IBM Support

Fix List for Sterling B2B Integrator V6.0

Product Documentation


Abstract

This page contains comprehensive fix information for all Fix Packs released for Sterling B2B Integrator and Sterling File Gateway V6.0 and later.

Content

IBM periodically releases fix packs for download to resolve issues in Sterling B2B Integrator. All Sterling B2B Integrator customers should download the most recently available fix pack and apply it to their environments.
All fix packs are cumulative. Download the most recently available fix pack for the current release, then review all the fix information on that tab to fully understand the package you are downloading and installing.

Follow these steps to update your system:

  1. Download the fix pack from Fix Central.
  2. Install the fix pack on each node in your environment. Remember that a node outage is required. You should apply the fix pack to your test environment first and run regression tests against it before applying it to production.

Mod Pack (V6.0.0.0)
Link Date Released Status
 Download

Security Fixes

APAR Description
IT19020 When installing IBM Sterling B2B Integrator using IIM, a temporary silent installation file containing clear text passwords is created.

Regular Fixes

APAR Description
IT24560 SOA outbound security service creates a corrupted Subjectkeyidentifier entry for short subject keys.
IT24323 Add aes-ctr support that is FIPS compliant in IBM Sterling B2B Integrator.
IT19818 XSS vulnerability in the queuewatcher.
IT25571 Perimeter Server should allow the user to set keepalive values.
IT25347 The tuning.properties are overwritten with the default values.
IT24202 Cannot use "ws" in the host name of the IBM Sterling B2B Integrator Cluster environment.
IT24502 The workflowlauncher.sh/cmd returns invalid wfstatus = -1 when the wf_id exceeds 2152047493.
IT24548 The Alert service fails when the workflow id is greater than 2147483648.
IT20159 The column in table used for Connect:Direct Server Adapter is set to small for large workflows (over 10 digits)).
IT19004 Upgrade to V5261 fails but the logs do not provide any information about the failure.
IT19018 IBM Sterling B2B Integrator gets installed to <installlocation>\install when using IIM.
IT17399 Sap suite 3 idoc metadata builder allows passwords only with a maximum of 8 alphanumeric characters and upper case letters.
IT20158 Connect:Direct Server session sets workflow ID incorrectly in the session record when the workflow ID has 10 or more digits.
IT16890 Run .sh reports "gdha_start_script: not found" after installing the  module.
 

Fix Pack 1 (V6.0.0.1)
For instructions on installing a fix pack, refer Applying a Fix Pack topic of Sterling B2B Integrator Knowledge Center.
Link Date Released Status
No Longer Available

Note: This Fix Pack also contains APAR fixes from 5.2.5_19, 5.2.6.3_9, and 5.2.6.4 releases.

Security Fixes

APAR Description
IT26305 SECURITY VULNERABILITY: UN ENCRYPTED LOGIN REQUEST
IT19755 SECURITY VULNERABILITY - XML ENTITY EXPANSION (BILLION LAUGHS ATTACKS) LEADS TO DENIAL OF SERVICE

Regular Fixes

APAR Description
IT26692 THE STOPASI.SH DOES NOT STOP THE IBM STERLING B2B INTEGRATOR APPLICATION                                                 
IT27004 THE GRAPHICAL BUSINESS PROCESS MODELER IS NO LONGER ABLE TO  LIST THE BUSINESS PROCESSES                                  
IT28207 THE IBM STERLING B2B INTEGRATOR DASHBOARD RETURNS UNEXPECTEDLY TO THE HOMEPAGE AFTER A WHILE  
IT27848 AFTER UPGRADING TO V6.0.0.0, THE SFTP CLIENT PUT STEP IS STUCK IN WAITING_ON_IO STATE                                         
IT27955 EXIT ERROR OCCURS WHEN LOGGING OUT OF IBM STERLING FILE GATEWAY V6.0 USING GOOGLE CHROME                                       
IT27881 VULNERABLE TO NON-PERSISTENT CROSS SITE SCRIPTING ATTACKS IN GETTING OFFER DETAILS ON EBICS SERVER                       
IT27878 VULNERABLE TO NON-PERSISTENT CROSS SITE SCRIPTING ATTACKS IN GETTING CONTRACT DETAILS ON EBICS SERVER                                           
 

Fix Pack 2 (V6.0.0.2)
Link Date Released Status
No Longer Available

Note: This Fix Pack also contains APAR fixes from 5.2.5_20, 5.2.6.3_10, and 5.2.6.4_1 releases.

Security Fixes

APAR Description
IT26305 SECURITY VULNERABILITY: UNENCRYPTED LOGIN REQUEST  
IT29305 SECURITY VULNERABILITY-PATH TRAVERSAL

Regular Fixes

APAR Description
IT29122 HTTP SERVER REQUESTS HANGS AND THE NUMBER OF ACTIVE CONNECTIONS GROWS IN THE PERIMETER SERVER LOG                             
IT29363 THE EDI CORRELATION SCREEN SHOWS BROKEN IMAGES
IT29025 USER ACCOUNT SERVICES UPDATE API DOES NOT SET AUTHENTICATION TYPE TO "BOTH"                                             
IT28879 UNWANTED DATA IS POPULATED IN THE IBM STERLING B2B INTEGRATOR DASHBOARD URL                                                
IT28552 AWS S3 CLIENT GET OPERATION RECEIVES ONLY 1024 BYTES OF DATA EVEN IF THE FILE SIZE IS HIGHER          
IT28553 AWS S3 CLIENT PUT SERVICE SENDS THE WRONG REGION NAME IN THE AUTHORIZATION HEADER                                     
IT27109 B2BI4SPE PROCESS DATA BY DOCUMENT ENHANCEMENT NEEDS FIX FOR BACKWARD COMPATIBILITY WITH OLDER SPE VERSIONS               
IT28203 IBM STERLING FILE GATEWAY ROUTE BY PRODUCER DETAIL REPORT DOES NOT FILTER BASED ON PRODUCER OR CONSUMER                      
IT28644 AFTER UPGRADE FROM V5.2.5 TO V6.0.0.1, THE NAMESPACE XMLN ATTRIBUTE IS MISSING AND DOCTODOM DOES NOT WORK CORRECTLY 
IT27454 UNABLE TO LOAD THE TUNING WIZARD ON NODE2 OR HIGHER FOR IBM STERLING B2B INTEGRATOR V6.0 CLUSTER ON WINDOWS SERVER     
IT26815 IN IBM STERLING B2B INTEGRATOR V6.0.0.0, THE LIST OF HALTED Bps (FROM TROUBLESHOOTER) DISPLAYS AN EMPTY PAGE                  
IT28845 MAP TEST UTILITY FOR IBM STERLING B2B INTEGRATOR V6.0 DOES NOT EXECUTE DUE TO INCORRECT JAVA VERSION IN REGISTRY             
IT27076 UNABLE TO IMPORT CONTRACT WITH AN EMPTY SCI_CONTRACT_EXTNS XML TAG                                                         
 

Fix Pack 3 (V6.0.0.3)
Link Date Released Status
No Longer Available

Note: This Fix Pack also contains APAR fixes from 5.2.6.3_11, 5.2.6.4_2, and 5.2.6.5 releases.

Regular Fixes

APAR Description
IT30098 THE IBM STERLING B2B INTEGRATOR UI ALLOWS BPs WITH NAMES LONGER THAN 30 CHARACTERS BUT THE CREATE WORKFLOW API RESTRICTS TO 30

IT29554

LDAP AUTHENTICATION FAILS IN V6.0.1 WITH CERTAIN ENCRYPTED STRINGS                                                        
IT29751 JMS1.1 ASYNC RECEIVE ADAPTER IN IBM STERLING B2B INTEGRATOR 6.0.0.1 FAILS TO CONSUME MESSAGES FROM IBM WEBSPHERE MQ SERVER
IT29511 DURING ENVELOPING, WHEN ACKNOWLEDGEMENTDETAILLEVEL IS NOT DEFINED, IT DEFAULTS TO "GROUP". CORRECT DEFAULT SHOULD BE "DATA ELEMENT"  
IT29890 THE PROPERTYUI.WAR CONTAINS THE OLD OJDBC7.JAR DRIVER AFTER YOU UPGRADE FROM V5.2.6.3 TO V6.0.1
IT29932 ERROR IN PERIMETER LOG FILE AFTER UPGRADE TO V6.0.0.0
IT29358 CRYPTOGRAPHIC MESSAGE SERVICE DISPLAYS AN ERROR AFTER YOU
UPGRADE TO IBM STERLING B2B INTEGRATOR V6.0.0.0
IT27099 MAILBOX EXTRACT SERVICE PULLS INCORRECT DATA FROM GLOBAL MAILBOX

Fix Pack 4 (V6.0.0.4)
Link Date Released Status
Download

Note: This Fix Pack also contains APAR fixes from 5.2.6.3_13 and 5.2.6.4_3 releases.

