News
Abstract
IBM API Connect V5.0.8.3 is available. This update addresses several APARs and includes product performance enhancements.
Content
IBM API Connect V5.0.8.3 is now available. This update provides important development and APAR fixes.
We advise all users of IBM API Connect V5.0 to install this update to take advantage of the fixes.
Note: The Linux distribution for the Developer Portal OVA has moved from a Debian V7 base to an Ubuntu V16.04 base. Support for the Debian V7 OVA is being withdrawn in May 2018. You are strongly encouraged to migrate your Developer Portal to the Ubuntu V16.04 base now, as support for Debian V7 upgrades will be removed by May 2018.
Support lifecycle policy for IBM API Connect Version 5.0.8.3:
IBM API Connect Version 5.0.8.x is a Long Term Supported (LTS) release and is a recommended product level for which support, including defect and security updates, will be provided through cumulative, in-place Fix Packs until the effective end of support (EOS) date for IBM API Connect Version 5.0. An LTS release is intended for customers that may need a longer-term deployment for their environment.
APAR fixes
The following APARs were addressed by IBM API Connect V5.0.8.3, along with other internally raised quality fixes:
| APAR | Summary |
| LI79754 | OFFLOAD ANALITICS IN SYSLOG WITH AUDIT EVENT RETURNS "FAILED TO SEND ANALYTICS TEST EVENT. CHECK YOUR CONFIGURATION SETTINGS" |
| LI79831 | SPACE ADMINISTRATOR IS NOT ABLE TO VIEW ANALYTIC PAGE IN CATALOG |
| LI79864 | OPENAPI DOCUMENTATION FOR THE DEVELOPER PORTAL REST API CONTAIN ANALYTICS API THAT DOESN'T SUPPORT |
| LI79871 | UNABLE TO DELETE SUBSCRIPTION VIA API MANAGER CONSOLE |
| LI79874 | ACCESS-CONTROL-ALLOW-CREDENTIALS HEADER INCORRECTLY SET TO FALSE FOR 404 ERROR CODE RESPONSE |
| LI79892 | WHEN PASSING A PLUS SIGN IN A QUERY STRING VALUE OF A URL, IT MAY INCORRECTLY BE CONVERTED TO A %2B IN SOME CASES. |
| LI79905 | AUTOMATE ADDITION OF CHUNKS TO SBLOBSPACE |
| LI79912 | 502 PROXY ERROR WHEN PUBLISHING |
| LI79970 | WHEN USING OPTIONS TO CALL API, "ACCESS-CONTROL-ALLOW-METHODS" HEADER RETURNED BY DATAPOWER CONTAINS "PARAMETERS" VERB |
| LI79974 | IF INVOKE POLICY TARGET-URL'S RESPONSE IS A SOAP FAULT, API WILL RETURN "INVALID XML PAYLOAD RECEIVED" |
| LI79978 | ERROR MESSAGES SEEN WHEN MAKING USER CHANGES AS ADMIN USER |
| LI79979 | USING VALIDATION POLICY TO VALIDATE AGAINST THE REQUEST MAY FAIL |
| LI79982 | MAPPING CONFLICT WITH AUDIT EVENT DATA CAUSES INGESTION AND AUDIT EVENTS TO FAIL |
| LI79984 | CROSS-SITE SCRIPTION (REFLECTED) |
| LI79985 | UNAUTHORIZED MODIFICATION OF INFORMATION |
| LI79992 | A REQUEST QUERY PARAMETER WITH A SIGN "@" CHARACTER IN ITS NAME CANNOT HAVE ITS VALUE RETRIEVED BY AN API POLICY |
| LI79993 | A PROXY POLICY AND IN SOME CASES AN INVOKE POLICY WITH SPACES IN TARGET-URL WILL FAIL DUE TO THE SPACES NOT BEING ENCODED |
| LI79995 | UNABLE TO DISPLAY ANALYTICS FROM API CONNECT DEVELOPER PORTAL |
| LI79998 | ROLE NAME IS GARBLED ON MY ORGANIZATION |
| LI79999 | '/ETC/RESOLV.CONF' NOT A SYMLINK ON UBUNTU DEPLOYMENTS |
