Fix Readme
Abstract
The following document is for IBM Cloud Pak for Business Automation 21.0.2 IF006. It includes the CASE package download, installation information, and the list of APARs that are resolved in this interim fix.
Content
Readme file for: | IBM Cloud Pak® for Business Automation |
---|---|
Product Release: | 21.0.2 |
Update Name: | 21.0.2 IF006 |
Fix ID: | 21.0.2-WS-CP4BA-IF006 |
Publication Date: | 16 December 2021 |
Last modified date: | 21 March 2022 |
Contents
Components impacted
Before installation
Installing the interim fix
Performing the necessary tasks after installation
Uninstalling
List of fixes
Known Limitations
Document change history
Prerequisites and supersedes
- Supersedes all prior interim fixes for CP4BA 21.0.2.
Components impacted
- General
- Cloud Pak for Business Automation Operator
- Automation Document Processing
- Automation Decision Services
- Business Automation Application
- Business Automation Insights
- Business Automation Navigator
- Business Automation Studio
- Business Automation Workflow including Automation Workstream Services
- Enterprise Records
- FileNet Content Manager
- Operational Decision Management
- User Management Service
Before installation
Installing the interim fix
Depending on the current setup and state of your existing environment, there are various manual actions that might be required. The following scenarios cover what actions might be needed for a particular setup.
-
Scenario 1: You are using a demo installation.Actions: Demo environments do not support upgrades. Although you can use the interim fix content, install a new demo environment and use the CASE package from this interim fix.
- Scenario 2: Your installation is version 21.0.1.x or earlier.
Actions: If you are using a version before 21.0.2, then you must upgrade first. To upgrade your environment, follow the "Upgrading automation containers" instructions.
When you perform the upgrade, you can substitute the CASE package from this interim fix for the 21.0.2 CASE package while you follow the instructions. -
Scenario 3: You are using an air gapped environment.Actions: To upgrade a 21.0.2 air gapped environment, you must first mirror all the new images to your internal registry. Follow the steps in "Setting up a mirror image registry" although be sure to use the CASE package from this interim fix.
Once the images are mirrored, the automatic channel subscription completes the upgrade. -
Scenario 4: Your v21.2 channel subscription is set to manual.Actions: If your channel subscription is set to manual, then you must approve any operator upgrades.
a. Select the CP4BA operator from the OCP web console under Operators>Installed Operators.
b. Go to the subscription tab for the operator.
c. Trigger the operator update.
Once the operator is updated, it triggers the upgrade of the other CP4BA images.
Performing the necessary tasks after installation
- Required when using Business Automation Insights
You must update the IBM Automation Foundation operators to the v1.3 channel to ensure Business Automation Insights can be updated and continue to work and to address log4j vulnerability (CVE-2021-44228) for all IBM Automation Foundation components. For more information on how to upgrade channels, see the Upgrade the IBM Automation Foundation Core and IBM Automation Foundation subscriptions to the v1.1 channel section.
-
Review the installationIt is recommended that you review the CR yaml status section and operator logs after the upgrade to ensure there are no failures preventing your pods from upgrading.
oc get icp4acluster -o yaml > CP4BAconfig.yaml oc logs deployment/ibm-cp4a-operator -c operator > operator.log
If you are interested in verifying the expected image digest for a particular image, then you can review theibm-cp-automation\inventory\cp4aOperatorSdk\resources.yaml
file in the CASE package. This file has a listing of the images managed by the CP4BA operator and their expected digest for this particular interim fix level. - Required when using Workflow Process Service
- Follow the step 2 of section "3. Running your environment" in Installing Workflow Process Service to log in to the entitled registry with your entitlement key.
- Back up your database backup, docker-compose.yml and folder for docker volumes “production_workflow_runtime_data” and “production_workflow_runtime_logs”.
