This quarter's API Gateway and API Manager (7.7 May 2026) update is focused on security currency and operational hardening, keeping mission-critical API infrastructure secure, stable, and aligned with current platform standards. No new features were added in this update.
The bundled Java JRE is updated to 11.0.31+11 (Azul Zulu 11.88.17-CA, built on OpenJDK 11.0.31+11-LTS) for an improved security posture, applied automatically during update with no functional or performance impact.
The error_description field has been removed from WWW-Authenticate response headers on 401 responses, as it was deemed too sensitive; detailed error information remains in the API Gateway logs.
The Helm chart now defaults to port 8090 for both traffic and UI (port 8091 is no longer used by default and can be re-enabled with a custom fed configuration).
Metrics database updates
The metrics database schema now supports longer metric group names (increased from 255 to 450, or 512 depending on database type); a database upgrade is required, and event-log processing truncates and warns beyond the configurable com.axway.metrics.maxMetricGroupNameLength limit.
Updates include OpenSSL 3.0.19, Apache ActiveMQ 5.19.6, and updated aws-java-sdk, slf4j, and snakeyaml libraries, along with resolved customer-reported defects across API Manager caching, backup tooling, upgrades, and event-log serialization.
Updates include a fix for reverse tabnabbing on the homepage and an Apache upgrade to 2.4.67. API Portal 7.7.20260530 is compatible with API Gateway and API Manager 7.7.20260530.