IBM Support

App Connect Enterprise Certified Container (Extended Update Support releases) iFix images for CVE-2021-44228

General Page

The information here details how to apply the iFix images to the Extended Update Support release of App Connect Enterprise Certified Container that address CVE-2021-44228 in Log4j
App Connect Enterprise Certified Container includes a JDBC connector for communicating with databases over JDBC.  This connector includes Log4j.  The following instructions detail how to apply fixes that include the fix for CVE-2021-44228

You can chose either of the following methods

  • Update the Operator version to 1.1.5 or higher, and update the specified components to use 11.0.0.15-r1-eus or higher
  • Update the Operator version to 1.1.4, and apply a set of iFix images to the specified components
Updating to Operator version 1.1.5 or higher
You must first update to Operator version 1.1.5.  This is available in the latest IBM Operator Catalog, and in the CASE file at https://github.com/IBM/cloud-pak/tree/master/repo/case/ibm-appconnect/1.1.5.  Instructions on how to update the operator are available at https://www.ibm.com/docs/en/app-connect/containers_eus?topic=releases-upgrading-operator
If you are developing any flows in the DesignerAuthoring toolkit that use the JDBC connector, update any 'DesignerAuthoring' operand definitions and ensure that 'spec.version' is set to one of '11.0.0-eus' or '11.0.0.15-r1-eus'.  You should then re-export any BAR files created by that DesignerAuthoring toolkit.   You should also restart any 'IntegrationServer' instances that use those BAR files.
If you are using bar files from flows that contain a JDBC connector, update any 'IntegrationServer' operand definitions and set the 'spec.version' to one of '11.0.0-eus' or '11.0.0.15-r1-eus'.
Updating to Operator version 1.1.4 and applying iFixes
You must first update to Operator version 1.1.4.  This is available in the latest IBM Operator Catalog, and in the CASE file at https://github.com/IBM/cloud-pak/tree/master/repo/case/ibm-appconnect/1.1.4.  Instructions on how to update the operator are available at https://www.ibm.com/docs/en/app-connect/containers_eus?topic=releases-upgrading-operator

1. If you are developing any flows in the DesignerAuthoring toolkit that use the JDBC connector, update any 'DesignerAuthoring' operand definitions as follows:

  • Set the field 'spec.version' to '11.0.0.14-r1-eus'. Note that you must specify an exact version in order to override the containers to use
  • Set the field 'spec.integrationServer.containers.designerflows.image' to 'cp.icr.io/cp/appc/acecc-designerflows-prod:11.0.0.14-r1-eus-TFIT39377@sha256:5fa57d88352187539663925320f9dc1b7c82076025e71754f55fcb0e505f105f'
  • Set the field 'spec.pod.containers.flowdocAuthoring.image' to 'cp.icr.io/cp/appc/acecc-flowdoc-authoring-prod:11.0.0.14-r1-eus-TFIT39377@sha256:4db9faffc876fecdf8b1b9d345c51738a127f1d77e1a9b24c28af3d67ef32549'
  • Set the field 'spec.pod.containers.runtime.image' to 'cp.icr.io/cp/appc/acecc-designer-runtime-prod:11.0.0.14-r1-eus-TFIT39377@sha256:2786b17c714fffa33dfaab28003b028d7fc75a89189b4a25a5ac2bedd528ee2c'

You should then re-export any BAR files created by that DesignerAuthoring toolkit.   You should also restart any 'IntegrationServer' instances that use those BAR files.

Note that DesignerAuthoring instances are not supported on s390x clusters

2. If you are using bar files from flows created by a 'DesignerAuthoring' instance, update any 'IntegrationServer' operand definitions as follows:

  • Set the field 'spec.version' to '11.0.0.14-r1-eus'. Note that you must specify an exact version in order to override the containers to use
  • If you are using one of the licenses "CloudPakForIntegrationProduction" or "AppConnectEnterpriseProduction"
    • Set the field 'spec.pod.containers.designerflows.image' to 'cp.icr.io/cp/appc/acecc-designerflows-prod:11.0.0.14-r1-eus-TFIT39377@sha256:5fa57d88352187539663925320f9dc1b7c82076025e71754f55fcb0e505f105f'
  • If you are using one of the licenses "CloudPakForIntegrationNonProduction" or "AppConnectEnterpriseNonProduction"
    • Set the field 'spec.pod.containers.designerflows.image' to 'icr.io/appc-dev/acecc-designerflows:11.0.0.14-r1-eus-TFIT39377@sha256:8232cdd05022111afe76c29f1d7f75cf2a0c91bd531d160b0e45994050dfe08d'

Note that an IntegrationServer with a licence of "CloudPakForIntegrationNonProduction" or "AppConnectEnterpriseNonProduction" is not supported on s390x clusters

[{"Type":"MASTER","Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSDR5J","label":"IBM App Connect Enterprise"},"ARM Category":[{"code":"a8m0z0000000BJtAAM","label":"ACE-\u003EACE on OpenShift"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"11.0.0"}]

Document Information

Modified date:
31 January 2022

UID

ibm16527180