IBM Support

Fix list for IBM WebSphere Application Server traditional V9

Product Readmes


Abstract

IBM WebSphere Application Server traditional provides periodic fixes for the base and Network Deployment editions of release V9. The following is a complete listing of fixes for V9 with the most recent fix at the top.

Content

Back to all versions
Release Date
Total number of APARs
Total number of Security APARs
10 September 2021
82
1
18 June 2021
106
10
26 March 2021
100
4
27 November 2020
88
5
4 September 2020
64
7
12 June 2020
63
3
20 March 2020
103
4
13 December 2019
73
5
20 September 2019
77
2
28 June 2019
93
2
5 April 2019
87
6
14 December 2018
74
16
21 September 2018
80
4
29 June 2018
129
6
16 March 2018
87
5
21 December 2017
110
0
17 October 2017
175
5
13 June 2017
147
3
14 March 2017
114
3
13 December 2016
134
3
16 September 2016
170
6
Fix Pack 9.0.5.9
Fix release date: 10 September 2021
Last modified: 10 September 2021
Status: Recommended

Download Fix Pack 9.0.5.9
Component Security APAR APAR Description
Administrative Console (all non-scripting) PH36476 8.5.5.18 console security tightening
PH36632 Update commons-io in the admin console
PH38485 Unable to configure logging parameters on the admin console
Administrative Scripting Tools (for example: wsadmin or ANT) PH36027 Improve message when renamenode is run against an unmanaged node
EJB Container PH28694 EJB method names that differ only in capitalization may result in org.omg.CORBA.BAD_OPERATION
PH37410 Getting secj0053e, cntr0020javax.ejb.AccessLocalException, com.ibm.websphere.csi.CSIAccessException when accessing an EJB method
Enterprise Edition (EE) PH36441 Fix deserialization issue for lists when jaxb.fp.fallback.for.typed.arrays is enabled
Federated Repositories PH30775 NullPointerException is thrown when creating a property extension (lookaside) repository
General PH36210 WebSphere z/OS 9.0.5.7 server fails to start - JVMJNCK031E JNI error in callstaticvoidmethoda: argument #4 is null
PH34673 Application start/stop issues in Websphere Application Server ND V9.0.5.5.x
PH35225 Improve handling of cancel notifications in compute grid
PH35226 Making log part rotation configurable based on file size or number of lines in compute grid
PH35447 Property to enable preference to use local connection between compute grid scheduler and endpoint servers
PH35789 Same fix as PI78935 but for transaction commit processing
PH35877 Session ActiveCount shows a negative value
PH36236 Compile error retunrs com.ibm.ws.exception.wsNestedException is unknown
PH36731 Intermittent eclipseLink concurrentModificationException
PH36828 EclipseLink support for embeddable fields as join targets
PH36833 EclipseLink support for input parameters in select clause
PH36839 EclipseLink throws NullPointerException from embedded temporal mapkeys
PH36841 EclipseLink criteriabuilder trim function creates incorrect SQL
PH36843 EclipseLink throws exception for criteriaBuilder queries with only literal values
PH36966 Non-translated warning message in WebSphere logs
PH37038 Charset="utf8" fails with unsupportedencodingexception in wink JAXRS
PH37099 Prevent high CPU resulting from concurrent server-status access
PH37142 Allow Intelligent Management enabled web servers to honor affinity over application edition routing policies
PH37202 RemoveAttributesOnInvalidate does not work at web moulde or application level configuration
PH37590 Invalid bundle-version in derby
PH37715 EclipseLink illegalArgumentException from criteriabuilder case expressions
PH37742 EclipseLink support for parameter values in case/coalesce expressions
PH37763 EclipseLink support for parameter values in criteriabuilder in expressions
PH37788 Use first found EJBDescriptor for mdb
PH37833 EclipseLink criteriabuilder coalesce classcastexception when using literals
PH37837 EclipseLink support for parameter values in having clause
PH37916 Update EclipseLink to support ASM 9.1 for Java 17
PH37919 Honor ability to set umask on the process used to launch assisted life cycle servers and correct the default umask to actually be 022
PH39180 Exception: java.lang.NullPointerException at com.ibm.ws.odc.nd.ODCTreeImpl.commitTransaction(ODCTreeImpl.java:1047) - DMGR SystemOut
PH39373 WebSphere windows service fails when the hostname contains the word "test"
PI50904 Invalid url request values need more specific details in the exception produced
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server
Java 2 Connectivity (J2C) PH32900 Tolerate hung connections during error cleanup
PH34972 Invalid properties in the ra.xml causes WebSphere v8.5.5.x resource adapter update to fail
PH36295 J2CModule PMI object memory leak
Java Management Extensions (JMX) or JMX Client API PH36026 Improve log message when the node agent restarts an unresponsive application server
Java Message Service (JMS) PH35855 WebSphere control region failed with abend 0c4 in com/ibm/ws390/xmem/proxy/xmemproxycrcpputilities.queueinboundreq
Java Persistence API (JPA) PH35414 Bean validation leaking application class loaders
Java SDK PH36923 java.lang.NullPointerException caused by PH34711
Migration PH36102 MIGR0285E: An unexpected internal error occurred with exception java.io.eofException: unexpected end of zlib input stream error
PH36493 WASPostUpgrade fails with NPE processing domain-security.xml configuration file
PH37617 A NullPointerException occurs when processing a virtualhosts.xml that contains a mimetype entry with no type specified
PH38010 Update the migration toolkit for application binaries to the latest version - 21.0.0.2
Object Request Broker (ORB) PH37257 WebSphere z/OS 9.0.5.7 abends with abend0c4 in com/ibm/ws390/sm/smf/smfjactivity.cutsmfst9asyncrecord
PD tools (for example: Log Analyzer) PH38048 Prometheus endpoint enhancements for performance monitoring infrastructure metrics on WebSphere Application Server traditional
PH38053 Add new server scrape duration metric for prometheus metrics endpoint
Plug-in PH36744 Ant script does not clean up extraneous files
PH37891 Plugin error message repeatedly logged - "error: ws_transport: address_as_string: unknown family 4098"
PH38203 Unix PluginCfgMerge lacks was.install.root which causes WVER0001E
Runtime and Classloader PH39733 Provide a switch to disable javacores for unexpected shutdowns
Security PH34690 Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2021-29736 CVSS 5.0)
PH36017 Fix message formatting error in PH36017 in 9058
PH36593 Provide an option to turn off hostname information for audit function
PH36615 Qshell command line remains hidden after prompting for password with administrative security enabled for a profile
PH36732 Add ability to delete corrupted keyStore
PH36733 A Certificate Signing Request (CSR) is created with an extra information in the Subject Alternate Name(SAN) field
PH36858 Add warning during server start when TLSv1 or TLSv1.1 is configured
PH36864 Message CWPKI0429I has an incorrect parameter that needs to be fixed
PH36934 CWSCF0002I: Flooding the logs
PH36985 SSL failed handshake with a bad cert error
PH37067 CWPKI0045E correction
PH37396 Serviceability improvement to aid in debugging issues with EJB deployment descriptors and role permissions
PH37447 Profile creation fails when the domain name starts with a digit
PH37462 javax.net.ssl.keystore, javax.net.ssl.truststore properties are not honored
PH38493 Remove unnecessary manual garbage collecting in security code
System Management/Repository PH29354 Add jvm option to narrow down trace spec for command line tools
PH30748 Error creating client_auth_token during shutdown
PH38349 ADMU3029I: Conflict detected on port 9999 for endpoint jsr160rmi_connector_address of the server server1
Transaction Service PH35202 Server using Enable_dbtxLog_PeerLocking=true fails to start if the transaction log tables are empty
PH36461 Transaction recovery fails due to org.xml.sax.SAXParseException: the namespace prefix "wsa" was not declared
Web Services (for example: SOAP or UDDI or WSGW or WSIF) PH34951 NullPointerException error may occur with Axis2 marshaller
PH35078 Soap response message is not valid, but websphere parsing should not fail it with NullPointerException
PH37152 IWAE0017E Unable to replace original archive - during role mapping
Web Services Security PH35481 OIDC apis may not find idToken token on runAs subject
WebSphere Common Configuration Model (WCCM) PH35698 NullPointerException from org.eclipse.jem.util.registryReader.readRegistry during application update
 
Fix Pack 9.0.5.8
Fix release date: 18 June 2021
Last modified: 18 June 2021
Status: Superseded

Download Fix Pack 9.0.5.8
 
Component Security APAR APAR Description
Administrative Console (all non-scripting) PH32886 Incorrect variable definition leads to failure in transformer script
PH33656 Wsadmin Jython command does not change status of schedulerJNDI name
PH33754 The OK button of login configuration page for Java authentication and authorization (JAAS) not working consistently
PH33795 Default scope should not affect virtualhosts.xml. There is only one scope for virutalhosts
PH35829 Not able to move a target of a SIP application router to another SIP application router through the administrative console
Default Messaging Component PH29166 Message engine deadlock problem
PH31182 Loop when trying to delete the first message in the queue
Dynamic Cache PH35811 com.ibm.ws.cache.CacheConfig.batchUpdateMilliseconds does not affect the batch update daemon on receiving side
EJB Container PH33683 EJB timer service does not adjust based on daylight savings time adjustment
PH34623 Harden legacy EJB APIS
EJBDeploy (WSAD) PH36122 Remove unnecessary was.product file from EJBDeploy tool
General PH17014 Manifest attributes for annotation filtering are not being honored
PH21496 CWSAH0009E: An internal error occurred
PH21936 FileNotFoundException may occur during migration of OSGI application
PH22740 OSGI application fails to start in Azure environment
PH29774 Close files after CDI is initialized
PH30607 Warning message CWSAA0037W indicating dulplicate JNDI name is issued in error
PH31840 Moveable DMGR fails to create VIPARANGE DVIPA on 2nd LPAR
PH32163 Deadlock condition in memory session and logging console handler
PH32868 Exported ear file does not include latest application files
PH33368 CWSIK0901E: An internal messaging error
PH33712 Check package name when injecting EJBs
PH34067 XML External Entity (XXE) Injection vulnerability in WebSphere Application Server (CVE-2021-20453 CVSS 8.2)
PH34122 Vulnerability in Dojo affects WebSphere Application Server (CVE-2020-5258 CVSS Score 7.5)
PH34501 Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server
PH34906 XML External Entity (XXE) Injection vulnerability in WebSphere Application Server (CVE-2021-20492 CVSS 6.5)
PH34944 Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server
PH35767 Update the migration toolkit in WAS to the latest version
PH36253 Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2021-29754 CVSS 4.2)
PH37034 Update the version of log4j contained in the installable uddi.ear application
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server
IBM i PH35467 QSVTAP24 service program not updated by fixpack if ownership incorrect
Intelligent Management Component PH31531 ArrayIndexOutOfBoundsException in ODR vector operation
PH34475 Intelligent Management enabled web servers and On Demand Routers (ODR) return 404 error codes for requests that could be served by the mapped applications default servlet
PH34977 Intelligent Management enabled plugin attempts too many retries when application with session affinity returns 503
PH35058 Unable to configure Java SDKs from console for ODR servers
PH35098 Directory Traversal vulnerability in WebSphere Application Server ND (CVE-2021-20517 CVSS 6.4)
PH35997 After upgrade to 9.0.5.7 static content which was previously being served by IHS was returning 404 error codes
PH36124 WASX7017E: Exception received while running file "dumpIMPState.py"
PH37099 Prevent high CPU resulting from concurrent server-status access
Java 2 Connectivity (J2C) PH31288 J2CA0045E - Tolerating the connection error occurred event during the MatchManagedConnention
PH31875 J2CA0079E: getManagedConnection internal illegal state = STATE_INACTIVE MCW
PH33941 Deadlock issue when close JMS connection
PH34294 DataSource url property syntax validation does not allow new format in admin console
PH35899 Java.security.unrecoverableKeyException after upgrading to WebSphere 8.5.5.19
Java Message Service (JMS) IT32212 Topic handles are not closed when a Classes for Java MQQueueManager disconnects
IT32639 JMS ConnectionFactory property CNLIST does not work in Apache Tomcat
IT32708 Java MQ client application ArrayIndexOutOfBoundsException when using MQCCRED with TLS and SSLPEER
IT32925 Update JMQI trace to remove unnecessary values from the options field
IT32987 NullPointerException occurs when activation specification or WASlistener port is configured to use message retention
IT33590 Resource adapter deployed into embedded WebSphere Liberty started via Liberty SPIs cannot make secure connections to MQ.
IT33772

IBM MQ is vulnerable to a remote code execution vulnerability (CVE-2020-4682)
IT34219 Update Bouncy Castle shipped by IBM MQ
PH26041 Adding support for 64 bit JVMS into the IMS Adapter - JAVA
PH26255 MQ JMS in CICS JVM server working with OSGI bundles fails with RC2058 MQRC_Q_MGR_NAME_ERROR.
PH31692 Not all message listeners started in the control region after startup
PH34514 WebSphere z/OS 9.0.5.2 Java.io.ioException: XMemProxy channel in a Servant failed to read from Controller region
PH34576 During shutdown of server, control region experiences hang in com/ibm/son/mesh/CfwTCPImpl.complete
PH34639 destDescription message header with no value set after editing MQ topic configuration
PH34715 Update the IBM WebSphere MQ JCA resource adapter to version 9.1.0.7
PH34816 Server shutdown hangs due to deadlocked threads in Control region
Java SDK PH34711 Vulnerability in Apache MyFaces affects WebSphere Application Server (CVE-2021-26296 CVSS 8.8)
JavaServer MyFaces (JSF) Apache MyFaces implementation PH36923 java.lang.NullPointerException caused by PH34711
Migration PH33872 WASPostMigration fails with Java.lang.NoSuchMethodException
Object Request Broker (ORB) PH35522 WebSphere Application Server servant or adjunct region may not come down quickly after a 5C6 ABEND
Other PH34947 AppScan: opensource security vulnerabilties in isclite
Plug-in PH34305 Adding deprecated messaging to plugin topology centric generation
PH34566 Limit number of retries for 503 responses
PH34644 Adding log messages to 99SBootStrapPluginsIHS.ant to alert of bad httpd.conf path
PH36211 Crash with plugin 8.5.519 on Linux PPC64LE
PH36487 WAS Webserver plug-in possible crash in detailedLog function
PH36942 Ant script fails in post install processing
PMI/Performance Tools PH35521 Web application module PMI stats are sometimes not shown in the metrics.ear application output
Scheduler PH31154 XOR encoding KeyStorePasswords and TrustStorePasswords used in DataSource custom properties lead to SSLHandShake errors
Security PH28393 Login audit for SPNEGO and Kerberos login
PH30522 Do not allow a keySetGroup referenced by the default LTPA auth mechanism to be deleted
PH30570 Provide an option to use only custom cookie name in traditional WebSphere
PH33038 Intermittent error parsing an unchanged wsjaas.conf
PH34028 Server does not start after enabling AES encryption
PH34899 NullPointerException in security interceptor during WAS server startup
PH34963 The underscores (_) in DN name cause profile creation error
PH35227 The certificate monitor did not renew the default certificate on WAS 8.5.5.17 using JDK1.7
PH35299 A custom cache key is not returned correctly when the subject has more than one hashtable in the credential
PH35329 If an extremely large number is input for LTPA timeout, it may exceed the maximum long value, resulting in an invalid token
PH35421 Admin_repository_save audit events are not generated in an AdminAgent environment
PH35998 When certificates contian multiple DNS or IP values not all values are displayed when viewing the certifiate information
PH36007 The GenAndReplaceCertificate task is not working when not connected to the server
PH36017 eEror message CWPKI0662E is vauge and does not provide user with much information to help them
PH36649 AdminTask.validateAdminName results in NullPointerException when ran as operator role
Service Data Objects (SDO) PH35619 Use of "OneDB" causes many "not a recognized database type" message error messages
Servlet Engine/Web Container PH29912 Change default value for wc suppressHtmlRecursiveErrorOutput
PH35019 There are scenarios where the http dispatcher will set a 404 status and send a response without ever engaging the web container
PH35470 PMI stats for the servlet are not collected for application until application is restarted
PI80786 HTTP 500 is returned from a request with too many parent directories (forward slashes) in the url
System Management/Repository PH35272 "ADMG0811I: Changing value for this property password" message displayed when the value has not changed
Web Services (for example: SOAP or UDDI or WSGW or WSIF) PH34048 XXE Injection Vulnerability in WebSphere Application Server (CVE-2021-20454 CVSS 8.2)
PH35981 OverlappingFileLockException on z/OS after applying PH26972 ifix
Web Services Security PH33170 OIDC JWT authentication using custom cache key can be slow
PH34227 OIDC RP: Support the Basic_Start_Authorization scope
PH34840 OIDC RP: Make the state parameter alphanumeric
PH35185 OIDC RP may fail with CWTAI2007E saying a noce claim is required when the nonce is present
Fix Pack 9.0.5.7
Fix release date: 26 March 2021
Last modified: 26 March 2021
Status: Superseded

