Fixes are available
Operational Decision Manager V8.10.2.0: Interim Fix 3
IBM Operational Decision Manager V8.10.3 Download Document
IBM Operational Decision Manager V8.10.3 Mod Pack
Operational Decision Manager for z/OS 8.10.3 Mod Pack
Operational Decision Manager V8.10.2.0: Interim Fix 14
IBM Operational Decision Manager V8.10.4 Mod Pack
Operational Decision Manager V8.9.2.2: Interim Fix 11 for Decision Server
APAR status
Closed as program error.
Error description
The addLibrary method of the RES' management REST API has an inappropriate and/or dangerous behaviour in the following cases: - the content of the library that is intended to be added is invalid (spaces, special characters, ...) - the content of the library that is intended to be added references the same element multiple times To check the behaviour, one can call the REST API in the RES console , and head to use the addLibrary method (defined as a POST method to the /libraries/{libraryname}/{libraryversion} enpoint). What needs to be corrected ? [1] passing an invalid uris list in the Request Body, such as ' ' (only spaces) or '$$$$', or 'abc'. -> the response has a body containing only 'null' and an exception is logged in the server log. => We should make a proper REST API error response. [2] passing a list of uris that contain duplicate entries (with or without same version) -> the library is never created and all existing referenced XOM resources are deleted from the RES (but it doesn't affect referenced libraries). For example, if you put 'resuri://myXom.jar/1.0,resuri://myXom.jar/2.0,resuri://otherXom .jar/1.0'. , it wil delete resource myXom.jar/1.0 if it exists and delete resource myXom.jar/2.0 if it exists and delete resource otherXom.jar/1.0 if it exists. Behaviour should change to: - we stop deleting any resources, we never delete anything when trying to create a library - in case we're having a duplicate : * if both are unversioned, we do as if there was only one, we create the library, and raise no error * if both are versioned: -> if they have the same version, we do as if there was only one, we create the library, and raise no error -> if they don't have the same version, we do not create the library , and raise an error (we cannot pick one up arbitrarily) * if one is versioned and not the other: we do not create the library , and raise an error (we cannot pick one up arbitrarily - at some point in time, both can be equivalent, but it can change anytime)
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * * Users using Rule Execution Server management REST API. * **************************************************************** * PROBLEM DESCRIPTION: * * The addLibrary method of the RES' management REST API has an * * inappropriate and/or dangerous behaviour in the following * * cases: * * - the content of the library that is intended to be added is * * invalid (spaces, special characters, ...) * * - the content of the library that is intended to be added * * references the same element multiple times * **************************************************************** * RECOMMENDATION: * ****************************************************************
Problem conclusion
The code is fixed.
Temporary fix
Comments
APAR Information
APAR number
RS03464
Reported component name
WDS FOR RULES
Reported component ID
5725B6903
Reported release
8A0
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2019-09-16
Closed date
2019-09-17
Last modified date
2019-09-17
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WDS FOR RULES
Fixed component ID
5725B6903
Applicable component levels
R8A0 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSQP76","label":"IBM Operational Decision Manager"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8A0","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
17 February 2022