News
Abstract
IBM® API Connect v10.0.4.0-ifix1 is now available. This update includes an important security update for the LOG4J vulnerability and field reported fixes.
Content
IBM® API Connect v10.0.4.0-ifix1 delivers enhanced capabilities for the market-leading IBM® API Management solution.
For new deployments: You can do a full installation that uses 10.0.4.0-ifix1
For more information about API Connect v10.0.4.0-ifix1, see API Connect IBM® Documentation Center "What's New"
For more information about API Connect v10.0.4.0-ifix1, see API Connect IBM® Documentation Center "What's New"
When upgrading from API Connect v10.0.1.2 or greater on VMware: There are no special considerations required. Apply 10.0.4.0-ifix1. Follow the instructions here. The steps apply when upgrading from v10.0.1.2 (with or without ifixes) to v10.0.4.0-ifix1.
When upgrading from API Connect v10.0.1.1 or earlier: Read the following section:
- Special note when API Connect v10.0.1.1 or earlier is deployed that uses Virtual Appliances (OVAs) on VMware: v10.0.4.0-ifix1 includes virtual appliances with a newer version of the operating system that requires a version migration to new virtual appliances. This procedure must be completed to move your product data. If the deployment is on v10.0.1.2 or greater this method does not apply. If you are performing a fresh installation of v10, it is highly recommended you begin with the latest delivery of v10.
- Special note when API Connect v10.0.1.1 or earlier is deployed on OpenShift v4 or any other Kubernetes platforms: Due to changes in Kubernetes operator, you must first upgrade to 10.0.1.2-ifix2, and then apply v10.0.4.0-ifix1. Find information on upgrading to v10.0.1.2-fix2
API Connect v10.0.4.0-ifix1 contains the following field reported APARs:
| APAR | Summary |
| LI82440 | API Connect - LOG4J CVE PVR0309953 -- CVE-2021-44228 -- Critical |
| LI82449 | LOG4J CVE-2021-45046 AND CVE-2021-45105 |
| LI82043 | ADVANCED PUBLISH CAUSES ADDITIONAL APPROVAL EMAILS FOR SUBSCRIPTIONS PENDING APPROVAL |
| LI82023 | ENFORCE EMAIL UNIQUENESS IN USER REGISTRIES USED BY PORTAL SITE |
| LI82336 | OAI3: BASIC AUTH ALLOWED WITHOUT X-IBM VENDOR EXTENSIONS CAUSING A CONFIGURATION WITHOUT SECURITY TO BE PUBLISHED |
| LI82327 | API CALL FAILS WITH 500 ERROR DUE TO BAD WDSL |
| LI81983 | TEST EMAIL BUTTON IN EMAIL SERVER CONFIGURATION DOES NOT APPLY SELECTED TLS CLIENT PROFILE AND USE DEFAULT TLS CLIENT PROFILE IN |
| LI82345 | Web Application Default Page Found |
| LI82320 | IN API MANAGER THE "VIEW ENDPOINT" FUNCTION UNDER "MANAGE APIS" DISPLAY THE WRONG URL |
| LI82325 | OPENING AN API WITH VALIDATION ERROR CAUSES UI HANGS |
| LI82331 | Cannot save Security Schema info correctly. |
| LI82339 | UPGRADE FROM FP2 TO FP4 FAILS WITH RUNNING BOOTSTRAP POD IF MANAGEMENT RESTORE HAS BEEN CARRIED OUT BEFORE UPGRADE |
| LI82318 | ERROR 502 BAD GATEWAY WHEN NAVIGATING THE API MANAGER UI |
| LI82284 | V10 UPGRADE FAILS DUE TO BAD DATA IN DRAFT_API |
| LI82078 | HTTP 403 ERROR OCCUR UNEXPECTEDLY WHEN EDIT PLAN. |
| LI81939 | X-IBM-OAUTH-PROVIDER OAUTH2 SECURITY PROPERTY MISSING FROM SECURITY SCHEMES WHEN PUBLISHING OAI3 SECURED WITH OAUTH2 |
| LI82280 | LONG LOADING TIMES FOR APIC MANAGER WHEN USED IN CP4I AFTER LOGIN |
| LI82237 | BODY GREYED OUT FOR DELETE OPERATIONS |
| LI82255 | APPLICATION AUTHENTICATION OPTION IS MISSING IN THE OPENAPI V3.0 EDITOR UI |
| LI82270 | FOR OPENAPI V3.0 THE API OPERATION PATHS DO NOT RENDER IN A LOCAL EXPLORER WHEN CERTIFICATE IS SET TO TRUE |
| LI82269 | SOME OAUTH FLOW TYPES ARE MISSING IN THE OPENAPI V3.0 EDITOR UI |
| LI81795 | API CONNECT TOOLKIT DESIGNER CREATES YAML FILE WITH REF PATH OS DEPENDENT |
| LI81392 | PARAMETER WITH DATE FORMAT IS INCORRECT IN PORTAL WHEN API IS PUBLISHED USING CLI |
| LI82306 | APIC 10.0.2.0 upgrade impossible |
