Fix Readme
Abstract
IBM InfoSphere Information Server 11.7.1.4 SP1 introduces APAR fixes addressed after release 11.7.1.4 for components of InfoSphere Information Server. Fix Pack 11.7.1.4 is cumulative and includes fixes released in previous Fix and Services packs of Information Server 11.7.1.
Content
The following sections list APARs fixed in 11.7.1.4 SP1 for InfoSphere Information Server.
Fixes added in IBM InfoSphere Information Server 11.7.1.4 SP1
Connectivity IBM/BigData
| APAR | Description |
| DT172497 | Kafka Connector uses libraries affected by several security vulnerabilities |
| DT188017 | DB2 Connector does not configure external table CCSID for NLS map ASCL_JPN-SJIS correctly |
| DT189101 | Kafka Connector has incorrect continuous mode settings |
| DT196129 | DB2 Connector in Insert new rows only mode with a reject link warns about statement execution failure for rejected rows |
| DT196378 | DB2 Connector using custom SQL including quoted identifiers aborts with error: unmatched double quote character found |
| DT196378 | Netezza Connector logs debug level message about ENABLE_SCHEMA_DBO_CHECK value on default log level |
| DT197445 | DB2 Connector configured to drop unmatched fields aborts due to an invalid pointer when a LOB column is not found in the target table |
| DT197565 | Netezza Connector reports unmatched parenthesis character when custom SQL contains function COUNT without parentheses |
| DT198746 | MQ Connector does not support CCDT with MQCSP authentication |
Connectivity Non-IBM
| APAR | Description |
| JR52811 | Remove the option of "multipart/form-data" from XML pack GUI |
| JR64710 | Mongo JDBC Driver failed to return result sets for certain queries with WHERE Clause when the SchemaFormat is set to Flatten. |
| JR64935 | Upgrade of few DataDirect ODBC Drivers to 8.0 version |
| DT134910 | Support of Load Operations using the Bulk API for Polymorphic Fields on Standard Salesforce Objects |
| DT139853 | Salesforce Connector while loading Polymorphic field gives the exception message didn't match the supplied type |
| DT141846 | Sybase stage throws error when schema name is provided with table name |
| DT143715 | After installing the patch for APAR JR65023, the ODBC Connector is not getting expected results with Update or update then insert operations |
| DT144420 | Salesforce Connector does not allow batch size less than 2000 in the Bulk Mode for Query Operations |
| DT144529 | JDBC Connector cannot create MongoDB connection with MongoDB Driver Version: 6.1.0.000438 and Kerberos authentication |
| DT145325 | Synonym is being imported as both ALIAS and VIEW if it points to Materialized View |
| DT148816 | Salesforce Connector support for Salesforce API version 55.0 |
| DT160278 | Support for Teradata TTU 17.10 on AIX using Teradata connector. |
| DT160334 | Optimizing the usage of resolve synonym calls in Oracle Connector |
| DT160985 | ODBC Connector Sybase ASE jobs abort when bulkload is enabled |
| DT161026 | When reading an excel file, cell reference value in a sheet returns NULL |
| DT168940 | IBM Datadirect Google BigQuery Driver for JDBC reports Multi-statement query is not supported |
| DT172214 | Escape quote character in data during bulk load using Snowflake connector |
| DT172742 | FileConnector jobs using httpfs mode with SSL fails with TruncatedChunkException |
| DT172944 | Security fixes to the JDBC Drivers for remote code execution vulnerability (CVE-2022-41853) |
| DT173144 | Security fixes to the DataDirect ODBC Drivers for remote code execution vulnerability in HSQL DB (CVE-2022-41853) |
| DT173326 | Hierarchical Stage: Namespace Prefix missing for attributes in XML Composer output. |
| DT173968 | Certification of Google-Big-Query using ODBC |
| DT174662 | Provide a connection property that takes additional connection properties for creating a connection with Amazon S3. |
| DT178108 | Test and View data from connector stage editor throws an error if the value of any required property is a mix of job parameter and hardcoded string. |
| DT178611 | FTP Enterprise stage connecting to MVS FTP Server aborts with message 501 command OPTS aborted -- no options supported for UTF8 |
| DT178930 | DataQuality analysis on number datatype column with precision less than 38 might sometimes fail with value out of range error. |
| DT179377 | Rowid range partitioned read job might sometimes fail with ORA-01455 error. |
| DT179432 | Salesforce Connector Load Operations support of more than one field for reference objects |
| DT179962 | Oracle Connector bulk load job fails with ORA-02243 while rebuilding indexes on the table after bulk load ends. |
| DT180375 | Redshift connector fails with timeout error for large data when load write mode is used |
| DT180485 | SCAPI Bridge patch to support query timeout property in Redshift connector |
| DT189687 | SAP ASE 16.0 SP04 PL03 branding name change in ODBC Connector |
| DT196349 | DRS Connector job fails when Before/After SQL statements contain metatags |
| DT196887 | Salesforce Connector support for Salesforce API version 57.0 |
Data Flow Designer
| APAR | Description |
| DT171716 | Sensitive Data Exposure in logs |
| DT178559 | Cross site request forgery vulnerability when exercising some DataStage Flow Designer API |
DataStage
| APAR | Description |
| DSCore | |
| DT141192 | dsjob -logdetail with invocation IDs incorrectly returning log entries for other invocations |
| DT141297 | Improve error reporting in client authentication services |
| DT141589 | Jobs terminate abnormally at startup |
| DT144874 | View button not appearing on Comparison Tool report causing full property value inaccessible |
| DT148944 | IBM InfoSphere ResMonApp is affected by a Missing XML Validation vulnerability |
