News
Abstract
IBM API Connect V2018.4.1.15 is now available. This update includes important internal development and field reported fixes.
Content
IBM API Connect 2018.x delivers enhanced capabilities for the market-leading IBM API Management solution. In addition to the ability to deploy in complex, multi-cloud topologies, this version provides enhanced experiences for developers and cloud administrators at organizations.
The API Connect v2018.4.1.15 update includes important internal development and field reported fixes. See the "What's New" topic in the API Connect IBM Documentation for more information on what's included in API Connect v2018.4.1.15.
- A special note regarding a lack of a fix pack 14: IBM API Connect v2018.4.1.14 was skipped purely from a numbering perspective to resume the synchronized releases between IBM API Connect and IBM DataPower Gateway.
Read the following section for special updates regarding upgrading from earlier versions of API Connect v2018.4.1.x and for customers looking to upgrade to API Connect v10.0.x
- A special note on upgrades from prior versions of API Connect v2018.4.1.x: API Connect v2018.4.1.5 is now a prerequisite for API Connect v2018.4.1.15 for VMWare (.OVA) deployments. You cannot upgrade your API Connect topology to 2018.4.1.15 without first being at least at the v2018.4.1.5 level. Again, this restriction applies only to VMWare (.OVA) deployments only of IBM API Connect v2018.4.1.9. This is due to the level of Kubernetes deployed with the VMWare (.OVA) installation of IBM API Connect v2018.4.1.15 and restrictions around skipping levels of Kubernetes when upgrading. Additionally, a Control Plane file is required if you are upgrading from v2018.4.1.5 or v2018.4.1.6 to v2018.4.1.15 (VMWARE .OVA only). Reference the Upgrade Instructions page in the API Connect IBM Documentation.
- An extra note on upgrade procedures for DataPower Gateway high-availability clusters. The upgrade procedure for DataPower Gateway has new steps for upgrading high-availability clusters, to ensure that a single gateway is running as primary for all gateway-peering definitions, and that the primary gateway is upgraded last. See the "What's New" topic in the API Connect IBM Documentation for more information on this and new features included in API Connect v2018.4.1.15.
- Customers seeking to upgrade to API Connect v10.0.x: Currently, the supported upgrade path for API Connect v2018.4.1.x to API Connect v10.0.x on Kubernetes is documented in the IBM Docs. Please note that upgrades from v2018.4.1.15 to v10 will be supported when the v10.0.1.2 fix pack becomes available. If you are seeking to upgrade from 2018.4.1 to v10, currently only supported for Kubernetes deployments, use 2018.4.1.13 ifix3 and upgrade to v10.0.1.1.
API Connect v2018.4.1.15 contains the following field reported APARs:
| APAR | Summary |
| LI80966 | ENCODED CHECK BOX IS NOT HAVING ANY EFFECT ON API PROPERTY VALUES |
| LI81272 | NOT ABLE TO UPDATE USER REGISTRY DISPLAY NAME WHEN USERS HAVE BEEN CREATED |
