IBM Support

IBM API Connect V2018.4.1.7-iFix1.5 is available

News


Abstract

IBM API Connect V2018.4.1.7-iFix1.5 is now available. This update includes important internal development and field reported fixes.

Content

IBM API Connect 2018.x delivers enhanced capabilities for the market-leading IBM API Management solution. In addition to the ability to deploy in complex, multi-cloud topologies, this version provides enhanced experiences for developers and cloud administrators at organizations.

The API Connect 2018.4.1.7-iFix1.5 update includes important internal development and field reported fixes. 

A special note on upgrades from prior versions of API Connect v2018.4.1.x:  API Connect v2018.4.1.5 is now a prerequisite for API Connect v2018.4.1.7-iFix1.5 for VMWare (.OVA) deployments.  You cannot upgrade your API Connect topology to 2018.4.1.7-iFix1.5 without first being at the v2018.4.1.5 level.  Again, this restriction applies only to VMWare (.OVA) deployments only of IBM API Connect v2018.4.1.7-iFix1.5.  This is due to the level of Kubernetes deployed with the VMWare (.OVA) installation of IBM API Connect v2018.4.1.7-iFix1.5 and restrictions around skipping levels of Kubernetes when upgrading.

See the "What's New" topic in the API Connect Knowledge Center for more information on new features included in API Connect v2018.4.1.7-iFix1.5.

API Connect v2018.4.1.7-iFix1.5  contains the following field reported APARs: (Cumulative list also includes 2018.4.1.7 and 2018.4.1.7-iFix1.0 APARs)