| LI80001 | OAUTH AUTHENTICATION URL VALUE REFERENCING API PROPERTY IS NOT UPDATED PROPERLY DURING MIGRATION FROM V4 TO V5 |
| LI80002 | XML PAYLOADS WITH A LARGE NUMBER OF REPEATING ELEMENTS CAN CAUSE LATENCY WHEN LOGGING PAYLOAD ANALYTICS DATA |
| LI80006 | CORRUPT WSDL FILE ATTACHMENT IN API CONNECT 5.0.8.2 DEVELOPER PORTAL |
| LI80008 | ENSURE MAIN HOST VHOST.D IS NOT DELETED ON SITE CREATE ROLLBACK |
| LI80010 | APIC V5082 REFRESH CAUSES PAGE CHANGE FROM PRODUCTS TO API |
| LI80013 | MAP POLICIES WITH COMPLEX SCHEMAS GENERATED FROM COMPLEX WSDL SCHEMA MAY HAVE HIGH LATENCY IN PROCESSING THE SCHEMA. |
| LI80014 | EMPTY STRING MAY UNEXPECTEDLY BE RETURNED WHEN ATTEMPTING TO RESOLVE CERTAIN CUSTOM CONTEXT VARIABLES |
| LI80016 | AN XSLT POLICY APIM:SETVARIABLE FUNCTION FAILS TO SET MESSAGE.STATUS.CODE OR MESSAGE.STATUS.REASON. |
| LI80017 | USERNAME/PASSWORD IS AUTO-POPULATED IN THE API ASSEMBLE - INVOKE |
| LI80019 | HEALTH CHECK API DOES NOT REFLECT CLOUD DISSOCIATION |
| LI80020 | UNABLE TO UPDATE BILLING INFORMATION AT DEVELOPER PORTAL IF DOUBLE BYTE CHARACTERS ARE INCLUDED |
| LI80022 | API CONNECT INJECTS A SPACE CHARACTER FOR REQUEST.SEARCH WHEN REQUEST DOES NOT CONTAIN QUERY STRING |
| LI80024 | CUSTOM POLICY NAME CONFLICT WITH V5 OOTB POLICY |
| LI80025 | PORTAL RESTORE_SITE FAILS ON 5082 AND LATER 5072 IFIXES |
| LI80029 | APIC DOESN'T KEEP THE "STATE" PARAMETER IN OAUTH REDIRECT FOR THE ERROR CASES |
| LI80030 | CONSUMER APPLICATIONS SUBSCRIBED TO THE SAME MONETIZED PRODUCT/PLAN SHOULD BE INDIVIDUALLY CHARGED |
| LI80033 | NON-UTF8 DECODE ERROR BY PROXY POLICY OR INVOKE POLICY IN SOME CASES |
| LI80036 | WHEN DEVELOPER TRY TO SUBSCRIBE A DEPRECATED PLAN/PRODUCT, THE ERROR MESSAGE DISPLAYED ON PORTAL IS NOT APPROPRIATE |
| LI80038 | APPLICATIONS ARE MISSING FROM CATALOG AFTER API CONNECT V4 TO V5 MIGRATIONS |
| LI80039 | WHILE CONFIGURING APIM LDAP REGISTRY (API SECURITY ONLY) THE ADMIN PASSWORD NOT BEING DECRYPTED IF GROUP AUTH SELECTED |
| LI80040 | V4 TO V5 MIGRATION DOESN'T CORRECTLY HANDLE ARRAY OF HEADERS |
| LI80042 | UNABLE TO OVERRIDE DEVELOPER ORG NAME WHEN USING CUSTOM PDUR USER REGISTER FORM |
| LI80044 | ABLE TO INJECT SYSTEM COMMANDS VIA ACTIVATION TOKEN |
| LI80045 | INTERNAL SERVER ERROR 500 RECEIVED WHEN 404 IS EXPECTED WHILE USING THE INVOKE POLICY |
| LI80047 | MAP POLICY WILL NOT PRODUCE POLYMORPHIC XML ELEMENTS IF OUTPUT SCHEMA DEFINES POLYMORPHIC ELEMENT AS BEING IN AN ARRAY |
| LI80048 | PUBLISHING A PRODUCT FAILS WITH JSON PROCESSING EXCEPTION |
| LI80049 | APIC DOESN'T USE THE SELECTED TLS PROFILE WHEN CONNECT TO OAUTH INTROSPECTION URL |
| LI80050 | LDAP CONFIGURATION CHANGES (APIM UI) DOESN'T REFLECT PROPERLY |
| LI80051 | THE GATEWAY MAY IMPROPERLY INTERPRET "$" IN THE VALUE OF PARAMETERS WITH CERTAIN POLICIES |
| LI80052 | INVALID JSON SENT TO ANALYTICS BY A PROXY POLICY WHEN NO REASON PHRASE IS PROVIDED |
| LI80056 | INVITEE USER NAME IS NOT LOGGED ON AUDIT LOG. |
| LI80057 | API CONNECT DEVELOPER PORTAL IS AFFECTED BY DRUPAL VULNERABILITY (CVE-2018-7600) |
