Fixes
Explore the fixes for webMethods.io API Gateway 10.15.
Release 10.15 Fix 11
No subtopics in thissection
This section provides information about webMethods.io API Gateway 10.15 Fix 11 released in November 2023.
| Issue ID | Description |
|---|---|
| YAI-30191 | The issue arises when updating the application's strategy. When the client ID of a strategy for an application is updated, the new value is not utilized for token validation. This issue is resolved.The updated client ID in the strategy is used for token validation. |
| YAI-30431 | Warning messages Could not find a policy info logged unexpectedly. The following warnings are logged in API Gateway server.log: [YAI.0204.0005W] (...) Could not find a policy info for this key in the CCC cache. This happens when you define scopes for APIs and define Traffic Monitor policies for theses scopes. The warning messages are logged when you use resources of the API, where these scopes are not defined. This issue is resolved. |
| YAI-30459 | For REST enabled SOAP APIs, send native provider fault is not honored. In REST-enabled SOAP APIs, when an error condition policy is enforced with the
send native provider fault flag set, the native error response is not being passed on to the client as expected. This issue is resolved. The native service error response is now propagated properly to the client. |
| YAI-30578 | vendorExtensions parameter is absent when saving the API in the API Gateway UI. In specific scenarios, the API Gateway deletes the stored vendor-specific parameters that were initially supplied during the import or update of a Swagger (YAML) file. The issue is resolved. |
| YAI-30008 | Developer Portal is not displaying the complete list of authorization and get access token endpoints. In the context of local authorization servers, the access token and authorization code endpoints are constructed using the endpoints published in Developer Portal. For external authorization servers, the configured authorization and access token URLs are displayed in Developer Portal. This issue is resolved. |
| YAI-30637 | The response of a SOAP API, when enforced with a load balancer policy, contains multiple SOAP envelopes. When a SOAP API is subjected to a load balancer policy in the routing stage, and if all the endpoints fail, the response sent to the client includes multiple SOAP envelopes. This issue is resolved. |
| YAI-29958 | The combination of multiple throttling policies does not function as expected. This issue is resolved. |
| YAIC-5422 | When the wsdl contains multiple different bindings, but same endpoints, then not all bindings with their operations are considered. This issue is resolved. |
| YAIC-5500 | HTTP requests with empty bodies should not include the Content-Type header. The API Gateway automatically includes a default
Content-Type header in POST requests with empty bodies when sending the request to the native service. This issue is resolved. |
| YAIC-5450 | API creation for the graphQL type should throw an error if it has custom scalar data types. This issue is resolved. |
| YAI-30283 | When accessing Custom Dashboard on API, an error message appears as HTTP Status 404 The requested resource [/apigatewayui/null] is not
available. The issue is due to the hash(#) originating from Elasticsearch and Kibana, which is a known issue. This issue is resolved. |
| WF-29251 | API Control Plane agent configuration using API Gateway UI. API Gateway provides the capability to connect to API Control Plane through API Gateway UI and REST APIs. Connecting API Gateway to API Control Plane enables you to control, monitor, and manage the performance of API Gateway effectively through API Control Plane. It is essential to configure API Control Plane agent within API Gateway to establish a communication channel with API Control Plane. The agent is responsible for establishing and maintaining communication with API Control Plane. |
Release 10.15 Fix 10
No subtopics in thissection
This section provides information about webMethods.io API Gateway 10.15 Fix 10 released in October 2023.
| Issue ID | Description |
|---|---|
| YAI-30264 | In API, when you enable or disable the tracer, the action is not logged in the Audit log to check which user has made changes. This issue is resolved |
| YAI-29649 | There is an inconsistency in analytics API Provider time. In Analytics, SOAP API calls that have read timeouts are displaying the provider
time as 0. This issue is resolved. |
| YAI-29961 | The system does not clear expired OAuth2 tokens from the cache. The API /invoke/pub.oauth:removeExpiredAccessTokens removes the OAuth2 token from the data store but does not remove the tokens from the local cache. This issue is resolved. |
| YAI-30362 | In the scope mapping page, the authentication server name was not displayed completely. This issue is resolved. As part of the fix, the user interface has been changed and the full name of the server is visible. |
| YAI-29178 | Schema validation does not validate the values in request/response. When you have enabled the schema validation and if the request/response schema has an enumeration of type integer, then the system only checks whether the type matches. It does not check whether the values in the request/response are one of the possible values of enumeration. This issue is resolved. |
| YAI-30251 | The OpenAPI JSON file generated for an API by API Gateway includes example fields with null values. This issue is resolved. |
| YAI-29862 | The SOAP version specified in the transport policy, that is Enable HTTP/HTTPS is not verified. Irrespective of the SOAP version 1.1 or 1.2 that is included in the request, API Gateway accepts both the versions although only one SOAP version is specified in the transport policy. This issue is resolved. A new attribute SOAP version validation enabled is introduced. The request with specified SOAP version is only accepted by API Gateway when the attribute SOAP version validation enabled is selected. The non-selected protocol is rejected with an error. If this attribute is not selected, API Gateway accepts both the SOAP versions. |
| YAI-29897 | Strategy created in one node is not deployed to other nodes in a Cross DC setup. When creating a strategy for an application in one node in a Cross
DC setup, this strategy is not deployed to the other nodes in the Cross DC setup. The issue is resolved. |
| YAI-29702 | When you enable tracing in the tracer, the response body in Response sent to client displays the native service response even though the
Send native provider fault is disabled, which is incorrect. The actual response sent to the client is the default error message from API Gateway. This issue is resolved. |
| YAI-29706 | Keystore initialization interrupted during startup if one keystore fails. When starting API Gateway during keystore initialization, if a
particular keystore initialization fails, the process is interrupted and all other keystores are not initialized. This issue is resolved. |
| YAIC-5442 | Error in assigning schema while creating an API. When creating an API, the schema's example is erroneously assigned to the default field instead of the intended example field. This issue is resolved. |
| YAI-30002 | Accessing APIs without specifying a version returns inconsistent information. When you send a request without specifying a version to call a WSDL
of an API, which has multiple versions, it is observed that the request retrieves WSDL of different API versions. This behavior is sometimes observed after API Gateway is restarted. This issue is resolved. Now, when you use the WSDL request without specifying a version, the request only retrieves the WSDL of the fixed version of the API, for example the latest version. |
| YAI-29661 | API Gateway throws an error while validating OAuth2 token for an external authorization server. API Gateway throws an error in the runtime when it enforces an API with an OAuth2 policy, where the external authorization server validates the OAuth2 token, and the client sends an OAuth2 token of type JWE. This issue is resolved. |
| YAI-29811 | Incorrect status set for transaction event. When an API has load balancer routing configured and the native service throws an error, it sets the status as success instead of failure. This issue is resolved. |
| YAI-29816 | Monitor events for throttled request logs incorrect status code. When an API applies a throttle policy, the monitor events generated for
throttled requests log 200 status code instead of 429. This issue is resolved. |
| YAI-29900 | Two new extended settings are introduced to set the non pre-emptive header response. For APIs enforced with Basic and OAuth2 authentication the
security realm can be set using the extended setting securityRealmForBasicBearerAuth The default value for this setting is Integration Server Example: securityRealmForBasicBearerAuth = testRealm The http header response is WWW-Authenticate = Basic Realm = testRealm For APIs enforced with APIKey authentication the security realm can be set using the extended setting securityRealmForAPIKeyAuth The default value for this setting is APIGateway Example: securityRealmAPIKey = testAPIKeyRealm The http header response is WWW-Authenticate = Basic Realm = testAPIKeyRealm This issue is resolved. |
| YAI-29912 | Outbound proxy passwords are corrupted. The passwords of outbound proxies are found to be corrupted after installation of API Gateway 10. 11 fix 20. All outbound communication through the proxy fails. While API Gateway is up and running it is possible to correct the password from the administration UI. However, after the next restart of API Gateway the password is again corrupted. The corrupted password sent to the outbound proxy has the value ********************************. This issue is resolved. |
