IBM Application Performance Management 8.1.4.0-IBM-APM-SERVER-IF0014 Readme

5.  If you have installed the Cloud APM Liberty data collector to monitor the Cloud APM server Liberty processes (apmui, server1, min, oidc, dqe, or uviews), unconfigure the data collector before applying the Cloud APM server interim fix. See the Cloud APM Documentation for the Liberty data collector at this link:  https://www.ibm.com/docs/en/capmp/8.1.4?topic=environment-configuring-liberty-monitoring   

     The APM server interim fix updates Liberty to version 23.0.0.5.  If you want to configure the Liberty data collector again after the  Cloud APM server interim fix is installed, then ensure you are using a version of the data collector that supports Liberty version 23.0.0.5. 

     Also do not enable diagnostics or transaction tracking for the data collector since that may impact the Cloud APM server performance.  

6. If you have installed the Cloud APM WebSphere Applications agent to monitor the Cloud APM server Liberty processes, then unconfigure the data collector before installing the Cloud APM server interim fix. See the following Cloud APM Documentation topic for instructions on unconfiguring the data collector:  https://www.ibm.com/docs/en/capmp/8.1.4?topic=agents-websphere-applications-agent-unconfiguring-data-collector.

     The APM server interim fix updates Liberty to version 23.0.0.5. If your agent version does not support Liberty version 23.0.0.5, then upgrade the WebSphere Applications agent to the latest version, and then configure the updated data collector to monitor the Cloud APM server Liberty processes. See the following link to determine the minimum agent version required for Liberty version 23.0.0.5:  https://www.ibm.com/support/pages/node/879851

      Also do not enable diagnostics or transaction tracking for the WebSphere Applications agent since that may impact the Cloud APM server performance. 

Installing

Installing the IBM Cloud Application Performance Management Server update

1. As the root user, download 8.1.4.0-IBM-APM-SERVER-IF0014.tar from IBM Fix Central to a temporary local directory (for example, /tmp/IF14-patch) on the computer where you installed the Cloud APM server. The root user must have read/write access to the directory.
    
2. Check whether the <apm_install_dir>/ccm/fixes directory exists. If the directory exists, then enter the following command to get the list of Cloud APM server interim fixes that are already installed:
   
   ls server*


3. Enter the following command if the Cloud APM 8.1.4.0 IF0003 or later server interim fix is not already installed and agents are already connected: 
   
   <apm_install_dir>/kafka/bin/kafka-topics.sh --zookeeper 127.0.0.1:2181 --topic alarm.enriched.json --alter --config retention.ms=300000
    
   • Note: The command displays this message:
     
     WARNING: Altering topic configuration from this script has been deprecated and may be removed in future releases. Going forward, use kafka-configs.sh for this functionality.
     
     Updated config for topic "alarm.enriched.json".
      
   • If you see the message "kafka-run-class.sh: line 243: exec: java: not found", then enter the following command, and run the kafka-topics.sh script again:
     
     export JAVA_HOME=<apm_install_dir>/java/jre
4. Change your current directory to the download location.
   
   For example, cd /tmp/IF14-patch
    
5. Expand the archive file by using the following tar command.
   
   For example, tar -xf 8.1.4.0-IBM-APM-SERVER-IF0014.tar
    
6. Run the script, apmpatch.sh:
   
   cd 8.1.4.0-IBM-APM-SERVER-IF0014
./apmpatch.sh
7.  Review the final messages displayed by the apmpatch.sh script that lists the number of component patches that were installed successfully or that failed installation. If any component patches failed to install, then see Troubleshooting interim fix installation problems.
8. Wait a couple of minutes and then enter the following command if the Cloud APM 8.1.4.0 IF0003 or later server interim fix is not already installed and you had agents connected:
   
   <apm_install_dir>/kafka/bin/kafka-topics.sh --zookeeper 127.0.0.1:2181 --topic alarm.enriched.json --alter --config retention.ms=14400000 

      8a. Copy the <patch-install-directory>/patches/inst/scr/scr.tar file from the Cloud  APM server to a directory on the remote Db2 server.  Ensure the Db2 instance user has access to the   directory.  

    8b. Complete the following steps on the remote Db2 server:

     Note:  The  instructions below assume that

•  db2apm is the Db2 instance user for the Cloud APM databases. Replace db2apm with your Db2 instance user, if you are using a different instance user
•  /home/db2/tbsmdb is the directory where you installed the Cloud APM SCR database tools by using the setup-dbconfig-operating_system_64.bin when the databases were created. If you used the default path, /opt/IBM/tivoli/tbsmdb, or another path,  specify it in place of /home/db2/tbsmdb in  the instructions below.

    su - db2apm

         cd to the directory where you copied the scr.tar file

   tar -xvf scr.tar

   chmod 755 scr.sh 
   chmod 755 inst/scr/*.sh
   ./scr.sh PREPARE /home/db2apm/tbsmdb 2>&1 | tee scr-if8-prepare.out
   ./scr.sh INSTALL /home/db2apm/tbsmdb 2>&1 | tee scr-if8-install.out
   cd /home/db2apm/tbsmdb/bin
   ./tbsm_db.sh -s sc -U db2apm -f j

     Edit ../logs/db2_stdout.log and verify that there were no errors dropping the old functions, installing the jars, and creating the functions.

    Note:  The following error messages are displayed in the db2_stdout.log file as the new jar filenames do not exist yet.

--- CALL SQLJ.REMOVE_JAR( '<name>_apm_jar')
--- SQL20201N  The install, replace or remove of "TBSMUDF .<name>_APM_JAR" failed as the jar name is invalid.  SQLSTATE=46002

Additional information

The Secure Hash Algorithm 1 (SHA1) checksum of the image is as follows:
SHA1(8.1.4.0-IBM-APM-SERVER-IF0014.tar)= f1892e4786cda1bc4002d49840768a1e1147ae45

Image Contents 

The following files implement this fix:
- 8.1.4.0-IBM-APM-SERVER-IF0014.tar - For extracting patch files, use the tar utility

Extracting the above bundle (.tar) creates the following directory and patch files:

8.1.4.0-IBM-APM-SERVER-IF0014/
|-- apmpatch_functions
|-- apmpatch.sh
|-- msg
|-- nls_replace
|-- patches
|-- patch.properties

New Features

The following changes are included in IBM Cloud Application Performance Management 8.1.4.0 Interim Fix 14:

• Defect fixes, vulnerabilities fixes, and other stability improvements

The following problems are addressed by this interim fix.

• 147094 : As an APM Administrator, I want to test APM 8.1.4 with multiple Db2 versions to fix the DB2 vulnerabilities - (May 23)
• 147075: As an APM Server developer, I want to remediate log4j 2.3  jar files so that we have secure log4j version.
• 147170: PSIRT fixes for IBM WebSphere Liberty Server being used by APM Server
• 147156: PSIRT: (ADV0088146:PVR0446661)IBM SDK, Java Technology Edition Quarterly CPU - April 2023
• 147183: As an APM Server developer, I want to do address Critical Severity PVRs so that vulnerabilities get fixed.
• 147184: As an APM Server developer, I want to do address High Severity PVRs so that vulnerabilities get fixed.
• 146701: Authentication errors in IBM APM MongoDB
• 146669: APM v8.1.4 IF13 UI RBAC : Under "Individual User Editor",  none of the enabled roles are listed.
• 146646: APM SERVER 8.1.4 IF13 is installed but many Java Vulnerabilities amongst others are reported. (WebSphere liberty 22.0.0.3 vulnerable / log4j, etc..)
   

