IBM Support

Readme for IBM Business Automation Workflow on containers 21.0.3 interim fixes

Fix Readme


Abstract

This readme is for IBM Business Automation Workflow on containers 21.0.3 interim fixes released periodically to resolve security vulnerabilities, as well as other defects. It includes information about the CASE package download, installation, and other information about interim fixes for the 21.0.3 release.

Content

Readme file for IBM Business Automation Workflow on containers
Product release 21.0.3
Publication date 28 April 2022

Contents

Prerequisites and superseding fixes

  • Each interim fix typically supersedes all other previous interim fixes shipped for 21.0.3, and compliments a simultaneously delivered interim fix for IBM Cloud Pak for Business Automation 21.0.3. Consult the following table for specific relationships.
  • Business Automation Workflow on containers delivers container images that include operating system level and other open source libraries. Vulnerabilities (CVEs) for these libraries are published regularly. These interim fixes include fixes for these libraries. Consult the superseded and related Cloud Pak for Business Automation 21.0.3 Readmes for specific information about vulnerabilities and other defects that have been addressed.
Business Automation Workflow on containers interim fixes
Interim fix name Superseded interim fix names CASE package Complimentary Cloud Pak for Business Automation interim fix name Released
21.0.3 IF035 See note (*) below ibm-cs-bawautomation-2.2.32.tgz 21.0.3 IF035 July 2024
21.0.3 IF034 See note (*) below ibm-cs-bawautomation-2.2.31.tgz 21.0.3 IF034 June 2024
21.0.3 IF033 See note (*) below ibm-cs-bawautomation-2.2.30.tgz 21.0.3 IF033 May 2024
21.0.3 IF032 See note (*) below ibm-cs-bawautomation-2.2.29.tgz 21.0.3 IF032 April 2024
21.0.3 IF031 See note (*) below ibm-cs-bawautomation-2.2.28.tgz 21.0.3 IF031 March  2024
21.0.3 IF030 See note (*) below ibm-cs-bawautomation-2.2.27.tgz 21.0.3 IF030 February 2024
21.0.3 IF029 See note (*) below ibm-cs-bawautomation-2.2.26.tgz 21.0.3 IF029 January  2024
21.0.3 IF028 See note (*) below ibm-cs-bawautomation-2.2.25.tgz 21.0.3 IF028 December 2023
21.0.3 IF027 See note (*) below ibm-cs-bawautomation-2.2.24.tgz 21.0.3 IF027 November 2023
21.0.3 IF026 See note (*) below ibm-cs-bawautomation-2.2.23.tgz 21.0.3 IF026 October 2023
21.0.3 IF025 See note (*) below ibm-cs-bawautomation-2.2.22.tgz 21.0.3 IF025 September 2023
21.0.3 IF024 See note (*) below ibm-cs-bawautomation-2.2.21.tgz 21.0.3 IF024 August 2023
21.0.3 IF023 See note (*) below ibm-cs-bawautomation-2.2.20.tgz 21.0.3 IF023 July 2023
21.0.3 IF022 See note (*) below ibm-cs-bawautomation-2.2.19.tgz 21.0.3 IF022 June 2023
21.0.3 IF021 See note (*) below ibm-cs-bawautomation-2.2.18.tgz 21.0.3 IF021 May 2023
21.0.3 IF020 See note (*) below ibm-cs-bawautomation-2.2.17.tgz 21.0.3 IF020 April 2023
21.0.3 IF019 See note (*) below ibm-cs-bawautomation-2.2.16.tgz 21.0.3 IF019 March 2023
21.0.3 IF018 See note (*) below ibm-cs-bawautomation-2.2.15.tgz 21.0.3 IF018 February 2023
21.0.3 IF017 See note (*) below ibm-cs-bawautomation-2.2.13.tgz 21.0.3 IF017 January 2023
21.0.3 IF016 See note (*) below ibm-cs-bawautomation-2.2.12.tgz 21.0.3 IF016 December 2022
21.0.3 IF015 See note (*) below ibm-cs-bawautomation-2.2.11.tgz 21.0.3 IF015 November 2022
21.0.3 IF014 See note (*) below ibm-cs-bawautomation-2.2.10.tgz 21.0.3 IF014 October 2022
21.0.3 IF013 See note (*) below ibm-cs-bawautomation-2.2.9.tgz 21.0.3 IF013 September 2022
21.0.3 IF012 See note (*) below ibm-cs-bawautomation-2.2.8.tgz 21.0.3 IF012 August 2022
21.0.3 IF011 See note (*) below ibm-cs-bawautomation-2.2.7.tgz 21.0.3 IF011 July 2022
21.0.3 IF010 See note (*) below ibm-cs-bawautomation-2.2.6.tgz 21.0.3 IF010 June 2022
21.0.3 IF009 See note (*) below ibm-cs-bawautomation-2.2.5.tgz 21.0.3 IF009 May 2022
21.0.3 IF008 See note (*) below ibm-cs-bawautomation-2.2.4.tgz 21.0.3 IF008
April 2022
21.0.3 IF007 See note (*) below ibm-cs-bawautomation-2.2.3.tgz 21.0.3 IF007
March 2022
21.0.3 IF006 See note (*) below ibm-cs-bawautomation-2.2.2.tgz 21.0.3 IF006 February 2022
21.0.3 IF005 * Note: All previous interim fixes listed in this table ibm-cs-bawautomation-2.2.1.tgz 21.0.3 IF005 January 2022
21.0.3 IF002 None ibm-cs-bawautomation-2.2.0.tgz 21.0.3 IF002 January 2022
The previous table is chronologically listed in reverse order, with more recent fixes listed at the top.

