Fix Readme
Abstract
This readme describes the contents and fixes included in new fixpack 2.0.0-IBM-IMA-FP0002
Content
Fix: 2.0.0-IBM-IMA-FP0002
Date: October 5, 2017
Build: 20170929-1925
IBM MessageSight 2.0.0.2 Cumulative Fix Pack
(Note: all MessageSight 2.x ifixes are cumulative. In addition, because of the nature of the fix packaging for 2.0, any published fix can be used for the base install of MessageSight. It is recommend to install the latest IFIX or FP as the initial install of the product.)
Fix:
Component | md5sum | File |
Server | 4babf47dc8773ad6b5ccb8fa906f462f | 2.0.0-IBM-IMA-FP0002-Server.tz |
WebUI | a78bb7d4dc4bc8133ec058c6aef1453c | 2.0.0-IBM-IMA-FP0002-WebUI.tz |
Product Features introduced in this build:
1. Run WebUI as non-root user
2. New AllowNullPassword configuration option for SecurityProfile
APARs fixed in this build:
Most of the critical apars fixed in this fixpack were already released in previous IFIX releases. All official fix images released by MessageSight are cumulative, and included all fixes delivered in previous fix images. For your convenience, included below is the list of IFIX releases since the release of 2.0.0-IBM-IMA-FP0001, and the apars fixed:
2.0.0.1-IBM-IMA-IFIT22403:
APAR | Description |
IT22403 | Unable to login to WebUI after updating to recent builds |
IT22433 | Server does not detect it is running in a container |
2.0.0.1-IBM-IMA-IFIT22355:
APAR | Description |
IT22355 | WebUI does not allow the hyphen character in hostnames |
IT22267 | Add ability to set alternate tmp dir for rpm install scripts |
2.0.0.1-IBM-IMA-IFIT22196:
APAR | Description |
IT22196 | Multiple vulnerabilities in Java affect IBM MessageSight |
IT22023 | MessageSight service files have invalid restart specifier |
IT22240 | Remove server information from default endpoint landing page |
IT22267 | Add ability to set alternate tmp dir for rpm install scripts |
2.0.0.1-IBM-IMA-IFIT21549:
APAR | Description |
IT21549 | Multiple vulnerabilities in Liberty Profile affect IBM MessageSight |
2.0.0.1-IBM-IMA-IFIT20660:
APAR | Description |
IT20660 | Multiple vulnerabilities in IBM Java Runtime affect IBM MessageSight |
IT20450 | Memory free metric not accurately reflecting actually available memory |
2.0.0.1-IBM-IMA-IFIT20051:
APAR | Description |
IT20051 | Interim fix preparing for future fixpack release |
2.0.0.1-IBM-IMA-IFIT19586:
APAR | Description |
IT19586 | MessageSight affected by CVE-2016-2183 CVE-2017-3289 CVE-2017-3272 CVE-2017-3241 CVE-2017-3260 CVE-2016-5546 CVE-2017-3253 CVE-2016-5548 CVE-2016-5549 CVE-2017-3252 CVE-2016-5547 CVE-2016-5552 CVE-2017-3261 CVE-2017-3231 CVE-2017-3259 |
2.0.0.1-IBM-IMA-IFIT19270:
APAR | Description |
IT19072 | Server can trap when client publishes will retain message to full subscription queue |
2.0.0.1-IBM-IMA-IFIT18788:
APAR | Description |
IT18788 | 2.0 migration code won't migrate appliances with old server version in config file |
IT18986 | CA cert soft links broken after migration to 2.0 |
IT18993 | Reordering policies in WebUI has no effect |
2.0.0.1-IBM-IMA-IFIT18441:
APAR | Description |
IT18441 | Update Liberty to 16.0.0.4 for CVE-2016-5983 |
IT18208 | Authorization checking issues with non-admin users |
2.0.0.1-IBM-IMA-IFIT18037:
APAR | Description |
IT18037 | Update Liberty for CVE-2016-5983 |
IT18064 | Possible memory corruption in connection monitoring |
2.0.0.1-IBM-IMA-IFIT17737:
APAR | Description |
IT17737 | Update Java for CVE-2016-3598 |
IT17733 | Possible memory corruption compacting store generations when HA is enabled |
IT17730 | Bypass authentication when it's not required |
IT17729 | Sending authorization request for a closed connection |
IT17728 | Improve scheduling of oath/ltpa requests |
IT17727 | Incorrect initialization of structure used for storing parsed oauth data |
IT17726 | Possible incorrect memory allocation for user authentication info |
IT17736 | Improve initialization of curl to avoid unnecessary locks |
Before you install:
We strongly recommend performing a backup before upgrading the product software:
Backup and restore instructions
Preparing to install the fix:
1. Prepare the IBM IoT MessageSight .tz files for installation.
For more information, see Preparing the IBM IoT MessageSight .tz packages for installation.
