Fixes

Explore the fixes for webMethods API Gateway 11.0.0.

Release 11.0.0 Fix 1

This section provides information about webMethods API Gateway 11.0.0 Fix 1 released in July 2024.

Issue ID Description Hot Fix # (if applicable)
YAI-30195 Migration does not stop when the source API Gateway Elasticsearch has a red status.

When starting migration script with reindex, for example, (windows): migrate.bat reindex -indicesType analyticsandlogs -sourceESHostUrl http://my-src-es-host:9240 and the source Elasticsearch is reachable, but the status is red, the process never times out.

This issue is resolved. Now after waiting 30 seconds for the source Elasticsearch status to become green or yellow the process exits with a timeout.
NA
YAIC-6314 Runtime invocation of an API enforced with an OAuth policy fails when the resource includes a path parameter.

When an API includes a path parameter in one of its resources and is enforced with OAuth, the runtime invocation fails and an triggers an error.

This issue is resolved.
NA
YAI-31964 The system displays a path not found error when migrating API Gateway events from version 10.11 to 10.15.

This issue is resolved.
NA
YAI-32115 Enabling Tracer consumes a lot of CPU and memory.

In some cases, API Gateway consumes a lot of CPU and memory when one or more APIs is configured with Tracer active and clustering is enabled.

This issue is resolved.
NA
YAI-31889 URL with the Correlation ID does not redirect correctly to Kibana for applying correlation filters.

This issue is resolved.
NA
YAI-31738 Vulnerable 3rd party Azure-identity jar is used.

The Azure-identity jar is upgraded to a safer version.

This issue is resolved.
NA
YAI-31481 If a socket timeout exception occurred during the restore operation, the system prompts the user to retry the operation, even if the restore is successful in the background.

This issue is resolved. The system prompts the user to check the status of the previous restore operation before attempting to restore again.
NA
YAI-37339 REST-enabled SOAP API fails during runtime invocations.

API Gateway throws an exception during SOAP to REST transformation while parsing the WSDL if an attribute is null.

This issue is resolved.
NA
YAI-37374 The user field in the login and logout audit log events displays the value default instead of the actual user.

This issue is resolved.
NA
YAI-37329 Unable to set the possible values for a parameter without a default value.

This issue is resolved.
NA
YAI-32047 Security issue encountered when SameSite attribute is not specified.

The SameSite attribute in a cookie prevents the browser from sending the cookie along with cross-site requests. The SameSite attribute in API Gateway cookies is not specified, posing a security concern.

This issue is resolved. An extended setting called setSamesiteCookieAttribute is introduced. The SameSite value is not specified when the setting is set to its default value, false. The SameSite attribute is explicitly set to Strict when the value of the setting is set to true. Restart API Gateway after setting the values for the extended setting.
NA
YAI-32016 The REST to SOAP transformation encounters issues when handling multipart form data requests.

During the conversion of a SOAP API to a REST API, the request operation with multipart form data fails with the error Cannot serialize OM Element Envelope.

This issue is resolved.
NA
YAI-31927 The tracer does not log the response body when it receives plain text as a response.

This issue is resolved.
NA
YAI-31879 Unable to activate the REST API after associating the policy created from the policy template.

This issue is resolved.
NA
YAI-31873 Deleting a policy action causes an error when the association is not deleted.

Deleting a policy action using the Policy Action REST resource, without removing the association to the policy, causes issues in the API Gateway.

This issue is resolved.
NA
YAI-31802 Issue while handling multiple namespaces in XML elements schema.

In the REST transformation of SOAP APIs, there were issues with handling namespaces when multiple namespaces were present in the schema for XML elements with the same name.

This issue is resolved.
NA
YAI-31759 The invocation of invoke/pub.apigateway.oauth2/getAccessToken call is not inline with OAuth2 specification.

According to the OAuth2 specifications, the request invoke/pub.apigateway.oauth2/getAccessToken must be made as a POST call only. API Gateway currently allows the invocation of invoke/pub.apigateway.oauth2/getAccessToken in all HTTP methods, which does not obey the OAuth2 specification.

