Version 2020.2.18
Akana 2020.2.x System Requirements
Upgrading Akana API Platform to Version 2020.1.x or 2020.2
It's recommended to create indexes before upgrading to 2020.2.x, if you are using MongoDB. For detail, see Create indexes for MongoDB before upgrading.
If you have UI customizations, rebuild styles after upgrade (Admin > Customization > Rebuild Styles), then test your customizations.
Default Theme has been removed and is no longer supported in 2020.2.0.
Date/release version |
Changes |
| July 13, 2021 2020.2.7 |
"UI customizations" note in box above has been expanded regarding the need to rebuild styles after upgrade. |
| July 28, 2021 2020.2.9 |
Added note in box above, "Create indexes before upgrading and a new entry under 2020.2.0 to create indexes. |
| August 19, 2021 2020.2.3 |
Added release note entry under 2020.2.3, "Real-time charts could fail to populate a start and end date time when viewing data" |
| August 19, 2021 2020.2.2 |
Added release note entry under 2020.2.2, "The API Details page could display invalid characters in the schema for the request body" |
| August 19, 2021 2020.2.0 |
Added release note entry under 2020.2.0, "Community Manager required fields did not display an asterisk" |
| September 13, 2021 2020.2.11 |
Edited note in above box to clarify that index creation is for MongoDB, "Create indexes for MongoDB before upgrading and edited the entry under 2020.2.0 to Create indexes for MongoDB before upgrading. |
| May 6, 2022 2020.2.16 |
Added a new entry to 2020.2.16, "Elasticsearch 7.16.2 now supported" and added a note to "Apache Log4j upgraded to Log4j" 2 that Log4j 2 requires Elasticsearch 7.16.2. |
| November 11, 2022 2020.2.18 |
Updated the entry "Improved response times for some platform APIs" to clarify the change. |
November 11, 2022
Policy Manager has added Hardware Security Module (HSM) support for the SAML Web SSO Domain setup.
Support ticket: SUPPORT-42350, SUPPORT-50455
The discovery URL/well-known configuration URL for OIDC now displays the id token signing algorithm, the id token encryption algorithm and the id token content encryption algorithm, based on the user's selection. Prior to this change, the well-known configuration displayed just the default list of algorithms.
Support ticket: SUPPORT-22663
A new property TENANT_SCHEME can be included in the pm-cm-all.properties file for the cm-tenant.json recipe to assign a protocol. HTTP is the default if not set. To change it to HTTPS, for instance, include the following in the properties file:
TENANT_SCHEME=https
|
Support ticket: No related support tickets.
When a MongoDB recovery job failed, it could continue to trigger further rollup jobs, ending up in a perpetual fail state. You can now disable the recovery job to avoid this condition. In the Admin Console, under the configuration com.soa.persistence.mongodb, set persistence.mongodb.rollup.skipRecoveryIteration = -1 to disable the recovery job.
In addition, a new index is recommended to optimize the query while performing recovery jobs:
use METRIC_ROLLUP_DATA
|
db.<dataset_name>.createIndex(
|
{"value._rolluptype": 1, "value.rawIds": 1},
|
{name: "<dataset_name>RecoveryIDX"}
|
)
|
Support ticket: No related support tickets.
When promoting an API between Community Manager instances via Lifecycle Coordinator, the default timeout has been increased from 2 minutes to 5 minutes.
Support ticket: No related support tickets.
To avoid timing out HTTP connections between search requests, Elasticsearch now defaults to enabling TCP keepalives. Note that this just enables the Elasticsearch client to use the keep-alive functionality. You may still need to modify your server sysctl settings, as described in the Elasticsearch issue "Enable TCP keepalives by default in Java REST clients #65213."
Support ticket: SUPPORT-48512
The jTDS driver for Microsoft SQL Server doesn't process a query when the parameter count is more than 2,000. This is a limitation of the driver itself and may also be true of other database drivers.
Support ticket: SUPPORT-43866
Optimization has improved the response times for the following platform APIs: login, app, API, and contract requests.
Support ticket: SUPPORT-50212, SUPPORT-50210
A regression in 2020.2.16 could cause increased latency for some REST API requests. This has been corrected.
Support ticket: SUPPORT-50210
If APIs or apps were deleted and the Oracle table UDDI_SERVICE did not have the DELETE CASCADE constraint set, the records in the child table UDDI_INST_DETAILS were not deleted, resulting in inconsistent behavior. Now, the DELETE CASCADE constraint has been added to the UDDI_INST_DETAILS table.
Support ticket: SUPPORT-50188
If a mandatory parameter was not sent with the request when using the OAuth provider and HTTP Form-Based Authentication, a 400 Bad Request error was returned with an invalid_client error code. Now the returned error code has been changed to invalid_request error, which is more accurate.
Support ticket: SUPPORT-50092
For XSS keywords in Community Manager, validation for an API, app, or group name did not occur if spaces were present between the XSS keyword and the operator. Now, validation recognizes the use of spaces and proceeds as normal.
Support ticket: No related support tickets.
When using the SPNEGO Operational policy with the Kerberos Authentication policy, the service could not successfully get the Kerberos ticket (TGT) due to cache-refresh issues. This subsequently caused the API call to fail. The Kerberos ticket is now refreshed and cached after its expiration.
Support ticket: SUPPORT-46684
Various updates and imports were not updating the Network Director container, including the import of a new API, attaching new policies to APIs, or modifying the target endpoint. Now, these changes are reflected in Network Director without the need to restart the container.
Support ticket: No related support tickets.
The Javascript libraries with security vulnerabilities have been upgraded, as follows:
Support ticket: SUPPORT-31089
After creating a new API or app in Community Manager, its initial version for the "Design entity" did not properly display in Policy Manager.
Support ticket: SUPPORT-2223
A custom theme created by cloning the Bonita theme did not load if the Bonita theme was subsequently deleted.
Support ticket: No related support tickets.
An error is no longer returned after invoking the Akana Ping Support feature on either a Policy Manager or Community Manager container.
Support ticket: No related support tickets.
When renaming an API in Community Manager, the name change on the physical, virtual, and design entities representing the API in Policy Manager may not have updated.
Support ticket: SUPPORT-2223, SUPPORT-29662, SUPPORT-1213, SUPPORT-42250, SUPPORT-44813
The Akana OAuth Provider token endpoint returned an HTTP "401 Unauthorized" error when the client_id value was missing from the token request. The error message has been corrected and is now an HTTP "400 Bad Request" error.
Support ticket: SUPPORT-50092
In Community Manager, a new API created with a YAML file was not properly displayed in the API Design and API Documentation pages.
Support ticket: No related support tickets.
If existing users in an OIDC domain changed their details, those changes were not fully reflected in the database.
Support ticket: SUPPORT-42390
In some cases, calls to an OAuth external provider could return an error when the encoding method chunked the data. Now, calls to OAuth external providers are made based on the policy's selected transfer encoding, set via a new option HTTP/1.1 Chunked Encoding, available while configuring the OAuth Client Policy. The default is true.
Support ticket: SUPPORT-41804, SUPPORT-43789
For the Akana OAuth/OIDC domain, the openbanking_intent_id was not being properly returned.
Support ticket: SUPPORT-50090
Communication between Network Director(s) and Policy Manager failed intermittently due to the cached Policy Manager public key in the Network Director(s) becoming invalid.
Support ticket: SUPPORT-49545
If both the active and inactive session timeout settings are set, the inactive session timeout setting could be ignored and in some cases, an error could be returned. Session timeout settings now work as expected.
Support ticket: SUPPORT-45430
The GET /api/apis/versions/<apiVersionId>/contracts API mistakenly used title case Start and Count query parameters when all other methods use lower case start and count query parameters. Now, lower case start and count query parameters are allowed, while title case Start and Count have been retained for backward compatibility.
