Change log

IBM® Safer Payments 6.5.0.02 includes critical, major, and minor defect fixes, APARs, and changes.

Critical defects

The following critical defects were fixed:

  • In rare situations, backtraces are printed when sockets are being closed. The problem usually occurs when an instance is shutting down.
  • Users who do not have the privilege to view the system configuration are not allowed to perform a golive (APAR PO10066).

Major defects and changes

The following major defects were fixed and major changes were made:

  • Improved security regarding user passwords. On Administration > System > Configuration, added Use common password blocklist. If it is enabled, you can upload a file that contains a list of weak passphrases. When users change their password, it is checked against the list.
  • Model components of PMML boosted trees always use multipleModelMethod modelChain even if the model file defines a different method (APAR PO09869).
  • Parser errors in uploaded PMML files do not create error feedback in the user interface. Startup, the golive report, golive, and simulation do not check for parser errors in uploaded PMML models, which might result in missing PMML computations. Also, the PMML model outputs are sometimes not computed during message computation on the API instance. The problem occurs when the champion revision is compared to a challenger revision and certain changes are done to the PMML model in the challenger. In particular, the problem occurs if the PMML model file is reuploaded or the field mappings are changed between the revisions. The problem does not occur on non-API instances (APAR PO10162).
  • During startup, defined risk list files cannot be loaded if they contain empty values (APAR PO09474).
  • If a defined risk list entries file of an unsupported encoding type is uploaded, no further risk list files can be uploaded. The problem also occurs if the file contains empty lines that end in a Linux® line ending (APAR PO09439).
  • Performance slows down if the remote lookup index search cannot find the target record (APAR PO09919).
  • If deferred writing is enabled, the rollover of calendar periods might cause backtraces and fatal errors.
  • If a docx case action is saved again after an attached template file is uploaded, an error is issued when the case action is sent.
  • Some golive messages have unnecessary color indicator tags.
  • There is no valid response for MCI status requests during golive or when no unique message ID is set in the status request.
  • The Fraud Flag meta attribute column displays in the query result table even if the fraud column is not selected in the query definition. The problem occurs if Administration > System > Configuration > Direct transaction marking in queries is selected. Also, the column incorrectly contains URID column information. Hyperlink queries do not work if the URID and fraud columns are not selected as columns (APAR PO09989).
  • PMML tree-based models output negative probabilities for specific PMML input files. The problem occurs for random forests where the record count is included only in the ScoreDistribution element, and not on the node.
  • If a defined risk list entries file contains an entry with empty characters at the beginning of its line, the upload stops. The instance must be restarted to upload more entry files.
  • If a user logs out during the upload of a defined risk list entries file, the upload fails. The instance must be restarted to upload more defined risk list entries.
  • If a table contains an empty cell, it displays as undefined in a csv export. Also, if the sanitize csv setting is enabled and it contains an empty cell, it cannot be downloaded.
  • Improved security when multiple user login attempts are made with the correct username but wrong password. Now, when a user enters a wrong password, the login button is disabled for five seconds. Backend security was also improved.
  • Added Use maximum session time (seconds) to Administration > System > Configuration > Interfaces > Application Program Interface > . It controls how long a session remains open, regardless of user activity. It is optional.
  • In rare situations, a crash might occur when a running simulation that uses the in chunks simulation method is disabled (APAR PO10012).
  • When logical golives are enabled in the system settings and a logical golive is done on a mandator of the key performance indicator or status alarm indicator or parent mandator, after the EOD job the KPI or SAI returns 0 if it has any condition. The KPI or SAI works again when it is saved after the EOD (APAR PO09998).
  • Crash backtraces are limited to 30 entries (APAR PO10031).
  • Startup continues without champion revisions being read.
  • The operating system delays the memory allocation, which worsens the situation when running out of memory (APAR PO10022).
  • On Investigation > CPP selection, filter preferences are not saved correctly and are reset when you navigate away and then return to the page.

    On Investigation > Case selection, date range preferences are not updated correctly when you navigate away and return the first time. Return a second time, and they are updated.

