Version 2020.1.7
Akana 2020.1.x System Requirements
Upgrading the Akana API Platform from 2019.1.x to 2020.1.0
The Akana API Platform and other Akana products are changing versioning schemes with this first major release of 2020. All major releases now follow the scheme "xxxx.1.0" rather than "xxxx.0.0". As a result, this first major release for 2020 is 2020.1.0.
Test all customizations when upgrading.
Default Theme is now deprecated and will be removed completely in a later version.
jQuery has been upgraded to v3.4.1 from v1.8.3. This version of jQuery impacts all Developer pages in all themes, requiring any customizations to be tested with jQuery v3.4.1. For migration information, see jQuery Core 1.9 Upgrade Guide and jQuery Core 3.0 Upgrade Guide.
Date/release version |
Changes |
January, 2021 2020.1.0 |
New entry added for Logging into Policy Manager could fail without error. |
January, 2021 2020.1.1 |
New entry added for Notifications page displayed inconsistent date formats. |
Feb.1, 2023 2020.1.7 |
Removed all enhancements entries regarding the previous major version 2019.1.x to avoid duplication and simplify these notes. These enhancements are still listed in the 2019.1.x release notes. |
The search filters in the Community Manager Developer Portal now support searching by an API or app's tag.
Support ticket: SUPPORT-40632, SUPPORT-41146
In Policy Manager, the Detailed Auditing Policy could display duplicate entries for the request and response audit logs.
Support ticket: SUPPORT-42172, SUPPORT-42172
In addition to other updates, verification was performed to ensure that passwords are correctly defined as a "password" type to avoid them being treated like any other property.
Support ticket: No related support tickets.
The API Details page in the Community Manager Developer Portal was not displaying all sample properties when the allOf property was included in the schema definition.
Support ticket: SUPPORT-41583
While importing a package into either Policy Manager or the Community Manager developer portal, if the package file included a script, sometimes the script did not get added and the service would not get deployed, resulting in an HTTP 404 "Not Found" error.
Support ticket: SUPPORT-39727
When searching for APIs, apps, or groups, each entry in the search results includes a list of tags defined for that resource, if they exist. Each tag is now a hyperlink; clicking a tag in a search results entry returns a list of resources that use that tag. The list is specific to the type of resource. For example, on the All APIs page, clicking a tag in a search results entry gives a list of all APIs with that tag. To return a list of all resources that have a specific tag (APIs, apps, and groups), use the top general search bar.
Support ticket: SUPPORT-40634
The Community Manager developer portal has added support for selecting a search scope, available from the API's Manage Licensing page when "Enable Licensing for API" is selected.
Support ticket: SUPPORT-41169
For a role with permissions to delete a notification, multiple dashboard notifications can now be deleted, either by selecting all or some, then selecting "Delete Checked."
Support ticket: SUP-10607, SUPPORT-40289
Importing a modified Swagger or OpenAPI 3.0 document using the API Designer Edit page did not update some parts of the document, specifically the info.version element. Support has been added for updating the API version if the info.version element in an updated design document changes.
Support ticket: SUPPORT-39972
A widget to display "APIs I'm Following" can now be added to the Community Manager developer portal's tenant Action Dashboard or any other page. Previously, this was found only under the My APIs page.
Support ticket: SUPPORT-40444
In the Community Manager developer portal, the Endpoints section on the API Overview page has been removed.
Support ticket: SUPPORT-40340
On an API's Details > Design page, the Request body's "Value" field and the Response body's "Sample" field could fail to display for some compound schemas using Open API Specification 3.0 or Swagger 2.0. Support has been added for the field "Sample" for compound schemas in Swagger and Open API documentation.
Support ticket: SUPPORT-40257
In the Community Manager developer portal, the scrollbar on the API Overview page could initially appear in the middle of the page rather than at the top.
Support ticket: SUPPORT-41167
In the Community Manager developer portal, the version dropdown for APIs and apps was not clickable in some cases, so that multiple versions would not display. This occurred on the API Documentation page, the API Overview page, and the App details page.