Components impacted

Before installation

a. Ensure you back up all databases associated with the environment.
b. Ensure your operators are in a healthy state before upgrading.
If one or more operators are failing, the system might be prevented from completing an upgrade. Check a few of the important custom resource (CR) statuses for failures and to ensure the statuses appear ready for the various installed components.
Check the status of the following CRs when they exist:
oc get icp4acluster -o yaml

Installing the interim fix

Important:  Using individual image tag settings in your Business Automation Workflow CR file could prevent the operator from updating the images to the appropriate version. When you upgrade, ensure you remove these settings for a production installation.
Use the CASE package that is associated with the interim fix being applied. It is typically recommended that the latest interim fix be applied. To identify the appropriate CASE package, as well as links to obtain each package, see the table under Prerequisites and superseding fixes.
Business Automation Workflow 21.0.3 interim fixes are released to the v21.3 operator channel. After the operator is upgraded, rolling updates for all the pods the operator manages are triggered to ensure they are updated to the appropriate version that matches the operator.
If your environment has access to the IBM entitled registry and has an automatic v21.3 channel subscription, enterprise installations are upgraded automatically. This upgrade usually occurs when the interim fix is released or when images are mirrored for air-gap setup.

Depending on the current setup and state of your existing environment, various manual actions might be required. The following scenarios cover what actions might be needed for a particular setup.
  • Scenario 1: Your installation is version 21.0.2.x or earlier.
    Actions: If you are using a version earlier than 21.0.3, you must upgrade first. To upgrade your environment, follow the Upgrading automation containers instructions.
    When you perform the upgrade, you can substitute the CASE package from this interim fix for the 21.0.3 CASE package while you follow the instructions. For air-gapped environments, you can use the case save command in step 1 of scenario 3.
    Note: If you are using versions that are earlier than 21.0.2, you must incrementally upgrade and follow the instructions for each version between your source version and 21.0.3.
  •  Scenario 2:  Your installation is online and 21.0.3.x.
    Actions: After these steps are completed, the operators are automatically upgraded.
    You can apply the following catalog sources from a command line by creating a YAML file (for example, cp4ba_catalog_sources.yaml) with the following catalog sources and performing "oc apply -f cp4ba_catalog_sources.yaml", or you can apply the catalog sources by using the OCP console. 
    apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: ibm-operator-catalog
  namespace: openshift-marketplace
spec:
  displayName: "IBM Operator Catalog"
  image: icr.io/cpopen/ibm-operator-catalog
  publisher: IBM
  sourceType: grpc
  updateStrategy:
    registryPoll:
      interval: 45m
  • Scenario 3:  Your installation is air gapped and 21.0.3.x, taking 21.0.3-IF007 as example:
    1. Set up the environment variables for CASE:
      • export CASE_NAME=ibm-cs-bawautomation 
      • export OFFLINEDIR=/tmp/cp4ba-if007
      • export CASE_VERSION=2.2.3
      • export CASE_INVENTORY_SETUP=cp4aOperatorSetup 
      • export CASE_ARCHIVE=${CASE_NAME}/${CASE_VERSION}/${CASE_NAME}-${CASE_VERSION}.tgz 
      • export CASE_LOCAL_PATH=${OFFLINEDIR}/${CASE_ARCHIVE}
      Important: Where "if007" matches the release identifier of the interim fix being applied, and "2.2.3" matches the release identifier of the case package
    2. Download the Cloud Pak archives and image inventory, and put them in the offline store 
      cloudctl case save \
  --case https://github.com/IBM/cloud-pak/raw/master/repo/case/${CASE_ARCHIVE} \
  --outputdir ${OFFLINEDIR}
      and then unpack the case file:  
      cd ${OFFLINEDIR}
tar -xvzf ${CASE_ARCHIVE}
cd cert-kubernetes
    3. Mirror images to trigger the operator upgrades. 
    4. Mirror the entitled registry images to the local registry by completing the same steps you followed during installation. For more information, see Mirroring images to the private registry.
      Important: Ensure you use the CASE image outputdir (/tmp/cp4ba-if007) from step 1.
    5. If you have subscriptions set to manual, you must approve all the pending operator updates. 
      Important: Do not set subscriptions to manual because it can make the the upgrade more error prone if some of the many operator updates are not approved. By default all subscriptions are set to automatic.
After the operators are upgraded, the upgrade of the related deployments and pods is triggered.
Keynote: Since 21.0.3-IF022 If the purchased production license is for:
  • Business Automation Workflow, then the shared_configuration.sc_deployment_context must be BAW and the possible values forshared_configuration.sc_deployment_baw_license are: non-production and production.
  • Cloud Pak for Business Automation, then the shared_configuration.sc_deployment_context must be CP4A and the possible values for shared_configuration.sc_deployment_baw_license are: user, non-production, and production.

Performing the necessary tasks after installation

Review the installation
Review the CR yaml status section and operator logs after the upgrade to ensure no failures prevented your pods from upgrading.
oc get icp4acluster -o yaml > CP4BAconfig.yaml
oc logs deployment/ibm-cp4a-operator -c operator > operator.log
To verify the expected image digest for a particular image, review the ibm-cp-automation\inventory\cp4aOperatorSdk\resources.yaml file in the CASE package. This file has a listing of the images managed by the Cloud Pak for Business Automation operator and their expected digest for this particular interim fix level.

