Document version: 20 Feb 2015
This Readme applies to Axway API Gateway 7.3.1 SP1, for all platforms. The information in this Readme supersedes any corresponding information in the documentation (online or printed) previously supplied for the product.
The main aim of this service pack is to provide fixes for a number of reported defects.
This service pack contains updates for:
The service pack contains new binaries only and does not overwrite the existing configuration.
File Packages: An installation archive is provided for all platforms (for example,
APIGateway_7.3.1_SP1_Core_win-x86-32_BN201502151.zip
)
for Windows.
Size: The file size differs for each platform. The MD5 checksum is provided for each file.
This service pack provides the following corrections and enhancements.
Case ID | Internal ID | Description |
---|---|---|
719925 | 121683 | When using a configured proxy with the Connection filter, host header is always value of proxy Previously, you were unable to connect to a URL using an API Gateway configured as an HTTPS proxy. Now, you can connect to a URL using an API Gateway configured as an HTTPS proxy. |
733227 | 127312 | CRL (Dynamic) filter does not fail when CRL is not reachable Previously, the CRL filters were validating certificates using expired CRL from cache. Now, the CRL filters return false if the provided/cached CRL is expired. |
736569 | 133557 | Problems upgrading from v7.1.1 to v7.3.1 using UpgradeConfig command Previously, there was an issue with upgrading XML files with UTF-8 encoding. Now, there is no issue with upgrading XML files with UTF-8 encoding. |
739863 | 130702 | Solaris requirements are incorrect in API Gateway 7.3 Installation Guide Previously, the support for Solaris 64 bit was documented incorrectly. Now, the support for Solaris 64 bit is documented correctly. |
740002 | 130672 | vshell cores in Trace filter when receiving a URL encoded character Previously, the Trace filter was terminating API Gateway processing a UTF-8 encoded character. Now, the Trace filter is fixed to allow processing a UTF-8 encoded character. |
741308 | 132476 | (Updated) API Gateway does not use HTTP CONNECT tunneling when using a proxy to access HTTPS URL Previously, you were unable to connect to an HTTPS URL through an HTTP/HTTPS proxy. Now, it is possible to connect to an HTTPS URL through an HTTP/HTTPS proxy. |
741904 | 131711 | Register WSDL with WSDL URL always sends BASIC AuthN header Previously, when registering WSDL using WSDL URL, API Gateway always sent an authentication header to the remote server, disregarding authentication settings. Now, when registering WSDL using WSDL URL, API Gateway sends the authentication header only if the authentication settings are provided. |
742201 | 131777 | Retrieve from SAML Attribute Assertion filter throws no native proxy for Java object exception under load Previously, SAML Attribute Assertion filter throws an error under heavy load. Now, SAML Attribute Assertion filter does not throw an error under heavy load. |
742538 | 132548 | When creating an API in Policy Studio, parameter path variables were not available for policies Previously, when using REST API wizards to create an API in Policy Studio, the parameter path variables were not available on the whiteboard for the Request/Routing/Response policies. Now, when using REST API wizards to create an API in Policy Studio, the parameter path variables are available on the whiteboard for the Request/Routing/Response policies. |
742629 | 132255 | Appliance TCP connection not sending close_notify to Layer 7 gateway with payload response when certain size Previously, API Gateway was not always sending close-notify message on SSL shutdown. Now, API Gateway sends close-notify explicitly on SSL shutdown. You can configure this in SystemSettings of API Gateway instance's service.xml config: sslShutdownPolicy = {"dirty" | "simplex" | "duplex"} "dirty" is the old behaviour "simplex" is the default, and ensures that close-notify is sent "duplex" waits for the remote to send its close-notify also |
743296 | 132254 | User Guide does not document which JSON Schema specifications are supported Previously, the User Guide did not document which JSON Schema specifications are supported by the JSON Schema Validation filter. Now, draft version 2 of JSON Schema specification supported by the JSON Schema Validation filter is added in the Policy Developer Guide. |
743895 | 132828 | Debugging options for troubleshooting installation failure in hardened Linux environment Previously, there were errors when managedomain was creating a Node Manager because of permissions on the system. Now, there are no errors when managedomain creates a Node Manager. |
744739 | 132990 | Avoid 'invalid field' returned when field not referenced in query string but referenced in Set Message filter Previously, INVALID_FIELD was returned for an invalid field in selectors in policies. Now, there is a configuration option to allow an empty string to be returned instead of the INVALID_FIELD value from selectors. |
