Download
Downloadable File
File link | File size | File description |
---|---|---|
Abstract
The JSTL <x:transform> tag emits an "java.lang.IllegalArgumentException: TransformerFactory does not recognise attribute http://javax.xml.XMLConstants/property/accessExternalSchema" error. Also, the wlp/bin/productInfo -validate command emits an error.
Download Description
![image-20240501190904-1](/support/pages/system/files/inline-images/image-20240501190904-1.png)
![image-20240501190904-1](/support/pages/system/files/inline-images/image-20240501190904-1.png)
The fixes on this page supersede the Liberty fixes for APAR PH59682:IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354 CVSS 7.0). The links to the Liberty fixes for PH59682 are removed from that page. To resolve PH59682 in Liberty, you must install the fixes for PH61042 that are linked on this page.
PH61042 resolves the following problem:
ERROR DESCRIPTION:
ERROR DESCRIPTION:
The JSTL <x:transform> tag emits the following error:
java.lang.IllegalArgumentException: TransformerFactory does not recognise attribute http://javax.xml.XMLConstants/property/accessExternalSchema |
Also, the wlp/bin/productInfo -validate command fails with the following error:
The following fixes must be reapplied: [24003-wlp-archive-IFPH59682] |
![image-20240501190522-1](/support/pages/system/files/inline-images/image-20240501190522-1.png)
USERS AFFECTED:
All users of IBM WebSphere Application Server Liberty Core
The JSTL
If you have a fix for PH59682 installed, uninstall it before installing a fix for PH61042. This action is required to resolve the error in wlp/bin/productInfo -validate.
The fix for this APAR is targeted for inclusion in fix pack 24.0.0.5. For more information, see Recommended Updates for WebSphere Application Server: https://www.ibm.com/support/pages/node/715553
Prerequisites
None
Download Package
IMPORTANT NOTE:
|
WebSphere Application Server and Liberty fix access requires S&S Entitlement beginning in 2021. Use properly registered IDs to download the fixes in this table.
Signature file is provided along with interim fix. See Verifying WebSphere Application Server release packages and Verifying Liberty release packages. |
DOWNLOAD | RELEASE DATE | SIZE(Bytes) |
URL |
---|---|---|---|
24003-wlp-archive-IFPH61042 | 01 May 2024 | 5864295 | FC |
24004-wlp-archive-IFPH61042 | 01 May 2024 | 5865779 | FC |
230012-wlp-archive-IFPH61042 | 01 May 2024 | 5623088 | FC |
23.0.0.12-WS-WLP-IFPH61042 | 01 May 2024 | 5683541 | FC |
24.0.0.3-WS-WLP-IFPH61042 | 01 May 2024 | 5923818 | FC |
24.0.0.4-WS-WLP-IFPH61042 | 01 May 2024 | 5925299 | FC |
24.0.0.5-WS-WLP-IFPH61042 | 20 May 2024 | 3277900 | FC |
24005-wlp-archive-IFPH61042 | 20 May 2024 | 3216665 | FC |
Note: FC stands for Fix Central. Review the What is Fix Central (FC)? FAQs for more details.
Problems Solved
PH61042
Change History
20 May 2024 : Add fixes for fix pack 24.0.0.5.
On
Technical Support
Contact IBM Support at https://www.ibm.com/mysupport/ or 1-800-IBM-SERV (US only).
Document Location
Worldwide
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Component":"General","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF017","label":"Mac OS"},{"code":"PF033","label":"Windows"},{"code":"PF014","label":"iOS"},{"code":"PF035","label":"z\/OS"}],"Version":"23.0.0.12;24.0.0.3;24.0.0.4","Edition":"Base","Line of Business":{"code":"LOB67","label":"IT Automation \u0026 App Modernization"}}]
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
03 July 2024
UID
ibm17150038