Readme for 7.5.2 SP 2
This Readme applies to Axway API Gateway 7.5.2 SP 2, for all platforms. The information in this Readme supersedes any corresponding information in the documentation (online or printed) previously supplied for the product.
The main aim of this service pack is to provide fixes for a number of reported defects. This service pack contains updates for:
- API Gateway Core Server
- API Gateway Analytics
- Policy Studio
- Configuration Studio
The service pack contains new binaries only and does not overwrite the existing configuration.
File packages: An installation archive is provided for all platforms (for example, APIGateway_7.5.2_SP2_Core_win-x86-32_BNYYYYMMDDn.zip for Windows).
Size: The file size differs for each platform. The MD5 checksum is provided for each file.
Fixed issues
Fixed security vulnerabilities
Internal ID | Case ID | CVE ID | Description |
---|---|---|---|
RDAPI-6931 | 00873458 | CVE-2013-4517 |
Issue: Update XML Security for Java (xmlsec) to version 1.5.8
Resolution: Previously, API Gateway included xmlsec-1.4.4.jar, which is vulnerable. Now, API Gateway includes xmlsec-1.5.8.jar, which addresses known vulnerabilities. |
RDAPI-7592 | CVE-2017-3731, CVE-2017-3730, CVE-2017-3732, CVE-2016-7055 |
Issue: Update to OpenSSL version
Resolution: Previously, API Gateway included OpenSSL version 1.0.2, which is vulnerable. Now, API Gateway includes OpenSSL 1.0.2k-fips, which addresses known vulnerabilities. |
|
RDAPI-7593 | 00878864 | CVE-2017-3241 |
Issue: Update Java to 8u121
Resolution: Previously, API Gateway included Java 8u102, which is vulnerable. Now, API Gateway includes Java 8u121, which addresses known vulnerabilities. |
Other fixed issues
Internal ID | Case ID | Description |
---|---|---|
RDAPI-6932 | 00871927 |
Issue: Unable to deselect items when exporting configuration fragment in Policy Studio.
Resolution: Previously, all referenced configuration elements were exported by default in Policy Studio. Now, a suggested list of referenced configuration elements can be exported by default. You can deselect those suggested configuration elements that might be exported separately. |
RDAPI-7402 | 00879287 |
Issue: Cannot edit policy assembly in Policy Studio.
Resolution: Previously, you could not edit a policy assembly in Policy Studio after it was created. Now, you can edit policy assemblies after they are created. |
Known issues
This service pack has no known issues.
Install the service pack
Prerequisites
This service pack has the following prerequisites in addition to the prerequisites specified for the main product release:
- Shut down any Node Manager or API Gateway instances on your existing installation.
- Back up your existing installation. For details on backing up, see the API Gateway Administrator Guide.
- Remove any old third-party libraries. To do this, delete the
INSTALL_DIR/system/lib/modules
directory. - Remove the old JSON path file from Policy Studio (
policystudio/plugins/com.vordel.rcp.filterbase_7.5.2._DATE/lib/json-path-<version>.jar
). - If you have an existing Cassandra installation, ensure
JAVA_HOME
is set correctly incassandra.in.sh
andcassandra.in.bat
to ensure Cassandra tools are launched successfully.
FIPS mode only
If FIPS mode is enabled, you must perform the following steps to install the service pack:
- Run
togglefips --disable
to turn FIPS mode off. - Start the Node Manager to move the JARs.
- Stop the Node Manager.
- Install the API Gateway service pack.
- Start the Node Manager.
- Stop the Node Manager.
- Run
togglefips --enable
to turn FIPS on again. - Start the Node Manager.
Installation
This section describes how to install the service pack on an existing installation of API Gateway.
Note
- To install a new API Gateway installation from scratch without an existing installation, see the API Gateway Installation Guide.
- To upgrade from an earlier version of API Gateway to 7.5.2, see the API Gateway Upgrade Guide.
Install the API Gateway Core Server service pack
To install the service pack on your existing API Gateway 7.5.2 Core Server installation, perform the following
steps:
- Ensure that your existing API Gateway instance and Node Manager have been stopped. For more details, see the API Gateway Administrator Guide.
