Download
Downloadable File
| File link | File size | File description |
|---|---|---|
Abstract
Lists of fixes in IBM DataPower Gateway 10.6.0.x fix packs.
Download Description
Fix packs and firmware images are located in either Fix Central, Passport Advantage, or the Entitled Registry.
In IBM Knowledge Center you can find information about new and changed features, limitations, and restrictions.
- For new features, see What's new.
- For changes, see What's changed.
- For limitations and restrictions, see the Known limitations and restrictions.
Attention: In the next LTS, you cannot modify the browser URL to access the WebGUI.
Host keys and establishing an SSH session
10.6.0.4 - The DataPower SSH server now supports ECDSA and ED25519 SSH host keys. After you upgrade, ECDSA and ED25519 keys are generated. After the upgrade, The SSH handshake chooses one of these stronger algorithms over RSA. As a result, you might see a receive a warning about the change to the host identification, which is expected due to the key update.
Updated component firmware on HSM-equipped appliances to 2.09-0702
10.6.0.2 updates HSM-equipped appliances to support FIPS 140-3.
- For HSM-equipped appliances with component firmware 2.09-0702 and later, the following restrictions apply.
- The key transport algorithm must be
rsa-oaep-mgf1porrsa-oaep. - OAEP parameters are unsupported.
- The OAEP digest algorithm cannot be
md5andripemd160. - For the
rsa-oaepkey transport algorithm, the OAEP digest algorithm and the MGF algorithm must match.
- The key transport algorithm must be
- For HSM-equipped appliances with component firmware 2.04-49 and earlier, the key transport algorithm must be
rsa-1_5.
Library upgrade to support TLS
10.6.0.0 includes an updated library to support TLS and cryptographic operations. The updated crypto library improves security and usability, but the added complexity of this implementation comes with a performance cost. This update is needed to maintain the proper security posture, which includes CVE updates.
Important
- Before you install any fix pack or firmware image, review DataPower® Knowledge Collection on firmware updates.
- For more information about how to download DataPower® fix packs, see Fix download method.
- To download from Fix Central, go to the Fix Central.
- To download from Passport Advantage, go to the Passport Advantage Online for customers.
- 10.6.0.8 Includes new features.
- 10.6.0.7
- 10.6.0.6 Includes new features.
- 10.6.0.5 Includes new features.
- 10.6.0.4 Includes new features.
- 10.6.0.3 Includes new features.
- 10.6.0.2 Includes new features.
- 10.6.0.1 Includes new features.
- 10.6.0.0 Initial release and includes all APARs in 10.5.0.11.
10.6.0.8
Release date: 10 December 2025
Last modified: 10 December 2025
Status: Available
APAR | Description |
| DT420234 | DataPower might restart if ITX DPA file cannot be read |
| DT423135 | Login failure from one user might cause intermittent errors for other users |
| DT446795 | Analytics service remains in DataPower after unassociating in API Manager |
| DT448180 | DataPower might restart when using certificate authentication to log in over SSH and using the -n or -t flags. |
| DT448224 | DataPower might restart when OpenTelemetry is enabled and an AAA policy runs JWT actions |
| DT448972 | New UI: Processing policies with hundreds of rules can fail to load in the editor. |
| DT449315 | DataPower might reload when using GatewayScript FS module |
| DT449434 | REST or new UI requests for large backups or exports might fail with the max node size exceeded message |
| DT449619 | Edit Web Service Proxy with MQV9+ remote gives HTTP 503 |
| DT449835 | Some SNMP OIDs are missing |
| DT450554 | Make GatewayScript engine lightweight |
| DT450353 | API call returns 401 error due to deleted API definitions being chosen |
| DT451049 | Network error when the remote server is unstable and GWS uses multiple urlopener APIs |
| DT451647 | When viewing certificate details, some details might not be displayed |
| DT451656 | Cannot access tenant UI after changing the idle timeout for the tenant web management service. |
| DT451718 | API gateway stylesheet cache not cleared when user registry is deleted |
| DT452211 | DataPower HTTP TLS client might hang if server closes connection during handshake |
| DT452230 | Enhance schema validation of operation-switch policy in API YAML |
| DT454318 | JWT Validate action does not get the property value correctly for "request.parameters.*" |
| DT454655 | DataPower might restart if AMQP broker disconnects unexpectedly. |
| DT454833 | DataPower might reload if resource consumption from the strict rate limit cache persists when the domain is being disabled. |
| DT456571 | DataPower might restart when an unresponsive gateway peer triggers an invalid TMS response. |
| DT457308 | Console log targets can go down after configuration |
| DT457316 | Memory growth when using HTTP Bearer security scheme due to missing URL resource and response payload releases |
