select specific API operations from your registered catalog, bundle them into an MCP server, and automatically deploy them as discovery proxies in your Apigee project. This feature eliminates the need to manually author MCP specifications in Apigee.</p>
<p>This feature is in <a href="https://cloud.google.com/products#product-launch-stages">Public Preview</a>. For more information, see <a href="https://docs.cloud.google.com/apigee/docs/apihub/manage-mcp-proxies">Manage MCP proxies</a>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>May 04, 2026</title>
    <id>tag:google.com,2016:apigee-release-notes#May_04_2026</id>
    <updated>2026-05-04T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/apigee/docs/release-notes#May_04_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Apigee hybrid</h2>
<strong class="release-note-product-version-title">v1.15.3</strong>
<h3>Announcement</h3>
<h3 id="v1153">v1.15.3</h3>
<p>On May 4, 2026 we released an updated version of the Apigee hybrid software, v1.15.3.</p>
<ul>
<li>For information on upgrading, see <a href="https://docs.cloud.google.com/apigee/docs/hybrid/v1.15/upgrade">Upgrading Apigee hybrid to version v1.15.3</a>.</li>
<li>For information on new installations, see <a href="https://docs.cloud.google.com/apigee/docs/hybrid/v1.15/big-picture">The big picture</a>.</li>
</ul>
<aside class="note"><strong>Note:</strong><span> This is a patch release: The container images used in patch releases are integrated with the Apigee hybrid Helm charts. Upgrading to a patch via the Helm chart automatically updates the images. No manual image changes are typically needed. For information on container image support in Apigee hybrid releases, see <a href="https://docs.cloud.google.com/apigee/docs/release/apigee-release-process#apigee-hybrid-container-images">Apigee release process</a>.</span></aside>
<h3>Security</h3>
<table>
<thead>
<tr>
<th>Bug ID</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>N/A</strong></td>
<td><strong>Security fixes for <code>apigee-asm-ingress</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-58188">CVE-2025-58188</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-58187">CVE-2025-58187</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-34040">CVE-2026-34040</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33997">CVE-2026-33997</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33186">CVE-2026-33186</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-25679">CVE-2026-25679</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-24051">CVE-2026-24051</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-0915">CVE-2026-0915</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-0861">CVE-2026-0861</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-68119">CVE-2025-68119</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61732">CVE-2025-61732</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61731">CVE-2025-61731</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61729">CVE-2025-61729</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61726">CVE-2025-61726</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-4674">CVE-2025-4674</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-15558">CVE-2025-15558</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-15281">CVE-2025-15281</a> </li></ul></td>
</tr>
<tr>
<td><strong>N/A</strong></td>
<td><strong>Security fixes for <code>apigee-asm-istiod</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-58188">CVE-2025-58188</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-58187">CVE-2025-58187</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-35469">CVE-2026-35469</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-34040">CVE-2026-34040</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33997">CVE-2026-33997</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33186">CVE-2026-33186</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-25679">CVE-2026-25679</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-24051">CVE-2026-24051</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-68119">CVE-2025-68119</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61732">CVE-2025-61732</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61731">CVE-2025-61731</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61729">CVE-2025-61729</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61726">CVE-2025-61726</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-4674">CVE-2025-4674</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-15558">CVE-2025-15558</a> </li></ul></td>
</tr>
<tr>
<td><strong>N/A</strong></td>
<td><strong>Security fixes for <code>apigee-connect-agent</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33186">CVE-2026-33186</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-32283">CVE-2026-32283</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-32281">CVE-2026-32281</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-32280">CVE-2026-32280</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27144">CVE-2026-27144</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27143">CVE-2026-27143</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27140">CVE-2026-27140</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-25679">CVE-2026-25679</a> </li></ul></td>
</tr>
<tr>
<td><strong>N/A</strong></td>
<td><strong>Security fixes for <code>apigee-fluent-bit</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-31789">CVE-2026-31789</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-28387">CVE-2026-28387</a> </li></ul></td>
</tr>
<tr>
<td><strong>N/A</strong></td>
<td><strong>Security fixes for <code>apigee-hybrid-cassandra</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-34481">CVE-2026-34481</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-32283">CVE-2026-32283</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-32281">CVE-2026-32281</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-32280">CVE-2026-32280</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27144">CVE-2026-27144</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27143">CVE-2026-27143</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27140">CVE-2026-27140</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-25679">CVE-2026-25679</a> </li></ul></td>
</tr>
<tr>
<td><strong>N/A</strong></td>
<td><strong>Security fixes for <code>apigee-hybrid-cassandra-client</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-39883">CVE-2026-39883</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33186">CVE-2026-33186</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-32283">CVE-2026-32283</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-32281">CVE-2026-32281</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-32280">CVE-2026-32280</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27144">CVE-2026-27144</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27143">CVE-2026-27143</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27140">CVE-2026-27140</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-25679">CVE-2026-25679</a> </li></ul></td>
