Document version: 22 February 2019
This Readme applies to Axway API Gateway and API Manager 7.5.3 SP10, for all supported platforms. The information in this Readme supersedes any corresponding information in the documentation (online or printed) previously supplied for the products.
This service pack provides fixes for a number of reported defects. It includes updates for the following components:
The service pack contains new binaries only and does not overwrite the existing configuration. Service packs are cumulative and include all preceding fixes (service packs and patches) in this product version.
File packages: An installation archive is provided for all supported platforms (for example, APIGateway_7.5.3_SP10_Core_linux-x86-64_BNYYYYMMDDn.tar.gz
).
Size: The file size differs for each platform. The MD5 checksum is provided for each file.
Internal ID | Case ID | CVE ID | Description |
---|---|---|---|
RDAPI-13868 | 00989768, 00990108, 01014125 | Issue: Location header in 303 See Other response displayed absolute URIs to host specified in Host header, which could be modified and cause a security issue.
Resolution: Location header now contains a relative URI by default, according to RFC 7231. To display absolute URIs in the Location header,
set the com.axway.response.redirect.location.relative Java system property to false in INSTALL_DIR/apigateway/system/conf/jvm.xml .
| |
RDAPI-13972 | 00999435 | CVE-2016-4000 | Issue: API Gateway used Jython 2.5.2, which included security vulnerabilities.
Resolution: API Gateway has been updated to use Jython 2.7.1. |
RDAPI-14497 | 01009656 | Issue: The API Gateway SOAP response to a message with an empty body contained a fault namespace indicating that it was an Axway API Gateway.
Resolution: You can use the -Dcom.axway.soap.faultnamespace system property in jvm.xml to rename this namespace to avoid any potential security issues. | |
RDAPI-14498 | 01010245 | Issue: Threatening Content filter only scanned the value of the first query string parameter with a specific name, allowing it to be bypassed using multiple parameter values of the same name.
Resolution: Threatening Content filter now scans every query string parameter value regardless of name. | |
RDAPI-14582 | 01010153 |
Issue: When the JWT Verify filter executed in Policy Studio, JWT token payload was visible in plain text logs at INFO trace level, causing a Medium CVSS security risk.Resolution: JWT token payload is now redacted from tracing at all levels. | |
RDAPI-14615 | 01012736 | Issue: Input for phone, mobile, email, and description was not properly validated in the API Manager User API.
Resolution: Input validation for phone and mobile fields and improved email validation have been added. | |
RDAPI-14836 | 01019411 | Issue: Error handling exposed information in API Manager if you issued a PUT request with invalid data in the request body to the advisorybanner API. Resolution: If you try to update the advisorybanner using invalid data, API Manager now displays the correct error message, and no information is exposed.
| |
RDAPI-14980 | 01019129 | Issue: OAuth authorization code flow did not check that authorization code corresponds to client when generating authorization token. Resolution: API Gateway checks that authorization code corresponds to client requesting the authorization token and rejects token creation if it does not. | |
RDAPI-15049 | 01025419, 01032060 | CVE-2015-9251 | Issue: API Gateway shipped with jQuery 2.2.4, which was vulnerable to Cross-Site Scripting (XSS) attacks when a cross-domain Ajax request was performed without the |
RDAPI-15107 | 01028183 | Issue: API Manager XSS security vulnerability with old versions of Internet Explorer.
Resolution: Code supporting old browsers has been removed because it contained an XSS security vulnerability. Internet Explorer versions 8.0 and 9.0 are no longer officially supported by API Gateway v7.5.x, as stated in the API Gateway Installation Guide. | |
RDAPI-15318 | 01032508 | Issue: The Java version shipped with API Gateway contained security vulnerabilities.
Resolution: The API Gateway Java version has been upgraded to JRE 1.8.0_202. For more information, see: https://www.oracle.com/technetwork/java/javase/8u202-relnotes-5209339.html |
Internal ID | Case ID | Description |
---|---|---|
RDAPI-12357 | 00949835 | Issue: Problems importing Swagger when array contained primitive types like string.