| DT457361 | Duplicate API registries when processing snapshot |
| DT457446 | REST requests to the file store do not enforce depth limit if depth=0 |
| DT457536 | Validate parameters with exclusiveMinimum and exclusiveMaximum |
| DT457616 | After modifying extension file, Filestore type gateway extension files disappears |
| DT457652 | TypeError during peer enrollment |
| DT457828 | Gateway might reload when token management cache provides an invalid or empty response |
| DT458264 | Messages might be routed to the wrong queue when an MQ task restarts |
10.6.0.7
Release date: 3 October 2025
Last modified: 3 October 2025
Status: Available
APAR | Description |
| DT419120 | After change the basic authentication password in APIC Cloud Manager third party oauth provider it is not updated in DataPower |
| DT419847 | New UI does not correctly reflect the MQ V9+ GMO setting |
| DT431976 | API Connect gateway service does not become operational with too many APIC domains are on same device |
| DT436301 | API Connect gateway might restart when new APIs are published while taking traffic |
| DT437592 | SFTP fails since firmware upgrade to 10.6 |
| DT440104 | Improve performance of RMI GET /mgmt/config with state=1 |
| DT440181 | File names that APIM generates for an API gateway might be too long (> 255) |
| DT442595 | DataPower HTTP/2 server might not honor idle timeout |
| DT442780 | In new UI, domain status shows probe not enable after it is enabled |
| DT442897 | DataPower service variable var://service/mpgw/response-size only works for POST or PUT requests |
| DT443431 | In new UI, web service proxy wizard does not display MQ queue manager references |
| DT443961 | Temporary file for Debug Probe is not deleted |
| DT444596 | UI does not inform user if export was denied due to insufficient permissions |
| DT444654 | DataPower might restart if RBM access profile is invalid. |
| DT446126 | New UI unable to select Default domain for import when restoring backup. |
| DT446624 | Excessive HTTP/2 reset frame rates can cause CPU spin |
| DT446737 | DataPower might restart if an XML firewall with a dynamic backend is modified while processing traffic. |
| DT446757 | MQMD header's AccountingToken field might have the wrong value |
| DT446793 | Missing support to disable parsing form-data parameter |
| DT447247 | Corrupt payload to APIGW with Parse Action or DP Service/MPGW with XML processing will reload DataPower |
| DT447310 | One down B2B Profile can impact the entire B2B Profile Group. |
| DT447390 | DataPower might reload in the low CPU environment |
| DT447610 | Missing millisecond and timezone information in DefaultLog property in Probe data |
| DT447646 | GatewayScript debugger might restart when using debug-action command |
| DT447680 | DataPower upgrade causes missing Internal Scripts and Gateway Peering Sync Failures in APIC Gateway Cluster. |
| DT447871 | DataPower might reject LDAP authorization request when pool is full even when reject-on-pool limit is off |
| DT447961 | MQ v9+ client does not honor timeout used in the backend MQ URL URL. |
| DT448113 | APIs with user registry stop working after DRR |
| DT448465 | DataPower might restart from an invalid parameter value in MQ URL |
| DT448472 | Gateway peering might not function as expected if the password includes backslashes or whitespace characters. |
| DT448523 | DataPower might show linear growth in Gateway peering cache used by the API security token manager resulting in long sync times and throttling of gateway instances consuming too much RAM. |
| DT449152 | New UI unable to construct MessageCountMonitor rate limit |
| DT450624 | Active sessions of a deleted user do not automatically disconnect. |
| DT451077 | Add support for a reference to a non-schema object in an API |
| DT451360 | Intermittent landlord reload while doing upgrade/downgrade on tenant |
| DT451411 | New UI not showing directories nested more than 7 layers deep |
| DT451514 | Failed to SSH into 10.6.0.6 container images |
| DT451627 | Secure backups might fail when many configuration checkpoints are present |
| DT452112 | MQRC 2142 error occurs when no NameValue is present |
10.6.0.6
Release date: 2 July 2025
Last modified: 2 July 2025
Status: Available
APAR | Description |
| DT418173 | Automatically recover member catalog snapshot IDs when reading member to peers table |
| DT421758 | Secure backup times out due to domain checkpoints |
| DT422223 | ebMS2 Ping fails with missing TLS credentials |
| DT425671 | DataPower SSH should comply with generalized key type |
| DT435919 | DataPower MQ v9+ clients cannot consume messages |
| DT435974 | CORS related headers are not included in the invoke response when response is multipart/related Content-Type |
| DT436904 | Memory spike or out-of-memory during import from a SOAP request |
| DT436926 | Wrong captured parameter value when using grouping constructs in the path parameter's pattern keyword |
