Download

 Axway API Gateway 7.4.0 SP 3 Readme

Axway API Gateway 7.4.0 SP 3 Readme

Document version: 10 February 2016


Readme for 7.4.0 SP 3

This Readme applies to Axway API Gateway 7.4.0 SP 3, for all platforms. The information in this Readme supersedes any corresponding information in the documentation (online or printed) previously supplied for the product.

The main aim of this service pack is to provide fixes for a number of reported defects. This service pack contains updates for:

The service pack contains new binaries only and does not overwrite the existing configuration.

File packages: An installation archive is provided for all platforms (for example, APIGateway_7.4.0_SP3_Core_win-x86-32_BNYYYYMMDDn.zip for Windows).

Size: The file size differs for each platform. The MD5 checksum is provided for each file.

Corrections and enhancements

This service pack provides the following corrections and enhancements.

Case ID Internal ID Description
790450 RDAPI-129

Issue: API Gateway crashes when decrypting XML with duplicate elements
Resolution: Previously, API Gateway was crashing if an error was found during XML element decryption. Now, API Gateway correctly handles errors found during XML element decryption.

789954 RDAPI-133 Issue: API Gateway sends garbage data when both sides of a WebSocket send frames at the same time
Resolution: Previously, API Gateway was not always correctly processing WebSocket messages causing payload corruption and premature connection close. Now, API Gateway processes all data sent using WebSockets correctly.
- RDAPI-137 Issue: Kerberos filters failing on Solaris
Resolution: Previously, Kerberos filters were failing on Solaris using secret keys from a keytab file. Now, Kerberos filters can use secret keys from a keytab file.
800729 RDAPI-164 Issue: API Gateway crashed parsing a SOAP request
Resolution: Previously, API Gateway could crash attempting to report an error with message containing percent-encoded characters while processing a SOAP request. Now, API Gateway successfully reports an error with message containing percent-encoded characters.
800861 RDAPI-368 Issue: Upgrading API Gateway gives KPS Table error: OAuthAuthorizations does not exist
Resolution: Previously, when upgrading a configuration, an OAuth-specific table named OAuthAuthorizations was missing. Now, the OAuth table is created during the sysupgrade process.
804257 RDAPI-574 Issue: OAuth missing INSTALL_DIR/apigateway/webapps/apiportal/vordel/apiportal/registry-login/style.css
Resolution: Previously, the OAuth login for the Client Application Registry failed because it was missing required stylesheets. Now, the OAuth login for the Client Application Registry launches correctly.
773388 RDAPI-911 Issue: Invalid directories searched for OpenSSL
Resolution: Previously, OpenSSL was incorrectly including an RPATH local to the API Gateway build. Now, OpenSSL includes the API Gateway platform/lib RPATH.
771646 RDAPI-915 Issue: OpenSSL FIPS mode updates
Resolution: Previously, API Gateway was including OpenSSL 1.0.1j-fips which has security vulnerabilities. Now, API Gateway includes OpenSSL 1.0.1p-fips addressing known security vulnerabilities. For more details, see http://openssl.org/news/secadv/20150709.txt.
805098 RDAPI-971 Issue: JMS timeout setting has an upper limit of 20 seconds
Resolution: Previously the maximum JMS wait timeout was 20 000 ms. Now, the maximum timeout is the minimum value that an int can have (2^31).
774850 RDAPI-995 Issue: do not use SSLv2 and SSLv3 flags on a port do not prevent use of SSLv2/3
Resolution: Previously, SSL options for an interface were not always correctly loaded from the HTTPS listener configuration in API Gateway. Now, SSL options are correctly loaded from the HTTPS listener configuration in API Gateway.
808539 RDAPI-1002 Issue: nodetool configuration with cassandra-tools-jvm.xml and multiple Apache Cassandra instances
Resolution: Previously, the release notes did not state that the nodetool ring command is deprecated, and must not be used. Now, the release notes state that nodetool ring is deprecated, and you must use nodetool status instead.
802357 RDAPI-1071 Issue: Setting JNDI Properties in LDAP configuration does not work
Resolution: Previously, it was not clear if LDAP connection custom JNDI parameters are applied successfully, and for some SSL configurations, java.net.SocketException: Unconnected sockets not implemented was thrown. Now, the custom JNDI parameters specified for an LDAP connection are reported in DEBUG trace level, and SSL connections have the required socket implementation.
