Download

API Gateway Readme

Axway API Gateway 7.3.1 SP1 Readme

Document version: 20 Feb 2015


Readme for 7.3.1 SP1

This Readme applies to Axway API Gateway 7.3.1 SP1, for all platforms. The information in this Readme supersedes any corresponding information in the documentation (online or printed) previously supplied for the product.

The main aim of this service pack is to provide fixes for a number of reported defects.

This service pack contains updates for:

The service pack contains new binaries only and does not overwrite the existing configuration.

File Packages: An installation archive is provided for all platforms (for example, APIGateway_7.3.1_SP1_Core_win-x86-32_BN201502151.zip) for Windows.

Size: The file size differs for each platform. The MD5 checksum is provided for each file.

Corrections and enhancements

This service pack provides the following corrections and enhancements.

Case IDInternal IDDescription
719925 121683 When using a configured proxy with the Connection filter, host header is always value of proxy
Previously, you were unable to connect to a URL using an API Gateway configured as an HTTPS proxy.
Now, you can connect to a URL using an API Gateway configured as an HTTPS proxy.
733227 127312 CRL (Dynamic) filter does not fail when CRL is not reachable
Previously, the CRL filters were validating certificates using expired CRL from cache.
Now, the CRL filters return false if the provided/cached CRL is expired.
736569 133557 Problems upgrading from v7.1.1 to v7.3.1 using UpgradeConfig command
Previously, there was an issue with upgrading XML files with UTF-8 encoding.
Now, there is no issue with upgrading XML files with UTF-8 encoding.
739863 130702 Solaris requirements are incorrect in API Gateway 7.3 Installation Guide
Previously, the support for Solaris 64 bit was documented incorrectly.
Now, the support for Solaris 64 bit is documented correctly.
740002 130672 vshell cores in Trace filter when receiving a URL encoded character
Previously, the Trace filter was terminating API Gateway processing a UTF-8 encoded character.
Now, the Trace filter is fixed to allow processing a UTF-8 encoded character.
741308 132476 (Updated) API Gateway does not use HTTP CONNECT tunneling when using a proxy to access HTTPS URL
Previously, you were unable to connect to an HTTPS URL through an HTTP/HTTPS proxy.
Now, it is possible to connect to an HTTPS URL through an HTTP/HTTPS proxy.
741904 131711 Register WSDL with WSDL URL always sends BASIC AuthN header
Previously, when registering WSDL using WSDL URL, API Gateway always sent an authentication header to the remote server, disregarding authentication settings.
Now, when registering WSDL using WSDL URL, API Gateway sends the authentication header only if the authentication settings are provided.
742201 131777 Retrieve from SAML Attribute Assertion filter throws no native proxy for Java object exception under load
Previously, SAML Attribute Assertion filter throws an error under heavy load.
Now, SAML Attribute Assertion filter does not throw an error under heavy load.
742538 132548 When creating an API in Policy Studio, parameter path variables were not available for policies
Previously, when using REST API wizards to create an API in Policy Studio, the parameter path variables were not available on the whiteboard for the Request/Routing/Response policies.
Now, when using REST API wizards to create an API in Policy Studio, the parameter path variables are available on the whiteboard for the Request/Routing/Response policies.
742629 132255 Appliance TCP connection not sending close_notify to Layer 7 gateway with payload response when certain size
Previously, API Gateway was not always sending close-notify message on SSL shutdown.
Now, API Gateway sends close-notify explicitly on SSL shutdown. You can configure this in SystemSettings of API Gateway instance's service.xml config:
sslShutdownPolicy = {"dirty" | "simplex" | "duplex"}
"dirty" is the old behaviour
"simplex" is the default, and ensures that close-notify is sent
"duplex" waits for the remote to send its close-notify also
743296 132254 User Guide does not document which JSON Schema specifications are supported
Previously, the User Guide did not document which JSON Schema specifications are supported by the JSON Schema Validation filter.
Now, draft version 2 of JSON Schema specification supported by the JSON Schema Validation filter is added in the Policy Developer Guide.
743895 132828 Debugging options for troubleshooting installation failure in hardened Linux environment
Previously, there were errors when managedomain was creating a Node Manager because of permissions on the system.
Now, there are no errors when managedomain creates a Node Manager.
744739 132990 Avoid 'invalid field' returned when field not referenced in query string but referenced in Set Message filter
Previously, INVALID_FIELD was returned for an invalid field in selectors in policies.
