IBM Support

Fix packs for DataPower Service Gateway version 7.0

Download


Abstract

List of fixes in fix packs for IBM WebSphere DataPower Service Gateway version 7.0.

Download Description

Fix packs are located on IBM Fix Central.

  • To read about new features, limitations, and restrictions, see the Release Notes in IBM Knowledge Center.
  • To download fix packs, go to the Fix Central website.

Important:


7.0.0.20

Release date: 25 September 2017
Last modified: 25 September 2017
Status: Available

APAR
Description
    A VULNERABILITY IN SYSTEM LOG ON IBM DATAPOWER GATEWAYS WEBGUI CONSOLE.
    A VULNERABILITY IN THE NODE.JS COMPONENT OF IBM DATAPOWER GATEWAYS. (CVE-2017-11499)
    A VULNERABILITY IN PROCESSING XDR DATA.



7.0.0.19

Release date: 1 June 2017
Last modified: 1 June 2017
Status: Available

APAR
Description
IT20690 POSSIBLE DENIAL OF SERVICE VULNERABILITIES IN SSL (CVE-2017-3731, CVE-2016-7055)



7.0.0.18

Release date: 23 March 2017
Last modified: 23 March 2017
Status: Available

APAR
Description
IT17957 MQ MESSAGES CONTAINING MQRFH2 HEADERS ARE NOT BACKED OUT TO BACKOUT DESTINATION
IT17976 TIBCO EMS FAULT-TOLERANCE MIGHT NOT RETRY BACKUP SERVER OR OTHER GROUPS
IT18091 GET-DIFF XML MANAGEMENT COMMAND DOES NOT GIVE CONFIGURATION DIFFERENCE IN CASE OF EXPORTS IN XML FORMAT
IT18379 DATAPOWER MIGHT RESTART UNEXPECTEDLY IF BACKEND FTP SERVER CLOSES ITS CONNECTION WITH DATAPOWER UNEXPECTEDLY
IT18516 MODIFYING SNMP SETTINGS DURING SNMP CLIENT TRAFFIC MIGHT RESTART THE FIRMWARE
IT18568 XML MANAGER XML PARSER TAB IGNORE SETTING DOES NOT WORK FOR ENTITY LEVEL EXTERNAL REFERENCES
IT18757 SECURITY ENHANCEMENTS ON WEBGUI CONSOLE
IT18842 GSKIT SWEET32 BIRTHDAY ATTACKS VULNERABILITY IN TAM/ISAM AND JMS COMPONENTS (CVE-2016-2183)
IT18973 DATAPOWER NFS POLLER FSH CAUSES A 0-BYTE FILE TO BE DELIVERED AS 1-BYTE FILE TO THE BACKEND.
IT19012 UNEXPECTED RESTART MIGHT OCCUR WITH LONG RUNNING SLM PEER GROUP CONFIGURATIONS
IT19049 DATAPOWER SSH CONNECTIONS CLOSURE MIGHT CAUSE AN UNEXPECTED RESTART IN RARE CIRCUMSTANCES
IT19063 SLM PEER GROUP CONFIGURATION FAILS DUE TO A STRING LENGTH MISMATCH
IT19145 DOMAIN QUIESCE/UNQUIESCE CAUSES MQ QM OBJECT LEAK THAT INTERMITTENTLY PREVENTS THE DOMAIN FROM RESTARTING
IT19703 TWO VULNERABILITIES IN THE SSH COMPONENT OF IBM DATAPOWER GATEWAYS (CVE-2016-10009, CVE-2016-10012)



7.0.0.17

Release date: 20 January 2017
Last modified: 20 January 2017
Status: Available

APAR
Description
IT15738 DATAPOWER MIGHT MISS STATE PARAMETER IN AN OAUTH ERROR RESPONSE
IT16154 DATAPOWER MIGHT RESTART WHEN TRYING TO TRANSFORM JSON CONTENT WITH XSLT CONTAINING <DP:URL-OPEN>
IT16790 DATAPOWER STORE:///LOG-SOAP.WSDL IS MISSING SOAPACTION ATTRIBUTE
IT16895 RELOAD OCCURS WHEN TRYING TO VIEW A PROBE WHICH CONTAINS NO CONTENT-TYPE
IT17171 HTTP CONTENT-TYPE HEADER CANNOT BE SET IN AN ERROR RULE WHEN CALLED BY ON-ERROR ACTION
IT17202 DP:SUBSTRING-BASE64() MIGHT RESTART DATAPOWER WITH OFFSET PARAMETER OUTSIDE VALID RANGE
IT17565 MQ CONNECTIONS MIGHT CAUSE RESTART
IT17603 ISAM CLIENT MIGHT NOT COME UP AFTER APPLIANCE RESTART
IT17658 STORED PROCEDURES WITH REFCURSOR ARGUMENTS FAIL WHEN USING DATA SOURCE OBJECTS WITH EXTENDED ORACLE SUPPORT ENABLED
IT17816 DISABLING A NFS LOGGING TARGET MIGHT CAUSE A DEVICE RESTART IN RARE CASES
IT17833 REUSE OF SSH PERSISTENT CONNECTIONS WHEN TIMEOUT OCCURS MAY CAUSE UNEXPECTED RELOAD.
IT17838 DATAPOWER MIGHT RESTART WHEN CERTAIN EXTENSION FUNCTIONS ARE EXECUTED UNDER LOAD
IT17898 DATAPOWER MIGHT RESTART TRIGGERED BY SSH CONNECT/DISCONNECT CYCLE
IT17917 DATAPOWER MEMORY USAGE MIGHT GROW SLOWLY OVER TIME IN A HEAVY SLM USAGE SCENARIO.
IT17930 DATAPOWER MIGHT RESTART WHEN DISABLING A LOAD BALANCER GROUP WITH HEALTH CHECK IN PROGRESS
IT18116 DATAPOWER MIGHT RESTART WHEN AN MQ CONNECTION SUFFERS FROM A BROKEN NETWORK CONNECTION.
IT18153 DATAPOWER CPU MIGHT SPIKE CAUSING UNRESPONSIVENESS WHEN THERE ARE MANY MQ HANDLERS DEFINED ON A SERVICE
IT18157 MQ ERROR CODE 2010 IS VISIBLE WHEN SHARING CONVERSATION IS USED EVEN IF MXMSGML OF QMGRS CHANNEL IS GREATER THAN MQ-QM MSG SIZE
IT18195 DATAPOWER MIGHT RESTART WHEN MQ-QM OBJECT STATE CHANGES FROM UP TO DOWN DURING HIGH VOLUME OF MQ TRAFFIC
IT18259 ON IDG UNDER DIAGNOSTICS MODE THE NIC ONLINE TEST FAILS AND LEDS STAY OFF EVEN WHEN THE CABLES ARE CONNECTED
IT18793 A VULNERABILITY IN SSL/TLS PROTOCOL IN IBM DATAPOWER GATEWAYS (CVE-2016-8610)



