Red Hat SummitChapter 1. Red Hat 3scale API Management 2.16.0
DO NOT ATTEMPT TO INSTALL OR UPGRADE TO 3scale 2.16 IF YOUR DEPLOYMENT USES ORACLE DATABASE. 3scale 2.16 is currently not compatible with Oracle DB. Upgrading from 2.15 to 2.16 in such environments will lead to severe issues preventing the system from operating correctly. Deployments using Oracle DB must stay on version 2.15 until compatibility is added in a future maintenance release (planned for 2.16.1).
1.1. New features
Red Hat 3scale API Management 2.16 provides the following new features and enhancements:
- Supported compatibility with PostgreSQL 14 & 15 (THREESCALE-8920, THREESCALE-11897)
- Enabled TLS and ACL support for Redis connections (THREESCALE-8404)
- Added option to make route creation in Zync optional (THREESCALE-8102)
- Added ability to mark tenants as “Managed by Operator” to indicate they are controlled by automation (THREESCALE-1786)
- Added ability to create or update a Service Subscription via the 3scale API (THREESCALE-2689)
- Enhanced audit logs with more detailed session and account activity (THREESCALE-10843)
Security, performance, and other general improvements:
- Added support for SCRAM-SHA-256 password authentication in system-app PostgreSQL libraries (THREESCALE-8038)
- Masked the client secret by default in the SSO Integration configuration screen (THREESCALE-8735)
- Made CustomPolicyDefinition work out of the box for custom tenants as well as the default tenant (THREESCALE-9006)
- Added support for TLS client certificate authentication when connecting to external databases (THREESCALE-4185)
- Added support for configuring mutual TLS with a forward proxy (THREESCALE-5105)
- Made the ssl_verify_client directive configurable to prevent unnecessary client certificate prompts in certain scenarios (THREESCALE-10156)
- Added support for client certificate revocation checks in APIcast (THREESCALE-11404)
- Enable to configure the timeouts handled by the Upstream Connection policy globally (THREESCALE-8149)
- Addressed multiple CVEs to enhance the security and stability of the solution.
1.2. Resolved issues
Red Hat 3scale API Management 2.16 resolves the following issues:
| Issue number | Description |
|---|---|
| Conditional policy evaluating incorrectly: second policy in policy chain always triggers | |
| Error when a backend reference is removed from usages and application plan limit is removed too | |
| APIcast connections should be drained gracefully on pod deletion | |
| User model extra fields not updating via admin portal form | |
| Issue handling two different Applications using the same client ID across different RH-SSO realms, causing secrets to be stored incorrectly | |
| The endpoint /admin/api/settings.json doesn’t update account_approval_required field | |
| APIcast TLS + path routing: unexpected behaviour | |
| Invoice line items with negative cost can’t be created from the UI | |
| Some special characters in Application Keys are not supported | |
| Fix dns cache miss | |
| ActiveDocs shows Error when a response body is CSV and starts from double quote | |
| Multiple filter service warnings are logged when APICAST_SERVICES_LIST is used | |
| APIcast using stale configuration for a deleted Product | |
| 3scale API docs CRUD /api/account_plans/{acc_pl_id}/features.xml not working | |
| 3scale accounts listing can’t filter by state |
1.3. Known issues
Known issues in Red Hat 3scale API Management 2.16:
DO NOT ATTEMPT TO INSTALL OR UPGRADE TO 3scale 2.16 IF YOUR DEPLOYMENT USES ORACLE DATABASE. 3scale 2.16 is currently not compatible with Oracle DB. Upgrading from 2.15 to 2.16 in such environments will lead to severe issues preventing the system from operating correctly. Deployments using Oracle DB must stay on version 2.15 until compatibility is added in a future maintenance release (planned for 2.16.1).
| Issue number | Description |
|---|---|
| Deployments using Oracle Database are not compatible. After upgrading from 2.15.5 to 2.16 CR6 in deployments using Oracle Database, the system fails with internal server errors | |
| When upgrading from 2.15 to 2.16, the system-app pod may start before the database migration completes, causing failures when creating new accounts. Restarting the system-app pod resolves the issue |
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}