Security Fixes

APAR Description
HOST HEADER MANIPULATION IN IBM STERLING B2B INTEGRATOR
IT30099 SQL INJECTION IN ACCOUNT INFO PAGE

Regular Fixes

APAR Description
IT29794 UNHANDLED EXCEPTION OCCURS IN THE LOCAL LISTENER
IT30393 IBM STERLING B2B INTEGRATOR READ SCHEDULE API RETURNS A 400 ERROR
IT30669 THE NOAPP.LOG IS FILLED WITH OPSSERVERRMIIMPL.GETWFTHREAD AND   
WF_ID IS NULL MESSAGES                                         

Fix Pack 5 (V6.0.0.5)
Link Date Released Status
Download
Note: This Fix Pack also contains APAR fixes from 5263_15 and 5265_2 releases.

Security Fixes

APAR Description
IT32838 SPE REMOTE MAP TEST SSL ERROR VERSION OF JAVA RUNTIME DOES NOT  
SUPPORT THE TLS VERSION ON THE SERVER  

Regular Fixes

APAR Description
IT28643 UNABLE TO CUSTOMIZE COLOR OF LOGIN FORM AFTER UPGRADING TO V6.0.0
IT29356 SIGNING OUT OF IBM MYFILEGATEWAY IN IBM STERLING B2B INTEGRATOR     
V6.0.1.0 USING GOOGLE CHROME DISPLAYS AN ERROR   
IT29400 GENCSR.SH DOES NOT WORK FOR CREATING A CERTIFICATE SIGNING      
REQUEST WITH SCIKS STORE TYPE                                       
IT29731 MAP TEST UTILITY COMPLETES SUCCESSFULLY WITH INCORRECT          
USER ID AND PASSWORD  
IT29794 UNHANDLED EXCEPTION OCCURS IN THE LOCAL LISTENER
IT29913 WITH NIST STRICT COMPLIANCE ENABLED SSH ECDSA-SHA2-NISTP256 KEY
OF LENGTH 256 IS NOT SUPPORTED
IT31598 CODELISTS AND SCHEDULES UI ISSUES WITH THE LATEST VERSION OF    
CHROME                                                          
IT31879 SINGLE SIGN ON BETWEEN IBM STERLING FILE GATEWAY AND B2B        
INTEGRATOR DASHBOARD IS NOT WORKING 
IT32158 READ AND UPDATE SCHEDULE API DISPLAY WRONG RESULTS WHEN SCHEDULE
RUNS MULTIPLE TIMES IN A DAY                                    
IT32627 LWJDBC WITH ORACLE SYS_GUID() QUERY RETURNING DIFFERENT RESULT                                          
IT33102 UNABLE TO EXPORT SYSTEM CERTIFICATES WHEN FIPS MODE IS ON                
IT32647
LWJDBC WITH ORACLE SYS_GUID() QUERY RETURNING DIFFERENT RESULT 
IT33394 UPDATE DOCUMENTINPUTSTREAM AVAILABLE() METHOD FOR USE BY LARGE FILE INPUT SIZE
IT31933 ISA/ISE DOCUMENTS SHOWING UP IN ITXA UI WHEN SPE DEENVELOPE SERVICE IS USED  
IT31959 INSTANCE DATA SCREEN SHOWS USER DOES NOT HAVE PERMISSION WHEN 
NAVIGATING A WORKFLOW ID THROUGH OPERATIONS -> THREAD MONITOR  

Fix Pack 6 (V6.0.0.6)
Link Date Released Status
 No Longer
Available

Note: This Fix Pack also contains APAR fixes from 5265_3 releases.

Security Fixes

APAR Description
IT35207 CDSA SECURE+ SESSIONS CONFIGURED WITH ECDSA-BASED CIPHERS FAIL  
AFTER UPGRADING FROM 6.0.3.0 TO 6.0.3.3  
IT35358 CAN MODIFY THE HTTP POST REQUEST AND FILL MALICIOUS VALUE IN THE
DATABASE AND CAN ACCESS INFORMATION IN EBICS                    
IT35351 SQL INJECTION IN PAGEEBICSCLIENT.GUI.HAC.PROFILELIST                                                           
IT35353 CAN MODIFY THE HTTP POST REQUEST AND FILL THE MALICIOUS VALUE IN THE DATABASE
IT35354 ADDITIONAL SQL CODE IS EXECUTED IF EBICS CLIENT GET HTTP COMMUNICATION IS MALICIOUSLY INJECTED                                
IT35355 CAN INTERCEPT AND MODIFY THE HTTP POST REQUEST AND FILL THE MALICIOUS VALUE IN THE DATABASE                                     
IT35356 ADDITIONAL SQL CODE IS EXECUTED IF EBICS CLIENT GET HTTP COMMUNICATION IS MALICIOUSLY INJECTED                               

Regular Fixes

APAR Description
IT34225 HTTP SERVER ADAPTER RETURNING 200 RESPONSE FOR TRACE COMMAND WITH INVALID URI
IT24992 SLOW PROCESSING OF DMI VISIBILITY EVENTS   
IT24988 MDN PARSING SERVICE ERRORS ON EXPERIMENTAL HEADER 
IT24979 CROSS-SITE SCRIPTING ISSUE IN IBM STERLING B2B INTEGRATOR DASHBOARD
IT24938 OBSCURE DATA SERVICE REVEALS REAL PASSWORD IN LOG FILES WHEN    
DEBUG IS ON                                                     
IT24832 SWIFTNET7: GREEN LIGHT FOR FAILED SWIFTNET7FILEACTFETCH, IF HTTP
CONNECTION TO MEFG IS BROKEN                                   
IT24705 PASSWORD TRANSFERRED WITHOUT ENCRYPTION IN XML  
IT24588 ENHANCEMENT REQUEST FOR PERFORMANCE OF BP MONITORING WITH XPATH 
IN ICC                                                          
IT24583 RFE: WHITELIST FUNCTION FOR ICC & IBM STERLING B2B INTEGRATOR BUSINESS PROCESS INCLUSION                           
IT24279 SECURITY VULNERABILITY: THE JSESSIONID IS DISPLAYED IN THE URL 
IN IBM STERLING FILE GATEWAY VIEW                              
IT24138 EXECUTING SAPCLASS.SH/.CMD FROM THE COMMAND LINE DOES NOT ADD   
THE SEGMENT VERSION TO THE RESULTING DDF FILE
IT23786 TRAFFIC BY PROTOCOL REPORT AND THE COMMUNICATION SESSION        
DETAILS FOR INBOUND SFTP SESSION, THE PRINCIPAL IS MISSING      
IT16643 SUPER USERS BLOCKED FROM ACCESSING IBM STERLING B2B       
INTEGRATOR PROTOCOL ADAPTERS                                    
IT20250 AN ERROR OCCURS IN THE VISIBILITY.LOG FILE WHEN THE HTTP CLIENT 
BUSINESS PROCESS IS INVOKED WITH A PRIMARY DOCUMENT             
IT21525 AN ERROR OCCURRS IN THE PARTNER CONFIGURATION PAGE WHEN NIST IS 
SET TO TRANSITION                                               
IT21967 AN ADDITIONAL DATE LINE IS DISPLAYED IN THE SOAP RESPONSE       
MESSAGE CONTAINING HTTP 200 OK MESSAGE                          
IT22229 FTP SERVER ADAPTER BECOMES SLOW AND UNRESPONSIVE 
IT22347 THE SOA OUTBOUND MESSAGE PROCESSING SERVICE DOES NOT APPEAR TO  
CONVERT THE DATE INTO 24-HOUR FORMAT                            
IT22458 SESSION TIMEOUT DOES NOT HONOUR DEFAULT 3 MINUTES TIMEFRAME IN  
ANY WSMQ SERVICES OF IBM STERLING B2B INTEGRATOR                
IT22930 THE FLAT FILE IS PICKED UP TWICE BY THE JMS SERVICE  
IT23426 ALL RESOURCE VERSIONS ARE NOT IMPORTED 
IT23447 SOAP OUTBOUND SERVICE ALWAYS SETS "CONTENT-TYPE: TEXT/XML;CHARSET=ISO-8859-1"  
IT23507 THE MAILBOX EXTRACT ABORT SERVICE MODIFIES THE DATA_FLOW    
INCORRECTLY                                                 
IT23730 CDSA SUSPEND QUEUE PROCESSING STALLS WHEN THERE ARE OVER 1000   
SUSPENDED SESSIONS                                              
IT32753 FTP CLIENT-GET SERVICE WITH DELAYWAITINGONIO SET TO -1 DOES NOT WORK ON 5.2.6.3_12   
IT34618 IN CHROME THE CALENDAR UNDER BUSINESS PROCESS--> ADVANCED SEARCH--> ROSETTANET IS NOT FORMATTED CORRECTLY             
IT34968 WORKFLOW.ACTIVITY_ENGINE.ERR_AEHELPER_OVERLAYINLINECHILDWITHPARENT3 INCORRECTLY LABELED "ERROR"                                 
IT35352 ADDITIONAL SQL CODE IS EXECUTED IF EBICS CLIENT GET HTTP COMMUNICATION IS MALICIOUSLY INJECTED                                

Fix Pack 7 (V6.0.0.7)
Link Date Released Status
 Download

Note: This Fix Pack also contains APAR fixes from 5265_4 releases.