| YAI-29516 | Vulnerable third party component Graphql being used. CVE-2023-28867 The issue is resolved. |
| YAM-1692 | OAuth2 authentication fails while invoking an API through Microgateway. When you start Microgateway with API names specified, the Gateway
Scope dependencies are not exported correctly from the respective API Gateway. This causes OAauth2 authentication failure during API invocation. This issue is resolved. |
| YAI-29804 | SOAP request with ill formed request XML fails with 200 transaction event. When a SOAP request with ill formed XML with disabled SOAP validation in
IS creates a 200 success Transaction event against error event. This issue is resolved. |
| YAIC-5392 | API Gateway tenant landing page controls are overlapping on the right side of the top blue ribbon. This issue is resolved. |
| YAI-28886 | External configurations sometimes caused duplicate entries to be created. This issue is resolved. |
| YAI-29665 | A POST request to export gateway scopes fails when the scope name contains a hyphen (-). When you use a POST REST API to export gateway scopes and if the scope name contains a hyphen (-), the request fails. This issue is resolved. Now, when you use the POST method to export gateway scopes, hyphens are supported in the scope name. |
| YAI-29929 | API Gateway logs display JsonMappingException error. When working with larger json files, API Gateway log files display errors such as JsonMappingException: String length (20054016) exceeds the maximum length (20000000). This issue is resolved. In API Gateway, the maximum string length for json is now increased to 2,147,483,64 and the watt property watt.server.json.decode.maxStringLength is set to this maximum value at startup. |
| YAI-29948 | Vulnerable third party component Guava being used. CVE-2023-2976 This issue is resolved. |
| YAI-29981 | Invoking an API with an endpoint fails. After migrating an API, API invocation with the endpoint fails as the port/binding part of the endpoint is not recognized for http/https suffixes. This issue is resolved. |
| YAI-29979 | External authorization server configuration enhancements included. With this enhancement, the discovery URL of the external authorization server persists and is visible in the API Gateway UI after clicking the Add button. This issue is resolved. |
| YAI-30011 | The externalized configurations fail to update the corresponding settings in API Gateway. Following a successful Elasticsearch connection, certain externalized configurations fail to update the corresponding settings within API Gateway. This issue is resolved. |
| YAI-29633 | API Gateway does not support tags for GraphQL APIs. The UI of the GraphQL APIs still includes the redundant tags input field in edit mode. This issue is resolved. |
Release 10.15 Fix 8
No subtopics in thissection
This section provides information about webMethods.io API Gateway 10.15 Fix 8 released in August 2023.
| Issue ID | Description |
|---|---|
| YAI-29220 | Resource path is inaccurate when the API is invoked without an API version. If you invoke an API without including the API version in the endpoint, the resource path in the transaction metric
does not include a forwarding slash. This issue is resolved. |
| YAI-29186 | Delay in displaying the list of APIs associated with an application. If an application is associated with a large number of APIs, then the Application details page takes a long time to list the
APIs. This issue is resolved. |
| YAI-29202 | API Gateway login with LDAP credentials is not working. When API Gateway is deployed in a Kubernetes environment, LDAP users are unable to login. This issue is resolved. |
| YAI-28969 | Importing a SOAP API with an application as its dependency does not update the application's APIs section correctly. Only the imported API is displayed in the application's APIs section.
This issue is resolved. |
| YAI-29378 | The native service does not receive the authorization header. The incoming authorization header is not forwarded to the native service if APIGateway is enforced with OAuth and JWT authentication, and the Outbound Auth - Transport policy is enforced with JWT as the authentication scheme and Incoming Json web token as the authentication mode in the routing stage. This issue is resolved. |
| YAI-29391 | Scopes are not added to the external server while importing. The scopes configured for the external authorization server are not added when importing the OAuth/OpenID scopes, and an error is thrown. This issue is resolved. |
| YAI-29433 | The Invoke webMethods IS policy pipeline does not pass the custom field added to the transaction events. The custom field added to the transaction events is not passed in the pipeline when invoking the IS service in the runtime request for an API that is enforced with the Invoke webMethods IS policy. This issue is resolved. |
| YAI-29487 | Unable to set XML payload in Invoke webMethods IS policy for REST enabled SOAP APIs. When a client sends a REST request for a REST enabled SOAP API and an XML payload is specified in the Invoke webMethods IS policy, the transformed payload is not sent to the native API. This issue is resolved. |
| YAI-29666 | In API Gateway UI, the Show more... button at the Promotion screen does not work when there are 20 or more applications. This issue is resolved. |
| YAI-29792 | Native provider fault management does not work as expected with API Gateway and Microgateway. If the sendNativeProviderFault property is set to true in API Gateway, all APIcalls must respond with the native service error text in an error situation. Also, if an API is configured with a Conditional Error Processing Policy that uses the setting Send Native Provider Fault Message, the API must always respond with the native service error text in an error situation. When using API Gateway with Microgateway wherein API Gateway endpoint calls are routed to Microgateway, in an error situation, the native provider fault does not work as expected. This behavior is not observed in all situations This issue is resolved. |
| YAI-29176 | Unable to specify a value range when using the search API. When you use the search API, and if you specify 10000 or a value above 10000 in the from parameter in your request body then an error message appears. This issue is resolved. |
| YAI-29234 | Unable to edit API policies. The An error occurred while loading policy information. error message appears when you edit an API policy. This issue is resolved. |
| YAI-29467 | API Gateway does not properly close the streamed connection to native service. The native streaming connection remains open when the client abruptly closes or disconnects during client response streaming. This issue is resolved. |
| YAI-29346 | The search API call does not provide a custom error message. If the invoking client intentionally does not provide a valid API Gateway asset type, the error message displays all valid API gateway asset types. This issue is resolved.The message is altered to indicate that the types are incorrect and will not show the other asset type. |
| YAI-29847 | The global policy Transaction logging gets deactivated after a restart. Even after manual activation, API Gateway deactivates the system global policy Transaction logging upon
restart. This issue is resolved. |
YAI-27850 | API Gateway encounters the following issues: 1.Inconsistencies with case-insensitive header keys in mocking conditions 2.The XML mocking returns all the nested text content instead of the expected XML node, causing incorrect responses. 3.The UI does not allow referencing the entire request body as a mock response, when it is not enclosed within XML tags. 4.New lines are not removed during XML to JSON transformation, potentially impacting the formatting and readability of the JSON response. This issue is resolved.The following changes have been incorporated: 1. Header keys are made case-insensitive. 2.For XML mocking, entire XML node is returned instead of only returning the text content of the node. If the Xpath refers to the ultimate text node, then the text content is resturned. 3.The UI now enables referencing the request body even if it is not enclosed within XML tags, allowing the entire request body to be sent as the mock response. 4. During the transformation from XML to JSON, the new lines are stripped from the text content to ensure a valid JSON response. |
YAI-29109 | Updating an APIfied API does not add the base path to the native API. When you try to update an APIfied API, the base path in the swagger or OpenAPI input file was ignored by the request to the
native service in Kubernetes. Therefore, the base path is not appearing in the endpoint of the native API in Kubernetes. This issue is resolved. |
YAIC-5186 | Unable to set Trigger policy violation event on missing authorization header to True for Oauth identification type in API Gateway UI. This issue is resolved. |
YAI-29591 | The generated sample payload is incorrect for REST enabled SOAP APIs. REST enabled SOAP APIs generate junk characters in the sample payload. This issue is resolved.The fix applies to newly created APIs. For the existing APIs, the customer must create the API again. |
Release 10.15 Fix 7
No subtopics in thissection
This section provides information about webMethods.io API Gateway 10.15 Fix 7 released in July 2023.
