Document version: 18 December 2015
This Readme applies to Axway API Gateway 7.2.0 SP 4 on all platforms. The information in this Readme supersedes any corresponding information in the documentation (online or printed) previously supplied for the product.
The main aim of this service pack is to provide fixes for a number of reported defects. This service pack contains updates for:
Note
File packages: An installation archive is provided for all platforms (for example,
APIGateway_7.2.0_SP4_Core_win-x86-32_BNyyyymmddn.zip
for Windows).
Size: The file size differs for each platform. The MD5 checksum is provided for each file.
This service pack provides the following corrections and enhancements.
Case ID | Internal ID | Description |
---|---|---|
747264 | 134130 | Issue: Set Message filter behaves differently compared to v6.3.1 when handling variables that differ only in upper or lower case
Resolution: Previously, there was a problem with case sensitivity in URL parameters. Now, you can configure API Gateway to use case sensitive or case insensitive values for URL parameters. |
765969 | 143282 | Issue: [patch port] v7.2.3 port of issue 142036: Hash client password Resolution: Previously, the HTTP Basic filter may not always authenticate a user correctly using a database repository configured to hash a client password. Now, API Gateway always hashes the client password if configured in the database repository. |
771666 | 146050 | Issue: OpenSSL version does not support TLS 1.2 Resolution: Previously, API Gateway was including OpenSSL 0.9.8zb-dev, which does not support TLS 1.2. Now, API Gateway includes OpenSSL 1.0.1p, which supports TLS 1.2. |
746746 | 147363 | Issue: Scheduled API Gateway Analytics reports sometimes fail to run Resolution: Previously, API Gateway Analytics reports were incorrectly rescheduled on refresh, and hence failed to run. Now, Analytics reports are scheduled on refresh as expected. |
774161 | 147535 | Issue: Error generating an API Gateway Analytics report Resolution: Previously, when creating a report in . csv format, and adding a "yesterday or 7 days" column to the report, a ParseException occured in the API Gateway trace file.
Now, when you create a report in .csv format, and add a "yesterday or 7 days" column, a ParseException no longer occurs. |
- | 147576 | Issue: PDF report on Solaris has no content Resolution: Previously, API Gateway Analytics could generate a blank report due to the default timeout (30000 ms) in JavaScript waiting for a generated report. Now, you can configure Analytics with a custom JavaScript timeout using the javascriptDelay Java system property in jvm.xml (for example <VMArg name="-DjavascriptDelay=3600000"/> ). The default timeout is now 300000 ms. |
- | 147579 | Issue: vshell cores in Trace filter when receiving a URL-encoded character Resolution: Previously, the Trace filter was terminating API Gateway when processing a UTF-8-encoded character. Now, the Trace filter is fixed to allow processing a UTF-8 encoded character. |
- | 147580 | Issue: Proxy-Authorization header is not correct when a passphrase is usedResolution: Previously, when an API Gateway configuration was protected with a passphrase, a user password in the Proxy Settings was not decrypted causing the Proxy-Authorization HTTP header to contain incorrect value.
Now, a user password in the Proxy Settings is correctly decrypted when loading from a passphrase-protected API Gateway configuration. |
- | 147581 | Issue: File Upload filter always uses FTPS settings and ignores FTP settings for ASCII/Binary transfer Resolution: Previously, the File Upload filter always used FTPS settings and ignored FTP settings for ASCII/Binary transfer. Now, the File Upload filter uses FTPS, FTP, or SFTP configuration settings respectively. |
- | 147582 | Issue: JVM crash and core dump if invalid Ephemeral DH Key Resolution: Previously, the API Gateway was crashing if incorrect DH parameters are configured for an HTTPS port listener. Now, the API Gateway reports incorrect DH parameters supplied for an HTTPS port listener. |
- | 147583 | Issue: The /metrics call always reports cpuUsed as zero Resolution: Previously, the /metrics call always reported cpuUsed as zero. Now, the /metrics call always shows a positive number in cpuUsed . |
- | 147584 | Issue: When using configured proxy with Connection filter, host header is always value of proxy Resolution: Previously, the Connect to URL filter was setting the proxy host name in the Host header, instead of the destination host name sending a request using the proxy. Now, the Connect to URL filter sets the destination host name in the Host header and sends a request using the proxy. |
- | 147586 | Issue: DTD injection in XML parser Resolution: Previously, in certain circumstances, the XML parser allowed DTD injection when parsing SOAP XML documents. Now, it is no longer possible to inject DTDs into XML because the XML parser will not allow it. |
- | 147587 | Issue: Option required to avoid invalid field returned when field not referenced in query string but referenced in Set Message filter Resolution: Previously, INVALID_FIELD was returned for an invalid field in selectors in policies. Now, there is a configuration option to allow an empty string to be returned instead of the INVALID_FIELD value from selectors. |
- | 147588 | Issue: Retrieve from SAML Attribute Assertion filter throws no native proxy for Java object exception under load Resolution: Previously, the Retrieve from SAML Attribute Assertion filter throws an error under heavy load. Now, the Retrieve from SAML Attribute Assertion filter does not throw an error under heavy load. |
- | 150765 | Issue: API Gateway stuck on pipe writing when Content-Length header sent Resolution: Previously, the API Gateway was not sending message content on response if no filters processed the payload from the incoming connection. Now, the API Gateway attempts to read the payload from the incoming connection before sending the response. |
- | RDAPI-1194 | Issue: OpenSSL version does not support TLS 1.2 Resolution: Previously, API Gateway was including OpenSSL 0.9.8zb-dev, which does not support TLS 1.2. Now, API Gateway includes OpenSSL 1.0.1p, which supports TLS 1.2. |
There are currently no known issues in this service pack.