Enhancements included from previous interim fixes: 

• 130441: Allow multiple attributes to be mapped to the msg slot when configuring EIF slot customization for threshold definitions.
• 132432: Add ability to filter data on custom views by selecting the start date and time and the end date and time
• 133428: Provide a script to reconfigure the Cloud APM server if the Db2 database server hostname, database instance name, database port, or database names are changed after Cloud APM server installation.
• 134501: Allow Middleware transaction instance details to be saved for up to 24 hours
• 135163: Update Synthetic Script Manager UI  to support Selenium .side playback script

• amui-8.1.4.0.10.1 included from previous fix
• apmui-8.1.4.0.12 superseded by apmui-8.1.4.0.13
• ccm-scripts-8.1.4.0.12 superseded by ccm-scripts-8.1.4.0.13
• ccs-8.1.4.0.12 included from previous fix
• datalayer-8.1.4.0.1 included from previous interim fix
• data-layer-scripts-8.1.4.0.3 included from previous fix
• dbutils-8.1.4.0.4 included from previous fix
• dqe-1.2.0.8.4  included from previous interim fix
• ftma-8.1.4.0.1 included from previous interim fix
• ibmjava-8.1.4.0.11 superseded by ibmjava-8.1.4.0.14
• itmcdp-8.1.4.0.4 superseded by itmcdp-8.1.4.0.5
• itportal-8.1.4.0.9 included from previous fix
• kafka-8.1.4.0.5 included from previous fix
• ksy-8.1.4.0.1 included from previous interim fix
• liberty-22.0.0.3 superseded by liberty-23.0.0.5
• min-8.1.4.0.13 superseded by min-8.1.4.0.14
• oidc-8.1.4.0.10 included from previous interim fix
• omnibus-8.1.4.0.2 included from previous interim fix
• oslc-8.1.4.0.7 included from previous interim fix
• rbac-8.1.4.0.5 superseded by rbac-8.1.4.0.6
• scr-6.1.2.15.12 superseded by scr-6.1.2.15.13
• spark-8.1.4.0.2 superseded by spark-8.1.4.0.3
• synthetics_script_manager-01.00.05.09 included from previous interim fix
• topology-calculator-8.1.4.1.1 included from previous interim fix
• tt-8.1.4.0.6 included from previous fix
• txagent-08.13.00.01 included from previous interim fix
• uviews-8.1.4.0.13 superseded by uviews-8.1.4.0.14

• IJ00525: Attribute details tab is showing data for the wrong agent if the page errors out before loading the requested data
• IJ00816: User cannot access the Attribute Details page if their LDAP DN contains an apostrophe
• IJ00903: Support disaster recovery for customers who installed IBM Cloud APM, Private part numbers CNLA6ML or CNL8JML
• IJ01251: Subnodes are offline after an agent is restarted when there is an error when the APM server asks for the list of the agent's subnodes
• IJ01484: Event status may be stale on the APM UI Events tab
• IJ02251: Disaster recovery fails if the APM server locale is set to Italian
• IJ02411: Disaster recovery fails if the APM server is using a non-English locale
• IJ02492: WAS Agent Config UI page does not list the data collector version
• IJ02666: Custom EIF slots are not sent to OMNIbus if you add custom EIF slots and do not customize the msg slot
• IJ02849: SCR database table creation fails on remote DB2 server that is running RedHat 7.4
• IJ03983: Unable to log into APM UI if the user's LDAP distinguished name contains an ampersand character
• IJ04509: Undefined is displayed for the Threshold Manager UI dataset help text
• IJ04619: set_metrics_retension.sh may fail if the Cloud APM server has been upgraded from version 8.1.3 to 8.1.4 and get_metrics_retention.sh is called with the -retention CURRENT option prior to setting the retention metrics.
• IJ04710: Partitions in the datamart DB are not created if the delete partitions script performs a detach into the obsolete_data table when obsolete_data already exists
• IJ04990: Data provider error may occur after installing the Cloud APM 8.1.4.0 IF0003 server interim fix if custom UI root certificates does not have both of these properties: AuthorityKeyIdentifier and SubjectKeyIdentifier
• IJ05333: Role Based Access UI should not display My Transaction application since you cannot restrict access to that application
• IJ05478: The string "script" is not accepted in the Threshold Manager UI Execute command field.
• IJ05733: LTPA value in the user-exit.xml file is ignored
• IJ05771: Fix server1 out of memory error for topology calculator handling of aggregate application topology objects
• IJ05784: EIF slot customization of the msg slot is not performed correctly if the agent data set contains an attribute named msg or hostname.
• IJ05948: Events are not displayed in the APM UI Events tab or forwarded to Netcool OMNIbus if an event larger than 1 MB is received from an agent
• IJ06014: Non-ASCII characters are not accepted in the Threshold Manager EIF slot customization UI or in the Threshold description.
• IJ06418: The browser tab to accept the certificate for port 8093 appears even if the certificate has already been accepted
• IJ06430: APM server startup time is over 30 minutes if the LANG environment variable is not set to LANG=en_US.UTF-8
• IJ06493: Synthetic transactions cannot be deleted if they were added before Cloud APM server 8.1.4.0 Interim Fix 4 was applied.
• IJ06530: Backup fail if the SCR32 database backup fails due to timing issues and active database operations.
• IJ06774: APM UI dashboards may not display any applications after restarting the apmui service due to an initialization race condition.
• IJ06924: Thresholds are not distributed to subnodes if just the agent node is renamed but not the subnodes.
• IJ07289: Address Sweet32 vulnerability for the oslc service which listens on port 3661.
• IJ07290: restore.sh fails on the secondary APM server in a high availability environment if LDAP is configured.
• IJ07354: EIF slot customization does not handle %_Used attribute.
• IJ07374: Restrict Zookeeper to only listening for requests on localhost.
• IJ08160: Dashboard displays numeric values with wrong scale if the APM server locale is associated with a country where the comma character is used as the decimal separator.
• IJ08255: A user may not see applications assigned to their RBAC role because of naming string issues.
• IJ09577: The OS agent config page may fail to load if a SCR merge occurred and the managed system name is not available in the resulting Agent resource
• IJ10733: Japanese characters are corrupted on custom views
• IJ10735: Time period selection behavior in Custom View is different for Japanese locale vs English one
• IJ10938: Additional fix for the defect 133535 issue where APM UI dashboards may not display any applications after restarting the apmui service
• IJ11584: Error may occur when saving resource groups, thresholds, agent config changes or Synthetic playback scripts

• IJ12556: User Sessions and Worst by User widgets may not be displayed when you click on End User Transactions in the Cloud APM console and the Cloud APM Advanced offering is installed

• IV91330: Deleted agents appear in APM UI as offline after the agent has been removed from the APM server tables if the agents provided transaction tracking data

