Axway API Gateway and API Manager 7.5.3 SP 2 Readme
Document version: 2 August 2017
Readme for 7.5.3 SP 2
This Readme applies to Axway API Gateway and API Manager 7.5.3 SP 2, for all platforms. The information in this Readme supersedes any corresponding information in the documentation (online or printed) previously supplied for the products.
The main aim of this service pack is to provide fixes for a number of reported defects. This service pack contains updates for:
- API Gateway Core Server
- API Manager
- API Gateway Analytics
- Policy Studio
- Configuration Studio
The service pack contains new binaries only and does not overwrite the existing configuration.
File packages: An installation archive is provided for all platforms (for example, APIGateway_7.5.3_SP2_Core_win-x86-32_BNYYYYMMDDn.zip
for Windows).
Size: The file size differs for each platform. The MD5 checksum is provided for each file.
Fixed issues
Fixed security vulnerabilities
Internal ID | Case ID | CVE identifier | Description |
---|---|---|---|
RDAPI-9241 | 00897484 | CWE-78 | Issue: Passing invalid path characters in a HTTP request causes the Node Manager to crash.
Resolution: Previously, if a HTTP request to the Node Manager contained invalid path characters, the Node Manager might crash on Windows. Now, the Node Manager does not crash but processes the paths with invalid characters as expected. |
RDAPI-9566 | 00901852 | CWE-913 |
Issue: API Manager static content files accessible without authentication. Resolution: Previously, the static content files on API Manager Web UI could be accessed without user authentication. Now, the static content on all API Manager pages except the login page is fully protected in all new API Manager configurations.
To protect non-login static content in an existing API Manager configuration, you must run the |
Other fixed issues
Internal ID | Case ID | Description |
---|---|---|
RDAPI-8940 | 00893615 | Issue: Failures in the Set Attribute filter not handled correctly.
Resolution: Previously, if the Set Attribute filter referenced an attribute but the attribute's value was null because of a non-existent KPS table, a NullPointerException error was logged in the API Gateway trace and the policy execution was aborted. Now, there is no NullPointerException error and the policy execution proceeds. |
RDAPI-9102 | 00896183 | Issue: Not enough information in the trace log on OpenSSL remote host connection failure.
Resolution: Previously, if you were using OpenSSL to connect to a remote host and your DH key was too short, the connection failed, and the API Gateway trace log did not contain enough information to understand why the connection to a remote host was failing. Now, the API Gateway trace log contains more information on this connection error to help troubleshoot this. |
RDAPI-9248 | 00894818 | Issue: The setup-apimanager script ignores the --adminName option.
Resolution: Previously, you could not use the --adminName option in the setup-apimanager script to change the default user name of the API Manager administrator account when creating the account. Now, the setup-apimanager script handles the --adminName and --adminPass options correctly, and you can create the administrator user account with the credentials you want.
|
RDAPI-9455 | 00888407 | Issue: Policy references incorrect after copying a policy container.
Resolution: Previously in Policy Studio, when you copied a policy container that referenced other policies in the same container, the policy references in the Policy Shortcut and Policy Shortcut Chain filters were not updated to point to the new copy of the container. Instead, the policy references continued to point to the original container. Now, the original behavior has been restored. When you copy a policy container, the policy references are updated to point to the new container, not the original container. |
RDAPI-9505 RDAPI-9551 |
00900981 | Issue: The XML to JSON filter fails when XML encoding is set to utf-8 .
Resolution: Previously, the XML to JSON filter failed if the XML encoding in the XML body was lowercase utf-8 instead of the uppercase UTF-8 . This was caused by sjsxp-1.0.jar in the libraries. Now, the sjsxp-1.0.jar has been removed, and the lowercase XML encoding utf-8 no longer causes the XML to JSON filter to fail. |
RDAPI-9562 | 00900965 | Issue: Post-install script errors in API Gateway Analytics 7.5.3 SP1.
Resolution: Previously, if you had renamed the ListenersStore.xml file, the API Gateway Analytics post-install script failed to update the file when applying the v7.5.3 Service Pack 1 to your v7.5.3 installation. Now, the post-install script finds and updates ListenersStore.xml even if you have renamed the file as long as the filename still contains ListenersStore . |
RDAPI-9563 | 00901780 |
Issue: API Manager two-way SSL inbound security
|
RDAPI-9615 | 00901959 | Issue: Monitoring in API Gateway Manager not displaying memory or CPU.
Resolution: Previously, when API Gateway Manager sent a GET request to /api/monitoring/metrics/timeline to get the minimum, maximum, or average values for a metric (in this example memoryUsed ) and the query string was metricType=<memoryUsedMin or memoryUsedMax or memoryUsedAvg> , an error response with a status code HTTP 503 Service Unavailable was returned.