</tr>
<tr>
<td><strong>N/A</strong></td>
<td><strong>Security fixes for <code>apigee-kube-rbac-proxy</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-24051">CVE-2026-24051</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-25679">CVE-2026-25679</a> </li></ul></td>
</tr>
<tr>
<td><strong>N/A</strong></td>
<td><strong>Security fixes for <code>apigee-mart-server</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-34481">CVE-2026-34481</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-34480">CVE-2026-34480</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-34478">CVE-2026-34478</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-21932">CVE-2026-21932</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-48913">CVE-2025-48913</a> </li></ul></td>
</tr>
<tr>
<td><strong>N/A</strong></td>
<td><strong>Security fixes for <code>apigee-mint-task-scheduler</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-34481">CVE-2026-34481</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-34480">CVE-2026-34480</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-34478">CVE-2026-34478</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-21932">CVE-2026-21932</a> </li></ul></td>
</tr>
<tr>
<td><strong>N/A</strong></td>
<td><strong>Security fixes for <code>apigee-open-telemetry-collector</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-68119">CVE-2025-68119</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61731">CVE-2025-61731</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61726">CVE-2025-61726</a> </li></ul></td>
</tr>
<tr>
<td><strong>N/A</strong></td>
<td><strong>Security fixes for <code>apigee-operators</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61729">CVE-2025-61729</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61726">CVE-2025-61726</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61723">CVE-2025-61723</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-58188">CVE-2025-58188</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-58187">CVE-2025-58187</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-32283">CVE-2026-32283</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-32281">CVE-2026-32281</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-32280">CVE-2026-32280</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27144">CVE-2026-27144</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27143">CVE-2026-27143</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27140">CVE-2026-27140</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-25679">CVE-2026-25679</a> </li></ul></td>
</tr>
<tr>
<td><strong>N/A</strong></td>
<td><strong>Security fixes for <code>apigee-prom-prometheus</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33186">CVE-2026-33186</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-32283">CVE-2026-32283</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-32281">CVE-2026-32281</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-32280">CVE-2026-32280</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27144">CVE-2026-27144</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27143">CVE-2026-27143</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27140">CVE-2026-27140</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-25679">CVE-2026-25679</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61732">CVE-2025-61732</a> </li></ul></td>
</tr>
<tr>
<td><strong>N/A</strong></td>
<td><strong>Security fixes for <code>apigee-prometheus-adapter</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-39883">CVE-2026-39883</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33186">CVE-2026-33186</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-32283">CVE-2026-32283</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-32281">CVE-2026-32281</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-32280">CVE-2026-32280</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27144">CVE-2026-27144</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27143">CVE-2026-27143</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27140">CVE-2026-27140</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-25679">CVE-2026-25679</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61732">CVE-2025-61732</a> </li></ul></td>
</tr>
<tr>
<td><strong>N/A</strong></td>
<td><strong>Security fixes for <code>apigee-redis</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-32283">CVE-2026-32283</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-32281">CVE-2026-32281</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-32280">CVE-2026-32280</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27144">CVE-2026-27144</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27143">CVE-2026-27143</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27140">CVE-2026-27140</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-25679">CVE-2026-25679</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-68119">CVE-2025-68119</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61732">CVE-2025-61732</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61731">CVE-2025-61731</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61726">CVE-2025-61726</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-47907">CVE-2025-47907</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-4674">CVE-2025-4674</a> </li></ul></td>
</tr>
<tr>
<td><strong>N/A</strong></td>
<td><strong>Security fixes for <code>apigee-runtime</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-34481">CVE-2026-34481</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-34480">CVE-2026-34480</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-34478">CVE-2026-34478</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-21932">CVE-2026-21932</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-48913">CVE-2025-48913</a> </li></ul></td>
</tr>
<tr>
<td><strong>N/A</strong></td>
<td><strong>Security fixes for <code>apigee-stackdriver-logging-agent</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-41316">CVE-2026-41316</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-35611">CVE-2026-35611</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33210">CVE-2026-33210</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33176">CVE-2026-33176</a> </li></ul></td>
</tr>
<tr>
<td><strong>N/A</strong></td>
<td><strong>Security fixes for <code>apigee-synchronizer</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-34481">CVE-2026-34481</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-34480">CVE-2026-34480</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-34478">CVE-2026-34478</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-21932">CVE-2026-21932</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-48913">CVE-2025-48913</a> </li></ul></td>
