Change log
IBM® Safer Payments 6.5.0.00 includes critical, major, and minor defect fixes, APARs, and changes.
Critical defects
The following critical defects were fixed:
- In case investigation, the upload button for attachments is always deactivated and drag and drop for it does not work (APAR PO09821).
- Retrieving data for reporting attributes from transactional data during case investigation takes too long if the remote lookup index cannot be used to find the unique record IDs (URIDs). Now, the search is omitted and it is assumed that the remote lookup index provides a URID for each case. As a consequence, it is possible to see occasional empty values for some attributes if a case (alarm) does not have a value for the remote lookup index (APAR PO09813).
- Broken multivalue masterdata is erroneously detected during data deletion that involves relationship attributes (APAR PO09809).
- IBM Safer Payments hangs and some operations never finish. Certain operations, for example, disabling or changing FLI, SCI, or MCI, are more likely to cause the problem even though they themselves might not hang (APAR PO09870).
- The CPU usage of an instance can reach 100% if more realtime threads are used than the number of CPU cores (APAR PO09914).
- A crash or data corruption can occur if asynchronous mode is enabled on MCI endpoints (APAR PO09359, PO09964).
Major defects and changes
The following major defects were fixed and major changes were made:
- The unrecoverable error message Attribute reference in condition not found displays if case selection attributes are added that do not belong to the selected mandators (APAR PO09632).
- A crash might occur due to an out of memory error during computation. Now, required memory is calculated to avoid such a crash, and the peak memory usage for random forest generation is reduced (APAR PO09735).
- A crash might occur during case investigation and escalation-related operations when a golive is run in parallel (APAR PO09205).
- During startup, the iris_sql_util.so file cannot be loaded and an error message is displayed. On RHEL7, the message is /lib64/iris_sql_util.so: undefined symbol: initImpl. On RHEL 8, the message is iris_sql_util.so: cannot dynamically load position-independent executable.
- Errors about loading external fonts display in the browser debug console (APAR PO09191).
- Unconsolidated alarms can cause the application to hang during shutdown.
- CSV exports that are generated by IBM Safer Payments might trigger remote code execution when they are opened with an external stylesheet application that is vulnerable for remote code execution.
- When a malformed transaction message is received, the system issues a misleading log message that FCD data stream is faulty even though the message type is not FCD (APAR PO08856).
- For security reasons, fields for entering sensitive data now explicitly set autocomplete to off.
- Removed the version information of libraries from main.js. This change was made for security reasons.
- When a reporting query by a job is generated, the resulting report does not contain column headers. Now, the correct headers are included. In addition, CSV files that are exported from reporting queries and group by queries have the header for the grouping attribute as Grouping attribute value. Now the header is the actual name of the attribute. For both reporting queries and group by query reports, when they are used for rule performance the header of the first column is rule performance. The header is now rule.
- When a Random Forest model is created, the values for
Number of trees
andAverage depth
are switched. - In rare situations where a deadlock prevents a simulation from being stopped, it prevents the API from being disabled, which might result in two instances with an API enabled. Now, deactivation is prioritized to prevent that scenario (APAR PO09481).
- Realtime interception code for the conditions field shows an invalid verdict even with the valid code (APAR PO09484).
- Enhanced the index performance after index size is increased. Fixed a potential buffer overflow after index size is decreased (APAR PO09578).
- In rare situations, a crash occurs with external model components after a remote EMC server is enabled or disabled.
- To facilitate issue investigation, added a release string to the backtrace file (backtraces_starting_at_[InstanceID]_[YYYY-MM-DD].iris).
- Saving attributes with computation impact does not invalidate an active simulation, which results in potential access to invalid data. Now, when revision elements are saved, a warning is displayed if a simulation is active (APAR PO09525).
- Added the
SameSite=Strict
directive to the Http cookie that is set during the user login. This change was made to reduce the risk of Cross-Site-Request-Forgery (CSRF) attacks. - Data is inconsistent due to the omission of the primary instance ID in external model synchronization.
- Two options, Resolve uncached reporting attributes and Include DDC to resolve uncached reporting attributes, are missing in the user interface. Now, they are on . The default is false for new configurations. For performance reasons, the cases table now no longer shows values for reporting attributes that are not selected in the case class of the respective case (APAR PO09399).
