• Unable to build oracle image (Jira 8096).

• Support for Red Hat 3scale API Management on IBM Power Systems. For more details, see Support for IBM Power Systems.
• APIcast operator handling proxy environment variables through the Custom Resource Definition (Jira 7573).
• Support for the addition of external Lua dependencies for custom policies (Jira 7488).

• Enhancements to the Admin Portal interface:

  • Display, selection, and configuration of application plans (Jira 6868)
  • Listing products and backends (Jira 7646)

• 3scale deployment from operatorHub
• All Universal Base Images (UBI) 7 and UBI 8 images
• Self-managed APIcast operators on OpenShift Container Platform (OCP) v4.9
• Self-managed APIcast on OCP for APIcast v3.11
• Toolbox images
• Red Hat Single Sign-On (RH SSO) 7.4

• Self-managed APIcast on Docker on top of RHEL 7 and RHEL 8
• MSQL 5.7 external
• PostgreSQL 10.x external
• RH SSO 7.5
• Redis HA
• S3 API compatible file storage - Minio
• Deployment in disconnected (air-gapped) OCP environment

• The sign-up form in the Developer Portal is disabled for users authenticated via external Single Sign-On (Jira 7633).
• Wrong format when retrieving policies_config information through the Account Management API (Jira 7605).
• Operator pod cannot connect to an external 3scale environment through a proxy (Jira 7761).
• Issues preventing metrics monitoring directly from 3scale and APIcast operators (Jira 7644 and Jira 7731).

• Oracle Client Libraries integration for ppc64le requires a workaround (Jira 7953).

Supported configurations

• Check the latest information about 3scale 2.11.1 supported configurations at the Red Hat 3scale API Management Supported Configurations website.

Upgrade guides

• Check the procedures to upgrade your 3scale installation from 2.11 to 2.11.1, for template-based deployments.

• 3scale toolbox command line interface (CLI) commands that:

  • Export and import API products (Jira 6626).
  • Export and import policy chains (Jira 5037). See Export and import a product policy chain.
  • Promote proxy configurations (Jira 6620). See Exporting proxy configurations.
• API providers who are using Braintree can now toggle 3DS on or off (Jira 6860). See Configuring Braintree as a credit card gateway.
• Support for Redis 6 as an external database (Jira 6492).
• The length of time that a user can be logged in to 3scale (session length) is now configurable (Jira 693 and Jira 7143).
• Field definitions can now be set by means of the 3scale API (Jira 4082).

• API gateway policies:

  • For mapping upstream response codes to HTTP status codes that you specify (Jira 6255). See HTTP Response Code Overwrite.
  • For skipping NGINX validation of specified headers and optionally keeping those headers in requests sent to the upstream API (Jira 6704). See NGINX Filters.
• Ability to set the Maintenance Mode Policy (downtime) depending on the subpath, backend, or another condition (Jira 6552).
• Option to accept/reject request if a policy is not executed in the policy chain (Jira 6705).
• Configurable Access-Control-Max-Age header in CORS policy (Jira 6556). See CORS Request Handling.

• APIcast configuration enhancements:

  • Ability to configure proxy_cache_convert_head to determine whether HEAD requests are converted to GET requests before requests are sent upstream (Jira 7016).
  • Ability to configure the APICAST_LOG_LEVEL environment variable on the 3scale operator (Jira 6452).
  • APIcast environment variables are now exposed by custom resource definition (CRD) fields for the APIcast operator (Jira 5496).
  • TLS is now enabled at the pod level with the APIcast operator (Jira 5499).
  • Allow injection of custom policies into the APIcast operator (Jira 7031).
  • Allow injection of custom environment into the APIcast operator (Jira 7033).
  • Ability to configure extended metrics in the APIcast operator (Jira 7272).
• New option to disable the deployment of Prometheus rules (Jira 7137).
• Improved 3scale deployment status reporting (Jira 4753).
• Backend extension that lists application keys in response XML (Jira 7207).
• Ability to configure Jaeger and OpenTracing environment variables through the 3scale operator (Jira 7267).

• 3scale customer experience enhancements

  • Improved display of application plans in the application plans index page (Jira 6875).
  • Improved user interface (UI) for selecting the default application plan (Jira 6868).
  • Renewed UI for creating applications (Jira 6876, Jira 6878, Jira 6879).
  • Improved list of backends in the product overview page (Jira 6866).
  • Improved list of products in the backend overview page (Jira 6877).
  • Improved UI for creating backend mapping rules (Jira 6873).

