Fix Readme
Abstract
This readme is for IBM Business Automation Workflow 23.0.2 Machine Learning Server interim fixes released periodically to resolve security vulnerabilities, as well as other defects. It includes information about the download, installation, and other information about interim fixes for the 23.0.2 release.
Content
| Readme file for | IBM Business Automation Workflow Machine Learning Server |
|---|---|
| Product release | 23.0.2 |
| Publication date | 1 February 2024 |
Contents
Prerequisites and superseding fixes
Components impacted
Before installation
Installing the interim fix
Performing the necessary tasks after installation
Uninstalling
List of fixes
Document change history
Components impacted
Before installation
Installing the interim fix
Performing the necessary tasks after installation
Uninstalling
List of fixes
Document change history
Prerequisites and superseding fixes
- Each interim fix typically supersedes all other previous interim fixes shipped for 23.0.2
- Business Automation Workflow Machine Learning Server includes container images that include operating system level and other open source libraries. Vulnerabilities (CVEs) for these libraries are published regularly. These interim fixes include fixes for these libraries.
Business Automation Workflow Machine Learning Server interim fixes
| Interim fix name/ Download link |
Superseded interim fix names | Complimentary Cloud Pak for Business Automation interim fix name | Released |
| 23.0.2 IF003 | See note (*) below | 23.0.2 IF004 | April 2024 |
| 23.0.2 IF002 | * Note: All previous interim fixes listed in this table | 23.0.2 IF003 (Note: There was no February fix issued for Machine Learning Server, hence the interim fix number mismatch compared to Cloud Pak for Business Automation) | March 2024 |
| 23.0.2 IF001 | None | 23.0.2 IF001 | January 2024 |
The previous table is chronologically listed in reverse order, with more recent fixes listed at the top.
Components impacted
Before installation
- Download the fix archive file from Fix Central corresponding to latest interim fix listed in the table above.
- Using your preferred FTP tool, move the downloaded archive to the environment where the Machine Learning Server is installed. Place it in the same directory, as a sibling to where the Machine Learning Server directory resides. For example, if the Machine Learning Server directory is ba-ml-server, then the parent of that directory will now include ba-ml-server directory and the fix archive file, for example, BAMLS_23.0.2_LNX_ML-IF001.tar.gz .
# pwd /root # ls -l total 1100944 -rw-------. 1 root root 1226 Apr 29 2022 anaconda-ks.cfg -rw-r--r-- 1 root root 1085801736 Jan 26 13:11 BAMLS_23.0.2_LNX_ML-IF001.tar.gz drwxr-xr-x 7 root root 109 Jan 29 12:20 ba-ml-server
Installing the interim fix
On the environment that has the 23.0.2 Machine Learning Server installed:
- Connect to this host via terminal using SSH.
- Back up the current .env file located in the root directory where the Machine Learning Server is installed. By default, the root directory is typically named ba-ml-server, and subsequent instructions refer to it as such.
- From inside the root directory ba-ml-server, stop the server by running:
./bin/ba-ml-server-stop - Navigate to the parent directory where the archive was previously uploaded and extract its contents. Please be aware, this will over-write the current ba-ml-server directory and its contents. Here is an example of performing this operation using the tar command:
tar -xzvf BAMLS_23.0.2_LNX_ML-IF001.tar.gz - Back inside the root of the Machine Learning Server (ba-ml-server), run:
sudo chmod a+x bin/ba-ml-server-start - Edit .env, and use the values previously backed up for the Business Automation Insights credential values, for the values of these keys:
BAI_HOSTNAME= ES_USERNAME= ES_PASSWORD= ELASTICSEARCH_PORT= BAW_TASK_ALIAS= - Run:
./bin/ba-ml-server-start --init --acceptLicense - (Optional) Complete the next two steps two if you already have a Business Automation Workflow environment installed and configured with this Machine Learning Sever, otherwise, skip to the next part Performing the necessary tasks after installation.
- From the WebSphere Application Server Admin Console of the environment that is running Business Automation Workflow:
- Navigate to SSL certificate and key management > Key stores and certificates > CellDefaultTrustStore > Signer certificates .
- Delete the current Machine Learning Server signer certificate.
- Add a new SSL certificate.
- Click retrieve from port.
- Add the hostname and secure port number, for example, 443, of the Machine Learning Server.
- Enter a name for the alias, for example, ml-server .
- Then, click retrieve signer information.
- Finally, click Apply then Save..., to commit the changes.