Resolution: Swagger import now allows arrays that contain simple types. |
RDAPI-13326 | 00966372 | Issue: Exception could be triggered when signing XML elements for which namespace prefix does not exist.
Resolution: XML exception is no longer triggered when a namespace prefix is not required. |
RDAPI-13412 | 00982276 | Issue: Partial and inconsistent validation was performed on the Backend URL field in API Manager. The URL validation was implemented correctly, but HTTPS/certificate validation was not, and invalid field information disappeared on losing focus of the field.
Resolution: Both types of validation are now done in a consistent manner, and both errors have the same look and feel when triggered. |
RDAPI-13635 | 00985086 | Issue: WSDL with more than one endpoint per binding (for example, HTTP and HTTPS) only displayed the first endpoint when imported in API Manager.
Resolution: API Manager now displays all the endpoints of each imported WSDL. |
RDAPI-13975 | 00999445 | Issue: Links sent to finish API Manager user registration process did not work when special characters like + were used in email address.
Resolution: Email address parameter is now encoded in the URL. |
RDAPI-14065 | 00999714 | Issue: In API Manager, importing WSDL from an SSL-protected endpoint with a self-signed certificate failed.
|
RDAPI-14075 | 00987150 | Issue: In API Manager, virtualized API with path that contained trailing unencoded whitespace was not matched by the matching filter.
Resolution: Front-end regex validation and back-end import validation now remove the invalid whitespace and warn the user. |
RDAPI-14142 | 00999170, 01012763, 00998920, 01021762 | Issue: API Gateway sometimes showed cardinality violation exceptions in error traces. These indicated that the loaded configuration of some entities was corrupted in-memory, and no new values could be set for them, which could lead to undefined behavior.
Resolution: API Gateway is no longer affected by a race condition accessing and setting the loaded entity store configuration values. API Gateway can now update the entity store configuration values in-memory successfully. |
RDAPI-14205 | 01004743 | Issue: When publishing an API on a virtual host in API Manager, the virtual host matching was case sensitive and resulted in an error if a different case was presented.
Resolution: The virtual host matching in API Manager is now case insensitive. |
RDAPI-14297 | 00942267, 01004780 | Issue: When changing an organization name, if an application API key was previously loaded in a Try It form, API Manager displayed: The entity could not be found. Please refresh your session .
Resolution: This issue has been fixed and API Manager no longer displays this error message. |
RDAPI-14301 | 01002805, 01009406 | Issue: In API Manager, the update organization API method (PUT /api/portal/v.1.3/organizations/{id} ) failed to do basic checks to prevent corrupt data, allowing broken links between KPS tables, invalid email addresses, and setting flags that were usually unavailable in the UI.
Resolution: The update organization API method now enforces stronger validation, similar to the create organization API method. |
RDAPI-14380 | 01007579 | Issue: kpsadmin commands could sometimes reach the standard transaction timeout before completion.
Resolution: kpsadmin commands now run until completion. The kpsadmin command result report now also shows the duration length (in seconds) and the final HTTP response status.
|
RDAPI-14417 | 01008596 |
Issue: Error raised when decrypting JWT tokens that were encrypted by another security provider with RSA OAEP algorithm.
Resolution: The security provider has been improved to support RSA OAEP for both encryption and decryption. |
RDAPI-14421 | Issue: DataStax Java client driver used by API Gateway was not optimized for Apache Cassandra v2.2.12.
Resolution: API Gateway now uses DataStax Java client driver v3.5.0, which supports Cassandra v2.2.12. | |
RDAPI-14459 | 01000557 | Issue: API Gateway GET requests had different error messages from PUT , POST , and DELETE .
Resolution: API Gateway error handling now provides the same HTTP status codes for all REST API requests. |
RDAPI-14461 | 01010010 | Issue: Adding a value to an API Gateway cache configured with a First-In-First-Out eviction policy incorrectly removes the value if it already exists in the cache. And if the Persist to Disk setting is selected when the cache is full, no eviction policy is executed when adding data.
Resolution: The existing value is no longer removed from the cache, and is updated when required. If Persist to Disk is selected when the cache is full, the eviction policy supported by the cache persistence store is executed when adding data. |
RDAPI-14478 | 01001297 | Issue: When using an OCSP Client filter with multiple response validation options selected, the client aborted and would not execute subsequent validation if the first option failed.