| Issue ID | Description |
|---|---|
| YAI-29194 | On startup, API Gateway throws an error in the health gauge with an error Unauthorized to the Kibana, with secured Elasticsearch and Kibana via
X-Pack libraries. This issue is resolved. As part of the fix user credential has been passed to API. |
| YAI-29113 | Old Client ID and Client secret still valid in cluster node after refresh. After refreshing the OAuth2 strategy for an application on one cluster node, the Client ID and Client secret are regenerated. But the old Client ID and Client secret are still valid on the other cluster nodes and can be used to create a new valid access token. Existing access tokens are also still valid in the other cluster nodes. This issue is resolved. |
| KUB-23729 | Error message and response code when you access a non-existent default domain tenant is changed from 401 unauthorized to 502 Bad Gateway. The error message and response code are modified as follows:
|
| YAI-29334 | SOAP API activation dialog box does not accommodate long custom endpoints. If you have defined long custom endpoints for SOAP API and when you try to
activate it, the activation dialog box displays only half of the endpoint. This issue is resolved by accommodating long endpoints within the activation dialog box. |
| YAI-28591 | API Gateway does not validate the length of the keyword provided in the search query. When you provide a long keyword to the API Management search service, API Gateway executes the query without validating the length of the keyword hence,bringind down the Elastic search. This issue is resolved. |
| YAI-29192 | Analytics does not appear properly for response payloads when retrieved from cache memory. When you enforce Service Result Cache policy on an API, and if you invoke the API more than once, then API Gateway retrieves the response from the cache memory for the second invocation onwards. In such case, the API analytics for the responses retrieved from cache does not appear properly. This issue is resolved. |
| YAI-28624 | Unable to migrate API Gateway from 10.3 to 10.15 without an intermediate version. This issue is resolved. |
| YAI-28747 | Unable to access the input request SOAP API header in the conditional error processing policy. When you invoke a SOAP API that is enforced with the Conditional error processing policy and if returns the Unauthorized or Transport protocol not supported error message, then the input header's SOAP request becomes unavailable for the variable framework and Integration Server service. This issue is resolved. |
| YAIC-5193 | The API result cache is not working as expected in API Gateway. The native API is called even when the API result cache is enabled. This issue is resolved. |
| YAI-29171 | The request transformation to XML has an improper namespace when you send a JSON-formatted request payload in a REST call. This issue is resolved. |
| YAIC-5058 | System Context Variables ${gatewayHostname} is removed and not supported for Cloud API Gateway. This issue is resolved. |
| YAI-28295 | When the Cross DC status is False-Green or Yellow, so when a node is unreachable but still part of the ring, all attempted
operations on assets,whose primary node is the unreachable node fail. The False-Green status denotes a scenario where a node becomes unreachable while the other nodes continue to display a Green status because they are unaware. Once the remaining nodes become aware of the unreachable node, the status is changed to 'Yellow'. This issue is resolved. |
Release 10.15 Fix 6
No subtopics in thissection
This section provides information about webMethods.io API Gateway 10.15 Fix 6 released in June 2023.
| Issue ID | Description |
|---|---|
| YAI-29026 | Migration from 10.5 to 10.15 fails due to issue in some of the APIs. The migrations handler failed to update the referencedfiles field for few APIs, leaving double dot(.) in the key. This causes the migration to fail. This issue is resolved. |
| YAI-28761 | Incorrect Response transformation for a JSON string. When you apply the response transformation policy on a response payload having JSON string field, the transformation parses the string to JSON. This issue is resolved. |
| YAI-28489 | When a Job ID is created by Restore, a status message is stuck as In Progress even after a job is complete. The issue is resolved. As part of the fix, the restore status message is updated. |
| YAI-29146 | The older version of the Lodash jar was in use with Vulnerability. This issue is resolved, as part of the fix third-party older version Lodash jars are updated to a higher version. |
| YAI-28380 | If you generate a sample JSON input of a REST-enabled SOAP service for an array element, then a string type element is generated instead of an array
element. This issue is resolved. |
| YAI-28649 | Security vulnerability identified in third party component, snakeyaml-1.33.0.jar. To enhance the security, the third party component, snakeyaml-1.33.0.jar is upgraded to a safer version. This issue is resolved. |
| YAI-28822 | Security vulnerability identified in third party components. To enhance the security, the following third party components,spring-web-5.3.23.jar,
spring-tx-5.3.23.jar, and spring-core-5.3.23.jar are upgraded to a safer version. This issue is resolved. |
| YAI-28872 | Applications are not created for the requests received from Developer Portal. If you configure API Gateway with an external authorization server with disabled dynamic client registration, then API Gateway does not create applications for the requests received from Developer Portal. This issue is resolved. |
| YAI-28903 | Performance issues observed when changing global polices for many APIs. When activating, deactivating or updating a global policy that affects a large number of Soap APIs, these operations can take a long time. This issue is resolved by improving the performance. |
| YAI-29034 | Custom variables are not being assigned in runtime during API invocation for an API that has a custom extension policy that is enforced during the
error handling phase. This issue is resolved. |
| YAI-29136 | Old UI HTTP or HTTPS port configuration file is used even though the port configuration is updated. When copying an existing UI port configuration file located in the directory Installation_Dir\profiles\IS_default\configuration\com.softwareag.platform. config.propsloader to a backup file name, that begins with the filename com.softwareag.catalina.connector.http.pid- or com.softwareag.catalina.connector.https.pid- and for example ends with .backup, it is possible that an incorrect file is used instead of the expected UI port configuraiton file. This issue is resolved. The UI port configuration file now is selected based on the file name beginning with com.softwareag.catalina.connector.http.pid- or com.softwareag.catalina.connector.https.pid- and ends with .properties |
| YAI-28986 | Usage of the same custom variable more than once in a gateway endpoint is not working as expected.. This issue is resolved. |
| YAI-28799 | Unable to invoke mocked API from API mash-up. When the endpoint URI (in the routing policy -> Straight Through Routing) of a mocked API does not have the protocol information, and if you use that API in a mash-up, then the API cannot be invoked. This issue is resolved. |
| YAI-28481 | Elasticsearch performance is degrading when the TPS of API Gateway increases. The persistence of events one by one to Elasticsearch causes exceeded
queuelimit. Due to this, the TPS of API Gateway and Elasticsearch is expected to be the same. If not, Elasticsearch will not be able to process the events will exceed the queue limit. This issue is resolved. |
| YAI-28294 | API Gateway does not support backward compatibility for version 10.15. V1015 REST APIs in API Gateway is exposed to support backward compatibility.
