2025.1 Minor Releases

Minor Releases:

• 2025.1 Minor Releases
  • 2025.1.1

2025.1.1

September 05, 2025

• Key features: 2025.1.1

• Enhancements: 2025.1.1

• Bug Fixes: 2025.1.1

• Known issues: 2025.1.1

• Upcoming Breaking changes

• Deprecation: 2025.1.1

• Security Vulnerabilities: 2025.1.1

Key features: 2025.1.1

Header propagation configuration support in Community Manager UI and API

Now, the Header Propagation configuration rules can be managed through both the Community Manager Portal and the Akana platform APIs.

Key Features:

• Global header propagation settings- Admins can configure global header propagation settings from CM → Admin → Settings → API Settings → General API settings page. These global settings will be applied when creating new APIs, new API versions, or adding operations to any API.

• API level header propagation configuration - API admins can override global settings at the API level via API → Implementation → <Live/Sandbox> → Rules → Header Propagation page. Changes can be saved for a single operation or all operations under the API.

• Akana Platform APIs now support new endpoints for managing header propagation configuration rules.

  • GET api/apis/versions/{ApiVersionID}/implementations/{ImplCode}/headersettings

  • PUT api/apis/versions/{ApiVersionID}/implementations/{ImplCode}/headersettings

• Existing header propagation configuration rules from Policy Manager are now viewable and manageable from the Community Manager UI and Akana platform APIs.

For detailed UI and API documentation, see the following documentation topics:

• Header Settings Service: Overview

• Get Header Propagation Settings

• Update Header Propagation Settings

• How to configure the global header propagation settings

• Managing Header Propagation Rules

After upgrading to 2025.1.x, you must run the Update CM API config action, see Update CM API.

Case Number: 00662787, 00798435, 01389974

Grid Caching for Akana deployment on Amazon EKS

Akana now natively suports Hazelcast grid caching for gateway deployments on Amazon EKS, delivering distributed, low-latency, and highly available caching across pods.

Key features:

• Hazelcast IMDG Integration: Akana leverages Hazelcast In-Memory Data Grid (IMDG), removing the need to configure a separate pod for the Hazelcast grid server.

• Kubernetes API-Based Discovery: Cluster members are automatically discovered using the Kubernetes API, eliminating manual IP configuration.

• Dynamic Cluster Membership: Pods can join and leave the cache cluster automatically, with membership updates occurring without downtime.

• Policy Support: This caching feature enhances performance for:

  • Throughput Quota Policy

  • Concurrency Quota Policy

  • OAuth Client Policy

  • HTTP Security Policies

Enabling and managing the feature:

• Leverage the admin console properties grid.network.config.enableKubernetes,grid.network.config.clusterName, grid.network.config.kubernetesServiceName, grid.network.config.localPortto manage this feature

• To enable this feature in EKS, set the values for these properties using a recipe.

• Updates to the grid caching configuration require a POD restart.

For more details, see Grid support documentation.

For details on the automation recipe for Grid caching, see Configure grid caching using an automation recipe, Grid caching configuration for the EKS environment, Grid caching configuration for a non-EKS environment.

For details on Grid caching (UI), see Configure the Akana grid services framework for caching.

Case Number: 01378578

OpenBanking v4 Support

Akana now supports OpenBanking v4 message formats for success as well as error messages, enabling enhanced compatibility with the latest UK Open Banking specifications.

As part of the enhancement, the following policies have been enhanced to return response error codes in ISO 20022 - 4-character format.

• JOSE Security V2 Policy

• HTTP Message Validation Policy

To utilize this feature, create a new policy by selecting the Open Banking v4 standard and attaching it to the relevant APIs.

Please refer to the updated policy documentation, Configuring JOSE Security Policy V2 options, Open Banking error messages for the JOSE Security Policy v2, Configuring the HTTP Message Validation Policy, and Using the HTTP Message Validation Policy for policy configuration and error code details.

Case Number: 01389640

Enhancements: 2025.1.1

RSA1_5 encryption algorithm enabled for JOSE Security Policy v2

The use of the RSA1_5 encryption algorithm, previously disabled in an earlier release, has been temporarily re-enabled in the JOSE Security Policy v2 to support legacy use cases.

Case Number: 01371180

Bug Fixes: 2025.1.1

Apache HTTP connection pool got exhausted while revising the app contract

During the process of revising contracts between the API using Pingfederate OAuth provider and apps, and synchronizing the applications with PingFederate, the Apache HTTP connection pool could get exhausted, resulting in the following error: org.apache.http.conn.ConnectionPoolTimeoutException: Timeout waiting for connection from pool.

Case Number: 01424488

Incorrect error message for Open Banking 3.1 request private headers iat, iss, tan

JOSE Security Policy v2 could return incomplete paths like iat, iss, tan in the error response instead of <base-path>/iat, <base-path>/iss, <base-path>/tan for corresponding Open Banking 3.1 request private headers.

