IBM Support

Readme for IBM Cloud Pak for Business Automation 23.0.2 IF006

Fix Readme


Abstract

The following document is for IBM Cloud Pak for Business Automation 23.0.2 IF006. It includes the CASE package download, installation information, and the list of APARs/Known Issues that are resolved in this interim fix.

Content

Readme file for: IBM Cloud Pak® for Business Automation
Product Release: 23.0.2
Update Name: 23.0.2 IF006
Fix ID: 23.0.2-WS-CP4BA-IF006
Publication Date: 29 June 2024

Before installation
  1. Ensure you take regular backups of any databases associated with the environment.
  2. Ensure your operators are in a healthy state, before upgrading.
    If one or more operators are failing, then it can prevent the system from completing an upgrade.
    It is recommended to check a few of the important CR statuses to ensure there are not failures and the statuses appear ready for the various installed components. Check the status of the following CRs when they exist:
  3. oc get icp4acluster -o yaml 
oc get content -o yaml
oc get Foundation -o yaml
  4. Remove any image settings in CRs
    If you used any individual image tag settings in your CRs, it could prevent the operator from updating the images to the appropriate version. Ensure you remove any of these settings when you upgrade. This doesn't apply to starter installation as it requires a new install.
  5. FIPS Compliance
    Please note that the configuration for Federal Information Processing Standards (FIPS)-compliant has changed starting in this interim fix.  The changes will be reflected in the Cloud Pak for Business Automation Knowledge Center documentation by the end of April 2024.  For FIPS compliance, please refer to the FIPS wall approach here: Considerations for FIPS. Please follow the steps below to enable FIPS for Cloud Pak for Business Automation as it is disabled by default:
      1. OpenShift Container Platform (OCP)
           In the OCP configuration file install-config.yaml, you must set "fips: true". For more information, see Support for FIPS cryptography.
      2. Red Hat Enterprise Linux (RHEL)
           The Linux® hosts must use RHEL 8.2 or higher. On each of the hosts that run FIPS-compliant workloads, you need to enable the FIPS mode.
           To enable FIPS on a host, set "fips=1" on the kernel command at installation time. All the cryptographic keys that are generated are FIPS-compliant.
           If a host is already installed, you can enable it. For more information, see Switching the system to FIPS mode.
      3.  CP4BA capabilities
            By default, the enablement of Cloud Pak for Business Automation containers for FIPS is turned off.
            FIPS enablement for Cloud Pak for Business Automation capabilities is configured in the custom resource (CR), under the shared_configuration
            section.
       shared_configuration:
         enable_fips: true

      4.  Cloud Pak foundational services
            Make sure that all required configuration for FIPS compliance for foundational services is completed. See Foundational services regulatory compliance.
            You do not need to do the following tasks because Cloud Pak for Business Automation handles these tasks for foundational services:
            - Configure foundational services routes as re-encrypt routes
            - Configure foundational services events operator to create internal listeners only
            - Configure the CommonServices CR in FIPS mode

Installing the interim fix

This interim fix contains the following version of Cloud Pak for Business Automation and Cloud Pak Foundational Services (CPFS):
  • Cloud Pak for Business Automation 23.0.2-IF006
  • Cloud Pak Foundational Services 4.5.0
Note:  This interim fix only supports the Cloud Pak Foundational Services listed above. It is important that you deploy or upgrade Cloud Pak for Business Automation using the catalog sources in this readme document (the same catalog sources are also in the referenced CASE package).  If you have other Cloud Paks installed on the same OCP cluster, be sure to check the compatibility of the Cloud Pak Foundational Services versions, listed above, with other Cloud Paks' specifications.
Important interim fix details:
Cloud Pak for Business Automation (CP4BA) 23.0.2 interim fixes are released to the v23.2 operator channel. Once the operators are upgraded, it triggers rolling updates for all the pods it manages to ensure they are updated to the appropriate version to match the operator.
Step 1: Setup the CASE package
  1. Download the CASE package provided with this interim fix to a Linux based machine (RHEL or macOS).
  2. Use the tar command to extract the cert-kubernetes directory.
tar -xvzf ibm-cp-automation-5.1.6.tgz
cd ibm-cp-automation/inventory/cp4aOperatorSdk/files/deploy/crs
tar -xvf cert-k8s-23.0.2.tar
cd cert-kubernetes
Step 2:  Perform an online or offline fresh installation 
Depending on the current setup and state of your existing environment, there are various actions that need to be taken. The following scenarios cover what actions might be needed for a particular setup.
  • Scenario 1: You are installing a Starter deployment online or have an existing online Starter deployment
    Warning: If you have an existing Cloud Pak Foundation Services instance installed at the cluster scoped level or in the namespace where CP4BA is being installed, then it is not supported.  The Production deployment of CP4BA is only supported when deploying into a new namespace without CPFS.
    Actions: Starter deployments do not support upgrades. Although you can use this interim fix content to perform a Starter deployment.  To deploy a Starter deployment using the content of this interim fix, please see install a new Starter environment and use the CASE package from this interim fix.
  • Scenario 2: You are installing online Production deployment
    Warning:     If you have an existing Cloud Pak Foundation Services instance installed at the cluster scoped level or in the namespace where CP4BA is being installed, then it is not supported.  The Production deployment of CP4BA is only supported when deploying into a new namespace without CPFS.
    Actions: You can use this interim fix content to perform a Production deployment.  To deploy an online Production deployment using the content of this interim fix, please follow steps from Question 5 in install a new online Production environment and use the CASE package from this interim fix.
  • Scenario 3: You are installing offline/airgap Production deployment
    Warning: If you have an existing Cloud Pak Foundation Services instance installed at the cluster scoped level or in the namespace where CP4BA is being installed, then it is not supported.  The Production deployment of CP4BA is only supported when deploying into a new namespace without CPFS.
    Note: As prerequisites for this scenario, you must follow steps here to set up the bastion host to mirror images to the registry and further to set up the private registry . It is recommended to use "oc mirror" for the mirroring images process as the alternate option "oc-image-mirror" will be deprecated in the future. If you are looking to install only a set of capabilities then you can make use of filters listed in Table 1 so that you can only download the specific set of images that you require.
    Actions:
    1. To deploy an airgap/offline Production deployment, download the CASE package mirror file cp4ba-case-to-be-mirrored-23.0.2-IF006.txt for this interim fix. You must rename the file to cp4ba-case-to-be-mirrored-23.0.2-IF006.yaml. Execute this command from your bastion host to download the CASE files. 
      oc ibm-pak get -c file://(absolute path to file)/cp4ba-case-to-be-mirrored-23.0.2-IF006.yaml
      The absolute path to file needs to be a path starting from "/". For example, "/opt" .
      Follow the instructions in Downloading the CASE files .
    2. You will need to mirror the images associated with the new CASE package.  
      export CASE_NAME=ibm-cp-automation
export CASE_VERSION=5.1.6
export CASE_INVENTORY_SETUP=cp4aOperatorSetup
export TARGET_REGISTRY=<target-registry>
export NAMESPACE=<cp4ba_namespace_name>
      Follow the instructions for either mirroring option in Mirroring images to the private registry using the new CASE version associated with this interim fix.
    3. Login to the cluster and go to namespace for the operator from the bastion host. 
      oc login https://<CLUSTERIP>:<port> -u <ADMINISTRATOR>
oc project ${NAMESPACE}
    4. From your bastion host, run the generated catalog-sources.yaml based on the catalog namespace.
      Note: If the IBMPAK_HOME environment variable is set, the downloaded CASE is located in $IBMPAK_HOME/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/catalog-sources.yaml. If you want to change the namespace from the global catalog namespace (GCN) to your target CP4BA namespace (cp4ba-project), replace “openshift-marketplace” with the “<cp4ba_namespace_name>” in the generated catalog-sources.yaml file for all catalogs, except “ibm-cert-manager-catalog” and “ibm-licensing-catalog”.
      • Option 1: For Global catalog namespace.
        Run the below command. 
        cat $IBMPAK_HOME/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/catalog-sources.yaml | sed 's/opencloud-operators/opencloud-operators-v4-5/g' | oc apply -f -
      • Option 2: For Target CP4BA namespace (private catalog).
        1. Run the following commands to update the catalog sources to be installed in the target namespace ( i.e the namespace value of the variable $NAMESPACE )
          sed -i "s/openshift-marketplace/$NAMESPACE/g" $IBMPAK_HOME/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/catalog-sources.yaml
sed -i 's/opencloud-operators/opencloud-operators-v4-5/g' $IBMPAK_HOME/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/catalog-sources.yaml

        2. Note: IBM Cert Manager catalog and IBM Licensing catalog cannot be deployed to the same namespace as CP4BA catalog namespace when you want to deploy as private catalog. This is due to the operator functionality perspective, IBM Licensing and IBM Cert Manager are cluster singleton services, although they are in a namespace, they watch and manage the resources for the entire cluster. This is quite different from a CP4BA instance in one namespace. Each CP4BA instance has it's own tenant scope(one or several namespaces), and there would be multiple CP4BA instances per cluster.

