Download

 Axway API Gateway 7.4.0 SP 2 Readme

Axway API Gateway 7.4.0 SP 2 Readme

Document version: 19 October 2015


Readme for 7.4.0 SP 2

This Readme applies to Axway API Gateway 7.4.0 SP 2, for all platforms. The information in this Readme supersedes any corresponding information in the documentation (online or printed) previously supplied for the product.

The main aim of this service pack is to provide fixes for a number of reported defects. This service pack contains updates for:

The service pack contains new binaries only and does not overwrite the existing configuration.

File packages: An installation archive is provided for all platforms (for example, APIGateway_7.4.0_SP2_Core_win-x86-32_BNYYYYMMDDn.zip for Windows).

Size: The file size differs for each platform. The MD5 checksum is provided for each file.

Corrections and enhancements

This service pack provides the following corrections and enhancements.

Case ID Internal ID Description
775282 147898

Issue: LDAP character conversion issue
Resolution: Previously, an LDAP repository for connecting to the IBM Resource Access Control Facility (RACF) was unable to properly format the Base Criteria to include the User Search Attribute. Now you can specify this additional formatting by including the keyword {basecriteria} in the User Search Attribute field (for example, User Search Attribute: {basecriteria}racfid).

779069 150535

Issue: SSL connection WRITE_PENDING: bad write retry
Resolution: Previously, the API Gateway might close the connection while sending a large payload in a response, due to write failure caused by SSL IO errors. Now, the API Gateway handles SSL IO errors and attempts to retry SSL read/write accordingly.

779770 151962

Issue: Different behavior between v7.3 and v7.4
Resolution: Previously, the Directory Scanner set the file.src.path message attribute the processing directory, which was incorrectly changed to the original input directory. Now, the Directory Scanner sets the file.src.path message attribute the processing directory.

779817 149354

Issue: API Gateway port 8090 vulnerable to XSRF attack
Resolution: Previously, the API Gateway Manager web application was vulnerable to potential CSRF attacks. Now, when upgrading API Gateway configuration, the migrated API Gateway Manager web application has a Referer Header check enabled. For existing 7.4.0 installations, the following manual step is required to enable the Referer Header check:

Enable protection for the API Gateway Manager web app (8090) by adding the following Jersey property to the RBACServletContainer configuration (in $VDISTDIR/conf/fed/configs.xml):

Name: com.sun.jersey.spi.container.ResourceFilters
Value: com.vordel.common.apiserver.filter.CsrfProtectionFilterFactory

For more details, see https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet.

780484 149910

Issue: XPath not visible after upgrade from v7.1.1 to v7.4.0 SP 1 (via 7.3.0 SP 2)
Resolution: Previously, in Policy Studio when editing the Retrieve Attributes from message filter, custom XPath expressions may not display in the XPath expression popup menu. Now, in Policy Studio when editing the Retrieve Attributes from message filter, all available XPath expressions are shown in the XPath expression tree view dialog for selection.

782269 150375

Issue: Update of embedded JRE in infield versions
Resolution: Previously, API Gateway 7.4.0 was using JRE 7u51. Now, API Gateway 7.4.0 uses JRE 7u85. For more details, see Oracle Critical Patch Update Advisory - July 2015: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

784051 151083 Issue: REST API docs missing from Oracle API Gateway v7.4
Resolution: Previously, the API Gateway REST API documentation was not always included in the Service Pack. Now, the API Gateway REST API documentation is included in the Service Pack.
784512 151229 Issue: Invalid reference in API Gateway Policy Developer Guide
Resolution: Previously, the Policy Developer Guide contained an invalid reference in examples of selector expressions. Now, the Policy Developer Guide does not contain an invalid reference in examples of selector expressions.
785175 151687

Issue: SLA Filter does not trigger an alert when Response time requirements are breached.
Resolution: Previously the Response time requirements criteria for breaching an SLA would return false positives when based on client events (Received (start|end) request and Sent (start|end) Response). The time for these events was always zero, and so would not breach the time requirement. Server events such as Sent Request, Received Response would work however because the times were based on the Outbound Call Record (OCR).

