This document is intended for customers who have already upgraded their Gateway to version 10.0 10.1 or 11.0. The purpose of this document is to demystify patching within the Gateway 10.0, 10.1 or 11.0 space.  If you are looking for assistance upgrading from Gateway 8.x or 9.x please see our formal upgrade documentation here.  

If you are on Gateway 10.0 and need assistance upgrading to Gateway 10.1 please see the Standard Upgrade Procedure for Gateway 10.1 as well as our supplemental 10.1 upgrade Knowledge Base Article here

If you are on 10.x and are looking for information upgrading to Gateway 11 please see this area of the documentation: Gateway 11.0 Install, Configure and Upgrade

It is HIGHLY recommended that you review this FAQ including the Additional Information section before proceeding with any patching activity.

This Document will cover:

Note the Color Coding for each section to provide an easier reading experience:

• Gateway 10.0 Cumulative Release (CR) Patching
• Gateway 10.1 Cumulative Release (CR) Patching
• Gateway 11.0 Cumulative Release (CR) Patching
• Monthly Platform Patching (for Gateway Appliances and Gateway Docker deployments)
• Additional information and troubleshooting patching 

Release : 10.0 and 10.1 and 11

Component : API Gateway

What are the versions of API Gateway 10 and 11?

These are the current versions of the API Gateway:  10.0 and 10.1 and 11.0

Gateway 10.0 FAQs are highlighted in Purple

Gateway 10.1 FAQs are highlighted in Orange

Gateway 11.0 FAQs are highlighted in Yellow

GATEWAY 10.0 and GATEWAY 10.1 HAVE SEPARATE Cumulative Release (CR) PATCHES FOR EACH VERSION.  PLEASE MAKE SURE YOU NAVIGATE TO THE SECTION APPROPRIATE FOR THE VERSION YOU ARE RUNNING.  YOU CANNOT APPLY A GATEWAY 10.0 CR TO GATEWAY 10.1 AND YOU CANNOT APPLY A GATEWAY 10.1 CR to GATEWAY 10.0.  HOWEVER, MONTHLY PLATFORM PATCHES ARE NOT VERSION SPECIFIC AND CAN BE APPLIED TO EITHER GATEWAY 10.0 OR 10.1

Subsequently, Gateway 11 will have its own Cumulative Release Patches when released. Gateway 11 will also have separate Monthly Platform Patches (MPPs) from Gateway 10.x MPPs)

Gateway 10.0 Cumulative Release (CR) Patching

What is a Cumulative Release Patch?

Cumulative Release Patches update the Gateway software/product to introduce bug fixes, features, functionality, updated Java versions. 

I am running Gateway 10.0 what Cumulative Release (CR) patches are available?

Currently Gateway version 10.0 has Cumulative Release Patch CR05 which includes all of the patches from CR01 through CR04.  To see full list of Cumulative Release Patch related info please see the Release Notes for Gateway 10.0

Can I apply CR05 for Gateway 10.0 to my 10.1 Gateway?

No.  There are separate Cumulative release Patches for Gateway 10.0 and 10.1.  Both will be covered in this FAQ

Do I need to apply Cumulative Release patches CR01 through CR04 to my Gateway 10.0 in order to apply the latest CR05?

No.  Cumulative Release Patches (CRs) are cumulative and you need only apply the latest CR to your Gateway.

Where can I get the Gateway 10.0 CR05 Patch?

You can find Gateway 10.0 CR05 Patch on our Solutions and Patches Page. This patch zip file is called: Layer7_API_Gateway_v10.0.00-CR05.zip

After downloading this file please Unzip it to see the contents.

What are the files I see in the Gateway 10.0 CR05 zip file and what do I do with them?

When you unzip the Cumulative Release patch file you will see the following files:

• Layer7_API_Gateway_v10.0.00.13030-CR05.L7P
  • This is the main Gateway L7P patch file that gets applied to your Gateway 10.0 to bring it to CR05. 
• Manager-10.0.00.13030-CR05.tar.gz
  • This file is the corresponding MacOS Policy Manager installer to be used with Gateway 10.0 CR05
• Layer7 API Gateway Policy Manager 10.0.00.13030-CR05 Installer.exe
  • This file is the corresponding Windows Policy Manager installer to be used with Gateway 10.0 CR05 
• CA_SSO_SDK_Compact_v12.8.06.L7P
  • This file is the latest SSO SDK install if you are using CA Siteminder integration 

How do I apply the Gateway 10.0 CR05 file to my Gateway?