| LI81473 | DEVELOPER PORTAL INCREASE HTTP STRICT-TRANSPORT-SECURITY MAX AGE TO 1 YEAR (31536000 SECONDS) |
| LI81477 | PORTAL TRY IT IS NOT UPLOADING MULTIPART/FORM-DATA FILE CONTENT CORRECTLY |
| LI81484 | EXAMPLE REQUEST IS NOT GENERATED WHEN PARAMETER IS OF TYPE "FILE" IN FORMDATA |
| LI81489 | MODIFY LDAP FAILED WITH 500 ERROR IF USER REGISTRY IS USED IN API USER REGISTRY IN ANY CATALOG |
| LI81491 | API CALL WITH BASICAUTH SECURITY ENFORCEMENT IS SUCCESSFUL WITHOUT PASSOWRD |
| LI81533 | RETIRING OR REMOVING A PRODUCT FROM APIC MANAGER UI DOES NOT DELETE API FROM THE PORTAL |
| LI81559 | PORTAL "SHOW LINKS TO REGISTER APPLICATION" DEACTIVATION STILL ALLOWING CREATION FROM PRODUCTS PAGE |
| LI81562 | API VALIDATION ERROR IN PORTAL |
| LI81568 | THE SITES /PRIVATE/TEMP DIRECTORY IS NOT GETTING CLEANED UP |
| LI81574 | IN V5/V5C GATEWAY, WHEN REFRESH TOKEN IS USED TO GENERATE NEW ACCESS TOKEN THE NEW TOKEN STILL HAS THE OLD REVOCATION URL |
| LI81583 | MAP POLICY UI WILL NOT CREATE THE CORRECT MAP ACTION FOR AN INNER ARRAY IN SOME CASES |
| LI81634 | WHEN CREATING A NEW OPENAPI, THE ASSEMBLE DEFAULT BLOCKLIST X-IBM-CLIENT-ID - GATEWAY |
| LI81644 | TASK EMAIL APPROVAL LINK DOES NOT GO TO TASK PAGE |
| LI81645 | OAUTH PROVIDER INTROSPECTION ENDPOINT VARIABLE REFERENCES ERROR |
| LI81663 | CHANGING TITLE OF API - POP UP MESSAGE IS INCORRECT |
| LI81666 | UNAUTHORIZED ERROR WHEN DOWNLOADING THE SOAP API WSDL FILE |
| LI81670 | DEVELOPER PORTAL CLUSTER STUCK IN FILE SYNCHRONIZATION AFTER UPGRADE |
| LI81677 | UNDER CERTAIN CIRCUMSTANCES, USER-DEFINED POLICIES ERRONEOUSLY DO NOT MEET AVAILABILITY CRITERIA DUE TO INVALID PEERING DATA |
| LI81679 | DO NOT TO UPDATE USER IN THE WRITABLE LDAP SERVER DURING LOGIN UNLESS USER INFO HAS CHANGED |
| LI81680 | ADD MAP POLICY OPTIONS TO ALLOW EMPTY ELEMENTS OF XML INPUT TO GENERATE BADGERFISH JSON ARTIFACTS |
| LI81682 | INCORRECT SERIALIZATION OF "ATTRIBUTE_MAPPING" PROPERTY IN LDAP USER REGISTRY |
| LI81686 | REPUBLISHED API CONTAINS OLD WSDL FILE IN PORTAL |
| LI81697 | WHEN INVITING MEMBER TO PROVIDER ORGANIZATION ANY USER CAN REGISTER WITH MEMBER INVITATION LINK |
| LI81700 | IBM API CONNECT: HANDLE 0 SITES BACKED UP IN BACKUP_PORTAL |
| LI81703 | BLOCK ACCESS TO SPECIFIC URLS ON A DEVELOPER PORTAL |
| LI81706 | API FAILS WITH HTTP REQUEST HEADER WITH INVALID XML CHARACTER |
| LI81707 | WRONG GATEWAY ENDPOINT USED IN CASE OF MULTI ENDPOINT API OPERATIONS |
| LI81715 | OPENAPI WITH MASSIVELY NESTED SCHEMAS CAUSE MAX DEPTH ERROR |
| LI81716 | USER DEFINED POLICY ARE NOT AVAILABLE IN THE POLICY ASSEMBLY PALETTE |
| LI81721 | DUPLICATE APPROVAL EMAILS SENT TO ORG OWNER FOR SUBSCRIPTION APPROVAL WHEN CATALOG HAS A SPACE |
| LI81732 | CANNOT CHOOSE CUSTOM INSTALL PATH FOR DESIGNER |
| LI81735 | THE LIST OF PRODUCT PLANS AVAILABLE FOR SUBSCRIPTION MAY APPEAR INACCURATE IN THE API MANAGER UI |
| LI81738 | PRODUCT DISAPPEARS FROM PORTAL WHEN REMOVING PRODUCT FROM GATEWAY SERVICE |
| LI81744 | SET `MAXIMUM RECORDS ACROSS INTERVALS` VALUE TO 5000 TO ENABLE DATAPOWER APAR IT34047 |
