Changes

• Setting for Faster GETs: To improve performance through Gateway, enable the new Swarm Storage 12.0 setting scsp.enableVolumeRedirects. This setting permits Gateway to perform redirects of GET requests to volume processes, for greater efficiency, especially with reading small objects. (CLOUD-3205)

• Support for Folder Listings in UIs: With version 7, folder listing support across Swarm clients (such as SwarmFS and S3) has been rearchitected and newly centralized within Content Gateway. These folders allow users to interact with bucket objects in an intuitive hierarchical organization. See Using Virtual Folders.

• SAML Integration for SSO: Gateway now supports SSO (single sign-on) with third-party identity providers using the SAML 2 standard. By implementing SAML, users log in to Swarm browser components (Swarm UI and Content UI) using existing credentials from another source, such as OneLogin, Okta, or Google. See Enabling SSO with SAML. (CLOUD-2970)

• Support for Larger S3 Bucket Listings: A new [storage_cluster] setting, indexerSocketTimeout, allows controlling a timeout affecting the ability to list larger buckets. The value now defaults to 120 seconds. Increase the load balancer (such as HAProxy) "timeout server" and S3 client timeouts as needed to match this. (CLOUD-3171)

• Cross-Domain Cookies: A new [gateway] setting, cookieDomains, allows the Content UI to use the same authentication token across multiple storage domains that share a common base domain. Gateway does this by using the base domain in place of the request's domain for the Set-Cookie response header. (CLOUD-2789)

• Password Encryption: Gateway now encrypts passwords that are stored gateway.cfg and IDSYS files. When needing to change management passwords, enter new ones and restart Gateway, which replaces those strings with encrypted versions as part of its startup. (CLOUD-3209)

• Easier Log Levels: For quicker access during troubleshooting, the logLevel property is now located at the top of the logging.yaml file. (CLOUD-3176)

Fixed

• Recent rclone releases can make multiple PUT bucket requests fail with a 409 Conflict message. (CLOUD-3213)

• After upgrading, the Gateway service needed to be enabled manually. (CLOUD-3193)

Upgrade Impacts

To upgrade from a version of Gateway 6, see Upgrading Gateway. If migrating from Elasticsearch 2.3.3 and Gateway 5, see Upgrading from Gateway 5.x.

Address the upgrade impacts for this and each prior version since the version being upgraded from:

See Content Gateway 6 Release Notes for impacts from prior releases.

Watch Items and Issues

These are known operational limitations that exist for Gateway.

• When using the default RHEL/CentOS configuration of IPTABLES, traffic to the Gateway is blocked unless action is taken to disable IPTABLES or to enable inbound traffic to the front-end protocol port(s).

• Gateway is not compatible with Linux PAM modules that depend upon interactive validation operations such as OTP or biometric scanners.

These are known issues in this release:

• Invalid methods on an SCSP request return 400 Bad Request instead of the expected 405 Method Not Allowed responses. (CLOUD-3228)

See Content Gateway 6 Release Notes for known issues from prior releases that are still applicable, apart from those appearing above as Fixed.