Download Fix Pack 9.0.5.7
Component Security APAR APAR Description
Administrative Console (all non-scripting) PH29167 Performance and diagnostic advisor configuration causes warning message in the administrative console
PH29429 Admin console not working correctly in some cases with fine grained security
PH30923 Admin console is slow displaying security endpoint configuration
PH31120 WebSphere z/OS 8.5.5.* details of com.ibm.ws.management.util.zos.TransformationError not in joblog
PH31184 Fixes/enhancements for PH31613
PH31219 Property to allow the monitoring role to do testConnections in the integrated solutions console
PH31564 Setting string value on J2eeResourceProperty to emptry string removes attribute
PH34318 Extra character at the top of managing repository page
Dynamic Cache PH31693 Programmatically created object cache instances can not be configured for replication
Federated Repositories PH33842 CWWIM5107E error message seen reporting a failure against a WebServer node
General PH31135 Abend 0c4 in bbodaslu entry point BBODAL03 when daemon is stopped
PH26641 IndexOutOfBoundsException when performing some of apis on SDO list
PH27557 Apache Derby component currency update
PH29720 EclipseLink jpql coalesce function uses improper whitespace
PH29786 EclipseLink criteriabuilder in() expression creates incorrect SQL
PH29794 EclipseLink in() expression fails with Oracle limit
PH29809 EclipseLink ignores lowercase attributeOverride values on elementCollections
PH30128 EclipseLink intermittent ConcurrentModificationException
PH30163 WebSocket write thread could spin indefinitely on race condition
PH30529 WAS service entered the running state msg is sometimes recorded twice
PH30827 Session active for over 1 hour is not invalidated
PH30837 EclipseLink converts boolean values to integer values in case expressions
PH31008 Cryptic exception when session max count exceeded
PH31150 NullPointerException during getSession when request contains a sessionid with invalid length
PH31267 For WSGrid STEP_COMPLETE_EXECUTION_FAILED should be rc -14 but throws -16
PH31416 Improve performance of WebSphere EL implementation
PH31454 Remove jackson-databind vulnerability CVE-2019-10172
PH31499 Update EclipseLink to support ASM 9.0 for Java 16
PH31571 EclipseLink intermittent NullPointerException from weaved entity code
PH31965 WebSphere Application Server service generation fails on SLES 15 and above
PH32188 Update the migration toolkit in WebSphere to version 20.0.0.4
PH32352 Print trace points if cookies or url rewriting is enabled
PH32501 Print trace points if session shared between WebModules
PH32561 Print a message saying that the custom property is needed if the length of the JSESSIONID cookie is greater than 23 chars
PH32837 WebSphere Windows service does not indicated started on German, Dutch and Japanese environments
PH33251 Misleadung message warning.jaxrs.cdi.provider.mismatch with JAX-RS 2.0
PH33299 WebSphere Application Server Windows service continues to run when WebSphere ends unexpectedly
PH33596 The WebSphere Windows service should not use startserver.log for its logfile
PH33648 Directory traversal vulnerability in WebSphere Application Server (CVE-2021-20354 CVSS 5.9)
PH34424 Update Apache HttpClient to 4.5.13 for usage metering
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server
Install PH33568 WebSphere Application Server 9.0.5.6 does not support the 64-bit version of installation manager 1.9.1.4 for HPUX
PH34646 64-bit installation manager on z/OS generates warning messages
Intelligent Management Component PH32919 ODC does not carry url-patterns associated with filter-mapping definitions held in module level WEB-INF/web.xml files resulting in 404 responses
Java 2 Connectivity (J2C) PH32187 Receiving J2CA0646E error when updating MQ resource adapter
PH33233 NullPointerException reported when getConnection for the database datasource that has no schema
Java Message Service (JMS) PH25633 WebSphere Application Server throws Javax.transaction.HeuristicMixedException during JMS provider
PH28619 JTA commit priority not applied to MQ provider JMS XAResources
PH32909 zWAS channel framework leak of com/ibm/ws/tcp/channel/impl/ZAioTCPConnLink objects
Migration PH30608 NullPointerException when running WASPostUpgrade from profile root
Object Request Broker (ORB) PH27734 zWAS poor filesystem performance due to CKACCESS / FSACCESS CML lock contention
PD tools (for example: Log Analyzer) PH29537 [RFE 276826] Increase max number of historical files from 200 to any positive number in WebSphere Application Server traditional
PH30146 Remove -serverName from -help listing in collector
PH30984 Increase collector tool max heap memory size
Plug-in PH29434 Avoid hang in odrHttpResponseContextClean() when using IM "MaxRequestsPerDaemon" option
PH29829 Customers should not have their plugin-key.kdb/sth files within /etc
PH29837 Plugin IHS ant script is not able to set the bits folder
PH29856 PluginConfigGeneratorNLS.cprops files list 8.5 instead of 9.0
PH29951 Plugin cannot manually propagate without overrideAutoProp
PH30071 Conflict between mod_deflate and the WAS plugin
PH31857 IBM WebSphere Application Server web server plugin sets the incorrect default for IgnoreAffinityRequest settings
PH32280 IHS server/plugin loop at startup with zero byte plugin-cfg.xml file
PH32435 Encoded charcters (%2f etc) in uri
PH32528 Plugin does not allow personal certificates signed by CAS using weak signature algorithms such as Sha1WithRSA
PH32738 Applying Plugin fixpack 9.0.5.4 creates an unexpected empty file "c:\program"
PH33264 System crashed when plug-in handles non-WebSphere request
PMI/Performance Tools PH24409 WebSphere Application Server traditional prometheus endpoint
PH29087 TPV in WebSphere Application Server admin console shows incorrect activeCount value afterservant region is restarted
Runtime and Classloader PH32612 Unexpected server shutdown produces no additional debug data
PH32866 WSVR0332I caused by unnecessary class loader package definition
Security PH30511 Failed to create dynamic cluster and seeing lots of WKSP0501I: xx workspaces exist in the wstemp directory
PH30569 Provide an option to only show the info user need in wsadmin getSSLConfig command
PH31086 WIM exception in wsadmin using RMI with / character in username
PH31613 Gssapi/kerberos ldap bind authentication support for LDAP
PH32041 Plug point for custom password encryption is not working on 8.5.5.18
PH32284 MalformedURLException connecting to standalone LDAP server with SSL(ldaps)
PH32467 Provide option to tell the JSSE to use the server side s cipher order in a SSL communication
PH34651 The RSA-PSS algorithm needs to be disabled when IBMJCEFIPS provider is being used
Services Component Architecture PH31130 Node federation timeout
Servlet Engine/Web Container PH33180 Enable TrustedHeaderOrigin to be configured with hostnames and IP segments
System Management/Repository PH24460 Add configurable write timeout to IPCconnectorInboundLink
PH31439 Non planned task management tasks never get deleted
PH32369 Queue/topic connectionFactories for generic JMS providers are not selectable when mapping application resource references
PH32869 Temporary EAR file not deleted after partial application update
PH33352 JMS topics and queues for genericJMS providers are not selectable when mapping resource references
Transaction Service PH29639 Control process is terminated with error C9C21862 following a RRS RC 761
Web Services (for example: SOAP or UDDI or WSGW or WSIF) PH26629 Error may occur when calling serviceDelegate.releaseService() SPI in client application
PH28223 StringIndexOutOfBounds exception occurs during policyset attachment
PH29763 Need an option to enable WSDLl4J verbose messages
PH33037 Directory Traversal vulnerability in WebSphere Application Server (CVE-2020-5016 CVSS 5.3)
Web Services Security PH23614 OIDC add programmatic support for some OAuth functions
PH30368 OIDC RP may not delete session cookie when SameSite cookie policy=lax
PH30911 OIDC RP: Allow a resource parameter to be sent to the token and authorize endpoints
PH31682 OIDC RP may not load config from a non-default security domain
PH31727 XXE vulnerability in WebSphere Application Server (CVE-2020-4949 CVSS 8.2)
PH32257 NotSerializableException with OIDC
PH32421 SAML assertions are not created with audienceRestriction
WebSphere Common Configuration Model (WCCM) PH31370 Update ICU4J time zone information
PH32277 Application Deployment is slow when application has many EJB jars
PH33228 XML External Entity (XXE) Injection vulnerability in WebSphere Application Server (CVE-2021-20353  CVSS 8.2)
Workload Management (WLM) PH27505 WLM can get in a loop when receiving compressed data running on z15 hardware
Fix Pack 9.0.5.6
Fix release date: 27 November 2020
Last modified: 27 November 2020
Status: Superseded

Download Fix Pack 9.0.5.6
Component Security APAR APAR Description
Administrative Console (all non-scripting) PH26166 Performance problems in certain collection pages of the WebSphere Application Server Admin Console
PH26220 WebSphere Application Server Admin Console is vulnerable to cross-site scripting (CVE-2020-4578 CVSS 5.4)
PH26874 ADMA8019E warning even if "validate input" parameter set to off during the deployment
PH28097 j_security_check allows GET requests
PH28098 Users without appropriate roles can access links that eventually throw errors
PH28336 WebServer virtual host creation failure
PH29871 WebSphere Application Server Admin Console is vulnerable to a directory traversal vulnerability (CVE-2020-4782 CVSS 6.5)
PH30566 After updating to WAS 8.5.5.18 and WAS v9.0.5.5 accessing the admin console fails with 500 error
PH31320 Tivoli Performance Viewer (TPV) servlet summary report page not rendering images correctly
Default Messaging Component PH27391 Possible hang during JMS session close called from exception handler
EJB Container PH26295 Injection processing in adjunct region for z/OS for war modules causes CWNEN0044E error
PH27497 CNTR5010E, CNTR0075E errors after migrating from WebSphere V8.5.5.x to V9.0.5.x
PH27912 CNTR5104E or CNTR5102E occurs at EJB start after upgrading WebSphere to V8.5.5.16, V9.0.5.0, V9.0.5.1, or V9.0.5.2
Federated Repositories PH23888 ldaphelper.getRDN failover does not properly account for escaped commas
PH28634 Remove extra logging from UI script
General PH17014 m\Manifest attributes for annotation filtering are not being honored
PH26451 ODRLIB should consider all VCs when searching for the server app a request has affinity with in multi-cell topologies
PH27629 CDI resource injection of managedExecutorService
PH27825 Deadlock in HPEL code when running sip tracing
PH27883 CWXRS0003W message in adjunct region with dynacache enabled
PH28308 Eclipselink illegal access warning from reflection
PH28420 WSGRID batch job fails with ABEND0C4 in ImqBin
PH28458 JaxRsClientImpl mem leak related to hashset
PH28535 JaxRs ServletException should include root cause
PH28733 Server not shutting down when started in recovery mode when using HPEL
PH28795 Update the migration toolkit in was to latest version and remove setting sourceJava and sourceAppserver manually
PH28961 Update EclipseLink to support ASM 8.0.1
PH28985 Update EclipseLink to support ANTR 3.5.2
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server
Install PH29376 Silently install any required Visual C++ redistributable runtimes on Windows
PH30851 Updating fix pack 8.5.5.15 with the interim fix PH25216 fails
Intelligent Management Component PH26451 ODRLIB should consider all VCs when searching for the app
PH29876 WebSphere 9.0.5.1 through 9.0.5.4 renameCell command fails on Windows
Java 2 Connectivity (J2C) PH28590 Plain text password in ffdc log
Java Management Extensions (JMX) or JMX Client API PH24396 Add ability to generate multiple JavaCores before node agent restarts unresponsive application servers
Java Message Service (JMS) IT27711 Trace enhancements for the IBM MQ classes for Java/JMS
IT30751 Java application remains connected to queue manager if PCFAgent.connect() throws an exception
IT31238 MQ classes for Java application cannot get NameValueData from RFH2 when using CCSID 1200 with little endian encoding
IT31623 MQ classes for JMS incorrectly treat messages with headers that have a CCSID field set to -2 as poison messages
IT31900 MQ Classes for JMS application unable to consume a JMS MapMessage containing Unicode escape sequences
IT32835 Update Bouncy Castle shipped by IBM MQ v9.1
PH26694 An MDB bound to MQ via a listener port stops consuming messages after an mqrc_connection_broken error
PH26914 A rare timing condition may lead to the file store stopping
PH30037 Update the IBM WebSphere MQ JCA resource adapter to Version 9.1.0.6
SE72595 JAVA MQCONNX fails with CC=2, RC=2009 in non-threaded environment on IBM i
Java SDK PH27131 WASAnnotationHelper map memory leak
JNDI/Naming PH27291 com.ibm.ws.naming.util.helpers.isJavaContextChangeAllowed() not correctly detected the clientcontainer stacktrace
PH27583 WebSphere Application Server is vulnerable to an information disclosure vulnerability
(CVE-2020-4629 CVSS 2.9)
Migration PH29310 MIGR0272E: The migration function cannot complete the command. caused by: java.lang.classNotFoundException: com.ibm.websphere.mo
Object Request Broker (ORB) PH27364 WebSphere z/OS 8.5.5.17 ABEND 0C4 (gpf) in com/ibm/ws/asynchbeans/services/wlm/enclavemanager.deRegisterWorkunit
Plug-in PH26422 Flexibility needed in setting $wssn used in place of host: header
PH26475 Switch iis_webserver plugin binaries to symlinks
PH26856 ServerIOTimeoutRetry defaults to 0 (none) if property does not exist in plugin configuration
PH27966 Plugin does not set special header $wsxx for websocket request
PH27968 Allow non-rfc5280 certificates by default
PH28096 http_plugin.log entries for SSL read/write errors are treated like a timeout
Runtime and Classloader PH26130 Add parallel class loading support to WAS application class loaders
Security PH12072 SMF records not recorded with security auditing using the SMF emitter with SECURITY_FORM_LOGIN and SECURITY_FORM_LOGOUT
PH25204 After server is restarted, SpnegoTokenHelper API may fail due to the lack of Kerberos credential
PH26308 ldaptestquery tool for standalone ldap server is not honoring specific ssl settings set at test query tool
PH26841 Java2 security is accessing unexpected places
PH27580 Custom encoding plugin fails to load when the file path includes space
PH28196 Sensitive Information may be stored in a system dump
PH29343 Allow receiveCertificate to handle PKCS7 files
PH29377 Unable to read multiple certs from a cert file
PH29549 Displaying email entry in SAN for information user did not provide
PH29840 Create the ability to select TLSV1.3 protocol
System Management/Repository PH26777 Enable post sync deploy processing on the Dmgr with system prop
PH28307 WebSphere 9.0.5.1 through 9.0.5.4 renamecell command fails on windows
PH30918 Incorrect Java library path set when a server SDK is different from the node/profile sdk
Transaction Service PH10643 Cascading server restart due to transaction auto peer recovery locking issue
PH22988 Communication delay between WebSphere Application Server and MQ
PH23464 Provide a mechanism to disable one-phase commit optimization
PH23968 Java.util.ConcurrentModificationException when stopping server
Web Services (for example: SOAP or UDDI or WSGW or WSIF) PH26204 org.apache.axiom.om.omException: a data handler was not found
PH26778 Axis2 JAXBUtils class consuming large amount of memory
PH26972 zWAS JAXBContext cache corruption possible in multi-servant environments
PH27157 WebSphere Application Server is vulnerable to an information disclosure vulnerability (CVE-2020-4576 CVSS 5.3)
PH27509 WebSphere Application Server is vulnerable to an information disclosure vulnerability (CVE-2020-4643 CVSS 7.5)
PH28645 AbstractMethodError in WsdlReaderImpl.getDocument
PH29156 Jax-WS client may not send request to provider: expose SerializeSecurityContext at JVM level
Web Services Security PH27514 OIDC Tai add basic auth support for the JWK endpoint
PH27827 OIDC RP support unique clientId and clientSecret for introspection endpoint
PH27971 OIDC RP: Expose end_session_endpoint with an api
PH28253 OIDC RP should intercept callback from OP without special filter config
PH28386 PODC RP: Give the option to validate a JWT access token
PH28534 OIDC Tai: Do not load config entry if no filter defined
PH29099 OIDC RP: ClassNotFoundException for jsonutil$dupekeydisallowinglinkedhashmap
z/OS PH28143 Abend DC2-4f003b24 in the zWebSphere daemon process in module bbgorb
Fix Pack 9.0.5.5
Fix release date: 4 September 2020
Last modified: 4 September 2020
Status: Superseded

Download Fix Pack 9.0.5.5
Component Security APAR APAR Description
Administrative Console (all non-scripting) PH21166 Connection pool timeout hover help is confusing
Contexts and Dependency Injection (CDI) PI95074 WELD-2466 null pointer exception in Web service calls
EJBDeploy (WSAD) PH24687 How a deprecated message when running EJBDeploy
General PH21046 First element in list gets duplicated when parent is copy of another parent with a child list that replaced with copy of itself
PH21285 ClassCastException setting max query results in EclipseLink
PH21925 EclipseLink DB2 z/OS uses invalid query to ping database
PH24296 Update EclipseLink to support ASM 7.3.1 for Java 15
PH24309 EclipseLink does not correctly identify Oracle 19c platform
PH24526 EclipseLink exception after migrating to Liberty 19.0.0.12/20.0.0.3
PH25463 With HPEL enabled and "enable log record buffering" set to true, the textlog is not updated instantly
PH25728 Performance: JAXRS2.0 slow performance doing getBeanManager
PH25972 Updating the WebSphere Application migration toolkit (binary scanner) in was to the latest version
PH26083 WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4534 CVSS 7.8)
PH26761 Vulnerability in Apache Batik affects WebSphere Application Server (CVE-2019-17566 CVSS 7.5)
PI97483 EclipseLink re-sorts insert and removes statements within a single transaction at commit
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server
Install PH26325 Fail to check VisualStudio 2013 redistributable package during IHS fixpack install
Intelligent Management Component PH25657 ODR needs to handle encoded uri request patterns
PH25931 Min/max instance script update does not update min/max nodes
PH26354 WebSphere Application Server ND is vulnerable to cross-site scripting (CVE-2020-4575 CVSS 4.7)
PH26364 Improper handling of INADDR_ANY by the Intelligent Management communication layer (P2P/SON) results in NPE
PH27037 New property ppedition.rollout.softreset.waitToQuiesceApplication to set quiesce interval
PH27806 Deadlock between com/ibm/ws/odc/nd/ODCTreeImpl and org/eclipse/osgi/framework/internal/core/BundleRepository blocks start-up
Java 2 Connectivity (J2C) PH21284 Incorrect waitingThreadcount due to mishandling of interrupted threads
PH21407 Out of Memory message is occuring when J2CModule reference is not freed up (j2cmodule = null)
PH23168 NullPointerException with ShowPoolContents
Java Message Service (JMS) PH19730 Launchclient jobs failed to complete with error message of "components failed to initialize"
Migration PH25522 java.lang.NullPointerException while running migration BBOWMPOS job
PH26093 Migration to WAS V9 moves all of the applications to the node profile
PH26288 WASPostUpgrade extracts a file before its parent directory with regard to shared libraries
Plug-in PH23808 SSLMapMode does not work correctly with the im enabled plug-in (odrlib)
PH26192 Web server crashes when WebSphere plug-in dynamically reloaded
Runtime and Classloader PH24756 WebSphere Application Server JVM start failed on parsing Meta-INF/ejb-jar_merged.xml
Scheduler PH27414 WebSphere Application Server could allow a remote attacker to execute arbitrary code (CVE-2020-4589 CVSS 8.1)
Security PH21030 java.lang.NullPointerException in com.ibm.ws.security.web.WebCollaborator is seen at tomcat startup when using com.ibm.ws.ejb.thinclient_9.0.jar
PH21586 ADMG0012E Unable to add the custom properties in CA client configurations
PH22557 Creating a custom CA client by implementing WSPKIClient interface provided by websphere failed class loader
PH25309 Preventing users from making a deletion of a certificate if the alias is being used in dynamic SSL config or SSL config
PH25855 LTPAToken2 value is same after relogin
PH26401 Add certificate extension support
PH27328 The ModifyAuditPolicy command throws a NullPointerException
Servlet Engine/Web Container PH24879 OutOfMemory event on Web service bais.create()
Session Initiation Protocol (SIP) Container PH25483 SIP re-invite might be sent to wrong interface
System Management/Repository PH16464 SERVER_LOG_ROOT is not set for a node agent initially
PH23853 Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362 CVSS 7.5)
PH26952 WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4464 CVSS 8.8)
Transaction Service PH25074 WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4450 CVSS 9.8) and Information Exposure (CVE-2020-4449 CVSS 7.5)
PH25955 Remove_partner_log_entry does not work for xaResource.recover() failure
Web Services (for example: SOAP or UDDI or WSGW or WSIF) PH22498 JAX-PRC Web service client creation fails if an http redirect switches protocol when accessing the WSDL url
PH22765 WSWS7054E error during WSDL generation due to ClassNotFoundException on javax.validation.ConstraintViolation
Web Services Security PH21827 OIDC tai: NotSerializableException for JwtClaims error may occur
PH24501 SAML Web SSO TAI may fail signature verification when a keyinfo contains both keyname and X509Data
PH24737 OIDC RP: Make the introspection response available via api
PH25547 OIDC incorrect behavior if opaque token is in authorization header and useJwtFromRequest=ifPresent
PH25697 OIDC RP sessionCacheTimeoutMinutes=0 is not overriding idToken exp claim
PH25774 OIDC RP: session cookie value is too short
PH26523 OIDC RP allow call to userInfo endpoint to be disabled
PH26842 SAML Web SSO ClassNotFoundException for TrustAssociationUtil in 9.0.5.4
PH26925 OIDC RP generates javascript with extra end-script to send to op
PH27173 OIDC RP login may fail when nonce is enabled
PH27213 OIDC TAI: Give option to not write LTPA cookie in RP path
WebSphere Common Configuration Model (WCCM) PH25334 Application update failure slow due to excessive retries
z/OS PH23733 Unexpected transaction CPLT abend ASIB when transaction is rolled back
PH24730 Repetative characters at the end of message BBOA7101E
PH25359 ABEND 0E0 interruption code 28 in BBOA1REG
Fix Pack 9.0.5.4
Fix release date: 12 June 2020
Last modified: 12 June 2020
Status: Superseded