| LI81749 | IN FRENCH LANGUAGE BROWSER, SWITCH POLICY'S CONDITION EDITOR SCREEN "AND" "OR" UPDATED IN THE YAML WITH WORDS IN FRENCH |
| LI81752 | IN API DESIGN PAGE, API CONNECT RETURNS A VALIDATION ERROR WHEN SELECT LONG, FLOAT, OR DOUBLE PROPERTY TYPES IN A DEFINITION |
| VULNERABILITIES DETECTED FOR API MANAGER WEB CONSOLE (UI) | |
| LI81765 | NOTIFICATION TEMPLATES NEED TO INCLUDE APPTITLE INSTEAD OF APPNAME |
| LI81769 | INCREASE OAUTH INTROSPECTION METADATA SIZE TO 1024 |
| LI81773 | INVALID REQUEST PARAMETERS WILL NOT BE DETECTED AFTER DATAPOWER APAR IT32057 |
| LI81774 | CANNOT PUBLISH UNENFORCED API USING TOOLKIT CLI |
| LI81776 | NON EMAIL ADDRESS USERNAME NOT ACCEPTED ON SIGNUP |
| LI81788 | MIGRATION TOOL TO TURN OFF CHUNKED-ENCODING BY DEFAULT, WITH OPTIONAL INPUT IF CUSTOMER WANTS CHUNKED-ENCODING ENABLED |
| LI81793 | MIGRATION UTILITY NEEDS AN OPTION TO ENFORCE / NOT ENFORCE REQUIRED PARAMETERS |
| LI81797 | MIGRATION UTILITY NEEDS OPTION FOR CUSTOM CLIENT_ID AND CLIENT_SECRET HEADERS. |
| LI81813 | RECEIVE HTTP 500 ERROR WHEN TRYING TO REMOVE A TLS CLIENT PROFILE AT SPACE LEVEL |
| LI81814 | "LARGE OPEN API DOCUMENT" WARNING MESSAGE ON THE DEVELOPER PORTAL API EXPLORE PAGE |
| LI81819 | OPTIONAL FIELDS NOT VISIBLE |
| LI81821 | CALL TO API IN DEVELOPER PORTAL TRY IT FAILS AFTER CREDENTIALS ARE REGENERATED FOR SUBSCRIBED APPLICATION |
| LI81832 | APPLICATION CREDENTIALS WITH NO SUMMARY ARE SHOWN AS BLANK OR NULL IN THE "TRY IT" CLIENT-ID COMBO BOX |
| LI81835 | UNABLE TO ADD USER TO LOCAL REGISTRY |
| LI81849 | DELETE_SITE EXITS IF CAN'T UPLOAD THE BACKUP TO REMOTE SERVER |
| LI81850 | ISSUE IS WITH TEST CONNECTION BUTTON FOR SMTP SERVER |
| LI81851 | CREATE AN APPLICATION DIALOG TITLE IS NOT TRANSLATED IN THE PORTAL |
| LI81853 | TEST CONNECTION FOR EMAIL SERVER SENDS BLANK PASSWORD ON EDIT |
| LI81855 | THE VALUE OF CATALOG PROPERTY CANNOT BE EDITED AFTER CREATING |
| LI81861 | Drupal CVE-2020-13671 |
| LI81865 | UNABLE TO UPDATE JWKS ENDPOINT FOR EXISTING OIDC USER REGISTRY |
| LI81869 | API PROPERTIES USED IN REQUIRED VALUES FIELDS CREATES VALIDATION ERRORS |
| LI81872 | AUDIT LOGGING TESTING FAILS WITH ERROR 500 USING HTTPS / SSL |
| LI81875 | NODE.JS UPDATES |
| LI81876 | INFORMATION LEAKAGE VULNERABILITY |
| LI81877 | ETCD UPDATES |
| LI81878 | DRUPAL UPDATES |
| LI81882 | PORTAL SESSION IS VALID EVEN AFTER THE BROWSER IS RESTARTED |
| LI81906 | 2 GWS IS ASSOCIATED WITH OTHER ANALYTICS SERVICE, IS TIED TO THE SAME CATALOG, BUT ANALYTICS DATA IS DISPLAYED ON PORTAL |
| LI81915 | PHP CVE-2020-7070 |
| LI81919 | 2018 GATEWAY CHARTS FAIL TO TEMPLATE UNDER HELM VERSION 2.16.8 OR LATER |
| LI81932 | SITE MISSING ON PORTAL SYSTEM RESTORE |
| LI81959 | CVE-2020-8201, CVE-2020-8251, CVE-2020-8252 |
| LI81961 | JAVA CVE-2020-14782 |
| LI81962 | CVE-2020-14779, CVE-2020-14792, CVE-2020-14796, CVE-2020-14797, CVE-2020-14798 |
| LI81971 | PORTAL (DRUPAL) DOES NOT OBEY X-FRAME-OPTIONS CONFIGURATION AND RETURNS DENY |
| LI82000 | ANALYTICS UPGRADE STUCK ON ADDONS |
| LI82013 | Docker CVE-2021-21284 CVE-2021-21285 |