Support ticket: SUPPORT-35863
A new configuration property swagger.config.maxDepth has been added to com.akana.swagger, available in the Admin Console. This property defines how many levels down to parse a schema object's properties/schemas for OAS/Swagger APIs. The default is 10. Increasing the default level may impact performance with large APIs.
Support ticket: SUPPORT-49065
When creating an Authentication policy, the domain options incorrectly included all customer domains. Now, only domains associated with organization or tenant are available for selection.
Support ticket: No related support tickets.
If an API was previously deleted and imported back into the tenant, the API was not placed in the correct API organization.
Support ticket: No related support tickets.
When uploading an image to the API Documentation page in Community Manager, the image was not saved properly in some cases.
Support ticket: SUPPORT-48664
When attaching a file larger than 500MB to an API, the log could report an "out of memory" error. The platform now properly supports attachments, based on the environment, the heap size, and the attachment size.
Support ticket: SUPPORT-49122, SUPPORT-42400
When a draft version of a policy existed with a newer version than the active policy, the active policy did not display. Now, only active policies appear in the list of policies on the API Implementations > Edit Policies page, regardless of whether there is a draft version that may ultimately supersede it.
Support ticket: SUPPORT-46680
February 3, 2022
The Akana Elasticsearch Log4J Appender Plug-In no longer works with releases after 2020.2.16 following the introduction of Log4J 2.x as the core logging framework in the Akana product. Because of this, a new off-the-shelf appender is now incorporated into the product. Users of the legacy Appender will need to migrate to the new configuration when upgrading. For detail, see "Configuring the Elasticsearch Log Appender (2020.2.17 and later)" on the Akana docs site.
Support ticket: No related support tickets.
January 26, 2022
The Apache logging service Log4j has been updated from Log4j 1.x to Log4j 2.17.1 (which avoids the known security vulnerabilities CVE-2021-45105 and CVE-2021-45046). This version of Log4J is incompatible with the previous version and requires a change to the container startup configuration. Because of this, containers will need to be recreated, as updating a container "in place" is not supported. In addition, if you have customized logging in place, you'll also need to refactor your logging configuration. For migration and configuration information, see Migration to Log4j version 2.x on the Akana docs site.
Note that Log4j 2.x requires Elasticsearch version 7.16.2, now supported as of this release.
Support ticket: SUPPORT-47917
The platform has added support for 7.16.2 with this release.
Support ticket: SUPPORT-48956
A new set of configurations provide the ability to enforce the JCE provider for the JOSE Security Policy v2, available in the Admin Console under com.akana.jose.config. There are four different configurations for each step in the JOSE policy: sign, verify, encrypt, and decrypt. For detail, see "Specifying the JCE provider" on the Akana documentation website.
Support ticket: SUPPORT-47537
Parallel calls to the Request Contract API (POST /api/contracts) could sporadically return an HTTP error "500 Internal Server Error."
Support ticket: SUPPORT-43418
December 10, 2021
This release includes no enhancements.
When retrieving a token from an OAuth provider, the provider intermittently returned an HTTP 404 "Not Found" error.
Support ticket: SUPPORT-46998
When filtering an API chart or transaction log on the API's Analytics page, incorrect results could be returned in some cases.
Support ticket: SUPPORT-45300
Containers created with HTTPS listeners using deployment automation could get into a condition in which the listener certificates could not be updated from Policy Manager. This was the result of the container registration logic persisting the original certificates in container metadata and overriding the updated configuration.
Support ticket: SUPPORT-41460
October 8, 2021
This release includes no enhancements.
October 6, 2021
A new configuration provides the ability to enforce the crypto provider for the JOSE Security Policy v2, available in the Akana Administration Console under com.akana.jose > jose.v2.security.handler.factory.joseCryptoProvider. For detail, see "Specifying the JCE provider" on the Akana documentation website.
Support ticket: SUPPORT-45507
For an API based on OpenAPI 3.0 (OAS), importing an API from a zip file could return an error "The API definition could not be read." This was due to an issue with handling relative references and with example references not resolving, in some cases. Note that the server URL, if provided, must be absolute.
Support ticket: SUPPORT-42210
September 16, 2021
This release includes no enhancements.
To address a potential XSS vulnerability during file upload, the file media type can now be determined based on the internet media types (the mime.types file) which maps file types to unique file extension(s), and also by the file content itself. This is controlled by a new property in the Akana Administration Console, com.soa.atmosphere.config.useMimeTypesFile. To take advantage of this property, set it to true; the default is false. For detail, see Admin Console Settings on the Akana documentation site.
As part of this enhancement, the default value for the Query parameter on BoardAPI.getArtifact() and BoardAPI.getCommentArtifact() is now true, changed from false, meaning that the links to the file artifacts are now downloaded by default. For detail, see the documentation for GET /api/boards/items/{BoardItemID}/artifacts/{FileName} and GET /api/boards/items/comments/{CommentID}/artifacts/{FileName}.
Support ticket: SUPPORT-41131
September 11, 2021
This release includes no enhancements.
The configuration of a Network Director/Gateway with only HTTPS listeners and without an available Policy Manager could fail because the Network Director would try to retrieve trusted certificates from Policy Manager. In this case, Network Director will now fall back on the bootstrap PKI configuration if Policy Manager is not available.
Support ticket: SUPPORT-45159
September 7, 2021
The API search box in the Hermosa theme now has a descriptive tooltip for entering search tags, displayed when clicking in the search box. This tooltip is also available in the general search box in the filter on the search results page.
Support ticket: SUPPORT-43887
The Throughput Quota Policy (a Quality of Service (QoS) policy) could return an error in certain circumstances.
Support ticket: SUPPORT-44992, SUPPORT-45018
In certain cases, the Security button for APIs using the Aggregate Policy could fail to display for Swagger documentation, OpenAPI documentation, API Test Client, and App Test client.
Support ticket: SUPPORT-44867
MongoDB indexes on METRIC_ROLLUP_DATA and METRIC_RAW_DATA will not be automatically dropped and recreated on update. Instead, any intended index changes will be logged as an error; the MongoDB administrator will then have the responsibility to apply them as necessary.
Support ticket: No related support tickets.
The configuration of the script repository has changed, with a new implementation based on a disk-overflow cache. This is now configured as the default, avoiding a potential deadlock that could occur when updating the script repository. The new implementation uses the following properties:
| Setting | Description |
|---|---|
| script.repository.cache.enable | Enable or disable the script cache. |
| script.repository.cache.config.location | The location of the disk overflow cache. |
| script.repository.cache.config.maxMemoryEntries | The maximum number of entries in memory before they will be swapped to disk. |
| script.repository.cache.config.maxDiskSize | The maximum size of the disk swap in KB. |
For detail, see "Script Repository Configuration" on the Akana docs site.
Support ticket: SUPPORT-36831, SUPPORT-44541, SUPPORT-44595
The jTDS database driver has a limitation of 2,000 parameter markers, so will fail to process a query if the markers exceed that number. This may be true of other database drivers, as well.
Support ticket: SUPPORT-43866
If a non-default authentication database name (other than the default name of "Akana") was used for MongoDB, auditing data was not persisted.
Support ticket: SUPPORT-44297, SUPPORT-44300, SUPPORT-44319, SUPPORT-44216
API request payloads of content-type "application/json" were being transformed to XML before the request was sent downstream, if the request mediatype for the operation used API Default, and if the Default Media Types for the API were set to "Any in and out".
Support ticket: SUPPORT-45013, SUPPORT-43265
August 2, 2021
A new workflow function, addRoleToUser, is available for custom workflow to modify the default platform behavior so that a new user, logging in for the first time with a specific login domain, is automatically assigned to a specific role.
Support ticket: SUPPORT-41444
When embedding generated API documentation in a third-party portal (see the entry "Ability to embed generated API documentation, including embedded Test Client" added in 2020.2.4), the API platform now handles session management for third-party documentation that uses iframes. When the API documentation is displayed in an iframe, the iframe takes care of renewing the session. In addition, the third-party portal can handle the session before navigating to the iframe API document via a special page (which is provided in the customization samples or from Technical Support).