Download Fix Pack 9.0.5.4
 
Component Security APAR APAR Description
Administrative Console (all non-scripting) PH20162 The configure scanner page is not enabled for monitor with admin access to an application
PH20878 Add content-security_policy to the response header on the Dmgr
PH21177 Update copyright for admin console
PH23369 The color settings of console identity is backed to default
PH23600 Hover help for ORB tracing is not helpful
PH23783 Support url to go directly to three specific pages in the admin console
EJBDeploy (WSAD) PH21271 Failed to run EJBDeploy when installing application by admin console
Federated Repositories PH23240 Adding a node from 9.0.5.1+ dmgr fails for 8.5.5.17+ node with CWWIM5106E
General PH17297 Corrections are needed to the documentation in the Knowledge Center for IBM WebSphere Application Server Version 8.5
PH18158 SESN8558E: An attempt was made to write more than 2M to the large column
PH19392 When checkpointing is turned on, it increases the node synchronization time
PH19805 Display run_jobs_under_user_credential at startup
PH20390 Add MaxHeap MaxInt error message
PH20397 zOS atomic rollout fails when updating edition due to incorrect web server state
PH20735 Dmgr CR issued ABEND0C4-11 dump after stop command
PH21049 Enable-CDI manifest property not working if applied to war or jar modules
PH21413 Validate zeroearcopy apps when running the binary scanner
PH22238 HeapDetect: error notifying monitor: 52 message is logged on st
PH22517 WS-Security may decode Kerberos token and retrieve the realm name for the principal name
PH23010 NullPointerException can occur when JAXRS application is restarted without also restarting the containing server
PH23125 Need informative message when session table does not exist on db
PH24552 PI89036 causes native_stdout to fill up with repeating debug
PH25216 Remote code execution vulnerability in WebSphere Application Server ND (CVE-2020-4448 CVSS 9.8)
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server
Java 2 Connectivity (J2C) PH20373 java.lang.indexOutOfBoundsException thrown from com.ibm.ejs.container.beano.reassociatehandlelist
Java Message Service (JMS) PH20912 Unable to set sameSite cookie option with response.addHeader
PH21305 Hang in adjunct region when deactivating MQ resource adapter
PH22157 Add support for the samesite cookie attribute
Java SDK PH22773 ConcurrentModificationException during JSF initialization
Migration PH21293 Better message for preventing double clone federated node migration
PH22671 Incorrect server uniqueid in cluster.xml after clone migration
PH23359 Message MIGR0590I is incorrectly formatted
PH24741 Migration to WebSphere Application Server V9 may fail to carry forward some SSL endpoint configurations
Object Request Broker (ORB) PH22275 HandshakeCompletedNotifier Failures Cause Socket Timeouts
PD tools (for example: Log Analyzer) PH14607 FileNotFoundException appear when running tWAS logViewer
PH15449 No stack trace printed when NullPointerException printed
PH20856 OSGI logs are not captured by collector tool
PH21934 Profile root is not captured by collector tool for Windows 2016
Plug-in PH21258 z/OS plug-in bld version does not show fixpack level
PH21768 Plug-in fixpack does not update IIS_webserver copy of binary
PH22593 Plug-in-gen dose not refer session management configuration of app-level which overrided when set web-level setting exist
Runtime and Classloader PH20328 Wsadmin renameNode() and adminConfig.save() commands deleting wsBundleMetadata/jsf-myfaces.xml
Security PH14756 NullPointerException in certificateMapper.getDNSubfield WebSphere setup with global security LDAP with security domain
PH19164 If custom encryption module throws passwordEncryptException or passwordDecryptException, it can corrupt passwords in security.xml
PH20571 When the audit policy is loaded, a commandValidationException occurs (SECj6051E)
PH21890 External authentication retrieved user via TAI intercept as unauthenticated failed with null for getUserPrincipal
PH22986 The renewed certificate is not honored when certificate expiration monitor renewed a certificate
PH23211 Password on commandline is not masked correctly
Servlet Engine/Web Container PH17559 NullPointerException occurs if a filter is first mapped to a named servlet, but the named servlet is added later
PH20847  Information Disclosure in WebSphere Application Server (CVE-2020-4329 CVSS 4.3)
Session Initiation Protocol (SIP) Container PH21349 SIP notify arriving before 202 for refer causes a memory leak
PH22590 : B2buaHelper.getPendingMessages might return an empty list when
System Management/Repository PH21511 Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276 CVSS 7.5)
PH21848 Display the absolute path value of the temporary location if the copy of asset fails
Web Services Security PH21178 OIDC RP: Access-token refresh may be attempted when it should not
PH21611 OIDC RP may attempt to refresh access tokens that are not expired
PH22038 OIDC RP: session cookie name should to be related to provider_<id>.identifier but related to provider_<id>.clientid
PH22195 OIDC RP: Enable use OpenID provider's well known configuration url
PH22621 OIDC RP: Add programmatic support for grant_type = client_credentials
PH23572 OIDC RP code flow can not be used if JavaScript is not enabled
PH23697 OIDC RP support RS512 support to OIDC TAI signature algorithm
PI96403 OIDC RP does not support implicit login flow for initial requests
z/OS PH22659 zWAS crash in bbog_failuremonitor::dispatchrecovery(mvs::stoken) following normal shutdown
Fix Pack 9.0.5.3
Fix release date: 20 March 2020
Last modified: 20 March 2020
Status: Superseded

Download Fix Pack 9.0.5.3
 
Component Security APAR APAR Description
Administrative Console (all non-scripting) PH17962 Request to allow web server log path to be outside of was and not require the .log filename extension
PH18268 When a scheduler that an EJB timer service uses no longer exists, the console does not display an error
PH18480 The client wants to use the admin console of the AdminAgent to restrict users who access Web admin console
PH18947 Information disclosure in WebSphere Application Server Admin Console (CVE-2019-4670)
PH19089 "Enable API Discovery Service" option missing from the Admin Console Web Container settings
PH19141 VMM - LDAP attribute configuration - example first add of mail gets replaced by the second add of title
PH19401 Administrative console fix to support bidirectional text fix in the breadcrumb and application install summary page
PH19920 When invalid characters are introduced in the Admin Console url error page java.lang.nullpointerexception is received
Contexts and Dependency Injection (CDI) PH15728 CDI not protecting the thread context classloader and loading a wrong version of xml parser
EJB Container PH18256 CNTR5104E received when deploying EJB application
PH18828 CORBA.MARSHAL: incompatibility between stub and tie on WebSphere batch application
Federated Repositories PH16420 Non-participating repositories are accessed from WIM get api
PH19260 WIMConfigurationException is thrown when updating caches on Admin Console
General PH08220 Add Db2/z named parameter support to EclipseLink
PH08470 Since moving to WebSphere 9.0.0.8, jsf-nls.jar is not being found
PH10785 javax.persistence.lock.timeout works incorrectly
PH10848 Return null for aggregate functions with primitive type
PH11280 PI58498 is not fixed on 8.5.5.13 under certain circumstances
PH11824 How to insert CLOB data using LOB locator in EclipseLink
PH12133 EclipseLink returns the wrong result for left joins with empty results from the right
PH13660 Reduce HPEL buffer flush interval and timer implementation
PH13805 Unidirectional onetomany mapping inserts with multiple foreign key references
PH14266 Update EclipseLink ASM version from 6.2 to 7.0
PH14747 EclipseLink binds untyped parameters on Db2
PH15440 Issue with EntityManager: em.unwrap(connection.class) returns null with the property "eclipselink.jdbc.exclusive-connection.mode" set "Always"
PH16450 EclipseLink: ORA-06550: Illegal character > in stored procedure on Oracle
PH16920 EclipseLink: AggregateObjectMapping support for EclipseLink cursor
PH17812 Intelligent Management Web Server Plug-in 9.0.5.1 crashes if an invalid trace specification is defined
PH17942 Some session attributes are not stored with sessionDB of Oracle
PH18042 Incorrect UOWexception thrown from UOWmanager when subordinate transaction is marked for rollback only
PH18842 Update EclipseLink ASM version from 7.0 to 7.1
PH18844 EclipseLinks COALESCE() JPQL function cannot handle null parameter values
PH18853 EclipseLink incorrectly detects the HANA database platform
PH18854 EclipseLink persistence provider property eclipselink.jdbc.sql-cast does not apply when set
PH18894 Change the default value of modifyActiveCountOnInvalidatedSession
PH18898 WebSocket connections closing results in hung threads
PH19061 Multiple plugin-cfg.xml files & folders under profile_home/config/cells/ causing Liberty report hung on console
PH19292 Issue with quotes
PH19880 Update WAS migration tools to work with binary scanner updates
PH19989 Denial of service in WebSphere Application Server (CVE-2019-12406)
PH20109 EclipseLink mixes indexed and named parameter types for cursors resultlist
PH20275 The session manager behavior after fix of PI78540 is not updated into the Knowledge Center
PH20279 Update Eclipselink to support ASM 7.2 for Java 14
PH20314 Logviewer not able to write logviewer.pos file
PH20421 EclipseLink: Unrecognized JDBC cursor type for Db2
PH20729 AttributeOverride for complex embeddable mappings on EclipseLink fails
PH20786 Missing parameter markers for EclipseLink stored procedures on Db2 z/OS
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server
Intelligent Management Component PH11456 Custom transport chains added to dynamic cluster server templates are not properly propagated to dynamic cluster members.
PH16498 Implement the ability to disable the ODC REST Service
PH17812 Intelligent Management Web Server Plug-in 9.0.5.1 crashes if an invalid trace specification is defined
PH19190 cellname as IM property is not changed in the plug-in by scripting
PH19418 Not all tomcat templates are displayed in the admin console during Tomcat server creation
Java 2 Connectivity (J2C) PH18072 J2CA0163E error occurs when starting application
PH18970 Connection pool hands out aborted connection
PH20223 RRA=all trace results in SECJ0314W violation of Java 2 security permission error
PH20681 Add support for MQ XA recovery with QMIDS
PH20976 AccessControlException when using connection.abort(ex)
Java Message Service (JMS) PH15289 Updating the address include list for server transports causes an exception
PH18475 Client received HTTP 500 error for their request due to java.lang.illegalStateException in the CR
PH19528 WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)
PH20676 Update the IBM WebSphere MQ JCA resource adapter to version 9.1.0.4
Java Persistence API (JPA) PH18777 ConcurrentModificationException after PH07008
PH19943 "java:app" jndi names in jpa <[non-]jta-data-source> emits warning during app start
JSP PH20785 WebSphere Application Server is vulnerable to command execution (CVE-2020-4163)
Migration PH15764 WASPostUpgrade fails when the profile was created with sym links
PH17993 rar files missing if app server node is clone migrated twice
PH18458 Migration is unable to resolve relative file paths correctly
PH18807 Allow migration.properties to be modified for z/OS WebSphere migration
PH19287 Excessive tracing with postUpgradeTrace=0 and preUpgradeTrace=0
PH19982 WASPreUpgrade issue
PH20869 Migration fails with java.lang.nosuchmethodexception:com.ibm.websphere.models.config.applicationserver.sipcontainer.sipcontainer
Plug-in PH19420 Plug-in propagation for managed definition on remote node fails to copy plugin-key.kdb to webserver location on the remote node
PH19922 Unnecessary polling can take place causing high CPU
PH20154 Plug-in WebSocket upgrade request response code not verified
PH20311 Plug-in does not read entire response from the socket when ESI is enabled and response shows data is not modified
PH20448 IHS crash on restart when plug-in log rotation is enabled
Runtime and Classloader PH18939 WebSphere Application Classloader provide wrong byte code to the JPA framework, which cause a ArrayIndexOutOfBoundsException
Security PH13835 Outbound EJB-WOLA connection fails no_permission due to transportlayer settings being picked up from incoming RMI call
PH16017 FFDC data output may display JAAS configuration information
PH18052 Add an option to use hostname in ORB IOR
PH20055 Provide an option to add KRBAuthnToken to Subject
Servlet Engine/Web Container PH15852 Missing translation key: Exception occurred while running ServletContainerInitializers onStartup method
Session Initiation Protocol (SIP) Container PH17737 WebSphere does not reject SIP invite with invalid CSEQ header
PH21614 SIP requests with appropriate CSEQ numbers receive message 500 incorrect CSEQ
System Management Configuration PH15796 Monitored directory deployment hangs when application is deployed on more than one target
System Management/Repository PH18800 SADMA7021I message in a deployment manager systemout.log file causes confusion
PH21881 Fix CD check in renameCell command
Transaction Service PH08281 Information services director fails when invoking a web service - deployment.xml composition unit is not found
Web Services (for example: SOAP or UDDI or WSGW or WSIF) PH16949 WAS 8.5.5.15 / 9.0.5.0 - issues with annotation scanning filters (include-scanning-packages etc.)
Web Services Security PH15248 OIDCClientHelper methods may return null unexpectedly
PH16455 JAX-WS engine did not redirect response with 301 status code
PH17304 OIDC RP cannot send a content-security-policy header to the openID connect provider
PH18150 The OIDC RP does not check the id-token for an acr value if the configured auth endpoint url includes "acr_values"
PH19189 OIDC RP cannot send a nonce parameter to an OpenID Connect provider
PH19333 OIDC RP: unable to override the realm name in an idToken
PH19907 OIDC RP: Login fails when createSession=true and http sessions exhausted
PH20118 OIDC RP: should not require scope claim on response from OP
PH21008 OIDC RP: The tai is completely disabled if any provider config fails to initialize
WebSphere Common Configuration Model (WCCM) PH16593 Application with duplicate servlet-url mapping fails to deploy in version 9
PH17696 Encrypted passwords deleted if custom encryption JAS is removed
PH19871 BO attributes are not working correctly after upgrading to WebSphere 8.5.5.16
PH20188 Incorrect time policy for Turkey in com.ibm.icu.jar
z/OS PH19192 WaitTime is not passed to BBOCLSCC under certain circmstances
Fix Pack 9.0.5.2
Fix release date: 13 December 2019
Last modified: 13 December 2019
Status: Superseded

Download Fix Pack 9.0.5.2
Component Securtiy APAR APAR Description
Administrative Console (all non-scripting) PH14295 Classloader conflict causing problems accessing the admin console in WebSphere Application Server
PH14552 java.lang.arrayIndexOutOfBoundsException: array index out of range: 1 exception on WAS 8.5.5.14 after BPM 18.0.0.1 upgrade
PH15415 Improve status text for scan error for the application migration scanner functionality
PH17272 An error is shown in the administrative console, when viewing the systemout.log.owner or thesystemerr.log.owner files
PI94624 Remove struts-legacy.jar from isclite.ear
Default Messaging Component PH16502 In WebSphere Application Server messaging engine stops due to DSRA9110E when short duration lock feature is enabled
Federated Repositories PH14099 Federated repository is not returning all requested attributes when searching
PH15390 NPE when an expected attribute is missing from LDAP entry
PH15543 CWWIM4564I saying it connected to the failover LDAP, when reconnecting with the primary LDAP
PH17028 AdminAgent console can display incorrect security configuration
PH17839 When adding an LDAP attribute that requires a boolean value, an invalidAttributeSyntax error occurs
PH18761 NullPointerException is thrown when running deregisterNode.sh wsadmin
General PH10371 lrcmd.sh script ignores values specified in soap.client.props
PH12982 "Write Interval" of HttpSession store configuration is not honored
PH13564 WOLA is not freeing IMS TPIPE after an error
PH14473 Add translations for the access denied message
PH14926 Deserializing a session loads classes form different class loaders
PH15038 Provide "medium varchar(32672) for bit data" option
PH15134 CSA shortage with WebSphere Application Server z/OS fixpack 9.0.0.9 BBOO0335E BPX1LDX load of bbodpcrt failed rc=84, reason=BDF0624
PH15733 Simpledateformat usage in JAX-RS headers class causing arrayIndexOutOfBoundsException
PH15820 OAuth provider may create a principal with Realm name prepended to user name
PH16353 Knowledge Center in WebSphere Application Server needs updated library (CVE-2015-7450)
PH16837 Unresolvable variable warning message CWLRB6203W: issued when no action is required
PH17314 Too many open files in WebSphere v8.5.5 SIBus messaging engine
PH17557 Upgrade Apache Commons BeanUtils in admin console (CVE-2019-10086)
PH18467 SEC-31: More secure password hashing for tWAS file registry
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server
Install PH15933 showSDK.sh is missing from tWAS 9.0
PH16993 Cannot install WebSphere Application Server 9.0 on Suse Linux Enterprise 15
PH17087 Remove relabel_linux.sh from WebSphere Application Server 9.0
PH17876 CRIMA1137W
PH18278 Warning message is issued when install IHS and plug-in 9.0.5.2 and 8.5.5.17 on Windows without MSVC 2013 runtime installed
Java 2 Connectivity (J2C) PH13031 oracle.jdbc.ReadTimeout setting not working using either jdbc-4.1 or jdbc-4.2 features
Java Management Extensions (JMX) or JMX Client API PH16983 Use triggerdump with request=exclusive instead of system dump
Java Message Service (JMS) PH01737 Changing default to NIO on HP platform
PH14915 At shutdown, when the fileStore is nearly full, threads persisting messages will hang
PH17473 Case sensitivity issues when headers are not being cached
PH17811 Update the IBM WebSphere MQ JCA resource adapter to version 9.1.0.3 + APAR IT30234
Java SDK PH16818 File descriptor leak in defaultFaceletFactory
JavaServer Pages (JSP) PH14966 JSF portlet bridge should not be bundled by WebSphere
JSP PH13983 Information disclosure in WebSphere Application Server (CVE-2019-4441)
Migration PH15110 Migration tool should notify the user in the case that the old value is not migrated
PH15970 Add JAXRS upgrade messages to the WASPostUpgrade log
PH16438 Migration fails in post migration step if configuration contains hostAlias defined with port="*"
PH17164 SIB service disabled during selective migration
PH18142 Running BBOWMPRO during a migration to a newer release of zWAS gets configuration mismatch error
PH18330 Migrating a cell using the clone option does not create a different profile key
Object Request Broker (ORB) PH13233 Remove unformatted trace entries
PD tools (for example: Log Analyzer) PH14607 FileNotFoundException appear when running tWAS logViewer
PH15079 Modify traceInit outputs BBOO0427E at 8.5.5.15
PH15449 No stack trace printed when nullpointerexception printed
PH17273 Collector tool does not collect properties files for IBM i platform
PH17283 Diagnostic plans utility is incompatible with the java_dump_opts
Plug-in PH13091 WebSphere plug-in has uneven distribution when multiple servers have a weight of 0
PH14563 Plug-in merge creates extra URI group when erroneous ports are within the VirtualHostGroup
PH17449 WAS HTTP plug-in fails to generate $wsra $wsrh headers
Profile PH11873 Create profile failed with java.net.uriSyntaxException: illegal character in path
Runtime and Classloader PH10673 Property com.ibm.ws.runtime.dumpShutdown=true causes two heapdumps and two Java cores during shutdown
Security PH09722 Reload the SSL runtime when certificate monitor execute
PH10457 replaceCertificate is not horned to replace a personal certificate with another personal certificate
PH11248 Information Disclosure in WebSphere Application Server (CVE-2019-4477)
PH15201 Ayyedmin console login page does not show images correctly after authentication setting is changed to non-default option
PH15965 Intermittent SECJ0129E after upgrade to 9.0.0.10 or 8.5.5.14
PH16741 Client certificate authentication not finding previously logged in subject
PH17654 WSVR0661W starts to happen after the application of 8.5.5.16
PH18217 Need to stop auditing subsystem from doing DNS lookup
Servlet Engine/Web Container PH16279 Memory leak in WebFragMergerImpl due to multiple start/stop of application without restarting the application server
PH18646 Servlet caching does not work with default context root URI
Session Initiation Protocol (SIP) Container PH15985 A Via header field in ACK requests might contain incorrect address in a dual stack environment
System Management/Repository PH14004 Path traversal vulnerability in WebSphere Application Server (CVE-2019-4442)
Web Services (for example: SOAP or UDDI or WSGW or WSIF) PH09116 NullPointerException generated due to a partial update of the EJB application
Web Services Security PH14676 OIDC IP: Omit client_secret OAuth 2.0 parameter if the client_secret is an empty string
PH15626 OIDC RP: Enable configuration of a login error url
WebSphere Common Configuration Model (WCCM) PH08678 In WebSphere V8.5.5 AdminTask.extractConfigProperties incorrectly sets the CCSID value to 0 as the default
Fix Pack 9.0.5.1
Fix release date: 20 September 2019
Last modified: 20 September 2019
Status: Superseded

