Download

 Axway API Gateway 7.4.0 SP 1 Readme

Axway API Gateway 7.4.0 SP 1 Readme

Document version: 06 July 2015


Readme for 7.4.0 SP 1

This Readme applies to Axway API Gateway 7.4.0 SP 1, for all platforms. The information in this Readme supersedes any corresponding information in the documentation (online or printed) previously supplied for the product.

The main aim of this service pack is to provide fixes for a number of reported defects.This service pack contains updates for:

The service pack contains new binaries only and does not overwrite the existing configuration.

File packages: An installation archive is provided for all platforms (for example, APIGateway_7.4.0_SP1_Core_win-x86-32_BN201507061.zip) for Windows.

Size: The file size differs for each platform. The MD5 checksum is provided for each file.

Corrections and enhancements

This service pack provides the following corrections and enhancements.

Case ID Internal ID Description
145056 Issue: Custom response text not returned with HTTP response
Resolution: Previously, the API Gateway was not returning a custom response message with an HTTP response. Now, the API Gateway returns a custom response message with an HTTP response.
144736 Issue: Core API Method Registration throws a ClassNotFound exception
Resolution: Previously, the API Gateway could throw the "ClassNotFoundException: com.vordel.apiportal.runtime.broker.parameters.ParameterValidator" exception when deploying an API created with the Policy Studio API registration wizard. Now, the API Gateway does not throw the "ClassNotFoundException: com.vordel.apiportal.runtime.broker.parameters.ParameterValidator" exception.
148847 Issue: Invalid directories searched for Libvxml
Resolution: Previously, some API Gateway shared libraries were using built-in RPATH first searching for other libraries to resolve dependencies. This caused problems loading API Gateway where the built-in RPATH was accidentally matching system paths in a customer environment. Now, the RPATH is removed from reported API Gateway shared libraries.
148228 Issue: XML signature verification error if XML namespace contains a space
Resolution: Previously, the XML Sign/Verify process was always validating the XML namespaces disregarding the namespace validation flag settings in the LibXml2 configuration. Now, the XML Sign/Verify process checks the namespace validation flag settings in the LibXml2 configuration.
775794 148652 Issue: Retrieve from message filter is converting empty elements in text/xml to short form
Resolution: Previously, the API Gateway was replacing empty XML element <a></a> with empty tag <a/>. Now, the API Gateway provides LibXml2 option to allow generating empty XML element <a></a> instead of empty tag <a/>.
148498 Issue: Upgrade Xerces
Resolution: Previously, an OutOfMemoryException in the xerces layer could occur during a schema check with data with large maxOccurs values. Now, no OutOfMemoryException occurs in the xerces layer.
148976 Issue: Incorrect SP installation instructions in Readmes for Policy Studio and Configuration Studio
Resolution: Previously, the SP installation instructions were incorrect in the SP Readmes. Now, the installation instructions are correct.
148022 Issue: Maximum bytes per transaction issue
Resolution: Previously, in Policy Studio, the Maximum Sent/Received Bytes per transaction configuration System Settings were incorrectly set. Now, the Maximum Sent/Received Bytes per transaction labels in Policy Studio match the actual values set in configuration.
147461 Issue: Admin credentials required and checked on --submit_cert and --regen_certs in managedomain flows when should not be
Resolution: Previously, when using --sign_with_external_ca and we submit the cert for the first ANM, admin credentials are required and an attempt is made to validate them, but there is no ANM running, so cert submission fails. Admin credentials were also always required for certificate regeneration which we may need to run offline. Now, credentials are not required when you submit the cert for the first ANM. For cert regeneration admin credentials are only prompted for when and if they are needed, for example, when the ANM needs to sign certs for second and subsequent hosts. Credentials are not prompted for on cert submission after cert regeneration with --sign_with_external_ca option.
149019 Issue: Failure modifying CreateCookie filter after importing configuration into 7.4.0 due to upgrade issues
Resolution: Previously, in Policy Studio, modifying the CreateCookie filter of a successfully imported configuration failed. Now, in Policy Studio, the CreateCookie filter of successfully imported configuration can be modified.
145781 Issue: Unable to test LDAPS in Policy Studio
Resolution: Previously, when using Policy Studio to test a LDAPS connection over SSL, the connection test failed and the exception trace indicated "Unconnected sockets not implemented". Now, in Policy Studio, the connection test to an LDAPS server over SSL will no longer generate the "Unconnected sockets not implemented" exception.
147511 Issue: Switching off traffic monitor suppresses incoming/outgoing data from trace file
Resolution: Previously, API Gateway did not write incoming/outgoing DATA traces in the trace file when Traffic Monitor was disabled. Now, API Gateway writes incoming/outgoing DATA traces in the trace file regardless of Traffic Monitor enabled/disabled state.
147549 Issue: Java Crash - SIGSEGV in com.vordel.circuit.InvocationEngine.recordFilterEnd
