Fix Readme
Abstract
This readme is for IBM Business Automation Workflow on containers 21.0.3 interim fixes released periodically to resolve security vulnerabilities, as well as other defects. It includes information about the CASE package download, installation, and other information about interim fixes for the 21.0.3 release.
Content
Readme file for | IBM Business Automation Workflow on containers |
---|---|
Product release | 21.0.3 |
Publication date | 28 April 2022 |
Contents
Prerequisites and superseding fixes
Components impacted
Before installation
Installing the interim fix
Performing the necessary tasks after installation
Uninstalling
List of fixes
Document change history
Components impacted
Before installation
Installing the interim fix
Performing the necessary tasks after installation
Uninstalling
List of fixes
Document change history
Prerequisites and superseding fixes
- Each interim fix typically supersedes all other previous interim fixes shipped for 21.0.3, and compliments a simultaneously delivered interim fix for IBM Cloud Pak for Business Automation 21.0.3. Consult the following table for specific relationships.
- Business Automation Workflow on containers delivers container images that include operating system level and other open source libraries. Vulnerabilities (CVEs) for these libraries are published regularly. These interim fixes include fixes for these libraries. Consult the superseded and related Cloud Pak for Business Automation 21.0.3 Readmes for specific information about vulnerabilities and other defects that have been addressed.
Business Automation Workflow on containers interim fixes
Interim fix name | Superseded interim fix names | CASE package | Complimentary Cloud Pak for Business Automation interim fix name | Released |
21.0.3 IF035 | See note (*) below | ibm-cs-bawautomation-2.2.32.tgz | 21.0.3 IF035 | July 2024 |
21.0.3 IF034 | See note (*) below | ibm-cs-bawautomation-2.2.31.tgz | 21.0.3 IF034 | June 2024 |
21.0.3 IF033 | See note (*) below | ibm-cs-bawautomation-2.2.30.tgz | 21.0.3 IF033 | May 2024 |
21.0.3 IF032 | See note (*) below | ibm-cs-bawautomation-2.2.29.tgz | 21.0.3 IF032 | April 2024 |
21.0.3 IF031 | See note (*) below | ibm-cs-bawautomation-2.2.28.tgz | 21.0.3 IF031 | March 2024 |
21.0.3 IF030 | See note (*) below | ibm-cs-bawautomation-2.2.27.tgz | 21.0.3 IF030 | February 2024 |
21.0.3 IF029 | See note (*) below | ibm-cs-bawautomation-2.2.26.tgz | 21.0.3 IF029 | January 2024 |
21.0.3 IF028 | See note (*) below | ibm-cs-bawautomation-2.2.25.tgz | 21.0.3 IF028 | December 2023 |
21.0.3 IF027 | See note (*) below | ibm-cs-bawautomation-2.2.24.tgz | 21.0.3 IF027 | November 2023 |
21.0.3 IF026 | See note (*) below | ibm-cs-bawautomation-2.2.23.tgz | 21.0.3 IF026 | October 2023 |
21.0.3 IF025 | See note (*) below | ibm-cs-bawautomation-2.2.22.tgz | 21.0.3 IF025 | September 2023 |
21.0.3 IF024 | See note (*) below | ibm-cs-bawautomation-2.2.21.tgz | 21.0.3 IF024 | August 2023 |
21.0.3 IF023 | See note (*) below | ibm-cs-bawautomation-2.2.20.tgz | 21.0.3 IF023 | July 2023 |
21.0.3 IF022 | See note (*) below | ibm-cs-bawautomation-2.2.19.tgz | 21.0.3 IF022 | June 2023 |
21.0.3 IF021 | See note (*) below | ibm-cs-bawautomation-2.2.18.tgz | 21.0.3 IF021 | May 2023 |
21.0.3 IF020 | See note (*) below | ibm-cs-bawautomation-2.2.17.tgz | 21.0.3 IF020 | April 2023 |
21.0.3 IF019 | See note (*) below | ibm-cs-bawautomation-2.2.16.tgz | 21.0.3 IF019 | March 2023 |
21.0.3 IF018 | See note (*) below | ibm-cs-bawautomation-2.2.15.tgz | 21.0.3 IF018 | February 2023 |
21.0.3 IF017 | See note (*) below | ibm-cs-bawautomation-2.2.13.tgz | 21.0.3 IF017 | January 2023 |
21.0.3 IF016 | See note (*) below | ibm-cs-bawautomation-2.2.12.tgz | 21.0.3 IF016 | December 2022 |
21.0.3 IF015 | See note (*) below | ibm-cs-bawautomation-2.2.11.tgz | 21.0.3 IF015 | November 2022 |
21.0.3 IF014 | See note (*) below | ibm-cs-bawautomation-2.2.10.tgz | 21.0.3 IF014 | October 2022 |
21.0.3 IF013 | See note (*) below | ibm-cs-bawautomation-2.2.9.tgz | 21.0.3 IF013 | September 2022 |
21.0.3 IF012 | See note (*) below | ibm-cs-bawautomation-2.2.8.tgz | 21.0.3 IF012 | August 2022 |
21.0.3 IF011 | See note (*) below | ibm-cs-bawautomation-2.2.7.tgz | 21.0.3 IF011 | July 2022 |
21.0.3 IF010 | See note (*) below | ibm-cs-bawautomation-2.2.6.tgz | 21.0.3 IF010 | June 2022 |
21.0.3 IF009 | See note (*) below | ibm-cs-bawautomation-2.2.5.tgz | 21.0.3 IF009 | May 2022 |
21.0.3 IF008 | See note (*) below | ibm-cs-bawautomation-2.2.4.tgz | 21.0.3 IF008 |
April 2022
|
21.0.3 IF007 | See note (*) below | ibm-cs-bawautomation-2.2.3.tgz | 21.0.3 IF007 |
March 2022
|
21.0.3 IF006 | See note (*) below | ibm-cs-bawautomation-2.2.2.tgz | 21.0.3 IF006 | February 2022 |
21.0.3 IF005 | * Note: All previous interim fixes listed in this table | ibm-cs-bawautomation-2.2.1.tgz | 21.0.3 IF005 | January 2022 |
21.0.3 IF002 | None | ibm-cs-bawautomation-2.2.0.tgz | 21.0.3 IF002 | January 2022 |
The previous table is chronologically listed in reverse order, with more recent fixes listed at the top.
