Version 2

    Actional Release 2015.0.1.18

    1. Release Installation Instructions

    2. Issues Addressed in this Release

    1. Release Installation

    Installation instructions are covered in detail in the appropriate Installation Guides.

    • Actional     Management Server Installation Guide
    • Actional     Agent Installation Guide
    • Actional     Intermediary Installation Guide

    2. Upgrade and Compatability

    • Database schema updates were required to support the new feature to trigger preserve audit log persistence on demand.
    • Database migration scripts must be run when upgrading to the latest 2015 SP1 HF from a version of 2015 SP1 that is prior to 2015 SP1      HF7.
    • Database migration scripts must be run when upgrading to the latest      2015 SP1 HF from a version of 2015 that is prior to 2015 HF8. If upgrading from 2015 HF8 or higher, creation failure messages may occur in the logs.      This is expected as there is a table and index that will already exist      (related to act_monitored_flow_*). These creation failures can be ignored.
    • Database migration scripts must be run when upgrading to the latest 2015 SP1 HF from a version of 2013 that is prior to 2013      HF17. If upgrading from 2013 HF17 or higher, creation failure messages may occur in the logs. This is expected as there is a table and index that will already exist (related to act_monitored_flow_*).      These creation failures can be ignored.

    3. Issues addressed in this Release

    Issues resolved in Release 2015.0.1.18

    Management Server / Agent

    • 44644 - webMethods CentraSite     SOA 10.1 is not listed under Governance Server type configuration

     

    Intermediary

    • 43617 – Characters such as the comma in query string parameters are      not correctly encoded in outgoing requests
    • 44145 – OAuth 1.0 authorization fails if multiple operations are      selected in auth rights
    • 44146 – OAuth 1.0 rights show access points twice
    • 44149 – Configured rights on the OAuth 1.0 authorization page show      the same name
    • 45541 – REST service fails with an exception when a token type of      style TEMPLATE is used
    •   

     

    Issues resolved in Release 2015.0.1.17

    Management Server / Agent

    • 42194 - "show only alarms" button on Transaction look up      page displays both alarm and warning
    • 42792 - Upgrade actional standard      version from java 1.4 to java 1.6

     

    Interceptor

    • 38553 - java.lang.VerifyError: StackMapTable error: bad offset

     

    Issues resolved in Release 2015.0.1.16

    Management Server / Agent

    • 38642 - Corrupted agent events cause Agent to run out of memory
    • 39877 - Incorrect value returned by API call to StabilizerSwitch.getBooleanValue()
    • 41008 - java.util.ConcurrentModificationException     related to Axis after upgrading to Java 8u20+
    • 41960 - XSS vulnerabilities - WatchList     Page

     

    Intermediary

    • 38557 - REST Service group unable to resolve require query parameters.
    • 38837 - XPath message field evaluator intermittently fails to      populate message field
    • 38902 - Selecting and Adding one AP level WSDL operation results      in all operations being added
    • 38963 - AP level operations are not preselected if Intermediate      WSDL is used to add operations
    • 39244 - One-way service group with JMS managed service runs into a deadlock
    • 39601 - NullPointerException while      creating a new Service Group
    • 40742 - Error is thrown when Add Managed Service

     

    Interceptor

    • 39958 - Certify .NET Interceptors Inbound Plain XML over HTTP
    • 39959 - Certify .NET Interceptors Inbound REST webHttp
    • 39960 - Certify .NET Interceptors Outbound REST webHttp
    • 39961 - Certify .NET Interceptors Inbound SOAP
    • 40003 - Log of instrumented system is flooded with "WARNING      CXF Interceptor - Cannot capture request infoset     payload" messages
    • 40004 - CXF interceptor uses wrong algorithm to detect the fastinfoset payload
    • 41106 - .NET Interceptor installation is writing WCF configuration      into .NET 2.0 machine.config
    • 41321 - WCF interceptor not closing ClientInteraction     on timeout
    • 41322 - .net interceptor throws exception which causes      instrumented application to crash

     

     

    Issues resolved in Release 2015.0.1.15

    Management Server / Agent

    • 37640 - Exception observed when a support.zip is generated
    • 37639 - NullpointerException on rollback      if connection object no longer available
    • 37101 - Purge generator doesn't generate delete query for act_callsite_criteria_def table
    • 37348 - Renewing Key Certificate only works on the second try
    • 32355 - Define collation on act_dmsd_stats_h     and act_dmsd_stats_o table

