Axway API Gateway 7.3.1 SP 4 Readme

Document version: 1 March 2016


Readme for 7.3.1 SP 4

This Readme applies to Axway API Gateway 7.3.1 SP 4, for all platforms. The information in this Readme supersedes any corresponding information in the documentation (online or printed) previously supplied for the product.

The main aim of this service pack is to provide fixes for a number of reported defects. This service pack contains updates for:

The service pack contains new binaries only and does not overwrite the existing configuration.

File packages: An installation archive is provided for all platforms (for example, APIGateway_7.3.1_SP4_Core_win-x86-32_BN201509212.zip for Windows).

Size: The file size differs for each platform. The MD5 checksum is provided for each file.

Corrections and enhancements

This service pack provides the following corrections and enhancements.

Case ID Internal ID Description
789954 RDAPI-127 Issue: API Gateway sends garbage data when both sides of a WebSocket send frames at the same time.
Resolution: Previously, API Gateway was not always correctly processing WebSocket messages, causing payload corruption and premature connection close. Now, API Gateway processes all data sent using WebSockets correctly.
819438 RDAPI-170 Issue: Alert filter fails to import correctly.
Resolution: Previously, in Policy Studio, an error displayed when an attempt was made to edit the imported Alert filter. Now, you can modify the Alert filter in Policy Studio after importing it with a policy.
- RDAPI-336 Issue: Create WS-Trust Message filter does not follow protocol.
Resolution: Previously, the inserted Created and Expires elements in the RequestSecurityTokenResponse were created in the WST namespace element. Now, the inserted Created and Expires elements in the RequestSecurityTokenResponse are created with the WSU namespace element.
804956 RDAPI-584 Issue: Performance issues due to churn of SSL sessions.
Resolution: Previously, in API Gateway, connection activity time and idle time were not in sync. This resulted in opening new connections instead of reusing existing connections, which were considered expired. Now, in API Gateway, connection activity time and idle time are in sync, and the connection is cached properly.
786561 RDAPI-631 Issue: Proxied 304 Not Modified responses have binary bodies added when using gzip.
Resolution: Previously, 304 Not Modified responses had binary bodies added to them when gzip compression was enabled. Now, 304 Not Modified responses no longer have this issue when gzip compression is enabled.
802357 RDAPI-665

Issue: Setting JNDI Properties in LDAP configuration does not work.
Resolution: Previously, it was not clear if LDAP connection custom JNDI parameters are applied successfully, and for some SSL configurations, a java.net.SocketException: 'Unconnected sockets not implemented' was thrown. Now, the custom JNDI parameters specified for an LDAP connection are reported in DEBUG trace level, and the SSL connections have the required socket implementation.

729048 RDAPI-792

Issue: API Gateway caches failing to connect to LDAP due to authentication failure.
Resolution: Previously, unsuccessful LDAP connections failed because authentication errors were incorrectly cached, and errors were not reported. Now, LDAP connection that fail due to authentication errors are reported.

807270 RDAPI-795

Issue: Logging milliseconds in timestamp for access log requests.
Resolution: Previously, there was a non-flexible %t format used for access logging that did not include milliseconds. Now, you can specify the format using curly brackets, as shown in the following examples:

%{"dd/MMM/yyyy ** HH:mm:ss:SSS Z"}t

%{"dd/MMM/yyyy ** HH:mm:ss"}t

%{"dd/MMM/yyyy"}t

818087 RDAPI-806

Issue: SSL connection WRITE_PENDING:bad write retry bug.
Resolution: Previously, API Gateway might close the connection while sending a large payload in a response, due to write failure caused by SSL I/O errors. Now, API Gateway handles SSL I/O errors and attempts to retry SSL read/write accordingly.

790450 RDAPI-876

Issue: API Gateway crashes when decrypting XML with duplicate elements.
Resolution: Previously, API Gateway crashed if an error was found during XML element decryption. Now, API Gateway correctly handles errors found during XML element decryption.

787174 RDAPI-878

Issue: Resolver paths not working correctly.
Resolution: Previously, API Gateway failed to resolve to the correct path and policy when handling HEAD requests and having both GET and HEAD methods for the same path configured. Now, API Gateway resolves to the correct path and method rule.