Components impacted
Before installation
a. Ensure you back up all databases associated with the environment.
b. Ensure your operators are in a healthy state before upgrading.
If one or more operators are failing, the system might be prevented from completing an upgrade. Check a few of the important custom resource (CR) statuses for failures and to ensure the statuses appear ready for the various installed components.
Check the status of the following CRs when they exist:
oc get icp4acluster -o yaml
Installing the interim fix
Important: Using individual image tag settings in your Business Automation Workflow CR file could prevent the operator from updating the images to the appropriate version. When you upgrade, ensure you remove these settings for a production installation.
Use the CASE package that is associated with the interim fix being applied. It is typically recommended that the latest interim fix be applied. To identify the appropriate CASE package, as well as links to obtain each package, see the table under Prerequisites and superseding fixes.
Business Automation Workflow 21.0.3 interim fixes are released to the v21.3 operator channel. After the operator is upgraded, rolling updates for all the pods the operator manages are triggered to ensure they are updated to the appropriate version that matches the operator.
If your environment has access to the IBM entitled registry and has an automatic v21.3 channel subscription, enterprise installations are upgraded automatically. This upgrade usually occurs when the interim fix is released or when images are mirrored for air-gap setup.
Depending on the current setup and state of your existing environment, various manual actions might be required. The following scenarios cover what actions might be needed for a particular setup.
- Scenario 1: Your installation is version 21.0.2.x or earlier.
Actions: If you are using a version earlier than 21.0.3, you must upgrade first. To upgrade your environment, follow the Upgrading automation containers instructions.
When you perform the upgrade, you can substitute the CASE package from this interim fix for the 21.0.3 CASE package while you follow the instructions. For air-gapped environments, you can use the case save command in step 1 of scenario 3.
Note: If you are using versions that are earlier than 21.0.2, you must incrementally upgrade and follow the instructions for each version between your source version and 21.0.3. - Scenario 2: Your installation is online and 21.0.3.x.
Actions: After these steps are completed, the operators are automatically upgraded.
You can apply the following catalog sources from a command line by creating a YAML file (for example, cp4ba_catalog_sources.yaml) with the following catalog sources and performing "oc apply -f cp4ba_catalog_sources.yaml", or you can apply the catalog sources by using the OCP console.apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: name: ibm-operator-catalog namespace: openshift-marketplace spec: displayName: "IBM Operator Catalog" image: icr.io/cpopen/ibm-operator-catalog publisher: IBM sourceType: grpc updateStrategy: registryPoll: interval: 45m
- Scenario 3: Your installation is air gapped and 21.0.3.x, taking 21.0.3-IF007 as example:
- Set up the environment variables for CASE:
- export CASE_NAME=ibm-cs-bawautomation
- export OFFLINEDIR=/tmp/cp4ba-if007
- export CASE_VERSION=2.2.3
- export CASE_INVENTORY_SETUP=cp4aOperatorSetup
- export CASE_ARCHIVE=${CASE_NAME}/${CASE_VERSION}/${CASE_NAME}-${CASE_VERSION}.tgz
- export CASE_LOCAL_PATH=${OFFLINEDIR}/${CASE_ARCHIVE}
- Download the Cloud Pak archives and image inventory, and put them in the offline store
cloudctl case save \ --case https://github.com/IBM/cloud-pak/raw/master/repo/case/${CASE_ARCHIVE} \ --outputdir ${OFFLINEDIR}
andthen unpack the case file:cd ${OFFLINEDIR} tar -xvzf ${CASE_ARCHIVE} cd cert-kubernetes
- Mirror images to trigger the operator upgrades.
- Mirror the entitled registry images to the local registry by completing the same steps you followed during installation. For more information, see Mirroring images to the private registry.
Important: Ensure you use the CASE image outputdir (/tmp/cp4ba-if007) from step 1. - If you have subscriptions set to manual, you must approve all the pending operator updates.
Important: Do not set subscriptions to manual because it can make the the upgrade more error prone if some of the many operator updates are not approved. By default all subscriptions are set to automatic.
- Set up the environment variables for CASE:
After the operators are upgraded, the upgrade of the related deployments and pods is triggered.
Keynote: Since 21.0.3-IF022 If the purchased production license is for:
- Business Automation Workflow, then the shared_configuration.sc_deployment_context must be BAW and the possible values forshared_configuration.sc_deployment_baw_license are: non-production and production.
