IBM Support

Readme for IBM Business Automation Workflow on containers 23.0.1 interim fixes

Fix Readme


Abstract

This readme is for IBM Business Automation Workflow on containers 23.0.1 interim fixes released periodically to resolve security vulnerabilities, as well as other defects. It includes information about the CASE package download, installation, and other information about interim fixes for the 23.0.1 release.

Content

Readme file for IBM Business Automation Workflow on containers
Product release 23.0.1
Publication date 28 July 2023

Contents

Prerequisites and superseding fixes

  • Each interim fix typically supersedes all other previous interim fixes shipped for 23.0.1, and compliments a simultaneously delivered interim fix for IBM Cloud Pak for Business Automation 23.0.1. Consult the following table for specific relationships.
  • Business Automation Workflow on containers delivers container images that include operating system level and other open source libraries. Vulnerabilities (CVEs) for these libraries are published regularly. These interim fixes include fixes for these libraries. Consult the superseded and related Cloud Pak for Business Automation 23.0.1 Readmes for specific information about vulnerabilities and other defects that have been addressed.
Business Automation Workflow on containers interim fixes
Interim fix name Superseded interim fix names CASE package Complimentary Cloud Pak for Business Automation interim fix name Released
23.0.1 IF006 See note (*) below ibm-cs-bawautomation-2.5.6.tgz 23.0.1 IF006 December 2023
23.0.1 IF005 See note (*) below ibm-cs-bawautomation-2.5.5.tgz 23.0.1 IF005 November 2023
23.0.1 IF004 See note (*) below ibm-cs-bawautomation-2.5.4.tgz 23.0.1 IF004 October 2023
23.0.1 IF003 See note (*) below ibm-cs-bawautomation-2.5.3.tgz 23.0.1 IF003 September 2023
23.0.1 IF002 * Note: All previous interim fixes listed in this table ibm-cs-bawautomation-2.5.2.tgz 23.0.1 IF002 August 2023
23.0.1 IF001 None ibm-cs-bawautomation-2.5.1.tgz 23.0.1 IF001 July 2023
The previous table is chronologically listed in reverse order, with more recent fixes listed at the top.

Components impacted

Before installation

a. Ensure you back up all databases associated with the environment.
b. Ensure your operators are in a healthy state before upgrading.
If one or more operators are failing, the system might be prevented from completing an upgrade. Check a few of the important custom resource (CR) statuses for failures and to ensure the statuses appear ready for the various installed components.
Check the status of the following CRs when they exist:
oc get icp4acluster -o yaml

Installing the interim fix

Important:  Using individual image tag settings in your Business Automation Workflow CR file could prevent the operator from updating the images to the appropriate version. When you upgrade, ensure you remove these settings for a production installation.
Use the CASE package that is associated with the interim fix being applied. It is typically recommended that the latest interim fix be applied. To identify the appropriate CASE package, as well as links to obtain each package, see the table under Prerequisites and superseding fixes.
Business Automation Workflow 23.0.1 interim fixes are released to the v23.1 operator channel. After the operator is upgraded, rolling updates for all the pods the operator manages are triggered to ensure they are updated to the appropriate version that matches the operator.
If your environment has access to the IBM entitled registry and has an automatic v23.1 channel subscription, enterprise installations are upgraded automatically. This upgrade usually occurs when the interim fix is released or when images are mirrored for air-gap setup.