Uninstalling

There is no procedure to uninstall the interim fix.

List of fixes

The following APARs are specific to Business Automation Workflow on containers. Depending on the components and capabilities you installed and configured, additional fix information might apply to you. See the "List of Fixes" in the readmes linked under Complimentary Cloud Pak for Business Automation interim fixes in the Prerequisites and superseding fixes section in this document. These readmes detail vulnerability fixes shipped with interim fixes for included operating system level and other open source libraries. The fixes below are also listed in those readmes, but they are also listed here as a convenience.
Fixes that involve security are indicated with an X mark.
Business Automation Workflow
21.0.3 IF035
APAR Security APAR Behavior change Title
DT386834 X CVE-2023-33008 in BAStudio and Workflow Authoring image
DT173923 THE ORDER OF VARIABLES IN EXPOSED PROCESS VALUES IS NOT PRESERVED IN THE PROCESS EDITOR
DT179122 DBUPGRADE NEED SUPPORT SAME VERSION UPGRADE FOR SOME SPECIAL FIXES
DT228436 TYPE AHEAD TEXT VIEW FROM THE UI TOOLKIT IS THROWING AN ERROR WHEN USING ITEMS FROM SERVICE
DT389264 Workflow Center console is loading too many snapshots even when JR64203 is applied
DT390925 Start service REST API might not start the service with the specified snapshot
21.0.3 IF034
APAR Security APAR Behavior change Title
DT378898 X SECURITY - CVEs in common-compress affecting BAW Case
DT382310 GATEWAY CONDITION EXPRESSION DISPLAYS VALIDATION ERRORS AFTER CONVERTING A BPD TO A PROCESS
21.0.3 IF033
APAR Security APAR Behavior change Title
DT378426 X CVE-2024-31033 IN JJWT MAY AFFECT IBM BUSINESS AUTOMATION WORKFLOW
DT380148 X Multiple vulnerabilities in jetty
DT380377 X CVEs impact angular.js 1.8.3
DT379093 User is unable to log in case client if the user name is same with user id of other user
DT380668 Processed sequence numbers are not in sync in Case Event Emitter when other node takes the lease for processing on a multi node cluster
DT381151
Temporary SCIM group retrieval failures during group synchronization must not delete users from that group in the database
DT381334 CMIS API getTypeDescendants() takes over 60 seconds to complete, 'totalTranLifetimeTimeout' also has to be extended.
21.0.3 IF032
APAR Security APAR Behavior change Title
DT173474 Autotracked data in Subprocess is not captured in DEF event ACTIVITY_RESOURCE_ASSIGNED
DT261204 Error saving heritage human service when using the IBM Process Designer
DT363632 SERVER SHUTDOWN MAY CAUSE DUPLICATE PROCESS INSTANCES
DT365566 NEED TO RESTRICT PREVENT ADMINISTRATORS FROM MODIFYING THE TASK AND PROCESS INSTANCE DATA IN PROCESS INSPECTOR
DT378210 IBM Process Portal logout functionality is not working when no single coach is used long enough (i.e more than half of the thresholdInSeconds time), the user's activity is not reported to portal
DT378760 The labels of Date Time Picker and Text Area views changed position after upgrade
21.0.3 IF031
APAR Security APAR Behavior change Title
DT247523 X CVE-2023-50959 - INTRODUCING ECM QUERY AUTHORIZATION SERVICE
DT271567 X SECURITY - CVE-2023-51775 IN JOSE4J AFFECTS IBM CLOUD PAK FOR BUSINESS AUTOMATION WORKFLOW
DT173474 Autotracked data in Subprocess is not captured in DEF event ACTIVITY_RESOURCE_ASSIGNED
DT261257 In Workplace (IBM Content Navigator), Business data names and column names are too long in the Customize your view menu where the business data variables are available
DT270514 Process Center throws ParticipantGroup resolveAddress SQLIntegrityConstraintViolationException for insert into LSW_USR_GRP_XREF
21.0.3 IF030
APAR Security APAR Behavior change Title
DT258290 X Vulnerability in jackson-core might affect IBM Business Automation Workflow
DT258606 X SECURITY DT258606 - CVE-2023-51074 IN BAW FLINK JOBS
21.0.3 IF029
APAR Security APAR Behavior change Title
DT246679 X SECURITY - CVE-2023-31582 IN JOSE4J
DT247641 X SECURITY - CVE-2023-33008 IN JOHNZON-CORE MAY AFFECT BAW EVENT EMMITERS
DT247858 X SECURITY APAR CVE-2023-50947 - REFLECTED CROSS-SITE SCRIPTING
DT257576 X SECURITY - MULTIPLE VULNERABILITIES IN AUTHORING UIS CVE-2023-45857, CVE-2023-26159
DT258608 X SECURITY - CVE-2023-43642 IN BAI EVENT EMITTERS