800729 RDAPI-887

Issue: API Gateway crashed parsing a SOAP request.
Resolution: Previously, API Gateway could crash attempting to report an error with message containing percent-encoded characters while processing a SOAP request. Now, API Gateway successfully reports an error with message containing percent-encoded characters.

- RDAPI-899

Issue: Cannot set optimized CRYPTO memory functions.
Resolution: Previously, on Windows, API Gateway could report a Cannot set optimized CRYPTO memory functions error at startup. Now, API Gateway sets optimized CRYPTO memory functions as required.

776780 RDAPI-903

Issue: When Connect to URL hits the Max Received Bytes limit, it returns a truncated result instead of an error.
Resolution: Previously, the policy circuit would not trap exceptions encountered while streaming the response to the client. Now, when the new sendResponseInReflect property is set to 'true, the policy circuit buffers the response in the Reflect Message filter and ensures that the Fault Handler is invoked if maximum response length is reached.

The new sendResponseInReflect property should be added to jvm.xml and the API Gateway should be restarted. For example, <install-dir>/apigateway/groups/group-X/instance-N/conf/jvm.xml should contain:

<ConfigurationFragment>
<SystemProperty name="sendResponseInReflect" value="true" />
</ConfigurationFragment>

771646 RDAPI-907 Issue: OpenSSL updates.
Resolution: Previously, API Gateway was including OpenSSL 1.0.1h/1.0.1p, which has security vulnerabilities. Now, API Gateway includes OpenSSL 1.0.1q addressing known security vulnerabilities.
773388 RDAPI-910 Issue: Invalid directories searched for OpenSSL.
Resolution: Previously, OpenSSL was incorrectly including an RPATH local to the API Gateway build. Now, OpenSSL includes the API Gateway platform/lib RPATH.
816917 RDAPI-1140 Issue: OpenSSL Security Advisory [3 Dec 2015].
Resolution: Previously, API Gateway was including OpenSSL 1.0.1h/1.0.1p, which has security vulnerabilities. Now, API Gateway includes OpenSSL 1.0.1q addressing known security vulnerabilities. For more details, see http://openssl.org/news/secadv/20151203.txt
807497 RDAPI-1240 Issue: Analytics Audit log search query does not work correctly.
Resolution: Previously, the Any/All and AND/OR buttons did not appear to work in the audit log search dialog in the API Gateway Analytics UI. These buttons are not supported by the Analytics back-end. Now, they are disabled in the UI, and their fixed values correctly show the logic that will be applied when the search query executes.
818782 RDAPI-2123 Issue: Proxy authentication fails for HTTPS requests.
Resolution: Previously, the Connect To URL filter was not sending the Proxy-Authorization header to proxy for HTTPS requests (tunneling) when required. Now, the Connect To URL filter sends the Proxy-Authorization header to proxy for HTTPS requests (tunneling) as required.
813470 RDAPI-2142 Issue: Memory leak in CRL (Dynamic) filter.
Resolution: Previously, I/O streams were not closed in case of errors during CRL processing. Now, I/O streams are closed when they are no longer needed.
820584 RDAPI-2197 Issue: Unable to use envSettings.props certificate and environmentalized bind certificate at runtime.
Resolution: Previously, in Policy Studio, you could incorrectly externalize already environmentalized certificates using the Bind certificate at runtime option. Now, in Policy Studio, the Bind certificate at runtime option is removed from the certificate selector dialog for already environmentalized certificates. This prevents the externalization of certificates with environment variables.
- RDAPI-2232 Issue: Error while upgrading configuration.
Resolution: Previously, the CertValidationOcspFilter migrate step 2 task incorrectly imported an incomplete version of the LoadableModule entity type. This caused an exception when trying to upgrade API Gateway configuration. Now, the CertValidationOcspFilter migrate step 2 task imports a complete LoadableModule entity type.

Known issues

The following issues are known and scheduled for correction in a future release.

Case ID Internal ID Description
782400 RDAPI-809 The XML Signature Verification filter fails when a request from SoapUI uses a SAML Assertion with Sender Vouches confirmation method.