745392 | 133211 | Connect to URL filter aborts in 7.1.1 Previously, the Connect to URL filter always added the port number in Host header for HTTP and HTTPS requests (for example, Host: www.axway.com:80, Host: www.axway.com:443). Now, the Connect to URL filter adds only non-default ports for HTTP and HTTPS requests in the Host header (for example, Host: www.axway.com). |
745499 | 133212 | DTD Injection in XML parser Previously, in certain circumstances the XML parser allowed DTD injection when parsing SOAP XML documents. Now, it is not possible to inject DTDs into XML because the XML parser does not allow it. |
746450 | 133670 | Policy Studio cannot connect to Admin Node Manager configured for TLS 1.2 (but browser can) Previously, Policy Studio could not connect to an Admin Node Manager configured for TLS 1.2. Now, you can use a configuration option in policy.ini to connect to an Admin Node Manager configured with TLS 1.2 using Policy Studio. |
746670 | 133763 | Policy does not import correctly until second try Previously, under certain conditions when importing a policy, the policy did not import correctly and was missing links. Now, when importing the policy, all links are properly imported. |
747500 | 134127 | Upgrade failure: Oracle API Gateway 11.1.1.6.1 (6.3.1) to 11.1.2.3.1 (7.3.1) Previously, there were errors upgrading from API Gateway 6.3.1 to 7.3.1 because 127.0.0.1 was used as the host for admin APIs instead of localhost. Now, there are no errors when upgrading from API Gateway 6.3.1 to 7.3.1. |
749150 | 135033 | (Updated) HTTPS proxy server not working: tries to CONNECT to the backend Previously, the Connect to URL filter was sending CONNECT method with endpoint set to proxy. Now, the Connect to URL filter sends CONNECT method to proxy with correct endpoint details. |
749194 | 135265 | API Gateway does not authenticate using digest authentication and may crash Previously, using basic authentication with "Automatically send credentials" enabled, the API Gateway crashed. Now, using basic authentication with "Automatically send credentials" enabled, the authentication process completes. |
749498 | 134939 | Oracle Access Manager SDK: "Access Server has returned a fatal error" Previously, OAM Authenticator returned a fatal error when it cannot find a scoped session during authentication Now, OAM Authenticator no longer returns a fatal error if it cannot find the scoped session. |
751925 | 139288 | Deployment Error: "Failed to find feature noLicensing" Previously, harmless messages appeared in trace log file for licensing. Now, these messages have been removed from the trace log file because they are not useful. |
752124 | 137789 | Failure to download trace files from API Gateway Manager download link Previously, the API Gateway Node Manager reported an error when users attempted to download a trace file exceeding 10 MB in size. Now, you can configure the API Gateway Node Manager using the samples/scripts/config/updateMaxInOutLen.py script to allow downloading a trace file exceeding 10 MB in size. |
752386 | 136278 | Registering WSDL does not show all operations Previously, some operations were not listed when registering WSDL in Policy Studio. Now, all operations are listed when registering WSDL in Policy Studio. |
752479 | 136269 | OpenSSL upgrades for Oracle 7.2.1 and OpenSSL October 15th advisory Previously, API Gateway was running with an older version of OpenSSL. Now, API Gateway is running with OpenSSL 1.0.1j 15 Oct 2014. |
753295 | 136715 | Disable Cassandra script not working Previously, the disable Cassandra script did not allow you to specify an Admin Node Manager URL. Now, the disable Cassandra script allows you to specify an Admin Node Manager script. |
753805 | 139298 | Cannot deploy WSDL with space in namespace name Previously, WSDL with space in namespace name could not be loaded. Now, validation of namespaces can be turned off using the new XML_PARSE_NONAMESPACE_URI_REF_VALIDATION libxml custom option to allow loading WSDL with space in namespace name. |
753965 | 137538 | Upgrade fails at apigateway/system/conf/migrate/CertValidationOcspFilter/2.xml Previously, there was an error upgrading OCSP policies to 7.3.1. Now, there is no error upgrading OCSP policies to 7.3.1. |
754322 | 137792 | Failure to download transaction log files from API Gateway Manager download link Previously, the API Gateway Node Manager reported an error when users attempted to download a log file exceeding 10 MB in size. Now, you can configure the API Gateway Node Manager using samples/scripts/config/updateMaxInOutLen.py script to allow downloading a log file exceeding 10 MB in size. |
754375 | 137745 | Connect to URL policy stops working after upgrade from 7.1.1 to 7.3.1 Previously, Connect to URL policies with URLs containing spaces worked in 7.1.1, but after upgrading the 7.3.1, the policy stopped working. Now, after upgrading to 7.3.1, URLs with spaces specified in Connect to URL policies continue to work. |
754803 | 137530 | API Gateway crashes in libvxml2.so.2 Previously, under certain circumstances, there was a race condition when processing XPath expressions. Now, there is no race condition when processing XPath expressions. |