This issue is resolved. |
| YAI-28701 | The apigatewayUtil export platformConfiguration command does not include the analytics data store configuration. The issue is resolved. The analytics data store configuration details are included in the apigatewayUtil export platformConfiguration command's output. |
| YAI-28770 | The library commons-net-3.3.0 is updated to the safer version commons-net-3.9.0. The issue is resolved. |
| YAI-28915 | While importing an archive, the AWS configuration is imported wrongly when the master password is changed. When importing an archive with an AWS configuration with the archive created with a different master password then the one used in the current API Gateway installation, the AWS configuration gets imported with an error. All APIs that use the AWS configuration fail to import with the following exception: IllegalArgumentException: Access key cannot be null. This issue is resolved. AWS configurations are no longer imported if the master password does not match. |
| YAI-28954 | API Gateway health endpoint returns yellow status intermittently. When multiple health endpoint calls are made in parallel the returned status can be yellow. At the same time, the diskspace, memory, and servicethread fields are empty. This issue is resolved. |
| YAI-29277 | Security vulnerability identified in third party packages. To enhance the security, the following third party packages are removed:WmAPIGateway/cli/lib/spring-web-5.3.23.jar, WmAPIGateway/code/jars/static/json-20211205.0.0.jar. This issue is resolved. |
| YAI-28664 | Soap APIs respond with misleading error text when you use a transport policy to restrict the protocol. When you use the transport policy to restrict the protocol to either HTTP only or HTTPS only, Soap APIs respond with the error message This issue is resolved. Soap APIs now respond with an appropriate response text Transport protocol not supported. |
| YAI-29150 | API Gateway starts partially with a JsonMappingException error. API Gateway startup fails, and the server.log contains a JsonMappingException String length (5046272) exceeds the maximum length (5000000). This issue is resolved. To avoid the JsonMappingException configure API Gateway with a larger value forthe JSON maximum string length. To achieve this, set the jsonMaxStringLength Java system property in the If a similar error occurs as follows, The incoming YAML document exceeds thelimit: 3145728 code points, then you must configure the YAML code point limitwith the yamlCodepointLimit Java system property or environment variable, in the same way as described above.. |
| YAI-28757 | JNM and JNDI are assigned with the same ID to multiple checkboxes. Due to duplicates Id's, selecting and exporting JNDI and JNM alias with the same
ID was not possible. The issue is fixed. As part of the fix, random numeric unique Id's is added as reference for checkboxes. |
| YAIC-5035 | In Analytics, when adding a filter for apiName and applicationName, their respective values drop-down list is not displayed. This issue is resolved. Both apiName and applicationName now appear in the drop-down list. |
| YAI-29628 | When the Tracer gets enabled at the API level, these Tracer indices data is loaded in the cache after every two hours of a startup, due to which
API Gateway memory spikes every two hours(cache auto-scaling duration). This issue is resolved. Tracer indices do not get loaded in the cache. |
| YAIC-5111 | The UI freezes sporadically when updating the local authorization server. The issue is resolved. |
Release 10.15 Fix 5
No subtopics in thissection
This section provides information about webMethods.io API Gateway 10.15 Fix 5 released in May 2023.
| Issue ID | Description |
|---|---|
| YAI-28358 | API Mocking with condition to check integer field returns empty response. When the integer data in the API request body is matched with mocking condition,the response payload is empty. Elasticsearch destination. This issue is resolved. |
| YAI-28611 | Callback URLs in the request payload not replaced when sending to native API.
If there are more than one callback URLs in a request payload received from a client, API Gateway replaces only the first URL with its own URL when sending the request to the native API. This issue is resolved. |
| YAI-28767 | Performance issues observed when invoking APIs. When monitoring API Gateway on high load scenarios, the runtime invocations end up failing with time out exceptions. This issue is resolved. |
| YAI-28820 | When a Job ID is created by Restore, a status message is stuck as In Progress even after a job is complete. As part of the fix, the restore status message is updated. This issue is resolved. |
| YAI-27883 | When you promote an API, you are unable to promote the application registrations of the API without promoting the applications to the target stage.
When promoting an API, select the Include application registrations checkbox in the Promotions tab of the Promotion management page to include application registrations. This issue is resolved. |
| YAI-28506 | Unable to create a Stage for a https URL. In the Promotion management page, unable to create a Stage for a https URL without entering the keystore alias and key alias. This issue is resolved. |
| YAI-28511 | Unable to search multiple times for the same type in the Promotion management UI while retaining the selected results. When you click the
search button after selecting at least one asset, no additional search results are displayed. You can search multiple times while retaining the previous results. The issue is resolved. |
| YAI-28633 | Use Schema to transform XML to JSON property configuration is not honored. When you invoke REST-enabled APIs with the Use Schema to transform XML to JSON property checked, the response payload for an array type sent to the client returns a string. This issue is resolved |
| YAI-28387 | The internal API, exchangeidtoken, does not work as expected. When you invoke the internal API, exchangeidtoken with JWT as a bearer token, then the access token is not sent to the client. This issue is resolved. |
| YAI-28707 | API Gateway generates Transactional event with negative total time and publishes that event to the JDBC destination resulting in the Arithmetic
overflow exception. This issue is resolved. |
| YAI-28735 | Performance issue after migration. After you migrate from API Gateway 10.3 to 10.11, a performance issue is encountered if you invoke the /gateway/security/exchangeIDToken endpoint. This issue is resolved. |
| YAI-28715 | API details page does not display as expected after migration from 10.3 to 10.11. When you migrate from 10.3 to 10.11, the API details page does not appear as expected, as a null value is set instead of the default values for the fields in the REST transformation section of API details page that are added post 10.3 release. This issue is resolved. |
| YAI-28203 | API specification validation fails during API invocation. During API invocation, the schema validation fails for the referenced query parameter as the query parameter in the request is invalid. This issue is resolved. |
| YAI-28669 | The Validate API Specification policy does not display the HTTP header name in the error message. This issue is resolved. |
| YAI-28719 | Unable to invoke mocked API from API mash-up. When the endpoint URI (in the routing policy -> Straight Through Routing) of a mocked API does not have the protocol information, and if you use that API in a mash-up, then the API cannot be invoked. This issue is resolved. |
| YAI-28481 | Archive job status is displayed incorrectly in a cluster environment. When you try to archive the transactional event type in a cluster environment, the status of the archive job under Job listing table in Administration > Manage Data > Archive and Purge shows incorrectly. This issue is resolved. |
| YAI-28858 | The API details page does not display the Gateway endpoint URL of APIs. After running the restore action, the API details page does not display the Gateway endpoint details of the APIs when the total API size exceeds 100 MB. This issue is resolved. |
| YAI-28496 | The exported platform configuration contains invalid keys. When running the apigatewayUtil script in the The issue is resolved. |
| YAI-28423 | An enhancement to validate JWT tokens with clock skew. When you validate the expiry claim and not before claim of JWT tokens, there is
a slight time difference between API Gateway and the external authorization server. In such cases, API Gateway does not authorize JWT tokens.
