Update information
IBM® Safer Payments 6.5.0.00 includes changes that might require you to take action.
Read relevant update information
Compare the current operational version to the version that you want to install. Read update information topics that are relevant to your situation.
If you install a... | Read update information topics for ... | For example, if the version changes from ... | Read update information topics for... |
---|---|---|---|
Fix pack | All fix packs between the two versions | 6.4.2.01 to 6.5.0.07 | 6.5.0.02 to 6.5.0.07 |
Major release | The target version up to the fix pack that you are installing | 6.4.x to 6.5.0.07 | 6.5.0.00 and 6.5.x up to 6.5.0.07 |
Major release and skip one major release | The major release for the skipped version and all topics in the target version up to the fix pack that you are installing | 6.3.x to 6.5.0.07 | 6.4.0.00, 6.5.0.00, and 6.5.x up to 6.5.0.07 |
Major release and skip multiple major releases | The major release for the skipped versions and all topics in the target version up to the fix pack that you are installing | 6.2.x to 6.5.0.07 | 6.3.0.00, 6.4.0.00, 6.5.0.00, and 6.5.x up to 6.5.0.07 |
If needed, see:
6.5.0.00 Update information
- Log messages 70, 71, 195, 199, and 324 are now used to log all events for keygen master keys,
keygen private keys, keygen public keys, and the new KMIP master keys. The previously used log
messages 195, 201, 325, and 511 now use log message number 70 and can no longer be configured
separately. The previously used log messages 196, 197, 198, 200, 322, 348, 365, 366, 367, and 573
now use log message number 71 and can no longer be configured separately. Log message 195 now logs
all warnings for keygen master keys, keygen private keys, keygen public keys, and the new KMIP
master keys. Update your log message settings in IBM Safer
Payments and automation to address the changes.
- A new check during startup looks for duplicate UIDs in the configuration. If duplicate UIDs are found, an error is printed to the system logs. Before you update, it is a best practice to make a copy of the configuration folder and user folder. Run the update on a separate system. Check whether duplicate UIDs errors occur on startup. If errors occur, contact IBM Support for assistance.
- A new check was added to the save API request. When a save request is sent, the UID is required twice, first as a normal property of the main request and then as a property of the data object. Previously, it was possible for these two UIDs to differ, which resulted in confusing behavior. Now, an error (REQUEST_UID_NOT_EQUAL_DATA_UID) is issued if the UIDs differ within the request. If you have scripts that use the save API request, ensure that the two UIDs that are sent in the request match.
- If you directly save a non-input attribute through the API, you must now use
output
as the stream type. Previously,input
was also accepted.
- Introduced a cluster_id startup parameter. When you update IBM Safer Payments, ensure that all instances in a cluster have the same cluster_id.
- Added more error checking for PMML files. Before you update, it is a best practice to make a copy of the configuration folder and user folder. Run the update on a separate system. Check whether errors occur when the PMML files are parsed.
- To avoid remote code execution in spreadsheet applications, CSV exports are now prepended by a
single quote when text values start with
=, +, -, @,
, tab, or return. You can still switch to the old behavior by disabling sanitize CSV exports in . - Case classes that previously used an aggregation attribute now instead use one aggregation
condition for target cases that compare the previously selected aggregation attribute on both sides.
Since the target case conditions compare the case's data on the left with the alarm's data on the
right, this condition behaves almost the same as previous versions. A notable difference is that an
alarm's case class must now also enable case consolidation or else the alarm does not consolidate.
Also, the missed cases reports were slightly changed. The configuration of case classes that are
meant to be used within missed cases reports must now set a
missed cases report index
. After the update, case classes that used an aggregation attribute with an applicable index will have that index automatically set as the missed cases report index. - The option of record purged entries is automatically enabled if the purged outdated entries is enabled.
- Since version 6.0.0.10, IBM Safer Payments has created a backtrace file every time it starts (called backtraces_starting_at_[InstanceID]_[YYYY-MM-DD].iris). This file was previously empty until a crash occurred. The file now has a line stating the version. If you have automated file management processes which move older log files to a separate directory then you should ensure that the backtrace files are not moved along with the logs. All backtrace files should stay in the logs directory, and if any of them contain more than a single line then they should be shared with IBM support.
- To use external models, it is required to have the
Primary URID
,Primary instance ID
, andURID computation complete
meta attributes and the fraud mark index. - If the Resolve uncached reporting attributes option is enabled, values are not shown for reporting attributes in the cases table that are not selected in the case class of the respective case. If you want to see more reporting attributes, enable the respective attributes in the case class. For existing cases, the values for the additional reporting attributes are loaded from transactional data. If the cases table is slow to load, disable Resolve uncached reporting attributes and Include DDC to resolve uncached reporting attributes, if they are not necessary for your use case. For more information, see the online help.
