Bug ID 1190365: OpenAPI parameters with type:object/explode:true/style:form serialized incorrectly

Last Modified: Mar 30, 2024

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
15.1.0,,,,,, 15.1.1, 15.1.2,, 15.1.3,, 15.1.4,, 15.1.5,, 15.1.6,, 15.1.7, 15.1.8,,, 15.1.9,, 16.1.0, 16.1.1, 16.1.2,,, 16.1.3,,,,,, 17.0.0,,, 17.1.0,,,

Fixed In:
17.1.1, 16.1.4, 15.1.10

Opened: Nov 17, 2022

Severity: 3-Major


The method used by ASM enforcer to serialize an OpenAPI object configured with "style:form", "explode:true", and "type:object" is not functioning as expected.


The violation "JSON data does not comply with JSON schema" is raised due to the repeated parameters from the query string with "array" configuration.


Repeated occurrences of parameter names in the query string with "type:object/explode:true/style:form" configured OpenAPI file.



Fix Information

The enforcer serializes the OpenAPI object correctly, no violation reported. Note: In case of single occurrence of a parameter name in query string, it will be handled as a primitive (non-array) type.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips