Document version: 14 December 2018
This Readme applies to Axway API Gateway and API Manager 7.6.2 SP2, for all supported platforms. The information in this Readme supersedes any corresponding information in the documentation (online or printed) previously supplied for the products.
This service pack provides fixes for a number of reported defects. It includes updates for the following components:
The service pack contains new binaries only and does not overwrite the existing configuration. Service packs are cumulative and include all preceding fixes (service packs and patches) in this product version.
File packages: An installation archive is provided for all supported platforms (for example, APIGateway_7.6.2_SP2_Core_linux-x86-64_BNYYYYMMDDn.tar.gz
). All components are available on Linux. The Policy Studio and Configuration Studio client tools are also available on Windows.
Size: The file size differs for each platform. The MD5 checksum is provided for each file.
Internal ID | Case ID | CVE identifier | Description |
---|---|---|---|
RDAPI-14426 | 00993605, 00984372 | - | Issue: Security issue allowed upload of unsupported image formats (such as Flash) that could be used to initiate attacks.
Resolution: Validation has been added for image uploads to check file name and image format. The image is now always processed, which will reduce potential attacks when file content does not match type. |
RDAPI-14606 | 00989768, 00990108, 01014125 | - | Issue: Location header in 303 See Other response displayed absolute URIs to host specified in Host header, which could be modified and cause a security issue.
Resolution: Location header now contains a relative URI by default, according to RFC 7231. To display absolute URIs in the Location header,
set the com.axway.response.redirect.location.relative Java system property to false in INSTALL_DIR/apigateway/system/conf/jvm.xml .
|
RDAPI-14608 | 01009656 | - |
Issue: API Gateway SOAP response to a message with an empty body contained a fault namespace indicating that it is an Axway API Gateway.
Resolution: You can use the -Dcom.axway.soap.faultnamespace system property in jvm.xml to rename this namespace to avoid any potential security issues.
|
Internal ID | Case ID | Description |
---|---|---|
RDAPI-13123 | 00946314, 00961189 | Issue: A front-end API was configured with Inbound Security set to OAuth or OAuth (External) and Scopes must match set to All. Requests to this API failed if their access token contained more scopes than were configured for the API.
Resolution: Requests with access tokens containing more scopes than are configured for the API will not fail. |
RDAPI-14044 | 00999445 | Issue: Links sent to finish API Manager user registration did not work when special characters like + were used in email address.
Resolution: Email address parameter is now encoded in the URL. |
RDAPI-14070 | 00962018 | Issue: API Manager REST API HTTP Basic Authentication fails when user password contains colon character (: ).
Resolution: You can now include a colon in the user password. |
RDAPI-14203 | 01000483 | Issue: In Visual Mapper, there was an error transforming XML to JSON when XML reference types were used.
Resolution: The error no longer occurs when transforming XML to JSON using XML reference types. |
RDAPI-14241 | 00949835 | Issue: Problems importing Swagger when array contains primitive types like string.
Resolution: Changed import to allow arrays that contain simple types. |
RDAPI-14388 | 01004665 | Issue: You could not import the same WSDL back-end API twice in API Manager.
Resolution: You can now import the same WSDL back-end API. |
RDAPI-14403 | 00999252 | Issue: FTP Poller was not performing the configured action when the processing policy failed.
Resolution: FTP Poller now performs the configured action. |
RDAPI-14405 | 00980797 | Issue: OAuth clients configured using selectors failed to trace an appropriate error message.
Resolution: Trace now contains the following message: OAuth client application is not properly configured. Basic client application properties are not set .
|
RDAPI-14543 | 00968288 | Issue: When API Gateway as OAuth client received a malformed token, it failed to throw an error and stored the token as null.
Resolution: Token parsing now fails with an error message in API Gateway trace. |
RDAPI-14546 | 00983453, 00990270 | Issue: When two APIs shared back-end and front-end URLs, they were randomly chosen independently of their state.