          Manually edit $IBMPAK_HOME/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/catalog-sources.yaml to update namespace value -
                1. Update the namespace value for ibm-cert-manager-catalog catalogsource from openshift-marketplace to ibm-cert-manager.
                2. Update the namespace value for ibm-licensing-catalog catalogsource from openshift-marketplace to ibm-licensing.
          (OR) The following commands can also be executed to edit to the catalogsource.yaml for namespace value 
          sed -i '/name: ibm-licensing-catalog/{N;s/namespace: .*/namespace: ibm-licensing/}' $IBMPAK_HOME/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/catalog-sources.yaml
sed -i '/name: ibm-cert-manager-catalog/{N;s/namespace: .*/namespace: ibm-cert-manager/}' $IBMPAK_HOME/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/catalog-sources.yaml
        3. Create namespaces ibm-licensing and ibm-cert-manager where ibm-licensing-catalog and ibm-cert-manager-catalog will be installed. 
          oc new-project ibm-licensing
oc new-project ibm-cert-manager
        4. Run the following command to apply the modified catalog source. 
          oc apply -f $IBMPAK_HOME/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/catalog-sources.yaml
    5. Go to the CPFS installer folder from the downloaded cert-kubernetes folder. 
      cd cert-kubernetes/scripts/cpfs/installer_scripts/cp3pt0-deployment
    6. Run the following command based on the catalog namespace.
      • Option 1: For global catalog namespace . 
        ./setup_singleton.sh --license-accept --enable-licensing -v 1 -c v4.2
      • Option 2: For Target CP4BA namespace (private catalog) . 
        ./setup_singleton.sh --enable-licensing --enable-private-catalog --license-accept -v 1 -c v4.2
    7. Run the following steps based on the catalog namespace
      • Option 1: For global catalog namespace .
        Install the CloudPak Operator in your namespace . 
        oc ibm-pak launch $CASE_NAME \
--version $CASE_VERSION \
--inventory $CASE_INVENTORY_SETUP \
--action install-operator \
--namespace $NAMESPACE
      • Option 2: For Target CP4BA namespace (private catalog) .

        Create a CP4BA subscription in the target namespace from the OperatorHub using the Openshift console UI by following the below steps

        • Navigate to the OperatorHub in the Openshift Console
        • Select the private catalog namespace (i.e value of $NAMESPACE ) in projects dropdown
        • Navigate to business automation in the side bar menu
        • Select the IBM Cloud Pak for Business Automation (CP4BA) multi-pattern tile 
          1.  In the Create Operator Subscription wizard, select the channel (v23.2 for 23.0.2).If you set any subscriptions to manual, then you must approve any pending operator updates. It is not recommended to set subscriptions to manual because it can make the installation error prone when some of the dependency operators are not approved. By default, all subscriptions are set to automatic.
          2. Choose A specific namespace on the cluster under Installation Mode and select the $NAMESPACE from the dropdown and click install.
          3. In the Installed Operators view, verify the status of the IBM Cloud Pak for Business Automation installation.
    8. Follow the remaining steps from Question 6 listed here to complete the installations of offline/airgap Production deployment.
Step 3:  Perform an upgrade on an existing online or offline deployment
 