Support ticket: SUPPORT-41168, SUPPORT-41144
Elasticsearch indexing could fail when parsing a JSON object with a property value of JSONNull.
Support ticket: No related support tickets.
When searching in the Community Manager developer portal using the top-level search box or the filter search box, the results could be inconsistent, depending on the order of keywords entered.
Support ticket: SUPPORT-40951
Adding a SOAP header using a script activity in an operation process failed, returning an HTTP 404 "Not Found" error.
Support ticket: SUPPORT-40889, SUPPORT-40865, SUPPORT-40865
In Policy Manager's Real-Time Charts, selecting the View Data button could fail to populate the start and end date and time, resulting in an intermittent failure to display the logs via the Logs tab.
Support ticket: SUPPORT-40247
For operation-level tags, the tag name was used for both the name and description if no description was defined, resulting in the display of a duplicated tag name on the API Details and API Documentation pages. Now, just the name is displayed if there is no description.
Support ticket: SUPPORT-41166
A JOSE Security Policy v2, configured for JWKS but not enabled for UK Open Banking support, could expose the exception class in a returned error, for example, "..."faultstring":"Authentication error. com.soa.transport.http.HttpException: HTTP Error..."
This was a regression from a previous release. Now, a returned fault appropriately omits the class name, returning, for instance: {“faultcode”:“Server”, “faultstring”:“Authentication error. Internal Server Error “}.
Support ticket: SUPPORT-25000
Adding a new version to an API with a descriptor could fail in some cases.
Support ticket: SUPPORT-41446
Due to the inclusion of some special characters, some URLs in the Community Manager developer portal could result in a Cross-Site Scripting (XSS) vulnerability.
Support ticket: SUPPORT-41131
The Policy Manager Services feature, which includes the Security Services feature, did not install the HTTP Headers Injection policy handler bundle unless the Akana Policy Manager Console feature was also installed. This resulted in the Http Header Injection policy not working in Policy Manager container with no Console feature installed. This policy is now installed with the Security Services feature.
Support ticket: No related support tickets.
The Get Contract Versions API (http://docs.akana.com/cm/api/apis/m_apis_getContractVersions.htm) for an API version could fail, in some cases in which there are a large number of contracts.
Support ticket: SUPPORT-40739
For some Request body content-types, an API's documentation page, at API > Documentation, could fail to display operations when expanded, and report an error.
Support ticket: No related support tickets.
When configured behind a reverse proxy that terminates SSL (HTTPS), the real-time charts could fail to display.
Support ticket: SUPPORT-40188, SUPPORT-39230
Two-factor authentication could fail when multiple delivery options are enabled in the workflow for receiving the authentication code, such as enabling both email and text messages.
Support ticket: No related support tickets.
For an API deployed on Network Director, the Open Banking Client Authentication policy could fail to process requests.
Support ticket: SUPPORT-40881
When importing an API into the Community Manager developer portal, a schema description containing special characters was displayed as invalid characters.
Support ticket: SUPPORT-40296
On an API's Details > Design page, the Request body's "Value" field and the Response body's "Sample" field could fail to display for some compound schemas using Open API Specification 3.0 or Swagger 2.0. Support has been added for the field "Sample" for compound schemas in Swagger and Open API documentation.
Support ticket: SUPPORT-40257
Updates to the UI have been made to improve performance and to support compound schemas with cyclic references.
Support ticket: SUPPORT-40095
The Akana Administration Console has updated the JAX-RS bundle (com.soa.jaxrs) from 2020.1.0 to 2020.1.5, visible in the console under System > Bundles.
Support ticket: SUPPORT-40304
For APIs with hundreds of connections (contracts to apps, in this case), deleting the API version could fail, exceeding the number of prepared statements or cursors allowed in the database per session.
Note that if deleting the API version fails for another reason, some or all contracts could still be canceled (although the contracts could be canceled in the usual way).
Support ticket: SUPPORT-40157
A concurrency issue in the Java DOM (Document Object Model) could lead to errors when reading data from WSDL documents in a multi-threaded environment. This was intermittently causing the HTTP method defined in the WSDL to be returned as null.