DT245095 Dutch spelling mistake in process portal profile editor
DT256769 WHEN YOU TRY TO VIEW DATA OF A PROCESS INSTANCE IN THE PROCESS ADMIN CONSOLE PROCESS INSPECTOR, YOU MAY SEE AN EMPTY DATA FIELD
DT257035 WHEN YOU VIEW A TASK OF A PROCESS INSTANCE WITH A LARGE EXECUTION TREE IN THE PROCESS INSPECTOR AND YOU TRY TO SEARCH INSTANCES, YOU MAY NOTICE THAT THE BROWSER TAKES LONG TIME TO RENDER
21.0.3 IF028
APAR Security APAR Behavior change Title
DT237229 X Multiple vulnerabilities in open source libraries related to decisions might affect IBM Business Automation Workflow
DT247086 Deleting on Hold Event manager task could fails with error
21.0.3 IF027
APAR Security APAR Behavior change Title
DT238395 X SECURITY - CVE-2022-44730 - Vulnerability with Apache Batik affect Dita and Apache FOP for Case
DT258777 X SECURITY APAR - CVE-2023-43642 IN BAI CASE EVENT EMITTERS
DT241180 CREATING A NEW TRACK TAKES A LONG TIME
DT245027 LOCK CONTENTION ON BPM_TASK_ACT_MEASURE_PENDING TABLE
DT245378 In-Basket count is being wrapped to a new line, making it not visible on the page
21.0.3 IF026
APAR Security APAR Behavior change Title
DT189591 Changing the admin_user setting for Business Automation Studio or Business Automation Workflow is not effective
DT241610 You may notice an error about parsing business objects reported in the web console when a client side human service starts
21.0.3 IF025
APAR Security APAR Behavior change Title
DT169666 YOU NOTICE BUTTONS CONTAINED IN VIEWS CAN HAVE THEIR LABELS SET VIA THE COACH PROPERTIES IN A CLIENT SIDE HUMAN SERVICE
DT213219 Upload page hangs when adding document for a process instance in Process dashboard
DT228228 Different results for REST API serviceModel after upgrade from BPM 8.5.6 to BAW 8.6.3.21031
DT228654 'Unable to convert the environment variable value to a URI' exception is observed in the logs when selecting Snapshot to Sync From in Sync Settings
DT228758 FileNotFoundException logged for 'nls/Resources.js' when you access case
DT237988 Reverted back to legacy behavior of not showing milliseconds for dates within complex types.  REST APIs return milliseconds on date/time attributes of complex Business Objects
DT238447 THE REST API /REST/BPM/WLE/V1/SEARCHES/TASKS/META/BUSINESSDATAFIELDS?INCLUDEORIGIN=TRUE MAY RETURN AN INCORRECT BUSINESS DATA ALIAS TYPE
21.0.3 IF024
APAR Security APAR Behavior change Title
DT224071 X SECURITY APAR - MULTIPLE VULNERABILITIES IN SNAPPY-JAVA MAY AFFECT BAW EVENT EMMITERS
DT215116 X CVE-2023-33858 REFLECTED CROSS-SITE SCRIPTING IN PROCESS ADMIN CONSOLE
DT225151 X SECURITY APAR DT225151 - CVE-2021-33813 MAY AFFECT CUSTOM APPS IN IBM BUSINESS AUTOMATION WORKFLOW
DT198135 REST API OPS/STD/BPM/PROCESSES/COUNT THROWS PSQLEXCEPTION FOR POSTGRESQL DATABASE
DT208418 BPMMIGRATEINSTANCES COMMAND FAILS WHEN <COLLECT-RUNTIME-STATS> PROPERTY VALUE IS SET TO FALSE
DT208156 START SERVICE REST API THROWS ILLEGALARGUMENTEXCEPTION IN CASE YOU PROVIDED PROJECT SHORTNAME AND SERVICE NAME BUT NOT SNAPSHOT ID
DT228796 Pods do not restart automatically when internal certificates are renewed
21.0.3 IF023
APAR Security APAR Behavior change Title
DT189341 THE WIDTH FROM TABLE VIEW'S COLUMNS CONFIGURATION PROPERTY IS NOT BEING REFLECTED WHEN THE COACH IS DISPLAYED
DT211574 SHARED BUSINESS OBJECT LOAD METHOD THROWS EXCEPTION WHEN HUMAN TASK IS RESUMED AFTER POSTPONE EVENT IN CLIENT SIDE HUMAN SERVICE
DT213846 The table view columns are the incorrect size when it is configured to be scroll-able (i.e. height is set) and there are hidden columns
DT222040 THE REST API /REST/BPM/WLE/V1/PROCESS/{INSTANCEID}/ALLVARIABLES ONLY UPDATES VARIABLES OF THE FIRST LINKED PROCESS NODE
DT222072 WHEN DEBUGGING STEP OVER MIGHT COMPLETE A SERVICE FLOW
DT223231 IllegalStateException might occur if a service flow with service result caching enabled is started
DT223489 Workplace Team Dashboard does not display team statistics for Workflow servers using SQL Server database
DT223311 Workflow pod readiness probe show the wrong status for User Management Services
21.0.3 IF022
APAR Security APAR Behavior change Title
DT189179 Running Process Portal on Chrome version 109 and later shows an error on the browser console
