Available patches for the platform on IBM Software Hub Version 5.3.1
Patches address known issues and security vulnerabilities. The patches in this topic can be applied to IBM Software Hub Version 5.3.1.
Patches are cumulative. If a fix is delivered in a patch, the fix is included in all subsequent patches.
The latest patches are defined in the patch-5.3.1.yaml file, which is available in the IBM/software-hub repository on GitHub.
In this topic, available patches are listed in reverse chronological order so that the most recent patch is at the beginning of the topic.
Applying patches
By default, the latest patches are automatically applied to your environment when you install or upgrade an instance of IBM Software Hub.
You can see which patches are installed on your environment by running the cpd-cli
manage
list-deployed-components command.
If you want to apply newer patches to your environment, see Applying patches to IBM Software Hub.
About platform patches
The IBM Software
Hub is comprised of
several components. The primary component of the platform is the cpd_platform. This is the component that you specify when you install or upgrade the platform.
- IBM Cloud Pak foundational services (
cpfs) - Usage Metering Service (
ibm_usage_metering) - Platform user interface (
zen) - Cloud Native PostgreSQL (
postgresql)
cpd_platform component. For example, one patch might include updates to the
following components:cpd_platformzen
And the next patch might include updates to only the postgresql component.
This document includes information about the platform components that will be updated when you apply a given patch.
Patch 4
Release date: 2026-05-06
This patch contains updates for the following components:
- IBM Software
Hub (
cpd_platform) - Version: 5.4.4
- Platform user interface (
zen) - Version: 6.4.4
- Security issues fixed in this patch
-
This patch addresses the following Common Vulnerabilities and Exposures (CVE) for the following components:
- IBM Software
Hub (
cpd_platform) -
CVE-2026-25679, CVE-2026-27137, CVE-2026-27138, CVE-2026-27139, CVE-2026-27142, CVE-2026-32280, CVE-2026-32289, CVE-2026-33186, CVE-2026-34986, CVE-2026-39883, CVE-2026-39892
CVE-2025-47914, CVE-2025-58181
CVE-2024-3727
- Platform user interface (
zen) -
CVE-2026-1229, CVE-2026-4867, CVE-2026-25679, CVE-2026-25934, CVE-2026-32280, CVE-2026-33036, CVE-2026-33671, CVE-2026-33672, CVE-2026-33750, CVE-2026-33762, CVE-2026-33816, CVE-2026-34165, CVE-2026-40175
CVE-2025-1767, CVE-2025-30204, CVE-2025-62718
CVE-2024-5321, CVE-2024-10220, CVE-2024-51744
CVE-2023-3676, CVE-2023-3955, CVE-2023-5528
CVE-2021-4238, CVE-2021-20329
- IBM Software
Hub (
- Other issues fixed in this patch
-
This patch includes fixes for the following issues:
- IBM Software
Hub (
cpd_platform) -
- After a restore, pods are scheduled by the default scheduler rather than the scheduling service
-
- Issue: If you do not manually apply the IBM Fusion recipe to the scheduling service, pods are scheduled by the default Kubernetes scheduler after a restore.
- Resolution: The recipe is automatically applied to the scheduling service.
- Platform user interface (
zen) -
- After you install or apply a 5.3.1 patch service pods might go into a
CrashLoopBackoffstate -
- Issue: If a service was not included in the patch, the pods might go into a
CrashLoopBackoffstate after they are restarted to pick up new certificates. - Resolution: The pods are restarted and use the new certificates.
- Issue: If a service was not included in the patch, the pods might go into a
- Using a custom name for the image pull secret causes installations to fail
-
- Issue: If you used a name other than
ibm-entitlement-keyfor your image pull secret, the installation failed. - Resolution: You can now use a custom name for the image pull secret.
- Issue: If you used a name other than
- After you install or apply a 5.3.1 patch service pods might go into a
- IBM Software
Hub (
Patch 3
Release date: 2026-04-22
This patch contains updates for the following components:
- IBM Software
Hub (
cpd_platform) - Version: 5.4.3
- Platform user interface (
zen) - Version: 6.4.3
- Security issues fixed in this patch
-
This patch addresses the following Common Vulnerabilities and Exposures (CVE) for the following components:
- IBM Software
Hub (
cpd_platform) -
CVE-2025-58181
- Platform user interface (
zen) -
CVE-2026-2004, CVE-2026-2005, CVE-2026-2006, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142
- IBM Software
Hub (
Patch 2
Release date: 2026-04-11
This patch contains updates for the following components:
- IBM Software Hub (cpd_platform)
- Version: 5.4.2
- Platform user interface (zen)
- Version: 6.4.2
- Cloud Native PostgreSQL (postgresql)
- Version: 1.25.6
- Security issues fixed in this patch
-
This patch addresses the following Common Vulnerabilities and Exposures (CVE) for the following components:
- Platform user interface (
zen) -
CVE-2026-27601
- Cloud Native PostgreSQL (
postgresql) -
CVE-2026-0861, CVE-2026-0994, CVE-2026-2004, CVE-2026-2005, CVE-2026-2006, CVE-2026-24051, CVE-2026-26007
CVE-2025-9086, CVE-2025-15467, CVE-2025-61726, CVE-2025-61728, CVE-2025-68121, CVE-2025-69419
- Platform user interface (
Patch 1
Release date: 2026-03-25
This patch contains updates for the following components:
- IBM Software
Hub (
cpd_platform) - Version: 5.4.1
- Platform user interface (
zen) - Version: 6.4.1
- Security issues fixed in this patch
-
This patch addresses the following Common Vulnerabilities and Exposures (CVE) for the following components:
- IBM Software
Hub (
cpd_platform) -
CVE-2026-0861, CVE-2026-26007
CVE-2025-15467, CVE-2025-68121
- Platform user interface (
zen) -
CVE-2026-25128, CVE-2026-25639, CVE-2026-25896, CVE-2026-26278, CVE-2026-26996
CVE-2025-23419, CVE-2025-55130, CVE-2025-55132, CVE-2025-59466, CVE-2025-69873
- IBM Software
Hub (