App Connect Enterprise Certified Container (Continuous Delivery releases) iFix images for CVE-2021-45046 and CVE-2021-45105

App Connect Enterprise Certified Container includes a JDBC connector for communicating with databases over JDBC.  This connector includes Log4j.  The following instructions detail how to apply fixes that include the fix for CVE-2021-45046 and CVE-2021-45105.  These images also include fixes for CVE-2021-44228

You can chose either of the following methods

• Update the Operator version to 3.1.0 or higher, and update the specified components to use 12.0.3.0-r1 or higher
• Update the Operator version to 3.0.0, and apply a set of iFix images to the specified components

Updating to Operator version 3.1.0 or higher

You must first update to Operator version 3.1.0.  This is available in the latest IBM Operator Catalog, and in the CASE file at https://github.com/IBM/cloud-pak/tree/master/repo/case/ibm-appconnect/3.1.0.  Instructions on how to update the operator are available at https://www.ibm.com/docs/en/app-connect/containers_cd?topic=releases-upgrading-app-connect-operator

Updating to Operator version 3.0.0 and applying iFixes

You must first update to Operator version 3.0.0.  This is available in the latest IBM Operator Catalog, and in the CASE file at https://github.com/IBM/cloud-pak/tree/master/repo/case/ibm-appconnect/3.0.0.  Instructions on how to update the operator are available at https://www.ibm.com/docs/en/app-connect/containers_cd?topic=releases-upgrading-app-connect-operator

If you are developing any flows in the DesignerAuthoring toolkit that use the JDBC connector, update any 'DesignerAuthoring' operand definitions as follows:

• Set the field 'spec.version' to '12.0.2.0-r2'. Note that you must specify an exact version in order to override the containers to use
• Set the field 'spec.integrationServer.containers.designerflows.image' to 'cp.icr.io/cp/appc/acecc-designerflows-prod:12.0.2.0-r2-TFIT39458@sha256:7509e0fbd60b482f8048b4830a962839b929ee24837c1ec68120aecfe5a44994'
• Set the field 'spec.pod.containers.flowdocAuthoring.image' to 'cp.icr.io/cp/appc/acecc-flowdoc-authoring-prod:12.0.2.0-r2-TFIT39458@sha256:b53d262e1723374ee44026ca9caadbf15eaa4aa3136479e2c97d6f7ffc6a3543'
• Set the field 'spec.pod.containers.runtime.image' to 'cp.icr.io/cp/appc/acecc-designer-runtime-prod:12.0.2.0-r2-TFIT39458@sha256:fc4d42b650147ef0818aa76f99ef7161e0b050eda420a5a18a11988519995ffa'

You should then re-export any BAR files created by that DesignerAuthoring toolkit.   You should also restart any 'IntegrationServer' instances that use those BAR files.

If you are using bar files from flows that contain a JDBC connector, update any 'IntegrationServer' operand definitions as follows:

• Set the field 'spec.version to 12.0.2.0-r2'. Note that you must specify an exact version in order to override the containers to use
• If you are using one of the licenses "CloudPakForIntegrationProduction" or "AppConnectEnterpriseProduction"
  • Set the field 'spec.pod.containers.designerflows.image' to 'cp.icr.io/cp/appc/acecc-designerflows-prod:12.0.2.0-r2-TFIT39458@sha256:7509e0fbd60b482f8048b4830a962839b929ee24837c1ec68120aecfe5a44994'
• If you are using one of the licenses "CloudPakForIntegrationNonProduction" or "AppConnectEnterpriseNonProduction"
  • Set the field 'spec.pod.containers.designerflows.image' to 'icr.io/appc-dev/acecc-designerflows:12.0.2.0-r2-TFIT39458@sha256:27236410a7ffb6b2a641802e7f3695cba1b01b7641724683cdfbc0456813fcfb'