7.0.0.16

Release date: 21 November 2016
Last modified: 21 November 2016
Status: Available

APAR
Description
IT14560 APPLIANCE MIGHT RESTART UNDER HIGH LOAD WHEN USING ODR TO INTERFACE WITH WEBSPHERE LIBERTY
IT15078 XSD:MININCLUSIVE DOES NOT WORK FOR XML SCHEMA XSD:DATETIME WITHOUT TIMEZONE RESTRICTION
IT15287 APPLIANCE MIGHT RESTART IF DP:URL-OPEN EXTENSION FUNCTION CANNOT ALLOCATE A LARGE CONTIGUOUS BUFFER
IT16036 APPLIANCE MIGHT UNEXPECTEDLY RELOAD WHEN HTTP TRANSACTION FAILS DUE TO TIMEOUT
IT16244 INCORRECT SSL ERROR WRONG VERSION NUMBER IS ISSUED WHEN RECEIVING 5XX ERROR FROM HTTP PROXY SERVER WHEN USING CONNECT
IT16320 WILDCARD REGULAR EXPRESSION FOR DOMAIN NAME IS NOT WORKING IN ACCESS PROFILE
IT16351 APPLIANCE MIGHT RELOAD WHEN TCP PROXY RECEIVES UNEXPECTED EOF ON FRONT OR BACK SIDE PORT
IT16398 PROBE WILL FAIL (COMPILE ERROR) IN AN APPLICATION DOMAIN IF DEFAULT DOMAIN IS NOT VISIBLE TO THAT DOMAIN
IT16449 DYNAMIC MULTISTEP ACTION LEAK MAY OCCUR IN DOMAINS HAVING SSH FSH WITH AAA POLICY
IT16474 WTX DPA MAP IN DATAPOWER DOES NOT RETURN CORRECT MILLISECONDS VALUE IN CURRENTDATETIME() CALL
IT16647 DATAPOWER MAY CORRUPT MIME ATTACHMENTS DURING PROCESSING WHEN DATA MEETS A VERY RARE CONDITION
IT16673 WEB APPLICATION FIREWALL MIGHT CAUSE RELOAD ON EVALUATING A MALFORMED COOKIE
IT16813 SMTP COMMUNICATION MIGHT FAIL DUE TO DATAPOWER SENDING A MALFORMED REQUEST
IT16814 BAD SYNCHRONIZATION IN DATAPOWER MIGHT CAUSE A RESTART IN MQ FSH
IT16833 DELETING AN FTP, SFTP, OR NFS POLLER MIGHT TRIGGER A RELOAD
IT16873 DATAPOWER INTERMITTENT AND UNEXPECTED RESTART WITH MQ SHARING CONVERSATION
IT16908 INCLUDE EXISTING COMMAND LINE INTERFACE LOGS IN AN ERROR REPORT IN CASE OF UNEXPECTED RESTART
IT16932 TRYING TO LIST A DIRECTORY AFTER ISSUING CCC FTP COMMAND MIGHT CAUSE A RELOAD
IT16950 TRANSFORMATION ACTION INCREMENTING MESSAGE COUNTER ASYNCHRONOUSLY MIGHT TRIGGER A RELOAD
IT17003 SNMP INTERFACE64 COUNTER WRAPS INCORRECTLY AT 4294967296 BYTES
IT17056 WSDL REFRESHES CONTINUE AFTER DISABLING DOMAIN
IT17082 APPLIANCE MIGHT UNEXPECTEDLY RELOAD WHEN EXECUTING A CONFIGURATION CHECKPOINT
IT17122 APPLIANCE MIGHT RELOAD WHEN CONFIGURING XC10 GRID ENCRYPTION IF THE WRONG TYPE OR LENGTH KEY IS USED
IT17125 DATAPOWER HSM COMPONENT FIRMWARE LEVEL 2.2 DOES NOT ALLOW TO IMPORT ANY KEYS INTO HSM
IT17138 DATAPOWER HSM VERSION 2.2 MIGHT CAUSE RSA SIGNATURE FAILURE
IT17146 DATAPOWER MIGHT RESTART WHILE COLLECTING AN ERROR REPORT
IT17165 HTTP/1.1 411 LENGTH REQUIRED ERROR RETURNED FOR EMPTY POST/PUT WITHOUT CONTENT_LENGTH HEADER
IT17182 SSH MITIGATION FOR CVE-2010-5107
IT17195 COPYING A FILE TO AN NFS STATIC MOUNT VIA THE CLI INCORRECTLY REPORTS SUCCES WHEN THE MOUNT IS DOWN
IT17221 GATEWAYSCRIPT URLOPEN MODULE CAUSES DOCUMENT PARTIALLY CACHED UNDER SOME CONDITIONS
IT17236 DELETING APPLICATION DOMAINS MIGHT TAKE LONGER
IT17261 WHEN CHANGING THE CONFIGURATION FOR A MULTI-PROTOCOL GATEWAY OR WEB SERVICE PROXY, DATAPOWER MIGHT RELOAD
IT17280 SIX VULNERABILITIES IN THE SSL COMPONENT OF IBM DATAPOWER GATEWAYS
IT17323 GATEWAYSCRIPT URLOPEN MODULE WILL HANG UNDER SOME CONDITIONS
IT17325 GATEWAYSCRIPT URLOPEN MODULE CAUSES DOCUMENT TO BE PARTIALLY CACHED WHEN THE CONNECTION TIMES OUT
IT17441 MODIFYING LOAD BALANCER GROUP CONFIGURATION WHILE APPLIANCE UNDER HEAVY LOAD MIGHT LEAD TO APPLIANCE RELOAD
IT17895 THE DEVICE MIGHT SHOW MEMORY GROWTH DUE TO DELAY IN RELEASING MEMORY FROM THE BACKEND URL ASSOCIATED WITH THE WS-PROXY SERVICE
IT17896 APPLIANCE MIGHT HANG AND RESTART, GENERATING A WATCHDOG BACKTRACE



7.0.0.15

Release date: 16 September 2016
Last modified: 16 September 2016
Status: Available

APAR
Description
IT14088LOAD BALANCER GROUP STATUS UPDATE MAY CAUSE UNEXPECTED APPLIANCE RESTART
IT15007PASSING INCORRECT HREF FORMAT INTO A XFORMPI ACTION WILL TRIGGER UNEXPECTED APPLIANCE RESTART
IT15140USE OF ENFORCE-RBM ON CLI MAY CAUSE UNEXPECTED APPLIANCE RESTART WHEN PROCESSING CLI COMMAND
IT15445DELETING OR RESTARTING A DOMAIN WITH AN NFS STATIC MOUNT MIGHT UNEXPECTEDLY RESTART THE APPLIANCE
IT15457DIFFICULTY IN COMMUNICATING WITH NFS SERVER MAY CAUSE HIGHER SUSTAINED CPU USAGE
IT15649INCORRECT MILLISECOND TIMESTAMP LOG FORMATTING IN CASE OF MILLISECOND PART LESS THAN 100
IT15721APPLIANCE MAY UNEXPECTEDLY RESTART WHEN BACKEND SFTP SERVER DELAYS ITS SSH CONNECTIONS TO THE DEVICE
IT15764USING SPECIAL CHARACTERS IN SFTP PASSWORD MAY RESULT IN FAILURE TO CONNECT TO SFTP SERVER
IT15844CHANGES IN INTERFACE CONFIGURATION USING STANDBY CONTROL MAY CAUSE AN UNEXPECTED APPLIANCE RESTART
IT15848DOMAIN CHECKPOINT STATUS MAY CAUSE UNEXPECTED APPLIANCE RESTART
IT15996SOURCE-MQFTE MAY CAUSE UNEXPECTED APPLIANCE RESTART WHEN POLLING MQ SERVER
IT15997WHILE UPDATING NFS MOUNT STATE AN UNEXPECTED APPLIANCE RESTART MAY OCCUR
IT16042DISABLING AN NFS STATIC MOUNT MAY LEAD TO AN UNEXPECTED APPLIANCE RESTART
IT16229NFS MOUNTS MAY NOT ENTER AN UP STATE CORRECTLY
IT16241GENERATING ERROR REPORT MAY RESTART THE APPLIANCE WHILE DATAPOWER TRIES TO GET GATEWAYSCRIPT RUNTIME HEAP STATISTICS
IT16279GATEWAYSCRIPT VULNERABILITY IN THE V8 COMPONENT OF IBM DATAPOWER GATEWAYS (CVE-2016-1669)
IT16715SERVICE UTILIZING MQ BACKOUT MAY CAUSE AN UNEXPECTED APPLIANCE RESTART IF BACKOUT ATTEMPT OCCURS



7.0.0.14

Release date: 20 July 2016
Last modified: 20 July 2016
Status: Available

APAR
Description
IT12955 COOKIE ATTRIBUTE POLICY MAY NOT RELEASE MEMORY
IT13810 SFTP FRONT SIDE HANDLER IS STILL DOWN EVEN AFTER ENABLING THE DOMAIN
IT14033 IMPROPER USE OF DP:SUBSTRING-BASE64() ON NON-BASE64 DATA MIGHT RESULT IN APPLIANCE RESTART
IT14084 NFS POLLER FSH DOES NOT START WORKING AFTER INITIAL CREATION OF THE OBJECT.
IT14135 MESSAGES THAT REQUIRE SIGNATURE MAY NOT BE REJECTED IF IT IS NOT SIGNED
IT14267 THE DATAPOWER DEVICE MAY RELOAD DUE TO LARGE NUMBER OF MQ CONNECTIONS BEING USED RESULTING MANY MQ ERROR OF 2059.
IT14318 FIRMWARE UPGRADE MAY THROW VALIDATION ERROR WHEN INTERNAL FILESYSTEM SPACE IS FULL
IT14325 SYSTEM USAGE FOR DCO TASK MAY REPORT A LOWER THAN EXPECTED VALUE FOR CPU USAGE
IT14387 TASKS REPORTED MULTIPLE TIMES IN SYSTEM USAGE, POSSIBLY IMPACTING PERFORMANCE AND STABILITY
IT14456 IT MAY CAUSE HIGH CPU USAGE WHEN ENABLE-SHARING IS ENABLED IN SQL DATA SOURCE RUNTIME SETTINGS.
IT14650 UNABLE TO CONFIGURE MANY SECONDARY ADDRESSES.
IT14708 WHEN PROCESSING EMPTY BODIED RESPONSES ON SSL ENABLED XML FIREWALL APPLIANCE MAY EXPERIENCE CONNECTION FAILURES
IT14743 DATAPOWER FIRMWARE 7.2 MAY HANG IF THROTTLE IS ENABLED. WITH THROTTLE ENABLED, ADDING NEW ADMIN USERID MAY CAUSE REBOOT.
IT14807 DATAPOWER MIGHT RESTART UNEXPECTEDLY IF TRYING TO COMPILE A WSDL THAT CONTAINS NON-URL <SOAP:ADDRESS LOCATION=.../> VALUE
IT14875 GATEWAYSCRIPT URLOPEN FUNCTION RESPONSE.HEADERS OUTPUT IS NOT CORRECT WHEN HEADER IS NON-COALESCED.
IT14892 USER SESSION NOT TERMINATED ON ACCOUNT LOCKOUT.
IT14914 DOCUMENT CACHE CAN RETURN INCORRECT RESULTS UNDER HEAVY LOAD
IT14936 A VULNERABILITY IN CROSS-SITE REQUEST FORGERY
IT14996 RESTARTING/DISABLING/ENABLING A DOMAIN CONTAINING NFS STATIC MOUNTS MIGHT TAKE A LONG TIME TO COMPLETE IN CERTAIN SITUATIONS
IT15099 NFS MOUNT MAY NOT COME UP CORRECTLY
IT15160 IBM DATAPOWER GATEWAY THE SAME CACHE NAME FROM DIFFERENT DPA OBJECTS MIGHT BE WRONGLY USED TO THE DIFFERENT SERVICE.
IT15218 POSSIBLE INSTABILITY WHEN OUT OF FILE DESCRIPTORS
IT15231 SLM MULTICAST PEERING NOT UPDATING CORRECTLY
IT15234 SFTP POLLER MIGHT STOP WORKING
IT15295 HMTL FORMS LOGIN - COOKIE ATTRIBUTE POLICY DOES NOT INCLUDE SECURE ATTRIBUTE
IT15324 WTX ENGINE MIGHT RESTART WHEN PROCESSING SPECIAL CHARACTERS IN DOUBLE-BYTE MODE.
IT15340 A RELOAD MAY OCCUR DURING RAPID AND REPEATED MOUNTING AND UNMOUNTING OF AN NFS MOUNT.
IT15367 CERTAIN FTP REQUESTS MAY RESULT IN AN UNEXPECTED RELOAD
IT15442 DATAPOWER MIGHT FAIL TO IMPORT FILES WHICH HAVE IDENTICAL PATH/FILENAME IF REMOVING FOLDER / SLASHES
IT15454 VULNERABILITIES IN THE SSL COMPONENT OF IBM DATAPOWER GATEWAYS.
IT15458 VULNERABILITIES IN THE SSL COMPONENT OF IBM DATAPOWER GATEWAYS.
IT15508 WTX INTERNAL ERROR. UNEXPECTED MAPPING ERROR.
IT15555 FIPS COMPLIANCE REQUIRES 2048 BYTE OR LARGER KEYS ON HSM
IT15629 BINARY TRANSFROM WITH WTX MAP MAY THEORETICALLY FAIL IN EXTREMELY RARE RANDOM CASES.
IT15693 WHILE USING MQ FTE FRONT SIDE HANDLER APPLIANCE MAY UNEXPECTEDLY RELOAD
IT15708 THE MQ-QM OBJECT FAILS WHEN SSL CONNECTIONS ARE USED IN SLOW NETWORKS.
IT16865