     

    Intermediary

    • 37448 - Service Groups / Add / Sonic ESB - exception is thrown      when succeed to Sonic ESB Process page on the wizard

     

    Interceptor

    • 36727 - JDBC Adapter issues in Integration Server after installing      the Insight JDBC Interceptor

     

    Issues resolved in Release 2015.0.1.14

    Management Server / Agent

    • 28407 - Duplicated entries in the ACT_AGENT_EVENTS table
    • 31139 - Unable to add JavaScript function to Global Transforms if      JS contains a "{" string
    • 31672 - Exception: rg.xml.sax.SAXParseException;      lineNumber: 1; columnNumber:      46; White spaces are required between publicId     and systemId.
    • 32228 - SAXParseException in XSLT      transform
    • 32314 - NPE Processing Sequence Map Data
    • 32584 - Import export support for Resource Filters
    • 32888 - FlightDataRecord record size is      not taking the persistent flag into account
    • 32469 - Sequence table and map shows wrong timing for some interactions
    • 33989 - Update ID fields in server creation script to ensure      consistency in collation
    • 34177 - OOM while viewing an agent event log file that contains logevents
    • 35347 - Analyst studio script gives out collation error
    • 36260 - js-transform error for braces in      comments

     

    Intermediary

    • 32101 - XML validation fails on REST service with xsd included in wadl (in AI)
    • 32587 - ConcurrentModificationException     on SecurityPolicies with JDK 1.8
    • 32622 - NullpointerException on fetching      access point message policy
    • 33626 - AI peer client IP is incorrect when LoadBalancer     header contains multiple entries

     

    Interceptor

    • 33056 - Webmethods interceptor creates      new site for each file operation
    • 33618 - SAG LoadBalancer headers do not      handle multiple IPs correctly
    • 33622 - Integration Server Mediator axis-free REST URLs should be      optimized to avoid NGSO explosion
    • 33624 - Servlet Interceptor peerAddress     contains multiple IPs
    • 33632 - .NET interceptor reports incorrect peerAddress     when LoadBalancer headers contains multiple      entries
    • 33877 - IS Mediator Axis-Stack REST support
    • 33878 - SAG Mediator Axis-Free REST stack does not use the      Mediator defined method names
    • 33883 - SAG Mediator Interceptor Axis-Free Stack outbound REST      calls NGSO explosion
    • 34238 - SAG Mediator REST services are being reported as normal      service
    • 35027 - CXF interceptor tries to set operation name on frozen      interaction
    • 35353 - CXF Interceptor SI discard message is confusing
    • 36245 - JMS Interceptor: java.lang.NullPointerException     when manifest property is set to null due to underlying HashTable
    • 36614 - JMS Interceptor does not allow for filtering using      producer caller class

     

    Issues resolved in Release 2015.0.1.13

    Management Server / Agent

    • 26097 - Support for SQL Server 2014
    • 26652 - Only show audit databases as an option to be selected on      audit log page
    • 28109 - Event log not taking into account the result set size      requested to limit the number of rows returned
    • 29932 - Transaction Lookup page query times out
    • 30169 - Log to alternative if there is no access to event log.      Trace listeners should be configured with write permissions to the user on      the log file. Refer to      https://msdn.microsoft.com/en-us/library/sk36c28t(v=vs.110).aspx
    • 30531 - SECU1083: Credential determinator     'Fixed credentials' raised the following exception: null
    • 31493 - Actional displays invalid      statistic in a ProcessEntry details
    • 31404 - NPE in alert distribution if the AgentConfig     cannot be obtained
    • 31746 - Cluster instances on shutdown or failed state can become      the master.
    • 31857 - Installer doesn't create interceptors folder and jars when      tries to install selected interceptors
    • 31882 - Agent installer does not install interceptors correctly on      Linux

     

    Intermediary

    • 32066 - REST service status error code handling
    • 31132 - ExposeAsREST cannot create REST AccessPoint for which the operation name contains '.'
    • 31299 - NPE when validating ManagedServices     that contains oneway SvcOperation
    • 31434 - Exception reported at exit when AI is clustered but does not      have a configured DB

     