| LI82060 | allowlist_ip (introduced with APAR LI81281) does not work for drupal "Honeypot module" |
| LI82302 | OPERATIONS WITH A LOT OF NESTING TAKE A LONG TIME TO LOAD |
| LI82330 | WHEN INVITING DEVELOPERS TO AN ORGANIZATION IN DEV PORTAL, DEVELOPER SIGNS UP BUT ARE ASSIGNED A NEW ORG HELP |
| LI82213 | API TAKES FOR EVER TO RENDER AND WEB PAGE FINALLY CRASHES |
| LI82252 | CAPTCHA REPLAY VULNERABILITY |
| LI82277 | PVC DATA CORRUPTION AND AN INVALID CACHE DIRECTORY STRUCTURE MEAN'T ONE POD WAS UNABLE TO START. |
| LI82273 | EXPLORER COLLECTIONFORMAT QUERY PARAMETER GENERATES INVALID URL |
| LI82305 | DELAY IN PORTAL SITE CREATION |
| LI81950 | ANALYTIC FEATURE "CREATE NEW DASHBOARDS" NOT VISIBLE TO USERS ADDED ON SPACE LEVEL |
| LI82207 | MAP POLICY DOES NOT PROPERLY RESOLVE MAP VARIABLE REFERENCE WITH ESCAPED PERIODS |
| LI82227 | PARTIAL PUBLISH - UNABLE TO RETAIN V5 VANITY ENDPOINT BEHAVIOR |
| LI82276 | VALIDATE POLICY DOES NOT ACCEPT CONTENT TYPE TEXT/JSON AS JSON |
| LI82301 | UI ERROR IN CONSUMER ORGANIZATION MULTIPLE USER INVITES |
| LI82303 | EDIT PRODUCT PLAN - ERROR -ONLY ABSOLUTE URLS ARE SUPPORTED FOR OFFLINE DESIGNER |
| LI82324 | CONNECTIVITY ISSUE MAY CAUSE POSTGRES DB BACKUP CONFIG TO BE DETECTED AS CHANGED |
| LI82334 | UI: API OFFLINE ONLINE MENU IS DISABLED FOR USER WITH CATALOG LEVEL ONLY PERMISSION |
| LI82344 | Null default payment method fails the snapshot processing |
| LI82192 | DEVELOPER PORTAL SECURITY MODULES BANS OWN IP ADDRESS (OVA) |
| LI82300 | CANNOT USE INLINE SCHEMA EDITOR IN MAP POLICY AT V10.0.1.4 |
| LI82398 | PASSWORD RESET FAILS FOR PORTAL SITES |
| LI82210 | PORTAL REGISTRATION FAILS REPORTING MISMATCHED ENDPOINTS. |
| LI82221 | IMPORTING OAS3.0 JSON SLOW PERFORMANCE WHILE EDITING |
| LI82212 | PRODUCTS WITH VISIBILITY SET TO AUTHENTICATED AND STILL BE LOADED |
| LI82228 | POSSIBLE TO SEE THE TITLE OF OTHER USER'S APPLICATIONS IF KNOW THE NID |
| LI82267 | 2DCHA NOT ABLE TO SET BOTH PORTAL CLUSTERS TO PASSIVE |
| LI82101 | INTERMITTENT 503 ERROR WHEN TESTING APIS IN MANAGER UI |
| LI82217 | SPECIFIC PROPERTY NAME 'OWNER_URL' IS BLOCKING API FROM BEING PUBLISHED |
| LI81829 | ANALYTICS OVAS NOT STARTING UP WHEN MQ IS ENABLED |
| LI82275 | PORTAL SITES NOT ACCESSIBLE AFTER 2DCHA FAILOVER |
| LI82279 | GO update |
| LI82116 | APIC OPERATOR'S GATEWAYCLUSTER CONTROLLER SHOULD CONFIGURE A GATEWAY-PEERING INSTANCE FOR THE RATELIMIT-MODULE |
| LI82282 | OAuth redirect url of app which is extracted by migration utility is not correct |
| LI82297 | Drupal dated modernizr library update |
| LI82120 | DRUPAL CORE - CRITICAL - CROSS-SITE SCRIPTING - SA-CORE-2021-002 |
| LI82290 | Drupal SA-CORE-2021-003 |
| LI82260 | API Connect Drupal update |
| LI82295 | Golang CVE-2020-24553 |
| LI82291-1 LI82291-2 |
Golang CVE-2021-33194 CVE-2021-31525 |
| LI82271 | LDAP LOGIN FAILS IF DN HAS SPECIAL CHARACTERS AND GROUP MAPPING FEATURE IS ENABLED |
| LI82312 | MEMBER INVITATION EMAILS NOT BEING RECEIVED |
| LI82076 | HIGH ANALYTICS-STORAGE MEMORY USAGE ON OVA |
| LI82292 | Drupal SA-CORE-2021-004 |
| LI82346 | Portal does not show API fields correctly |
| LI82180 | DUPLICATE API APPEARS IN PORTAL |
| LI82180 | PORTAL 2DCHA FAILOVER MYSQL ERRORS |
| LI82180 | THE "SELECT PLAN" DISAPPEARS ON THE SELECT PLAN SUBSCRIPTION WIZARD |
| LI82354 | CP4I INSTALLATION - FLASH FILES FOUND IN APIC 10.0.3.0-IFIX1-351 (APIC IMAGE) |
| LI82191 | NATSCLUSTER PODS MAY FAIL TO UPGRADE |
| LI82195 | API WSDL files are different while downloading from Portal site and using API Gateway endpoint with ?wsdl. |
| LI82236 | UDP VERSION IS NOT SHOWN IN THE ASSEMBLY FLOW |
| LI82235 | UDP IS SHOWN MULTIPLE TIMES IN THE ASSEMBLY PALETTE |
| LI82648 |
ERRORS MIGRATING OIDC APIS FROM V5 TO V10
|
Downloads:
Full installation files for IBM® API Connect v10.0.4.0-ifix1 can be downloaded with proper entitlement from Fix Central.
