Release - developer portal: 2.11.2

A new developer portal version has just been released.

If you use the built-in, managed developer portal, your portal will be automatically upgraded within two weeks. Make sure to republish it to upgrade the published portal.

If you self-host the developer portal, you need to merge the source code changes and republish and redeploy your portal manually.

Detailed release notes are available in the developer portal repository.

Release - developer portal: 2.11.1

A new developer portal version has just been released.

If you use the built-in, managed developer portal, your portal will be automatically upgraded within two weeks. Make sure to republish it to upgrade the published portal.

If you self-host the developer portal, you need to merge the source code changes and republish and redeploy your portal manually.

Detailed release notes are available in the developer portal repository.

Release - self-hosted gateway: 1.2.4-preview-1

August 25, 2021

New preview version of the self-hosted gateway is now available. Full list of container versions can be found here.

New

None

Bug fixes

• Upgraded to use .NET Core base image 3.1.18 (nightly) which addressed the following vulnerabilities:

  • CVE-2021-36159
  • CVE-2021-22924
  • CVE-2021-22922
  • CVE-2021-22926
  • CVE-2021-36222
  • CVE-2021-22922
  • CVE-2021-22924

Breaking changes

None

Release - API Management service: August, 2021

A regular Azure API Management service update was started on August 19, 2021, and included the following new features, bug fixes, and other improvements. It may take several weeks for your API Management service to receive the update.

Featured

1. API Management's integration with Event Grid is now in preview.

New

1. The availability zones feature is now supported in four new regions: South Africa North, Germany West Central, Korea Central, Norway East.
2. The rate-limit-by-key policy now supports policy expressions in the calls and renewal-period attributes. The renewal-period's upper limit of 5 minutes still applies.
3. The upper limit of the max-size attribute of the validate-content policy can now be increased beyond 100kB through Azure support.
4. API inspector's traces now include the service name property.
5. API Management is now more responsive to moves and cluster scale-outs of Service Fabric backends.
6. API Management now supports custom domain certificates encrypted with the AES256_SHA256 algorithm.
7. The Network Status management API response and page in the Azure portal now include details about the connectivity to Azure Application Insights for services with configured Application Insights loggers.
8. The "Publish" button on the "Developer portal overview" page of API Management services in the Azure portal now uses the new Portal revisions API, which makes it easier to publish the portal for virtual-network-injected services.
9. Clicking on a grid's row in the "Subscriptions" page of Azure API Management services in the Azure portal now brings up a new subscription editing interface.

Fixed

1. We fixed an issue, which could cause schema definitions to be omitted while importing APIs from OpenAPI files.
2. We fixed a paging issue for API calls for retrieving the list of APIs from the developer portal.
3. The PublisherEmail service property now supports email addresses with the # character.

Changed

1. The runtime context.Deployment.ServiceName property and the Service Name attribute in Azure Application Insights logs no longer include the default hostname suffix .azure-api.net for API Management services in the Developer, Basic, Standard, and Premium tiers. This change has been reverted.
2. Consumption tier services now allow request URLs up to 16384 characters long.
3. All responses with status code lower than 400 are now considered successful in the built-in Analytics, metrics, Azure Monitor logs, and Azure Application Insights telemetry.
4. The API gateway can no longer be disabled if the API Management service is in an internal virtual network.

Release - self-hosted gateway: 1.2.3

Release - self-hosted gateway: 1.2.3

July 8, 2021

New stable version of the self-hosted gateway is now available. Full list of container versions can be found here.

New

• Removed the 30MB request size limit

Bug fixes

None

Breaking changes

None

Release - developer portal: 2.11.0

A new developer portal version has just been released.

If you use the built-in, managed developer portal, your portal will be automatically upgraded within two weeks. Make sure to republish it to upgrade the published portal.

If you self-host the developer portal, you need to merge the source code changes and republish and redeploy your portal manually.

Detailed release notes are available in the developer portal repository.

Release - API Management service: July, 2021

A regular Azure API Management service update was started on July 5, 2021, and included the following new features, bug fixes, and other improvements. It may take several weeks for your API Management service to receive the update.

Featured

1. Native support for WebSocket APIs is now in preview.
2. The cost of additional units in the Premium tier services has been reduced.