This issue is resolved. To align with the OAuth2 specification, an extended setting oauth2_getAccessToken_allowOnlyPost has been introduced. Enabling this setting by setting it to true restricts the HTTP method to only POST for the invoke/pub.apigateway.oauth2/getAccessToken call.
NA
YAI-37468 Unable to create a SOAP API from a zip file containing WSDL and XSDs.

When you create a SOAP API from a zip file, the API creation fails if the imported schema lacks a namespace definition in the WSDL and the corresponding XSD lacks a targetNamespace.

This issue is resolved.
NA
YAIC-6501 Post-migration, existing API keys are no longer functional, resulting in unauthorized exceptions.

The application’s API key stored in the data store was initially hashed. After migration, this hashed key was hashed again, resulting in the failure of the API key.

This issue is resolved. The application in the data store is corrected to prevent double hashing of the key.
NA
YAI-32213 Unable to download the diagnostic logs.

This issue is resolved.
NA
YAI-32180 The code is updated to prevent NullPointerExceptions in error cases and added missing error messages.

This issue is resolved.
NA
YAIC-6115 API Gateway returns an error that an endpoint could not be reached while using URL-based SOAP action name.

While invoking an API, if the soapAction parameter for different operations are not unique, API Gateway returns an error that an endpoint could not be reached.

This issue is resolved. API Gateway now handles it by checking the SOAP body payload.
NA
YAIC-6012 The JSON path does not work as expected when employed in the Conditional Error Processing policy for failure text.

When an API is enforced with the Conditional Error Processing policy, containing a JSON path in its failure text, the JSON path is not correctly evaluated and ends up being replaced in the response sent to the client.

This issue is resolved.
NA
YAIC-6002 Transaction logs are not present for multipart/form-data content-type.

If request calls are done with multipart/form-data content type, transactions are not logged in Analytics.

This issue is resolved.
NA
YAI-37463 Saving an API fails despite providing correct XPath payload expression.

When you use square brackets in an XPath expression for request transformations, saving the API fails with the error message Query expression cannot be empty.

This issue is resolved.
NA
YAI-37419 Vulnerable 3rd Party Component Bouncy-castle is used.

CVE-2024-30172

This issue is resolved.
NA
YAI-37266 When an API request is redirected to Microgateway, the configured connection and read timeouts are not applied to those connections.

This issue is resolved.
NA
YAI-32284 When you configure the file transaction logger, the transactional events are not logged.

This issue is resolved.
NA
YAI-32267 Unauthorized users accessing authorized pages through deep links encounters a blank page.

When an underprivileged user attempts to access a deep link, they are redirected to an unauthorized page on the homepage.

This issue is resolved.
NA
YAI-32246 When registering Microgateway to API Gateway, you cannot publish its endpoint to Developer Portal. This action is only feasible when the Microgateway endpoint is added to a Service Registry.

This issue is resolved. You can independently publish the Microgateway endpoint on a Service Registry entry.
NA
YAI-32228 Errors from AggregatedMonitorProcessor task are logged in server.log. Example: [YAI.0206.0002E] Error while running com.softwareag.pg.pgmen. processors.AggregatedMonitorProcessor task. Cause: java.lang.NullPointerException null

This issue is resolved.
NA
YAI-32223 API Gateway experienced a memory leak when working with JMS/AMQP policies due to the presence of JMS/AMQP REST Routing and/or Enable JMS/AMQP policies. Analysis of heap dump revealed that a large number of com.pcbsys.nirvana.nJMS.SessionImpl classes were causing the issue.

This issue is resolved.
NA
YAI-32151 Invoking an API fails when the API has a non-existing path.

When you invoke an API that has a non-existing path, a NullPointerException is logged in the server.log from the AccumulatorManager task.

This issue is resolved.
NA
YAI-32141 Creating an OData API fails due to Accept Header used by API Gateway.

When creating an OData API with a URL of an xml metadata file, the request fails in some cases, because API Gateway adds an Accept header - application/json.

This issue is resolved.
NA
YAI-31994 The Outbound Auth - Message policy ends with an error API Gateway outbound client encountered Security policy namespace cannot be null.

The Outbound Auth - Message policy does not work and ends with an error, when the based WSDL does not contain ws:Policy elements.

This issue is resolved. Now the policy should work as expected for the WSS Username Authentication scheme. Note that to get it working for already existing APIs with this policy, update the API by clicking Edit followed by Save.
NA
YAI-31962 StAX factory classes cannot be set.