Download Fix Pack 9.0.5.1
 
Component Security APAR APAR Description
Administrative Console (all non-scripting) PH09977 Some Administrative console URLs are using target=_blank
PH10210 Administrative Console Pre-Login Banner is not displayed when Client Certificate Authentication is enabled
PH11318 Do not display LOG_ROOT directories for Application Installation
PH11319 XSS issues with the WebSphere Admin Console (CVE-2019-4270)
PH12325 WebSphere Application Server Admin Console could allow a file traversal vulnerability (CVE-2019-4268)
PH12508 After upgrading WebSphere Application Server to fixpack 11 (9.0.0.11), receiving message java.io.FileNotFoundException:SRVE0190E: File not found:/LibertyAdvisorSummary
PH13030 Rename Liberty application migration analysis functionality
PH13295 Scopes in resource panels are unsorted which makes it hard to find a specific scope
PH13303 An 'Access denied' error is logged when the Liberty Advisor Summary column is populated regardless of user role
PH15351 Admin Console updates to RemoveNodeListener and AddNodeListener Servlets
PH15700 Target Java options are out of order on configure scanner page
Default Messaging Component PH07816 WebSphere Application Server V9 throws CWSIJ0047E errors after messaging engine restarts or failovers
Federated Repositories PH01831 LdapAdapter.authenticateWithPassword() discards the casual exception when throwing a new exception
PH11792 Changing WSTEMP directory to a different directory with the following property websphere.workspace.root is not being honored
PH12039 The WIM GET API does not consider the allowOperationIfReposDown setting on the realm
PH12167 Authentication fails with a cause by of illegal capacity
PI97871 Cannot change administrative user in federated repositories
General PH07819 After migrating from V8.5 to V9.0 JPA 2.1 application fails with ClassNotFoundException while loading JPA classes
PH09666 java.lang.NoClassDefFoundError: com/ibm/mq/MQXAQueueManager may occur when using MQ queues in WebSphere Application Server
PH10279 Websocket client side connect does not set http query parameters
PH11818 Unnecessary annotation scan happens if a class implements java.util.EventListener
PH12312 Admin agent environments are unable to create migration reports through the console or wsadmin
PH12467 WsSessionInvalidatorThread should have a thread number
PH12630 JSESSIONID cookies may contain two consecutive dashes
PH13339 Implement fine grain permissions for migration commands
PH13638 Message CWSJR1138E was issued for JMS create session
PH13786 ABENDCC3 RSN040E0001 in local communication close processing
PH13798 Error resulting from PH09335 when USER_INSTALL_ROOT is unset
PH13807 NullPointerException in the Sib code may happen when Cross Component Trace is enabled
PH14088 Disabling isolation of third-party JAX-RS providers causes FileNotFoundException
PH14124 The updated version 19.0.0.3 in the binary scanner needs to be added in WebSphere Application Server traditional
PH14351 Update the binary scanner in tWAS to 19.0.0.3.1
PI11818 Info Center does not mention whether the clean up setting can affect or remove component versions that are attached to a snapshot
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server
Identity Management PH18467 Enhanced file-based and database repository password hashing algorithms
Install PH11170 Incorrect output of versionInfo -fixpacks
Intelligent Management Component PH11807 Routing policy HTTP rules console page broken and validation for duplicate ODR rules not throwing proper error
PH12773 Add/Remove neighbor loop with messages ODCF8041I, ODCF8040I, and CWOBB1009W
PH14613 Intermittent child process crashes on IBM HTTP Server and APACHE with intelligent management plug-in enabled
PH14796 /MiddlewareAgentRPCService/noadmin allows for arbitrary file access of files in the WAS/profiles/dmgr directory
Java 2 Connectivity (J2C) PH10198 2CA0695E: Unable to find primary pool manager during failover processing for a resource with a JNDI name of ibm/cm
PH12983 Missing mcwrapper id in J2C trace when a connection has reached its aged timeout
PH13915 High CPU when synchronizing resources.xml
Java Message Service (JMS) PH13273 Termination hung due to deadlocked threads in CR
PH15088 Attempting to create a managed DUPS_OK JMS session outside a global transaction results in an AUTO_ACKNOWLEDGE session being created
Java Persistence API (JPA) PH07008 Have OpenJPA updates the descriminator class cache as classes becomeloaded and registered in the metadata repository
PH13889 OpenJPA enhanced classes version change causes warning
Java SDK PH09730 ClassNotFoundException that occurs during JSF initialization
JavaServer Pages (JSP) PH12946 StringIndexOutOfBoundsException when using JSF 2.2 in Liberty
Migration PH14471 Need to suppress checkpoint messages during WASPreUpgrade operation
PH14583 WASPostUpgrade does not allow the option -clone true to be used with the option -setPorts useOld
PH14635 WASPreUpgrade in remote migration jar does not work on zLinux
PH15019 Spaces in the application name causes migration failure as WASMigrationAppInstaller gets parsing error
PH15020 When multiple applications are migrated as the same time, some may not get migrated
PH15060 WASPreUpgrade - The plug-ins directory was not in the list of WAS_INSTALL_ROOT protected directories
PH15373 Dmgr CoreGroup template is not found
Other PH13095 If the admin agent console times out, the username/password must be provided twice
PD tools (for example: Log Analyzer) PH12910 java.lang.StringIndexOutOfBoundsException & SRVE0232E occur while accessing admin console
PH14673 WAS Diag Plan summary log showing a wrong trace dump file directory
Plug-in PH09316 New plugin configuration copies the etc/plugin-key.rdb file unnecessarily
PH11287 Web server Plug-in crashed in memcpy call ws_ReallySendRequest function
PH14125 Allow empty reason phrase on 100-Continue
Security PH06574 When creating a new webserver definition in the integrated solutions console, plugin-key.kdb (CMS keystrore) is not generated
System Management/Repository PH10218 Logging for JVM is not showing up on the console
PH11113 Cannot map a J2EE role named role to users and groups
PH12932 Missing Javadoc in the ManagedObjectMetadataHelper APIs
Transaction Service PH07541 Transaction scoped observers do not fire
PI95615 Application server startup fails with the message Base product version for node myNode is not available
Web Services (for example: SOAP or UDDI or WSGW or WSIF) PH08025 J2CA0045E on WebSphere Application Server V9 when a Web service uses a connection factory
PH10556 The <dmgr_profile>/temp/wscache/installExtract folder is not being cleaned up after the deployment or after DMGR restart
PH11905 Increased deployment manager startup time is caused by inefficient data structure
Web Services Security PH11684 OIDC: Failed to validate id token, exception thrown during verify [JsonObject]
PH13175 Tokens are not revoked when sessions are evicted from the cache
PH13533 Web Service request containing WS-AT Context fails if provider Web Service is configured to support WS-RM
WebSphere Common Configuration Model (WCCM) PH08461 During DMGR startup the /tmp folder is filling up and preventing the DMGR from starting
PH09294 Slow application startup for applications with many files
PH12669 NullPointerException occurs in EMF due to concurrent initialization
PH13545 Temporary files created during application deployment are never deleted
 
Refresh Pack 9.0.5.0
Fix release date: 28 June 2019
Last modified: 28 June 2019
Status: Superseded

Download Refresh Pack 9.0.5.0
Component Security APAR APAR Description
Administrative Console (all non-scripting) PH10072 Add secure attribute to cookies
PH10464 URLs based on the admin console return error 500
PH10816 Serviceability issues for Liberty advisor feature
PH10824 UI bug fixes and changes for liberty advisor feature
PH10831 Add color to navigation border to make color change more visible
PH11381 Information Disclosure in WebSphere Application Server Admin Console (CVE-2019-4269)
EJB Container PH08828 OutOfMemory in InjectionEngine cache
PH12563 Support JIT deploy of EJB 1.x and 2.x modules
Federated Repositories PH05207 NullPointerException occurs when nameInRepository is not set in wimconfig.xml
PH08837 LDAP search fails with numberFormatException
PH10154 Group members are not listed (in manage users/groups) when domainNameForAuomaticDiscoveryOfLDAPServers is configured
PH11325 In rare cases, the federated repository attributes cache will store an attribute beyond the specified cache timeout
General PH01829 lrcmd command fails with socketTimeoutException
PH04833 Java batch scheduler in WebSphere V8.5.5 running OutOfMemory
PH05228 JSF portlet fails with illegalStateException when processing JSP
PH06301 CWLRB6179E: Failed to invoke EndPointCRMBean
PH07176 Checkpoint throws WKSP0009E error message
PH08375 WASServiceHelper.bat builds command contains "stopargs" twice
PH08510 WSGrid fails with java.lang.runtimeException: parse error 1
PH08548 The number of concurrent sub jobs running under a top-level batch job may exceed the configured maximum
PH08683 Fix tracing NPE in wasJaxrsClientTimeoutInterceptor
PH08898 WebSphere V8.5.5 job scheduler throws NullPointerException
PH08920 ConcurrentModificationException at CDI code
PH08934 MQ listener port stopped working after upgrading to WebSphere V9.0.0.9
PH08993 CWLRB6203W is issued for properties which do not need a value
PH09233 CDI application with WEB-INF libary fails to start in loose config
PH09335 Managesdk.sh does not set user.install.root
PH09407 CommonExtensionsHelper class prints out a lot of information messages
PH09657 Usage Metering discards metrics on HTTP 500 response from metering service
PH10119 Add support for CICS 5.5 to optimized local adapters
PH10333 During extension of clusters jobs abended with rc=12 and existing endpoints are not found
PH10372 High memory usage consumed by logViewer
PH10542 java.lang.noClassDefFoundError: com.ibm.websphere.csi.j2eeName
PH10640 Versioninfo.bat returns the error "The system cannot find the path specified"
PH10843 Javamail password hardcoded to null in the trace
PH11142 Running the wctcmd.bat from outside of the <wct_root> directory causes
PH11334 Need to check users tWAS version and source Java version
PH11542 DefaultApplication changed in 9.0.0.11
PH12012 WebSphere Application Server V8.5 causing delay in J2C method "entering timing:"
PH12252 CDI cannot function with per module hot restarts. Currently it disables them on any app where CDI is enabled
PH12499 Upgrade JAXRS2.0 in WebSphere Application Server from Version 3.0.3 to 3.1.18
PH12560 Support customization of usage metering metrics
High Availability (HA) PH08584 Moving dynamic cluster to new core group fails to update dynamic cluster s server template
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server
Install PH09811 Installation of tWAS V90 offerings were not blocked on Suse 11 patch
Intelligent Management Component PH07819 Remove DOM package version from VE import
PH09810 Health Controller stops working when executing Health Policy actions
PH11655 OVERLAY_ TCP_ LISTENER_ ADDRESS port can be used to execute arbitrary code across cells
PH12533 Admin Console allows Client-side HTTP Parameter Pollution and xss
Java 2 Connectivity (J2C) PH04931 FFDC for java.lang.illegalStateException logged intermittently while many transactions starting in parallel is not a problem
PH07318 WAS does not properly handle exception thrown by Db2 driver
Java Message Service (JMS) PH09048 During TIBCO EMS server failover, transaction rollback issues may occur that lead to stuck messages on the TIBCO queue
PH09262 Update IBM WebSphere MQ JCA resource adapter to 9.1.0.1
PH09750 Hanging threads in com.ibm.ejs.jms.jmsQueueConnectionHandle.createQueueSession
PH11186 HTTP inbound channel custom properties trustedHeaderOrigin and trustedSensitiveHeaderOrigin do not work properly on z/OS
Java SDK PH06008 After migration from WAS 9.0.0.5 to WAS 9.0.0.6 JSF failed with unable to create view "/web/common/loginsuccessblank.xhtml"
JSP PH08381 JSP compilation error when using line comment within JSP expression
PH11216 Redirect context root for missing slash fails in WAS V9.0 and Liberty when using HTTPS connection
Migration PH07835 Migrating a cell using the clone option does not create a different coreGroupUID
PH07936 Migrating to WAS V9.0 but application did not get deployed
PH09937 After migration, create element automatically that not exist before migration
PH10778 Selective migrations fixes
PI98398 Migration job BBOMDINS incorrectly refers to install_all_apps.py instead of new tool WASMigrationAppInstaller.sh
Plug-in PH08290 Plugin needs to provide some GSKit scripts
PH08740 Apache v2.4 web server plug-in crashed caused by a conflict withmod_was_ap22_http and mod_hpfilter2.4
PH08998 WebSphere plug-in process is not properly cleaned up when using Apache piped logger rotatelogs
PH09034 Set default connectionTTL to 28 if not present in configuration for the WebSphere Webserver plugin
PH09316 New plugin configuration copies the etc/plugin-key.rdb file unnecessarily
PH09639 HTML dashboards fail in web query with HTTP 500 when running in IE or Firefox
PH10258 ODRPortPathPrefix cannot be added from the WebSphere admin console
PH10504 Servlet request remote address value is incorrect with WAS 8.5.5.15 plugins fix pack level
Runtime and Classloader PH05460 Emit diagnostics for OSGIi unsatisfied bundle constraints diagnostics when starting a server
PH12606 Store application classes in shared class cache to improve server startup
PI91529 NullPointerException is thrown when processing application deployment.xml file
PI95165 java.lang.illegalStateException can occur when an updated CDI application is republished to WAS
PI97290 NullPointerExceptions while enabling the classloader traces
Security PH04135 Behavior difference in getRemoteUser() and getUsePrincipal() in V8.5.5 vs V9.0.0 when JASPIC is configured
PH06236 When selecting a certificate alias with mixed case an SECJ7428E error is recieved
PH08265 Cannot remove audit notification: SECJ7387E: Audit notification in use
PH09574 PI97974 was about LDAP search filter issue, which did not handle parenthesis correctly
Servlet Engine/Web Container PH10240 Add trace to display virtual host mapping for a request
PI99214 Error message "SRVE0190E: file not found: {0}" is missing file name
Session Initiation Protocol (SIP) Container PH07841 SIP parse errors seem to put the parsing thread into a tight loop indefinitely
System Management/Repository PH07140 Editing an application with EJB content in a WAR module may experience slow performance
PH10565 Stopping an application server with wrong user or/and password failed with error from stack trace
PH10810 Improve ADMA0245W message to include permission problem
Transaction Service PH05716 Backend JVM received mis-routed transactional protocol request needs to send back proper exception
Web Services Security PH08391 Set WebSphere Application Server saml cookie to httpOnly
PH08804 OIDC RP default identifiers are not available when customs are configured
PH10503 OIDC RelyingParty TAI sessionCacheTimeoutMinutes is in seconds
PH10892 OIDC RP has no api for obtaining tokens or manually triggering access token refresh
PH11107 OIDC RP always includes port number on redirect_uri parameter
PH12520 OIDC: Enable JWT SSO in WebSphere Applicaiton Server
WebSphere Common Configuration Model (WCCM) PH08461 During dmgr startup the /tmp folder is filling up and preventing the dmgr from starting
Fix Pack 9.0.0.11
Fix release date: 5 April 2019
Last modified: 5 April 2019
Status: Superseded

Download Fix Pack 9.0.0.11
 
Component Security APAR APAR Description
Administrative Console (all non-scripting) PH05129 Prompt user for confirmation of stop cluster
PH05812 The restart does not alway work because of a change to the JVM so this provides a system property to stop/wait/restart instead
PH06242 Change background color for admin console (RFE 120205)
PH06889 Problems changing web_install_root and config path
PH07676
Potential denial of service in WebSphere Application Server Admin Console (CVE-2019-4080)
PH07698 Incorrect application status for web server in target specific application status display
PH07915 Update Admin Console jsp to remedy false error
PH08979 Data power panels may show html in messages when creating objects
PH09151 Add liberty migration effort details to application collection page in admin console
EJB Container PH01591 Nonpersistent EJB timer dying if timeout throws exception on last retry
PH04528 Scheduler failed after migration com.ibm.ws.ejbcontainer.util.ScheduleExpressionParserException: second: value not valid in string: null
PH06774 ConcurrentModificationException from ReferenceContext starting web application
Enterprise Edition (EE) PH04187 Issue with the Windows 125x support in XLXP during conversion of bytes to UTF-8
Federated Repositories PH02868 Automatic discovery of LDAP servers fails with EntryNotFoundException
General PH00071 WebSphere z/OS 8.5.5.12 ABEND 0C4 in ORB_Request::setSystemException in control region
PH00353 JAX-WS web service requests may fail when using an unmanaged client and Java 8 if WS-Policy is used
PH00738 Push CDI beans to HTTP session on access
PH03222 CWNEN0044E javax.xml.ws.WebServiceContext failed to resolve when started in adjunct
PH03840 Attempting to create a new ilcontainer after sqlexception causes com.ibm.websphere.batch.ilc.ilcontainerexception
PH04583 RuntimeException in VapBinaryStreamToSerializableObjectConverter
PH04653 Updated CPU limit (--cpus) not recognized by usage metering feature
PH04727 Illegal locale value : zh-Hans-CN
PH05071 JVM hang when calling GarbageCollectorMXBean.getLastGcInfo for usageMetering-1.0
PH05126 Provide support for com.ibm.websphere.jaxrs.server.DisableIBMEJBJAXRSInEJBJarsupport
PH05157 When web request is processed, check that the affinity server has deployed the endpoint
PH05579 z/OS ABEND130 RC02350001 during invalidation of a session following HttpServletRequestWrapper.changeSessionId
PH05700 was-usage-metering.properties does not work in cluster name directory
PH06475 Override eclipselink JDBC parameter binding
PH07141 Increase grammar's unresolved component cache size
PH07228 Final usage metrics not submitted on server shutdown
PH07247 Unnecessary HttpHostConnectException FFDC logged for usage metering
PH08182 Invocation.builder#acceptlanguage() sets an invalid accept-language header
PI92331 Large object com/ibm/xml/xml4j/internal/s1/util/symboltable$entry arrays
PI92638 Reduce the amount of classloading performed by CDI
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server
Install PH08611 Add pre-requisite checker for Visual Studio 2013 runtime
Intelligent Management Component PH05157 When web request is processed, check that the affinity server has deployed the endpoint
PH05544 Custom property `HttpSessionCloneId` set at the sessionManager scope is not honored by ODC resulting in broken affinity
PH05754 Cannot set a timeout for URLReturnCodeMetric which can cause blocking of other metrics
PH06668 ARFM5024E: ARFM suffered unexpected exception while handling ODC event: com.ibm.wsspi.odc.ODCException: A svcgoal has no relationship with the following: cell (EXCM_HAS_NO_RELATIONSHIP1)
PH07605 AIX ODRLIB starts generating 404s after many odrlib restarts
PH07725 Cross-site scripting vulnerability in WebSphere Application Server Admin Console (CVE-2019-4030)
PH08082 String concatenation issue with intelligent management for web servers plug-in causes 404 error
PH08503 Configured cluster level resources are dropped when a dynamic cluster scales to zero members and back up again.
Java 2 Connectivity (J2C) PI97241 Server hang on server shutdown due to deadlock
Java Message Service (JMS) PH02713 Contention for the intrinsic lock in the JMSConnectionHandle.createSession method
PH06340 Potential denial of service vulnerability in WebSphere Application Server (CVE-2019-4046)
PH07036 Potential vulnerability in WebSphere Application Server (CVE-2018-1902)
PI95709 PreferredServerList are not saved as the sequence as defined by client
Java Persistence API (JPA) PH04012 Changing JPA spec level does not reset provider implementation class if one is set
Java SDK PH06389 JSF can leak JarFiles causing problems with application removal
Messaging Providers PH05525 WLM is failing the SIB destination lookup even though messaging engine is running without any issues
PH05890 Unexpected response from WebSphere Application Server to datapower client request
Migration PH02818 Not all virtual host entries migrate when migrating to WAS v9.0
PH05565 Security domain definitions were not migrated correctly
PH06386 migration.sh is not supported on Solaris and should not be packaged
PH06941 SyntaxError: string constant too large in WASPostUpgrade application deployment
PH08887 Migration enhancements for WCMT4IC
Object Request Broker (ORB) PH08205 SMF 120 subtype 9 records should report the value of cvtzcbp
PD tools (for example: Log Analyzer) PH04941 Trace triggered by trace for use under L2 direction
PH06130 Trace to memory buffer stopped working when HPEL is enabled
Plug-in PH04047 WAS plug-in V9 for IHS V9 and Apache 2.4. forward useragent_ip to support use of mod_remoteip in IHS V9 and Apache 2.4
PH06308 WebSphere webserver plugin crashes when handling websocket request in ESI cache
PH07999 WebSphere 9.0 plugin using SSL fails to read entire message above 8k in size
PMI/Performance Tools PH05033 JVM runtime - ProcessCpuUsage counter shows zero value
PH05230 Count not present in the perfServlet xml output, under count TimeStatistic not present in the perfServlet xml
Profile PH08731 Increase default config file system size for WAS V9 dmgr/default/cell on z/OS on zPMT gui
Programming Model Extensions (PME) PH03333 Deadlock situation in DefaultWorkManager:AlarmManager
PH06673 WorkItem.getResult may return null and this cause NPE in customer's asyncbean application
Runtime and Classloader PH01742 Fix pack 9.0.0.7 or 9.0.0.8, did not update JPA configuration file correctly
PI83239 After upgrade to WebSphere 8.5, some applications using JAXB classes have noClassDefFoundError messages
PI88219 WSVR0320W warning messages due to the deprecated module deployment classloading mode
PI91331 Isolated shared library's parent is missing in the search path
PI99339 NoSuchMethodException generated for the missing method in the UrlStreamHandlerAdapter
Security PH02480 CMSKeystore is removed when webserver deletion is on hold without admin config save
PH05769 Weaker than expected security with WebSphere Application Server with SP800-131 transition mode (CVE-2018-1996)
PH07760 Correction for PH02461
PI98604 CWPKI0666E: certificate "certificatealias " is not a personal certificate
System Management/Repository PH03989 Issues with autodeploy feature on was 8.5.5 after applying Fixpack 13
PH06545 AdminApp.edit command may not update servers correctly when using the MapModulesToServers option
PH07946 Running managesdk on a node works but it modifies a JVM on another node
Transaction Service PH02450 WS-AT keeps consuming WebContainer threads
Web Services Security PH02192 tWAS OIDC RP extra <br/> tag added in saved post body
PH03525 OIDC TAI may not intercept requests to http:// endpoints
PH04344 Invalidate SAML token when user logs out from WebSphere application
PH07297 Denial of Service vulnerability in Guava (CVE-2018-10237)
WebSphere Common Configuration Model (WCCM) PH01005 NullPointerException when application provides a Xalan.jar
PH06565 <multi-config> child elements are added to web.xml/web-merged.xml
Fix Pack 9.0.0.10
Fix release date: 14 December 2018
Last modified: 14 December 2018
Status: Superseded

