Axway API Gateway 7.4.0 Release Notes

Document version: 13 March 2015

New features and enhancements

The following new features and enhancements are available in this release.

Security

For more information on security, see the API Gateway Security Guide.

Enterprise messaging

For more information on enterprise messaging, see the API Gateway Policy Developer Guide.

Logging and analytics

For more information on logging and analytics, see the API Gateway Administrator Guide.

Axway Appliance Platform

For more information on the appliance, see the API Gateway Appliance Installation and Administration Guide.

Fixed problems

Case ID Internal ID Description
761968 141721

Issue: API Gateway could crash due to out of memory error caused by memory leaks while handling connection input/output exceptions.

Resolution: API Gateway deallocates all memory when handling connection input/output exceptions.

765157 142889

Issue: With API Manager installed on 7.3.1, OAuth authorization or token requests that did not specify scopes would fail.

Resolution: When OAuth authorization or token requests do not specify scopes, API Gateway uses all the scopes available to an application as the default set of scopes.

765489 143423

Issue: System backup for appliances did not report errors when backup process failed.

Resolution: System backup for appliances now reports errors if the backup process fails.

Issue: Previously, API Gateway used version 5600 of the McAfee Anti-Malware Engine.

Resolution: Now, it uses version 5700 of the McAfee Anti-Malware Engine.

719925 121683

Issue: Previously, you were unable to connect to a URL using an API Gateway configured as an HTTPS proxy.

Resolution: Now, you can connect to a URL using an API Gateway configured as an HTTPS proxy.

733227 127312

Issue: Previously, the CRL filters were validating certificates using expired CRL from cache.

Resolution: Now, the CRL filters return false if the provided/cached CRL is expired.

736569 133557

Issue: Previously, there was an issue with upgrading XML files with UTF-8 encoding.

Resolution: Now, there is no issue with upgrading XML files with UTF-8 encoding.

739863 130702

Issue: Previously, the support for Solaris 64 bit was documented incorrectly.

Resolution: Now, the support for Solaris 64 bit is documented correctly.

740002 130672

Issue: Previously, the Trace filter was terminating API Gateway processing a UTF-8 encoded character.

Resolution: Now, the Trace filter is fixed to allow processing a UTF-8 encoded character.

741308 132476

Issue: Previously, you were unable to connect to an HTTPS URL through an HTTP/HTTPS proxy.

Resolution: Now, it is possible to connect to an HTTPS URL through an HTTP/HTTPS proxy.

741904 131711

Issue: Previously, when registering WSDL using WSDL URL, API Gateway always sent an authentication header to the remote server, disregarding authentication settings.

Resolution: Now, when registering WSDL using WSDL URL, API Gateway sends the authentication header only if the authentication settings are provided.

742201 131777

Issue: Previously, SAML Attribute Assertion filter throws an error under heavy load.

Resolution: Now, SAML Attribute Assertion filter does not throw an error under heavy load.

742538 132548

Issue: Previously, when using REST API wizards to create an API in Policy Studio, the parameter path variables were not available on the whiteboard for the Request/Routing/Response policies.

Resolution: Now, when using REST API wizards to create an API in Policy Studio, the parameter path variables are available on the whiteboard for the Request/Routing/Response policies.

742629 132255

Issue: Previously, API Gateway was not always sending close-notify message on SSL shutdown.

Resolution: Now, API Gateway sends close-notify explicitly on SSL shutdown. You can configure this in SystemSettings of API Gateway instance's service.xml config:

sslShutdownPolicy = {"dirty" | "simplex" | "duplex"}

  • "dirty" is the old behaviour
  • "simplex" is the default, and ensures that close-notify is sent
  • "duplex" waits for the remote to send its close-notify also
743296 132254

Issue: Previously, the User Guide did not document which JSON Schema specifications are supported by the JSON Schema Validation filter.

Resolution: Now, draft version 2 of JSON Schema specification supported by the JSON Schema Validation filter is added in the Policy Developer Guide.

743895 132828

Issue: Previously, there were errors when managedomain was creating a Node Manager because of permissions on the system.

Resolution: Now, there are no errors when managedomain creates a Node Manager.

744739 132990

Issue: Previously, INVALID_FIELD was returned for an invalid field in selectors in policies.

Resolution: Now, there is a configuration option to allow an empty string to be returned instead of the INVALID_FIELD value from selectors.