Resolution: Previously, the API Gateway was inconsistently crashing attempting to send a response after processing a large payload when the client had already closed the connection. Now, the API Gateway reports closed connections as expected when attempting to send a response.
147363 Issue: Scheduled Analytics reports sometimes fail to run
Resolution: Previously, the Analytics reports were incorrectly rescheduled on refresh and hence failed to run. Now, the Analytics reports are scheduled on refresh as expected.
774947 147941 Issue: Problems with management certificates setup
Resolution: Previously, if you tried to submit an externally signed cert that did not match the private key on disk you saw an error "java.lang.Exception: java.lang.Exception: RSA_private_decrypt failed". Now, you will see "Error: Public key in certificate and private key on disk do not match. Detail: java.lang.Exception: RSA_private_decrypt failed". Previously, if you submitted a PEM file that did not contain the certificates ordered correctly (for example, NM/GW, followed by Inter CA followed by Root CA) you would see the error "TypeError: 'NoneType' object is unsubscriptable". Now, if you submit a PEM file that does not contain the certificates ordered correctly they are ordered automatically for you. The order of the certs in the PEM file should not matter.
776810 148186 Issue: Directory Scanner moves folders as well as files when no file type specified
Resolution: Previously, the Directory Scanner was also processing folders when no file type was specified in the configuration. Now, the Directory Scanner processes files as required when no file type is specified in the configuration.
148742 Issue: Unable to move file using FTP poller
Resolution: Previously, if an FTP Poller was configured to move the file to a multi-level directory that did not exist, a failure would occur with some SFTP servers as it would not allow the creation of multiple levels of directories via one command. Also some FTP Servers would throw errors if the FTP Poller tried to create a directory that already existed. It was difficult to diagnose the issue as the the SFTP errors were not written to the trace. Now, the FTP Poller will not try to create a directory that already exists. It will attempt to create a directory that does not exist as entered by the user. Some SFTP Servers will fail to create a multiple level directory. If a directory cannot be created by the FTP Poller it should be done manually. The API Gateway will now output the SFTP errors to the trace.
148739 Issue: DB filter aborts with NPE when stored procedure returns NULL
Resolution: Previously, a NPE was returned from the Retrieve from or write to database filter when a stored procedure was called that returned a NULL. Now, when a NULL is returned by the stored procedure it is ignored and no message attribute is set. It is possible to set "" (blank) value in a message attribute for the returned NULL value of the stored procedure by setting the Java system property "ALLOW_NULL_VALUES_FROM_DB=true" in jvm.xml (for example, <VMArg name="-DALLOW_NULL_VALUES_FROM_DB=true" />).
147872 Issue: Cannot Start Instance: Piper Server Stopping error
Resolution: Previously, a user could specify a P12 file to sign SSL certificates for management traffic that did not contain a full certificate chain (option 2 for cert management). This led to a failure to start the API Gateway due to missing certs in the chain. If the user supplies a p12 with an intermediate CA and a root CA, the trusted CA cert on the SSL ports for Node Manager was the Root CA. Now, managedomain validates the P12 specified by the user and ensures that the full certificate chain is included (option 2 for cert management). Self-signed certificates are allowed (option 2 for cert management). If the user supplies a p12 with an intermediate CA and a root CA, the trusted CA cert on the SSL ports for Node Manager is now the Intermediate CA, as this is the "Domain CA". Validation on the certificate PEM files submitted for option 3 (External CA) for cert management has also been improved to ensure the full cert chain is included.
777877 148523 Issue: Node Manager appears to hang on startup due to AMI license check
Resolution: Previously, the API Gateway Node Manager could hang on startup due to AMI license check. Now, the API Gateway Node Manager uses default 5000 ms timeout attempting the AMI license check. You can also use the V_AMI_TIMEOUT environmental variable to set a custom timeout instead of the default.
146903 Issue: Problems upgrading from v7.1 to v7.3.1 using UPGRADECONFIG
Resolution: Previously, upgrade of a Web Service configuration could fail if a WSDL URL in the Web Service is not normalized. Now, a Web Service with a not normalized WSDL URL is upgraded successfully.
146073 Issue: Content-Type HTTP header is duplicated when using ICAP filter
Resolution: Previously, the HTTP Response header has a duplicate Content-Type field when using the ICAP filter. Now, the HTTP Response header correctly has a single Content-Type field when using the ICAP Filter. In the case of a multi-part response where the content types are different, multiple Content-Types are still permitted.
147031 Issue: API Gateway fails to deploy configuration
Resolution: Previously, the API Gateway could crash attempting to log libxml error messages containing %-encoded characters. Now, the API Gateway logs libxml error messages containing %-encoded characters.

Known issues

The following issues are known and scheduled for correction in a future release.

