Document version: 19 October 2015
This Readme applies to Axway API Gateway 7.4.0 SP 2, for all platforms. The information in this Readme supersedes any corresponding information in the documentation (online or printed) previously supplied for the product.
The main aim of this service pack is to provide fixes for a number of reported defects. This service pack contains updates for:
The service pack contains new binaries only and does not overwrite the existing configuration.
File packages: An installation archive is provided for all platforms (for example,
APIGateway_7.4.0_SP2_Core_win-x86-32_BNYYYYMMDDn.zip
for Windows).
Size: The file size differs for each platform. The MD5 checksum is provided for each file.
This service pack provides the following corrections and enhancements.
Case ID | Internal ID | Description |
---|---|---|
775282 | 147898 |
Issue: LDAP character conversion issue |
779069 | 150535 |
Issue: SSL connection |
779770 | 151962 |
Issue: Different behavior between v7.3 and v7.4 |
779817 | 149354 |
Issue: API Gateway port 8090 vulnerable to XSRF attack Enable protection for the API Gateway Manager web app (8090) by adding the following Jersey property to the Name: For more details, see https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet. |
780484 | 149910 |
Issue: XPath not visible after upgrade from v7.1.1 to v7.4.0 SP 1 (via 7.3.0 SP 2) |
782269 | 150375 |
Issue: Update of embedded JRE in infield versions |
784051 | 151083 | Issue: REST API docs missing from Oracle API Gateway v7.4 Resolution: Previously, the API Gateway REST API documentation was not always included in the Service Pack. Now, the API Gateway REST API documentation is included in the Service Pack. |
784512 | 151229 | Issue: Invalid reference in API Gateway Policy Developer Guide Resolution: Previously, the Policy Developer Guide contained an invalid reference in examples of selector expressions. Now, the Policy Developer Guide does not contain an invalid reference in examples of selector expressions. |
785175 | 151687 |
Issue: SLA Filter does not trigger an alert when Now, a response time requirement based on client-side events attempts to use a server transaction to establish the times of requests. If a server transaction is not available, zero is returned as before. For example, this might be the case when using a cron job or a directory scanner. |
785198 | 151576 | Issue: API Gateway v7.4 Install Guide missing steps for upgrading Analytics Resolution: Previously, API Gateway v7.4 Install Guide was missing steps for upgrading API Gateway Analytics. Now, the API Gateway v7.4 Install Guide includes all steps for upgrading Analytics. |
785809 | 152288 | Issue: Problem on startup initializing the Luna HSM engine Resolution: Previously, using HSM sessions in multiple threads could cause PKCS11 CK_RV=0x90 errors , and could cause the system to become unstable. Now, the HSM sessions are thread-safe. |
786897 | 152274 | Issue: Oracle API Gateway sysupgrade script not fully Oracle-brandedResolution: Previously, when executing the sysupgrade script the Oracle build referred to Axway. Now, the sysupgrade script takes branding configuration into account. |
787659 | 152633 | Issue: Decode extracted attributes still decoding even if not selected in Extract REST Attributes filter Resolution: Previously, the Extract REST Attributes filter was incorrectly overwriting the http.raw.querystring message attribute. Now, the Extract REST Attributes filter does not overwrite the http.raw.querystring message attribute. |
789992 | 153726 | Issue: Java crash—SIGSEGV in libc.so.6 at fclose() Resolution: Previously, API Gateway was crashing if it could not create a file to store event logs. Now, API Gateway reports error when failed to create a file to store event logs. |
- | 148841 | Issue: Allow access to attributes from a MAIL FROM policy handler Resolution: Previously, MAIL , RCPT and DATA policy handlers did not have access to the authentication.subject.id and authentication.subject.password message attributes. Now, MAIL , RCPT and DATA policy handlers have access to the authentication.subject.id and authentication.subject.password message attributes. |
- | 149884 | Issue: Admin credentials should not be required for --regen_certs in managedomain Resolution: Previously, when using managedomain --regen_cert and submitting a certificate for the first Admin Node Manager, admin credentials are required, and an attempt is made to validate them. But there is no Admin Node Manager running, so the certificate submission fails. Now, managedomain can regenerate the certificate for the first Admin Node Manager offline with --regen_cert . |
- | 150270 | Issue: Very slow deployments causes failures Resolution: Previously, API Gateway had poor performance loading deployed configuration containing JSONSchema/XSLT entities. This might cause the Node Manager to report deployment errors due to a timeout waiting for the response from the instance reloading such configuration. Now, API Gateway has been improved instantiating JSONSchema/XSLT entities when reloading newly deployed configuration. |
- | 151300 | Issue: SIGSEGV from libvcommon.so in Vordel::BoundHeap::allocImpl Resolution: Previously, API Gateway could crash allocating memory due to an incorrect check of available memory per transaction. Now, API Gateway correctly reports out of memory errors. |
- | 152164 | Issue: Certificate check from Connection filter is case sensitive Resolution: Previously, the Connect to URL filter reported that the host name in the request did not match the server's certificate subject, where the certificate subject name contains upper/lower-case characters. Now, the Connect to URL filter correctly matches host name against the server's certificate subject containing upper/lower-case characters. |
- | 152784 | Issue: Large native memory leak from vshell process Resolution: Previously, if XML redaction was used in any policy, the vshell process would grow in memory size. This would require a restart of the API Gateway to resolve. Now, use of XML redaction on any messages does not cause permanent growth in message size and does not require an API Gateway restart after periodic use. |
- | 153296 | Issue: Resolver Paths not working correctly. Resolution: Previously, API Gateway failed to resolve to the proper path / policy while handling HEAD request and having both GET and HEAD methods for the same path configured in API Gateway. Now, API Gateway resolves to the correct path / method rule |
The following issues are known and scheduled for correction in a future release.