• IV98544: Disable usage of the JVM Shared Class Cache for the APM Liberty processes so that they will not crash if the cache becomes corrupted
• IV98547: Events status is stale in the APMUI intermittently
• IV98876: smapasswd.sh cannot reconfigure the oslc service if the CANDLEHOME environment variable is set to a path other than apm_server_home/oslc_pm
• IV98921: User cannot access the Attribute Details page if their LDAP DN contains a comma
• IJ11432: Threshold Management Service API does not validate the Match By property value  
• IJ14871 : DATAMART database dimension tables are not being cleaned up
• IJ14929 : CANNOT ADD A WEB APPLICATION TO AN APM APPLICATION IF THE WEB APPLICATION WAS IN A DELETED APM APPLICATION
• IJ15202: JAVA JMX SERVER INSECURE CONFIGURATION REMOTE CODE EXECUTION VULNERABILITY FOR ZOOKEEPER
• IJ15262 : SYNTHETIC PLAYBACK AGENT CANNOT SEND SYNTHETICS DATA WHEN CUSTOM CERTIFICATES ARE USED TO CONNECT TO THE APM SERVER
• IJ16660: THRESHOLD MANAGER UI "EDIT" AND "ADD" CONDITION INCORRECT CAPTIONS
• IJ22220:  Threshold Manager API does not return an error when a threshold update attempts to add another formula element since that operation is not supported in a threshold update
• IJ25107: Liberty OIDC applications cannot be configured to restrict HTTP methods
• IJ31847 APM UI CLICKJACKING VULNERABILITY, not sending X-Frame-Options.
• 48429: Do not prompt to overwrite a custom page if no changes were made
• 49643: After exporting a graph to PDF, the graph is not displaying proper
• 49644: Tooltips or values are not displayed when hovering over data points in line and area charts
• 49785: A space character is added before file extension when creating the filename for exported raw data
• 50169: Duplicate metrics appear in "Selected Metrics" list.
• 50170: Option to add another metrics should not be available after selecting the grid chart type.
• 50761: Custom view page name can be defined with special characters that are not supported
• 50762: The tooltip text for the custom view page name does not display the name correctly when a space character is included in the name
• 50810: Custom Views becoming unresponsive during or after running AppScan
• 50868: Custom views widget title is not updated when you delete a Metric row on the Select Metric window.
• 50897: When exporting a custom views graph to PDF, "No data found" and large data messages are shown above the widget name.
• 51264: A copy of existing custom view is created when clicking the Save button in Edit mode
• 51305: Fix issues for custom views metric element window
• 51319: Not able to delete a custom view when editing custom views
• 51326: Custom view grid chart image is displaying differently than other chart images
• 51832: Space required in messages while checking page height functionality in edit template mode of custom views.
• 51959: Dates in custom views calendar not updated if the dates are entered via text-field for custom interval.
• 52048: Fix discrepancy in date format in the displayed time frame values for custom views.
• 52049: Zero is getting appended in time frame in IE browser for custom views.
• 52067: If widget title contains javascript then Custom views page is blank.
• 52103: Fix issues in chart properties and in the edit template flow for custom views.
• 52362: Past dates are accepted in Custom Views text-field for Custom Interval and the filters are applied.
• 52816: Issue when default date is selected in Custom Views Date Filter after 12 am.
• 52997: A zero is getting appended in 1st Date of Month for Time Sections
• 53034: In Safari browser, while setting Data definition and Select Metrics, user needs to double click for selecting metrics values.
• 106214: Update configure_report_images.sh script prompt for the smadmin user password
• 113421: Prevent Cross-Site Request Forgery in RBAC API
• 117103: Invalid OS dashboard when drilling down from Tuxedo service dashboard
• 122496: The disable all option is not working for the threshold enablement advanced configuration property
• 122555: Custom views tab does not display area chart if the selected metrics have different time intervals
• 122567: If an agent is removed from Cloud APM server tables after being offline for 4 days (the default) and later comes online then its permissions for My Components may not be correct
• 122837: Fix screen resolution issues for graphs on the Custom Views tab
• 122916: Updated CCS error handling to ensure threads that create/update private situation files do not stop running
• 123072: When raw data is exported for a custom view, the file type should be .zip
• 123295: After saving a custom view and clicking on the Back button, the text for the Save and Back buttons is not displayed correctly
• 123423: Fix odd line connecting the last and first data points of a line graph on the Custom Views tab
• 123549: Not all graphs appear when you export a PDF from the Custom Views tab if there are long legends
• 123744: Need to click Application Performance dashboard link at least twice to see the dashboard page after the first login
• 123747: Charts may be blank intermittently on the Custom Views tab when using Internet Explorer
• 123773: The wrong view may be displayed when you select a favorite view on the Custom Views tab
• 123801: Custom Views tab is missing toolbar and title and header information when displayed using Safari browser on a Mac
• 123835: It is not intuitive how to exit the Custom Views Edit Template dialog.
• 123836: With Firefox browser version ESR 45, you cannot see the selected chart type when creating or editing custom views
• 123840: Handle unreconciled database instances.
• 123902: Custom views X and Y axis titles cannot have an unlimited character length
• 124000: Add a space before the resource instance name in the message displayed when saving a custom view
• 124057: Fix Authentication Bypass Using HTTP Verb Tampering vulnerabilities for the custom views tab
• 124058: Fix a Blind SQL Injection vulnerability for the Custom Views tab
• 124059: Fix a Missing Secure Attribute vulnerability for the Custom Views tab
• 124117: No content is displayed when displaying Cloud APM console dashboard pages in Dashboard Application Services Hub
• 124121: Prevent out of memory error in server1 if you create a custom view for a dataset that has a large quantity of data
• 124130: Cannot open Advanced Configuration panel with IE browser
• 124131: Prevent RBAC policies from being corrupted
• 124396: Prevent deadlock issue for SCR database
• 124400: Fix cross site scripting vulnerability for the Custom Views tab
• 124401: Fix Microsoft Windows MHTML cross site scripting vulnerability for the Custom Views tab
• 124402: The legend for a Custom views line graph does not display well if there are a large number of attributes in the graph
• 124403: Improve the performance of displaying the template types for a new custom view
• 124420: SCR threads may hang when the JDBC connection pool is exhausted
• 124438: A blank page is displayed on the Custom Views tab when the user is not re-authenticated
• 124543: Change way the threshold manager determines the group name so that the label is not used
• 124548: Custom Views tab disappears if user selects a time range comparison
• 124566: Improve response time of OSLC MOSWOS page while the oslc service is busy processing requests.
• 124567: oslc service should batch delete requests to the scr service
• 124610: May see login page and then the "Invalid Context" message on a custom view page if the Custom Views tab is selected after a period of inactivity on the Cloud APM console
• 124616: Custom views tab displays blank page after clicking on a template if the system running the browser does not have Internet access
• 124783: Fix Cross Site Scripting error in the Threshold Manager UI
• 124784: Fix SQL injection issue for resource group manager UI
• 124872: A user with no permissions to view applications and resources sees all resources in the My Components application
• 124912: Hybrid Gateway Manager UI may hang when editing a profile
• 124944: Custom Views metric attribute drop-down list is empty for SAP Instance and SAP System agents
• 124995: Updates to create_security_artifacts.sh for using a private certificate authority
• 125030: Agents visible to users who are not authorized to see them if the agent hostname is long
• 125131: In 10K agent environment, APMUI status queries take ~10 seconds, causing high APMUI, server1 and db2 utilization
• 125460: Updates to the min service JMX thresholds in the server_size.sh script
• 125566: Add index to DataMart table for performance improvements
• 125592: Add export to PDF option to Custom Views tab
• 125681: Adjust the Liberty data collector Heap dump widget length
• 125690: WAS agent sending AARS containing requestName and transactionName > 256 characters causes the MongoETL to crash and the DataMart ETL to fail