Depending on the current setup and state of your existing environment, various manual actions might be required. The following scenarios cover what actions might be needed for a particular setup.
  • Scenario 1: Your installation is version 21.0.2.x or earlier.
    Actions: If you are using a version earlier than 21.0.3, you must upgrade first. To upgrade your environment, follow the Upgrading automation containers instructions.
    When you perform the upgrade, you can substitute the CASE package from this interim fix for the 22.0.2 CASE package while you follow the instructions. For air-gapped environments, you can use the case save command in step 1 of scenario 3.
    Note: If you are using versions that are earlier than 21.0.2, you must incrementally upgrade and follow the instructions for each version between your source version and 22.0.2.
  •  Scenario 2:  Your installation is online and 22.0.2.x.
    Actions: After these steps are completed, the operators are automatically upgraded.
    You can apply the following catalog sources from a command line by creating a YAML file (for example, cp4ba_catalog_sources.yaml) with the following catalog sources and performing "oc apply -f cp4ba_catalog_sources.yaml", or you can apply the catalog sources by using the OCP console. 
    apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: ibm-operator-catalog
  namespace: openshift-marketplace
spec:
  displayName: "IBM Operator Catalog"
  image: icr.io/cpopen/ibm-operator-catalog
  publisher: IBM
  sourceType: grpc
  updateStrategy:
    registryPoll:
      interval: 45m
  • Scenario 3:  Your installation is air gapped and 22.0.2.x.
    1. Set up the environment variables for CASE, taking 22.0.2-IF001 as example:
      • export CASE_NAME=ibm-cs-bawautomation 
      • export OFFLINEDIR=/tmp/cp4ba2202-if001
      • export CASE_VERSION=2.4.2
      • export CASE_INVENTORY_SETUP=cp4aOperatorSetup 
      • export CASE_ARCHIVE=${CASE_NAME}/${CASE_VERSION}/${CASE_NAME}-${CASE_VERSION}.tgz 
      • export CASE_LOCAL_PATH=${OFFLINEDIR}/${CASE_ARCHIVE}
      Note: The values are specific to the interim fix, for instance, the value for CASE_VERSION, however, you can choose a different empty directory for the OFFLINEDIR if you need to put the files somewhere else.
    2. Download the Cloud Pak archives and image inventory, and put them in the offline store 
      cloudctl case save \
  --case https://github.com/IBM/cloud-pak/raw/master/repo/case/${CASE_ARCHIVE} \
  --outputdir ${OFFLINEDIR}
      and then unpack the case file:  
      cd ${OFFLINEDIR}
tar -xvzf ${CASE_ARCHIVE}
cd cert-kubernetes
    3. Mirror images to trigger the operator upgrades. 
    4. Mirror the entitled registry images to the local registry by completing the same steps you followed during installation. For more information, see Mirroring images to the private registry.
      Important: Ensure you use the CASE image outputdir (/tmp/cp4ba-241) from step 1.
    5. If you have subscriptions set to manual, you must approve all the pending operator updates. 
      Important: Do not set subscriptions to manual because it can make the the upgrade more error prone if some of the many operator updates are not approved. By default all subscriptions are set to automatic.
After the operators are upgraded, the upgrade of the related deployments and pods is triggered.

Performing the necessary tasks after installation

Review the installation
Review the CR yaml status section and operator logs after the upgrade to ensure no failures prevented your pods from upgrading.
oc get icp4acluster -o yaml > CP4BAconfig.yaml
oc logs deployment/ibm-cp4a-operator -c operator > operator.log
To verify the expected image digest for a particular image, review the ibm-cp-automation\inventory\cp4aOperatorSdk\resources.yaml file in the CASE package. This file has a listing of the images managed by the Cloud Pak for Business Automation operator and their expected digest for this particular interim fix level.

Uninstalling

There is no procedure to uninstall the interim fix.