To take advantage of this, set the height and width of this new page to 0 so that the token is renewed in the background. Load this special page in an iframe in all pages except the API documentation's iframe.
Support ticket: SUPPORT-43303
Third-party domain users can be assigned a registered state when logging into the Community Manager for the first time via a new initial action @AllowMarkUserAsRegistered. This is implemented through a custom workflow and overrides the default behavior which first assigns a pending_validation state to external domain users. See @AllowMarkUserAsRegistered on the Akana documentation website for more information.
Support ticket: SUPPORT-43689
The jose.4.j library used on the platform has been upgraded from 0.6.3 to 0.6.5. The new version adds support for the RSASSA-PSS algorithm, necessary when PS256 is selected for digital signing.
Support ticket: SUPPORT-44157
In the Community Manager developer portal, accessing the individual transaction log from Analytics > Logs could fail in some cases.
Support ticket: No related support tickets.
July 23, 2021
In the Community Manager developer portal, an API's documentation page now features a download option so users can download the corresponding Interface Description Language file.
Support ticket: SUPPORT-43002
Community Manager developer portal search returns and displays results for both an API's summary and its description, given a keyword. Previously, only results based on an API's description were returned and displayed.
Support ticket: SUPPORT-40847
Site Admins can control whether the Access button to create a contract between an API and an app appears or not, by implementing a custom API workflow that uses a new workflow action @DisallowApiAccess.
Support ticket: SUPPORT-40443
When embedding generated API documentation in a third-party portal (see the entry "Ability to embed generated API documentation, including embedded Test Client" added in 2020.2.4), a non-library dependent design is now supported, for example, a design without use of JavaScript. Note that, in this case, the UI's display may be impacted, including scroll bars or a failure to display a loader message while API documentation is in progress.
Support ticket: No related support tickets.
When an API description used the Markdown language, the API Details and Overview pages processed the Markdown and displayed it correctly, but the search displayed the Markdown syntax without processing it. Now, the Markdown is converted to plain text and displayed in the search results. The API Details and Overview pages still display the processed Markdown.
Support ticket: SUPPORT-41836
The HTTP Security Policy enforcement handler now has the ability to consume URL-encoded certificate headers.
Support ticket: SUPPORT-43722
A new configuration property has been added to the Akana Administration Console supporting the configuration of the RFC compliance level of the HTTP parser. This provides backwards compatibility with older versions of Jetty, and provides support for clients that are not compliant with the latest RFCs.
The new configuration property is com.soa.platform.jetty -> http.incoming.transport.config.compliance. For supported values, see "Configuring the security settings" on the page Configuring Compliance Modes for HTTP Parsing and Handling on the Akana documentation website.
Support ticket: SUPPORT-43722
The API Consumer Application Security Policy has added support for cypher suite HMAC-SHA512, available as an option on the policy page. For more information, see "Configuring API Consumer Application Security Policy options" on the Akana documentation website.
Support ticket: SUPPORT-43228
For OAuth provider PingFederate 10.0.x, support has been added for the Private Key JWT and Request Object signing algorithms, available on an app's Details page by selecting OAuth Profile.
Support ticket: SUPPORT-33433
The Community Manager developer portal Auth Token validity is now configurable via the Active Login Session Timeout setting. If the Active Login Session Timeout is set to 0, then the Auth Token validity defaults to 30 minutes, as was the default before this update.
Support ticket: SUPPORT-43293
The latest Chrome browser has changed the default setting it applies to the SameSite attribute, which defends against CSRF attacks. This was resulting in a failure to display API documentation inside an iframe from a third-party portal running on a domain other than the portal domain, in which case, an HTTP "401 Unauthorized" exception could occur.
To ensure the display of API documentation in this situation, there is a new setting on the Security Settings page (Admin > Settings > Security): set the Authentication CSRF Token Cookie Attribute - SameSite field to "None." An existing setting to control the Domain attribute, Authentication and CSRF Token Cookie Attribute - Domain, was also added to this page.
For more information, see "How do I configure settings for business security?" on the Akana documentation site.
Support ticket: No related support tickets.
For an API based on OpenAPI 3.0 (OAS), its documentation now supports the inclusion of a full example, or multiple examples, for parameters, request bodies, or responses.
Support ticket: SUPPORT-41503
After configuring custom claim names in an OpenID Connect Relying Party domain in the Community Manager developer portal, default claim names were still used. Custom claim names are now used as expected, but any existing OpenID Connect Relying Party domains with claim names need to be saved for the changes to take effect. If, however, an existing OpenID Connect Relying Party domain, or one without custom claim names, is working without any issues, no action is required.
Support ticket: SUPPORT-41815
Swagger documents containing operations with responses of different content types did not display correctly on the API Details and API Designer pages.
Support ticket: SUPPORT-40901
When the Detailed Auditing policy was attached to platform services (Community Manager APIs), the request payload was not captured in usage logs, in some cases.
Support ticket: SUPPORT-43093
In Policy Manager, custom policies now work when the PM context path is something other than /. Previously, if the context path was not at root, the policies would not display correctly in the UI.
Support ticket: No related support tickets.
In the Community Manager developer portal, changing an app's visibility from public to private could return an error if some public app settings were disabled.
Support ticket: SUPPORT-42717
When creating an app with PingFederate as the OAuth provider, the app description, i.e., the contents of the Description field under App OAuth Profile, was not added when syncing the ClientID to PingFederate.
Support ticket: SUP-12168, SUPPORT-1082
When using an external keystore, the certificate lookup mechanism did not handle issuer Distinguished Names (DNs) properly when matching against the keystore certificates, in which case issuer DNs with spaces could result in certificates not being found.
Support ticket: SUPPORT-41801
A file with a content type that was not allowed for uploading to the developer portal could bypass this limitation if its name was changed.
Support ticket: SUPPORT-41553
After uploading an image to the Community Manager developer portal, the quality of the image was degraded in some cases.
Support ticket: SUPPORT-43183
With an Oracle database, when a very large number of scopes and licenses were mapped to an API at the operation level, an API Access request failed with a SQL exception error.
Support ticket: No related support tickets.
Adding a new version to an API with a descriptor could fail in some cases.
Support ticket: SUPPORT-41466
When the Elasticsearch sniffer feature was enabled, Elasticsearch could send unencrypted traffic on an HTTPS channel.
Support ticket: No related support tickets.
July 06, 2021
Searching APIs for keywords using "AND" returns only those APIs that have both elements present. Prior, a search using AND did not properly narrow the results, returning APIs with just one element present.
Support ticket: SUPPORT-40951
Due to a regression introduced in 2020.2.6, Process Editor display errors could occur in the Community Manager developer portal. When Policy Manager was running on a different context path than root ("/"), the Process Editor did not display on the API Details and API Implementation Details pages.
Support ticket: No related support tickets.
When an alert was generated from an Oracle database in Policy Manager and an email was sent to the configured user, a SQL exception could occur.
Support ticket: SUPPORT-26139
Calls between virtual services could fail if the normalized response contained invalid XML.
Support ticket: SUPPORT-42841, SUPPORT-42841
The Analytics menu for an API was visible to users who did not have access to any Analytics functions; when clicked in the navigation bar, an HTTP error "401 Unauthorized" was returned. Now the Analytics menu displays only for authorized users, similar to Hermosa theme.
Support ticket: SUPPORT-40276
When adding a new API in the Community Manager developer portal, fragment or local references (those without a complete file path) to other files of a ZIP were not resolving properly, producing an HTTP 500 Internal Server Error.
Support ticket: SUPPORT-42292
June 18, 2021
This release includes no enhancements.
In the Community Manager developer portal, selecting the Add App menu could intermittently fail for non-admin users, returning an HTTP 401 Unauthorized Error.