• 125753: Fix accessibility issues for visually impaired users on the Custom Views tab
• 125764: Resource Group API security Issue for SaaS - smadmin can be used externally to access the API for any subscription
• 125796: Prevent Authentication Bypass using HTTP Verb Tampering vulnerability for custom view pages
• 125797: Add Secure Attribute to Custom Views SSL cookie
• 126025: Prevent the oslc service from having cores related to garbage collection
• 126209: Global timestamp for an event should not be updated when the agent goes offline and back online
• 126307: Events should not be un-suspended if the thrunode has changed for a subnode and agent offline events should be generated when subnodes go offline but the agent is still online
• 126361: Update help for the SMTP advanced config properties
• 126375: Uninstall.sh does not always uncatalog databases
• 126707: Support DB2 10.5 FP9
• 126877: Transaction tracking data stops being written to the Datamart database for some Db2 errors
• 127045: After the APM server is upgraded from 8..1.3 to 8.1.4, the Hybrid Gateway cannot connect to the TEPS if the Hybrid Gateway is upgraded to 8.1.4 or a new Hybrid Gateway is connected to the APM server.
• 127181: Support AARs sizes larger than 2MB for Synthetic transactions
• 127182: Duplicate entries are added to the uviews/user-exit.xml after a restore if OIDC is disabled
• 127210: The About page for the Cloud APM console indicates the offering type is IBM Monitoring instead of Cloud APM Base after an upgrade.
• 127271: Online help updates
• 127363: Prevent SCR Derby errors that occur when SaaS subscriptions are provisioned
• 127378: Add additional SCR debug messages
• 127380: Synthetic scripts are not removed from an application when you delete the script from the application.
• 127394: Fix MongoDB queries that fail with Executor error: Overflow sort stage
• 127604: The min service may experience an out of memory error when processing a SDA jar file from an updated agent
• 128092: Cross-site scripting error in Hybrid Gateway Manager UI
• 128211: Fix typo in OMNIbus probe itm_apm_event.rules file for the SourceType slot
• 128233: Unresponsive script errors for a custom view that displays a high quantity of metric data
• 128240: Error message box pops up when click the location on Synthetic transaction details page
• 128252: Fix Cross-Site Scripting error in the Synthetics Script Manager UI
• 128327: No data in graph for a custom view that displays a high quantity of metric data
• 128442: Reorg tables and indexes for the SCR database
• 128444: Hybrid Gateway profiles cannot be saved if apmui TAI traces are enabled
• 128481: If an Agent Builder agent is upgraded or an agent patch is applied then an agent's summary group widget may not display data after a disaster recovery is performed.
• 128488: server1 out of memory error may occur after a large number of Threshold Manager, RBAC, or Resource Group Manager API calls
• 128540: The prefetch task of the min service may get restarted when there is a long DB2 database outage
• 128656: Hybrid Gateway Manager UI page may not load
• 128695: Group summary widget can display data after a disaster recovery if 8140 agent patches were applied or Agent Builder agents were updated when the APM 8.1.4.0 IF01 server patch was not applied
• 128782: Include msgid and correlid transaction properties provided by the MQ and IIB agents and transaction id property provided by the DataPower agent in a transaction instance topology to identify the specific transaction instance details
• 128789: Online help updates for the event status topic
• 128898: APM UI may not load completely in Internet Explorer 11
• 128931: The first time you select the Custom Views tab, you may see the message "This page can't be displayed" on Internet Explorer, "Content Encoding Error" on Firefox, or "The webpage at might be temporarily down" on Chrome
• 129037: Aggregate transaction topology may not include an agent if the agent's resources were removed and re-added and the oslc service erroneously determines that the agent is no longer connected to the APM server
• 129044: Update backup and restore scripts to return an error if a database cannot be backed up or restored
• 129060: White space utilization issue on APM UI Events tab
• 129096: The uviews.sh patch script needs to handle the case where SQL updates have already been applied/li>
• 129121: Online help updates for the Permissions topic
• 129126: Cannot delete custom resource groups from the UI
• 129175: Cannot remove threshold to resource group association
• 129268: Prevent out of memory errors in the min service when agents send a transaction name or request name longer than 256 characters
• 129363: Stop logging the KASPR032E message over and over again in the oslc service message log file
• 129432: The Custom Views filter selection drop-down list may not display all values for the selected metric
• 129442: Fix Blind SQL Injection vulnerability for the Threshold Manager UI
• 129462: Uplift to IBM Java 8.0.5.5 for security fixes
• 129505: Add a 1x1 template to the Custom Views tab
• 129530: Improve capability to select multiple attributes when creating or editing a custom view
• 129581: Cross site scripting vulnerability for the Threshold Manager UI and fix for an out of memory error
• 129603: The My Transactions application is missing from APMUI after restarting the APM server
• 129669: Agents cannot be added to applications if their resource type is changed
• 129707: Custom Views tab, exported PDF file, and exported raw data need improvements on displaying the date and time
• 129719: Online help updates for the Custom Views tab
• 129728: Provide the rescueDashboards.sh script to recover custom views that were created using the Cloud APM server 201707241336 build
• 129740: msgID property is missing for a MQ node in the aggregate application topology for a MQ destination queue in remote queue manager
• 129749: Database backup may fail if other applications connect to the database during the backup
• 129761: Agent offline events for subnodes are not cleared when the agent is restarted
• 129835: Fix cross-site request forgery for ccm/config/main/hybrid/gateway
• 129904: Long metric names are truncated in the custom views editor
• 129910: Improve the installation time of the uviews patch and eliminate the SQL error messages
• 129933: Cannot use Threshold Manager UI or Resource Group Manager UI if the browser timezone locale contain a dash
• 130176: The interim fix version number may be missing for subnode managed systems
• 130196: Cross site scripting vulnerability can occur when deleting applications
• 130218: Custom view tab may not work if there is no user activity on the tab for more than 30 minutes
• 130220: Event status online help updates for the timestamp and global timestamp field descriptions
• 130223: Change how the apmui service registers managed system attributes for resources so that unreconciliation can occur
• 130236: Nodejs data collector cannot connect to the Cloud APM server when it is configured to use HTTPS for data collector and agent communication
• 130264: Custom Views tab shows 'Invalid Context value' intermittently
• 130265: Upper half of Custom Views page is blank after removing a chart from a custom view
• 130268: Improve anomaly event description and provide link to Predictive Insights UI for an anomaly event
• 130311: Custom view metric selection may not be available for an agent builder agent
• 130333: Resource Group Manager UI hangs when editing a custom resource group if the internal group ID contains a dash character
• 130386: Improve wording of Custom View page where you select the chart type
• 130393: Improve the logic that displays a message if too many data points will be displayed for a custom view
• 130395: Values selected in a custom views WHERE condition should be preserved if user adds or removes metrics for the view
• 130396: Frequently used templates should be displayed first when creating a custom view
• 130397: Add less than and greater than options for the custom views Grid widget type
• 130398: Support a space, dashes and underscores in custom page names
• 130401: Apply Liberty APAR PI94351 for Missing Secure Attribute in Encrypted Session (SSL) Cookie oidcclient/redirect/rpoed
• 130404: Fix Cross-Site Request Forgery vulnerability for /com.ibm.smai.smccs.provider.proxy/rest/providers/itm.KD8/datasources/*
• 130405: Fix Cross-Site Request Forgery vulnerability for /config/pageThresholdEditor.jsp and ThresholdManager.jsp
• 130406: Cannot log into APM UI after a disaster recovery if the role admin user name contains a comma
• 130441: Allow multiple attributes to be mapped to the msg slot or custom slots in EIF Slot Customization dialog for the Threshold Manager UI