Resolution: The published API now takes precedence. |
RDAPI-14555 | 00988153 | Issue: In the OAuth Client Credentials flow, when a refresh token request failed, the process fell back to an access token request, which failed to make the new token available to the outbound API call.
Resolution: The new token obtained after the failed refresh token attempt is now used as expected, and the authorization is granted to the protected content. |
RDAPI-14557 | 01000557 |
Issue: API Gateway GET requests had different error messages from PUT , POST , and DELETE .
Resolution: API Gateway error handling now provides the same HTTP status codes for all REST API requests. |
RDAPI-14628 | 00988159 | Issue: API Gateway Manager web console was very slow when managing a large number of API Gateway instances.
Resolution: Performance of the API Gateway Manager web console has been improved. |
RDAPI-14650 | 01008734 | Issue: API Gateway Create Thumbprint filter sometimes removed leading zeros due to translation of byte array to string.
Resolution: Create Thumbprint filter no longer removes leading zeros. |
RDAPI-14717 | 01013276 |
Issue: In API Manager, an additional incorrect forward slash (/ ) was appended when matching API definitions that started with path parameters.
Resolution: The incorrect leading / when matching the URL to the method definition has been removed.
|
RDAPI-14772 | 01008596 | Issue: Error raised when decrypting JWT tokens that were encrypted by another security provider with RSA OAEP algorithm.
Resolution: The security provider has been improved to support RSA OAEP for both encryption and decryption. |
RDAPI-14785 | 00942267, 01004780 | Issue: When changing an organization name, if an application API key was previously loaded in a Try It form, API Manager displayed: The entity could not be found. Please refresh your session .
Resolution: This issue has been fixed and API Manager no longer displays this error message. |
The following known issues are currently scheduled for the next service pack:
Internal ID | Description |
---|---|
RDAPI-13433 | API Manager generates wrong top-level OAuth security requirements in Swagger |
RDAPI-14095 | SSL handshake failing HTTPS WSDL import in API Manager |
RDAPI-14321 | Improper handling of SOAP WSDL with several service ports in API Manager and API Gateway |
RDAPI-14465 | OAuth JWT: get scope by calling a policy does not trigger assigned policy |
RDAPI-14470 | First-In-First-Out eviction in API Gateway cache: adding existing data removes original instead of updating |
RDAPI-14622 |
Value of Via header is not written to API Gateway Transaction Access Log
|
RDAPI-14653 | Error creating account for external identity provider with name containing special characters |
RDAPI-14660 |
JWT Verify filter logs at trace level INFO |
RDAPI-14661 | File Upload filter performance is 20 times better with ASCII rather than Binary mode |
RDAPI-14666 |
KPS restore command failing in production
|
RDAPI-14673 |
Significant API Manager performance deterioration as user numbers increase |
RDAPI-14676 | Automated deployment of API Gateway policy with passphrase fails |
RDAPI-14689 | OCSP response validation: OCSP filter does not try all three options |
RDAPI-14692 | WSDL schema cannot contain two global components and results in import error |
RDAPI-14694 | Threatening Content filter not parsing parameters with duplicate names |
RDAPI-14722 | Policy Studio cannot connect to Admin Node Manager using a proxy |
RDAPI-14767 |
Issues with API Manager api/portal/v1.3/organizations API
|
RDAPI-14867 | API Gateway crashes with core dump when load causes Connection filter to hit max connections |
RDAPI-14869 | API resource path with blank spaces not being validated in API Manager |
RDAPI-14880 | Retired API can be assigned to organization in API Manager |
RDAPI-14882 | API key not authorized error when calling API in API Manager |
RDAPI-14885 | Unable to view some APIs in the API Catalog in API Manager |
RDAPI-14900 |
Swagger allOf limitation in API Manager is not documented
|
Note | These instructions apply to API Gateway and API Manager classic deployments only. For container deployments, follow the instructions for applying a service pack in the API Gateway Container Deployment Guide. |
This service pack has the following prerequisites in addition to those specified for the major product release version in the API Gateway Installation Guide:
INSTALL_DIR/system/lib/modules
directory.kpsadmin
) and that the JAVA_HOME
variable is set correctly in cassandra.in.sh
and cassandra.in.bat
.If FIPS mode is enabled, you must perform the following steps to install the service pack:
togglefips --disable
to turn FIPS mode off.togglefips --enable
to turn FIPS on again.This section describes how to install the service pack on existing installations of API Gateway or API Manager.