A clockskew value can be set at the global level using pg_JWT_clock_skew_seconds extended setting can be used.The clockskew value in can also be set in the external authorization configuration. For more information refer the documentation. |
| YAI-28585 | Importing a WSDL fails. Creating a new API from a WSDL in the API Gateway UI fails with the error message Unable to create an API because of an invalid input wsdl file. Reason: Error while analysing schemas to be imported: error: src-resolve: type This issue is resolved. |
| YAI-28777 | Externalized configuration for AuthServer fails. An externalized configuration with an alias for an external authorization server is not accepted. The server.log contains the error message [YAI.0013.9999E] Exception :Error loading configuration from YAML file source. Reason: java.lang.NullPointerException. This issue is resolved. |
| YAI-27874 | Ports API documentation swagger file is incorrect. The Ports API documentation swagger file APIGatewayPortManagement.json is incorrect for the requests of /ports/{listenerKey}/accessMode and /ports/{listenerKey}/ipAccessMode for POST and PUT methods. This issue is resolved. The swagger documentation as well as the respective product documentation is updated. |
| YAIC-4896 | In external Elasticsearch and custom destination, sessionID information is missing in the error events and policy violation events. This issue is resolved.sessionID is added to error and policy violation events in the custom and external Elasticsearch destination. |
| YAIC-4900 | The Trace API page lists 20 Runtime events per page as per the design. When you choose Select all, 20 events that are listed on that
particular page are selected and exported. To avoid misconception, the select all check box is renamed as Select all per page for clarity and the functionality remains the same. |
Release 10.15 Fix 4
No subtopics in thissection
This section provides information about webMethods.io API Gateway 10.15 Fix 4 released in April 2023.
| Issue ID | Description |
|---|---|
| YAI-28521 | sourceGatewayNode information is missing in the error events and policy violation events in external Elasticsearch destination.
sourceGatewayNode field is empty and the information is missing in the policyViolationEvent and errorEvent in the custom external Elasticsearch destination. |
| YAI-28351 | When you invoke a mocked API with no mocking condition and no default response,
one of the available response code with an empty response is returned.
This issue is resolved. The available response body is returned. |
| YAIC-4875 | Request payload without a callback attribute fails to execute. A failure occurs during invocation when an API that expects a callback condition in the request payload is called without an attribute. This issue is resolved. |
| YAIC-28309 | When a large number of parallel requests are sent to a SOAP API, an error message Error in the API Gateway outbound client. null is sporadically sent to the client. This issue is resolved. |
| YAI-28411 | API zip file includes the native WS policy. In contrast to the WSDL loaded in the browser with the API Gateway endpoint, the WSDL packed in the API zip file contains the native WS policy incorrectly. This issue is resolved. |
| YAI-28175 | Security concern in the API response to the client. This issue is resolved. |
| YAI-28236 | Updating aliases in a cluster environment leads to a memory spike. After updating aliases, which are used in many APIs, in a cluster environment, a fast growing memory usage is observed. The heap memory usage grows because of the number of notifications in the queue. This issue is resolved. |
| YAI-28241 | Publishing an API associated with an application from API Gateway to Developer Portal fails when the owner name of the application is replaced with UUID of a Portal user. For an API associated with an application created on API Gateway, when you change the owner name of an application with UUID of a portal user and publish, the API is published along with the application in API Portal. Whereas, only the API is published in the Developer Portal. This issue is resolved. |
| YAI-28339 | Vulnerable third party components okhttp, freemarker, and rhino being used. This issue is resolved.These are now replaced with newer versions. |
| YAI-28366 | Clicking the AppMesh tab logs out users with insufficient privileges. A user without the functional privilege Manage general administration configurations is still able to see the AppMesh tab in the API Gateway UI.Clicking the AppMesh tab logs out the user from API Gateway UI. A user without the Manage general administration configurations privilege does not see the AppMesh tab. This issue is resolved. |
| YAI-28434 | Transactional events contain wrong applicationIp field. When API Gateway is used as a proxy to route requests to Microgateway the applicationIp field of the transactional events produced by Microgateway contains the IP address of the API Gateway, instead of the actual client IP address. This issue is resolved. |
| YAI-28527 | Loading invalid truststore results in a a null pointer exception. When trying to load an invalid truststore the following null pointer exception message is logged in some cases: Exception occured : TrustStoreInitializer null java.lang.NullPointerException: null This issue is resolved. |
| YAIC-4747 | API Gateway cloud tenant id does not appear in the title or subject of the e-mail. The e-mail alerts that you receive for the activities in API Gateway cloud environment does not have the API Gateway Cloud tenant ID. This issue is resolved. |
| YAI-28224 | Incorrect JSON schema validation during API Invocation. When a request payload has nested level properties, and if the additionalProperties is set to false, then the JSON Schema validation does not identify the incorrect additional properties. This issue is resolved. |
| YAI-28408 | AppMesh deployment ends with an error message. Each AppMesh deployment ends with an error message as the update of Kubernetes service fails. This issue is resolved. |
| YAI-28153 | The kibana dashboard UI is not working when the elastic search is secured with X-Pack This issue is resolved. |
| YAI-27893 | Exceptions appear in the server.log file while creating diagnostic data. While creating diagnostic data, the following error appears in the server.log file: Initialization of Java Service apigateway.cloud.fixManagement: putSchedule failed due to error: com.wm.app.b2b.server.ServiceSetupException:[ISS.0026.9106] No method putSchedule in class apigateway.cloud.fixManagement. This issue is resolved. |
| YAI-28004 | API Gateway uses a version of GraphQL-Java, which is found to be vulnerable to attacks. This issue is resolved. The GraphQL-Java is upgraded to version, 19.3.0. |
| YAIC-4894 | Payload transformation is not working as expected. A payload transformation policy is enforced for an REST API in the request processing stage.In the runtime request the client is sending an empty body, the payload transformation policy in the request processing stage is not executed and the payload is not set. The issue is resolved. |
| YAI-28492 | Use Schema to transform XML to JSON property is not honored. For REST enabled services , when Use Schema to transform XML to JSON property is not checked the response to the client still has JSON array. This issue is resolved. |
| YAIC-4294 | Execution of custom extention policy occurs multiple times when invocation fails. When an invocation fails, API Gateway repeatedly runs the custom extension policy, even if no custom extensions were configured at the Error processing stage. This issue is resolved. |
Release 10.15 Fix 3
No subtopics in thissection
This section provides information about webMethods.io API Gateway 10.15 Fix 3 released in March 2023.
