Fixes are available
APAR status
Closed as program error.
Error description
In Process Portal, when details of a process instance are displayed, the URL displayed in the address bar of the browser contains a parameter, "bpdInstanceId". If this is manually modified to be a non-numeric value (for example, "abc123"), a NumberFormatException is generated, as expected; however, not only is the exception displayed, but also, the full stack trace (as would normally only be visible in the server logs). The stack trace contains details about the server and code infrastructure itself, which should not be visible to an end user.
Local fix
No Local fix
Problem summary
**************************************************************** * USERS AFFECTED: Users of BPM Advanced, BPM Standard, and * * BPM Express. * **************************************************************** * PROBLEM DESCRIPTION: In Process Portal, when details of a * * process instance are displayed, * * manually modifying the * * "bpdInstanceId" parameter in the URL * * results in a NumberFormatException * * with full stack trace displayed (only * * the exception should be displayed, * * not the stack trace). * **************************************************************** * RECOMMENDATION: * **************************************************************** There was no checking to catch an exception thrown by a method that parses the bpdInstanceId value; if the value was not numeric, the NumberFormatException was not caught and the exception and stack trace were propagated to and exposed in the Process Portal user interface.
Problem conclusion
Exception checking was put in place to more gracefully handle the NumberFormatException, resulting in an error message being displayed in Process Portal with the following format: java.lang.NumberFormatException: Not a valid char constructor input: <non-numeric value entered by user> An interim fix for Business Process Manager Version 7.5.1.1 has been published to Fix Central. Please refer to the separate file that is automatically downloaded with the interim fix for prerequisite information and installation/uninstallation instructions.
Temporary fix
Comments
APAR Information
APAR number
JR48947
Reported component name
BPM ADVANCED
Reported component ID
5725C9400
Reported release
751
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2014-01-02
Closed date
2014-02-28
Last modified date
2014-02-28
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
BPM ADVANCED
Fixed component ID
5725C9400
Applicable component levels
R750 PSY
UP
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSFTN5","label":"IBM Business Process Manager Advanced"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.5.1","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
11 October 2021