Document version: 06 July 2015
This Readme applies to Axway API Gateway 7.4.0 SP 1, for all platforms. The information in this Readme supersedes any corresponding information in the documentation (online or printed) previously supplied for the product.
The main aim of this service pack is to provide fixes for a number of reported defects.This service pack contains updates for:
The service pack contains new binaries only and does not overwrite the existing configuration.
File packages: An installation archive is provided for all platforms (for example,
APIGateway_7.4.0_SP1_Core_win-x86-32_BN201507061.zip
)
for Windows.
Size: The file size differs for each platform. The MD5 checksum is provided for each file.
This service pack provides the following corrections and enhancements.
Case ID | Internal ID | Description |
---|---|---|
— | 145056 | Issue: Custom response text not returned with HTTP response
Resolution: Previously, the API Gateway was not returning a custom response message with an HTTP response. Now, the API Gateway returns a custom response message with an HTTP response. |
— | 144736 | Issue: Core API Method Registration throws a ClassNotFound exception
Resolution: Previously, the API Gateway could throw the "ClassNotFoundException: com.vordel.apiportal.runtime.broker.parameters.ParameterValidator" exception when deploying an API created with the Policy Studio API registration wizard. Now, the API Gateway does not throw the "ClassNotFoundException: com.vordel.apiportal.runtime.broker.parameters.ParameterValidator" exception. |
— | 148847 | Issue: Invalid directories searched for Libvxml
Resolution: Previously, some API Gateway shared libraries were using built-in RPATH first searching for other libraries to resolve dependencies. This caused problems loading API Gateway where the built-in RPATH was accidentally matching system paths in a customer environment. Now, the RPATH is removed from reported API Gateway shared libraries. |
— | 148228 | Issue: XML signature verification error if XML namespace contains a space Resolution: Previously, the XML Sign/Verify process was always validating the XML namespaces disregarding the namespace validation flag settings in the LibXml2 configuration. Now, the XML Sign/Verify process checks the namespace validation flag settings in the LibXml2 configuration. |
775794 | 148652 | Issue: Retrieve from message filter is converting empty elements in text/xml to short form Resolution: Previously, the API Gateway was replacing empty XML element <a></a> with empty tag <a/>. Now, the API Gateway provides LibXml2 option to allow generating empty XML element <a></a> instead of empty tag <a/>. |
— | 148498 | Issue: Upgrade Xerces Resolution: Previously, an OutOfMemoryException in the xerces layer could occur during a schema check with data with large maxOccurs values. Now, no OutOfMemoryException occurs in the xerces layer. |
— | 148976 | Issue: Incorrect SP installation instructions in Readmes for Policy Studio and Configuration Studio Resolution: Previously, the SP installation instructions were incorrect in the SP Readmes. Now, the installation instructions are correct. |
— | 148022 | Issue: Maximum bytes per transaction issue Resolution: Previously, in Policy Studio, the Maximum Sent/Received Bytes per transaction configuration System Settings were incorrectly set. Now, the Maximum Sent/Received Bytes per transaction labels in Policy Studio match the actual values set in configuration. |
— | 147461 | Issue: Admin credentials required and checked on --submit_cert and --regen_certs in managedomain flows when should not be Resolution: Previously, when using --sign_with_external_ca and we submit the cert for the first ANM, admin credentials are required and an attempt is made to validate them, but there is no ANM running, so cert submission fails. Admin credentials were also always required for certificate regeneration which we may need to run offline. Now, credentials are not required when you submit the cert for the first ANM. For cert regeneration admin credentials are only prompted for when and if they are needed, for example, when the ANM needs to sign certs for second and subsequent hosts. Credentials are not prompted for on cert submission after cert regeneration with --sign_with_external_ca option. |
— | 149019 | Issue: Failure modifying CreateCookie filter after importing configuration into 7.4.0 due to upgrade issues Resolution: Previously, in Policy Studio, modifying the CreateCookie filter of a successfully imported configuration failed. Now, in Policy Studio, the CreateCookie filter of successfully imported configuration can be modified. |
— | 145781 | Issue: Unable to test LDAPS in Policy Studio Resolution: Previously, when using Policy Studio to test a LDAPS connection over SSL, the connection test failed and the exception trace indicated "Unconnected sockets not implemented". Now, in Policy Studio, the connection test to an LDAPS server over SSL will no longer generate the "Unconnected sockets not implemented" exception. |
— | 147511 | Issue: Switching off traffic monitor suppresses incoming/outgoing data from trace file Resolution: Previously, API Gateway did not write incoming/outgoing DATA traces in the trace file when Traffic Monitor was disabled. Now, API Gateway writes incoming/outgoing DATA traces in the trace file regardless of Traffic Monitor enabled/disabled state. |