Download Fix Pack 9.0.0.10

Component Security APAR APAR Description
Administrative Console (all non-scripting) PH01617 Potential file traversal in WebSphere Application Server (CVE-2018-1770)
PH01621 Potential cross-site scripting in WebSphere Application Server Admin console (CVE-2018-1777)
PH01735 Inputting an invalid webserver conf file path on the console produces a blank page
PH02638 Getting blank screen in dmgr console when trying to update server template in dynamic cluster
PH04192 Potential XML External Entity Injection (XXE) with Knowledge Center deployed on WebSphere Application Server (CVE-2018-1905)
PI98354 No test connection button for operator role in dataSourceName page in adminconsole
Default Messaging Component PH00027 After migrating to WebSphere Application Server V9, the CWSID0046E error is seen in the logs
Dynamic Cache PH02049 Cross-site scripting vulnerability in cache monitor (CVE-2018-1767)
Embedded/Express PH01284 Clean server OSGI cache on restart after hard shutdown
Enterprise Edition (EE) PH02564 Outstanding request counters have incorrect values
Federated Repositories PH02811 Privilege escalation vulnerability in WebSphere Application Server (CVE-2018-1901)
General PH00908 WASX7487E(bluemixutility.py) happens on remote wsadmin client
PH01108 NPE in CDI weld when migrating from WebSphere Java 6 to Java 8
PH01368 SAXParserFactory could not be instantiated
PH01590 ras_default_msg_dd rerouted messages should be formatted with a timestamp
PH01681 Case then and else scalar expression constants should not be casted to case operand type
PH01753 Potential security exposure in WebSphere OAuth 2.0 client (CVE-2018-1794)
PH01832 High CPU observed on the dmgr process driven by VisualizationEngine.CacheWorkItemsTP thread
PH02014 Infinite loop scanning multi-release jars for annotations
PH02031 Potential directory traversal vulnerability in WebSphere Application Server (CVE-2018-1797)
PH02063 Potential security bypass in WebSphere Application Server with Expression Language EL (CVE-2014-7810)
PH02310 Wctcmd command does not create a webserver definition
PH02564 Outstanding request counters have incorrect values
PH02919 Migration policy set issue
PH02992 Eclipselink: add support for null foreignkeys with unidirectional one to many relationship
PH03324 Validation cluster may not appear on the Administrative Console when using Application Editioning Validation capability
PH03492 Potential Cross-site scripting in SIBMsgMigrationUtility (CVE-2018-1798)
PH03514 When multiple JAX-RS applications are in the same war, WebSphere may select a provider from the wrong application
PH03523 Eclipselink criteria api does not support muliple constructors
PH03604 Update apache Batik SVG toolkit library to 1.10
PH03710 Annotation scanning include-filters not working
PH04119 Administrative Console `Runtime Operations > Applications` panel does not properly report application status
PH04234 Potential cross-site request forgery in WebSphere Application Server  Admin Console (CVE-2018-1926)
PH04886 Deadlock in DMGR when federating primary portal node
PI95333 There is no way to detect if a compute grid batch job is producing grossly excessive output in its job log
PI97045 Invalid content-type header logs arrayIndexOutOfBoundsException
PI97786 Eclipselink throws "argument type mismatch" for JPQL case expression
PI99507 Native outOfMemory errors due thread leak in OTIS connection handling
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server
Install PH02507 Cannot install WebSphere 9.0.0.7 or 9.0.0.8 on AIX 6.1
Java 2 Connectivity (J2C) PH02222 FreePoolSize reported incorrect count in TPV
Java Message Service (JMS) PH01447 Improvement to SSL closing handshake
PI98757 CreateContext() calls fail for MQ provider using client-then-bindings mode
Java Persistence API (JPA) PH01768 Deadlock potential exists with orm xml processing for OpenJPA
PH02349 J2CA1004E seen in adjunct region
PI96578 A third-party JPA provider may throw an exception at the end of Local Transaction boundaries
Java SDK PH01566 JSF application initialization fails if the Faces Servlet mapping is only defined in a web-fragment.xml
PH03268 NPE at JSF initialization
PH04382 A context map in the JSF myfaces code is not being removed when the JSF viewscope bean is destroyed
Migration PH01746 Potential privilege escalation vulnerability in WebSphere Application Server after migration (CVE-2018-1840)
PH01984 java.lang.nosuchmethodexception
PH02468 Node_discovery_address port for federated node is 0 after remote clone migration
PI98695 Dmgr cannot get status of node after migrating dmgr with clone true and migrating federated node with clone false
Object Request Broker (ORB) PH01699 S0E0 abend with reason code 28 in orb_request::~orb_request()
PH03646 Daemon ABEND0C4 in bboclssa and possible termination
PI94719 WebSphere abend=00dc3000 rsncode=0a150001 moving node to new fix pack level
PD tools (for example: Log Analyzer) PH05042 Traditional WAS HPEL logging json format
PMI/Performance Tools PH01816 NullPointerException in repositorycache.getrcsdatasourceresources
Runtime and Classloader PH02197 Server assocated shared libraries not being picked up by WebSphere Application Server
Security PH00886 Improve formlogout processing
PH01676 createKrbConfigFile command leaves pipe character in Kerberos config file for encrypt types
PH02461 Modifying OIDC rp custom properites in a security domain via the admin console resulted in duplicates
PH04562 Potential information disclosure in WebSphere Application Server (CVE-2018-1957)
PI97974 Invalid user id that contains a parenthesis should be escaped for standalone ldap configuration
Session Initiation Protocol (SIP) Container PH01070 In a multi-homed environment a Via header field might not be set to the preferred outbound address
System Management/Repository PH01546 JVM custom property to disable node synchronization
PH02503 Server creation fails with NPE due to leftover application folders
PH03986 Code execution vulnerability in WebSphere Application Server (CVE-2018-1567)
PH04060 Code execution vulnerability in WebSphere Application Server (CVE-2018-1904)
PI91977 WebSphere Application Server config files length zero bytes
PI95973 Code execution vulnerability in WebSphere Application Server (CVE-2018-1567)
Transaction Service PH02967 NoClassDefFoundError initializing the Java EE application client environment
Web Services Security PH00569 Openid Connect relying party handling of id_token expiry is not configurable
PH01752 Possible security exposure in WebSphere saml web SSO (CVE-2018-1793)
WebSphere Common Configuration Model (WCCM) PI98177 Package objects not available from archive class loaders
Fix Pack 9.0.0.9
Fix release date: 21 September 2018
Last modified: 21 September 2018
Status: Superseded

Download Fix Pack 9.0.0.9

Component
Security APAR
APAR
Description
Administrative Console (all non-scripting) PI98780 Web server definition show incorrect status
PI99077 Options menu to set log trace pops up but does not set trace
PI99675 The kc.log file is being written under the user's home directory
Administrative Scripting Tools (for example: wsadmin or ANT) PI97106 Allow to create custom property with leading space
Contexts and Dependency Injection (CDI) PH00063 Injectionpoint parameter issue incompatible reference - @inject java.lang.reflect.method
Default Messaging Component PI86995 Errors captured in SIB logs within output of objectMessage.toString()
EJB Container PI95982 timer.getInfo() not properly returning new instance
PI96086 Nested EJB async method calls not honoring nested get(timeout, unit) timeouts
Federated Repositories PI88864 Duplicate users returned if LDAP connectivity errors occur during paged searches
PI93552 java.lang.runtimeException: an invalid XML character (Unicode: 0x0) was found in the element content:group
General PH00250 EclipseLink MapsId processing failure with nested embeddable ids with common persistent field names
PH00438 Provide switch to disable isolation of third-party JAX-RS providers
PH01114 CDI fails to parse xml objects
PH01221 Potential man-in-the-middle attack in WebSphere Application Server for JAXRS (CVE-2018-8039)
PH01352 Node-agent high CPU after TCPIP is forcefully stopped on z/OS
PH01719 Infra update for JDK 9/10/11 support for EclipseLink
PH01810 Provide connectivity with IBM Cloud Private metering
PI79520 Compute Grid Proxy job abends with CC 4084
PI85709 Add Watchdog timer to write waits on closing
PI89701 ODC error logic that runs on the dmgr is erroneously removing OSGI app data from the ODC data structures resulting in 404
PI92847 JPQLl with trim is not handled properly and it results in databaseException
PI95906 It takes very long time to update EBA
PI95971 The namespace prefix appresources is undeclared
PI96427 When mail trace is enabled passwords are changed to be *******
PI96471 Submit jobs option not available in WebSphere V8.5.5 JMC
PI96615 OTiS application uses wrong virtual host if we create the dmgr profile as a part of cell profile
PI97162 Multiple vulnerabilities in Apache Struts and Apache Commons that is used by WebSphere Application Server UDDI
PI97945 EclipselLnk JPA provider does not update version column as a bulk update parameter
PI97986 StringIndexOutOfBoundsException occurs when reading custom routing policies for OSGi applications
PI98187 HAMI0015E: Encountered an error activating member <null>. Exception was java.lang.NullPointerException v2
PI98400 Mail engine does not process password specified in mailsession
PI99036 When using runtime provisioning in the dmgr, the help functions for the admin console are not available
PI99123 Message checkin for RTC247424.3 serviceability improvement feature
PI99361 Upon deployment, the <context-root uri..> entry in the ibm-web-ext.xml is changing position within the file
PI99410 NPE happened in the SNMP agent systemout.log
PI99546 NPE during shutdown at com.ibm.ws.bbson.interest.InterestManagerImpl$InterestAlarmListener.sendMsgs(InterestManagerImpl.java:1264)
PI99672 Remove the first_rows hint from Oracle V10+ pagination queries
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server
IBM i PI95735 stopServer/stopNode/stopManager scripts hang when LOGOUTPUT is set to *PND in QWASJOBD
Install PH00270 versioninfo command of WebSphere Customization Toolbox does not work
PH00358 Cannot install 9.0 Caching Proxy with CBR feature on windows
PI98012 Warning message during the ifix installation of IHS v9
Java 2 Connectivity (J2C) PH00304 WAS Liberty not respecting max connection pool setting
PI93901 NullPointerException in admin console when trying to display connection factory status for CICSECI resource adapter
PI96072 NullPointerException in com.ibm.ejs.j2c.j2cutili
PI97372 Intermittent J2CA0046E/NullPointerException when obtaining a connection from datasource
PI98542 Error in pretest SQL string may result in unhandled open connections to db server
Java Message Service (JMS) PH00865 Update the IBM WebSphere MQ JCA resource adapter to the latest version 9.0.0.4
PI96735 Access log "maxfiles" attribute not working as intended with value of 0
Java Persistence API (JPA) PI97483

Eclipselink re-sorts insert and removes statements within a transaction
PI97686 OpenJPA query cache miss results in classCastException
PI97786 Eclipselink thros "Argument type mismatch" for JPQL case expression
Migration PH01218 Remote migration jar WASPreUpgrade.bat fails when path to java contains a space
PI98798 MIGR0573W seen running WASPreUpgrade on node profiles
Other PI97486 Left panel of admin console does not disappear after auto log-off due to session timeout
PD tools (for example: Log Analyzer) PH00472 Diagnostic plan cannot match messages from system.out or system.err
PH01211 TRAS0018I missing when using "modify servername, tracejava"
PMI/Performance Tools PI97663 NPE in perfmodules.getConfigFromXmlFile
Programming Model Extensions (PME) PI96604 StreamCorruptedException in workarea on WAS V8.5 with JDK 8.0.5.5 (sr5/fp5)
PI96800 CDI resource injection does not work for managedExecutorService
Security PI94230 Certificate monitor does not refresh RSA keys after renewal
PI94239 Certificate monitor leaves temporary workspace
PI94291 Certificate notification not working with SMTP mail server
PI97276 Typo in empty truststore message
PI98768 Weaker than expected security using WebSphere Application Server(CVE-2018-1719)
Servlet Engine/Web Container PH01798 Improve message "SRVE0080E:Invalid content length"
System Management/Repository PH00755 Fixing concurrentModificationException reported during multi sync operation
PI69603 Extra data in FFDC file generated by JSR160RMIConnectorClient.reconnect exception
PI99486 Incorrect JDKSourceLevel values added when using "precompile javaserver pages files" during application deployment
Transaction Service PI93971 Control region terminates after WTRN0108I: contextDisassociation. Unexpected state: 3 and FailedXAResources = true
PI96153 The CWRLS0030 message in V9 has a link to a troubleshooting article in the WebSphere V855 knowledge center
Web Services (for example: SOAP or UDDI or WSGW or WSIF) PI88318 Incorrect version number was displayed when running endptEnabler.sh or endptEnabler.bat
PI92940 Avoid sudden high CPU usage and threads hung on busy servers
Web Services Security
PI78804 Information disclosure in WebSphere Application Server using SAML (CVE-2018-1614)
PI94538 OpenID connect relying party does not invoke the revocation endpoint on the OP during logout
PI95884 JAX-WS WS-Security cannot use SHA384 or SHA512 digest algorithms
PI96508 OIDC RP may not connect to token endpoint due to SSL handshake_failure
WebSphere Common Configuration Model (WCCM) PH00201 jsp_2_2.xsd is not packaged in the com.ibm.ws.wccm.jar
PI97612 Unset deployment descriptor attributes become set during deployment with web.xml using servlet 2.5 schema
PI98450 Improve performance of detection of multi-release jars
z/OS PI97012 CICS throws resp=8 resp2=34 going inbound via WOLA when servant is not started

Fix Pack 9.0.0.8
Fix release date: 29 June 2018
Last modified: 29 June 2018
Status: Superseded

Download Fix Pack 9.0.0.8

Component
Security APAR
APAR
Description
Administrative Console (all non-scripting) PI90487 Start/stop of Webserver from the admin console fails after a change to the ProcessDef StartComamdArgs or StopCommandArgs
PI92079 Duplicate ports are assigned when the node uses different host alias in same host machine where the dmgr is running
PI92185 Accessing the admin console on the MS Edge browser causes some issues in the UI
PI92241 Admin console command assistance gave wrong output for EJBTimer configuration
PI92513 MANIFEST.MF file in isclite.ear does not get updated correctly with fix pack upgrade
PI92600 SIB admin panels render incorrectly
PI94097 "rollout update" option not shown during application update for users with both deployer and operator role
PI94144 ORB connection cache mimimum can not be set to 1 in the admin-console
PI95655 Bypass security vulnerability restrictions in WebSphere Applicaton Server Admin Console (CVE-2015-0899)
PI95769 Dropdown menus for certain panels don't get populated
PI98312 Russian Translation for OK Button
        ✓ PI98928 Potential vulnerability in WebSphere Application Server (CVE-2015-0899)
Administrative Scripting Tools (for example: wsadmin or ANT) PI94447 AdminApplication.getAppDeploymentTarget returns incorrect values
Contexts and Dependency Injection (CDI) PI94494 Lookup for the java:app results in ConfigurationException if the lookup happens during the startup of the application
PI95074