- Some operations that require maintenance mode, for example, golives or saving a mandator, appear to hang in the user interface. Now, when a user starts an operation that requires maintenance mode (except for golives) and the instance is already in or cannot enter maintenance mode, the operation is canceled. The user is warned and must retry later. When a user starts a golive while maintenance mode is active, the golive is queued and the user is warned. Also, the maintenance mode status now displays on the cluster page and the revision information page. Help text was improved to better explain maintenance mode (APAR PO09570).
- For systems with many mandators, improved performance of queries and simulations if either all mandators are selected or if a few are selected that contain a small subset of the overall transactions (APAR PO09639).
- Fixed multiple buffer overflows:
- If the MCI incoming buffer is configured to be smaller than an incoming message, the message is written to invalid memory regions.
- If the MCI response buffer is configured to be less than 80 bytes, parts of the response are written to invalid memory regions.
- If the FLI buffer is configured to be less than 80 bytes, a buffer overflow occurs when a configuration update or transaction message is synchronized.
- If a case action is triggered from the Potential first parties section of
a collusion case, a null terminator is written to invalid memory. It occurs if the case action
message placeholder
[Firstpary]
is used and the value for the first party has the maximum length of the first party attribute. - If the IBM MQ interface is configured to use more than 256 characters for most fields, a buffer overflow occurs inside the IBM MQ library.
- On encrypted instances, a popup error might appear when a case creation page is opened.
- In rare situations, a crash might occur when a case is saved multiple times. It can happen when a CPP or memo is saved multiple times for the same case during a short timeframe, for example, by double-clicking Save (APAR PO09701).
- Removed the remote golive factor from the re-create index job page (APAR PO09682).
- A deadlock might occur if a curtailing masterdata job is run at the same time and in parallel with an update to index entries (APAR PO09664).
- Improved the performance for specific counters. Specific unnecessary computations were optimized for counters that don't calculate amount computations.
- The icon and text of the simulation progress component does not indicate that a simulation started and is undergoing initialization. Now, a distinct icon and text line makes that transition more apparent (APAR PO09601).
- A compliance list excludes records in search results if the list uses the metaphone setting and a search is done for more than one name (APAR PO09643).
- The latency report shows redundant computation element
unknown
and prints0
instead ofExternal Model
. - In rare situations, a crash occurs if an analysis is deleted while it is being accessed by another part of the code (APAR PO09724).
- In rare situations, a crash occurs if a case is exported from a cases table while the working queue is unassigned from it, for example, because a user starts investigating the case (APAR PO09223).
- Users with mask level must not see values can still see constant values in clear text in the expression fields of conditions that use encrypted attributes.
- Added an option to load encrypted file jobs that use AES-CTR as cipher. Updated the online help to use this algorithm.
- Salts for export jobs are generated with a weak random number generator on the client side, when not modified by the user. Also, if the browser is not refreshed, newly created export jobs get the same salt value.
- The default timestamp for notices is a date far in the past. Now, it is the current date and time (APAR PO09675).
- The responder URL field on the MQI configuration page is erroneously marked as required (APAR PO09727).
- A crash occurs if the application tries to save a model that is generated by the random forest generator and the user stops the generation (APAR PO09721).
- Login requests and other PA-DSS-sensitive API requests are not rejected by the server when they are sent as GET instead of as POST requests. Now, the following API requests enforce a POST request: Login, ChangeAuthAddress, InsertPin, ChangePassword, CreateDefinedRiskListImportSettings, GetCaseAction, IsPasswordValid, PathExists, Save, SendCaseActionFromPreview, SetMasterdata, SetQuickSearchCasesTablePreference, and SetUserExportPassword.
- It is possible to create reports with an invalid data range by using a script (the from date value is larger than the to date value).
- Empty double quotation marks appear in the response object if more than 10 rules are mapped from a client response (APAR PO09690).
- Now, group by queries can use all valid attributes in conditions (APAR PO09212).
- The table on the report page sometimes shows an extra column of data, which misaligns the regular columns with their headers and causes some columns not to display.
- The missed cases report includes cases whose generation time is within the selected time range, although the reference parameter is set to case closed time.
- In attribute settings, the table has incorrect data types.
- Include DDC cannot be enabled for Counters and Precedents.
- Maximum latency, FLI rate, and latency violations SAIs do not work correctly because the option for instance selection is missing in the user interface (APAR PO09751).
- A crash might occur if successive simulation reports are not explicitly canceled by clicking the Stop simulation toolbar action before the page is left. Now, simulation check report cancellation requests are automatically sent when the report page is left, regardless of the means (APAR PO09394).
- Improved restoration times on the Receiving side by optimizing the parsing functionality.
- Modified the purging mechanism to replace outdated values with constant values that are easier to compress. This change increases the performance of the restore (APAR PO09871, PO09872).
- When data is exported, the attributes that are stored only in DDC are ignored even if the includeDdc checkbox is checked. Now, data for the attributes that are stored only in DDC can be exported (APAR PO09695).
- Condition operators
same/distinct Bnet/Cnet
have no short string representation in table columns and other places. - Errors that occur when a profiling element is used in the condition of another profiling element of the same type with a later priority issue vague error messages.
- In past versions, unnecessary attributes were simulated, resulting in more memory requirements because rules and final rules were automatically added to the simulation if they change the same conclusion attribute as a rule selected for analysis. Now, only selected rules are simulated. If all rules that affect a certain attribute are required (the previous behavior), make sure to explicitly enable this attribute for simulation in .
- Creating cases manually with Boolean reporting attributes always results in a validation error.
- In rare situations, a crash occurs when simulation data selection is saved while rule generation is running.
- Added a button to the System Internals general page to export the page to a zip file.
- Extract query data functionality is missing in query result tables in the user interface. Validation for the extract query template is also missing. Now, the whole extracted data can also be copied with the Confirm button in the popup window (APAR PO09714).
- Model elements like counters and events do not display the peer index aspect attribute when the page is opened from within a challenger (APAR PO09732).
- A backtrace or crash can occur after a golive if the data from the champion to retire is accessed from a query, case investigation, and so on (APAR PO09619).
- A crash might occur when a defined risk list entry is saved while it is being computed. This problem is due to a read access violation (APAR PO09631).
- In certain situations, cases with masterdata on category attributes are not displayed in case investigations (APAR PO09780).
- When messages in JSON format are used, the server response from the message contains an
inconsistent format for the attribute
system time
compared to when messages in XML format are used. In the JSON response, changed the format fromyyyy-m-d
toyyyy-mm-dd
, so days and months with a single digit now contain a preceding 0 (APAR PO09279). - When comparing revisions, an error is issued if changes to an external model were made between these two revisions (APAR PO09896).
- An unrecoverable crash might occur if certain invalid mapping definitions are used to generate a message report or if those definitions are in use when a message is received. An example of an invalid mapping definition is a JSON element name that contains double square brackets (APAR PO09847).
- Now, data loading when a doublet is detected is only performed on the primary instance (APAR PO09815).
- Saving rule generation settings with a condition that uses an encrypted attribute fails. This problem leads to an invalid revision being sent using FLI, causing remote instances to remove all elements in that revision (APAR PO09805).
- Using retention by time can lead to increased computation latencies for huge configurations. Now, there is no difference in the computation flow between retention by records and retention by time. To limit the visibility of data to the configured retention periods, the end of day job removes outdated values from the data caches in a process called trimming. For more information, see the online help for (APAR PO09816).
- List element is shown as changed in revision comparison result if it has more than two output values, even though there is no change between these two revisions (APAR PO09760).
- When revisions are compared, the message
changedNoImpact
is shown as a comparison result for an index even though no field is shown as changed, and the index has indeed not changed (APAR PO08218). - When revisions are compared, changes to FCD mappings display only if both start and length were modified. The change is excluded if either start or length was modified (but not both). Now, the change displays if either or both start and length are modified.
- When comparing revisions and using the audit trail, the following attributes are missing: Retry mergings, Max merging attempts, Retry wait time, Update calendar profiles, and events fields for Mergings. Even if Enforce time is cleared, Tolerance days incorrectly displays in the revision compare (APAR PO07683).
- The maintenance function
create conclusion expression pair list
does not work in the user interface (APAR PO09292). - Now, additional information is logged to more closely investigate and monitor the simulation operation.