7.0.0.13

Release date: 20 May 2016
Last modified: 20 May 2016
Status: Available

APAR
Description
IT11118 DATAPOWER MIGHT FAIL TO CANCEL PROCESSING IF AN FTP POLLER FRONTSIDE HANDLER CANNOT RENAME THE INPUT FILE
IT12023 INCORRECT XSLT BEHAVIOR WHEN COMPARING LOCAL VARIABLES
IT12165 NFS OBJECTS MAY NOT CLEAN UP CORRECTLY AND USE ADDITIONAL RESOURCES
IT12248 OCSP, WSRR, OR XC10 RELATED TRANSACTIONS MAY STALL IF THE TARGET SERVER USES PERSISTENT CONNECTIONS
IT12405 MIME PROCESSING MAY CAUSE AN UNEXPECTED RESTART
IT12502 WSRR AUTOMATIC SYNCHRONIZATION MAY CAUSE APPLIANCE TO RESTART
IT12515 CONNECTION ERROR MAY BE LOGGED MULTIPLE TIMES
IT12822 APPLIANCE MAY RESTART WHEN USING SLM SCHEDULING IN COMBINATION WITH THE ACTION SET TO SHAPING
IT12929 ADD THREE BUFFER COMPARE FUNCTIONS TO GATEWAYSCRIPT
IT12946 DATAPOWER MAY RESTART WHEN MQ FRONTSIDE HANDLER IS MISCONFIGURED
IT13148 INCORRECT MQ CONNECTION HANDLING MAY CAUSE AN UNEXPECTED APPLIANCE RESTART
IT13158 DNS RESOLUTION MIGHT FAIL DUE TO CASE SENSITIVITY
IT13795 DATAPOWER WEBSERVICE PROXY WITH MQ FSH REQUEST MATCHING LOGIC MIGHT STRUGGLE WITH AMBIGUOUS RESULTS ALSO VISIBLE IN LOGS
IT13844 WHEN PROCESSING MQ TRANSACTIONS APPLIANCE MAY UNEXPECTEDLY RESTART
IT13885 WHILE PROCESSING MQ URLOPENER IN A TRANSACTION, APPLIANCE MIGHT UNEXPECTEDLY RESTART
IT13913 USE OF THE PROBE MAY CAUSE AN UNEXPECTED APPLIANCE RESTART LATER WHEN GENERATING INTERNAL-STATE OR ERROR REPORT.
IT14028 SYSLOG MESSAGES WILL NOT CONTAIN NEW LINE IF OVER 1024 CHARACTERS LONG
IT14089 APPLICATION DOMAINS THAT USE EXTERNAL CONFIGURATION SOMETIMES FAIL TO LOAD
IT14128 THE WAY A CACHE KEY WAS INTERNALLY BUILT CAUSED ISSUES FOR THE DOCUMENT CACHE WHEN INTEGRATING WITH WEBSPHERE EXTREME SCALE
IT14136 USING NFS-POLLERS MIGHT LEAD TO UNEXPECTED MEMORY GROWTH
IT14139 GATEWAY DEBUG PROBE DATA NOT IMPORTED WHEN USING XML MANAGEMENT INTERFACE
IT14147 CLICKING AN OBJECT WITH INVALID CONFIGURATION IN WEBGUI MIGHT RESTART THE APPLIANCE
IT14185 IN SOME CASES UNQUIESCING SERVICES LISTENING ON 0.0.0.0 IN A SELF-BALANCED GROUP MAY NOT CAUSE THEM TO GET REINSTATED
IT14190 UNEXPECTED APPLIANCE RESTART MIGHT OCCUR DURING AN INTERNAL PROCESS SUCH AS ISAM
IT14230A VULNERABILITY IN THE SSL COMPONENT OF IBM DATAPOWER GATEWAYS. (CVE-2016-0701 CVE-2015-3197)
IT14231 A VULNERABILITY IN THE SSL COMPONENT OF IBM DATAPOWER GATEWAYS (CVE-2015-3195)
IT14295 GATEWAYSCRIPT READASJSON() CANNOT PROCESS UTF-8 ENCODED JSON DATA THAT IS BOM PREFIXED (BYTE ORDER MARK).
IT14409 HIGH LOAD SEEN DUE TO MQ SHARING CONVERSATIONS
IT14472 ACCESS MANAGER DOWN AFTER DEVICE RESTART



7.0.0.12

Release date: 8 March 2016
Last modified: 8 March 2016
Status: Available

APAR
Description
IT13989GNU C LIBRARY (GLIBC) VULNERABILITY AFFECTS IBM DATAPOWER GATEWAYS (CVE-2015-7547)
IT14164A HASH SELECTOR VULNERABILITY IN IBM GSKIT AFFECTS IBM DATAPOWER GATEWAYS.



7.0.0.11

Release date: 5 February 2016
Last modified: 5 February 2016
Status: Available

APAR
Description
IT10034 REFRESHING AN OAUTH ACCESS TOKEN DOES NOT RESULT IN AN ERROR WHEN USING INVALID PARAMETER
IT11162 DATAPOWER RESTARTS WHILE PROCESSING MIME ATTACHMENT WITH VERY LONG FILENAME (OVER 254 CHARACTERS) AND PROBE ENABLED.
IT11174 AAA LDAP AUTHENTICATION OR AUTHORIZATION MIGHT FAIL WHEN DN CONTAINS WHITE SPACE.
IT11215 SFTP ISSUE PASSING CERTAIN NON-ALPHANUMERIC CHARACTERS IN PASSWORD
IT11366 URL-OPEN IN GATEWAYSCRIPT MAY CAUSE UNEXPECTED RELOAD WHEN UTILIZING THE HEADER OPTIONS.
IT11426 OAUTH REFRESH TOKEN CANNOT BE RE-USED
IT11551 DATAPOWER RESTART CAUSED BY MISSING SYNCHRONIZATION IN PROBE CODE
IT11552 TRANSACTIONS MIGHT HANG ON CACHED DOCUMENT REVALIDATION OR THE APPLIANCE MIGHT RESTART
IT11642 APPLIANCE LOAD ALONG WITH DIAGNOSTIC COMMAND CAN RESULT IN RESTART OF THE APPLIANCE.
IT11678 USING SNMP FOR OID 1.3.6.1.2.1.4.20 CAN LEAD TO UNEXPECTED BEHAVIOR INCLUDING HUNG TRANSACTIONS AND APPLIANCE RESTART
IT11697 SNMP FUNCTION HAS POTENTIAL VULNERABILITIES
IT11733 OAUTH AUTHENTICATION WHOSE GRANT TYPE IS PASSWORD FAILS WHEN THE PASSWORD CONTAINS %
IT11760 DATAPOWER MAY RESTART UNEXPECTEDLY IF ATTEMPTING TO PROCESS INPUT LARGER THAN 1 GB USING GATEWAYSCRIPT BUFFER API
IT11824 IN RARE CASES, USING SECURE BACKUP MIGHT LEAD TO UNEXPECTED BEHAVIOR INCLUDING HUNG TRANSACTIONS AND APPLIANCE RESTART
IT11825 USING SECURE BACKUP MIGHT LEAD TO UNEXPECTED BEHAVIOR INCLUDING HUNG TRANSACTIONS AND APPLIANCE RESTART
IT11841 USE OF STANDBY GROUP WITH SELF-BALANCING CAN RESULT IN UNEXPECTED BEHAVIOR INCLUDING HUNG TRANSACTIONS AND RESTART
IT11926 THE APPLIANCE MAY UNEXPECTEDLY RESTART WHEN PERFORMING AN MQFTE BACKOUT
IT11928 RBM RADIUS FAILOVER NOT WORKING
IT11997 FTP FRONT SIDE HANDLER ENDS THE CONNECTION WHEN PASSIVE PORT IS 65535
IT12032 DATAPOWER APPLIANCE MAY UNEXPECTEDLY RESTART IN MQFTE TRANSACTION
IT12035 APPLIANCE MAY RESTART WHILE PROCESSING MQ
IT12040 RESOURCE OWNER IS SET INCORRECTLY WHEN FORMS LOGIN COOKIE IS BEING USED
IT12043 APPLIANCE MAY HANG AND WATCHDOG DURING THE OAUTH CONFIGURATION
IT12061 UNDER LOAD AN SSL PROXY SERVICE MAY INTERMITTENTLY FAIL
IT12100 JSON SCHEMA VALIDATION MAY PRODUCE INCORRECT RESULTS WHEN JSON SCHEMA CONTAINS THE ITEMS KEYWORD
IT12258 WHILE PROCESSING MQ TRANSACTIONS APPLIANCE MAY UNEXPECTEDLY RESTART
IT12548 IN SOME CASES DATAPOWER MAY NOT PROPERLY PARSE DIME MESSAGES, WHICH RESULTS IN A MALFORMED MESSAGE BEING SENT TO THE NEXT HOP
IT12556 UNEXPECTED RESULTS MAY BE DISPLAYED ON STATUS PROVIDERS AND IN SOME CASES CAUSE UNEXPECTED RESTART ON ERROR REPORT GENERATION
IT12635 SOME OBJECTS MAY UNINTENTIONALLY BE EXPORTED RESULTING IN ERROR MESSAGES ON RE-IMPORT.
IT12655 TCP PROXY SERVICE MAY CLOSE THE FRONT-SIDE CONNECTION IN MIDDLE OF DATA TRANSFER
IT12696 TCP WINDOW SCALING OPTION CANT BE TURNED OFF
IT12703 DATAPOWER MAY UNEXPECTEDLY RESTART DURING CONFIGURATION IMPORT
IT12722 UNICAST SLM PEERING NOT SYNCING WITH OTHER IN PEER GROUP.
IT12863 SET-CONFIG SOMA CALL MAY FAIL IF INSERTIONATTRIBUTES ELEMENT IS INCLUDED
IT13742SLOTH: VULNERABILITIES IN TLS HANDSHAKE DUE TO USE OF MD5 SIGNATURES