754885 | 138330 | Remote Host issue after upgrade from 7.2.2 to 7.3.1 Previously, maximum connections in Remote Host configuration was set to -1 during upgrade to 7.3.1. Now, maximum connections in Remote Host configuration is not changed during upgrade to 7.3.1. |
754968 | 137627 | OutOfMemory when a Directory Scanner reads a large file Previously, when the Directory Scanner was dealing with large files, it read the whole file into memory causing an OutOfMemoryException. Now, the Directory Scanner does not read the whole file into memory, and does not cause any OutOfMemoryExceptions. |
755020 | 137709 | API Gateway crashes using ICAP filter Previously, API Gateway crashed using an ICAP filter because of a connection input/ouput error sending content to ICAP server. Now, API Gateway correctly handles the connection input/output error while sending content to ICAP server. |
755102 | 137907 | FTP poller fails to delete large (>8MB) files Previously, the FTP poller failed to delete processed files (if configured) from the FTP server because of a connection error. Now, the FTP poller retries to delete processed files from the FTP server on connection error. |
755308 | 138274 | API Gateway configuration store issues after upgrade from 6.0.3 to 7.3.1 Previously, migration of API Gateway configuration from 6.0.3 to 7.3.1 was failing for XML Signature Generation and Retrieve from user store filters. Now, migration of API Gateway configuration from 6.0.3 to 7.3.1 passes for XML Signature Generation and Retrieve from user store filters |
756444 | 138758 | Custom XPaths are missing in 7.3.1 upgraded configuration. Previously, migration of API Gateway configuration from 7.1.1 to 7.3.1 was failing for custom X-Path-Expressions in the Retrieve Attribute From Message filter. Now, migration of API Gateway configuration from 7.1.1 to 7.3.1 passes for custom X-Path-Expressions in the Retrieve Attribute From Message filter. |
756558 | 139553 | Problems in v7.3.1 with 'Validate certificate against a CRL' filter Previously, the CRL (Dynamic) filter failed to resolve selector with generated legacy message attributes, for example, ${distributionpoint.0.1.toString}, ${distributionpoint.0.0.toString} Now, the CRL (Dynamic) filter resolves selector with generated legacy message attributes. |
756814 | 138999 | Core dump in /lib64/libc.so Previously, the McAfee Anti-Virus filter could crash scanning message body or cause a memory leak. Now, the McAfee Anti-Virus filter cleans up temporary allocated memory. |
757270 | 140269 | Send to Sentinel filter results in read error -1, but filter returns true Previously, the Sentinel server external connection was always configured with the provided encoding. Now, the Sentinel server external connection applies the provided encoding only if the IGNORE_ENCODING Java property value is false (default). |
758662 | 140217 | Throttling rate limit information appears several times in HTTP Header Previously, the Throttling filter was setting duplicated Throttling rate limit information headers in the response. Now, the Throttling filter sets Throttling rate limit information headers in the response once. |
758816 | 140044 | Threatening Content filter does not trap unescaped content Previously, the Threatening Content filter was not trapping content that is not escaped. Now, the Threatening Content filter is trapping content that is not escaped. |
759133 | 140246 | McAfee filter returns success instead of failure when receiving infected multipart body and scan type is remove or clean Previously, the McAfee Anti-Virus filter may not always correctly update the 'mcafee.status' message attribute for multipart messages. Now, the McAfee Anti-Virus filter merges scan results into the 'mcafee.status' message attribute for multipart messages. |
760444 | 141296 | (Updated) Amazon S3 connection using proxy does not work Previously, the Connect to URL filter was unable to connect to a URL via an HTTPS proxy. Now, it is possible to connect to a URL via an HTTPS proxy. |
760982 | 141084 | Host part of redirect URL is treated as case sensitive Previously, in OAuth the redirect URL was seen as invalid because the host was a different case to the one stored on disk for the profile. Now, there is no longer case sensitivity on the host part of the redirect URL. |
743541 | 132530 | Policy Studio error: Recursive call to CircuitStore Previously, a false error was reported for recursion in a specific policy when using policy shortcuts. Now, there is no error reported for the specific policy using policy shortcuts because it is a valid policy. |
747264 | 134130 | Set Message filter behaves differently from v6.3.1 in v7.2.2 when handling variables that differ only in case Previously, there was a problem with case sensitivity in URL parameters. Now, you can configure API Gateway to use case sensitive or case insensitive values for URL parameters. |
This service pack has the following prerequisites in addition to the prerequisites specified for the main product release:
INSTALL_DIR/system/lib/modules
directory.This section describes how to install the service pack on an existing installation of API Gateway.