DT214607 YOU SEE A NOCLASSDEFFOUNDERROR ERROR WHEN YOU ENABLE CASE BUILDER TRACING
DT215173 Incorrect licensing annotations for Business Automation Workflow Standalone bundled with IBM Cloud Pak for Business Automation
DT220319 PERFORMANCE DEGRADATION WHEN RUNNING REST API (DELETE) /OPS/STD/BPM/PROCESSES OR RUNNING BPMPROCESSINSTANCESPURGE COMMAND
21.0.3 IF021
APAR Security APAR Behavior change Title
DT211505 X SECURITY APAR - CVE-2023-20863 IN SPRING EXPRESSIONS
DT213491 X SECURITY APAR - VULNERABILITY PRISMA-2023-0067 REPORTED FOR JACKSON-CORE IN BPM EVENT EMITTERS
DT195853 You can't upload documents with an extension .msg or mime type application/vnd.ms-outlook to the document store using the BPM File Dropzone view
DT208824 YOU NOTICE THE ORDER OF EXCLUSIVE GATEWAY DECISIONS MAY CHANGE AFTER EDITING A HERITAGE HUMAN SERVICE IN IBM PROCESS DESIGNER
DT211846 IBM BUSINESS AUTOMATION WORKFLOW TEST API RESPONDS WITH ERROR MESSAGES CONTAINING DETAILED INTERNAL ERRORS
DT213399 BPMPROCESSINSTANCESPURGE COMMAND IS SLOW TO DELETE COMPLETED PROCESS INSTANCES
DT213210 INVOKING REST API /OPS/STD/BPM/CONTAINERS/MIGRATE ENCOUNTERS NULLPOINTEREXCEPTION
DT213423 Upgrade Angular Version used by Process Portal and Content Management Toolkit
JR65032 A BLANK SPACE IS APPENDED TO THE DOCUMENT ID IN THE XML RESPONSE OF THE CREATE DOCUMENT AJAX CALL
21.0.3 IF020
APAR Security APAR Behavior change Title
DT197974 X SECURITY VULNERABILITY IN COMMONS-FILEUPLOAD AFFECTS IBM BUSINESS AUTOMATION WORKFLOW AND CLOUD PAK FOR BUSINESS AUTOMATION
DT208579 X SECURITY - CVE-2022-1471 - CASE HISTORY EMITTER IS AFFECTED BY SNAKEYAML VULNERABILITY
DT208782 X SECURITY APAR - CVE-2022-1471 REPORTED FOR SNAKEYAML IN BPMEVENTEMITTER
DT209212 X SECURITY APAR - CVE-2023-20861 IN BPM/LOMBARDI/LIB/SPRING-EXPRESSIONS.JAR
DT198745 Workplace cannot search for task or workflow names that contain Chinese characters
DT208139 IBM Process Federation Server indexers not reprocessing tasks and instances updates after a communication exception with Elasticsearch
DT210959 Entries with TASK_ID=NULL are never removed from the PFS_BPD_CHANGE_LOG TABLE if process instance indexing is not enabled for the federated system
JR64002 YOU CAN'T DELETE SNAPSHOTS
JR64395 YOU CANNOT ENABLE AND CONFIGURE EMAIL NOTIFICATION
JR64892 SERVICE TASKS OR NON-USER TASKS ARE VISIBLE IN IBM PROCESS PORTAL THOUGH USER CAN NOT TAKE ACTION ON THAT
JR64986 UNABLE TO DEPLOY CASE SOLUTION ON CP4BA ENTERPRISE PATTERN ENVIRONMENT USING SWAGGER UI
21.0.3 IF019
APAR Security APAR Behavior change Title
DT179527 X SECURITY - SEVERAL SECURITY VULNERABILITIES ARE PRESENT IN BOOTSTRAP-3.3.4.JS
DT196140 X SECURITY - CVE-2022-34917 in kafka-clients reported for bai-events-java-sdk
DT195919 X SECURITY - CVE-2023-25194 - Update Apache Kafka for Case and Case History Emitters
DT174091 Prevent unique constraint violated for table LSW_USR_GRP_XREF when importing a Process Application
DT196195 IN THE BUSINESS AUTOMATION WORKFLOW PROCESS ADMIN CONSOLE, CACHE RELATED INSTRUMENTATION IS NOT SHOWING UP
DT197053 REST API CALL OPS/STD/BPM/EVENT_MANAGER_TASKS RETURNS "NOT IMPLEMENTED INTERNALSTATE" ERROR
DT197302 When the Team Performance dashboard opens in a new tab, the view instance link fails.
21.0.3 IF018
APAR Security APAR Behavior change Title
DT180564 X SECURITY APAR CVE-2023-22860 - STORED XSS IN PROCESS ADMIN CONSOLE
DT188641 X SECURITY - CVE-2023-24957 - Stored XSS vulnerability when performing a document upload using Responsive Document Explorer
DT143005 UPDATE EMBEDDED CONTENT MANAGEMENT INTEROPERABILITY SERVICES TO A VERSION THAT USES A NEWER VERSION OF SPRING FRAMEWORK
DT145536 ERROR CWTBG0535E OCCURS WHEN A SERVICE IS CALLED FROM A CLIENT SIDE HUMAN SERVICE WITH DATA CONTAINING THE MAP DATA TYPE
DT168702 A JAVA.LANG.NULLPOINTEREXCEPTION OCCURS WHEN CALLING A SERVICE FLOW FROM A CLIENT SIDE HUMAN SERVICE
DT179174 WHEN CALLING BTS TEAM SERVICE, BUSINESS AUTOMATION WORKFLOW CACHES ACCESS TOKEN WITH WRONG EXPIRATION TIME
DT188690 MULTIPLE VULNERABILITIES IN JACKSON-DATABIND AND SNAKEYAML MIGHT AFFECT IBM BUSINESS AUTOMATION WORKFLOW
DT189645 TOOLKIT UPGRADE RESULTS IN NOCLASSDEFFOUNDERROR DURING THE UPDATE OF TEAMS
21.0.3 IF017
APAR Security APAR Behavior change Title