- (Optional) Push the images to your docker registry. Log in to your docker registry, and push the docker images into your docker registry using the following commands:
docker login <server> docker tag cp.icr.io/cp/cp4a/workflow-ps/workflow-ps-server:21.0.2-IF006 <server>/workflow-ps-server:21.0.2-IF006 docker tag cp.icr.io/cp/cp4a/workflow-ps/workflow-ps-authoring:21.0.2-IF006 <server>/workflow-ps-authoring:21.0.2-IF006 docker push <server>/workflow-ps-server:21.0.2-IF006 docker push <server>/workflow-ps-authoring:21.0.2-IF006
- Run
docker-compose down
command to stop the Workflow Process Server container. - Update the image url's tags in docker-compose.yml.
<server>/workflow-ps-server:21.0.2-IF006 <server>/workflow-ps-authoring:21.0.2-IF006
- Run
docker-compose up
command to start the Workflow Process Server container
For more detail on Workflow Process Service refer to Installing Workflow Process Service . - Required when using Operational Decision Manager
You must update your Rule Designer:
- Open Eclipse
- Open menu Help > Check for Updates
- select IBM Operational Decision Manager for Developers v8.10.x - Rule Designer 8.10.5.1
- Proceed with installation.
Uninstalling
List of Fixes
Column title | Column description |
APAR | The defect number |
Title | A short description of the defect |
Sec. | A mark indicates a defect related to security |
Cont. | A mark indicates a defect specific to the Cloud Pak integration of the component |
B.I. | A mark indicates the fix has a business impact. Details are found in the title column or the APAR document |
- General
- Cloud Pak for Business Automation Operator
- Automation Document Processing
- Automation Decision Services
- Business Automation Application
- Business Automation Insights
- Business Automation Navigator
- Business Automation Studio
- Business Automation Workflow including Automation Workstream Services
- Enterprise Records
- FileNet Content Manager
- Operational Decision Management
- User Management Service
APAR | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
N/A |
Cloud Pak for Business Automation delivers container images that include operating system level and other open source libraries. Vulnerabilities (CVEs) for these libraries are published regularly.
This interim fix includes fixes for these libraries to address:
CVE-2018-16869, CVE-2018-20845, CVE-2018-20847, CVE-2018-25009, CVE-2018-25010, CVE-2018-25012, CVE-2018-25013, CVE-2018-25014, CVE-2018-5727, CVE-2018-5785, CVE-2019-12973, CVE-2019-13750, CVE-2019-13751, CVE-2019-18218, CVE-2019-5827, CVE-2020-10001, CVE-2020-13529, CVE-2020-13558, CVE-2020-15389, CVE-2020-18032, CVE-2020-24370, CVE-2020-24870, CVE-2020-27814, CVE-2020-27823, CVE-2020-27824, CVE-2020-27828, CVE-2020-27842, CVE-2020-27843, CVE-2020-27845, CVE-2020-27918, CVE-2020-29623, CVE-2020-36241, CVE-2020-36330, CVE-2020-36331, CVE-2020-36332, CVE-2021-1765, CVE-2021-1788, CVE-2021-1789, CVE-2021-1799, CVE-2021-1801, CVE-2021-1844, CVE-2021-1870, CVE-2021-1871, CVE-2021-20266, CVE-2021-20270, CVE-2021-20271, CVE-2021-20325, CVE-2021-21685, CVE-2021-21686, CVE-2021-21687, CVE-2021-21688, CVE-2021-21689, CVE-2021-21690, CVE-2021-21691, CVE-2021-21692, CVE-2021-21693, CVE-2021-21694, CVE-2021-21695, CVE-2021-21696, CVE-2021-21697, CVE-2021-21775, CVE-2021-21779, CVE-2021-21806, CVE-2021-26926, CVE-2021-26927, CVE-2021-27291, CVE-2021-28650, CVE-2021-30663, CVE-2021-30665, CVE-2021-30682, CVE-2021-30689, CVE-2021-30720, CVE-2021-30734, CVE-2021-30744, CVE-2021-30749, CVE-2021-30758, CVE-2021-30795, CVE-2021-30797, CVE-2021-30799, CVE-2021-31535, CVE-2021-3200, CVE-2021-3272, CVE-2021-33813, CVE-2021-33928, CVE-2021-33929, CVE-2021-33930, CVE-2021-33938, CVE-2021-3421, CVE-2021-3445, CVE-2021-3572, CVE-2021-3575, CVE-2021-3778, CVE-2021-3796, CVE-2021-42574, CVE-2021-43527, GHSA-xx4c-jj58-r7x6, CVE-2021-44228
Previous interim fixes will have included fixes which are also addressed with this interim fix. Consult the Related links section for readmes of previous interim fixes, at the bottom of this document.