| Issue ID | Description |
|---|---|
| YAI-27941 | Invocations of a SOAP API enforced with Validate API Specification policy fails with error message. When multiple parallel invocations occur for a SOAP API enforced with Validate API Specification policy, an error message is seen. This issue is resolved. |
| YAI-28059 | Unable to load the API details page due to cache issue. The API details page in the API Gateway UI does not load, as the required API details are not available in cache. This issue is resolved. |
| YAI-28214 | wsimport command fails with an exception. An XSD request sent to API Gateway could not find the correct service name because the request did not have the correct URL alias. This issue is resolved. |
| YAIC-4786 | Error when validating the JSON Web Token (JWT). The error message Comparison method violates its general contract! appears sporadically when validating JWT for an external authorization server. This issue is resolved. |
| YAI-27101 | Incorrect API creation. An incorrect API is created if you do not provide any value in the Parameters field of the Callbacks section when creating an OpenAPI. This issue is resolved. |
| YAI-27807 | Incorrect error message in Response schema validation. When there is failure in Validate API Specification in the response stage, the error message sent to the client is specified as request instead of response. This issue is resolved. |
| YAI-27844 | API Gateway sets HTTP 200 response code for Connection Timeout and Connection Reset errors. It is observed that for Connection Timeout and Connection Reset errors, API Gateway sets the response code as HTTP 200. This issue is resolved. API Gateway now sets the response code to 500 for these scenarios. |
| YAI-27963 | Vulnerable third Party Component, aws-java-sdk-s3 is used. This issue is resolved. |
| YAI-27968 | Throttling policy is incorrectly enforced when an API is updated. When updating a throttling policy for an API or a global policy while the API is invoked simultaneously by multiple clients, it is observed that the requests unexpectedly respond with an HTTP status 429 for a short period of time. This issue is resolved. |
| YAI-27972 | Unable to create API from URL. Unable to create API from URL as the import of a swagger or OpenAPI file using the URL might fail under certain circumstances. This issue is resolved. |
| YAI-28076 | Importing an inactive global policy does not disable the policy. When an active global policy is overwritten by an import of an inactive version of it, this policy is shown as inactive in the API Gateway UI. But the policy is still active when service requests are made on APIs that are using it. This issue is resolved. |
| YAI-28163 | Exceptions in TerracottaClusterNotifier class are logged with the log level as Trace. This issue is resolved. The log level is now set to Warning as expected. |
| YAI-28196 | Duplicate aliases were created when environmental variables were passed into containers during startup. This issue is resolved. |
| YAI-27958 | When REST Transformation is enabled for a SOAP API, SOAP headers are not generated. When you enable REST Transformation for a SOAP API, as per the WSDL schema, a parameter is defined to generate the SOAP headers. When API Gateway sends request to the native API, the SOAP headers are not generated. This issue is resolved. If the API already exists, you have to delete the API and create a new API using WSDL. |
| YAI-27792 | Continuous increase in memory leakage on using validate schema. During the runtime invocations, the usage of Validate API Specification policy causes memory leakage and performance degradation. This issue is resolved. |
| YAI-26953 | The deprecation of XSS filtering in the latest version of browsers creates security vulnerabilities. This issue is resolved. |
| YAI-27614 | The externalized configuration of API Gateway UI’s HTTPS port fails as it does not accept the custom keystore password. This issue is resolved. |
| YAI-27669 | Response Transformation Policies enforced on the outgoing response for a Callback API is not executed in the callback response to the client. This issue is resolved. |
| YAI-27975 | Unable to reset master password. When an asset having secrets is imported from a APIGateway which has different master password, the secrets gets corrupted in the import. As a result, the master password cannot be reset. The issue is resolved by reverting to the old secret if there is an error while importing secret. |
| YAI-27678 | Unable to transform JSON request payload to xml. Unable to perform XSLT transformation on the request payload if the content type is JSON. This transformation fails even after converting JSON payload to properXML payload. This issue is resolved. |
| YAIC-4645 | When REST Transformation is enabled for a SOAP API, SOAP headers are not generated. When you enable REST Transformation for a SOAP API, as per the WSDL schema, a parameter is defined to generate the SOAP headers. When API Gateway sends request to the native API, the SOAP headers are not generated. This issue is resolved. If the API already exists, you have to delete the API and create a new API using WSDL. |
| YAI-27760 | Validate API specification policy fails at runtime for GET call. In a GET call, if the API has no content-type defined in the API specification and no Content-type header is passed in the request, the API specification validation fails for content type validation. This issue is resolved. |
| YAI-28007 | Vulnerable third party component netty is used. This issue is resolved. |
| YAI-28083 | Included the missing field “version” in l10n.gradle. |
| YAIC-4833 | Client’s request invocation without content type is not sent to the native service. If the client invokes an API request with a payload without providing a content type, then API Gateway does not send the request payload to the native service. This issue is resolved. |
Release 10.15 Fix 2
No subtopics in thissection
This section provides information about webMethods.io API Gateway 10.15 Fix 2 released in February 2023.
| Issue ID | Description |
|---|---|
| YAI-27251 | Email-related configurations are not synchronized properly after API Gateway restarts. In the event of rule violations, API Gateway cannot send emails since a few Email configurations are not synchronized after API Gateway restarts. This issue is resolved. |
| YAI-27230 | OAuth scope mapping details page takes time to load. The OAuth scope mapping detail page takes a long time to appear when there are large numbers of APIs. This issue is resolved. |
| YAI-27108 | When you update the platform log settings, the server log levels are also modified. This issue is resolved. |
| YAI-27658 | Policy screen does not reflect service level policy getting overridden by global policy. In API Gateway UI, API service policy configuration does not show global policy action overriding the service level policy action by disabling the service level policy action. This issue is resolved. |
| YAI-26992 | When validating an API specification, the JSON schema validation is not performed if the additionalProperties field is used in the reference schema. This issue is resolved. |
| YAI-27145 | The date and time in JSON specifications are not validated against the RFC3339 standards. This issue is resolved. |
| YAI-26309 | Unable to search for global policy descriptions with a dash - in them. When there is a dash - in a global policy description, and if you search for the same using the corresponding keyword, then the matching policies are not returned as results. This issue is resolved. |
| YAI-26895 | Applications are not getting synchronized with Microgateway. When you have enabled the Team support feature, the changes made to the applications in API Gateway are not getting synchronized with Microgateway. This issue is resolved. |
| YAI-27007 | Request transformation not performed for REST-enabled SOAP APIs. An error message appears when you enforce the request payload transformation policy for REST-enabled SOAP APIs and the payload transformation is not performed. This issue is resolved. |
| YAI-27030 | API invocation fails with an error message HTTP/1.1 400 The endpoint reference EPR) for the Operation not found. When a WSDL contains multiple bindings with different operations, then after activation, all bindings are activated although only one binding can be used. During activation, API Gateway UI selects one endpoint and the selected endpoint is activated. Invoking the API with the other endpoints fails with an error. This issue is resolved. |
| YAI-27040 | Token lifetime value is not reflecting the value set in the local authorization server. When a new strategy is created, the default token life time value is not reflecting the value set in local authorization server. This issue is resolved. |
| YAI-27117 | Incorrect status code sent to client. When you enforce Identify & Authorize policy for an API, select Allow anonymous Checked, and set Identification type to HTTP Basic Authentication, API Gateway sends the 401-status code to the client when it returns any success message. This issue is resolved. |
| YAI-27173 | Incorrect log entry included for API delete events. When you delete an API from one of the nodes in an API cluster, the API is deleted correctly from that node. The server log file of other nodes in the cluster includes the following error log for the API delete event:Exception:Error while deleting the record indexName - This issue is resolved. |