| DT437472 | Show HSM directory in drop down when HSM license enabled (DataPower 10.5.0.14, 10.6.0.2, 10.6.0.3 and 10.6.04) |
| DT437888 | Unexpected sync issue if IP binding in the same interface is used to configure different gateway peering groups |
| DT438304 | AAA Custom token AAA info file custom token being improperly updated. |
| DT438764 | API gateway might not complete the processing of an invoke policy |
| DT438921 | Unable to change expired password using REST management interface |
| DT439455 | Reload when urlopen requests span across a domain restart |
| DT439537 | DataPower reload when using concurrent GatewayScript urlopen for sending requests to backend |
| DT439558 | Debug probe commands does not work for non-admin privileged user |
| DT439663 | Two APIs with the same name and different content cause 0x88e00371 error |
| DT439725 | Using peer-groups in gateway peering can leak connections |
| DT439856 | DataPower reload after using assembly setvar to clear message.attachements array item |
| DT439857 | DataPower reload when having customized preflow and enable debug probe |
| DT439858 | Datapower Timezone calculation in GatewayScript is different than the DataPower system time |
| DT439946 | The modification on DataPower GatewayScript does not take effect |
| DT439952 | Gateway might reload while probe data is retrieved with probe-settings disabled |
| DT439953 | Gateway peering monitoring process might not work expectedly if password contains special characters |
| DT440341 | Api collection missing or incomplete after DataPower restart. |
| DT440654 | Temporary filesystem exhausted by MQ error logs like AMQERR |
| DT442533 | DataPower might restart from using RMI to fetch probe data |
| DT442827 | DataPower might restart from OpenTelemetry if a HTTP header has been removed by XSLT or GWS |
| DT443387 | APIC Gateway Service may fail to process catalog snapshots on DRR causing 404 responses |
| DT443398 | DataPower might encounter a crash when IBM MQ v9+ handler hits the front timeout of Multi-protocol gateway. |
| DT443465 | DataPower tenant requires a restart to increase memory |
| DT443467 | DataPower might restart if the MQ handler has a timeout while processing |
| DT444257 | DataPower might exhibit high CPU utilization when connections are in CLOSE_WAIT state. |
| DT444370 | TLS client profiles might be incorrectly deleted from the API gateway |
10.6.0.5
Release date: 30 April 2025
Last modified: 30 April 2025
Status: Available
APAR | Description |
| DT409134 | Erroneous error message for the RAID battery |
| DT419932 | Cannot close the notification panel when there are no notifications |
| DT423281 | GUI might report incorrect error when restarting a domain |
| DT423400 | DataPower might experience memory spikes with amp:GetServiceListFromDomainRequest requests. Memory spikes can occur with SOAP dp:get-config requests for nonprivileged users |
| DT423402 | REST FetchFile action returns 403 response when the user is authorized |
| DT423445 | DataPower might unexpectedly restart when GatewayScript uses bigint |
| DT424500 | DataPower might reload when refreshing a large API Connect v5c catalog |
| DT424778 | Intermittent TLS error "0A00010F:SSL routines::bad length" in DataPower 10.6.0.3 |
| DT424822 | In the GUI, importing configuration in the XML format might fail |
| DT424875 | DataPower might restart when ITX has an error |
| DT424936 | MQ v9+ handler might continuously consume messages when its admin-state is disabled. |
| DT425672 | In the GUI, cannot save changes to XML threat protection for an XML firewall |
| DT425698 | API Connect TLS client profile not removed from configuration after being detached from the catalog |
| DT425739 | File system monitor reports that the 'raid' file system does not exist or is not available |
| DT425844 | In the web service proxy wizard, WSRR subscription policy attachments are not displayed on the SLA policy tab |
| DT425864 | API Gateway might restart if an invoke policy has a bad URL parameter and OpenTelemetry is used |
| DT425911 | Password change causes initiating session to be logged out |
| DT426022 | MQ v9+ handler cannot route messages to the specified queue in ObjectName of MQOD. |
| DT426062 | Configuration sequence might time out when processing large API Connect snapshots |
| DT426070 | API Connect gateway service fails to delete snapshot when an error occurs while processing the snapshot event |
| DT426460 | API Connect catalog summary erroneously reports "Cannot write WSDL" |
| DT426479 | Improve messages for OAI3 parameter validation |
| DT433389 | Monitoring process of the gateway-peering group s not restarted after updating cluster-node list |
| DT433392 | IBM MQ v9+ queue manager might stop to retry connections when network conditions are unstable |
| DT433393 | Down secondary node is not removed from the secondaries list in gateway-peering cluster status provider |
