IBM Support

Readme for IBM Business Automation Workflow on containers 23.0.2 interim fixes

Fix Readme


Abstract

This readme is for IBM Business Automation Workflow on containers 23.0.2 interim fixes released periodically to resolve security vulnerabilities, as well as other defects. It includes information about the CASE package download, installation, and other information about interim fixes for the 23.0.2 release.

Content

Readme file for IBM Business Automation Workflow on containers
Product release 23.0.2
Publication date 1 February 2024

Contents

Prerequisites and superseding fixes

  • Each interim fix typically supersedes all other previous interim fixes shipped for 23.0.2, and compliments a simultaneously delivered interim fix for IBM Cloud Pak for Business Automation 23.0.2. Consult the following table for specific relationships.
  • Business Automation Workflow on containers delivers container images that include operating system level and other open source libraries. Vulnerabilities (CVEs) for these libraries are published regularly. These interim fixes include fixes for these libraries. Consult the superseded and related Cloud Pak for Business Automation 23.0.2 Readmes for specific information about vulnerabilities and other defects that have been addressed.
Business Automation Workflow on containers interim fixes
Interim fix name Superseded interim fix names CASE package Complimentary Cloud Pak for Business Automation interim fix name Released
23.0.2 IF006 See note (*) below ibm-cs-bawautomation-2.6.6.tgz 23.0.2 IF006 June 2024
23.0.2 IF005 See note (*) below ibm-cs-bawautomation-2.6.5.tgz 23.0.2 IF005 May 2024
23.0.2 IF004 See note (*) below ibm-cs-bawautomation-2.6.4.tgz 23.0.2 IF004 April 2024
23.0.2 IF003 See note (*) below ibm-cs-bawautomation-2.6.3.tgz 23.0.2 IF003 March  2024
23.0.2 IF002 * Note: All previous interim fixes listed in this table ibm-cs-bawautomation-2.6.2.tgz 23.0.2 IF002 February 2024
23.0.2 IF001 None ibm-cs-bawautomation-2.6.1.tgz 23.0.2 IF001 January 2024
The previous table is chronologically listed in reverse order, with more recent fixes listed at the top.

Components impacted

Before installation

a. Ensure you back up all databases associated with the environment.
b. Ensure your operators are in a healthy state before upgrading.
If one or more operators are failing, the system might be prevented from completing an upgrade. Check a few of the important custom resource (CR) statuses for failures and to ensure the statuses appear ready for the various installed components.
Check the status of the following CRs when they exist:
oc get icp4acluster -o yaml

Installing the interim fix

Important:  Using individual image tag settings in your Business Automation Workflow CR file could prevent the operator from updating the images to the appropriate version. When you upgrade, ensure you remove these settings for a production installation.
Use the CASE package that is associated with the interim fix being applied. It is typically recommended that the latest interim fix be applied. To identify the appropriate CASE package, as well as links to obtain each package, see the table under Prerequisites and superseding fixes.
Business Automation Workflow 23.0.2 interim fixes are released to the v23.1 operator channel. After the operator is upgraded, rolling updates for all the pods the operator manages are triggered to ensure they are updated to the appropriate version that matches the operator.
If your environment has access to the IBM entitled registry and has an automatic v23.1 channel subscription, enterprise installations are upgraded automatically. This upgrade usually occurs when the interim fix is released or when images are mirrored for air-gap setup.

