Axway API Gateway and API Manager 7.6.2 SP 3 Readme

Readme for 7.6.2 SP 3

This Readme applies to Axway API Gateway and API Manager 7.6.2 SP 3, for all platforms. The information in this Readme supersedes any corresponding information in the documentation (online or printed) previously supplied for these products.

This service pack provides fixes for a number of reported defects. It includes updates for the following:

The service pack contains new API Gateway binaries and does not overwrite the existing API Gateway configuration. Service packs are cumulative and include all preceding fixes (service packs and patches) in this product version.

Important: API Gateway and API Manager 7.6.2 SP3 and later support OpenJDK JRE, and this service pack includes Zulu OpenJDK 1.8 JRE instead of Oracle JRE 1.8.

File packages: An installation archive is provided for supported platforms (for example,  APIGateway_7.6.2_SP3_Core_linux-x86-64_BNYYYYMMDDn.tar.gz).

Size: The file size differs for each platform. The MD5 checksum is provided for each file.


Fixed issues

Fixed security vulnerabilities

Internal ID Case ID CVE Identifier Description
RDAPI-13802 01025418, 00989754, 00989774 Issue: There is no CSRF token protection for API Gateway Manager calls.
Resolution: Add CSRF token protection for API Gateway Management APIs.
RDAPI-14660 01010153
Issue: When JWT Verify filter executed in Policy Studio, JWT token payload was visible in plain text logs at INFO trace level, causing a Medium CVSS security risk

Resolution: JWT token payload is now redacted from tracing at all levels.
RDAPI-14694 01010245 Issue: Threatening Content filter only scanned the value of the first query string parameter with a specific name, allowing it to be bypassed using multiple parameter values of the same name.

Resolution: Threatening Content filter now scans every query string parameter value regardless of name.
RDAPI-15052 01012736 Issue: Input for phone, mobile, email, and description was not properly validated in the API Manager User API.

Resolution: Input validation for phone and mobile fields and improved email validation have been added.
RDAPI-15062 01025419 Issue: API Gateway shipped with jQuery 2.2.4, which was vulnerable to Cross-Site Scripting (XSS) attacks when a cross-domain Ajax request was performed without the dataType option, causing text/javascript responses to be executed.

Resolution: API Gateway has been upgraded to jQuery 3.3.1.
RDAPI-15091 01019129 Issue: OAuth authorization code flow did not check that authorization code corresponds to client when generating authorization token.

Resolution: API Gateway checks that authorization code corresponds to client requesting the authorization token and rejects token creation if it does not.
RDAPI-15149 01028183 Issue: API Manager XSS security vulnerability with old versions of Internet Explorer.
Resolution: Code supporting old browsers has been removed because it contained an XSS security vulnerability. Internet Explorer versions 8.0 and 9.0 are no longer officially supported by API Gateway v7.5.x or later, as stated in the user documentation.
RDAPI-15352 01032508 Issue: The Java version shipped with API Gateway contained security vulnerabilities.
Resolution: The API Gateway Java version has been upgraded to JRE 1.8.0_202.
For more information, see: https://www.oracle.com/technetwork/java/javase/8u202-relnotes-5209339.html
RDAPI-15556 01032720 Issue: API Gateway binaries are not delivered with stack protection and could be vulnerable to stack-based buffer overflow attacks.
Resolution: Native code is now built with stack canaries enabled and API Gateway is no longer vulnerable.
RDAPI-15568 01030134 Issue: API Manager API traffic could suffer from Timing Attack.

Resolution: API Manager applies countermeasures against Timing Attack for API traffic.
RDAPI-15684 01039208 Issue: Security vulnerability present by not checking the filename parameter for downloading original API file.
Resolution: Filename parameter is checked and vulnerability is not present anymore.
RDAPI-15816 01038716 Issue: Malicious user can overwrite the OAuth scopes passing extra scopes as a form param.
Resolution: If application finds that a scope is present as a form param the request is rejected as invalid.
RDAPI-15900 01028530 Issue: API Manager reveals the existence of a user's email address through the response of the Users API /forgotpassword method.

Resolution: The API Manager Users API /forgotpassword method response no longer shows the distinction between valid and invalid emails.