APAR Summary
LI80601 EDITING YOUR USER PROFILE DOES NOT WORK IF THE USER REGISTRY IS LDAP
LI80728 INCONSISTENT STORAGE OF  CONSUMER ORGANIZATION MEMBERS LEADING TO PERMISSION ISSUES
LI80760 SOAP API: ADDRESS LOCATION IS NOT SET TO CONFIGURED GATEWAY ENDPOINT WHEN WSDL IS DOWNLOADED FROM DEVELOPER PORTAL
LI80790 JSON SAMPLE BODY GENERATOR DOES NOT HANDLE BOOLEAN CORRECTLY
LI80791 MAP POLICY XML EMPTY ELEMENT PROPERTY DOES NOT WORK WHEN AN EMPTY ELEMENT HAS AN ATTRIBUTE.
LI80792 MAP POLICY CANNOT ACCESS XSLT POLICY OUTPUT THAT CHANGES THE ORIGINAL CONTENT TYPE
LI80798 WHEN INVITE A NEW MEMBER TO A SPACE, USER ROLE SELECTION IS MISSING FROM THE UI
LI80809 MAP POLICY DOES NOT RESPECT REQUIRED PROPERTIES IN OUTPUT ARRAYS
LI80818 CLI COMMAND CREATE:API, CREATE:PRODUCT TO ADD --GATEWAY-TYPE FLAG
LI80825 MAP POLICY DOES NOT RESPECT REQUIRED PROPERTIES OF OPTIONAL OBJECTS THAT HAVE A CHILD PROPERTY WITH A MAPPED VALUE
LI80832 PORTAL ACCOUNT LANGUAGE NOT SET TO BROWSER LANGUAGE ON FIRST TIME LOGIN OF EXISTING USERS
LI80833 REST TO SOAP PROXY API TO INJECT PARSE POLICY IN ASSEMBLY IF DATAPOWER-API-GATEWAY
LI80835 REST TO SOAP PROXY API GENERATES CORRUPTED REQUEST AFTER SAVE IN ASSEMBLY
LI80836 REST TO SOAP PROXY API SHOULD STOP ON CONNECTION OR OPERATION ERROR
LI80840 VALIDATE POLICY RETURNS JSON RESPONSE WHEN WSDL VALIDATION FAILS USING THE ASSEMBLY TEST TOOL
LI80847 API CONNECT V5.0.8.X GWSCRIPT FUNCTION CALL APIM.ERROR() ADDS 400-600 MS TO TRANSACTION
LI80849 PORTAL TRYIT UI HANGS WHEN API CALL RETURNS LARGER COMPLEX PAYLOAD
LI80874 MISSING NOTIFICATION FEEDBACK TO CONSUMER WHEN SWITCHING CONSUMER ORGANIZATION IN THE PORTAL
LI80878 CASSANDRA SNAPSHOTS CAN FILL UP DISK SPACE CAUSING THE SYSTEM TO CRASH
LI80886 UNEXPECTED PAYLOAD MESSAGE RECORDED IN THE ACTIVITY LOG
LI80894 CANNOT DELETE CONSUMER ORG WHEN THE OWNER IS A MEMBER IN ANY SCOPE IN THE PROVIDE ORG
LI80895 NOT ABLE TO DELETE PROVIDER ORGANISATION MEMBER
LI80901 MAP POLICY UI MERGE FUNCTION DOES NOT CREATE THE CORRECT SWAGGER IN SOME USE CASES
LI80909 CHANGE TO ERROR CODE WHEN LARGE JSON PAYLOAD IN REQUEST
LI80910 INGRESS CONTROLLER MAY STOP PROCESSING REQUESTS AND HANG
LI80919 REDIRECT APPLICATION LINKS FROM THE API MANAGEMENT EMAILS WHEN THE USER IS NOT LOGGED IN TO THE DEVELOPER PORTAL
LI80920 API PRODUCT NOT VISIBLE FROM THE DEVELOPER PORTAL WITH SPECIFIC BROWSER SIZE
LI80930 DEVELOPER PORTAL MAY SHOW INCORRECT STATE FOR WEBHOOKS
LI80932 OPTIONS, FIELDS, AND MESSAGES FOR DIFFERENT OAUTH FLOWS NOT CLEAR IN PORTAL TRY IT TOOL
LI80933 API CONNECT REDACT POLICY WILL NOT REDACT AN XML ATTRIBUTE VALUE
LI80936 MAP POLICY TO ALLOW CUSTOMIZATION OF INPUT NOT FOUND MESSAGE SEVERITY
LI80940 USING WORD SUCH AS '/CORE' IN THE PORTAL URL MAY CAUSE THE PAGES OF THE SITE TO NOT LOAD CORRECTLY
LI80946 PORTAL SITE UPGRADE FAILS IF REMOTE BACKUP COPY FAILS
LI80963 GERMAN TRANSLATIONS IN THE APIC_API MODULE
LI80965 API CONNECT MIGRATION TOOL NOT CREATING CONSUMER ORGS WITH PDUR
LI80974 APIC V5086-IFIX - WSDLS THAT ARE IMPORTED REQUIRE ´/´ TO DESIGNATE THE PATH TO XSD IN WSDL SERVICE IMPORTS
LI80979 MAP POLICY API MANAGEMENT V4 COMPATIBILITY OPTION FOR CREATING  AN EMPTY OBJECT WHEN THE MAPPING FAILS
LI80980 PUBLISHES NOT SYNCED TO PORTAL/GATEWAY AFTER APIM POD RESTART - 409 ERRORS
LI80981 NATIVE APIC OAUTH SERVER URL ENCODING PASSWORDS
LI80984 INVOKE POLICY DEBUG ANALYTICS DOES NOT CAPTURE XML RESPONSE PAYLOADS
LI80988 CATALOG DEFAULT USER REGISTRY NOT RECOGNIZED AS THE DEFAULT IN DEVELOPER PORTAL SIGN IN/SIGN UP SCREENS
LI80993 NESTED ALLOF EXAMPLE REQUEST IS INCORRECT IN DEVELOPER PORTAL
LI80994
APICONNECT DEVELOPER PORTAL SECURITY ISSUES REPORTED BY APPSCAN - MISSING OR INSECURE "X-CONTENT-TYPE-OPTIONS" HEADER
LI80997 MULTIPLE WEBHOOK CALLS IN PARALLEL MAY RESULT IN SYNCHRONIZATION FAILURES
LI81002 APIM POD NOT PROPERLY GETTING THE COMPENSATOR LOCK RESULTING IN 409 ERRORS
LI81004 NGINX VULNERABILITY
LI81011 UBUNTU VULNERABILITIES
LI81013 DRUPAL VULNERABILITY
LI81014 SENSITIVE INFORMATION DISCLOSURE
LI81015 PORTAL DB CONTAINER FAILS TO START
LI81016 ADD RATE LIMITING TO API
LI81017 KUBERNETES DIRECTORY TRAVERSAL VULNERABILITY
LI81022 PORTAL SUPPORT FOR SAME USERNAME IN DIFFERENT USER REGISTRIES
LI81035 PRODUCT CHANGES NOT REFLECTED ON PORTAL/GATEWAY - SYNCH NULL ID
LI81046 USERS UNABLE TO LOGIN TO THE DEVELOPER PORTAL AFTER UPGRADING TO 2018.4.1.7
LI81051 THE APIC-PORTAL-APIC-PORTAL-DB PODS DO NOT FULLY START. THE DB CONTAINER DOES NOT START
LI81056 CUSTOM IMAGES CAUSE ERRORS IN APPLICATIONS WITH API CONNECT 2018.4.1.7
LI81059 APIC UPGRADE TO 2018.4.1.7 - DEVELOPER PORTAL OUT OF SYNC
LI81060 CONSUMER ORGANIZATION STILL SHOWS UP IN THE USER'S ORG MENU AFTER THE USER IS REMOVED FROM THE ORG
LI81061 ACCEPTING A RE-INVITATION TO A CONSUMER ORG DOES NOT WORK WHEN USING OIDC AND LANGUAGE SELECTION
LI81076 ASSEMBLY TEST TOOL MAY SEND AN INVALID CONTENT-TYPE HEADER FOR SOAP REQUESTS
LI81078 CREATE_SITE IN 4.1.7 FAILS TO CREATE SITES USING OLDER UI PLATFORMS
LI81079 PORTAL DISPLAYS RETIRED AND DELETED PRODUCTS
LI80180 SYSTEM ERROR REPORTED WHEN VISITING /NODE/ADD PAGE IN THE PORTAL
LI81081 LINK TO ORGANIZATION ANALYTICS PAGE IS MISSING FROM MY ORGANIZATION
LI81087 DUPLICATE APPS SEEN IN DEVELOPER PORTAL WHEN ONLY ONE WAS CREATE
*** Please note that links to some security related APARs may not be available in the table above.  This is intentional for security purposes. ***