| LI82024 | NODE.JS CVE-2020-8277 |
| LI82025 | API CONNECT CVE-2020-4903 |
| LI82026 | OpenSSL CVE-2020-1971 |
*** Please note that links to some security-related APARs may not be available in the table above. This is intentional for security purposes. ***
Database technology used in this release:
IBM API Connect relies on SQL and no-SQL database technology to provide persistent storage of objects required for the function of the product. Database technology requires fast and reliable storage and in the case of a highly available configuration, the database must perform adequately in a clustered configuration.
GlusterFS: Testing of IBM API Connect when using GlusterFS has shown that GlusterFS does not provide the speed or reliability for any of the database technologies used in IBM API Connect and thus should not be considered for use as the clustered storage facility with this product.
AWS EBS: IBM API Connect deployed on Kubernetes in EC2 instances on AWS should make use of the AWS EBS storage solution with GP2 or IO1 type.
We advise all users of prior version of API Connect v2018.x to install this update to take advantage of the fixes.
For more information about this release, see API Connect Documentation: What's new in this release?
Important notes on upgrading to 2018.4.1.15:
When upgrading to Version 2018.4.1.15, you must complete a manual backup just before starting the upgrade. The manual backup is required because the upgrade can take an extended period of time. See Requirements for upgrading on VMware and Requirements for upgrading on Kubernetes.
- Starting with IBM API Connect Version 2018.4.1.11, writable LDAP user registries can be used only for onboarding and authenticating Developer Portal users. A writable LDAP user registry cannot be used to authenticate Cloud Manager and API Manager users. If you already have a writable LDAP user registry for use with the Cloud Manager or the API Manager, you must update the registry to be read-only by changing the User Managed property to be false.
- Starting with IBM API Connect Version 2018.4.1.9iFix1, after completion of the upgrade, some tasks may have stopped running. See Requirements for upgrading on VMware and Requirements for upgrading on Kubernetes describing action to take.
Finally, a Control Plane file is required if you are upgrading from v2018.4.1.5 or v2018.4.1.6 to v2018.4.1.15 (VMWARE .OVA only). Reference the Upgrade Instructions page in the API Connect IBM Documentation.
Support lifecycle policy for IBM API Connect Version 2018.4.1.15:
IBM API Connect 2018.4.1.15 is fix pack to a Long-Term Supported (LTS) release. API Connect 2018.4.1.15 is a recommended product level for which support, including defect and security updates, will be provided through cumulative, in-place fix packs until the effective end of service (EOS) date for IBM API Connect 2018.4.1.x. An LTS release is intended for customers that may need a longer-term deployment for their environment. For more information, see IBM API Connect v2018.x Support Lifecycle.