- In rare situations, a backtrace or crash occurs after a golive if the data from the champion to retire is accessed from analysis, reports, simulation, query count, or some maintenance functions.
- An error occurs when a reporting query is run with rule performance checked (APAR PO09845).
- Updated OpenSSL to 1.1.1n.
- The constants of encrypted conditions in rule or random forest generation display as encrypted values instead of clear text.
- If invalid interfaces are saved directly through the API, a backtrace is printed.
- Remote instances crash during startup after another instance prints the log message: 513 Could not initialize incoming socket for StatusControlInterface (APAR PO09878).
- The preview for case investigation attachments does not display images (APAR PO09114).
- The following elements allowed a user without the privilege to view unmasked data to create conditions to enumerate encrypted data: simulation data selection and target conditions, rule generation training and verification data selection and rule generation predefined conditions, random forest training and verification data selection, reporting query performance indicator, defined risk list entries, and defined risk list upload alert lists.
- My account preferences Ignore Cases in Search, Print view for individual elements, Copy view for expressions, and Set ignore cases as default are not saved after being saved (APAR PO09830).
- The system information page can show a wrong number of open MCI connections if multiple MCI connections get opened or closed at the same time (APAR PO09834).
- Scheduled jobs are potentially run twice instead of once (APAR PO09769).
- Documentation for maintenance function
Create conclusion expression pair list
is missing in the online help (APAR PO08906). - The timed rollover setting for calendars is not available in the user interface.
- In the formulas under model components, saving the page by using the Ctrl+S keyboard shortcut while the focus is on the expression field does not save the formula expression correctly.
- MCI bypass connections fail with a certificate error when the target MCI endpoint validates client certificates. This problem is caused by the bypass connection not sending the configured client certificate.
- The Manually set rule performance data cache sizes setting on the retention page is automatically set to false when an instance is started, and rule performance MDC and DDC retention values are set to their default values.
- Broken multivalue masterdata is erroneously detected during data deletion (APAR PO09808).
- A crash might occur when analysis is stopped multiple times (APAR PO09723).
- The user interface unnecessarily displays
is true / false
in the expression field for conclusion operators (APAR PO09630). - Deferred writing is needlessly interrupted when mandators, messages, working queues, key performance indicators, status alarm indicators, charts, case classes, case close codes, case workflows, case states, case user groups, notifications, external queries, or reminders are saved (APAR PO09594).
- In the user interface, it is not possible to set multiple emails as to address in notifications (APAR PO09398).
- Fraud mark report column references are sometimes created from challengers and invalidated revisions instead of from champions (APAR PO09846).
- Now, simulation automatically detects rule condition attributes that need DDC access and informs the user in the report (APAR PO09839).
- When manually setting the rule performance data cache sizes on the retention settings page, the manually entered capacity values for retention by records are not validated to be a multiple of 8. Since the back-end anyway rounds the capacity to be a multiple of 8, the configured capacity and the one used by the back-end might be different.
- Exporting a case table with masked data to CSV can result in incorrect columns. The defect happens when the user cannot see the masked values, and the value is smaller than 10 characters. All the characters get replaced by X, including the separator (APAR PO09674).
- Cases and case audit files on a remote instance are stored as temporary files in an arc directory rather than as case files in an inv directory when the case is transferred over FLI. As a consequence the case cannot be worked on that instance (APAR PO09831).
- Expression elements that are generated from expressions that were pasted from Excel sheets do not remove special characters (white space, newline, and so on) from the expression. The user interface might crash if more expressions are added or if the newly generated ones are sorted manually by the user (APAR PO09445).
- If any number of rules are changed within a ruleset, revision comparison displays every rule in the ruleset as changed.
- Fields that contain a message or body template are too small for most use cases. The user must manually resize them to be usable (APAR PO09818).
- For some dropdowns on several pages, for example, conditions in model elements, the text that is entered to filter the dropdown options sometimes reverts to the initial option that was selected.
- A crash occurs if a defined risk list is concurrently queried and modified (APAR PO09854).
- When extended authentication is enabled, after a user logs in with two-factor authentication, the navigation menu is not displayed. Additionally, the initially selected tab is not the Start on tab that is defined in the user's profile settings (APAR PO09796).