To install a new API Gateway installation from scratch without an existing installation, see the API Gateway Installation and Configuration Guide.
To install the service pack on your existing API Gateway 7.3.1 Core Server installation, perform the following steps:
INSTALL_DIR/ext/lib
directory (or the ext/lib
directory in an API Gateway instance). These patches have already been included in this service
pack. You do not need to copy patches from a previous version.
apigateway
directory
within your existing installation directory. For example:
tar -xzvf APIGateway_7.3.1_SP1_Core_linux-x86-64_BN201502151.tar.gz -C
/opt/Axway-7.3.1/apigateway/
Note
ls -l INSTALL_DIR/apigateway/posix/bin
command to view the owner of
the binaries.
To install the service pack on your existing API Gateway Analytics 7.3.1 installation, perform the following steps:
INSTALL_DIR/ext/lib
directory (or the ext/lib
directory in an API Gateway Analytics instance). These patches have already been included in this service
pack. You do not need to copy patches from a previous version.
analytics
directory within your existing API Gateway 7.3.1 installation directory. For example:
tar -xzvf APIGateway_7.3.1_SP1_Analytics_linux-x86-64_BN201502151.tar.gz -C
/opt/Axway-7.3.1/analytics/
Note
ls -l INSTALL_DIR/analytics/posix/bin
command to view the owner of
the binaries.
To install the service pack on your existing Policy Studio installation, perform the following steps:
INSTALL_DIR\policystudio
).
Note
To install the service pack on your existing Configuration Studio installation, perform the following steps:
INSTALL_DIR\configurationstudio
).
To allow an unprivileged user to run the API Gateway on a Linux system, perform the following steps:
INSTALL_DIR/system/conf/jvm.xml
file.
<VMArg
name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/amd64/server:$VDISTDIR/$DISTRIBUTION/jre/lib/amd64:$VDISTDIR/$DISTRIBUTION/lib/engines:$VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:$VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>
<VMArg
name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/i386/server:$VDISTDIR/$DISTRIBUTION/jre/lib/i386:$VDISTDIR/$DISTRIBUTION/lib/engines:$VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:$VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>
setcap 'cap_net_bind_service=+ep'
INSTALL_DIR/platform/bin/vshell
to allow the API gateway to listen on privileged ports.
Note
Axway API Gateway is accompanied by a complete set of documentation, covering all aspects of using the product. These documents include the following:
All Axway documentation is available from Axway Sphere at https://support.axway.com.
Support services are available from Axway Sphere at https://support.axway.com, including:
The Axway Global Support team also provides worldwide 24 x 7 support, subject to validation of your license agreement.
Email support@axway.com or, for your local support telephone number, visit
Axway Sphere at https://support.axway.com and click Contact Axway Support.
See "Troubleshoot your API Gateway installation" in the API Gateway Administrator Guide for the information that you should be prepared to provide when you contact Axway Support.
You can display the version and build of API Gateway by selecting Help > About in Policy Studio.
For information about Axway training services, go to: www.axway.com.
Copyright © Axway Software 2015
All rights reserved