Android MA Library version v3.7.1

Bug fixes:

• MinifyEnabled crash fix.

Swift API 3.9.1 and AVLoader 3.27.1

Bug fixes:

• We’ve added better handling for malformed stream URLs.

The latest release for the Support homepage includes:

• On December 31, 2020, we removed links to certain applications and resources.  Use the main Control Center menu to access Download Center, Diagnostic Tools, Akamai Community, and Akamai University.
  View training videos in the Download Center, and read documentation and release notes at learn.akamai.com. 

Reporting now includes two new reports:

API Usage report

This Akamai APIs usage report allows account’s administrators to track endpoints requests and volume per client owner, per endpoint in time for the last 92 days (data collection started on 24 Oct 2020). Both UI and API versions of the report offer filtering possibilities such as time range, status code, endpoint, and client owner.

API Usage Details report

This detailed audit report on Akamai APIs usage allows account’s administrators to track individual calls including timestamp, details for data requestor, request URI, and status code for response for the last 92 days (data collection started on 24 Oct 2020). Both UI and API versions of the report offer filtering possibilities such as time range, URI content, status code, endpoint, http method, and client owner.

iOS/tvOS MA Library version 3.8.4 and AV Loader version 3.26.6

New features:

• We’ve added Xcode 12 and Swift 5.3 support.
• We’ve removed support for arm64 in iOS and tvOS simulator builds.

New features:

• Health status. The GTM System Status page provides a convenient and efficient method to learn about GTM operational issues. Its purpose is to complement Service Incident Notifications available on Akamai Community.
• Service Binding record types. New HTTPS and SVCB DNS resource record types provide clients with key information about connections to network services from multiple, alternative locations or endpoints. These new record types also enable alias capability at the domain apex, a long-standing challenge for the Internet.
• Menu improvements. The Akamai Control Center menu explicitly supports Global Traffic Management functions.

Secure DNS Forwarder is now generally available with Security Connector 2.7.0

In addition to functioning as a DNS sinkhole, Security Connector can now act as a DNS forwarder that directs traffic to Enterprise Threat Protector (ETP) for resolution. Secure DNS Forwarder detects the internal client IP address and the internal hostname of the client machine. It also protects connections to ETP with DNS over TLS (DoT).

In the Security Connector console, a new menu is now available for DNS Forwarder. You can:

• View traffic statistics about connections that are directed from DNS Forwarder to ETP.
• View the health status of DNS Forwarder
• Enable or disable DNS Forwarder. By default, DNS Forwarder is enabled.
• Temporarily enable query and response logging in your enterprise for Akamai to investigate and troubleshoot an issue.
• Change the DNS Forwarder port. By default, DNS Forwarder uses outbound TCP port 443. However, you can choose to use outbound TCP port 853.
• Configure a local DNS server. If your organization’s corporate DNS server is not recursive and is used for internal domains only, you can configure it as a local DNS server for DNS Forwarder. This configuration sets the DNS server that you configured in the Security Connector setup as a fallback server in case ETP is not reachable. If you apply a local DNS server configuration, you can then set the Security Connector DNS name server to use the ETP DNS server IP addresses.

ETP also now includes new reporting dimensions to show the internal client IP address and the internal hostname of the user’s machine.

Note the following:

• When you upgrade Security Connector, the virtual machine will temporarily hop to version 2.6.9 before it upgrades to version 2.7.0. This upgrade process also restarts your virtual machine twice. Make sure you do not interrupt this upgrade process. If you find that Security Connector is stuck on version 2.6.9, contact Akamai Support.
• If you intend to use DNS Forwarder, the virtual machine requires 4 GB of RAM and can be increased to 8 GB. If you don’t intend to use Security Connector as a DNS Forwarder, 2 GB of RAM is enough for the Security Connector virtual machine.

For more information about this update, see the online help or the Security Connector Setup and Configuration Guide.

New features:

• Health status. The Edge DNS System Status page provides a convenient and efficient method to learn about GTM operational issues. Its purpose is to complement Service Incident Notifications available on Akamai Community.
• Alias zone option. The Alias add-on is an optional tool designed to reduce per zone total cost of ownership (TCO) for low-volume domains or zones of DNS information, such as typo domains. This option reduces TCO with a lower per zone fee.
• Service Binding record types. New HTTPS and SVCB DNS resource record types provide clients with information about connections to network services from multiple, alternative locations or endpoints. These new record types also enable alias capability at the domain apex, a long-standing challenge for the Internet.
• ACME shell support. The ACME Shell script includes support for Edge DNS in this release.
• Certbot plugin support. The Edge DNS Certbot Plugin automates the process to complete Let’s Encrypt Domain Validation by creating and removing .txt records using Edge DNS and a DNS–01 Challenge type.
• CLI bulk zone imports. The Akamai CLI DNS provides bulk import capabilities with commands that you can use to submit a set of zones and check the result and status of zones.
• Menu improvements. The Akamai Control Center menu explicitly supports Edge DNS functions.

Application visibility and control (AVC) is now in beta

If your organization is participating in the AVC beta, you can now control access to web applications. You can define default policy behavior, or you can create a policy that is based on risk level, acceptable use policy (AUP) categories, category operations, applications, or specific operations for an application. You assign actions to each area of the AVC policy. As you configure each component, the detailed settings you set take precedence over more general settings. For example, the policy action you apply to an application takes precedence over an action that’s applied to its corresponding category or category operation.

You can also select the users and groups that can access a blocked web application and perform specific operations in the application. AVC supports the following ETP setups:

• ETP DNS. If ETP Proxy is not enabled, you can still control access to applications based on the application’s domain and IP address.
• ETP Secure Web Gateway. If ETP Proxy is enabled and configured as a full web proxy, you can control access to applications based on URLs, domains, IP addresses, and other attributes.

For more information, see the online help. To participate in the beta, contact your Akamai representative.

Known Issues and Limitations

Issue: Depending on the domain that’s used to access Google Gmail, an allow action for Gmail may not override a block action with a user exception to the Web-Based Email category. It also may not override the Very High risk level.

Workaround: There is currently no workaround.

Release Notes:  Ion

New Feature:

s-maxage Support. The s-maxage directive is now available to all Ion customers as part of the Caching behavior in Property Manager. S-maxage is a cache-control directive defined by the Internet Engineering Task Force’s (IETF) that makes it easier to configure caching across shared caches in a single setting.  For organizations that use multiple CDNs, this new capability significantly simplifies cache management. 

This is an opt in feature that enables you to define how long content should be cached starting from the time content is requested by configuring Time To Live (TTL) once across Akamai and any other CDNs and intermediary caches. 

The Caching behavior has a new option called Enhanced RFC support, which allows you to honor the s-maxage directive, and other RFC-supported directives, in Cache-Control response headers from the origin.