Downloads:
Full installation files for IBM API Connect 2018.4.1.15 and the IBM API Connect 2018.4.1.15 Toolkit files can be downloaded from Fix Central :
| Description – Filename | Date Published |
|
IBM API Connect Management V2018.4.1.15 Containers
|
1 February 2021 |
|
IBM API Connect Developer Portal V2018.4.1.15 Containers
|
1 February 2021 |
|
IBM API Connect Analytics V2018.4.1.15 Containers
|
1 February 2021 |
|
IBM API Connect Management V2018.4.1.15 for VMWare
|
1 February 2021 |
|
IBM API Connect Developer Portal V2018.4.1.15 for VMWare
|
1 February 2021 |
|
IBM API Connect Analytics V2018.4.1.15 VMWare
|
1 February 2021 |
|
IBM API Connect Installation Assist V2018.4.1.15 for Linux®
|
1 February 2021 |
|
IBM API Connect Installation Assist V2018.4.1.15 for Mac
|
1 February 2021 |
|
IBM API Connect Installation Assist V2018.4.1.15 for Windows
|
1 February 2021 |
|
IBM API Connect Toolkit V2018.4.1.15 for Linux®
|
1 February 2021 |
|
IBM API Connect Toolkit V2018.4.1.15 for Mac
|
1 February 2021 |
|
IBM API Connect Toolkit V2018.4.1.15 for Windows
|
1 February 2021 |
|
IBM API Connect Toolkit Designer with Loopback V2018.4.1.15 for Linux®
|
1 February 2021 |
|
IBM API Connect Toolkit Designer with Loopback V2018.4.1.15 for Mac
|
1 February 2021 |
|
IBM API Connect Toolkit Designer with Loopback V2018.4.1.15 for Windows
|
1 February 2021 |
|
IBM API Connect V2018.4.1.15 Analytics.OVA Upgrade File
|
1 February 2021 |
|
IBM API Connect V2018.4.1.15 Management Server.OVA Upgrade File
|
1 February 2021 |
|
IBM API Connect V2018.4.1.15 Developer Portal.OVA Upgrade File
|
1 February 2021 |
| IBM DataPower Gateway for Docker Production Edition v2018.4.1.15 idg_dk20184115.lts.prod.tar.gz |
1 February 2021 |
| IBM DataPower Gateway for Docker Non-Production Edition v2018.4.1.15 idg_dk20184115.lts.nonprod.tar.gz |
1 February 2021 |
|
Kubernetes DataPower Monitor v2018.4.1.15
|
1 February 2021 |
|
Security Signature Bundle File for API Connect v2018.4.1.15 Files
|
1 February 2021 |
Ensure that you have read and understood the installation instructions for OVAs and Containers before downloading and by using the installation files. You can find detailed installation instructions in IBM API Connect Documentation -- Installing API Connect
IBM API Connect Control Plane for OVA upgrades
When upgrading from v2018.4.1.5 through v2018.4.1.8, on VMWare only, one or more Control Plane files must be downloaded and installed to bring Kubernetes to a supported release level. For more details, see Step 5 of the Upgrade Instructions in the API Connect IBM Documentation.
| Description – Filename | Date Published |
|
IBM API Connect 1.14.0 Control Plane File for OVA (optional)
|
2 March 2020 |
|
IBM API Connect 1.15.0 Control Plane File for OVA (optional)
|
2 March 2020 |
|
IBM API Connect 1.16.0 Control Plane File for OVA (optional)
|
4 September 2020 |
|
IBM API Connect 1.16.0 Control Plane File for OVA (optional)
|
1 Feb 2021 |
IBM API Connect Local Test Environment is now available
The IBM API Connect Local Test Environment allows you to test APIs on your local machine, without the need to connect to an API Connect management server. For more details, see the IBM Documentation
| Description – Filename | Date Published |
| IBM API Connect Local Test Environment apic-lte-2018.4.15-159.zip |
2 February 2021 |
Was this topic helpful?
Document Information
Modified date:
12 August 2021
UID
ibm16409914