Direct links to fixes
APAR status
Closed as program error.
Error description
reload4j was introduced in Process Federation Server as a mitigation of several log4j 1.x issues in JR64565. This APAR remove reload4j from Process Federation Server in order to avoid the risk of any future discovery of log4j 1.x vulnerabilities that would also apply to reload4j. PRODUCTS AFFECTED IBM Business Automation Workflow IBM Business Process Manager
Local fix
Problem summary
No additional information is available.
Problem conclusion
A fix is available or will be available that remove all reload4j libraries from Process Federation Server. Note that the removal of log4j 1.x compatible libraries has the following impact when running IBM Process Federation Server with the embedded Elasticsearch node topology: 1. Elasticsearch logs are no longer output in the elasticsearch/logs directory of the federation server, but are now directly output in the logs/messages.log and logs/traces.log files of the federation server. 2. To enable traces on the Elasticsearch nodes, add "org.elasticsearch.*=all" to the trace specification in Process Federation Server configuration file server.xml 3. As the Sigar subcomponent of Elasticsearch has not anymore access to a log4j 1.x implementation, it output its logs directly in the console whatever the log level: some new error output related to Sigar might appear in the Process Federation Server console that can be ignored in the absence of any other error (for example, an error message similar to "org.hyperic.sigar.SigarException: sigar-amd64-winnt.dll (Not found in java.library.path)" will appear at startup and can be ignored. Before the removal of log4j 1.x libraries, this message was not output because it is a debug level log that can be safely ignored in the absence of any other issue). Sigar can be disabled by adding attribute bootstrap.sigar="false" to the <ibmPfs_elasticsearch> configuration element in server.xml.
Temporary fix
Not applicable.
Comments
APAR Information
APAR number
JR64684
Reported component name
BUS AUTO WORKFL
Reported component ID
5737H4100
Reported release
L00
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2022-03-03
Closed date
2022-04-20
Last modified date
2022-04-20
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
BUS AUTO WORKFL
Fixed component ID
5737H4100
Applicable component levels
[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS8JB4","label":"IBM Business Automation Workflow"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"21.0.2"}]
Document Information
Modified date:
21 April 2022