Document version: 1 March 2016
This Readme applies to Axway API Gateway 7.3.1 SP 4, for all platforms. The information in this Readme supersedes any corresponding information in the documentation (online or printed) previously supplied for the product.
The main aim of this service pack is to provide fixes for a number of reported defects. This service pack contains updates for:
The service pack contains new binaries only and does not overwrite the existing configuration.
File packages: An installation archive is provided for all platforms (for example,
APIGateway_7.3.1_SP4_Core_win-x86-32_BN201509212.zip
for Windows).
Size: The file size differs for each platform. The MD5 checksum is provided for each file.
This service pack provides the following corrections and enhancements.
Case ID | Internal ID | Description |
---|---|---|
789954 | RDAPI-127 | Issue: API Gateway sends garbage data when both sides of a WebSocket send frames at the same time. Resolution: Previously, API Gateway was not always correctly processing WebSocket messages, causing payload corruption and premature connection close. Now, API Gateway processes all data sent using WebSockets correctly. |
819438 | RDAPI-170 | Issue: Alert filter fails to import correctly. Resolution: Previously, in Policy Studio, an error displayed when an attempt was made to edit the imported Alert filter. Now, you can modify the Alert filter in Policy Studio after importing it with a policy. |
- | RDAPI-336 | Issue: Create WS-Trust Message filter does not follow protocol. Resolution: Previously, the inserted Created and Expires elements in the RequestSecurityTokenResponse were created in the WST namespace element. Now, the inserted Created and Expires elements in the RequestSecurityTokenResponse are created with the WSU namespace element. |
804956 | RDAPI-584 | Issue: Performance issues due to churn of SSL sessions. Resolution: Previously, in API Gateway, connection activity time and idle time were not in sync. This resulted in opening new connections instead of reusing existing connections, which were considered expired. Now, in API Gateway, connection activity time and idle time are in sync, and the connection is cached properly. |
786561 | RDAPI-631 | Issue: Proxied 304 Not Modified responses have binary bodies added when using gzip. Resolution: Previously, 304 Not Modified responses had binary bodies added to them when gzip compression was enabled. Now, 304 Not Modified responses no longer have this issue when gzip compression is enabled. |
802357 | RDAPI-665 |
Issue: Setting JNDI Properties in LDAP configuration does not work. |
729048 | RDAPI-792 |
Issue: API Gateway caches failing to connect to LDAP due to authentication failure. |
807270 | RDAPI-795 |
Issue: Logging milliseconds in timestamp for access log requests.
|
818087 | RDAPI-806 |
Issue: SSL connection |
790450 | RDAPI-876 |
Issue: API Gateway crashes when decrypting XML with duplicate elements. |
787174 | RDAPI-878 |
Issue: Resolver paths not working correctly. |
800729 | RDAPI-887 |
Issue: API Gateway crashed parsing a SOAP request. |
- | RDAPI-899 |
Issue: Cannot set optimized CRYPTO memory functions. |
776780 | RDAPI-903 |
Issue: When Connect to URL hits the Max Received Bytes limit, it returns a truncated result instead of an error. The new
|
771646 | RDAPI-907 | Issue: OpenSSL updates. Resolution: Previously, API Gateway was including OpenSSL 1.0.1h/1.0.1p, which has security vulnerabilities. Now, API Gateway includes OpenSSL 1.0.1q addressing known security vulnerabilities. |
773388 | RDAPI-910 | Issue: Invalid directories searched for OpenSSL. Resolution: Previously, OpenSSL was incorrectly including an RPATH local to the API Gateway build. Now, OpenSSL includes the API Gateway platform/lib RPATH. |
816917 | RDAPI-1140 | Issue: OpenSSL Security Advisory [3 Dec 2015].
Resolution: Previously, API Gateway was including OpenSSL 1.0.1h/1.0.1p, which has security vulnerabilities. Now, API Gateway includes OpenSSL 1.0.1q addressing known security vulnerabilities. For more details, see http://openssl.org/news/secadv/20151203.txt |
807497 | RDAPI-1240 | Issue: Analytics Audit log search query does not work correctly. Resolution: Previously, the Any/All and AND/OR buttons did not appear to work in the audit log search dialog in the API Gateway Analytics UI. These buttons are not supported by the Analytics back-end. Now, they are disabled in the UI, and their fixed values correctly show the logic that will be applied when the search query executes. |
818782 | RDAPI-2123 | Issue: Proxy authentication fails for HTTPS requests. Resolution: Previously, the Connect To URL filter was not sending the Proxy-Authorization header to proxy for HTTPS requests (tunneling) when required.