- The attributes that are available on the left side of merging conclusions depend on the system configuration setting Mergings may use DDC in . If the setting is not enabled, attributes that are stored only in DDC are not available in merging conclusions. In fact, the system setting should affect DDC access only for merging target conditions and termination conditions.
- In rare situations, a crash occurs when simulation data selection changes to a smaller URID range and the save hangs. Then, in the same moment, the user opens and runs a simulation report in another tab (APAR PO09850).
- SSL handshake blocks the system when it waits for the response from external server (APAR PO09605).
- In the user interface, improved the performance of the external model page (APAR PO09749).
- The filter at the top of the model components page does not initialize correctly. If the filter selection is changed, the results are not updated correctly.
- When output attribute values are included in doublet detection responses, the output values might have random data. Added a checkbox that is named Access protection for outputs. If it is selected, access protection is applied to doublet detection. Also, retry in access protection of mergings was renamed to attempt (APAR PO09868, PO09814).
- On the Own Input Attributes page, default storage options are displayed for existing inputs and outputs rather than the saved options.
- Computation results of counter and precedent on remote instance are missing when external models exist.
- The user interface might crash if an input attribute with categories is added while, at the same time, a compare revision is done.
- In rule conclusion under model revision, if the attribute's data type is anything other than numeric or timestamp and a Python function without parameters is added in the expression field, an error message displays and the conclusion cannot be saved.
- Data is inconsistent due to a defect in the index search for external model synchronization.
- A crash might occur if a broken timestamp in
YYYYDDDhhmmss
format, for example 2022000000000, is sent (APAR PO09882). - Golives can hang if there is a simultaneous case action activity in the user interface to send case actions or display case action previews (APAR PO09888).
- In rare cases, the FLI buffer gets corrupted and messages hang if the message header or the complete message exactly hit the buffer end during rollover (APAR PO09873,PO09900).
- In case investigation, actions like
Followup
andClose
cannot be completed in Case History (APAR PO09857). - Save and execute simulation query fails and stops simulation when simulation is running on a remote instance. Refresh simulation query result fails when simulation is running on remote (APAR PO09855).
- In case investigation, when an attachment comment in the attachments table is edited, the newly entered value is displayed in the table only after the page is reloaded.
- Improved message synchronization so that transactions use only a single FLI message. Up until now, IBM Safer Payments used two FLI messages to synchronize a single transaction when that transaction involved the execution of external model components. This method of synchronization led to data loss and data inconsistencies due to the complexity involved in merging the two messages. Notably, in the gap between the two FLI messages, profiling elements like counters produced wrong results by counting (or not counting) unfinished transaction records (transaction records for which the second FLI message was not yet handled).
- When a multiline value is present in the title or explanation field in the compliance list xml, only the first line of the text is displayed on the Compliance List Hits popup. The appearance of the popup for entry details is inconsistent across several pages (APAR PO09557).
- The results of group by queries and reporting queries show incorrectly formatted values for timestamp grouping attributes. Also, the results do not take the IBM Safer Payments time zone into account if the system time meta-attribute is used (APAR PO09894).
- Messages that are sent through outgoing channel configurations do not adhere to all attribute formats even if Format values is enabled. For numeric attributes, the ID formatting is ignored. For text attributes, the PAN (dashed format) formatting is ignored. Additionally, encrypted attribute values are never formatted in case action previews even if the user has the privilege to view values in clear-text. It's also not possible to configure which digit group and decimal separator should be used for the numeric formats that are working. Now these separators can be set under interface.
- If aggressive fail-over mechanisms are employed for the online data interfaces and a transaction that does not compute in a given amount of time is resent to another instance in the same cluster, multiple instances might compute the same transaction at the same time. In rare cases, both instances end up with the same transaction but with different primary instance IDs and URIDs. This leads to problems when fraud marking is performed. The likelihood of this happening is increased when external model components are used. Now, doublet detection handles these cases by correcting the primary instance and URID of the found doublet. The system always takes the smaller primary instance and the corresponding primary URID and stores them in the doublet.
- Mergings cause direct disk access even if deferred writing is enabled.
- It is not possible to send a case action by using simplified view if that view contains an encrypted, numeric attribute and the investigator is not allowed to see unmasked values.
- In case investigation, the query result table sometimes resets the table preferences if the page is refreshed (APAR PO09902).
