2025.1 Minor Releases

Each update is cumulative and includes all updates provided in earlier 2024.1.x updates. 

Minor Releases:

2025.1.2

November 28, 2025

Enhancements: 2025.1.2

Aggregate Policy OR support at the operation level

Akana now supports Aggregate policies with OR at the operation level, alongside the existing service-level support.

For more information, see the Aggregate policy documentation.

Case number: 01400432, 00847940, 00602441

Automation recipe to configure grid caching

A new automation recipe, hazelcast.json, has been included with the Akana installation. This recipe allows you to configure the grid caching feature using Hazelcast. Please refer Configure grid caching using an automation recipe to start using the recipe.

Case number: No associated case

Enhancements to Container System Health Panel Management Recipes and APIs

Akana has introduced enhancements to Automation Recipes and Health Service APIs for configuring container readiness and health check probes.

  • Additional container health measurable attributes can be added to the out-of-the-box Service Container Readiness and System Health Panel using Automation Recipes and Health Service APIs.

    • These additional metrics will be evaluated when generating a response to the container readiness probe (/admin/health/measurables/akana.service.container.readiness) and container health check probe (admin/health/measurables/akana.system.health).

    • For detailed guidance, refer to the System Health Tool user interface documentation.

  • Service Container Readiness and System Health Panel panels on Admin Console UI can be made editable using an Automation Recipe. To make the panels editable, refer to the Configure metric attributes for the Health panel documentation.

Case number: 00768083

Encrypt MongoDB password

Mongo DB password can be encrypted and stored in the file system property instead of raw and plain text format.

For the REST API and Automation recipe to achieve this, refer to the REST API, Recipe, and Config action (UI) topics in the documentation.

Case Number: 01329614, 01329630

Bug Fixes: 2025.1.2

PM cache busted based on the cache settings

PM-side caching busted based on the property com.soa.subsystems-->trusted.ca.cert.keystore.spi.expireIntervalMillis; after that, it fetched the cert from the PM database.

Case Number: No associated case

Improper HTTP Message Validation Policy error response when used with Aggregate OR policy

When The HTTP Message Validation Policy is attached to API along with Aggregate OR Policy (OAuth, Basic Authentication), gateway would return HTTP status code 500 instead of expected status code 400.

Case number: 01024629

SNI functionality does not work when the service certificate is updated or deleted

When a new private key and certificate are updated for an API implementation—either together or just the certificate—from the Community Manager portal, the changes may not take effect immediately. In some cases, a container restart is required for the updates to be fully applied.

Case number: No associated case

Issues with adding local listeners on RHEL Operating system using Oracle JDK 17 external JRE

As part of 2025.1.0 release, a known issue around adding local listeners was reported. The addition of local listener from the admin console or by using the add-local-listener.json recipe would not work when Akana 2025.1.0 is deployed on RHEL with Oracle Java 17 used as an external JRE.

This issue is now resolved.

Case number: No associated case

JMS message correlation failure

The Correlation ID of the response message in the reply queue was not getting set to the JMSMessageID from request message, resulting in failed message correlation.

Case Number: 01398114

Issue with the recipe to add JMS listener

The add-local-listener.json recipe failed to add a JMS listener due to an [Unexpected error [Url host is missing!]] error.

Case number: 00748664

Community Manager - Analytics logs issues after upgrade

Following the upgrade from Akana v2019 to v2024, audit log entries created in v2019 were not visible under Community Manager >Analytics >Logs. Older audit records will now show the details as same as Akana version 2019.

Case number: 01416080

Mutual TLS failure in certain scenario

The mutual TLS between the client app and the Akana gateway fails if there are multiple certificates with the same subject DN in Akana Trusted Certificate store.

Case number: 01416317

Breaking changes: 2025.1.2

Limits on multipart/form-data request headers size

From the 2025.1.2 release onwards, the size of individual headers in multipart/form-data will be 512 bytes. If the header exceeds 512 bytes, then the upload operation will fail.

Case number: No associated case

Security Vulnerabilities: 2025.1.2

Third-party libraries updated to mitigate vulnerabilities

Several third-party libraries have been updated to mitigate critical, high, and some medium priority vulnerabilities. See Using the Third-Party Libraries in the Akana documentation.

Case number: No associated case

2025.1.1

September 05, 2025

Key features: 2025.1.1

Header propagation configuration support in Community Manager UI and API

Now, the Header Propagation configuration rules can be managed through both the Community Manager Portal and the Akana platform APIs.