weld-2466 null pointer exception in webservice calls
Default Messaging Component PI85830 JMS transit through the SIB corrupts double byte charactes
PI87338 Expired messages is not be handled correctly when messaging engine restarts
Double Byte Charatcer Set (DBCS) PI94519 UserInternationalization javadoc contains broken links
Dynamic Cache PI96665 Servlet caching does not support HTTP 1.1 transfer-encoding: chunked requests
EJB Container PI92731 "CORBA.MARSHAL: Incompatibility between Stub and Tie" on WebSphere scheduler application
PI93822 EJB auto-link fails for Java:global with beanName provided
PI93950 NullPointerException from EJSContainer postInvoke() method
PI93952 CWNEN0030E when multiple deployed editions of an application contain the same environment entries
PI95215 MessageEndpoints are not properly released
EJBDeploy (WSAD) PI97841 Add missing database options to EJBDeploy on admin console
Enterprise Edition (EE) PI93221 NullPointerException during JAXB.Unmarshal for @XmlMixed list
Federated Repositories PI88438 When defining a root Base DN for a federated repository, display and login problems occur
PI90846 Exception occurs when a mapping exists for PersonAccount or Group, but not both
PI91971 Poor performance using file-based registry under load
PI92274 Server fails to start when Domino Ldap server is not reachable
PI93225 Users logging in with parentheses in their names cause "unbalanced parethesis error"
General PI95676 In use count can be wrong after APAR PI77049 - causing ABEND=00DC3000 RSNCODE=0A150001
PI56169 Wrong id logged when stopping an app server through the admin console
PI88319 Expired SIB messages might not be deleted after a messaging engine failure
PI90792 PluginMerge script has issue when merge the ODR generated plugin with cell generated plugin
PI91256 ODCF8101E java.lang.NullPointerException thrown
PI91323 Injection exception: java.lang.IllegalArgumentException
PI92056 Postinstaller messages are not printing out special characters
PI92182 The server stop processing gets hung up in SIB component
PI92477 WELD-2447 Client proxy serialization support should be container agnostic
PI92638 Reduce the amount of classloading performed by CDI
PI93374 Session Affinity can be broken and result in erroneous 503s
PI94745 Intelligent Management enabled Plugin crashes from memory corruption errors after freeing webmodules on routing table updates
PI95381 OAuth 2.0 configured in a security domain may fail to initialize
PI95821 Stabilize Product Insights Enablement
PI96041 Incorrect headers in outbound request with JAX-RS 1.1
PI96187 Update bluemixUtility command for data sovereignty regulations
PI96443 Session not created on the database after changesessionid()
PI96616 Enable OSGI option cleanupOnSave
PI96685 Information disclosure in Apache Commons HttpClient used by WebSphere Application Server (CVE-2012-5783)
PI96748 Enhance workspace code to help reduce OOM problem
PI96826 IllegalArgumentException in classreader during the annotation scan
PI97338 WebSphere Application Server diagnostic plan
PI97881 Do not give creational contexts to non-contextual managed object
PI97986 StringIndexOutOfBoundsException occurs when reading custom routing policies for OSGi applications
High Availability (HA) PI94999 HMGR0232E exceptions happen when creating core group bridges in a cell
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server
IBM i PI97368 IBM i deploying .war through /httpadmin interface fails
Java 2 Connectivity (J2C) PI92626 Block the calling of several new methods on OracleConnection in the ojdbc8 12.2 driver that are unsafe
PI94863 Unable to get progress database connections from progress OpenEdge 11 datasource
PI96004 When using a JDBC 4.0 driver in WAS V9.0, connection, a timed out transaction cannot properly close connections
PI97001 Incorrect db2_classes16.jar file path in the default description for the Db2 UDB for iSeries (Native) JDBC provider in WAS
PI98140 Information disclosure in WebSphere Application Server (CVE-2018-1643)
Java Management Extensions (JMX) or JMX Client API
PI90009 Information disclosure in WebSphere Application Server (CVE-2017-1743)
Java Message Service (JMS) PI88594 Request to context root without trailing slash gets redirected, but the query string was not added to the redirect url
PI88676 Setting system date 100 years into the future generates an ArrayIndexOutOfBoundsException
PI89346 8.5.5.10 java.lang.OutOfMemoryError in z/OS control region with XCT enabled
Java Persistence API (JPA) PI92398 Under certain conditions OpenJPA can insert an embeddable object into the Datacache map
PI95766 DB representation of boolean values with Postgres is incorrect
PI95871 Wrong context classloader in org.apache.openjpa.enhance.pc
JNDI/Naming PI94660 Got a warning "NMSV0822W" message during a server startup
PI95598 Naming implementation in a IBM Thin Client for EJBs takes additional time while trying to look up EJBs in a wlp server
JSP PI87565 OutOfMemory issues from webcontainer component WebComponentMetaDataImpl
PI87886 The generated_web.xml is empty when installing an application using an exported ear and pre-compiling JSP option
PI89577 Lambda expressions might fail to compile when using Java SDK 8 to compile JavaServer Pages (JSP)
PI92161 The JSP engine is unable to find .tag files within the /META-INF/TAGS folder of a loose jar file
Messaging Providers PI93516 JMS destination marked toBeDeleted cannot be destroyed and recreated
Migration PI93298 Port conflict after migrating from V7 on the same server into the same directory
PI93466 Remote WASPreUpgrade fails on solaris with "test: argument expected" error
PI93488 Need ability to do config conversion from unsupported V6.1 configuration
PI93600 Syntax errors in bbomigrt2.sh
PI93622 Migrating from WebSphere V7 with a server-level security.xml causes postupgrade NullPointerException
PI95217 WASPostUpgrade failed with MIGR0464E due to NullPointerException
PI97582 WASPostUpgrade failing with NullPointerException coming from the serverIndexConfig
PD tools (for example: Log Analyzer) PI92935 Stopserver script intermittently results in hang, fails to stop server
Plug-in PI93554 Plugin propagate does not work from commandline using GenPluginCfg.sh
PI94724 Admin console command helper generating an incorrect script command for adding StashFileLocation plug-in property
PI96048 Plugin generation should have a way to add RemoveSpecialHeaders to the configuration section
PI96130 HTTP2302: Function as_handler aborted the request without setting the status code
PI96649 Plug-in fails to write data with RC=10035 in windows
Runtime and Classloader PI72506 Support openConnection(url, proxy) using MultplexingURLStreamHandler in OSGI
PI84518 Administrative console libraries are not designed to be run with a PARENT_LAST application class loader
PI92979 High CPU utilization due to the classloader stack
Security PI88044 Calling purgeUserFromAuthCache or a user that is in a group permitted to a role does not take affect
PI88161 The ibm_security_logout page does not render correctly when the X-Content-Type-Options header value uses nosniff
PI89606 JASPIC user group information is lost when using the jaspicSession
PI90980 Potential spoofing vulnerabiltiy in WebSphere Application Server (CVE-2017-1788)
PI92316 Inconsistent behavior with replacing SSL certificates
PI94021 Not able to renew a self-signed wildcard certificate
PI95120 Authcache not updated with renewed subject
PI95256 Enabling security audit breaks WebSEAL trust association
PI96566 ArrayIndexOutOfBoundsException: array index out of range: 14
Security (zSeries®) PI96383 High CPU and increased AUX storage in WebSphere Daemon if connection is closed during SSL handshake
Servlet Engine/Web Container PI94228 Scheduler services startup issues due to the resource binding isuses with JNDI
PI94848 OutOfMemoryError caused by a memory leak in WASAnnotationHelper
Session Initiation Protocol (SIP) Container PI89322 Headers in the sipproxy.log are different than in trace.log
PI93796 SIP Container uses a wrong interface for a loopback request
System Management/Repository PI88788 Not able to create a web server with Sun Java System template
PI92142 ADMU3011E unable to start a web server using startServer command
PI94531 Update the default values of JVM options -Xscmaxaot and -Xscmx to decrease application server startup time
PI94757 Issue with application edition management and ADMA0159W messages
Transaction Service PI53320 WS-RM internal error caused sequence containing application messages to be deleted
PI53384 WS-RM sequence reallocation processing may delete application messages from the persistent store
PI88168 WebSphere Application Server startup fails with WTRN0045W errors
PI89405 App server controller terminates with C9C21A44 followed by C9C21A30
PI92239 Client cannot unmount TRANLOG directory after calling disableMember on HAManager MBean when using memory-mapped files
PI96625 Update IBM WebSphere MQ JCA Resource Adapter to version 9.0.0.3
Web Services (for example: SOAP or UDDI or WSGW or WSIF) PI78733 Two service clients displayed on administrative console for an application
PI80913 WASAxis2ConfigurationBuilder loads the jax-ws-catalog.xml file using a call to 'getResource' instead of 'getResources'
PI83389 JAXBException error occurred when a JAXB class was not included in JAXBContext
PI88248 ConcurrentModificationException error may occur when running JAX-RPC application with WAS v9
PI89987 Starting application fails with CWMDF0002E ArrayIndexOutOfBoundsException
PI91683 Require the ability to mask or remove the "axis2ns1" in Web services SOAP Fault
PI98251 Update HttpClient for CVE-2012-5783
Web Services Security PI88896 OIDC RP WebSphere Subject may not contain current access_token
PI90373 OIDC RP authorizationEndpointUrl does not handle query parameters correctly
PI92210 OIDC RP configuration of location of sign verify certificate is not customizable
PI92332 OIDC RP does not support OP UserInfo endpoint
WebSphere Common Configuration Model (WCCM) PI89821 The annotation scanning filter does not work when the filter is specified in the MANIFEST.MF of the application
PI93744 The log4j-api-2.9.1.jar contains classes under the META-INF directory cause an exception during startup
PI94037 Allow disabling CDI through application custom property

Fix Pack 9.0.0.7
Fix release date: 16 March 2018
Last modified: 16 March 2018
Status: Superseded

Download Fix Pack 9.0.0.7

Component
 Security APAR
APAR
Description
Administrative Console (all non-scripting) PI84457 Incorrect handling of invalid parameters in the admin console
PI84888 KC_HOME property missing after migrating standalone WebSphere Application on z/OS from v8 to v9
PI87667 Java 2 security is enabled briefly during websphere app server for z/OS server startup even when it is configured off
PI87791 WebSphere admin console error message invalid format
PI89314 New log4j libraries packaged in KCCI
PI89327 MIGR0506E Migrate a profile that is registered to an admin agent
PI89498 Privilege escalation in WebSphere Application Server admin console (CVE-2017-1731)
PI90042 Information disclosure in WebSphere Application Server admin console (CVE-2017-1741)
PI90992 ADMG0301W Warning when adding an application to the server in IBM WebSphere Application Server v9.x Developer tools
PI91052 Set X-Content-Type-Options "nosniff" on Administrative console
PI91328 Update struts.jar for latest fixes
PI91512 Manageprofiles command failing to create new profile
PI91760 Classes are missing in the Administrative console after ear deployment
Administrative Scripting Tools (for example: wsadmin or ANT) PI85713 Wsadmin exits on sys.exit()
PI89671 Issue invoking Jython script over ws_ant protocol
Default Messaging Component PI86830 CWSIS1530E: The data type, 2, was found instead of the expected type, 3, for column
Enterprise Edition (EE) PI93060 JAXB Unmarshaller may not apply default values for xs:anyType
General
PI92492 Potential denial of service in WebSphere Application Server JAXRS (CVE-2017-12624)
PI75876 Enable session listener in portlet bridge runtime
PI81356 Incorrect job status caused application to hang
PI82819 Issue with allocating job numbers
PI83053 List elements go missing when moving the list from one DataObject into another
PI85595 Performance issue with SIB link connection when transferring large messages from one cell to another cell
PI86936 Disable per module hot restarts on CDI enabled applications
PI87050 Load module BBODPCRT can be deleted while still in use
PI87069 When running with Java8, EBCDIC strings data conversion shows wrong behavior
PI87723 NullPointerException occurs during application start
PI88268 EclipseLink: provide support for generating sequence values in an ascending sequence
PI89274 IndexOutOfBoundsException when setting a list on DataObject
PI89446 Product insights throws NullPointerException
PI89800 WSGrid writes the wrong version out in the messages
PI89955 JAX-RS 2.0: javax.ws.rs.core.Request.selectVariant() returns incorrect value
PI89970 NullPointerException in org.apache.cxf.jaxrs.impl.tl.ThreadLocalProviders.getContextResolver()
PI89997 ConcurrentModification error might happen when tracing amm code
PI90547 Update Weld to 2.4.5
PI90699 ProductInsights errors after resuming from sleep state
PI90782 Application startup fails due to NullPointerException during bean validation
PI90804 Security vulnerability in Apache Commons used by WebSphere Application Server (CVE-2016-1000031)
PI90848 [CXF-7071] Problems reading post request parameters
PI93050 Dynacache support for openJPA does not work
PI93477 CWSIP0001E: An internal messaging error occurred in com.ibm.ws.sib.processor.impl.AnycastInputHandler.consumerAttaching 
PM70911 {"integer type 0" != } returns true when it should return false
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server
IBM i PI89504 App server fails to start when generic JVM argument value contain blank(s)
Intelligent Management Component PI93376 ODR server cannot be started after being created on plinux due on incorrect version of HeapDetect setting
Java 2 Connectivity (J2C) PI90290 NullPointerException when using JDBC custom property jdbcTimingThreshold in WebSphere v8.5.5.x
PI90388 The resource adapter sending a CONNECTION_ERROR_OCCURRED on a connection while it is in the free pool results in a negative connection count
PI90945 Autocommit is not being reset back to default when using non-transactional DataSource
PI92626 Block the calling of several new methods on OracleConnection in the OJDBC8 12.2 driver that are unsafe
Java Message Service (JMS) PI89806 NullPointerException generated when using async servlet and pmi on WebSphere Application Server v9
Java SDK PI90391 Fix bug MyFaces-4045 in IBM MyFaces implementation
PI90507 Instances of Action Listener in a Facelet are not being removed until app shutdown
JavaServer MyFaces (JSF) Apache MyFaces implementation PI87954 Hung thread issue in MyFaces getPropertyDescriptor
Messaging Providers PI37409 Possible abend EC3 timeout in WebSphere Application Server for z/OS servant region when running as client with WebServices and JMS (SIBus) in the same servant region
PI93628 Diagnostics for CWSOM0005W: The ObjectManager found that the logfile was too full
Migration PI92375 Config host names not updated during migration when networks are isolated
PI92469 Configurations of new target profile template remain untouched during migration although they do not exist in old profile
PI92480 Migration process omitted LDAP failover configuration
PI92604 DMGR started after waspreupgrade even though not originally running
PI92605 WebSphere SSL protocol should be auto updated to SSL_TLSv2
PI92610 Original app deployment log and trace are overwritten by waspostupgrade when deployment is retried
PI92942 Migration changes the order of the login modules in the security.xml file
Plug-in PI89253 Unable to use ECDHE cipher on outbound handshake from http server plugin
PI89525 Invalid plug-in path for property "PluginInstallRoot" is created for WebSphere on iSeries
PI91280 Secure transports may use the wrong timeout value if URL timeouts are configured using SetEnvIf
PI91879 ConnectionTTL="0" in transport statements in the plugin-cfg.xml
PI92967 IBM WebSphere web server plugin for iPlanet/SunOne sending wrong response code
PMI/Performance Tools PI90503 Cannot start logging in Tivoli Performance Viewer
Runtime and Classloader PI86187 Bootstrap code to check the WebSphere product version xml files for updates to determine OSGi cache state
Security PI85356 Unable to delete keystores due to corrupted deleted.p12 file
PI86770 Remove unsupported security events from audit log
PI87414 After deleting the existing default certificates, the newly created default certificates are using SHA1
PI90068 WebSphere Application Server crashes when a user with disabled account logs in
Servlet Engine/Web Container
PI88642 Information disclosure in WebSphere Application Server (CVE-2017-1681)
Session Initiation Protocol (SIP) Container PI92202 NPE might occur when the SIP container tries to determine an interface a request came from
System Management/Repository PI80126 Application server fails to start, and throws a NullPointerException
PI89521 Admintask.extractConfigProperties is too slow
PI89756 Re-implement the fixes for PI75986 and PI78268
PI89938 Property file based configuration serviceability improvement
Web Services (for example: SOAP or UDDI or WSGW or WSIF) PI86063 SAMLresponse XMLOutputFactory does not recognize the property "reuse-instance"
Web Services Security PI88253 OIDC RP secure flag not set on the OIDCREQURL cookie
WebSphere Common Configuration Model (WCCM) PI88862 Failure to delete temporary file during application deployment
PI88964 CWWAM2601E errors during the startup of websphere application server v9.0
PI89038 Annotation not processed in the ra.xml file during deployment of CTG cicseci.rar with WebSphere configured with Java 8
PI89708 The log4j-api-2.9.1.jar contains classes under the META-INF directory cause an exception during startup
PI90832 WEB-INF/lib classloader order specification
PI91292 SaxParseException for a tag library does not display the file name
PI92105 Allow empty main-class attribute in manifest.mf for application client module

Fix Pack 9.0.0.6
Fix release date: 21 December 2017
Last modified: 21 December 2017
Status: Recommended

Download Fix Pack 9.0.0.6

Component
Security APAR
APAR
Description
Administrative Console (all non-scripting) PI82507 WebSphere administrative console display consent banner before granting access
PI86654 The refresh does not delete the marker files created during uninstall
PI87525 EJB remote home binding setting is not displayed correctly on admin console
PI88509 ISC console's app deployment panel pause long time after finish button clicked, if clicked twice, deploys twice on large EAR
Dynamic Cache PI85747 Create a EntryInfo.SHARED_DEFAULT setting for the DynaCache sharing policy
Federated Repositories PI82997 Extra information may be in trace when configuring a RACF LDAP repository
PI83149 File registry.xml file not synchronized to nodes
PI85881 User set customproperty java.naming.security.credentials may not be encoded before being printed to wimconfig.xml
General PI33088 Synchronization begin method does not get invoked on the restart of a top level job
PI75567 SchedulerException when deleting compute grid jobs from a clustered scheduler environment
PI77076 When enable "start components as needed", can't submit job from other cluster member not host the scheduler
PI77232 Compute grid property overrides passed for a sub-job restart fail to be applied
PI78935 Transactions become corrupted after CWSIC8007E, CWSIC2029E and CWSIK0016E error-messages in the jfapchannel
PI80020 NullPointerException occurs while starting DMGR in policy set
PI80333 Support CPU constraints in Product Insights
PI80971 Allow modification of message driven bean bindings in OSGI applications to bind to listener ports
PI81527 In Websphere V8.5.5, after a lost database connection, WSGrid hangs and jobs remain in submitted state
PI81777 How to disable the IBM batch implementation in Websphere Application Server V9.0
PI81891 DMZ SIP proxy parsing via header incorrectly
PI81922 WS-Notification broker application fails with java.lang.NullPointerException
PI82298 WAS controller region abends with ab/s0dc3 prcs/03080002 after modify RESUMELISTENERS
PI82529 HTTP transport encoding cp943c will be used for JSTL params
PI82642 Job log sections on the endpoint to fail on write when full
PI83051 AdminJDBC.py script library to create a datasource fails on convertParamListToString
PI83743 The message CWLRB1800I: Job [xxx] step [nnn] is skipped. is not printing in Websphere 8.5.5.7 with compute grid
PI83901 The context classloader is not getting set properly when loading CDI extensions at app startup
PI84836 Ack Request sent on 2xx retransmission might be mapped to the wrong application session
PI85092 Change of EclipseLink warning messages about multiple JMX MBeanServer instances
PI85268 Hover help for plugin's RetryInterval is wrong in the WAS console.
PI85402 EclipseLink does not recognize Java 9 platform
PI85490 Deadlock caused by WsLogManager and SIB trace code
PI85587 java.lang.NullPointerException when starting an EBA containing an EJB
PI85865 NullPointerException in LRUHashMap
PI86758 Negative active session count is being reported
PI86840 EclipseLink embeddable processing doesn t correctly multiple consumers
PI86934 Websphere SIP container delays 10 seconds when DNS is unreachable
PI87146 JAX-RS trying to interact with a CDIManagedObject after it has been released
PI87522 getRequestURI() in a JAX-RS resource throws IllegalArgumentException when URI contains UTF8 characters
PI87613 Product Insights should be disabled when no config is present
PI87963 The default initial and maximum heap sizes are incorrect for application servers created on an existing V90 profile
PI88152 Message enhancement for BluemixUtility.login() command with a federated user
PI88869 The AdminTask.createGenericServer() command failed with an IndexOutOfBoundsException in FFDC on z/OS
PI88908 The changeSessionId() method behaves differently with session replication enabled
PI90154 bluemixUtility fails to create/delete instances of Watson Discovery Service
PI90786 Web Service injection processor is not being registered.
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server.
Install PI89044 VersionInfo shows blank Java 8 build level and date
Intelligent Management Component PI82522 NPE at com.ibm.son.mesh.CfwTCPImpl.ready(CfwTCPImpl.java:887) logged in ODCF8601E message after shutdown invocation
PI84968 NullPointerExceptions are thrown in a node agent when another node agent is found stopped
PI85519 During start up of the JVMs, receiving CWPTF0002W messages in the systemout.log
PI86097 Intermittent issues with APC promptly responding to lazy start DC
PI87542 During nodeagent startup NullPointerException in WorkProfilerHAManagedItem, issue can be ignored
PI88185 WXIM0127E invalid value specified for routingLocations
PI88776 Health policy log message for garbage collection percentage threshold exceeded is missing message ID
PI89254 ActivityPublisher can move between DMGR and nodeagent, if ActivityPublisher is deactivated, NullPointerException occurs
PI89817 Delay when setting node into maintenance mode
Java 2 Connectivity (J2C) PI81163 Container-managed authentication alias not applied for JMS connection factories if mapping-configuration alias is not set
PI83198 Multi-threaded deployment exposes race condition in connection factory initialization code
PI87631 High number of rollback/aborts occurring during connection validation for JDBC connection pools
PI88017 JMS connections from Websphere Application Server (WAS) are not destroyed after upgrading was to fix pack V8.5.5.12
PI88123 JPA failure when defining data source custom property JDBCTimingThreshold
Java Message Service (JMS) PI81124 Closing websocket session will throw NullPointerException
PI81329 NCSA access logs %b option output displays "-" instead of the size of the response in bytes
PI81572 Parsing errors when the connection is reused and there is unread data on the wire after the response is read
PI86114 NullPointerException when attempting to create an activation specification using wsadmin
Java Persistence API (JPA) PI84016 jpa application behavior changes after migration to was 9.0.0.4
PI84428 ArrayIndexOutOfBoundsException from OpenJPA for @EmbeddedId
PI86053 EclipseLink adds default schema twice for seqs on Db2
Java SDK PI85492 Commit of HttpResponse in RENDER_RESPONSE(6)
PI89168 Protected-view not working in Liberty 16.0.0.4
PI89363 ProtectedViewException for a protectedview access while checking the OriginHeader for appContextPath
JSP PI82193 ClassCastException with TransformerFactoryImpl when running JSPBatchCompiler
PI87039 JspFactory.getDefaultFactory().getEngineInfo().getSpecificationVersion() issue
Messaging Providers PI76990 Mediation points stuck in waiting for status
Migration PI84973 Allow WASPreUpgrade to work specifying user.install.root as second positional parameter
PI86999 Error during deployment of post migration process, if multiple application editions exist; the base edition fails to install
PI89175 WASPreUpgrade.sh with "-machineChange true" fails with error MIGR0104E
Object Request Broker (ORB) PI85206 ABEND0C4 PIC-11 in module BBOCLSCC, a WOLA module running in a CICS region address space when stopping zWAS server timing window
PD tools (for example: Log Analyzer) PI82911 ulimit value to be printed to logs
PI85899 Collector tool failed to gather all docs.
PI87581 Trace output in runtime tab will show memory buffer as trace output instead of none
PI88370 Memory buffer trace output performance is slow when basic trace format is used
Plug-in PI76789 HTTPS requests fail with a 500 internal server error with the 64-bit plugin on windows
PI84620 Websphere plugin needs better message for a wrong certlabel
PI86280 Several misleading debug level messages in the WAS webserver plugin
PI86414 400 is thrown when ESI is enabled but the response from the app server does not indicate ESI caching and client disconnects
PMI/Performance Tools PI77706 TPV statistic counter is aggregated incorrectly
Profile PI85714 PCT command line - wctcmd - with response file fails to configure IHS admin
Runtime and Classloader PI52066 clearclasscache.sh on z/OS completes with rc 1 even though the script worked
PI75794 JNDI namespace scoping issue occurring during runtime
PI88036 Export com.ibm.websphere.product.metadata.im packages within the server OSGI classloader network
Security PI80721 Websphere default chained certificate doesn't have DNS names under subject alternative name field
PI81168 NullPointerException when attempting to create a keystore remotely in wsadmin
PI83677 Monitor role not showing FIPS information
PI85394 When using webapp security a session may be created even if one should not be created for the request
PI86143 Dynamic outbound SSL configuration incorrectly matching outbound request
Servlet Engine/Web Container PI82162 javax.servlet.ServletException: could not find endpoint information
PI89628 A directory might not be found when using JDK8 SR4 PK10
Session Initiation Protocol (SIP) Container PI86498 Record-Route header field might contain incorrect port
PI87745 In a multi-homed environment Websphere puts wrong address family in a SIP response contact header field
PI88312 NullPointerException might be thrown when a failover occurs in Websphere SIP container
System Management/Repository PI88658 When using a property file for autodeploy with the parameter userdefaultbindings the EAR is saved with different permission
PI90276 Set default value of JVM option -Xscmaxaot to 8M to decrease application server startup time
Transaction Service PI67513 ClassCastException thrown during ActiveMQ resource recovery
PI73138 Transaction recovery may fail when a resource adapter is embedded in an installed application
PI74163 Websphere Application Server for z/OS started in recovery-only mode fails to complete when the compensation service is enabled
PI81452 Improve serviceability for activity service
Web Services Security PI82308 OpenID Connect (OIDC) Relying Party (RP) loses URL fragments during the login process
PI86752 OIDC RP is requiring optional iat claim in introspected access token
PI87354 OpenID Connect (OIDC) Relying Party (RP) does not logout user if OIDC session cookie is not present
z/OS PI90354 Loop in CICS ASID when BBOATRUE module delivered with 9005 level of Websphere is used and CICS is not 5.4 level