| DT433418 | Gateway-peering process is not restarted while peer-node list is changed in a gateway-peering group |
| DT433515 | Priority in the gateway-peering group does not effect the related gateway peering |
| DT433729 | In GUI, the labels for the encrypted and temporary space are swapped in file management |
| DT433755 | Cannot flush the stylesheet and document caches from an XML manager |
| DT433829 | New UI might not populate the date field with the selected date |
| DT434382 | GUI fails to load multi-protocol gateway processing rules that are missing their transform files |
| DT434412 | Identification credentials are not deleted after being removed from TLS client profile in API Manager |
| DT435251 | DataPower might restart when cleaning up MQ connections |
| DT435281 | IMS Connect client fails to send data when segmentation is enabled |
| DT435551 | In new UI, flushing the document cache in an XML manager is not working as expected |
| DT435711 | System might restart after a read timeout on a GatewayScript urlopen.open() call |
| DT435817 | Gateway might fail to trigger a 911 to resync catalog data from API Manager when an error occurs on a webhook event. |
| DT436044 | Persistent restarts of the API Connect gateway service when the catalog contains thousands of APIs |
| DT436099 | DataPower might restart when a TLS profile is modified while it is in use. |
| DT436579 | In new UI, export utility cannot select objects that have the same name |
| DT436845 | Runtime latency when TLS connection is closed |
10.6.0.4
Release date: 28 February 2025
Last modified: 28 February 2025
Status: Available
Known issue | Description |
| DT416800 | Log files located in nested directories are not appearing on the System Log page |
| DT416807 | IBM MQ v9+ queue manager of DataPower does not retry connection when SSL related errors (2393 and 2381) occur |
| DT417089 | Activity log bytes_received and bytes_sent overflow |
| DT417151 | JWT Validate policy does not resolve context variables used in the audience claim field |
| DT417697 | DataPower might leak memory on XMI ObjectStatus calls |
| DT418223 | DataPower might restart with multiple urlopen calls from a single GatewayScript |
| DT418232 | API Connect LDAP Password might be exposed in logs with debug logging |
| DT418611 | Support multiple business IDs in Ping eBMS Destination Action |
| DT418613 | For API Connect Gateway Invoke Assembly the proxy-authorization header is added even when user/password provided in the connection policy are blank |
| DT419032 | DataPower might watchdog restart while waiting for a TLS connection shutdown alert |
| DT419917 | API parameter must support maxLength and minLength of type string |
| DT420343 | Requesting an error report may hang and cause a watchdog reload on next configuration change |
| DT420373 | REST Management Interface does not honor field names such as object names using a numerical value that does not begin with 0, expecting only a string |
| DT420523 | DataPower might reload when urlopen tries to send data |
| DT421417 | DataPower MQ v9+ client creates unbounded FFDC files that cause temporary space depletion |
| DT422155 | Update gateway peering for CVE-2024-12224 and CVE-2024-11738 |
| DT422157 | RMI session not closed when query URI is invalid |
| DT422168 | DataPower SNMP response for dpStatusSSHTrustedHostStatusHost is not correct |
| DT422283 | API gateway might watchdog when committing OpenTelemetry |
| DT422448 | API Gateway duplication in XPath Rules/Fields on 10.6.0.1 |
| DT423068 | When Autocommit is disabled in a Kafka Cluster, DataPower is unable to consume any messages sent to the cluster service |
| DT423109 | Kafka hostname validation behavior not matching with the TLS client profile configuration |
| DT423126 | User policies deployed to an API gateway or v5 compatible gateway fail to deploy certificate files |
| DT423284 | DataPower syslog-tcp log targets might not clean up all connections |
| DT423337 | DataPower might unexpectedly reload in an MQv9+ handler if the back side times out |
| DT423378 | DataPower might restart if AMQP broker modified while processing traffic |
| DT423381 | API gateway might leak memory when an assembly action output is not sent to message |
| DT423401 | IBM MQ v9+ handler fails to process messages with multiple MQRFH2 headers |
| DT423625 | DataPower memory increase while retrieving GatewayScript debug sessions |
| DT423627 | Error referencing API Schema object with name greater than 255 characters |
| DT423681 | DataPower - MQ Connectivity failure, Messages lost despite using unit of work enabled in QM object configuration |
| DT423951 | Saving changes via UI to locked Ethernet interface claims to be successful but is not |
| DT423985 | MQMD header is intermittently missing resulting in a receive 2033 error |
| DT424023 | Fix the memory Leak in Analytics Endpoint when remove or disable the configuration |
