Axway API Gateway 7.2.0 SP 4 Readme

Document version: 18 December 2015


Readme for 7.2.0 SP 4

This Readme applies to Axway API Gateway 7.2.0 SP 4 on all platforms. The information in this Readme supersedes any corresponding information in the documentation (online or printed) previously supplied for the product.

The main aim of this service pack is to provide fixes for a number of reported defects. This service pack contains updates for:

Note

File packages: An installation archive is provided for all platforms (for example, APIGateway_7.2.0_SP4_Core_win-x86-32_BNyyyymmddn.zip for Windows).

Size: The file size differs for each platform. The MD5 checksum is provided for each file.

Corrections and enhancements

This service pack provides the following corrections and enhancements.

Case ID Internal ID Description
747264 134130 Issue: Set Message filter behaves differently compared to v6.3.1 when handling variables that differ only in upper or lower case
Resolution: Previously, there was a problem with case sensitivity in URL parameters. Now, you can configure API Gateway to use case sensitive or case insensitive values for URL parameters.
765969 143282 Issue: [patch port] v7.2.3 port of issue 142036: Hash client password
Resolution: Previously, the HTTP Basic filter may not always authenticate a user correctly using a database repository configured to hash a client password. Now, API Gateway always hashes the client password if configured in the database repository.
771666 146050 Issue: OpenSSL version does not support TLS 1.2
Resolution: Previously, API Gateway was including OpenSSL 0.9.8zb-dev, which does not support TLS 1.2. Now, API Gateway includes OpenSSL 1.0.1p, which supports TLS 1.2.
746746 147363 Issue: Scheduled API Gateway Analytics reports sometimes fail to run
Resolution: Previously, API Gateway Analytics reports were incorrectly rescheduled on refresh, and hence failed to run. Now, Analytics reports are scheduled on refresh as expected.
774161 147535 Issue: Error generating an API Gateway Analytics report
Resolution: Previously, when creating a report in .csv format, and adding a "yesterday or 7 days" column to the report, a ParseException occured in the API Gateway trace file. Now, when you create a report in .csv format, and add a "yesterday or 7 days" column, a ParseException no longer occurs.
- 147576 Issue: PDF report on Solaris has no content
Resolution: Previously, API Gateway Analytics could generate a blank report due to the default timeout (30000 ms) in JavaScript waiting for a generated report. Now, you can configure Analytics with a custom JavaScript timeout using the javascriptDelay Java system property in jvm.xml (for example <VMArg name="-DjavascriptDelay=3600000"/>). The default timeout is now 300000 ms.
- 147579 Issue: vshell cores in Trace filter when receiving a URL-encoded character
Resolution: Previously, the Trace filter was terminating API Gateway when processing a UTF-8-encoded character. Now, the Trace filter is fixed to allow processing a UTF-8 encoded character.
- 147580 Issue: Proxy-Authorization header is not correct when a passphrase is used
Resolution: Previously, when an API Gateway configuration was protected with a passphrase, a user password in the Proxy Settings was not decrypted causing the Proxy-Authorization HTTP header to contain incorrect value. Now, a user password in the Proxy Settings is correctly decrypted when loading from a passphrase-protected API Gateway configuration.
- 147581 Issue: File Upload filter always uses FTPS settings and ignores FTP settings for ASCII/Binary transfer
Resolution: Previously, the File Upload filter always used FTPS settings and ignored FTP settings for ASCII/Binary transfer. Now, the File Upload filter uses FTPS, FTP, or SFTP configuration settings respectively.
- 147582 Issue: JVM crash and core dump if invalid Ephemeral DH Key
Resolution: Previously, the API Gateway was crashing if incorrect DH parameters are configured for an HTTPS port listener. Now, the API Gateway reports incorrect DH parameters supplied for an HTTPS port listener.
- 147583 Issue: The /metrics call always reports cpuUsed as zero
Resolution: Previously, the /metrics call always reported cpuUsed as zero. Now, the /metrics call always shows a positive number in cpuUsed.
- 147584 Issue: When using configured proxy with Connection filter, host header is always value of proxy
Resolution: Previously, the Connect to URL filter was setting the proxy host name in the Host header, instead of the destination host name sending a request using the proxy. Now, the Connect to URL filter sets the destination host name in the Host header and sends a request using the proxy.
- 147586 Issue: DTD injection in XML parser
Resolution: Previously, in certain circumstances, the XML parser allowed DTD injection when parsing SOAP XML documents. Now, it is no longer possible to inject DTDs into XML because the XML parser will not allow it.
- 147587 Issue: Option required to avoid invalid field returned when field not referenced in query string but referenced in Set Message filter
Resolution: Previously, INVALID_FIELD was returned for an invalid field in selectors in policies. Now, there is a configuration option to allow an empty string to be returned instead of the INVALID_FIELD value from selectors.
- 147588 Issue: Retrieve from SAML Attribute Assertion filter throws no native proxy for Java object exception under load
Resolution: Previously, the Retrieve from SAML Attribute Assertion filter throws an error under heavy load. Now, the Retrieve from SAML Attribute Assertion filter does not throw an error under heavy load.
- 150765 Issue: API Gateway stuck on pipe writing when Content-Length header sent
Resolution: Previously, the API Gateway was not sending message content on response if no filters processed the payload from the incoming connection. Now, the API Gateway attempts to read the payload from the incoming connection before sending the response.
- RDAPI-1194 Issue: OpenSSL version does not support TLS 1.2
Resolution: Previously, API Gateway was including OpenSSL 0.9.8zb-dev, which does not support TLS 1.2. Now, API Gateway includes OpenSSL 1.0.1p, which supports TLS 1.2.