Support ticket: SUPPORT-43222
In Policy Manager, the PM.ALERTS collection's _id now uses an auto-generated value, while still maintaining the sequence numeric value in the id field. This addresses an issue in which the Akana Alerts service could fail in a sharded Mongo environment if the _id column was selected as part of the shard key for the PM.ALERTS collection.
Note: In 2020.1.0, the _id field in PM.ALERTS was modified to use the numeric value from the Mongo auto-generated ObjectId value. This change has been reverted to use the Mongo auto-generated _id value.
Support ticket: No related support tickets.
After an upgrade from 2019.1.7, an HTTP 401 Unauthorized Error could be returned for an app created by a non-admin user.
Support ticket: SUPPORT-42937
In the Community Manager developer portal, some API policy and process pages were not loading if CSRF was enabled in the Akana Administration Console (when com.soa.console.csrf > org.owasp.csrfguard.Enabled was set to "true".)
Support ticket: SUPPORT-39230
Work related to the entry "General updates to strengthen password security" from the 2020.2.5 release has been reverted in this release due to regression that disallowed editing configurations for PIDs containing passwords. This issue will be addressed in a future release.
Support ticket: No related support tickets.
May 17, 2021
The search filters in the Community Manager Developer Portal now support searching by an API or app's tag.
Support ticket: SUPPORT-40632, SUPPORT-41146
In the Community Manager developer portal, the height of static pages can now be resized dynamically when there are expand/collapse sections. This enhancement applies to these pages:
Hermosa theme:
Simple Dev theme:
Bonita theme:
Support ticket: SUPPORT-40842
The Throughput Quota Policy (a Quality of Service (QoS) policy) could return inconsistent results, making it difficult to determine if the defined quota or queue size was being properly applied.
Support ticket: SUPPORT-42252
Error messages produced by the HTTP Message Validation Policy could include unescaped or unencoded characters.
Support ticket: SUPPORT-36377
For the OpenID Connect Provider domain, the country code and phone number could be displayed incorrectly at login.
Support ticket: No related support tickets.
Some receipe scripts failed when updating a PID that included a property with no value, after an upgrade from 2020.1.5.
Support ticket: SUPPORT-42452
The Envision container could require a restart at initial startup, due to the OSGi (Open Services Gateway initiative) framework bundle not initializing correctly.
Support ticket: No related support tickets.
The API Details page in the Community Manager Developer Portal was not displaying all sample properties when the allOf property was included in the schema definition.
Support ticket: SUPPORT-41583
In addition to other updates, verification was performed to ensure that passwords are correctly defined as a "password" type to avoid them being treated like any other property.
Support ticket: No related support tickets.
By default, with a few exceptions, if a user is on a page in the Community Manager developer portal and then logs in from that page, the user is taken back to the same page after login.
When creating a new static page, customers can now override this default login behavior so that if the user is on the static page, and then logs in, the user is taken to the Action Dashboard. For details and instructions, see Creating a New Static View in Hermosa Theme, with override of default redirect behavior.
Support ticket: SUPPORT-40635
In a scenario where Envision was installed and the Detailed Auditing and Business Metrics policies were both attached to an API expecting a JSON response, there were duplicate entries in the request and response audit logs.
Support ticket: SUPPORT-42172
April 19, 2021
Obsolete jQuery libraries have been deleted from the product. The only distributed version is 3.4.1.
Support ticket: SUPPORT-31089
The generated API documentation currently displayed in the developer portal, either OpenAPI or Swagger, can now also be embedded in a third-party portal. If the generated API documentation includes the embedded Test Client functionality currently supported in the developer portal, embedded Test Client also works in the third-party portal.
Support for this feature includes a new library and a new working customization example in the customization ZIP file. If you do not have the customization ZIP file, ask Technical Support.
Authentication/authorization for the user's access to the API documentation from the third-party portal can be handled by the developer portal's SSO login functionality; for example, with SAML Web SSO or OpenID Connect.
Support ticket: SUPPORT-40315
In the Community Manager developer portal, the version dropdown for APIs and apps was not clickable and the down arrow was not visible in some cases, so that multiple versions would not display. This occurred on the API Documentation page, the API Overview page, and the App details page.
Support ticket: SUPPORT-41168
When searching for APIs, apps, or groups, each entry in the search results includes a list of tags defined for that resource, if they exist. Each tag is now a hyperlink; clicking a tag in a search results entry returns a list of resources that use that tag. The list is specific to the type of resource. For example, on the All APIs page, clicking a tag in a search results entry gives a list of all APIs with that tag. To return a list of all resources that have a specific tag (APIs, apps, and groups), use the top general search bar.
Support ticket: SUPPORT-40634
The Community Manager developer portal has added support for selecting a search scope, available from the API's Manage Licensing page when "Enable Licensing for API" is selected.
Support ticket: SUPPORT-41169
The Akana Sample Datasets for Demo Charts plug-in, which provides a series of sample datasets for demo charts, could fail to create charts and dashboards, due to special characters in the description fields for these models.
A new configuration property has been added to the Akana Administration Console: analytics.validation.text.denylist under
com.soa.persistence.console. This configuration can allow or disallow special characters in the description field used in Analytics Manager.
Support ticket: No related support tickets.
For operation-level tags, the tag name was used for both the name and description if no description was defined, resulting in the display of a duplicated tag name on the API Details and API Documentation pages. Now, just the name is displayed if there is no description.
Support ticket: SUPPORT-41166
In the Community Manager developer portal, the scrollbar on the API Overview page could initially appear in the middle of the page rather than at the top.
Support ticket: SUPPORT-41167
A timing issue during container startup intermittently caused the default certificate parameters to be unavailable when the container identity was generated, leading to an exception.
Support ticket: SUPPORT-37932
In the Community Manager developer portal, the version dropdown for APIs and apps was not clickable in some cases, so that multiple versions would not display. This occurred on the API Documentation page, the API Overview page, and the App details page.
Support ticket: SUPPORT-41144
After customizing the Login Entry page to open a custom page rather than the default Action Dashboard, the Action Dashboard would still open.
Support ticket: SUPPORT-40876
Elasticsearch indexing could fail when parsing a JSON object with a property value of JSONNull.
Support ticket: No related support tickets.
When searching in the Community Manager developer portal using the top-level search box or the filter search box, the results could be inconsistent, depending on the order of keywords entered.
Support ticket: SUPPORT-40951
While importing a package into either Policy Manager or the Community Manager developer portal, if the package file included a script, sometimes the script did not get added and the service would not get deployed, resulting in an HTTP 404 "Not Found" error.
Support ticket: SUPPORT-39727
March 19, 2021
For a role with permissions to delete a notification, multiple dashboard notifications can now be deleted, either by selecting all or some, then selecting "Delete Checked."
Support ticket: SUP-10607, SUPPORT-40289
A widget to display "APIs I'm Following" can now be added to the Community Manager developer portal's tenant Action Dashboard or any other page. Previously, this was found only under the My APIs page.
Support ticket: SUPPORT-40444
When searching for APIs, apps, or groups on their respective "details" pages, each returned entry includes a list of tags used for that resource, if they exist. These tags are now each hyperlinks, so that clicking on a tag returns a list of all APIs, apps, or groups with that tag.
Support ticket: SUPPORT-40634
When configured behind a reverse proxy that terminates SSL (HTTPS), the real-time charts could fail to display.
Support ticket: SUPPORT-40188, SUPPORT-39230
In Policy Manager's Real-Time Charts, selecting the View Data button could fail to populate the start and end date and time, resulting in an intermittent failure to display the logs via the Logs tab.
Support ticket: SUPPORT-40247
Due to the inclusion of some special characters, some URLs in the Community Manager developer portal could result in a Cross-Site Scripting (XSS) vulnerability.
Support ticket: SUPPORT-41131
For an API deployed on Network Director, the Open Banking Client Authentication policy could fail to process requests.
Support ticket: SUPPORT-40881
The Policy Manager login page could display the internal SQL query error if the database was unreachable. Now, a generic error message "General System Error. Please contact Administrator" is displayed if the database cannot be reached.