    Interceptor

    • 30911 - getBootstrapConfig fails if linux env contains entries      not matching = pattern
    • 31471 - Change SAG Universal Messaging interceptor      to use JMS CorrelationID field
    • 31472 - Update the Integration Server interceptor to use the new      JMS CorrelationID field.
    • 31473 - Support backwards compatibility with old SAG UM      interceptors who are still using properties to carry the manifest
    • 31508 - Remove P2P APIs support from SAG
    • 31537 - 'ActionalChannelName' property      and its value is left behind for SAG UM synchronous usecases
    • 31539 - Extra correlation and destination shown when using      temporary JMS destination in SAG IS with Universal Messaging
    • 31605 - Wrong correlation when SAG UM uses a JMS destination that      starts with "/temp/..."
    • 32040 - pub.publish.sendAndWaitXXX()      APIs do not correlates with reply when using SAG Univeral     Messaging

     

    Issues resolved in Release 2015.0.1.12

    Management Server / Agent

    • 29254 - Support for CentraSite v9.12
    • 29254 - Support for webMethods     Integration Server v9.12
    • 29254 - Support for webMethods Mediator      v9.12. Includes support for Axis-Free REST stack
    • 29254 - Support for webMethods Universal      Messaging v9.12
    • 29254 - Support for webMethods Broker      9.6 shipped with WebMethods v9.12
    • 28140 - Enable native user access along with LDAP authentication
    • 28340 - Unable to apply hotfix using the installer with a response      file
    • 28674 - Config provisioning does not      indicate an error if dependencies are missing.
    • 29301 - lgagent.ws property installs only      websphere cxf interceptor      and glassfish interceptor.
    • 29645 - uninstall does not clean webapps.ws
    • 30324 - Simulator not working properly, Regions and Segments      missing, error message during Simulator launch
    • 30384 - Flowmap and sequence map broken      if reconnect flows is used
    • 30385 - java.lang.NullPointerException     in LoggingDatabaseTask.getAuditedRequestVariable     with Cassandra
    • 30453 - Failed to locate object with key: SecurityGlobalSettings_KEY_ID     with Jetty

     

    Intermediary

    • 23056 - AI UI allows defining an XSL for an active SG
    • 26845 - Export Fast Infoset reply data      is not included in the audited records list
    • 28177 - JMS Selector set on non Audit     sessions
    • 28759 - SOAP-To-REST Javascript     Transformation is using XPath in a non-threadsafe     manner
    • 28950 - AI allows bad XSL-T stylesheet to be uploaded and saved
    • 28987 - AI SOAP to HTTP Post can throw an exception
    • 29665 - ClassCastException while      creating the Service group.
    • 29759 - Unable to configure WS-Security contract to have      encryption and/or enabled for the reply
    • 29761 - WS-Security 1.0, Intermediary fails to decrypt request:      Uncatalogued exception: Unable to decrypt without a KEK

     

    Interceptor

    • 29894 - .net Interceptor impacts instrumented application if      logging fails
    • 30342 - BootstrapConfig causes error log

     

    Issues resolved in Release 2015.0.1.11

    Management Server / Agent

    • 28659 - NPE when multiple threads evaluates XPath expression on com.actional.lg.agent.PartImpl
    • 28724 - NPE for a user in a different admin role
    • 28747 - OperationDeniedException for a      user in a different admin role
    • 28753 - NPE in edit of "Agent Account" for a user in a      different admin role

     

    Intermediary

    • 28430 - java.lang.NullPointerException     at org.apache.xml.dtm.ref.DTMDefaultBase.getDocumentRoot
    • 28431 - java.lang.ArrayIndexOutOfBoundsException     at com.actional.util.MsgFieldUtils.toString
    • 28527 - RUNTIME0048. Failed to locate an active Access Point for      scheme jms and path or id
    • 28673 - WS-Security timestamp in reply is not provided by AI in      WSP 1.0
    • 28686 - AccessPointSecurityContract for      WS-SecurityPolicy 1.0 reply timestamp is always      generated if timestamp requirement is set to true
    • 28737 - Security Token Service (WS-Trust 1.3) exposed wrong target      namespace
    • 28748 - XmlInterceptor XPath removal      feature is not thread-safe
    • 28758 - Possible NPE when multiple threads evaluates XPath      expression on com.actional.Mesage.BaseMessage.NonRootPart
    • 28795 - Evaluating multiple matches in XpathResultFromList     is much slower than a single match
    • 28801 - Intermediary expects Soap Header on reply that is only defined      for input message in the WSDL
    • 28803 - Managed service uses access point WSDL/Schema for      validation instead of managed service WSDL/Schema
    • 28805 - ICallInfo is missing Javadoc for      getMessageContentAsDocument and setMessageContent(Document)
    • 28836 - ICallInfo javadoc     for IXmlDocument getXmlDocument(...)      APIs are incorrect or incomplete
    • 28869 - WSDL changes where only the output message body/header      elements has a difference does not update the SvcOperation     information
    • 28870 - Actional Intermediary upgrade      fails with error, 'CFGMGR0039: Field 'type' must have a value.'
    • 28895 - Implementations of substituteClass()      are using invalid version comparision
    • 28921 - Expose HTTP status code in Intermediary for monitoring
    • 28939 - Application/fastinfoset is being      returned in REST invocations
    • 28949 - WS security version converted to 1.0 from 1.2 after HF      update

