Maintenance Incident Bad Gateway Error from Management API
We are currently aware of an issue with our Management APIs resulting in "Bad Gateway Error", and are working internally to identify the cause and fix t...
Create an account and easily monitor the services that impact your business. Keep your team in the loop with instant notifications when a service is experiencing problems. Access to historical data to see how the services are performing over time.Get started free
No credit card required · Cancel anytime · 1442 services available
Maintenance Incident Apigee Log4J CVE-2021-44228 Response Update
Updated December 15, 2021 15:22 PST Google Apigee is actively following the security vulnerability in the open-source Apache “Log4j 2" utility (CVE-2021-44228 and CVE-2021-45046). We encourage you to update to the latest version of Log4j 2. We are currently assessing the potential impact of the vulnerability for Apigee products and services. This is an ongoing event and we will continue to provide updates through this page and our customer communications channels. Background: The Apache Log4j 2 utility is a commonly used component for logging requests. On December 9, 2021, a vulnerability was reported that could allow a system running Apache Log4j 2 version 2.14.1 or below to be compromised and allow an attacker to execute arbitrary code. On December 10, 2021, NIST published a critical Common Vulnerabilities and Exposure alert, CVE-2021-44228. More specifically, Java Naming Directory Interface (JNDI) features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from remote servers when message lookup substitution is enabled. ==== Platform ==== Apigee X: Apigee X does not use Log4j 2. Apigee Hybrid: Current supported versions of Hybrid do not use Log4j 2. Unsupported versions of Hybrid used Log4j 1.x, but it is not included in any of the currently supported versions. Customers on Hybrid 1.4 or lower are unaffected by this CVE but should still upgrade to a supported version. Apigee Edge: Apigee Edge’s default configuration contained Log4j 2 but was not vulnerable to Log4j 2 (CVE-2021-44228). Apigee OPDK: Apigee OPDK’s default configuration contained Log4j 2 but was not vulnerable to Log4j 2 (CVE-2021-44228). The service “apigee-machinekey” includes Log4j 2 and does not process any user-provided input. It is not susceptible to the vulnerability CVE-2021-44228. ==== User Supplied Log4j 2 Instances ==== Apigee SaaS (X and Edge): Customers can upload vulnerable versions of Log4j 2 in their custom resources, but CVE-2021-4228 is mitigated due to Java Security Manager restrictions. Apigee Hybrid and OPDK: Users can mitigate uploaded vulnerable versions of Log4j 2 in Hybrid and OPDK by enabling a custom java callout security policy: Hybrid: https://cloud.google.com/apigee/docs/api-platform/develop/adding-custom-java-callout-security-policy OPDK: https://docs.apigee.com/api-platform/reference/java-permission-reference ==== Versions Updates ==== Log4j v1.x: Apigee Edge and Apigee OPDK contain Log4j 1.x and Log4j 2.x libraries. Log4j 1 is not part of this particular assessment. All instances of Log4j 1 will be upgraded across all Apigee products in upcoming releases to the latest version of Log4j 2. Upgrades to SaaS services and releases for OPDK are expected in January. ==== More Information ==== Information on this page is based on findings in our ongoing investigations. Please see these helpful articles published to the Apigee Community: How to Detect Network Probes on Traversing Your Apigee Proxies- https://www.googlecloudcommunity.com/gc/Apigee/Detecting-Attempts-to-Exploit-Log4j-CVE-2021-44228-on-Apigee/td-p/178123 How To Mitigate Log4Jv2 Attacks CVE-2021-44228 Traversing Apigee Proxies - https://www.googlecloudcommunity.com/gc/Apigee/How-To-Block-requests-that-exploit-Log4j-CVE-2021-44228-on/td-p/178138
Resolved Minor 5xx Error Rates due to AWS
Due to an ongoing incident in AWS, Apigee Edge Cloud customers hosted in US-EAST-1 may be experiencing 5xx errors. https://status.aws.amazon.com/
Resolved Minor Log4j Vulnerability - CVE-2021-44228
Apigee acknowledges the reports received regarding the potential vulnerability of log4j - https://nvd.nist.gov/vuln/detail/CVE-2021-44228 . We are actively investigating the impact, and at this stage we have yet to determine the scope of impact within Apigee’s core infrastructure. This space will be updated with findings.
Resolved Minor Increased latency and timeout in europe-west1
We are currently investigating this issue.
No more running around to find the problem. Be the first to know!
All your services status in one place
Check the status of all your services in one place. No more going to each one of the status pages and manage it one by one.
Real-time notifications on incidents
We monitor 24/7 and will warn when something happens. No more wasting time looking for why something doesn't work.
Notifications in your favorite channel
You can easily get notifications in your email, Slack, or Discord.
Monitor scheduled maintenances
Never be caught off guard again, with unexpected maintenance from your services. Access to a feed of the next scheduled maintenances.
Notification level by service
Set up what notifications you want to get by service. You can choose to receive notifications for all the incidents, only for critical ones, or just have them in the dashboard.
Integrate with your existing workflows
Easily integrate the notifications in your processes with Zapier or Webhooks.
Every monday get a weekly digest of what happened in the previous week and the schedule maintenances for the next.
all your essential services
Start with a trial account that will allow you to try and monitor up to 30 services for 14 days.
There are 1442 services to choose from, and we're adding more every week.
You can get notifications by email, Slack, and Discord. You can also use Zapier or Webhooks to build your workflows.
Your employees rely on SaaS and cloud applications. Make them more productive and efficient. Enabling monitoring for your services will give you real-time alerts and notifications when your services are down.Start today for FREE