Database technology used in this release:

IBM API Connect relies on SQL and no-SQL database technology to provide persistent storage of objects required for the function of the product.  Database technology requires fast and reliable storage and in the case of a highly available configuration, the database must perform adequately in a clustered configuration.  

GlusterFS: Testing of IBM API Connect when using GlusterFS has shown that GlusterFS does not provide the speed or reliability for any of the database technologies used in IBM API Connect and thus should not be considered for use as the clustered storage facility with this product.

AWS EBS: IBM API Connect deployed on Kubernetes in EC2 instances on AWS should make use of the AWS EBS storage solution with GP2 or IO1 type.

Before upgrading to 2018.4.1.7-iFix1.5, it is highly recommended to have automatic backups configured in your environment and at least one successful backup complete before performing this upgrade.

We advise all users of prior version of API Connect v2018.x to install this update to take advantage of the fixes.

For more information about this release, see API Connect Knowledge Center: What's new in this release.

Support lifecycle policy for IBM API Connect Version 2018.4.1.7-iFix1.5:

IBM API Connect 2018.4.1.7-iFix1.5 is fix pack to a Long-Term Supported (LTS) release.  API Connect 2018.4.1.7-iFix1.5 is a recommended product level for which support, including defect and security updates, will be provided through cumulative, in-place Fix Packs until the effective end of service (EOS) date for IBM API Connect 2018.4.1.x.  An LTS release is intended for customers that may need a longer-term deployment for their environment. For more information, see IBM API Connect v2018.x Support Lifecycle.

Downloads:

SPECIAL NOTE FOR CUSTOMERS WHO HAVE API CONNECT V2018.4.1.7 INSTALLED:

**this only affects customer have installed fixpack 2018.4.1.7.  Customers upgrading from earlier versions are NOT affected**
Problem Statement:
Upgrade to 2018.4.1.7 - log-in fails due to duplicate users in database

Firmware Impacted: 
Fixpack 2018.4.1.7 upgrade only - i.e. Upgrading from any release to FP7

Summary: 
Login fails for any users (except admin) which existed in the developer portal prior to upgrade to 2018.4.1.7

Work-around: 
Delete all duplicated users from the portal database.
This work-around will remove both of the user entities from the portal, both of which are invalid. A new user will be created from information from the management server. Unless the user entity has been customized with extra fields in a site then all of the information is retrieved from the management server and nothing is lost.

Steps:
- Log into the portal site as admin
- Go to the People page ( <site_url>/admin/people ).
- You will see duplicate entries for users who are unable to log in.
- Select the duplicate users then select 'Cancel the selected User account(s)' from the Action dropdown.
- Press 'Apply to selected items'
- The users will be recreated on login or update from the management server (which will happen automatically after installing this fix).

