Download

 API Gateway Readme

Axway API Gateway 7.4.0 SP 6 Readme

Document version: 29 May 2017


Readme for 7.4.0 SP 6

This Readme applies to Axway API Gateway 7.4.0 SP 6, for all platforms. The information in this Readme supersedes any corresponding information in the documentation (online or printed) previously supplied for the product.

The main aim of this service pack is to provide fixes for a number of reported defects. This service pack contains updates for:

  • API Gateway Core Server
  • API Gateway Analytics
  • Policy Studio
  • Configuration Studio

The service pack contains new binaries only and does not overwrite the existing configuration.

File packages: An installation archive is provided for all platforms (for example, APIGateway_7.4.0_SP6_Core_win-x86-32_BNYYYYMMDDn.zip for Windows).

Size: The file size differs for each platform. The MD5 checksum is provided for each file.

Fixed issues

Fixed security vulnerabilities

Internal ID Case ID CVE Identifier Description
RDAPI-7677 00881765 CVE‑2017‑3731, CVE‑2017‑3732, CVE‑2016‑7055 Issue: OpenSSL security vulnerabilities.
Resolution: Previously, API Gateway used OpenSSL version 1.0.2j that contained security vulnerabilities. Now, API Gateway has been updated to use the latest OpenSSL version, OpenSSL 1.0.2k-fips. This version addresses known security vulnerabilities, including CVE-2017-3731, CVE-2017-3732, and CVE-2016-7055. For more details, see OpenSSL Security Advisory [26 Jan 2017].

Other fixed issues

Internal ID Case ID Description
RDAPI-6546 00868019 Issue: InvalidAlgorithmParameterException from FTPS listener.
Resolution: Previously, the API Gateway FTPS server did not accept an SSL client connection with the TLS_RSA_WITH_AES_256_CBC_SHA cipher. Now, the FTPS server accepts an SSL client connection with RSA ciphers.
RDAPI-6929 00872682 Issue: Issue in directory scanning when API Gateway is stopped.
Resolution: Previously, when you stopped a API Gateway instance, any files moved to the processing folder between sending the stop request and when the instance fully shut down remained in the processing folder, and were not processed once the instance was restarted.
Now, any files moved to the processing folder after sending the stop request are moved back to the input folder before the instance fully shuts down, and are processed once the instance restarts.
RDAPI-7043 00876429 Issue: Cannot use a selector in the Read timeout (ms) field of the Read from JMS filter.
Resolution: Previously, you could not use a selector in the Read timeout (ms) field of the Read from JMS filter, the deployment failed if you tried to do this. Now, you can use a selector in that field, and deployment succeeds.
RDAPI-7744 00881808 Issue: SSL failure on large messages with the XML Signature Verification filter.
Resolution: Previously, the XML Signature Verification filter could inadvertently cause SSL failures on large messages. Now, the XML Signature Verification filter works as expected even with large messages.

Known issues

This service pack has no known issues.

Install the service pack

Prerequisites

This service pack has the following prerequisites in addition to the prerequisites specified for the main product release:

  1. Shut down any Node Manager or API Gateway instances on your existing installation.
  2. Back up your existing installation. For details on backing up, see the API Gateway Administrator Guide.
  3. Remove any old third-party libraries. To do this, delete the INSTALL_DIR/system/lib/modules directory.
  4. If you have an existing Cassandra installation, ensure JAVA_HOME is set correctly in cassandra.in.sh and cassandra.in.bat to ensure Cassandra tools are launched successfully.

FIPS mode only

If FIPS mode is enabled, you must perform the following steps to install the service pack:

  1. Run togglefips --disable to turn FIPS mode off.
  2. Start the Node Manager to move the JARs.
  3. Stop the Node Manager.
  4. Install the API Gateway service pack.
  5. Start the Node Manager.
  6. Stop the Node Manager.
  7. Run togglefips --enable to turn FIPS on again.
  8. Start the Node Manager.

Installation

This section describes how to install the service pack on an existing installation of API Gateway.

Note

  • To install a new API Gateway installation from scratch without an existing installation, or to upgrade from an earlier version, see the API Gateway Installation Guide.

Install the API Gateway Core Server service pack

To install the service pack on your existing API Gateway 7.4.0 Core Server installation, perform the following
steps:

  1. Ensure that your existing API Gateway instance and Node Manager have been stopped. For more details, see the API Gateway Administrator Guide.
  2. Remove any previous patches from your INSTALL_DIR/ext/lib directory (or the ext/lib directory in an API Gateway instance). These patches have already been included in this service pack. You do not need to copy patches from a previous version.
  3. Unzip and extract API Gateway 7.4.0 SP 6 Core over the apigateway directory in your existing installation directory. For example:
  4. tar -xzvf APIGateway_7.4.0_SP6_Core_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.4.0/apigateway/