DT160709 X SECURITY APAR CVE-2022-42435 - CROSS SITE REQUEST FORGERY IN PROCESS ADMIN CONSOLE
DT148968 AVOID FULL RESETS OF USERINFOCACHE AND GROUPMEMBERCACHE WHEN ONLY FULLNAME OR DN OF A USER HAVE CHANGED
DT160446 PROCESS INSTANCE CANNOT BE DELETED IF THE ASSOCIATED PARENT CASE ID OR PARENT ACTIVITY ID IN CONTENT PLATFORM ENGINE WAS DELETED
DT172428 Documents stored in the document store for a process instance are not deleted when the process instance is deleted
DT173446 THE REST APIS BPM/PROCESSES AND BPM/USER-TASKS HAVE A LIMIT ON THE OFFSET PARAMETER VALUE
DT178357 SOME OVERRIDDEN PROPERTIES OF PROCESS FEDERATION SERVER DO NOT TAKE EFFECT
DT178926 SAVED SEARCH RESULTS AND PROCESS INSTANCE CURRENT STATE REST API RETURNS USER SHORTNAME
21.0.3 IF016
APAR Security APAR Behavior change Title
DT160010 TIMELINE VISUALIZER WIDGET DOESN'T DISPLAY ACTIVITY TASK COMMENTS
21.0.3 IF015
APAR Security APAR Behavior change Title
DT149047 X SECURITY APAR - MULTIPLE VULNERABILITIES IN SNAKEYAML SHIPPED WITH BUSINESS AUTOMATION INSIGHTS EMITTERS
DT160626 X SECURITY APAR - CVE-2022-41735 - CROSS SITE SCRIPTING IN PROCESS ADMIN CONSOLE
DT170126 X SECURITY APAR CVE-2022-42003 AND CVE-2022-42004 IN LIBRARY USED BY EVENT EMITTER
DT168634 A VIEW CONTAINED IN A TOOLTIP VIEW WORKS IMPROPERLY WITH VALIDATION ERROR
DT168635 SEVERAL VIEWS FROM THE UI TOOLKIT DISAPPEAR WHEN CONTAINED IN A TOOLTIP VIEW AND HAVE A VALIDATION ERROR
DT168911 CVE-2022-34917, CVE-2022-42003, CVE-2022-42004 - Update Apache Kafka and jackson-databind library for Case Emitter
DT169189 CVE-2022-25857, CVE-2022-42003, CVE-2022-42004 - Update snakeyaml and jackson-databind for Case History emitter
DT169484 PERFORMING THE RESET TEST ENVIRONMENT ACTION FOR CLOUD PAK FOR BUSINESS AUTOMATION ENVIRONMENT FAILS WITH FNRPA0428E ERROR
DT169750 TRANSACTION WAITING FOR LOCK ON LSW_LOCK FOR TW_ALLUSERS
DT171744 YOU ARE UNABLE TO SAVE CASE PROPERTIES IN CSHS WHEN A SECURITY PROXY OBJECT IS APPLIED AGAINST THE CASE TYPE CLASS DEFINITION
DT173143 CLOUD PAK FOR BUSINESS AUTOMATION PODS FAIL TO START WITH “CREATECONTAINERERROR”
JR64501 THE HIDDEN DIVS CONTAINING VALIDATION MESSAGES FOR ACCESSIBILITY ARE NOT REMOVED WHEN SETVALID IS CALLED MORE THAN ONCE
21.0.3 IF014
APAR Security APAR Behavior change Title
DT160695 X SECURITY APAR - CVE-2022-34917 IN KAFKA-CLIENTS MAY AFFECT BAI EVENT EMITTERS
DT143691 ADD CASE FROM CASE TOOLKIT ON CLIENT-SIDE HUMAN SERVICE NO LONGER WORK AFTER YOU UPGRADE AS IT REQUIRES A NEW MANDATORY FIELD 'CASECLIENTTABID'
DT145103 WEB PROCESS INSPECTOR OMITS LEADING SPACES OF INSTANCE DATA IN PROCESS ADMIN CONSOLE
DT169573 PROCESS INSTANCES CANNOT BE FOUND WHEN YOU TRY TO DISPLAY PROCESS INSTANCE DETAILS IN WEB PROCESS INSPECTOR
JR65102 YOU CAN'T UPLOAD A DOCUMENT OF TYPE IBM_BPM_DOCUMENT WHEN USER_NAME_ATTRIBUTE IN CP4BA IS CONFIGURED WITH EMAILADDRESS OR UID
21.0.3 IF013
APAR Security APAR Behavior change Title
DT145308 OUTOFMEMORY EXCEPTION WHEN STARTING PFS BPEL INDEXER ON A DATABASE THAT HAS PREVIOUS INDEXING FAILURES
DT145527 PROCESS WORK ITEM DOES NOT APPEAR IN AN IN-BASKET AFTER THE NEW ACTIVITY HAS BEEN UPDATED PRIOR TO COMMIT OR DEPLOYMENT
JR64862 EVENT MANAGER DOES NOT RECOVER AUTOMATICALLY FROM A DATABASE CONNECTION FAILURE
JR65093 YOU SEE AN UNPARSEABLE DATE ERROR WHEN YOU TRY TO ADD AN EXISTING BAW PROCESS ACTIVITY TO A CASE TYPE
21.0.3 IF012
APAR Security APAR Behavior change Title
DT142447 XA_RBDEADLOCK.ERRORCODE=-4203 DUE TO A DEADLOCK IN LSW_LOCK TABLE WHEN SAVING CASE PROPERTY CHANGES
DT141469 COULDNOTSETPROPERTYEXCEPTION OCCURS WHEN MAPPING COMPLEX OBJECT TO ANY TYPE IN A CLIENT SIDE HUMAN SERVICE
JR64732 COACH GENERATION INCORRECTLY REPORTS AN ERROR FOR COACHES IN A HERITAGE HUMAN SERVICE
JR64992 BAR CHART DRILL DOWN DOES NOT CLEARING PREVIOUS CHART'S CONTENT
JR65006 UPDATE BUSINESS AUTOMATION WORKFLOW TO A NEWER VERSION OF THE SPRING FRAMEWORK
JR65020 AN OBJECTNOTFOUNDEXCEPTION IS ENCOUNTERED WHILE RUNNING THE BPMUPDATESYSTEMAPP COMMAND DURING UPGRADE
JR65044 ECM FILE LIST VIEW NO LONGER DISPLAYS CORRECT COLUMNS FROM A CUSTOM QUERY AFTER YOU UPGRADE
JR65087 TOKEN OF THE ATTACHED INTERMEDIATE EVENT CANNOT BE DELETED
21.0.3 IF011
APAR Security APAR Behavior change Title