Now, the Connect To URL filter sends the Proxy-Authorization header to proxy for HTTPS requests (tunneling) as required. |
813470 | RDAPI-2142 | Issue: Memory leak in CRL (Dynamic) filter. Resolution: Previously, I/O streams were not closed in case of errors during CRL processing. Now, I/O streams are closed when they are no longer needed. |
820584 | RDAPI-2197 | Issue: Unable to use envSettings.props certificate and environmentalized bind certificate at runtime.Resolution: Previously, in Policy Studio, you could incorrectly externalize already environmentalized certificates using the Bind certificate at runtime option. Now, in Policy Studio, the Bind certificate at runtime option is removed from the certificate selector dialog for already environmentalized certificates. This prevents the externalization of certificates with environment variables. |
- | RDAPI-2232 | Issue: Error while upgrading configuration. Resolution: Previously, the CertValidationOcspFilter migrate step 2 task incorrectly imported an incomplete version of the LoadableModule entity type. This caused an exception when trying to upgrade API Gateway configuration.
Now, the CertValidationOcspFilter migrate step 2 task imports a complete LoadableModule entity type. |
The following issues are known and scheduled for correction in a future release.
Case ID | Internal ID | Description |
---|---|---|
782400 | RDAPI-809 | The XML Signature Verification filter fails when a request from SoapUI uses a SAML Assertion with Sender Vouches confirmation method. |
This service pack has the following prerequisites in addition to the prerequisites specified for the main product release:
INSTALL_DIR/system/lib/modules
directory.This section describes how to install the service pack on an existing installation of API Gateway.
Note
To install the service pack on your existing API Gateway 7.3.1 Core Server installation, perform the following steps:
INSTALL_DIR/ext/lib
directory (or the ext/lib
directory in an API Gateway instance). These patches have already been included in this service
pack. You do not need to copy patches from a previous version.
apigateway
directory
within your existing installation directory. For example:
tar -xzvf APIGateway_7.3.1_SP4_Core_linux-x86-64_BN201509212.tar.gz -C
/opt/Axway-7.3.1/apigateway/
Note
ls -l INSTALL_DIR/apigateway/posix/bin
command to view the owner of
the binaries.
To install the service pack on your existing API Gateway Analytics 7.3.1 installation, perform the following steps:
INSTALL_DIR/ext/lib
directory (or the ext/lib
directory in an API Gateway Analytics instance). These patches have already been included in this service
pack. You do not need to copy patches from a previous version.
analytics
directory within your existing API Gateway 7.3.1 installation directory. For example:
tar -xzvf APIGateway_7.3.1_SP4_Analytics_linux-x86-64_BN201509212.tar.gz -C
/opt/Axway-7.3.1/analytics/
Note
ls -l INSTALL_DIR/analytics/posix/bin
command to view the owner of
the binaries.
To install the service pack on your existing Policy Studio installation, perform the following steps:
INSTALL_DIR/policystudio
directory.policystudio
directory within your existing API Gateway 7.3.1 installation directory. For example:
tar -xzvf APIGateway_7.3.1_SP4_PolicyStudio_linux-x86-64_BN201509212.tar.gz -C
/opt/Axway-7.3.1/policystudio/
Note
policystudio -clean
.To install the service pack on your existing Configuration Studio installation, perform the following steps:
INSTALL_DIR/configurationstudio
directory.configurationstudio
directory within your existing API Gateway 7.3.1 installation directory. For example:
tar -xzvf APIGateway_7.3.1_SP4_ConfigurationStudio_linux-x86-64_BN201509212.tar.gz -C
/opt/Axway-7.3.1/configurationstudio/
Note
configurationstudio -clean
.To allow an unprivileged user to run the API Gateway on a Linux system, perform the following steps:
INSTALL_DIR/system/conf/jvm.xml
file.
<VMArg
name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/amd64/server:
$VDISTDIR/$DISTRIBUTION/jre/lib/amd64:$VDISTDIR/$DISTRIBUTION/lib/engines:
$VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:
$VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>
<VMArg
name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/i386/server:
$VDISTDIR/$DISTRIBUTION/jre/lib/i386:$VDISTDIR/$DISTRIBUTION/lib/engines:
$VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:
$VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>
setcap 'cap_net_bind_service=+ep'
INSTALL_DIR/platform/bin/vshell
to allow the API Gateway to listen on privileged ports.
Note
Go to Axway Sphere at https://support.axway.com to find all documentation for this product version.
For information about how API Gateway is used in Axway 5 Suite, refer to:
All Axway documentation is available from Axway Sphere at https://support.axway.com.
The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements.
Email support@axway.com or visit Axway Sphere at https://support.axway.com.
Copyright © 2016 Axway. All rights reserved