List of fixes

The following APARs are specific to Business Automation Workflow on containers. Depending on the components and capabilities you installed and configured, additional fix information might apply to you. See the "List of Fixes" in the readmes linked under Complimentary Cloud Pak for Business Automation interim fixes in the Prerequisites and superseding fixes section in this document. These readmes detail vulnerability fixes shipped with interim fixes for included operating system level and other open source libraries. The fixes below are also listed in those readmes, but they are also listed here as a convenience.
Fixes that involve security are indicated with an X mark.
Business Automation Workflow
23.0.1 IF006
Known Issue Security APAR Behavior change Title
DT222737 Applying a Case solution audit manifest with document or task properties fails
DT245484 BPMMIGRATEINSTANCES COMMAND NOT MIGRATE ALL PROCESS INSTANCES IN A NETWORK DEPLOYMENT ENVIRONMENT WITH MULTIPLE NODES
DT247004 Performance Degradation and Excessive SQL Queries for Team Binding Page Load
DT247086 Deleting on Hold Event manager task could fails with error
DT247283 Input mapping for the 'SFinput2' parameter of 'SF1' activity is not valid. Error message in CP4BA v23.0.1 is found in WebPD while creating a Data mapping for a system task
DT247327 javax.xml.transform.TransformerConfigurationException: com.ibm.xtq.xslt.jaxp.HandledRuntimeException
DT247383 Boolean variable data mapping dropdown not correctly set to boolean value
DT247615 NoSuchAlgorithmException when using Team Filter Services
DT254751 Can't create a new case with multi-select (dropdown) property values that contain space(s)
23.0.1 IF005
Known Issue Security APAR Behavior change Title
DT230451 X SECURITY APAR CVE-2023-40691 - INFORMATION LEAKAGE IN IBM BUSINESS AUTOMATION WORKFLOW
DT189591 Changing the admin_user setting for Business Automation Studio or Business Automation Workflow is not effective
DT243230 Case editor in IBM Process Designer returns "TypeError: Cannot read properties of undefined (reading '_model')" when a reused property is dragged to the coach
DT243347 THE DEFAULT DATE IN THE DATE PICKER SHOWS THE PAST DATE WHEN YOU CREATE A NEW VALUE FOR AN EXPOSED PROCESS VALUE IN PROCESS ADMIN CONSOLE
DT243748 IN PROCESS ADMIN CONSOLE PREFIX OF THE SERVER NAME DISPLAYS THE ACRONYM OF THE PROCESS APPLICATION INSTEAD OF THE TOOLKIT
23.0.1 IF004
Known Issue Security APAR Behavior change Title
DT239437 Click 'Apply Changes' button has no effect after modified ECM server in ProcessAdmin console.
DT239545 VIEWING THE XML SCHEMA OF A BUSINESS OBJECT IN IBM BUSINESS AUTOMATION BUSINESS STUDIO FAILS WITH A 404 NOT FOUND PAGE IN CLOUD PAK FOR BUSINESS AUTOMATION V23.0.1
DT241285 SCHEDULED EVENT MANAGER TASKS WITH LONG DESCRIPTIONS CAUSING DATABASE EXCEPTION
DT242547 Restores the original behaviour of returning null when no work item is returned. Saved search execution doesn't return null when no work items are returned
23.0.1 IF003
Known Issue Security APAR Behavior change Title
DT224476 JAVA.LANG.NOSUCHFIELDERROR: ORG/APACHE/XERCES/IMPL/XS/XSELEMENTDECL.FSUBGROUP ERROR OCCURS WHEN IMPORTING SOME WSDL FILES
DT224607 You notice the time picker of the Date time picker view does not show the selection list when clicked
DT225302 TABLE VIEW FROM THE COACHES TOOLKIT IS NOT DISPLAYING NESTED TABLES CORRECTLY
DT228436 Typeahead Text component throwing Ajax item list fetching error when pulling data from a service
DT236804 Internal groups get deactivated at server start
DT237106 Workplace task list does not refresh automatically
DT238616 Setting the purge-minimum-interval property has no effect
23.0.1 IF002
Known Issue Security APAR Behavior change Title
DT215116 X CVE-2023-33858 REFLECTED CROSS-SITE SCRIPTING IN PROCESS ADMIN CONSOLE
DT225151 X SECURITY APAR DT225151 - CVE-2021-33813 MAY AFFECT CUSTOM APPS IN IBM BUSINESS AUTOMATION WORKFLOW
DT224071 X SECURITY APAR - MULTIPLE VULNERABILITIES IN SNAPPY-JAVA MAY AFFECT BAW EVENT EMMITERS
DT223183 Case Builder saves and loads solutions from an incorrect project area in a CP4BA Workflow Authoring cluster
DT223725 PROCESS ADMIN CONSOLE DOES NOT DISPLAY WEB SERVICE SERVER IN SERVERS TAB
DT224070 YOU SEE ERROR CWTBG0019E: UNEXPECTED EXCEPTION DURING EXECUTION. EXCEPTION INFORMATION: 'NULL' IN PROCESS MONITOR PAGE OF PROCESS ADMIN CONSOLE
DT224799 Messages sent to topics related to Kafka services within the first 5 minutes after a version is created, installed, or imported might not be processed
DT227809 THE TOTAL NUMBER OF ITEMS IS NOT LISTED AS AN OPTION FOR THE PAGE SIZE IN PROCESS ADMIN CONSOLE
DT228408 Remove the useless case_workitem_search_in_es parameter from CR template
DT228650 SNAPSHOT DEPLOYMENT FAILS WITH NULLPOINTEREXCEPTION
DT228796 Pods do not restart automatically when internal certificates are renewed
23.0.1 IF001
Known Issue Security APAR Behavior change Title
DT220253 TASK NARRATIVE SECTION IN EMAIL NOTIFICATION IS NOT POPULATED FOR ALL TASKS IN PROCESS PORTAL
DT220319 PERFORMANCE DEGRADATION WHEN RUNNING REST API (DELETE) /OPS/STD/BPM/PROCESSES OR RUNNING BPMPROCESSINSTANCESPURGE COMMAND
DT223311 Workflow pod readiness probe show the wrong status for User Management Services
DT223489 Workplace Team Dashboard does not display team statistics for Workflow servers using SQL Server database

Back to top

Document change history
  • 28 July 2023: Updated with 23.0.1 IF001 details
  • 01 September 2023: Updated with 23.0.1 IF002 details
  • 28 September 2023: Updated with 23.0.1 IF003 details
  • 26 October 2023: Updated with 23.0.1 IF004 details
  • 30 November 2023: Updated with 23.0.1 IF005 details
  • 28 December 2023: Updated with 23.0.1 IF006 details
  • 07 December 2023: Added Known issue DT189591 and DT243230 to 23.0.1 IF005 fix list table.

    • [{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS8JB4","label":"IBM Business Automation Workflow"},"ARM Category":[{"code":"a8m50000000CcWOAA0","label":"Security"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Type":"MASTER"}]

    Document Information

    Modified date:
    07 January 2024

    UID

    ibm17009721

    Page Feedback