Note |
Note | If you have API Manager installed, installing the API Gateway server service pack automatically installs the updates for API Manager. |
To install the service pack on your existing API Gateway 7.6.2 server installation, perform the following steps:
INSTALL_DIR/ext/lib
and INSTALL_DIR/META-INF
directories (or the ext/lib
directory in an API Gateway instance). These patches have already been included in this service pack. You do not need to copy patches from a previous version.apigateway
directory in your existing installation directory. For example:tar -xzvf APIGateway_7.6.2_SP2_Core_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.6.2/apigateway/
apigateway
directory in your installation: INSTALL_DIR/apigateway
apigw_sp_post_install.sh
Note | On Linux, run the script using the bash command, and ensure that the correct permissions are set. |
Note |
ls -l INSTALL_DIR/apigateway/posix/bin
To install the service pack on your existing API Gateway Analytics 7.6.2 installation, perform the following steps:
analytics
directory in your existing API Gateway 7.6.2 installation directory. For example:tar -xzvf APIGateway_7.6.2_SP2_Analytics_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.6.2/analytics/
analytics
directory in your installation: INSTALL_DIR/analytics
apigw_analytics_sp_post_install.sh
Note |
bash
command, and ensure that the correct permissions are set.ls -l INSTALL_DIR/analytics/posix/bin
To install the service pack on your existing Policy Studio installation, perform the following steps:
INSTALL_DIR/policystudio
directory.policystudio
directory in your existing API Gateway 7.6.2 installation directory. For example: tar -xzvf APIGateway_7.6.2_SP2_PolicyStudio_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.6.2/policystudio/
Note | The first time you start Policy Studio, you must use policystudio -clean . |
To install the service pack on your existing Configuration Studio installation, perform the following steps:
INSTALL_DIR/configurationstudio
directory.configurationstudio
directory in your existing API Gateway 7.6.2 installation directory. For example: tar -xzvf APIGateway_7.6.2_SP2_ConfigurationStudio_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.6.2/configurationstudio/
Note | The first time you start Configuration Studio, you must use configurationstudio -clean . |
The following steps apply after installing the service pack.
To allow an unprivileged user to run API Gateway on a Linux system, perform the following steps:
INSTALL_DIR/system/conf/jvm.xml
file: <VMArg name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/amd64/server:$VDISTDIR/$DISTRIBUTION/jre/lib/amd64:$VDISTDIR/$DISTRIBUTION/lib/engines:$VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:$VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>
setcap 'cap_net_bind_service=+ep cap_sys_rawio=+ep' INSTALL_DIR/platform/bin/vshell
to allow the API Gateway to listen on privileged ports./etc/ld.so.conf.d/gateway-libs.conf
that contains the following lines:INSTALL_DIR/platform/jre/lib/amd64/server
INSTALL_DIR/platform/jre/lib/amd64
INSTALL_DIR/platform/lib/engines
INSTALL_DIR/platform/lib
INSTALL_DIR/ext/lib
ldconfig
Note | When API Manager is installed, you must run the update-apimanager script (located in the bin directory) after the API Gateway post-install script to ensure that all paths are up-to-date. |
Go to the Axway Documentation portal at https://docs.axway.com to find all documentation for this product version.
The following reference documents are available on the Axway Documentation portal at https://docs.axway.com:
The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements.
Email support@axway.com or visit Axway Support at https://support.axway.com.
Copyright © 2018 Axway. All rights reserved.