Fix Pack 9.0.0.5
Fix release date: 17 October 2017
Last modified: 17 October 2017
Status: Superseded

Download Fix Pack 9.0.0.5

Component
Security APAR
APAR
Description
Administrative Console (all non-scripting) PI77682 server.xml may have unexpected tags when server is created based on a custom template
PI79650 Logon screen contains extraneous information when specialized xml is used
PI80683 Admin Console Resource Environment custom property name in all capital letters may not be handled properly.
PI80889 Web Services Potential weak Client security bindings (CVE-2017-1501)
PI82078 Potential Cross-site scripting in WebSphere Application Server Admin Console (CVE-2017-1380)
PI82237 Increase the Java shared class cache size for WebSphere application server for z/os servant address spaces
PI82386 The deployed application has a possibility to be removed unexpectedly
PI83039 iscdeploys leaves temporary files
PI83138 Clicking the LDAP test query link causes NoSuchElementException which also leads to an NPE
PI83148 JavaEE default resources page goes blank if proxy server selected
PI83563 Update the batik library in isclite.ear to 1.9
PI83634 KC info messages in systemout.log have formatting issues
PI84716 com.ibm.websphere.security.spnego.useracmapmappingtosaf property value not displayed correctly in admin console
Administrative Scripting Tools (for example: wsadmin or ANT) PI83283 wsadmin determines scripting lang based on 1st JACL command in wsadmin interactive mode
DB Connections/ Connection Pooling PI80294 During application server start-up, the EJB timer service fails start
Default Messaging Component PI81815 In WebSphere v8.5.5, messaging engine takes unusually long time to start after failover and throws CWSID0032W warning messages
PI84053 Update IBM WebSphere MQ JCA resource adapter to version 9.0.0.1
Dynamic Cache PI81077 NPE occurs with the class ESISupport.java in the parentResponseIsJSPFacesServlet method
PI81162 dynacache does not replicate alias entries
PI84946 TimeToLive is not updated when cache entry is updated.
EJB Container PI77856 EJB 3.x stub class throws RemoteException for communication failure
PI85902 Lookup of remote EJBS may result in NoSuchObjectException
Enterprise Edition (EE) PI80477 JAXB fails to unmarshal arrays with custom type inside @xmlelement annotation
Federated Repositories PI65681 SPECJ0363E errors with illegalargument exceptions from sdoutil.createdataobject
PI67955 LDAP connection timeout leads to NullPointerException
PI69071 WASADMIN ChangeMyPassword command on file repository user command fails with 'Caller is not in the required role'
PI72152 Update the trace information for federated respositories.
PI75159 A base entry of "root" defined on a microsoft active directory LDAP server is not supported
PI75642 It's slow to open "manage groups" page in WebSphere administrative console
PI75684 User and group DNS contain extra escaped spaces for RDNS with multiple trailing spaces
PI76481 LocalServiceProvider initialization fails with NullPointerException
PI79440 NullPointerException in urbridgexpathhelper.getexpression()
PI79452 NullPointerException in ldapconfigmanager.getsupportedproperties()
PI79781 Federated repositories fails to search repository when overlapping base dn's exist
PI81497 When one base DN is the subset of another in a federated repository, LDAP failures occur.
PI81722 Federated repositories throws AccessControlException when Java SecurityManager is enabled and an SSL connection is attempted
PI82111 Federated repositories fails to change password when JRE is java 8
PI82306 Federated repositories uses wrong security domain
General PI66886 Updates and fixes for endpoint job purge
PI73588 Deadlock occurs in SIP Proxy under heavy TCP load.
PI74491 zWAS WOLA CICS messages: message and documentation updates messages prefixed with BBOA
PI76902 NoSuchMethodException when a program is using CONCAT function
PI77555 EclipseLink scrollable cursor results in a ClassCastException
PI79397 org.omg.corba.bad_operation when executing "select sql statement"
PI79787 Prevent WebSphere internal packages from being exposed to applications
PI79939 Missing java runtime version information in the header of the high performance extensible logs (HPEL) binary logs
PI79990 The copyzos.sh script produces a "EDC5003I truncation of a record occurred during an i/o operation" error
PI80165 JAX-RS 2.0 options methods are not invoked when used in sub-resource locator classes
PI80273 inclusive=false of @DecimalMin and @DecimalMax doesn't work as expected
PI80467 Update how cells are obtained from the ORB cell pool
PI81025 managesdk command will log wsadmin interaction
PI81076 ServerSession numberOfNonPooledConnectionsUsed can become invalid when Exception is thrown connecting
PI81396 Unable to register a liberty server with product insights though an authentication required proxy
PI81591 WASService does not recognize running process
PI81653 zPMT emits message "EOFException: unexpected EOT looking for matching quote: '"
PI81699 Update the manifest file for com.ibm.jaxws.tools.jar to import javax.enterprise.inject
PI82020 WeldTerminalListener is not registered.
PI82110 Provide JDBC hang detection and timings feature to v9 and v855
PI82239 NullPointerException after stopping one of multiple jaxrs applications
PI83231 Add support for CICS 5.4 in WebSphere optimized local adapters for liberty and t-WAS
PI83279 GPF in com/ibm/ws390/tx/nativetransactioncontext.resume_tti
PI83281 Enhance bluemixutility login and listservices commands
PI83444 JAXRS server response does not contain a servlet exception when an unmapped checked exception occurs
PI83682 ProductInsights not reporting used JVM memory correctly
PI83742 Group id for cells in product insighst contains wrong dmgr host
PI83986 HttpServletRequest#getRequestedSessionId() is executed with the session absent is different between WAS v8.5.5 and v9.0
PI84083 Usage Data is not queued if connection to bluemix PI host fails
PI84327 WAS Product Insights does not send in group name translations.
PI85666 Unable to login to Bluemix with bluemixUtility
High Availability (HA) PI82956 HMGR0152W message is misleading
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server
IBM i PI82789 Modify iSeries native launcher to honor new default VerboseGC enablement
Install PI79037 javax.xml.parsers.DocumentBuilderFactory can't be instantiated
Intelligent Management Component PI78238 Due to a timing issue, sometimes APC will lose server information and not make placements as a result
PI78774 On Demand Router routes request to web module mapped with less specific virtual host match
PI80862 Dynamic cluster template doesn't persist change to modify log rotation from file size to a 24 hour period
PI80972 PAUSELISTENERS command issued using the process name instead of server shortname in edition control center
PI81191 Plugin with intelligent management enabled breaks affinity
PI81916 Changes in custom health actions are not picked up when nodes automatically synch
PI82527 ODR session affinity breaks when request contains multiple session cookies of the same name
PI82632 When a rollout fails, it takes a long time for the rollout process to finish
PI83363 Intelligent Management for Web Servers: When a server is stopped and restarted, the server might not be used for routing
PI84742 Disabling an applications 'Target Specific Application Status' while the application is running results in 404/503
PI85386 Display problem of AdminConsole at "INTERNALCLASSESACCESSMODE"
PI85618 Segfault when high traffic coming to the Intelligent Management Enabled plugin and a Liberty member is stopped
Java 2 Connectivity (J2C) PI77612 J2CA0045E ConnectionTimeout happens too often after upgrading to 8.5.5.11
PI80822 NullPointerException thrown when requesting connections to a RAR from several threads
PI81554 J2CA0045E ConnectionWaitTimeoutException timeout is not calculated as expected in version 9.0.0.3
PI82761 Runtime performance advisor has hung thread w/ j2cdiagnosticalerthelperimpl.java on line 419
Java Management Extensions (JMX) or JMX Client API PI75519 Node federation fails because it cannot find the IPv6 address
Java Message Service (JMS) PI77007 Mis-identification of IBM MQ JMS provider
PI78975 Increase the configurable limit of the maximum header field size
PI80222 Change default of EnableBuildBackupList to be true
PI80377 New activiation specification properties - control build up/flow of MDB requests
PI81342 Web service call is failing after applying latest fixpacks + IFPI70810
PI81569 Introduce switch for GetQueryString() to return original query string in forwarded servlet
PI81864 ConcurrentLinkedList TailSequenceNumberLock garbage collected
PI83369 Modifying advanced properties of activation spec resets arbitrary properties
Java Persistence API (JPA) PI80863 Issue with the way OpenJPA caches and reuses query parameters for between expressions when OpenJPA's QueryCache property enabled
PI81260 OpenJPA does not passthrough SSL connection properties that set using openjpa.ConnectionProperties when creating DB2 connection
PI81931 org.apache.openjpa.lib.util.parseexception
JavaServer MyFaces (JSF) Apache MyFaces implementation PI82893 javax.faces.interpret_empty_string_submitted_values_as_null value affects display behaviour for required fields
JSP PI79800 The JSP engine is not processing EL expressions correctly when they are in large blocks of character data
PI82426 Incorrect output for jsp in an expression tag when using certain string concatenations
Migration PI76634 Migration disabled source node prior to successful sync
PI78881 After a profile that was created in WAS 6.1 is migrated up to 9.0, images in the admin console return error 500 instead of displaying
PI79041 -requireEmbeddedDBMigration setting is not available on z based migrations
PI79985 Migration with cloning to v9 mis-handles the virtualhosts creating duplicate entries
PI81328 Running WASPostUpgrade fails with AllAuthenticatedUsersInTrustedRealmsExtImpl
PI81390 Support z/OS migration specifying SMS classes for config filesystems
PI83066 Migration job fails to read JCL started procedure names from old configuration
PI83890 Migration is not handling SPNEGO security settings correctly
PI84973 Allow WASPreUpgrade to work specifying userinstallroot as second positional parameter
PI85014 Remote WASPreUpgrade fails with embedded derby exception
Object Request Broker (ORB) PI79561 Add a timer to abend servant at shutdown if there are stalled threads
PD tools (for example: Log Analyzer) PI76878 zWAS LE ESTAE extension BBORLEXT update to suppress dumps for pgm checks of type pic 7 / 0c7 with DXC code of x'00' / 0x00
PI78318 HPEL message content filter is not working on multiline messages
PI80995 Asynchronous log records does not show up in systemout.log
PI82686 The -summary option information is missing in the -help option in the collector tool
Plug-in PI79492 Plugin is crashing because it can not open the log file defined in its configuration
PI81951 Client failure may occur when the web server plug-in connection is reused and previous connection timed out waiting for response
PI81973 iPlanet web server can not load the WebSphere plugin on solaris x86
PI82314 Application response without a reason phrase causes plug-in to return 500 error
PI82917 IBM WebSphere application server web server plugin users with web sockets traffic
PMI/Performance Tools PI82624 perfServlet application returns empty version information
Proxy Server
PI82630 Potential Information Disclosure with WebSphere Application Server Proxy Server or On-demand-router (ODR) (CVE-2017-1381)
Runtime (zSeries®) PI81698 ABEND00C and ABEND0C4 in WAS after stop was issued
Runtime and Classloader PI77666 Thread context Class Loader not set up correctly during CDI bootstrap
PI80620 Message WSVR0655I is seen continuously in the systemout.log
PI82621 Handle NPE and emit servicable failure message when parsing server endpoint metadata
Security PI76562 The expirationMonitorNotificationPeriod is set to zero by default
PI78326 WebSphere sub-domain servers with SPNEGO web authentication getting error SECJ6236E
PI80170 The managementScopes element fails to be deleted from security.xml when removing a server via WAS admin console
PI80962 Creation of remote keystore fails when existing keystore is specified
PI81050 Client certificate authentication failure does not fall back to basic authentication
PI82135 Converting certificates in CMS keystore may not delete an old signer certificate
PI82203 The password encryption might fail if multiple wsadmin commands are invoked without saving
PI82342 Each ORB/EJB request is making 3 LDAP search requests
PI82509 Incorrect output for JSP in an expression tag when using certain string concatenations
PI82602 Weaker than expected security after using PasswordUtil Commands (CVE-2017-1504)
PI82715 Removenode from admin console fails when AES password encryption is enabled
PI82721 A message of passwordutil wsadmin command needs to be modified for clarification.
PI82746 NPE at ORG.APA
Servlet Engine/Web Container PI81052 Issues with JSF portlets due to CDI regression
PI82547 NPE during servlet initialization process
PI83141 WebContainer Performance Issue When Under High Load
Session Initiation Protocol (SIP) Container PI78794 The SIP Container fails to parse a message when the size exceeds 2048 bytes and double CRLF is sent prior to the message
PI83395 In a multi-homed environment, multiple 200 responses are not proxied back to the originating endpoint.
System Management/Repository PI77669 Sequencing of PAUSELISTENER/RESUMELISTENER
PI79343 WebSphere Application Server may have insecure file permissions with custom startup script (CVE-2017-1382)
PI83464 Failure when attempting to create profile for cell with Java 7
PI86683 Migration fails for Federated Nodes when cell name is renamed
Transaction Service PI59372 Deadlock may occur in the CScope RecoveryManager
PI82951 "WTRN0029E: error closing the log in shutdown!" error when stopping a cluster
Web Services (for example: SOAP or UDDI or WSGW or WSIF) PI74335 WSWS3396E Handler Error: Protected state violation
PI76816 Message WASX7008E incorrectly reported a flawed integer port
PI78733 Two service clients displayed on administrative console for an application.
PI79863 Different prefixes are used for the same namespace url
PI80922 Issues with ResponseWrapper after PI60666
Web Services Security PI61915 More diagnostics required when the SAML web SSO redirect url is null
PI75355 ADMA0078W the file cannot be deleted when deploying new version of our applications, can't delete old version of application
PI80317 OpenID Connect (OIDC) Relying Party(RP) may store incorrect data in DynaCache
PI80543 OIDC TAI cannot dynamically build callback URL
PI80549 OpenID connect (OIDC) Relying Party (RP) does not support post introspection endpoints
PI84244 OIDC RP does not restore single-quote characters in post data
WebSphere Common Configuration Model (WCCM) PI64475 Incomplete metadata obtained for JavaEE modules when multiple resources are used
PI71928 EJB injection failing for some EJBs inside JSF backing beans
PI77392 Incorrect generation of ibm-metadata.xml when deploying with pre-generated merged descriptors
PI78526 EJBDeploy tool fails when setting metadata-complete during deployment
PI82255 Call in violation of protocol message during annotation scanning
PI82698 Remove "failed to open resource" warnings
PI83873 WebFragMergerImpl warning messages when starting an application in WebSphere Application Server 9
PI84113 ClassSourceException when using WDT
PI85035 Unable to deploy modules which use namespaces in the XML elements of deployment descriptors
z/OS PI69959 BBO# should allow for a transid to be included on CICS link command
PI78153 OTMA client timeout cannot be configured for WOLA

Fix Pack 9.0.0.4
Fix release date: 13 June 2017
Last modified: 13 June 2017
Status: Superseded

