IBM Support

JR48947: IN PROCESS PORTAL, STACK TRACE INFORMATION IS DISPLAYED FOR NUMBERFORMATEXCEPTION (NON-NUMERIC INSTANCE ID)

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • In Process Portal, when details of a process instance are
    displayed, the URL displayed in the address bar of the
    browser contains a parameter, "bpdInstanceId".  If this is
    manually modified to be a non-numeric value (for example,
    "abc123"), a NumberFormatException is generated, as expected;
    however, not only is the exception displayed, but also, the
    full stack trace (as would normally only be visible in the
    server logs).  The stack trace contains details about the
    server and code infrastructure itself, which should not be
    visible to an end user.
    

Local fix

  • No Local fix
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  Users of BPM Advanced, BPM Standard, and    *
    *                  BPM Express.                                *
    ****************************************************************
    * PROBLEM DESCRIPTION: In Process Portal, when details of a    *
    *                      process instance are displayed,         *
    *                      manually modifying the                  *
    *                      "bpdInstanceId" parameter in the URL    *
    *                      results in a NumberFormatException      *
    *                      with full stack trace displayed (only   *
    *                      the exception should be displayed,      *
    *                      not the stack trace).                   *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    There was no checking to catch an exception thrown by a
    method that parses the bpdInstanceId value; if the value was
    not numeric, the NumberFormatException was not caught and the
    exception and stack trace were propagated to and exposed in
    the Process Portal user interface.
    

Problem conclusion

  • Exception checking was put in place to more gracefully handle
    the NumberFormatException, resulting in an error message being
    displayed in Process Portal with the following format:
    
    java.lang.NumberFormatException: Not a valid char constructor
    input: <non-numeric value entered by user>
    
    An interim fix for Business Process Manager Version 7.5.1.1 has
    been published to Fix Central.  Please refer to the separate
    file that is automatically downloaded with the interim fix
    for prerequisite information and installation/uninstallation
    instructions.
    

Temporary fix

Comments

APAR Information

  • APAR number

    JR48947

  • Reported component name

    BPM ADVANCED

  • Reported component ID

    5725C9400

  • Reported release

    751

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2014-01-02

  • Closed date

    2014-02-28

  • Last modified date

    2014-02-28

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    BPM ADVANCED

  • Fixed component ID

    5725C9400

Applicable component levels

  • R750 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSFTN5","label":"IBM Business Process Manager Advanced"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.5.1","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
28 February 2014