Now, a response time requirement based on client-side events attempts to use a server transaction to establish the times of requests. If a server transaction is not available, zero is returned as before. For example, this might be the case when using a cron job or a directory scanner.

785198 151576 Issue: API Gateway v7.4 Install Guide missing steps for upgrading Analytics
Resolution: Previously, API Gateway v7.4 Install Guide was missing steps for upgrading API Gateway Analytics. Now, the API Gateway v7.4 Install Guide includes all steps for upgrading Analytics.
785809 152288 Issue: Problem on startup initializing the Luna HSM engine
Resolution: Previously, using HSM sessions in multiple threads could cause PKCS11 CK_RV=0x90 errors, and could cause the system to become unstable. Now, the HSM sessions are thread-safe.
786897 152274 Issue: Oracle API Gateway sysupgrade script not fully Oracle-branded
Resolution: Previously, when executing the sysupgrade script the Oracle build referred to Axway. Now, the sysupgrade script takes branding configuration into account.
787659 152633 Issue: Decode extracted attributes still decoding even if not selected in Extract REST Attributes filter
Resolution: Previously, the Extract REST Attributes filter was incorrectly overwriting the http.raw.querystring message attribute. Now, the Extract REST Attributes filter does not overwrite the http.raw.querystring message attribute.
789992 153726 Issue: Java crash—SIGSEGV in libc.so.6 at fclose()
Resolution: Previously, API Gateway was crashing if it could not create a file to store event logs. Now, API Gateway reports error when failed to create a file to store event logs.
- 148841 Issue: Allow access to attributes from a MAIL FROM policy handler
Resolution: Previously, MAIL, RCPT and DATA policy handlers did not have access to the authentication.subject.id and authentication.subject.password message attributes. Now, MAIL, RCPT and DATA policy handlers have access to the authentication.subject.id and authentication.subject.password message attributes.
- 149884 Issue: Admin credentials should not be required for --regen_certs in managedomain
Resolution: Previously, when using managedomain --regen_cert and submitting a certificate for the first Admin Node Manager, admin credentials are required, and an attempt is made to validate them. But there is no Admin Node Manager running, so the certificate submission fails. Now, managedomain can regenerate the certificate for the first Admin Node Manager offline with --regen_cert.
- 150270 Issue: Very slow deployments causes failures
Resolution: Previously, API Gateway had poor performance loading deployed configuration containing JSONSchema/XSLT entities. This might cause the Node Manager to report deployment errors due to a timeout waiting for the response from the instance reloading such configuration. Now, API Gateway has been improved instantiating JSONSchema/XSLT entities when reloading newly deployed configuration.
- 151300 Issue: SIGSEGV from libvcommon.so in Vordel::BoundHeap::allocImpl
Resolution: Previously, API Gateway could crash allocating memory due to an incorrect check of available memory per transaction. Now, API Gateway correctly reports out of memory errors.
- 152164 Issue: Certificate check from Connection filter is case sensitive
Resolution: Previously, the Connect to URL filter reported that the host name in the request did not match the server's certificate subject, where the certificate subject name contains upper/lower-case characters. Now, the Connect to URL filter correctly matches host name against the server's certificate subject containing upper/lower-case characters.
- 152784 Issue: Large native memory leak from vshell process
Resolution: Previously, if XML redaction was used in any policy, the vshell process would grow in memory size. This would require a restart of the API Gateway to resolve. Now, use of XML redaction on any messages does not cause permanent growth in message size and does not require an API Gateway restart after periodic use.
- 153296 Issue: Resolver Paths not working correctly.
Resolution: Previously, API Gateway failed to resolve to the proper path / policy while handling HEAD request and having both GET and HEAD methods for the same path configured in API Gateway. Now, API Gateway resolves to the correct path / method rule

Known issues

The following issues are known and scheduled for correction in a future release.

