News
Abstract
IBM API Connect V2018.4.1.17-ifix2 is now available. This update includes an important security update for the LOG4J vulnerability and field reported fixes.
Content
IBM API Connect 2018.x delivers enhanced capabilities for the market-leading IBM API Management solution. In addition to the ability to deploy in complex, multi-cloud topologies, this version provides enhanced experiences for developers and cloud administrators at organizations.
The API Connect v2018.4.1.17-ifix2 update includes important security fixes. See the "What's New" topic in the API Connect IBM Documentation for more information on what's included in API Connect v2018.4.1.17.
- A special note regarding a lack of a fix pack 14: IBM API Connect v2018.4.1.14 was skipped purely from a numbering perspective to resume the synchronized releases between IBM API Connect and IBM DataPower Gateway.
Please read the following section for special updates regarding upgrading from earlier versions of API Connect v2018.4.1.x and for customers looking to upgrade to API Connect v10.0.1.x
- A special note on upgrades from prior versions of API Connect v2018.4.1.x: API Connect v2018.4.1.5 is now a prerequisite for API Connect v2018.4.1.17 for VMWare (.OVA) deployments. You cannot upgrade your API Connect topology to 2018.4.1.17 without first being at least at the v2018.4.1.5 level. Again, this restriction applies only to VMWare (.OVA) deployments only of IBM API Connect v2018.4.1.9. This is due to the level of Kubernetes deployed with the VMWare (.OVA) installation of IBM API Connect v2018.4.1.17 and restrictions around skipping levels of Kubernetes when upgrading. Additionally, a Control Plane file is required if you are upgrading from v2018.4.1.5 or v2018.4.1.6 to v2018.4.1.17 (VMWARE .OVA only). Reference the Upgrade Instructions page in the API Connect IBM Documentation.
- An additional note on upgrade procedures for DataPower Gateway high-availability clusters. The upgrade procedure for DataPower Gateway has new steps for upgrading high-availability clusters, to ensure that a single gateway is running as primary for all gateway-peering definitions, and that the primary gateway is upgraded last. See the "What's New" topic in the API Connect IBM Documentation for more information on this and new features included in API Connect v2018.4.1.17.
- Customers seeking to upgrade to API Connect v10.0.1.x: The supported upgrade path for API Connect v2018.4.1.x to API Connect v10.0.1.x on Kubernetes is documented in IBM Documentation. See also API Connect Upgrade Central: v2018 to v10
API Connect v2018.4.1.17 contains the following field reported APARs:
| APAR | Summary |
| LI81318 | TOOLKIT / DESIGNER 2018 REGEX PATTERN PREVENT TO PUBLISH |
| LI81563 | NO NEW ANALYTICS DATA BEING LOGGED |
| LI81671 | LOSS OF PRODUCT CATEGORIES AFTER SAVING FROM THE SETUP INFORMATION DESIGN TAB |
| LI81730 | PORTAL USER REGISTRATION FAILS WHEN USING CUSTOM SIGN-UP TEMPLATE. |
| LI81791 | VIEWING ANALYTICS FAILS WHEN SETTING A CUSTOM CERTIFICATE FOR ANALYTICS-CLIENT CLIENT CA CERTIFICATES. |
| LI81862 | USING $REF TO REUSE CODE FRAGMENTS DOES NOT WORK WITH OASV3 SPEC FILES |
| LI81892 | ANALYTICS-INGESTION POD KEEPS RESTARTING. (JAVA.LANG.OUTOFMEMORYERROR: JAVA HEAP SPACE) |
| LI81940 | FORBIDDEN ERROR WHEN ATTEMPTING TO ADD MEMBER - USER HAS MEMBER:MANAGE PERMISSIONS |
| LI81982 | IMPORTING OR CREATING A NEW VERSION OF AN EXISTING API ADDS AN EXTRA INVOKE, PROXY, PARSE OR OTHER POLICY |
| LI82041 | CREATING A (SOAP PROXY) USING IBM API CONNECT FROM MULTIPART WSDL FILE VIA API MANAGER ISSUED AND ERROR |
| LI82064 | DEVELOPER PORTAL TEST TOOL DOES NOT USE THE CORRECT CONTENT-TYPE WHEN CALLING THE API FOR APPLICATION/X-WWW-FORM-URLENCODED |
| LI82081 | IN API ASSEMBLE INVOKE POLICY THE PASSWORD FIELD BEEN AUTOFILLED |
| LI82085 | WHEN REPLACING API / PRODUCT THE CONTENT LINKS POINT TO NODES THAT HAVE BEEN DELETED |
| LI82120 | DRUPAL CORE - CRITICAL - CROSS-SITE SCRIPTING - SA-CORE-2021-002 |
| LI82121 | The Portal dbstatus and status scripts report Mysql down while it's running. |
| LI82143 | TOKEN URL SET AS RELATIVE PATH EVEN THOUGH $(CATALOG.URL) IS SET AUTOMATICALLY IN API DEFINITION |