Depending on the current setup and state of your existing environment, there are various upgrade actions that need to be taken. The following scenarios cover what actions might be needed for a particular setup.
  • Scenario 1: Your installed Production deployment version is 23.0.1 IF00x.
    Warning: You can only upgrade existing environments if they were using a single namespace scoped foundational services(CPFS) instance. Which mean the CPFS instance is installed in the same namespace as the cloud pak and isn't shared with any other Cloud Pak instances. Otherwise you would need to rebuild to upgrade.
    Note: Direct upgrade from version prior to 23.0.1 is not supported. If you are upgrading from a prior version then you would need to perform incremental upgrading using the instructions from each prior version.
    Actions:  
    For online upgrade , follow the upgrade instructions listed in Upgrading CP4BA multi-pattern clusters from 23.0.1 in online environment and for offline upgrade , follow the upgrade instructions listed in Upgrading CP4BA multi-pattern clusters from 23.0.1 in offline environment .
  • Scenario 2:  Your installed Production deployment is 23.0.2 GA or 23.0.2 IF00x and is online.
    Actions: 
    Perform the following steps and then the upgrade of operators and deployments will start.
    1. Upgrade the CP4BA operators using one of two methods. 
      • Option 1: For Global catalog namespace.
        Running the operator upgrade script from the CASE package for Global Catalog namespace. 
        ./scripts/cp4a-deployment.sh -m upgradeOperator -n <CP4BA Namespace>
      • Option 2: For Target CP4BA namespace (private catalog).
        Running the operator upgrade script from the CASE package to switch from Global Catalog namespace to Private Catalog namespace or to upgrade the existing Private Catalogs in the CP4BA Namespace. 
        ./scripts/cp4a-deployment.sh -m upgradeOperator -n <CP4BA Namespace> --enable-private-catalog
        Warning: The script in [upgradeOperator] mode will scale the CP4BA deployments down to zero. You must execute the script in [upgradeDeploymentStatus] mode to scale them back in. 
    2. Wait for the operators to complete their upgrades.

      By default all subscriptions are set to automatic, but if you have any subscriptions set to manual then you need to approve any pending InstallPlans.
      Use the below command to see the current status of the install plans. 
      oc get installPlan
      The upgrade will be blocked, if any of the needed InstallPlans are not approved. It is not recommended to set subscriptions to manual as this makes the upgrade more error prone.
    3. You can use the following scripts to check the status of the upgrades.
      1. Run the script in [upgradeOperatorStatus] mode to check that the upgrade of the CP4BA operator and its dependencies is successful. 
        ./scripts/cp4a-deployment.sh -m upgradeOperatorStatus -n <CP4BA Namespace>
        Warning: The script will scale the CP4BA deployments down to zero. You must execute the upgradeDeploymentStatus command to scale them back up.
      2. Run the script in [upgradeDeploymentStatus] mode to check that the upgrade of the CP4BA deployment is successful. 
        ./scripts/cp4a-deployment.sh -m upgradeDeploymentStatus -n <CP4BA Namespace>
  • Scenario 3:  Your installed Production deployment is 23.0.2 GA or 23.0.2 IF00x and using airgap/offline.
    Note:     It is recommended to use "oc mirror" for the mirroring images process as the alternate option "oc-image-mirror" will be deprecated in the future. If you are looking to install only a set of capabilities then you can make use of filters listed in Table 1 so that you can only download the specific set of images that you require.
    Actions: 
    Perform the following steps and then the upgrade of operators and deployments will start.
    1. Download the CASE package mirror file, cp4ba-case-to-be-mirrored-23.0.2-IF006.txt, for this interim fix and you must rename the file to cp4ba-case-to-be-mirrored-23.0.2-IF006.yaml. Then execute this command to download the CASE files: 
      oc ibm-pak get -c file://(absolute path to file)/cp4ba-case-to-be-mirrored-23.0.2-IF006.yaml
      The (absolute path to file) needs to be a path starting from "/". For example, "/opt"
      For more information, see Downloading the CASE files.
    2. You will need to mirror the images associated with the new CASE package. Follow the instructions for either mirroring option in Mirroring images to the private registry using the new version values associated with this fix. 
      export CASE_NAME=ibm-cp-automation
export CASE_VERSION=5.1.6
    3.  Option 1: For Global catalog namespace.
      Run the below command. 
      cat $IBMPAK_HOME/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/catalog-sources.yaml | sed 's/opencloud-operators/opencloud-operators-v4-5/g' | oc apply -f -
      Option 2: For Target CP4BA namespace (private catalog).
      Run the following commands to update the catalog sources to be upgraded in the target namespace ( i.e the namespace value of the variable $NAMESPACE )
      sed -i "s/openshift-marketplace/$NAMESPACE/g" $IBMPAK_HOME/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/catalog-sources.yaml
sed -i 's/opencloud-operators/opencloud-operators-v4-5/g' $IBMPAK_HOME/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/catalog-sources.yaml

      Note: IBM Cert Manager catalog and IBM Licensing catalog cannot be deployed to the same namespace as CP4BA catalog namespace when you want to deploy as private catalog. This is due to the operator functionality perspective, IBM Licensing and IBM Cert Manager are cluster singleton services, although they are in a namespace, they watch and manage the resources for the entire cluster. This is quite different from a CP4BA instance in one namespace. Each CP4BA instance has it's own tenant scope(one or several namespaces), and there would be multiple CP4BA instances per cluster.