- Cloud Pak for Business Automation, then the shared_configuration.sc_deployment_context must be CP4A and the possible values for shared_configuration.sc_deployment_baw_license are: user, non-production, and production.
Performing the necessary tasks after installation
Review the installation
Review the CR yaml status section and operator logs after the upgrade to ensure no failures prevented your pods from upgrading.
oc get icp4acluster -o yaml > CP4BAconfig.yaml
oc logs deployment/ibm-cp4a-operator -c operator > operator.log
To verify the expected image digest for a particular image, review the
ibm-cp-automation\inventory\cp4aOperatorSdk\resources.yaml
file in the CASE package. This file has a listing of the images managed by the Cloud Pak for Business Automation operator and their expected digest for this particular interim fix level.Uninstalling
There is no procedure to uninstall the interim fix.
List of fixes
The following APARs are specific to Business Automation Workflow on containers. Depending on the components and capabilities you installed and configured, additional fix information might apply to you. See the "List of Fixes" in the readmes linked under Complimentary Cloud Pak for Business Automation interim fixes in the Prerequisites and superseding fixes section in this document. These readmes detail vulnerability fixes shipped with interim fixes for included operating system level and other open source libraries. The fixes below are also listed in those readmes, but they are also listed here as a convenience.
Fixes that involve security are indicated with an X mark.
Business Automation Workflow
21.0.3 IF035
APAR | Security APAR | Behavior change | Title |
---|---|---|---|
DT386834 | X | CVE-2023-33008 in BAStudio and Workflow Authoring image | |
DT173923 | THE ORDER OF VARIABLES IN EXPOSED PROCESS VALUES IS NOT PRESERVED IN THE PROCESS EDITOR | ||
DT179122 | DBUPGRADE NEED SUPPORT SAME VERSION UPGRADE FOR SOME SPECIAL FIXES | ||
DT228436 | TYPE AHEAD TEXT VIEW FROM THE UI TOOLKIT IS THROWING AN ERROR WHEN USING ITEMS FROM SERVICE | ||
DT389264 | Workflow Center console is loading too many snapshots even when JR64203 is applied | ||
DT390925 | Start service REST API might not start the service with the specified snapshot |
21.0.3 IF034
21.0.3 IF033
APAR | Security APAR | Behavior change | Title |
---|---|---|---|
DT378426 | X | CVE-2024-31033 IN JJWT MAY AFFECT IBM BUSINESS AUTOMATION WORKFLOW | |
DT380148 | X | Multiple vulnerabilities in jetty | |
DT380377 | X | CVEs impact angular.js 1.8.3 | |
DT379093 | User is unable to log in case client if the user name is same with user id of other user | ||
DT380668 | Processed sequence numbers are not in sync in Case Event Emitter when other node takes the lease for processing on a multi node cluster | ||
DT381151 |
Temporary SCIM group retrieval failures during group synchronization must not delete users from that group in the database
|
||
DT381334 | CMIS API getTypeDescendants() takes over 60 seconds to complete, 'totalTranLifetimeTimeout' also has to be extended. |
21.0.3 IF032
APAR | Security APAR | Behavior change | Title |
---|---|---|---|
DT173474 | Autotracked data in Subprocess is not captured in DEF event ACTIVITY_RESOURCE_ASSIGNED | ||
DT261204 | Error saving heritage human service when using the IBM Process Designer | ||
DT363632 | SERVER SHUTDOWN MAY CAUSE DUPLICATE PROCESS INSTANCES | ||
DT365566 | NEED TO RESTRICT PREVENT ADMINISTRATORS FROM MODIFYING THE TASK AND PROCESS INSTANCE DATA IN PROCESS INSPECTOR | ||
DT378210 | IBM Process Portal logout functionality is not working when no single coach is used long enough (i.e more than half of the thresholdInSeconds time), the user's activity is not reported to portal | ||
DT378760 | The labels of Date Time Picker and Text Area views changed position after upgrade |