Security Fixes

APAR Description
IT35348 SECURITY VULNERABILITY: PERMISSION CONTROL SECURITY VULNERABILITIES AFFECT THE DASHBOARD UI
IT35458 SECURITY VULNERABILITY: ECLIPSE JETTY PRIVILEGE ESCALATION
IT35605 SECURITY VULNERABILITY: ACCESS CONTROL VULNERABILITY IN DELETING EVENT NOTIFICATION
IT35654 SECURITY VULNERABILITY: ACCESS +C6:C20CONTROL VULNERABILITY IN DELETING A DOWNLOADED FILE
IT35660 SECURITY VULNERABILITY: USER ENUMERATION VULNERABILITY IN MYFILEGATEWAY USER INTERFACE
IT35837 SECURITY VULNERABILITY: SESSION FIXATION SECURITY VULNERABILITY IN FILEGATEWAY
IT35845 SECURITY VULNERABILITY: XSS VULNERABILITY IN FILEGATEWAY AND MYFILEGATEWAY
IT36280 SECURITY VULNERABILITY: INFORMATION DISCLOSURE SECURITY VULNERABILITY EXISTS IN FILEGATEWAY USER INTERFACE
IT36300 SECURITY VULNERABILITY - MYFILEGATEWAY FILENAME INTERCEPTED TO INJECT DISALLOWED CHARACTERS
IT36390 SECURITY VULNERABILITY: ACCESS CONTROL SECURITY VULNERABILITY EXISTS IN MYFILEGATEWAY USER INTERFACE
IT36447 SECURITY VULNERABILITY: PERSISTENT XSS SECURITY VULNERABILITY IN THE DASHBOARD USER INTERFACE
IT36570 SECURITY VULNERABILITY: INFORMATION DISCLOSURE SECURITY VULNERABILITY IN THE DASHBOARD USER INTERFACE
IT36609 SECURITY VULNERABILITY: PERSISTENT XSS SECURITY VULNERABILITY EXISTS IN THE WEB SERVICE MANAGEMENT USER INTERFACE
IT36688 SECURITY VULNERABILITY: CSRF TOKEN APPEARS IN THE URLS FOR FILEGATEWAY USER INTERFACE (AFT)
IT36900 SECURITY VULNERABILITY: PERMISSION CONTROL SECURITY VULNERABILITY EXISTS IN CREATING USER NEWS IN THE DASHBOARD USER INTERFACE
IT36914 SECURITY VULNERABILITY: PERMISSION CONTROL SECURITY VULNERABILITIES EXISTS WHILE DOWNLOADING WAR FILE FROM WEB EXTENSION UTILITY
IT36930 SECURITY VULNERABILITY: ACCESS CONTROL SECURITY VULNERABILITY EXISTS WHILE VIEWING THE ROSETTA NET ACTIVITIES
IT36951 SECURITY VULNERABILITY: THE PAGE NLS/MESSAGE.JS ON THE HOST FOR B2B API DOES NOT RETURN X-FRAME-OPTIONS
IT37031 SECURITY VULNERABILITY: STORED XSS SECURITY VULNERABILITY EXISTS IN DASHBOARD USER INTERFACE CAUSED BY NOT CHECKING SERVER NAME WHEN CREATING A PERIMETER SERVER
IT37615 [BLACKDUCK] UPGRADE APACHE XCERCES2 J (CVSS 7.5)
IT37617 [BLACKDUCK] UPGRADE CKEDITOR (CVSS 6.5)
IT37676 SECURITY VULNERABILITY: IBM MQ IS VULNERABLE TO A DENIAL OF SERVICE ATTACK CAUSED BY AN ERROR PROCESSING CONNECTING APPLICATION
IT37678 [BLACKDUCK] UPGRADE DATA MAPPER FOR JACKSON (CVSS 7.5)
IT37681 [BLACKDUCK] UPGRADE XML BEAN (CVSS 9.1)
IT37682 [BLACKDUCK] UPGRADE APACHE TOMCAT JARS (CVSS 9.8)
IT37683 SECURITY VULNERABILITY: [ALL] JACKSON-DATABIND
IT37693 [BLACKDUCK] UPDATE APACHE COMMONS BEANUTILS (CVSS 7.5)
IT37677 [BLACKDUCK] UPGRADE JACKSON DATAFORMATS JAR (CVSS 7.5)
IT37913 [BLACKDUCK] UPDATE BOUNCY CASTLE JAR IN GATEWAY.WAR (CVSS 9.8)
IT36552 [BLACKDUCK] UPDATE JASPERREPORTS (CVSS 8.8)
IT36354 REFLECTED CROSS-SITE SCRIPTING VULNERABILITY IN IBM STERLING B2B INTEGRATOR​ DISCOVERED BY THIRD PARTY

Regular Fixes

APAR Description
IT35622 THE SCRIPT STOPCONTAINER.SH DOES NOT WORK WHEN THE USER'S ACCOUNT NAME IS MORE THAN EIGHT CHARACTERS
IT32753 FTP CLIENT SERVICES DO NOT WORK WHEN DELAYWAITINGONIO IS SET TO -1
IT33075 ERROR FOUND IN NOAPP.LOG FILE
IT35181 THE FILEGATEWAY AND MYFILEGATEWAY USER INTERFACES LACK SUFFICIENT PERMISSION CONTROL
IT36764 DUAL AUTHENTICATION FAILS WHEN THE SFTP REMOTE PROFILE IS UPDATED
IT37218 EBICS CLIENT ISSUE WHILE PROCESSING THE HEV ORDER RESPONSE
IT37392 SFTP CLIENT GET SERVICE FAILS TO DOWNLOAD MORE THAN 99 FILES IN ONE SINGLE SESSION
IT36929 FILENAME FILTER IN SFTP CLIENT SERVICES IS CASE SENSITIVE
IT36971 A SPECIFIC SEQUENCE OF MOUSE-CLICK ACTIONS CORRUPTS THE SYNTAX TOKEN
IT36975 DELIMITER WITH THE TAB CHARACTER 0X09 IS CHANGED TO 0X00 AFTER THE MAP IS SAVED AND REOPENED
IT37912 IBM WEBSPHERE MQ (PUBLICLY DISCLOSED VULNERABILITY)

Mod Pack 1 (V6.0.1.0)
Link Date Released Status
 Download

 Note: This Fix Pack also contains APAR fixes from 5.2.5_19 , 5.2.6.3_9 , 5.2.6.4_1, and 6.0.0.1 releases.

Security Fixes

APAR Description
IT28698 SECURITY VULNERABILITY-CROSS SITE SCRIPTING: ISSUE REPORTED ON MAILBOX VIRTUAL ROOT CONFIGURATION PAGE                                         
IT26305 SECURITY VULNERABILITY-UNENCRYPTED LOGIN REQUEST 
IT28292 SECURITY VULNERABILITY-STORED CROSS SITE SCRIPTING IN USER NEWS MANAGEMENT                                                    
IT28300 SECURITY VULNERABILITY-STORED CROSS SITE SCRIPTING IN PASSWORD POLICY MANAGEMENT                                             
IT28306 SECURITY VULNERABILITY-STORED CROSS SITE SCRIPTING IN ACCOUNT GROUP MANAGEMENT                                              
IT28310 SECURITY VURNERABILITY-STORED CROSS SITE SCRIPTING IN ACCOUNT PERMISSION MANAGEMENT                                    
IT28063 SECURITY VULNERABILITY-USER CAN ACCESS BUSINESS PROCESS DEFINITION EVEN WITHOUT THE PERMISSION TO VIEW IT                                
IT28113 SECURITY VULNERABILITY-POOR ERROR HANDLING
IT28166 SECURITY VULNERABILITY-STORED CROSS SITE SCRIPTING FOR XSLT MANAGEMENT                                                  