Support ticket: SUP-18819, SUP-18551, SUPPORT-24784, SUPPORT-27207, SUPPORT-34085, SUPPORT-39326
Gzip content encoding on the consumer side has been removed, and the configuration transport.config.consumerGzip is now deprecated (available in the Akana Administration Console under Configuration > com.soa.transport.
Support ticket: SUPPORT-39987
When an LDAP user assigned to a group in LDAP signed in to the Community Manager developer portal, sometimes the privileges from the role that the LDAP group was mapped to were correctly assigned for the LDAP user but in some instances they were not.
Support ticket: SUPPORT-39971
In some cases, users with roles mapped with appropriate privileges were unable to create or view discussions on a private API.
Support ticket: SUPPORT-39976
The Real Time Charts in Policy Manager no longer use the Adobe Flash Player, which Adobe stopped supporting on December 31, 2020. The new, improved versions display similarly to earlier, Flash-based charts.
The Policy Manager's Dependency Map has been removed from the UI, previously available at Services > Monitoring > Dependency chart.
Support ticket: No related support tickets.
The JOSE Security Policy v2 now supports OBSeal certificates for UK Open Banking 3.1.
Support ticket: SUPPORT-37560
For API, App and User extensible properties, Community Manager now supports the configuration of a single value or multiple values. A multi-value list can include free-form values added by the user.
Support ticket: No related support tickets.
The authentication protocol NT LAN Manager version 1 (NTLMv1) is deprecated; the platform now suppports NTLMv2.
Support ticket: SUPPORT-37466
Version 2020.2.0 will add a new feature that allows policies to be attached at the operation level as well as at the service level. This requires some changes in the request and/or response to some existing operations that manage information about policies attached to an API.
Previously, these operations used the Policies model object, whether directly or nested within another model object. The Policies object includes an array of information about one or more policies attached to the service. In 2020.2.0, these operations will use additional information, to accommodate policy attachments at the operation level in the developer portal and the APIs:
Modified operations include:
ApiVersion:
TargetAPI:
APIImplementation:
Support ticket: SUPPORT-36137
Loading an OpenAPI 3.0 or Swagger 2.0 document could result in a missing operation for a new API or API version with an object type of patternProperty.
Support ticket: SUPPORT-39726
When using OpenAPI 3.0 or Swagger 2.0, an API description document with complex, compound schemas containing keywords allOf, anyOf, or oneOf could result in a malformed display of operation details.
Support ticket: SUPPORT-39524
In Policy Manager for a service with a Basic Auditing Policy attached, the outbound (next hop) auditing log was reporting the inbound headers. Outbound auditing now correctly reports downstream, or outbound, headers.
Support ticket: No related support tickets.
Some URLs in Community Manager containing special characters resulted in a Cross-Site Scripting (XSS) vulnerability. This issue has been addressed.
Support ticket: SUPPORT-38469
When adding or modifying a theme, and saving the updates in the Site Settings page, the platform no longer automatically generates out-of-the-box customization files for all current themes. Note that customization files are still generated for new themes only.
Support ticket: No related support tickets.
When trying to open the Sign Up page by clicking the Create Account tab in the Community Manager developer portal, the page could fail to load and would display an error if images or logos were in use for any enabled login domains.
Support ticket: SUPPORT-36489
When using OpenAPI 3.0 or Swagger 2.0, an API description document with complex, compound schemas containing keywords allOf, anyOf, or oneOf could result in a malformed display of operation details.
Support ticket: SUPPORT-38857
In Policy Manager, the Consumer Identities list sometimes failed to display, due to sorting errors.
Support ticket: SUPPORT-38181
When using the PS algorithms (PS256, PS384, and PS512) as the signing algorithm for the OAuth/OIDC provider, the null c_hash claim is returned in the ID token.
Support ticket: SUPPORT-37671
Image files uploaded to the developer portal are now sanitized before they are accepted for upload.
