Change History of Monitoring Agent for JBoss and JBoss DC
JBoss DC (ICAM only)
|
Product Version
|
Release Date |
DC Version |
Change History |
|
CP4MCM 2.0
|
August 2020 |
20.8.0 |
JbossDC support unified agent with lwdc-plugins |
| ICAM 2020.1.0 |
March 2020 |
20.3.0 |
- Initial release with resource monitoring and open tracing function
|
Monitoring Agent for JBoss
|
Product Version
|
Release Date |
Agent Version |
Change History |
| APM V8.1.4.0.21 |
March 2024 |
08.24.03.00 |
Fixed the following vulnerability issues:
- CVE-2022-4065: cbeust testing could allow a remote authenticated attacker to traverse directories on the system, caused by improper archive file validation by the testngXmlExistsInJar function in JarFileUtils.java. An attacker could use a specially-crafted archive file containing "dot dot" sequences (/../) to execute arbitrary code on the system.
- IBM X-Force ID: 221124: JCommander could allow a remote attacker to obtain sensitive information, caused by the use of HTTP to resolve dependencies instead of HTTPS. By sniffing the network traffic, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
|
| APM V8.1.4.0.20 |
May 2023 |
08.23.05.00 |
- Added support for RHEL 9 x86_64 Operating System
- Added support for Windows Server 2022 (Datacenter and Standard editions)
Fixed the following vulnerability issues:
- CVE-2021-36373: When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.
- CVE-2020-1945: Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.
- CVE-2012-2098: Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
- CVE-2020-11979: As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.
- CVE-2021-36374: When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected.
- CVE-2015-3253: The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.
- CVE-2016-6814: When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects were subject to this vulnerability.
- CVE-2020-17521: Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2.
|
|
CP4MCM 2.0
|
August 2020 |
08.20.04.00 |
Defect fix |
|
APM
v8.1.4.0.12
|
Jun 2020 |
08.20.06.00 |
Add Jboss EAP 7.3 support |
APM
V8.1.4.0.11 |
March 2020 |
01.03.03.93 |
- Add ILMT support
- Add Redhat 8, SuSE 15, Win 2019 support
- Fix APAR IJ20056
|
| ICAM 2020.1.0 |
Feb 2020 |
01.03.03.90 |
- Add Redhat 8, SuSE 15, Win 2019 support
- Fix APAR IJ20056
|
APM
V8.1.4.0.7
ICAM 2019.1.0 |
March 2019 |
1.03.03.51 |
|
| V8.1.4.0.5 |
September 2018 |
1.03.03.01 |
|
| V8.1.4 |
August 2017 |
1.03.03.00 |
- The transaction tracking and deep-dive diagnostics configuration process was simplified for the JBoss agent in the Advanced Agents offering.
- Two dashboard widgets were added to the Garbage Collection Detail page. One widget shows the amount of heap memory that is freed since the last garbage collection, and the other widget shows the historical Eden/Survivor/Tenured (Old Gen) heap memory pool sizes.
|
| V8.1.3.2 |
April 2017 |
1.03.01.00 |
- Added transaction tracking and deep dive monitoring in the Advanced Agents offering.
- Added a dashboard page to monitor datasource metrics.
- Added support for monitoring the following JBoss offerings: WildFly 8.x/9.x/10.x, JBoss EAP 7.x, JBoss AS 7.x.
- Added support for running the agent on the Windows operating system.
|
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSVJUL","label":"IBM Application Performance Management"},"Component":"Monitoring Agent for JBoss","Platform":[{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB67","label":"IT Automation \u0026 App Modernization"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS8G7U","label":"IBM Cloud App Management"},"Component":"Monitoring Agent for JBoss","Platform":[{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB67","label":"IT Automation \u0026 App Modernization"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS8G7U","label":"IBM Cloud App Management"},"Component":"JBoss Data Collector","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB67","label":"IT Automation \u0026 App Modernization"}}]