      Manually edit $IBMPAK_HOME/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/catalog-sources.yaml to update namespace value -
            1. Update the namespace value for ibm-cert-manager-catalog catalogsource from openshift-marketplace to ibm-cert-manager.
            2. Update the namespace value for ibm-licensing-catalog catalogsource from openshift-marketplace to ibm-licensing.
      (OR) The following commands can also be executed to edit to the catalogsource.yaml for namespace value 
      sed -i '/name: ibm-licensing-catalog/{N;s/namespace: .*/namespace: ibm-licensing/}' $IBMPAK_HOME/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/catalog-sources.yaml
sed -i '/name: ibm-cert-manager-catalog/{N;s/namespace: .*/namespace: ibm-cert-manager/}' $IBMPAK_HOME/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/catalog-sources.yaml
      Run the following command to apply the modified catalog source.
      oc apply -f $IBMPAK_HOME/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/catalog-sources.yaml
    4. Update the cert manager and license service channels to the appropriate level with this script:
      Option 1: For Global catalog namespace. 
      ./scripts/cpfs/installer_scripts/cp3pt0-deployment/setup_singleton.sh --enable-licensing --cert-manager-source ibm-cert-manager-catalog --licensing-source ibm-licensing-catalog --license-accept -v 1 -c v4.2
      Option2: For Target CP4BA namespace (private catalog). 
      ./scripts/cpfs/installer_scripts/cp3pt0-deployment/setup_singleton.sh --enable-licensing --enable-private-catalog --license-accept -v 1 -c v4.2
    5. Update the channels to the appropriate levels for the rest of the CPFS subscriptions.
      Option 1: For Global catalog namespace
      ./scripts/cpfs/installer_scripts/cp3pt0-deployment/setup_tenant.sh --operator-namespace <CP4BA Namespace> -s opencloud-operators-v4-5 -c v4.5 --license-accept -v 1
      Option 2: For Target CP4BA namespace (private catalog).
      ./scripts/cpfs/installer_scripts/cp3pt0-deployment/setup_tenant.sh --operator-namespace <CP4BA Namespace> --enable-private-catalog -s opencloud-operators-v4-5 -c v4.5 --license-accept -v 1
      Note: Be sure to replace the namespace with the appropriate CP4BA namespace.
    6. Wait for the operators to complete their upgrades.

      By default all subscriptions are set to automatic, but if you have any subscriptions set to manual then you need to approve any pending InstallPlans.
      Use the below command to see the current status of the install plans. 
      oc get installPlan
      The upgrade will be blocked, if any of the needed InstallPlans are not approved. It is not recommended to set subscriptions to manual as this can make the upgrade more error prone.