21.0.3 IF031
APAR | Security APAR | Behavior change | Title |
---|---|---|---|
DT247523 | X | CVE-2023-50959 - INTRODUCING ECM QUERY AUTHORIZATION SERVICE | |
DT271567 | X | SECURITY - CVE-2023-51775 IN JOSE4J AFFECTS IBM CLOUD PAK FOR BUSINESS AUTOMATION WORKFLOW | |
DT173474 | Autotracked data in Subprocess is not captured in DEF event ACTIVITY_RESOURCE_ASSIGNED | ||
DT261257 | In Workplace (IBM Content Navigator), Business data names and column names are too long in the Customize your view menu where the business data variables are available | ||
DT270514 | Process Center throws ParticipantGroup resolveAddress SQLIntegrityConstraintViolationException for insert into LSW_USR_GRP_XREF |
21.0.3 IF030
21.0.3 IF029
APAR | Security APAR | Behavior change | Title |
---|---|---|---|
DT246679 | X | SECURITY - CVE-2023-31582 IN JOSE4J | |
DT247641 | X | SECURITY - CVE-2023-33008 IN JOHNZON-CORE MAY AFFECT BAW EVENT EMMITERS | |
DT247858 | X | SECURITY APAR CVE-2023-50947 - REFLECTED CROSS-SITE SCRIPTING | |
DT257576 | X | SECURITY - MULTIPLE VULNERABILITIES IN AUTHORING UIS CVE-2023-45857, CVE-2023-26159 | |
DT258608 | X | SECURITY - CVE-2023-43642 IN BAI EVENT EMITTERS | |
DT245095 | Dutch spelling mistake in process portal profile editor | ||
DT256769 | WHEN YOU TRY TO VIEW DATA OF A PROCESS INSTANCE IN THE PROCESS ADMIN CONSOLE PROCESS INSPECTOR, YOU MAY SEE AN EMPTY DATA FIELD | ||
DT257035 | WHEN YOU VIEW A TASK OF A PROCESS INSTANCE WITH A LARGE EXECUTION TREE IN THE PROCESS INSPECTOR AND YOU TRY TO SEARCH INSTANCES, YOU MAY NOTICE THAT THE BROWSER TAKES LONG TIME TO RENDER |
21.0.3 IF028
21.0.3 IF027
APAR | Security APAR | Behavior change | Title |
---|---|---|---|
DT238395 | X | SECURITY - CVE-2022-44730 - Vulnerability with Apache Batik affect Dita and Apache FOP for Case | |
DT258777 | X | SECURITY APAR - CVE-2023-43642 IN BAI CASE EVENT EMITTERS | |
DT241180 | CREATING A NEW TRACK TAKES A LONG TIME | ||
DT245027 | LOCK CONTENTION ON BPM_TASK_ACT_MEASURE_PENDING TABLE | ||
DT245378 | In-Basket count is being wrapped to a new line, making it not visible on the page |
21.0.3 IF026
21.0.3 IF025
APAR | Security APAR | Behavior change | Title |
---|---|---|---|
DT169666 | YOU NOTICE BUTTONS CONTAINED IN VIEWS CAN HAVE THEIR LABELS SET VIA THE COACH PROPERTIES IN A CLIENT SIDE HUMAN SERVICE | ||
DT213219 | Upload page hangs when adding document for a process instance in Process dashboard | ||
DT228228 | Different results for REST API serviceModel after upgrade from BPM 8.5.6 to BAW 8.6.3.21031 | ||
DT228654 | 'Unable to convert the environment variable value to a URI' exception is observed in the logs when selecting Snapshot to Sync From in Sync Settings | ||
DT228758 | FileNotFoundException logged for 'nls/Resources.js' when you access case | ||
DT237988 | Reverted back to legacy behavior of not showing milliseconds for dates within complex types. | REST APIs return milliseconds on date/time attributes of complex Business Objects | |
DT238447 | THE REST API /REST/BPM/WLE/V1/SEARCHES/TASKS/META/BUSINESSDATAFIELDS?INCLUDEORIGIN=TRUE MAY RETURN AN INCORRECT BUSINESS DATA ALIAS TYPE |
21.0.3 IF024
APAR | Security APAR | Behavior change | Title |
---|---|---|---|
DT224071 | X | SECURITY APAR - MULTIPLE VULNERABILITIES IN SNAPPY-JAVA MAY AFFECT BAW EVENT EMMITERS | |
DT215116 | X | CVE-2023-33858 REFLECTED CROSS-SITE SCRIPTING IN PROCESS ADMIN CONSOLE | |
DT225151 | X | SECURITY APAR DT225151 - CVE-2021-33813 MAY AFFECT CUSTOM APPS IN IBM BUSINESS AUTOMATION WORKFLOW | |
DT198135 | REST API OPS/STD/BPM/PROCESSES/COUNT THROWS PSQLEXCEPTION FOR POSTGRESQL DATABASE | ||
DT208418 | BPMMIGRATEINSTANCES COMMAND FAILS WHEN <COLLECT-RUNTIME-STATS> PROPERTY VALUE IS SET TO FALSE | ||
DT208156 | START SERVICE REST API THROWS ILLEGALARGUMENTEXCEPTION IN CASE YOU PROVIDED PROJECT SHORTNAME AND SERVICE NAME BUT NOT SNAPSHOT ID | ||
