Fix Readme
Abstract
The following document is the documentation for IBM Business Automation Workflow on Container 21.0.2 IF006.
It includes the CASE package download, installation information, and the list of APARs that are resolved in this interim fix.
Content
| Readme file for: | IBM Business Automation Workflow on Container |
|---|---|
| Product Release: | 21.0.2 |
| Update Name: | 21.0.2 IF006 |
| Fix ID: | 21.0.2-WS-CP4BA-BAW-IF006 |
| Publication Date: | 16 December 2021 |
| Last modified date: | 19 December 2021 |
Contents
Prerequisites and supersedes
Components impacted
Before installation
Installing the interim fix
Performing the necessary tasks after installation
Uninstalling
List of fixes
Known Limitations
Document change history
Components impacted
Before installation
Installing the interim fix
Performing the necessary tasks after installation
Uninstalling
List of fixes
Known Limitations
Document change history
Prerequisites and supersedes
- This fix does not supersede any previous interim fixes, as there were none shipped. It is labeled IF006 (interim fix 6) to align with CP4BA 21.0.2 IF006 which is shipping simultaneously.
Components impacted
Before installation
Ensure you take regular backups of any databases associated with the environment.
Installing the interim fix
Business Automation Workflow 21.0.2 interim fixes are released to the v21.2 operator channel. If your environment has access to IBM entitled registry and has an automatic v21.2 channel subscription then enterprise installations are upgraded automatically. This upgrade generally occurs when the interim fix is released. Once the operator is upgraded, it triggers rolling updates for all the pods it manages to ensure they are updated to the appropriate version to match the operator.
Important: If you used any individual image tag settings in your CP4BA CR, it could prevent the operator from updating the images to the appropriate version. Ensure you remove any of these settings for an enterprise installation when you upgrade.
The CASE package associated with this interim fix is ibm-cs-bawautomation-2.1.12.tgz.
Depending on the current setup and state of your existing environment, there are various manual actions that might be required. The following scenarios cover what actions might be needed for a particular setup.
-
Scenario 1: You are using a demo installation.Actions: Demo environments do not support upgrades. Although you can use the interim fix content, install a new demo environment and use the CASE package from this interim fix.
- Scenario 2: Your installation is a version before 21.0.2.
Actions: If you are using a version before 21.0.2, then you must upgrade first. To upgrade your environment, follow the "Upgrading automation containers" instructions.
When you perform the upgrade, you can substitute the CASE package from this interim fix for the 21.0.2 CASE package while you follow the instructions. -
Scenario 3: You are using an air gapped environment.Actions: To upgrade a 21.0.2 air gapped environment, you must first mirror all the new images to your internal registry. Follow the steps in "Setting up a mirror image registry" although be sure to use the CASE package from this interim fix.
Once the images are mirrored, the automatic channel subscription completes the upgrade. -
Scenario 4: Your v21.2 channel subscription is set to manual.Actions: If your channel subscription is set to manual, then you must approve any operator upgrades.
a. Select the CP4BA operator from the OCP web console under Operators>Installed Operators.
b. Go to the subscription tab for the operator.
c. Trigger the operator update.
Once the operator is updated, it triggers the upgrade of the other CP4BA images.
Performing the necessary tasks after installation
Review the installation
It is recommended that you review the CR yaml status section and operator logs after the upgrade to ensure there are no failures preventing your pods from upgrading.
oc get icp4acluster -o yaml > CP4BAconfig.yaml
oc logs deployment/ibm-cp4a-operator -c operator > operator.log
If you are interested in verifying the expected image digest for a particular image, then you can review the
ibm-cp-automation\inventory\cp4aOperatorSdk\resources.yaml file in the CASE package. This file has a listing of the images managed by the CP4BA operator and their expected digest for this particular interim fix level.Uninstalling
There is no procedure to uninstall the interim fix.
List of Fixes
The following tables list APARs specific to Business Automation Workflow on Containers. Depending on what components and capabilities you have installed and configured, additional fix information may apply to you. See the "List of Fixes" in Readme for Cloud Pak for Business Automation 21.0.2 IF006.
Fixes that involve security are indicated with a 'X' mark.
General
| APAR | Security APAR | Behavior Change | Title |
|---|---|---|---|
| X |
Business Automation Workflow on Containers delivers container images that include operating system level and other open source libraries. Vulnerabilities (CVEs) for these libraries are published regularly.