— | 147549 | Issue: Java Crash - SIGSEGV in com.vordel.circuit.InvocationEngine.recordFilterEnd Resolution: Previously, the API Gateway was inconsistently crashing attempting to send a response after processing a large payload when the client had already closed the connection. Now, the API Gateway reports closed connections as expected when attempting to send a response. |
— | 147363 | Issue: Scheduled Analytics reports sometimes fail to run Resolution: Previously, the Analytics reports were incorrectly rescheduled on refresh and hence failed to run. Now, the Analytics reports are scheduled on refresh as expected. |
774947 | 147941 | Issue: Problems with management certificates setup Resolution: Previously, if you tried to submit an externally signed cert that did not match the private key on disk you saw an error "java.lang.Exception: java.lang.Exception: RSA_private_decrypt failed". Now, you will see "Error: Public key in certificate and private key on disk do not match. Detail: java.lang.Exception: RSA_private_decrypt failed". Previously, if you submitted a PEM file that did not contain the certificates ordered correctly (for example, NM/GW, followed by Inter CA followed by Root CA) you would see the error "TypeError: 'NoneType' object is unsubscriptable". Now, if you submit a PEM file that does not contain the certificates ordered correctly they are ordered automatically for you. The order of the certs in the PEM file should not matter. |
776810 | 148186 | Issue: Directory Scanner moves folders as well as files when no file type specified Resolution: Previously, the Directory Scanner was also processing folders when no file type was specified in the configuration. Now, the Directory Scanner processes files as required when no file type is specified in the configuration. |
— | 148742 | Issue: Unable to move file using FTP poller Resolution: Previously, if an FTP Poller was configured to move the file to a multi-level directory that did not exist, a failure would occur with some SFTP servers as it would not allow the creation of multiple levels of directories via one command. Also some FTP Servers would throw errors if the FTP Poller tried to create a directory that already existed. It was difficult to diagnose the issue as the the SFTP errors were not written to the trace. Now, the FTP Poller will not try to create a directory that already exists. It will attempt to create a directory that does not exist as entered by the user. Some SFTP Servers will fail to create a multiple level directory. If a directory cannot be created by the FTP Poller it should be done manually. The API Gateway will now output the SFTP errors to the trace. |
— | 148739 | Issue: DB filter aborts with NPE when stored procedure returns NULL Resolution: Previously, a NPE was returned from the Retrieve from or write to database filter when a stored procedure was called that returned a NULL. Now, when a NULL is returned by the stored procedure it is ignored and no message attribute is set. It is possible to set "" (blank) value in a message attribute for the returned NULL value of the stored procedure by setting the Java system property "ALLOW_NULL_VALUES_FROM_DB=true" in jvm.xml (for example, <VMArg name="-DALLOW_NULL_VALUES_FROM_DB=true" />). |
— | 147872 | Issue: Cannot Start Instance: Piper Server Stopping error Resolution: Previously, a user could specify a P12 file to sign SSL certificates for management traffic that did not contain a full certificate chain (option 2 for cert management). This led to a failure to start the API Gateway due to missing certs in the chain. If the user supplies a p12 with an intermediate CA and a root CA, the trusted CA cert on the SSL ports for Node Manager was the Root CA. Now, managedomain validates the P12 specified by the user and ensures that the full certificate chain is included (option 2 for cert management). Self-signed certificates are allowed (option 2 for cert management). If the user supplies a p12 with an intermediate CA and a root CA, the trusted CA cert on the SSL ports for Node Manager is now the Intermediate CA, as this is the "Domain CA". Validation on the certificate PEM files submitted for option 3 (External CA) for cert management has also been improved to ensure the full cert chain is included. |
777877 | 148523 | Issue: Node Manager appears to hang on startup due to AMI license check Resolution: Previously, the API Gateway Node Manager could hang on startup due to AMI license check. Now, the API Gateway Node Manager uses default 5000 ms timeout attempting the AMI license check. You can also use the V_AMI_TIMEOUT environmental variable to set a custom timeout instead of the default. |
— | 146903 | Issue: Problems upgrading from v7.1 to v7.3.1 using UPGRADECONFIG Resolution: Previously, upgrade of a Web Service configuration could fail if a WSDL URL in the Web Service is not normalized. Now, a Web Service with a not normalized WSDL URL is upgraded successfully. |
— | 146073 | Issue: Content-Type HTTP header is duplicated when using ICAP filter Resolution: Previously, the HTTP Response header has a duplicate Content-Type field when using the ICAP filter. Now, the HTTP Response header correctly has a single Content-Type field when using the ICAP Filter. In the case of a multi-part response where the content types are different, multiple Content-Types are still permitted. |
— | 147031 | Issue: API Gateway fails to deploy configuration Resolution: Previously, the API Gateway could crash attempting to log libxml error messages containing %-encoded characters. Now, the API Gateway logs libxml error messages containing %-encoded characters. |
The following issues are known and scheduled for correction in a future release.