     

    Issues resolved in Release 2015.0.1.10

    Management Server / Agent

    • 27974 - Bytes stored in Blobs never get released
    • 28324 - Index writer threads logging to the event log could      deadlock
    • 28510 - JMS Sessions closed if (temporary) reply queue no longer      exists
    • 28563 - RWLock lazy initialization of      "static" fields should be "synchronized"
    • 28583 - Allow Jetty outbound default SSL protocol settings to be      customized. To allow access to the default SSL protocol using the UI, a      new menu tab named "Global Settings" is added to the Jetty Admin      Console page. Currently, this menu only have the default outbound SSL      protocol settings. Changing the default SSL Protocol requires a restart      for the change to SSL take effects if the SSL factory has been initialized     
    • 28596 - Unable to change the default SSL protocol used by Jetty to      for outbound communication

     

    Intermediary

    • 28508 - java.lang.NullPointerException     at com.actional.jms.JmsUtil.getInputStream
    • 28520 - SOAP Processor returns a SOAPVersion     mismatch when the SOAP payload is null

     

    Interceptor

    • 27957 - BizTalk Interceptor fails with InvalidCastException     inside the .Net interceptor SDK

     

    Issues resolved in Release 2015.0.1.9

    Management Server / Agent

    • 27997 - com.actional.util.Util.getEnv(String)      not working on non-Windows platforms
    • 28045 - Error "LGSERVER0224: Field none not applicable as      filter" occurs when click on alert visualizer table
    • 28090 - Interceptor SDK Sample9 packaged JAR does not contains the      AAL
    • 28176 - Number of JMS connections setting is not functional for      JMS 1.1 ConnectionFactory
    • 28229 - NPE in JMSTransportConfigServlet     occurs when temporary destination is used for Consumer
    • 28289 - Webmethods Integration Server      Correlation is not functional when Univeral     Messaging Document is used with ProtocolBuffer     encoding type
    • 28338 - Webmethods Integration Server      Document name is not used when Univeral     Messaging Document is using 'ProtocolBuffers'      encoding
    • 28388 - ActionalBrokerDocumentType     property appears as encoded event data if the receiver is not using      Integration Server services

     

    Intermediary

    • 28175 - Actional Intermediary starts too      many JMS connections per transport

     

    Issues resolved in Release 2015.0.1.8

    Management Server / Agent

    • 20106 - Remove the "show all" option in event logs as it      can cause a hang if the number of event logs is high.
    • 27289 - Address errors thrown in oracle migration script from      version 2013 to 2015
    • 27314 - Disallow custom file download from eventlog     UI
    • 27952 - Handle cases where webServices     watchdog throws exception: 'IOException OutputStream is closed'
    • 27965 - Unable to use policy "distributing alert with notifier" option with SNMP plugin
    • 28014 - LogBackup servlet erroneously      allows the download of any files
    • 28015 - SnmpPlugin itsAddrMap     is not thread-safe

     

    Intermediary

    • 27302 - Handle NPE when AI raises soap fault with NPE for invalid      request
    • 27812 - Enforce an upper bound for uncorrelated replies background      buffer
    • 27914 - Log "JMS Producer keyID is      not found for the JMS reply" messages as normal debug messages.
    • 27950 - Handle LicenseManager NPE on      startup

     