Resolution: The client now tries every selected validation option before aborting. |
RDAPI-14489 | 01001883 | Issue: Visual Mapper incorrectly created an Any tag when mapping an XSD element without a type defined.
Resolution: Visual Mapper no longer creates an Any tag when mapping an XSD element without a type defined.
|
RDAPI-14490 | 00995523 | Issue: AWS Signing (Authorization Header) security device in API Manager did not validate the request timestamp, which did not comply with Amazon documentation.
Resolution: The security device now validates the request timestamp and complies with Amazon requirements. |
RDAPI-14517 | 01008734 | Issue: API Gateway Create Thumbprint filter sometimes removed leading zeros due to problems with translation of byte array to string.
Resolution: Create Thumbprint filter no longer removes leading zeros. |
RDAPI-14551 | 01003624, 01003697 | Issue: In some rare cases, for HTTP requests with a body, the API Gateway Send to ICAP filter duplicated the Content-Type header.
Resolution: The Send to ICAP filter now ensures that content headers are not duplicated. |
RDAPI-14571 | 01010596 | Issue: Product Version field in API Gateway Manager was initially set to unknown, and updated when the service call returned. If the call was not fast enough, API Gateway Manager did not update with the correct version.
Resolution: Version is now displayed in API Gateway Manager when the client receives the service call response. |
RDAPI-14588 | 01012632, 01029798 | Issue: Performance of API Gateway File Upload filter was up to 20 times faster with File Type of ASCII and Connection Type of FTP or FTPS , when compared to File Type of Binary .
Resolution: File Upload filter now calls a more efficient OutputStream to improve performance when File Type is Binary and Connection Type is FTP or FTPS .
|
RDAPI-14632 | 01013406 | Issue: API Manager did not respect trailing slash when sending request to back-end with API method exposed on / only and Java system property set to preserve trailing slash.
Resolution: Trailing slash is now preserved when sending request to back-end with the com.vordel.apimanager.uri.path.trailingSlash.preserve system property set to true .
|
RDAPI-14674 | 01014764 | Issue: The Access Token using OAuth Client Credentials filter failed on execution if a Token Type other than Bearer was used in requests, even if the Access Token Type field was set correctly in Policy Studio.
Resolution: The Access Token using the Client Credentials filter now accepts and validates a custom Access Token Type. |
RDAPI-14684 | 01012436 | Issue: Using OpenSSL configuration engine with API Gateway generated loading error when initializing EngineConfig module.
Resolution: API Gateway has been updated to load the legacy crypto engine configuration successfully. |
RDAPI-14706 | 01013276 | Issue: In API Manager, an additional incorrect forward slash (/ ) was appended when matching API definitions that start with path parameters.
Resolution: The incorrect leading / when matching the URL to the method definition has been removed.
|
RDAPI-14774 | 01019448 | Issue: When importing or updating OAuth client credentials, API Gateway checked that the redirectUrl value was a URL, and included validation against empty strings.
Resolution: API Gateway now omits empty and whitespace-only values, and only checks that values are URLs and imports them when they have content. |
RDAPI-14775 | 01027997 | Issue: MIME |
RDAPI-14829 | 01019887 | Issue: API Gateway instance could crash when trying to log a trace message during shutdown.
Resolution: API Gateway trace logging has been fixed. |
RDAPI-14830 | 01020923 |
Issue: API Gateway crashed on reaching maximum connections when sending HTTPS requests through an HTTP proxy.
Resolution: The connections counter has been fixed and connection attempts that exceed the maximum now fail with an error message. |
RDAPI-14854 | 01018773, 01016524 | Issue: API method parameters without Data Type value in API Manager caused issues when attempting to view API definition in API Catalog.
Resolution: Added validation on method import and in API Manager UI, and a default value for missing Data Type. Note: You must reimport existing APIs with this behavior to resolve missing data types with a default of string .
|
RDAPI-14903 | 01022533 | Issue: HTTP redaction could generate invalid documents when parsing chunked bodies, and crash could occur when redacting unbalanced XML documents.
