What's new and changed in Common core services

Common core services updates can include new features, bug fixes, and security updates. Updates are listed in reverse chronological order so that the latest release is at the beginning of the topic.

You can see a list of the new features for the platform and all of the services at What's new in IBM Cloud Pak® for Data.

Cloud Pak for Data Version 4.6.5

A new version of Common core services was released in April 2023 with Cloud Pak for Data 4.6.5.

Operand version: 6.5.0

This release includes the following changes:

Security fixes

CVE-2023-23916, CVE-2023-0767, CVE-2023-0215

CVE-2022-48285, CVE-2022-41717, CVE-2022-41716, CVE-2022-36087, CVE-2022-23491, CVE-2022-4450, CVE-2022-4304, CVE-2022-1471

CVE-2015-3627

CVE-2014-6393

Cloud Pak for Data Version 4.6.4

A new version of Common core services was released in March 2023 with Cloud Pak for Data 4.6.4.

Operand version: 6.4.0

This release includes the following changes:

New features
The 6.4.0 release of the common core services includes changes to support features and updates in Watson™ Studio and Watson Knowledge Catalog.
Version 6.4.0 of the common core services includes the following features and updates:
Access more data with the new Presto connection
You can now work with data from Presto data sources.
Use a proxy server for Microsoft Azure Data Lake Store connections
You can now select a proxy server for a new or existing Microsoft Azure Data Lake Store connection. A proxy server can provide load balancing, increased security, and privacy for the connection. For details, see Microsoft Azure Data Lake Store connection.
Security fixes

This release includes fixes for the following security issues:

CVE-2023-22809, CVE-2023-21843, CVE-2023-21835, CVE-2023-21830

CVE-2022-48303, CVE-2022-47629, CVE-2022-45061, CVE-2022-4415, CVE-2022-40897, CVE-2022-40304, CVE-2022-40303, CVE-2022-27664, CVE-2022-25860

CVE-2021-43138, CVE-2021-28861

CVE-2020-10735

Cloud Pak for Data Version 4.6.3

A new version of Common core services was released in February 2023 with Cloud Pak for Data 4.6.3.

Operand version: 6.3.0

This release includes the following changes:

New features
The 6.3.0 release of the common core services includes changes to support features and updates in Watson Studio and Watson Knowledge Catalog.
Version 6.3.0 of the common core services includes the following features and updates:
Use a proxy server for Amazon S3 connections
You can now select a proxy server for an Amazon S3 connection. A proxy server can provide load balancing, increased security, and privacy for the connection. For details, see Amazon S3 connection.
High availability option for the Apache Hive connection
Select the new option, Use ZooKeeper discovery, to enter a ZooKeeper namespace and a list of alternative servers to ensure continued access to the connection. See Apache Hive connection.
New name for the setting to prevent users from retrieving unmasked sensitive credentials
The setting Prevent users from retrieving decrypted credentials has been renamed Mask sensitive credentials retrieved through API calls. This setting is in the Create connection form.

Any setting that you previously enabled remains in effect. For information on creating a connection, see Connecting to data sources.

Customer-reported issues fixed in this release
DT189214: Resource Specification Injection(RSI) certification will expired in 20 days
Security fixes

This release includes fixes for the following security issues:

CVE-2023-22467

CVE-2022-46175, CVE-2022-45146, CVE-2022-43680, CVE-2022-43548, CVE-2022-42898, CVE-2022-42012, CVE-2022-42011, CVE-2022-42010, CVE-2022-42004, CVE-2022-42003, CVE-2022-41715, CVE-2022-40897, CVE-2022-39353, CVE-2022-38900, CVE-2022-3821, CVE-2022-37616, CVE-2022-37603, CVE-2022-37601, CVE-2022-37599, CVE-2022-37434, CVE-2022-36313, CVE-2022-35737, CVE-2022-3517, CVE-2022-3515, CVE-2022-32190, CVE-2022-2953, CVE-2022-2880, CVE-2022-2879, CVE-2022-2869, CVE-2022-2868, CVE-2022-2867, CVE-2022-27664, CVE-2022-27406, CVE-2022-27405, CVE-2022-27404, CVE-2022-25927, CVE-2022-25901, CVE-2022-2521, CVE-2022-2520, CVE-2022-2519, CVE-2022-2509, CVE-2022-24439, CVE-2022-23541, CVE-2022-23540, CVE-2022-23539, CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619, CVE-2022-2058, CVE-2022-2057, CVE-2022-2056, CVE-2022-1304

CVE-2021-46848, CVE-2021-44906, CVE-2021-32796

CVE-2020-35527, CVE-2020-35525, CVE-2020-15522

CVE-2016-3709, CVE-2016-1000027

Cloud Pak for Data Version 4.6.1

A new version of Common core services was released in December 2022 with Cloud Pak for Data 4.6.1.

