Change log
IBM® Safer Payments 6.5.0.01 includes critical, major, and minor defect fixes, APARs, and changes.
Critical defects
The following critical defects were fixed:
- If you run a rule report with context while a remote simulation is active, a deadlock might occur on the remote instance (APAR PO09991).
- If a logical golive is run and an index node is deleted, index-dependent element values are changed when the new index node replaces the old one. The problem occurs whether the index node is deleted by a purge or normal deletion (APAR PO09972).
- When retention by time is used, the end-of-day job creates DDC files for attributes that are not stored. The files cause the instance to crash when the affected attributes are stored during golive.
- Improved defense mechanisms against a Slowloris DOS attack. Added
Enable incoming connection limit and Incoming connection
limit to the
tab and Application programming
interface tab. The fix is for
CVE-2023-27556
. - A deadlock might occur during the end-of-day job or when cases are archived if users perform additional case investigation activities, for example, take over or transition a case.
Major defects and changes
The following major defects were fixed and major changes were made:
- Deferred writing is not interrupted when certain elements are saved, which causes processing to stop for a long time. Now, if bypass is enabled, it is activated when mandators, working queues, and messages are saved. The save takes a few extra seconds during which time the save button is disabled.
- A deadlock can occur if rule generation is running on a lower-level mandator when a mandator higher up in the subtree runs a golive.
- Updated Libcurl to version 8.0.1.
- Signal handlers are missing for SIGILL and SIGBUS.
- When external models call systems that reply with the message ID in the response body that uses slightly different JSON formatting, the response is not recognized by IBM Safer Payments and the callout fails. The problem occurs even if, for example, the white spaces between JSON keys and values are different.
- A deadlock can occur if a simulation is running on a lower-level mandator when a mandator higher up in the subtree runs a golive (APAR PO09978).
- PCI DSS-relevant event log message number 834 is not automatically enabled for audit logs on fresh installations.
- A no privilege error is issued if a case moves to another nonexclusive working queue for which the user has no privileges from the My working queues page (APAR PO09485).
- On , the thread priority selection options are not limited by the respective thread priority limit in the system settings. An option to set a thread priority limit for Kafka endpoints is missing in the system settings. If the thread priority limit for MCI or KMI is reduced, the respective values of inbound endpoints are not updated.
- Go to Generate a report of this message. The Transaction Message Report page opens. XML Message Sample under Model Response is not readable if the text is too long. , select a message whose type is flat xml format, click
- If a table filter is activated, the table's vertical scrollbar overlaps the contents (APAR PO09825).
- If a user triggers a shutdown while IBM MQ messages are being processed, IBM Safer Payments might exit with a backtrace. The transaction that caused the backtrace does not finish computing (APAR PO09933).
- A crash might occur when a file with an empty path for the period is opened while the index is being rebuilt.
- If many cases exist, case selection takes long time (APAR PO10010).
- Multiple regolives that are run and queued at the same time might result in FLI errors and failed golives on remote instances (APAR PO09970).
- During golive, bypass is activated after deferred writing and jobs are stopped. However, stopping them can take time during which latencies can occur (APAR PO09956).
- If you switch the API instance, external model mappings are not editable.
- SSL settings to reject TLS 1.0 and TLS 1.1 connections are not enabled by default for MCI, ECI, and API.
- On , the navigation menu overlaps tooltip text.
- On various pages, for example, when you create a mandator, checkboxes are rendered below the field labels instead of next to them.
- During a logical golive, the instance status is set to waiting for interlock and stays this way until a structural golive is done. The problem also happens when interlock is disabled in system configuration (APAR PO09969, PO10007).
- MCI, FLI, BDI, MQI, and KMI can be enabled while a maintenance function is running that requires them to be disabled (APAR PO09788).
- If settings on are changed, some warning and error messages are not issued.
- On Production data available in MDC (no simulation necessary) and Production data not available in MDC (enable it for simulation to prime from DDC) display correctly (APAR PO09974). is displayed even if the data is available only in DDC and therefore unusable for simulation computations. Now,
- On restart or key activation, a deadlock occurs and further logins are prevented if you enter an incorrect PIN but with the correct number of digits. The problem occurs if extended authentication is enabled with two-factor authentication that is based on one-time password (OTP) (APAR PO09988).
- MCI responses of type JSON contain unnecessary white space.
- In notifications that are sent to users, the timestamp is incorrect (APAR PO09965).
- If a simulation and a golive are started simultaneously, the golive cannot start until the simulation initialization finishes.
- The export data job collects attributes from only the first mandator (APAR PO09995).
- When the API is changed from disabled to enabled on an instance, maintenance functions that are running on it are interrupted.
- The description for external model components is difficult to find in the online help. Improved the description and added a help button to the page.
- On Support standard deviation checkbox is missing. , the
- The status of remote instances changes to
Unreachable
even if it is reachable (APAR PO09863). - Larger random forest, decision tree, and boosted tree models cannot be uploaded due to a 500 MB limit on uploading pmml files.
- On Output Values section corrupts the values of other entries (APAR PO09954). , prepending or reordering entries in the
- Statistics, Rule analysis, Rule optimization, and Rule Scoring under
[Object object]
in some columns rather than actual values (APAR PO09596).
display - When a table is on a page that is read-only, the filters do not work (APAR PO09842).