Now, there is a configuration option to allow an empty string to be returned instead of the INVALID_FIELD value from selectors.
745392 133211 Connect to URL filter aborts in 7.1.1
Previously, the Connect to URL filter always added the port number in Host header for HTTP and HTTPS requests (for example, Host: www.axway.com:80, Host: www.axway.com:443).
Now, the Connect to URL filter adds only non-default ports for HTTP and HTTPS requests in the Host header (for example, Host: www.axway.com).
745499 133212 DTD Injection in XML parser
Previously, in certain circumstances the XML parser allowed DTD injection when parsing SOAP XML documents.
Now, it is not possible to inject DTDs into XML because the XML parser does not allow it.
746450 133670 Policy Studio cannot connect to Admin Node Manager configured for TLS 1.2 (but browser can)
Previously, Policy Studio could not connect to an Admin Node Manager configured for TLS 1.2.
Now, you can use a configuration option in policy.ini to connect to an Admin Node Manager configured with TLS 1.2 using Policy Studio.
746670 133763 Policy does not import correctly until second try
Previously, under certain conditions when importing a policy, the policy did not import correctly and was missing links.
Now, when importing the policy, all links are properly imported.
747500 134127 Upgrade failure: Oracle API Gateway 11.1.1.6.1 (6.3.1) to 11.1.2.3.1 (7.3.1)
Previously, there were errors upgrading from API Gateway 6.3.1 to 7.3.1 because 127.0.0.1 was used as the host for admin APIs instead of localhost.
Now, there are no errors when upgrading from API Gateway 6.3.1 to 7.3.1.
749150 135033 (Updated) HTTPS proxy server not working: tries to CONNECT to the backend
Previously, the Connect to URL filter was sending CONNECT method with endpoint set to proxy.
Now, the Connect to URL filter sends CONNECT method to proxy with correct endpoint details.
749194 135265 API Gateway does not authenticate using digest authentication and may crash
Previously, using basic authentication with "Automatically send credentials" enabled, the API Gateway crashed.
Now, using basic authentication with "Automatically send credentials" enabled, the authentication process completes.
749498 134939 Oracle Access Manager SDK: "Access Server has returned a fatal error"
Previously, OAM Authenticator returned a fatal error when it cannot find a scoped session during authentication
Now, OAM Authenticator no longer returns a fatal error if it cannot find the scoped session.
751925 139288 Deployment Error: "Failed to find feature noLicensing"
Previously, harmless messages appeared in trace log file for licensing.
Now, these messages have been removed from the trace log file because they are not useful.
752124 137789 Failure to download trace files from API Gateway Manager download link
Previously, the API Gateway Node Manager reported an error when users attempted to download a trace file exceeding 10 MB in size.
Now, you can configure the API Gateway Node Manager using the samples/scripts/config/updateMaxInOutLen.py script to allow downloading a trace file exceeding 10 MB in size.
752386 136278 Registering WSDL does not show all operations
Previously, some operations were not listed when registering WSDL in Policy Studio.
Now, all operations are listed when registering WSDL in Policy Studio.
752479 136269 OpenSSL upgrades for Oracle 7.2.1 and OpenSSL October 15th advisory
Previously, API Gateway was running with an older version of OpenSSL.
Now, API Gateway is running with OpenSSL 1.0.1j 15 Oct 2014.
753295 136715 Disable Cassandra script not working
Previously, the disable Cassandra script did not allow you to specify an Admin Node Manager URL.
Now, the disable Cassandra script allows you to specify an Admin Node Manager script.
753805 139298 Cannot deploy WSDL with space in namespace name
Previously, WSDL with space in namespace name could not be loaded.
Now, validation of namespaces can be turned off using the new XML_PARSE_NONAMESPACE_URI_REF_VALIDATION libxml custom option to allow loading WSDL with space in namespace name.
753965 137538 Upgrade fails at apigateway/system/conf/migrate/CertValidationOcspFilter/2.xml
Previously, there was an error upgrading OCSP policies to 7.3.1.
Now, there is no error upgrading OCSP policies to 7.3.1.
754322 137792 Failure to download transaction log files from API Gateway Manager download link
Previously, the API Gateway Node Manager reported an error when users attempted to download a log file exceeding 10 MB in size.
Now, you can configure the API Gateway Node Manager using samples/scripts/config/updateMaxInOutLen.py script to allow downloading a log file exceeding 10 MB in size.
754375 137745 Connect to URL policy stops working after upgrade from 7.1.1 to 7.3.1
Previously, Connect to URL policies with URLs containing spaces worked in 7.1.1, but after upgrading the 7.3.1, the policy stopped working.
Now, after upgrading to 7.3.1, URLs with spaces specified in Connect to URL policies continue to work.
754803 137530 API Gateway crashes in libvxml2.so.2
