Change log

IBM® Safer Payments 6.4.2.03 includes critical, major, and minor defect fixes, APARs, and changes.

Critical defects

The following critical defect was fixed:

  • If you run a rule report with context while a remote simulation is active, a deadlock might occur on the remote instance (APAR PO09991).
  • If a logical golive is run and an index node is deleted, index-dependent element values are changed when the new index node replaces the old one. The problem occurs whether the index node is deleted by a purge or normal deletion (APAR PO09972).
  • When retention by time is used, the end-of-day job creates DDC files for attributes that are not stored. The files cause the instance to crash when the affected attributes are stored during golive.
  • Improved defense mechanisms against a Slowloris DOS attack. Added Enable incoming connection limit and Incoming connection limit to the Cluster > Settings > Interfaces > Message Command Interface tab and Application programming interface tab. The fix is for CVE-2023-27556.
  • A deadlock might occur during the end-of-day job or when cases are archived if users perform additional case investigation activities, for example, take over or transition a case.

Major defects and changes

The following major defects were fixed and major changes were made:

  • Deferred writing is not interrupted when certain elements are saved, which causes processing to stop for a long time. Now, if bypass is enabled, it is activated when mandators, working queues, and messages are saved. The save takes a few extra seconds during which time the save button is disabled.
  • A deadlock can occur if rule generation is running on a lower-level mandator when a mandator higher up in the subtree runs a golive.
  • Updated Libcurl to version 8.0.1.
  • Signal handlers are missing for SIGILL and SIGBUS.
  • Go to Administration > Messages, select a message whose type is flat xml format, click Generate a report of this message. The Transaction Message Report page opens. XML Message Sample under Model Response is not readable if the text is too long.
  • If a user triggers a shutdown while IBM MQ messages are being processed, IBM Safer Payments might exit with a backtrace. The transaction that caused the backtrace does not finish computing (APAR PO09933).
  • A crash might occur when a file with an empty path for the period is opened while the index is being rebuilt.
  • If many cases exist, case selection takes a long time (APAR PO10010).
  • If you switch the API instance, external model mappings are not editable.
  • On Model > Modeling > Attribute Settings, Production data available (no simulation necessary) is displayed even if the data is available only in DDC and therefore unusable for simulation computations. Now, Production data available in MDC (no simulation necessary) and Production data not available in MDC (enable it for simulation to prime from DDC) display correctly (APAR PO09974).
  • On restart or key activation, a deadlock occurs and further logins are prevented if you enter an incorrect PIN but with the correct number of digits. The problem occurs if extended authentication is enabled with two-factor authentication that is based on one-time password (OTP) (APAR PO09988).
  • In notifications that are sent to users, the timestamp is incorrect (APAR PO09965).
  • If a simulation and a golive are started simultaneously, the golive cannot start until the simulation initialization finishes.
  • The export data job collects attributes from only the first mandator (APAR PO09995).
  • When the API is changed from disabled to enabled on an instance, maintenance functions that are running on it are interrupted.
  • The description for external model components is difficult to find in the online help. Improved the description and added a help button to the Model > Scoring Engine > Model components > Own Model components > External model component page.
  • On Model > Profiling > Calendars, the Support standard deviation checkbox is missing.
  • The status of remote instances changes to Unreachable even if it is reachable (APAR PO09863).
  • Larger random forest, decision tree, and boosted tree models cannot be uploaded due to a 500 MB limit on uploading pmml files.
  • On Model > Data model > Lists, prepending or reordering entries in the Output Values section corrupts the values of other entries (APAR PO09954).
  • Statistics, Rule analysis, Rule optimization, and Rule Scoring under Model > Modeling > Analyses display [Object object] in some columns rather than actual values (APAR PO09596).
  • When a table is on a page that is read-only, the filters do not work (APAR PO09842).
  • The server might crash if invalid xml is uploaded in a PMML model file (APAR PO09881).
  • The simulation report lists all attributes, including attributes that do not take more memory for simulation and require no additional user operation.
  • A deadlock might occur if a golive is started for the same mandator or head mandator of a revision where a simulation query (all types) is already running. A simulation query of type rule report is also started when a rule report is started (APAR PO09985).
  • Added Cases not closed to Cluster > System monitoring > System internals. It displays the number of current non-closed cases.
  • The timestamps in all tooltips for reports display in UTC instead of the user's time zone (APAR PO09984).
  • On Monitoring > Defined risk lists > Defined risk list entries, an invalid JSON error is issued if the defined risk list's Output attribute was changed from a categorical to a noncategorical attribute with Enable category selection being selected.
  • On Model > Scoring engine > Model Components, if you copy a non-ruleset model component, the type is ruleset on the new model component, and other fields are not copied (APAR PO09973).
  • The Model > Review overview > Revision Control > Revision Control > Audit Trail and Compare Revisions tabs do not list entries for newly added condition groups on rules. Only changes to existing condition groups are listed.
  • On Investigation > Queries > CPP selection, the save button is disabled if the user is defined at a submandator level (APAR PO09968).
  • When an API request of getIndexes with null revision value is sent, a backtrace is created.
  • When a golive report is initiated for a revision, a log message Internal model generation stopped for revision ... is displayed. It displays even if the revision is not running internal model generation.
  • When outdated attribute values are purged, the purge fails for attributes that are not stored in MDC. Fatal error log message 520 is written for each attribute, which is correct. Log message 194 is also written, which is incorrect. It means that the values were successfully purged, which is untrue.
  • If a golive is started on an unmodified revision of a new mandator, the remote instances might be invalidated (APAR PO09982).
  • An instance might shut down during golive if not stored attributes are missing, and they are used in a condition for a submandator (APAR PO09977).
  • On Cluster > Interfaces > Inbound, the Suppress meta information in JSON checkbox is now cleared by default when a new inbound endpoint is created for dynamic or JSON message types. If the checkbox is selected, complications might occur when JSON transactions are sent through the MCI because messageID is suppressed.
  • If Enable logical golives is cleared, golives are processed as structural golives. However, the GoLive report displays it as logical.
  • On Administration > Case management > Case classes, added the checkbox Exit case investigation screen after transition. If it is selected for a transition, after the transition is run, investigators are returned from the case investigation screen to where they opened the case from.
  • Added a scroll bar to pages that display a list of suggested expressions in conditions, conclusions, and formulas.
  • If you export a table that contains sensitive data and enter an invalid password, the error New password is invalid because it is [description] is displayed. The password is incorrect but the error does not match the description in the error message.
  • Golive is blocked, and the instance goes into maintenance mode if its status is offline, startup, starting services, synchronizing, restore status (RESTORING_DONOR, RESTORING_RECIPIENT, STATUS_LOCKDOWN), or any status that is related to key activation (WAITING_FOR_KEY, MASTER_KEY_CHANGE_ACTIVE, MASTER_KEY_CHANGE_PASSIVE,MASTER_KEY_CHANGE_FINALIZE ) (APAR PO09962).
  • When an instance is restarted, user groups that are assigned to case transitions on case classes are lost (APAR PO09987).
  • Users who can create a rule can also add it to a performance report, even if they lack the privilege, by sending a custom API request.
  • The online help does not highlight searched keywords in its results.
  • Merchant monitoring rule 6.2.2.1 MasterCard acquirer authorization monitoring requirements - Repeated authorization requests for the same cardholder account is missing in the user interface.
  • Some records are not written to DDC if the deferred writer is interrupted soon after startup (APAR PO10008).
  • For cases that are created manually or by query, server-side validation does not occur for non-negative case scores.
  • When a TCP connection is being established and a problematic message header is processed, the connection cannot be reestablished because of incorrect state variables. The problem is detected with bypass (APAR PO10014).
  • Omitting white spaces in JSON responses on MCI, MQI, KMI, or BDI might break the communication from external systems to IBM Safer Payments. Added System > Configuration > Interfaces > Pretty print JSON response. Use the new option to control whether white spaces are included in JSON responses.