| LI82161 | CREATING AN API FROM WSDL FAILS TO READ A SCHEMA THAT HAS A SPACE IN AN END TAG |
| LI82168 | DEVELOPER PORTAL API TEST TOOL SHOULD SEND GRANT_TYPE AND SCOPE IN FORM BODY INSTEAD OF QUERY PARAMETERS |
| LI82170 | DROPDOWN FOR CONSUMER ORGANIZATION NOT RESPONDING |
| LI82172 | CIPHER UPDATES |
| LI82175 | WSDL FILE WITH `.XML` EXTENSION CAUSES IMPROPER GENERATION AND ERRORS |
| LI82207 | MAP POLICY DOES NOT PROPERLY RESOLVE MAP VARIABLE REFERENCE WITH ESCAPED PERIODS. |
| LI82212 | PRODUCTS WITH VISIBILITY SET TO AUTHENTICATED AND STILL BE LOADED |
| LI82213 | API TAKES FOR EVER TO RENDER AND WEB PAGE FINALLY CRASHES |
| LI82218 | DUPLICATE API APPEARS IN PORTAL |
| LI82228 | POSSIBLE TO SEE THE TITLE OF OTHER USER'S APPLICATIONS IF KNOW THE NID |
| LI82260 | API Connect Drupal update |
| LI82279 | GO UPDATE |
| LI82290 | Drupal SA-CORE-2021-003 |
| LI82291-1 LI82291-2 |
Golang CVE-2021-33194 CVE-2021-31525 |
| LI82295 | GOLANG CVE-2020-24553 |
| LI82297 | Drupal dated modernizr library update |
| Drupal CKeditor vulnerabilities | |
| LI82292 | Drupal SA-CORE-2021-004 |
API Connect v2018.4.1.17-ifix1.0 contains the following field reported and security APARs:
| APAR | Summary |
| LI82330 | WHEN INVITING DEVELOPERS TO AN ORGANIZATION IN DEV PORTAL, DEVELOPER SIGNS UP BUT ARE ASSIGNED A NEW ORG HELP |
| LI82422 | TRYIT ->GENERATE FEATURE PRODUCES BAD JSON EXAMPLES |
| API Connect - Drupal SA-CORE-2021-011 | |
| LI82440 |
API Connect - LOG4J CVE
PVR0309953 -- CVE-2021-44228 -- Critical |
API Connect v2018.4.1.17-ifix2.0 contains the following field reported and security APAR:
| APAR | Summary |
| LI82449 | LOG4J CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832 |
| LI82466 | CONSUMER ORGANIZATION INVITATION FOR EXISTING USERS DOESN'T WORK PROPERLY |
*** Please note that links to some security related APARs may not be available in the table above. This is intentional for security purposes. ***
Database technology used in this release:
IBM API Connect relies on SQL and no-SQL database technology to provide persistent storage of objects required for the function of the product. Database technology requires fast and reliable storage and in the case of a highly available configuration, the database must perform adequately in a clustered configuration.
GlusterFS: Testing of IBM API Connect when using GlusterFS has shown that GlusterFS does not provide the speed or reliability for any of the database technologies used in IBM API Connect and thus should not be considered for use as the clustered storage facility with this product.
AWS EBS: IBM API Connect deployed on Kubernetes in EC2 instances on AWS should make use of the AWS EBS storage solution with GP2 or IO1 type.
We advise all users of prior version of API Connect v2018.x to install this update to take advantage of the fixes.
For more information about this release, see API Connect IBM Documentation: What's new in this release.
Important notes on upgrading to 2018.4.1.17-ifix2:
When upgrading to Version 2018.4.1.17-ifix2, you must complete a manual backup just before starting the upgrade. The manual backup is required because the upgrade can take an extended period of time. See Requirements for upgrading on VMware and Requirements for upgrading on Kubernetes.
- Starting with IBM API Connect Version 2018.4.1.11, writable LDAP user registries can be used only for onboarding and authenticating Developer Portal users. A writable LDAP user registry cannot be used to authenticate Cloud Manager and API Manager users. If you already have a writable LDAP user registry for use with the Cloud Manager or the API Manager, you must update the registry to be read-only by changing the User Managed property to be false.
- Starting with IBM API Connect Version 2018.4.1.9iFix1, after completion of the upgrade, some tasks may have stopped running. See Requirements for upgrading on VMware and Requirements for upgrading on Kubernetes describing action to take.
Finally, a Control Plane file is required if you are upgrading from v2018.4.1.5 or v2018.4.1.6 to v2018.4.1.17-ifix2 (VMWARE .OVA only). Reference the Upgrade Instructions page in the API Connect IBM Documentation.