Support ticket: No related support tickets.
A regression in the deployment of physical service certificates could cause failures in next hop security policies. The failure was triggered by configuring a security policy, such as the WS-Security Asymmetric Binding Policy, on a physical service, using an X.509 token with a subject category of "service".
Support ticket: SUPPORT-37806, SUPPORT-37151
This release includes no enhancements.
When a user added an app, two API calls were made – first to add the app with a random Shared Secret value, and then to update the Shared Secret with a user-specified or generated value. This caused latency. Now, only one API call is made, which improves performance.
Support ticket: SUPPORT-37257
The API Consumer Application Security Policy was returning HTTP 500 "Internal Server Error" instead of HTTP 401 "Unauthorized" when the required header was missing.
Support ticket: SUPPORT-35955
A new configuration property has been added to Akana Administration Console's Configuration tab to remove the idle user authorization tokens from the cache. The new property is available under Configuration > com.soa.atmosphere >
atmosphere.config.authTokenTimeToIdleTimeInSeconds.
The default idle time is 62 seconds. The tokens were previously cached for 30 minutes regardless of their usage, and thus could use a large chunk of memory and cause out-of-memory errors on portal containers.
Support ticket: SUPPORT-36309
The default listener idle thread timeout value is 1,800,000 ms (30 minutes), but when a new listener was created manually, the default idle thread timeout was 180,000 ms (3 minutes). Now, all defaults are consistent at 1,800,000 ms.
Support ticket: SUPPORT-27897
The HTTP Message Validation policy has a new option "Log additional properties" to generate an alert when the request contains properties disallowed by the schema. When enabled, the alert is generated. The default is disabled.
Support ticket: SUPPORT-35453
WS-Auditing Service Policy did not save transaction logs.
Support ticket: SUPPORT-36770
When sending a request to an API resulted in an error, and detailed auditing was enabled for an Auditing Service policy, the request body and header data for the SOAP service was not saved.
Support ticket: SUPPORT-36155
When the Policy Manager domain certificate is updated, there is no need to restart Network Director containers to update the certificate information.
Support ticket: SUPPORT-32450
The JOSE Security Policy's Appendix F option now enforces a Base64URL encoding on the payload when signing, as defined in the Appendix F (Detached Content) section of the JWS specification (RFC-7515).
Support ticket: No related support tickets.
After deleting an individual notification from the notification list in the developer portal, the remaining notifications were duplicated.
Support ticket: SUPPORT-30997
The Jose policy was not checking the certificate validity corresponding to the private key that's used for signing the request.
Support ticket: SUPPORT-35208
In the tenant security settings, a new setting "Strict Policy" has been added to "Limit file types allowed for upload" under Settings > Security. Enabling Strict Policy allows only the media types specified in the allowed file types. If disabled, the supertypes of the media types specified will also be allowed. For example, a selection of "text/plain" in the allowed file types would also allow html, application/json, etc. mediatypes.
Support ticket: SUPPORT-29653
To improve performance, two pages in the developer portal have been updated:
In addition, two operations in the developer portal that return contracts have been updated:
These operations no longer return detail regarding the avatar image for the connected app or API.
Support ticket: SUPPORT-36314
A new login policy setting has been added to configure concurrent logins for tenant users. This setting "Allow Concurrent Sessions" is available under Admin > Settings > Logins. By default, concurrent logins are allowed as before, meaning that a user can have more than one session running concurrently in multiple browsers or on multiple devices.
Support ticket: SUPPORT-24491
The Analytics aggregation collection primary key storage in MongoDB has been optimized to reduce RAM requirements for efficient charting and aggregation queries. This is evident when creating new datasets in Envision.
Support ticket: No related support tickets.
The Operational Metrics Policy has been deprecated. Instead, define a new dataset and then use the Business Metrics Policy to define dimensions and metrics.
The Notifications page displayed dates in a 24-hour format while its Details page used a 12-hour format. Now, a 12-hour format is consistently displayed.
Support ticket: SUPPORT-30175
When creating new tenants in an existing Network Director container, the new tenant could incorporate a deployment zone with invalid settings.