Known issues

There are currently no known issues in this service pack.


Install the service pack

Prerequisites

This service pack has the following prerequisites in addition to the prerequisites specified for the main product release:

  1. Shut down any Node Manager or API Gateway instances on your existing installation.
  2. Back up your existing installation.
  3. Remove any old third-party libraries. To do this, delete the INSTALL_DIR/system/lib/modules directory.

Installation

This section describes how to install the service pack on an existing installation of API Gateway.

Note

Install the API Gateway Core Server service pack

To install the service pack on your existing API Gateway 7.2.0 Core Server installation, perform the following steps:

  1. Ensure that your existing API Gateway instance and Node Manager have been stopped. For more details, see the API Gateway User Guide.
  2. Remove any previous patches from your INSTALL_DIR/ext/lib directory (or the ext/lib directory in an API Gateway instance). These patches have already been included in this service pack, so you do not need to copy patches from a previous version. Do not remove files used by any custom API Gateway filters that you have developed.
  3. Unzip and extract API Gateway 7.2.0 SP4 Core Server over the apiserver directory in your existing installation directory. For example:
  4. tar -xzvf APIGateway_7.2.0_SP4_Core_linux-x86-64_BNyyyymmddn.tar.gz -C /opt/Axway-7.2.0/apiserver/

Note

Install the API Gateway Analytics service pack

To install the service pack on your existing API Gateway Analytics 7.2.0 installation, perform the following steps:

  1. Ensure that your existing API Gateway Analytics instance and Node Manager have been stopped. For more details, see the API Gateway User Guide.
  2. Remove any previous patches from your INSTALL_DIR/ext/lib directory (or the ext/lib directory in an API Gateway Analytics instance). These patches have already been included in this service pack. You do not need to copy patches from a previous version.
  3. Unzip and extract API Gateway 7.2.0 SP4 Analytics over the analytics directory in your existing API Gateway 7.2.0 installation directory. For example:
  4. tar -xzvf APIGateway_7.2.0_SP4_Analytics_linux-x86-64_BNyyyymmddn.tar.gz -C /opt/Axway-7.2.0/analytics/

Note

Install the Policy Studio service pack

To install the service pack on your existing Policy Studio installation, perform the following steps:

  1. Shut down Policy Studio.
  2. Back up your existing INSTALL_DIR/policystudio directory.
  3. Unzip and extract API Gateway 7.2.0 SP4 Policy Studio over the policystudio directory within your existing API Gateway 7.2.0 installation directory. For example:
  4. tar -xzvf APIGateway_7.2.0_SP4_PolicyStudio_linux-x86-64_BNyyyymmddn.tar.gz -C /opt/Axway-7.2.0/policystudio/

Note

Install the Configuration Studio service pack

To install the service pack on your existing Configuration Studio installation, perform the following steps:

  1. Shut down Configuration Studio.
  2. Back up your existing INSTALL_DIR/configurationstudio directory.
  3. Unzip and extract API Gateway 7.2.0 SP4 Configuration Studio over the configurationstudio directory within your existing API Gateway 7.2.0 installation directory. For example:
  4. tar -xzvf APIGateway_7.2.0_SP4_ConfigurationStudio_linux-x86-64_BNyyyymmddn.tar.gz -C /opt/Axway-7.2.0/configurationstudio/

Note

After installation

To allow an unprivileged user to run the API Gateway on a Linux system, perform the following steps:

  1. Add the following line to the INSTALL_DIR/system/conf/jvm.xml file.
  2. 64-bit installation

    <VMArg name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/amd64/server:
    $VDISTDIR/$DISTRIBUTION/jre/lib/amd64:$VDISTDIR/$DISTRIBUTION/lib/engines:
    $VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:
    $VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>

  3. 32-bit installation

    <VMArg name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/i386/server:
    $VDISTDIR/$DISTRIBUTION/jre/lib/i386:$VDISTDIR/$DISTRIBUTION/lib/engines:
    $VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:
    $VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>

  1. Run the command setcap 'cap_net_bind_service=+ep' INSTALL_DIR/platform/bin/vshell to allow the API Gateway to listen on privileged ports.

Note


Documentation

Go to Axway Sphere at https://support.axway.com to find all documentation for this product version.

For information about how API Gateway is used in Axway 5 Suite, refer to:

All Axway documentation is available from Axway Sphere at https://support.axway.com.


Support services

The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements.
Email support@axway.com or visit Axway Sphere at https://support.axway.com.


Copyright © 2015 Axway. All rights reserved