Case ID Internal ID Description
779258 149253 Issues with upgrade from 7.2.3 to 7.4.0
779817 149354 API Gateway port 8090 is vulnerable to an XSRF attack
147658 PassPort configuration deployment causing API Gateway to hang
775282 147898 LDAP character conversion issue
146579 Problems in sysexport when upgrading from 7.1 to 7.3.1 SP2
772223 146355 Issues with upgrade from 6.1.3 to 7.4.0
774850 147428 The 'Do not use the SSLv2/SSLv3 protocol' flags on a HTTPS port does not prevent the use of SSLv2/SSLv3
144751 Cannot add optional path parameters for an API Method in Policy Studio
148841 Allow access to attributes from a MAIL FROM policy handler

Install the service pack

Prerequisites

This service pack has the following prerequisites in addition to the prerequisites specified for the main product release:

  1. Shut down any Node Manager or API Gateway instances on your existing installation.
  2. Back up your existing installation. For details on backing up, see the API Gateway Administrator Guide.
  3. Remove any old third-party libraries. To do this, delete the INSTALL_DIR/system/lib/modules directory.

Installation

This section describes how to install the service pack on an existing installation of API Gateway.

Note

Install the API Gateway Core Server service pack

To install the service pack on your existing API Gateway 7.4.0 Core Server installation, perform the following steps:

  1. Ensure that your existing API Gateway instance and Node Manager have been stopped. For more details, see the API Gateway Administrator Guide.
  2. Remove any previous patches from your INSTALL_DIR/ext/lib directory (or the ext/lib directory in an API Gateway instance). These patches have already been included in this service pack. You do not need to copy patches from a previous version.
  3. Unzip and extract API Gateway 7.4.0 SP1 Core over the apigateway directory within your existing installation directory. For example:
  4. tar -xzvf APIGateway_7.4.0_SP1_Core_linux-x86-64_BN201507061.tar.gz -C /opt/Axway-7.4.0/apigateway/

Note

Install the API Gateway Analytics service pack

To install the service pack on your existing API Gateway Analytics 7.4.0 installation, perform the following steps:

  1. Ensure that your existing API Gateway Analytics instance and Node Manager have been stopped. For more details, see the API Gateway Administrator Guide.
  2. Remove any previous patches from your INSTALL_DIR/ext/lib directory (or the ext/lib directory in an API Gateway Analytics instance). These patches have already been included in this service pack. You do not need to copy patches from a previous version.
  3. Unzip and extract API Gateway 7.4.0 SP1 Analytics over the analytics directory within your existing API Gateway 7.4.0 installation directory. For example:
  4. tar -xzvf APIGateway_7.4.0_SP1_Analytics_linux-x86-64_BN201507061.tar.gz -C /opt/Axway-7.4.0/analytics/

Note

Install the Policy Studio service pack

To install the service pack on your existing Policy Studio installation, perform the following steps:

  1. Shut down Policy Studio.
  2. Back up your existing INSTALL_DIR/policystudio directory.
  3. Unzip and extract API Gateway 7.4.0 SP1 Policy Studio over the policystudio directory within your existing API Gateway 7.4.0 installation directory. For example:
  4. tar -xzvf APIGateway_7.4.0_SP1_PolicyStudio_linux-x86-64_BN201507061.tar.gz -C /opt/Axway-7.4.0/policystudio/

Install the Configuration Studio service pack

To install the service pack on your existing Configuration Studio installation, perform the following steps:

  1. Shut down Configuration Studio.
  2. Back up your existing INSTALL_DIR/configurationstudio directory.
  3. Unzip and extract API Gateway 7.4.0 SP1 Configuration Studio over the configurationstudio directory within your existing API Gateway 7.4.0 installation directory. For example:
  4. tar -xzvf APIGateway_7.4.0_SP1_ConfigurationStudio_linux-x86-64_BN201507061.tar.gz -C /opt/Axway-7.4.0/configurationstudio/

After installation

To allow an unprivileged user to run the API Gateway on a Linux system, perform the following steps:

  1. Add the following line to the INSTALL_DIR/system/conf/jvm.xml file.
  2. 64-bit installation

    <VMArg name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/amd64/server:
    $VDISTDIR/$DISTRIBUTION/jre/lib/amd64:$VDISTDIR/$DISTRIBUTION/lib/engines:
    $VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:
    $VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>

  3. 32-bit installation

    <VMArg name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/i386/server:
    $VDISTDIR/$DISTRIBUTION/jre/lib/i386:$VDISTDIR/$DISTRIBUTION/lib/engines:
    $VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:
    $VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>

  1. Run the command setcap 'cap_net_bind_service=+ep' INSTALL_DIR/platform/bin/vshell to allow the API Gateway to listen on privileged ports.

Note


Documentation

Go to Axway Sphere at https://support.axway.com to find all documentation for this product version.

For information about how API Gateway is used in Axway 5 Suite, refer to:

All Axway documentation is available from Axway Sphere at https://support.axway.com.


Support services

The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements.
Email support@axway.com or visit Axway Sphere at https://support.axway.com.


Copyright © 2015 Axway. All rights reserved