Support lifecycle policy for IBM API Connect Version 2018.4.1.17-ifix2:
IBM API Connect 2018.4.1.17 is fix pack to a Long-Term Supported (LTS) release. API Connect 2018.4.1.17 is a recommended product level for which support, including defect and security updates, will be provided through cumulative, in-place fix packs until the effective end of service (EOS) date for IBM API Connect 2018.4.1.x. An LTS release is intended for customers that may need a longer-term deployment for their environment. For more information, see IBM API Connect v2018.x Support Lifecycle.
Downloads:
Full installation files for IBM API Connect 2018.4.1.17-ifix2 and the IBM API Connect 2018.4.1.17-ifix2 Toolkit files can be downloaded from Fix Central :
| Description – Filename | Date Published |
|
IBM API Connect Management V2018.4.1.17-ifix2.0 Containers
|
13 January 2022 |
|
IBM API Connect Developer Portal V2018.4.1.17-ifix2.0 Containers
|
13 January 2022 |
|
IBM API Connect Analytics V2018.4.1.17-ifix2.0 Containers
|
13 January 2022 |
|
IBM API Connect Management V2018.4.1.17-ifix2.0 for VMWare
|
13 January 2022 |
|
IBM API Connect Developer Portal V2018.4.1.17-ifix2.0 for VMWare
|
13 January 2022 |
|
IBM API Connect Analytics V2018.4.1.17-ifix2.0 VMWare
|
13 January 2022 |
|
IBM API Connect Installation Assist V2018.4.1.17-ifix2.0 for Linux®
|
13 January 2022 |
|
IBM API Connect Installation Assist V2018.4.1.17-ifix2.0 for Mac
|
13 January 2022 |
|
IBM API Connect Installation Assist V2018.4.1.17-ifix2.0 for Windows
|
13 January 2022 |
|
IBM API Connect Toolkit V2018.4.1.17-ifix2.0 for Linux®
|
13 January 2022 |
|
IBM API Connect Toolkit V2018.4.1.17-ifix2.0 for Mac
|
13 January 2022 |
|
IBM API Connect Toolkit V2018.4.1.17-ifix2.0 for Windows
|
13 January 2022 |
|
IBM API Connect Toolkit Designer with Loopback V2018.4.1.17-ifix2.0 for Linux®
|
13 January 2022 |
|
IBM API Connect Toolkit Designer with Loopback V2018.4.1.17-ifix2.0 for Mac
|
13 January 2022 |
|
IBM API Connect Toolkit Designer with Loopback V2018.4.1.17-ifix2.0 for Windows
|
13 January 2022 |
|
IBM API Connect V2018.4.1.17-ifix2.0 Analytics.OVA Upgrade File
|
13 January 2022 |
|
IBM API Connect V2018.4.1.17-ifix2.0 Management Server.OVA Upgrade File
|
13 January 2022 |
|
IBM API Connect V2018.4.1.17-ifix2.0 Developer Portal.OVA Upgrade File
|
13 January 2022 |
| IBM DataPower Gateway for Docker Production Edition v2018.4.1.17 idg_dk20184117.lts.prod.tar.gz |
6 August 2021 |
| IBM DataPower Gateway for Docker Non-Production Edition v2018.4.1.17 idg_dk20184117.lts.nonprod.tar.gz |
6 August 2021 |
|
Kubernetes DataPower Monitor v2018.4.1.17
|
6 August 2021 |
|
Security Signature Bundle File for API Connect v2018.4.1.17-ifix2.0 Files
|
13 January 2022 |
Ensure that you have read and understood the installation instructions for OVAs and Containers before downloading and by using the installation files. You can find detailed installation instructions in IBM API Connect Documentation -- Installing API Connect
IBM API Connect Control Plane for OVA upgrades
When upgrading from v2018.4.1.5 through v2018.4.1.8, on VMWare only, one or more Control Plane files must be downloaded and installed to bring Kubernetes to a supported release level. For more details, see Step 5 of the Upgrade Instructions in the API Connect IBM Documentation.
| Description – Filename | Date Published |
|
IBM API Connect 1.14.0 Control Plane File for OVA (optional)
|
2 March 2020 |
|
IBM API Connect 1.15.0 Control Plane File for OVA (optional)
|
2 March 2020 |
|
IBM API Connect 1.16.0 Control Plane File for OVA (optional)
|
4 September 2020 |
|
IBM API Connect 1.17.0 Control Plane File for OVA (optional)
|
1 Feb 2021 |
|
IBM API Connect 1.18.0 Control Plane File for OVA (optional)
|
2 April 2021 |
|
IBM API Connect 1.19.0 Control Plane File for OVA (optional)
|
6 August 2021 |
IBM API Connect Local Test Environment is now available
The IBM API Connect Local Test Environment allows you to test APIs on your local machine, without the need to connect to an API Connect management server. For more details, see the IBM Documentation
| Description – Filename | Date Published |
| IBM API Connect Local Test Environment apic-lte-2018.4.17-165.zip |
6 August 2021 |
Was this topic helpful?
Document Information
Modified date:
19 January 2022
UID
ibm16478999