Operand version: 6.1.0

This release includes the following changes:

New features
The 6.1.0 release of the common core services includes changes to support features and updates in Watson Studio and Watson Knowledge Catalog.
Version 6.1.0 of the common core services includes the following features and updates:
Prevent users from retrieving decrypted credentials from connection properties
As an extra security measure when you create or edit a connection, you can enable a setting that prevents users, including the owner of the connection, from accessing the credentials through API calls.
Screen capture of the new setting: Prevent users from retrieving decrypted credentials.

This setting is independent of vaults.

Security fixes

This release includes fixes for the following security issues:

CVE-2022-42919, CVE-2022-40674, CVE-2022-40153, CVE-2022-40152, CVE-2022-39353, CVE-2022-37616, CVE-2022-36087, CVE-2022-32189, CVE-2022-3171, CVE-2022-30699, CVE-2022-30698, CVE-2022-25310, CVE-2022-25309, CVE-2022-25308, CVE-2022-22844, CVE-2022-1355, CVE-2022-0924, CVE-2022-0909, CVE-2022-0908, CVE-2022-0891, CVE-2022-0865, CVE-2022-0562, CVE-2022-0561

CVE-2015-20107

Cloud Pak for Data Version 4.6.0

A new version of Common core services was released in November 2022 with Cloud Pak for Data 4.6.0.

Operand version: 6.0.0

This release includes the following changes:

New features
The 6.0.0 release of the common core services includes changes to support features and updates in Watson Studio and Watson Knowledge Catalog.
Version 6.0.0 of the common core services includes the following features and updates:
Access more data with new connection types
You can now work with data from these data sources:
New name for the IBM Data Virtualization connection
The IBM Data Virtualization connector is renamed to IBM Watson Query. The associated platform connection name also changed. Your settings for the connection remain the same. Only the connection name has changed.
Customer-reported issues fixed in this release
DT160867: Cloud Pak for Data restrict instance restore posthooks failed timeout waiting for cpdbr-aux sts to be ready
DT134647: Gathering diagnostic logs for common core services module failed because of log file size too large
Bug fixes

This release includes the following fixes:

Security fixes

This release includes fixes for the following security issues:

CVE-2022-42889, CVE-2022-39399, CVE-2022-39286, CVE-2022-38752, CVE-2022-38751, CVE-2022-38750, CVE-2022-38749, CVE-2022-3517, CVE-2022-34903, CVE-2022-34169, CVE-2022-33987, CVE-2022-32215, CVE-2022-32214, CVE-2022-32212, CVE-2022-32208, CVE-2022-32206, CVE-2022-3172, CVE-2022-29901, CVE-2022-29900, CVE-2022-29824, CVE-2022-29244, CVE-2022-27782, CVE-2022-27776, CVE-2022-27774, CVE-2022-26691, CVE-2022-25896, CVE-2022-25887, CVE-2022-2588, CVE-2022-25857, CVE-2022-25851, CVE-2022-25314, CVE-2022-25313, CVE-2022-2526, CVE-2022-25168, CVE-2022-23825, CVE-2022-23816, CVE-2022-22576, CVE-2022-21803, CVE-2022-21681, CVE-2022-21680, CVE-2022-21618, CVE-2022-21541, CVE-2022-21540, CVE-2022-21166, CVE-2022-21125, CVE-2022-21123, CVE-2022-2053, CVE-2022-1996, CVE-2022-1586, CVE-2022-1353, CVE-2022-1319, CVE-2022-0654, CVE-2022-0494, CVE-2022-0391

CVE-2021-40528, CVE-2021-3807, CVE-2021-23413, CVE-2021-21306

CVE-2020-15366, CVE-2020-12723, CVE-2020-10878, CVE-2020-10543

CVE-2015-20107