Outdated docker image for edge microgateway

kianting-1
Participant II

Hi All, I have just received an email from apigee saying that there is a security risk pertaining to edgemicrogateway version 2.5.25 which was released before October 5 2018.

The following is the message.

Hello Apigee Customer,

We have become aware of a possible security risk related to customer misconfiguration of theApigee Edge Microgatewayfeature. This misconfiguration could expose sensitive data stored in Apigee Edge. If you are actively using or have tried using the Apigee Edge Microgateway feature in the past, please read the rest of this email carefully and follow the guidance provided.

The Apigee Edge Microgateway connects with Apigee Edge for access to necessary data and configuration. If this access is not properly secured via the appropriate Apigee Edge Microgatewayconfiguration, it could expose sensitive data stored in Apigee Edge (even if you are not currently using Apigee Edge Microgateway but have tried using it in the past).

Please ensure that you are using a recent version of Apigee Edge Microgateway (2.5.26 or later) and take the steps providedhereto ensure that your Apigee Edge Microgateway proxy is securely configured. Google also recommends that you keep your Apigee Edge Microgateway and its associated Apigee Edge Microgateway proxy up to date at all times.

If you are an Apigee Team, Business or Enterprise customer and have any questions or require assistance, pleasecontact Apigee Edge Support.

Thank you for being a valued Apigee customer.

I have tried to download the latest docker image as suggested by the documentation . Using the following command.

docker pullgcr.io/apigee-microgateway/edgemicro:latest

Then I got into docker image to check the edgemicrogateway version, it is still running on 2.5.25 inst4ad of having the latest 2.5.26.

~ $ docker run -it --entrypoint sh 5e087b3ead3d
# edgemicro -version current nodejs version is v8.11.3 current edgemicro version is 2.5.25 error: unknown option `-v'
#

Do you know if apigee will release an updated version of the edgemicro docker image or do we have to muck around and update the image ourself (which is after downloading the image)?

0 3 402
3 REPLIES 3

kianting-1
Participant II

@srinandans any idea about this ?

Former Community Member
Not applicable

The latest tag also points to 2.5.26 now.

Former Community Member
Not applicable

Can you please try

docker pull gcr.io/apigee-microgateway/edgemicro:2.5.26

I will update the latest tag to also point to 2.5.26. Thanks for letting us know.