Depending on the current setup and state of your existing environment, various manual actions might be required. The following scenarios cover what actions might be needed for a particular setup.
  • Scenario 1: Your installation is version 21.0.2.x or earlier.
    Actions: If you are using a version earlier than 21.0.3, you must upgrade first. To upgrade your environment, follow the Upgrading automation containers instructions.
    When you perform the upgrade, you can substitute the CASE package from this interim fix for the 22.0.2 CASE package while you follow the instructions. For air-gapped environments, you can use the case save command in step 1 of scenario 3.
    Note: If you are using versions that are earlier than 21.0.2, you must incrementally upgrade and follow the instructions for each version between your source version and 22.0.2.
  •  Scenario 2:  Your installation is online and 22.0.2.x.
    Actions: After these steps are completed, the operators are automatically upgraded.
    You can apply the following catalog sources from a command line by creating a YAML file (for example, cp4ba_catalog_sources.yaml) with the following catalog sources and performing "oc apply -f cp4ba_catalog_sources.yaml", or you can apply the catalog sources by using the OCP console. 
    apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: ibm-operator-catalog
  namespace: openshift-marketplace
spec:
  displayName: "IBM Operator Catalog"
  image: icr.io/cpopen/ibm-operator-catalog
  publisher: IBM
  sourceType: grpc
  updateStrategy:
    registryPoll:
      interval: 45m
  • Scenario 3:  Your installation is air gapped and 22.0.2.x.
    1. Set up the environment variables for CASE, taking 22.0.2-IF001 as example:
      • export CASE_NAME=ibm-cs-bawautomation 
      • export OFFLINEDIR=/tmp/cp4ba2202-if001
      • export CASE_VERSION=2.4.2
      • export CASE_INVENTORY_SETUP=cp4aOperatorSetup 
      • export CASE_ARCHIVE=${CASE_NAME}/${CASE_VERSION}/${CASE_NAME}-${CASE_VERSION}.tgz 
      • export CASE_LOCAL_PATH=${OFFLINEDIR}/${CASE_ARCHIVE}
      Note: The values are specific to the interim fix, for instance, the value for CASE_VERSION, however, you can choose a different empty directory for the OFFLINEDIR if you need to put the files somewhere else.
    2. Download the Cloud Pak archives and image inventory, and put them in the offline store 
      cloudctl case save \
  --case https://github.com/IBM/cloud-pak/raw/master/repo/case/${CASE_ARCHIVE} \
  --outputdir ${OFFLINEDIR}
      and then unpack the case file:  
      cd ${OFFLINEDIR}
tar -xvzf ${CASE_ARCHIVE}
cd cert-kubernetes
    3. Mirror images to trigger the operator upgrades. 
    4. Mirror the entitled registry images to the local registry by completing the same steps you followed during installation. For more information, see Mirroring images to the private registry.
      Important: Ensure you use the CASE image outputdir (/tmp/cp4ba-241) from step 1.
    5. If you have subscriptions set to manual, you must approve all the pending operator updates. 
      Important: Do not set subscriptions to manual because it can make the the upgrade more error prone if some of the many operator updates are not approved. By default all subscriptions are set to automatic.
After the operators are upgraded, the upgrade of the related deployments and pods is triggered.

Performing the necessary tasks after installation

Review the installation
Review the CR yaml status section and operator logs after the upgrade to ensure no failures prevented your pods from upgrading.
oc get icp4acluster -o yaml > CP4BAconfig.yaml
oc logs deployment/ibm-cp4a-operator -c operator > operator.log
To verify the expected image digest for a particular image, review the ibm-cp-automation\inventory\cp4aOperatorSdk\resources.yaml file in the CASE package. This file has a listing of the images managed by the Cloud Pak for Business Automation operator and their expected digest for this particular interim fix level.

Uninstalling

There is no procedure to uninstall the interim fix.