- RDAPI-1101 Issue: Connect to URL filter throws NPE when using Kerberos Credential Profile under stress
Resolution: Previously, the Connect to URL filter was throwing NullPointerException when using Kerberos Credential Profile. Now, the Connect to URL filter works with Kerberos Credential Profile.
816917 RDAPI-1141 Issue: OpenSSL Security Advisory [3 Dec 2015]
Resolution: Previously, API Gateway was including OpenSSL 1.0.1p-fips, which has security vulnerabilities. Now, API Gateway includes OpenSSL 1.0.1q-fips addressing known security vulnerabilities. For more details, see http://openssl.org/news/secadv/20151203.txt.
729048 RDAPI-1157 Issue: API Gateway caches failing to connect to LDAP due to AuthN failure
Resolution: Previously, unsuccessful LDAP connections that failed to due AuthN errors were incorrectly cached, and errors were not reported. Now, LDAP connections that failed due to AuthN errors are reported.
812623 RDAPI-1264 Issue: JSON Add Node filter throws exception
Resolution: Previously, if the JSON Add Node filter was used to add a node to a JSON document, and the node content evaluated to null, a NullPointerException was thrown. Now, the new JSON node is successfully added with value set to null.
813541 RDAPI-1367 Issue: Cannot encrypt message with existing symmetric key
Resolution: Previously, the XML-Encryption filter always attempted to use only a generated symmetric key instead of the key provided by the message attribute (for example, symmetric.key). Now, the XML-Encryption filter uses the symmetric key configured in the XML-Encryption Settings filter.
- RDAPI-1454 Issue: Optimize OAuth Token Info filter
Resolution: Previously, the OAuth Token Info filter and token validation were slow due to object serialization and reflection. Now, the OAuth Token Info filter and token are refactored to be more efficient.
815887 RDAPI-1490 Issue: HTTP method for policies ignored when CORS is enabled
Resolution: Previously, when matching incoming HTTP requests to policies using relative path resolvers, the HTTP method was ignored if the relative path resolver had the CORS profile set. Now, the relative path resolver correctly resolves the HTTP request.
807497 RDAPI-1565 Issue: Analytics Audit log Search query does not work properly
Resolution: Previously, the Any/All and AND/OR buttons did not appear to work in the audit log search dialog in the API Gateway Analytics UI. Now, these buttons correctly show the logic that will be applied when the search query executes.
- RDAPI-1679 Issue: API Gateway crashes during soak test
Resolution: Previously, API Gateway could crash due to a small memory leak in Traffic Monitoring. Now, API Gateway Traffic Monitoring memory handling is improved.
- RDAPI-1785 Issue: Memory leak getting encoded private key (PKCS8)
Resolution: Previously, there was a memory leak encoding private key in PKCS8 format. Now, no memory leak when encoding private key in PKCS8 format.
- RDAPI-1905 Issue: Memory leak getting encoded certificate info (PKSC7)
Resolution: Previously, there was a memory leak encoding certificates in PKCS7 format. Now, no memory leak when encoding certificates in PKCS7 format.
814503 RDAPI-1994 Issue: Installation of 7.4.0 SP 1 will fail if FIPS mode is enabled
Resolution: Previously, the API Gateway SP readme did not include instructions to disable FIPS before applying the SP. Now, the API Gateway SP readme includes instructions to disable FIPS before applying the SP.

Known issues

The following issues are known and scheduled for correction in a future release.

Case ID Internal ID Description
808644 RDAPI-1066 Cassandra-backed Client Application Registry is not correctly migrated from version 7.2.x to 7.4.0 SP 2.
810590 RDAPI-1165 Extract MTOM filter returns incorrect Content-Type for SOAP 1.2.

Install the service pack

Prerequisites

This service pack has the following prerequisites in addition to the prerequisites specified for the main product release:

  1. Shut down any Node Manager or API Gateway instances on your existing installation.
  2. Back up your existing installation. For details on backing up, see the API Gateway Administrator Guide.
  3. Remove any old third-party libraries. To do this, delete the INSTALL_DIR/system/lib/modules directory.
  4. You must back up any customized API Manager data in INSTALL_DIR/apigateway/webapps/apiportal/vordel/apiportal/app/app.config before applying API Gateway and API Manager service packs. You must then restore customized API Manager data manually in the new app.config file.
  5. If FIPS mode is enabled, you must perform the following steps:
    1. Run togglefips --disable to turn FIPS mode off.