To apply the Gateway 10.0 CR05 cumulative release patch to your Appliance based Gateway please use these steps:  Patch Using The Menu

To apply the Gateway 10.0 CR05 cumulative release patch to your Software based Gateway install please use these steps: Patch The Software Gateway

Gateway 10.1 Cumulative Release (CR) Patching

What is a Cumulative Release Patch?

Cumulative Release Patches update the Gateway software/product to introduce bug fixes, features, functionality, updated Java versions

I am running Gateway 10.1 what patches are available?

Currently Gateway version 10.1 has Cumulative Release Patch CR02.  To see full list of Cumulative Release Patch related info please see the Release Notes for Gateway 10.1

Can I apply CR02 for Gateway 10.1 to my 10.0 Gateway?

No.  There are separate Cumulative release Patches for Gateway 10.0 and 10.1. 

Do I need to apply Gateway 10.1 CR01 before applying CR02?

No you do not need to apply Gateway 10.1 CR01 before applying CR02. Patch CR02 includes all of the fixes, features and updates from CR01  

Where can I get Cumulative Release Patch CR02 for Gateway 10.1?

The Gateway 10.1 CR02 can be downloaded from the Solutions and Patches Page and is called Layer7_API_Gateway_v10.1.00.14326-CR02.zip

After downloading this file please Unzip it to see the contents.

What are the files I see in the Gateway 10.1 CR02 zip file and what do I do with them?

• Layer7_API_Gateway_v10.1.00.14326-CR02.L7P
  
  • This is the main Gateway L7P patch file that gets applied to your Gateway 10.1 to bring it to CR02
• Manager-10.1.00.14326-CR02.tar.gz
  
  • This file is the corresponding MacOS Policy Manager installer to be used with Gateway 10.1 CR02
• Layer7 API Gateway Policy Manager 10.1.00.14326-CR02 Installer.exe
  
  • This file is the corresponding Windows Policy Manager installer to be used with Gateway 10.1 CR02 
• ssg-dfdl-transformation-10.1.00-1013.noarch.rpm
  
  • New version of the Apply DFDL Transformation Assertion.  See related Documentation here

Note:  If you are looking for the latest Siteminder SSO SDK it was released in Gateway 10.1 CR01 and is included in the CR01 zip file located here

Note: Beginning with Gateway version 10.0 CR01 (including CR02), JSON Schema v2 has been deprecated due to a library upgrade. Users should upgrade their JSON Schema to v4. If you are planning on applying Gateway 10.0 CR01 or CR02 during your Gateway 10.0 to 10.1 upgrade process please ensure that you test for this JSON Schema v2 deprecation before a production upgrade

How do I apply the Gateway 10.1 CR02 file to my Gateway?

To apply the Gateway 10.1 CR02 cumulative release patch to your Appliance based Gateway please use these steps: Patch Using The Menu

To apply the Gateway 10.1 CR02 cumulative release patch to your Software based Gateway install please use these steps: Patch A Software Gateway

Gateway 11.x Cumulative Release (CR) Patching

What is a Cumulative Release Patch?

Cumulative Release Patches update the Gateway software/product to introduce bug fixes, features, functionality, updated Java versions

I am running Gateway 11.x what patches are available?

There are currently no available Gateway 11 Patches yet. This KB article will be updated with details upon the release of the Gateway 11 CR patches

Gateway 10 and 10.1 and 11 Monthly Platform Patching:

What is a Monthly Platform Patch?

A Monthly Platform Patch is provided to users running the Gateway Appliance or Container form factor which updates the underlying OS Platform and addresses known CVE Vulnerabilities. 

What is the difference between a Monthly Platform Patch and a Cumulative Release Patch (CR)?

Cumulative Release Patches update the Gateway software/product to introduce bug fixes, features, functionality, updated Java versions.  Monthly Platform Patches update the underlying Appliance CentOS Platform to address CVE Vulnerabilities, OS Library updates and also MySQL version updates. 

Are there separate Monthly Platform Patches for Gateway 10.0 and 10.1?

No.  Unlike the Cumulative Release (CR) patches for Gateway 10.0 and 10.1 there is only one Monthly Platform Patch released for both Gateway 10 and 10.1 appliances 

Are there separate Monthly Platform Patches for Gateway 11?

Yes.  Since Gateway 11 is based on the new Debian Appliance OS there is a new Monthly Platform patch released for Gateway 11 each month that is separate from the Gateway 10.x Monthly Platform Patches

Do I have to install previous Monthly Platform Patches in order to install the latest?

