The pub.packages services display an inaccurate error message when the package input parameter is empty.

The pub.packages:updateHomePage service has the packageName input parameter to accept the package name whereas the other pub.packages services have package as the input parameter. When the package input parameter is empty in all the pub.packages services, Integration Server displays error messages with packageName instead of package.

Currently, there is no workaround for this issue.

Integration Server clustering does not work when Integration Server runs on AIX with IBM SDK, Java Technology Edition, Version 11.

IBM SDK, Java Technology Edition, Version 11 for AIX has a known issue with network socket connections which severely affects connectivity to Terracotta Servers (all 4.3.x versions and 4.4.x versions). The impact on connectivity prevents Integration Server clustering from working.

There are two options for working around this issue. 1) If using Integration Server 10.11 and Terracotta Server 4.3.x, use IBM SDK, Java Technology Edition, Version 8 for running the Terracotta Server processes on AIX, or 2) run the Terracotta Servers on Linux or Windows.

Note that Terracotta Server 4.4.x (used with Integration Server 10.15) does not support Java 8.

Fields that would contain their "default" value are missing from the gRPC method service inputRecord.

When the generated gRPC method flow service is invoked during the processing of a gRPC request, fields in the inputRecord that would have contained their default value may not be present in the pipeline. The default value of a field depends on its type. In general, numeric types default to 0, Boolean types default to false, and String types default to an empty string.

To work around this issue, when implementing the logic of the gRPC method flow service, take the above behavior into account. Treat a field that is not present in the pipeline as though it contains the default value for its field type.

Some pub.cache services do not handle IData values correctly.

Some of the pub.cache services in WmPublic do not detect IData equality correctly. This causes cache misses for previously cached services.

There is no workaround for this issue.

Integration Server Administrator throws a java.time.zone.ZoneRulesException.

If the timezone used by Integration Server is set to an invalid value, accessing the new Integration Server Administrator results in a java.time.zone.ZoneRulesException.

There is no workaround for this issue.

When using a JVM from Azul, Integration Server might fail with "javax.security.auth.login.LoginException: No key to store" error during the validation of Kerberos tickets.

This error is caused by an issue in Azul.

In version 10.11, Integration Server and Microservices Runtime added the following to the startup scripts:

-Djdk.security.auth.login.useCachedLoginModules=trueSetting this property to false resolves the above issue but can also cause a significant performance degradation.

To make this change for Integration Server, edit <Software AG_directory>/profiles/IS_<instanceName>/configuration/custom_wrapper.confTo makes this change for Microservices Runtime, edit <IntegrationServer_directory>/bin/server.bat|shAfter setting -Djdk.security.auth.login.useCachedLoginModules=false, restart the server.

Size of WmAdmin package increases unexpectedly after fixes are applied.

The WmAdmin package on disk increases by 50 MB with each fix that is applied.

There is no workaround for this issue.

Integration server administration console can't be accessed

If the timezone used by Integration Server is set to an invalid value, accessing the Integration Server Administrator results in a java.time.zone.ZoneRulesException.

The workaround for this issue is to use the legacy Integration Server Administration console.

In Integration Server, the pub.mime:getBodyPartContent service does not remove the MIME boundary marker when extracting the body part.

In Integration Server, when the pub.mime:getBodyPartContent service receives MIME data without the boundary marker in the header, the service does not remove the MIME boundary marker when extracting the body part.

As a workaround, use the pub.flow:getTransportInfo service to get the transport headers with the boundary marker information and merge that with the MIME data using the pub.mime:mergeHeaderAndBody service. You can then call the pub.mime:createMimeData service with the output of the pub.mime:mergeHeaderAndBody service, followed by the pub.mime:getBodyPartContent service to get the correct content.

In Integration Server Administrator, the IP Access configuration page does not show the host list service and the polling interval after deploying a port.

After runtime or repository-based port deployment, the target Integration Server does not show the host list service and polling interval on the IP Access configuration page of the port.

As a workaround, copy the listeners.cnf file for the port from the source Integration Server to the target Integration Server.

The output of the pub.jwt:extractClaimsFromJWT service does not match the JWT signature.

After extracting specific claim details from a JWT in a flow service, the structure of the claimsDetails document in the pub.jwt:extractClaimsFromJWT service output does not match the signature of the JWT, which is a claimsDetails document with two keys, name and value.

As a workaround, manually map the output of the pub.jwt:extractClaimsFromJWT service to the flow service that expects the output.

The pub.flow:setCustomLoggedFields service does not support setting custom fields of the Document Reference and Document Reference List types for logging.

In the pub.flow:setCustomLoggedFields service, under the inputFields and outputFields parameters, Document Reference and Document Reference List are missing from the type list.

