Fixes
Explore the fixes for webMethods.io API Gateway 11.0.0.
Release 11.0.0 Fix 1
No subtopics in thissection
This section provides information about webMethods.io API Gateway 11.0.0 Fix 1 released in July 2024.
| Issue ID | Description |
|---|---|
| YAI-30195 | Migration does not stop when the source API Gateway Elasticsearch has a red status. When starting migration script with reindex, for example, (windows): migrate.bat reindex -indicesType analyticsandlogs -sourceESHostUrl http://my-src-es-host:9240 and the source Elasticsearch is reachable, but the status is red, the process never times out. This issue is resolved. Now after waiting 30 seconds for the source Elasticsearch status to become green or yellow the process exits with a timeout. |
| YAIC-6314 | Runtime invocation of an API enforced with an OAuth policy fails when the resource includes a path parameter. When an API includes a path parameter in one of its resources and is enforced with OAuth, the runtime invocation fails and an triggers an error. This issue is resolved. |
| YAI-31964 | The system displays a path not found error when migrating API Gateway events from version 10.11 to 10.15. This issue is resolved. |
| YAI-32115 | Enabling Tracer consumes a lot of CPU and memory. In some cases, API Gateway consumes a lot of CPU and memory when one or more APIs is configured with Tracer active and clustering is enabled. This issue is resolved. |
| YAI-31889 | URL with the Correlation ID does not redirect correctly to Kibana for applying correlation filters. This issue is resolved. |
| YAI-31738 | Vulnerable 3rd party Azure-identity jar is used. The Azure-identity jar is upgraded to a safer version. This issue is resolved. |
| YAI-31481 | If a socket timeout exception occurred during the restore operation, the system prompts the user to retry the operation, even if the restore is successful in the background. This issue is resolved. The system prompts the user to check the status of the previous restore operation before attempting to restore again. |
| YAI-37339 | REST-enabled SOAP API fails during runtime invocations. API Gateway throws an exception during SOAP to REST transformation while parsing the WSDL if an attribute is null. This issue is resolved. |
| YAI-37374 | The user field in the login and logout audit log events displays the value default instead of the actual user. This issue is resolved. |
| YAI-37329 | Unable to set the possible values for a parameter without a default value. This issue is resolved. |
| YAI-32047 | Security issue encountered when SameSite attribute is not specified. The SameSite attribute in a cookie prevents the browser from sending the cookie along with cross-site requests. The SameSite attribute in API Gateway cookies is not specified, posing a security concern. This issue is resolved. An extended setting called setSamesiteCookieAttribute is introduced. The SameSite value is not specified when the setting is set to its default value, false. The SameSite attribute is explicitly set to Strict when the value of the setting is set to true. Restart API Gateway after setting the values for the extended setting. |
| YAI-32016 | The REST to SOAP transformation encounters issues when handling multipart form data requests. During the conversion of a SOAP API to a REST API, the request operation with multipart form data fails with the error Cannot serialize OM Element Envelope. This issue is resolved. |
| YAI-31927 | The tracer does not log the response body when it receives plain text as a response. This issue is resolved. |
| YAI-31879 | Unable to activate the REST API after associating the policy created from the policy template. This issue is resolved. |
| YAI-31873 | Deleting a policy action causes an error when the association is not deleted. Deleting a policy action using the Policy Action REST resource, without removing the association to the policy, causes issues in the API Gateway. This issue is resolved. |
| YAI-31802 | Issue while handling multiple namespaces in XML elements schema. In the REST transformation of SOAP APIs, there were issues with handling namespaces when multiple namespaces were present in the schema for XML elements with the same name. This issue is resolved. |
| YAI-31759 | The invocation of invoke/pub.apigateway.oauth2/getAccessToken call is not inline with OAuth2 specification. According to the OAuth2 specifications, the request invoke/pub.apigateway.oauth2/getAccessToken must be made as a POST call only. API Gateway currently allows the invocation of invoke/pub.apigateway.oauth2/getAccessToken in all HTTP methods, which does not obey the OAuth2 specification. This issue is resolved. To align with the OAuth2 specification, an extended setting oauth2_getAccessToken_allowOnlyPost has been introduced. Enabling this setting by setting it to true restricts the HTTP method to only POST for the invoke/pub.apigateway.oauth2/getAccessToken call. |
| YAI-37468 | Unable to create a SOAP API from a zip file containing WSDL and XSDs. When you create a SOAP API from a zip file, the API creation fails if the imported schema lacks a namespace definition in the WSDL and the corresponding XSD lacks a targetNamespace. This issue is resolved. |
| YAIC-6501 | Post-migration, existing API keys are no longer functional, resulting in unauthorized exceptions. The application’s API key stored in the data store was initially hashed. After migration, this hashed key was hashed again, resulting in the failure of the API key. This issue is resolved. The application in the data store is corrected to prevent double hashing of the key. |
| YAI-32213 | Unable to download the diagnostic logs. This issue is resolved. |
| YAI-32180 | The code is updated to prevent NullPointerExceptions in error cases and added missing error messages. This issue is resolved. |
| YAIC-6115 | API Gateway returns an error that an endpoint could not be reached while using URL-based SOAP action name. While invoking an API, if the soapAction parameter for different operations are not unique, API Gateway returns an error that an endpoint could not be reached. This issue is resolved. API Gateway now handles it by checking the SOAP body payload. |
| YAIC-6012 | The JSON path does not work as expected when employed in the Conditional Error Processing policy for failure text. When an API is enforced with the Conditional Error Processing policy, containing a JSON path in its failure text, the JSON path is not correctly evaluated and ends up being replaced in the response sent to the client. This issue is resolved. |
| YAIC-6002 | Transaction logs are not present for multipart/form-data content-type. If request calls are done with multipart/form-data content type, transactions are not logged in Analytics. This issue is resolved. |
| YAI-37463 | Saving an API fails despite providing correct XPath payload expression. When you use square brackets in an XPath expression for request transformations, saving the API fails with the error message Query expression cannot be empty. This issue is resolved. |
| YAI-37419 | Vulnerable 3rd Party Component Bouncy-castle is used. CVE-2024-30172 This issue is resolved. |
| YAI-37266 | When an API request is redirected to Microgateway, the configured connection and read timeouts are not applied to those connections. This issue is resolved. |
| YAI-32284 | When you configure the file transaction logger, the transactional events are not logged. This issue is resolved. |
| YAI-32267 | Unauthorized users accessing authorized pages through deep links encounters a blank page. When an underprivileged user attempts to access a deep link, they are redirected to an unauthorized page on the homepage. This issue is resolved. |
| YAI-32246 | When registering Microgateway to API Gateway, you cannot publish its endpoint to Developer Portal. This action is only feasible when the Microgateway endpoint is added to a Service Registry. This issue is resolved. You can independently publish the Microgateway endpoint on a Service Registry entry. |
| YAI-32228 | Errors from AggregatedMonitorProcessor task are logged in server.log. Example: [YAI.0206.0002E] Error while running com.softwareag.pg.pgmen. processors.AggregatedMonitorProcessor task. Cause: java.lang.NullPointerException null This issue is resolved. |
| YAI-32223 | API Gateway experienced a memory leak when working with JMS/AMQP policies due to the presence of JMS/AMQP REST Routing and/or Enable JMS/AMQP policies. Analysis of heap dump revealed that a large number of com.pcbsys.nirvana.nJMS.SessionImpl classes were causing the issue. This issue is resolved. |
| YAI-32151 | Invoking an API fails when the API has a non-existing path. When you invoke an API that has a non-existing path, a NullPointerException is logged in the server.log from the AccumulatorManager task. This issue is resolved. |
| YAI-32141 | Creating an OData API fails due to Accept Header used by API Gateway. When creating an OData API with a URL of an xml metadata file, the request fails in some cases, because API Gateway adds an Accept header - application/json. This issue is resolved. |
| YAI-31994 | The Outbound Auth - Message policy ends with an error API Gateway outbound client encountered Security policy namespace cannot be null. The Outbound Auth - Message policy does not work and ends with an error, when the based WSDL does not contain ws:Policy elements. This issue is resolved. Now the policy should work as expected for the WSS Username Authentication scheme. Note that to get it working for already existing APIs with this policy, update the API by clicking Edit followed by Save. |
| YAI-31962 | StAX factory classes cannot be set. The StAX factory classes XMLInputFactory, XMLOutputFactory, and XMLEventFactory, can no longer be configured through Java properties when starting API Gateway. This issue is resolved. |
| YAI-31911 | Request transformation is not working as expected. During request transformation a ESB service may change the SOAP version, for example, from SOAP1.2 to SOAP1.1. This causes an internal exception and the request transformation fails. This issue is resolved. |
| YAI-31838 | Incorrect passwords saved for aliases with the same name, but different stages. When using passwords for aliases that have the same name but with different stages, the passwords are not saved correctly for these aliases. In such cases, the password of the last alias saved is always used for all of these aliases. This issue affects both the HTTP Transport security aliases and SOAP message security aliases. This issue is resolved. When using such aliases, ensure to update the passwords before using them. |
| YAI-31766 | API Gateway shows more than one port as primary port. In an environment it is observed, that more than one port is defined as primary port. This issue is resolved. |
| YAI-31742 | The nested claims sent in the Invoke IS service pipeline are not in the expected format or structure. The claims returned from the remote introspection response, when sent to an Invoke IS service pipeline, are not in JSON format as expected. This issue is resolved. |
| YAI-31730 | The startup of API Gateway is experiencing delays and is slower than expected. This issue is resolved. The startup time of API Gateway has been improved. |
| YAI-31633 | Custom gateway endpoint is removed after importing if it has the same value as URL alias. When importing an archive with a URL alias and there is an existing API available on API Gateway that uses the same alias value as custom gateway endpoint URL, the import does not fail, but the custom gateway endpoint of the API gets removed. This issue is resolved. |
| YAI-37488 | Discriminator does not work as expected. API Schema validation fails to work as expected when enabled with the defined discriminator at the schema level. This issue is resolved. The discriminator concept is introduced in the open API. |
| YAI-37588 | Update API adds a CR/LF after the API description. When an API is updated, it adds an unwanted newline character at the end of the API description. This issue is resolved. |
| YAI-31416 | Vulnerable third-party components found in Docker image. This issue is partly resolved. |
| YAIC-6799 | API Gateway cannot connect to an Elasticsearch instance if the Elasticsearch version is higher than the version certified for compatibility. API Gateway restricts itself by checking the Elasticsearch version. It does not start if the Elasticsearch version is outside the certified range. This restriction causes issues when connecting to a higher Elasticsearch version, even if the client does not require any changes. This issue is resolved. |
| YAIC-6890 | Determining the proper SOAP operation from the SOAP envelope caused an issue. This issue is resolved. |