- Report generation jobs that use outgoing channel configurations mask values of encrypted attributes according to the starting user's privileges and ignore the masking setting of the outgoing channel configuration. Jobs that are not triggered by a user always mask values and also ignore the setting of the outgoing channel configuration (APAR PO08864).
- Tables that contain cases and the Consolidated alarms table within a case display wrong values for encrypted timestamp attributes when viewed by a user with the privilege to see clear-text values.
- Case action previews and sent messages do not contain the correct values for query results or consolidated alarms that are attached to the case action if those values are masked for the investigator.
- The case action simplified view does not correctly handle masterdata values with decimals. The digits are correct but the decimal period is lost.
- Added data to the log message for corrupted FLI buffers (APAR PO09891).
- A crash might occur if rules are enabled or disabled while an analysis is running (APAR PO09910).
- Performance issues and errors occur in the user interface because queries are not correctly cleared from memory (APAR PO09920).
- If the simulation instance is set to an instance that is not the API instance, the getRevisionStatus request is forwarded to the simulation instance. It might contain trailing zeros or more characters at the end of the response that can cause 503 errors in combination with some proxies and load balancers (APAR PO09913).
- A crash might occur during rule generation if the page is refreshed at the same moment that the Stop rule generation without saving button is clicked or a rule is committed (APAR PO09885).
- Mandator memory limit is calculated with revisions that are not running (APAR PO09548).
- When a case is opened, the case history table is not displayed for the selected reporting attributes. It is displayed only after the selected reported attributes are changed (APAR PO09865).
- If an empty cookie is sent in the HTTP header, it can cause incorrect responses.
- A reporting query might access invalid memory if it runs in parallel with golive (APAR PO09901).
- The deletion of large bulk defined risk list entries is slow on the API instance (APAR PO09895).
- A crash can occur when rule generation data selection is saved multiple times (APAR PO09925).
- A crash can occur during restoration because the case service is not stopped (APAR PO09950).
- Rule generation creates too many threads, which cause real-time processing to stop for a few seconds (APAR PO09859).
- In case investigation, when an attachment comment in the attachments table is edited, the attachment comment editor does not render correctly and is not visible during editing.
- Simulation MDC is created for overwritable inputs when data for that input is already available in MDC.
- A crash occurs if a data export is run after the EOD job and it contains a condition or column attribute that is owned by a mandator who ran a logical golive before the running of the EOD job (APAR PO09912).
- A crash can occur if rule generation settings are saved while it is running (APAR PO09917).
- Masterdata update might be lost when it is transmitted by using FLI (APAR PO09940).
- The connection to IBM MQ times out if MQ definition values, for example, the channel name or queue manager name, are longer than 19 characters (APAR PO09942).
- If numerous case investigations exist, some cases do not have a working queue (APAR PO08747).
- IBM Safer
Payments closes the connection
early when it receives a
SHUT_WR
TCP message on the MCI. This can prevent sending an MCI response. It happens mostly when MCI Bypass is enabled and active (APAR PO09918). - Stopping deferred writing in system configuration or during shutdown might lead to loss of data.
- If you generate rules, and then click Explore all indicators, percentages in the Amount, Hit rate, and other columns are incorrectly rounded depending on the decimals of the attribute (APAR PO09951).
- Changes that are made to certain fields of some revision elements are not shown in the compare revision and audit trail of the model revision.
- If element generation threads are configured to be greater than one, rule generation results are not accurate, and might be different between multiple runs.
- When bypass is enabled and the MCI uses SSL, a crash might occur during a structural golive. The crash occurs if the golive takes a short amount of time, for example, a few milliseconds if it is the initial golive of a new mandator. It is caused when the instance is establishing the SSL handshake while the golive completes and shuts down the bypass connection (APAR PO09934).
- A crash might occur if simulation data selection is saved multiple times and the analysis that is included in the simulation is defined to use simulation data selection (APAR PO09935).
- In rare situations, an element can be saved with a name that is already used, which invalidates the configuration (APAR PO09938).
- In rare situations, a crash can occur after a golive when a query is started during the golive.
- Rule actions in preprocessing rules can be defined but are never run (APAR PO08429).
- An instance can hang if you stop a simulation that was started as workflow with rule designer enabled. Shut down is prevented.
