Document version: 21 September 2015
This Readme applies to Axway API Gateway 7.3.1 SP 3, for all platforms. The information in this Readme supersedes any corresponding information in the documentation (online or printed) previously supplied for the product.
The main aim of this service pack is to provide fixes for a number of reported defects. This service pack contains updates for:
The service pack contains new binaries only and does not overwrite the existing configuration.
File packages: An installation archive is provided for all platforms (for example,
APIGateway_7.3.1_SP3_Core_win-x86-32_BN201509212.zip
for Windows).
Size: The file size differs for each platform. The MD5 checksum is provided for each file.
This service pack provides the following corrections and enhancements.
Case ID | Internal ID | Description |
---|---|---|
— | 147547 | Issue: Java Crash - SIGSEGV in com.vordel.circuit.InvocationEngine.recordFilterEnd
Resolution: Previously, the API Gateway was inconsistently crashing when attempting to send a response after processing a large payload when the client had already closed connection. Now, the API Gateway reports closed connections as expected when attempting to send a response. |
— | 148227 | Issue: Patch breaking xml encryption filter
Resolution: Previously, the XML Sign/Verify process validated the XML namespaces disregarding the namespace validation flag settings in the LibXml2 configuration. Now, the XML Sign/Verify process checks the namespace validation flag settings in the LibXml2 configuration. |
773165 | 147002 | Issue: Opsdb.d overflowing configured limits Resolution: Previously, idx files for finished transactions were not removed and traffic monitoring was not processed correctly due to failure during log operation. Now, message is completed after logging, idx files are removed for finished transactions and traffic monitoring is updated. |
775496 | 147639 | Issue: Appliance crashes Resolution: Previously, API Gateway was crashing inconsistently with policies containing user-defined scripts. Now, API Gateway reports warnings of concurrent data modifications for policies containing user-defined scripts with global scope variables. |
784222 | 152433 | Issue: Large native memory leak from vshell process Resolution: Previously, if XML Redaction was used in any policy then the vshell process would grow in memory size. This would require a restart of the gateway to resolve. Now, use of XML Redaction on any messages does not cause permanent growth in message size and does not require a restart after periodic use. |
— | 150794 | Issue: API Gateway port 8090 vulnerable to CSRF attack Resolution: Previously, the API Gateway Manager web application was vulnerable to potential CSRF attacks. Now, when upgrading from API Gateway 7.2.x, the migrated API Gateway Manager web application has a Referer Header check enabled. For existing 7.3.0 installations, the following manual step is required for enabling the Referer Header check: The protection can be enabled for the API Gateway Manager webapp (8090) by adding the following Jersey property to RBACServletContainer’s configuration (in the NM fed under $VDISTDIR/conf/fed/configs.xml )Name: com.sun.jersey.spi.container.ResourceFilters Value: com.vordel.common.apiserver.filter.CsrfProtectionFilterFactory |
775335 | 148121 | Issue: Unable to move file using FTP poller Resolution: Previously, if an FTP Poller was configured to move the file to a multi-level directory that did not exist, a failure would occur with some SFTP servers as it would not allow the creation of multiple levels of directories via one command. Also some FTP Servers would throw errors if the FTP Poller tried to create a directory that already existed. It was difficult to diagnose the issue as the the SFTP errors were not written to the trace. Now, the FTP Poller will not try to create a directory that already exists. It will attempt to create a directory that does not exist as entered by the user. Some SFTP Servers will fail to create a multiple level directory. If a directory cannot be created by the FTP Poller it should be done manually. The API Gateway will now output the SFTP errors to the trace. |
772915 | 146774 | Issue: Incorrect SP installation instructions in Readmes for Policy Studio and Configuration Studio Resolution: Previously, the SP installation instructions were incorrect in the SP Readmes. Now, the installation instructions are correct. |