RDAPI-15927 01048313 CVE-2019-1559 Issue: API Gateway included OpenSSL 1.0.2p-fips, which contained vulnerabilities.
Resolution: API Gateway now includes OpenSSL 1.0.2r-fips, addressing the following security vulnerabilities: CVE-2019-1559
RDAPI-15929 01043569, 01043657 Issue: API Manager OAuth implementation allows different client ids in header and body with the posibility of the wrong one being used.
Resolution: Client id is taken from body or header depending on Policy configuration. Additional client ids are ignored.

Other fixed issues

Internal ID Case ID Description
RDAPI-14095 00999714 Issue: In API Manager, importing a WSDL from an SSL-protected endpoint with a self-signed certificate failed.

Resolution: WSDL import from an SSL-protected endpoint with a self-signed certificate now succeeds.
RDAPI-14321 00985086 Issue: WSDL with more than one endpoint per binding (for example, HTTP and HTTPS) only displayed the first endpoint when imported in API Manager.

Resolution: API Manager now displays all the endpoints of each imported WSDL.
RDAPI-14331 01006999 Issue: allOf was not supported, and it was not documented as a limitation

Resolution: allOf is now supported in models and as a response schema
RDAPI-14465 01008197 Issue: get scope by calling a policy does not trigger assigned policy.
Resolution: Policy is now properly trigger and scope retrieved.
RDAPI-14470 01010010 Issue: Adding a value to an API Gateway cache configured with a First-In-First-Out eviction policy incorrectly removes the value if it already exists in the cache. And if the Persist to Disk setting is selected when the cache is full, no eviction policy is executed when adding data.

Resolution: The existing value is no longer removed from the cache, and is updated when required. If Persist to Disk is selected when the cache is full, the eviction policy supported by the cache persistence store is executed when adding data.
RDAPI-14661 01012632 Issue: Performance of API Gateway File Upload filter was up to 20 times faster with File Type of ASCII and Connection Type of FTP or FTPS, when compared to File Type of Binary.

Resolution: File Upload filter now calls a more efficient OutputStream to improve performance when File Type is Binary and Connection Type is FTP or FTPS.
RDAPI-14666 01007579 Issue: KPS Admin commands are long by design, however they easily timeout in a standard transaction.
Resolution: Wrap KPS Admin commands in their own thread, without a timeout. Add functionality to check on status on current job.
RDAPI-14673 01015430, 01031170 Issue: Calls to API Manager User and Application APIs were very slow when large numbers of users and/or applications were created.

Resolution: Set the com.axway.apimanager.api.data.cache system property to true to cache users and applications in memory at startup. In-memory cache is kept up-to-date using the API Manager events mechanism.
RDAPI-14689 01001297 Issue: When using an OCSP Client filter with multiple response validation options selected, the client aborted and would not execute subsequent validation if the first option failed.
Resolution: The client now tries every selected validation option before aborting.
RDAPI-14702 01044754, 00999170, 01048001, 00998920 Issue: API Gateway sometimes shows cardinality violation exceptions in error traces.
The errors indicate that the loaded configuration of some entities has been corrupted in-memory, and no new configuration values can be set for such entities, which can lead to undefined behavior.
 
Resolution: API Gateway was affected with a race condition accessing and setting the loaded entity store configuration values. This issue is resolved and API Gateway now can update the entity store configuration values in-memory successfully.
RDAPI-14722 01012742 Issue: Policy Studio failed to retrieve a node manager instance over a proxy connection.
Resolution: Client used to retrieve the node manager instance has been updated to route through a proxy when proxy settings exist.
RDAPI-14753 01018727 Issue: A virtualized API must be published to be assigned to a virtual host.
Resolution: Now, a virtualized API can be assigned to a virtual host before being published.
RDAPI-14756 01014855, 01013012 Issue: It is possible to create an application with no name through REST API of API Manager.
Resolution: API Manager now checks that the name is not empty when creating an application through REST API.
RDAPI-14767 01002805, 01009406 Issue: The Update Organization API (PUT /api/portal/v.1.3/organizations/{id}) was failing to do basic checks to prevent corrupted data, allowing for broken links between KPS tables, invalid email addresses, and setting flags that are usually unavailable in the UI.
Resolution: Enforce stronger validation, similar to the Create Organization API.
RDAPI-14867 01020923 Issue: API Gateway crashed on reaching maximum connections when sending HTTPS requests through an HTTP proxy.
Resolution: The connections counter has been fixed and connection attempts that exceed the maximum now fail with an error message.
RDAPI-14869 00987150 Issue: Virtualized API with path that contained trailing unencoded whitespace was not matched by the matching filter.
Resolution: Front-end regex validation and back-end import validation now remove the invalid whitespace and warn the user.
RDAPI-14880 01021192 Issue: Retired api is able to add to organization through organization view. Also "retired" and "deprecated" APIs are shown as "published" in Organization view.
Resolution: Correctly show "retired" and "deprecated" APIs in Organization view and disable adding of "retired" API to Organization.
RDAPI-14885 01018773, 01016524 Issue: API method parameters without Data Type value in API Manager caused issues when attempting to view API definition in API Catalog.
Resolution: Added validation on method import and in API Manager UI, and a default value for missing Data Type.
Note: You must reimport existing APIs with this behavior to resolve missing data types with a default of 'string'.
RDAPI-14942 01023672 Issue: In EMT mode, API Gateways were unable to register with the Admin Node Manager when its management interface was protected with the 'Protect Management Interfaces (LDAP)' policy.
Resolution: The 'Protect Management Interfaces (LDAP)' policy has been updated to allow API Gateways to register successfully.
RDAPI-14982 01022533 Issue: HTTP redaction could generate invalid documents when parsing chunked bodies.
Resolution: HTTP redaction has been fixed.