745392 133211

Issue: Previously, the Connect to URL filter always added the port number in Host header for HTTP and HTTPS requests (for example, Host: www.axway.com:80, Host: www.axway.com:443).

Resolution: Now, the Connect to URL filter adds only non-default ports for HTTP and HTTPS requests in the Host header (for example, Host: www.axway.com).

745499 133212

Issue: Previously, in certain circumstances the XML parser allowed DTD injection when parsing SOAP XML documents.

Resolution: Now, it is not possible to inject DTDs into XML because the XML parser does not allow it.

746450 133670

Issue: Previously, Policy Studio could not connect to an Admin Node Manager configured for TLS 1.2.

Resolution: Now, you can use a configuration option in policy.ini to connect to an Admin Node Manager configured with TLS 1.2 using Policy Studio.

746670 133763

Issue: Previously, under certain conditions when importing a policy, the policy did not import correctly and was missing links.

Resolution: Now, when importing the policy, all links are properly imported.

747500 134127

Issue: Previously, there were errors upgrading from API Gateway 6.3.1 to 7.3.1 because 127.0.0.1 was used as the host for admin APIs instead of localhost.

Resolution: Now, there are no errors when upgrading from API Gateway 6.3.1 to 7.3.1.

749150 135033

Issue: Previously, the Connect to URL filter was sending CONNECT method with endpoint set to proxy.

Resolution: Now, the Connect to URL filter sends CONNECT method to proxy with correct endpoint details.

749194 135265

Issue: Previously, using basic authentication with "Automatically send credentials" enabled, the API Gateway crashed.

Resolution: Now, using basic authentication with "Automatically send credentials" enabled, the authentication process completes.

749498 134939

Issue: Previously, OAM Authenticator returned a fatal error when it cannot find a scoped session during authentication.

Resolution: Now, OAM Authenticator no longer returns a fatal error if it cannot find the scoped session.

751925 139288

Issue: Previously, harmless messages appeared in trace log file for licensing.

Resolution: Now, these messages have been removed from the trace log file because they are not useful.

752124 137789

Issue: Previously, the API Gateway Node Manager reported an error when users attempted to download a trace file exceeding 10 MB in size.

Resolution: Now, you can configure the API Gateway Node Manager using the samples/scripts/config/updateMaxInOutLen.py script to allow downloading a trace file exceeding 10 MB in size.

752386 136278

Issue: Previously, some operations were not listed when registering WSDL in Policy Studio.

Resolution: Now, all operations are listed when registering WSDL in Policy Studio.

752479 136269

Issue: Previously, API Gateway was running with an older version of OpenSSL.

Resolution: Now, API Gateway is running with OpenSSL 1.0.1j 15 Oct 2014.

753295 136715

Issue: Previously, the disable Cassandra script did not allow you to specify an Admin Node Manager URL.

Resolution: Now, the disable Cassandra script allows you to specify an Admin Node Manager script.

753805 139298

Issue: Previously, WSDL with space in namespace name could not be loaded.

Resolution: Now, validation of namespaces can be turned off using the new XML_PARSE_NONAMESPACE_URI_REF_VALIDATION libxml custom option to allow loading WSDL with space in namespace name.

753965 137538

Issue: Previously, there was an error upgrading OCSP policies to 7.3.1.

Resolution: Now, there is no error upgrading OCSP policies to 7.3.1.

754322 137792

Issue: Previously, the API Gateway Node Manager reported an error when users attempted to download a log file exceeding 10 MB in size.

Resolution: Now, you can configure the API Gateway Node Manager using samples/scripts/config/updateMaxInOutLen.py script to allow downloading a log file exceeding 10 MB in size.

754375 137745

Issue: Previously, Connect to URL policies with URLs containing spaces worked in 7.1.1, but after upgrading the 7.3.1, the policy stopped working.

Resolution: Now, after upgrading to 7.3.1, URLs with spaces specified in Connect to URL policies continue to work.

754803 137530

Issue: Previously, under certain circumstances, there was a race condition when processing XPath expressions.

Resolution: Now, there is no race condition when processing XPath expressions.

754885 138330

Issue: Previously, maximum connections in Remote Host configuration was set to -1 during upgrade to 7.3.1.

Resolution: Now, maximum connections in Remote Host configuration is not changed during upgrade to 7.3.1.

754968 137627

Issue: Previously, when the Directory Scanner was dealing with large files, it read the whole file into memory causing an OutOfMemoryException.

