Document version: 13 Apr 2015
This Readme applies to Axway API Gateway 7.3.1 SP2 for all platforms. The information in this Readme supersedes any corresponding information in the documentation (online or printed) previously supplied for the product.
The main aim of this service pack is to provide fixes for a number of reported defects.
This service pack contains updates for:
The service pack contains new binaries only and does not overwrite the existing configuration.
File Packages: An installation archive is provided for all platforms (for example,
APIGateway_7.3.1_SP2_Core_win-x86-32_BN201504131.zip
)
for Windows.
Size: The file size differs for each platform. The MD5 checksum is provided for each file.
This service pack provides the following corrections and enhancements.
Case ID | Internal ID | Description |
---|---|---|
760918 | 143518 | Upgrade Time filter with cron from v6.2.0 Previously, the Time filter configuration upgrade failed reporting unexpected presence of the cronExpression field.Now, the Time filter configuration upgrade passes. |
762062 | 142448 | API Gateway does not stop illegal characters in incoming path Previously, the API Gateway allowed illegal characters in the incoming path. Now, you can configure the API Gateway to disallow illegal characters in the incoming path using the com.vordel.strictUriSyntaxChecking Java system property in jvm.xml .
For example: <VMArg name="-Dcom.vordel.strictUriSyntaxChecking=true"/> . |
764315 | 142757 | Performance issues when editing configuration in Policy Studio Previously, Policy Studio had performance issue removing or changing certain filters. Now, performance and error handling have been improved by removing or changing filters in Policy Studio. |
765432 | 143057 | Possible Cross-Site Scripting vulnerability in API Gateway Previously, the API Gateway was responding with 400 Bad Request "unknown format" message that also contained value of the bad query parameter (possible Cross-Site Scripting vulnerability). Now, the API Gateway responds with 400 Bad Request message including the "unknown format" text only. |
765771 | 143309 | Unable to test LDAPS in Policy Studio Previously, the LDAP SSL connection test in Policy Studio was always failing when the SSL Enabled option was selected. Now, the LDAP SSL connection test in Policy Studio passes when the SSL Enabled option is selected. You must import the LDAP server SSL certificate into the certificate store. |
766455 | 143680 | Entrust GetAccess filter does not appear to work in v7.3.1 Previously, the GetAccess filter was always aborting with a java.lang.NullPointerException .Now, the GetAccess filter aborts when an invalid input is provided. |
767120 | 143848 | JVM crash and core dump created if invalid ephemeral DH key Previously, the API Gateway was crashing if incorrect DH parameters are configured for an HTTPS port listener. Now, the API Gateway reports incorrect DH parameters supplied for an HTTPS port listener. |
767928 | 145159 | Admin node manager crashes when trying to rename audit.log.49 to audit.log.50 Previously, the API Gateway was throwing an unexpected exception at start up when you attempted to configure the audit log with maximum number of files (50 by default). Now, the API Gateway configures the audit log with maximum number of files (50 by default) successfully. |
- | 142698 | Cannot connect to Amazon S3 using a proxy after applying v7.3.1 SP1 Previously, API Gateway was sending a CONNECT request to a proxy omitting the default SSL port, 443. Now, API Gateway always adds the port in the CONNECT request to proxy. |
- | 144699 | Backport 134747: Time filter stops execution of policy entirely when passed invalid timestamp Previously, the Time filter aborted with NullPointerException when the provided timestamp was invalid.Now, the Time filter fails when the provided timestamp is invalid. |
- | 145808 | File Upload filter always uses FTPS settings and ignores FTP settings for ASCII/Binary transfer Previously, the File Upload filter always used FTPS settings and ignored FTP settings for ASCII/Binary transfer. Now, the File Upload filter uses FTPS, FTP, or SFTP configuration settings respectively. |
- | 145809 | FTP Poller always uses passive mode for FTPS connection type disregarding the configuration Previously, the FTP Poller always used passive mode for the FTPS connection type disregarding the configuration. Now, the FTP Poller uses passive mode for the FTPS connection type based on the configuration. |
- | 145810 | Proxy-Authorization header is not correct when a passphrase is used. Previously, when an API Gateway configuration was protected with a passphrase, a user password in the Proxy settings was not decrypted causing the Proxy-Authorization HTTP header to contain the incorrect value. Now, a user password in the Proxy settings is correctly decrypted when loading from a passphrase-protected API Gateway configuration. |
- | 145811 | Hash Client Password option of the authentication repository is no longer hashing the password Previously, the HTTP basic filter did not always authenticate user correctly using a database repository configured to hash a client password. Now, API Gateway always hashes the client password if configured in the database repository. |
The following issues are known and scheduled for correction in a future release:
Case ID | Internal ID | Description |
---|---|---|
760690 | 144315 | Switching off traffic monitoring suppresses incoming/outgoing data from a trace file |
764376 | 142550 | Cannot start instance: Pipe Server Stopping error |
766676 | 144401 | Change in retrieving cached database results between v7.1.0 and v7.3.1 |
768745 | 144625 | Out of memory error when writing to event log |
768781 | 145157 | WS-Policy configuration issue with XML decryption |
This service pack has the following prerequisites in addition to the prerequisites specified for the main product release:
INSTALL_DIR/system/lib/modules
directory.This section describes how to install the service pack on an existing installation of API Gateway.