Support ticket: SUPPORT-40572
A JOSE Security Policy v2, configured for JWKS but not enabled for UK Open Banking support, could expose the exception class in a returned error, for example, "..."faultstring":"Authentication error. com.soa.transport.http.HttpException: HTTP Error..."
This was a regression from a previous release. Now, a returned fault appropriately omits the class name, returning, for instance: {“faultcode”:“Server”, “faultstring”:“Authentication error. Internal Server Error “}.
Support ticket: SUPPORT-25000
The Policy Manager Services feature, which includes the Security Services feature, did not install the HTTP Headers Injection policy handler bundle unless the Akana Policy Manager Console feature was also installed. This resulted in the Http Header Injection policy not working in Policy Manager container with no Console feature installed. This policy is now installed with the Security Services feature.
Support ticket: No related support tickets.
Two-factor authentication could fail when multiple delivery options are enabled in the workflow for receiving the authentication code, such as enabling both email and text messages.
Support ticket: No related support tickets.
The Get Contract Versions API (http://docs.akana.com/cm/api/apis/m_apis_getContractVersions.htm) for an API version could fail, in some cases in which there are a large number of contracts.
Support ticket: SUPPORT-40739
March 8, 2021
In the Community Manager developer portal, the Endpoints section on the API Overview page has been removed.
Support ticket: SUPPORT-40340
Importing a modified Swagger or OpenAPI 3.0 document using the API Designer Edit page did not update some parts of the document, specifically the info.version element. Support has been added for updating the API version if the info.version element in an updated design document changes.
Support ticket: SUPPORT-39972
When importing an API into the Community Manager developer portal, a schema description containing special characters was displayed as invalid characters.
Support ticket: SUPPORT-40296
An upgrade of the Rhino javascript engine resulted in intermittent script evaluation failures in which API calls could return an HTTP 404 "Not Found" error, along with error “java.lang.NoClassDefFoundError: org/mozilla/javascript/NativeJavaPackageHelper.”
Support ticket: SUPPORT-40978
For some Request body content-types, an API's documentation page, at API > Documentation, could fail to display operations when expanded, and report an error.
Support ticket: SUPPORT-40254
For Microsoft SQL Server 2012, when installing the Akana API Platform version 2019.1.22 or later, database schema installation for dropping a view could fail.
Support ticket: SUPPORT-40526
On an API's Details > Design page, the Request body's "Value" field and the Response body's "Sample" field could fail to display for some compound schemas using Open API Specification 3.0 or Swagger 2.0. Support has been added for the field "Sample" for compound schemas in Swagger and Open API documentation.
Support ticket: SUPPORT-40257
The "How to Customize" link on the home page of the Community Manager developer portal for the Simple Dev and Bonita themes was broken. It now properly launches the "Detailed Customization Document" page on the Akana docs site.
Support ticket: SUPPORT-39977, Support-39977
February 17, 2021
Enhancements have been made to the UI, in particular to the API > Implementations pages, to clarify some functionality.
Support ticket: No related support tickets.
Gzip content encoding on the consumer side has been removed, and the configuration transport.config.consumerGzip is now deprecated (available in the Akana Administration Console under Configuration > com.soa.transport.)
Support ticket: No support ticket
Updates to the UI have been made to improve performance and to support compound schemas with cyclic references.
Support ticket: SUPPORT-40095
The default SSL endpoint identification algorithm configured by Jetty9 caused a change in behavior during SSL handshakes for mutual authentication. This more stringent algorithm led to certain client certificates being rejected.
Support ticket: SUPPORT-40380
For APIs with hundreds of connections (contracts to apps, in this case), deleting the API version could fail, exceeding the number of prepared statements or cursors allowed in the database per session.
Note that if deleting the API version fails for another reason, some or all contracts could still be canceled (although the contracts could be canceled in the usual way).
Support ticket: SUPPORT-40157
When a user was deleted from an LDAP server in Policy Manager, if that user had also logged into Community Manager at some time prior, an error could occur. Now, deleting an LDAP user works as expected.
Support ticket: SUPPORT-29121, SUPPORT-3382, SUP-10427, SUP-15966, SUPPORT-1199, SUPPORT-38345, SUP-17739, SUP-18759, SUPPORT-38225
A concurrency issue in the Java DOM (Document Object Model) could lead to errors when reading data from WSDL documents in a multi-threaded environment. This was intermittently causing the HTTP method defined in the WSDL to be returned as null.
Support ticket: SUPPORT-22829, SUP-18551, SUP-18819, SUPPORT-3174, SUPPORT-3442, SUPPORT-23547, SUPPORT-23857, SUPPORT-24784, SUPPORT-27207, SUPPORT-27586, SUPPORT-34085, SUPPORT-39326, SUPPORT-22567, SUPPORT-22779, SUP-18551,SUPPORT-22779,SUPPORT-22567
In some cases, users with roles mapped with appropriate privileges were unable to create or view discussions on a private API.
Support ticket: SUPPORT-39976
For users assigned to a group in LDAP, signing into the Community Manager developer portal could result in incorrectly assigned privileges that did not reflect the role to which the LDAP group was mapped.
Support ticket: SUPPORT-39971
In some cases, user-defined roles were not considered in regards to contract workflows.
Support ticket: SUPPORT-39952
February 11, 2021
If you're using MongoDB, it's recommended to create indexes before upgrading to 2020.2.x:
use METRIC_ROLLUP_DATA
db.OPERATIONAL_METRIC.createIndex(
{"value._rolluptype": 1, "value.executorId": 1},
{name: "OPERATIONAL_METRICDeleteOnIDX", background: true})
db.OPERATIONAL_METRIC.createIndex(
{"value._rolluptype": 1, "value.rawIds": 1},
{name: "OPERATIONAL_METRICRecoveryIDX", background: true})
Note: The key features here are specific to 2020.2.0 and are not available in earlier 2020.1.x update releases. For features and enhancements also available in 2020.2.0 but delivered in previous 2020.1.x update releases, see each update version below.
This release incorporates several upgrades to technologies and tools. See System Requirements for Akana Platform 2020.2.x for details. These include:
Akana adds support for the AWS CloudHSM cloud-based hardware security module.
Enhanced support has been added for installation via specific Akana Docker images to enable better environment standardization, portability, compatibility, and ease of maintenance.
The authentication protocol NT LAN Manager version 2 (NTLMv2) is now supported.
Multiple enhancements have been made to the Community Manager portal. Among them are:
Multiple options are available to customize the portal, now documented in detail at "Detailed Customization Document" on the Akana docs site.
Envision has been enhanced with several usability improvements and security fixes, including the addition of chart creation guidance when filtering, the display of chart loading information, and the ability to edit a chart without first previewing it, improving performance.
The Lifecycle Manager Repository Client has now been certified on the macOS.
When logging into the Envision Console on an LDAP domain, valid usernames could potentially be exposed through repeated logins. For example, if an invalid username was provided, the application returned "User <username> does not exist." Now a generic message "Invalid user credential" is returned in all cases.
Support ticket: SUPPORT-2387, SUP-17761
For API, App and User extensible properties, Community Manager now supports the configuration of a single value or multiple values. A multi-value list can include free-form values added by the user.
Support ticket: No related support tickets.
Out-of-the-box automation recipes have been enhanced to support various use cases configuring security across Akana containers.
Support ticket: SUPPORT-36354
When using the MongoDB Support plug-in to manage audit and metrics data, new options are available to configure recovery jobs. These options help avoid loss of metrics data and ensure data accuracy during a roll-up process. In the Akana Administration Console, these are available at Configuration > com.soa.persistence.mongodb:
| Property | Default | Description |
|---|---|---|
| persistence.mongodb.rollup.maxRecoveryBatchSize | 10,000 | The maximum number of raw records in a batch, for a recovery job |
| persistence.mongodb.rollup.skipRecoveryIteration | 10 | Number of iterations to skip before running recovery jobs |
Support ticket: No related support tickets.