Resolution: HTTP redaction has been fixed, and unbalanced XML documents are now handled correctly. |
RDAPI-14919 | 01023427, 01024783, 01030405 | Issue: Additional validation added in RDAPI-13510 made it impossible to upload an outbound SSL certificate for a virtualized API.
Resolution: This validation has been updated to allow the upload of .p12 certificate files.
|
RDAPI-14920 | 01022178 | Issue: When updating an image for any user, the API Manager user panel at the top right was updated to show you connected as that user, regardless of who was logged in.
Resolution: The API Manager user panel is only updated when the image for the logged-in user is updated. |
RDAPI-14921 | 01009556 | Issue: External Credentials were displayed in API Manager in a grid structure with no maximum rows or paging, which caused excessive memory use with large data sets.
Resolution: The display format has been changed from a grid structure to a list with paging and filtering functionality. |
RDAPI-14941 | 01023087 | Issue: Using the apimanager-promote script, if the folder containing data (api-export.dat and promotion.properties ) also contained subfolders or empty files, an exception was thrown.
Resolution: Subfolders and empty files are now ignored. |
RDAPI-14991 | 01021772 | Issue: The Conversation field for a Hardware Security Module (HSM) was removed from the Private Key dialog in Policy Studio v7.5.3.
Resolution: The content of the Conversation field can now be added to the Key Id field and separated by ; in the HSM configuration in Policy Studio.
|
RDAPI-15051 | 01023734 | Issue: API Gateway XSLT Transformation filter incorrectly alters some UTF-8 characters.
|
RDAPI-15096 | 01026334 | Issue: No Match For Request error when Content-Type was not equal to the API method MIME type.
Resolution: Use the com.coreapireg.apimethod.contenttype.legacy=true system property to disable this Content-Type check for single API method exact matching and to allow legacy API method matching. For example:
<ConfigurationFragment>
The default is false .
|
RDAPI-15187 | 01029757 | Issue: API Gateway crashed when writing data to a corrupt traffic monitor file.
Resolution: File corruption is now detected before trying to add data to it. |
RDAPI-15219 | 01023041 | Issue: During update and refresh operations, API Manager deactivated listeners on all of its APIs. If the list was long enough, API Manager could begin listening for changes before the refresh operation was complete, resulting in perceived updates to APIs and many PUT requests being sent to the back-end.
Resolution: API Manager listener handling is now fully verbose, and this race condition cannot be encountered. |
RDAPI-15401 | 01015430, 01031170, 00998764 | Issue: Calls to API Manager User and Application APIs were very slow when large numbers of users and/or applications were created.
Resolution: Set the com.axway.apimanager.api.data.cache system property to true to cache users and applications in memory at startup. In-memory cache is kept up-to-date using the API Manager events mechanism.
|
RDAPI-15410 | 01035768, 01035475 | Issue: An API Gateway Global Fault Handler Policy could not be used for all API Manager fault processing.
Resolution: An API Gateway Global Fault Handler Policy can now be used for all API Manager fault processing. To enable this, set the com.axway.apimanager.fault.global Java system property to true .
|
If you are using the API Manager Management APIs, you must disable the CSRF token check implemented in v7.5.3 SP9. To disable this check, set the com.axway.apimanager.csrf
Java system property to false
. The default is true
.
Related issues: RDAPI-14363, IAP-1592
v7.5.3 SP10 adds improved support for Apache Cassandra 2.2.12 (see RDAPI-14421). However, the API Gateway Installation Guide and API Gateway Upgrade Guide incorrectly state that API Gateway supports Apache Cassandra versions 2.2.5 and 2.2.8 only. This user documentation will be updated to reflect support for Cassandra version 2.2.12 at a later date.
Related issues: RDAPI-14421
The following known issues are currently scheduled for the next service pack.