This service pack has the following prerequisites in addition to the prerequisites specified for the main product release:
INSTALL_DIR/system/lib/modules
directory.This section describes how to install the service pack on an existing installation of API Gateway.
Note
To install the service pack on your existing API Gateway 7.2.0 Core Server installation, perform the following steps:
INSTALL_DIR/ext/lib
directory (or the ext/lib
directory in an API Gateway instance). These patches have already been included in this service
pack, so you do not need to copy patches from a previous version.
Do not remove files used by any custom API Gateway filters that you have developed. apiserver
directory
in your existing installation directory. For example:
tar -xzvf APIGateway_7.2.0_SP4_Core_linux-x86-64_BNyyyymmddn.tar.gz -C
/opt/Axway-7.2.0/apiserver/
Note
ls -l INSTALL_DIR/apiserver/posix/bin
command to view the owner of
the binaries.
To install the service pack on your existing API Gateway Analytics 7.2.0 installation, perform the following steps:
INSTALL_DIR/ext/lib
directory (or the ext/lib
directory in an API Gateway Analytics instance). These patches have already been included in this service
pack. You do not need to copy patches from a previous version.
analytics
directory in your existing API Gateway 7.2.0 installation directory. For example:
tar -xzvf APIGateway_7.2.0_SP4_Analytics_linux-x86-64_BNyyyymmddn.tar.gz -C
/opt/Axway-7.2.0/analytics/
Note
ls -l INSTALL_DIR/analytics/posix/bin
command to view the owner of
the binaries.
To install the service pack on your existing Policy Studio installation, perform the following steps:
INSTALL_DIR/policystudio
directory.policystudio
directory within your existing API Gateway 7.2.0 installation directory. For example:
tar -xzvf APIGateway_7.2.0_SP4_PolicyStudio_linux-x86-64_BNyyyymmddn.tar.gz -C
/opt/Axway-7.2.0/policystudio/
Note
policystudio -clean
.To install the service pack on your existing Configuration Studio installation, perform the following steps:
INSTALL_DIR/configurationstudio
directory.configurationstudio
directory within your existing API Gateway 7.2.0 installation directory. For example:
tar -xzvf APIGateway_7.2.0_SP4_ConfigurationStudio_linux-x86-64_BNyyyymmddn.tar.gz -C
/opt/Axway-7.2.0/configurationstudio/
Note
configurationstudio -clean
.To allow an unprivileged user to run the API Gateway on a Linux system, perform the following steps:
INSTALL_DIR/system/conf/jvm.xml
file.
<VMArg
name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/amd64/server:
$VDISTDIR/$DISTRIBUTION/jre/lib/amd64:$VDISTDIR/$DISTRIBUTION/lib/engines:
$VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:
$VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>
<VMArg
name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/i386/server:
$VDISTDIR/$DISTRIBUTION/jre/lib/i386:$VDISTDIR/$DISTRIBUTION/lib/engines:
$VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:
$VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>
setcap 'cap_net_bind_service=+ep'
INSTALL_DIR/platform/bin/vshell
to allow the API Gateway to listen on privileged ports.
Note
Go to Axway Sphere at https://support.axway.com to find all documentation for this product version.
For information about how API Gateway is used in Axway 5 Suite, refer to:
All Axway documentation is available from Axway Sphere at https://support.axway.com.
The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements.
Email support@axway.com or visit Axway Sphere at https://support.axway.com.
Copyright © 2015 Axway. All rights reserved