  • In case investigation, if you batch close multiple cases from multiple case classes, duplicate case close codes display in the Bulk Close selection window (APAR PO09983).
  • Click Model > [revision] > Profiling > Patterns. When the pattern is displayed, Stencils > Records conditions are not correctly populated. The attribute names and operators are not displayed in the conditions. They become visible when you edit the pattern (APAR PO10025).
  • In rare situations, a crash occurs during startup if unexpected mappings exist.
  • The Rule Generation Data Overview and Generated Rules tables under Model > Modeling > Model Factory > Rule display [Object object] rather than actual values. The problem occurs only if Verification is selected.
  • On Administration > Case management > Case actions > HTTP Case Action, Content type addition cannot be set if HTTP output channel configuration is used (APAR PO10015).
  • If Hide logout button is selected on Administration > System > Configuration > Authentication Settings, the logout button still displays on all instances (APAR PO09324).
  • Remote simulation does not work if OIDC authentication is used (APAR PO10027).
  • Go to Investigation > Queries > Queriesand click Settings. If you select Uid, the Uid column does not display in the table. Also, the mandator Uid table column is Uid but it should be mandator UID (APAR PO09926).
  • A crash might occur when an API request is manually sent to confirm a golive. The problem occurs if the mandator doesn't match the revision of the request.
  • On Administration > System > Configuration > Misc, the time in Start End of Day (EoD) job is specified in UTC instead of the user's time zone.
  • On Administration > Job Settings > Job the Daytime field for a monthly scheduled job does not show the set time zone, which might lead to a wrong input for the job schedules. Furthermore, the set time might have an incorrect offset in certain time zones (APAR PO09948).
  • Updated OpenSSL to 1.1.1u and libxml2 to 2.10.4 to address potential security issues.
  • In Investigation > Queries > Group by queries, memory usage is abnormally high if Account analysis is enabled and the Meta attribute for Account is of type text. Memory is not released even after the group by query is deleted. A crash might occur due to low memory (APAR PO10053).
  • The save button is not disabled when a save is performed. Duplicate saves might cause other problems.
  • In rare situations, non-API instances might deadlock after working queques are updated. A crash might occur if you are working with working queues while simultaneously changing working queue configurations (APAR PO09861).
  • On Cluster > System monitoring > Event log messages, the ID column is not displayed by default.
  • The default file names for the Diffie Hellman file and CA certificate file are incorrect. They are not the same as the file names that are stated in the Implementation Guide. The files are used by the API and ECI when TLS is enabled.
  • A deadlock might occur if a defined risk list is opened and written to file simultaneously (APAR PO10049).
  • Improved the performance of printing expressions to file and to the user interface. Golives might also be faster.
  • Golive is sometimes slow because invalidated revisions are unnecessarily rewritten during the process.
  • A golive on a top mandator issues the following error 0321 Revision xxx configuration error: FATAL_ERROR and deleted the invalidated revision to prevent the error from occurring again. The problem occurs if an invalidated revision of a submandator uses an attribute from a top mandator, and the attribute is deleted on the top mandator (APAR PO09992).

Minor defects and changes

The following minor defects were fixed and minor changes were made:

  • When you edit an expression that has a numeric value as it's base, the suggested drop-down list displays only numeric attributes. Also, timestamp type attributes do not display. The problem occurs throughout the user interface, for example, in Model > Rules > Conclusions, Model > Formulas, and Investigation > Queries > Conditions (APAR PO09356).
  • Configuration and user files are not loaded sorted. If there are errors when files are loaded during startup, different startup configurations might exist on different systems.
  • If the ignore_encryption debug parameter is enabled, some instances fail to start due to errors in expressions.
  • Improved performance of queries and random forest computations.
  • XML responses to transactions are malformed if Administration > Mandators > Settings > Include profiling and component statistics in model responses is enabled.
  • On instances where the API is not enabled, users cannot update bypass settings and password files for some interfaces (APAR PO09466).
  • When querying a data range that is only available in DDC for the meta attribute system time, the data selection textbox wrongly gives an error that the data from the selected date and time is not available even though the Include DDC setting is enabled. The impact is only on the user interface. The required data is retrieved after saving the page and running the query (APAR PO10009).
  • Removed MCI message format on Administration > System > Configuration > Interfaces > Message Command Interface. The removal has no functional impact.
  • When the simulation analysis runs on more than one thread, it occasionally returns an incorrect result.
  • A misleading log message is printed if you delete a mandator that is referenced by a head mandator's simulation, simulation query, or analysis data selections (APAR PO08463).
  • Improved help text and tooltip for Purge outdated entries securely on Model > Data model > Inputs > General Settings.
  • If mandator names contain ampersands, they are encoded as & in JSON responses. The problem occurs if Include profiling and component statistics in model responses is selected. The checkbox is located on Administration > Mandators > Settings.