This release adds support for the optional PKCE security extension for OAuth, with the Authorization Code grant type. PKCE (Proof Key for Code Exchange) enhances security by adding an additional key with the authorization code request and again with the token request. For more details, see Akana OAuth/OIDC Provider Domain: Tab 2, Grant Types - Configuration Values on the Akana documentation site.
Support ticket: No related support tickets.
Admins can now control the number of records for a Mongo MapReduce operation to avoid processing delays and meet SLA requirements if resources are tight or the amount of data is high. A new maxBatchSize configuration property is available in the Akana Administration Console at Configuration > com.soa.persistence.mongodb > persistence.mongodb.rollup.maxBatchSize. The default setting is 10,000.
Support ticket: No related support tickets.
A new operational policy, AllowListedCrossSiteScripting, replaces the WhiteListedCrossSiteScripting policy in Policy Manager under Registry > Policies > Operational Policies > AllowListedCrossSiteScripting. Existing WhiteListedCrossSiteScripting policies will be retained.
Support ticket: No related support tickets.
A zip file of the customization samples is now available to download from the Customization page, accessed via More > Admin > Customization > Download Customization Samples.
Support ticket: No related support tickets.
Assigning a policy to a specific operation in an API implementation, rather than to the entire implementation, is now supported. See How do I assign policies to my API implementation? on the Akana documentation site. This functionality is also supported in the Test Client, both in the context of the Community Manager developer portal and when Test Client is embedded in authored API documentation.
This resulted in changes in the request and/or response to some existing operations that manage information about policies attached to an API.
Previously, these operations used the Policies model object, whether directly or nested within another model object. The Policies object includes an array of information about one or more policies attached to the service. These operations now use additional information, to accommodate policy attachments at the operation level in the developer portal and the APIs:
Modified operations include:
ApiVersion:
TargetAPI:
TargetAPI (field TargetAPI inside ApiVersion; see above)
APIImplementation:
Support ticket: SUPPORT-36137, SUPPORT-3459
The Get Contract Versions API, GET /api/apis/versions/{APIVersionID}/contracts), now supports pagination using start and count optional query parameters.
Support ticket: SUPPORT-35863
In Bonita theme, you can request access to APIs using the API Access Wizard, just as you can in Hermosa theme, available via an "Access" button on the API Details page.
Support ticket: No related support tickets.
In versions prior to 2020.2.0, Bonita theme supported viewing generated documentation in Swagger 2.0 and OAS 3.0, but not authored documentation. In version 2020.2.0, Bonita also supports viewing authored API documentation that has been uploaded, including all aspects of API documentation functionality. For more information, see Bonita theme: API functionality on the Akana documentation site.
Support ticket: No related support tickets.
The Real Time Charts in Policy Manager no longer use the Adobe Flash Player, which Adobe stopped supporting on December 31, 2020. The new, improved versions display similarly to earlier, Flash-based charts.
Support ticket: No related support tickets.
Filtering usage data by service has been improved by correcting the improper use of an index.
Support ticket: SUPPORT-34899
Support for Elasticsearch version 7.9.x has been added. Previous versions of Elasticsearch are incompatible with the API Platform, and support for the Elasticsearch Transport Client has been removed. Users must upgrade servers to Elasticsearch 7.9.x, as follows:
1. Upgrade Elasticsearch servers to use version 7.9.x.
2. Configure/Update REST Client URL (s) in:
Akana Administration Console > Configuration > "Configure Elasticsearch Global Configuration".
3. Delete the old indices by name or delete all indices using "_all":
curl -XDELETE 'http://<ES_HOST>:<ES_PORT>/_all'
|
4. Reindex all the objects:
Run the following query to reindex all the objects.
delete from INDEX_STATUS;
|
Support ticket: SUPPORT-32942, SUPPORT-33935
Exporting a chart as an image, previously available from several Envision dialogs, has been removed to avoid potential security issues.
Support ticket: SUPPORT-2383, SUP-17757
On the Policies page, accessed in the Community Manager portal via Organizations List > choose an organization, search tools are now available to help locate a policy.
Support ticket: No related support tickets.
Policy Manager's Dependency Map has been removed from the UI, previously available at Services > Monitoring > Dependencies.
Support ticket: No related support tickets.
The Process Editor, previously accessed only via the API > Implementations page, is now available from the API Details page. To open it, choose API > Details > Design section > specific operation, Actions drop-down; then select Edit Live Process or Edit Sandbox Process.
Support ticket: No related support tickets.
The JRE version 1.8 has been updated with the latest security patch, version 8u265.
Support ticket: No related support tickets.
A new Akana Administration Console task, "Configure SMTP server settings for email sending," sets SMTP properties via automation recipes. To run the task in automation, use the recipe file tasks/smtp-settings.json.
Support ticket: SUPPORT-33864
When creating charts in Envision, certain selections can negatively impact analytics performance; for example, filtering by an unnecessarily broad time range would result in long loading times that present undesired data.
Envision chart creation has now been enhanced to:
Support ticket: No related support tickets.
If new Elasticsearch indexes are added or existing indexes are modified, a new automation recipe, cm-es-index-upgrade.json, is available to update the index. This recipe takes no parameters. See Updating the Elasticsearch index on the Akana documentation site for detail.
Support ticket: No related support tickets.
Any required fields in an Envision UI form are now clearly marked with an asterisk (*).
Support ticket: No related support tickets.
The Envision dashboard now displays loading animation while each chart loads to provide a visual cue of progress.
Support ticket: No related support tickets.
The ability to edit a chart without first running a preview has been added. This can avoid a wait when charts take a long time to load.
Support ticket: SUPPORT-2579, SUP-17954
Default Theme was deprecated in 2020.1.0 and has now been removed from the UI. If you are using Default Theme, it will continue to work as before, but it is not supported. All customers using Default Theme should move to the Hermosa Theme, and migrate any customizations. For example, port header customizations according to Community Manager: Migration Guide and Community Manager: Detailed Customization Document. Other customizations should continue to work, but style customizations are likely to be required.
Support ticket: No support ticket
The Simple Developer theme (Simple Dev) is deprecated and will be removed in a future major release. A newer theme, Bonita, also has a streamlined UI and provides read-only access to API information.
Support ticket: No support ticket
The authentication protocol NT LAN Manager version 1 (NTLMv1) is deprecated; the platform now suppports NTLMv2.
Support ticket: SUPPORT-37466
In the Community Manager developer portal, mandatory fields in the API documentation's Schema section for Swagger and Open API documents now properly display an asterisk (*).
Support ticket: SUPPORT-35475
The API Details page did not fully populate with operation details for some APIs.
Support ticket: SUPPORT-39524
Single sign-on (SSO) logging for UK Open Banking could fail to return the trusted CA certificate when the database contained a very large number of CA certificates.
In the Akana Administration Console, a new setting now provides control of the cache expiration interval allowed for trusted CA certificates, under Configuration > com.soa.subsystems > trusted.ca.cache.expireIntervalMillis. The default is 60,000 milliseconds, or one minute. It's recommended to increase the cache time to 5 to 10 minutes. Restart is not required for the configuration to take effect.
The SQL prepared statement used with all the possible context paths for the public certificates is rounded up to the nearest 100. The statement can be profiled based on the number of public certificates in the system. For example, for 620 or 667 public certificates, profile the SQL for 700.
Support ticket: SUPPORT-36496
The Jetty transport setting that controls the maximum number of bytes allowed in a form returned errors when the default value of 0 was set. A default of 0 should allow 200,000 bytes, but the request was instead erroneously rejected. This setting is accessed in the Akana Administration Console under com.soa.platform.jetty > context.manager.maxFormSize.
Support ticket: SUPPORT-34297
For a SOAP service failure when an HTTP error 500 Internal Server Error was returned, the Policy Manager usage logs contained an empty Next Hop URL field.