Regular Fixes

APAR Description
IT28644 AFTER UPGRADE FROM V5.2.5 TO V6.0.0.1, THE NAMESPACE XMLN ATTRIBUTE IS MISSING AND DOCTODOM DOES NOT WORK CORRECTLY    
IT28421 INSTALL AND UPGRADE TO V5.2.6.4 FAILS IF YOU USE ORACLE SERVICE NAME OR ORACLE_JDBC_URL                                        
IT28203 IBM STERLING FILE GATEWAY ROUTE BY PRODUCER DETAIL REPORT DOES NOT FILTER ON PRODUCER/CONSUMER                              
IT27892 AUTHENTICATION.LOG DISPLAYS INCONSISTENT LOGIN IDs
IT28365 PAGE NOT FOUND OR NOT ALLOWED ERROR IN IBM STERLING FILE GATEWAY WHEN YOU ACCESS PARTICIPANTS PAGE                 
IT28643 UNABLE TO CUSTOMIZE COLOR OF LOGIN FORM AFTER UPGRADING TO V6.0
IT27454 UNABLE TO LOAD THE TUNING WIZARD ON NODE2 OR HIGHER FOR IBM STERLING B2B INTEGRATOR V6.0 CLUSTER ON WINDOWS SERVER       
IT27386 UPGRADE TO IBM STERLING B2B INTEGRATOR 6.0 FAILS BECAUSE OF LOCK RECORD ON THE /EBICS_DEAD LETTER MAILBOX              
IT27406 HEADERDATEINCLUSION INCLUDED IN TRANSLATOR.PROPERTIES FILE IS REMOVED FROM IBM STERLING B2B INTEGRATOR                
IT28467 ACCESS TO PROCESS DATA IS POSSIBLE EVEN WITHOUT THE PERMISSION TO VIEW THE BUSINESS PROCESS                                 
IT28468 VERTICAL PRIVILEGE ESCALATION - XML REPORT CAN BE ACCESSED    
IT28207 THE IBM STERLING B2B INTEGRATOR DASHBOARD RETURNS UNEXPECTEDLY TO THE HOMEPAGE AFTER A WHILE                                  
IT28177 USER CAN ACCESS BUSINESS PROCESS DEFINITION EVEN WITHOUT THE PERMISSION TO VIEW IT                                
IT28176 USER CAN ACCESS PRIMARY DOCUMENTS EVEN WITHOUT THE PERMISSIONS TO VIEW IT                                                    
IT24603 THE IMPORT SERVICE DOES NOT DISPLAY THE STATUS AS FAILED
IT22462 CREATE PARTNER API WITH PRE-EXISTING NON PARTNER USER ACCOUNT LEAVES THE PARTNER ACCOUNT INCONSISTENT          
IT29100 UNABLE TO ACCESS SECURE DASHBOARD AFTER UPGRADING FROM 5.2.6.3_x TO 5.2.6.4

Fix Pack 1 (V6.0.1.1)
Link Date Released Status
No Longer Available

Note: This Fix Pack also contains APAR fixes from 5.2.6.3_11, 5.2.6.4_2, 5.2.6.5, and 6.0.0.3 releases.

Regular Fixes

APAR Description
IT30098 THE IBM STERLING B2B INTEGRATOR UI ALLOWS BPs WITH NAMES LONGER THAN 30 CHARACTERS BUT THE CREATE WORKFLOW API RESTRICTS TO 30
IT29913 ENABLING NIST STRICT COMPLIANCE SSH ECDSA-SHA2-NISTP256 KEY OF LENGTH 256 IS NOT SUPPORTED                             
IT29775 THE SFTP CLIENT END SESSION SERVICE HANGS IN "WAITING ON IO"   STATUS IN IBM STERLING B2B INTEGRATOR V6.0.1                   
IT29554 LDAP AUTHENTICATION FAILS IN V6.0.1 WITH CERTAIN ENCRYPTED STRINGS                                                        
IT29731 MAP TEST UTILITY COMPLETES SUCCESSFULLY WITHOUT THE CORRECT USER INFORMATION (ID AND PASSWORD)
IT29794 UNHANDLED EXCEPTION OCCURS IN LOCAL LISTENER  WORKFLOWCOMPLETIONEVENTLISTENERS IN V6.0.1.0                             
IT29865 IBM STERLING B2B INTEGRATOR DASHBOARD TERMINATE HAS A DIFFERENT BEHAVIOR THAN THE CONTROLLERWORKFLOW TERMINATE ON BPs         
IT29356 SIGNING OUT OF MYFILEGATEWAY IN IBM STERLING B2B INTEGRATOR V6.0.1.0 USING GOOGLE CHROME DISPLAYS AN ERROR                 
IT29890 THE PROPERTYUI.WAR CONTAINS THE OLD OJDBC7.JAR DRIVER AFTER YOU UPGRADE FROM V5.2.6.3 TO V6.0.1
IT29894 IN IBM STERLING FILE GATEWAY, THERE IS AN HOUR DELAY IN PRESENTING THE AS2 CONTRACTS IN THE CUSTOM PROTOCOL SCREENS

Fix Pack 2 (V6.0.1.2)
Link Date Released Status
Download
Note: This Fix Pack also contains APAR fixes from 5263_135264_3, and 6004 releases.
Regular Fixes
APAR Description
IT30547 EXCEPTION OCCURRED IN READDIRECTORY; DOCUMENTNURSERY KEY BLOB NOT FOUND FOR SFTP SERVER ADAPTER 
IT31483   THE RESTAPICLIENT SERVICE IN STERLING B2B INTEGRATOR IS NOT HANDLING THE HTTP 200 RESPONSE  
IT31555 SOME REPORTS IN THE REPORT MANAGER AND REPORT SERVICE  THROW REPORT GENERATION ERRORS
IT30621 AFTER UPGRADE TO 5020603_9, INCORRECT LOGIN ATTEMPTS TO  /MYFILEGATEWAY SHOW UNEXPECTED ERROR  
IT31379 WHEN DOC ENCRYPTION IS ENABLED WITH GLOBAL MAILBOX THE UPLOADED PAYLOAD FILE IS DISPLAYED AS AN EMPTY PRIMARY DOC
IT31598 CODELISTS AND SCHEDULES UI ISSUES WITH THE LATEST VERSION OF CHROME
IT30669 THE NOAPP.LOG IS FILLED WITH PSSERVERRMIIMPL.GETWFTHREAD AND WF_ID IS NULL MESSAGES   
IT32002  HTTPS THREADS  STUCK AT THE OS LEVEL CAUSES HIGH CPU UTILIZATION    
IT32161  MYFILEGATEWAY OR FILEGATEWAY LOGIN SCREEN DOESN'T COME UP DUE TO MISSING STRUTS-HTML.TLD  

Mod Pack 2 (V6.0.2.0)
Link Date Released Status
Download

Note: This Fix Pack also contains APAR fixes from 5.2.5_20 , 5.2.6.3_10 , 6.0.0.2 and 6.0.1.0 releases.

Security Fixes

APAR Description
IT29305 SECURITY VULNERABILITY: TRAVERSAL PATH
IT26305 SECURITY VULNERABILITY: UNENCRYPTED LOGIN REQUEST
IT29093 SECURITY VULNERABILITY: IBM STERLING INTEGRATOR 6.0.0.1 DISPLAYS WEBSERVER INFORMATION IN THE HTTP HEADER

Regular Fixes

APAR Description
IT29588 THE PROCESSES PAGE TAKES MORE THAN 2 MINUTES TO DISPLAY THE RESULTS AFTER THE INTERIM FIX
IT29554 LDAP AUTHENTICATION FAILS IF THE AUTHENTICATION_POLICY.AUTHENTICATION_N.CREDENTIALS IS ENCRYPTED
IT24900 THE 502 HARDWARE ERRORS ON THE ENCLOSURE MID-PLANE REPLACEMENT PREVENTS COMPLETION OF A SERVICE ACTION
IT29356 SIGNING OUT OF MYFILEGATEWAY IN IBM STERLING B2B INTEGRATOR 6.0.1.0 USING GOOGLE CHROME DISPLAYS AN ERROR
IT29302 DOCUMENTBUILDERFACTORY'S FEATURES USED IN DOCTODOM SERVICE AFTER INITIAL USE ARE RESET TO DEFAULT
IT29210
ORA-12899: THE VALUE ENTERED IS TOO BIG FOR SFGADMIN AND HOST_NAME
IT28954 MAILBOX_ADD USEREXIT FAILS TO LOAD DOCUMENTS CONTENT WHEN UPLOADED USING IBM STERLING FILE GATEWAY IN 6.0
IT29643
THE SEARCH SCREEN TO UPDATE TRADING PARTNER REST API DOES NOT WORK
IT29400 GENCSR.SH DOES NOT WORK FOR CREATING A CERTIFICATE SIGNING REQUEST WITH SCIKS STORE TYPE
IT29710 THE MAILBOX ASSIGNED TO AS2 RELATIONSHIPS CANNOT BE MODIFIED SINCE 5.2.5_1

Fix Pack 1 (V6.0.2.1)
Link Date Released Status
Download

Note: This Fix Pack also contains APAR fixes from 5.2.6.3_12, 5.2.6.4_3, 6.0.0.3, and 6.0.1.1 releases.