To install a new API Gateway installation from scratch without an existing installation, see the API Gateway Installation and Configuration Guide.
To install the service pack on your existing API Gateway 7.3.1 Core Server installation, perform the following steps:
INSTALL_DIR/ext/lib
directory (or the ext/lib
directory in an API Gateway instance). These patches have already been included in this service
pack. You do not need to copy patches from a previous version.
apigateway
directory
within your existing installation directory. For example:
tar -xzvf APIGateway_7.3.1_SP2_Core_linux-x86-64_BN201504131.tar.gz -C
/opt/Axway-7.3.1/apigateway/
Note
ls -l INSTALL_DIR/apigateway/posix/bin
command to view the owner of
the binaries.
To install the service pack on your existing API Gateway Analytics 7.3.1 installation, perform the following steps:
INSTALL_DIR/ext/lib
directory (or the ext/lib
directory in an API Gateway Analytics instance). These patches have already been included in this service
pack. You do not need to copy patches from a previous version.
analytics
directory within your existing API Gateway 7.3.1 installation directory. For example:
tar -xzvf APIGateway_7.3.1_SP2_Analytics_linux-x86-64_BN201504131.tar.gz -C
/opt/Axway-7.3.1/analytics/
Note
ls -l INSTALL_DIR/analytics/posix/bin
command to view the owner of
the binaries.
To install the service pack on your existing Policy Studio installation, perform the following steps:
INSTALL_DIR\policystudio
).
Note
To install the service pack on your existing Configuration Studio installation, perform the following steps:
INSTALL_DIR\configurationstudio
).
To allow an unprivileged user to run the API Gateway on a Linux system, perform the following steps:
INSTALL_DIR/system/conf/jvm.xml
file.
<VMArg
name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/amd64/server:$VDISTDIR/$DISTRIBUTION/jre/lib/amd64:$VDISTDIR/$DISTRIBUTION/lib/engines:$VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:$VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>
<VMArg
name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/i386/server:$VDISTDIR/$DISTRIBUTION/jre/lib/i386:$VDISTDIR/$DISTRIBUTION/lib/engines:$VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:$VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>
setcap 'cap_net_bind_service=+ep'
INSTALL_DIR/platform/bin/vshell
to allow the API gateway to listen on privileged ports.
Note
Axway API Gateway is accompanied by a complete set of documentation, covering all aspects of using the product. These documents include the following:
All Axway documentation is available from Axway Sphere at https://support.axway.com.
Support services are available from Axway Sphere at https://support.axway.com, including:
The Axway Global Support team also provides worldwide 24 x 7 support, subject to validation of your license agreement.
Email support@axway.com or, for your local support telephone number, visit
Axway Sphere at https://support.axway.com and click Contact Axway Support.
See "Troubleshoot your API Gateway installation" in the API Gateway Administrator Guide for the information that you should be prepared to provide when you contact Axway Support.
You can display the version and build of API Gateway by selecting Help > About in Policy Studio.
For information about Axway training services, go to: www.axway.com.
Copyright © Axway Software 2015
All rights reserved