Now, the status code of the response is HTTP 200 , and the response body contains the values for the requested metric for valid values. |
RDAPI-10073 | 00890176 | Issue: Environmentalized passwords not saved when project has a passphrase.
Resolution: Previously in Policy Studio and Configuration Studio, if a project had a passphrase, the environmentalized values of the encrypted fields, like passwords, were not saved. Now, the values of these fields are saved and the correct password cipher retained. |
RDAPI-10208 | 00901367 | Issue: Unable to use multiple values in a REST request query string parameter.
Resolution: Previously in API Manager, you could not use multiple values in the query string parameter when sending a REST request to a virtualized API, because only one value was sent to the back-end service. Now, all query string values are sent to the back-end service, so you can use multi-valued query string parameters. |
RDAPI-10245 | 00884582 | Issue: Mails on new user registrations not working as expected.
Resolution: Previously, the approval mail on new users was not working as expected if both Auto-approve user registration and Delegate user management were switched off. The approver email was sent to the email address of the organization, and the approver was redirected to API Portal, or to API Manager if there was no API Portal. Now, if both Auto-approve user registration and Delegate user management are switched off, the approver email is sent to the email address of the API administrator, and the approver is redirected to API Manager. If Delegate user management is switched on, the mail is sent to the email address of the organization. |
RDAPI-10506 | 00907700 | Issue: Security vulnerabilities with the Java version.
Resolution: Previously, API Gateway used a Java version with security vulnerabilities. Now, API Gateway uses JRE 8u141 that fixes these vulnerabilities. |
Known issues
There are no known issues in this service pack.
Install the service pack
Note If you are using API Manager, before you can install this service pack, you must have run the setup-apimanager
script on your installation.
Prerequisites
This service pack has the following prerequisites in addition to the prerequisites specified for the main product release:
- Shut down any Node Manager or API Gateway instances on your existing installation. On Windows 10, you must also shut down any co-located Cassandra instances.
- Back up your existing installation. For details on backing up, see the API Gateway Administrator Guide.
- Remove any old third-party libraries. To do this, delete the
INSTALL_DIR/system/lib/modules
directory. - If you have an existing Cassandra installation, ensure
JAVA_HOME
is set correctly incassandra.in.sh
andcassandra.in.bat
to ensure Cassandra tools are launched successfully.
FIPS mode only
If FIPS mode is enabled, you must perform the following steps to install the service pack:
- Run
togglefips --disable
to turn FIPS mode off. - Start the Node Manager to move the JARs.
- Stop the Node Manager.
- Install the API Gateway service pack.
- Start the Node Manager.
- Stop the Node Manager.
- Run
togglefips --enable
to turn FIPS on again. - Start the Node Manager.
Installation
This section describes how to install the service pack on an existing installation of API Gateway. If you have API Manager, installing the API Gateway Core Server service pack automatically installs the fixes for API Manager as well.
Note
- To install a new API Gateway or API Manager installation from scratch without an existing installation, see the API Gateway Installation Guide.
- To upgrade from an earlier version to v7.5.3, see the API Gateway Upgrade Guide.
Install the API Gateway Core Server service pack
If you have API Manager, installing the API Gateway Core Server service pack automatically installs the fixes for API Manager as well.
To install the service pack on your existing API Gateway 7.5.3 Core Server installation, perform the following steps:
- Ensure that your existing API Gateway instance and Node Manager have been stopped. For more details, see the API Gateway Administrator Guide.
-
Remove any previous patches from your
INSTALL_DIR/ext/lib
directory (or theext/lib
directory in an API Gateway instance). These patches have already been included in this service pack. You do not need to copy patches from a previous version. -
Unzip and extract API Gateway 7.5.3 SP 2 Core over the
apigateway
directory in your existing installation directory. For example:tar -xzvf APIGateway_7.5.3_SP2_Core_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.5.3/apigateway/
- Run the following script:
Windows:INSTALL_DIR\apigateway\apigw_sp_post_install.bat
Linux:INSTALL_DIR/apigateway/apigw_sp_post_install.sh
Note On Linux, run the script using the
bash
command.
API Gateway Appliance only
Perform the following additional steps as theroot
user on the appliance before starting the Node Manager or API Gateway: - Run the following command:
# [ -f /etc/apigateway/ssl-engines.xml ] && mv /etc/apigateway/ssl-engines.xml /etc/apigateway/ssl-engines.xml.1
- Run the following:
# chown -R admin:admin /opt/gateway/
# grep "java.library.path" /opt/gateway/system/conf/jvm.xml || sed -i.bak -e '/<JVMSettings/a\\n <!-- Set to allow correct library load after setting CAP_NET_BIND_SERVICE on vshell -->\n <VMArg name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/amd64/server:$VDISTDIR/$DISTRIBUTION/jre/lib/amd64:$VDISTDIR/$DISTRIBUTION/lib/engines:$VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:$VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>' /opt/gateway/system/conf/jvm.xml
# setcap 'cap_net_bind_service=+ep cap_sys_rawio=+ep' /opt/gateway/platform/bin/vshell
# ldconfig
Note
- If you have installed a licensed version of API Gateway or API Manager 7.5.3, you do not require a new licenses to install service packs.