Key Features:

  • Global header propagation settings- Admins can configure global header propagation settings from CM → Admin → Settings → API Settings → General API settings page. These global settings will be applied when creating new APIs, new API versions, or adding operations to any API.

  • API level header propagation configuration - API admins can override global settings at the API level via API → Implementation → <Live/Sandbox> → Rules → Header Propagation page. Changes can be saved for a single operation or all operations under the API.

  • Akana Platform APIs now support new endpoints for managing header propagation configuration rules.

    • GET api/apis/versions/{ApiVersionID}/implementations/{ImplCode}/headersettings

    • PUT api/apis/versions/{ApiVersionID}/implementations/{ImplCode}/headersettings

  • Existing header propagation configuration rules from Policy Manager are now viewable and manageable from the Community Manager UI and Akana platform APIs.

For detailed UI and API documentation, see the following documentation topics:

After upgrading to 2025.1.x, you must run the Update CM API config action, see Update CM API.

Case Number: 00662787, 00798435, 01389974

Grid Caching for Akana deployment on Amazon EKS

Akana now natively suports Hazelcast grid caching for gateway deployments on Amazon EKS, delivering distributed, low-latency, and highly available caching across pods.

Key features:

  • Hazelcast IMDG Integration: Akana leverages Hazelcast In-Memory Data Grid (IMDG), removing the need to configure a separate pod for the Hazelcast grid server.

  • Kubernetes API-Based Discovery: Cluster members are automatically discovered using the Kubernetes API, eliminating manual IP configuration.

  • Dynamic Cluster Membership: Pods can join and leave the cache cluster automatically, with membership updates occurring without downtime.

  • Policy Support: This caching feature enhances performance for:

    • Throughput Quota Policy

    • Concurrency Quota Policy

    • OAuth Client Policy

    • HTTP Security Policies

Enabling and managing the feature:

  • Leverage the admin console properties grid.network.config.enableKubernetes,grid.network.config.clusterName, grid.network.config.kubernetesServiceName, grid.network.config.localPortto manage this feature

  • To enable this feature in EKS, set the values for these properties using a recipe.

  • Updates to the grid caching configuration require a POD restart.

For more details, see Grid support documentation.

For details on the automation recipe for Grid caching, see Configure grid caching using an automation recipe, Grid caching configuration for the EKS environment, Grid caching configuration for a non-EKS environment.

For details on Grid caching (UI), see Configure the Akana grid services framework for caching.

Case Number: 01378578

OpenBanking v4 Support

Akana now supports OpenBanking v4 message formats for success as well as error messages, enabling enhanced compatibility with the latest UK Open Banking specifications.

As part of the enhancement, the following policies have been enhanced to return response error codes in ISO 20022 - 4-character format.

  • JOSE Security V2 Policy

  • HTTP Message Validation Policy

To utilize this feature, create a new policy by selecting the Open Banking v4 standard and attaching it to the relevant APIs.

Please refer to the updated policy documentation, Configuring JOSE Security Policy V2 options, Open Banking error messages for the JOSE Security Policy v2, Configuring the HTTP Message Validation Policy, and Using the HTTP Message Validation Policy for policy configuration and error code details.

Case Number: 01389640

Enhancements: 2025.1.1

RSA1_5 encryption algorithm enabled for JOSE Security Policy v2

The use of the RSA1_5 encryption algorithm, previously disabled in an earlier release, has been temporarily re-enabled in the JOSE Security Policy v2 to support legacy use cases.

Case Number: 01371180

Bug Fixes: 2025.1.1

Apache HTTP connection pool got exhausted while revising the app contract

During the process of revising contracts between the API using Pingfederate OAuth provider and apps, and synchronizing the applications with PingFederate, the Apache HTTP connection pool could get exhausted, resulting in the following error: org.apache.http.conn.ConnectionPoolTimeoutException: Timeout waiting for connection from pool.

Case Number: 01424488

Incorrect error message for Open Banking 3.1 request private headers iat, iss, tan

JOSE Security Policy v2 could return incomplete paths like iat, iss, tan in the error response instead of <base-path>/iat, <base-path>/iss, <base-path>/tan for corresponding Open Banking 3.1 request private headers.

Case Number: 01421931

OAuth token insufficient scope exception logging issue

OAuth token insufficient scope exception would not be logged when log level is error.

Case number: No associated case

Content-Type is converted from Lowercase to Uppercase for utf-8

When the property com.soa.http.client.core > transport.factory.multiValuedHeaders is empty and the authorization header in the incoming request is in lowercase for Atmosphere and OAuth 2.0 (strip) policy, Akana sends a null value in the Authorization header instead of removing the header from the downstream request.