JR65043 X VULNERABILITY CVE-2021-41973 IS REPORTED FOR MINA-CORE-2.0.1-IBM.JAR 
JR64995 THE TEAM PERFORMANCE DASHBOARD DOES NOT OPEN FOR ANY SELECTED TEAM  MEMBER  
JR65052 COPY AND PASTE OF A USER TASK ACTIVITY IN A PROCESS FAILS IF THE ACTIVITY ASSIGNMENT IS SET TO CUSTOM OR PROCESS STARTER
JR65052 COPY AND PASTE OF A USER TASK ACTIVITY IN A PROCESS FAILS IF THE ACTIVITY ASSIGNMENT IS SET TO CUSTOM OR PROCESS STARTER
JR65060 YOU ARE UNABLE TO UPDATE USER PERMISSION FOR A SOLUTION WHEN YOU USE CASE ADMINISTRATION CLIENT
21.0.2 IF010
APAR Security APAR Behavior change Title
JR64602 USING ROUND BRACKETS CHARACTERS '(' OR ')' IN A IBM CLOUD PAK FOR BUSINESS AUTOMATION SECRET PASSWORD WILL CAUSE FAILURES
JR64886 CAN NOT SELECT TAB IN EDITOR WHEN NESTED IN A COMPOSITE VIEW
JR64944 PROCESS FEDERATION SERVER MAY ASSIGN MORE INDEXER PARTITIONS THAN AVAILABLE AGENTS CAN CONSUME
JR64968 PROCESS FEDERATION SERVER SEARCH QUERIES FAIL IF A RETURNED DOCUMENT CONTAINS THE _IGNORED FIELD
JR64969 THE TEAM PERFORMANCE DASHBOARD CANNOT BE ACCESSED ON PROCESS PORTAL RUNNING ON MULTIPLE FEDERATED BAW SYSTEMS
JR65018 MULTIPLE VULNERABILITIES ARE REPORTED FOR JRULES-RES-EXECUTION.JAR AND JQUERY-UI-1.10.4.MIN.JS
21.0.3 IF009
APAR Security APAR Behavior change Title
JR64596 X SECURITY APAR - CVE-2022-22361 - CROSS SITE REQUEST FORGERY VULNERABILITY IN PROCESS ADMIN CONSOLE
JR64590 IF THE OBJECT STORE DISPLAY NAME IS DIFFERENT THAN THE SYMBOLIC NAME IN THE CR FILE CASE INIT JOB FAILS
JR64671 IF YOU ARE USING FRENCH LOCALE SETTING IN THE BROWSER, YOU CAN'T OPEN A SOLUTION THAT WAS CLOSED IMPROPERLY
JR64788 UNABLE TO OPEN AND DEPLOY THE SOLUTION IF THE BROWSER USES CHINESE LANGUAGE
JR64821 'CPE METADATA CACHE TIME TO LIVE' SETTING IS NOT CONFIGURABLE IN CLOUD PAK FOR BUSINESS AUTOMATION ENVIRONMENTS
JR64850 A SNAPSHOT WITH A CASE SOLUTION IS MADE DEFAULT WHEN DEPLOYED VIA SWAGGER API WITH AN INACTIVE OPTION
JR64883 UMS WLPTAI AND UMS JAASLOGINMODULE FAIL TO DECODE SOME JWT TOKENS
JR64884 INCORRECT CLIENT-SIDE HUMAN SERVICE PAGE VALIDATION ERROR MESSAGES WHEN WEB BROWSER LANGUAGE IS SET TO CHINESE
JR64931 ERROR OCCURS WHEN DEBUGGING A HUMAN SERVICE IN DESKTOP PROCESS DESIGNER INSPECTOR
21.0.3 IF008
APAR Security APAR Behavior change Title
JR64423 IF YOU SORT THE ROWS IN A CASE LIST THAT IS POPULATED WITH A CUSTOM SCRIPT ADAPTER, VALUES FOR CASE TITLE COLUMN DISAPPEAR
JR64827 PROCESS FEDERATION SERVER MAY THROW NULLPOINTEREXCEPTION WHEN PROCESSING FEDERATED NOTIFICATIONS
21.0.3 IF007
APAR Security APAR Behavior change Title
JR64569 TYPE MISMATCH ERROR MIGHT OCCUR IF A SOAP FAULT IS CAUGHT BY AN ERROR CATCH EVENT
JR64711 COACH EDITOR FAILS TO OPEN COACH
JR64750 BUSINESS AUTOMATION INSIGHTS EMITTER, MACHINE LEARNING SERVER & PROCESS FEDERATION SERVER NOT WORKING FOR STARTER PATTERN
JR64642 GROUP SYNCHRONIZATION FAILS DURING SERVER STARTUP IF DEPRECATED GROUPS EXIST
JR64671 IF YOU ARE USING FRENCH LOCALE SETTING IN THE BROWSER, YOU CAN'T OPEN A SOLUTION THAT WAS CLOSED IMPROPERLY
JR64717 BUSINESS AUTOMATION WORKFLOW SCIM CALLS FAIL DUE TO INCORRECTLY ENCODED WHITESPACE
JR64656 TRANSACTION ROLLBACK WHEN REMOVING AN USER FROM THE PROJECT AREA ON BAW SERVER.
JR64699 EXPANDABLE ROW IS NOT UPDATING PROPERLY WHEN USING TABLE FILTERING
21.0.2 IF006
APAR Security APAR Behavior change Title
N/A N/A
21.0.2 IF005
APAR Security APAR Behavior change Title
JR64280 X SECURITY APAR CVE-2021-39046 STORES USER CREDENTIALS IN PLAIN CLEAR TEXT WHICH CAN BE READ BY A PRIVILEGED USER
JR64556 X REMOVE REFERENCE TO LOG4J FROM 21.0.2 AND 21.0.3
JR64565 X MULTIPLE LOG4J VULNERABILITIES IN IBM PROCESS FEDERATION SERVER
JR64589 REFERENCES TO CASE OBJECT CASEINSTANCE.PROPERTIES IN CLIENT-SIDE HUMAN SERVICE VIEWS NO LONGER AVAILABLE AFTER YOU UPGRADE
JR64595 ACTIVITY PROCESS FAILS TO START WITH CLASSLOADER EXCEPTIONS IN CP4BA 21.0.3
JR64620 VIEW VISIBILITY MIGHT NOT FUNCTION CORRECTLY WHEN USING THE NO CODE VIEW VALIDATION
JR64647 CASE INIT JOB FAILS WHEN YOU UPGRADE FROM CLOUD PAK FOR BUSINESS AUTOMATION V2102 TO V2103 WITH ZEN UI ENABLED
JR64676 AFTER SCALING FROM DEPLOYMENT PROFILE SIZE MEDIUM TO SMALL, BAW IS UNREACHABLE
21.0.2 IF002
APAR Security APAR Behavior change Title
JR64435 X SECURITY APAR - CVE-2021-4104 AND CVE-2021-45046 IN PROCESS FEDERATION SERVER