- Remove any previous patches from your
INSTALL_DIR/ext/lib
directory (or theext/lib
directory in an API Gateway instance). These patches have already been included in this service pack. You do not need to copy patches from a previous version. - Unzip and extract API Gateway 7.5.2 SP 2 Core over the
apigateway
directory in your existing installation directory. For example:tar -xzvf APIGateway_7.5.2_SP2_Core_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.5.2/apigateway/
- Run the following script:
Linux:INSTALL_DIR/apigateway/apigw_sp_post_install.sh
Windows:INSTALL_DIR\apigateway\apigw_sp_post_install.bat
API Gateway Appliance only
Perform the following additional steps on the appliance before starting the Node Manager or API Gateway: - Run the following command:
# [ -f /etc/vordel/ssl-engines.xml ] && mv /etc/vordel/ssl-engines.xml /etc/vordel/ssl-engines.xml.1
- Run the following:
# chown -R admin:admin /opt/gateway/
# grep "java.library.path" /opt/gateway/system/conf/jvm.xml || sed -i.bak -e '/<JVMSettings/a\\n <!-- Set to allow correct library load after setting CAP_NET_BIND_SERVICE on vshell -->\n <VMArg name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/amd64/server:$VDISTDIR/$DISTRIBUTION/jre/lib/amd64:$VDISTDIR/$DISTRIBUTION/lib/engines:$VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:$VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>' /opt/gateway/system/conf/jvm.xml
# setcap 'cap_net_bind_service=+ep cap_sys_rawio=+ep' /opt/gateway/platform/bin/vshell
# ldconfig
Note
- If you have installed a licensed version of API Gateway 7.5.2, you do not require a new license to install service packs.
- Unzip and extract the service pack as the same user who owns the API Gateway binaries. You can use the
ls -l INSTALL_DIR/apigateway/posix/bin
command to view the owner of the binaries. - If you have installed an existing version of API Gateway Analytics, you must apply a separate service pack for that component (see the next section).
- If you have installed an existing version of API Manager, you must apply a separate service pack for that component (see the Readme for Axway API Manager 7.5.2 SP 2).
Install the API Gateway Analytics service pack
To install the service pack on your existing API Gateway Analytics 7.5.2 installation, perform the following
steps:
- Ensure that your existing API Gateway Analytics instance and Node Manager have been stopped. For more details, see the API Gateway Administrator Guide.
- Remove any previous patches from your
INSTALL_DIR/ext/lib
directory (or theext/lib
directory in an API Gateway Analytics instance). These patches have already been included in this service pack. You do not need to copy patches from a previous version. - Unzip and extract API Gateway 7.5.2 SP 2 Analytics over the
analytics
directory within your existing API Gateway 7.5.2 installation directory. For example:tar -xzvf APIGateway_7.5.2_SP2_Analytics_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.5.2/analytics/
- Run the following script:
Linux:INSTALL_DIR/analytics/apigw_analytics_sp_post_install.sh
Windows:INSTALL_DIR\analytics\apigw_analytics_sp_post_install.bat
Note
- Unzip and extract the service pack as the same user who owns the API Gateway Analytics binaries. You can use the
ls -l INSTALL_DIR/analytics/posix/bin
command to view the owner of the binaries. - You must also install a service pack for your existing 7.5.2 Core Server.
Install the Policy Studio service pack
To install the service pack on your existing Policy Studio installation, perform the following steps:
- Shut down Policy Studio.
- Back up your existing
INSTALL_DIR/policystudio
directory. - Unzip and extract API Gateway 7.5.2 SP 2 Policy Studio over the
policystudio
directory within your existing API Gateway 7.5.2 installation directory. For example:tar -xzvf APIGateway_7.5.2_SP2_PolicyStudio_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.5.2/policystudio/
Note
- The first time you start Policy Studio, you must use
policystudio -clean
.
Install the Configuration Studio service pack
To install the service pack on your existing Configuration Studio installation, perform the following steps:
- Shut down Configuration Studio.
- Back up your existing
INSTALL_DIR/configurationstudio
directory. - Unzip and extract API Gateway 7.5.2 SP 2 Configuration Studio over the
configurationstudio
directory within your existing API Gateway 7.5.2 installation directory. For example:tar -xzvf APIGateway_7.5.2_SP2_ConfigurationStudio_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.5.2/configurationstudio/
Note
- The first time you start Configuration Studio, you must use
configurationstudio -clean
.
After installation
Note
- On the API Gateway Appliance, you can skip the following steps if you already ran the code in steps 5 and 6 in Install the API Gateway Core Server service pack.
To allow an unprivileged user to run the API Gateway on a Linux system, perform the following steps:
- Add the following line to the
INSTALL_DIR/system/conf/jvm.xml
file:<VMArg name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/amd64/server:$VDISTDIR/$DISTRIBUTION/jre/lib/amd64:$VDISTDIR/$DISTRIBUTION/lib/engines:$VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:$VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>
- Run the command
setcap 'cap_net_bind_service=+ep' INSTALL_DIR/platform/bin/vshell
to allow the API Gateway to listen on privileged ports.
Documentation
Go to the Documentation portal at http://docs.axway.com to find all documentation for this product version.
The following reference documents are available on the Documentation portal at http://docs.axway.com:
- Axway Supported Platforms
- Axway Interoperability Matrix
Support services
The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements.
Email support@axway.com or visit Axway Support at https://support.axway.com.
Copyright © 2017 Axway. All rights reserved.