7.0.0.10

Release date: 6 November 2015
Last modified: 6 November 2015
Status: Available

APAR
Description
IT09081ERRORS ARE SEEN WHEN AN FTP CLIENT CLOSES THE CONNECTION IMMEDIATELY AFTER OPENING A DIRECTORY
IT09195DYN:EVALUATE FUNCTION USED IN <XSL:WITH-PARAM> CAUSES AN APPLIANCE RESTART
IT09741SLM PARAMETERS ARE NOT UPDATED ON PEER APPLIANCES WHEN POLICY VARIABLES ARE USED FOR WS-MEDIATIONPOLICY
IT09792VALIDATE DOCUMENT VIA SCHEMA ATTRIBUTE WITH NON-XML SERVICE REQUEST TYPE RESTARTS APPLIANCE
IT09820A WATCHDOG RESTART MIGHT OCCUR WHEN DELETING OR RESTARTING DOMAINS WHILE APPLIANCE IS REBOOTING
IT09865USER WITH READ-EXECUTE ONLY PERMISSIONS MAY NOT EXPORT ALL OBJECTS IN CONFIGURATION
IT09987INVALID SCHEMA WITH XSD:UNIONS MEMBERTYPES ATTRIBUTE REFERENCING ITSELF COMPILES ENDLESSLY
IT10105CVE-2015-1788 MALFORMED ECPARAMETERS MIGHT CAUSE INFINITE LOOP
IT10115VALIDATION USING XSD:DECIMAL TYPE, IN SOME CASES, MAY CAUSE FALSE REJECTIONS
IT10149AN FTP TRANSACTION MIGHT NOT COMPLETE OR TIME OUT
IT10258APPLIANCE MAY UNEXPECTEDLY RESTART WHEN VALIDATING JSON MESSAGESIN CASE OF A LARGE JSON SCHEMA
IT10279MISSING SECURE ATTRIBUTE ON SESSION COOKIE
IT10321POLLING STATISTICS MAY CAUSE AN UNEXPECTED RESTART
IT10355UNIQUE CACHE KEY IS NOT USED FOR PROTOCOL BASED CACHE POLICY TYPES
IT10426RAW TCP URL-OPEN MAY CAUSE A RESTART IF YOU PASS A NULL STRING AS THE HOSTNAME
IT10444STATISTICS SETTINGS MAY BE SHOWING DOWN AFTER FIRMWARE UPGRADE
IT10479GATEWAY SCRIPT MIGHT CAUSE UNRELEASED MEMORY GROWTH WHILE PROCESSING CONTEXT.SETVAR().
IT10501DOCUMENT CACHE MIGHT STOP CACHING UNDER SOME CIRCUMSTANCES
IT10508APPLIANCE MAY RESTART WHEN USING INCLUDE-CONFIG IF THE CONFIG FILE IS NOT ACCESSIBLE ON THE NETWORK
IT10598SECURE-BACKUP MAY CAUSE DEVICE TO HANG UNEXPECTEDLY
IT10637LDAP SEARCH WITH LDAP CONECTION POOL MAY GET MSGID MISMATCH ERROR
IT10644DATAPOWER WEBGUI WARNING MESSAGE MAY SHOW WRONG DEVICE TYPE ON DOWNGRADE
IT10660ANONYMOUS SLA ALWAYS TRIGGERED WHEN CUSTOM MCF TYPE USED FOR SLA
IT10718THE DATAPOWER GATEWAY RESTARTS WHILE USING STYLESHEET TO AUTOMATICALLY CLEAR THE CACHE
IT10890LARGE XSLT UPLOAD IN INTERNET EXPLORER (IE) CAUSES HANG
IT10924ON DOMAIN DELETE WITH AN NFS STATIC MOUNT AN APPLIANCE RESTART MAY OCCUR
IT10977DATAPOWER FAILS TO CREATE VALID XML IN CONVERT-HTTP(JSON) ACTION IF JSON STRING CONTAINS "\U0026" OR "\U003E".
IT10978DATAPOWER MAY RESTART IF A SIGNATURE VERIFICATION OF A RETURNED SIGNED MDN MESSAGE FAILS AND IS HANDLED IN AN ERROR RULE
IT11010IN RARE CASES BACKTRACES MAY NOT BE GENERATED PROPERLY
IT11082MISSING REMOTE PORT IN AN XSL PROXY SERVICE MIGHT CAUSE A RESTART
IT11147DATAPOWER MQ-QM FAILS TO CONNECT WITH AN MQ REASON CODE OF 2538 WHEN SSL IS USED
IT11169CONTENT-TYPE HEADER REMOVED FROM GET REQUESTS
IT11190SOME WEB SERVICE PROXY CONFIGURATIONS MAY DEVELOP A STATE WHERE CHANGES CANNOT BE APPLIED THROUGH INTERNET EXPLORER
IT11191DURING A WEB TOKEN SERVICE TRANSITION TO UP STATE THE DATAPOWER APPLIANCE MIGHT UNEXPECTEDLY RESTART



7.0.0.9

Release date: 4 September 2015
Last modified: 12 October 2015
Status: Available

APAR
Description
IT08399TCP PROXY BEING UNABLE TO WRITE TO FRONT END MAY CAUSE APPLIANCE RESTART
IT08663SOME SSL CONNECTIONS WHICH FAIL TO COMPLETE HANDSHAKE MIGHT NOT TIME OUT
IT08758Z/OS CANNOT SET UP CONTROL CONNECTION WITH THE SYSPLEX CONTROL SERVICE ON DATAPOWER WHEN USING IPV6
IT08760IN THE GATEWAYSCRIPTSTATUS SECTION OF AN ERROR REPORT, THE TOTALHEAPSIZEEXECUTABLE IS INCORRECT
IT08838WITH MQ SHARED CONVERSATION ENABLED, ANY ACCESS PROBLEM TO THE MQ SERVER MIGHT RESULT IN A DATAPOWER UNEXPECTED RESTART
IT08971INDEFINITE HTTP GET REQUEST RETRIES CAN OCCUR WHEN USING SERVICES WITH PERSISTENT CONNECTIONS
IT09063DATAPOWER XML MANAGEMENT COMMANDS MIGHT INTERMITTENTLY FAIL TO COMPLETE
IT09129CUSTOM OAUTH PROCESS DOES NOT PROVIDE SPECIFIC ERROR_ID IF VERIFY-AZ-REQUEST FAILS
IT09132USING THE DIAGNOSTIC COMMAND SHOW HANDLES CAN RESULT IN UNEXPECTED BEHAVIOR
IT09145DISABLING ALL DOMAINS OR APPLIANCE QUIESCE WITH LARGE AMOUNT OF SQL CONNECTIONS MAY LEAD TO AN UNEXPECTED RESTART OF APPLIANCE
IT09269DOMAIN MEMORY USAGE DATA SHOWS INCORRECT NUMBER IN WEBGUI
IT09304VIRTUAL APPLIANCES RUNNING ON HOSTS WITH HOTPLUG CPUS ENABLED OR MORE THAN 40 CPUS MAY UNEXPECTEDLY RESTART
IT09308SERVICE LEVEL MANAGEMENT CONFIGURED POLICIES MIGHT NOT BE PROPERLY ENFORCED
IT09358DATAPOWER MPGW, WSP AND WAF SERVICES DO NOT PRESERVE HTTP 1.0
CONTENT-LENGTH ON PASSTHROUGH RESPONSE IF CONTENT-LENGTH > 32K
IT09382DATAPOWER APPLIANCE MIGHT UNEXPECTEDLY RESTART WHEN PEER GROUP IS ENABLED AND HAS IMPROPERLY FORMATTED URL
IT09396CONTENT-LENGTH HEADER NOT AVAILABLE IN RESPONSE OBJECT AFTER MAKING URL-OPEN CALL
IT09510ERROR RETURNED WHEN SFTP CLIENT ATTEMPTS TO PERFORM FILE RENAME AGAINST SFTP FSH WITH FTP AND FTPS URL OPENERS
IT09638WHEN USING SSL OPTIONS TO GENERATE SSL PROXY PROFILE FOR MQ-QM AN UNEXPECTED DISCONNECT MAY OCCUR.
IT09742WHEN TRYING TO UPDATE SUMMARY OF AN ACCESS CONTROL LIST (ACL) OBJECT FROM THE CLI AN APPLIANCE RESTART MIGHT OCCUR
IT09773WHILE DELETING AN MQ DOMAIN THAT INCLUDES SSL PROFILES GENERATED BY SSL OPTIONS, DATAPOWER MIGHT EXPERIENCE AN UNEXPECTED RESTART
IT09825MANY CONCURRENT SFTP POLLER CONNECTIONS MIGHT RESULT IN AN UNEXPECTED IMMEDIATE RESTART
IT09835JSONIQ HANDLING OF JSON INPUT WITH SURROGATE PAIRS OR ESCAPED CHARACTERS IS BROKEN
IT09902SLM ENFORCEMENT BY PAYLOAD REQUEST SIZE MIGHT NOT WORK IN PEERING SCENARIOS
IT09938EXTENSION FUNCTION DP:RADIX-CONVERT() MIGHT CAUSE AN UNEXPECTED APPLIANCE RESTART
IT10006CONTENT-SECURITY-POLICY HEADER DEFAULT-SRC MIGHT NOT RENDER PROPERLY IN CASCADING STYLE SHEETS
IT10010DURING A WEB TOKEN SERVICE TRANSITION TO UP STATE THE DATAPOWER APPLIANCE MIGHT UNEXPECTEDLY RESTART
IT10055THE GNU C LIBRARY (GLIBC) HAS VULNERABILITIES AS SPECIFIED IN CVE-2013-7423 AND CVE-2015-1781
IT10061CVE-2015-4000 DIFFIE-HELLMAN 512-BIT EXPORT-GRADE CIPHER MIGHT BE VULNERABLE TO ATTACKERS
IT10064CVE-2014-9636, CVE-2014-8139, CVE-2014-8140, CVE-2014-8141 UNZIP UTILITY MIGHT RESULT IN AN UNEXPECTED RESTART
IT10086TIMED OUT SSL COMMUNICATION MIGHT NEVER FINISH
IT10104CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2014-8176 OPENSSL PSIRT ISSUES
IT10110WEBGUI OPTIONS FOR SSLV3 EXIST FOR MQ
IT10128WITH MQ SHARING CONVERSATION ENABLED AND HIGH MESSAGE TRAFFIC A DATAPOWER APPLIANCE MIGHT UNEXPECTEDLY RESTART
IT10165APPLIANCE MAY RESTART IF XML MANAGEMENT INTERFACE IS LISTENING ON A HOST-ALIAS, ::, OR 0.0.0.0 AND WSRR SUBSCRIPTION IS USED
IT10219DOCUMENT CACHE CONTINUES TO REFETCH RESOURCES EVEN IF BACKEND CONFIRMS NO CHANGE SINCE CACHED COPY
IT10699REQUESTS THAT ARE ACCEPTING STALE RESPONSES ARE BLOCKED WHEN THE REQUESTED RESOURCE IS IN PENDING STATE
IT11312DOCUMENT CACHE TREATS 304 RESPONSE WITH ETAG THAT IS DIFFERENT FROM CACHED ENTRY ETAG AS UNSUCCESSFUL REVALIDATION
IT11326DOCUMENT CACHE DOES NOT UPDATE ALL HEADERS OF CACHED ENTRY ON 304 RESPONSE
IT15264CUSTOM OAUTH PROCESS DOES NOT RETURN STATE PARAMETER IN ERROR RESPONSE



7.0.0.8

Release date: 30 June 2015
Last modified: 29 June 2015
Status: Available

APAR
Description
IT06611ISAM REQUESTS MAY NOT ROUTE PROPERLY WHEN BOTH IPV4 AND IPV6 ROUTES ARE CONFIGURED
IT06777DATAPOWER MIGHT UNEXPECTEDLY RELOAD ATTEMPTING TO GET THE NEXT ODR LOAD BALANCER MEMBER
IT07047XSLT COMPILE OPTIONS POLICY SETTING STYLESHEET SPECIFIED IS NOT HONORED.
IT07218MESSAGE BODY MIGHT BE INCORRECTLY RETURNED WITH HTTP 204 RESPONSE
IT07353RESTARTING A DOMAIN WITH NUMEROUS MQ QUEUE MANAGERS MIGHT RESULT IN AN UNEXPECTED APPLIANCE RESTART
IT07384DATAPOWER V7 FIXED FORMAT TOGGLE HAS NO EFFECT FOR THE CSV LOG TARGET FORMAT
IT07459NOT ABLE TO ROUTE A MULTI-CELL (STAR) TOPOLOGY VIA DATAPOWER / ODRLIB
IT07807IN SOME CASES DP:DEFLATE WITH GZIP ALGORITHM WILL CAUSE PAYLOADS TO BE TRUNCATED
IT07905RESTARTING A DOMAIN MIGHT RESULT IN AN UNEXPECTED IMMEDIATE RESTART
IT07921SSH ACTIVITY MIGHT CAUSE UNEXPECTED BEHAVIOR
IT07956USING ACCESS CONTROL LISTS IN A NETWORK ENVIRONMENT WITH PACKET FRAGMENTATION MIGHT RESULT IN THE INSTABILITY OF TCP CONNECTIONS
IT08134REGEXP:REPLACE() MIGHT YIELD INCORRECT RESULTS WHEN INPUT TEXT CONTAINS MULTI-BYTE CHARACTERS
IT08202DEPRECATED SQL CLI COMMANDS MIGHT CAUSE AN APPLIANCE RESTART IF INVOKED WITHOUT AN ARGUMENT
IT08231DURING SECURE RESTORE, VALIDATION OF SOME CONFIGURATION PROPERTIES MIGHT BE INCORRECT
IT08917SSLV3 PROTOCOLS AND RC4 CIPHERS WITH VULNERABILITIES SHOULD BE DISABLED BY DEFAULT
IT09536URLREFRESH CONFIGURATION PROPERTIES CONTAINS DUPLICATE ENTRIES WHICH MIGHT LEAD TO APPLIANCE RESTART ON CONFIGURATION CHANGES