List of fixes

The following APARs are specific to Business Automation Workflow on containers. Depending on the components and capabilities you installed and configured, additional fix information might apply to you. See the "List of Fixes" in the readmes linked under Complimentary Cloud Pak for Business Automation interim fixes in the Prerequisites and superseding fixes section in this document. These readmes detail vulnerability fixes shipped with interim fixes for included operating system level and other open source libraries. The fixes below are also listed in those readmes, but they are also listed here as a convenience.
Fixes that involve security are indicated with an X mark.
Business Automation Workflow
23.0.2 IF006
Known Issue Security APAR Behavior change Title
DT378898 X SECURITY - CVEs in common-compress affecting BAW Case
DT386834 X CVE-2023-33008 in BAStudio and Workflow Authoring image
DT381304 Event Manager task fails with CWLLG0178E due to java.lang.NumberFormatException: Infinite or NaN\
DT383214 Get a Confirmation message when closing a case in Case Detail page or when closing a work item in Work Details page without having any updates done on the page.
DT383336 Case client generates CDEWG3401 The following view definition cannot be found: CaseSearchView error
DT386239 'Modify permissions for roles' abnormal behavior with checkboxes for Security configuration of a case solution
DT386902 DATA OUT OF SYNC ERROR WHEN USING MSSQL DATABASE TO SAVE A PROCESS WITH AN INTERMEDIATE MESSAGE EVENT IN PROCESS DESIGNER
DT387073 UNABLE TO COPY AND PASTE SUBPROCESS IN WEB PROCESS DESIGNER
23.0.2 IF005
Known Issue Security APAR Behavior change Title
DT380148 X Multiple vulnerabilities in jetty
DT378426 X CVE-2024-31033 IN JJWT MAY AFFECT IBM BUSINESS AUTOMATION WORKFLOW
DT380377 X CVEs impact angular.js 1.8.3
DT257035 WHEN YOU VIEW A TASK OF A PROCESS INSTANCE WITH A LARGE EXECUTION TREE IN THE PROCESS INSPECTOR AND YOU TRY TO SEARCH INSTANCES, YOU MAY NOTICE THAT THE BROWSER TAKES A LONG TIME TO RENDER
DT258393 DISABLED UNDERCOVER AGENT(UCA) REMAINS SCHEDULED AND TRIGGERED FROM THE EVENT MANAGER MONITOR PAGE IN PROCESS ADMIN CONSOLE
DT276219 Calling direct URL for a document in the internal document store without an active session fails when redirecting to login page
DT364148 Issue with validation logic used to for the data mappings within a client-side human service
DT378333 INCORRENT VALIDATION ERROR OF SCRIPT EXPRESSIONS IN DATA MAPPING
DT378976 Data mapping ''Variable creation'' wizard does not contain header row
DT379120 BUSINESS AUTOMATION WORKFLOW FAILS TO NOTIFY THE CONTENT PLATFORM ENGINE ABOUT CHANGES IN THE PROCESS INSTANCE STATUS
DT379128 BAW Case eventhandler generates a could not send message error when multiple threads simultaneously tries to create a number of cases, processes and properties update
DT379171 Missing double quote for variable ${MIG_PROP_TEMP} in case-migrate-cp4a-deployment.sh script (line number 47)
DT379172 saveCaseProperties JSAPI is incorrectly saving and unescaping JSON value(s) for a property of type List
DT380227 NO DATA IS RETURNED IN 'DATA' FIELD WITHIN THE XML RESPONSE WHEN CALLING THE WEBAPISERVICE METHOD GETTASK
DT380410 You get a blank page when you open a task in a Client Side Human Service
DT380668 Processed sequence numbers are not in sync in Case Event Emitter when other node takes the lease for processing on a multi node cluster
DT381173 Allow names of properties in Case solutions to contain special characters such as '-', '/', '#', ')' and '('
DT381262 Issue with JavaScript validation of client-side scripts
DT381334 CMIS API getTypeDescendants() takes over 60 seconds to complete, 'totalTranLifetimeTimeout' also has to be extended
DT381419 THE TW_ADMINS PRIVILEGE IS REQUIRED TO MANAGE EXPOSED PROCESS VALUES IN BUSINESS AUTOMATION WORKFLOW V23.0.2
23.0.2 IF004
Known Issue Security APAR Behavior change Title
DT276385 Coaches toolkit unable to show Swedish message for empty tables
DT276464 Legacy Specific Solution Import from bawadmin desktop is failing
DT277101 SAVED SEARCH ACCELERATION TOOLS NOT WORKING PROPERLY IN SOME CONDITIONS WHEN USING MSSQL DATABASE
DT363626 You get a blank page when you open an application in Desktop Process Designer