Minor defects and changes

The following minor defects were fixed and minor changes were made:

  • In the online help, the Batch Data Interface Overview topic contains a broken link to a topic about jobs.
  • A fatal log message might occur for the FLI buffer, followed by log message 0514 during a restore.
  • On various report pages, error text is incorrect if you enter a from date that is after a to date.
  • An error is issued when temporary cases are archived because a temporary audit file is missing (APAR PO09494).
  • On Model > (select a challenger revision) > Simulation, click filter. On Instance selection, the Refresh instances table toolbar action displays the wrong icon.
  • On Administration > System > Configuration, click Download IBM Safer Payments Configuration. The Instance field displays partial rather than full instance names because it is too short.
  • The Include ddc checkbox is not displayed on Monitoring > Merchant monitoring rules. Now, it correctly displays for certain rule types if Merchant monitoring rules may include ddc in the system configuration is enabled.
  • Increased CPU and speed for slow calculations when date ranges that are based on server time are used in data selections (APAR PO09253).
  • Case consolidation performance degrades significantly with the number of open cases (APAR PO10011).
  • Message logging for the index repair function contains text about rebuild rather than repair. It also does not produce a progress log message.
  • On Administration > Case management > Case classes, if there is more than one definable transition and you change the target case class for one transition, the list of case state options for all the definable transitions changes.
  • In conditions, if you focus on an expression field and press the space bar to see the context menu, it does not display near the expression field (APAR PO09492).