Fix Readme
Abstract
This readme is for IBM Business Automation Workflow on containers 21.0.2 interim fixes released periodically to resolve security vulnerabilities, as well as other defects. It includes information about the CASE package download, installation, and other information about interim fixes for the 21.0.2 release.
Content
| Readme file for | IBM Business Automation Workflow on containers |
|---|---|
| Product release | 21.0.2 |
| Publication date | 28 April 2022 |
Contents
Prerequisites and superseding fixes
Components impacted
Before installation
Installing the interim fix
Performing the necessary tasks after installation
Uninstalling
List of fixes
Document change history
Components impacted
Before installation
Installing the interim fix
Performing the necessary tasks after installation
Uninstalling
List of fixes
Document change history
Prerequisites and superseding fixes
- Each interim fix typically supersedes all other previous interim fixes shipped for 21.0.2, and complements a simultaneously delivered interim fix for IBM Cloud Pak for Business Automation 21.0.2. Consult the following table for specific relationships.
- Business Automation Workflow on containers delivers container images that include operating system level and other open source libraries. Vulnerabilities (CVEs) for these libraries are published regularly. These interim fixes include fixes for these libraries. Consult the superseded and related Cloud Pak for Business Automation 21.0.2 readmes for specific information about vulnerabilities and other defects that have been addressed.
Business Automation Workflow on containers interim fixes
| Interim fix name | Superseded interim fix names | CASE package | Complementary Cloud Pak for Business Automation interim fix name | Released |
| 21.0.2 IF012 | All previous interim fixes listed in this table | ibm-cs-bawautomation-2.1.20.tgz | 2102-IF012 | June 2022 |
| 21.0.2 IF011 | All previous interim fixes listed in this table | ibm-cs-bawautomation-2.1.19.tgz | 2102-IF011 | May 2022 |
| 21.0.2 IF010 | All previous interim fixes listed in this table | ibm-cs-bawautomation-2.1.18.tgz | 2102-IF010 |
April
2022
|
| 21.0.2 IF009 | All previous interim fixes listed in this table | ibm-cs-bawautomation-2.1.17.tgz | 21.0.2 IF009 | March 2022 |
| 21.0.2 IF008 | All previous interim fixes listed in this table | ibm-cs-bawautomation-2.1.16.tgz | 21.0.2 IF008 | February 2022 |
| 21.0.2 IF007 | All previous interim fixes listed in this table | ibm-cs-bawautomation-2.1.15.tgz | 21.0.2 IF007 | January 2022 |
| 21.0.2 IF006 | All previous interim fixes listed in this table | ibm-cs-bawautomation-2.1.13.tgz | 21.0.2 IF006 | December 2021 |
The previous table is chronologically listed in reverse order, with more recent fixes listed at the top.
Components impacted
Before installation
a. Ensure you back up all databases associated with the environment.
Installing the interim fix
Business Automation Workflow 21.0.2 interim fixes are released to the 21.2 operator channel. If your environment has access to the IBM entitled registry and has an automatic 21.2 channel subscription then enterprise installations are upgraded automatically. This upgrade usually occurs when the interim fix is released. After the operator is upgraded, rolling updates for all the pods the operator manages are triggered to ensure they are updated to the appropriate version that matches the operator.
Important: Using individual image tag settings in your BAW custom resource (CR) file could prevent the operator from updating the images to the appropriate version. When you upgrade, ensure you remove these settings for an enterprise installation.
Use the CASE package that is associated with the interim fix being applied. It is typically recommended that the latest interim fix be applied. To identify the appropriate CASE package, as well as the links to obtain each package, see the table under Prerequisites and superseding fixes.
Depending on the current setup and state of your existing environment, various manual actions might be required. The following scenarios cover what actions might be needed for a particular setup.
-
Scenario 1: You are using a demo installation.Actions: Demo environments do not support upgrades. Although you can use the interim fix content, install a new demo environment and use the CASE package from this interim fix.
- Scenario 2: Your installation is a version before 21.0.2.
Actions: If you are using a version earlier than 21.0.2, you must upgrade first. To upgrade your environment, follow the Upgrading automation containers instructions.
When you perform the upgrade, you can substitute the CASE package from this interim fix for the 21.0.2 CASE package while you follow the instructions. -
Scenario 3: You are using an air-gapped environment.Actions: To upgrade a 21.0.2 air-gapped environment, you must first mirror all the new images to your internal registry. Follow the steps in Setting up a mirror image registry, although be sure to use the CASE package from this interim fix.