Security Fix

APAR Description
IT30099
SQL INJECTION IN ACCOUNT INFO PAGE

Regular Fixes

APAR Description
IT30365 CUSTOMIZATION MENU USING THE DASHBOARD ALWAYS POINTS TO HTTP NO
SSL EVEN WHEN YOU ACCESS IT USING SSL                         
IT30393 IBM STERLING B2B INTEGRATOR READ SCHEDULE API RETURNS A  
400 ERROR                                               
IT30205 AWS3 CLIENT FAILS IF THE EUROPEAN REGION IS SET TO EU-CENTRAL-1
IT29913 WITH NIST STRICT COMPLIANCE ENABLED, SSH ECDSA-SHA2-NISTP256 KEY
OF LENGTH 256 IS NOT SUPPORTED                                 
IT29890 THE PROPERTYUI.WAR CONTAINS THE OLD OJDBC7.JAR DRIVER AFTER YOU
UPGRADE FROM V5.2.6.3 TO V6.0.1                                

Fix Pack 2 (V6.0.2.2)
Link Date Released Status
Download

Note: This Fix Pack also contains APAR fixes from 5263_13  , 5.2.6.5_1 , 6.0.0.4  and 6.0.1.2 releases.

Regular Fixes

APAR Description
IT31830 WHEN DOCUMENT ENCRYPTION IS ENABLED WITH GLOBAL MAILBOX, THE UPLOADED PAYLOAD DELIVERY TAB DISPLAYS FILESIZE AS -1                          
IT28514 SQL QUERY RELATED TO QUERY.GETSTATEANDSTATUS_MAIN.MSSQL HAS SLOW PERFORMANCE ERROR                                               
IT28474 SQL QUERY RELATED TO SETTING ARCHIVE DATE ON ARCHIVE_INFO HAS SLOW PERFORMANCE
IT28449 SQL QUERY RELATED TO SCHEDULEINDEX BUSINESS PROCESS HAS CAUSED SLOWDOWN AND SIGNIFICANT BLOCKING                                  
IT28507 SQL QUERY RELATED TO WORKFLOW_LINKAGE HAS SLOW PERFORMANCE                                 
IT29794 UNHANDLED EXCEPTION OCCURS IN THE LOCAL LISTENER                                 
IT30848 IBM STERLING B2B INTEGRATOR TAKING DOWN THE HSM DEVICE                                 
IT31250 UNABLE TO CUSTOMIZE SKIN COLOR OF LOGIN FORM AFTER UPGRADING WITH INVALID CREDENTIALS
IT31011 REPORTS FAILED WITH REPORT GENERATION ERROR IN REPORT SOURCE MANAGER AFTER INSTALLATION 

Fix Pack 3 (V6.0.2.3)
Link Date Released Status
Download

Note: This Fix Pack also contains APAR fixes from 5.2.6.5_3  and 6.0.0.5 releases.

Security Fixes

APAR Description
IT32833 REMOTE CODE EXECUTION VIA UNAUTHENTICATED JAVA DESERIALIZATION - INTEROPHTTPSERVLET       
IT32838 SPE REMOTE MAP TEST SSL ERROR; VERSION OF JAVA RUNTIME DOES NOT SUPPORT THE TLS VERSION ON THE SERVER      

Regular Fixes

APAR Description
IT31966 IN STERLING B2B INTEGRATOR FIFO ROUTING ADAPTER DOESN'T GET     
ENABLED                                           
IT31992 WHEN A MESSAGE IS UPLOADED ON A DATACENTER BUT EXTRACTED FROM ANOTHER THE MAILBOX EXTRACT SERVICE THROWS AN EXCEPTION
IT32229 HYPERLINKS ON EDIT IMAGE SOURCE MANAGER SCREEN FOR CODELIST,    XSLT, ETC ARE INCORRECTLY GENERATED IN CHROME                   
IT32302 IBM STERLING FILE GATEWAY EVENTS MISSING ON RE-DELIVERY         
ATTEMPTS                                                        
IT32361 WHILE SEARCHING FOR SCHEDULES, IF                               
THE PERCENTAGE CHARACTER % IS ENTERED, THE  UI SESSION TIMES OUT
IT32524 SUPPRESS/REMOVE THE DEFAULT INLCUSION OF THE <MCD> FOLDER STRUCTURE IN THE HEADER DATA BY THE MQHRF2 SERVICE                            
IT32696 MANUALLY INTERRUPTED BUSINESS PROCESSES OCCUR FROM A CLUSTER UNDER LOAD
IT32704 THE REST API CLIENT SERVICE GET FAILS WHEN THE URL INCLUDES A   
COMMA                                                           
IT32705 THE RECOVERY BUSINESS PROCESS CAN FAIL IF THE LIBERTY SERVER    
NODE_URL USES A HOST NAME THAT DOES NOT HAVE AN ACTIVE INTERFACE
IT32718 DEPLOYER.CMD FAILING TO REMOVE FILE LISTED IN FILESTOREMOVE.TXT 
BECAUSE OF FORWARD SLASH IN PATH                                
IT32802 B2B REST API GET /B2BAPIS/SVC/SSHKNOWNHOSTKEYS/ CAN RETURN EMPTY BRACKETS                                                        
IT32807 CODELISTCODES REST API RETURNS SQL ERROR WHEN DEFAULT VERSION IS PART OF THE READCODELISTCODES QUERY                             
IT32812 AFTER UPGRADE TO 6.0 AND DEPLOYMENT OF SOME WAR FILES THE   
HTTP SERVER ADAPTER SESSION INFORMATION IS NOT DISPLAYED      
IT32929 B2B DOESN'T HOLD CLUES WHEN NON-EXISTENT URI OF HTTP SERVER ADAPTER IS ACCESSED                                                                    
IT32980 INCORRECT VERSION SAVED WHEN CHECKING OUT MAP OR BUSINESS PROCESS FROM IBM STERLING B2B INTEGRATOR GUI                            
IT33034 MAILBOXAS2SENDSYNCMDN IS NOT NOTIFYING A FAILURE ON THE AS2     
TRANSMISSION AND THE MESSAGE SENT REMAINS LOCKED                
IT33182 MAILBOX DOES NOT THROW AN ERROR WHEN USING THE COMMAND SFTP CLIENT TO LIST FILES IN GLOBAL MAILBOX                          
IT34043 THE INSTALLCUSTOMIZATION.SH IS NOT READING THE DATABASE POOL URL FROM THE CUSTOMER_OVERRIDES.PROPERTIES                          
IT34225 HTTP SERVER ADAPTER RETURNING 200 RESPONSE FOR TRACE COMMAND WITH INVALID URI                                                
AIX B2B INTEGRATOR CLUSTER NOAPP PROCESSES STILL                
RUN AFTER RUNNING SOFTSTOP.SH ALL AND HARDSTOP                  
IT33314 ERROR SENDING AN IDOC INBOUND TO SAP  

Mod Pack 3 (V6.0.3.0)
Link Date Released Status
 Download

 Note: This Fix Pack also contains APAR fixes from 5.2.6.3_12 , 6.0.0.3 , 6.0.1.1 , and 6.0.2.1 releases.

Security Fixes

APAR Description
IT30596 SQL INJECTION ISSUE IN THE /GBM/ICONINFO URL
IT30990 PERSISTENT CROSS-SITE XSS VULNERABILITY IN STERLING B2B INTEGRATOR PROXY SERVER CONFIGURATION

Regular Fixes

APAR Description
IT30454 AN INDEX FOR THE WF_ID COLUMN IS UNAVAILABLE IN THE EDIINTDOC RESULTING IN A FULL TABLE SCAN
IT31032 AFTER UPGRADING FROM 5.2.6.3 TO 6.0.1 USING IIM MEMORY LEAKS CAUSED BY JGROUPS IN NOAPP JVM
IT30500 REST API CLIENT SERVICE FAILS WITH A POST REQUEST FAILED ERROR
IT30301 AN INCORRECT PASSWORD STRING RESULTS IN A FAILED USER ACCOUNT LOGIN

Fix Pack 1  (V6.0.3.1)
Link Date Released Status
Download
Note: This Fix Pack also contains APAR fixes from 5263_13 5.2.6.5_16004, and 6.0.1.2 releases.