</tr>
<tr>
<td><strong>N/A</strong></td>
<td><strong>Security fixes for <code>apigee-udca</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-39883">CVE-2026-39883</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-34986">CVE-2026-34986</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33186">CVE-2026-33186</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-32283">CVE-2026-32283</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-32281">CVE-2026-32281</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-32280">CVE-2026-32280</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-29181">CVE-2026-29181</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27144">CVE-2026-27144</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27143">CVE-2026-27143</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27140">CVE-2026-27140</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-25679">CVE-2026-25679</a> </li></ul></td>
</tr>
<tr>
<td><strong>N/A</strong></td>
<td><strong>Security fixes for <code>apigee-watcher</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61729">CVE-2025-61729</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61723">CVE-2025-61723</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-58188">CVE-2025-58188</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-58187">CVE-2025-58187</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-35469">CVE-2026-35469</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-25679">CVE-2026-25679</a> </li></ul></td>
</tr>
</tbody>
</table>
]]>
    </content>
  </entry>

  <entry>
    <title>April 29, 2026</title>
    <id>tag:google.com,2016:apigee-release-notes#April_29_2026</id>
    <updated>2026-04-29T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/apigee/docs/release-notes#April_29_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Apigee X</h2>
<h3>Announcement</h3>
<p>On April 29th, 2026, we began maintenance updates of Apigee instances <a href="https://docs.cloud.google.com/apigee/docs/api-platform/system-administration/maintenance-windows">configured for maintenance windows</a>.</p>
<p>If you set a preferred window for maintenance for your instance, and your instance version is
below <strong>1-17-0-apigee-4</strong>, your instance will be updated to <strong>1-17-0-apigee-4</strong> within the
next seven to 21 days. A notification containing the expected date of upgrade will be sent within the next two business days.</p>
<aside class="note">Note: Instances that meet either of the following two criteria will <b>not</b> be updated:
<ul>
<li>Your instance has a DNS misconfiguration, as described in <a href="https://docs.cloud.google.com/apigee/docs/release/known-issues">Known Issue 445936920</a>.</li>
<li>Your instance uses an Apigee Java Library that has been removed, as described in <a href="https://docs.cloud.google.com/apigee/docs/release/release-notes#October_16_2025">Apigee release notes dated October 16, 2025</a>.</li>
</ul></aside>
<p>For more information on participating in scheduled maintenance windows, see <a href="https://docs.cloud.google.com/apigee/docs/api-platform/system-administration/maintenance">Maintenance overview</a> and <a href="https://docs.cloud.google.com/apigee/docs/api-platform/system-administration/maintenance-windows">Manage Apigee instance maintenance windows</a>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>April 27, 2026</title>
    <id>tag:google.com,2016:apigee-release-notes#April_27_2026</id>
    <updated>2026-04-27T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/apigee/docs/release-notes#April_27_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Apigee hybrid</h2>
<strong class="release-note-product-version-title">v1.14.4</strong>
<h3>Announcement</h3>
<h3 id="v1144">v1.14.4</h3>
<p>On April 27, 2026 we released an updated version of the Apigee hybrid software, v1.14.4.</p>
<ul>
<li>For information on upgrading, see <a href="https://docs.cloud.google.com/apigee/docs/hybrid/v1.14/upgrade">Upgrading Apigee hybrid to version v1.14.4</a>.</li>
<li>For information on new installations, see <a href="https://docs.cloud.google.com/apigee/docs/hybrid/v1.14/big-picture">The big picture</a>.</li>
</ul>
<aside class="note"><strong>Note:</strong><span> This is a patch release: The container images used in patch releases are integrated with the Apigee hybrid Helm charts. Upgrading to a patch via the Helm chart automatically updates the images. No manual image changes are typically needed. For information on container image support in Apigee hybrid releases, see <a href="https://docs.cloud.google.com/apigee/docs/release/apigee-release-process#apigee-hybrid-container-images">Apigee release process</a>.</span></aside>
<h3>Feature</h3>
<p><strong>Sidecar authentication for Workload Identity Federation on non-GKE platforms</strong></p>
<p>Starting in version v1.14.4, you can now use a sidecar along with Workload Identity Federation on non-GKE platforms to mount security tokens from your preferred identity provider (IDP) for service account authentication. See <a href="https://docs.cloud.google.com/apigee/docs/hybrid/v1.14/use-sidecar-for-wif">Use sidecar authentication for Workload Identity Federation on non-GKE platforms</a>.</p>
<h3>Security</h3>
<table>
<thead>
<tr>
<th>Bug ID</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>471527485, 471173296, 471172082, 471171833</strong></td>
<td><strong>Security fixes for <code>apigee-synchronizer</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-55163">CVE-2025-55163</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-58056">CVE-2025-58056</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-58057">CVE-2025-58057</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-67735">CVE-2025-67735</a> </li></ul></td>
</tr>
<tr>
<td><strong>471290390, 471199955, 471197958, 470990914</strong></td>
<td><strong>Security fixes for <code>apigee-runtime</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-55163">CVE-2025-55163</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-58056">CVE-2025-58056</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-58057">CVE-2025-58057</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-67735">CVE-2025-67735</a> </li></ul></td>
</tr>
<tr>
<td><strong>470992132, 470991089, 470989623, 470989232, 470988977</strong></td>
<td><strong>Security fixes for <code>apigee-mart-server</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-48924">CVE-2025-48924</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-55163">CVE-2025-55163</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-58056">CVE-2025-58056</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-58057">CVE-2025-58057</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-67735">CVE-2025-67735</a> </li></ul></td>