After the images are mirrored, the automatic channel subscription completes the upgrade. -
Scenario 4: Your 21.2 channel subscription is set to manual.Actions: If your channel subscription is set to manual, you must approve all operator upgrades.
a. Select the Cloud Pak for Business Automation operator from the OCP web console under Operators > Installed Operators.
b. Go to the Subscription tab for the operator.
c. Trigger the operator update.
After the operator is updated, the upgrade of the other Cloud Pak for Business Automation images is triggered.
Performing the necessary tasks after installation
a. Review the installation
Review the CR yaml status section and operator logs after the upgrade to ensure no failures prevented your pods from upgrading.
oc get icp4acluster -o yaml > CP4BAconfig.yaml
oc logs deployment/ibm-cp4a-operator -c operator > operator.log
To verify the expected image digest for a particular image, review the
ibm-cs-bawautomation\inventory\cp4aOperatorSdk\resources.yaml file in the CASE package. This file has a listing of the images managed by the Cloud Pak for Business Automation operator and their expected digest for this particular interim fix level.Uninstalling
There is no procedure to uninstall the interim fix.
List of fixes
The following APARs are specific to Business Automation Workflow on containers. Depending on what components and capabilities you have installed and configured, additional fix information might apply to you. See the "List of Fixes" in the readmes linked under Complementary Cloud Pak for Business Automation interim fixes in the Prerequisites and superseding fixes section of this document. The following fixes are also listed in those readmes, but they are listed here as a convenience.
Fixes that involve security are indicated with an X mark.
Business Automation Workflow
21.0.2IF012
21.0.2IF011
| APAR | Security APAR | Behavior change | Title |
|---|---|---|---|
| JR64596 | X | SECURITY APAR - CVE-2022-22361 - CROSS SITE REQUEST FORGERY VULNERABILITY IN PROCESS ADMIN CONSOLE | |
| JR64831 | UPDATING JACKSON-DATABIND IN BPM EVENT EMITTER | ||
| JR64931 | ERROR OCCURS WHEN DEBUGGING A HUMAN SERVICE IN DESKTOP PROCESS DESIGNER INSPECTOR |
| APAR | Security APAR | Behavior change | Title |
|---|---|---|---|
| JR64717 | BUSINESS AUTOMATION WORKFLOW SCIM CALLS FAIL DUE TO INCORRECTLY ENCODED WHITESPACE |
21.0.2IF009
| APAR | Security APAR | Behavior change | Title |
|---|---|---|---|
| N/A | N/A |
21.0.2 IF008
| APAR | Security APAR | Behavior change | Title |
|---|---|---|---|
| JR64556 | X | REMOVE REFERENCE TO LOG4J FROM 21.0.2 AND 21.0.3 | |
| JR64565 | X | MULTIPLE LOG4J VULNERABILITIES IN IBM PROCESS FEDERATION SERVER | |
| JR64417 | TIME VALUES OF A PROCESS INSTANCE ARE SHOWN INCORRECTLY IN THE WORKPLACE INSTANCE DETAILS UI PAGE | ||
| JR64501 | THE HIDDEN DIVS CONTAINING VALIDATION MESSAGES FOR ACCESSIBILITY ARE NOT REMOVED WHEN SETVALID IS CALLED MORE THAN ONCE |
21.0.2 IF007
| APAR | Security APAR | Behavior Change | Title |
|---|---|---|---|
| JR64435 | X | SECURITY APAR - CVE-2021-4104 AND CVE-2021-45046 IN PROCESS FEDERATION SERVER |
21.0.2 IF006
| APAR | Security APAR | Behavior Change | Title |
|---|---|---|---|
| JR63672 | X | SECURITY APAR - CVE-2021-29753 - SERVER PASSWORD REVEALED TO BROWSER | |
