IBM Support

Fix list for IBM Connections 5.5 CR3

Preventive Service Planning


Abstract


This document lists the fixes included in IBM Connections 5.5 Cumulative Refresh 3 (CR3)

Content

Cumulative Refreshes (CRs) consists of a set of cumulative fixes for each of IBM Connections applications. For additional information on CRs, including instructions on how to download and install, please review the Update strategy for IBM Connections 5.5 document. IBM Connections 5.5 CR3 includes all fixes in IBM Connections 5.5 CR2 (LO89068), Connections 5.5 CR1 (LO88602), IBM Connections 5.5 Day1 iFix (APAR LO87330) and IBM Connections 5.5 Required February Update iFix (APAR LO87626).


Fix Central download link for the IC 5.5 CR3 package (5.5.0.0-IC-Multi-CR03-LO90858)


The fixes included in IBM Connections 5.5 CR3 are listed in this table:

APAR#ComponentProblem Description
LO90620@Mention,CommunitiesFixed an issue where in a private community, @mentioning a group only member would generate a message that the user would not be able to view the messeage
LO90492Blogs & Bookmarks & Calendar Corrected the text wrapping when an idea has 1000 or more votes
LO90620Blogs & Bookmarks & Calendar Fixed a problem in a Restricted Communities when adding a group as a member would result in the users of that group not being able to be mentioned correctly.
Blogs & Bookmarks & Calendar Reduced log noise generated by Blogs.
LO91039Blogs & Bookmarks & Calendar [IE 11]Fixed a problem with the "Add Bookmark" button from the Bookmark Tools page
LO91007Common UIReduced log noise generated by Locales that exceed 5 characters
LO89187Common UIFixed the problem where Connections Mail would not work correctly on the Search page
Common UICorrected a truncation issue with long Forum's titles
LO90376Common UIFixed a benign dojo error with custom widgets
LO91337Common UICorrected the "unable to process your request" message generated when opening a folder by selecting the left navigator
LO91811Common UICorrect the translation of Communities in Brazilian Portuguese
LO83410Common UIFixed the video thumbnail upload option when "use full path" is set for Internet Explorer
LO91775Common UIFixed the problem where Notes AS gadget was not loading correctly
CommunitiesFixed the Atom API for a new user following a community
CommunitiesCorrected an issues where tags in a Community overview did not display when the context root was customized
LO91751CommunitiesFixed a problem where groups with special characters in description would not be displayed in the search results
LO91354CommunitiesMade improvements with the Rich Content widget in a multi-node server
LO90801Custom Library/ECM Integration/Filenet CCMCorrected the Library share link where the Community name would be displayed instead of Library name
LO91811Custom Library/ECM Integration/Filenet CCMFixed an intermittent issue affecting Library "View all Files and Folders" button
LO91805Custom Library/ECM Integration/Filenet CCMEnabled ability to co-edit for Owners and Editors in the initial draft in library
LO91674Directory servicesRestored WPI lookup failover support.

In the LotusConnections-config.xml change the following setting:

FROM:
<sloc:serviceReference profiles_directory_service_extension_enabled="true" serviceName="directory"/>
TO:
<sloc:serviceReference profiles_directory_service_extension_enabled="true" serviceName="directory" profiles_directory_service_extension_failover="all"/>
LO90923Discussion ForumsCorrected a problem that caused Forums Search crawl would fail
LO90652FilesFixed an inconsistency in metadata between old and new file versions.
LO90673FilesUpdated the default Search filter in the Files application from "All Files" to "My Files"
LO90882FilesCorrected the Share File dialog would not resize correctly
FilesReturn full ACL of Files in the Mobile app
LO90456FilesFixed a display issue where scroll bars would not displayed and the footer was missing in a Community Files search
FilesCorrected an issue where multiple labels would be created for a file label
LO91259FilesFixed the problem when selecting a notification link for Wikis would generated a "page not found" message
LO91289FilesCorrected an issue with special characters that were displayed as entities in a File comment in an email notification