• 130454: Fix JavaScript Denial of Service for /datasets/sitdist/items
• 130470: Request Response Time chart may display the Data Not Available message when it is first displayed
• 130472: Fix security vulnerabilities for the Custom Views tab
• 130479: Online help updates for URL filtering functionality for Availability Monitoring
• 130485: Online help updates to the threshold formula description displayed on the Events tab
• 130488: Application widget event counts and status are not updating
• 130599: Advanced Config online help updates
• 130612: Response Time agent event may not appear in the APM UI if the event fires before the agent is added to an application
• 130621: More Custom views online help updates
• 130646: Improve performance of SCR database updates
• 130650: Change quiesce processing of the DB2 databases to temporarily revoke the DBADM privilege
• 130651: Certificate files in Liberty backup directories should not be included when running backup.sh
• 130704: Fix SQL Injection vulnerability using DECLARE, CAST and EXEC for /datasets/situation/items
• 130710: If an agent is removed from Cloud APM server tables after being offline for 4 days (the default) and later comes online then it may be missing from the Aggregate Transaction Topology
• 130734: Address Blind SQL Injection vulnerability for custom view requests
• 130735: Address Missing Secure Attribute in Encrypted Session (SSL) Cookie for logged-in (Cookie) for custom view requests
• 130736: Fix Missing Secure Attribute in Encrypted Session (SSL) Cookie for WAS_p909081250 cookie for custom view requests
• 130812: Uplift GSKit to version 8.0.50.86 to address a security vulnerability
• 130818: Backup or restore may fail if there are active database connections
• 130854: Fix deadlock issue in the APM UI component
• 130895: Subnode offline events may be closed when the min process is restarted even though the subnodes are still offline
• 130945: Display the correct product name on the About page for the Cloud APM SaaS offerings
• 130989: An error message may be displayed when a resource group is deleted even though the delete eventually succeeds
• 130991: Timing issue where events may not be displayed in the APM UI if the events are received by the APM UI component before it is notified that the agent is online
• 131009: GDPR fixes for the Synthetic Script Manager UI. Fix requires Synthetic Playback agent to be updated.
• 131110: Metrics added in an agent patch or for an updated Agent Builder agent are not available when creating or editing custom views
• 131154: Apply Liberty APAR PI88642 for a security vulnerability
• 131174: backup.sh script may fail if -q inst option is specified
• 131198: A user with permission to view an application and resource group sees more agents than they should in the My Components application
• 131199: Improve processing of incoming events and agent offline events when the min process is started
• 131247: If a transaction is running in public point of presence (POP) and testing an internal url which cannot be accessed from public PoPs, the status should be Failed, but the APMUI dashboard may indicate the status is Good.
• 131306: Update config variable to add KAL product code so that the agent resources can be added to an application
• 131312: Improve performance of My Components when querying for list of agents to display
• 131405: install_app_support.sh script fails if JAVA_HOME is not set in the environment or Java is not in the path
• 131451: get_metrics_retention.sh and set_metrics_retention.sh use hardcoded database name
• 131466: If threshold distributions are changed after a prolonged Db2 connection issue is resolved, the agents may not be notified of the distribution update
• 131478: The rename.sh script needs updates for DB2 10.5 Fix Pack 9
• 131500: Update online help index for each language when a new agent type connects to the Cloud APM server
• 131510: Add additional error handling to CCS for handling Db2 connection issues
• 131538: Threshold Manager Data Source Type label change for new agent type
• 131567: Events are sent to OMNIbus even if the threshold is configured to not forward events
• 131558: CURI data provider is comparing the absolute value for particular time parameter and ignoring the specified time zone
• 131593: Update Java to 8.0.5.10 for security vulnerability fixes
• 131596: Update SCR patch check for local vs remote Db2 2 so that the SCR patch install does not fail if the tbsmdb directory exists for a Cloud APM server using a remote Db2 server
• 131727: Fix null pointer exception for com.ibm.apmsaas.EnableSNPAggregation.process
• 131818: Request name column should be resizable for lightweight data collector and .Net agent diagnostics dashboards
• 131836: Close and stop events are forwarded to OMNIbus even if the threshold is configured to not forward events
• 131858: There is a difference in which events are displayed in the Events tab depending on how you select an instance in the APM Console
• 131890: backup.sh fails if CANDLEHOME environment variable is set
• 131901: Apply Liberty APAR PI94763 fix for security vulnerability and an additional fix in Apache Commons
• 131913: Online help updates to list the new characters that can be included in the page name for a custom view
• 131983: Online help updates to describe how to see new metrics for patched agents or agent builder agents when creating or modifying a custom view
• 131644: Add notification when EIF forwarding state is changed for a threshold
• 132103: Data provider error message is displayed when displaying event details on a mobile device
• 132138: Threshold Manager API returns the wrong agent type for the _uiThresholdType property if the agent product code if K07
• 132163: Display status of Warning instead of Unknown after the agent has been deleted from the APM server tables but is still in an application
• 132193: Cannot save or edit a customer view if you select an instance and select "*" in the condition
• 132213: Reduce the uviews patch installation time
• 132237: Support custom database names if the Cloud APM server has been installed and configured to use a remote Db2 server
• 132259: Restore.sh fails with error when updating the Java cacerts keystore if default UI certificates are used and root certificate serial number on the APM server does not match root certificate serial number in the backup file.
• 132261: Address security vulnerabilities for custom view pages
• 132286: com.ibm.tivoli.ccm.jmxthreshold property in the min/bootstrap.properties file is reset to 300 when applying a Cloud APM server interim fix
• 132310: A threshold with a single condition that has a regular expression does not show up in resource group manager editor for default resource group
• 132389: Online help cannot be displayed if the browser locale is set to Brazilian Portuguese
• 132432: Add ability to filter data on custom views by selecting the start date and time and the end date and time
• 132462: Data is not displayed for an application in the Response Time Monitoring agent reports if the application was deleted from the APM UI and then re-added.
• 132485: Custom views online help updates to document less than and greater than options for the grid widget
• 132502: Improve scr service stop handling if the database server has been down for several hours
• 132528: Apply Liberty PI92494 APAR fix for a security vulnerability
• 132253: Improve performance of duplicate managed system name checking
• 132638: Performance improvement to SCR queries to ensure that users see the correct number of components within applications.
• 132688: Eliminate harmless GTMCL5205E error message from the server1/logs/messages.log files.
• 132753: Add more logging to help debug a rare out of memory error for the min process
• 132773: An error may occur when saving a resource group if Cloud APM 8.1.4.0 Server Interim Fix 4 is installed.
• 132815: Prevent users from deleting the apmadmin@us.ibm.com and apmadmin from roles using the RBAC UI or RBAC API for Cloud APM SaaS subscriptions
• 132851: Change permissions of the RBAC policy files
• 132966: Resource group may not save if the resource group was created before upgrading from Cloud APM 8.1.3.0 to Cloud APM 8.1.4.0 and then interim fix 04 is applied.
• 132974: Update the Custom Views online help with a note indicating that 'Interpolation' is not supported as the of Cloud APM Server 8.1.4.0 Interim Fix 05.
• 133021: EIF slot customization UI should only support the Mapped Value Subtype when you select Number Type for the custom slot
• 133104: Update Tree Table Widget to support both resizable columns and row actions
• 133142: Cannot save an EIF custom slot if the Multiplier field contains a fraction
• 133196: apm command may not start a service if the apm start command is issued when the apm start cron is running