| YAI-27280 | API Gateway Ignite cluster formation fails. In an API Gateway Ignite cluster, newly joining nodes fail to start up. The server.log contains messages Still waiting for initial partition map exchange. API Gateway servers that are already part of the cluster start showing messages Failed to wait for partition release future or Unable to await partitions release latch within timeout. This issue is resolved. |
| YAI-27297 | OAuth token request fails intermittently. The attempt to request OAuth tokens from an API Gateway cluster using the authorization grants flow fails intermittently with HTTP response code 400. This issue is resolved. |
| YAI-27301 | Backward compatibility is broken in the response sent to the client for REST enabled SOAP APIs. For REST enabled SOAP APIs when Use Schema to transform XML to JSON option is disabled, the response is not as per the one received by the clients in 10.5 version of APIGateway. This issue is resolved. |
| YAI-27381 | On invoking a REST API, the Global Ports Access Mode and IP Access Mode responds with 404 error. On invoking a REST API, the following REST calls to receive global Access Mode and IP Access Mode configurations for ports return with HTTP status 404 - Invalid Listener. ports/global/ipAccessMode ports/global/accessMode. This issue is resolved. |
| YAI-27407 | Unable to purge expired OAuth2 tokens. When you invoke the pub.oauth:removeExpiredAccessTokens service for strategies having refresh count as 0, the expired OAuth2 tokens fetched for Authorization Code grant type are not purged. This issue is resolved. |
| YAI-27415 | Creating an API based on WSDL fails. Creating a SOAP API based on WSDL fails with an unknown type error message when the wsdl imports or includes XSD schemas. This issue is resolved. |
| YAI-27425 | Custom variables not converted as per the user configuration. When you define Custom extension policy using the $(response) variable in the response processing stage for a SOAP API, then the variable is not converted as per the specified configuration. This issue is resolved. |
| YAI-27472 | API activation fails with StackOverflowError error. While activating APIs, some functions might fail with StackOverflowError. This might happen due to the functions being executed in a thread without enough thread space. This issue is resolved. Now, during API activation, the critical functions are handled separately. A new extended setting pg.runtime.extended.stackSize is introduced. You can use theextended setting under Adminstration > General > Extended settings section to adjust the thread space size. The size is specified in MB. The default value is set at 20 MB. |
| YAI-27494 | API mocking conditions with XPath expressions for SOAP requests do not work. API mocking conditions with XPath expressions for SOAP requests do not work when the request contains xml payload as input and the XPath has a namespace prefix. This issue is resolved. Now, API mocking works for a SOAP API when the XPath does not contain namespace prefixes. |
| YAI-27542 | The extended setting return408ForConnectionTimeout does not work as expected. The return408ForConnectionTimeout extended setting does not work for SOAP requests. That is, when the value is changed from true to false, there is no change in the API Gateway response. This issue is resolved. |
| YAI-27562 | Web Services configured as SOAP 1.1 do not behave SOAP 1.1 compliant. Requests to a native API sent from API Gateway do return its current HTTP response code upon a failure. This is not compliant to the SOAP specification. This issue is resolved. Now, a new extended setting retainSOAPResponseStatus is included to support the SOAP specification. When this parameter is set to true the native API responses retain the SOAP response status upon a failure. The default value is true. When this parameter is set to false, all response codes from the native SOAP API are converted to HTTP 500 (Internal Server Error). |
| YAI-27574 | Error message appears during strategy creation. When you create a strategy for an application that uses external authorization server, the Token lifetime mandatory message appears. This issue is resolved. |
| YAI-27605 | Error when getting access token for accessing APIs protected with the Authorization code grant type. When API Gateway is clustered, and if an API requires access token that is retrieved for the Authorization code grant type, then the following error is sent to the client sporadically: The supplied authorization code ********* does not exist This issue is resolved. |
| YAI-27649 | If you edit an API and add a header parameter that refers to a header component, then an error message appears. Also, the updates to the API are not saved. This issue is resolved. |
| YAI-26756 | When you upgrade API Gateway 10.5 to 10.11 in Zero Downtime, the Limit of total fields [1000] has been exceeded error message appears. This issue is resolved. |
| YAI-26783 | Service Management APIs do not return correct response codes when you perform API activation and deactivation. This issue is resolved. |
| YAI-27035 | Elements with the nullable: true property in OpenAPI schemas are not validated. This issue is resolved. |
| YAI-27056 | Incorrect API appears when you access a disabled API. When there are two versions of a SOAP API, if you disable one of them, and if you access the disabled API’s endpoints, then the existing API is invoked. This issue is resolved. |
| YAI-27326 | Incorrect status message during archive or purge operation. When you perform an archive or purge operation, the job fails to create files in the backup directory. However, the In Progress message appears. This issue is resolved. |
| YAI-27313 | When you run apigatewayutil script to take a backup, the backup file created does not contain the oauth2authcode data. This issue is resolved. |
| YAI-27384 | API Gateway Docker container ignores some environment variables. An API Gateway Docker container ignores the environment variables apigw_wrapper_java_initmemory and apigw_wrapper_java_maxmemory. The API Gateway Java process is rather started with the default values 256 and 1024. This issue is resolved. |
| YAI-27395 | Opening the AppMesh tab in API Gateway UI displays an error message. When AppMesh is correctly configured in the API Gateway UI and the user opens the AppMesh tab, an error message pops up with the message: Service Error. This issue is resolved. |
| YAIC-4444 | The extended settings listed below are removed from API Gateway Cloud.
|
| YAI-27289 | Performance degradation observed in the runtime for APIs enforced with OAuth policy with the fix Shared Libraries Parsers 10.15 Fix 1. This issue is resolved. |
| YAIC-4551 | Performing a backup operation fails to create a backup of Analytics data. When you run apigatewayutil script to take a backup, the backup filecreated does not contain the analytics data. This issue is resolved. |
| YAI-26773 | Audit log entry of CRUD operations is not available when you use subscription. This issue is resolved. |
Release 10.15 Fix 1
No subtopics in thissection
This section provides information about webMethods.io API Gateway 10.15 Fix 1 released in December 2022.
| Issue ID | Description |
|---|---|
| YAIC-4335 | Requests with content in the header and not in the body are not validated. If client sends a request with only content type header and not content in the body, then API Gateway does not validate the request against the defined schema and forwards the request to the native server. This issue is resolved. |
| YAI-26677 | Rollback takes longer than promotion. The rollback process always updates the alias, which consumes more time than the promotion process if the alias was not updated. This issue is resolved. |
| YAI-26687 | Upgrade and migration overwrite the newly added functional privileges with those from the old version. When upgrading API Gateway, during the asset migration, the newly added functional privileges in the new version are lost and overwritten by the functional privileges from the old version. As a result, you can not see the sections or configurations related to the newly added functional privilege in the new version. This issue is resolved. |
| YAIC-4397 | Developer Portal destination contains duplicate entries after the new API Gateway deployment. In the event of a new deployment of API Gateway, when you configure Developer Portal as a destination to establish communication between API Gateway and Developer Portal and publish it, a few configurations in Developer Portal destination, such as username, password, and stage are missing as a result of duplicate entries. This issue is resolved. |
| YAIC-4367 | Unable to download the read me from API Gateway UI. An error occurs when you try to download the readme from the fix management section in the API Gateway UI. This issue is resolved. |
| YAI-26255 | Unable to invoke a REST API transformed from a SOAP API. When you have enabled SOAP To REST transformation for a SOAP API that contains an operation without the Output message in the WSDL definition, and if you invoke it as a REST API, then API Gateway displays a null pointer exception. For example, the following WSDL operation contains only the input message: <wsdl:operation name="Operation_with_input message_only"><wsdl:input message="ns:msg1"> </wsdl:input></wsdl:operation>The following WSDL operation contains both input and output messages: <wsdl:operation name="Operation_with_both_messages"><wsdl:input message="ns:msg1"> </wsdl:input><wsdl:output message="ns:msg2"> </wsdl:input></wsdl:operation>This issue is resolved. |