DT228796 | Pods do not restart automatically when internal certificates are renewed |
21.0.3 IF023
APAR | Security APAR | Behavior change | Title |
---|---|---|---|
DT189341 | THE WIDTH FROM TABLE VIEW'S COLUMNS CONFIGURATION PROPERTY IS NOT BEING REFLECTED WHEN THE COACH IS DISPLAYED | ||
DT211574 | SHARED BUSINESS OBJECT LOAD METHOD THROWS EXCEPTION WHEN HUMAN TASK IS RESUMED AFTER POSTPONE EVENT IN CLIENT SIDE HUMAN SERVICE | ||
DT213846 | The table view columns are the incorrect size when it is configured to be scroll-able (i.e. height is set) and there are hidden columns | ||
DT222040 | THE REST API /REST/BPM/WLE/V1/PROCESS/{INSTANCEID}/ALLVARIABLES ONLY UPDATES VARIABLES OF THE FIRST LINKED PROCESS NODE | ||
DT222072 | WHEN DEBUGGING STEP OVER MIGHT COMPLETE A SERVICE FLOW | ||
DT223231 | IllegalStateException might occur if a service flow with service result caching enabled is started | ||
DT223489 | Workplace Team Dashboard does not display team statistics for Workflow servers using SQL Server database | ||
DT223311 | Workflow pod readiness probe show the wrong status for User Management Services |
21.0.3 IF022
APAR | Security APAR | Behavior change | Title |
---|---|---|---|
DT189179 | Running Process Portal on Chrome version 109 and later shows an error on the browser console | ||
DT214607 | YOU SEE A NOCLASSDEFFOUNDERROR ERROR WHEN YOU ENABLE CASE BUILDER TRACING | ||
DT215173 | Incorrect licensing annotations for Business Automation Workflow Standalone bundled with IBM Cloud Pak for Business Automation | ||
DT220319 | PERFORMANCE DEGRADATION WHEN RUNNING REST API (DELETE) /OPS/STD/BPM/PROCESSES OR RUNNING BPMPROCESSINSTANCESPURGE COMMAND |
21.0.3 IF021
APAR | Security APAR | Behavior change | Title |
---|---|---|---|
DT211505 | X | SECURITY APAR - CVE-2023-20863 IN SPRING EXPRESSIONS | |
DT213491 | X | SECURITY APAR - VULNERABILITY PRISMA-2023-0067 REPORTED FOR JACKSON-CORE IN BPM EVENT EMITTERS | |
DT195853 | You can't upload documents with an extension .msg or mime type application/vnd.ms-outlook to the document store using the BPM File Dropzone view | ||
DT208824 | YOU NOTICE THE ORDER OF EXCLUSIVE GATEWAY DECISIONS MAY CHANGE AFTER EDITING A HERITAGE HUMAN SERVICE IN IBM PROCESS DESIGNER | ||
DT211846 | IBM BUSINESS AUTOMATION WORKFLOW TEST API RESPONDS WITH ERROR MESSAGES CONTAINING DETAILED INTERNAL ERRORS | ||
DT213399 | BPMPROCESSINSTANCESPURGE COMMAND IS SLOW TO DELETE COMPLETED PROCESS INSTANCES | ||
DT213210 | INVOKING REST API /OPS/STD/BPM/CONTAINERS/MIGRATE ENCOUNTERS NULLPOINTEREXCEPTION | ||
DT213423 | Upgrade Angular Version used by Process Portal and Content Management Toolkit | ||
JR65032 | A BLANK SPACE IS APPENDED TO THE DOCUMENT ID IN THE XML RESPONSE OF THE CREATE DOCUMENT AJAX CALL |
21.0.3 IF020
APAR | Security APAR | Behavior change | Title |
---|---|---|---|
DT197974 | X | SECURITY VULNERABILITY IN COMMONS-FILEUPLOAD AFFECTS IBM BUSINESS AUTOMATION WORKFLOW AND CLOUD PAK FOR BUSINESS AUTOMATION | |
DT208579 | X | SECURITY - CVE-2022-1471 - CASE HISTORY EMITTER IS AFFECTED BY SNAKEYAML VULNERABILITY | |
DT208782 | X | SECURITY APAR - CVE-2022-1471 REPORTED FOR SNAKEYAML IN BPMEVENTEMITTER | |
DT209212 | X | SECURITY APAR - CVE-2023-20861 IN BPM/LOMBARDI/LIB/SPRING-EXPRESSIONS.JAR | |
DT198745 | Workplace cannot search for task or workflow names that contain Chinese characters | ||
DT208139 | IBM Process Federation Server indexers not reprocessing tasks and instances updates after a communication exception with Elasticsearch | ||
DT210959 | Entries with TASK_ID=NULL are never removed from the PFS_BPD_CHANGE_LOG TABLE if process instance indexing is not enabled for the federated system | ||
JR64002 | YOU CAN'T DELETE SNAPSHOTS | ||
JR64395 | YOU CANNOT ENABLE AND CONFIGURE EMAIL NOTIFICATION | ||