The StAX factory classes XMLInputFactory, XMLOutputFactory, and XMLEventFactory, can no longer be configured through Java properties when starting API Gateway.

This issue is resolved.
NA
YAI-31911 Request transformation is not working as expected.

During request transformation a ESB service may change the SOAP version, for example, from SOAP1.2 to SOAP1.1. This causes an internal exception and the request transformation fails.

This issue is resolved.
NA
YAI-31838 Incorrect passwords saved for aliases with the same name, but different stages.

When using passwords for aliases that have the same name but with different stages, the passwords are not saved correctly for these aliases. In such cases, the password of the last alias saved is always used for all of these aliases. This issue affects both the HTTP Transport security aliases and SOAP message security aliases.

This issue is resolved. When using such aliases, ensure to update the passwords before using them.
NA
YAI-31766 API Gateway shows more than one port as primary port.

In an environment it is observed, that more than one port is defined as primary port.

This issue is resolved.
NA
YAI-31742 The nested claims sent in the Invoke IS service pipeline are not in the expected format or structure.

The claims returned from the remote introspection response, when sent to an Invoke IS service pipeline, are not in JSON format as expected.

This issue is resolved.
NA
YAI-31730 The startup of API Gateway is experiencing delays and is slower than expected.

This issue is resolved. The startup time of API Gateway has been improved.
NA
YAI-31633 Custom gateway endpoint is removed after importing if it has the same value as URL alias.

When importing an archive with a URL alias and there is an existing API available on API Gateway that uses the same alias value as custom gateway endpoint URL, the import does not fail, but the custom gateway endpoint of the API gets removed.

This issue is resolved.
NA
YAI-37488 Discriminator does not work as expected.

API Schema validation fails to work as expected when enabled with the defined discriminator at the schema level.

This issue is resolved. The discriminator concept is introduced in the open API.
NA
YAI-37588 Update API adds a CR/LF after the API description.

When an API is updated, it adds an unwanted newline character at the end of the API description.

This issue is resolved.
NA
YAI-31416 Vulnerable third-party components found in Docker image.

This issue is partly resolved.
NA
YAIC-6799 API Gateway cannot connect to an Elasticsearch instance if the Elasticsearch version is higher than the version certified for compatibility.

API Gateway restricts itself by checking the Elasticsearch version. It does not start if the Elasticsearch version is outside the certified range. This restriction causes issues when connecting to a higher Elasticsearch version, even if the client does not require any changes.

This issue is resolved.
Hotfix1 11.0.1.0.2243
YAIC-6890 Determining the proper SOAP operation from the SOAP envelope caused an issue.

This issue is resolved.
Hotfix2 11.0.1.0.2263
YAIC-6561 From API Gateway version 11.0 onwards, a problem occurs with keystore and truststore objects if they have the same alias. This issue causes data loss and prevents the creation of keystore and truststore objects with the same alias after migration.

This issue is resolved.
Hotfix4 11.0.1.0.2275
YAIC-6727 The initialization of the global log invocation policy encountered an issue.

This issue is resolved.
Hotfix4 11.0.1.0.2275
YAIC-6976 Inconsistency in API-specific dashboards and the custom dashboards dropdowns.
When the custom domain is enabled, navigating to the API-specific analytics results in inconsistencies in the dropdown menus between the API-specific dashboards and custom dashboards.

This issue is resolved.
Hotfix4 11.0.1.0.2275
YAIC-6754 The payload placeholders request.payloadand{request.payload} and {response.payload} are not functioning as expected in the custom extension policy action.

This issue is resolved. When searching for custom values in the analytics dashboard, ensure the search value is provided in lowercase.
For example:
*{“regexp”: {“customTransactionFields.customValue”:
{“value”: “.nc4.”}
}}*
Hotfix4 11.0.1.0.2275
YAIC-6939 In the Analytics page, View event with payload screen does not display the payload when the payload size is more than 5 mb.

This issue is resolved.
Hotfix4 11.0.1.0.2275
YAIC-6971 Issue with the liveliness probe. It shows the overall health status as green with an HTTP response code of 200, even when the Ignite cluster was in a stopped state.

This issue is resolved.
Hotfix4 11.0.1.0.2275