Support ticket: SUPPORT-34106
A new boolean property InUserTop has been added to the API model to identify whether this API is in the user's My Dashboard of top APIs. See API Object for more details.
Support ticket: No related support tickets.
Akana’s business analytics solution Envision has been relaunched with numerous enhancements and performance improvements:
Deprecation: The "Realtime" chart time interval features has been disabled, as this information is available in the developer portal. Existing real time charts will continue to function.
This release adds support for Apache Kafka, a deployment option that allows audit and metrics data from the Akana gateways to be streamed via Kafka instead of the native built-in support. The use of Kafka can improve Akana gateway performance and increase the deployed platform's reliability:
The Akana deployment can also specify the heap size to use for messages. The default is 20%. Any messages that would result in exceeding the specified heap size are dropped. This approach helps keep the gateways alive and performant.
A new theme Bonita has a user-friendly, streamlined interface targeted at the API consumer, i.e., the app developer, and provides access to API information including the API overview, details, performance charts, logs, documentation, and Test Client. Similarly, for apps, Bonita users have access to the app's details, overview, performance charts, logs, license monitoring, and Test Client.
Bonita is ideally suited to the production instance in the lifecycle in which APIs are promoted via automation. Automation ensures that only approved and governed APIs make it into production, thereby providing a trusted portal with no rogue APIs. For detail, see Bonita Theme on the Akana docs site.
The information reported and displayed in API transaction logs now includes several new metrics to provide additional information about the timing of exchange processing in the API Gateway. This allows for the measurement of timings such as TTFB (Time to First Byte), I/O times, and API Gateway processing times. These new metrics are used to provide enhanced feedback in the developer portal user interface for API analytics. See Viewing the time to first byte (TTFB) metric on the Akana docs site.
The developer portal now includes a monthly report that provides a visual summary of metric information across all businesses for the tenant. Data can be broken out by day if needed, and includes platform API usage, customer API usage, and totals for resources such as apps and APIs. See Monthly Report for detail.
The developer portal now includes a new dashboard where users can monitor up to 10 APIs on which they have the API Admin role. Users can adjust the visual display as needed, including adjusting duration and interval for the chart and removing one or more APIs from the display. The My Dashboard feature includes charts for Throughput, Request Size, and Response Time. See Monitoring Top APIs with the My Dashboard Feature on the Akana docs site.
Multiple improvements have been made to the generated Swagger 2.0 API documentation for improved usability, including converting the description from a column to a row, adding color for easy identification of the sample JSON, and improving readability by moving the operation summary and providing better spacing.
The platform’s support of dynamic deployment of error messages and UI copy, introduced in 2019.1.12, has been enhanced to require specifying the resource bundle base name in the Java properties file. Generated documentation now includes a summary of resource bundles for UI copy and error messages. Specifying the resource bundle base name helps identify the resources in use, which helps reduce the likelihood of collisions and speeds up lookups. See Internationalizing Error Messages and UI Copy on the Akana docs site.
Support has been added for MySQL 8.0.
Note that MySQL 8.0.x uses GROUPS as a reserved word, so the platform's table name GROUPS has been changed to CM_GROUPS.
This release includes numerous enhancements to the recipes that automate deployment. See Deployment Automation Improvements for details.
Various enhancements have been made to the recipes that automate deployment, including:
Support ticket: No related support tickets.
A new property has been added under the Akana Administration Console Configuration tab to allow the configuration of the Elasticsearch sniffer feature, which automatically discovers nodes. The property is elastic.client.useSniffer under com.akana.es.client.security. The default setting is true.
Support ticket: No related support tickets.
The DevOps theme for Lifecycle Coordinator has added support for LDAP and Active Directory login accounts.
Support ticket: No related support tickets.
Links to a non-existent landing page display an HTTP 404 "Page not found" rather than a blank page.
Support ticket: SUP-9733, SUPPORT-1040
The Akana OAuth/OIDC Provider domain now supports the "claims" request parameter. For detail, see the relevant RFC at https://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter.