Issue: Crash could occur when redacting unbalanced XML documents.
Resolution: Unbalanced XML documents are now handled correctly.
RDAPI-15009 01019448 Issue: When importing or updating OAuth client credentials, API Gateway checked that the redirectUrls value was a URL, and included validation against empty strings.

Resolution: API Gateway now omits empty and whitespace-only values, and only checks that values are URLs and imports them when they have content.
RDAPI-15029 01023688 Issue: When a global fault handler is defined in API Manager, if a request come on an existing path/method but with a verb that is not handled, the Global Fault Handler doesn't receive the http.response.info nor http.response.status attribute
Resolution: When a global fault handler is defined in API Manager, the response status is always accessible from the fault handler.
RDAPI-15054 01023427, 01024783 Issue: Additional validation made it impossible to upload an outbound SSL certificate for a virtualized API.
Resolution: This validation has been updated to allow the upload of .p12 certificate files.
RDAPI-15058 00995523 Issue: AWS Signing (Authorization Header) security device in API Manager did not validate the request timestamp, which did not comply with Amazon documentation.
Resolution: The security device now validates the request timestamp and complies with Amazon requirements.
RDAPI-15064 00966372 Issue: Exception could be triggered when signing XML elements for which namespace prefix does not exist.
Resolution: XML exception is no longer triggered when a namespace prefix is not required.
RDAPI-15068 01022178 Issue: When updating an image for any user, the API Manager user panel at the top right was updated to show you connected as that user, regardless of who was logged in.

Resolution: The API Manager user panel is only updated when the image for the logged-in user is updated.
RDAPI-15070 01003624, 01003697 Issue: In some rare cases, for HTTP requests with a body, the API Gateway Send to ICAP filter duplicated the Content-Type header.
Resolution: The Send to ICAP filter now ensures that content headers are not duplicated.
RDAPI-15074 00982276 Issue: Partial and inconsistent validation was performed on the Backend URL field in API Manager. The URL validation was implemented correctly, but the HTTPS/certificate validation was not, and invalid field information disappeared on losing focus of the field.

Resolution: Both types of validation are now done in a consistent manner, and both errors have the same look and feel when triggered.
RDAPI-15089 01013406 Issue: API Manager did not respect trailing slash when sending request to back-end with API method exposed on "/" only and Java system property set to preserve trailing slash.

Resolution: Trailing slash is now preserved when sending request to back-end with the com.vordel.apimanager.uri.path.trailingSlash.preserve Java system property set to true.
RDAPI-15101 01028015 Issue: Adding a new Policy with 'Set Message' filter, if one attribute was missing in the statement this caused null pointer exception in JUEL, and not all attributes were displayed from 'Set Message' filter.
Resolution: Selector Coercers now handles an empty Structure and all attributes are displayed.
RDAPI-15117 01004743 Issue: When publishing an API on a virtual host in API Manager, the virtual host matching is case sensitive and will result in an error if a different case is presented.
Resolution: The virtual host matching is case insensitive.
RDAPI-15143 01020707 Issue:
When a Multipart Content Type is used in the Email Alert filter, the policy completes but the email is not sent and an exception is written in the Trace logs.
Resolution:
Selecting any Multipart Content Type in the Email Alert filter now sends the email successfully and no exception is written to the Trace logs.
RDAPI-15158 01026760 Issue: Huge data in description cause design to behave wrong and shifts the fields like "Description" and "Method name" outside of visible area.
Resolution: Design fixed so huge data will not cause wrong behavior.
RDAPI-15181 01028025 Issue: In Import Project in Policy Studio, if a project is selected before browsing, the file browser window opens on a list of most recent projects instead of the location of the specified project.