</tr>
<tr>
<td><strong>470953507, 470953254, 470952893</strong></td>
<td><strong>Security fixes for <code>apigee-hybrid-cassandra</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-40897">CVE-2022-40897</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2023-2976">CVE-2023-2976</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-47273">CVE-2025-47273</a> </li></ul></td>
</tr>
<tr>
<td><strong>451224723, 451224123</strong></td>
<td><strong>Security fixes for <code>apigee-fluent-bit</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2010-4756">CVE-2010-4756</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2011-3389">CVE-2011-3389</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2013-4392">CVE-2013-4392</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2015-3276">CVE-2015-3276</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2017-14159">CVE-2017-14159</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2017-17740">CVE-2017-17740</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-20796">CVE-2018-20796</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-5709">CVE-2018-5709</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-6829">CVE-2018-6829</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-1010022">CVE-2019-1010022</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-1010023">CVE-2019-1010023</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-1010024">CVE-2019-1010024</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-1010025">CVE-2019-1010025</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-9192">CVE-2019-9192</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-15719">CVE-2020-15719</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-27943">CVE-2022-27943</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2023-2953">CVE-2023-2953</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2023-31437">CVE-2023-31437</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2023-31438">CVE-2023-31438</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2023-31439">CVE-2023-31439</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2023-45853">CVE-2023-45853</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2024-2236">CVE-2024-2236</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2024-2379">CVE-2024-2379</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2024-26458">CVE-2024-26458</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2024-26461">CVE-2024-26461</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-0725">CVE-2025-0725</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-10148">CVE-2025-10148</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-27587">CVE-2025-27587</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-62813">CVE-2025-62813</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-9086">CVE-2025-9086</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-9230">CVE-2025-9230</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-9232">CVE-2025-9232</a> </li></ul></td>
</tr>
<tr>
<td><strong>N/A</strong></td>
<td><strong>Security fixes for <code>apigee-asm-ingress</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-4437">CVE-2026-4437</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-4046">CVE-2026-4046</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-34040">CVE-2026-34040</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33186">CVE-2026-33186</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-24051">CVE-2026-24051</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-15558">CVE-2025-15558</a> </li></ul></td>
</tr>
<tr>
<td><strong>N/A</strong></td>
<td><strong>Security fixes for <code>apigee-asm-istiod</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-34040">CVE-2026-34040</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33186">CVE-2026-33186</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-24051">CVE-2026-24051</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-15558">CVE-2025-15558</a> </li></ul></td>
</tr>
<tr>
<td><strong>N/A</strong></td>
<td><strong>Security fixes for <code>apigee-connect-agent</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33186">CVE-2026-33186</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-68121">CVE-2025-68121</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-68119">CVE-2025-68119</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61732">CVE-2025-61732</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61731">CVE-2025-61731</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61729">CVE-2025-61729</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61726">CVE-2025-61726</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-4674">CVE-2025-4674</a> </li></ul></td>
</tr>
<tr>
<td><strong>N/A</strong></td>
<td><strong>Security fixes for <code>apigee-envoy</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-4437">CVE-2026-4437</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-4046">CVE-2026-4046</a> </li></ul></td>
</tr>
<tr>
<td><strong>N/A</strong></td>
<td><strong>Security fixes for <code>apigee-hybrid-cassandra-client</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33186">CVE-2026-33186</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-24051">CVE-2026-24051</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-47907">CVE-2025-47907</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-4674">CVE-2025-4674</a> </li></ul></td>
</tr>
<tr>
<td><strong>N/A</strong></td>
<td><strong>Security fixes for <code>apigee-kube-rbac-proxy</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-24051">CVE-2026-24051</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61729">CVE-2025-61729</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61723">CVE-2025-61723</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-58188">CVE-2025-58188</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-58187">CVE-2025-58187</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33186">CVE-2026-33186</a> </li></ul></td>
</tr>
<tr>
<td><strong>N/A</strong></td>
<td><strong>Security fixes for <code>apigee-mint-task-scheduler</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33871">CVE-2026-33871</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33870">CVE-2026-33870</a> </li></ul></td>
</tr>
<tr>
<td><strong>N/A</strong></td>
<td><strong>Security fixes for <code>apigee-open-telemetry-collector</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-34040">CVE-2026-34040</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33186">CVE-2026-33186</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-32287">CVE-2026-32287</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-24051">CVE-2026-24051</a> </li></ul></td>