| DT424137 | RMI sessions not cleaned up after returning a 403 in response to the request for accessing singleton resource in non-default domain |
| DT424144 | Gateway might restart if quota-enforcement-server related command is executed after configuration change |
| DT424492 | DataPower XMI error log is empty in response |
| DT424498 | CVE-2022-40228 - force user logout when password changed |
| DT424525 | Context variables of the request body and parameters might be null when accessed by set variable policy |
| DT424562 | Display status of WS-Addressing Reply Point on WS-Addressing Tab |
10.6.0.3
Release date: 11 December 2024
Last modified: 11 December 2024
Status: Available
APAR | Description |
| IT46852 | REST LOADCONFIGURATION WITH NESTED OBJECTS OR ARRAYS MIGHT RESULT IN AN INCORRECT CONFIGURATION |
| IT46861 | REMOVE INTERNAL USER SESSIONS FROM THE LIST OF ACTIVE USERS |
| IT47054 | WEB SERVICE PROXY WIZARD DISPLAYS (NONE) FOR ALL PROCESSING RULES WHEN NOT USING THE DEFAULT POLICY |
| IT47059 | IN NEW GUI, EDITING A FILE IN NESTED DIRECTORY ON AN OBJECT PAGE CAN RETURN AN ERROR |
| IT47116 | AUTOMATIC DRR SHOULD RESULT IN THE SAME CONFIGURATION AS A MANUAL DRR |
| IT47124 | IN POLICY EDITOR, STYLESHEET PARAMETERS WITHOUT A TYPE DO NOT DISPLAY |
| IT47158 | GATEWAY PEERING MONITOR DOES NOT STOP WHEN DOMAIN IS DISABLED OR QUIESCED |
| IT47183 | APIC V5C UDP MIGHT THROW UNEXPECTED ERROR FOR A KEY IN THE CONFIGURATION TO IMPORT |
| IT47184 | UPDATE DATAPOWER REDIS LIBRARY TO ADDRESS CVES - CVE-2024-31449 & CVE-2024-31228 |
| IT47185 | GATEWAY MIGHT RESTART IF GATEWAY PEERING IS DOWN DUE TO THE REFERENCED PEERING GROUP BEING DOWN. |
| IT47186 | REMOVING GATEWAY-PEERING PRODUCT LINKS CAN RESULT IN UNEXPECTED BEHAVIOR |
| IT47187 | API CONNECT GATEWAY EXTENSION CANNOT COMPLETE IF A PREVIOUS EXTENSION CONTAINED AN INVALID EXTENSION |
| IT47190 | RATE LIMIT STATUS PROVIDER NOT RESET CORRECTLY |
| IT47191 | REPEATEDLY CREATING AND DELETING APIC CATALOGS FROM A SCRIPT CAN CAUSE AN ERROR |
| IT47193 | APIC GRAPHIQL EDITOR DOES NOT UNDERSTAND NEW OPTIONS |
| IT47227 | APIC V5C UDP POLICY DELETE MIGHT LEAVE ORPHANED OBJECTS |
| IT47228 | B2B GATEWAY MIGHT RESTART WHEN AN ERROR OCCURS IN A ONE-WAY PULL TO AN INBOUND GATEWAY |
| IT47240 | API GATEWAY INCORRECTLY REJECTS INTEGERS WITH EXPONENTS AS INCORRECT PARAMETERS |
| IT47242 | API GATEWAY INCORRECTLY REJECTS FLOATING POINT NUMBER WITH EXPONENT AS INCORRECT PARAMETER |
| IT47257 | APIC PARAMETER VALIDATION ERROR SHOULD RETURN HTTP 400 RESPONSE CODE |
| IT47258 | OUTBOUND SNI SETTINGS FOR A DATAPOWER MQ CLIENT MIGHT NOT BE APPLIED AFTER THE CONFIGURATION CHANGE |
| IT47304 | DATAPOWER MIGHT RESTART WHEN ADDING A GATEWAY-PEERING INSTANCE TO A GATEWAY-PEERING GROUP |
| IT47386 | DATAPOWER GATEWAY MIGHT HANG AND RESTART WHEN PROCESSING HIGH RATES OF HTTP/2 TRAFFIC |
| IT47394 | HIGH SEVERITY VULNERABILITY IN MQ (CVE-2024-25016) |
| IT47395 | ADDRESS FALSE POSITIVE RESULTS FROM VULNERABILITY SCAN |
10.6.0.2
Release date: 30 October 2024
Last modified: 30 October 2024
Status: Available
APAR | Description |
| IT45888 | DATAPOWER MIGHT WATCHDOG RELOAD DURING THE PROCESSING OF A SAVE INTERNAL-STATE COMMAND. |
| IT46468 | HTTP/2 SHOULD WORK WITH TLS 1.2 AND TLS 1.3 OR WITH ONLY TLS 1.3 |
| IT46594 | PING EBMS DESTINATION ACTION IS MISSING IN THE NEW UI |
| IT46627 | DATAPOWER MIGHT RESTART AFTER A STATIC ROUTE IS ADDED |
| IT46633 | DATAPOWER MIGHT RESTART WHEN ASYNCHRONOUS GATEWAYSCRIPT WRITES TO OUTPUT AFTER THE CONNECTION IS CLOSED |
| IT46665 | THE PROBE OF INTERNAL RULES/ACTIONS SHOULD NOT BE COLLECTED |
| IT46718 | UPDATE SERVER SUBSCRIPTION WHEN ORG AND CAT NAME CHANGE IN AN API COLLECTION |
| IT46756 | PREVENT AUTOFILLED PASSWORD FIELD FROM BEING USED TO DISPLAY CERTIFICATE DETAILS |
| IT46760 | FOR OAUTH PROVIDER, REQUEST BODY PARAMETERS MIGHT NOT BE REDACTED BEFORE THEY ARE SENT TO THE ANALYTICS ENDPOINT |
| IT46764 | THE AAA CONFIGURATION EDIT SEEMS TO BE WORKING INCORRECTLY IN THE NEW DATAPOWER UI |
| IT46836 | DATAPOWER RELOAD OCCURS WHEN ATTEMPTING TO PROCESS AN EMPTY OAUTH TOKEN |
| IT46867 | APIC GATEWAY SERVICE ERROR SHOULD TRIGGER CATALOG REFRESH |
| IT46868 | UI DOES NOT SHOW NEWLY UPLOADED FILE IN APPLICATION DOMAIN |
| IT46869 | SPECIAL CHARACTERS NOT RECOGNIZED IN LDAP XSL CONFIGURATION |
| IT46870 | TIMEOUT IS NOT CONSIDERED IN AN SOAP TCPCONNECTIONTEST REQUEST. |
| IT46875 | CATALOG UPDATES THAT FAIL TO COMPLETE SUCCESSFULLY MIGHT STILL RETURN OK RESPONSE |
| IT46891 | WHEN UNITS-OF-WORK IS ENABLED, THE TRANSACTION CANNOT COMPLETE IF THE REPLY2QM IN MQMD IS NOT FOUND |
| IT46896 | FROM AN OBJECT CONFIGURATION, THE SHOW COMMAND WITH AN EXTRA SPACE CAUSES A RESTART |
| IT46897 | GATEWAY MIGHT RESTART WHEN MODIFYING GATEWAY PEERING OBJECT TO CHANGE LOCAL ADDRESS |
| IT46898 | GATEWAY MIGHT RESTART WHEN RUNNING GATEWAYSCRIPT DURING REPUBLISH |
| IT46899 | DATAPOWER MQV9 CONNECTION ERROR REASON CODE 2393 |
| IT46905 | WSP POLICY RULES NOT SHOWN FOR AN OPERATION IN NEW UI |