|
X | X |
APAR | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
N/A |
N/A
|
APAR | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
N/A | N/A |
APAR | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
N/A | N/A |
APAR | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
N/A | N/A |
APAR | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
N/A | N/A |
APAR | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
IO28642 |
NO UPDATED VERSION OF CMOD CLIENT LIBRARY IN ICN CONTAINER IMAGE
|
X | X |
APAR | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
JR64420 | BAS HTTP HOST HEADER CAN BE CONTROLLED BY AN ATTACKER | X |
APAR | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
JR63672 | SECURITY APAR - CVE-2021-29753 - SERVER PASSWORD REVEALED TO BROWSER | X | ||
JR63714 | SECURITY APAR CVE-2021-29753 - SERVER PASSWORD REVEALED TO BROWSER IN IBM CLOUD PAK FOR BUSINESS AUTOMATION | X | ||
JR64086 | SECURITY APAR CVE-2021-38900 INCORRECT AUTHORIZATION IN PROCESS ADMIN CONSOLE | X | ||
JR64102 | SECURITY APAR CVE-2021-38893 - XSS VULNERABILITY IN PROCESS ADMIN CONSOLE | X | ||
JR64280 | SECURITY APAR CVE-2021-39046 STORES USER CREDENTIALS IN PLAIN CLEAR TEXT WHICH CAN BE READ BY A PRIVILEGED USER | X | ||
JR64456 | SECURITY APAR - CVE-2021-44228 - LOG4SHELL VULNERABILITY IN PROCESS FEDERATION SERVER | X | X | |
JR64029 | YOU MAY TERMINATE MORE INSTANCES THAN WHAT IS DISPLAYED IN THE SEARCH RESULT IN PROCESS ADMIN CONSOLE PROCESS INSPECTOR | X | ||
JR64326 | WHEN COPYING ASSETS IN A CLIENT SIDE HUMAN SERVICE IN IBM PROCESS DESIGNER, THE COPY FAILS AND THE ASSET IS ROLLED BACK | |||
JR64219 | YOU SEE A WARNING MESSAGE WHEN YOU TRY TO INSTALL IBM CLOUD PAK FOR BUSINESS AUTOMATION 21.0.2 | |||
JR64343 | AUTHORIZATION FAILURE WHILE DEBUGGING IN WEB PROCESS DESIGNER | |||
JR64350 | MOVING OR COPYING AN ARTIFACT FROM ONE PROJECT TO ANOTHER FAILS DUE TO CIRCULAR DEPENDENCY ERROR | |||
JR64360 | NOTIFICATION MESSAGE IS DISPLAYED IN UNICODE CHARACTERS | |||
JR64394 | UPDATE APACHE LOG4J 2.X IN CASE MANAGEMENT COMPONENTS |
APAR | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
N/A
|
N/A
|
APAR | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
N/A | N/A |
APAR | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
RS03874 | CVE-2021-44228 LOG4J VULNERABILITY | X |
APAR | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
N/A | N/A |
Known Limitations
Document change history
Related Information
[Supersedes 21.0.2-IF005] Readme for Cloud Pak for Business Automation 21.0.2 I…
[Supersedes 21.0.2-IF004] Readme for Cloud Pak for Business Automation 21.0.2 I…
[Supersedes 21.0.2-IF003] Readme for Cloud Pak for Business Automation 21.0.2 I…
[Supersedes 21.0.2-IF002] Readme for Cloud Pak for Business Automation 21.0.2 I…
[Supersedes 21.0.2-IF001] Readme for Cloud Pak for Business Automation 21.0.2 I…
Was this topic helpful?
Document Information
Modified date:
21 March 2022
UID
ibm16524920