— | 152162 | Issue: Certificate check from Connection filter is case sensitive Resolution: Previously, the Connect to URL filter reported that the host name in the request did not match the server's certificate subject, where the certificate subject name contained upper/lower-case characters. Now, the Connect to URL filter correctly matches the host name against the server's certificate subject containing upper/lower-case characters. |
— | 150493 | Issue: XPath not visible after upgrade from 7.1.1 to 7.4 SP 1 (via 7.3.0 SP 2) Resolution: Previously, in Policy Studio, when editing the Retrieve Attributes from message filter, custom XPath expressions might not appear in the XPath expression pop-up menu. Now, when editing the Retrieve Attributes from message filter, all available XPath expressions are shown in the XPath expression tree view dialog for selection. |
— | 151299 | Issue: SIGSEGV from libvcommon.so in Vordel::BoundHeap::allocImpl Resolution: Previously, API Gateway could crash allocating memory due to an incorrect check of available memory per transaction. Now, API Gateway correctly reports out of memory errors. |
— | 150494 | Issue: Changing name of XPath entity in Policy Studio leads to creation of duplicated entity Resolution: Previously, in Policy Studio, the XPath expression entity was duplicated when the XPath name was modified. Now, the XPath expression name is updated correctly if modified, and no duplicated XPath is created. |
— | 148846 | Issue: Invalid directories searched for Libvxml Resolution: Previously, some API Gateway shared libraries were using built-in RPATH first searching for other libraries to resolve dependencies. This caused problems loading API Gateway where the built-in RPATH was accidentally matching system paths in a customer's environment. Now, the RPATH is removed from reported API Gateway shared libraries. |
— | 150269 | Issue: Very slow deployments can cause failures Resolution: Previously, the API Gateway had poor performance loading deployed configurations containing JSONSchema/XSLT entities. This might cause the API Gateway Node Manager to report the deployment errors due to timeout waiting for a response from the instance re-loading such configuration. Now, the API Gateway has improved instantiating JSONSchema/XSLT entities when re-loading newly deployed configuration. |
764939 | 144778 | Issue: Maximum bytes per transaction issue Resolution: Previously, in Policy Studio, the Maximum Sent/Received Bytes per transaction configuration System Settings were incorrectly set. Now, the Maximum Sent/Received Bytes per transaction labels in Policy Studio match the actual values set in the configuration. |
— | 148192 | Issue: Directory Scanner moves folders as well as files when no file type specified Resolution: Previously, the Directory Scanner was also processing folders when no file type was specified in the configuration. Now, the Directory Scanner processes files as required when no file type is specified in the configuration. |
760690 | 144315 | Issue: Switching off traffic monitor suppresses incoming/outgoing data from trace file Resolution: Previously, API Gateway did not write incoming/outgoing DATA traces in the trace file when Traffic Monitor was disabled. Now, API Gateway writes incoming/outgoing DATA traces in the trace file regardless of Traffic Monitor enabled/disabled state. |
— | 146757 | Issue: Problems upgrading from v7.1 to v7.3.1 using UPGRADECONFIG Resolution: Previously, upgrade of a Web Service configuration could fail if a WSDL URL in the Web Service is not normalized. Now, a Web Service with a not normalized WSDL URL is upgraded successfully. |
— | 147362 | Issue: Scheduled Analytics reports sometimes fail to run Resolution: Previously, the Analytics reports were incorrectly rescheduled on refresh and hence failed to run. Now, the Analytics reports are scheduled on refresh as expected. |
772099 | 146387 | Issue: Gateway fails to deploy configuration, crashes Java in win32 Resolution: Previously, the API Gateway could crash attempting to log libxml error messages containing %-encoded characters. Now, the API Gateway logs libxml error messages containing %-encoded characters. |
770553 | 145658 | Issue: Content-Type HTTP header is duplicated when using ICAP filter Resolution: Previously, the HTTP Response header has a duplicate Content-Type field when using the ICAP filter. Now, the HTTP Response header correctly has a single Content-Type field when using the ICAP Filter. In the case of a multi-part response where the content types are different, multiple Content-Types are still permitted. |
The following issues are known and scheduled for correction in a future release.
