We're seeing an issue with http route assertion related to request header (cookie) processing post installing CR02 in our non-prod server. 

Integration with SAP were API Gateway generates  a SAML response and pass that in a POST body to the SAP ACS endpoint and in response SAP would generate a session cookie. However since CR02 what we're seeing that this behavior is intermittent, Gateway would get the session cookie sometimes but not at other times.

Release : 10.1

Bug in the updated HTTP client library specific for route

Security advisor regarding GW 10.1 CR02

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/critical-alerts/0/20909

The patches from the DCT show the older CR02 was applied, this patch has bug in the HTTP client library specific for route you are seeing  

ssg-appliance-10.1.00-13889_CR02.x86_64

ssg-10.1.00-13889_CR02.noarch

Link to the patches page 

https://support.broadcom.com/web/ecx/solutiondetails?aparNo=99111613&os=LINUX%20-ALL

BAD: Layer7_API_Gateway_v10.1.00.13889-CR02.L7P

Good: Layer7_API_Gateway_v10.1.00.14326-CR02.L7P

Patch Layer7_API_Gateway_v10.1.00.14326-CR02.L7P can be applied on top of the old CR02