New

1. You can now emit custom metrics to Azure Application Insights with the new emit-metric policy. Documentation will soon be available under this link.
2. Policy expressions now support System.Net.IPAddress.
3. The policy expressions' context object now includes the context.Deployment.GatewayId property. For managed gateways, its value is managed.
4. You can now export your APIs for consumption in the Power Platform through the dedicated Power Platform page in the Azure portal.
   

Fixed

1. We fixed an issue, which caused Developer tier services in a virtual network to not emit resource health events.
2. The validation policies now correctly return:
   • Responses with the status code 400 Bad Request and a precise error description in case of the schema mismatch for errors detected in the incoming requests.
   • Responses with the status code 502 Bad Gateway and a generic message in the body for errors detected in the outgoing responses, to not leak API implementation details.
3. We fixed an issue, where the validation policies ignored the nullable property of JSON schemas.
4. We fixed an issue, where the validate content policy didn't fail the validation for empty bodies.
5. We fixed an issue, where the validation policies modified the format of the JSON payload's properties resembling datetime strings.
6. We fixed an issue, where a character sequence @* prevented the policy XML document from being saved.
7. We fixed an issue, where responses with an empty payload and the Transfer-Encoding: chunked header were incorrectly classified as completed and the response latency was miscalculated.
8. We fixed an issue, where successful API requests were marked as non-successful in the Azure Monitor and Azure Application Insights logs if the client disconnected right after receiving the response.
9. We fixed an issue, which caused the API gateway endpoint of Consumption services to remain unavailable for a few seconds after the service activation.

Changed

1. Validation policies' error-variable-name attribute is now optional.
2. The firstName and lastName properties of the User entity no longer accept special characters (for example, <, >, :, ;, (, ), \, /, @, !, and more).

Release - self-hosted gateway: 1.2.2

Release - self-hosted gateway: 1.2.2

Juen 11, 2021

New stable version of the self-hosted gateway is now available. Full list of container versions can be found here.

New

None

Bug fixes

• Upgraded to use .NET Core base image 3.1.16 which addressed the following vulnerabilities:

  • CVE-2021-26701 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26701 )
  • CVE-2021-24112 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24112 )

Breaking changes

None

Release - developer portal: 2.10.0

A new developer portal version has just been released.

If you use the built-in (managed) developer portal, your portal will be automatically upgraded within four weeks. Make sure to republish it to upgrade the published portal.

If you use a self-hosted developer portal, you need to merge the source code changes and republish and redeploy your portal manually.

Detailed release notes are available in the developer portal repository.

Release - API Management service: May, 2021

A regular Azure API Management service update was started on May 5, 2021, and included the following new features, bug fixes, and other improvements. It may take several weeks for your API Management service to receive the update.

Featured

1. Open-source API Portal is now generally available.
2. Azure API Management's support for Availability Zones is now generally available.
3. Request and response validation policies are now generally available.

New

1. You can now validate the client certificate with the new <validate-client-certificate> policy. Documentation and support in the Azure portal are coming soon.
2. The Visual Studio Code extension now supports policy debugging for self-hosted gateways running locally.
3. The Visual Studio Code extension now supports Dapr and validation policies.
4. The developer portal now supports resource owner password grant flow.
5. The new Ciphers + Protocols page in the Azure portal lets you manage API gateways' cipher and protocol configuration and displays a warning if a weak cipher or protocol is enabled.
6. The Locations page in the Azure portal lets you now configure Availability Zones.
7. You can now apply validation policies with the visual policy editors in the Azure portal, without writing any policy code.
8. The timeout attribute of the send-request policy now supports policy expressions.

Fixed

1. Caching issues, which might have resulted in a broken developer portal's administrative interface, are now resolved.

Changed

1. The client certificate renegotiation feature is now disabled for all new and existing API Management services, except for the services that relied on it in the last 30 days (services with at least one API call that resulted in a client certificate request from a policy, not as part of an initial TLS handshake). The API gateway will request a client certificate only if HostnameConfiguration's property negotiateClientCertificate is set to true. If the property is set to false, the client certificate won't be available in the context.Request.Certificate property.