FilesCorrected a problem where some requests to get the image content in the Rich Content Widget would generate a 403 error
LO91017HomepageEnabled FLV files to play in the activity stream. 
LO91850Homepage,News, Forums, MobileGeneral improvement in Forums, Mobile, Homepage and News
InfrastructureUpdates to French, Basque and Russian translations
LO90965Metrics - CognosImprovements to Connections Cognos metrics for profile updates
LO90817MobileFixed the problem where Activity Section Entries were not paging properly
MobileCorrected the Activity Search Results not Displaying

MobileImplemented a new navigation ordering for the IC Mobile App
MobileProvided Quick Results and Desktop File Sync enablement settings
LO90678NewsImprovements to the News cleanup service
LO91111NewsFixed an issue that would generated the message - ORA-00904: "PERSON"."HOME_ORG_ID": invalid identifier error on running wsadmin command syncAllMembersByExtId in the log files
LO91101NewsCorrected an issue with URLs posted in Status Updates with the "#" character
LO91551NewsFixed a problem when a user comments on another user's community status update the news story reads that they have commented on their message.
LO091265NewsFixed the problem where an @mentions to a user whose name contained periods would in some cases lead to corruption of the @mention
LO91252NewsCorrected the problem where the Recent Updates feed would be empty if the Status Update widget is disabled
NewsFixed a failure in the jython call NewsActivityStreamService.updateApplicationRegistrationForEmailDigest
LO91403NewsCorrected intermittent Connections notification failures
NewsFixed the problem where a user would stop following a blog but would still receive a notification
LO92004NewsCorrected the problem where News syncAllMembersByExtId() wsadmin command unpredictably failed to make changes
LO90886ProfilesImprovements to AdminClientContext identification for SIB Event publishing
LO90471ProfilesFixed an issue in Search where it did not find an umlaut in the Profile background/experience fields
LO91348ProfilesCorrected an issue where the 'Share a file' button should not be visible when viewing the profile of a visitor
LO91922ProfilesFixed the problem when a GUID is changed (usually via TDI), the search index stills holds to profile of old GUID so a Profiles Directory query returns duplicate users, one with the new guid and one with the old guid
LO91348WaltzFixed the problem in IBM DOCS where a user could not view or edit a document after a few hours
LO90988WidgetContainer/WidgetFramework Corrected reposting a status update that wouldn't insert the actor email and displayName for access via the events spi
WidgetContainer/WidgetFramework Generated feature URIs within the gadget iFrame have always started with '//' rather than the scheme for accessing the server
LO91777WidgetContainer/WidgetFramework Added a check to prevent the Community app title to be only blank spaces

Internal Use Only




PMR#APAR#RTC #ComponentProblem Description
[B3]Day1-PackagedLO91850190869Discussion ForumsPSIRT Advisory 8021: Open Source Struts 2.3.32
[B3]Day1-PackagedLO91850190946,190950,190947MobilePSIRT Advisory 8021: Open Source Struts 2.3.32
[B3]Day1-PackagedLO91850190870Homepage,NewsPSIRT Advisory 8021: Open Source Struts 2.3.32 - Security Fix Release - Update Homepage/News