• 133197: Threshold API accepts a threshold name that contains a space.
• 133248: Transaction tracking events are not triggered after you run the db2_users_passwd.sh script, the Db2 server is remote, and you have a custom Db2 client install path.
• 133406: Increase max JVM heap space for the min service for small Cloud APM server environments.
• 133409: Address Cross-Site Request Forgery vulnerability for the Resource Group Manager UI.
• 133427: Improve apm command handling for start/stop issues related to the scr service.
• 133535: APM UI dashboards may not display any applications after restarting the apmui service if the apmui service is not able to retrieve the list of open events from the CURI DP component.
• 133410: Fix Cross-Site Request Forgery vulnerability for ITPortal/js URIs.
• 133426: Remove message that is logged if the User-Agent Header does not contain the IPADDRESS element since the element is not required.
• 133452: The ID column should not be displayed on the Request Instance diagnostic page.
• 133464: server1 out of memory error may occur after a large number of Threshold Manager, RBAC, or Resource Group Manager API calls for an Cloud APM SaaS subscription.
• 133532: Uplift Java to version 8.0.5.16 for security fixes.
• 133537: Configure Derby DB for the min service to only listen on localhost.
• 133560: Stack Trace group widget in Nodejs diagnose dashboard shows 'Failed to load data' message
• 133689: Restrict access to Kafka JMX port (9989) to localhost to minimize security exposures.
• 133917: scr stop processing may hang if JDBC connections to the SCR32 database are hanging.
• 133953: Address Cross-origin Resource Sharing: Arbitrary Origin Trusted security vulnerability for the apmui service
• 134033: min_config_restore.sh may not determine correct path for config.properties file when custom installation path is used for the Cloud APM server.
• 134132: server_size.sh script does not always detect memory size correctly
• 134157: event_server_config.xml file is corrupted if the min service rewrites the file for a config change.
• 134216: configure_server_address.sh script does not update configuration if desired config matches install.properties.
• 134239: backup.sh and restore.sh scripts need to support being run as the Db2 instance user on a remote Db2 server.
• 134253: OS agents may not appear in My Components and cannot be added to an application if a hypervisor agent is monitoring the VM and the hypervisor agent has been added to an application.
• 134255: restore.sh script fails with a XML parser error in apmui logs for the server-oauth2.tai.xml file if LDAP is configured before the restore script is run.
• 134277: scr restore is not successful in a high availability environment when the restore is run on the secondary Cloud APM server.
• 134339: Offline agent event for an OS agent should be displayed in My Components Event tab when the OS is also being monitored by a hypervisor agent.
• 134351: Transaction tracking events may not fire if txagent Datamart DB query matches more than 1000 rows
• 134368: SCR restore should not require Db2 instance password when the Db2 server is remote
• 134474: Agent SDA jar file upload may not be retried if an error occurs for the initial upload
• 134559: Cannot log into the APM UI after a restore if custom UI certificates are being used and the encrypted keystore password in the server.xml file contains a /
• 134571: Updates for handling SCR database deadlocks
• 134604: Scroll bars disappear from dashboard view when using Chrome
• 134614: Address Cross-origin Resource Sharing: Arbitrary Origin Trusted security vulnerability for the uviews service
• 134654: Uplift IBM Java to 8.0.5.21 for security fixes
• 134667: Allow SCR to be configured with IP addresses that should not have IPAddress resources created
• 134669: Close pure events early during an event storm
• 134720: Provide OSLC fixes that were included in the Cloud APM 8.1.4.0 IF03 server patch but were omitted in later server patches.
• 134751: Force rebuilding of the SCR database service tree tables when synthetic transaction relationships are cleaned up
• 134876: backup.sh may retrieve the wrong password for the smadmin user
• 134823: Custom views cannot be displayed in a Firefox private browser window. With the fix, you must set Tracking Protection to Never if you are using Firefox private browser window to access the Cloud APM console for a SaaS subscription.
• 134865: Events do not close for a threshold if the threshold API is used to remove the association between the threshold and a resource group
• 134889: Add additional logging to backup.sh and restore.sh for the database quiesce handling
• 134894: configure_server_address.sh script does not make updates if only the IP address is being changed
• 134931: ccs_backup.log file continually grows when there are frequent backups performed
• 134932: Restore fails in restore certificates script if you are using Cloud APM server 8.1.4.0 IF06 when you upgrade from Cloud APM 8.1.3 to 8.1.3 to APM 8.1.4
• 134990: SCR should remove agent resources from the internal ALL_AGENTS system group when an agent is removed from a system group
• 134991: Add more details to scrserver.log traces and add SCR query to return naming strings.
• 135024: Provide script to clean up multiple oslc providers in a APM high availability environment
• 135048: restore.sh script fails if the role admin LDAP DN contains a comma
• 135055: Custom views requests for a large amount of data may timeout and cause an out of memory error for the server1 service
• 135135: Alert Notification forwarder should honour the "Forward EIF event" threshold config setting
• 135169: Prevent over-reconciliation of database resources detected by transaction tracking
• 135263: Exporting a large amount of data from a custom view to a PDF file may cause an out of memory error for the uviews service
• 135270: Address External service interaction (DNS) security  vulnerability when the HTTP HOST header specifies a host other than the host for the Cloud APM server
• 135275: APMUI may not show that agents are online because of a null pointer exception
• 135351: EIF slot customization may fail if  MQ_Manager_Name is selected as a mapped attribute for the msg slot
• 135356: Replace the spark Kafka producer to improve performance and prevent spark out of memory errors
• 135388: Unable to edit thresholds if you upgrade from Cloud APM 8.1.3 directly to Cloud APM 8.1.4.0 Interim Fix 6 or 7 by performing a fresh install of 8.1.4.0, install interim fix 6 or 7 and then run the restore.sh script to perform the upgrade.
• 135414: The apm status command may display "ERROR: Improper list." for the oslc service status and the oslc service cannot be started.
• 135443: Apply Liberty  APAR PH03418 fix
• 135447 : Clickjacking vulnerability for the Advanced Configuration and Hybrid Gateway pages of the Cloud APM console
• 135448: Uplift Blaze to address reflected cross site scripting vulnerability for session lock page when OIDC is disabled
• 135505: restore.sh script should not display an error message on the console if mongodb config does not exist in the backup file
• 135521: If EIF slot customization is used to customize the msg slot and the first Mapped Attribute does not have a corresponding Literal value then the mapped attribute is not included in events
• 135528: If two different agents report the same subnode managed system then the subnode may be reported as offline or invalid on the APM UI
• 135540: If EIF slot customization is used to customize the msg slot and a Mapped Attribute name contains % or /  or is named msg or hostname then the mapped attribute is not included in events
• 135551: SCR API tables are not always cleaned up and that may cause Db2 transaction log to get full for the SCR database135609: Uplift Java to 8.0.5.25 for security fixes
• 135747: Threshold Manager API may report an internal server error when a threshold is created
• 135836: SCR should prioritize resource group updates to improve performance
• 135980: CCS initialization in server1 may deadlock and CCS will not learn about new resource groups and agents
• 136011: Truncation error exceptions are logged in the server1 messages.log file if an event's display item value exceeds 128 characters.
• 136014: Update the Db2 JDBC driver used by the scr component
• 136080: Cannot view or edit a role in the Role Based Access Control UI page if the role description contains a line feed
• 136209: db2_users_passwd.sh script fails to change password in txagent config if hostname command returns fully qualified name
• 136315 : The oslc service should limit the number of database rows that it queries to prevent server1 out of memory errors
• 136327: Clean up orphan ServiceInstance resources in the SCR database and fix incorrect reconciliation of SoftwareModule resources in the SCR database