JR64892 | SERVICE TASKS OR NON-USER TASKS ARE VISIBLE IN IBM PROCESS PORTAL THOUGH USER CAN NOT TAKE ACTION ON THAT | ||
JR64986 | UNABLE TO DEPLOY CASE SOLUTION ON CP4BA ENTERPRISE PATTERN ENVIRONMENT USING SWAGGER UI |
21.0.3 IF019
APAR | Security APAR | Behavior change | Title |
---|---|---|---|
DT179527 | X | SECURITY - SEVERAL SECURITY VULNERABILITIES ARE PRESENT IN BOOTSTRAP-3.3.4.JS | |
DT196140 | X | SECURITY - CVE-2022-34917 in kafka-clients reported for bai-events-java-sdk | |
DT195919 | X | SECURITY - CVE-2023-25194 - Update Apache Kafka for Case and Case History Emitters | |
DT174091 | Prevent unique constraint violated for table LSW_USR_GRP_XREF when importing a Process Application | ||
DT196195 | IN THE BUSINESS AUTOMATION WORKFLOW PROCESS ADMIN CONSOLE, CACHE RELATED INSTRUMENTATION IS NOT SHOWING UP | ||
DT197053 | REST API CALL OPS/STD/BPM/EVENT_MANAGER_TASKS RETURNS "NOT IMPLEMENTED INTERNALSTATE" ERROR | ||
DT197302 | When the Team Performance dashboard opens in a new tab, the view instance link fails. |
21.0.3 IF018
APAR | Security APAR | Behavior change | Title |
---|---|---|---|
DT180564 | X | SECURITY APAR CVE-2023-22860 - STORED XSS IN PROCESS ADMIN CONSOLE | |
DT188641 | X | SECURITY - CVE-2023-24957 - Stored XSS vulnerability when performing a document upload using Responsive Document Explorer | |
DT143005 | UPDATE EMBEDDED CONTENT MANAGEMENT INTEROPERABILITY SERVICES TO A VERSION THAT USES A NEWER VERSION OF SPRING FRAMEWORK | ||
DT145536 | ERROR CWTBG0535E OCCURS WHEN A SERVICE IS CALLED FROM A CLIENT SIDE HUMAN SERVICE WITH DATA CONTAINING THE MAP DATA TYPE | ||
DT168702 | A JAVA.LANG.NULLPOINTEREXCEPTION OCCURS WHEN CALLING A SERVICE FLOW FROM A CLIENT SIDE HUMAN SERVICE | ||
DT179174 | WHEN CALLING BTS TEAM SERVICE, BUSINESS AUTOMATION WORKFLOW CACHES ACCESS TOKEN WITH WRONG EXPIRATION TIME | ||
DT188690 | MULTIPLE VULNERABILITIES IN JACKSON-DATABIND AND SNAKEYAML MIGHT AFFECT IBM BUSINESS AUTOMATION WORKFLOW | ||
DT189645 | TOOLKIT UPGRADE RESULTS IN NOCLASSDEFFOUNDERROR DURING THE UPDATE OF TEAMS |
21.0.3 IF017
APAR | Security APAR | Behavior change | Title |
---|---|---|---|
DT160709 | X | SECURITY APAR CVE-2022-42435 - CROSS SITE REQUEST FORGERY IN PROCESS ADMIN CONSOLE | |
DT148968 | AVOID FULL RESETS OF USERINFOCACHE AND GROUPMEMBERCACHE WHEN ONLY FULLNAME OR DN OF A USER HAVE CHANGED | ||
DT160446 | PROCESS INSTANCE CANNOT BE DELETED IF THE ASSOCIATED PARENT CASE ID OR PARENT ACTIVITY ID IN CONTENT PLATFORM ENGINE WAS DELETED | ||
DT172428 | Documents stored in the document store for a process instance are not deleted when the process instance is deleted | ||
DT173446 | THE REST APIS BPM/PROCESSES AND BPM/USER-TASKS HAVE A LIMIT ON THE OFFSET PARAMETER VALUE | ||
DT178357 | SOME OVERRIDDEN PROPERTIES OF PROCESS FEDERATION SERVER DO NOT TAKE EFFECT | ||
DT178926 | SAVED SEARCH RESULTS AND PROCESS INSTANCE CURRENT STATE REST API RETURNS USER SHORTNAME |
21.0.3 IF016
APAR | Security APAR | Behavior change | Title |
---|---|---|---|
DT160010 | TIMELINE VISUALIZER WIDGET DOESN'T DISPLAY ACTIVITY TASK COMMENTS |
21.0.3 IF015
APAR | Security APAR | Behavior change | Title |
---|---|---|---|
DT149047 | X | SECURITY APAR - MULTIPLE VULNERABILITIES IN SNAKEYAML SHIPPED WITH BUSINESS AUTOMATION INSIGHTS EMITTERS | |
DT160626 | X | SECURITY APAR - CVE-2022-41735 - CROSS SITE SCRIPTING IN PROCESS ADMIN CONSOLE | |
DT170126 | X | SECURITY APAR CVE-2022-42003 AND CVE-2022-42004 IN LIBRARY USED BY EVENT EMITTER | |
DT168634 | A VIEW CONTAINED IN A TOOLTIP VIEW WORKS IMPROPERLY WITH VALIDATION ERROR | ||
DT168635 | SEVERAL VIEWS FROM THE UI TOOLKIT DISAPPEAR WHEN CONTAINED IN A TOOLTIP VIEW AND HAVE A VALIDATION ERROR | ||
DT168911 | CVE-2022-34917, CVE-2022-42003, CVE-2022-42004 - Update Apache Kafka and jackson-databind library for Case Emitter | ||