PMR#APAR#RTC #ComponentProblem Description
59,244,021,724
LO90620
185235
@Mention,CommunitiesFixed an issue where in a private community, @mentioning a group only member would generate a message that the user would not be able to view the messeage
LO90929
185851
ActivitiesStored XSS - Communities via Activities 
LO91287
186171
Activity Stream[EH] – Stored XSS - Recent Updates via Communities - Library – File Title 
94,837,442,000
LO90492
183847
Blogs & Bookmarks & Calendar Corrected the text wrapping when an idea has 1000 or more votes
59,244,021,724
LO90620
183711
Blogs & Bookmarks & Calendar Fixed a problem in a Restricted Communities when adding a group as a member would result in the users of that group not being able to be mentioned correctly.
81,470,033,724
183570
Blogs & Bookmarks & Calendar Reduced log noise generated by Blogs.
84,116,227,000
LO91039
186650
Blogs & Bookmarks & Calendar [IE 11]Fixed a problem with the "Add Bookmark" button from the Bookmark Tools page
185906
CCM/FileNet,Files,WikisUpdated translations for Basque and Russian
LO90716
182874
CKEditor[EH] Stored XSS in Rich Content App in Communities Arbitrary JavaScript may be executed in the context of another user's session.
08387,019,866 01952,070,724LO90716
183498
CKEditor[EH][KeyLogger in Communities via Rich Content App An attacker can capture keystrokes from visitors to the created Community page.
LO91483
186166
CKEditor[EH] - _blank exploit found in Connections
79,759,070,724
LO91007
185481
Common UIReduced log noise generated by Locales that exceed 5 characters
28,889,756,000
LO89187
178837
Common UIFixed the problem where Connections Mail would not work correctly on the Search page
777,070,724
186779
Common UICorrected a truncation issue with long Forum's titles
17,194,122,000
LO90376
183302
Common UIFixed a benign dojo error with custom widgets
1,632,070,724
LO91337
189772
Common UICorrected the "unable to process your request" message generated when opening a folder by selecting the left navigator
63384,999,631LO91811190731Common UICorrect the translation of Communities in Brazilian Portuguese
50162,122,000LO83410190278Common UIFixed the video thumbnail upload option when "use full path" is set for Internet Explorer
81921,033,724LO91775190726Common UIFixed the problem where Notes AS gadget was not loading correctly
LO91139
186137
CommunitiesSecurity issue in Communities 5.5
LO91097
186328
Communities[EH] – Stored XSS (Subcommunity Name) 
186492
CommunitiesFixed the Atom API for a new user following a community
06803,L6Q,000
188885
CommunitiesCorrected an issues where tags in a Community overview did not display when the context root was customized
20733,003,756LO91751190548CommunitiesFixed a problem where groups with special characters in description would not be displayed in the search results
LO91354
187280
CommunitiesMade improvements with the Rich Content widget in a multi-node server
387,070,724
LO90585
184243
Community CalendarFixed an issue where some warning message were not displayed in a Community Event.
186849
Community CatalogDOM Based Cross-Site Scripting found in Connections application - Administrator.
LO90930
186035
Core - Common servicesUpdating the default ACF rules in acf-config-nf-flash.xml to fix security issue
LO91611186947 188314 175669Core - Common servicesUpdating the default ACF rules in acf-config-nf-flash.xml to fix security issue

[B3]Day1-PackagedLO91850190870Homepage,NewsGeneral improvement in Forums, Mobile, Homepage and News
87,846,112,848
LO90801
185003
Custom Library/ECM Integration/Filenet CCMCorrected the Library share link where the Community name would be displayed instead of Library name
88386,082,000LO91811190588Custom Library/ECM Integration/Filenet CCMFixed an intermittent issue affecting Library "View all Files and Folders" button
23701,082,000 ????LO91805186221Custom Library/ECM Integration/Filenet CCMEnable ability to co-edit for Owners and Editors in the initial draft in library
33,643,227,000
LO91674
190192
Directory servicesRestored WPI lookup failover support.
83253,L6Q,000LO90923
185994
Discussion ForumsCorrected a problem that caused Forums Search crawl would fail
186037
Discussion Forums XSS found in Forums (Firefox Only) | Move topic -- Need fixed for IC5.5 and earlier releases
LO91033
186412
Discussion Forums[EH] - Stored XSS found in Connections Forums
LO91239
186515
Discussion Forums[EH] - Stored XSS in Forum Tags


186445Discussion Forums[EH] –  Remote Browser Takeover via Connections HTML Injection

LO91791186243Discussion Forums[EH] - Cookies without Secure Flag Set
187090
Embedded Experience [EH] – Stored XSS (Library File - Comment) 
LO91609
187090
Embedded Experience [EH] – Stored XSS (Library File - Comment) 
85,947,211,788
LO90652
184575
FilesFixed an inconsistency in metadata between old and new file versions.
8,826,082,000
LO90673
184228
FilesUpdated the default Search filter in the Files application from "All Files" to "My Files"
87,553,122,000
LO90882
185442
FilesCorrected the Share File dialog would not resize correctly
ABN AMRO critisit 237056
185116
FilesReturn full ACL of Files in the Mobile app
85,287,211,788
LO90456
###########
FilesFixed a display issue where scroll bars would not displayed and the footer was missing in a Community Files search
###########
FilesCorrected an issue where multiple labels would be created for a file label
#LO91259
186310
FilesFixed the problem when selecting a notification link for Wikis would generated a "page not found" message
52,926,442,000
LO91289
187929
FilesCorrected an issue with special characters that were displayed as entities in a File comment in an email notification