• 136372: CCS is not setting the port number in the HTTP Host header for DELETE requests for the Agent Configuration UI page.
• 136441: EIF slots should have an empty string value if the slot does not have a value.
• 136452 : Uplift Liberty to version 19.0.0.2 for security fixes
• 136504: Stop sending events with suspended status to Alert Notification and Cloud Event Management since those products do not support the suspended status.
• 136549: Add more files to collectLogs.sh output
• 136604: Provide scripts to change the Cloud APM Db2 UDF names to support co-existence with the IBM Tivoli Business Service Manager databases on a remote Db2 server
• 136644: Ensure that multiple DELETEs are not issued for the same PATH resource in the SCR database
• 136834: Resource Group API may return a HTTP 404 error for some agents when the API is used to add the agents to a custom group.
• 137002: db_common.sh script should handle case where db2apm is in the root group
• 137141: Clean up  topology PATH records in the SCR database
• 137078: restore.sh script fails with XML parsing error if the role admin LDAP distinguished name contains & 
• 137169: Custom retention periods for the WAREHOUS database are lost if an upgraded agent has new or changed tables
• 137193: Apply Liberty APAR  PH07036 fix
• 137326: Update Java patch to remove set -x debugging of Java certificate updates
• 137355: Apply Liberty APAR PH03640 fix
• 137408: Clickjacking vulnerability  fix for apmui and itportal URIs
• 137411 : Clickjacking vulnerability for the Synthetic Script Manager UI
• 137420: When no realm has been explicitly defined for the primary realm in federated registries, a NullPointerException may be encountered in WebSphere Liberty when making calls to the UserRegistry
• 137526: Add additional SCR logging to help with troubleshooting
• 137754: SCR service should prevent database corruption for a high availability environment where the scr service on both APM servers are concurrently accessing the same database
• 137409: Clickjacking vulnerability for Threshold Manager UI and Resource Group Manager UI
• 137410 : Clickjacking vulnerability for Custom Views UI
• 137567: Apply fix for Open Liberty issue OLGH7614
• 137655: Improve memory management for custom views requests to server1
• 137672: Custom view tab does not time out at the configured interval if you disable OIDC and increase the LTPA time out value
• 137708: Update collectLogs.sh to include additional information
• 137731: Ignore EIF events that are being looped back to the APM server and ignore tmzdiff slot if it is null
• 137732: Do not re-send open events to Alert Notification or Cloud Event Management when an agent is marked online and  the agent has not sent a master reset event
• 137773: Uplift to Java version 8.0.5.35 for security fixes
• 137832: Cannot select a user on the RBAC UI and assign the user to a role if the username contains an apostrophe
• 137899: Transaction tracking data stops being processed if the AAR userid property contains UTF-8 encoded characters
• 137933: May see Data Provider error in Transaction Instances table if the system config service is started after the transaction tracking UI service
• 137960: Remove jquery from transaction tracking
• 137970: Page may freeze when configuring the second widget of a custom view
• 138054: If the Synthetic Script Manager  UI is used to update Synthetic Scripts and the updates are made quickly then all of the changes may not be reflected in the scripts used by the Synthetic Playback agent.
• 138088: Synthetics code should not log the MongoDB password in the clear
• 138208: Add NTLM support to the Synthetic Script Manager UI
• 138240: WebSphere MQ and IIB software server resources are reconciling in the SCR database when the MQ queue manager name and broker name are the same and this may cause SCR database performance issues
• 138287: Custom view created by a user may not be saved when you navigate away from the page
• 138399:  Log file monitoring events do not appear in the Events tab of the My Components application when you select the application name or select the OS agent component type in the groups section of the dashboard navigator.
• 138559: On a tablet browser, user is logged out if they click on End User Transaction or open event details
• 138564: Clickjacking vulnerability for online help pages
• 138695: Clickjacking vulnerability for APM UI login page
• 138733: Do not send suspend events and emails to Netcool/OMNIbus and a SMTP server when an agent is marked offline
• 138817: backup.sh script fails if the administrator userid password contains the %  and { characters
• 138850: restore.sh may fail when OIDC is disabled if the configureConsole_ltpasso.sh tries to connect to the apmui service before it has finished initialization
• 138931: A subset of applications may appear when you run the Response Time agent reports
• 138989: APM UI displays a data provider error message in the transaction details dashboard when transaction name contains non-ASCII characters
• 139031: Custom views tab cannot be accessed if the APM server is configured to use the IP address to access custom views
• 139035: Allow any port to be configured on the Advanced Configuration UI page for the SMTP port and the SSL SMTP port 
• 139042: Prevent a CTRL-C character from being included in a threshold description
• 139052: Transaction tracking dashboards cannot be displayed for a transaction name that includes the & character
• 139393:  IBM Java patch does not update Java cacerts keystore if the LANG environment variable is not set to English
• 139430:  server_size.sh script settings are not consistent for a small environment
• 139456: backup.sh, restore.sh and rename.sh scripts may revoke privileges for itmuser if an offline Db2 backup fails
• 139476: Liberty uplift should not change the date and time of APM files under the wlp directory structure 
• 139733: Provide .sql and gateway mapping files that support a multitiered Netcool/OMNIbus architecture 
• 139759: Uplift Liberty to version 19.0.0.12 for security fixes
• 139761: db2_users_passwd.sh does not display an error message if there is a problem with the password value
• 139806: configure_agent_images.sh script should display warning message if configuring a package for an agent platform for which there is no configured agent core framework package
• 139847: Uplift netty for security fixes
• 139868: Network Error is displayed in the APM UI if the apmui service encounters a timing issue where the server1 alarm service is slow to start
• 139999: For custom views, the   "Set Conditions for metric group " option is not saved correctly 
• 140071: An APM agent that has been renamed may still appear in My Components if the new agent name is the same as the old name except for the case of the letters  and the agent is sending transaction tracking data to the APM sever
• 140175: Fix an open redirect vulnerability with the APM UI logout page
• 140474: Updates to Datamart DB clean up scripts to control number of rows that are pruned and to provide feedback on whether the clean up can be enabled without help from IBM
• 140496:  smadmin password should not be logged in the clear in the apmui logs
• 140497: dbutils should not log passwords in the clear
• 140613: Fix apmui timing startup issue where NodeManager does not initialize
• 140683: Require authentication to access JMX for the Kafka Zookeeper process
• 140692: Threshold Manager API should not require a value for the matchBy property
• 140719: apmui service may encounter an out of memory exception after restarting the Eclipse Help Server with updated help files from multiple agents
• 140831: Apply Liberty APAR PH19528 fix for Liberty 19.0.0.12
• 140832:  Uplift Java to version 8.0.6.5 for security fixes
• 140834: Apply Liberty APAR PH19989 fix for Liberty 19.0.0.12
• 140871: Prevent out of memory error for the min service if agents only send heartbeat requests and never send a solicit request
• 140903: WAS agent TCR reports do not show any data after January 1, 2020
• 141067: update_db_config.sh cannot update the *_te.cfg file when the hostname command returns a fully qualified hostname
• 141169:  New database partitions are not created in the DATAMART database if the itmuser password contains special characters
• 141490: Uplift to Liberty version 20.0.0.8 to pick up Liberty security fixes
• 141253:  The Transaction Tracking Instance Details widget does not display data if you select the bar for the last 5 minutes of an hour in the Transaction Volume widget
• 141585:  Update the min service to discard agent data if the WRITETIME value is from more than 24 hours ago 
• 141694: Threshold API delete requests fail when the HTTP POST method and X-HTTP-Method-Override header are used