| YAI-26745 | Transaction log entries are not included for 202 and 204 response codes. When you have enabled the logging policy, and if you invoke a SOAP API and the native API returns 202 or 204 as a response, then the transactional logs are not included in the destinations specified in the Log invocation policy. This issue is resolved. |
| YAI-26481 | If you have enabled schema validation and selected some XML features in the Validate API Specification policy, then the Feature is not recognized error message is included in the server.log file when APIs are invoked. This issue is resolved.The only supported features are:
|
| YAIC-4391 | The logging type is changed from logInfo to logDebugPlus whenever getUserObject is invoked. This issue is resolved. |
| YAIC-4418 | Search by Type filter in the Promotion management page shows incorrect results when certain asset types are selected. In the Promotion management page, when you search for Global Policies, Threat Protection, or Policy Template assets using the Search by Type filter, appropriate results are not retrieved. This issue is resolved. |
| YAI-26551 | Accessing the inner level JSON element through variables does not return valid JSON. When accessing an inner level JSON element in the response processing through variable framework, then the value returned is not in the JSON format. This issue is resolved. |
| YAI-26495 | API Gateway removes SOAP headers from the response sent by native service. When native SOAP service sends SOAP headers in response to the client that invokes the API, API Gateway removes the SOAP headers when sending the response to the client. This issue is resolved. |
| YAI-26465 | Transaction events are not masked properly in REST transformed APIs. When you have enabled REST transformation for a SOAP API, and if you configure the Data masking policy for the API by setting Apply for payload to true, then the response payload in the transaction event is the same as the request payload. This issue is resolved. |
| YAI-26740 | Native service requests and responses are not included in transaction events. When a SOAP API has one way operation defined in the corresponding WSDL specification, then the native service request and response are not included in the transaction events. This issue is resolved. |
| YAI-26751 | Error appears when you invoke an API that uses simple alias in its Straight Through Routing policy. When you create a simple alias with a period (.) in the name and value as empty, and use the alias in the Straight Through Routing policy, an error appears in the response when invoking the API. This issue is resolved. |
| YAI-26866 | Switching between strategies in the Authentication section on the applications page resets the grant types. In the Authentication section of any application, when you switch between multiple strategies, the grant type checkboxes get reset in edit mode. This issue is resolved. |
| YAI-26838 | When you enable the Log invocation policy, the transaction events with the OUT or FAULT messages are not sent to the configured destinations. This issue is resolved. |
| YAIC-4323 | Validate schema policy error variables are not replaced with their corresponding values. When an error message from the Validate schema policy has $ in it, then the $ERROR_MESSAGE is not substituted with the corresponding error message. Instead, it is replaced with NULL. This issue is resolved. |
| YAI-26810 | When you enable SOAP To REST transformation for a SOAP API of version 1.1, the values are not properly substituted during the REST request to SOAP request transformation. This is because the default version for SOAP APIs is 1.2. Hence, if the SOAP version of the API being transformed is 1.1, then namespace mismatch occurs. This issue is resolved. |
| YAI-26902 | Missing authorization headers are not logged as a policy violation event for basic authentication. If Identify & Authorize Application policy is configured with HTTP Basic Authentication and authorization headers are missing, it is not logged as a policy violation event. This issue is resolved. To address this issue the property Trigger policy violation event on missing authorization header is introduced. If this property is set to true, requests without authorization headers are logged as a policy violation event. |
| YAI-26936 | Using Ignite clustering sometimes causes Terracotta issues within Integration Server. This issue is resolved. |
| YAI-26835 | When you migrate from one version of API Gateway to another, then the values specified for some of the individual index-wise batch size properties like apigateway.migration.batchSize.gateway {0} and _analytics_transactionalevents are not considered. This issue is resolved. |
| YAI-26778 | Error message appears when native service sends unzipped response. When API Gateway is unable to process a request and does not send the request to the native service, the same has to be communicated to the client. If those responses are in the gzip format, then an exception occurs when API Gateway tries to unzip those responses. If such responses are not in the gzip format, then API Gateway forwards them to the client as if the response header does not contain the accept-encoding variable. This issue is resolved. |
| YAI-26489 | Unable to invoke Mashup API after bulk promotion. If you promote Mashup API along with other assets such as APIs and global policies, and invoke the Mashup API, then the Mashup API steps are not executed in the specified order. This issue is encountered when you activate Mashup API and then activate a global policy. This issue is resolved. |
| YAI-26980 | An old and unused truststore is loaded after migration from API Gateway versions before 10.11. This issue is resolved. |
| YAI-27002 | Interacting with the synchronized application in a cross-data center environment with hot-standby and teamwork configuration is not possible. In a hot-standby cross-data center combined with enabled teamwork configuration, the synchronized application cannot be opened or edited or deleted. This issue is resolved. |
| YAI-24043 | Added localization for all the options within the filter of the Analytics page. |
| YAI-27051 | Running an invalid migration command shows an incorrect error message. When you run the following invalid command, migrate.bat datastore dstoreSrc instead of migrate.bat datastore -dstoreSrc, an incorrect error message appears. This issue is resolved. |
| YAI-27093 | Registration port connection to IS does not work after a reboot of an API Gateway node. When using external ports with registration ports, in some cases, the external ports do not work correctly after a reboot of an API Gateway node. At times, it is observed that the API Gateway UI adds a blank entry to the list of ports. This issue is resolved. |
| YAI-27133 | API Gateway displays warnings during startup. During API Gateway startup, the following warnings are found in the server.log: ClusterCacheNotifier.subscribe(): overwriting existing notification, type: credentialManager, listener: This issue is resolved. |
| YAIC-4374 | Unable to create an OData API using HTTPS. Creating an OData API with an HTTPS address fails if a self-signed certificate is used for the truststore or keystore. This issue is resolved. |
| YAI-27139 | The analytics dashboard fails to load on clicking the Refresh button. If the enableTeamWork parameter is set to true in the Extended Settings page, API Gateway-wide analytics fail to load occasionally on clicking the Refresh button in Administration > Analytics. This issue is resolved. |
| YAI-27087 | The Owner field in the Basic information section of the Application details page does not display the owner name if the application is created from Developer Portal. This issue is resolved. The Owner field displays the Developer Portal User Id with Developer Portal User as a suffix in brackets. Note
This enhancement will be applicable only for the applications that are created after you apply this fix. The suffix Developer Portal User will be appended to the owner name of the applications that were created before applying this fix. |
| YAI-27127 | The return type of the context variable PROTOCOL_HEADERS is changed. When PROTOCOL_HEADERS is retrieved using pub.apigateway.ctxvar:getContextVariable IS service, the value returned is of type java.util.HashMap instead of IData, which does not comply with the return type mentioned in the Documentation. This issue is resolved. The PROTOCOL_HEADERS context variable return type is now changed to IData. |
| YAI-27185 | APIs are disabled when API Gateway is shut down before the startup is completed. In some cases, APIs are unintentionally disabled when API Gateway shutdown or restart process is performed, before the startup process is completed. This issue is resolved. |
| YAI-27204 | Importing a 10.3 archive fails with an error. Importing a 10.3 archive that contains an application using a strategy fails with a NullPointerException. This issue is resolved. |
| YAI-26873 | Added an authorization step before executing the response code for three testConfig APIs concerning the Destinations configuration. Also added the correct response code in case of forbidden access, namely 403. |
| YAI-26716 | When a JSON request to a SOAP-enabled API contains null values, then the converted SOAP request sent to the native API also contains the null value as text. For example, JSON Request:{ "Key": null }Converted SOAP request:<Key>null</Key>This issue is resolved. You can set the new extended setting pg.soapToRest.addNilAttribute to true to add null attribute to converted SOAP requests. Sample SOAP request with the added null attribute: <Key xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true/>Note: The default value of the new extended setting is false. |