Resolution: When a project is chosen, Browser Window opens on the location of that project, otherwise it will open in root project location i.e. apiprojects
RDAPI-15209 01039041, 00947773, 01043979, 01027257 Issue: A default switch value was not implemented for custom properties, so if the switch was not interacted with then the field and corresponding value was not sent to the server on save

Resolution: A default switch value is now set
RDAPI-15259 01001883 Issue: Visual Mapper incorrectly creates an Any tag when mapping an XSD element without a type defined.
Resolution: Now Visual Mapper does not create an Any tag when mapping an XSD element without a type defined.
RDAPI-15272 01019887 Issue: API Gateway instance could crash when trying to log a trace message during shutdown.
Resolution: API Gateway trace logging has been fixed.
RDAPI-15274 01029757 Issue: API Gateway crashed when writing data to a corrupt traffic monitor file.
Resolution: File corruption is now detected before trying to add data to it.
RDAPI-15280 01021932, 01022277 Issue: Jersey GlassFish library consumed semicolons as MatrixParam instead of a regular delimiter.
Resolution: Semicolon is no longer treated as the beginning of a matrix parameter, and it is processed as a reserved character.
RDAPI-15294 01026334 Issue: "No Match For Request" error when Content-Type was not equal to the API method MIME type.
Resolution: Use the "com.coreapireg.apimethod.contenttype.legacy=true" system property to disable this Content-Type check for single API method exact matching and to allow legacy API method matching. For example:
<ConfigurationFragment>
    <VMArg name="-Dcom.coreapireg.apimethod.contenttype.legacy=true" />
</ConfigurationFragment>
The default value is "false".
RDAPI-15320 01028639 Issue: API Manager changed JSON formatting every time it processed JSON.
Resolution: API Manager does not reformat JSON payload unless it has been modified by custom policies.
RDAPI-15377 01023734 Issue: API Gateway XSLT Transformation filter incorrectly alters some UTF-8 characters.

Resolution: API Gateway XML parser has been fixed. However, the Apache Xalan transformer may still cause invalid output. You can solve this issue by configuring XML output or changing the provider (for example, to net.sf.saxon.TransformerFactoryImpl) in the filter's Advanced settings.

Note: Your system must now also be configured for UTF-8. You can do this by defining a system locale supporting UTF-8 (for example, "en_US.UTF-8"), or adding the "-Dfile.encoding=UTF-8" JVM startup parameter.
RDAPI-15388 01023041 Issue: During update and refresh operations we "deactivate" listeners on all of our APIs which are listening for changes. If the list is long enough the UI can begin listening for changes before the refresh operation is complete, resulting in perceived update to the APIs and many PUT requests being sent to the backend.

Resolution: The listener handling is fully verbose now, this race condition cannot be encountered
RDAPI-15422 01014764 Issue: The Access Token using Client Credentials Filter is failing on execution if a Token Type other than 'Bearer' is used in requests, even if the Access Token Type field is correctly set in Policy Studio.
Resolution: The Access Token using Client Credentials Filter accepts and validate custom Access Token Type.
RDAPI-15429 01023087 Issue: If the folder containing data (api-export.dat and promotion.properties files) also contains sub folders or empty files, an exception is thrown.
Resolution: Sub folders and empty files are now ignored.
RDAPI-15468 01021772 Issue: The Conversation field for a Hardware Security Module (HSM) was removed from the Private Internal ID dialog in Policy Studio v7.5.3.

Resolution: The content of the Conversation field can now be added to the Internal ID Id field and separated by ';' in the HSM configuration in Policy Studio.
RDAPI-15492 01031369 Issue: When an API Project is upgraded a CassandraSettings entity is created. This entity should not be created for an API Project.
Resolution: Now when an API Project is upgraded, a CassandraSettings entity is not created.
RDAPI-15527 01032374 Issue: API Methods' monitoring could display an empty timeline (whatever the selected period)
Resolution: The metrics' REST API has been corrected.
RDAPI-15528 01033180 Issue: UTF-8 characters printed in product trace log are not displayed correctly in API Gateway Manager UI.
Resolution: Characters are now correctly encoded by Traffic Monitor REST API.
RDAPI-15545 01039895 Issue: The Cache attribute filter failed to update a previously cached attribute with a new attribute value when using a distributed cache.