NOTE: If you have customized user entities in your developer portal then please contact IBM Support.

Full installation files for IBM API Connect 2018.4.1.7-iFix1.5 and the IBM API Connect 2018.4.1.7-iFix1.5 Toolkit files can be downloaded from Fix Central :

Description – File Name Date Published
IBM API Connect Management V2018.4.1.7-iFix1.5 Containers
September 13, 2019
IBM API Connect Developer Portal V2018.4.1.7-iFix1.5 Containers
September 13, 2019
IBM API Connect Analytics V2018.4.1.7-iFix1.5 Containers
September 13, 2019
IBM API Connect Management V2018.4.1.7-iFix1.5 for VMWare
September 13, 2019
IBM API Connect Developer Portal V2018.4.1.7-iFix1.5 for VMWare
September 13, 2019
IBM API Connect Analytics V2018.4.1.7-iFix1.5 for VMWare
September 13, 2019
IBM API Connect Install Assist V2018.4.1.7-iFix1.5 for Linux
September 13, 2019
IBM API Connect Install Assist V2018.4.1.7-iFix1.5 for Mac
September 13, 2019
IBM API Connect Install Assist V2018.4.1.7-iFix1.5 for Windows
September 13, 2019
IBM API Connect Toolkit V2018.4.1.7-iFix1.5 for Linux
September 13, 2019
IBM API Connect Toolkit V2018.4.1.7-iFix1.5 for Mac
September 13, 2019
IBM API Connect Toolkit V2018.4.1.7-iFix1.5 for Windows
September 13, 2019
IBM API Connect Toolkit Designer with Loopback V2018.4.1.7-iFix1.5 for Linux
September 13, 2019
IBM API Connect Toolkit Designer with Loopback V2018.4.1.7-iFix1.5 for Mac
September 13, 2019
IBM API Connect Toolkit Designer with Loopback V2018.4.1.7-iFix1.5 for Windows
September 13, 2019
IBM API Connect V2018.4.1.7-iFix1.5 Analytics .OVA Upgrade File
September 13, 2019
IBM API Connect V2018.4.1.7-iFix1.5 Management Server .OVA Upgrade File
September 13, 2019
IBM API Connect V2018.4.1.7-iFix1.5 Developer Portal .OVA Upgrade File
September 13, 2019
IBM DataPower Gateway for Docker Production Edition v2018.4.1.7
idg_dk2018417.lts.prod.tar.gz
August 28, 2019
IBM DataPower Gateway for Docker Non-Production Edition v2018.4.1.7
idg_dk2018417.lts.nonprod.tar.gz
August 28, 2019
Kubernetes DataPower Monitor v2018.4.1.7
August 28, 2019

Ensure that you have read and understood the installation instructions for OVAs and Containers before downloading and using the installation files. You can find detailed installation instructions in IBM API Connect Knowledge Center -- Installing API Connect .

Beginning with API Connect v2018.4.1.4, files for ICP Installation will be provided outside of the main fix pack availability but generally within a week of the fix pack, or subsequent iFix, availability date.  Please see the table below for the availability and download links from Fix Central.

ICP Installation Files for API Connect v2018.4.1.7-ifix1.0

Description – File Name Date Published
IBM API Connect ICP Enterprise V2018.4.1.7-ifix1.5
IBM_API_Connect_ICP_Enterprise_2018.4.1.7-iFix1.5
September 18, 2019
IBM API Connect ICP Professional V2018.4.1.7-ifix1.5
IBM_API_Connect_ICP_Professional_2018.4.1.7-iFix1.5
September 18, 2019

IBM API Connect Local Test Environment is now available

The IBM API Connect Local Test Environment allows you to test APIs on your local machine, without the need to connect to an API Connect management server.  For more details, please see the IBM Knowledge Center

Description – File Name Date Published
IBM API Connect Local Test Environment
apic-lte-2018.4.1-15.zip
August 13, 2019

What is Fix Central (FC)?

[{"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Product":{"code":"SSMNED","label":"IBM API Connect"},"Component":"Not Applicable","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"2018.4.1.0;2018.4.1.1, 2018.4.1.2, 2018.4.1.3, 2018.4.1.4, 2018.4.1.5, 2018.4.1.6, 2018.4.1.7","Edition":""}]

Document Information

Modified date:
24 September 2019

UID

ibm10961582