Update information
IBM® Safer Payments 6.6.0.00 includes changes that might require you to take action.
Read relevant update information
Compare the current operational version to the version that you want to install. Read update information topics that are relevant to your situation.
If you install a... | Read update information topics for ... | For example, if the version changes from ... | Read update information topics for... |
---|---|---|---|
Fix pack | All fix packs between the versions | 6.6.0.00 to 6.6.0.04 | 6.6.0.01 up to 6.6.0.04 |
Major release | The target version up to the fix pack that you are installing | 6.5.x to 6.6.0.04 | 6.6.0.00 and 6.6.x up to 6.6.0.04 |
Major release and skip one major release | The major release for the skipped version and all topics in the target version up to the fix pack that you are installing | 6.4.x to 6.6.0.04 | 6.5.0.00, 6.6.0.00, and 6.6.x up to 6.6.0.04 |
Major release and skip multiple major releases | The major release for the skipped versions and all topics in the target version up to the fix pack that you are installing | 6.3.x to 6.6.0.04 | 6.4.0.00, 6.5.0.00, 6.6.0.00, and 6.6.x up to 6.6.0.04 |
If needed, see:
6.6.0.00 Update information
- Removed support for Red Hat® Enterprise Linux® 7 (RHEL 7) and Oracle Linux 7 in 6.6.0.00 and higher. Before upgrading to 6.6.0.00 or higher, first upgrade to Red Hat Enterprise Linux 8 (RHEL 8).
- Removed support for TLS 1.0 and 1.1. Now, IBM Safer Payments supports only TLS 1.2 and higher. Before upgrading, review all external network connections to and from IBM Safer Payments that use TLS. Ensure that they use at least TLS 1.2. Before the update, disable TLS 1.0 and 1.1 on the API and MCI. For instructions, see the IBM Safer Payments Implementation Guide.
- If IBM MQ is used, it is a best practice to set MQGET Timeout to a low value. The default is 100 milliseconds. It should not be more than 3000 milliseconds. If MQGET Timeout is too high, delays occur during shutdown, restore, golives, and cluster changes because IBM MQ interface is deactivated for these actions. Also, all other operations on the user interface are blocked during the delay.
- Introduced a user-configurable search depth. It is used for tuning the system performance regarding the remote lookup index search. It defines the maximum number of records that are checked on the index sequence when it searches for the target record.
- Broken query files no longer prevent a startup. Also, erroneous files that cannot be loaded during startup are now renamed from xxx.iris to xxx.error. Log message 856 is written.
- PMML files that are larger than 500 MB can now be uploaded. Parsing PMML files can temporarily but significantly increase memory consumption on the server side. The increase is larger for larger files.
- If MCI bypass is enabled and active, the instance now responds with status
Ok/Bypass
instead of the actual instance status. This usually happens during golive or other maintenance mode activities. Also, the instance no longer mixes different headers. If an HTTP header is sent, IBM Safer Payments uses only this information for bypass forwarding. - The getIndexedAttributes API endpoint now requires a type specifier be sent with HTTP requests. It can be one of the following values: caseClass, masterdata, or extendedMasterdata. After the upgrade is finished, configure the optional extended masterdata query feature if you want to use it. Set the new Run extended masterdata queries role privilege. It is located under Investigations on . Set the new Enable for masterdata query conditions checkbox on . Set the new Enable for masterdata query conditions checkbox on . After it is configured, the new menu item, , displays. Be aware that enabling the feature duplicates the amount of memory that is used by the indexes and the masterdata.
- Previously, if retention by time was used, empty DDC files were created for attributes that are not stored. The problem is now fixed but it is best to remove the DDC files from the file system. Use the file name to identify the DDC files for attributes. The files contain the attribute UID in their file name.
- If you encountered problems with attribute purging before the update (log message 520), force a full purge of all affected attributes after the update. First, create a challenger revision and deactivate purging for each affected attribute. Then, activate purging again and perform a golive. A full purge is performed during the next end of day job. All the old transaction records are securely deleted from memory and disk.
- During the upgrade, it is not possible to create a new mandator while different instances are on different versions. If you need to create a new mandator, wait until all instances are upgraded.
- To improve defense against a Slowloris DOS attack, set the following new
fields:
- Click and click an instance.
- On the Enable incoming connection limit. Enter a connection threshold in Incoming connection limit. tab, select
- Repeat on the tab.
- Repeat for other instances.
- The fields lockTimeoutSeconds and lockTimeoutCountdownThresholdSeconds in the saveSettings request have been renamed to activityBasedSessionTimeoutSeconds and activityBasedSessionTimeoutCountdownThresholdSeconds.
- On Enforce default timestamp checkbox. When selected, users cannot choose a different fraud timestamp when they are marking queries as fraudulent. Review this setting after you upgrade. In most scenarios, it is a best practice to turn it on. , added the
- The API query that uses the
&Request=
syntax now always adds the from timestamp and to timestamp if they are passed in. The change does not affect the standard ExecuteQuery API function, which is the standard way to execute a query through the API. - Removed the Pretty print JSON response checkbox on . All JSON responses are now sent minified.
- Previously, there was a mandator parameter that needed to be sent in with the confirmGolive API request. This parameter is no longer used.
- Improved the function that converts a time string to a UTC timestamp. Its results were incorrect in certain time zones. The function is used by the jobs scheduler for monthly jobs, group by queries, reporting queries, and certain merchant monitoring reports (ones with intervals in the reports). If you use these features and are in a time zone with a 30-minute offset, for example, Portugal, your results after the upgrade will be slightly different. In particular, you might need to change the time of your monthly jobs.
- On Output attribute setting. Now, the output attribute must be a numeric without decimals. Also, certain meta attributes (primary instance ID, primary record ID, and message type ID) cannot be selected for the output attribute. If you have an output attribute that does not meet the new validation requirements, an error is logged during startup and the defined risk list is not loaded. Review and update the defined risk list output before installing the upgrade. , improved the validation rules for the
- Before performing the upgrade, disable FLI on existing instances. The existing version cannot handle the FLI message for deleting/enabling/disabling the defined risk list entry from the new version.
- In the model factory, rule generation scenarios that consider existing intercepts in their data selection algorithm have been updated to use the intercept value from production data rather than the simulated value. Also, the model factory's Rule generation scenario dropdown includes a new option that is named consider existing intercepts but ignore already defined rules of this model revision.
- On Output attribute setting. Now, the Output attribute must be numeric and have no decimals. If you have an output attribute that does not meet the new validation requirements, an error is logged during startup and the compliance list is not loaded. Review and update the compliance lists before you install the upgrade. , improved the validation rules for the