Support ticket: SUPPORT-34119
The Policy Manager "Manage Role" function could display unsupported domains for selection in the "Within" dropdown (Policy Manager > Registry > Security tab > Manage Role). Now, only LDAP, Active Directory, or the local domain are displayed.
Support ticket: SUPPORT-37214, SUPPORT-37450
When using OpenAPI 3.0 or Swagger 2.0, an API description document with complex, compound schemas containing keywords allOf, anyOf, or oneOf could result in a malformed display of operation details.
Support ticket: SUPPORT-38857
Script execution is now validated at runtime against the engine types listed in com.soa.script.framework.properties in the Akana Administration Console for Network Director. If the script type is not found in the script.engine.manager.engines properties list, script execution will fail.
Support ticket: No related support tickets.
When trying to open the Sign Up page by clicking the Create Account tab in the Community Manager developer portal, the page could fail to load and would display an error if images or logos were in use for any enabled login domains.
Support ticket: SUPPORT-36489
A vulnerability was identified in the Akana Administration Console that could have resulted in a Server Side Request Forgery (SSRF) attack.
Support ticket: SUPPORT-37566
In certain scenarios, the connections on Network Director could hang in a CLOSE_WAIT state, resulting in socket timeout exceptions for the clients. The Jetty server upgrade has addressed this issue.
Support ticket: SUPPORT-35839, SUPPORT-32186, SUPPORT-36814
In some cases, there were problems in accessing the X.509 certificate URL for the External OAuth Provider domain. The platform requests the certificate using a POST API call, and the X.509 certificate URL must support POST requests. The documentation has been updated to clarify this requirement (External OAuth Provider Access Token Validation page, Signing Keys field).
Support ticket: SUPPORT-21712
When using OpenAPI 3.0, the API documentation could display an invalid Content-Type in the request body when viewing the documentation via the APIs > My APIs > choose API > Documentation tab.
Support ticket: SUPPORT-38035
A possible HTTP request smuggling vulnerability has been addressed by the Jetty server upgrade.
Support ticket: SUPPORT-28819
The version of Jetty bundled with the Akana API Platform has been updated to 9.4.31.
Support ticket: SUPPORT-29284, SUPPORT-29395, SUPPORT-26187, SUPPORT-20513, SUPPORT-32186, SUPPORT-28819
In the Community Manager developer portal, several enhancements have been made to the API Details and App Details pages for improved usability:
Support ticket: No related support tickets.
The Get Metrics API (GET /api/apis/versions/{APIVersionID}/metrics) was sometimes returning the wrong value for totalRequestSize and totalResponseSize.
Support ticket: SUPPORT-36498
The RAML Parser jar version has been upgraded from 0.8.7 to 0.8.40 to ensure proper API creation when importing a RAML file.
Support ticket: SUPPORT-37007
When adding a comment to a ticket using the Comment on Ticket API, POST /api/tickets/{TicketID}/comments, no notification was sent to the ticket creator. Notifications are now properly sent.
Support ticket: SUPPORT-34312
In some cases, an invalid username could be inserted into an LDAP query, resulting in an application exception and a subsequent LDAP injection vulnerability.
Support ticket: SUPPORT-2390, SUP-17764
When extensible metadata is enabled in the developer portal, the Lifecycle Repository Runtime Configuration did not always reflect updated metadata values for an API. Now asset properties are appropriately updated in the database before the Runtime Configuration is invoked.
Support ticket: SUPPORT-35841
In some cases, data written to a MongoDB database could include literal backslash escape characters, resulting in an alteration of the JSON response and a potential security threat. Now, all Envision APIs validate input appropriately before writing to the database. Any data out of spec returns an HTTP 400 Bad Request error.
Support ticket: SUPPORT-2384, SUP-17758, SUPPORT-2385
When Lifecycle Repository is installed and enabled, deleting an organization in Community Manager could fail.
Support ticket: SUPPORT-36083
The header and footer logos in all themes have been updated for consistency. The DevOps theme header is now consistent with the Bonita theme.
Support ticket: No related support tickets.
This release includes no enhancements.
The HTTP Message Validation policy has a new option "Log additional properties" to generate an alert when the request contains properties disallowed by the schema. When enabled, the alert is generated. The default is disabled.
Support ticket: SUPPORT-35453
When the Policy Manager domain certificate is updated, there is no need to restart Network Director containers to update the certificate information.
Support ticket: SUPPORT-32450
The JOSE Security Policy's Appendix F option now enforces a Base64URL encoding on the payload when signing, as defined in the Appendix F (Detached Content) section of the JWS specification (RFC-7515).
Support ticket: No related support tickets.
The Analytics aggregation collection primary key storage in MongoDB has been optimized to reduce RAM requirements for efficient charting and aggregation queries. This is evident when creating new datasets in Envision.
Support ticket: No related support tickets.
The Operational Metrics Policy has been deprecated. Instead, define a new dataset and then use the Business Metrics Policy to define dimensions and metrics.
Note: The key features here are specific to 2020.1.0 and are not available in earlier 2019.1.x update releases. For features and enhancements also available in 2020.1.0 but delivered in previous update releases, see each update version below..
Akana’s business analytics solution Envision has been relaunched with numerous enhancements and performance improvements:
Deprecation: The "Realtime" chart time interval features has been disabled, as this information is available in the developer portal. Existing real time charts will continue to function.
This release adds support for Apache Kafka, a deployment option that allows audit and metrics data from the Akana gateways to be streamed via Kafka instead of the native built-in support. The use of Kafka can improve Akana gateway performance and increase the deployed platform's reliability:
The Akana deployment can also specify the heap size to use for messages. The default is 20%. Any messages that would result in exceeding the specified heap size are dropped. This approach helps keep the gateways alive and performant.
A new theme Bonita has a user-friendly, streamlined interface targeted at the API consumer, i.e., the app developer, and provides access to API information including the API overview, details, performance charts, logs, documentation, and Test Client. Similarly, for apps, Bonita users have access to the app's details, overview, performance charts, logs, license monitoring, and Test Client.
Bonita is ideally suited to the production instance in the lifecycle in which APIs are promoted via automation. Automation ensures that only approved and governed APIs make it into production, thereby providing a trusted portal with no rogue APIs. For detail, see Bonita Theme on the Akana docs site.
The information reported and displayed in API transaction logs now includes several new metrics to provide additional information about the timing of exchange processing in the API Gateway. This allows for the measurement of timings such as TTFB (Time to First Byte), I/O times, and API Gateway processing times. These new metrics are used to provide enhanced feedback in the developer portal user interface for API analytics. See Viewing the time to first byte (TTFB) metric on the Akana docs site.
The developer portal now includes a monthly report that provides a visual summary of metric information across all businesses for the tenant. Data can be broken out by day if needed, and includes platform API usage, customer API usage, and totals for resources such as apps and APIs. See Monthly Report for detail.
The developer portal now includes a new dashboard where users can monitor up to 10 APIs on which they have the API Admin role. Users can adjust the visual display as needed, including adjusting duration and interval for the chart and removing one or more APIs from the display. The My Dashboard feature includes charts for Throughput, Request Size, and Response Time. See Monitoring Top APIs with the My Dashboard Feature on the Akana docs site.
Multiple improvements have been made to the generated Swagger 2.0 API documentation for improved usability, including converting the description from a column to a row, adding color for easy identification of the sample JSON, and improving readability by moving the operation summary and providing better spacing.
The platform’s support of dynamic deployment of error messages and UI copy, introduced in 2019.1.12, has been enhanced to require specifying the resource bundle base name in the Java properties file. Generated documentation now includes a summary of resource bundles for UI copy and error messages. Specifying the resource bundle base name helps identify the resources in use, which helps reduce the likelihood of collisions and speeds up lookups. See Internationalizing Error Messages and UI Copy on the Akana docs site.
Support has been added for MySQL 8.0.
Note that MySQL 8.0.x uses GROUPS as a reserved word, so the platform's table name GROUPS has been changed to CM_GROUPS.