7.0.0.7

Release date: 30 April 2015
Last modified: 30 April 2015
Status: Available

APAR
Description
IT04826BATTERY END OF LIFE AND VOLTAGE WARNING MESSAGES ON A DATAPOWER 9005 APPLIANCE
IT05684XC10 GRID OBJECT MIGHT NOT ACCEPT UNDERSCORE (_) IN USERNAME FIELD
IT05952EXTRA 0 CHARACTER IN HTTP 500 RESPONSE WHEN COMPRESSION OPTION IN FRONT SIDE HANDLER IS ENABLED
IT05987FOR JSON TYPE MESSAGES, ESCAPING IS INCORRECT. EXAMPLES ARE SURROGATE PAIRS, SUCH AS EMOJI, AND A BMP IN AN OBJECT NAME
IT06007ASYNCHRONOUS CALL IN AN ERROR RULE AND ASYNC RULE IN A STYLESHEET USING DOCUMENT() MIGHT TRIGGER RESTART
IT06151ALLOWCACHECONTROLHEADER ELEMENT IN CONFIGWSGATEWAY IS MISSING
IT06156USE OF IP ADDRESS IN THE RBM MAPPING CREDENTIALS MIGHT CAUSE THE DOMAINS LIST TO DISAPPEAR
IT06195INCORRECT CONFIGURATION OF A SCHEDULED RULE MIGHT RESULT IN AN UNEXPECTED IMMEDIATE RESTART
IT06196GATEWAYSCRIPT STRING HANDLING NEEDS ENHANCEMENT
IT06232IN SOME SITUATIONS MQ CONNECTIONS MIGHT CAUSE AN UNEXPECTED RESTART
IT06455FOR A GATEWAYSCRIPT REQUEST MESSAGE WITH A EXPLICITLY SPECIFIED HOST HEADER, DATAPOWER MIGHT NOT USE THE USER-SPECIFIED HOST
IT06471DATAPOWER APPLIANCE USING AN SFTP POLLER MIGHT EXPERIENCE AN IMMEDIATE RESTART
IT06480IN SOME CIRCUMSTANCES A RESTART MIGHT OCCUR WHEN CHANGING A PASSWORD VIA SSH
IT06484CONNECTION FROM DATAPOWER APPLIANCE TO IMS BACKEND SERVER HANGS WHEN IMS BACKEND SERVER SENDS NULL RESPONSE TO DATAPOWER
IT06511VIRTUAL APPLIANCE REPORTS ERROR CODE 1FD WHEN INITIALIZING APPLIANCE
IT06617ORACLE SQL STORED PROCEDURE CALLS THAT INCLUDE COMPLEX TYPES MIGHT NOT RETURN CORRECT DATA
IT06621WEB APPLICATION FIREWALL COOKIE POLICY MIGHT STRIP QUOTES FROM AUTHORIZATION COOKIE VALUE
IT06671WHEN ATTEMPTING TO CREATE A CHECKPOINT OF A LARGE DOMAIN THE OPERATION MIGHT TIME OUT
IT06761A LIMITED NUMBER OF JMS FRONT SIDE HANDLERS CAN BE UP AT THE SAME MOMENT
IT06796DATAPOWER URL-OPEN EXTENSION FUNCTION DOES NOT ALLOW SENDING A HTTP PUT REQUEST WITH AN EMPTY BODY
IT06889APPLIANCE MIGHT IMMEDIATELY RESTART WHEN DNS USES TCP AND A REQUEST TIMES OUT
IT06895UNABLE TO IMPORT-EXECUTE USING ENFORCE RBM ON CLI
IT07003TYPE 2426 APPLIANCES MIGHT SHOW A PRODUCT ID OF 7198 OR 7199
IT07117A RESTART MIGHT OCCUR WHEN CREATING AN NFS LOG TARGET
IT07119NBLEAK REPORT MEMORY DIAGNOSTIC TOOL MIGHT OMIT SOME CALLSTACK INFORMATION
IT07164A POTENTIAL WATCHDOG MIGHT OCCUR WHEN USING INTELLIGENT LOAD DISTRIBUTION (ILD) FEATURE OF THE AO OPTION
IT07237ERROR REPORTS MIGHT OMIT FIRMWARE VERSION OR DATETIMESTATUS INFORMATION
IT07296AFTER SOFTWARE FALLBACK WE MIGHT GENERATE MANY LOG MESSAGES FOR THE CRYPTO HARDWARE FAILURE
IT07340LRO FEATURE ENABLED ON LINK AGGREGATE INTERFACE
IT07346CUSTOM REVOCATION BY OAUTH RESOURCE OWNER MIGHT NOT COMPLETE REVOCATION
IT07570STORE://JSONX2JSON.XSL DOES INCORRECT UNCONDITIONAL ESCAPING OF REVERSE SOLIDUS AND MISSES ESCAPING OF JSONX @NAME
IT07854NEED RESOLUTION TO CVE-2015-0287, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293 ADVISORIES



7.0.0.6

Release date: 23 March 2015
Last modified: 18 March 2015
Status: Available

APAR
Description
IT06901CVE-2015-0204 - SSL/TLS CLIENTS MIGHT SILENTLY DOWNGRADE RSA CIPHERS TO EXPORT_RSA
IT06902CVE-2014-3570 - SSL BIGNUM SQUARING MIGHT PRODUCE INCORRECT RESULTS
IT07236CVE-2014-3566 POODLE ATTACK RESOLUTION FOR TAM/ISAM
IT07604CVE-2015-0138: GSKIT MIGHT ACCEPT A WEAK EPHEMERAL RSA KEY FOR NON EXPORT CIPHERSUITES IN SSLV3.0 AND TLS 1.0



7.0.0.5

Release date: 10 February 2015
Last modified: 9 February 2015
Status: Available

APAR
Description
IT04792SQL CALL THAT RETRIEVES A LARGE DATASET MIGHT CAUSE THE APPLIANCE TO RESTART IN DEVELOPMENT ENVIRONMENTS
IT04845CUSTOM POLICY DOMAIN SAMPLES MIGHT NOT WORK WITH ALL WS-POLICY NAMESPACES
IT04883DATAPOWER MIGHT IGNORE AUTHENTICATION/AUTHORIZATION CACHED ENTRIES WHEN A SIGNED ENVELOPED MESSAGE IS USED FOR AAA AUTHENTICATION/AUTHORIZATION
IT04947READING OF CHUNKED ENCODING WITH HTTP BODY COMPRESSION MIGHT UNEXPECTEDLY CAUSE THE NEXT REQUEST OR RESPONSE NOT BE PROCESSED
IT05111INTERMITTENT CRYPTO ENGINE FAILURES
IT05294 JSON VALIDATION FAILS FOR DATE-TIME FIELD
IT05412THE APPLIANCE REMOVES A PROVIDED GET REQUEST CONTENT-TYPE HEADER EVEN WITH "CACHE-CONTROL: NO TRANSFORM"
IT05579THE REPORTED INSTALLED MEMORY MIGHT VARY SLIGHTLY FROM THE ACTUAL INSTALLED MEMORY
IT05598DATAPOWER APPLIANCE MIGHT RESTART DURING A TRANSACTION WHEN A DOCUMENT CACHE IS ENABLED
IT05626USE OF FORMAT-NUMBER() XSLT FUNCTION MIGHT LEAD TO UNEXPECTED RESTART OF APPLIANCE DUE TO UNEXPECTED MEMORY GROWTH
IT05828CONFIGURING AN INCOMPLETE BACKEND-RULE FOR WSM-ENDPOINTREWRITE MIGHT CAUSE APPLIANCE RESTART
IT05864 PERFORMANCE REDUCTION WITH 6.0.0 AND HIGHER FIRMWARE
IT05881 SELECTING BLUEPRINT/PATTERN CONSOLE FROM WEBGUI MIGHT CAUSE A BLANK PAGE OR SESSION EXPIRED MESSAGE
IT05889 CLI DEBUGGER PRINT COMMAND MIGHT NOT HANDLE ARGUMENTS CORRECTLY
IT05900DOMAINS THAT ARE CREATED FROM CLI MIGHT NOT HAVE SOME DOMAIN DEFAULTS FOR URL PROTOCOLS SET AS EXPECTED
IT05905COMPARE AND REVIEW CONFIGURATION TOOLS MIGHT DISPLAY UNEXPECTED RESULTS
IT05912 GATEWAYSCRIPT READASBUFFER, READASBUFFERS, AND READASJSON METHODS MIGHT FAIL TO HANDLE NON-EMPTY HTTP HEAD RESPONSE
IT05922 SSL/TLS FALLBACK PROTECTION (TLS_FALLBACK_SCSV)
IT05969CLI SHOW COMMAND CAN IMPROPERLY CREATE DOMAIN OBJECTS
IT05998DATAPOWER APPLIANCE MIGHT NOT RESPOND WHILE UNDER HIGH LOAD WITH SHARING CONVERSATIONS AND NETWORK EVENTS DELAYED
IT06048 A JSON SCHEMA THAT IS NOT WELL-FORMED MIGHT CAUSE AN UNEXPECTED APPLIANCE RESTART WHEN COMPILED
IT06941 SECURITY ISSUES IN SOME GNU C LIBRARY (GLIBC) FUNCTIONS
IT04877HTTP REQUEST LINE MIGHT BE MALFORMED IN CASE OF CUSTOM METHOD
IT04961USING CONTEXT VARIABLE TO SPECIFY GATEWAYSCRIPT MIGHT CAUSE UNRELEASED MEMORY GROWTH
IT04979JSV VALIDATION UNDER SOME CIRCUMSTANCES MIGHT CAUSE DEVICE MEMORY USAGE TO UNEXPECTEDLY GROW AND RESTART THE APPLIANCE.
IT05438A CUSTOM STYLESHEET USED IN MC STEP OF AAA DURING OAUTH HANDSHAKE MIGHT NOT RESOLVE THE RESOURCE OWNER'S IDENTITY
IT05767VIRTUAL: RESTORE THE ABILITY TO USE ADDITIONAL VIRTUAL NICS DEFINED IN THE VMWARE HYPERVISOR
IT05783 USING THE ARRAY BUFFER OR TYPED ARRAYS IN GATEWAYSCRIPT ACTIONS MIGHT CAUSE AN APPLIANCE RESTART
IT05917 COMPILATION OF XQUERY SCRIPT WITH EXPLICIT XS NAMESPACE DECLARATION MIGHT FAIL