Resolution: The Cache attribute filter now updates previously cached attributes with new attribute values.
RDAPI-15552 00975056 Issue: Metrics monitoring can show negative values for response time
Resolution: Invalid calculation for some HTTP requests has been corrected.
RDAPI-15558 00973391, 00987292, 00992534, 01032122 Issue:
When enabling CORS handling on a REST API configured in Policy Studio, OPTIONS requests were always returning every methods. In addition OPTIONS requests were invoking policy and returning a body when CORS profile was configured on Service.
Resolution:
CORS handling is now performed on the REST API method level so only allowed methods are returned in the header. And it now makes sure that correct profile is accessed when performing preflight requests to prevent from calling policy and returning a body.
RDAPI-15583 01038330 Issue: OAuth2 applications could not be configured to use API Gateway selectors to set client credentials.
Resolution: Selectors are now accepted and processed by OAuth2 applications.
RDAPI-15596 01006325 Issue: No flag available in managedomain to allow user to regenerate certs without regeneraing domain cert. Instead need to manually regenerate by using the --menu option
Resolution: New flag --retain_domain_cert added, this can be used with --regencerts to ignore domain certs.
RDAPI-15603 01009556 Issue: External Credentials were displayed in API Manager in a grid structure with no maximum rows or paging, which caused excessive memory use with large data sets.

Resolution: The display format has been changed from a grid structure to a list with paging and filtering functionality.
RDAPI-15628 01024906 Issue: API Manager does not allow special characters . and ~ in name of parameter, although these are allowed by swagger definition.
Resolution: API Manager now allows . and ~ as parameter name.
RDAPI-15631 01012722 Issue: PGP Decrypt and Verify filter does not verify messages signed using a sign-only key.
Resolution: Added JVM SecurityProperty to configure PGP to allow verification of messages using sign-only keys:
<ConfigurationFragment>
<SecurityProperty name="com.axway.apigateway.security.pgpsignkeyalgorithmids" value="RSA_GENERAL,RSA_SIGN,DSA,ECDSA,EDDSA" />
</ConfigurationFragment>
Default PGP algorithms: RSA_GENERAL,RSA_ENCRYPT,ELGAMAL_ENCRYPT,ELGAMAL_GENERAL,ECDH
RDAPI-15653 01031448, 01040469 Issue: In EMT mode, the topology did not display correctly in the API Gateway Manager UI if the domainID and groupID had the same value.
Resolution: Additional validation has been added to ensure that the domainID and groupID are not set to the same value.
RDAPI-15788 01023059 Issue: Checks on Application that all the APIs are accessible for assigned Organization are triggered during Organization refresh and causing unexpected dialog "Inconsistent API"
Resolution: UI is fixed to not trigger the checks on Application during Organization refresh and the unwanted "Inconsistent API" dialog is not shown as a result
RDAPI-15857 01032245 Issue: Redeployment from Policy Studio causes the SSO login to fail as object maps are not correctly cleared.
Resolution: The SSO-enabled API Gateway with API Manager configured now clears the object maps correctly on redeployment.
RDAPI-15934 01047627, 01039356 Issue: When using Open Traffic Event log, disabling recording of incoming transaction while enabling recording of outgoing transaction result in product crash.
Resolution: Open Traffic Event Log has been corrected.
RDAPI-15956 01047674 Issue: When the help for the Trace filter was selected it showed "Topic not found".

Resolution: When the help for the Trace filter is selected the help is shown.