- During the end of golive, external models get no response from external systems.
- At the beginning of golive, MCI does not respond even if bypass is enabled (APAR PO09960).
- At the end of golive, MCI does not respond even if bypass is enabled.
- A crash can occur if a case is opened whose masterdata uses a categorical attribute but the index node is invalid (APAR PO09931).
- A generate report job can fail if it computes a fraud mark report that processes a record that is marked as fraud by a deleted user (APAR PO09967).
- Potential security issues exist in some external statically linked server libraries. Updated Libcurl, librdkafka, libxml, opencv, lib, and zstd to the most current version.
- A crash might occur when MCI is disabled if bypass is applied earlier.
- During merging, recomputation messages are computed differently than during normal computation.
- When a merging is recomputed, the MDC oldest URID on an attribute can be set to a value before the attribute is created. Queries then contain unexpected results. Also, the MDC oldest URI is then smaller than DDC oldest URID (APAR PO09756).
- Golive is blocked due to starting bypass while MCI is inactive.
- Logs do not show who sent the signal (APAR PO09958).
- Logs for simulation show the user name.
- Realtime computation performance is slow if many outputs and mappings are processed (APAR PO09955, PO09959).
- A crash can occur if a save request for a persistent connection outgoing channel configuration is sent without a connectionPoolPriorities field.
- Primary URID and Primary Instance ID are not printed when the Outgoing Configuration Channel message is sent by a case action, and the message is not archived when delivery fails (APAR PO09949).
- After upgrading to 6.4.2.00, the first startup of an instance creates elements by using duplicate UIDs in the configuration.
- Updating a persistent outgoing configuration channel is slow.
- If an instance's bypass setting is changed, the change is not applied (APAR PO09957).
- An invalid HTTP response is returned if the simulation instance is different than the API instance and the response is larger than 3000 characters.
- In rare situations, a crash might occur on a remote instance if a model element is saved while a simulation is running on the remote instance (APAR PO09552).
- Case actions applied dashed PAN formatting to every masked value of an encrypted numeric attribute even if that attribute did not specify dashed PAN formatting in its settings.
- Case action previews showed masked values to an investigator even if that investigator was not allowed to view any values of encrypted attributes at all. This happened only if the outgoing channel configuration enabled masking of attribute values as that setting took precedence over the masking privilege of the user account. The new behavior completely ignores the outgoing channel configuration's setting within case action previews.
- A crash can occur if a simulation is started while a model element is saved.
Minor defects and changes
The following minor defects were fixed and minor changes were made:
- If the simulation of a PMML (Predictive Model Markup Language) random forest model is stopped and simulated again, the model is not simulated, which causes empty output attributes (APAR PO09236).
- Some formulas in the online help display incorrectly, for example, formulas in Summary Statistics, Masterdata, and Calendar Profiles (APAR PO09387).
- Backtraces are written to multiple different files, and old empty backtraces are not deleted during startup.
- Updated the online help as follows: removed the manual restore steps, added further information about simulation load balancing and server time zone setting, and replaced the word blacklisting with blocklisting (APAR PO09742).
- When users try to encrypt an attribute, an incomprehensible error message is sometimes displayed. The problem occurs when a rule conclusion exists that overwrites or changes the attribute in some way. Now, the error message explains the rule conclusion that is blocking the change to encryption status.
- In the Output Attributes table, the meta attribute case class displays inconsistent values.
- Refactored the UID assignment code for some elements to remove the possibility that some elements might claim more UIDs than necessary (APAR PO09025).
- Streamlined the code around the usage of conditions, internal model, random forest, and lists computation without a change to functionality.
- Number of selected items is not shown in query result table (APAR PO09738).
- Rule performance MDC/DDC sizes on the retention page can be set to bigger than the MDC/DDC sizes of the System Time meta attribute.
- Updated the online help: improved the description of Model Factory's Relax All Up Threshold.
- When one instance is restored from another, the checksum calculations for each file are slow because they are processed only by single thread.
- Improved tooltip text for Reserved RAM in System Internal > General Information, Enable extended authentication, Case consolidation, and Message for MQ Queue. Added more online help information for KPI type of FastLink message rate, Heartbeat, Case consolidation, and Message for MQ Queue. Added Reporting query to the online help. Updated the popup warning message about master key change.