Case ID | Internal ID | Description |
---|---|---|
776780 | 148273 | When Connect to URL hits the Max Recieved Bytes limit, it returns a truncated result instead of an error |
787174 | 152682 | Resolver Paths not working correctly |
772327 | 146454 | SSL Connection WRITE_PENDING: bad write retry Bug |
771646 | 146044 | OpenSSL updates |
— | 144088 | Cannot set optimized CRYPTO memory functions |
768745 | 144625 | OOM when writing to eventLog |
This service pack has the following prerequisites in addition to the prerequisites specified for the main product release:
INSTALL_DIR/system/lib/modules
directory.This section describes how to install the service pack on an existing installation of API Gateway.
Note
To install the service pack on your existing API Gateway 7.3.1 Core Server installation, perform the following steps:
INSTALL_DIR/ext/lib
directory (or the ext/lib
directory in an API Gateway instance). These patches have already been included in this service
pack. You do not need to copy patches from a previous version.
apigateway
directory
within your existing installation directory. For example:
tar -xzvf APIGateway_7.3.1_SP3_Core_linux-x86-64_BN201509212.tar.gz -C
/opt/Axway-7.3.1/apigateway/
Note
ls -l INSTALL_DIR/apigateway/posix/bin
command to view the owner of
the binaries.
To install the service pack on your existing API Gateway Analytics 7.3.1 installation, perform the following steps:
INSTALL_DIR/ext/lib
directory (or the ext/lib
directory in an API Gateway Analytics instance). These patches have already been included in this service
pack. You do not need to copy patches from a previous version.
analytics
directory within your existing API Gateway 7.3.1 installation directory. For example:
tar -xzvf APIGateway_7.3.1_SP3_Analytics_linux-x86-64_BN201509212.tar.gz -C
/opt/Axway-7.3.1/analytics/
Note
ls -l INSTALL_DIR/analytics/posix/bin
command to view the owner of
the binaries.
To install the service pack on your existing Policy Studio installation, perform the following steps:
INSTALL_DIR/policystudio
directory.policystudio
directory within your existing API Gateway 7.3.1 installation directory. For example:
tar -xzvf APIGateway_7.3.1_SP3_PolicyStudio_linux-x86-64_BN201509212.tar.gz -C
/opt/Axway-7.3.1/policystudio/
Note
policystudio -clean
.To install the service pack on your existing Configuration Studio installation, perform the following steps:
INSTALL_DIR/configurationstudio
directory.configurationstudio
directory within your existing API Gateway 7.3.1 installation directory. For example:
tar -xzvf APIGateway_7.3.1_SP3_ConfigurationStudio_linux-x86-64_BN201509212.tar.gz -C
/opt/Axway-7.3.1/configurationstudio/
Note
configurationstudio -clean
.To allow an unprivileged user to run the API Gateway on a Linux system, perform the following steps:
INSTALL_DIR/system/conf/jvm.xml
file.
<VMArg
name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/amd64/server:
$VDISTDIR/$DISTRIBUTION/jre/lib/amd64:$VDISTDIR/$DISTRIBUTION/lib/engines:
$VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:
$VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>
<VMArg
name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/i386/server:
$VDISTDIR/$DISTRIBUTION/jre/lib/i386:$VDISTDIR/$DISTRIBUTION/lib/engines:
$VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:
$VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>
setcap 'cap_net_bind_service=+ep'
INSTALL_DIR/platform/bin/vshell
to allow the API Gateway to listen on privileged ports.
Note
Go to Axway Sphere at https://support.axway.com to find all documentation for this product version.
For information about how API Gateway is used in Axway 5 Suite, refer to:
All Axway documentation is available from Axway Sphere at https://support.axway.com.
The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements.
Email support@axway.com or visit Axway Sphere at https://support.axway.com.
Copyright © 2015 Axway. All rights reserved