- The remote wait factor was considered redundant with the introduction of interlock. It is recommended to use interlock because it ensures that recreate index jobs are not executed in parallel on multiple instances.
- A warning was added when running encrypted import file jobs without AES-CTR, as the previously used AES-CBC had known security issues. It is recommended to switch encrypted import jobs to AES-CTR.
- Now, several API requests enforce a POST request. Scripts that use these requests must also use POST. The API requests are: Login, ChangeAuthAddress, InsertPin, ChangePassword, CreateDefinedRiskListImportSettings, GetCaseAction, IsPasswordValid, PathExists, Save, SendCaseActionFromPreview, SetMasterdata, SetQuickSearchCasesTablePreference, and SetUserExportPassword.
- After the update, model revisions that are not champions do not have the newly introduced external model mappings. When a golive is performed on these revisions, new external model mappings are created for the attributes that are owned by that revision. These are the same mappings as the ones that were automatically generated for the champion revisions but they show up as new elements in audit trails and when comparing revisions. To avoid this inconvenience, delete non-champion revisions before you do the update. After the update, create new challengers by creating new copies of the champion revisions.
- In past versions, unnecessary attributes were simulated, resulting in additional memory requirements because rules and final rules were automatically added to the simulation if they change the same conclusion attribute as a rule selected for analysis. Now, only selected rules are simulated. If all rules affecting a certain attribute are required (the previous behaviour), make sure to explicitly enable this attribute for simulation in .
- The attribute
system time
of the server response of a message of type JSON now uses the same date format as messages of type XML. This means that the format changed fromyyyy-m-d
toyyyy-mm-dd
, so days and months with a single digit now contain a preceding 0. - Now, event log message number 527 is used for error events that are related to configuration change journals. It was previously unused. Update automation scripts that use it.
- Review the definition of remote look up indexes. Ideally, the remote lookup index should provide a value for every transaction. Otherwise, it is possible to see occasional empty values for reporting attributes in case investigation (cases table, case history, case actions, external queries, CPPs) when values are not stored in the case data but need to be read from the transactional data of the case alarm. This does not affect embedded investigation queries.
- If retention by records was used and manual rule performance data cache sizes was set before the update, the rule performance capacities after the update might be slightly larger as they are now rounded up to the next multiple of 8. The application does this automatically, no user action is required. Memory requirements of the models are not affected because internally the system already used rounded up values.
- Log message 0490 now displays more often, usually in cases where 0361 was previously printed.
- After the update, transactions always use only a single FLI message for synchronization. When external model components are involved, the FLI message is sent after all external model components have been processed. This increases the time until other instances in the cluster are made aware of a transaction. If aggressive fail-over mechanisms are employed for the online data interfaces and a transaction that does not compute in a given amount of time is resent to another instance in the same cluster, the same transaction might be computed on multiple instances because neither instance can properly detect the doublet. All instances will thus perform the full computation, including the execution of external model components. You must consider the additional traffic in your external system setup. In cascaded horizontal scaling environments, where external model components are used to target other clusters, those clusters should now enable doublet detection to avoid problems caused by the same transaction being sent in from different instances of the primary cluster. When upgrading the cluster, you must disable FLI on all instances and enable it only on instances that have been upgraded.
- Added log messages 850 and 851 to monitor disk access of attributes. Log message 850 is enabled if deferred writing is enabled. No action is required if there is no external log monitoring.
- Now, report generation jobs use globally configured decimal and field separators when reports are written to an outgoing channel configuration. Previously, those settings were taken either from the user who started the job or from the default values for new user accounts for jobs that were not started manually. The new settings are on .
- When updating a cluster or a persistent connection type outgoing channel, it takes about five seconds to process after the save button is clicked. It will be improved in a future fix pack.
- Now, when a message is recomputed during merging, the computation results and the standard computation results are the same. Previously, the results were different because profilings were calculated for each mandator during recomputation. Then, formulas and rules were computed separately for each mandator. Now, formulas and rules are computed together with profilings for each mandator, which is the same process that is used during standard computation.
- Now, event log message number 527 is used for error events that are related to configuration change journals. It was previously unused. Update automation scripts that use it.
- If version 6.4.2.00 was used before the update, remove duplicate UIDs from the configuration before the first start up. Contact IBM Support for assistance.
- Added more and stricter error checking for JSON mappings. Now, mappings that were previously accepted might be rejected, which might prevent startup. After the upgrade is complete, look for error message E0526 in the startup logs. If you find the error message, return to your configuration backup. Fix the incorrect mappings and attempt the upgrade again.