Regular Fixes

APAR Description
IT31830 WHEN DOCUMENT ENCRYPTION IS ENABLED WITH GLOBAL MAILBOX, THE 
UPLOADED PAYLOAD DELIVERY TAB DISPLAYS FILESIZE AS -1   
IT31879 SINGLE SIGN ON BETWEEN IBM STERLING FILE GATEWAY AND B2B INTEGRATOR DASHBOARD IS NOT WORKING ANYMORE 
IT31598 CODELISTS AND SCHEDULES UI ISSUES WITH THE LATEST VERSION OF 
CHROME 

Fix Pack 2  (V6.0.3.2)
Link Date Released Status
Download
Note: This Fix Pack also contains APAR fixes from 5263_14,  5.2.6.4_45.2.6.5_2, and 6.0.2.2 releases.
Regular Fixes
APAR Description
IT31844 WHEN USING XMLJSONTRANSFORMER SERVICE, SOME DATA TAGS ARE       
MISSING AND SOME DATA IS MISSING IN THE JSON FILE              
IT32006 NOCLASSDEFFOUNDERROR FOUND IN THE                     
PERIMETER SERVER JARS FROM STERLING B2B INTEGRATOR    
IT32037 EXCEPTION JAVA.LANG.NOCLASSDEFFOUNDERROR:                      
COM.STERLINGCOMMERCE.PERIMETER.API.NIO.PSSERVERSOCKETCHANNEL   
IT32129 PARTNER/USER ACCOUNT DIFFERENCES BETWEEN API UI AND DASHBOARD UI                                   
IT32133 SFTP CLIENT BEGIN SESSION HANGS WHEN THE REMOTE SERVER FORCES A 
PASSWORD CHANGE FOR THE USER ACCOUNT                            
IT32187 ALERT SERVICE FAILS TO ALERT EVENT   
IT32229 HYPERLINKS ON EDIT IMAGE SOURCE MANAGER SCREEN FOR CODELIST,  
XSLT, ETC ARE INCORRECTLY GENERATED IN CHROME                     
IT32400 THE HTTPONLY ATTRIBUTE IS NOT SET IN THE COOKIE FOR HTTPS URL-  
/DASHBOARD /FILEGATEWAY /MYFILEGATEWAY /MAILBOX                 
IT32425 CANNOT CHANGE PASSWORDS LONGER THAN 28 CHARACTERS VIA THE MY    
ACCOUNT UI                                                      
IT32525 MAILBOX MESSAGES NOT REVERTING TO EXTRACTABILITY COUNT OF 1 WHEN 
DOWNLOAD FAILS IN CERTAIN CIRCUMSTANCES                         
IT32537 ERRORS CREATING STERLING FILE GATEWAY ROUTING CHANNELS WITH     
GLOBAL MAILBOX WHEN CONVERTING A TRADITIONAL MAILBOXPARTNER     
IT32559 PARTNER MIGRATION FAILED: NOT ALLOWED CONVERSION WITH VIRTUAL   
ROOT                                                         
IT32610 ERROR IN CHANGING ROUTING TEMPLATE WHILE EDITING A ROUTING      
CHANNEL FOR GLOBAL MAILBOX                                      
IT32647 ERROR OCCURRED IN DOWNLOADING A FILE FROM MAILBOX UI       
IT32513 UNABLE TO OVERRIDE VALUES FROM EVENTSCHEMA.PROPERTIES IN THE CUS
TOMIZATION UI                                                   
IT25439  MAIL CLIENT ADAPTER FAILURE DUE TO INCORRECT EMAIL NOT  PROCESSED BY THE ONFAULT STEP IN THE BUSINESS PROCESS            
          Back to top
 

Link Date Released Status
Download
Note: This Fix Pack also contains APAR fixes from 6.0.0.5 and 5265_3
Security Fixes
APAR Description
IT32833 REMOTE CODE EXECUTION VIA UNAUTHENTICATED JAVA DESERIALIZATION -
INTEROPHTTPSERVLET                                             
IT34170 SECURITY VULENRABILITY - INSUFFICIENT AUTHORIZATION CONTROLS   
IT32838 SPE REMOTE MAP TEST SSL ERROR; VERSION OF JAVA RUNTIME DOES NOT 
SUPPORT THE TLS VERSION ON THE SERVER           
IT33724  GLOG COOKIE DOES NOT HAVE SECURE OR HTTPONLY FLAG ON   
Regular Fixes
APAR Description
IT30669 THE NOAPP.LOG IS FILLED WITH OPSSERVERRMIIMPL.GETWFTHREAD AND   
WF_ID IS NULL MESSAGES                                          
IT32006 NOCLASSDEFFOUNDERROR FOUND IN THE                        
PERIMETER SERVER JARS FROM IBM STERLING B2B INTEGRATOR             
IT32037 EXCEPTION JAVA.LANG.NOCLASSDEFFOUNDERROR:                       
COM.STERLINGCOMMERCE.PERIMETER.API.NIO.PSSERVERSOCKETCHANNEL
IT32786 SPLASH PAGE LOADED FOR STERLING FILE GATEWAY AFTER UPGRADING TO 
6.0.3                                                           
IT33301 SOFTSTOP.SH DOES NOT WORK IN 6.0.3  
IT33394 UPDATE DOCUMENTINPUTSTREAM AVAILABLE() METHOD FOR USE 
IT33958 XML JSON TRANSFORMER SERVICE STAYS ACTIVE INDEFINITELY WHEN TRANSFORMING AN XML FILE TO JSON                                    
IT30220 AFTER ORACLE FAILOVER THE TABLE FG_EVENT IS NOT POPULATED                               
IT31992 WHEN A MESSAGE IS UPLOADED ON A DATACENTER BUT EXTRACTED FROM   
ANOTHER THE MAILBOX EXTRACT SERVICE THROWS AN EXCEPTION                                                       
IT32759 PASSWORD ISSUES WITH SPECIAL CHARACTERS   
IT32795 XML REPORT IS IMCOMPLETE, JAVA.LANG.CLASSCASTEXCEPTION:        
JAVA.LANG.LONG INCOMPATIBLE WITH JAVA.LANG.INTEGER              
IT32980 INCORRECT VERSION SAVED WHEN CHECKING OUT MAP, BUSINESS PROCESS,
FROM IBM STERLING B2B INTEGRATOR GUI                            
IT33080 THE MAILBOX CONFIGURATION MAXUSERSIZE USED FROM UI.PROPETIES, RA
THER THAN CUSTOMER_OVERRIDES.PROPERTIES                         
IT33133 INCONSISTENT REPORTING RESULTS FROM SFGDBCHECK.SH   
IT33134 REMOTE PROFILE NOT ACCEPTING ANGULAR BRACKETS IN THE PASSWORD   
FIELD OF CREATE/UPDATE SSH REMOTE PROFILE APIS                  
IT33167 SFTP AND FTP CLIENT GET SERVICE WITH WILDCARD PATTERN           
GETS DUPLICATE DOCUMENTIDS IN PROCESSDATA   
IT33169 EBICS SERVER REJECTS HVE, HVS,OR HVT ORDERS WHICH INCLUDE       
FILEFORMAT IN THE ORDERPARAMS                                   
IT33200 DEBUG MODE ON SECURITY.LOG RE-ACTIVATED AFTER IBM STERLING B2B  
INTEGRATOR RESTART                                              
IT33214 TUNINGFORMULA.PROPERTIES STILL SHOWS MEMORY ALLOCATION FOR      
ACTIVEMQ                                                        
IT33362 THE DEFAULT_WORKFLOW_RESTART_USER_BEHAVIOR PROPERTY NOT WORKING 
AS EXPECTED AFTER UPGRADING TO V6.0.3                           
IT33480 FAIL TO UPDATE NAME OF SYSTEM CERTIFICATE        
IT33635 CD REQUESTER SELECT STATISTICS REPORTS INVALID PARAMETER WHEN   
RECORDCATEGORY USED                                             
IT33758 MAILBOX VIRTUAL ROOT NOT CREATED WHEN ASSIGNING PRODUCER ROLE TO
AN EXISTING PARTNER                                             
IT33812 CAN NOT ACCESS THE CUSTOMIZATION UI      
IT33830 IBMSILIBERTYPROFILE SERVICE IS NOT STAYING UP BUT CAUSES THE    
SLOW RENDERING OF THE DASHBOARD UI                              
IT33886 RMI ERROR WHEN TRYING TO GET LIST OF PERIMETER SERVERS USING    
"APPSERVEROPS.LISTPERIMETERCLIENTS()"                           
IT34017 RESTAPICLIENT SERVICE DOES NOT LOG REMOTE SERVER JSON RESPONSE  
ON ERRORS                                                       
IT34046 6.0+ B2BI MAILBOX UI HELP LINK POINTS TO 5.2 DOCUMENTATION        
IT34223 REMOTE PERIMETER SERVER INSTALLED FROM FIX PACK VERSION OF      
SI.IMETER SERVER INSTALLATION JAR REPORTS DIFFERING VERSION     
IT34226 INSTALLATION MANAGER DOES NOT RECOGNIZE FAILURE IN B2B UPGRADE LOGS    
IT34322 SSH KEY GRABBER FAILS TO GRAB KEY FROM REMOTE SFTP SERVER 
IT34331 ENCRYPTING DATABASE PASSWORD RESULTS IN DATABASE USER ACCOUNT   
GETTING LOCKED OUT                                              
IT34359 THE SCRIPT EXPORT.SH DOES NOT EXPORT ANY APPLICATION            
CONFIGURATION WHEN INPUT FILE USES ALL                          
IT34438 WORKFLOWDEFINITION_GETPERSISTENCELEVEL MESSAGES FILLING UP      
WF.LOG                                                          
IT34452 OPENSHIFT - PODS INTERNAL COMMUNICATION DONE VIA POD HOSTNAME   
FAILING                                                         
IT34453 OPENSHIFT - DEPLOYMENT AGAINST MSSQL TLS1.2 AND SELF-SIGNED CERT
NOT WORKING                                                     
IT34460 THE LAST VERSION OF XSLTS IN THE EXPORT FILE BECOMES THE DEFAULT
VERSION REGARDLESS OF WHICH ONE IS DEFAULT                     
IT34553 WITH NIST TRANSITION COMPLIANCE ENABLED, SSH ECDSA-SHA2-NISTP256
KEY OF LENGTH 256 IS NOT SUPPORTED ON 6.0.3.0                   
IT33396 CLUSTER NODES CAN INCORRECTLY BE REPORTED AS DOWN WHEN THEY ARE 
UP AND RUNNING                                                  
IT33182
MAILBOX THROWS AN ERROR WHEN USING THE ls COMMAND FROM SFTP CLIENT TO LIST FILES IN GLOBAL MAILBOX                         