Case Number: 01201862

Unable to delete an API that is contracted to the APP

Deletion of API that is contracted to the APP would result in a General System error when OAuth is configured for the API.

Case Number: 01385486

Logging improvements to address the performance issue

Optimized logging to enhance memory allocation and reduce I/O impact during API request processing.

Case Number:01401916

An incorrect error message on session timeout when "Active Session Timeout" was configured

When the “Active Session Timeout” setting in the Community Manager is configured, the “Expired Token” error message would be intermittently displayed upon session timeout instead of the expected message: “Your session has timed out. Please log in again.”.

Case Number: 01389244

Long garbage collection events observed on EKS deployment

High memory consumption could occur during the Gateway and the Policy Manager communication failures causing long garbage collection events. One of the scenarios for this is, deployment of Policy Manager pods when gateway pods are up and running. Improvements were done to reduce the memory consumption under such scenarios.

New configuration properties pm.client.disablePMResponseSignatureVerificationFailureAutoRecovery and pm.client.disableRandomSymmetricKeyDecryptionFailureAutoRecovery are introduced under com.soa.client.subsystems to control the Gateway auto-recovery during the Gateway to Policy Manager communication failures.

Please refer Subsystem clients configuration for more details of the configurations.

Case Number: 01314468

Logging improvements to address the performance issue

Optimized logging to enhance memory allocation and reduce I/O impact during API request processing.

Case Number: 01401916

Error in validating large JSON payload

The HTTP message validation policy would fail when handling large JSON payloads. Now the policy can successfully validate JSON payloads of up to 20 MB size.

Case Number: 01393088

Issue with removing users from the Business Admin Group

When a user is a Business Admin across multiple tenants, attempting to remove that user from the Business Admin group in one tenant would result in an error.

Case Number: 01352678

Intermittent Concurrent Exception resulting in errors

In an EKS environment, a ConcurrentModificationException would occur whenever a new pod was initialized, resulting in HTTP 500 errors returned by the Gateway during incoming request processing.

Case Number: 01397287

GRID caching not functioning as expected

With the Gateway in cluster and grid caching is enabled, throughput quota policy would not process requests according to the configured throughput limits.

Case Number:01396264

Known issues: 2025.1.1

Performance degradation with TLS1.3

When using TLSv1.3 for inbound or outbound HTTP connections, performance degradation has been observed under certain workloads. Users may experience:

  • Slower response times

  • Increased latency

This behavior is notably different from connections using TLSv1.2.

Recommended Action

Until a fix is available, it is recommended to:

  • Configure the environment to use TLSv1.2

Refer to the Akana Platform Hardening Guide for detailed instructions on managing security protocol settings.

Case Number: No associated case

Upcoming Breaking changes

Upcoming Breaking Change Notice

Effective from: Version 2026.1.0

We are introducing a breaking change in the upcoming major release which is necessary to be compliant with the specification RFC 6750: The OAuth 2.0 Authorization Framework: Bearer Token Usage.

  • Impact: This change will impact www-authenticate API response headers that are sent in case of OAuth token validation failure.

  • Change:

    • The auth-scheme in www-authenticate header will be Bearer instead of OAuth.

    • In case of scope validation failure, the error in www-authenticate header will be error="insufficient_scope" instead of existing response error="1012120 - You do not have permission to access the resource." The current error value will be moved to error_description.

  • Action Required:

    • The APPs consuming the APIs hosted on Akana need to handle this new www-authenticate header.

    • Update your conformance test suite as per new.

    • By default, this change will be enabled. A configuration property will be provided to enable backward compatible behavior.

Case number: No associated case

Deprecation: 2025.1.1

Hazelcast Configuration Property Deprecation

The following two Hazelcast configuration properties are marked as deprecated:

  • grid.group.config.groupName

  • grid.group.config.groupPassword

Use grid.network.config.clusterName instead.

Case number: 01378578

Security Vulnerabilities: 2025.1.1

Third-party libraries updated to mitigate vulnerabilities

Several third-party libraries have been updated to mitigate critical, high, and some medium priority vulnerabilities. See Using the Third-Party Libraries in the Akana documentation.

Case number: No associated case

Replace examxml with the open source XMLUnit library

The licensed library examxml used in the LC/LR module in a Java file named \products\lifecyclemanager\com.soa.repository.businesslogic\src\com\logiclibrary\extensions\JExamXMLDifferenceEngine.java is now replaced by the open source XMLUnit library.

Case number: No associated case