Known issues

The following known issues are currently scheduled for the next service pack:

Internal ID Description
RDAPI-13433 API Manager generates wrong top-level OAuth security requirements in Swagger
RDAPI-14225 Stored XSS in the application's OAuth redirect URL, encode OAuth Redirect URLs on output
RDAPI-14550 7.6.2 setup-cassandra still sets start_rpc=true, doc'ed manual setup says set to false
RDAPI-14622 Value of 'Via' Header is not written to Transaction Access Log
RDAPI-14653 [7.6.2] Error creating account for external identity provider with name containing special characters
RDAPI-14882 API Internal ID not authorized ERROR when calling API
RDAPI-15115 API Manager remote hosts not synchronized between instances
RDAPI-15297 Update trailing slash support in Jython scripts samples
RDAPI-15305 Imported SOAP definitions cannot handle requests containing attachments other than type text/xml
RDAPI-15473 Excessive logging at DEBUG level makes Gateway trace unusable
RDAPI-15547 Cassandra Restore Script Fails from Docs
RDAPI-15608 Cant access NodeManager after submitting external CA signed certs
RDAPI-15675 API Manager: load Error "Map XXXX should be YYYY" after importing APIs
RDAPI-15678 REST API Monitoring Metrics Description endpoint 'from' qparam not working
RDAPI-15758 Request headers reflected as response headers
RDAPI-15770 Swagger Generation Tool - Classes with duplicate names are not part of the Swagger model
RDAPI-15779 Swagger Generation Tool - Duplicate paths are not reported
RDAPI-15873 horizontal scrollbars in non maximized browser window
RDAPI-15886 API Gateway Analytics - CSV does not match PDF report for same time range
RDAPI-15987 OAuthAuthz filter throws a null pointer exception when invalid value of "prompt" is supplied
RDAPI-16050 API Gateway not compliant when HEAD request with Connect to URL filter, and Content-Range header in response
RDAPI-16053 API Manager Management transactions appear on Real Time Monitoring dashboard in API Gateway Manager
RDAPI-16057 Changing dynamic TM configuration of HTTP interface enables record of payload data (sent & received)

Reverted issues


Install the service pack

These instructions apply to API Gateway and API Manager classic deployments only.For container deployments, follow the instructions for applying a service pack in the API Gateway Container Deployment Guide.

Prerequisites

This service pack has the following prerequisites in addition to those specified for the major product release version in the API Gateway Installation Guide:

  1. Shut down any Node Manager or API Gateway instances on your existing installation.

  2. Back up your existing installation. For details on backing up, see the API Gateway Administrator Guide.
    Note: Ensure to back up any customized files in your INSTALL_DIR. You should merge updated files instead of copying them back directly to avoid any regex matching issues. For example, the following directories might contain customized files:

    webapps/apiportal/vordel/apiportal
    webapps/emc/vordel/manager/app
    webapps/emc

    system/conf/apiportal/email
    system/conf
    samples/scripts/
    tools/filebeat-VERSION-PLATFORM

    For details on API Manager customization, see the API Manager User Guide.
  3. Remove old third-party libraries by deleting the following directories:
    INSTALL_DIR/apigateway/system/lib/modules
    INSTALL_DIR/analytics/system/lib/modules
  4. Remove old JRE versions by deleting the following directories:
    INSTALL_DIR/apigateway/platform/jre
  5. If you have an existing Apache Cassandra installation, ensure that you back up your data (Cassandra and kpsadmin), and that the JAVA_HOME variable is set correctly in cassandra.in.sh and cassandra.in.bat.
  6. On Linux, remove existing capabilities on product binaries (which may prevent overwriting files):
  7. setcap -r INSTALL_DIR/apigateway/platform/bin/vshell

FIPS mode only

If FIPS mode is enabled, you must perform the following steps to install the service pack:

  1. Run togglefips --disable to turn FIPS mode off.
  2. Start the Node Manager to move the JARs.
  3. Stop the Node Manager.
  4. Install the API Gateway service pack.
  5. Start the Node Manager.
  6. Stop the Node Manager.
  7. Run togglefips --enable to turn FIPS on again.
  8. Start the Node Manager.

Installation

This section describes how to install the service pack on existing installations of API Gateway or API Manager.

Note:

Install the API Gateway server service pack

Note: If you have API Manager installed, installing the API Gateway server service pack automatically installs the updates for API Manager.

To install the service pack on your existing API Gateway 7.6.2 server installation, perform the following steps:

  1. Ensure that your existing API Gateway instance and Node Manager have been stopped. For more details, see the API Gateway Administrator Guide.
  2. Remove any previous patches from your INSTALL_DIR/ext/lib and INSTALL_DIR/META-INF directories (or the ext/lib directory in an API Gateway instance). These patches have already been included in this service pack. You do not need to copy patches from a previous version.