Installing the fix in an rpm environment:
2. Updating the MessageSight Server package if Server is installed:
cd imaserver
sudo yum -y --nogpgcheck update IBMIoTMessageSightServer*.rpm
systemctl start IBMIoTMessageSightServer
3. Updating the MessageSight Server package if the WebUI is installed:
cd imawebui
sudo yum -y --nogpgcheck update IBMIoTMessageSightWebUI*.rpm
systemctl start IBMIoTMessageSightWebUI
(NOTE: these packages can also be installed using:
rpm -Uvh IBMIoTMessageSight*.rpm
However, you must never update using:
yum install IBMIoTMessageSightServer*.rpm
or uninstall and reinstall with rpm or yum (if you wish to preserve your existing data), since this will remove all of your data and config under /var/messagesight.)
OR:
Installing the fix in a Docker environment:
2. Build the IBM IoT MessageSight Docker image.
Build the IBM IoT MessageSight server image by issuing the following command:
cd imaserver
mv *.rpm imaserver.rpm
docker build --force-rm=true -t imaserver:2.0 .
3. Build the IBM IoT MessageSight Web UI image by issuing the following command:
cd imawebui
mv *.rpm imawebui.rpm
docker build --force-rm=true -t imawebui:2.0 .
4. Stop the existing containers.
Stop the server container by issuing the following command:
docker stop <server_container_name>
where <server_container_name> is the name of the container in which the IBM IoT MessageSight server is running. For example,
docker stop IMA
5. Stop the Web UI container by issuing the following command:
docker stop <webui_container_name>
where <webui_container_name> is the name of the container in which the IBM IoT MessageSight Web UI is running. For example,
docker stop IMAWEBUI
6. Remove the containers.
Remove the server container by issuing the following command:
docker rm <server_container_name>
where <server_container_name> is the name of the container in which the IBM IoT MessageSight server was running. For example,
docker rm IMA
Remove the Web UI container by issuing the following command:
docker rm <webui_container_name>
where <webui_container_name> is the name of the container in which the IBM IoT MessageSight Web UI was running. For example,
docker rm IMAWEBUI
7. Remove the old MessageSight images.
Remove the IBM IoT MessageSight server image by issuing the following command:
docker rmi -f $(docker ps | grep imaserver | awk '{print $3}')
Remove the IBM IoT MessageSight Web UI image by issuing the following command:
docker rmi -f $(docker ps | grep imawebui | awk '{print $3}')
8. Start the containers. Use the same Docker run command that you used previously before applying the update.
For example, to start the IBM IoT MessageSight server container, use a command similar to the following command:
docker run --cap-add SYS_ADMIN --net=host -P -it --name=IMA -env-file=IBMIoTMessageSightServer-docker.env -m <memory> -v /mnt/messagesight:/var/messagesight -v /mnt/tmp:/var/tmp -d imaserver:2.0
To start the IBM IoT MessageSight Web UI container, use a command similar to the following command:
docker run --cap-add SYS_ADMIN --net=host -P -it --name=IMAW --env-file=IBMIoTMessageSightServer-docker.env
-m <memory> -v /mnt/messagesight:/var/messagesight -v /mnt/tmp:/var/tmp -d imawebui:2.0
Verifying the installation:
If this is your initial install of the product see Configuring the licensed usage for IBM IoT MessageSight and accepting the license by using REST Administration APIs for accepting the product license.
If this is an update, then you can verify the status of the server see Viewing the status of an IBM IoT MessageSight server and services by using REST Administration APIs.
[{"Product":{"code":"SSCGGQ","label":"IBM MessageSight"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Maintenance","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"2.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
swg22009273