Performing the necessary tasks after installation

a. Review the installation
It is recommended that you review the CR yaml status section and operator logs after the upgrade to ensure there are no failures preventing your pods from upgrading.
oc get icp4acluster -o yaml > CP4BAconfig.yaml
oc logs deployment/ibm-cp4a-operator -c operator > operator.log
If you are interested in verifying the expected image digest for a particular image, then you can review the ibm-cp-automation\inventory\cp4aOperatorSdk\resources.yaml file in the CASE package. This file has a listing of the images managed by the CP4BA operator and their expected digest for this particular interim fix level.
    b. Required when you are using Operational Decision Manager
         You must update your Rule Designer:
    • Open Eclipse 
    • Open menu Help > Check for Updates
    • Select IBM Operational Decision Manager for Developers v8.12.x - Rule Designer
    • Proceed with installation.
    c. Required If you are importing Business Automation Workflow project that includes Case features. 
    If you import projects with Case features, you might encounter the following errors.
    com.ibm.bpm.pal.PALException: Workflow Project Import failed : Workflow Project Import failed during REST call to url: https://icp4adeploy-bastudio-service.production.svc:443/bas/CaseManager/CASEREST/v1/solution/import Response Message :{"UserMessage":{"UserResponse":"See the associated messages and the application server trace logs for more information.","UniqueId":"FNRPA0084E","Explanation":"The response information contains additional details provided by the exception.","Severity":"ERROR","Text":"An internal server error occurred while running a Case REST API method."},"UnderlyingDetails":{"Causes":["CREATE_HALFMAP failed.  26 items processed: 26 succeeded, 0 failed.\n\nNot supported: http:\/\/javax.xml.XMLConstants\/property\/accessExternalDTD"]}} 
    Modify the CR as follows to make the import work. Be aware that doing this workaround might expose you to  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1844 , if your Workflow authoring tools are open to non-trusted users. 
    workflow_authoring_configuration:
    jvm_customize_options: -Dcom.filenet.fdm.ignoreXXEProtectionFailures=true
    d. Required when you are using Business Automation Studio with EDB Postgres
    When the version changed, EDB Postgres changed its default minimum TLS protocol setting from TLSv1.2 to TLSv1.3. Business Automation Studio requires TLS version 1.2 to configure PostgreSQL on the server side. 
    Change it back to TLSv1.2 in the Custom Resource for EDB Postgres.
      
    apiVersion: postgresql.k8s.enterprisedb.io/v1
kind: Cluster
metadata:
...
spec:
  ...
  postgresql:
    ...
    parameters:
      ...
      ssl_min_protocol_version: TLSv1.2

    Uninstalling

    There is no procedure to uninstall the interim fix.

    List of Fixes

    APARs/Known Issues fixed by this interim fix are listed in the following tables.
    The columns are defined as follows: 
    Column title Column description
    APAR/Known Issue The defect number
    Title A short description of the defect
    Sec. A mark indicates a defect related to security
    Cont. A mark indicates a defect specific to the Cloud Pak integration of the component
    B.I. A mark indicates the fix has a business impact. Details are found in the title column or the APAR/Known Issue document
    General
    Known Issue Title Sec. Cont. B.I.
    N/A
    Cloud Pak for Business Automation delivers container images that include operating system level and other open source libraries. Vulnerabilities (CVEs) for these libraries are published regularly.
     
