Red Hat SummitRelease Notes for Red Hat 3scale API Management 2.16 On-premises
Document intended for use with Red Hat 3scale API Management 2.16
Abstract
Preface
This document is intended for use with Red Hat 3scale API Management 2.16 and related patch releases.
Providing feedback on Red Hat documentation
We appreciate your feedback on our documentation.
To propose improvements, open a Jira issue and describe your suggested changes. Provide as much detail as possible to enable us to address your request quickly.
Prerequisite
- You have a Red Hat Customer Portal account. This account enables you to log in to the Red Hat Jira Software instance. If you do not have an account, you will be prompted to create one.
Procedure
- Click the following Create issue.
- In the Summary text box, enter a brief description of the issue.
In the Description text box, provide the following information:
- The URL of the page where you found the issue.
-
A detailed description of the issue.
You can leave the information in any other fields at their default values.
- Click Create to submit the Jira issue to the documentation team.
Thank you for taking the time to provide feedback.
Chapter 1. Red Hat 3scale API Management 2.16.0
DO NOT ATTEMPT TO INSTALL OR UPGRADE TO 3scale 2.16 IF YOUR DEPLOYMENT USES ORACLE DATABASE. 3scale 2.16 is currently not compatible with Oracle DB. Upgrading from 2.15 to 2.16 in such environments will lead to severe issues preventing the system from operating correctly. Deployments using Oracle DB must stay on version 2.15 until compatibility is added in a future maintenance release (planned for 2.16.1).
1.1. New features
Red Hat 3scale API Management 2.16 provides the following new features and enhancements:
- Supported compatibility with PostgreSQL 14 & 15 (THREESCALE-8920, THREESCALE-11897)
- Enabled TLS and ACL support for Redis connections (THREESCALE-8404)
- Added option to make route creation in Zync optional (THREESCALE-8102)
- Added ability to mark tenants as “Managed by Operator” to indicate they are controlled by automation (THREESCALE-1786)
- Added ability to create or update a Service Subscription via the 3scale API (THREESCALE-2689)
- Enhanced audit logs with more detailed session and account activity (THREESCALE-10843)
Security, performance, and other general improvements:
- Added support for SCRAM-SHA-256 password authentication in system-app PostgreSQL libraries (THREESCALE-8038)
- Masked the client secret by default in the SSO Integration configuration screen (THREESCALE-8735)
- Made CustomPolicyDefinition work out of the box for custom tenants as well as the default tenant (THREESCALE-9006)
- Added support for TLS client certificate authentication when connecting to external databases (THREESCALE-4185)
- Added support for configuring mutual TLS with a forward proxy (THREESCALE-5105)
- Made the ssl_verify_client directive configurable to prevent unnecessary client certificate prompts in certain scenarios (THREESCALE-10156)
- Added support for client certificate revocation checks in APIcast (THREESCALE-11404)
- Enable to configure the timeouts handled by the Upstream Connection policy globally (THREESCALE-8149)
- Addressed multiple CVEs to enhance the security and stability of the solution.
1.2. Resolved issues
Red Hat 3scale API Management 2.16 resolves the following issues:
| Issue number | Description |
|---|---|
| Conditional policy evaluating incorrectly: second policy in policy chain always triggers | |
| Error when a backend reference is removed from usages and application plan limit is removed too | |
| APIcast connections should be drained gracefully on pod deletion | |
| User model extra fields not updating via admin portal form | |
| Issue handling two different Applications using the same client ID across different RH-SSO realms, causing secrets to be stored incorrectly | |
| The endpoint /admin/api/settings.json doesn’t update account_approval_required field | |
| APIcast TLS + path routing: unexpected behaviour | |
| Invoice line items with negative cost can’t be created from the UI | |
| Some special characters in Application Keys are not supported | |
| Fix dns cache miss | |
| ActiveDocs shows Error when a response body is CSV and starts from double quote | |
| Multiple filter service warnings are logged when APICAST_SERVICES_LIST is used | |
| APIcast using stale configuration for a deleted Product | |
| 3scale API docs CRUD /api/account_plans/{acc_pl_id}/features.xml not working | |
| 3scale accounts listing can’t filter by state |
1.3. Known issues
Known issues in Red Hat 3scale API Management 2.16:
DO NOT ATTEMPT TO INSTALL OR UPGRADE TO 3scale 2.16 IF YOUR DEPLOYMENT USES ORACLE DATABASE. 3scale 2.16 is currently not compatible with Oracle DB. Upgrading from 2.15 to 2.16 in such environments will lead to severe issues preventing the system from operating correctly. Deployments using Oracle DB must stay on version 2.15 until compatibility is added in a future maintenance release (planned for 2.16.1).
| Issue number | Description |
|---|---|
| Deployments using Oracle Database are not compatible. After upgrading from 2.15.5 to 2.16 CR6 in deployments using Oracle Database, the system fails with internal server errors | |
| When upgrading from 2.15 to 2.16, the system-app pod may start before the database migration completes, causing failures when creating new accounts. Restarting the system-app pod resolves the issue |
Chapter 2. Documentation
Supported configurations
- Check the latest information about 3scale 2.16 supported configurations at the Red Hat 3scale API Management Supported Configurations website.
Security updates
- Check the latest information about 3scale 2.16 security updates in the Red Hat Product Advisories portal.
Erratas
- Advisory for the Container Images: link: https://errata.devel.redhat.com/advisory/146559
Upgrade guides
Check the procedures to upgrade your 3scale installation from 2.15 to 2.16, for the following deployments:
Chapter 3. Changes in 3scale
In the next release, Redis 7.2 will no longer be supported. Instead, support for Valkey 7.2 will be introduced. For the latest updates on supported configurations, see the 3scale Supported Configurations page.
Decommissioned features
- Embedded databases in standard deployments. From 3scale 2.14, support for deploying databases within the cluster as part of the standard 3scale deployment was deprecated. Starting in 2.16, Red Hat supports only self-deployed databases, whether within the cluster or external to it. See here, documentation describing the processes for externalising the Databases
- 3scale Toolbox Command Line Tool. The 3scale Toolbox Command Line Tool is no longer supported. The recommended approach for provisioning and automation is the 3scale Application Capabilities operator.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}