This article will discuss an issue when using the Validate Against Swagger assertion in a Policy Fragment which is utilized in more than one policy with different swagger files. In such a scenario, you may encounter faulty validation messages if both policies are called at the same time.
The Validate Swagger assertion is caching the swagger document which can cause problems when the assertion is used in a shared fragment where the document is changing with each call.
This affects both Gateway 9.4 CR05 and lower, as well as Gateway 10 CR02 and lower.
A defect exists, and will be included in 9.4 CR06 and 10 CR03. We recommend upgrading to those CRs if possible for the applicable version of API Gateway, and if not possible then to disable the Validate Swagger assertion in a shared Policy Fragment.
Filed internally as DE459999.