    This interim fix includes fixes for these libraries to address: 
    CVE-2013-0340, CVE-2016-3709, CVE-2016-9318, CVE-2017-16231, CVE-2017-16932, CVE-2017-17522, CVE-2017-18342, CVE-2017-7245, CVE-2017-7246, CVE-2018-12886, CVE-2018-7169, CVE-2019-11360, CVE-2019-12290, CVE-2019-13224, CVE-2019-13225, CVE-2019-13627, CVE-2019-13631, CVE-2019-14855, CVE-2019-15505, CVE-2019-15847, CVE-2019-16163, CVE-2019-18276, CVE-2019-18348, CVE-2019-19012, CVE-2019-19203, CVE-2019-19204, CVE-2019-19603, CVE-2019-19645, CVE-2019-19882, CVE-2019-19924, CVE-2019-20386, CVE-2019-20795, CVE-2019-20838, CVE-2019-25162, CVE-2019-3843, CVE-2019-3844, CVE-2019-8457, CVE-2019-9893, CVE-2020-11656, CVE-2020-13529, CVE-2020-13631, CVE-2020-14155, CVE-2020-15778, CVE-2020-16156, CVE-2020-1751, CVE-2020-25656, CVE-2020-27619, CVE-2020-36777, CVE-2020-8252, CVE-2021-23336, CVE-2021-28861, CVE-2021-31239, CVE-2021-33560, CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087, CVE-2021-36690, CVE-2021-3753, CVE-2021-37600, CVE-2021-4204, CVE-2021-46934, CVE-2021-47013, CVE-2021-47055, CVE-2021-47118, CVE-2021-47153, CVE-2021-47171, CVE-2021-47185, CVE-2022-0500, CVE-2022-1304, CVE-2022-2309, CVE-2022-23222, CVE-2022-3094, CVE-2022-3565, CVE-2022-35737, CVE-2022-4415, CVE-2022-45934, CVE-2022-48303, CVE-2022-48627, CVE-2022-48669, CVE-2023-1513, CVE-2023-22084, CVE-2023-23931, CVE-2023-24023, CVE-2023-25775, CVE-2023-28464, CVE-2023-29483, CVE-2023-29491, CVE-2023-31083, CVE-2023-31122, CVE-2023-3138, CVE-2023-33008, CVE-2023-3567, CVE-2023-37453, CVE-2023-38409, CVE-2023-39189, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-39198, CVE-2023-39326, CVE-2023-4133, CVE-2023-4244, CVE-2023-42754, CVE-2023-42755, CVE-2023-43785, CVE-2023-43786, CVE-2023-43787, CVE-2023-4408, CVE-2023-45283, CVE-2023-45284, CVE-2023-45802, CVE-2023-45863, CVE-2023-46218, CVE-2023-46219, CVE-2023-4806, CVE-2023-4813, CVE-2023-49568, CVE-2023-49569, CVE-2023-51779, CVE-2023-51780, CVE-2023-52340, CVE-2023-52434, CVE-2023-52439, CVE-2023-52445, CVE-2023-52448, CVE-2023-52477, CVE-2023-52489, CVE-2023-52513, CVE-2023-52520, CVE-2023-52528, CVE-2023-52565, CVE-2023-52574, CVE-2023-52578, CVE-2023-52580, CVE-2023-52581, CVE-2023-52594, CVE-2023-52595, CVE-2023-52597, CVE-2023-52598, CVE-2023-52606, CVE-2023-52607, CVE-2023-52610, CVE-2023-52620, CVE-2023-5868, CVE-2023-5869, CVE-2023-5870, CVE-2023-5981, CVE-2023-6004, CVE-2023-6121, CVE-2023-6176, CVE-2023-6240, CVE-2023-6622, CVE-2023-6915, CVE-2023-6918, CVE-2023-6932, CVE-2024-0340, CVE-2024-0553, CVE-2024-0567, CVE-2024-0841, CVE-2024-0985, CVE-2024-21742, CVE-2024-22025, CVE-2024-22262, CVE-2024-23307, CVE-2024-23944, CVE-2024-25629, CVE-2024-25742, CVE-2024-25743, CVE-2024-25744, CVE-2024-26593, CVE-2024-26602, CVE-2024-26603, CVE-2024-26609, CVE-2024-26610, CVE-2024-26615, CVE-2024-26642, CVE-2024-26643, CVE-2024-26659, CVE-2024-26664, CVE-2024-26671, CVE-2024-26693, CVE-2024-26694, CVE-2024-26743, CVE-2024-26744, CVE-2024-26779, CVE-2024-26872, CVE-2024-26892, CVE-2024-26897, CVE-2024-26901, CVE-2024-26919, CVE-2024-26933, CVE-2024-26934, CVE-2024-26964, CVE-2024-26973, CVE-2024-26993, CVE-2024-27014, CVE-2024-27048, CVE-2024-27052, CVE-2024-27056, CVE-2024-27059, CVE-2024-27982, CVE-2024-27983, CVE-2024-28085, CVE-2024-28757, CVE-2024-28849, CVE-2024-29025, CVE-2024-29415, CVE-2024-37168, DLA-3752-1, DLA-3772-1, DLA-3782-1, PRISMA-2023-0067, RHSA-2024:1784, RHSA-2024:2722, RHSA-2024:2778, RHSA-2024:2973, RHSA-2024:2985, RHSA-2024:3062, RHSA-2024:3163, RHSA-2024:3166, RHSA-2024:3203, RHSA-2024:3214, RHSA-2024:3233, RHSA-2024:3466
    Previous interim fixes have included fixes which are also addressed with this interim fix. Consult the Related links section for readmes of previous interim fixes, at the bottom of this document.