  5. API Gateway Appliance only
    Perform the following additional steps on the appliance before starting the Node Manager or API Gateway:
  6. Run the following command:
    # [ -f /etc/vordel/ssl-engines.xml ] && mv /etc/vordel/ssl-engines.xml /etc/vordel/ssl-engines.xml.1
  7. Run the following:
    # chown -R admin:admin /opt/gateway/

    # grep "java.library.path" /opt/gateway/system/conf/jvm.xml || sed -i.bak -e '/<JVMSettings/a\\n <!-- Set to allow correct library load after setting CAP_NET_BIND_SERVICE on vshell -->\n <VMArg name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/amd64/server:$VDISTDIR/$DISTRIBUTION/jre/lib/amd64:$VDISTDIR/$DISTRIBUTION/lib/engines:$VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:$VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>' /opt/gateway/system/conf/jvm.xml

    # setcap 'cap_net_bind_service=+ep cap_sys_rawio=+ep' /opt/gateway/platform/bin/vshell

    # ldconfig

Note

  • If you have installed a licensed version of API Gateway 7.4.0, you do not require a new license to install service packs.
  • Unzip and extract the service pack as the same user who owns the API Gateway binaries. You can use the ls -l INSTALL_DIR/apigateway/posix/bin command to view the owner of the binaries.
  • If you have installed an existing version of API Gateway Analytics, you must apply a separate service pack for that component (see the next section).
  • If you have installed an existing version of API Manager, you must apply a separate service pack for that component (see the Readme for Axway API Manager 7.4.0 SP 6).

Install the API Gateway Analytics service pack

To install the service pack on your existing API Gateway Analytics 7.4.0 installation, perform the following
steps:

  1. Ensure that your existing API Gateway Analytics instance and Node Manager have been stopped. For more details, see the API Gateway Administrator Guide.
  2. Remove any previous patches from your INSTALL_DIR/ext/lib directory (or the ext/lib directory in an API Gateway Analytics instance). These patches have already been included in this service pack. You do not need to copy patches from a previous version.
  3. Unzip and extract API Gateway 7.4.0 SP 6 Analytics over the analytics directory within your existing API Gateway 7.4.0 installation directory. For example:
  4. tar -xzvf APIGateway_7.4.0_SP6_Analytics_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.4.0/analytics/

Note

  • Unzip and extract the service pack as the same user who owns the API Gateway Analytics binaries. You can use the ls -l INSTALL_DIR/analytics/posix/bin command to view the owner of the binaries.
  • You must also install a service pack for your existing 7.4.0 Core Server.

Install the Policy Studio service pack

To install the service pack on your existing Policy Studio installation, perform the following steps:

  1. Shut down Policy Studio.
  2. Back up your existing INSTALL_DIR/policystudio directory.
  3. Unzip and extract API Gateway 7.4.0 SP 6 Policy Studio over the policystudio directory within your existing API Gateway 7.4.0 installation directory. For example:
  4. tar -xzvf APIGateway_7.4.0_SP6_PolicyStudio_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.4.0/policystudio/

Note

  • The first time you start Policy Studio, you must use policystudio -clean.

Install the Configuration Studio service pack

To install the service pack on your existing Configuration Studio installation, perform the following steps:

  1. Shut down Configuration Studio.
  2. Back up your existing INSTALL_DIR/configurationstudio directory.
  3. Unzip and extract API Gateway 7.4.0 SP 6 Configuration Studio over the configurationstudio directory within your existing API Gateway 7.4.0 installation directory. For example:
  4. tar -xzvf APIGateway_7.4.0_SP6_ConfigurationStudio_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.4.0/configurationstudio/

Note

  • The first time you start Configuration Studio, you must use configurationstudio -clean.

After installation

Note

To allow an unprivileged user to run the API Gateway on a Linux system, perform the following steps:

  1. Add the following line to the INSTALL_DIR/system/conf/jvm.xml file:
  2. 64-bit installation

    <VMArg name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/amd64/server:
    $VDISTDIR/$DISTRIBUTION/jre/lib/amd64:$VDISTDIR/$DISTRIBUTION/lib/engines:
    $VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:
    $VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>

  3. 32-bit installation

    <VMArg name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/i386/server:
    $VDISTDIR/$DISTRIBUTION/jre/lib/i386:$VDISTDIR/$DISTRIBUTION/lib/engines:
    $VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:
    $VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>

  4. Run the command setcap 'cap_net_bind_service=+ep' INSTALL_DIR/platform/bin/vshell to allow the API Gateway to listen on privileged ports.

Documentation

Go to the Documentation portal at http://docs.axway.com to find all documentation for this product version.

The following reference documents are available on the Documentation portal at http://docs.axway.com:

  • Axway Supported Platforms
  • Axway Interoperability Matrix

Support services

The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements.

Email support@axway.com or visit Axway Support at https://support.axway.com.


Copyright © 2017 Axway. All rights reserved.