Changes

• The scsp.allowSwarmAdminIP setting now also accepts CIDR style ranges like "172.30.128/17" and "172.30.128.0/17" in addition to previously accepted values of "all" or a list of IP addresses. (CLOUD-1191)

• Appropriate warnings are logged on startup if the Content Gateway is configured to run in legacy mode, but is also configured to enable services that are not supported in legacy mode (S3, etc.). (CLOUD-3291)

• Improved error handling of a rare error (500 InternalError, ClientProtocolException) by logging details and retrying. If the retry causes a problem, set debug.retryClientProtocolException = 0. (CLOUD-3321)

• The managementPassword setting is no longer optional and is now required. Always verify managementUser and managementPassword configured. (CLOUD-2617)

Fixed

Resolved issues with replication feeds targeting a Content Gateway version 7.1, 7.2, 7.3 or 7.4. Upgrade to Swarm 12.1 and Gateway 7.5 where this is now fixed. (CLOUD-3323)

Upgrade Impacts

See Upgrading Gateway to upgrade from a version of Gateway 6. See Upgrading from Gateway 5.x if migrating from Elasticsearch 2.3.3 and Gateway 5.

Address the upgrade impacts for this and each prior version since the currently running version:

Impacts for 7.4

• Version Requirements

  • Swarm Storage 12.0.1 or higher

  • Elasticsearch 7.5.2

  • Content UI 7.4

Impacts for 7.3

• Version Requirements

  • Swarm Storage 12.0 or higher

  • Elasticsearch 7.5.2

  • Content UI 7.3

Impacts for 7.2

• Version Requirements

  • Swarm Storage 12.0 or higher

  • Elasticsearch 7.5.2

  • Content UI 7.2

Impacts for 7.1

• Version Requirements

  • Swarm Storage 12.0 or higher

  • Elasticsearch 7.5.2: Migration to Elasticsearch 6 from either Elasticsearch 2 or 5, with reindexing, must be performed before upgrading. Because the ES 6 database is binary-compatible, upgrade in place to the current version is possible. See How to Upgrade Swarm.

  • Content UI 7.0

• Password Security

  • The script to initialize Gateway (/opt/caringo/cloudgateway/bin/initgateway), a one-time step after installing Gateway, generates the master encryption key that is used in password security for the Gateway configuration and IDSYS files. The first time upgrading from a version prior to 7.1, run this initialization again to enable the feature.

  • If downgrading from 7.1, errors are encounter related to the inability to authenticate using the encrypted passwords in the configuration and IDSYS files. Replace any encrypted credentials with original versions. (CLOUD-3209)

Impacts for 7.0

• Version Requirements

  • Swarm Storage 11.2 or higher

  • Elasticsearch 6.8.6 or 5.6.12

  • Content UI 6.3, if used

• Enable the Gateway service manually after upgrading: systemctl enable cloudgateway. (CLOUD-3193)

• To support processes requiring repeated bucket PUT requests to succeed, those requests now always return 409 Conflict, regardless of owner, instead of 403 Forbidden for non-owners. This differs from AWS S3 behavior. (CLOUD-3167)

See Content Gateway 6 Release Notes for impacts from prior releases.

Watch Items and Issues

These are known operational limitations that exist for Gateway.

• When using the default RHEL/CentOS configuration of IPTABLES, traffic to the Gateway is blocked unless action is taken to disable IPTABLES or to enable inbound traffic to the front-end protocol port(s).

• Gateway is not compatible with Linux PAM modules that depend upon interactive validation operations such as OTP or biometric scanners.

See Content Gateway 6 Release Notes for known issues from prior releases that are still applicable, apart from those appearing above as Fixed.