What's new in the latest release (Version 2018.4.1.17)

Learn what's new and changed in the latest IBM® API Connect release, Version 2018.4.1.17.

Note: You can access the latest files from Fix Packs Available for IBM API Connect v2018.x.
Prevent the Access-Control-Allow-Credentials header from being returned in a CORS response
By default, when CORS is enabled for an API, every response to a CORS request contains the following header:
Access-Control-Allow-Credentials: true
However, the inclusion of this header does not provide optimal security. A new x-ibm-gateway-cors-allow-credentials-when-no-cors-policy API property is provided to allow you to prevent the return of this header. For more information, see API properties.
Upgrade from Drupal 8 to Drupal 9 content management system
The Developer Portal is now based on the Drupal 9 content management system. This is an in-place upgrade, so no specific steps need to be taken. However, if you are using additional contributed modules, or custom modules or sub-themes, you should check that they are compatible with Drupal 9, and not using any deprecated APIs for example. There are tools available for checking your custom code, such as drupal_check on GitHub, which checks Drupal code for deprecations. For information about how to make the core version of custom modules or sub-themes compatible with Drupal 9, see Installing Drupal 8 based custom modules or sub-themes into the Drupal 9 based Developer Portal. For more information about Drupal 9, see About Drupal 9 on the drupal.org website.
Timestamp format changed for Developer Portal restore operations
The timestamp format that is used in Developer Portal restore operations has changed from YYYY-MM-DD HH:MM:SS to YYYYMMDD.HHMMSS. For more information, see:
New IP security command available in the Developer Portal
IP security is enabled by default, but you can now use an internal Developer Portal command to toggle the IP security between enabled and disabled at the Portal service level. For more information, see How to manage IP security in the Developer Portal.
Directly navigate to specific APIs and operations in the Open API Explorer Documentation
You can now use the URL to navigate directly to specific APIs and operations in the OpenAPI Explorer Documentation for the API Connect REST APIs. You can also select the APIs for a specific version by using the drop-down menu in the header bar. See Open API Explorer Documentation for Version 2018.