There is no workaround for this issue.

The pub.flow:setCustomLoggedFields service does not support setting custom fields of the Document and Document List types for logging. 

In the pub.flow:setCustomLoggedFields service, under the inputFields and outputFields parameters, Document and Document List are missing from the type list. 

There is no workaround for this issue.

The pub.flow:SetCustomLoggedFields service does not set all the custom fields under a selected document for logging.

The user should be able to provide the path of a parent document in a flow service to pub.flow:SetCustomLoggedFields and the service should automatically select all the fields under the document for logging.

To work around this issue, the user can manually copy the path of each field under the document and pass the path to the pub.flow:SetCustomLoggedFields service.

Scheduled tasks in Integration Server fail to execute after reactivating the associated solution in webMethods Cloud Container.

The target node of a scheduled task retains the IP address of the associated solution despite reactivating the solution in Cloud Container. When a solution is reactivated in Cloud Container, a new hostname or IP address is allocated to it and the target node in the scheduled task is expected to change accordingly. However, the scheduled task fails to execute as its target node still points to the previous IP address.

To work around this issue, update the scheduled task's target node with the new hostname or IP address of the solution on each reactivation.

A package deployment rolled back via the Deployer user interface is reported as successful when it is not.

Rolling back a deployment when the package dependency list includes a non-existent package fails when the roll back is done via the command line. However, when Deployer user interface is used to view the status, the roll back is incorrectly reported a successful without any Error messages.

Do not include packages that do not exist in a deployment or roll back.

In Integration Server Administrator, security certificate expiry notifications are not automatically marked as read.

When an Integration Server security certificate expires, Integration Server Administrator displays a notification to inform the user about the expiration. However, despite replacing or deleting the expired certificate, the notification is not automatically marked as read.

To work around this issue manually mark such notifications as read.

Integration Server license expiry notifications are not automatically marked read.

Integration Server Administrator continues to display the license expiry notifications despite updating the license file.

As a workaround, manually mark such notifications as read.

A global variable of the password type is displayed as encrypted text in Designer.

During variable substitution in flow services, a password configured as a global variable is displayed as encrypted text instead of masked characters (*). This happens when Integration Server configuration containing global variables is deployed using Command Central.

The workaround for this issue is to deploy global variables using ACDL files through Deployer.

After migration to version 10.11, an Integration Server running on Solaris fails with an error message on startup.

After using the migration utility to migrate to Integration Server 10.11 from an earlier version, Integration Server startup fails with the following error message in wrapper.log.

ERROR | wrapper | 2021/08/28 12:25:42 | JVM exited while loading the application.

INFO | jvm 5 | 2021/08/28 12:25:42 | Unrecognized option: -d64

To work around this error, after migration, remove the following property from the custom_wrapper.conf file located under profiles/IS_default/configuration and then restart Integration Server.

wrapper.java.additional.<NNN>=-d64Where NNN is a numeric number like 205

Integration Server writes an access denied error to the server log every two minutes when a Designer user’s password is updated in Integration Server but not in Designer.

When a user’s password is changed in Integration Server and that user is connecting to Integration Server from Designer, the Integration Server refuses the user’s connection and writes the following error to the server log every two minutes until the user's password is updated in Designer:

[ISS.0053.0002C] (tid=93) Access denied for user <user-name> on port <portNumber> -> 'wm-message' from 127.0.0.1.To work around this issue, update the password in the server definition in Designer. The server definition is located in Windows > Preferences > Software AG > Integration Servers.

To stop the error from occurring, set the correct credentials in Designer.

Integration Server logs a message about webMethods Cloud tenant aliases even if Integration Server is not used with webMethods Cloud.

During startup, the Integration Server may log an error message like the following:

(tid=threadId) WmCloud: Startup service (wm.client.integrationlive.admin:loadTenantAccountInfo)

(tid=threadId) An error occurred while loading information from the webMethods Cloud environment. No tenant aliases are enabled

This error message is meaningful only if the Integration Server is used as an on-premises Integration Server with webMethods Cloud. This message can be safely ignored if it occurs on an Integration Server that is not used with webMethods Cloud.

When an Object variable of type java.lang.float is mapped to a specific index in an Object List of type java.lang.float, the resulting variable is a String list.

There is no work around for this issue.

A GET request for an /alert resources in the Integration Server Administrator API results in an error message when valid values are supplied for startTime and endTime in a URL parameter.

There is no workaround for this issue.

The input pipeline cannot be edited when a variable name contains a period.

In the Edit pipeline dialog for Service details within Monitoring, data values were not appearing for fields that had one or more dots "." in the field name or in the names of a document in the fields' hierarchy.

Currently, there is no workaround for this issue.