Previously, under certain circumstances, there was a race condition when processing XPath expressions.
Now, there is no race condition when processing XPath expressions.
754885 138330 Remote Host issue after upgrade from 7.2.2 to 7.3.1
Previously, maximum connections in Remote Host configuration was set to -1 during upgrade to 7.3.1.
Now, maximum connections in Remote Host configuration is not changed during upgrade to 7.3.1.
754968 137627 OutOfMemory when a Directory Scanner reads a large file
Previously, when the Directory Scanner was dealing with large files, it read the whole file into memory causing an OutOfMemoryException.
Now, the Directory Scanner does not read the whole file into memory, and does not cause any OutOfMemoryExceptions.
755020 137709 API Gateway crashes using ICAP filter
Previously, API Gateway crashed using an ICAP filter because of a connection input/ouput error sending content to ICAP server.
Now, API Gateway correctly handles the connection input/output error while sending content to ICAP server.
755102 137907 FTP poller fails to delete large (>8MB) files
Previously, the FTP poller failed to delete processed files (if configured) from the FTP server because of a connection error.
Now, the FTP poller retries to delete processed files from the FTP server on connection error.
755308 138274 API Gateway configuration store issues after upgrade from 6.0.3 to 7.3.1
Previously, migration of API Gateway configuration from 6.0.3 to 7.3.1 was failing for XML Signature Generation and Retrieve from user store filters.
Now, migration of API Gateway configuration from 6.0.3 to 7.3.1 passes for XML Signature Generation and Retrieve from user store filters
756444 138758 Custom XPaths are missing in 7.3.1 upgraded configuration.
Previously, migration of API Gateway configuration from 7.1.1 to 7.3.1 was failing for custom X-Path-Expressions in the Retrieve Attribute From Message filter.
Now, migration of API Gateway configuration from 7.1.1 to 7.3.1 passes for custom X-Path-Expressions in the Retrieve Attribute From Message filter.
756558 139553 Problems in v7.3.1 with 'Validate certificate against a CRL' filter
Previously, the CRL (Dynamic) filter failed to resolve selector with generated legacy message attributes, for example, ${distributionpoint.0.1.toString}, ${distributionpoint.0.0.toString}
Now, the CRL (Dynamic) filter resolves selector with generated legacy message attributes.
756814 138999 Core dump in /lib64/libc.so
Previously, the McAfee Anti-Virus filter could crash scanning message body or cause a memory leak.
Now, the McAfee Anti-Virus filter cleans up temporary allocated memory.
757270 140269 Send to Sentinel filter results in read error -1, but filter returns true
Previously, the Sentinel server external connection was always configured with the provided encoding.
Now, the Sentinel server external connection applies the provided encoding only if the IGNORE_ENCODING Java property value is false (default).
758662 140217 Throttling rate limit information appears several times in HTTP Header
Previously, the Throttling filter was setting duplicated Throttling rate limit information headers in the response.
Now, the Throttling filter sets Throttling rate limit information headers in the response once.
758816 140044 Threatening Content filter does not trap unescaped content
Previously, the Threatening Content filter was not trapping content that is not escaped.
Now, the Threatening Content filter is trapping content that is not escaped.
759133 140246 McAfee filter returns success instead of failure when receiving infected multipart body and scan type is remove or clean
Previously, the McAfee Anti-Virus filter may not always correctly update the 'mcafee.status' message attribute for multipart messages.
Now, the McAfee Anti-Virus filter merges scan results into the 'mcafee.status' message attribute for multipart messages.
760444 141296 (Updated) Amazon S3 connection using proxy does not work
Previously, the Connect to URL filter was unable to connect to a URL via an HTTPS proxy.
Now, it is possible to connect to a URL via an HTTPS proxy.
760982 141084 Host part of redirect URL is treated as case sensitive
Previously, in OAuth the redirect URL was seen as invalid because the host was a different case to the one stored on disk for the profile.
Now, there is no longer case sensitivity on the host part of the redirect URL.
743541 132530 Policy Studio error: Recursive call to CircuitStore
Previously, a false error was reported for recursion in a specific policy when using policy shortcuts.
Now, there is no error reported for the specific policy using policy shortcuts because it is a valid policy.
747264 134130 Set Message filter behaves differently from v6.3.1 in v7.2.2 when handling variables that differ only in case
Previously, there was a problem with case sensitivity in URL parameters.
Now, you can configure API Gateway to use case sensitive or case insensitive values for URL parameters.