    2. Start the nodemanager to move the JARs.

    3. Stop the nodemanager.

    4. Install API Gateway 7.4.0 SP 3.

    5. Start the nodemanager.

    6. Stop the nodemanager.

    7. Run togglefips --enable to turn FIPS on again.

    8. Start the nodemanager.

Installation

This section describes how to install the service pack on an existing installation of API Gateway.

Note

Install the API Gateway Core Server service pack

To install the service pack on your existing API Gateway 7.4.0 Core Server installation, perform the following steps:

  1. Ensure that your existing API Gateway instance and Node Manager have been stopped. For more details, see the API Gateway Administrator Guide.
  2. Remove any previous patches from your INSTALL_DIR/ext/lib directory (or the ext/lib directory in an API Gateway instance). These patches have already been included in this service pack. You do not need to copy patches from a previous version.
  3. Unzip and extract API Gateway 7.4.0 SP 3 Core over the apigateway directory in your existing installation directory. For example:
  4. tar -xzvf APIGateway_7.4.0_SP3_Core_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.4.0/apigateway/

Note

Install the API Gateway Analytics service pack

To install the service pack on your existing API Gateway Analytics 7.4.0 installation, perform the following steps:

  1. Ensure that your existing API Gateway Analytics instance and Node Manager have been stopped. For more details, see the API Gateway Administrator Guide.
  2. Remove any previous patches from your INSTALL_DIR/ext/lib directory (or the ext/lib directory in an API Gateway Analytics instance). These patches have already been included in this service pack. You do not need to copy patches from a previous version.
  3. Unzip and extract API Gateway 7.4.0 SP 3 Analytics over the analytics directory within your existing API Gateway 7.4.0 installation directory. For example:
  4. tar -xzvf APIGateway_7.4.0_SP3_Analytics_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.4.0/analytics/

Note

Install the Policy Studio service pack

To install the service pack on your existing Policy Studio installation, perform the following steps:

  1. Shut down Policy Studio.
  2. Back up your existing INSTALL_DIR/policystudio directory.
  3. Unzip and extract API Gateway 7.4.0 SP 3 Policy Studio over the policystudio directory within your existing API Gateway 7.4.0 installation directory. For example:
  4. tar -xzvf APIGateway_7.4.0_SP3_PolicyStudio_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.4.0/policystudio/

Note

Install the Configuration Studio service pack

To install the service pack on your existing Configuration Studio installation, perform the following steps:

  1. Shut down Configuration Studio.
  2. Back up your existing INSTALL_DIR/configurationstudio directory.
  3. Unzip and extract API Gateway 7.4.0 SP 3 Configuration Studio over the configurationstudio directory within your existing API Gateway 7.4.0 installation directory. For example:
  4. tar -xzvf APIGateway_7.4.0_SP3_ConfigurationStudio_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.4.0/configurationstudio/

Note

After installation

To allow an unprivileged user to run the API Gateway on a Linux system, perform the following steps:

  1. Add the following line to the INSTALL_DIR/system/conf/jvm.xml file.
  2. 64-bit installation

    <VMArg name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/amd64/server:
    $VDISTDIR/$DISTRIBUTION/jre/lib/amd64:$VDISTDIR/$DISTRIBUTION/lib/engines:
    $VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:
    $VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>

  3. 32-bit installation

    <VMArg name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/i386/server:
    $VDISTDIR/$DISTRIBUTION/jre/lib/i386:$VDISTDIR/$DISTRIBUTION/lib/engines:
    $VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:
    $VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>

  1. Run the command setcap 'cap_net_bind_service=+ep' INSTALL_DIR/platform/bin/vshell to allow the API Gateway to listen on privileged ports.

Note


Documentation

Go to Axway Sphere at https://support.axway.com to find all documentation for this product version.

For information about how API Gateway is used in Axway 5 Suite, refer to:

All Axway documentation is available from Axway Sphere at https://support.axway.com.


Support services

The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements.
Email support@axway.com or visit Axway Sphere at https://support.axway.com.


Copyright © 2016 Axway. All rights reserved