• 141780:  Include the Liberty APAR PH24154 fix for the Identity spoofing vulnerability
• 141798: Convert unicode characters in agent events to UTF-8
• 141809: Fix Cross Site Request Forgery vulnerability for the Threshold Manager UI
• 141813:  Create a custom message for the  "Root context not found" error  for the min, server1, and apmui services
• 141929: Perform run-time URL validation of the Cloud Event Manager Webhook config value and the Alert Notification API Endpoint config value
• 141933:  Fix the Cacheable HTTPs Response vulnerability for the Advanced Configuration UI page, Hybrid Gateway Manager UI page, and Agent Config base UI page
• 141934: Fix Cacheable HTTPs Response vulnerability for APM UI and ITPortal
• 142064: SCR will batch outstanding resource deletes together to improve performance of handling the SCR API queue
• 142226: Prevent an exception in the min service if a managed system name contains a space character
• 142311: VMWare ESX server managed systems may not appear in the My Components application
• 142321:  The Threshold API cannot be used to create or update a threshold if the threshold formula includes an attribute that cannot be displayed on the Attribute Details dashboard tab or on the Custom Views dashboard tab
• 142545: Fix the Cacheable HTTPs Response vulnerability for the Threshold Manager UI and the Resource Group Manager UI 
• 142546: Fix the Cacheable HTTPs Response, content spoofing, and Clickjacking vulnerabilities and enforce supported HTTP methods for the RBAC UI
• 142547: Enforce the supported HTTP methods for APM UI and ITPortal
• 142548: Fix the Cacheable HTTPs Response vulnerability and content spoofing vulnerability and enforce the supported HTTP methods for Custom Views
• 142549:  Fix the content spoofing vulnerability and enforce supported HTTP methods for the Advanced Configuration UI, Hybrid Gateway Manager UI, and main Agent Configuration page
• 142550:  Fix the content spoofing and cacheable HTTPS response vulnerabilities for the Synthetic Script Manager UI
• 142551: Prevent content spoofing and enforce the supported HTTP methods for the Resource Group Manager UI and Threshold Manager UI
• 142552: Prevent content spoofing and enforce the supported HTTP methods for the APM UI online help.
• 142612:  Remove duplicate delete records in the SCR API queue
  142613:  SCR reconciliation records are missing for resources with a registration record
• 142641:  The "Failed to fetch data from server" message is displayed when selecting Threshold Manager on the Cloud APM console if the user's LDAP DN contains non-ASCII characters
• 142650: Thresholds created and distributed to resource groups using the Threshold Manager API are not monitored by the agents if the user who created and distributed the threshold has an internal userid longer than 32 characters. 
• 142653:  The aggregate transaction topology  may be truncated after the browser window is re-sized.
• 142679: Update collectLogs.sh script to collect additional files
• 142683: Change the max value of the Missed Poll Limit (Fast Heart Beat) config property to be consistent with the max value for the  Missed Poll Limit (Slow Heart Beat) config property
• 142704: Fix the content spoofing vulnerability and enforce the supported HTTP methods for the oidc service
• 142766: Uplift to Java 8.0.6.15
• 142771: Change the tracing level for a message in the PrefetchBatchInsert class
• 143047: The Threshold Manager API should display a user friendly error message if a threshold is created when the ccs component has not finished dataset  initialization. 
• 143071:  An option to specify an agent name was added to the scroslcposter.sh script 
• 143088: A threshold is not updated by the Threshold Manager UI if you delete a leading or embedded space from a condition string when a Regex operator is selected or the condition attribute is the Process Filter attribute for an OS agent and no other changes are made to the threshold.
• 143405:  The restore.sh and db2_users_passwd.sh scripts are truncating Db2 HADR URLs in config files. Also the roleadmin.sh script was added so that the LDAP user password does not have to be specified with the backup.sh and restore.sh scripts.
• 143412: Add a hidden system config setting to allow APM server hostname to be sent for the apm_hostname EIF event slot instead of using the hostname override advanced config property value
• 143576: Prevent the Cloud APM console password from being submitted in a HTTP GET request
• 143593: Remove password messages in the backup and restore logs
• 143623:  The Cloud APM console login page should support passwords that are up to 80 characters in length
• 143979: The Threshold API does not return an error if the matchBy value specified the long format of a dataset name and attribute when the attribute is not a valid display item.
• 142064: SCR performance improvement
• 143019: Liberty responds with a stack trace to requests sent to invalid application URLs.
• 143350: server_size.sh usage statement does not list size options.
• 143515: Uplift Java 8 to 8.0.6.26 for security fixes.
• 143523: ActiveMQ could use up all of the server1 heap.
• 143574: Validate MongoDB hostname entered on Advance Config page.
• 143682: APM_restore.sh script looks at older messages*.log files so in an HA set up, restores.sh can time out.
• 143867: Problem returning a custom 401 error page.
• 143910: Synthetic Transaction issue
• 143996: server_size.sh script update for custom views process.
• 144026: Problem getting the AIX Monitor MPIO Path Status attribute mapped via EIF Mapping.
• 144082: Inconsistent processing of Application and Resource Group updates
• 144142: Improper or Missing SameSite attributes on Liberty Cookies.
• 144143: Improper or Missing SameSite attributes on Dashboard and ITPortal cookies.
• 144145: Missing or Insecure headers in Blaze responses.
• 144158: The /ccmDashboard/common/setSessionVar.jsp content could be cached by a browser.
• 144159: The /Geolocation/tab/definition.jsp content could be cached by a browser.
• 144160: X-Powered-By: Servlet/3.0 is sent on each response which provides information on the application infrastructure.
• 144161: Uviews APIs return the X-Powered-By: Servlet/3.0 header, which is a TMI vulnerability.
• 144166: Missing or insecure headers on multiple APM URIs.
• 144171: Pure events are not closing.
• 144192: Availability Monitoring uplift of Node.js to 16.6.1.0 for security fixes.
• 144259: APM Email notification not working.
• 144314: Invalid data conversion causing Datamart ETL restarts.
• 144598: Potential Clickjacking and cached content involving the Agent Config UI pages.
• 144968: SCR Slowdown.
• 145217: APM Custom Views don't show login.ibm.com for some users.
• 145261: Uplift Liberty to 21.0.0.9 + PH39418 for security fixes.
• 144890: APM hung IF upgrade loses Liberty customization.
• 145052: HTTP Agent and Response time agent not showing up in APM dashboard.
• 145441: java.io.FileNotFoundException: errors in oedEngine.log file.
• 145464: Security vulnerability in Apache log4j (CVE-2021-44228) - CCS.
• 145582: An error occurred updating the role assignments - RBAC - Request Error: Unable to load /1.0/authzn/roles/apmAdmin/users status: 500.
• 145755: IBM WebSphere Application Server Liberty is vulnerable to remote code execution due to Dojo·
• 145757: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2021 - Includes Oracle October 2021 CPU (minus CVE-2021-35550/35561/35603) plus CVE-2021-41035·
• 145758: WebSphere Application Server Liberty is vulnerable to LDAP Injection.
• 145759: IBM SDK, Java Technology Edition CVE-2021-35550.
• 145785: Security vulnerability in Apache log4j (CVE-2021-4104) - SCR Family.
• 145786: Security vulnerability in Apache log4j (CVE-2021-4104) - Spark Apps·
• 145787: Security vulnerability in Apache log4j (CVE-2021-4104) - Data Provider.
• 145788: Security vulnerability in Apache log4j (CVE-2021-4104) - Custom Views.
• 145789: Security vulnerability in Apache log4j (CVE-2021-4104) - Event Manager.
• 145979: Clean up server-vhosts.xml for UVIEWS.
• 146028: OIDC Server needs to send X-Content-Type-Options and X-XSS-Protection.
• 146029: ServletFilter needs to add XFO filter to ITPortal application.
• 146295: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2022 - Includes Oracle April 2022 CPU (minus CVE-2022-21426).
• 146381: Custom views don't work after IF13 upgrade from IF12 with LDAP and OIDC disabled.
• 146449: Remediate the Kafka log4j 1.x jar file.
• 146492: apmpatch.sh script is looking for log4j when used with -force option.
• 146495: Remove the log1.x jar from the shared/bundles directory.
• 146502: IBM WebSphere Application Server Liberty is vulnerable to Identity Spoofing.
• 146534: Remediate the Kafka log4j 1.x jar file that's inside of the smai kafka shared bundle.