7.0.0.4

Release date: 7 January 2015
Last modified: 6 January 2015
Status: Available

APAR
Description
IT06055CVE-2014-8730 - STRICTLY ENFORCE VERIFYING BLOCK CIPHER PADDING



7.0.0.3

Release date: 26 November 2014
Last modified: 24 November 2014
Status: Available

APAR
Description
IT02705CUSTOM HTML FORM BASED LOGIN COOKIE ATTRIBUTE POLICY SHOULD BEHAVE AS STATIC HTML FORM BASED LOGIN COOKIE ATTRIBUTE POLICY
IT03095ERROR MIGHT OCCUR WHEN COMPILING XML SCHEMA WITH XS:COMPLEXTYPE/XS:SIMPLECONTENT/XS:RESTRICTION
IT03568ORACLE DSO CONNECTIONS FROM DATAPOWER MIGHT FAIL IF MULTIPLE PACKAGES HAVE IDENTICAL PROCEDURE NAMES WITHIN ORACLE DATABASE
IT03757VIRTUAL: XEN VM APPLIANCES MIGHT NOT START LICENSE RESET TOOL TO ALLOW NEW FEATURES
IT03873DURING SOME MQ OBJECT STATE TRANSITIONS THE DATAPOWER APPLIANCE MIGHT ENCOUNTER AN UNEXPECTED IMMEDIATE RESTART
IT03931DATAPOWER MIGHT INTERMITTENTLY FAIL TO PARSE DATA FROM THE DOCUMENT CACHE WHEN CONSTANTLY AT MAXIMUM XML NAME LIMIT
IT03971ON DEMAND ROUTER SESSION AFFINITY IS NOT ALWAYS MAINTAINED
IT04088SUB-DIRECTORY NAMES ARE LIMITED TO 128 CHARACTERS
IT04116OBJECTS STORED IN GATEWAYSCRIPT USER MODULE FOR GATEWAYSCRIPT ACTION MIGHT BE INVALID
IT04130BUFFER OBJECTS MIGHT BE SAVED INCORRECTLY IN A CONTEXT VARIABLE IN GATEWAYSCRIPT ACTION
IT04223DATAPOWER ODR FEATURE DOES NOT ROUTE BASED ON THE VIRTUAL HOST
IT04274GATEWAYSCRIPT CONSOLE MODULE API FORMATTING ENHANCEMENTS NEEDED
IT04329SFTP POLLER FAILS TO RECOGNIZE FILES WHEN LARGE NUMBER OF FILES ARE PRESENT IN TARGET DIRECTORY
IT04351UNDER CERTAIN CONDITIONS QUIESCE/UNQUIESCE OPERATION MIGHT RESULT IN AN IMMEDIATE RESTART OF THE DEVICE
IT04387API MANAGEMENT MIGHT NOT ENFORCE QUOTAS PROPERLY
IT04451MEMORY GROWTH MIGHT OCCUR WHEN LARGE VOLUMES OF LOGS AND MISCONFIGURED NFS LOG TARGET ARE PRESENT
IT04452UNDER CERTAIN CONDITIONS HAVING WSMAGENT MONITORING FLAG ENABLED MIGHT CAUSE AN UNEXPECTED RESTART OF THE APPLIANCE
IT04656DATAPOWER MIGHT RESTART WHEN READING DATA FROM AN NFS SHARE
IT04661USING LDAP CONNECTION POOLING, DATAPOWER MIGHT RESTART WHEN REFRESHING LDAP CONNECTION POOL STATUS OR ENTRIES IN WEBGUI
IT04698USER GROUP NONE MIGHT BE CREATED FOR A NEW LOG TARGET
IT04749CRL RETRIEVAL POLICY WITH INCORRECT OR MISSING BIND PASSWORD FORLDAP SERVER MIGHT CAUSE AN UNEXPECTED RESTART
IT04752TRANSFORM AND GATEWAYSCRIPT ACTION COMBINATIONS IN A RULE MIGHT NOT PROVIDE THE EXPECTED RESULTS
IT04764DATAPOWER DOES NOT HONOR WILDCARD SCOPE FOR OAUTH CLIENT PROFILE
IT04771A DATAPOWER APPLIANCE CONFIGURED FOR MQ SHARING CONVERSATIONS MIGHT RESTART IF THE NETWORK IS UNSTABLE
IT04784DATA COLLECTION FOR WATCHDOG ISSUES MIGHT BE TRUNCATED
IT05082DISABLE SSLV3 IN DATAPOWER WEB MANAGEMENT AND XML MANAGEMENT SERVICES BY DEFAULT
IT05116MORE DETAILED SECURE SOCKETS LAYER (SSL) PROTOCOL ERROR MESSAGES NEEDED
IT05196IN SOME CASES SQL_DOUBLE TYPES MIGHT REPORT A BUFFER UNDERFLOW ERROR WHEN PERFORMING ORACLE SQL EXECUTE CALLS



7.0.0.2

Release date: 30 September 2014
Last modified: 29 September 2014
Status: Available

APAR
Description
IT01205UNDER CERTAIN CIRCUMSTANCES, WHEN A LOG TARGET UPLOAD FAILS, DATAPOWER MIGHT RETURN UPLOAD SUCCESS MESSAGE BEFORE FAILURE MESSAGES
IT01287DEEP OR RUNAWAY RECURSION IN XML TRANSFORM MIGHT CAUSE A DATAPOWER APPLIANCE TO RESTART
IT01586DATAPOWER MIGHT NOT RE-SYNCHRONIZE WSDL FILES FROM WSRR SERVER WHEN IT FAILS TO RETRIEVE THE FILES DUE TO AN ERROR CONDITION
IT01688SOME WEB SERVICE PROXY SETTINGS MIGHT BE LOST WHEN SERVICE IS MODIFIED IN WEBGUI
IT01802DATAPOWER MIGHT RESTART WHEN NO HOSTNAME IS CONFIGURED FOR TIBCO BACKEND
IT02157DATAPOWER VARIABLE ORIGINAL-RESPONSE-CONTENT-TYPE MIGHT BE TRUNCATED
IT02476WITH SHARING CONVERSATION ENABLED, MQ-QM OBJECTS RUN INTO PENDING STATE AND HIGH CPU IS OBSERVED WHEN THERE IS MQ ERROR
IT02492PROTECTION OF SOME WEBGUI PARAMETERS AGAINST SPECIFIC SECURITY VULNERABILITIES
IT02760PASSING NULL INPUT TO THE DP:ENCODE XML EXTENSION FUNCTION MIGHT CAUSEE A RESTART
IT02762DATAPOWER MIGHT RESTART WHEN PROCESSING CERTAIN MQ MESSAGES
IT02779PARSE ERROR MIGHT OCCUR WHEN RETRIEVING FTP LIST OF MORE THAN 25 FILES
IT02803WHEN THE "PROCESS MESSAGES WHOSE BODY IS EMPTY" OPTION IS SET TO ON, UNEXPECTED TIMEOUT WOULD HAPPEN UPON RECEIVING HTTP 304 RESPONSE
IT02834SESSION AFFINITY OF A LOAD BALANCER GROUP SET TO ACTIVE-CONDITIONAL MIGHT CAUSE A RESTART
IT02925CREATING CHECKPOINT FAILS WITH OPERATION TIMEOUT DUE TO TOO MANY FILES IN CONFIGURATION
IT02956ENHANCED SECURITY ON SEVERAL WEBGUI PARAMETERS
IT03015MS SQL QUERIES CONTAINING LARGE INPUTS MIGHT FAIL
IT03047DATAPOWER MIGHT TIME OUT WHILE READING BACKEND RESPONSE OVER SSL
IT03080IPV6 SLAAC PROVISIONED REDUNDANT ROUTERS MIGHT NOT FAIL OVER WHEN THE CURRENT ROUTER IS REMOVED FROM DATAPOWER APPLIANCE
IT03094DATAPOWER MIGHT RESTART WHEN CONFIGURED USING SLM *MULTICAST* PEERING IN AN SLM PEERING GROUP THAT HAS THREE OR MORE MEMBERS
IT03162THE CONTEXT VARIABLE: VAR://CONTEXT/WSM/IDENTITY/CREDENTIALS MIGHT NOT BE POPULATED CORRECTLY
IT03344POP POLLER FRONT SIDE HANDLER MIGHT TRUNCATE MESSAGE
IT03416VIRTUAL: XENSERVER DEFAULT-LOG MIGHT SHOW UNKNOWN COMMAND OR MACRO ILMT-AGENT AFTER A RESTART
IT03442SCHEMA FOR ODCINFO FILE IS INCORRECT
IT03488STRIP-ATTACHMENTS ACTION MIGHT CAUSE A RESTART UNDER CERTAIN CIRCUMSTANCES
IT03743IPV6 AND LINK-LOCAL ADDRESS ARE PROVISIONED ON ALL INTERFACES AND CANNOT BE DISABLED
IT03852PATTERN OBJECT MIGHT BE EXPOSED IN THE WEBGUI
IT03868CVE-2014-3511 - VULNERABILITY IN SSL TLS NEGOTIATION PROCESSING
IT03874CVE-2014-3508 - PRETTY-PRINT RESULTS OVER SSL MIGHT INCLUDE EXTRANEOUS DATA
IT04069ORACLE QUERIES WITH DATE FORMATS OTHER THAN YYYY-MM-DD HH24:MI:SS MIGHT FAIL
IT08435CVE-2014-0852 - SSL/TLS SIDE CHANNEL DECRYPTION VULNERABILITY ON DATAPOWER HARDWARE SECURITY MODULE



7.0.0.1

Release date: 8 August 2014
Last modified: 22 August 2014
Status: Available

APAR
Description
IT02359 RAPID SEQUENTIAL EXECUTION OF THE ISAM CERTIFICATE RENEWAL ACTION FOR THE SAME ISAM CLIENT MIGHT CAUSE THE CLIENT TO FAIL
IT02360 INVALID TLS RECORD PROCESSING MIGHT RESULT IN HIGH CPU UTILIZATION IN ISAM CLIENTS
IT02708 SSL/TLS RENEGOTIATION MIGHT RESULT IN FAILURE IN SOME SCENARIOS
IT02720 VIRTUAL: IBM LICENSE METRIC TOOL (ILMT) MIGHT SHOW INACCURATE DATA
IT02812 VIRTUAL: IBM LICENSE METRIC TOOL (ILMT) MIGHT PRESENT SET UP OPTIONS
IT02939 A RESTART MIGHT OCCUR IF URL-OPEN TIMES OUT
IT02979 MULTIPLE STYLESHEETS COMPILED CONCURRENTLY MIGHT RESULT IN A RESTART
IT03532 ON SOME DATAPOWER APPLIANCES DIAGNOSTICS CODE FAILS TO LOAD ON 7.0.0.0