Internal ID | Description |
---|---|
RDAPI-12338 | API Manager generates wrong top-level OAuth security requirements in Swagger |
RDAPI-12891 |
API Gateway not compliant when HEAD request with Connect to URL filter, and Content-Range header in response
|
RDAPI-12966 |
Incorrect Resource URI forwarded to API Manager Backend API when OPTIONS verb is used
|
RDAPI-13393 |
Inadequate use of cache-related headers [CWE-525] on API Manager /api/portal/v1.3/users |
RDAPI-13416 | Zip Slip vulnerability—codehaus/plexus-archiver 2.7.1 [CVE-2018-1002200] |
RDAPI-13723 | Policy called as REST API in Policy Studio, and local fault handler not catching unhandled false return from policy called by policy shortcut |
RDAPI-13839 | Subject in Event Log not in sync with Traffic Log when Pass Through configured in API Manager |
RDAPI-14487 | API Manager quota read consistency in multi-datacenter configuration |
RDAPI-14506 |
managedomain regen_certs in unattended mode always generates new domain certificate
|
RDAPI-14552 |
API Gateway libxml2 outdated and unsecured
|
RDAPI-14613 | In Policy Studio, when importing a policy fragment, deselected items are imported anyway |
RDAPI-14638 | Error creating account for external identity provider with name containing special characters |
RDAPI-14707 | PGP verify fails if the message is signed with private key with passphrase |
RDAPI-15048 | API Gateway Analytics—CSV does not match PDF report for same time range |
RDAPI-15163 |
Issue when configuring passphrase on API Gateway with $ character in the password
|
RDAPI-15209 | API Manager custom attributes have serious UI deficiencies |
RDAPI-15217 | API Manager does not properly handle application exceptions and can allow information leakage |
RDAPI-15218 | API Manager reveals existence of user's email through application redirection in response |
RDAPI-15253 | JSON body formatted by API Manager when passing through to API Gateway |
RDAPI-15301 | Missing buffer overflow protection in API Gateway native code—stack canaries not enabled |
RDAPI-15322 |
API Manager query string not accepting ". "
|
RDAPI-15462 | After Data Map is executed with bad input, even good input causes a blank response until API Gateway instance restarts |
This service pack has the following prerequisites in addition to those specified for the major product release version in the API Gateway Installation Guide:
Note | Ensure to back up any customized files in your INSTALL_DIR . You should merge updated files instead of copying them back directly to avoid any regex matching issues. For example, the following directories might contain customized files: |
webapps/apiportal/vordel/apiportal
webapps/emc/vordel/manager/app
webapps/emc
system/conf/apiportal/email
system/conf
samples/scripts
INSTALL_DIR/apigateway/system/lib/modules
INSTALL_DIR/analytics/system/lib/modules
INSTALL_DIR/apigateway/system/lib/jython
INSTALL_DIR/analytics/system/lib/jython
kpsadmin
), and that the JAVA_HOME
variable is set correctly in cassandra.in.sh
and cassandra.in.bat
.If FIPS mode is enabled, you must perform the following steps to install the service pack:
togglefips --disable
to turn FIPS mode off.togglefips --enable
to turn FIPS on again.This section describes how to install the service pack on existing installations of API Gateway or API Manager.