Link Date Released Status
Download
Note: This Fix Pack also contains APAR fixes from 6.0.0.6 and 6.0.2.3.
Security Fixes
APAR Description
IT35348 PERMISSION CONTROL SECURITY VULNERABILITY EXISTS IN DASHBOARD UI
Regular Fixes
APAR Description
IT34720 THE LIBERTY SERVICE SHOWS AN INCOSISTENT RUNNING STATE                                                         
IT24988 MDN PARSING SERVICE ERRORS ON EXPERIMENTAL HEADER  
IT34636 SFTP USER EXIT FAILS WHEN GLOBAL MAILBOX IS TURNED ON FOR THE   
SFG ACCOUNT AND A NULLPOINTEREXCEPTION IS SEEN IN SFTPSERVER.LOG
IT34791 FTP CLIENT GET SERVICE MULTIPLE DOCUMENTLIST - WAITING ON IO                           
IT34917 POST INSTALLATION OF DOCKER AND THE STANDARDS JAR AS          
MENTIONED IN DOCUMENTATION, STERLING FILE GATEWAY GETS ENABLED
IT34782 UNABLE TO USE THE CUSTOMIZATION UI API TO OVERRIDE THE X12ENVELOPEUNIFIED BUSINESS PROCESS                                      
IT34662 AN INVALID OR ILLEGAL XML CHARACTER IS SPECIFIED WHEN B2B       
FUNC CLIENT ADAPTER USED IN COMBINATION WITH STATUS_RPT XPATH   
IT31929 IBM STERLING B2B INTEGRATOR HAS SLOW FILE TRANSFER DOWNLOAD VIA THE SFTP CLIENT GET SERVICE                                 
IT32753 FTP CLIENT-GET SERVICE WITH DELAYWAITINGONIO SET TO -1 DOES NOT WORK ON 5.2.6.3_12
IT34972 AWS S3 CLIENT GET OPERATION FAILS WHEN NO EXTENSION EXISTS IN FILENAME/FILELIST/FILEPATTERN 
IT35077 WE CAN'T PERSIST A DOCUMENT TO THE DOCUMENT TABLE BECAUSE THE   
WF ID IS TOO LONG AND WON'T BOX INTO AN INT
IT35212 THE APPLICATION FAILED TO INVALIDATE THE SESSION IDENTIFIER WHEN AN ACCESS CONTROL CHANGE OCCURS                                 
IT35721 IBM STERLING B2B INTEGRATOR USES THE AFFECTED FUNCTIONALITY WITHIN XSTREAM LIBRARIES FOR CVE-2020-26217  