| DT149283 | Operation Console throwing httpStatus 500 Internal error when sorting activity by Queue |
| DT160062 | Improve diagnostic tracing in DataStage Windows Designer services tier access functions |
| DT161038 | Generating scripts for new DSODB not replacing placeholders with actual values |
| DT169349 | OpsConsole - ds_hash cookie without HttpOnly flag set |
| DT169488 | OpsConsole - ds_config.json set without HttpOnly |
| DT174491 | The multi client manager switching service should be quoted in the service control manager |
| DT188661 | InfoSphere DataStage is vulnerable to disclosure of sensitive information |
| DT189789 | Add and revise GUI support for server job compatibility functions in the parallel engine |
| DSEngine | |
| DT160066 | Information Server has a denial of service vulnerability |
| DT169593 | Inconsistent behavior of FIELDSTORE |
DQEC, Workflow, SOS
| APAR | Description |
| DT198283 | Vulnerability in kafka-clients |
| DT198777 | Vulnerability in spring-security-crypto-5.6.3.jar |
| DT198778 | Vulnerabilities in guava-14.0.1.jar |
| DT198779 | Multiple vulnerabilities in Jetty affects Solr used by Information Server |
| DT208807 | Upgrade Spring in IIS & CPD releases |
IMAM
| APAR | Description |
| DT148996 | IBM InfoSphere 11.7.1.4 is affected by an injection problem vulnerability. 3rd Party DOM-Based XSS in IMAM via Dojo attribute parser. |
| DT178532 | Metadata asset manager swagger is vulnerable by injecting third party DOM-based XSS. |
| DT197436 | Vulnerabilities in mysql-connector-java-8.0.16.jar |
| DT197676 | Vulnerability in hive-metastore-1.2.1.jar |
| DT197810 | Vulnerabilities in hadoop-common-2.6.0.jar |
Information Analyzer / Auto Quality
| APAR | Description |
| DT160751 | Information Analyzer thick client shows invalid roles |
| DT169054 | Information Analyzer API returns incorrect ruleset RID, which is used by DQEC to show Rule set information |
| DT197480 | Unable to add Where Clause at data source level in Information Analyzer Thick Client |
| DT208283 | Java Script Data Classifier no longer works after upgrade from 11.7.1.3 to 11.7.1.4 |
| DT209004 | Inconsistent status between Data Rule and Rule Definition |
Information Governance Catalog (IGC)
| APAR | Description |
| DT144864 | Query Export Asset Values to CSV file with some blank values where they do exist in IGC |
| DT180530 | Remove ADMINISTRATION from catalog header text when in Catalog view |
| DT197304 | IBM Infosphere Information Server is vulnerable to cross-site scripting |
| DT214221 | Custom attributes with specific names returned as null on IGC REST |
Information Server Framework
| APAR | Description |
| DT172481 | Address security vulnerabilities in Apache Commons JXPath |
| DT178175 | Display proper error message when LDAP User or Group names contains invalid characters in the Registry |
| DT178496 | Information Server is vulnerable to SQL injection |
| DT178559 | InfoSphere Information Server is vulnerable to Cross site request forgery |
| DT180044 | InfoSphere Information Server is vulnerable to CSV injection |
| DT189469 | Agent listens on 3 ports (instead of 2 ports) when objectport is specified in the agent configuration |
| DT197104 | Address security vulnerabilities in Apache Commons fileupload |
| DT197840 | Permit more characters in email address of users and groups |
| DT208804 | Address security vulnerability in libcurl |
| DT208923 | Address security vulnerability in Jettison |
Installation
| APAR | Description |
| DT180020 | InfoSphere Information Server is vulnerable to privilege escalation attacks |
ISD
| APAR | Description |
| DT208451 | Vulnerability CVE-2021-37533 in Apache Commons Net |
ISTools
| APAR | Description |
| DT208451 | Vulnerability CVE-2021-37533 in Apache Commons Net |
Microservices Tier
| APAR | Description |
| JR64524 | IBM InfoSphere Information Server is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. |
| DT172547 | Information Server is affected by a denial of service vulnerability in Apache Kafka (CVE-2022-34917) |
| DT172850 | Information Server microservices tier installation fails with "[Errno 2] No such file or directory" while querying XFS info |
| DT173293 | Vulnerability CVE-2022-42889: Apache Commons Text affected with Arbitrary Code Execution |
| DT174094 | Information Server is vulnerable to HTTP header injection in WebSphere Liberty (CVE-2022-34165) |
| DT178435 | Image registry does not start automatically after restarting MS tier system |
| DT178731 | Information Server microservices tier memory exhaustion bug in containerd used by Kubernetes (CVE-2022-23471) |
| DT188185 | Microservices tier node exporter information leakage |
PX Engine
| APAR | Description |
| JR65172 | 11.7.1.3 Linux Add retry logic for keytab, credentials, and odbc.ini files |
| DT160725 | ResTrackApp remote code execution Security Fix |
| DT178646 | In BIBQ env, when jobs are executed using a static configuration file, job execution will fail if one of the nodes is blocklisted. |
| DT188999 | Fix incorrect return value of the Pwr() transform function |
| DT208964 | Added APT_EXPORT_PATTERN_SEQMODE_CREATE_EMPTY_FILE environment variable to let the Sequential File stage (write) to generate a 0 sized file when there is no incoming data and with -filepattern and -sequetial options. |
XMeta
| APAR | Description |
| DT196686 | IMAM share to repository fails with DeleteException |
[{"Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSZJPZ","label":"IBM InfoSphere Information Server"},"ARM Category":[{"code":"a8m50000000L32vAAC","label":"Patch Installer-\u003ECumulative Service - Fix Packs and Service Packs"}],"ARM Case Number":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"11.7.1"}]
Was this topic helpful?
Document Information
Modified date:
20 May 2024
UID
ibm16991329