    Back to top

    Cloud Pak for Business Automation Operator
    Known Issue Title Sec. Cont. B.I.
    DT389738 Operator fails in User Management Service role while creating a networkpolicy

    Back to top

    Automation Document Processing
    Known Issue Title Sec. Cont. B.I.
    N/A N/A

    Back to top

    Automation Decision Services
    Known Issue Title Sec. Cont. B.I.
    DT382350 Connecting to a remote repository automatically does not work correctly with Gitlab subgroups
    DT390347 Cannot create remote repo on GitLab in CP4BA (no tenant)
    DT390351 Not able to run in ADS standalone with a simple zen user

    Back to top

    Known Issue Title Sec. Cont. B.I.
    DT383336 Case client generates CDEWG3401 The following view definition cannot be found: CaseSearchView error

    Back to top

    Business Automation Insights
    Known Issue Title Sec. Cont. B.I.
    N/A N/A

    Back to top

    Business Automation Navigator
    Business Automation Studio
    <
    Known Issue Title Sec. Cont. B.I.
    DT382240 Security vulnerability in IBM Workflow Center console & IBM Business Automation Studio X
    DT383404 Users are unable to step into a nested service on a remote server when using debug mode in WebPD
    DT386902 DATA OUT OF SYNC ERROR WHEN USING MSSQL DATABASE TO SAVE A PROCESS WITH AN INTERMEDIATE MESSAGE EVENT IN PROCESS DESIGNER
    DT387073 UNABLE TO COPY AND PASTE SUBPROCESS IN WEB PROCESS DESIGNER

    Back to top

    Business Automation Workflow including Automation Workstream Services
    Known Issue Title Sec. Cont. B.I.
    DT378898 SECURITY - CVEs in common-compress affecting BAW Case X
    DT381304 - Event Manager task fails with CWLLG0178E due to java.lang.NumberFormatException: Infinite or NaN\
    DT383214 Get a Confirmation message when closing a case in Case Detail page or when closing a work item in Work Details page without having any updates done on the page.
    DT383336 Case client generates CDEWG3401 The following view definition cannot be found: CaseSearchView error
    DT386239 'Modify permissions for roles' abnormal behavior with checkboxes for Security configuration of a case solution
    DT386902 DATA OUT OF SYNC ERROR WHEN USING MSSQL DATABASE TO SAVE A PROCESS WITH AN INTERMEDIATE MESSAGE EVENT IN PROCESS DESIGNER
    DT387073 UNABLE TO COPY AND PASTE SUBPROCESS IN WEB PROCESS DESIGNER

    Back to top

    Enterprise Records
    Known Issue Title Sec. Cont. B.I.
    N/A N/A

    Back to top

    FileNet Content Manager
    Operational Decision Management
    Known Issue Title Sec. Cont. B.I.
    DT257907 MISSING OBSERVED VALUES IN TEST SUITE REPORT
    DT386484 ERROR WHEN BUILDING RULES USING ISBETWEEN
    DT382390 USER IS ABLE TO SEE ALL DEPLOYMENT CONFIGURATIONS IRRESPECTIVE OF PERMISSION
    DT381870 JAVA.UTIL.NOSUCHELEMENTEXCEPTION DURING BUILD
    DT244599 DECISION CENTER DOES NOT ALLOW RULESET NAME WITH UNICODE LETTERS
    DT387807 ELEMENT DEFINITION IS CLEARED IF IT IS UPDATED IN A SUB-BRANCH OR ACTIVITY WHICH HAS BEEN DELETED
    DT387661 EXCEPTION WHEN CONNECTING FROM RULE DESIGNER TO DECISION CENTER USING OLD SCHEMA VERSION
    DT387424 EXCEPTION WHEN IMPORTING A PROJECT WITH REST API
    DT387169 CANNOT CREATE BRANCH WHEN PROJECT NAME CONTAINS AN APOSTROPHE
    DT383370 IN BUILD COMMAND LITERAL ORDERING DOES NOT WORK CORRECTLY WHEN THERE ARE DIFFERENT RULE TYPES IN THE SAME PACKAGE
    DT365362 INCOMPATIBLECLASSCHANGEERROR WHEN EXECUTING A CUSTOMEXCEPTIONHANDLER

    Back to top

    User Management Service
    Known Issue Title Sec. Cont. B.I.
    DT389738 Operator fails in User Management Service role while creating a networkpolicy

    Back to top

    Workflow Process Service
    Known Issue Title Sec. Cont. B.I.
    N/A N/A

    Back to top

    Known Limitations

    Document change history

  1. 29 June 2024: Initial publish.

    2. [{"Type":"MASTER","Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBYVB","label":"IBM Cloud Pak for Business Automation"},"ARM Category":[{"code":"a8m0z0000001gWWAAY","label":"Other-\u003ECloudPak4Automation Platform"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"23.0.2"}]

    Document Information

    Modified date:
    03 July 2024

    UID

    ibm17156296

    Page Feedback