Readme file for IBM(R) TRIRIGA(R) Application Platform 3.4.1.1 fix pack. Date: December 18, 2014 IBM Corporation Copyright(C) International Business Machines Corporation 2014. All rights reserved. US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. =============================================================================================== Table of Contents =============================================================================================== 1. Introduction 2. Information resources 3. Installation instructions 4. Resolved issues 5. Notices =============================================================================================== 1. Introduction =============================================================================================== This fix pack updates the TRIRIGA Application Platform product. ----------------------------------------------------------------------------------------------- Prerequisites and supported products ----------------------------------------------------------------------------------------------- To install this fix pack, you must already have IBM TRIRIGA Application Platform 3.4.1 installed. =============================================================================================== 2. Information resources =============================================================================================== Knowledge center URL: http://www-01.ibm.com/support/knowledgecenter/SSHEB3_3.4.1/com.ibm.tap.doc_3.4.1/product_landing.html Description: Access the information center to view the product documentation. Topics include product overviews; installation and configuration tasks; instructions for using, administering, and troubleshooting the product; and security information. Real Estate and Facilities Management community on Service Management Connect URL: https://www.ibm.com/developerworks/servicemanagement/rfm/ Description: Use Service Management Connect to access blogs, wikis, forums, and communities. In Service Management Connect you can review information such as best practices, performance and tuning, and product integrations. You can also collaborate with IBM experts and the broader user community. IBM TRIRIGA Application Platform support resources portal URL: http://www.ibm.com/support/entry/portal/overview/software/tivoli/ibm_tririga_application_platform Description: The IBM support resources portal provides access to tools and resources to keep your systems, software, and applications running smoothly. From the support resources portal you can find fixes, service requests, useful links and an enhanced search to help you find information quickly. =============================================================================================== 3. Installation instructions =============================================================================================== The fix pack file can be extracted into any directory. Before extracting and running the fix pack, back up the existing TRIRIGA files and make a backup copy of the database. NOTE: Uninstall Information This fix pack is provided to you as a zip file. It overwrites your existing TRIRIGA EAR file and may contain database scripts that modify your database. If you want to reverse your changes, you must restore your backed-up version of the TRIRIGA directory, redeploy the old EAR file, and restore the database. Follow these steps to apply this fix pack: 1 Ensure that no database configuration changes are pending. 2 Shut down all of your application and process servers. 3 Take a backup of the database and of the TRIRIGA install directory. 4 After the backup has been completed, restart WebSphere Application Server. For JBoss and Oracle WebLogic Application Servers, make sure they remain shut down. 5 Download the TAP_3411_FP.zip file. 6 Unzip the file and run the patch executable file (patch.exe or patch.bin). 7 In the Introduction panel, click Next. 8 In license agreement, accept the terms and click Next. (if you do not accept the terms, the patch will exit) 9 Choose the directory where TRIRIGA is installed. For example: c:\ibm\tririga\ Or /opt/ibm/tririga/ 10 Review the information, and click Next. 11 The fix pack process will patch the EAR file, run any platform database fix pack scripts, and redeploy the EAR file in JBoss. 12 For Oracle WebLogic Application Server, delete all the cache, tmp, and .wlnotdelete directories that may contain files left over from the previous application/ear installation For example: C:\oracle\weblogic10\user_projects\domains\tririga10domain\servers\AdminServer\cache C:\oracle\weblogic10\user_projects\domains\tririga10domain\servers\AdminServer\tmp Or /opt/oracle/weblogic10/user_projects/domains/tririga10domain/servers/AdminServer/cache /opt/oracle/weblogic10/user_projects/domains/tririga10domain/servers/AdminServer/tmp 13 For Oracle WebLogic Application Server, redeploy the EAR file, and then restart the application server. The EAR file is located in the root TRIRIGA install directory: For example: c:\ibm\tririga\tririga-ibs.ear /opt/ibm/tririga/tririga-ibs.ear 14 For JBoss, the EAR file should be deployed and the cache directories will be automatically removed. All that is required is to restart JBoss 15 For WebSphere Application Server, the EAR file will be redeployed and started automatically. If it fails to deploy, you can try to manually. The EAR file is located in the root TRIRIGA install directory: For example: c:\ibm\tririga\tririga-ibs.ear /opt/ibm/tririga/tririga-ibs.ear ==================================================================================================== 4. Resolved issues ==================================================================================================== ---------------------------------------------------------------------------------------------------- The following issues were resolved in this fix pack. ---------------------------------------------------------------------------------------------------- ---------------- Security Issues: ---------------- IBM does not intend to provide vulnerability details that could enable someone to craft an exploit. IBM uses the Common Vulnerability Scoring System (CVSS) as a standard for communicating the impact of security vulnerabilities in IBM products and solutions. CVSS is an industry open standard for assessing the severity or impact of computer system security vulnerabilities. This standard attempts to establish a numeric measure that represents how much concern or attention the vulnerability warrants. The resulting CVSS score is based on an assessment of a series of metrics. The CVSS Base Score represents the intrinsic and fundamental characteristics of the vulnerability that are typically constant over time and across user environments.For more information, see http://www-03.ibm.com/security/secure-engineering/bulletins.html --------------------------------------------------------------------------------------------------- The following security issues were resolved in the TRIRIGA Application Platform 3.4.1.1 fix pack --------------------------------------------------------------------------------------------------- CVE ID: CVE-2014-8893 Title: Cross Site Scripting Vulnerability CVSS Base Score: 3.5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/99012 for the current score --- CVE ID: CVE-2014-8895 Title: Authentication Bypass Vulnerability CVSS Base Score: 4.3 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/99014 for the current score --- CVE ID: CVE-2014-8894 Title: Open Redirect Vulnerability CVSS Base Score: 3.5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/99013 for the current score --------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------- ----- ----- --- --------------------------------------------------------------------------------------- General Issues: --------------------------------------------------------------------------------------- APAR #: IV57432 Defect: 154034 Description: Some labels that failed to display in the Graphics section were fixed and now display. --- APAR #: IV62245 Defect: 148275 Description: The errors that occurred when the Primary Group By value was set to null in a Metric chart were fixed. --- APAR #: IV63427 Defect: 153651 Description: In the Date column, if the value in the database is zero during autocomplete, the inactive date no longer displays today's date. --- APAR #: IV64584 Defect: 153872 Description: If you are a non-administrative user and you complete a main page form, you are returned to the last main page. --- APAR #: IV64610 Defect: 148269 Description: The translated value of a classification field is now calculated in the workflow extended formula. --- APAR #: IV64909 Defect: 151152 Description: In a Crystal Report form, you can select, load, and view subreports. --- APAR #: IV65287 Defect: 149502 Description: In the Object Migration tool, when you move an existing field into a target environment, the base currency field is no longer omitted. --- APAR #: IV65618 Defect: 151876 Description: When an error occurs during integration configuration, if a file is not accessible for execution, the file section displays a red border and indicates that the file is not accessible. ---   APAR #: IV65891 Defect: 151412 Description: During the Integration object execute process, binary data is no longer processed multiple times with each inbound record. --- APAR #: IV66422 Defect: 153871 Description: The service error that displayed when you populated a query filter in a form and moved to another tab, no longer occurs. --- APAR #: IV66954 Defect: 154967 Description: The logic for populating cells with section elements now accurately handles formula cells. --- APAR #: IV66511 Defect: 15571 Description: An issue is fixed where connections would drop when using IBM TRIRIGA Connector for Business Applications in MSSQL. --- Defect: 150304 Description: When you import a list, a new policy prioritizes the list. If you add more values to the list, the import is pushed to the bottom of the list and the sequence numbers are updated. --- Defect: 151041 Description: If you are a DB2 administrative user, the upgrade will ensure that bufferpool size is automatic instead of a static size. If you are a user that does not have the required privileges, an error occurs at system startup. --- Defect: 152418 Description: In the OSLC Application, the Save action now works on linked resources. --- Defect: 154413 Description: You can now scan uploaded documents for viruses with Internet Content Adaptation Protocol. This is configured in the TRIRIGAWEB.properties file. --- Defect: 155058 Description: Multiple calls to the UPDATEACCESS method resulted in security groups being lost. This issue is resolved. --- Defect: 155659 Description: When query performance monitoring is enabled, Print Preview displays query section data. --- Defect: 156249 Description: When you run the Smart Attach process or the Batch process on a drawing with a large number of spaces, all spaces are not created. --- Defect: 156492 Description: After drilling through a metric chart report to get to a filtered metric tabular report, then clicking the Export to Excel link, the entire result set is now in the exported Excel spreadsheet instead of the filtered results. --- Defect: 156878 Description: Checking for allowed values in a list is now working in OSLC. --- Defect: 157325 Description: Resolved an issue where TRIRIGA was incorrectly using the application servers system Locale when formatting a number from the database. NOTE: TRIRIGA has not been certified on any database where the decimal separator has been changed to a ',' (comma). To ensure proper decimal support, the database decimal separator should be a '.' (period). ==================================================================================================== 5. Notices ==================================================================================================== This information was developed for products and services offered in the U.S.A. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the users responsibility to evaluate and verify the operation of any non-IBM product, program, or service. IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not grant you any license to these patents. You can send license inquiries, in writing, to: IBM Director of Licensing IBM Corporation North Castle Drive Armonk, NY 10504-1785 U.S.A. For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to: Intellectual Property Licensing Legal and Intellectual Property Law IBM Japan, Ltd. 19-21, Nihonbashi-Hakozakicho, Chuo-ku Tokyo 103-8510, Japan The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Any references in this information to non-IBM Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk. IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you. Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information which has been exchanged, should contact: IBM Corporation 2Z4A/101 11400 Burnet Road Austin, TX 78758 U.S.A. Such information may be available, subject to appropriate terms and conditions, including in some cases, payment of a fee. The licensed program described in this document and all licensed material available for it are provided by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement or any equivalent agreement between us. Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. All statements regarding IBMs future direction or intent are subject to change or withdrawal without notice, and represent goals and objectives only. This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental. If you are viewing this information softcopy, the photographs and color illustrations may not appear. Trademarks IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at www.ibm.com/legal/copytrade.shtml. Java and all Java-based trademarks and logos are trademarks of Oracle and/or its affiliates. Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. Privacy Policy Considerations IBM Software products, including software as service solutions, (Software Offerings) may use cookies or other technologies to collect product usage information, to help improve the end user experience, to tailor interactions with the end user or for other purposes. In many cases no personally identifiable information is collected by the Software Offerings. Some of our Software Offerings can help enable you to collect personally identifiable information. If this Software Offering uses cookies to collect personally identifiable information, specific information about this offerings use of cookies is set forth below. This Software Offering does not use cookies or other technologies to collect personally identifiable information. If the configurations deployed for this Software Offering provide you as customer the ability to collect personally identifiable information from end users via cookies and other technologies, you should seek your own legal advice about any laws applicable to such data collection, including any requirements for notice and consent. For more information about the use of various technologies, including cookies, for these purposes, see IBMs Privacy Policy at www.ibm.com/privacy and IBMs Online Privacy Statement at www.ibm.com/privacy/details in the section entitled Cookies, Web Beacons and Other Technologies and the IBM Software Products and Software-as-a-Service Privacy Statement at www.ibm.com/software/info/product-privacy/.