    Issues resolved in Release 2015.0.1.7

    Management Server / Agent

    • 5466 - Implement separate warning and alert counters
    • 26505 - Oracle db creation scripts fail      for Actional 2015 SP1 using Oracle 12c.
    • 26888 - Implement API to trigger preserved audit log persistence
    • 26948 - Implement Task API in Agent that keeps track of flow IDs      that must be audited
    • 26949 - Implement Task API in Server that keeps track of flow IDs      that must be audited
    • 26995 - Optimize flow monitoring SQL updates
    • 27074 - Implement flow monitoring support for older agents
    • 27107 - Persist flows to audit in database
    • 27139 - Editing the name for information filter can produce an      error
    • 27156 - Each flow monitoring cache should have its own setting
    • 27160 - MONITORING0090: Audit request record update failed
    • 27213 - Setting admin roles in AI results in an error
    • 27223 - Flow monitoring does not properly clear out old flows
    • 27246 - Flow monitoring table is not properly cleaned up if size      decreased before shutdown
    • 27321 - Provide metric about JMS.send     directly in the interactions
    • 27325 - Agent are not persisting the agent event's details field      in the SQL table act_agent_events
    • 27368 - Gzip Request compression throws XMLParseException
    • 27425 - Include a Clock Profile to track providers queue size
    • 27458 - Improve table existence check
    • 27788 - Audit records no longer sets the payload size if the audit      body or reply is not set

     

    Intermediary

    • 27137 - [REST] No REST header parameters are passed when "Passthrough Message Data" is turned on
    • 27142 - Clock Profiling for JMS operations in AI
    • 27303 - AI raises soap fault with NPE for malformed request
    • 27320 - Admin console denying access when request comes through a      different port from firewall/proxy
    • 27428 - LDAP user caching does not work between different types of      credentials
    • 27404 - LDAP Injection Vulnerability with AI HTTP BASIC Authentication      Contracts

     

    Issues resolved in Release 2015.0.1.6

    Management Server / Agent

    • 26969 - Improve Flowmap capture logic
    • 26096 - SECU1022: The principal does not belong to one of the      authorized roles error.
    • 27003 - Improve Flowmap gather locking      logic
    • 27011 - Classpath issue when running JMS      interceptor on JDK 1.4

     

    Issues resolved in Release 2015.0.1.5

    Management Server / Agent

    • 26057 - Provide ability for flow fields to allow specifying a part
    • 26190 - Support for CentraSite v9.10
    • 26190 - Support for webMethods     Integration Server v9.10
    • 26190 - Support for webMethods Mediator      v9.10
    • 26190 - Support for webMethods Universal      Messaging v9.10
    • 26190 - Support for webMethods Broker      9.6 shipped with WebMethods 9.10
    • 26589 - Error generating support.zip if Cassandra is configured
    • 26628 - NPE when executing no-activity policies
    • 26758 - Establishing a JMS Connection can block connections to      other brokers when fault tolerance is turned on
    • 26779 - Service Groups with a JMS broker in the middle can pausing      when a broker goes down
    • 26800 - UI hang in JMS consumer status with failover and broker      down

     

    Intermediary

    • 25422 - Provide ability for the IAuthenticateContext     interface to obtain the Authenticated Identity
    • 26580 - Upgrading AI to 2013 and sending a request to an AP throws      a NPE
    • 26674 - AI is unable to process messages when the broker used for      JMS Audit is down
    • 26675 - Service Dispatcher issue occurring during AI Shutdown

     

    Interceptor

    • 26058 - Update java interceptor SDK to provide APIs that allow a xpath-capable interceptor to do its work
    • 26250 - webMethods Broker Documents fail      validation with an unexpected node after interceptor injects a      "_property" element into payload documents

     

    Issues resolved in Release 2015.0.1.4

    Management Server / Agent

    • 4288 - Provide Business Process name in the alert message
    • 25243 - Negative values during reconnect should be rounded to zero
    • 25326 - Add ability to define additional JMS transports for Agents      to use during JMS Auditing
    • 26062 - JMS Audit task for AI throws exception in Audit write
    • 26143 - AMS logs flooded with "APPL0109: Invalid parameter: query.handle" error
    • 26158 - java.lang.ClassCastException     while selecting Cassandra DB on audit logs
    • 26560 - ClassNotFoundException in AMS      when running no activity policy
    • 26626 - NPE when executing no-activity policies

     

    Intermediary

    • 25660 - AI JMS reply lookup can lead to excessive latency in      processing reply messages when message correlationID     is not in the correlation map
    • 25955 - Unable to remove XSLT in Intercept block for unchecked      behavior in Service group
    • 26099 - AI UI gets into a 'Please Wait' state in ESB Select      Process

     

