Document version: 10 February 2016
This Readme applies to Axway API Gateway 7.4.0 SP 3, for all platforms. The information in this Readme supersedes any corresponding information in the documentation (online or printed) previously supplied for the product.
The main aim of this service pack is to provide fixes for a number of reported defects. This service pack contains updates for:
The service pack contains new binaries only and does not overwrite the existing configuration.
File packages: An installation archive is provided for all platforms (for example,
APIGateway_7.4.0_SP3_Core_win-x86-32_BNYYYYMMDDn.zip
for Windows).
Size: The file size differs for each platform. The MD5 checksum is provided for each file.
This service pack provides the following corrections and enhancements.
Case ID | Internal ID | Description |
---|---|---|
790450 | RDAPI-129 |
Issue: API Gateway crashes when decrypting XML with duplicate elements |
789954 | RDAPI-133 | Issue: API Gateway sends garbage data when both sides of a WebSocket send frames at the same time Resolution: Previously, API Gateway was not always correctly processing WebSocket messages causing payload corruption and premature connection close. Now, API Gateway processes all data sent using WebSockets correctly. |
- | RDAPI-137 | Issue: Kerberos filters failing on Solaris Resolution: Previously, Kerberos filters were failing on Solaris using secret keys from a keytab file. Now, Kerberos filters can use secret keys from a keytab file. |
800729 | RDAPI-164 | Issue: API Gateway crashed parsing a SOAP request Resolution: Previously, API Gateway could crash attempting to report an error with message containing percent-encoded characters while processing a SOAP request. Now, API Gateway successfully reports an error with message containing percent-encoded characters. |
800861 | RDAPI-368 | Issue: Upgrading API Gateway gives KPS Table error: OAuthAuthorizations does not exist Resolution: Previously, when upgrading a configuration, an OAuth-specific table named OAuthAuthorizations was missing.
Now, the OAuth table is created during the sysupgrade process. |
804257 | RDAPI-574 | Issue: OAuth missing INSTALL_DIR/apigateway/webapps/apiportal /vordel/apiportal/registry-login/style.css Resolution: Previously, the OAuth login for the Client Application Registry failed because it was missing required stylesheets. Now, the OAuth login for the Client Application Registry launches correctly. |
773388 | RDAPI-911 | Issue: Invalid directories searched for OpenSSL Resolution: Previously, OpenSSL was incorrectly including an RPATH local to the API Gateway build. Now, OpenSSL includes the API Gateway platform/lib RPATH. |
771646 | RDAPI-915 | Issue: OpenSSL FIPS mode updates Resolution: Previously, API Gateway was including OpenSSL 1.0.1j-fips which has security vulnerabilities.
Now, API Gateway includes OpenSSL 1.0.1p-fips addressing known security vulnerabilities.
For more details, see http://openssl.org/news/secadv/20150709.txt. |
805098 | RDAPI-971 | Issue: JMS timeout setting has an upper limit of 20 seconds Resolution: Previously the maximum JMS wait timeout was 20 000 ms. Now, the maximum timeout is the minimum value that an int can have (2^31). |
774850 | RDAPI-995 | Issue: do not use SSLv2 and SSLv3 flags on a port do not prevent use of SSLv2/3 Resolution: Previously, SSL options for an interface were not always correctly loaded from the HTTPS listener configuration in API Gateway. Now, SSL options are correctly loaded from the HTTPS listener configuration in API Gateway. |
808539 | RDAPI-1002 | Issue: nodetool configuration with cassandra-tools-jvm.xml and multiple Apache Cassandra instancesResolution: Previously, the release notes did not state that the nodetool ring command is deprecated, and must not be used.
Now, the release notes state that nodetool ring is deprecated, and you must use nodetool status instead. |
802357 | RDAPI-1071 | Issue: Setting JNDI Properties in LDAP configuration does not work Resolution: Previously, it was not clear if LDAP connection custom JNDI parameters are applied successfully, and for some SSL configurations, java.net.SocketException: Unconnected sockets not implemented was thrown.