Case ID | Internal ID | Description |
---|---|---|
774850 | 147428 | The do not use SSLv2 and SSLv3 flags on a port do not prevent the use of SSLv2/3 |
790450 | 153827 | API Gateway crashes when decrypting XML with duplicate elements |
- | 146109 | OpenSSL patches required for FIPS mode updates |
- | 154460 | API Gateway sends garbage data when both sides of a WebSocket send frames at the same time |
This service pack has the following prerequisites in addition to the prerequisites specified for the main product release:
INSTALL_DIR/system/lib/modules
directory.This section describes how to install the service pack on an existing installation of API Gateway.
Note
To install the service pack on your existing API Gateway 7.4.0 Core Server installation, perform the following steps:
INSTALL_DIR/ext/lib
directory (or the ext/lib
directory in an API Gateway instance). These patches have already been included in this service
pack. You do not need to copy patches from a previous version.
apigateway
directory
in your existing installation directory. For example:
tar -xzvf APIGateway_7.4.0_SP2_Core_linux-x86-64_BNYYYYMMDDn.tar.gz -C
/opt/Axway-7.4.0/apigateway/
Note
ls -l INSTALL_DIR/apigateway/posix/bin
command to view the owner of
the binaries.
To install the service pack on your existing API Gateway Analytics 7.4.0 installation, perform the following steps:
INSTALL_DIR/ext/lib
directory (or the ext/lib
directory in an API Gateway Analytics instance). These patches have already been included in this service
pack. You do not need to copy patches from a previous version.
analytics
directory within your existing API Gateway 7.4.0 installation directory. For example:
tar -xzvf APIGateway_7.4.0_SP2_Analytics_linux-x86-64_BNYYYYMMDDn.tar.gz -C
/opt/Axway-7.4.0/analytics/
Note
ls -l INSTALL_DIR/analytics/posix/bin
command to view the owner of
the binaries.
To install the service pack on your existing Policy Studio installation, perform the following steps:
INSTALL_DIR/policystudio
directory.policystudio
directory within your existing API Gateway 7.4.0 installation directory. For example:
tar -xzvf APIGateway_7.4.0_SP2_PolicyStudio_linux-x86-64_BNYYYYMMDDn.tar.gz -C
/opt/Axway-7.4.0/policystudio/
Note
policystudio -clean
.To install the service pack on your existing Configuration Studio installation, perform the following steps:
INSTALL_DIR/configurationstudio
directory.configurationstudio
directory within your existing API Gateway 7.4.0 installation directory. For example:
tar -xzvf APIGateway_7.4.0_SP2_ConfigurationStudio_linux-x86-64_BNYYYYMMDDn.tar.gz -C
/opt/Axway-7.4.0/configurationstudio/
Note
configurationstudio -clean
.To allow an unprivileged user to run the API Gateway on a Linux system, perform the following steps:
INSTALL_DIR/system/conf/jvm.xml
file.
<VMArg
name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/amd64/server:
$VDISTDIR/$DISTRIBUTION/jre/lib/amd64:$VDISTDIR/$DISTRIBUTION/lib/engines:
$VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:
$VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>
<VMArg
name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/i386/server:
$VDISTDIR/$DISTRIBUTION/jre/lib/i386:$VDISTDIR/$DISTRIBUTION/lib/engines:
$VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:
$VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>
setcap 'cap_net_bind_service=+ep'
INSTALL_DIR/platform/bin/vshell
to allow the API Gateway to listen on privileged ports.
Note
Go to Axway Sphere at https://support.axway.com to find all documentation for this product version.
For information about how API Gateway is used in Axway 5 Suite, refer to:
All Axway documentation is available from Axway Sphere at https://support.axway.com.
The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements.
Email support@axway.com or visit Axway Sphere at https://support.axway.com.
Copyright © 2015 Axway. All rights reserved