Resolution: Now, the Directory Scanner does not read the whole file into memory, and does not cause any OutOfMemoryExceptions.

755020 137709

Issue: Previously, API Gateway crashed using an ICAP filter because of a connection input/ouput error sending content to ICAP server.

Resolution: Now, API Gateway correctly handles the connection input/output error while sending content to ICAP server.

755102 137907

Issue: Previously, the FTP poller failed to delete processed files (if configured) from the FTP server because of a connection error.

Resolution: Now, the FTP poller retries to delete processed files from the FTP server on connection error.

755308 138274

Issue: Previously, migration of API Gateway configuration from 6.0.3 to 7.3.1 was failing for XML Signature Generation and Retrieve from user store filters.

Resolution: Now, migration of API Gateway configuration from 6.0.3 to 7.3.1 passes for XML Signature Generation and Retrieve from user store filters

756444 138758

Issue: Previously, migration of API Gateway configuration from 7.1.1 to 7.3.1 was failing for custom X-Path-Expressions in the Retrieve Attribute From Message filter.

Resolution: Now, migration of API Gateway configuration from 7.1.1 to 7.3.1 passes for custom X-Path-Expressions in the Retrieve Attribute From Message filter.

756558 139553

Issue: Previously, the CRL (Dynamic) filter failed to resolve selector with generated legacy message attributes, for example:

${distributionpoint.0.1.toString}, ${distributionpoint.0.0.toString}

Resolution: Now, the CRL (Dynamic) filter resolves selector with generated legacy message attributes.

756814 138999

Issue: Previously, the McAfee Anti-Virus filter could crash scanning message body or cause a memory leak.

Resolution: Now, the McAfee Anti-Virus filter cleans up temporary allocated memory.

757270 140269

Issue: Previously, the Sentinel server external connection was always configured with the provided encoding.

Resolution: Now, the Sentinel server external connection applies the provided encoding only if the IGNORE_ENCODING Java property value is false (default).

758662 140217

Issue: Previously, the Throttling filter was setting duplicated Throttling rate limit information headers in the response.

Resolution: Now, the Throttling filter sets Throttling rate limit information headers in the response once.

758816 140044

Issue: Previously, the Threatening Content filter was not trapping content that is not escaped.

Resolution: Now, the Threatening Content filter is trapping content that is not escaped.

759133 140246

Issue: Previously, the McAfee Anti-Virus filter may not always correctly update the 'mcafee.status' message attribute for multipart messages.

Resolution: Now, the McAfee Anti-Virus filter merges scan results into the 'mcafee.status' message attribute for multipart messages.

760444 141296

Issue: Previously, the Connect to URL filter was unable to connect to a URL via an HTTPS proxy.

Resolution: Now, it is possible to connect to a URL via an HTTPS proxy.

760982 141084

Issue: Previously, in OAuth the redirect URL was seen as invalid because the host was a different case to the one stored on disk for the profile.

Resolution: Now, there is no longer case sensitivity on the host part of the redirect URL.

743541 132530

Issue: Previously, a false error was reported for recursion in a specific policy when using policy shortcuts.

Resolution: Now, there is no error reported for the specific policy using policy shortcuts because it is a valid policy.

747264 134130

Issue: Previously, there was a problem with case sensitivity in URL parameters.

Resolution: Now, you can configure API Gateway to use case sensitive or case insensitive values for URL parameters.

Known issues

The following are known issues in this version of API Gateway.

Topology

Upgrade

<ConfigurationFragment>
<ClassDir name="$VDISTDIR/upgrade/legacy/7.1.x/" />
</ConfigurationFragment>
./run.sh oauth/deployOAuthConfig.py --importapps=off

Redaction

API firewalling

OEM plugin

FIPS mode

OAuth

Internet Explorer issues in the OAuth UI and OAuth client demo:

Documentation

This section describes documentation enhancements and related documentation.

Documentation enhancements

For other documentation changes and enhancements, see the "What's new" section in each guide.

Related documentation

Axway API Gateway is accompanied by a complete set of documentation, covering all aspects of using the product. Go to Axway Sphere at https://support.axway.com to find all documentation for this product version.

For more information about API Gateway and how it is used in Axway 5 Suite, refer to:

Support services

The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements.
Email support@axway.com or visit Axway Sphere at https://support.axway.com.

Copyright © 2015 Axway. All rights reserved.