Resolved Issues

This topic summarizes issues that have been resolved for
Layer7 API Gateway
, categorized by release. Note that resolved issues are presently not grouped by form factor as they are typically form-factor agnostic. Please check the descriptions of each resolved issue for form-factor applicability, as required.
CGW10-1
2

Issues Resolved in Version 10.1

The following issues are fixed in Layer7 API Gateway 10.1:
Fixed Issue ID
Description
DE211450
Fixed an issue that caused the Policy Manager to not display correctly on some high resolution monitors.
DE442226
Resolved an issue that prevented the Gateway from enforcing a server-side cipher.
DE442389
Resolved an issue that caused a kickstart-post.log error after imaging a hardware appliance Gateway.
DE448192
Resolved a thread pool issue in the Route via MQ Native assertion where the MQ threads were not timing out after a time interval. Introduced a new field,
MQ PUT Timeout
, in the Target tab of the MQ Native Routing properties dialog.
DE452349
Fixed an issue in the Authenticate Against CA Single Sign-On assertion to notify the authenticated user when their password is about the expire. For more information, see Authenticate Against CA Single Sign-On Assertion.
DE452738
Resolved a SAML token validating issue. Introduced the following SAML Cluster Properties:
  • samlAssertion.validate.notBeforeOffsetDuration
  • samlAssertion.validate.notOnOrAfterOffsetDuration
DE454594
Enhanced the Name field in the Stored Password properties to accept
$
and
@
characters.
DE455206
Fixed an issue that caused NTLM authentication to fail because of a Java servlet upgrade.
DE455298
Corrected an issue that caused increased response time of Gateway if a proxy is involved during SSL handshake.
DE456274
Introduced the following new cluster properties that you can configure when your Gateway queue is full so that WebSocket can accept new connection requests:
  • websocket.forward.ping
  • websocket.outbound.max.connections.per.destination
  • websocket.outbound.max.requests.queued.per.destination
  • websocket.outbound.client.connect.request.timeout
DE456742
Corrected an issue that resulted in found CVEs from a vulnerability scan for a version 10.0 Container Gateway image.
DE459135
Resolved an issue where CA SSO Agent fails to re-establish the connectivity to the SSO policy server. Introduced a new cluster property, siteminder.managementTimePeriod, to configure the time period to reinitialize the CA SSO agent
DE459849
Resolved an issue so that Gateway can log messages larger than 10KB by introducing a cluster property, audit.log.maxFormattedMessageSize.
DE459999
Enhanced the internal parsed document cache capability in Validate Against Swagger Document assertion so the assertion does not fail when using a shared policy fragment.
Introduced the following cluster properties:
  • swagger.modelCache.maxSize
  • swagger.modelCache.idleTimeout
DE460142
Fixed an inconsistency between solutionKitSelect and solutionKitSelectByName for UPGRADE -h.
DE460925
Introduced a new cluster property, pkix.crl.skipSerialNumberCheckForRevocationCheck, which when set to
true
skips comparing serial numbers of identical certificates in a trusted store and avoids CRL failure.
DE461126
Gave the Gateway additional inbound logging capability to help confirm inbound stream timeouts. This can be enabled with the following CWP and value:
com.l7tech.server.transport.http.TimeoutInputStream.level = FINEST
DE465400
Corrected an authorization header issue that caused an error log message each time data is sent to an HTTP event collector via the Route via HTTP(S) policy assertion.
DE465431
Resolved an issue that caused account lockouts when running the Gateway in Azure cloud.
DE465783
Fixed an issue that prevented the Gateway from starting after an OVA was switched to use a Derby database.
DE467988
Corrected an issue that caused the io.mqConversionCCSID cluster property to not apply to the reply queue, causing incorrect message responses. This issue was related to the Route via MQ Native policy assertion.
DE468866
Corrected an issue that resulted in found CVEs from a vulnerability scan for a version 10.0 CR1 Container Gateway image.
DE471975
Corrected an issue that resulted in found CVEs from a vulnerability scan for a version 10.0 Container Gateway image.
DE473747
Corrected an issue that caused a large number of SQL queries to run on the service_metrics table when service metrics is disabled.
DE473821
Corrected a special character issue that arose from a function error in the Execute Javascript policy assertion
DE481370
Corrected an issue to prevent the generation of unnecessary UUID when a Gateway audit log is not in JSON format resulting in a blocked thread.
DE485529
Fixed a circular dependency in systemd scripts that prevented the Gateway from launching.
DE486086
Corrected an issue that resulted in found vulnerabilities for the Appliance Gateway.
DE486377
Corrected a Policy Plugin export issue to allow exporting Gateway configuration even when restricted keys are in use.
DE487040
Corrected a potential security issue by allowing nonce support to be set at the Revocation Policy level for the Gateway.
DE487301
Fixed an issue that caused the LDAP Query assertion from returning any results after upgrading from Gateway version 9.4 to version 10.x.
DE487460
Fixed an issue that caused an OSCP response signature validation failure.
DE487632
Fixed a WebSocket Loader issue that slowed Gateway startup time due to false log level warnings.
DE490809
Resolved an issue that caused the Decode JSON Web Token assertion to throw an exception error due to a missing "Use" field entry.
DE493332
Fixed an issue that caused poor performance in message routing by proxy, which led to a "Timeout connection waiting from pool" routing error when a client attempts to connect to a proxy via message routing.
DE494105
Fixed a JDK regression issue that led to frequent full TLS handshakes while routing to the backend.
DE494520
Fixed an issue that caused the audit sink policy to generate an error when attempting to decrypt an audit record stored in an external database.
DE495534
Fixed an issue in the SSG logs to improve security.
DE495542
Fixed an issue that prevented users from gaining shell access to a Gateway after configuring LDAP credentials as an authentication method for SSH access to the Gateway.
DE495861
Fixed an issue in the cache entry to resolve a memory leak issue.
DE496977
Fixed an issue that prevented users from saving a configuration when the server private key uses RSA crypto or if the default private key is an Elliptic Curve (EC) type. This would occur when TLS 1.3 is enabled on a Listen Port.
DE497451
Resolved an issue that caused truncated log messages in the SSG logs.
DE500435
Fixed an issue that prevented users from applying platform patches after importing a saved configuration to the Gateway.
DE502548
Resolved a MySQL performance issue after upgrading to MySQL 8 for the Gateway.
DE503170
Fixed a service resolution problem where a service call to a Gateway policy may result in a different service than the one intended.