- The simulation report lists all attributes, including attributes that do not take more memory for simulation and require no additional user operation.
- A deadlock might occur if a golive is started for the same mandator or head mandator of a revision where a simulation query (all types) is already running. A simulation query of type rule report is also started when a rule report is started (APAR PO09985).
- Added Cases not closed to . It displays the number of current non-closed cases.
- The timestamps in all tooltips for reports display in UTC instead of the user's time zone (APAR PO09984).
- On Output attribute was changed from a categorical to a non-categorical attribute with Enable category selection being selected. , an invalid JSON error is issued if the defined risk list's
- On ruleset on the new model component, and other fields are not copied (APAR PO09973). , if you copy a non-ruleset model component, the type is
- The Compare Revisions tabs do not list entries for newly added condition groups on rules. Only changes to existing condition groups are listed. and
- On , the save button is disabled if the user is defined at a submandator level (APAR PO09968).
- When an API request of getIndexes with null revision value is sent, a backtrace is created.
- When a golive report is initiated for a revision, a log message Internal model generation stopped for revision ... is displayed. It displays even if the revision is not running internal model generation.
- When outdated attribute values are purged, the purge fails for attributes that are not stored in MDC. Fatal error log message 520 is written for each attribute, which is correct. Log message 194 is also written, which is incorrect. It means that the values were successfully purged, which is untrue.
- If a golive is started on an unmodified revision of a new mandator, the remote instances might be invalidated (APAR PO09982).
- An instance might shut down during golive if not stored attributes are missing, and they are used in a condition for a submandator (APAR PO09977).
- On Suppress meta information in JSON checkbox is now cleared by default when a new inbound endpoint is created for dynamic or JSON message types. If the checkbox is selected, complications might occur when JSON transactions are sent through the MCI because messageID is suppressed. , the
- If Enable logical golives is cleared, golives are processed as structural golives. However, the GoLive report displays it as logical.
- On Exit case investigation screen after transition. If it is selected for a transition, after the transition is run, investigators are returned from the case investigation screen to where they opened the case from. , added the checkbox
- Added a scroll bar to pages that display a list of suggested expressions in conditions, conclusions, and formulas.
- If you export a table that contains sensitive data and enter an invalid password, the error New password is invalid because it is [description] is displayed. The password is incorrect but the error does not match the description in the error message.
- Golive is blocked, and the instance goes into maintenance mode if its
status is offline, startup, starting services, synchronizing, restore status
(
RESTORING_DONOR, RESTORING_RECIPIENT, STATUS_LOCKDOWN
), or any status that is related to key activation (WAITING_FOR_KEY, MASTER_KEY_CHANGE_ACTIVE, MASTER_KEY_CHANGE_PASSIVE,MASTER_KEY_CHANGE_FINALIZE
) (APAR PO09962). - When an instance is restarted, user groups that are assigned to case transitions on case classes are lost (APAR PO09987).
- Users who can create a rule can also add it to a performance report, even if they lack the privilege, by sending a custom API request.
- The online help does not highlight searched keywords in its results.
- Merchant monitoring rule 6.2.2.1 MasterCard acquirer authorization monitoring requirements - Repeated authorization requests for the same cardholder account is missing in the user interface.
- Some records are not written to DDC if the deferred writer is interrupted soon after startup (APAR PO10008).
- For cases that are created manually or by query, server-side validation does not occur for non-negative case scores.
- When a TCP connection is being established and a problematic message header is processed, the connection cannot be reestablished because of incorrect state variables. The problem is detected with bypass (APAR PO10014).
- Omitting white spaces in JSON responses on MCI, MQI, KMI, or BDI might break the communication from external systems to IBM Safer Payments. Added . Use the new option to control whether white spaces are included in JSON responses.
Minor defects and changes
The following minor defects were fixed and minor changes were made:
- In the online help, the Batch Data Interface Overview topic contains a broken link to a topic about jobs.
- Improved the online help for Main Memory settings, MCI StatusResponse example, and Fraud marking reports. Added more content to several topics, for example, case types, internal model generation, outgoing channel configuration, and inbound endpoints. Improved user interface text about feedback. The language options in the user interface are now always listed in their own language (APAR PO09422).
- A fatal log message might occur for the FLI buffer, followed by log message 0514 during a restore.
- On various report pages, error text is incorrect if you enter a
from
date that is after ato
date. - An error is issued when temporary cases are archived because a temporary audit file is missing (APAR PO09494).
- On Instance selection, the Refresh instances table toolbar action displays the wrong icon. , click filter. On
- On Download IBM Safer Payments Configuration. The Instance field displays partial rather than full instance names because it is too short. , click
- The Include ddc checkbox is not displayed on . Now, it correctly displays for certain rule types if Merchant monitoring rules may include ddc in the system configuration is enabled.
- Increased CPU and speed for slow calculations when date ranges that are based on server time are used in data selections (APAR PO09253).
- Case consolidation performance degrades significantly with the number of open cases (APAR PO10011).
- Message logging for the index repair function contains text about
rebuild
rather thanrepair
. It also does not produce a progress log message. - On , if there is more than one definable transition and you change the target case class for one transition, the list of case state options for all the definable transitions changes.
- In conditions, if you focus on an expression field and press the space bar to see the context menu, it does not display near the expression field (APAR PO09492).