</tr>
<tr>
<td><strong>N/A</strong></td>
<td><strong>Security fixes for <code>apigee-operators</code>.</strong> <br/>This addresses the following vulnerability: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33186">CVE-2026-33186</a> </li></ul></td>
</tr>
<tr>
<td><strong>N/A</strong></td>
<td><strong>Security fixes for <code>apigee-prom-prometheus</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-34040">CVE-2026-34040</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33186">CVE-2026-33186</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-24051">CVE-2026-24051</a> </li></ul></td>
</tr>
<tr>
<td><strong>N/A</strong></td>
<td><strong>Security fixes for <code>apigee-prometheus-adapter</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33186">CVE-2026-33186</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-24051">CVE-2026-24051</a> </li></ul></td>
</tr>
<tr>
<td><strong>N/A</strong></td>
<td><strong>Security fixes for <code>apigee-redis</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-32023">CVE-2025-32023</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-68119">CVE-2025-68119</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61732">CVE-2025-61732</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61731">CVE-2025-61731</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61726">CVE-2025-61726</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-47907">CVE-2025-47907</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-4674">CVE-2025-4674</a> </li></ul></td>
</tr>
<tr>
<td><strong>N/A</strong></td>
<td><strong>Security fixes for <code>apigee-stackdriver-logging-agent</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33176">CVE-2026-33176</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61594">CVE-2025-61594</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-24294">CVE-2025-24294</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2023-33953">CVE-2023-33953</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-32511">CVE-2022-32511</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-29181">CVE-2022-29181</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-24839">CVE-2022-24839</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-24836">CVE-2022-24836</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-0759">CVE-2022-0759</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-41817">CVE-2021-41817</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-31799">CVE-2021-31799</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-30560">CVE-2021-30560</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-28965">CVE-2021-28965</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-23214">CVE-2021-23214</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-25695">CVE-2020-25695</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-25694">CVE-2020-25694</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-25613">CVE-2020-25613</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-3881">CVE-2019-3881</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-25032">CVE-2018-25032</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-1115">CVE-2018-1115</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-10915">CVE-2018-10915</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-1058">CVE-2018-1058</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-1053">CVE-2018-1053</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2017-7546">CVE-2017-7546</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2017-7484">CVE-2017-7484</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2017-15098">CVE-2017-15098</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2017-14798">CVE-2017-14798</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2016-7954">CVE-2016-7954</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2016-7048">CVE-2016-7048</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2016-5424">CVE-2016-5424</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2016-5423">CVE-2016-5423</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2016-0766">CVE-2016-0766</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2015-3167">CVE-2015-3167</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2015-3166">CVE-2015-3166</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2015-0244">CVE-2015-0244</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2015-0243">CVE-2015-0243</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2015-0241">CVE-2015-0241</a> </li></ul></td>
</tr>
<tr>
<td><strong>N/A</strong></td>
<td><strong>Security fixes for <code>apigee-udca</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33186">CVE-2026-33186</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-24051">CVE-2026-24051</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-68119">CVE-2025-68119</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61731">CVE-2025-61731</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61729">CVE-2025-61729</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61726">CVE-2025-61726</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61723">CVE-2025-61723</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-58188">CVE-2025-58188</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-58187">CVE-2025-58187</a> </li></ul></td>
</tr>
<tr>
<td><strong>N/A</strong></td>
<td><strong>Security fixes for <code>apigee-watcher</code>.</strong> <br/>This addresses the following vulnerability: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33186">CVE-2026-33186</a> </li></ul></td>
</tr>
</tbody>
</table>
]]>
    </content>
  </entry>

  <entry>
    <title>April 20, 2026</title>
    <id>tag:google.com,2016:apigee-release-notes#April_20_2026</id>
    <updated>2026-04-20T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/apigee/docs/release-notes#April_20_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Apigee hybrid</h2>
<strong class="release-note-product-version-title">v1.16.1</strong>
<h3>Announcement</h3>
<h3 id="v1161">v1.16.1</h3>
<p>On April 20, 2026 we released an updated version of the Apigee hybrid software, v1.16.1.</p>
<ul>
<li>For information on upgrading, see <a href="https://docs.cloud.google.com/apigee/docs/hybrid/v1.16/upgrade">Upgrading Apigee hybrid to version v1.16.1</a>.</li>
<li>For information on new installations, see <a href="https://docs.cloud.google.com/apigee/docs/hybrid/v1.16/big-picture">The big picture</a>.</li>
</ul>
<aside class="note"><strong>Note:</strong><span> This is a patch release: The container images used in patch releases are integrated with the Apigee hybrid Helm charts. Upgrading to a patch via the Helm chart automatically updates the images. No manual image changes are typically needed. For information on container image support in Apigee hybrid releases, see <a href="https://docs.cloud.google.com/apigee/docs/release/apigee-release-process#apigee-hybrid-container-images">Apigee release process</a>.</span></aside>