Support ticket: SUPPORT-29833
Updates and enhancements have been made to the database tables MO_USAGEDATA, MO_USAGE_NEXTHOP, MO_ROLLUP, and *MO_ROLLUPDATA to include the length of the message header:
MO_USAGEDATA | Includes two new fields
|
MO_USAGE_NEXTHOP | Includes four new fields:
|
MO_ROLLUP* | All MO_ROLLUP tables have two new fields:
|
*MO_ROLLUPDATA | These fields now both include the length of the headers and not just the content length:
|
Support ticket: No related support tickets.
Because the API GET /resources/{ResourceVersionKey}/settings can be called before user login, the settings it can return have been limited to:
A new api, getPostLoginSettings (GET /resources/v2/{ResourceVersionKey}/settings), returns all the tenant's settings and requires that the user be logged in.
Support ticket: No related support tickets.
Login pages for the Akana Administration Console and Policy Manager have been rebranded.
Support ticket: No related support tickets.
A series of new APIs have been added to the platform to control a user's list of "Top APIs" maintained in the new My Dashboard feature. These APIs are part of the Users service and add, delete or return information on the APIs in this list:
For detail, see the list of Users service APIs at Users Service: Overview.
Support ticket: No related support tickets.
The Admin menu in the developer portal (under More > Admin) has been reorganized for better usability. This includes flattening the left Admin menu to make various elements more accessible. For example, Country Codes is now a top-level entry, and Custom Styles has been renamed “Customization” and moved up from the Config menu.
Support ticket: No related support tickets.
Usage monitoring now uses data size queues when batch writing usage data, reducing the likelihood of out-of-memory conditions. Prior to this change, monitoring usage data was based on queue size. The properties on com.soa.monitor.usage have changed as follows:
com.soa.monitor.usage | Description | Default value |
---|---|---|
New properties: | ||
usage.batch.writer.maxSizeUsageDataPct | max heap size used by usage data | 20 |
usage.batch.writer.maxSizeUsageMessagesPct | max heap size used by usage data | 40 |
Removed properties | ||
usage.queue.capacity | ||
usage.message.queue.capacity | ||
rollup.queue.capacity | ||
transaction.queue.capacity | ||
transaction.queue.capacity |
Support ticket: No related support tickets.
In previous versions, when customizing files, users needed to create an exact folder structure within the developer portal, in File Explorer, and create and upload the customization files.
Now, two new options provide a theme-specific set of starter files for customization:
The page has been renamed and is now on the top-level Admin menu:
In addition, users can provision all starter customization files in one action by going to the Site Settings page and adding a new theme.
Note: If customization files are already in place, they are not overwritten.
For detail, see What functions are available to the Site Administrator on the Customization page? on the Akana docs site.
Support ticket: No related support tickets.
For batch messages processed asynchronously, reply message processing could experience a slowdown with overhead limit errors. This could occur when configuration limits were reached, which would result in connections being closed. The behavior has been changed to reduce the likelihood that connections will be closed unnecessarily.
Support ticket: SUPPORT-26089, SUPPORT-27740
The platform's Sign Up page for new accounts has updated the security questions section to add a "Select" option so the user can choose security questions, rather than having the page pre-select security questions.
Support ticket: No related support tickets.
A new Country Codes page in Admin > Country Codes allows Site Admins to manage the visibility of country codes on Signup, User Profile, and Create User pages. For detail, see Country Codes on the Akana docs site.
Support ticket: No related support tickets.
The Rhino JavaScript engine has been updated to the latest version, 1.7.12.
Support ticket: SUPPORT-29942
For MongoDB, usage info (headers) and usage messages (payload) are now stored separately, to decrease memory load in Network Director and improve performance.