| JR63714 | X | SECURITY APAR CVE-2021-29753 - SERVER PASSWORD REVEALED TO BROWSER IN IBM CLOUD PAK FOR BUSINESS AUTOMATION | |
| JR63865 | X | SECURITY APAR - CVE-2021-23017 - SECURITY ISSUE IN NGINX RESOLVER | |
| JR64059 | X | SECURITY APAR - CVE-2021-23017 - SECURITY ISSUE IN NGINX RESOLVER | |
| JR64086 | X | SECURITY APAR CVE-2021-38900 INCORRECT AUTHORIZATION IN PROCESS ADMIN CONSOLE | |
| JR64102 | x | SECURITY APAR CVE-2021-38893 - XSS VULNERABILITY IN PROCESS ADMIN CONSOLE | |
| JR64280 | X | SYNC SETTINGS WINDOW EXPOSES SERVER PASSWORD STORED IN ENVIRONMENT VARIABLES IN IBM PROCESS ADMIN CONSOLE | |
| JR64417 | X | TIME VALUES OF A PROCESS INSTANCE ARE SHOWN INCORRECTLY IN THE WORKPLACE INSTANCE LIST | |
| JR64456 | X | SECURITY APAR - CVE-2021-44228 - LOG4SHELL VULNERABILITY IN PROCESS FEDERATION SERVER | |
| JR63749 | YOU AREN'T ABLE TO ADD MORE THAN 10 VALUES TO A BUSINESS OBJECT PROPERTY ON A CASE THAT IS USING A CUSTOM CSHS VIEW | ||
| JR63841 | PROCESS FEDERATION SERVER FAILS TO CONNECT TO A POSTGRESQL DATABASE REFERENCED BY JDBC_URL IN ICP4BA CR | ||
| JR63859 | YOU DON'T SEE ANY MENU OPTIONS FOR NAVIGATION WHEN YOU CLICK THE HAMBURGER NAVIGATION ICON IN CASE BUILDER | ||
| JR63884 | THE CONTENT MANAGEMENT TOOLKIT DOCUMENT UPLOAD FUNCTION DOES NOT WORK DURING COACH AUTHORING AND TEST | ||
| JR63929 | UNABLE TO CREATE A CASE FEATURES ENABLED PROJECT IF IT HAS A USER THAT INCLUDES A COMMA IN THE USER PRINCIPAL NAME | ||
| JR63953 | YOU MIGHT FIND IMAGE PULL ERROR WHEN YOU DEPLOY BUSINESS AUTOMATION WORKFLOW USING THE FORM UI | ||
| JR63960 | MULTIPLE ADD REQUESTS ARE MADE RESULTING WITH MULTIPLE CASES WHEN YOU CLICK THE ADD CASE BUTTON MULTIPLE TIMES | ||
| JR63974 | YOU MIGHT RECEIVE CONTENT SECURITY POLICY ERROR WHEN YOU OPEN TASKS ON PORTAL AFTER UPGRADING | ||
| JR63963 | THE DEPLOYED PODS CRASHED WITH SEGMENTATION ERROR | ||
| JR64038 | UNABLE TO CREATE WORKSTREAMS IN IBM WORKPLACE | ||
| JR64029 | YOU MAY TERMINATE MORE INSTANCES THAN WHAT IS DISPLAYED IN THE SEARCH RESULT IN PROCESS ADMIN CONSOLE PROCESS INSPECTOR | ||
| JR64104 | WALKME MENU IS NOT AVAILABLE FOR TRIAL TENANTS IN IBM BUSINESS AUTOMATION STUDIO | ||
| JR64165 | YOU SEE CMISRUNTIMEEXCEPTION WHEN THE CASE REPOSITORY FOR DOCUMENT EXPLORER HAS DIFFERENT VALUES FOR ID AND NAME | ||
| JR64271 | RESOURCE REGISTRY DBA-RR PODS IN ERROR STATE AND CANNOT BE RECOVERED BY OPERATOR | ||
| JR64321 | PFS-DBAREG POD IS NOT IN RUNNING STATE | ||
| JR64326 | WHEN COPYING ASSETS IN A CLIENT SIDE HUMAN SERVICE IN IBM PROCESS DESIGNER, THE COPY FAILS AND THE ASSET IS ROLLED BACK | ||
| JR64343 | AUTHORIZATION FAILURE WHILE DEBUGGING IN WEB PROCESS DESIGNER | ||
| JR64350 | MOVING OR COPYING AN ARTIFACT FROM ONE PROJECT TO ANOTHER FAILS DUE TO CIRCULAR DEPENDENCY ERROR | ||
| JR64360 | NOTIFICATION MESSAGE IS DISPLAYED IN UNICODE CHARACTERS | ||
| JR64394 | UPDATE APACHE LOG4J 2.X IN CASE MANAGEMENT COMPONENTS |
Document change history
[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS8JB4","label":"IBM Business Automation Workflow"},"ARM Category":[{"code":"a8m50000000CcWOAA0","label":"Security"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Type":"MASTER"}]
Was this topic helpful?
Document Information
Modified date:
30 June 2022
UID
ibm16574031