190964FilesCorrected a problem where some requests to get the image content in the Rich Content Widget would generate a 403 error
40,573,999,806
LO91017
186066
HomepageEnabled FLV files to play in the activity stream. 
LO91399
186134
Homepage[EH] – CSRF protection bypass in Admin - Apps (X-Update-Nonce parameter) 
188683
Infrastructure/Configuration issuesUpdates to French translation
69,260,004,000
LO90965
185315
Metrics - CognosImprovements to Connections Cognos metrics for profile updates
78,531,070,724
183060
Migration[Communities] Old status updates are gone
21,553,211,788
LO90817
185530
MobileFixed the problem where Activity Section Entries were not paging properly
186372
MobileCorrected the Activity Search Results not Displaying


190688MobileImplemented a new navigation ordering for the IC Mobile App
190392
MobileProvide Quick Results and Desktop File Sync enablement settings
93,622,227,000
LO90678
184534, 172648
NewsImprovements to the News cleanup service
LO91098
186058
News[EH] – Stored XSS (Admin – Edit App - URL Address)
PMR 79513,070,724 LO91111
186516
NewsFixed an issue that would generated the message - ORA-00904: "PERSON"."HOME_ORG_ID": invalid identifier error on running wsadmin command syncAllMembersByExtId in the log files
42,229,122,000
LO91101
187115
NewsCorrected an issue with URLs posted in Status Updates with the "#" character
1,345,070,724
LO91551
187518
NewsFixed a problem when a user comments on another user's community status update the news story reads that they have commented on their message.
52,486,999,858
LO091265
187520
NewsFixed the problem where an @mentions to a user whose name contained periods would in some cases lead to corruption of the @mention
LO91608
186072
NewsStored XSS (Admin – Edit App – OpenSocial Gadget – Service Mapping)
87,089,077,724
LO91252
187009
NewsCorrected the problem where the Recent Updates feed would be empty if the Status Update widget is disabled
861,070,724
186789
NewsFixed a failure in the jython call NewsActivityStreamService.updateApplicationRegistrationForEmailDigest
02119,69G,760LO91403
188702
NewsCorrected intermittent Connections notification failures
184567
NewsFixed the problem where a user would stop following a blog but would still receive a notification
03031,070,724LO92004189906NewsCorrected the problem where News syncAllMembersByExtId() wsadmin command unpredictably failed to make changes
94,693,082,000
LO90886
179590
ProfilesImprovements to AdminClientContext identification for SIB Event publishing
591,070,724
LO90471
186792
ProfilesFixed an issue in Search where it did not find an umlaut in the Profile background/experience fields
LO91238
186857
Profiles[EH] – Verbose Error Messages in Connections application.
LO91610
187144
ProfilesThis fixes both RTC 187144 & 187143 by removing the dangerousurlnonce URL param from the URL 
80,016,021,724
LO91348
189025
ProfilesCorrected an issue where the 'Share a file' button should not be visible when viewing the profile of a visitor
83535,033,724LO91922190640,ProfilesFixed the problem when a GUID is changed (usually via TDI), the search index stills holds to profile of old GUID so a Profiles Directory query returns duplicate users, one with the new guid and one with the old guid
8,491,022,724
LO91348
187429
WaltzFix the problem in IBM DOCS where a user could not view or edit a document after a few hours
32,919,756,000
LO90988
185439
WidgetContainer/WidgetFramework Corrected reposting a status update that wouldn't insert the actor email and displayName for access via the events spi
90,187,227,000
185942
WidgetContainer/WidgetFramework Generated feature URIs within the gadget iFrame have always started with '//' rather than the scheme for accessing the server
01137,070,724LO91777190463WidgetContainer/WidgetFramework Added a check to prevent the Community app title to be only blank spaces
LC 187585LO91322
187585
WikisExternal Service Interaction in Wikis save new page ( xml content parameter)

[{"Product":{"code":"SSYGQH","label":"IBM Connections"},"Business Unit":{"code":"BU003","label":"Collaboration Solutions"},"Component":"Install","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"5.5","Edition":""}]

Document Information

Modified date:
16 June 2018

UID

swg21999584