DT169189 | CVE-2022-25857, CVE-2022-42003, CVE-2022-42004 - Update snakeyaml and jackson-databind for Case History emitter | ||
DT169484 | PERFORMING THE RESET TEST ENVIRONMENT ACTION FOR CLOUD PAK FOR BUSINESS AUTOMATION ENVIRONMENT FAILS WITH FNRPA0428E ERROR | ||
DT169750 | TRANSACTION WAITING FOR LOCK ON LSW_LOCK FOR TW_ALLUSERS | ||
DT171744 | YOU ARE UNABLE TO SAVE CASE PROPERTIES IN CSHS WHEN A SECURITY PROXY OBJECT IS APPLIED AGAINST THE CASE TYPE CLASS DEFINITION | ||
DT173143 | CLOUD PAK FOR BUSINESS AUTOMATION PODS FAIL TO START WITH “CREATECONTAINERERROR” | ||
JR64501 | THE HIDDEN DIVS CONTAINING VALIDATION MESSAGES FOR ACCESSIBILITY ARE NOT REMOVED WHEN SETVALID IS CALLED MORE THAN ONCE |
21.0.3 IF014
APAR | Security APAR | Behavior change | Title |
---|---|---|---|
DT160695 | X | SECURITY APAR - CVE-2022-34917 IN KAFKA-CLIENTS MAY AFFECT BAI EVENT EMITTERS | |
DT143691 | ADD CASE FROM CASE TOOLKIT ON CLIENT-SIDE HUMAN SERVICE NO LONGER WORK AFTER YOU UPGRADE AS IT REQUIRES A NEW MANDATORY FIELD 'CASECLIENTTABID' | ||
DT145103 | WEB PROCESS INSPECTOR OMITS LEADING SPACES OF INSTANCE DATA IN PROCESS ADMIN CONSOLE | ||
DT169573 | PROCESS INSTANCES CANNOT BE FOUND WHEN YOU TRY TO DISPLAY PROCESS INSTANCE DETAILS IN WEB PROCESS INSPECTOR | ||
JR65102 | YOU CAN'T UPLOAD A DOCUMENT OF TYPE IBM_BPM_DOCUMENT WHEN USER_NAME_ATTRIBUTE IN CP4BA IS CONFIGURED WITH EMAILADDRESS OR UID |
21.0.3 IF013
APAR | Security APAR | Behavior change | Title |
---|---|---|---|
DT145308 | OUTOFMEMORY EXCEPTION WHEN STARTING PFS BPEL INDEXER ON A DATABASE THAT HAS PREVIOUS INDEXING FAILURES | ||
DT145527 | PROCESS WORK ITEM DOES NOT APPEAR IN AN IN-BASKET AFTER THE NEW ACTIVITY HAS BEEN UPDATED PRIOR TO COMMIT OR DEPLOYMENT | ||
JR64862 | EVENT MANAGER DOES NOT RECOVER AUTOMATICALLY FROM A DATABASE CONNECTION FAILURE | ||
JR65093 | YOU SEE AN UNPARSEABLE DATE ERROR WHEN YOU TRY TO ADD AN EXISTING BAW PROCESS ACTIVITY TO A CASE TYPE |
21.0.3 IF012
APAR | Security APAR | Behavior change | Title |
---|---|---|---|
DT142447 | XA_RBDEADLOCK.ERRORCODE=-4203 DUE TO A DEADLOCK IN LSW_LOCK TABLE WHEN SAVING CASE PROPERTY CHANGES | ||
DT141469 | COULDNOTSETPROPERTYEXCEPTION OCCURS WHEN MAPPING COMPLEX OBJECT TO ANY TYPE IN A CLIENT SIDE HUMAN SERVICE | ||
JR64732 | COACH GENERATION INCORRECTLY REPORTS AN ERROR FOR COACHES IN A HERITAGE HUMAN SERVICE | ||
JR64992 | BAR CHART DRILL DOWN DOES NOT CLEARING PREVIOUS CHART'S CONTENT | ||
JR65006 | UPDATE BUSINESS AUTOMATION WORKFLOW TO A NEWER VERSION OF THE SPRING FRAMEWORK | ||
JR65020 | AN OBJECTNOTFOUNDEXCEPTION IS ENCOUNTERED WHILE RUNNING THE BPMUPDATESYSTEMAPP COMMAND DURING UPGRADE | ||
JR65044 | ECM FILE LIST VIEW NO LONGER DISPLAYS CORRECT COLUMNS FROM A CUSTOM QUERY AFTER YOU UPGRADE | ||
JR65087 | TOKEN OF THE ATTACHED INTERMEDIATE EVENT CANNOT BE DELETED |
21.0.3 IF011
APAR | Security APAR | Behavior change | Title |
---|---|---|---|
JR65043 | X | VULNERABILITY CVE-2021-41973 IS REPORTED FOR MINA-CORE-2.0.1-IBM.JAR | |
JR64995 | THE TEAM PERFORMANCE DASHBOARD DOES NOT OPEN FOR ANY SELECTED TEAM MEMBER | ||
JR65052 | COPY AND PASTE OF A USER TASK ACTIVITY IN A PROCESS FAILS IF THE ACTIVITY ASSIGNMENT IS SET TO CUSTOM OR PROCESS STARTER | ||
JR65052 | COPY AND PASTE OF A USER TASK ACTIVITY IN A PROCESS FAILS IF THE ACTIVITY ASSIGNMENT IS SET TO CUSTOM OR PROCESS STARTER | ||
JR65060 | YOU ARE UNABLE TO UPDATE USER PERMISSION FOR A SOLUTION WHEN YOU USE CASE ADMINISTRATION CLIENT |
21.0.2 IF010
APAR | Security APAR | Behavior change | Title |
---|---|---|---|
JR64602 | USING ROUND BRACKETS CHARACTERS '(' OR ')' IN A IBM CLOUD PAK FOR BUSINESS AUTOMATION SECRET PASSWORD WILL CAUSE FAILURES | ||
JR64886 | CAN NOT SELECT TAB IN EDITOR WHEN NESTED IN A COMPOSITE VIEW | ||
JR64944 | PROCESS FEDERATION SERVER MAY ASSIGN MORE INDEXER PARTITIONS THAN AVAILABLE AGENTS CAN CONSUME | ||