Install the service pack

Prerequisites

This service pack has the following prerequisites in addition to the prerequisites specified for the main product release:

  1. Shut down any Node Manager or API Gateway instances on your existing installation.
  2. Back up your existing installation. For more information on backing up, see the API Gateway Administrator Guide.
  3. Remove any old third-party libraries. To do this, delete the INSTALL_DIR/system/lib/modules directory.

Installation

This section describes how to install the service pack on an existing installation of API Gateway.

To install a new API Gateway installation from scratch without an existing installation, see the API Gateway Installation and Configuration Guide.

Install the API Gateway Core Server service pack

To install the service pack on your existing API Gateway 7.3.1 Core Server installation, perform the following steps:

  1. Ensure that your existing API Gateway instance and Node Manager have been stopped. For more details, see the API Gateway User Guide.
  2. Remove any previous patches from your INSTALL_DIR/ext/lib directory (or the ext/lib directory in an API Gateway instance). These patches have already been included in this service pack. You do not need to copy patches from a previous version.
  3. Unzip and extract API Gateway 7.3.1 SP1 Core over the apigateway directory within your existing installation directory. For example:
  4. tar -xzvf APIGateway_7.3.1_SP1_Core_linux-x86-64_BN201502151.tar.gz -C /opt/Axway-7.3.1/apigateway/

Note

Install the API Gateway Analytics service pack

To install the service pack on your existing API Gateway Analytics 7.3.1 installation, perform the following steps:

  1. Ensure that your existing API Gateway Analytics instance and Node Manager have been stopped. For more details, see the API Gateway User Guide.
  2. Remove any previous patches from your INSTALL_DIR/ext/lib directory (or the ext/lib directory in an API Gateway Analytics instance). These patches have already been included in this service pack. You do not need to copy patches from a previous version.
  3. Unzip and extract API Gateway 7.3.1 SP1 Analytics over the analytics directory within your existing API Gateway 7.3.1 installation directory. For example:
  4. tar -xzvf APIGateway_7.3.1_SP1_Analytics_linux-x86-64_BN201502151.tar.gz -C /opt/Axway-7.3.1/analytics/

Note

Install the Policy Studio service pack

To install the service pack on your existing Policy Studio installation, perform the following steps:

  1. Delete your existing Policy Studio installation directory (for example, INSTALL_DIR\policystudio).
  2. Use the API Gateway 7.3.1 installation executable to install Policy Studio into the same directory.

Note

Install the Configuration Studio service pack

To install the service pack on your existing Configuration Studio installation, perform the following steps:

  1. Delete your existing Configuration Studio installation directory (for example, INSTALL_DIR\configurationstudio).
  2. Use the API Gateway 7.3.1 installation executable to install Configuration Studio into the same directory.

After installation

To allow an unprivileged user to run the API Gateway on a Linux system, perform the following steps:

  1. Add the following line to the INSTALL_DIR/system/conf/jvm.xml file.
  2. 64-bit installation

    <VMArg name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/amd64/server:$VDISTDIR/$DISTRIBUTION/jre/lib/amd64:$VDISTDIR/$DISTRIBUTION/lib/engines:$VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:$VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>

  3. 32-bit installation

    <VMArg name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/i386/server:$VDISTDIR/$DISTRIBUTION/jre/lib/i386:$VDISTDIR/$DISTRIBUTION/lib/engines:$VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:$VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>

  1. Run the command setcap 'cap_net_bind_service=+ep' INSTALL_DIR/platform/bin/vshell to allow the API gateway to listen on privileged ports.

Note

Related documentation

Axway API Gateway is accompanied by a complete set of documentation, covering all aspects of using the product. These documents include the following:

Axway API Gateway documentation

Axway 5 Suite documentation

All Axway documentation is available from Axway Sphere at https://support.axway.com.

Support services

Support services are available from Axway Sphere at https://support.axway.com, including:

The Axway Global Support team also provides worldwide 24 x 7 support, subject to validation of your license agreement.
Email support@axway.com or, for your local support telephone number, visit Axway Sphere at https://support.axway.com and click Contact Axway Support.

See "Troubleshoot your API Gateway installation" in the API Gateway Administrator Guide for the information that you should be prepared to provide when you contact Axway Support.

You can display the version and build of API Gateway by selecting Help > About in Policy Studio.

For information about Axway training services, go to: www.axway.com.


Copyright © Axway Software 2015
All rights reserved