| IT46918 | USE OF ELEMENTS WITH THE SAME LOCAL-NAME() RESULT IN FAILURE WITH WSDL FILES THAT ARE SET FOR STRICT CONFORMITY. |
| IT46946 | GATEWAY SERVICE MIGHT FAIL TO PROCESS CHANGES FOR A CATALOG THAT CONTAINS OAUTH CONFIGURATIONS. |
| IT46962 | OVA DATAPOWER PLATFORM DOES NOT ALLOW NTP TO BE SET BY OVF-ENV.XML |
| IT46973 | Upgrading can cause XSLT to fail, DataPower cannot handle valid use of @xsi:nil |
| IT46984 | RATE LIMIT HEADERS FOR ASSEMBLY COUNT LIMITS ARE MISSING FOR API REQUEST |
| IT46992 | SNI MAPPING DOES NOT UPDATE WITH NEW CERTIFICATE |
| IT46998 | API COLLECTION WITH % IN ORGANIZATION NAME OR ID MIGHT CAUSE GATEWAY RESTART |
| IT47001 | APIC GATEWAY MIGHT RESTART IF OAUTH REFRESH TOKEN IS MISSING REQUIRED ELEMENTS |
| IT47005 | APIC PARSES MIME BOUNDARY STRINGS INCORRECTLY |
| IT47006 | UNCAUGHT EXCEPTION IN API CONNECT GATEWAY SERVICE WHEN THERE IS NO DATA IN GATEWAY PEERING DATABASE FOR A CATALOG |
| IT47007 | API MANAGER REGISTRY UPDATE SHOULD CLEAR XSLT CACHE FOR NEW/UPDATED FILES |
| IT47021 | MEDIUM SEVERITY VULNERABILITY IN NSS (CVE-2023-6135) |
| IT47117 | API GATEWAY MIGHT NOT GET ITS FULL CONFIGURATION AFTER A RESTART |
| IT47122 | UPDATE KERNEL TO ADDRESS SEVERAL FALSE POSITIVE VULNERABILITIES |
| IT47123 | DATAPOWER MQ CLIENT REPORTS MESSAGE CODE 0X8D200052 "THE (XYZ) REQUEST FAILED (2500)" |
| IT47127 | UPDATE XML LIBRARY TO ADDRESS CVE-2024-25062 |
| IT47128 | MEDIUM SEVERITY VULNERABILITIES IN KERNEL - CVE-2023-52340 & CVE-2023-25775 |
| IT47143 | HIGH SEVERITY VULNERABILITY IN NODE - CVE-2024-45590 & CVE-2024-45296 |
| IT47144 | HIGH SEVERITY VULNERABILITY IN DPOS - CVE-2024-2961 |
| IT47145 | MEDIUM SEVERITY VULNERABILITY IN KERNEL - CVE-2024-22365 |
| IT47226 | NETWORK DENIAL OF SERVICE IN OS KERNEL - CVE-2023-52881 |
10.6.0.1
Release date: 28 August 2024
Last modified: 28 August 2024
Status: Available
APAR | Description |
| IT44550 | DATAPOWER LOGS ERROR READING FROM CONNECTION: SYSTEM ERROR (110) |
| IT44570 | AMQP HANDLER STUCK IN PENDING STATE AFTER APPLYING CONFIGURATION CHANGES. |
| IT44571 | WHILE LOADING, AMQP HANDLER STOPS PULLING MESSAGES. |
| IT44865 | MODIFYING THE RETRY INTERVAL OR THE COMMENT FIELD OF THE AMQP BROKER CAN CAUSE THE OBJECT TO GO DOWN IN THE PENDING STATE. |
| IT44904 | DATAPOWER MIGHT RELOAD WHEN THE AMQP CONNECTION FOR THE AMQP URLOPENER IS BROKEN DUE TO NETWORK ERRORS |
| IT45143 | LOG TARGET TRIGGER MIGHT HANG DURING A COPY OR MOVE OPERATION AGAINST AN EXTERNAL SERVER |
| IT45289 | DATAPOWER VULNERABILITY FOR ERROR MESSAGE VERBOSITY |
| IT45380 | SECURE BACKUP TIMES OUT AFTER UPGRADE |
| IT45389 | API CONNECT GATEWAY EXTENSIONS MIGHT CAUSE HIGH MEMORY USE. |
| IT45793 | TLS BAD LENGTH ERROR WHEN USING TLS VERSION 1.3 AND SESSION CACHING. |
| IT45832 | DATAPOWER MIGHT RELOAD WHEN USING SELECT=XSL:NIL FOR AN XSLT TEMPLATE PARAMETER. |
| IT45849 | DATAPOWER DOES NOT ALLOW THE SETTING OF A CUSTOM TLS PROFILE FOR WSDL RETRIEVAL. |
| IT45999 | LOGS FOR THROTTLER USAGE CONTAIN AN INCORRECT VALUE FOR TOTAL TEMPORARY SPACE. |
| IT46069 | ADD XSLT EXTENSION FUNCTION APIM:GETREGISTRY TO THE API GATEWAY XSLT COMPATIBILITY MODULE |
| IT46140 | IN NEW UI, CERTIFICATE DETAILS IS MISSING |
| IT46150 | SUPPRESS HTTP/2 HOST HEADER IN REQUEST |
| IT46160 | NEW PROBE SHOWS INCORRECT OUTPUT IN XML FORMAT. |
| IT46184 | AFTER UPGRADE, PREVIOUS VERSION OF ILMT SWIDTAGS MIGHT PERSIST AND BE INCLUDED IN SCAN REPORTS |
| IT46214 | API CONNECT GATEWAY SHOULD ALLOW CASE-INSENSITIVE WSDL QUERY PARAMETER FOR WSDL RETRIEVAL |
| IT46248 | API MANAGER DOES DETECT SEMANTIC SWAGGER ERRORS IN THE API THAT THE GATEWAY DETECTS. |
| IT46253 | DATAPOWER RETURNS INCORRECT TIME REPRESENTATION. |
| IT46255 | DATAPOWER UI AND REST MANAGEMENT REQUESTS DO NOT RETURN WARNINGS FOR FIRMWARE UPDATE ACTION. |
| IT46260 | DATAPOWER UI DOES NOT DISPLAY LOGS THAT ARE NOT WRITTEN TO THE LOGTEMP: DIRECTORY. |
| IT46269 | THE DEFAULT RECURSION LIMIT FOR REGULAR EXPRESSION CAUSES STACK OVERFLOW IN DATAPOWER. |
| IT46273 | DATAPOWER MQV9+ CONFIGURATION FOR WS ENDPOINT REWRITE POLICY IS LOST ON SHUTDOWN OR RESTART |
| IT46278 | APIC ERROR WHEN USING WSDLS WITH A DEFAULT XML NAMESPACE |
| IT46279 | OPEN OBJECT LIST LOG LINKS IN NEW TAB |
| IT46299 | WRONG STATUS CODE IN ACTIVITY LOG WITH ENABLED FORCEHTTP500FORSOAP11 TOGGLE |
| IT46315 | API GATEWAY CANNOT COME UP AFTER DRR DUE TO PORT BIND ERROR |
| IT46326 | IN NEW UI, CANNOT ENABLE OR DISABLE MEMBERS IN A LOAD BALANCER GROUP |
| IT46335 | THE ADD WSDL INPUT FIELD FOR THE WSDL FILE URL CANNOT HANDLE URLS PROPERLY. |
| IT46340 | IN NEW UI, EXPORT ACTION DOES NOT EXPORT ALL DOMAINS |
| IT46345 | IN NEW UI, PROBE SCREEN STUTTERS WHEN SCROLLING THROUGH THE TRANSACTION LIST |
| IT46347 | TCP PORT STATUS FILTER RESETS WHEN SCROLLING THROUGH RESULTS |
| IT46355 | PARSED OBJECTS DOES NOT SERIALIZED TO THE BACKEND IF PROBE ENABLED |
| IT46376 | WHEN NBLEAK IS ACTIVE, DATAPOWER MIGHT RESTART DURING AN OAUTH AUTHORIZATION CALL |