- Added an option to the System configuration that allows compression to be disabled during a restore (APAR PO09872).
- Streamlined the code in PMML (Predictive Model Markup Language) without a change to functionality.
- For rebuild index, added a log message that indicates progress when nilifying large sequence attributes. For reset index, improved the log message to indicate progress. The new log messages for nilifying sequence and reset index have log ID 841 and 840, respectively. Log messages for rebuild index and reset index are now also in the console log (APAR PO09789).
- If simulation is interrupted, a false Fatal Error code might be logged.
- The Show reference button for attributes of patterns causes an error. Removed the Show reference button for counters because counters cannot have references. Also, the Show reference button for attributes of events incorrectly shows untranslated text (APAR PO09867).
- Values in the Account and Period columns incorrectly show in the reporting query results table (APAR PO09770).
- In Model, final rulesets and rules are visible even when they are not enabled in the mandator.
- The MDC or DDC storage capacities of an attribute are incorrect in the audit trail. The values of limit_mdc and limit_ddc command-line arguments are shown (if applied) instead of the capacity that the user defined.
- The audit trail report does not include MDC and DDC retention values. Now, the fields are included (APAR PO09944).
- When a retention report is generated, the user interface crashes if there is at least one error, and either rule performance MDC or rule performance DDC does not cause an error.
- The golive report and retention report can fail unexpectedly when the limit_mdc or limit_ddc command-line arguments are used to start IBM Safer Payments. The report compares the unlimited rule performance capacities with the limited system time capacities and produces an error if the former happens to be larger than the latter.
- Text is missing in the Model Rules deletion dialog.
- Improved the online help. Added information about multi-relations workflow, model revision golive, index internals, and latest latency violations. Added more details to information about batch jobs, MCI bypass, MCI XML format, and conditions. Corrected tooltip text for Show uncomputed simulation elements, CPP > Case group, Highlight CPP attributes, and Archive sent messages. Also, the error This entry must be greater than or equal to 1 is now printed if the number of records is set to 0 in query definitions.
- An unrecoverable error occurs during startup if a revision has an invalid PMML model (either the attachment is missing or it is invalid) (APAR PO09824).
- If an error occurs during the sending of a notification, log message 0361 contains an invalid path to OCCM. Now, log message 0490 is listed after log message 0361. It contains the correct OCCM path along with the case action name and case UID, if available (APAR PO08111).
- The Show on dashboard checkbox on the Administration tab does not toggle the display of Key Performance Indicator (KPI) tiles (APAR PO09794).
- PMML scorecards that do not end in a newline character cannot be imported. For cards that can be imported, there is no notification that an import was successful. There is no warning that all the rules of the ruleset for which the scorecard is being imported will be overwritten by those that are parsed from the scorecard (APAR PO09852).
- In the Outgoing channel configuration page, the Show references toolbar button displays a reference list with a nonexistent Case class reference.
- External model reference items do not have a link to a corresponding external model definition.
- When model profiling is copied, the output keeps the same name as the copy source.
- The number of active FLI connections counter can turn negative when FLI threads hang while FLI is disabled and enabled again. This in turn can cause a wrong system time output (APAR PO09790).
- The configuration page for collusion and index based evaluation case classes contains the settings Manual case creation and Highlight case alarms in queries. The settings apply only to regular case classes.
- It is not possible to delete multiple outgoing channel configurations if at least one of them is
of type HTTP. The API always responds with
NO_PRIVILEGES
and stops the deletion after it encounters the HTTP channel configuration. - When a simulation is run without attributes that require simulation, the message simulation initializing is displayed. The simulation appears to be in progress when, in fact, it is finished.
- If a master key is changed, the case class configuration is not written to disk even though case classes can use encrypted attributes in condition forms.
- Enhanced the error logging for API requests, for example, interruptions. Now, log message 0459 is written by default in the system logs.
- If the SCI communication to a remote instance fails and thus does not prevent updating a revision while a remote analysis is running, the analysis is not stopped upon the revision update (APAR PO09927).
- If space is limited in the user interface, multiselect dropdown fields sometimes do not display all options.
- Archiving case audit files when they are already archived overwrites the archived .latest case file.