  3. Unzip and extract API Gateway 7.6.2 SP3 server over the apigateway directory in your existing installation directory. For example:
    tar -xzvf APIGateway_7.6.2_SP3_Core_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.6.2/apigateway/

  4. Change to the apigateway directory in your installation: 
    LinuxINSTALL_DIR/apigateway
  5. Run the following script:
    Linuxapigw_sp_post_install.sh

    Note: On Linux, run the script using the bash command, and ensure that the correct permissions are set.

Note:

Install the API Gateway Analytics service pack

To install the service pack on your existing API Gateway Analytics 7.6.2 installation, perform the following steps:

  1. Ensure that your existing API Gateway Analytics instance and Node Manager have been stopped. For more details, see the API Gateway Administrator Guide.
  2. Unzip and extract API Gateway 7.6.2 SP3 Analytics over the analytics directory in your existing API Gateway 7.6.2 installation directory. For example:
    tar -xzvf APIGateway_7.6.2_SP3_Analytics_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.6.2/analytics/
  3. Change to the analytics directory in your installation: 
    LinuxINSTALL_DIR/analytics
  4. Run the post-install script for API Gateway Analytics:
    Linuxapigw_analytics_sp_post_install.sh

    Note: On Linux, run the script using the bash command, and ensure that the correct permissions are set.

Note:

Install the Policy Studio service pack

To install the service pack on your existing Policy Studio installation, perform the following steps:

  1. Shut down Policy Studio.
  2. Back up your existing INSTALL_DIR/policystudio directory.
  3. Unzip and extract API Gateway 7.6.2 SP3 Policy Studio over the policystudio directory in your existing API Gateway 7.6.2 installation directory. For example: 
    tar -xzvf APIGateway_7.6.2_SP3_PolicyStudio_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.6.2/policystudio/

Note: The first time you start Policy Studio, you must use policystudio -clean.

Install the Configuration Studio service pack

To install the service pack on your existing Configuration Studio installation, perform the following steps:

  1. Shut down Configuration Studio.
  2. Back up your existing INSTALL_DIR/configurationstudio directory.
  3. Unzip and extract API Gateway 7.6.2 SP3 Configuration Studio over the configurationstudio directory in your existing API Gateway 7.6.2 installation directory. For example: 
    tar -xzvf APIGateway_7.6.2_SP3_ConfigurationStudio_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.6.2/configurationstudio/

Note: The first time you start Configuration Studio, you must use configurationstudio -clean.

After installation

The following steps apply after installing the service pack.

API Gateway

To allow an unprivileged user to run the API Gateway on a Linux system, perform the following steps:

  1. Add the following line to the INSTALL_DIR/system/conf/jvm.xml file: 
    <VMArg name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/amd64/server:$VDISTDIR/$DISTRIBUTION/jre/lib/amd64:$VDISTDIR/$DISTRIBUTION/lib/engines:$VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:$VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>
  2. Run the command setcap 'cap_net_bind_service=+ep cap_sys_rawio=+ep' INSTALL_DIR/platform/bin/vshell to allow the API Gateway to listen on privileged ports.

For more details on configuring API Gateway to run on privileged ports, see the API Gateway Administrator Guide.

Note: The JRE included into API Gateway disables undesirable cipher suites when using SSL/TLS by default. Users using RSA Access Manager (formerly known as RSA ClearTrust) with API Gateway may experience SSL/TLS handshake issues where no common cipher suites can be found. In this case, you should reconfigure SSL/TLS of the RSA Access Manager to support stronger cipher suits. Alternatively, you may want to re-enable the anonymous cipher suites in JRE for successful SSL/TLS connections with the RSA Access Manager as follows:

API Manager

When API Manager is installed, you must run the update-apimanager script after the API Gateway post-install script to ensure that all paths are up-to-date.

Tip: You can run this command once at the API Gateway group level, instead of on every API Gateway instance, for example:

/opt/Axway-7.6.2/apigateway/posix/bin/update-apimanager --username=admin --password=MY_PASSWORD --group=API_MGR_GROUP

Client Application Registry

There is an known issue when running update-apimanager script with --productname=clientappreg. Please do not use this switch with the update-apimanager script.

Documentation

Go to the Documentation portal at https://docs.axway.com to find all documentation for this product version.

The following reference documents are available on the Documentation portal at https://docs.axway.com:

Support services

The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements.

Email support@axway.com or visit Axway Support at https://support.axway.com.


Copyright © 2019 Axway. All rights reserved.