Case Number: 01421931

OAuth token insufficient scope exception logging issue

OAuth token insufficient scope exception would not be logged when log level is error.

Case number: No associated case

Content-Type is converted from Lowercase to Uppercase for utf-8

When the property com.soa.http.client.core > transport.factory.multiValuedHeaders is empty and the authorization header in the incoming request is in lowercase for Atmosphere and OAuth 2.0 (strip) policy, Akana sends a null value in the Authorization header instead of removing the header from the downstream request.

Case Number: 01201862

Unable to delete an API that is contracted to the APP

Deletion of API that is contracted to the APP would result in a General System error when OAuth is configured for the API.

Case Number: 01385486

Logging improvements to address the performance issue

Optimized logging to enhance memory allocation and reduce I/O impact during API request processing.

Case Number:01401916

An incorrect error message on session timeout when "Active Session Timeout" was configured

When the “Active Session Timeout” setting in the Community Manager is configured, the “Expired Token” error message would be intermittently displayed upon session timeout instead of the expected message: “Your session has timed out. Please log in again.”.

Case Number: 01389244

Long garbage collection events observed on EKS deployment

High memory consumption could occur during the Gateway and the Policy Manager communication failures causing long garbage collection events. One of the scenarios for this is, deployment of Policy Manager pods when gateway pods are up and running. Improvements were done to reduce the memory consumption under such scenarios.

New configuration properties pm.client.disablePMResponseSignatureVerificationFailureAutoRecovery and pm.client.disableRandomSymmetricKeyDecryptionFailureAutoRecovery are introduced under com.soa.client.subsystems to control the Gateway auto-recovery during the Gateway to Policy Manager communication failures.

Please refer Subsystem clients configuration for more details of the configurations.

Case Number: 01314468

Logging improvements to address the performance issue

Optimized logging to enhance memory allocation and reduce I/O impact during API request processing.

Case Number: 01401916

Error in validating large JSON payload

The HTTP message validation policy would fail when handling large JSON payloads. Now the policy can successfully validate JSON payloads of up to 20 MB size.

Case Number: 01393088

Issue with removing users from the Business Admin Group

When a user is a Business Admin across multiple tenants, attempting to remove that user from the Business Admin group in one tenant would result in an error.

Case Number: 01352678

Intermittent Concurrent Exception resulting in errors

In an EKS environment, a ConcurrentModificationException would occur whenever a new pod was initialized, resulting in HTTP 500 errors returned by the Gateway during incoming request processing.

Case Number: 01397287

GRID caching not functioning as expected

With the Gateway in cluster and grid caching is enabled, throughput quota policy would not process requests according to the configured throughput limits.

Case Number:01396264

Known issues: 2025.1.1

Performance degradation with TLS1.3

When using TLSv1.3 for inbound or outbound HTTP connections, performance degradation has been observed under certain workloads. Users may experience:

• Slower response times

• Increased latency

This behavior is notably different from connections using TLSv1.2.

Recommended Action

Until a fix is available, it is recommended to:

• Configure the environment to use TLSv1.2

Refer to the Akana Platform Hardening Guide for detailed instructions on managing security protocol settings.

Case Number: No associated case

Upcoming Breaking changes

Upcoming Breaking Change Notice

Effective from: Version 2026.1.0

We are introducing a breaking change in the upcoming major release which is necessary to be compliant with the specification RFC 6750: The OAuth 2.0 Authorization Framework: Bearer Token Usage.

• Impact: This change will impact www-authenticate API response headers that are sent in case of OAuth token validation failure.

• Change:

  • The auth-scheme in www-authenticate header will be Bearer instead of OAuth.

  • In case of scope validation failure, the error in www-authenticate header will be error="insufficient_scope" instead of existing response error="1012120 - You do not have permission to access the resource." The current error value will be moved to error_description.

• Action Required:

  • The APPs consuming the APIs hosted on Akana need to handle this new www-authenticate header.

  • Update your conformance test suite as per new.

  • By default, this change will be enabled. A configuration property will be provided to enable backward compatible behavior.

Case number: No associated case

Deprecation: 2025.1.1

Hazelcast Configuration Property Deprecation

The following two Hazelcast configuration properties are marked as deprecated:

• grid.group.config.groupName

• grid.group.config.groupPassword

Use grid.network.config.clusterName instead.

Case number: 01378578

Security Vulnerabilities: 2025.1.1

Third-party libraries updated to mitigate vulnerabilities

Several third-party libraries have been updated to mitigate critical, high, and some medium priority vulnerabilities. See Using the Third-Party Libraries in the Akana documentation.

Case number: No associated case

Replace examxml with the open source XMLUnit library

The licensed library examxml used in the LC/LR module in a Java file named \products\lifecyclemanager\com.soa.repository.businesslogic\src\com\logiclibrary\extensions\JExamXMLDifferenceEngine.java is now replaced by the open source XMLUnit library.

Case number: No associated case