Case ID | Internal ID | Description |
---|---|---|
779258 | 149253 | Issues with upgrade from 7.2.3 to 7.4.0 |
779817 | 149354 | API Gateway port 8090 is vulnerable to an XSRF attack |
— | 147658 | PassPort configuration deployment causing API Gateway to hang |
775282 | 147898 | LDAP character conversion issue |
— | 146579 | Problems in sysexport when upgrading from 7.1 to 7.3.1 SP2 |
772223 | 146355 | Issues with upgrade from 6.1.3 to 7.4.0 |
774850 | 147428 | The 'Do not use the SSLv2/SSLv3 protocol' flags on a HTTPS port does not prevent the use of SSLv2/SSLv3 |
— | 144751 | Cannot add optional path parameters for an API Method in Policy Studio |
— | 148841 | Allow access to attributes from a MAIL FROM policy handler |
This service pack has the following prerequisites in addition to the prerequisites specified for the main product release:
INSTALL_DIR/system/lib/modules
directory.This section describes how to install the service pack on an existing installation of API Gateway.
Note
To install the service pack on your existing API Gateway 7.4.0 Core Server installation, perform the following steps:
INSTALL_DIR/ext/lib
directory (or the ext/lib
directory in an API Gateway instance). These patches have already been included in this service
pack. You do not need to copy patches from a previous version.
apigateway
directory
within your existing installation directory. For example:
tar -xzvf APIGateway_7.4.0_SP1_Core_linux-x86-64_BN201507061.tar.gz -C
/opt/Axway-7.4.0/apigateway/
Note
ls -l INSTALL_DIR/apigateway/posix/bin
command to view the owner of
the binaries.
To install the service pack on your existing API Gateway Analytics 7.4.0 installation, perform the following steps:
INSTALL_DIR/ext/lib
directory (or the ext/lib
directory in an API Gateway Analytics instance). These patches have already been included in this service
pack. You do not need to copy patches from a previous version.
analytics
directory within your existing API Gateway 7.4.0 installation directory. For example:
tar -xzvf APIGateway_7.4.0_SP1_Analytics_linux-x86-64_BN201507061.tar.gz -C
/opt/Axway-7.4.0/analytics/
Note
ls -l INSTALL_DIR/analytics/posix/bin
command to view the owner of
the binaries.
To install the service pack on your existing Policy Studio installation, perform the following steps:
INSTALL_DIR/policystudio
directory.policystudio
directory within your existing API Gateway 7.4.0 installation directory. For example:
tar -xzvf APIGateway_7.4.0_SP1_PolicyStudio_linux-x86-64_BN201507061.tar.gz -C
/opt/Axway-7.4.0/policystudio/
To install the service pack on your existing Configuration Studio installation, perform the following steps:
INSTALL_DIR/configurationstudio
directory.configurationstudio
directory within your existing API Gateway 7.4.0 installation directory. For example:
tar -xzvf APIGateway_7.4.0_SP1_ConfigurationStudio_linux-x86-64_BN201507061.tar.gz -C
/opt/Axway-7.4.0/configurationstudio/
To allow an unprivileged user to run the API Gateway on a Linux system, perform the following steps:
INSTALL_DIR/system/conf/jvm.xml
file.
<VMArg
name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/amd64/server:
$VDISTDIR/$DISTRIBUTION/jre/lib/amd64:$VDISTDIR/$DISTRIBUTION/lib/engines:
$VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:
$VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>
<VMArg
name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/i386/server:
$VDISTDIR/$DISTRIBUTION/jre/lib/i386:$VDISTDIR/$DISTRIBUTION/lib/engines:
$VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:
$VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>
setcap 'cap_net_bind_service=+ep'
INSTALL_DIR/platform/bin/vshell
to allow the API Gateway to listen on privileged ports.
Note
Go to Axway Sphere at https://support.axway.com to find all documentation for this product version.
For information about how API Gateway is used in Axway 5 Suite, refer to:
All Axway documentation is available from Axway Sphere at https://support.axway.com.
The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements.
Email support@axway.com or visit Axway Sphere at https://support.axway.com.
Copyright © 2015 Axway. All rights reserved