Back to top

Document change history
  • 28 April 2022: Initial publish.
  • 26 May 2022: Updated with 21.0.3 IF009 details
  • 3 June 2022: Added APARs JR64931 and JR64596 to fix list tables.
  • 30 June 2022: Updated with 21.0.3 IF010 details
  • 29 July 2022: Updated with 21.0.3 IF011 details
  • 1 September 2022: Updated with 21.0.3 IF012 details
  • 30 September 2022: Updated with 21.0.3 IF013 details
  • 28 October 2022: Updated with 21.0.3 IF014 details
  • 30 November 2022: Updated with 21.0.3 IF015 details
  • 28 December 2022: Updated with 21.0.3 IF016 details
  • 26 January 2023: Updated with 21.0.3 IF017 details
  • 23 February 2023: Updated with 21.0.3 IF018 details
  • 31 March 2023: Updated with 21.0.3 IF019 details
  • 27 April 2023: Updated with 21.0.3 IF020 details
  • 31 May 2023: Updated with 21.0.3 IF021 details
  • 2 June 2023: Updated with 21.0.3 IF022 details
  • 28 July 2023: Updated with 21.0.3 IF023 details
  • 1 September 2023: Updated with 21.0.3 IF024 details
  • 28 September 2023: Updated with 21.0.3 IF025 details
  • 26 October 2023: Updated with 21.0.3 IF026 details
  • 30 November 2023: Updated with 21.0.3 IF027 details
  • 18 December 2023: Added Known issue DT245378 to 21.0.3 IF027 fix list table.
  • 28 December 2023: Updated with 21.0.3 IF028 details
  • 1 February 2024: Updated with 21.0.3 IF029 details
  • 29 February 2024: Updated with 21.0.3 IF030 details
  • 28 March 2024: Updated with 21.0.3 IF031 details
  • 25 April 2024: Updated with 21.0.3 IF032 details
  • 31 May 2024: Updated with 21.0.3 IF033 details
  • 1 July 2024: Updated with 21.0.3 IF034 details
  • 2 August 2024: Updated with 21.0.3 IF035 details

    • [{"Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SS8JB4","label":"IBM Business Automation Workflow"},"ARM Category":[{"code":"a8m50000000CcWOAA0","label":"Security"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Type":"MASTER"}]

    Document Information

    Modified date:
    02 August 2024

    UID

    ibm16574109

    Page Feedback