<h3>Fixed</h3>
<h4 id="fixed_in_this_release_4">Fixed in this release</h4>
<table>
<thead>
<tr>
<th>Bug ID</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>469900037</strong></td>
<td><strong>Apigee hybrid now supports <code>LLMTokenQuota</code> and <code>PromptTokenLimit</code> policies.</strong></td>
</tr>
<tr>
<td><strong>502577947</strong></td>
<td><strong>Enhanced the <code>ParsePayload</code> policy to support a broader set of Model Context Protocol (MCP) methods and implemented governance bypass for essential system-level methods.</strong></td>
</tr>
<tr>
<td><strong>503029410</strong></td>
<td><strong>Removed PII from <code>ParsePayload</code> policy outputs to improve security and privacy.</strong></td>
</tr>
</tbody>
</table>
<h3>Security</h3>
<table>
<thead>
<tr>
<th>Bug ID</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>485998102, 482978613</strong></td>
<td><strong>Security fixes for <code>apigee-runtime</code>, <code>apigee-mart-server</code>, and <code>apigee-synchronizer</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-21945">CVE-2026-21945</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-21932">CVE-2026-21932</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-55163">CVE-2025-55163</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2023-2976">CVE-2023-2976</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-48174">CVE-2022-48174</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-1471">CVE-2022-1471</a> </li></ul></td>
</tr>
<tr>
<td><strong>471527485, 471173296, 471172082, 471171833</strong></td>
<td><strong>Security fixes for <code>apigee-synchronizer</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-67735">CVE-2025-67735</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-58057">CVE-2025-58057</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-58056">CVE-2025-58056</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-55163">CVE-2025-55163</a> </li></ul></td>
</tr>
<tr>
<td><strong>454672970</strong></td>
<td><strong>Security fix for <code>apigee-runtime</code>.</strong> <br/>This adds strict input validation to the <code>IntegrationRegion</code> parameter in the <code>SetIntegrationRequest</code> policy to prevent potential server-side request forgery (SSRF).</td>
</tr>
<tr>
<td><strong>493067053, 493061344, 492959383, 492957334, 492359443, 492358696, 492067139, 490280970, 489908390, 489907729, 489489437, 488070159, 485580973</strong></td>
<td><strong>Security fixes for <code>apigee-hybrid-cassandra</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-66566">CVE-2025-66566</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-4802">CVE-2025-4802</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-12183">CVE-2025-12183</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2023-6246">CVE-2023-6246</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2023-5156">CVE-2023-5156</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2023-4911">CVE-2023-4911</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2023-0687">CVE-2023-0687</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-3715">CVE-2022-3715</a> </li></ul></td>
</tr>
<tr>
<td><strong>494902472, 493902764, 493747531, 493747186, 493066364, 492956556, 492812098, 492810982, 492737291, 492733739, 492067214, 491191150, 490628133, 490627481, 490279890, 490278396, 489905507, 489904404, 477290192</strong></td>
<td><strong>Security fixes for <code>apigee-kube-rbac-proxy</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-24051">CVE-2026-24051</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-68119">CVE-2025-68119</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61731">CVE-2025-61731</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61729">CVE-2025-61729</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61728">CVE-2025-61728</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61726">CVE-2025-61726</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61724">CVE-2025-61724</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61723">CVE-2025-61723</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-58188">CVE-2025-58188</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-58186">CVE-2025-58186</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-58185">CVE-2025-58185</a> </li></ul></td>
</tr>
<tr>
<td><strong>494874583, 493352686, 493350530, 493065065, 492958506, 492958221, 492810419, 492734198, 492360831, 491606491, 491602959, 490628958, 490628720, 490625335, 489487288, 477290192</strong></td>
<td><strong>Security fixes for <code>apigee-watcher</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61731">CVE-2025-61731</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61729">CVE-2025-61729</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61725">CVE-2025-61725</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61724">CVE-2025-61724</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-58188">CVE-2025-58188</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-58187">CVE-2025-58187</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-47912">CVE-2025-47912</a> </li></ul></td>
</tr>
<tr>
<td><strong>493904046, 493748763, 493353749, 492959837, 492959353, 492958532, 492734063, 492358967, 491163162, 489907974, 489494841, 477290192</strong></td>
<td><strong>Security fixes for <code>apigee-operators</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27139">CVE-2026-27139</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61729">CVE-2025-61729</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61728">CVE-2025-61728</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61726">CVE-2025-61726</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-58181">CVE-2025-58181</a> </li></ul></td>
</tr>
<tr>
<td><strong>493940049, 493935866, 492812693, 492811208, 490847438, 490285784, 443494822, 430609333, 428036268, 428035602</strong></td>
<td><strong>Security fixes for <code>apigee-fluent-bit</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-22795">CVE-2026-22795</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-69419">CVE-2025-69419</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-69418">CVE-2025-69418</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-5709">CVE-2018-5709</a> </li></ul></td>
</tr>
<tr>
<td><strong>494873893, 492957899, 492811896, 492735230, 492734621, 492362013, 492358145, 492044636, 491192904, 491163716, 490628292, 490283689, 489908590, 489487798, 485998102, 482978613</strong></td>
<td><strong>Security fixes for <code>apigee-open-telemetry-collector</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-68156">CVE-2025-68156</a> </li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-47913">CVE-2025-47913</a> </li></ul></td>
</tr>
<tr>