Now, the custom JNDI parameters specified for an LDAP connection are reported in DEBUG trace level, and SSL connections have the required socket implementation. |
- | RDAPI-1101 | Issue: Connect to URL filter throws NPE when using Kerberos Credential Profile under stress Resolution: Previously, the Connect to URL filter was throwing NullPointerException when using Kerberos Credential Profile.
Now, the Connect to URL filter works with Kerberos Credential Profile. |
816917 | RDAPI-1141 | Issue: OpenSSL Security Advisory [3 Dec 2015] Resolution: Previously, API Gateway was including OpenSSL 1.0.1p-fips , which has security vulnerabilities.
Now, API Gateway includes OpenSSL 1.0.1q-fips addressing known security vulnerabilities.
For more details, see http://openssl.org/news/secadv/20151203.txt. |
729048 | RDAPI-1157 | Issue: API Gateway caches failing to connect to LDAP due to AuthN failure Resolution: Previously, unsuccessful LDAP connections that failed to due AuthN errors were incorrectly cached, and errors were not reported. Now, LDAP connections that failed due to AuthN errors are reported. |
812623 | RDAPI-1264 | Issue: JSON Add Node filter throws exception Resolution: Previously, if the JSON Add Node filter was used to add a node to a JSON document, and the node content evaluated to null, a NullPointerException was thrown.
Now, the new JSON node is successfully added with value set to null . |
813541 | RDAPI-1367 | Issue: Cannot encrypt message with existing symmetric key Resolution: Previously, the XML-Encryption filter always attempted to use only a generated symmetric key instead of the key provided by the message attribute (for example, symmetric.key ).
Now, the XML-Encryption filter uses the symmetric key configured in the XML-Encryption Settings filter. |
- | RDAPI-1454 | Issue: Optimize OAuth Token Info filter Resolution: Previously, the OAuth Token Info filter and token validation were slow due to object serialization and reflection. Now, the OAuth Token Info filter and token are refactored to be more efficient. |
815887 | RDAPI-1490 | Issue: HTTP method for policies ignored when CORS is enabled Resolution: Previously, when matching incoming HTTP requests to policies using relative path resolvers, the HTTP method was ignored if the relative path resolver had the CORS profile set. Now, the relative path resolver correctly resolves the HTTP request. |
807497 | RDAPI-1565 | Issue: Analytics Audit log Search query does not work properly Resolution: Previously, the Any/All and AND/OR buttons did not appear to work in the audit log search dialog in the API Gateway Analytics UI. Now, these buttons correctly show the logic that will be applied when the search query executes. |
- | RDAPI-1679 | Issue: API Gateway crashes during soak test Resolution: Previously, API Gateway could crash due to a small memory leak in Traffic Monitoring. Now, API Gateway Traffic Monitoring memory handling is improved. |
- | RDAPI-1785 | Issue: Memory leak getting encoded private key (PKCS8) Resolution: Previously, there was a memory leak encoding private key in PKCS8 format. Now, no memory leak when encoding private key in PKCS8 format. |
- | RDAPI-1905 | Issue: Memory leak getting encoded certificate info (PKSC7) Resolution: Previously, there was a memory leak encoding certificates in PKCS7 format. Now, no memory leak when encoding certificates in PKCS7 format. |
814503 | RDAPI-1994 | Issue: Installation of 7.4.0 SP 1 will fail if FIPS mode is enabled Resolution: Previously, the API Gateway SP readme did not include instructions to disable FIPS before applying the SP. Now, the API Gateway SP readme includes instructions to disable FIPS before applying the SP. |
The following issues are known and scheduled for correction in a future release.