Link Date Released Status
Download
Note: This Fix Pack also contains APAR fixes from 6007.
Security Fixes
APAR Description
IT37862 B2BIAPIS --> SECOND_ORDER_SQL_INJECTION
IT36930 SECURITY VULNERABILITY: ACCESS CONTROL SECURITY VULNERABILITY EXISTS WHILE VIEWING THE ROSETTA NET ACTIVITIES
IT35837 SECURITY VULNERABILITY: SESSION FIXATION - MYSFGJSESSIONID IS RETAINED
IT37912 IBM WEBSPHERE MQ (PUBLICLY DISCLOSED VULNERABILITY)
IT36354 REFLECTED CROSS-SITE SCRIPTING VULNERABILITY IN IBM STERLING B2B INTEGRATOR​ DISCOVERED BY THIRD PARTY
IT35348 DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE)
IT37678 [BLACKDUCK] UPGRADE DATA MAPPER FOR JACKSON (CVSS 7.5)
IT37615 [BLACKDUCK] UPDATE APACHE XCERCES2 J (CVSS 7.5)
IT37693 [BLACKDUCK] UPDATE APACHE COMMONS BEANUTILS (CVSS 7.5)
IT37848 [BLACKDUCK] UPGRADE LOG4J (CVSS 7.8)
IT37681 [BLACKDUCK] UPGRADE XML BEAN (CVSS 9.1)
IT37682 [BLACKDUCK] UPGRADE APACHE TOMCAT JARS (CVSS 9.8)
IT36552 [BLACKDUCK] UPDATE JASPERREPORTS (CVSS 8.8)
IT37913 [BLACKDUCK] UPDATE BOUNCY CASTLE JAR IN GATEWAY.WAR (CVSS 9.8)
IT37914 [BLACKDUCK] UPGRADE NETTY JAR (CVSS 9.1)
IT36570 SVT-272 - SENSITIVE FILE DISCLOSURE VIA JSP INCLUDE
IT37031 SECURITY VULNERABILITY: STORED XSS SECURITY VULNERABILITY EXISTS IN DASHBOARD USER INTERFACE CAUSED BY NOT CHECKING SERVER NAME WHEN CREATING A PERIMETER SERVER
IT36900 SECURITY ISSUE- IBM STERLING INTEGRATOR ADMIN WEB INTERFACE
IT36914 SECURITY VULNERABILITY: PERMISSION CONTROL SECURITY VULNERABILITIES EXISTS WHILE DOWNLOADING WAR FILE FROM WEB EXTENSION UTILITY
IT37677 [BLACKDUCK] UPGRADE JACKSON DATAFORMATS JAR (CVSS 7.5)
IT36688 SECURITY VULNERABILITY: CSRF TOKEN APPEARS IN THE URLS FOR FILEGATEWAY USER INTERFACE
IT36390 SECURITY VULNERABILITY: MYFILEGATEWAY USER CAN UPLOAD THE FILE EVEN THOUGH THE UPLOAD TAB IS DISABLED
IT36447 3RD PARTY STORED CROSS SITE SCRIPTING IN IBM STERLING B2B INTEGRATOR
IT36609 SECURITY VULNERABILITY: PERSISTENT XSS SECURITY VULNERABILITY EXISTS IN THE WEB SERVICE MANAGEMENT USER INTERFACE
IT36300 SECURITY VULNERABILITY - MYFILEGATEWAY FILE-NAME COULD BE INTERCEPTED TO INJECT DISALLOWED CHARACTERS IN FILENAME
IT36280 SECURITY VULNERABILITY: MYFILEGATEWAY UI DISPLAYS SENSITIVE INFORMATION AFTER LOGOUT
IT35660 SECURITY VULNERABILITY: PENETRATION TEST - USER ENUMERATION
IT35654 BROKEN ACCESS CONTROL - DELETE ANY FILE OF ANOTHER AUTHENTICATED USER
IT35605 SECURITY VULNERABILITY: BROKEN ACCESS CONTROL - DELETE ANY NOTIFICATION SUBSCRIPTION OF ANOTHER AUTHENTICATED USER
IT35181 PERMISSION CONTROL IN FILEGATEWAY AND MYFILGATEWAY
IT37676 DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE)
IT35845 CROSS SITE SCRIPTING VULNERABILITY 6.1 (PERSISTENT XSS)
IT37859 [BLACKDUCK] UPGRADE XSTREAM TO 1.4.17 (CVSS 8.8)
IT37613 [SAST] B2BI_DOCKER CLUMP --> SECOND_ORDER_SQL_INJECTION [2]
IT38149 [BLACKDUCK] UPDATE JBOSS DROOLS (CVSS 7.5)
IT37642 [SAST] EBICS --> REFLECTED_XSS_ALL_CLIENTS [122]
IT37612 [DAST] CROSS-SITE REQUEST FORGERY [3]
IT37597 VULNERABILITY REPORT - HTML INJECTION
IT37777 UNABLE TO DISABLE SPECIFIC TLS VERSION (TLS 1.0) ON HTTP SERVER ADAPTER USING SSLHELLOPROTOCOL
IT37858 DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE)
IT38514 [BLACKDUCK] UPDATE APACHE TAGLIBS (CVSS 7.5)
IT38441 DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE)
IT38515 [BLACKDUCK] UPDATE APACHE KAFKA (CVSS 6.8)
IT38512 [BLACKDUCK] UPDATE JACKSON-DATABIND JAR (CVSS 9.8)
IT35458 SECURITY VULNERABILITY: ECLIPSE JETTY PRIVILEGE ESCALATION
Regular Fixes
APAR Description
IT38166 AFTER APPLYING 6.0.3.4 IFIX APAR IT37392, SFTP CLIENT GET FAILS WITH ERROR MESSAGE = [NO SUCH FILE: THE MESSAGE [XXX/ABC] IS NOT EXTRACTABLE!
IT31929 B2BI HAS SLOW FILE TRANSFER DOWNLOAD TIMES VIA THE SFTP CLIENT GET SERVICE, IT IS 3 TIMES SLOWER THAN DOWNLOADING THE SAME FILE USING FILEZILLA
IT33253 IMPLEMENTATION - NEW B2BI 6.0.1 INSTALL, THE CUSTOMIZATION UI ERROR TO CONSLOLE SSL PROTOCOL &TLS_VERSION LABEL IS NOT VALID. ONLY TLS, TLSV1, TLSV1.1 & TLSV1.2 ARE SUPPORTED
IT35432 JAVA.LANG.NULLPOINTEREXCEPTION WHEN DOING A LIST USING AWSS3CLIENT
IT35420 ON 6.0.3, SETTING NOAPP.DISTRIBUTIONONWEIGHT=TRUE IS CHANGING THE WFDOPTION VALUE IN THE WFD TABLE AND AFFECTS BP EXECUTION
IT35404 EBICS HKD/HTD RESPONSE FORMAT ERRORS
IT37558 PWDPOLICY: USER UNABLE TO RESET THEIR PASSWORD
IT38145 SUPPORT FOR AES-192/CBC/PKCS5 PADDING ENCRYPTION ALGORITHMS IN AS2
IT36811 FG PGP FAILURE - EXECUTION OF BP [CLEAR DOCUMENT POST PROCESSING FAILED.] FAILED, WFID:-1
IT37165 INVALID ELEMENT: USERNAME
IT37890 OPSSERVERRMIIMPL.GETWFTHREAD THREADS HAVE HIGH CPU USAGE
IT33363 USER LANDS ON INCORRECT DIRECTORY WHEN USERNAME HAS TRAILING SPACES
IT35861 RECOVER BPML FAILURE AFTER OVERCOME THE INT WF_ID VALUE
IT32753 ALL BUSINESS PROCESSES WERE ON HANG STATUS: RELATED TO SECURERANDOM
IT34746 LARGE NUMBER OF ERRORS IN THE SYSTEM LOGS
IT36470 INCORRECT FILEGATEWAY VERSION SHOWN IN DUMP_INFO/DASBOARD OF DOCKERIZED INSTALL
IT36472 HTTP SERVER SESSION SHOWS REMOTE CLIENT PORT AS 0
IT35034 FILTER SEARCH OF MAILBOX ROUTING RULE IN EXPORT DOES NOT WORK WHEN USING AN '_' UNDERSCORE
IT36643 TRADING PARTNER APIS TRUNCATING CUSTOM PROTOCOL EXTENSIONS' VALUES IF COLON SYMBOL IS PART OF EXTENSION VALUE
IT36772 SFTP CLIENT MOVE SERVICE - FAILING WHEN SAME FILENAME IS ALREADY PRESENT IN REMOTE DIRECTORY
IT36848 UNABLE TO ADD MORE THAN 65536 CHARACTERS IN SI MAP EXTENDED RULE. THE MAP EDITOR CRASHES
IT37017 REPEATED "ERROR 000110010734 WORKFLOW.WORKFLOW.ERR_NO_MSG_EXCEP NO_MSG_EXCEP " IN SYSTEM LOG ON 6.0.1.2
IT36968 HPB ORDER TYPE EBICS CLIENT DOES RECEIVE AN INVALID XML CHARACTER (UNICODE: 0X5) WHEN SECURITY.ENC_DECR_DOCS=ENC_ALL IS SET ON EBICS SERVER SIDE
IT36309 BACKUP CERTIFICATE "ASISSLCERT_DATE/TIME" WAS MISSED FROM FIX "IT33611: BACKUP SYSTEM CERTIFICATES ARE EXPIRED BUT UNABLE TO ADD TO THE CHECK EXPIRE SERVICE EXCLUSION LIST"
IT36298 EDI_RECONCILE997.ERR BECAUSE OF DEADLOCKS ON THE CORRELATION_SET TABLE WITH MSSQL
IT37341 NOTIFICATION ISSUE AFTER ENABLING REDELIVER AND REPLAY IN UI FOR TPS
IT38034 MYFG2.0 BROKEN AFTER UPGRADE TO V6.0.3.4
IT37110 REMOVE INVALID DOMAIN URLS FROM NOAPP.PROPERTIES_PLATFORM_IFCRESOURCES_EXT
IT36269 THE DEFAULTDOCUMENTSTORAGETYPE IN TUNING.PROPERTIES IS NOT UPDATED BY UI TUNING WIZARD
IT35803 WHEN REMEMBER SEARCH-BY VALUES IS CHECKED UNDER ACCOUNTS > MY ACCOUNT AND THEN SEARCHING UNDER TRADING PARTNER > CODE LISTS > SEARCH BY CODE LIST NAME IT IS REMEMBERING A WILDCARD "%" AS "&#037;"
IT35379 AWSS3CLIENT / PUT SERVICE GENERATES FILES INTO THE SI INSTALL/TMP DIRECTORY WHICH ARE NOT DELETED
IT35473 GOOGLE CHROME ISSUE - SSH KEYS
IT35367 CANNOT ENABLE A SCHEDULE WHEN IT IS SEARCHED FOR WITH A WILDCARD % CHARACTER
IT34231 DOCUMENTATION - IMPLEMENT EBICS - HSM (3S) SIGNING WITH SCONNECT
IT36042 CANNOT ADD ENTRY TO CODE LIST
IT35851 REST API UPDATE MAILBOX LIMITING THE USER FIELD TO 255 CHARACTERS AND THE UPDATE IS REPLACING THE EXISTING USERS
IT35087 MANY 2020-10-26 01:35:16.944] ERROR 000110010846 WORKFLOW.WORKFLOW.ERR_DOCUMENT_SETUSERLIFESPAN [DOCUMENT].SETUSERLIFESPAN() UNABLE TO INSERT/UPDATE DOCUMENT USER LIFESPAN
IT34982 REMOTE HOST IS INVALID. PLEASE ENTER A VALID DOMAIN NAME OR IPV4 OR IPV6 ADDRESS
IT34248 DELETE STERLINGCONNECTDIRECTNETMAPXREF API
IT34873 MESA ATTACHMENT ORDER CHANGED IN PROCESS DATA AFTER UPGRADE TO 6.0.3
IT35267 SBI 602 MISSING THE ROUTING RULE REST API WITHOUT SFG INSTALLED
IT35197 COMMUNICATION ADAPTERS DO NOT SHOW PS OPTIONS OTHER THAN "ALL&LOCAL"
IT34735 AWS S3 CLIENT SERVICE GET OPERATION DOES NOT GET THE DOCUMENTS AND LIST THEM AS PRIMARY DOCUMENTS WHEN FILE NAME PATTERN IS USED
IT34747 INCORRECT CREDENTIAL TYPE SHOWN IN B2B'S COMMUNICATION SESSION UI FOR B2B SFTP SERVER CONNECTION
IT38168 EBICSORDERPROCESSING IS WRITING IN FS, BUT IT SHOULD BE IN DATABASE
IT37342 DYNAMIC ROUTES ARE FAILING WHEN WORKFLOWID IN B2B IS GREATER THAN JAVA INTEGER MAX_VALUE (2^31-1)
IT37614 EBICS GOT DIFFERENT BEHAVIOR ON PROCESSING OF THE ORDER TYPE CCT VS FUL
IT32390 GLOBAL MAILBOX EVENT RULES NOT UPDATED/DELETED WHEN FG CHANNELS ARE DELETED WITH B2BI REST API
IT33966 DECOMPRESSION WHEN .ZIP HAS FILES WITH SPECIAL CHARACTERS
IT31959 INSTANCE DATA SCREEN SHOWS "USER DOES NOT HAVE PERMISSION" WHEN NAVIGATING A WORKFLOW ID THRU "OPERATIONS -> THREAD MONITOR" SCREEN
IT35913 XMLJSONTRANSFORMER RETURNS PROCESSDATA THAT IS NOT ACCESSIBLE WITH XPATH

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS3JSW","label":"IBM Sterling B2B Integrator"},"Component":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF014","label":"iOS"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"6.0","Edition":"","Line of Business":{"code":"LOB02","label":"AI Applications"}}]

Document Information

Modified date:
22 October 2021

UID

ibm10729175