DT364060 IBM Business Automation Workflow Date time pickers formats dates wrong
DT365164 FIRST LOAD OF SNAPSHOTS IN THE INSTALLED APPS PAGE OF THE PROCESS ADMIN CONSOLE CAN BE SLOW
DT365990 YOU CANNOT USE A PERCENT-ENCODED STRING TO SET THE 'PORTAL DEFAULT PAGE' USER ATTRIBUTE IN THE PROCESS ADMIN CONSOLE ->BULK USER ATTRIBUTE ASSIGNMENT PAGE
23.0.2 IF003
Known Issue Security APAR Behavior change Title
DT247523 X CVE-2023-50959 - INTRODUCING ECM QUERY AUTHORIZATION SERVICE
DT259647 X Case Emitters- json-path-2.2.0.jar (Publicly disclosed vulnerability found by Mend)
DT271567 X SECURITY - CVE-2023-51775 IN JOSE4J AFFECTS IBM CLOUD PAK FOR BUSINESS AUTOMATION WORKFLOW
DT260288 You notice the value entered in the Decimal view is cleared after upgrading to IBM Business Automation Workflow v23.0.2
DT261525 YOU MAY SEE THAT SNAPSHOTS ARE NOT DISPLAYED AS EXPECTED FOR A PAGE IN THE PROCESS ADMIN CONSOLE
DT266693 IBM CLOUD PAK FOR BUSINESS AUTOMATION CONTAINS AN OUTDATED VERSION OF APACHE XALAN DEPENDENCY
DT270130 You notice the Service call view does not handle service flows that use an error end event
DT270178 DATA MAPPING NOT WORKING FOR A COMPLEX TYPE BUSINESS OBJECT DEFINED IN A TOOLKIT
23.0.2 IF002
Known Issue Security APAR Behavior change Title
DT258606 X SECURITY DT258606 - CVE-2023-51074 IN BAW FLINK JOBS
DT257050 Case Client icon missing when using non-default theme
DT259591 YOU MIGHT ENCOUNTER A CONNECTION FAILURE ERROR WHEN YOU CLICK THE 'TEST CONNECTION' BUTTON TO TEST AN ENTERPRISE CONTENT MANAGEMENT SERVER CONNECTION IN THE PROCESS ADMIN CONSOLE
DT260228 SnapShot installation fails with java.lang.NullPointerException
DT260320 Can not edit properties when editing heritage human services in IBM Process Designer
DT260800 Some of the action buttons in the Case Details page toolbar are not visible if the browser window is too small
23.0.2 IF001
Known Issue Security APAR Behavior change Title
DT247641 X SECURITY APAR - CVE-2023-33008 IN JOHNZON-CORE MAY AFFECT BAW EVENT EMMITERS
DT257576 X SECURITY APAR - MULTIPLE VULNERABILITIES IN AUTHORING UIS CVE-2023-45857, CVE-2023-26159
DT258079 X SECURITY APAR - VULNERABILITY IN FOLLOW-REDIRECTS CVE-2023-26159
DT258608 X SECURITY APAR - CVE-2023-43642 IN BUSINESS AUTOMATION INSIGHTS EVENT EMITTERS
DT247004 IN PROCESS ADMIN CONSOLE, YOU SEE SLOW PERFORMANCE WHEN REFRESHING THE TEAM BINDINGS PAGE
DT247086 DELETING ON-HOLD EVENT MANAGER TASKS COULD FAIL WITH AN ERROR
DT247283 UNEXPECTED VALIDATION ERROR FOR DATA MAPPING IN WEB PROCESS DESIGNER
DT247327 YOU SEE AN ERROR WHEN RUNNING THE JAVASCRIPT 'TW.LOCAL.RESPONSEXML.TRANSFORM(XSLLOCATION):'
DT247383 BOOLEAN VARIABLE DATA MAPPING DROPDOWN NOT SET TO BOOLEAN VALUE CORRECTLY
DT247541 EXCEPTION OCCURS IN THE PROCESS ADMIN CONSOLE WHEN YOU TRY TO DELETE AN EXPOSED PROCESS VALUE IN A TIP SNAPSHOT
DT256769 WHEN YOU TRY TO VIEW DATA OF A PROCESS INSTANCE IN THE PROCESS ADMIN CONSOLE PROCESS INSPECTOR, YOU MAY SEE AN EMPTY DATA FIELD
DT256841 XML special characters in database passwords cause SAXParseException for IBM Business Automation Workflow Runtime and IBM Business Automation Studio
DT258377 Installation of workflow project with external process fails in production environment with rolling upgrade enabled
DT258943 TIME VALUES OF A SCHEDULED UCA JOB ARE NOT DISPLAYED IN THE PROPER FORMAT IN EVENT MANAGER MONITOR PAGE OF PROCESS ADMIN CONSOLE
DT365094 The recent Business Automations page takes long time to load in the IBM Business Automation Studio

Back to top

Document change history
  • 7 August 2024: Added DT386834 to IF006 fix list table
  • 1 July 2024: Updated with 23.0.2 IF006 details
  • 31 May 2024: Updated with 23.0.2 IF005 details
  • 25 April 2024: Updated with 23.0.2 IF004 details
  • 28 March 2024: Updated with 23.0.2 IF003 details
  • 29 February 2024: Updated with 23.0.2 IF002 details
  • 1 February 2024: Initial publish.

    • [{"Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SS8JB4","label":"IBM Business Automation Workflow"},"ARM Category":[{"code":"a8m50000000CcWOAA0","label":"Security"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Type":"MASTER"}]

    Document Information

    Modified date:
    07 August 2024

    UID

    ibm17107403

    Page Feedback