7.0.0.0

Release date: 13 June 2014
Last modified: 13 June 2014
Status: Available



The 7.0.0.0 release includes all APARs in the 6.0.1.3 fix packs.
APAR
Description
IC91352HTTP HEADERS ECHOED IN RESPONSES BY XML MANAGEMENT INTERFACE
IC92928WEB SERVICE PROXY MAY TRY TO PARSE NON-XML RESPONSE MESSAGE WHEN ENFORCING WS-POLICY
IC93165RANDOM FILE TRUNCATION MIGHT OCCUR WHEN USING FTP POLLER WITH TLS AND DATA ENCRYPTION
IC91902VERIFY ACTION CANNOT FIND INSTALLED CERTIFICATE USING X509ISSUERSERIAL REFERENCE
IC98115CERTAIN WS-SECURITY POLICY ASSERTIONS ARE NOT HANDLED BY DATAPOWER CORRECTLY
IC98364DATAPOWER SELF-BALANCING MUST IMPLEMENT DIFFERENT PRIORITY SETTINGS
IC98898IMPROVED INITIAL SEQUENCE NUMBER GENERATION WHEN ESTABLISHING A TCP CONNECTION (CVE-2011-3188)
IT00395DATAPOWER PASSES SENSITIVE INFORMATION IN THE QUERY STRING
IT00396DATAPOWER USER INTERFACE REDRESS (CLICKJACKING)
IT00902DATAPOWER WEBGUI DOES NOT CACHE STATIC RESOURCES SUCH AS JS, CSS, PNG, AND GIF FILES
IT03781DATAPOWER WEBGUI RENDERING ISSUE OCCURS WHEN ONE OR MORE DOT CHARACTERS ARE USED IN OBJECT NAMES



Change history
Last modified: 25 September 2017

  • 25 September 2017: Created fix lists for 7.0.0.20.
  • 1 June 2017: Created fix list for 7.0.0.19.
  • 23 March 2017: Created fix list for 7.0.0.18.
  • 20 January 2017: Created fix list for 7.0.0.17.
  • 21 November 2016: Created fix list for 7.0.0.16.
  • 16 September 2016: Created fix list for 7.0.0.15.
  • 20 July 2016: Created fix list for 7.0.0.14.
  • 20 May 2016: Created fix list for 7.0.0.13.
  • 8 March 2016: Created fix list for 7.0.0.12.
  • 5 February 2016: Created fix list for 7.0.0.11.
  • 6 November 2015: Created fix list for 7.0.0.10.
  • 12 October 2015: Edited fix list for 7.0.0.9.
  • 4 September 2015: Created fix list for 7.0.0.9.
  • 13 August 2015: Edited fix list for 7.0.0.7.
  • 24 July 2015: Edited fix list for 7.0.0.8.
  • 29 June 2015: Created fix list for 7.0.0.8.
  • 11 May 2015: Edited fix list for 7.0.0.7.
  • 30 April 2015: Created fix list for 7.0.0.7.
  • 28 April 2015: Edited fix list for 7.0.0.2.
  • 18 March 2015: Created fix list for 7.0.0.6.
  • 9 February 2015: Created fix list for 7.0.0.5.
  • 6 January 2015: Created fix list for 7.0.0.4.
  • 24 November 2014: Created fix list for 7.0.0.3.
  • 29 September 2014: Created fix list for 7.0.0.2.
  • 22 August 2014: Edited fix list for 7.0.0.1.
  • 7 August 2014: Created fix list for 7.0.0.1.
  • 13 June 2014: Created fix list for 7.0.0.0.



Getting help and technical support
See Contacting IBM WebSphere DataPower Appliances support.

Off
[{"Product":{"code":"SSNR47","label":"WebSphere DataPower Service Gateway XG45"},"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Component":"Not Applicable","Platform":[{"code":"PF009","label":"Firmware"}],"Version":"7.0.0","Edition":"Edition Independent"}]

Problems (APARS) fixed
IC91352;IC92928;IC93165;IC91902;IC98115;IC98364;IC98898;IT00902;IT00395;IT00396;IT02359;IT02360;IT02708;IT02720;IT02812;IT02939;IT02979;IT03532;IT03781;IT01205;IT01287;IT01586;IT01688;IT01802;IT02157;IT02476;IT02492;IT02760;IT02762;IT02779;IT02803;IT02834;IT02925;IT02956;IT03015;IT03047;IT03080;IT03094;IT03162;IT03344;IT03416;IT03442;IT03488;IT03743;IT03852;IT03868;IT03874;IT04069;IT02705;IT03095;IT03568;IT03757;IT03873;IT03931;IT03971;IT04088;IT04116;IT04130;IT04223;IT04274;IT04329;IT04351;IT04387;IT04451;IT04452;IT04656;IT04661;IT04698;IT04749;IT04752;IT04764;IT04771;IT04784;IT05082;IT05116;IT05196;IT06055;IT04792;IT04845;IT04883;IT04947;IT05111;IT05294;IT05412;IT05579;IT05598;IT05626;IT05828;IT05864;IT05881;IT05889;IT05900;IT05905;IT05912;IT05922;IT05969;IT05998;IT06048;IT06941;IT04877;IT04961;IT04979;IT05438;IT05767;IT05684;IT05952;IT05987;IT06007;IT06151;IT06156;IT06195;IT06196;IT06232;IT06455;IT06471;IT06480;IT06484;IT06511;IT06617;IT06621;IT06671;IT06761;IT06796;IT06889;IT06895;IT07003;IT07117;IT07119;IT07164;IT07237;IT07296;IT07340;IT07346;IT07570;IT07854;IT06611;IT06777;IT07047;IT07218;IT07353;IT07384;IT07459;IT07905;IT07921;IT07956;IT08134;IT08202;IT08231;IT08917;IT09536;IT08399;IT08663;IT08758;IT08760;IT08838;IT08971;IT09063;IT09129;IT09132;IT09145;IT09269;IT09304;IT09308;IT09358;IT09382;IT09396;IT09510;IT09638;IT09742;IT09773;IT09825;IT09835;IT09902;IT09938;IT10006;IT10010;IT10055;IT10061;IT10064;IT10086;IT10104;IT10110;IT10128;IT10165;IT10219;IT10699;IT07807;IT11312;IT11326;IT09081;IT09195;IT09741;IT09792;IT09820;IT09865;IT09987;IT10105;IT10115;IT10149;IT10258;IT10279;IT10321;IT10355;IT10426;IT10444;IT10479;IT10501;IT10508;IT10598;IT10637;IT10644;IT10660;IT10718;IT10890;IT10924;IT10977;IT10978;IT11010;IT11082;IT11147;IT11169;IT11190;IT11191;IT10034;IT11162;IT11174;IT11215;IT11366;IT11426;IT11551;IT11552;IT11642;IT11678;IT11697;IT11733;IT11760;IT11824;IT11825;IT11841;IT11926;IT11928;IT11997;IT12032;IT12035;IT12040;IT12043;IT12061;IT12100;IT12258;IT12548;IT12556;IT12635;IT12655;IT12696;IT12703;IT12722;IT12863;IT13742;IT13989;IT14164;IT15264;IT11118;IT12023;IT12165;IT12248;IT12405;IT12502;IT12515;IT12822;IT12929;IT12946;IT13148;IT13158;IT13795;IT13844;IT13885;IT13913;IT14028;IT14089;IT14128;IT14136;IT14139;IT14147;IT14185;IT14190;IT14231;IT14295;IT14409;IT14472;IT14230;IT12955;IT13810;IT14033;IT14084;IT14135;IT14267;IT14318;IT14325;IT14387;IT14456;IT14650;IT14708;IT14743;IT14807;IT14875;IT14892;IT14914;IT14936;IT14996;IT15099;IT15160;IT15218;IT15231;IT15234;IT15295;IT15324;IT15340;IT15367;IT15442;IT15454;IT15458;IT15508;IT15555;IT15629;IT15693;IT15708;IT14088;IT15007;IT15140;IT15445;IT15457;IT15649;IT15721;IT15764;IT15844;IT15848;IT15996;IT15997;IT16042;IT16229;IT16241;IT16279;IT16715;IT16865;IT14560;IT15078;IT15287;IT16036;IT16244;IT16320;IT16351;IT16398;IT16449;IT16474;IT16647;IT16673;IT16813;IT16814;IT16833;IT16873;IT16908;IT16932;IT16950;IT17003;IT17056;IT17082;IT17122;IT17125;IT17138;IT17146;IT17165;IT17182;IT17195;IT17221;IT17236;IT17261;IT17280;IT17323;IT17325;IT17441;IT17895;IT17896;IT15738;IT16154;IT16790;IT16895;IT17171;IT17202;IT17565;IT17603;IT17658;IT17816;IT17833;IT17838;IT17898;IT17917;IT17930;IT18116;IT18153;IT18157;IT18195;IT18259;IT18793;IT17957;IT17976;IT18091;IT18379;IT18516;IT18568;IT18757;IT18842;IT18973;IT19012;IT19049;IT19063;IT19145;IT19703;IT20690;IT22119;IT22120;IT22121

Document Information

Modified date:
15 June 2018

UID

swg24037486