| IT46385 | IN NEW UI, THE UNDO OPERATION FOR COMPARE CONFIGURATION MIGHT FAIL |
| IT46407 | DATAPOWER MIGHT RELOAD WHILE PROCESSING AN XSLT |
| IT46418 | FOR API GATEWAY, API QUERY PARAMETER PROCESSES INCORRECTLY WHEN THE QUERY NAME IS ENCODED IN THE URL |
| IT46426 | MQV9+ HANDLER STOPS RETRIEVING MESSAGES FROM QUEUE |
| IT46438 | REQUEST OR RESPONSE TYPE SOAP SERVICE CANNOT CORRECTLY PROCESS JSV VALIDATE ACTION IN RULE. |
| IT46454 | WHEN A HEADER IS GREATER THAN 16 KB, SERVICE MIGHT THROW AN ERROR FOR A TLS HTTP/1.1 REQUEST |
| IT46479 | DATAPOWER MIGHT LOAD DURING GARBAGE COLLECTION OF JSON KEYS |
| IT46480 | IN OCP ENVIRONMENT THAT USE LOAD BALANCING FOR ROUTES, UI USAGE MIGHT FAIL |
| IT46484 | WHEN REPLY-TO-Q IS SET TO EMPTY, MQV9+ HANDLER TRIES TO OPEN THE QUEUE |
| IT46493 | DO NOT ALLOW UI TO RESET DEFAULT DOMAIN |
| IT46494 | NOT ALL MEMORY RECOVERED WHEN USING PROBE |
| IT46495 | ZE IT43340 FIX APAR - PLAN.SPACEID IS NOT AVAILABLE IN THE V5C CONTEXT |
| IT46512 | DATAPOWER MIGHT RELOAD WHEN A NEW CONNECTION IS CREATED IN THE FAP CONNECTION POOL |
| IT46513 | MEMORY LEAK WHEN USING APIGW:SET-VARIABLE EXTENSION FUNCTION IN XSLT OR GATEWAY SCRIPT |
| IT46531 | APIGW V10 APIM MODULE COMPATIBILITY ISSUE WITH APIM.GETVARIABLE(REQUEST.BODY.SOMEPROPERTY) |
| IT46595 | UI DOES NOT DISPLAY TEXT WHEN FONT DOWNLOADS FAIL |
| IT46612 | PROBLEM PARSING MIME DATA MIGHT CAUSE PART OF PAYLOAD TO BE SKIPPED IN API CONNECT API CALL |
| IT46639 | DATAPOWER XML FIREWALL PROBE CAPTURE MIGHT RESTART WHEN FILTERING BY PATH |
| IT46644 | API CONNECT GATEWAY ON TENANTS MIGHT NOT START DUE TO NTP SERVICE |
| IT46662 | DATAPOWER EBMS3 MIGHT USE WRONG DESTINATION ENCRYPTION SETTINGS IN B2B EXTERNAL PARTNER PROFILE |
| IT46663 | DATAPOWER B2B GATEWAY SHOULD TREAT AS4 MESSAGE AS BINARY IF NO PARTINFO MIMETYPE IS FOUND |
| IT46664 | UI FILE MANAGEMENT CANNOT COPY FILES TO NEWLY CREATED DIRECTORY |
| IT46666 | RATE LIMIT REMAINING MIGHT BE UNSYNCED AFTER GETTING EVICTED EVENT. |
| IT46667 | DEPLOYING LARGE GATEWAY EXTENSION MIGHT CAUSE LONG DEPLOYMENT DURATION. |
| IT46678 | HIGH SEVERITY VULNERABILITY IN GLIBC |
| IT46680 | CLIENT KEY FAILED TO BE UPDATED WITH SPECIAL CHARACTER IN KEY |
| IT46681 | UNEXPECTED REMAINING IN LOCAL WHEN USING IPV6 ADDRESSES FOR RATE LIMIT GATEWAY PEERING IN CLUSTER MODE |
| IT46682 | IN NEW UI, AUDIT RECORDS REPORT INCONSISTENT INTERFACE TYPE |
| IT46684 | GATEWAY-PEERING GROUP CANNOT BE DELETED WHEN THE DOMAIN IS DELETED |
| IT46685 | INTERMITTENT CRASH OCCURS WITH GATEWAY PEERING STATUS |
| IT46686 | POTENTIAL DATA TRUNCATION AND DOS VULNERABILITY IN KERBEROS |
| IT46687 | MEDIUM SEVERITY VULNERABILITIES IN KERNEL |
| IT46688 | MEDIUM SEVERITY VULNERABILITY IN GO (CVE-2024-24789) |
| IT46689 | HIGH SEVERITY VULNERABILITY IN NODE.JS (CVE-2024-22020) |
| IT46692 | UPDATE NODEJS LIBRARY TO ADDRESS CVE-2024-4067 |
| IT46693 | UPDATE PYTHON LIBRARY TO ADDRESS CVE-2023-27043 |
| IT46694 | UPDATE OPENSSH LIBRARY TO ADDRESS CVE-2024-6387 |
| IT46695 | ADDRESS MEMORY LEAK IN FORM DATA |
| IT46696 | SIGNATURE PAYLOAD STORED AS BINARY |
| IT46697 | HIGH SEVERITY VULNERABILITY IN NODE.JS BRACES MODULE (CVE-2024-406) |
| IT46698 | ENHANCE THE LOGIC OF MULTIPLE API CANDIDATES SCENARIO IN API ROUTING |
| IT46700 | UNABLE TO OVERRIDE OAUTH-PROVIDER WHEN DEPLOY SET TO IMMEDIATE |
| IT46701 | GWD ABILITY TO RECOVER WHEN RESTARTING DURING THE DEPLOYMENT OF LARGE EXTENSIONS |
| IT46708 | DATAPOWER MIGHT HANG OR RESTART WHEN PROCESSING 10 GB OR LARGER DATA |
| IT46715 | UI HANGS WHEN TRYING TO ACCESS WSP CONFIGURED WITH EMBEDDED POLICIES |
| IT46716 | WEB SERVICE PROXY DOES NOT WORK WELL WITH GITOPS |
| IT46717 | IN NEW UI, DOMAIN BACKUP-RESTORE OR EXPORT ACTIONS CAUSES CLI SESSIONS TO FREEZE |
| IT46719 | PROBE SETTINGS UPDATED BY THE COMMIT OF THE GATEWAY PEERING MANAGER |
| IT46731 | ADDING GATEWAY SERVICE TO A CATALOG RESPONDS WITH A 504 TIMEOUT |
| IT46732 | API GATEWAY JSONATA EXPRESSION CAN NOW COERCE RESULTS INTO AN ARRAY |
| IT46740 | PROCESSING OF CLOUD SNAPSHOT BY DATAPOWER (APIC-GW-SERVICE) MIGHT NOT BE REFLECTED IN CLOUD MANAGEMENT CONSOLE |
| IT46747 | DATAPOWER MIGHT RELOAD WHEN GATEWAY PEERING USES A PEER GROUP AND PEERS HAVE DIFFERENT LENGTHS OF IP ADDRESSES |
| IT46906 | API GATEWAY RESTARTS WHEN CLIENT SECURITY POLICY USES EXTRACT CREDENTIAL METHOD FROM HTTP |
10.6.0.0
Release date: 13 June 2024
Last modified: 13 June 2024
Status: Available
APAR | Description |
| IT44550 | DATAPOWER LOGS ERROR READING FROM CONNECTION: SYSTEM ERROR (110) |
| IT45245 | DATAPOWER MIGHT RESTART WHEN MONITORING GATEWAYSCRIPT FILES FOR UPDATES |
| IT45515 | API GATEWAY REJECTS CALLS WHEN A HEADER NAME STARTS WITH '-'. |
| IT45786 | DATAPOWER SHOULD NOT ALLOW DUPLICATE ENTRIES UNDER SFTP CLIENT POLICIES FOR USER AGENT |
| IT45833 | MEDIUM SEVERITY VULNERABILITIES IN GOLANG |
| IT45855 | MQV9+ OR MQMFT MIGHT NOT RETRIEVE MESSAGES WHILE UNITS-OF-WORK IS ENABLED |