• Reconciliation of product CRs when a backend metric is deleted (Jira 5534).
• Custom resource definition for managing 3scale developer accounts (Jira 6501).
• Custom resource definition for managing 3scale developers who are associated with a developer account (Jira 6611).
• Management of 3scale ActiveDocs by using an ActiveDoc CR (Jira 6584).
• Management of custom policy definitions by using a CustomPolicyDefinition CR (Jira 6585).
• Management of OpenAPI documents by using an OpenAPI CR (Jira 4712).
• Product CRs can now specify OpenID Connect authentication (Jira 5537). See Defining product authentication using OpenID Connect.
• Product CRs can now specify custom gateway responses and error messages (Jira 5536).
• Product CRs now support management of the policy chain (Jira 6235).

• Braintree errors are not surfaced in the 3scale Developer Portal (Jira 4963).
• Fix deprecated Github SSO integration for the developer portal (Jira 4441).
• System Grafana Dashboards heatmap negative values (Jira 6403).
• Search does not work for newly created services and backends until these items are indexed the next day (Jira 6205).
• Changes in product settings cannot be promoted to staging (Jira 6468).
• Pagination of products and backends shows all pages even when filtering (Jira 6385).
• Backend API metric not synced to backend as part of the backend_rewrite_storage task (Jira 6491).
• Not possible to set APIcast pod timezone using the APIcast operator(Jira 6476).
• APIManager deployment via operator fails when using SealedSecrets (Jira 6635).
• APIcast not striping standard ports for HTTP/HTTPS requests (Jira 2235).
• APIcast production pod is failing when deployed using template (Jira 5913).
• APIcast reports a release candidate version of OpenResty (Jira 6963).
• Internal error for certain calls in IP Check Policy (Jira 7076).
• TLS Termination Policy screen displays wrong form given selected options (Jira 6390).
• Wrong Content-Length header when using payload limits policy (Jira 6736).
• Importing OpenAPI fails on toolbox container image (Jira 6574).
• When copying a product from the toolbox CLI, the copied methods lose their description (Jira 6764).
• Toolbox fails when reimporting an OpenAPI spec (Jira 6906).
• Toolbox is unable to copy products with more than 500 backends (Jira 5224).
• Avoid creating stats keys containing the "0" (zero) value (Jira 6652).
• Fix infrequent exception raised in the backend component (Jira 6783).
• Empty flash error message showing in the new Account form (Jira 6633).
• Suppress warn messages on APIcast startup (Jira 5816).
• Operator backup does not work if pre-existing persistent volume is used (Jira 5677).
• HEAD requests converted to GET requests (Jira 7023).
• Fix error message for users logging into the Admin Portal (Jira 6321).
• Upstream cannot be null error in APIcast logs (Jira 5225).
• APIcast logs unnecessary warn messages on start up (Jira 5816).
• APIcast takes a long time to start up when using APICAST_SERVICES_FILTER_BY_URL (Jira 6139).
• APIcast logs the private API URL instead of the public URL (Jira 6193).
• Liquid Context Debug policy is not working with APIaaP (Jira 6312).
• JWT Claim Check Policy does not work with APIaaP backend (Jira 6410).
• Add APIaaP Routing policy just before APIcast policy (Jira 6428).
• APIcast is removing the If-Match and If-None-Match headers from requests (Jira 6704).
• Importing an OAS Spec using the 3scale toolbox fails when only staging-public-base-url is set (Jira 6884).
• first_traffic and first_daily_traffic events are not updated (Jira 7227).
• Upstream Mutual TLS (mTLS) between APIcast and the backend API fails when more than a single certificate is used (Jira 7363).
• APIManager deployed with the operator is not picking up the latest images available (Jira 7435).

• 3scale monitoring with Prometheus and Grafana performs inaccurately when showing values (Jira 6446).
• Sphinx searches return all records if you search by the name of the class (Jira 6405).
• The NGINX Filters policy has no effect if you also add the Content Caching policy. The default behavior is that content caching is disabled. If you enable content caching, NGINX returns a 412 response code when it cannot validate a request header even if you specified that header when you added the NGINX Filters policy (Jira 7514).

• Usernames in 3scale must be 40 characters or fewer. When a username has more than 40 characters, 3scale usually truncates it. Consider this when you do any of the following:

  • Create a developer account.
  • Create a provider account as the master.
  • Add a user to a provider account as the provider or as the master.
  • Add a user to a developer account in the Developer Portal or in the Admin Portal.

  Usernames must be 40 characters or fewer when using Red Hat Single Sign-On to authenticate access to the Admin Portal or Developer Portal.

Supported configurations

• Check the latest information about 3scale 2.11 supported configurations at the Red Hat 3scale API Management Supported Configurations website.

Security updates

• Check the latest information about 3scale 2.11 security updates in the Red Hat Product Advisories portal.

Erratas

• Advisory for RPMS: https://errata.engineering.redhat.com/advisory/74428
• Advisory for the Container Images: https://errata.engineering.redhat.com/advisory/74429

Upgrade guides

• Check the procedures to upgrade your 3scale installation from 2.10 to 2.11, for the following deployments:

  • Based on templates
  • Based on operators