This release includes numerous enhancements to the recipes that automate deployment. See Deployment Automation Improvements for details.
Various enhancements have been made to the recipes that automate deployment, including:
Support ticket: No related support tickets.
A new property has been added under the Akana Administration Console Configuration tab to allow the configuration of the Elasticsearch sniffer feature, which automatically discovers nodes. The property is elastic.client.useSniffer under com.akana.es.client.security. The default setting is true.
Support ticket: No related support tickets.
The DevOps theme for Lifecycle Coordinator has added support for LDAP and Active Directory login accounts.
Support ticket: No related support tickets.
Links to a non-existent landing page display an HTTP 404 "Page not found" rather than a blank page.
Support ticket: SUP-9733, SUPPORT-1040
The Akana OAuth/OIDC Provider domain now supports the "claims" request parameter. For detail, see the relevant RFC at https://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter.
Support ticket: SUPPORT-29833
Updates and enhancements have been made to the database tables MO_USAGEDATA, MO_USAGE_NEXTHOP, MO_ROLLUP, and *MO_ROLLUPDATA to include the length of the message header:
| MO_USAGEDATA | Includes two new fields
|
| MO_USAGE_NEXTHOP | Includes four new fields:
|
| MO_ROLLUP* | All MO_ROLLUP tables have two new fields:
|
| *MO_ROLLUPDATA | These fields now both include the length of the headers and not just the content length:
|
Support ticket: No related support tickets.
Because the API GET /resources/{ResourceVersionKey}/settings can be called before user login, the settings it can return have been limited to:
A new api, getPostLoginSettings (GET /resources/v2/{ResourceVersionKey}/settings), returns all the tenant's settings and requires that the user be logged in.
Support ticket: No related support tickets.
Login pages for the Akana Administration Console and Policy Manager have been rebranded.
Support ticket: No related support tickets.
A series of new APIs have been added to the platform to control a user's list of "Top APIs" maintained in the new My Dashboard feature. These APIs are part of the Users service and add, delete or return information on the APIs in this list:
For detail, see the list of Users service APIs at Users Service: Overview.
Support ticket: No related support tickets.
The Admin menu in the developer portal (under More > Admin) has been reorganized for better usability. This includes flattening the left Admin menu to make various elements more accessible. For example, Country Codes is now a top-level entry, and Custom Styles has been renamed “Customization” and moved up from the Config menu.
Support ticket: No related support tickets.
Usage monitoring now uses data size queues when batch writing usage data, reducing the likelihood of out-of-memory conditions. Prior to this change, monitoring usage data was based on queue size. The properties on com.soa.monitor.usage have changed as follows:
| com.soa.monitor.usage | Description | Default value |
|---|---|---|
| New properties: | ||
| usage.batch.writer.maxSizeUsageDataPct | max heap size used by usage data | 20 |
| usage.batch.writer.maxSizeUsageMessagesPct | max heap size used by usage data | 40 |
| Removed properties | ||
| usage.queue.capacity | ||
| usage.message.queue.capacity | ||
| rollup.queue.capacity | ||
| transaction.queue.capacity | ||
| transaction.queue.capacity |
Support ticket: No related support tickets.
In previous versions, when customizing files, users needed to create an exact folder structure within the developer portal, in File Explorer, and create and upload the customization files.
Now, two new options provide a theme-specific set of starter files for customization:
The page has been renamed and is now on the top-level Admin menu:
In addition, users can provision all starter customization files in one action by going to the Site Settings page and adding a new theme.
Note: If customization files are already in place, they are not overwritten.
For detail, see What functions are available to the Site Administrator on the Customization page? on the Akana docs site.
Support ticket: No related support tickets.
For batch messages processed asynchronously, reply message processing could experience a slowdown with overhead limit errors. This could occur when configuration limits were reached, which would result in connections being closed. The behavior has been changed to reduce the likelihood that connections will be closed unnecessarily.
Support ticket: SUPPORT-26089, SUPPORT-27740
The platform's Sign Up page for new accounts has updated the security questions section to add a "Select" option so the user can choose security questions, rather than having the page pre-select security questions.
Support ticket: No related support tickets.
A new Country Codes page in Admin > Country Codes allows Site Admins to manage the visibility of country codes on Signup, User Profile, and Create User pages. For detail, see Country Codes on the Akana docs site.
Support ticket: No related support tickets.
The Rhino JavaScript engine has been updated to the latest version, 1.7.12.
Support ticket: SUPPORT-29942
For MongoDB, usage info (headers) and usage messages (payload) are now stored separately, to decrease memory load in Network Director and improve performance.
A new MongoDB collection PM_AUDIT.AUDIT_MSG stores usage messages distinct from the existing collection PM_AUDIT.AUDIT used for usage Info. In addition, the existing index AUDIT_2AIdx on PM_AUDIT.AUDIT has been modified to have a unique restriction with a shard key prefix, for example:
> use PM_AUDIT;
|
> db.AUDIT.createIndex( { "containerKey" : 1, "eventId" : 1 }, |
{ "name": "AUDIT_2AIdx", "unique" : true, "background": true } ) |
You may have to update your scripts if you are retrieving Auditing Service Policy data directly from MongoDB.
Support ticket: No related support tickets.
When creating an API, its visibility can now be specified under the Add API screen's Advanced Options section.
Support ticket: SUPPORT-1789, SUP-17137
Trusted CA services have been enhanced to support expiration dates for certificates and to allow their removal.
Support ticket: SUP-1279, SUPPORT-1001
In some cases, a keyword search did not return entries from an API's Swagger description. Now, a document's descriptor tags are added to an API's tags when adding an API in the developer portal.
Support ticket: SUP-13385, SUP-15048, SUPPORT-1097, SUPPORT-1146
Installing Community Manager now installs both Hermosa and Default themes, so they no longer need to be installed separately. (Note, however, that Default Theme is deprecated with the 2020.1.0 release and will be removed completely in a later version.)
Support ticket: No related support tickets.
By default, QoS (Quality of Service) policies defined in a tenant are displayed in the API Access wizard when an app/API contract is requested. If you don't want the app developer to see these policies, disable this setting on the More > Settings > Apps page by deselecting the item "Show policies on API Access wizard."
Support ticket: SUP-12957, SUPPORT-1092
Performance enhancements have been made to improve Network Director startup times.
Support ticket: No related support tickets.
To allow users to download files via authored API documentation, add a new class attribute soa-control-cm-inline-do-not-process-link to the HTML <a> tag. A link with this class attribute is not processed to remove the link. See API Documentation Maintenance on the Akana docs site.
For example:
<a class="soa-control-cm-inline-do-not-process-link" href="./file-download.xlsx?download=true" target="_blank">Download Spreadsheet</a>
|
Support ticket: SUP-10706, SUPPORT-1052
Apps contracted to an API are automatically connected to a new API version, using the API version workflow's pre-function connectAppsFromPreviousVersion. To take advantage of this feature, add the function to your workflow. For detail, see API Version Workflow, "connectAppsFromPreviousVersion."
Support ticket: SUPPORT-17097
When adding an API version using the API POST /api/apis/{APIID}/versions, passing in an API version ID is not allowed and will return an HTTP "400 Bad Request" error. Previously, the version ID was ignored, but did not return an error.
Support ticket: SUP-12292
Default Theme is now deprecated and will be removed completely in a later version. All customers using Default Theme should move to the Hermosa Theme as soon as possible, and migrate any customizations. For example, port header customizations according to Community Manager: Migration Guide. Other customizations should continue to work, but style customizations are likely to be required.
The deprecated Akana OAuth Provider Agent and Akana API Platform OAuth Provider Agent have been removed from the product distribution. It is recommended that customers have a dedicated OAuth container to manage OAuth tokens, as covered in the diagram of recommended deployment: Sample deployment Scenario.
The Google Connector domain is deprecated with 2020.1.0. It is recommended to use the OpenID Connect Relying Party domain for platform login.