<td><strong>495206280, 492736206, 492358267, 491606961, 491603879, 490845184, 490842872, 490626346, 490625529, 490278258, 489155677</strong></td>
<td><strong>Security fixes for <code>apigee-udca</code>.</strong> <br/>This addresses the following vulnerability: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-25679">CVE-2026-25679</a> </li></ul></td>
</tr>
<tr>
<td><strong>492959491, 492959470, 492959266, 492812323, 492736535, 492736355, 492736200, 492734720, 492549333, 492528258, 492528186, 492361814, 492360845, 492359742, 492359020, 492039084, 490625473, 489488025, 489120498</strong></td>
<td><strong>Security fixes for <code>apigee-prometheus-adapter</code>.</strong> <br/>This addresses the following vulnerability: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-25679">CVE-2026-25679</a> </li></ul></td>
</tr>
<tr>
<td><strong>492959323, 492958717, 492813153, 492736850, 492736096, 492735265, 492360419, 492359937, 492359237, 492041473, 491604321, 491602140, 490847572, 490627493, 490282905, 489151338, 489127231</strong></td>
<td><strong>Security fixes for <code>apigee-redis</code>.</strong> <br/>This addresses the following vulnerability: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61726">CVE-2025-61726</a> </li></ul></td>
</tr>
<tr>
<td><strong>492736867, 492735320, 492550947, 492549407, 492360316, 492359543, 492358244, 491608063, 491603446, 491169265, 490282128, 490278007, 490276323, 489127588, 489124394</strong></td>
<td><strong>Security fixes for <code>apigee-asm-ingress</code>.</strong> <br/>This addresses the following vulnerability: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-15558">CVE-2025-15558</a> </li></ul></td>
</tr>
<tr>
<td><strong>492956844, 492956300, 492812417, 492811007, 492810814, 492528300, 492361776, 492360457, 492360310, 492360053, 492358006, 492037890, 491606683, 489492294, 489152529</strong></td>
<td><strong>Security fixes for <code>apigee-asm-istiod</code>.</strong> <br/>This addresses the following vulnerabilities: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61729">CVE-2025-61729</a> </li></ul></td>
</tr>
</tbody>
</table>
]]>
    </content>
  </entry>

  <entry>
    <title>April 09, 2026</title>
    <id>tag:google.com,2016:apigee-release-notes#April_09_2026</id>
    <updated>2026-04-09T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/apigee/docs/release-notes#April_09_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Apigee X</h2>
<h3>Change</h3>
<p><strong>Relaxed limitation on header name for Client IP resolution</strong></p>
<p>The client IP can now be resolved from any header, not just the <code>X-Forwarded-For</code> header. The most common headers are <code>X-Forwarded-For</code> or <code>True-Client-Ip</code>.</p>
<p>For more information, see <a href="https://docs.cloud.google.com/apigee/docs/api-platform/system-administration/client-ip-resolution">Client IP resolution</a>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>April 06, 2026</title>
    <id>tag:google.com,2016:apigee-release-notes#April_06_2026</id>
    <updated>2026-04-06T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/apigee/docs/release-notes#April_06_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Apigee API hub</h2>
<strong class="release-note-product-version-title">VERSION_UNSPECIFIED</strong>
<h3>Feature</h3>
<p><strong>Agent Registry integration support for MCP metadata (Preview)</strong></p>
<p>API hub now includes a managed integration with Agent Registry to automatically synchronize Model Context Protocol (MCP) servers and tools metadata. This feature enables AI agents to discover and interact with the APIs registered in your hub without manual configuration.</p>
<p>This feature is in <a href="https://cloud.google.com/products#product-launch-stages">Public Preview</a>. For more information, see <a href="https://docs.cloud.google.com/apigee/docs/apihub/manage-agent-registry-integration">Manage Agent Registry integration</a>.</p>
<h2 class="release-note-product-title">Apigee X</h2>
<h3>Fixed</h3>
<p><strong>Correction to <a href="#April_02_2026">April 2, 2026 release note: Deployment disruption for Apigee Drupal Portal via Google Cloud Marketplace</a></strong></p>
<p>For the deployment disruption announced on April 2, the announcement noted that deployment and management functionality using Google Cloud Deployment Manager would definitely be unavailable during the transition. This statement is incorrect. The functionality <em>might</em> be unavailable.</p>
<p>See the <a href="https://docs.cloud.google.com/apigee/docs/release/known-issues#495305258">Known issue</a> for more information.</p>
<h3>Change</h3>
<p>On April 6th, 2026, we released an updated version of Apigee.</p>
<p>This change introduces the new <code>apigee.coreServiceAgent</code> IAM role for
Apigee. <strong>Effective immediately, use <code>apigee.coreServiceAgent</code> instead of the
<code>apigee.serviceAgent</code> role.</strong></p>
<p>For information on the new role, see
<a href="https://docs.cloud.google.com/iam/docs/roles-permissions/apigee#apigee.coreServiceAgent"><code>apigee.coreServiceAgent</code></a>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>April 02, 2026</title>
    <id>tag:google.com,2016:apigee-release-notes#April_02_2026</id>
    <updated>2026-04-02T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/apigee/docs/release-notes#April_02_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Apigee X</h2>
<h3>Breaking</h3>
<p><strong>Deployment disruption for Apigee Drupal Portal via Google Cloud Marketplace</strong></p>
<p>Google Cloud Deployment Manager was deprecated as of March 31, 2026. We are currently transitioning the Apigee Drupal Portal Marketplace solution to use Infrastructure Manager. During this transition period, some deployment and management functionalities are unavailable.</p>
<p><strong>Impact:</strong></p>
<ul>
<li><strong>New Deployments:</strong> Starting April 1, 2026, attempting to deploy a new Apigee Drupal Portal instance using the "Deploy" button on the Google Cloud Marketplace will fail.</li>
<li><strong>Existing Deployments:</strong> Your underlying resources (such as VMs and Cloud SQL databases) are unaffected and will continue to run normally. However, you can no longer use Deployment Manager-based features to manage the deployment via the Marketplace UI or the <code>gcloud deployment-manager</code> tool.</li>
</ul>
<p><strong>Workaround &amp; Resolution:</strong>
Any configuration changes or management tasks must be performed directly on the individual Google Cloud resources (Compute Engine, Cloud SQL, etc.) rather than through the Marketplace UI.</p>
<p>We are actively working to release the updated Infrastructure Manager-based solution.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>March 31, 2026</title>
    <id>tag:google.com,2016:apigee-release-notes#March_31_2026</id>