A new MongoDB collection PM_AUDIT.AUDIT_MSG stores usage messages distinct from the existing collection PM_AUDIT.AUDIT used for usage Info. In addition, the existing index AUDIT_2AIdx on PM_AUDIT.AUDIT has been modified to have a unique restriction with a shard key prefix, for example:
> use PM_AUDIT;
|
> db.AUDIT.createIndex( { "containerKey" : 1, "eventId" : 1 }, |
{ "name": "AUDIT_2AIdx", "unique" : true, "background": true } ) |
You may have to update your scripts if you are retrieving Auditing Service Policy data directly from MongoDB.
Support ticket: No related support tickets.
When creating an API, its visibility can now be specified under the Add API screen's Advanced Options section.
Support ticket: SUPPORT-1789, SUP-17137
Trusted CA services have been enhanced to support expiration dates for certificates and to allow their removal.
Support ticket: SUP-1279, SUPPORT-1001
In some cases, a keyword search did not return entries from an API's Swagger description. Now, a document's descriptor tags are added to an API's tags when adding an API in the developer portal.
Support ticket: SUP-13385, SUP-15048, SUPPORT-1097, SUPPORT-1146
Installing Community Manager now installs both Hermosa and Default themes, so they no longer need to be installed separately. (Note, however, that Default Theme is deprecated with the 2020.1.0 release and will be removed completely in a later version.)
Support ticket: No related support tickets.
By default, QoS (Quality of Service) policies defined in a tenant are displayed in the API Access wizard when an app/API contract is requested. If you don't want the app developer to see these policies, disable this setting on the More > Settings > Apps page by deselecting the item "Show policies on API Access wizard."
Support ticket: SUP-12957, SUPPORT-1092
Performance enhancements have been made to improve Network Director startup times.
Support ticket: No related support tickets.
To allow users to download files via authored API documentation, add a new class attribute soa-control-cm-inline-do-not-process-link to the HTML <a> tag. A link with this class attribute is not processed to remove the link. See API Documentation Maintenance on the Akana docs site.
For example:
<a class="soa-control-cm-inline-do-not-process-link" href="./file-download.xlsx?download=true" target="_blank">Download Spreadsheet</a>
|
Support ticket: SUP-10706, SUPPORT-1052
Apps contracted to an API are automatically connected to a new API version, using the API version workflow's pre-function connectAppsFromPreviousVersion. To take advantage of this feature, add the function to your workflow. For detail, see API Version Workflow, "connectAppsFromPreviousVersion."
Support ticket: SUPPORT-17097
When adding an API version using the API POST /api/apis/{APIID}/versions, passing in an API version ID is not allowed and will return an HTTP "400 Bad Request" error. Previously, the version ID was ignored, but did not return an error.
Support ticket: SUP-12292
Default Theme is now deprecated and will be removed completely in a later version. All customers using Default Theme should move to the Hermosa Theme as soon as possible, and migrate any customizations. For example, port header customizations according to Community Manager: Migration Guide and Community Manager: Customizing the User Interface. Other customizations should continue to work, but style customizations are likely to be required.
The deprecated Akana OAuth Provider Agent and Akana API Platform OAuth Provider Agent have been removed from the product distribution. It is recommended that customers have a dedicated OAuth container to manage OAuth tokens, as covered in the diagram of recommended deployment: Sample deployment Scenario.
The Google Connector domain is deprecated with 2020.1.0. It is recommended to use the OpenID Connect Relying Party domain for platform login.
Policy Manager login could fail with no error if MongoDB was inaccessible. Now, an error message MongoTimeoutException is logged.
Support ticket: SUP-15314, SUP-17150, SUPPORT-5695, SUPPORT-1801, SUPPORT-1160
Envision charts displaying average values could display incorrect averages due to an incorrect aggregation query. This query has been corrected to work in all scenarios.
Support ticket: SUP-17820
On an Envision chart, updating the title of the y-axis did not update the title on the chart.
Support ticket: No related support tickets.
Deleting one or more charts could result in an error.
Support ticket: No related support tickets.
Unnecessary post-hook commits have been removed which might be causing row lock contention.
Support ticket: SUPPORT-35255
Logging in using the Google Connector Domain no longer fails. Note, however, that the Google Connector domain is deprecated with 2020.1.0. It is recommended to use the OpenID Connect Relying Party domain for platform login.