No.  Like the Cumulative Release (CR) patches the Monthly Platform Patch is also cumulative in nature and you not need to install previous Monthly Platform Patches incrementally.   This is true of all Gateway version Monthly Platform Patches

Where can I find the Monthly Platform Patch for my Gateway 10.0 or Gateway 10.1 Appliance?

You can find the Monthly Platform Patch for the Appliance Gateway on the Solutions And Patches Page

Example:  Layer7_API_PlatformUpdate_64bit_v10.X-CentOS-2022-06-26.L7P  <-- See the Date indicating that this is the June 2022 Monthly Platform Patch.

Where can I find the Monthly Platform Patch for Gateway 11?

You can find the Monthly Platform Patch for the Appliance Gateway on the Solutions And Patches Page

Example:  Layer7_API_PlatformUpdate_64bit_v11.X-Debian-2023-02-22.zip 

I am running the Container Gateway.  Can I also get the Monthly Platform patches?

Yes you can pull Monthly Platform Patches according to the Docker Tags Page

I am running the AWS AMI Appliance or the MS Azure Appliance.  Can I also apply a Monthly Platform Patch to these form factors?

Yes you can apply the same Monthly L7P Platform patch that is applied to the VMware ESX Based appliance. 

When are Monthly Platform Patches Released?

Typically Monthly Platform Patches are released in the last week of every month.

Is there a special order, prerequisites or dependencies between the Cumulative Release (CR) Patch and Monthly Platform Patch?

No.  The Cumulative Release Patches and Monthly Platform Patches are not dependent on each other. They are totally separate.  For example you could apply Cumulative Release Patches and forgo installing Monthly Platform Patches and vice versa.  

How can I tell what the Monthly Platform Patch is updating?

For every release of the Monthly Platform Patch there is a corresponding downloadable cve-info text file which you can review for changes. You will typically see this file right underneath the main Monthly L7P file on the Solutions and Patches page. 

Example: cve-info-v10.X-CentOS-x86_64-2022-04-24.txt

Additional Information:

Where can I read more about Gateway patches

Please see our formal documentation on the subject.  10.x Understanding Gateway Patches  11.0 Understanding Gateway Patches

Where can I see the changes, updates and fixes included in the Gateway Cumulative Release Patches?

You can see a full summary of Cumulative Release Patch information and changes from the Release Notes section for each version of the Gateway.  Note the summary of each Cumulative Release Patch 

Gateway 10.0 Release Notes

Gateway 10.1 Release Notes

Gateway 11.0 Release Notes

How to I update my Policy Manager version along with my Gateway Appliance?

Gateway Cumulative Release Patch zip files will always contain a new version of the Gateway Policy Manager installer for MacOS and Windows.  After patching the Gateway with the main L7P file please be sure to also update your workstation with the new Policy Manager that is included in the zip file

What is an L7P file?

An .L7P file is the patch file format that is applied directly to your Gateway appliance.

If you need assistance working with L7P files please see this supplemental material

Working with .L7P Files

Do I have to reboot my Gateway after applying L7P patches?

Yes it is very important to reboot your Gateway after applying an L7P patch file. If you are applying a sequence of L7P patches then you will be required to reboot after EACH patch before you apply the next one

I am getting an error about Disk Space when I try to apply a patch.  What can I do?

Please make sure you check your Gateway file sizes before applying any patches. If you get an error such as Error uploading patch file: No space left on device please see this article for more information and assistance.

Where can I see what patches have already been applied to my Gateway Appliance?

If you would like to see a list of patches that have been applied to your Gateway Appliance you can Select Option 8 from the Gateway Appliance Menu and then Choose Option 4 to List Patches

Can Patches be uninstalled or rolled back?

Patches cannot be uninstalled after they are applied so please ensure that you take a VMware Snapshot of your Gateway Appliance before any patching activity to provide a back-out plan.

If patches cannot be uninstalled then why is there an option to "Delete a Patch from the Gateway"?

This option allows you to clear staged patch files from the staging directories on the Gateway to reclaim space.  This option does NOT Uninstall a patch from the Gateway.  For more on this see see the corresponding section in the main documentation. 

What is the difference between Uploading a Patch and Installing a Patch?

The application of an L7P Patch file is a two step process after the patch has been copied your Gateway.  The upload process is the first step where the patch is first processes by the patching mechanism and the second step is the actual Installation of the patch top the Gateway.  You will see both the Upload and Install options in the Gateway Patching menu. There is also a similar Upload and Install procedure for patching with the Command Line.

Where can I see patch related logs?

Log files for the patching process are located here:

/opt/SecureSpan/Controller/var/logs/patches.log/opt/SecureSpan/Controller/var/logs/patch_cli*.log