| Description – Filename | Date Published |
|
IBM® API Connect Analytics v10.0.4.0-ifix1 for VMWare
|
14 January 2022 |
|
IBM® API Connect v10.0.4.0-ifix1 Local Test Environment
|
14 January 2022 |
|
IBM® API Connect v10.0.4.0-ifix1 Local Test Environment for Linux
|
14 January 2022 |
|
IBM® API Connect v10.0.4.0-ifix1 Local Test Environment for OSX
|
14 January 2022 |
|
IBM® API Connect v10.0.4.0-ifix1 Local Test Environment for Windows
|
14 January 2022 |
|
IBM® API Connect v10.0.4.0-ifix1 for Containers
|
14 January 2022 |
|
IBM® API Connect Operator Release Files v10.0.4.0-ifix1 for Containers
|
14 January 2022 |
|
IBM® API Connect Install Assist v10.0.4.0-ifix1 for Linux®
|
14 January 2022 |
|
IBM® API Connect Install Assist v10.0.4.0-ifix1 for Mac
|
14 January 2022 |
|
IBM® API Connect Install Assist v10.0.4.0-ifix1 for Windows
|
14 January 2022 |
|
IBM® API Connect Management v10.0.4.0-ifix1 for VMWare
|
14 January 2022 |
|
IBM® API Connect Developer Portal v10.0.4.0-ifix1 for VMWare
|
14 January 2022 |
|
IBM® API Connect Toolkit v10.0.4.0-ifix1 for Linux®
|
14 January 2022 |
|
IBM® API Connect Toolkit Designer with Loopback v10.0.4.0-ifix1 for Linux®
|
14 January 2022 |
|
IBM® API Connect Toolkit Designer with Loopback v10.0.4.0-ifix1 for Mac
|
14 January 2022 |
|
IBM® API Connect Toolkit Designer with Loopback v10.0.4.0-ifix1 for Windows
|
14 January 2022
|
|
IBM® API Connect Toolkit with Loopback v10.0.4.0-ifix1 for Linux®
|
14 January 2022 |
| IBM® API Connect Toolkit with Loopback v10.0.4.0-ifix1 for Mac | 14 January 2022 |
| IBM® API Connect Toolkit with Loopback v10.0.4.0-ifix1 for Windows | 14 January 2022 |
|
IBM® API Connect Toolkit v10.0.4.0-ifix1 for Mac
|
14 January 2022 |
|
IBM® API Connect Toolkit v10.0.4.0-ifix1 for Windows
|
14 January 2022 |
|
IBM® API Connect Analytics v10.0.4.0-ifix1 Upgrade File
|
14 January 2022 |
|
IBM® API Connect v10.0.4.0-ifix1 Management Server Upgrade File
|
14 January 2022 |
|
IBM® API Connect v10.0.4.0-ifix1 Portal Upgrade File
|
14 January 2022 |
|
IBM® API Connect v10.0.4.0-ifix1 Security Signature Bundle File
|
14 January 2022
|
IBM API Connect Control Plane for OVA upgrades
When upgrading on VMWare the following Control Plane files may be required to be downloaded and installed to bring Kubernetes to a supported release level. For more details, see Step 4 of the Upgrade Instructions in the API Connect IBM Documentation.
| Description – Filename | Date Published |
|
IBM API Connect 10.0.4.0-ifix1 Control Plane File for OVA (optional)
|
12 Jan 2022 |
API Connect v10.0.4.0-R7 Migration Utility
| Description – Filename | Date Published |
|
IBM® API Connect Migration Utility v10.0.4.0-R7
|
17 Jun 2022 |
[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMNED","label":"IBM API Connect"},"ARM Category":[{"code":"a8m50000000L0rvAAC","label":"API Connect"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]
Was this topic helpful?
Document Information
Modified date:
01 December 2022
UID
ibm16541170