This interim fix includes fixes for these libraries to address:
CVE-2021-44228
Consult the Cloud Pak for Business Automation 21.0.2 IF006 Readme for additional vulnerabilities that have been addressed. See Related links section at the bottom of this document.
|
Business Automation Workflow
/
16 December 2021: Initial publish.
19 December 2021: Added JR64394 to fix list
| APAR | Security APAR | Behavior Change | Title |
|---|---|---|---|
| JR63672 | X | SECURITY APAR - CVE-2021-29753 - SERVER PASSWORD REVEALED TO BROWSER | |
| JR63714 | X | SECURITY APAR CVE-2021-29753 - SERVER PASSWORD REVEALED TO BROWSER IN IBM CLOUD PAK FOR BUSINESS AUTOMATION | |
| JR63803 | X | SECURITY APAR CVE-2021-29835 - IBM BUSINESS AUTOMATION WORKFLOW IS VULNERABLE TO REFLECTED CROSS-SITE SCRIPTING | |
| JR63865 | X | SECURITY APAR - CVE-2021-23017 - SECURITY ISSUE IN NGINX RESOLVER | |
| JR64059 | X | SECURITY APAR - CVE-2021-23017 - SECURITY ISSUE IN NGINX RESOLVER | |
| JR64086 | X | SECURITY APAR CVE-2021-38900 INCORRECT AUTHORIZATION IN PROCESS ADMIN CONSOLE | |
| JR64102 | x | SECURITY APAR CVE-2021-38893 - XSS VULNERABILITY IN PROCESS ADMIN CONSOLE | |
| JR64280 | X | SYNC SETTINGS WINDOW EXPOSES SERVER PASSWORD STORED IN ENVIRONMENT VARIABLES IN IBM PROCESS ADMIN CONSOLE | |
| JR64417 | X | TIME VALUES OF A PROCESS INSTANCE ARE SHOWN INCORRECTLY IN THE WORKPLACE INSTANCE LIST | |
| JR64456 | X | SECURITY APAR - CVE-2021-44228 - LOG4SHELL VULNERABILITY IN PROCESS FEDERATION SERVER | |
| JR63749 | YOU AREN'T ABLE TO ADD MORE THAN 10 VALUES TO A BUSINESS OBJECT PROPERTY ON A CASE THAT IS USING A CUSTOM CSHS VIEW | ||
| JR63841 | PROCESS FEDERATION SERVER FAILS TO CONNECT TO A POSTGRESQL DATABASE REFERENCED BY JDBC_URL IN ICP4BA CR | ||
| JR63859 | YOU DON'T SEE ANY MENU OPTIONS FOR NAVIGATION WHEN YOU CLICK THE HAMBURGER NAVIGATION ICON IN CASE BUILDER | ||
| JR63884 | THE CONTENT MANAGEMENT TOOLKIT DOCUMENT UPLOAD FUNCTION DOES NOT WORK DURING COACH AUTHORING AND TEST | ||
| JR63929 | UNABLE TO CREATE A CASE FEATURES ENABLED PROJECT IF IT HAS A USER THAT INCLUDES A COMMA IN THE USER PRINCIPAL NAME | ||
| JR63953 | YOU MIGHT FIND IMAGE PULL ERROR WHEN YOU DEPLOY BUSINESS AUTOMATION WORKFLOW USING THE FORM UI | ||
| JR63960 | MULTIPLE ADD REQUESTS ARE MADE RESULTING WITH MULTIPLE CASES WHEN YOU CLICK THE ADD CASE BUTTON MULTIPLE TIMES | ||
| JR63974 | YOU MIGHT RECEIVE CONTENT SECURITY POLICY ERROR WHEN YOU OPEN TASKS ON PORTAL AFTER UPGRADING | ||
| JR63963 | THE DEPLOYED PODS CRASHED WITH SEGMENTATION ERROR | ||
| JR64038 | UNABLE TO CREATE WORKSTREAMS IN IBM WORKPLACE | ||
| JR64029 | YOU MAY TERMINATE MORE INSTANCES THAN WHAT IS DISPLAYED IN THE SEARCH RESULT IN PROCESS ADMIN CONSOLE PROCESS INSPECTOR | ||
| JR64104 | WALKME MENU IS NOT AVAILABLE FOR TRIAL TENANTS IN IBM BUSINESS AUTOMATION STUDIO | ||
| JR64165 | YOU SEE CMISRUNTIMEEXCEPTION WHEN THE CASE REPOSITORY FOR DOCUMENT EXPLORER HAS DIFFERENT VALUES FOR ID AND NAME | ||
| JR64271 | RESOURCE REGISTRY DBA-RR PODS IN ERROR STATE AND CANNOT BE RECOVERED BY OPERATOR | ||
| JR64321 | PFS-DBAREG POD IS NOT IN RUNNING STATE | ||
| JR64326 | WHEN COPYING ASSETS IN A CLIENT SIDE HUMAN SERVICE IN IBM PROCESS DESIGNER, THE COPY FAILS AND THE ASSET IS ROLLED BACK | ||
| JR64343 | AUTHORIZATION FAILURE WHILE DEBUGGING IN WEB PROCESS DESIGNER | ||
| JR64350 | MOVING OR COPYING AN ARTIFACT FROM ONE PROJECT TO ANOTHER FAILS DUE TO CIRCULAR DEPENDENCY ERROR | ||
| JR64360 | NOTIFICATION MESSAGE IS DISPLAYED IN UNICODE CHARACTERS | ||
| JR64394 | UPDATE APACHE LOG4J 2.X IN CASE MANAGEMENT COMPONENTS |
Document change history
Related Information
[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS8JB4","label":"IBM Business Automation Workflow"},"ARM Category":[{"code":"a8m50000000CcWOAA0","label":"Security"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Type":"MASTER"}]
Was this topic helpful?
Document Information
Modified date:
20 December 2021
UID
ibm16526316