Install the service pack

Prerequisites

This service pack has the following prerequisites in addition to the prerequisites specified for the main product release:

  1. Shut down any Node Manager or API Gateway instances on your existing installation.
  2. Back up your existing installation. For details on backing up, see the API Gateway Administrator Guide.
  3. Remove any old third-party libraries. To do this, delete the INSTALL_DIR/system/lib/modules directory.

Installation

This section describes how to install the service pack on an existing installation of API Gateway.

Note

Install the API Gateway Core Server service pack

To install the service pack on your existing API Gateway 7.3.1 Core Server installation, perform the following steps:

  1. Ensure that your existing API Gateway instance and Node Manager have been stopped. For more details, see the API Gateway Administrator Guide.
  2. Remove any previous patches from your INSTALL_DIR/ext/lib directory (or the ext/lib directory in an API Gateway instance). These patches have already been included in this service pack. You do not need to copy patches from a previous version.
  3. Unzip and extract API Gateway 7.3.1 SP 4 Core over the apigateway directory within your existing installation directory. For example:
  4. tar -xzvf APIGateway_7.3.1_SP4_Core_linux-x86-64_BN201509212.tar.gz -C /opt/Axway-7.3.1/apigateway/

Note

Install the API Gateway Analytics service pack

To install the service pack on your existing API Gateway Analytics 7.3.1 installation, perform the following steps:

  1. Ensure that your existing API Gateway Analytics instance and Node Manager have been stopped. For more details, see the API Gateway Administrator Guide.
  2. Remove any previous patches from your INSTALL_DIR/ext/lib directory (or the ext/lib directory in an API Gateway Analytics instance). These patches have already been included in this service pack. You do not need to copy patches from a previous version.
  3. Unzip and extract API Gateway 7.3.1 SP 4 Analytics over the analytics directory within your existing API Gateway 7.3.1 installation directory. For example:
  4. tar -xzvf APIGateway_7.3.1_SP4_Analytics_linux-x86-64_BN201509212.tar.gz -C /opt/Axway-7.3.1/analytics/

Note

Install the Policy Studio service pack

To install the service pack on your existing Policy Studio installation, perform the following steps:

  1. Shut down Policy Studio.
  2. Back up your existing INSTALL_DIR/policystudio directory.
  3. Unzip and extract API Gateway 7.3.1 SP 4 Policy Studio over the policystudio directory within your existing API Gateway 7.3.1 installation directory. For example:
  4. tar -xzvf APIGateway_7.3.1_SP4_PolicyStudio_linux-x86-64_BN201509212.tar.gz -C /opt/Axway-7.3.1/policystudio/

Note

Install the Configuration Studio service pack

To install the service pack on your existing Configuration Studio installation, perform the following steps:

  1. Shut down Configuration Studio.
  2. Back up your existing INSTALL_DIR/configurationstudio directory.
  3. Unzip and extract API Gateway 7.3.1 SP 4 Configuration Studio over the configurationstudio directory within your existing API Gateway 7.3.1 installation directory. For example:
  4. tar -xzvf APIGateway_7.3.1_SP4_ConfigurationStudio_linux-x86-64_BN201509212.tar.gz -C /opt/Axway-7.3.1/configurationstudio/

Note

After installation

To allow an unprivileged user to run the API Gateway on a Linux system, perform the following steps:

  1. Add the following line to the INSTALL_DIR/system/conf/jvm.xml file.
  2. 64-bit installation

    <VMArg name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/amd64/server:
    $VDISTDIR/$DISTRIBUTION/jre/lib/amd64:$VDISTDIR/$DISTRIBUTION/lib/engines:
    $VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:
    $VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>

  3. 32-bit installation

    <VMArg name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/i386/server:
    $VDISTDIR/$DISTRIBUTION/jre/lib/i386:$VDISTDIR/$DISTRIBUTION/lib/engines:
    $VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:
    $VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>

  1. Run the command setcap 'cap_net_bind_service=+ep' INSTALL_DIR/platform/bin/vshell to allow the API Gateway to listen on privileged ports.

Note


Documentation

Go to Axway Sphere at https://support.axway.com to find all documentation for this product version.

For information about how API Gateway is used in Axway 5 Suite, refer to:

All Axway documentation is available from Axway Sphere at https://support.axway.com.


Support services

The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements.
Email support@axway.com or visit Axway Sphere at https://support.axway.com.


Copyright © 2016 Axway. All rights reserved