JR64968 | PROCESS FEDERATION SERVER SEARCH QUERIES FAIL IF A RETURNED DOCUMENT CONTAINS THE _IGNORED FIELD | ||
JR64969 | THE TEAM PERFORMANCE DASHBOARD CANNOT BE ACCESSED ON PROCESS PORTAL RUNNING ON MULTIPLE FEDERATED BAW SYSTEMS | ||
JR65018 | MULTIPLE VULNERABILITIES ARE REPORTED FOR JRULES-RES-EXECUTION.JAR AND JQUERY-UI-1.10.4.MIN.JS |
21.0.3 IF009
APAR | Security APAR | Behavior change | Title |
---|---|---|---|
JR64596 | X | SECURITY APAR - CVE-2022-22361 - CROSS SITE REQUEST FORGERY VULNERABILITY IN PROCESS ADMIN CONSOLE | |
JR64590 | IF THE OBJECT STORE DISPLAY NAME IS DIFFERENT THAN THE SYMBOLIC NAME IN THE CR FILE CASE INIT JOB FAILS | ||
JR64671 | IF YOU ARE USING FRENCH LOCALE SETTING IN THE BROWSER, YOU CAN'T OPEN A SOLUTION THAT WAS CLOSED IMPROPERLY | ||
JR64788 | UNABLE TO OPEN AND DEPLOY THE SOLUTION IF THE BROWSER USES CHINESE LANGUAGE | ||
JR64821 | 'CPE METADATA CACHE TIME TO LIVE' SETTING IS NOT CONFIGURABLE IN CLOUD PAK FOR BUSINESS AUTOMATION ENVIRONMENTS | ||
JR64850 | A SNAPSHOT WITH A CASE SOLUTION IS MADE DEFAULT WHEN DEPLOYED VIA SWAGGER API WITH AN INACTIVE OPTION | ||
JR64883 | UMS WLPTAI AND UMS JAASLOGINMODULE FAIL TO DECODE SOME JWT TOKENS | ||
JR64884 | INCORRECT CLIENT-SIDE HUMAN SERVICE PAGE VALIDATION ERROR MESSAGES WHEN WEB BROWSER LANGUAGE IS SET TO CHINESE | ||
JR64931 | ERROR OCCURS WHEN DEBUGGING A HUMAN SERVICE IN DESKTOP PROCESS DESIGNER INSPECTOR |
21.0.3 IF008
21.0.3 IF007APAR | Security APAR | Behavior change | Title |
---|---|---|---|
JR64569 | TYPE MISMATCH ERROR MIGHT OCCUR IF A SOAP FAULT IS CAUGHT BY AN ERROR CATCH EVENT | ||
JR64711 | COACH EDITOR FAILS TO OPEN COACH | ||
JR64750 | BUSINESS AUTOMATION INSIGHTS EMITTER, MACHINE LEARNING SERVER & PROCESS FEDERATION SERVER NOT WORKING FOR STARTER PATTERN | ||
JR64642 | GROUP SYNCHRONIZATION FAILS DURING SERVER STARTUP IF DEPRECATED GROUPS EXIST | ||
JR64671 | IF YOU ARE USING FRENCH LOCALE SETTING IN THE BROWSER, YOU CAN'T OPEN A SOLUTION THAT WAS CLOSED IMPROPERLY | ||
JR64717 | BUSINESS AUTOMATION WORKFLOW SCIM CALLS FAIL DUE TO INCORRECTLY ENCODED WHITESPACE | ||
JR64656 | TRANSACTION ROLLBACK WHEN REMOVING AN USER FROM THE PROJECT AREA ON BAW SERVER. | ||
JR64699 | EXPANDABLE ROW IS NOT UPDATING PROPERLY WHEN USING TABLE FILTERING |
21.0.2 IF006
APAR | Security APAR | Behavior change | Title |
---|---|---|---|
N/A | N/A |
21.0.2 IF005
APAR | Security APAR | Behavior change | Title |
---|---|---|---|
JR64280 | X | SECURITY APAR CVE-2021-39046 STORES USER CREDENTIALS IN PLAIN CLEAR TEXT WHICH CAN BE READ BY A PRIVILEGED USER | |
JR64556 | X | REMOVE REFERENCE TO LOG4J FROM 21.0.2 AND 21.0.3 | |
JR64565 | X | MULTIPLE LOG4J VULNERABILITIES IN IBM PROCESS FEDERATION SERVER | |
JR64589 | REFERENCES TO CASE OBJECT CASEINSTANCE.PROPERTIES IN CLIENT-SIDE HUMAN SERVICE VIEWS NO LONGER AVAILABLE AFTER YOU UPGRADE | ||
JR64595 | ACTIVITY PROCESS FAILS TO START WITH CLASSLOADER EXCEPTIONS IN CP4BA 21.0.3 | ||
JR64620 | VIEW VISIBILITY MIGHT NOT FUNCTION CORRECTLY WHEN USING THE NO CODE VIEW VALIDATION | ||
JR64647 | CASE INIT JOB FAILS WHEN YOU UPGRADE FROM CLOUD PAK FOR BUSINESS AUTOMATION V2102 TO V2103 WITH ZEN UI ENABLED | ||
JR64676 | AFTER SCALING FROM DEPLOYMENT PROFILE SIZE MEDIUM TO SMALL, BAW IS UNREACHABLE |
21.0.2 IF002
APAR | Security APAR | Behavior change | Title |
---|---|---|---|
JR64435 | X | SECURITY APAR - CVE-2021-4104 AND CVE-2021-45046 IN PROCESS FEDERATION SERVER |
Document change history
[{"Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SS8JB4","label":"IBM Business Automation Workflow"},"ARM Category":[{"code":"a8m50000000CcWOAA0","label":"Security"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Type":"MASTER"}]
Was this topic helpful?
Document Information
Modified date:
02 August 2024
UID
ibm16574109