Support ticket: SUPPORT-30145, SUPPORT-33763
Private Key JWT validation now works for OAuth providers that use a resource server authorization URL with a trailing slash.
Support ticket: SUPPORT-35229
A bug in a third-party configuration library could cause blocked headers to be passed through the API Gateway to the client.
Support ticket: SUPPORT-34419
Business Administrators can no longer delete an organization or tenant if the Site Admin has removed the "delete" privilege from the Business Admin's role.
Support ticket: SUPPORT-31715
The API Charts feature was not displaying an API's request duration in the user interface when request duration was 0 milliseconds.
Support ticket: SUPPORT-30365
In Network Director, SaxParser instances could result in Out of Memory errors when XML request messages were normalized and contained a large number of distinct tags.
Support ticket: SUPPORT-34017
The app sync events to PingFederate are now processed in the order they were received, to avoid irregularities.
Support ticket: SUPPORT-24194
For PingFederate, disabling the "client registration" option in the domain configuration still resulted in the app's credentials being synced.
Support ticket: SUPPORT-32847
Akana Test Client was sending an optional "scope" parameter with the access token for the Authorization Code grant type, causing some OAuth providers that were not expecting it to fail. The TestClient no longer sends this optional parameter.
Support ticket: SUPPORT-33634
For third-party domains such as Google and Facebook, an email notification is now sent when the user or a site admin changes the user's login email.
Support ticket: SUPPORT-28538
An API Owner who creates an API in an organization now has appropriate "read" access to that organization.
Support ticket: SUPPORT-31756
In some cases, direct parameter references in Swagger 2.0 documents were not being saved on upload.
Support ticket: SUPPORT-32778
When selecting a specific deployment zone on the Add API page, API implementation endpoints are properly generated.
Support ticket: SUPPORT-32754
When using the upgrade recipe pm-cm-upgrade.json, the Quartz scheduler is enabled. To avoid error messages, disable it if the instance is not configured to run Quartz jobs.
Support ticket: No related support tickets.
When uploading a file to create an API, the file contents are validated. If the contents includes HTML or Cross-Site Scripting (XSS) tags, the API is not created.
Support ticket: No related support tickets.
The use of an invalid or unsupported content encoding in the Detailed Auditing policy could result in logging failure.
Support ticket: SUPPORT-31656
A new option to disable GET method support for the OAuth authorization server's Token API has been added to the Akana Administration Console, on the configuration category com.soa.oauth.provider. The new property is com.soa.oauth.provider.config.tokenAPIGetOperationSupport, with a default value of com.akana.feature.enabled. Disabling this option (with com.akana.feature.disabled) may address certain security vulnerabilities in which sensitive data could be passed in the GET method request.
Support ticket: SUPPORT-25706
For the GET /api/search API, the format for EntityReferences in the search results are now returned uniformly in all areas of the platform, in the format below:
"EntityReferences" : {
|
"EntityReference" : [ {
|
"Guid" : "b0e71ec7-a200-4661-a3a8-f0c587cdb4d5.open",
|
"Category" : [ {
|
"value" : "modelversion",
|
"domain" : "uddi:soa.com:resourcetype"
|
} ]
|
} ]
|
}
|
This formatting change addresses the possibility of multiple separate EntityReference entries in the search results.
Support ticket: SUPPORT-28214
In the developer portal, two-factor authentication (2FA) could delay sending a verification email to users in certain situations.
Support ticket: SUPPORT-29217
On Linux, if the heap size was increased via the JAVA_OPTS property, starting the container in background mode could result in duplicate arguments.
Support ticket: SUP-15585, SUPPORT-1179
Lifecycle Manager tenant library numbers are now created in sequential order with a three-digit random number at the end, i.e., "installation ID": "Library ID randomNumber(000-999)". For example: 68:9334.
This numbering ensures a unique ID, and helps prevent an error when creating the library.
Support ticket: SUPPORT-23732, SUPPORT-24790, SUPPORT-30723