The system task scheduled for a notifier runs once even after the notifier is deleted or disabled.

If the 'notifyInstantly' parameter is false and the 'intervalInSeconds' parameter has a value for a notifier, the system task scheduled for the notifier runs once even after the notifier is deleted or disabled.

Currently, there is no workaround for this issue.

To enable the "Developer" user in Integration Server, an Administrator must run the 'sagcc update configuration data' command twice with the required parameters in the Command Central CLI.

Authenticating Integration Server users with the default password is insecure. Therefore, Administrators disable the Developer and Replicator accounts, remove their default passwords, and then provide a secure password for these users before enabling them through User Management in Integration Server Administrator.

Running the 'sagcc update configuration data' command from Command Central CLI must enable the "Developer" user. However, the user is not enabled unless the command is run twice, which is unexpected.

Currently, there is no workaround for this issue.

The input and output document type references are missing in the service generated for a Provider Web Service Descriptor (WSD).

The document type references are not shown in the Input and Output fields of the service generated for the WSDL-first Provider WSD.

However, the Input and Output signatures of the service are intact and the WSD can be used without issues.

As a workaround, set the value of the "watt.server.SOAP.identifyISGeneratedWSDL" server configuration parameter to "true" to see the document type references for the service on creating the WSDL-first Provider WSD.

Installing a package that contains a schema with a target namespace that is the same as an existing schema on the Integration Server may result in two sets of definitions or declarations for the same components.

If you only need the schema definitions or declarations contained in one schema, delete the other schema. However, if you need definitions from both schemas, there is no workaround for this issue.

Known issue in the JVM Cipher implementation for certain JVM builds may cause decryption failures in Integration Server and other products that use the outbound password manager provided in Integration Server.

A change in the PBEWithHmacSHA256AndAES_256 implementation causes Strings encrypted with the cipher in Open JDK builds 1.8.0_64 and before do not decrypt in later builds, beginning around build number 1.8.0_71. If your Integration Server runs on a JVM from Open JDK builds 1.80_64 up to, but not including 1.8.0_71, and then upgrade to Open JDK build 1.8.0_71 and after, passwords stored in the Integration Server outbound password manager cannot be decrypted.To avoid this issue, change the encryptor before upgrading the JVM.

That is, store the password using the same handle but a different encryption code such as EntrustPbePlus.

For information about changing the encryption method for the outbound password file and resetting outbound passwords, see the “Master Passwords and Outbound Passwords” chapter in the webMethods Integration Server Administrator’s Guide. You can also change an outbound password using the pub.security.outboundPasswords:updatePassword service which is documented in the webMethods Integration Server Built-In Services Reference.

A description of this Open JDK defect can be found here: https://bugs.openjdk.java.net/browse/JDK-8162690Note that the Open JDK defect description has some ambiguity regarding the build number in which this issue was introduced. The issue is observed in build number 1.8.0_74 but may have been introduced in earlier builds. Builds 1.8.0_64 through 1.8.0_74 were not tested by the defect reporter. The WSC-515 description cites build 1.8.0_71 as the Open JDK defect identities 71 as the "Introduced in version" value.

Web service connector ends with the error [ISC.0082.9034] Field is absent, field must exist.

If the output signature of a service used as an operation in a provider web service descriptor (WSD) contains a field that has a namespace URI without a prefix, Integration Server adds a prefix when generating a WSDL document for the provider WSD. In the consumer WSD created from the WSDL, the web service connector that corresponds to the operation (IS service) specifies a prefix for the field in the service output. However, the web service provider does not include a prefix with the field in the response. As a result, the contents of the SOAP response cannot be mapped to the web service connector output and the web service connector ends with the error [ISC.0082.9034] Field is absent, field must exist.

To avoid this issue, if a service will be exposed as a web service, always associate a prefix with a namespace URI for fields in the service signature.

The xsi:nil attribute in an element does not convert properly when generating an IS document from an XML document.

If an XML document has an element containing only xsi:nil as an attribute and an IS document is generated from that XML document using the pub.xml.xmlNodeToDocument service, the xsi:nil attribute is generated as an @xsi:nil field for the element in the resulting IS document. This occurs even if the element with the xsi:nil attribute has a simple type string; however, the document type that is created from the XML schema (which is used by the XML document) has a string field for the xsi:nil element instead of the IS document. There is a type difference between the generated document and the document type.

To work around this issue, manually edit the generated IS document to remove the @xsi:nil attribute and then convert the IS document to string field.

WSDL generated for a web service descriptor with a service signature, header document type, or a fault document type containing derived document types does not contain the schema definitions for the derived document types.

To work around this issue, create a WSDL with the schema definitions for the derived document types and then create a WSDL first web service descriptor.