Note |
Note | If you have API Manager installed, installing the API Gateway server service pack automatically installs the updates for API Manager. |
To install the service pack on your existing API Gateway 7.5.3 server installation, perform the following steps:
Note | On Windows, if you are running in a console in the foreground, you should also close the console. If Cassandra is co-located with API Gateway, you must also stop Cassandra and close the Cassandra console. If there are any open file locks, this may prevent apigw_sp_post_install.bat from completing successfully. |
INSTALL_DIR/ext/lib
and INSTALL_DIR/META-INF
directories (or the ext/lib
directory in an API Gateway instance). These patches have already been included in this service pack. You do not need to copy patches from a previous version.apigateway
directory in your existing installation directory. For example:tar -xzvf APIGateway_7.5.3_SP10_Core_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.5.3/apigateway/
apigateway
directory in your installation: INSTALL_DIR\apigateway
INSTALL_DIR/apigateway
apigw_sp_post_install.bat
apigw_sp_post_install.sh
Note | On Linux, run the script using the bash command, and ensure that the correct permissions are set. |
root
user on the appliance before starting the Node Manager or API Gateway:[ -f /etc/apigateway/ssl-engines.xml ] && mv /etc/apigateway/ssl-engines.xml /etc/apigateway/ssl-engines.xml.1
chown -R admin:admin /opt/gateway/
grep "java.library.path" /opt/gateway/system/conf/jvm.xml || sed -i.bak -e '/<JVMSettings/a\\n <!-- Set to allow correct library load after setting CAP_NET_BIND_SERVICE on vshell -->\n <VMArg name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/amd64/server:$VDISTDIR/$DISTRIBUTION/jre/lib/amd64:$VDISTDIR/$DISTRIBUTION/lib/engines:$VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:$VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>' /opt/gateway/system/conf/jvm.xml
setcap 'cap_net_bind_service=+ep cap_sys_rawio=+ep' /opt/gateway/platform/bin/vshell
ldconfig
Note |
ls -l INSTALL_DIR/apigateway/posix/bin
To install the service pack on your existing API Gateway Analytics 7.5.3 installation, perform the following steps:
analytics
directory in your existing API Gateway 7.5.3 installation directory. For example:tar -xzvf APIGateway_7.5.3_SP10_Analytics_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.5.3/analytics/
analytics
directory in your installation: INSTALL_DIR\analytics
INSTALL_DIR/analytics
apigw_analytics_sp_post_install.bat
apigw_analytics_sp_post_install.sh
Note |
bash
command, and ensure that the correct permissions are set.ls -l INSTALL_DIR/analytics/posix/bin
To install the service pack on your existing Policy Studio installation, perform the following steps:
INSTALL_DIR/policystudio
directory.policystudio
directory in your existing API Gateway 7.5.3 installation directory. For example: tar -xzvf APIGateway_7.5.3_SP10_PolicyStudio_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.5.3/policystudio/
Note | The first time you start Policy Studio, you must use policystudio -clean . |
To install the service pack on your existing Configuration Studio installation, perform the following steps:
INSTALL_DIR/configurationstudio
directory.configurationstudio
directory in your existing API Gateway 7.5.3 installation directory. For example: tar -xzvf APIGateway_7.5.3_SP10_ConfigurationStudio_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.5.3/configurationstudio/
Note | The first time you start Configuration Studio, you must use configurationstudio -clean . |
The following steps apply after installing the service pack.
Note | On the API Gateway Appliance, you can skip the following steps if you already ran the code in steps 6 and 7 in Install the service pack. |
To allow an unprivileged user to run API Gateway on a Linux system, perform the following steps:
INSTALL_DIR/system/conf/jvm.xml
file: <VMArg name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/amd64/server:$VDISTDIR/$DISTRIBUTION/jre/lib/amd64:$VDISTDIR/$DISTRIBUTION/lib/engines:$VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:$VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>
setcap 'cap_net_bind_service=+ep cap_sys_rawio=+ep' INSTALL_DIR/platform/bin/vshell
to allow the API Gateway to listen on privileged ports./etc/ld.so.conf.d/gateway-libs.conf
that contains the following lines:INSTALL_DIR/platform/jre/lib/amd64/server
INSTALL_DIR/platform/jre/lib/amd64
INSTALL_DIR/platform/lib/engines
INSTALL_DIR/platform/lib
INSTALL_DIR/ext/lib
ldconfig
When API Manager is installed, you must run the update-apimanager
script after the API Gateway post-install script to ensure that all paths are up-to-date.
Tip | You can run this command once at the API Gateway group level, instead of on every API Gateway instance, for example: |
/opt/Axway-7.5.3/apigateway/posix/bin/update-apimanager --username=admin --password=MY_PASSWORD --group=API_MGR_GROUP
The following command shows an example of running the update-apimanager
script when the Client Application Registry is installed:
/opt/Axway-7.5.3/apigateway/posix/bin/update-apimanager --username=admin --password=MY_PASSWORD --group=API_MGR_GROUP --productname=clientappreg
Go to the Axway Documentation portal at https://docs.axway.com to find all documentation for this product version.
The following reference documents are available on the Axway Documentation portal at https://docs.axway.com:
The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements.
Email support@axway.com or visit Axway Support at https://support.axway.com.
Copyright © 2019 Axway. All rights reserved.