| LI80058 | ACTIVITY LOG MAY NOT LOG PAYLOAD FOR A BACKEND ERROR EVEN IF ACTIVITY-LOG IS CONFIGURED TO LOG THE PAYLOAD ON ERROR |
| LI80064 | QUERY PARAMATERS IN OAUTH FAIL |
| LI80066 | OAUTH REVOCATION TLS PROFILE MIGHT NOT BE USED DURING SECURE CALLS TO REVOCATION URL |
| LI80067 | RECEIVED ERROR "INVALID_CLIENT" WHEN USING APPLICATION AS PUBLIC CLIENT TO REVOKE ITS REFRESH TOKEN |
| LI80068 | INTERMEDIATE CERTIFICATES NOT REMOVED FROM GATEWAY |
| LI80073 | CHARACTER "W" IS INCLUDED IN THE JAPANESE REQUEST NEW PASSWORD EMAIL |
| LI80074 | DIACRITICS CHARACTERS ARE NOT SUPPORTED IN OAUTH2/ISSUED CALL |
| LI80075 | USERS MIGHT RECEIVE "DO NOT HAVE SUFFICIENT PERMISSIONS" ERROR WHEN PUBLISH A PRODUCT AT SPACE LEVEL WITH CORRECT PERMISSIONS |
| LI80076 | PROXY POLICY CACHE SETTINGS MIGHT NOT BE HONORED |
| LI80078 | DEFAULT REDIRECT_URI DOESN'T GET PASSED CORRECTLY INTO THE THIRD-PARTY IDENTITY PROVIDER |
| LI80080 | IN SOME SCENARIOS, THE MAP POLICY CAN CREATE MALFORMED XML OUTPUT WHEN AN XML ATTRIBUTE HAS A NAMESPACE. |
| LI80081 | PASSWORD HISTORY CONSTRAINT FIELD PRESENT IN PORTAL, BUT NOT SUPPORTED |
| LI80082 | RESTORE_SITE PORTAL COMMAND FAILS WITH UNBOUND VARIABLE ERROR IN CHECK_IBM_MODULES |
| LI80086 | WHEN VERIFY CLIENT SECRET IN DEVELOPER PORTAL, THE ENTERED CLIENT SECRET DISPLAY IN PLAIN TEXT AND NOT BEEN MASKED |
| LI80089 | SECURITY ISSUE IDENTIFIED WITH SESSION MANAGEMENT |
| LI80095 | APPLICATIONS ARE NOT SEEN IN THE DEVELOPER PORTAL WHEN THE OAUTH REDIRECT URLS ARE LONGER THAN 255 CHARS |
| LI80101 | INSECURE DEFAULT FILE PERMISSIONS |
| LI80102 | UPDATES TO REST_SERVICE.JS TO REMOVE UNUSED REFERENCES |
| LI80104 | REFRESH TARGET LIST ISSUE WITH APIC TOOLKIT |
| LI80106 | ON DEVELOPER PORTAL, RESET APPLICATION'S CLIENT SECRET DOESN'T WORK IF DISABLE RESET CLIENT ID |
| LI80162 | ASSETID FOR APPROVED APP SUBSCRIPTION SHOWS AS THE APP NAME ON AUDIT LOG. |
Upgrade paths for API Connect:
For more information on IBM API Connect upgrade paths, see Supported Upgrade Paths.
There are specific validated upgrade paths between IBM® API Management Version 4.0 or later and IBM API Connect Version 5.0 or later. For more information, see Validated upgrade path for API Connect.
In addition to the specific validated upgrade paths for the API Management appliance, you must upgrade your IBM DataPower Gateway appliance. For more information, see Upgrading your DataPower appliances.
Upgrading the gateway to firmware level 7.5.0.1 is strongly recommended for the best experience.
Downloads:
Full installation and upgrade files for IBM API Connect Version 5.0.8.3 (Enterprise, Professional & Essentials) can be downloaded from Fix Central: IBM API Connect Version 5.0.8.3
Ensure that you have read and understood the upgrade and installation instructions before downloading and using the installation or upgrade files. You can find detailed installation instructions in IBM API Connect Knowledge Center -- Installing API Connect.
| What is Fix Central (FC)? |
Was this topic helpful?
Document Information
Modified date:
03 January 2019
UID
swg22015688