Note: If you don't fill in the credentials for the .env before running the ./bin/ba-ml-server-start --init --acceptLicense command, it will ask you during build to put in the credentials, but when doing so, Elastic Search might not work. If you find yourself running into this issue, redo steps 6 and 7 above.
Performing the necessary tasks after installation
On the environment that has Business Automation Workflow installed:
Note: For any changes in admin console, make sure to click Apply then Save... to ensure changes are committed and take affect.
Note: For any changes in admin console, make sure to click Apply then Save... to ensure changes are committed and take affect.
- For Next Best Task, enable Task Filter Service for Process Portal in admin console, via Mashups configuration
For more information refer to Prioritizing work in IBM documentation.- Add the following properties:
Property Value Additional information com.ibm.bpm.portal.task.filter.service.name SYSRP@Task Filter Service Template com.ibm.bpm.portal.task.filter.service.alwaysRun false Set variable type to boolean com.ibm.bpm.portal.task.filter.service.showToggle true Set variable type to boolean
- Add the following properties:
- Create authentication alias for Machine Learning Server in admin console
For more information refer to Managing Java 2 Connector Architecture authentication data entries for JAAS in IBM documentation- In admin console, navigate to Security > Global Security > Java Authentication and Authorization Service > J2C authenticaion data
- Create a new alias and give it a name, for example ml-server .
- Enter the HTTP Basic Authentication username and password used to access the Machine Learning Server.
- Import Machine Learning Server certificates
For more information refer to Accessing an Enterprise Content Management server using the Secure Socket Layer (SSL) in IBM documentation.- In admin console, enter the hostname and port number used to access the Machine Learning Sever.
- Enter a name for the alias, for example ml-server .
- Click Apply then Save... .
- Configure Business Automation Workflow via 100Custom.xml using information from previous steps
- In the file system, locate and edit <Dmgr_profile_root>/profiles/StandAloneProfile/config/cells/nodename1Node01Cell/nodes/nodename1/servers/server1/process-center/config/100custom.xml .
- Add the following section inside the <properties> tag, and update the values for host, port, auth-alias, and ssl-config-alias, based on the results of the previous steps:
<server> <ml-server> <!-- ML-Server configurations. --> <host>ml-server-hostname-added-in-step-3</host> <port>ml-server-expose-port-added-in-step-3</port> <auth-alias>auth-alias-name-created-in-step-2</auth-alias> <ssl-config-alias>ssl-config-alias-created (leave blank if none)</ssl-config-alias> </ml-server> </server>
- Restart Business Automation Workflow server
Caused by: com.ibm.jsse2.util.j: PKIX path building failed: com.ibm.security.cert.IBMCertPathBuilderException: unable to find valid certification path to requested target
Uninstalling
There is no procedure to uninstall the interim fix.
List of fixes
The following lists of resolved Known Issues are specific to Business Automation Workflow Machine Learning Server. Fixes that have been identified as correcting security vulnerabilities are indicated with an X mark.
Business Automation Workflow
23.0.2 IF003
| Known Issue | Security | Behavior change | Title |
|---|---|---|---|
| N/A | X |
Business Automation Workflow Machine Learning Server is delivered with container images that include operating system level and other open source libraries. Vulnerabilities (CVEs) for these libraries are published regularly. This interim fix includes fixes for these libraries to address:
CVE-2024-1135
|
23.0.2 IF002
| Known Issue | Security | Behavior change | Title |
|---|---|---|---|
| N/A | X |
Business Automation Workflow Machine Learning Server is delivered with container images that include operating system level and other open source libraries. Vulnerabilities (CVEs) for these libraries are published regularly. This interim fix includes fixes for these libraries to address:
CVE-2024-24762
|
23.0.2 IF001
| Known Issue | Security | Behavior change | Title |
|---|---|---|---|
| N/A | X |
Business Automation Workflow Machine Learning Server is delivered with container images that include operating system level and other open source libraries. Vulnerabilities (CVEs) for these libraries are published regularly. This interim fix includes fixes for these libraries to address:
CVE-2023-27043, CVE-2023-29159, CVE-2023-25399, CVE-2023-29824, CVE-2023-43804, CVE-2023-44271
|
Document change history
[{"Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SS8JB4","label":"IBM Business Automation Workflow"},"ARM Category":[{"code":"a8m50000000CcWOAA0","label":"Security"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Type":"MASTER"}]
Was this topic helpful?
Document Information
Modified date:
25 April 2024
UID
ibm17109938