When creating a WSDL first provider web service descriptor, Integration Server does not preserve the original service name from the WSDL document.

When Integration Server generates a WSDL document for the provider web service descriptor, the service name will not match the service name in the source WSDL document.

There is currently no workaround for this issue.

IMAP email listener does not start.

This issue occurs when an IMAP e-mail port is configured to receive requests from an e-mail server that uses NTLM for authentication. With this configuration, the following error is returned when the port is enabled:

"Failed to start EmailListener:imap: <UserName>@<HostName>: [ISS.0070.9003] Enable failed: Could not log into account <UserName>@<HostName>"To resolve this issue, do one of the following:

If you want to disable NTLM authentication, follow these steps:

If you want to enable NTLM authentication, follow these steps:

Java service throws java.lang.reflect.InvocationTargetException when attempting to use jars from <JRE_directory>/lib/ext directory, such as classes in the com.sun.crypto.provider package.

If you plan to use jars from the <JRE_directory>/lib/ext directory, you can avoid this issue by modifying the config.ini as follows:

Integration Server does not support HTTP request or response compression for MTOM streaming and HTTP chunked transfer encoding.

Unexpected results may occur when using HTTP request or response compression function with MTOM streaming and HTTP chunked transfer encoding.

There is no workaround for this issue. Software AG recommends against using the HTTP compression function along with MTOM streaming and HTTP chunked transfer encoding.

Importing an OpenAPI document fails when the format is "date" and also contains an enum property with a date value or a default property with a date value.

When you create a provider REST API descriptor using an OpenAPI document that contains a property of type "string" and format as "date", and also contains an enum property with a date value or a default property with a date value, Integration Server throws an exception and does not import the OpenAPI document.

There is no workaround for this issue.

Integration Server throws an exception while importing an OpenAPI document containing a property of array type that holds an enum value.

While creating a provider REST API descriptor using an OpenAPI document that contains a property of type "array" having an enum value, Integration Server throws an exception and does not import the OpenAPI document.

There is no workaround for this issue.

Importing a WSDL with many operations results in a StackOverFlow error.

Issues in the internal XML serialization of a WSDL cause the service to run out of stack space when importing a WSDL with many operations. This results in a StackOverFlow error.

There is no workaround for this issue.

The pub.client:smtp and pub.client:http services cannot process a javax.mail.internet.MimeMessage object.

The pub.client:smtp and pub.client:http services cannot process a javax.mail.internet.MimeMessage object that is generated by the pub.mime:getEnvelopeStream service when the payload exceeds the watt.server.mime.largeDataThreshold.

To work around this issue, the javax.mail.internet.MimeMessage object must be converted to a java.io.InputStream object before passing it to these services. Alternatively, consider increasing the value of the watt.server.mime.largeDataThreshold parameter to such an extent that the pub.mime:getEnvelopeStream service returns only InputStream objects.

To convert a MimeMessage object to an InputStream, use the writeTo() method of MimeMessage to write to a file and then read the file as an InputStream.

The pub.mime:getEnvelopeStream service could generate an out of memory error when adding a large number of files.

There is no workaround for this issue.

Some System tasks in the Integration Server may show a negative time interval.

There is no workaround for this issue.

An input file path for the pub.parquet:write service that contains a consecutive backslash and forward slash may cause unexpected results. For example, the path "packages/replicatePackage/resources\/testService2.parquet" in Linux creates a directory named "resources\" that cannot be traversed.

To work around this issue, ensure the paths passed to the service are in the appropriate format for the operating system.

The pub.json:documentToJSONString service does not handle the escape character correctly.

There is no workaround for this issue.

If the keys in the JSON string input to the pub.json:jsonStringToDocument service are not available in the JSON document type, they are not transformed by the service.

While transforming a JSON string to a Document using the pub.json:jsonStringToDocument service, if the 'strict' parameter is 'true' and the 'jsonDocumentTypeName' parameter is specified, any field that is absent in the JSON document type is not added to the resulting document, although the same field is present in the JSON schema used to create the JSON document type.

As a workaround, set the 'strict' input parameter as 'false' so that the transformation from JSON string to Document is loosely based on the JSON document type.

While creating a REST API descriptor from an OpenAPI document, if an operation response has a description field with an empty value, Designer throws an error.

While creating a REST API descriptor from an OpenAPI document, Designer converts the document to an OpenAPI java model, and then back to string using the swagger parser external libraries. If an operation response in the OpenAPI document has a description field with an empty value, the field is removed, which makes the OpenAPI document invalid. Since the description for a response is a required field, Designer does not import the OpenAPI document and throws an exception like: "Failed to create REST API descriptor. Reason: [attribute paths.'/test'(put).responses.200.description is missing]"

There is no workaround for this issue.