    <updated>2026-03-31T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/apigee/docs/release-notes#March_31_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Apigee X</h2>
<h3>Announcement</h3>
<p>On March 31st, 2026, we released an updated version of Apigee.</p>
<aside class="note"><strong>Note:</strong><span> Rollouts of this release began today and may take four or more business days to be completed across all Google Cloud zones. Your instances may not have the features and fixes available until the rollout is complete.</span></aside>
<h3>Feature</h3>
<p><strong>General Availability (GA) launch of Model Context Protocol (MCP) in Apigee</strong></p>
<p>With this release, Model Context Protocol (MCP) in Apigee is <a href="https://docs.cloud.google.com/products#product-launch-stages">generally available</a>, enabling you to expose your Apigee APIs as MCP tools to agentic applications.</p>
<p>Any MCP client that supports remote MCP endpoints over HTTP/S can access these tools. Because the endpoints are managed, you don't need to install or manage local MCP servers, remote MCP servers, or additional infrastructure to enable agentic applications to access your services.</p>
<p>MCP in Apigee is available for Subscription, Pay-as-you-go, and Evaluation organizations, including organizations with Data Residency and VPC Service Controls enabled.</p>
<p>For more information on using MCP in Apigee, see <a href="https://docs.cloud.google.com/apigee/docs/api-platform/apigee-mcp/apigee-mcp-overview">MCP in Apigee overview</a>.</p>
<h3>Feature</h3>
<p><strong>Enhanced OAS server URL path handling for MCP in Apigee</strong></p>
<p>With this feature enhancement, your OpenAPI specification (OAS) configurations behave exactly
 as defined in the OAS standard, automatically combining the <code>server.url</code> base path value with individual operation paths.</p>
<p>For example, a server URL of<code>https://example.com/api/v1</code> paired with a path of <code>/users</code> will now correctly route to <code>https://example.com/api/v1/users</code> without additional manual intervention.</p>
<p>If you previously prepended base paths to your OAS paths entries, remove the path segment from your <code>servers.url</code> field to prevent
duplication.  For example, change <code>https://example.com/api/v1</code> to <code>https://example.com</code>.</p>
<p>For more information, see <a href="https://docs.cloud.google.com/apigee/docs/api-platform/apigee-mcp/apigee-mcp-quickstart#create-an-openapi-3.0.x-specification-describing-your-api-operations">Create an OpenAPI 3.0 specification</a>.</p>
<h3>Change</h3>
<p><strong>Updated MCP server target endpoint for MCP Discovery Proxies</strong></p>
<p>With the GA launch of Model Context Protocol (MCP) in Apigee, the structure of the MCP server target endpoint for MCP Discover Proxies has changed to <code>ORG_NAME.mcp.apigee.internal</code>.</p>
<p>Private preview customers using the previous format (<code>mcp.apigee.internal</code>) are encouraged to update their proxies to reflect the new structure.  Existing endpoints using the old format will continue to work, but new endpoints will use the new structure.</p>
<h3>Issue</h3>
<p><strong>Known Issue 496552286: Deployment fails for MCP Discovery Proxies in regions with capacity limitations.</strong></p>
<p>For more information, see <a href="https://docs.cloud.google.com/apigee/docs/release/known-issues">Apigee known issues</a>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>March 26, 2026</title>
    <id>tag:google.com,2016:apigee-release-notes#March_26_2026</id>
    <updated>2026-03-26T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/apigee/docs/release-notes#March_26_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Apigee X</h2>
<h3>Announcement</h3>
<p>On March 26th, 2026, we released an updated version of Apigee (1-17-0-apigee-6).</p>
<aside class="note"><strong>Note:</strong><span> Rollouts of this release began today and may take four or more business days to be completed across all Google Cloud zones. Your instances may not have the features and fixes available until the rollout is complete.</span></aside>
<h3>Security</h3>
<table>
<thead>
<tr>
<th>Bug ID</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>495897297, 495909767</strong></td>
<td><strong>Security fix for Apigee infrastructure.</strong> <p>This addresses the following vulnerabilities: <ul> <li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33210">CVE-2026-33210</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-25679">CVE-2026-25679</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27139">CVE-2026-27139</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27142">CVE-2026-27142</a></li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33186">2026-33186</a></li></ul></p></td>
</tr>
</tbody>
</table>
<h3>Fixed</h3>
<table>
<thead>
<tr>
<th>Bug ID</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>N/A</strong></td>
<td><strong>Updates to infrastructure and libraries.</strong></td>
</tr>
</tbody>
</table>
]]>
    </content>
  </entry>

  <entry>
    <title>March 19, 2026</title>
    <id>tag:google.com,2016:apigee-release-notes#March_19_2026</id>
    <updated>2026-03-19T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/apigee/docs/release-notes#March_19_2026"/>
    <content type="html"><![CDATA[<h2 class="release-note-product-title">Apigee X</h2>
<h3>Announcement</h3>
<p>On March 19th, 2026, we began maintenance updates of Apigee instances <a href="https://docs.cloud.google.com/apigee/docs/api-platform/system-administration/maintenance-windows">configured for maintenance windows</a>.</p>
<p>If you set a preferred window for maintenance for your instance, and your instance version is
below <strong>1-16-0-apigee-6</strong>, your instance will be updated to <strong>1-16-0-apigee-6</strong> within the
next seven to 21 days. A notification containing the expected date of upgrade will be sent within the next two business days.</p>
<aside class="note">Note: Instances that meet either of the following two criteria will <b>not</b> be updated:
<ul>
<li>Your instance has a DNS misconfiguration, as described in <a href="https://docs.cloud.google.com/apigee/docs/release/known-issues">Known Issue 445936920</a>.</li>
<li>Your instance uses an Apigee Java Library that has been removed, as described in <a href="https://docs.cloud.google.com/apigee/docs/release/release-notes#October_16_2025">Apigee release notes dated October 16, 2025</a>.</li>
</ul></aside>
<p>For more information on participating in scheduled maintenance windows, see <a href="https://docs.cloud.google.com/apigee/docs/api-platform/system-administration/maintenance">Maintenance overview</a> and <a href="https://docs.cloud.google.com/apigee/docs/api-platform/system-administration/maintenance-windows">Manage Apigee instance maintenance windows</a>.</p>
]]>
    </content>
  </entry>

</feed>