Case ID Internal ID Description
774850 147428 The do not use SSLv2 and SSLv3 flags on a port do not prevent the use of SSLv2/3
790450 153827 API Gateway crashes when decrypting XML with duplicate elements
- 146109 OpenSSL patches required for FIPS mode updates
- 154460 API Gateway sends garbage data when both sides of a WebSocket send frames at the same time

Install the service pack

Prerequisites

This service pack has the following prerequisites in addition to the prerequisites specified for the main product release:

  1. Shut down any Node Manager or API Gateway instances on your existing installation.
  2. Back up your existing installation. For details on backing up, see the API Gateway Administrator Guide.
  3. Remove any old third-party libraries. To do this, delete the INSTALL_DIR/system/lib/modules directory.

Installation

This section describes how to install the service pack on an existing installation of API Gateway.

Note

Install the API Gateway Core Server service pack

To install the service pack on your existing API Gateway 7.4.0 Core Server installation, perform the following steps:

  1. Ensure that your existing API Gateway instance and Node Manager have been stopped. For more details, see the API Gateway Administrator Guide.
  2. Remove any previous patches from your INSTALL_DIR/ext/lib directory (or the ext/lib directory in an API Gateway instance). These patches have already been included in this service pack. You do not need to copy patches from a previous version.
  3. Unzip and extract API Gateway 7.4.0 SP 2 Core over the apigateway directory in your existing installation directory. For example:
  4. tar -xzvf APIGateway_7.4.0_SP2_Core_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.4.0/apigateway/

Note

Install the API Gateway Analytics service pack

To install the service pack on your existing API Gateway Analytics 7.4.0 installation, perform the following steps:

  1. Ensure that your existing API Gateway Analytics instance and Node Manager have been stopped. For more details, see the API Gateway Administrator Guide.
  2. Remove any previous patches from your INSTALL_DIR/ext/lib directory (or the ext/lib directory in an API Gateway Analytics instance). These patches have already been included in this service pack. You do not need to copy patches from a previous version.
  3. Unzip and extract API Gateway 7.4.0 SP 2 Analytics over the analytics directory within your existing API Gateway 7.4.0 installation directory. For example:
  4. tar -xzvf APIGateway_7.4.0_SP2_Analytics_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.4.0/analytics/

Note

Install the Policy Studio service pack

To install the service pack on your existing Policy Studio installation, perform the following steps:

  1. Shut down Policy Studio.
  2. Back up your existing INSTALL_DIR/policystudio directory.
  3. Unzip and extract API Gateway 7.4.0 SP 2 Policy Studio over the policystudio directory within your existing API Gateway 7.4.0 installation directory. For example:
  4. tar -xzvf APIGateway_7.4.0_SP2_PolicyStudio_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.4.0/policystudio/

Note

Install the Configuration Studio service pack

To install the service pack on your existing Configuration Studio installation, perform the following steps:

  1. Shut down Configuration Studio.
  2. Back up your existing INSTALL_DIR/configurationstudio directory.
  3. Unzip and extract API Gateway 7.4.0 SP 2 Configuration Studio over the configurationstudio directory within your existing API Gateway 7.4.0 installation directory. For example:
  4. tar -xzvf APIGateway_7.4.0_SP2_ConfigurationStudio_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.4.0/configurationstudio/

Note

After installation

To allow an unprivileged user to run the API Gateway on a Linux system, perform the following steps:

  1. Add the following line to the INSTALL_DIR/system/conf/jvm.xml file.
  2. 64-bit installation

    <VMArg name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/amd64/server:
    $VDISTDIR/$DISTRIBUTION/jre/lib/amd64:$VDISTDIR/$DISTRIBUTION/lib/engines:
    $VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:
    $VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>

  3. 32-bit installation

    <VMArg name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/i386/server:
    $VDISTDIR/$DISTRIBUTION/jre/lib/i386:$VDISTDIR/$DISTRIBUTION/lib/engines:
    $VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:
    $VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>

  1. Run the command setcap 'cap_net_bind_service=+ep' INSTALL_DIR/platform/bin/vshell to allow the API Gateway to listen on privileged ports.

Note


Documentation

Go to Axway Sphere at https://support.axway.com to find all documentation for this product version.

For information about how API Gateway is used in Axway 5 Suite, refer to:

All Axway documentation is available from Axway Sphere at https://support.axway.com.


Support services

The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements.
Email support@axway.com or visit Axway Sphere at https://support.axway.com.


Copyright © 2015 Axway. All rights reserved