Case ID | Internal ID | Description |
---|---|---|
808644 | RDAPI-1066 | Cassandra-backed Client Application Registry is not correctly migrated from version 7.2.x to 7.4.0 SP 2. |
810590 | RDAPI-1165 | Extract MTOM filter returns incorrect Content-Type for SOAP 1.2. |
This service pack has the following prerequisites in addition to the prerequisites specified for the main product release:
INSTALL_DIR/system/lib/modules
directory.INSTALL_DIR/apigateway/webapps/apiportal/vordel/apiportal/app/app.config
before applying API Gateway and API Manager service packs. You must then restore customized API Manager data manually in the new app.config
file.Run togglefips --disable
to turn FIPS mode off.
Start the nodemanager
to move the JARs.
Stop the nodemanager
.
Install API Gateway 7.4.0 SP 3.
Start the nodemanager
.
Stop the nodemanager
.
Run togglefips --enable
to turn FIPS on again.
Start the nodemanager
.
This section describes how to install the service pack on an existing installation of API Gateway.
Note
To install the service pack on your existing API Gateway 7.4.0 Core Server installation, perform the following steps:
INSTALL_DIR/ext/lib
directory (or the ext/lib
directory in an API Gateway instance). These patches have already been included in this service
pack. You do not need to copy patches from a previous version.
apigateway
directory
in your existing installation directory. For example:
tar -xzvf APIGateway_7.4.0_SP3_Core_linux-x86-64_BNYYYYMMDDn.tar.gz -C
/opt/Axway-7.4.0/apigateway/
Note
ls -l INSTALL_DIR/apigateway/posix/bin
command to view the owner of
the binaries.
To install the service pack on your existing API Gateway Analytics 7.4.0 installation, perform the following steps:
INSTALL_DIR/ext/lib
directory (or the ext/lib
directory in an API Gateway Analytics instance). These patches have already been included in this service
pack. You do not need to copy patches from a previous version.
analytics
directory within your existing API Gateway 7.4.0 installation directory. For example:
tar -xzvf APIGateway_7.4.0_SP3_Analytics_linux-x86-64_BNYYYYMMDDn.tar.gz -C
/opt/Axway-7.4.0/analytics/
Note
ls -l INSTALL_DIR/analytics/posix/bin
command to view the owner of
the binaries.
To install the service pack on your existing Policy Studio installation, perform the following steps:
INSTALL_DIR/policystudio
directory.policystudio
directory within your existing API Gateway 7.4.0 installation directory. For example:
tar -xzvf APIGateway_7.4.0_SP3_PolicyStudio_linux-x86-64_BNYYYYMMDDn.tar.gz -C
/opt/Axway-7.4.0/policystudio/
Note
policystudio -clean
.To install the service pack on your existing Configuration Studio installation, perform the following steps:
INSTALL_DIR/configurationstudio
directory.configurationstudio
directory within your existing API Gateway 7.4.0 installation directory. For example:
tar -xzvf APIGateway_7.4.0_SP3_ConfigurationStudio_linux-x86-64_BNYYYYMMDDn.tar.gz -C
/opt/Axway-7.4.0/configurationstudio/
Note
configurationstudio -clean
.To allow an unprivileged user to run the API Gateway on a Linux system, perform the following steps:
INSTALL_DIR/system/conf/jvm.xml
file.
<VMArg
name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/amd64/server:
$VDISTDIR/$DISTRIBUTION/jre/lib/amd64:$VDISTDIR/$DISTRIBUTION/lib/engines:
$VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:
$VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>
<VMArg
name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/i386/server:
$VDISTDIR/$DISTRIBUTION/jre/lib/i386:$VDISTDIR/$DISTRIBUTION/lib/engines:
$VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:
$VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>
setcap 'cap_net_bind_service=+ep'
INSTALL_DIR/platform/bin/vshell
to allow the API Gateway to listen on privileged ports.
Note
Go to Axway Sphere at https://support.axway.com to find all documentation for this product version.
For information about how API Gateway is used in Axway 5 Suite, refer to:
All Axway documentation is available from Axway Sphere at https://support.axway.com.
The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements.
Email support@axway.com or visit Axway Sphere at https://support.axway.com.
Copyright © 2016 Axway. All rights reserved