    Issues resolved in Release 2015.0.1.3

    Management Server / Agent

    • 25419 - Support for CentraSite v9.9
    • 25419 - Support for webMethods     Integration Server v9.9
    • 25419 - Support for webMethods Mediator      v9.9
    • 25419 - Support for webMethods Universal      Messaging v9.9
    • 25419 - Support for webMethods Broker      9.6 shipped with WebMethods 9.9
    • 24785 - Discard JMS Audit events when the Audit broker is down
    • 25025 - Deadlock in Actional code when      starting a cluster
    • 25790 - Reconnecting Flow Calls timing out after their processing      has been delayed by the Analyzer

     

    Intermediary

    • 23497 - While configuring SG using PassThrough     wizard, changes to the unique ID are not reflected in the read only URL.
    • 23500 - While configuring SG using PassThrough     wizard, if the checkbox for "Use ID relative.."     is checked, the changes in URl are not observed      on revisting the same page."
    • 25382 - Extended Export: The dependency between Service Groups and      Roles does not appear in the service group dependency tree
    • 25131 - AI cannot authentication and authorized LDAP users with      "/" in the name.
    • 25349 - AI is unable to create temporary queues if the JMS 1.1 ConnectionFactory implementation is generic.
    • 25667 - Set AI “Disable ESB Interactor Proxy” flag default value      to true.
    • 25800 - Request payload is incorrectly returned when ESB Process      fault mapping is incorrect
    • 25842 - Initialization ordering issues between Service dispatcher      and JMS Manager during AI startup
    • 25929 - Lucene indexer crash while closing indexes while other      threads are still accessing it.
    • 25979 - Error provisioning AI as a JMS audit producer due to      incorrect producer status validation check
    • 5225 - Class cast exception while switching between Sonic ESB      instances

     

    Interceptor

    • 24778 - EOF exception in CXF interceptor payload capture
    • 25731 - java.io.IOException: mark/reset      not supported in CXF payload capture
    • 25767 - Provde a new configuration      property that allows to limit the message payload sizeor     CXF interceptor. Needed to properly handle message payload kept in memory

     

    Issues resolved in Release 2015.0.1.2

    Management Server / Agent

    • 24303 - Issues with correlation from CXF to Integration Server
    • 24334 - Misspelled procedure name while generating database purge      scripts
    • 25026 - Performance problems with provisioning
    • 24951 - Management Server is publishing replicas of the same      Server Interaction to CentraSite
    • 24250 - Include Cassandra installation creation scripts in the      default deployment.

     

    Intermediary

    • 24485 - Support for Oracle Access Manager (OAM) 11G
    • 24787 - Incorrect Access Point details observed in Webservices Consumer Views
    • 24846 - All visibile operations appear      twice causing failure when calling an access point.
    • 25173 - Cannot upload AI deployment profiles to AMS if AMS version      is Actional 2015 or later
    • 25176 - java.util.ConcurrentModificationException     encountered in AI

     

    Interceptor

    • 24271 - Interceptor should not be logging Interaction and Event      related debug
    • 25186 - Create BizSolo interceptor
    • 24589 - NPE with JMS trigger when Management Server is      instrumented in Integration Server

     

    Issues resolved in Release 2015.0.1.1

    Management Server / Agent

    • 23820 - Cannot manage Agents with JMS transport
    • 23734 - Global search does not list any elements
    • 23739 - Clickjacking vulnerability observed during a security scan      of Actional Management Server
    • 23522 - Change the wording in the UI from ‘Audit Only if Alarm is      Raised’ to "Audit Only for Flow Mapped Alarm"
    • 24201 - SAG IS service not recognized, shown as ‘unknown’
    • 23506 - Agent startup takes upto ~4      minutes
    • 23479 - Item Breakdown Information is no longer displayed when      node is deselected
    • 24641 - Using OAM Cookie Provisioner on      the Application Security Contract causes a NPE

     

    Intermediary

    • 23286 - XML Bomb Security vulnerability
    • 23739 - 'Clickjacking' security issue found during a security scan      on actional AMS
    • 23990 - Actional Intermediary JSON fault      response is not well-formed
    • 23251 - Actional is exposing sensitive      information in payload when a wrong URL is accessed
    • 23977 - Unexpected exception for certificate expiry check
    • 23939 - All operations are added when adding more operations to      Access Points
    • 23959 - WSDL update in Intermediary block does function when wsdl is updated via URL

     

    Interceptor

    • 23917 - Error when using FastInfoSet     with CXF interceptors