- Unzip and extract the service pack as the same user who owns the API Gateway binaries. You can use the
ls -l INSTALL_DIR/apigateway/posix/bin
command to view the owner of the binaries. - If you have installed an existing version of API Gateway Analytics, you must apply a separate service pack for that component (see the next section).
- If you have installed an existing version of API Manager, installing the API Gateway Core Server service pack automatically installs the fixes for API Manager as well.
Install the API Gateway Analytics service pack
To install the service pack on your existing API Gateway Analytics 7.5.3 installation, perform the following
steps:
- Ensure that your existing API Gateway Analytics instance and Node Manager have been stopped. For more details, see the API Gateway Administrator Guide.
- Remove any previous patches from your
INSTALL_DIR/ext/lib
directory (or theext/lib
directory in an API Gateway Analytics instance). These patches have already been included in this service pack. You do not need to copy patches from a previous version. - Unzip and extract API Gateway 7.5.3 SP 2 Analytics over the
analytics
directory within your existing API Gateway 7.5.3 installation directory. For example:tar -xzvf APIGateway_7.5.3_SP2_Analytics_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.5.3/analytics/
- Go to the
analytics
directory in your installation:
Windows:INSTALL_DIR\analytics
Linux:INSTALL_DIR/analytics
- Run the post-install script for API Gateway Analytics:
Windows:apigw_analytics_sp_post_install.bat
Linux:apigw_analytics_sp_post_install.sh
Note On Linux, run the script using the
bash
command.
Note
- Unzip and extract the service pack as the same user who owns the API Gateway Analytics binaries. You can use the
ls -l INSTALL_DIR/analytics/posix/bin
command to view the owner of the binaries. - You must also install a service pack for your existing 7.5.3 Core Server.
Install the Policy Studio service pack
To install the service pack on your existing Policy Studio installation, perform the following steps:
- Shut down Policy Studio.
- Back up your existing
INSTALL_DIR/policystudio
directory. - Unzip and extract API Gateway 7.5.3 SP 2 Policy Studio over the
policystudio
directory within your existing API Gateway 7.5.3 installation directory. For example:tar -xzvf APIGateway_7.5.3_SP2_PolicyStudio_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.5.3/policystudio/
Note The first time you start Policy Studio, you must use policystudio -clean
.
Install the Configuration Studio service pack
To install the service pack on your existing Configuration Studio installation, perform the following steps:
- Shut down Configuration Studio.
- Back up your existing
INSTALL_DIR/configurationstudio
directory. - Unzip and extract API Gateway 7.5.3 SP 2 Configuration Studio over the
configurationstudio
directory within your existing API Gateway 7.5.3 installation directory. For example:tar -xzvf APIGateway_7.5.3_SP2_ConfigurationStudio_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.5.3/configurationstudio/
Note The first time you start Configuration Studio, you must use configurationstudio -clean
.
After installation
Note On the API Gateway Appliance, you can skip the following steps if you already ran the code in steps 5 and 6 in Install the API Gateway Core Server service pack.
To allow an unprivileged user to run the API Gateway on a Linux system, perform the following steps:
- Add the following line to the
INSTALL_DIR/system/conf/jvm.xml
file:<VMArg name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/amd64/server:$VDISTDIR/$DISTRIBUTION/jre/lib/amd64:$VDISTDIR/$DISTRIBUTION/lib/engines:$VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:$VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>
- Run the command
setcap 'cap_net_bind_service=+ep cap_sys_rawio=+ep' INSTALL_DIR/platform/bin/vshell
to allow the API Gateway to listen on privileged ports. - Create a file
/etc/ld.so.conf.d/gateway-libs.conf
that contains the following lines:INSTALL_DIR/platform/jre/lib/amd64/server
INSTALL_DIR/platform/jre/lib/amd64
INSTALL_DIR/platform/lib/engines
INSTALL_DIR/platform/lib
INSTALL_DIR/ext/lib
- Run the following command to reload the library cache file:
$ ldconfig
Documentation
Go to the Documentation portal at http://docs.axway.com to find all documentation for this product version.
The following reference documents are available on the Documentation portal at http://docs.axway.com:
- Axway Supported Platforms
- Axway Interoperability Matrix
Support services
The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements.
Email support@axway.com or visit Axway Support at https://support.axway.com.
Copyright © 2017 Axway. All rights reserved.