| IT45966 | API GATEWAY API WITH LONGEST BASE PATH IS NOT ROUTED WHEN THERE ARE MULTIPLE CANDIDATES. |
| IT45973 | INCORRECT VALUE OF $(API.OPERATION.PATH) WHEN PATTERN KEYWORD IS SPECIFIED IN THE PATH PARAMETER. |
| IT46008 | CSS BANNER NOT DISPLAYED IN NEW UI. |
| IT46030 | COMPATIBILITY ISSUE OF OBJECT.PROTOTYPE.TOSTRING AFTER UPGRADE. |
| IT46043 | CANNOT CONVERT API YAML OF FORCEHTTP500FORSOAP11 TO DATAPOWER CONFIGURATION. |
| IT46052 | REMOVE THE ANGULAR.JS LIBRARY. |
| IT46054 | CORRUPTED BINARY ATTACHMENTS IN MULTIPART HANDLING. |
| IT46061 | DATAPOWER MIGHT RESTART WHEN PREPARING FOR USER ACTIVITY SUCH AS IMPORT, EXPORT, AND SO FORTH. |
| IT46062 | APIM.SETVARIABLE OF MESSAGE.STATUS.CODE NEEDS TO SET THE REASON PHRASE WHEN INCLUDED. |
| IT46070 | API GATEWAY LOGS MIGHT CONTAIN SPECIAL CHARACTERS FOR THE SPACE NAME. |
| IT46079 | THE QUERY PARAMETER VALIDATION DOES NOT SUPPORT THE URL-ENCODED FORMAT. |
| IT46081 | ADDRESS FALSE POSITIVE FINDINGS IN VULNERABILITY SCANS. |
| IT46096 | WRONG API PARAMETER TYPE WHEN THE FORMAT IS BYTE, BINARY, DATE, DATE-TIME, OR PASSWORD. |
| IT46101 | DATAPOWER B2B EBMS3 SOAP 1.2 MESSAGES INCORRECTLY SET THE MUSTUNDERSTAND ATTRIBUTE. |
| IT46105 | UPDATE NODEJS LIBRARY TO ADDRESS CVE-2024-27982 |
| IT46108 | API WITH CONSUME DECLARATION DOES NOT HAVE A HIGHER PRIORITY. |
| IT46116 | MIGRATED V5 POST RESPONSE EXTENSION CORRUPTS CLIENT RESPONSE |
| IT46117 | GATEWAYSCRIPT MIGHT NOT THROW AN ERROR WHEN THE BUFFER OBJECT IS ACCESSED OUT OF BOUND. |
| IT46118 | THE API GATEWAY MIGHT RESTART WHEN SENDING A MULTIPART MESSAGE WITH AN INVALID INVOKE URL IN THE INVOKE ASSEMBLY ACTION. |
| IT46119 | API SUBSCRIPTION SERVICES WITH SAME BASE PATH AND OPERATION RETURN THE WRONG RESPONSE. |
| IT46131 | API RATE LIMIT STATUS DOES NOT RETURN DATA FROM SECONDARY GATEWAY-PEERING INSTANCES. |
| IT46132 | DATAPOWER FOR LINUX, SECURE RESTORE DOES NOT RESET THE PASSWORD FOR THE ADMIN ACCOUNT. |
| IT46135 | TEMPORARY FILES THAT GATEWAYSCRIPT GENERATE DO NOT HONOR THE TTL IF A RELOAD HAPPENS BEFORE TTL IS REACHED. |
| IT46145 | DATAPOWER FOR VMWARE, NEW UI DOES NOT DISPLAY ALL RAID ARRAY ACTIONS. |
| IT46146 | REST API RETURNS NUMBER VALUES FOR THE NAME INSTEAD OF A STRING VALUE. |
| IT46156 | DATAPOWER MQ CLIENT MIGHT GET UNEXPECTED CONNECTION ERRORS |
| IT46167 | UNEXPECTED 404 RESPONSE FOR AN API PATH WITH MANY SPECIAL CHARACTERS. |
| IT46196 | PROBE CANNOT CAPTURE TRANSACTIONS AFTER THE PROBE CAPTURE IS DELETED AND RE-CREATED. |
| IT46197 | DATAPOWER MIGHT RESTART AFTER UPDATING OBJECTS IN CONFIGURATION SEQUENCES. |
| IT46255 | DATAPOWER UI AND REST MANAGEMENT REQUESTS DO NOT RETURN WARNINGS FOR FIRMWARE UPDATE ACTION. |
| IT46261 | GATEWAY PEERING GROUP MIGHT BE OPERATIONAL UP WHILE INVALID LOCAL NODE IS DEFINED FOR CLUSTER MODE. |
| IT46271 | AFTER AN IRREGULAR RESTART, THE DATAPOWER APPLIANCE HAS OLD VERSIONS OF OBJECTS. |
| IT46274 | UPDATE KERNEL TO ADDRESS CVE-2023-4016. |
| IT46276 | UPDATE KERNEL TO ADDRESS MULTIPLE CVES. |
| IT46277 | UPDATE KERNEL TO ADDRESS CVE-2023-38403. |
| IT46284 | DATAPOWER MIGHT RESTART AFTER DISABLING OR DELETING A GATEWAY-PEERING CLUSTER NODE. |
| IT46285 | API CONNECT GATEWAY SERVICE MIGHT RESTART WHEN /GATEWAY-SERVICE-CONFIGURATION-DELETE IS INVOKED WITH NO BODY. |
| IT46286 | INCORRECT COUNT OF CAPTURED TRANSACTIONS IN THE NEW PROBE. |
| IT46292 | ITX TAG MISSING FROM ILMT-SCAN IN ALL RELEASES |
| IT46293 | MEMORY LEAK ON QUERYING SUBSCRIPTION WITH PATTERN |
| IT46294 | CLEAN UP REFERENCE TO REMOVED CATALOG |
| IT46301 | MEMORY LEAK TO ROUTE AN API CONNECT API WITH QUERY, HEADER, OR FORM PARAMETERS. |
| IT46324 | ENABLING TLS ON GATEWAY PEERING GROUP MIGHT HANG GATEWAY |
| IT46448 | CRITICAL SEVERITY VULNERABILITY IN OPENSSL (CVE-2024-4741) |
| IT46457 | LOW SEVERITY VULNERABILITY IN OPENSSL (CVE-2024-4603) |
| IT46602 | LOW SEVERITY VULNERABILITY IN OPEN-VM-TOOLS (CVE-2023-20867) |
| IT46621 | RMI REQUESTS SHOULD BE REPORTED IN ACTIVE USERS STATUS PROVIDER |
| IT46823 | HIGH SECURITY VULNERABILITY IN KERNEL |
Change history
Last modified: 10 December 2025
- 10 December 2025: Added fix list for the 10.6.0.8 fix pack.
- 3 October 2025: Added fix list for the 10.6.0.7 fix pack.
- 2 July 2025: Added fix list for the 10.6.0.6 fix pack.
- 30 April 2025: Added fix list for the 10.6.0.5 fix pack.
- 28 February 2025: Added fix list for the 10.6.0.4 fix pack.
- 11 December 2024: Added fix list for the 10.6.0.3 fix pack.
- 30 October 2024: Added fix list for the 10.6.0.2 fix pack.
- 28 August 2024: Added fix list for the 10.6.0.1 fix pack.
- 13 June 2024: Added fix list for the 10.6.0.0 fix pack.
Off
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SS9H2Y","label":"IBM DataPower Gateway"},"ARM Category":[{"code":"a8m50000000L0rqAAC","label":"DataPower"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"10.6.0"}]
Problems (APARS) fixed
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
05 January 2026
UID
ibm17156692