Download Fix Pack 9.0.0.4

Component
Security APAR
APAR
Description
Administrative Console (all non-scripting) PI67363 Application server startup log4j error output
PI73570 Different behavior observed when updating PMI statistic thru admin console and using wsadmin script
PI74709 Selecting to update multiple roles in an application causes the original users to be updated incorrectly
PI76705 Enable verbosegc by default on WebSphere Application Server for z/OS
PI77447 Inconsistent port assignment when creating multi-node cluster with wsadmin scripting.
PI78745 After running AdminTask.setIdMgrCustomProperty the Admin Console has extra information
PI78907 NullPointerEexception in the console when adding a new host with bad parameters.
PI79928 WIM LDAP panel navigation causes java.lang.NoSuchMethodException: Unknown property alias error
Administrative Scripting Tools (for example: wsadmin or ANT) PI74657 AdminServerManagement.stopAllServers throws error when the servers are already stopped.
PI80322 wsadmin interactive not throw error when issue wrong syntax command
Contexts and Dependency Injection (CDI) PI70323 Principal injection does not inject unauthenticated Subject when there is not an authenticated Subject in the context
PI72811 Allow excluded alternatives
PI77286 Vetoed EJBs throw NPE
PI77514 CDI observer for @initialized(applicationscoped.class) is not called inside jar
Default Messaging Component PI75834 MDB application startup failed due to CWSIP0211E
Dynamic Cache PI78148 SRVE0014E from dynacache component after upgrading
PI78552 DYNA1064E while calling "getIdsSizeDisk()" by Commerce when XS is used as cache provider.
EJB Container PI66621 ReferenceContextImpl caching empty list of targets for JSP classes
General PI63058 Add timeout to OAuth cache
PI65688 MergeException at application start up
PI68308 High CPU in RMFGAT address space with most time spent in WLM module IWMI2PVT
PI68375 Local EJB references created from annotations incorrectly resolved as remote references.
PI70185 Unable to configure local mapping services on the administrative console
PI72848 Provide mechanism to retrieve WS-RM messages via SIB message store dump
PI72917 SQL timeout while updating CheckpointRepository table
PI73277 EclipseLink 2.6.3 does not support JPA-converter for primative data types
PI73393 Ampersand character is not escaped by XCI serializer
PI73632 Java batch job scheduler is unable to refactor the job log file
PI74104 EclipseLink might add unused table in generated query
PI75485 issue message explaning from where session timeout is picked up
PI75512 Cleanup up websocket connection when outbound connection attempt fails at the app server
PI75593 Support third-party JAX-RS providers when jaxrs-1.1 feature is configured
PI76496 Creating an unmanaged http server on z/OS fails with ADMG0001E
PI76834 Unable to use DB2 XML data type with EclipseLink JPA; Null pointer produced
PI76992 Provide connectivity with IBM Cloud Product Insights
PI77554 Bean validation did not function correctly
PI77770 Potential cross-site request forgery with WebSphere Application Server enabled with OAuth (CVE-2017-1194)
PI77841 DeliveryDelay property is not set when a message is received through the MQLink
PI78038 Add Bluemix Utility support
PI78177 When a websocket connection is closed while reading data an object leak might occur
PI78316 XML parser validating normalizedString and token XSD string data types incorrectly
PI78540 WsSessionMgrComponentImpl throws NullPointerExceptions
PI78643 Eclipselink JPA/Auditing capability in EE Environment fails withJNDI name parameter type
PI78777 Internal libraries incorrectly available to applications.
PI78849 ManageSDK gives error deployment manager not running when running on node with security enabled
PI80719 Websocket race condition on writing data while closing can hang a thread
PI80897 SocialSphere live session count is huge
PI80901 Version numbers in symbolic names are too fine grained and can cause failover to fail between different versions of Liberty
PI82110 Provide JDBC hang detection and timing feature for V9 and V855
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server.
Install PI75153 Process detection is running when IM is invoked with -record and -skipInstall arguments
PI77292 was_classpath in profile level gets overwritten by the was_home/bin/setupCmdLine script
PI77697 IHS V9 install not creating service correctly
PI78601 The -installFixes option does not correctly handle superceding interim fixes
Intelligent Management Component PI76533 Modules in $WAS_INSTALL/lib are missing the program control bit
PI76865 Converted static cluster continues to show TYPE=static
PI76949 The 'IN' operator of Intelligent Management: HTTP operands does not work
PI77226 Additional retry logic needed for PI74867
PI77254 DMGR or Node Agent times out during shutdown issuing AdminException ADMU3060E
PI77303 APC is taking a long time to issue a runtime task to start an application server
PI77452 AdminTask.setMaintenanceMode sets the wrong server when the node name is wrong
PI79951 After updating an application module without restarting the application server; IM enabled web servers return 503 errors
PI79967 ODR custom log does not observe DST
PI80230 Cannot update custom action under the health policy when configuration validation is set higher than Low
PI81309 With Liberty Dynamic Routing, adding a cluster member to a collective might cause the web server plug-in to segfault.
Java 2 Connectivity (J2C) PI72640 java.lang.IllegalStateException is seen during database operations
PI75571 javax.xml.stream.XMLInputFactoryExceptions
PI76168 After global transaction ends, the reported auto commit value can be inconsistent with the Oracle JDBC driver
PI77391 NullPointerException in PoolManager.fatalErrorNotification()
Java Message Service (JMS) PI69684 Message processed by NOT_SUPPORTED MDB listening in SR using bindings mode remains on destination
PI76539 AdminTask.republishEDMessages fails due to insufficient or empty credentials
PI77306 Deadlock may occur when stopping listener port
PI78738 Loop while closing an SSL connection
PI80749 JMS 2.0 MQclient mode transaction keeps handles
Java Persistence API (JPA) PI66193 Memory leak in JPA persistence provider
JSP PI73022 JSP comments containing "%>" might throw a StringIndexOutOfBoundsException.
Migration PI75257 loginModules ordering issue on migration
PI78565 Usability and accessibility updates for z/OS Migration Toolkit
PI78586 Notification of changes to verboseModeGarbageCollection setting
PI78596 Federated node migration using the wrong SSL properties
PI79703 Enhancements to support Bluemix migrations.
PI79913 healthclass.xml missing cluster targetMemberships after migration
PI80746 External libraries not migrated when machineChange true
Object Request Broker (ORB) PI73950 Issuing the PauseListeners command is causing some http requests to fail.
PI76979 Timing window where timers are not calculated correctly
PI77049 Server is able to restart after ABENDDC3 RC 0A150001 when it should not
PD tools (for example: Log Analyzer) PI73425 Non-admin users cannot export HPEL logs when log format is set to basic/advanced
PI73807 Some Liberty message IDs conflict with traditional WebSphere Application Server
Plug-in PI73674 com.ibm.websphere.plg.zos.v85 fails to install
PI74689 Sun One web server uses ConnectTimeout for handshake and 100-continue
PI74882 Plugin should always present the ConnectionTTL property
PI75603 Plug-in LIBODR doesn t utilize all of the XML's SSL configuration
PI76515 Fix for genPlugincfg to account for administrative console command assist.
PI76835 Connections between web server and client may remain open when using Intelligent Management
PI77124 Plugin does not persist custom ServerIOTimeout value to existing stream
PI77181 Plugin config lock is not released when dynamic cfg update is attempted which disables Intelligent Management
PI77606 Domino plugin fails on IBM i for V8.5.5 and higher
PI77874 Plugin offload/onload for SSL
PI77980 Unable to resolve images for a WSAS V9.0 application when using HTTP Server
PI79439 IHS V9.0 / Apache 2.4 with Intelligent Management enabled does not work after a graceful restart
PMI/Performance Tools PI70346 NullPointerException seen in NodeAgent SystemErr.log during TPV performance monitoring startup
Portlet Container Environment PI74986 NullPointerException in portlet container method StringUtils .convertMapToString if tracing is enabled
Profile PI71878 ManageProfiles command unable to select SSL protocol to use TLSv 1.2 or SSL_TLSv2
PI76486 Startup splash screen of PMT shows its version as v8.5 in locales except en_us
Runtime (zSeries®) PI74778 In IBM WebSphere Application Server for z/OS, ReadListener and WriteListener do not receive an expected SocketTimeoutException
Runtime and Classloader PI63856 Thread pool reuses threads instead of dispatching to new threads
PI78941 An application server may use an unexpected Java SDK after updating to SDK 8.0.
Scheduler PI74952 Classloader leak caused by EJB timer thread
Security PI69664 Data in dynacache may be overwritten when LTPA tokens of multiple requests expire at the same time.
PI69884 CMS option is not shown in IKeyman pulldown list
PI71849 The anonymousxxxxx directory of wstemp is stored by binaryAuditLogReader command is never deleated
PI72003 Unable to delete remote keystore from administrative console due to CWPKI0039E
PI73842 Intermittently Java 2 security runtime throws warning message SECJ0314W during application startup
PI73938 Dynamic outbound endpoint SSL configuration does not pick up correct hostname and sslconfig
PI75196 WebSphere JVM aborts when you try to stop the server with a non-existent user in local OS registry in Linux Redhat v7.
PI77129 Request method might be changed from Get to Post while processing an invalid WASPostParam cookie
PI77446 AES encryption support for PasswordUtil class
PI79988 Migration failure when SSL protocol is TLSv1.2
Session Initiation Protocol (SIP) Container PI76983 Wrong network interface being used for SIP Signalling
PI79119 With number.of.parse.errors.allowed set to -1, WebSphere drops well formed requests
System Management/Repository PI73035 FFDC logs are created in a directory relative to the current directory
PI73519 Potential Denial of Service with SOAP connectors (CVE-2016-8919)
PI75160 AdminTask.extractConfigproperties is failed with WASResourceException: java.util.NoSuchElementException
PI75986 Incorrect java library path set when a server SDK is different from the node/profile SDK.
PI77078 CustomService configuration object created using property file based command cannot be viewed from console
PI77601 wsadmin extractConfigProperties command triggers InvalidAttributeNameException
PI79116 RenameCell does not update some artifacts
PI79382 Improve the ADMA5033E message
Transaction Service PI53380 WS-ReliableMessaging sequence may be misidentified as not existing
PI66462 Transaction log column is too short and reports a SqlDataException
PI72179 Transaction logging to RDBMS refinement for JDBC4.1 compliance
PI72191 Control region abend after BBOT0004E: RRS service ATRAFGT failed with return code 730
PI74356 java.lang.IllegalArgumentException: Logger passed as argument to setAttributes must be a named logger
PI75181 StackOverflow is caused by repeated calls to: ibm.wsdl.DefinitionImpl.getAllServices
PI75985 ClassCastException processing JAX-RPC request containing whitespace in WS-Coordination context
PI80483 Add method to suppress message WSVR0651 to trace.
Web Services (for example: SOAP or UDDI or WSGW or WSIF) PI72518 Web services call failed with 500 (Internal Server Error) response and Content-Length 0.
PI73343 Web project with @WebServiceRef does not generate ibm-webservicesclient-bnd during deployment
Web Services Security PI73318 Unique Cookie Names in WebSphere Application Server OIDC RP can accumulate on the browser
PI74857 Privilege escalation in full profile OIDC RP (CVE-2017-1151)
PI75095 OIDC ClassCastException java.util.ArrayList
PI76017 JAX-WS WS-Security Error CWWSS5634E with relative URI
PI78336 WebSphere Application Server OpenID connect Relying Party jndiCacheName Property does not work
WebSphere Common Configuration Model (WCCM) PI72163 Deployment manager crashes with OutOfMemory when application is deployed
PI76106 @Resource annotation loses shareable and AuthenticationType attributes
PI76439 Application client module created when empty "main-class:" found in manifest.mf of jar
PI77045 Slow startup of large, non-metadata-complete, web modules due to CDI annotation scans
PI78493 Servlet container initialization can fail on server created from template

Fix Pack 9.0.0.3
Fix release date: 14 March 2017
Last modified: 14 March 2017
Status: Superseded

Download Fix Pack 9.0.0.3

Component
Security APAR
APAR
Description
Administrative Console (all non-scripting) PI56575 No command assistance link after updating the session pool properties of a connection factory via administrative console
PI60748 Fix incorrect warning in administrative console with changing from 64 bit mode to 31 bit mode
PI67851 Console 'show items at the following authorization group level' does not show drop down
PI70025 Administrative console becomes a blank white screen
PI70627 Potential cross-site scripting in WebSphere Application Server Admin Console (CVE-2016-8934)
PI71198 Console getting blank page when clicking on rollout update.
PI72154 Bind password is "pre-populated" incorrectly in VMM panel and authentication error comes up
PI73367 Potential cross-site scripting in administrative console (cve-2017-1121)
Administrative Scripting Tools (for example: wsadmin or ANT) PI70895 IllegalArgumentException may occur when running AdminJDBC.createDataSourceAtScope with @ and commas in the url
Dynamic Cache PI73233 Servlet caching cannot parse a WebSphere Development Tools generated cachespec.xml based on the cachespec.xsd schema.
PI73339 Unable to define an alternate cache provider to replace the default dynacache cache provider.
EJB Container PI66621 ReferenceContextImpl caching empty list of targets for JSP classes
PI69192 Remove unneeded information from FFDC log file
Enterprise Edition (EE) PI70714 Potential NullPointerException during JAXB unmarshalling
PI71238 IllegalArgumentException when getHours() is called
General PI60843 Message "CWSIS1577E: The persistent dispatcher cannot accept work" needs improvement
PI60850 CWSIS1578E message content should be more meaningful regarding why spill dispatcher cannot accept work
PI61450 Apache Wink code does not remove quotes from the boundary value.content-type: multipart/mixed; boundary="simple boundary"
PI65190 Modifying a copied tree causes corruption in the original tree
PI65490 Incorrect status of the job when end point server is restarted.
PI66789 WSGrid jobs not getting ended status returned when using SiBus
PI67305 EclipseLink assigns the same object instance to multiple embedded fields
PI68028 EclipseLink throws ValidationException when using nested embeddables with the same attribute name
PI69922 Javadoc AppConstants.APPDEPL_* fields are incorrect
PI70001 Controller abends with 0C4-3B in CF_TCP_Connection::init_As_Client
PI70371 Ampersand character within an entity reference is no longer escaped by XCI component.
PI70680 Deployment of persistence unit fails with DescriptorException
PI71380 Allow SAML web inbound to retrieve SAML assertion from an HTTP request parameter.
PI73118 Enhance the Intelligent Management Enabled WebSphere Plugin with routing rule capabilities.
PI73139 CDI would not inject classes from a war file into an ear lib in single classloader mode
PI73376 Configurations that contain an OSGi application fail to migrate to V9.0.
PI73384 A WebSphere Application Server for z/OS server is leaking heappool 1 elements.
PI73401 OutOfMemory seen when multiple users are logged-in in JSF portlet application
PI73403 manageSDK help for -enableProfileAll task is missing -user and -password
PI73799 Memory leak from Portlet bridge: session objects
PI73829 Multiple occurances of the same stack trace are filling up the logs.
PI74264 ArrayIndexOutOfBoundsException generated by session management when application is managing HTTPSession through a framework
PI74721 Errant Timeout Can Occur With Async Sends In WebSockets
PI75607 javax.persistence.PessimisticLockException when javax.persistence.lock.timeout set to 0
PI75608 Add EclipseLink support for Java 2 Security
PI75876 Enable session listener in Portlet Bridge runtime
PI75915 CDI failover does not work if bundles have different OSGI qualifiers
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server.
Install PI72143 Display Java 6 end of service warning during fix pack update
PI72209 V9.0 install creates Microsoft Windows registry key using 8.5.0.0 with a MajorVersion of 8
PI72398 versionInfo command of WebSphere Customization Toolbox does not work
PI74780 Allow IBM HTTP Server V9.0 on AIX 6.1
PI75677 javax.xml.stream.XMLInputFactory could not be instantiated
Intelligent Management Component PI67671 Application placement controller (APC) hangs and JVMs are not starting after minimum cluster violation
PI71329 DeadLock detected in NodeAgent process during shutdown of node
PI72200 On-Demand-Configuration (ODC) support for the Intelligent Management (IM) enabled web server routing rules feature.
PI72201 Configuration objects and AdminTasks in support of the Intelligent Management (IM) enabled web server routing rules feature.
PI73529 High CPU in ODR code caching
PI73782 Customization of log Filenames and paths is affected by variable SERVER_LOG_ROOT
PI74450 DeadLock detected in NodeAgent process during shutdown of node while users are unsubscribing from topics
PI74867 Health policies that have a "restart server" action occasionally don't restart due to port conflict
PI75474 Some requests receive 404 or 503 responses when introducing a new ODR Routing or GSC rule
Java 2 Connectivity (J2C) PI66697 J2CA0041E exceptions may occur, when ComponentMetaData instance is set to null in method getObjectInstance
PI69122 J2C pretest being used despite FailingConnectionOnly option
PI69522 Add abort option to MBean purgePoolContents
PI69995 Incorrect exception message CWTE_NORMAL_J2CA1009 displayed instead of translated error message
PI71092 java.lang.UnsupportedOperationException when accessing tested data source
PI72581 Remove network timeout from statement cache keys
PI74904 Connection count becomes wrong leading to J2CA0045E errors
Java Message Service (JMS) PI59008 The error CHFW0031E invalid call to WsByteBuffer method generated when stopping the server
PI66537 Correct the XSLT that process the MQ RA's ra.xml
PI67946 Using pause_listeners_include_cra causes all activation specs to be resumed regardless of prior state
PI70081 When using AIO, performance issues can occur if a high number of open connections are opened on a pollset
PI70810 Wildcard property in DN of the certificate
Java Persistence API (JPA) PI67234 ServerPlatformException server platform class is not valid: null occurs with JPA 2.1
Java SDK PI69580 JSF message severities always set to ERROR after ValidatorException
JavaServer MyFaces (JSF) Apache MyFaces implementation PI45044 JSF problem in a portlet environment: form inputs inside a data table lose their values if validation fails
PI69581 Validators are not called when using selectManyCheckbox
Messaging Providers PI71240 SIB message deadlock after servant is restared due to ABENDEC3
Migration PI71093 Node migration to V9.0 fails when variables.xml is not in the cluster level.
PI73515 Provide clone option for z/OS migrations
PI74928 Files referenced by a profile's XML configuration are missing under the user install root after a migration
PI75028 WIM UserRegistry not working after migration
PD tools (for example: Log Analyzer) PI66291 IllegalArgumentException when enabling HPEL with text logging disabled
PI69131 VMDUMP039I processing dump event "GPF", please wait, during servant region abnormal termination
PI69845 Deadlock when the Java logging framework logs a warning in com.ibm.ws.logging.WsLogConfigurator
PI70169 Potential cross-site scripting in WebSphere Application Server Admin Console (CVE-2016-8934)
PI71530 WsLogManager deadlock
PI72211 HPEL logging fails to export the trace from the log viewer if there are spaces or a space in the directory path
PI73818 Include interim fix install history for Collector tool
Plug-in PI71413 V9 GenPluginCfg.bat fails when cmd line value contains parenthesis
PI72525 Plugin generation creates erroneous directories when implementing log rotation.
PMI/Performance Tools PI70075 The PMI counters URIRequestCount, URIConcurrentRequests, URIServiceTime were disabled after starting server.
PI73261 Enabling the diagnostic alert "Connection Low Percent Efficiency Alert" results in NullPointerException
Profile PI67988 printDebugInfo: /websphere/base/appserver/bin/zCreateProfile.sh 205 FSUM7351 not found
PI73516 Cannot configure Domino 9 webserver using plug-in configuration tool gui & pct_responsefile.txt on V9.0
Programming Model Extensions (PME) PI68743 NullPointerException may occur in async bean code
Runtime (zSeries®) PI65226 z/OS WSAS hang in xmem proxy code reading parameter from http request body following multiple comm failures
Runtime and Classloader PI65836 Javacores continuously created on a hung thread
PI68357 Add messages for hot deployment events.
Security PI41238 ErrorPage parameter on AdminTask.addSAMLTAISSO has a misleading description
PI66478 Security code incorrectly calls JAXBPermission class
Servlet Engine/Web Container PI75528 The maxrequestSize option for MultipartConfig is not working
System Management/Repository PI69321 Enable verbose garbage collection by default
PI69590 MetadataCompleteForModules section is missing from the output of AdminTask.extractConfigProperties
PI71223 When the clusters are started some applications show as stopped but they are running
PI71926 Bind DN not saved correctly when editing security configuration
PI73098 addNode should not push BLAs, CUs, asset file for non targetted application
Transaction Service PI72028 ActivityPendingExceptions are thrown in the event of a JAX-WS request timeout that propagates a WS-Business Activity
PI72136 Server startup fails with CWRLS0009E error due to failure in the transaction manager recovery log service.
PI73221 java.lang.StackOverflowError may occur in JAX-WS web service client when processing provider side WS-Policy
PI73262 ScheduledExecutorService implementation does not use correct time interval if not specified in timeUnit.milliseconds
PI74874 Update IBM WebSphere MQ JCA Resource Adapter to version 9.0.0.1
Web Services (for example: SOAP or UDDI or WSGW or WSIF) PI34058 Web Service Client policy sets might not function correctly if Application Editions are in use.
PI65042 Part of content in an element is lost after invoking a webservice
PI70321 Spurious WSSC1013E error logged by JAX-RPC web service
Web Services Security PI69720 CWWSS7542E error in Web Services Security SAML can be misleading
PI70402 SAML Web SSO OutOfMemory in KeyStoreManager
WebSphere Common Configuration Model (WCCM) PI65464 High CPU utilitization may occur when copying business objects.
PI70110 EJB jar metadata TransactionAttribute may be incorrect

Fix Pack 9.0.0.2
Fix release date: 13 December 2016
Last modified: 13 December 2016
Status: Superseded

Download Fix Pack 9.0.0.2

Component
Security APAR
APAR
Description
Administrative Console (all non-scripting) PI60292 The admin script offered after creating a MailSession via the administrative console is incomplete
PI65924 Pipe "|" symbol cannot be used for external provider URL when configuring a 3rd party JMS provider.
PI66439 Session management bread crumb incorrect
Contexts and Dependency Injection (CDI) PI64266 Memory leak detector producing false positive reports
PI65337 Use of CDI interceptors in stateless EJBs causes exceptions to be wrapped in WeldException
Default Messaging Component PI70052 Syntax error in sibDBUpgrade.sh
Dynamic Cache PI68741 HTTP status code 200 is returned to a client when the servlet or JSP throws an exception
EJB Container PI60567 New system property to configure the EJB pool wait timeout
PI69642 NullPointerException deleting stateful EJB
Enterprise Edition (EE) PI67707 Inherited methods are ignored in the XLXP2 unmarshaller when scanning JAXB class for before/after events
General PI54362 Session manager error messages SESN0202E and SESN0201E need more details
PI57206 ODRLIB returned partial routing data from the ODC REST service, resulting in 404s
PI62655 SQLFeatureNotSupportedException may occur when Oracle native SQL statements are used
PI62976 Controller Region ABENDs with 0C4-11.
PI63135 Custom type conversion is sometimes bypassed in EL 3.0
PI63373 Unable to add a remote cell for Intelligent Management for web servers
PI64127 Add support for JSF 2.2 in Portlet Bridge
PI64840 Radio button for SunOne/iPlanet web server shows up in WCT for systems that are not supported in V9
PI65363 HeapDetect code is failing to determine the maximum heap size
PI65857 Modify the default for the maximum number of headers
PI66128 SAML Web SSO may reject requests when proxy is in use
PI66463 Error on otma_open call, RC = 8, RSN codes = 100 : 8 : 24 : 2
PI66534 Run plugin configuration tool V9 to configure IHS admin server V9, service name V8.5 shows in Windows Service pannel.
PI66582 Documentation in Knowledge Center for WebSphere Application Server V9
PI66664 Application edition validation with inconsistent policies breaks affinity on the default edition
PI66698 Hang with high CPU occurs during rollout in certain situations
PI66971 pureApp autoRouteConfig.py failing with IllegalArgumentException with Jython 2.7
PI67034 Access was denied for property org.apache.jasper.constants.jsp_servlet_base.
PI67099 Provide option to add STS response header for HTTPs request
PI67571 HMGR0130I message needs more information about JVM termination
PI67629 a NamingException occurs indicating the application server could not resolve a url when java security is enabled.
PI67633 Multiple server applications are added to the virtual cluster list
PI67980 Server does not stop after stop command is issued.
PI68011 Slow Deployment Manager start-up due to annotation scanning when several EJB modules have been deployed to the cell
PI68025 Protocol mismatch for HA manager datastacks in version 9 mixed cell environments
PI68090 If SERVER_LOG_ROOT variable is not set, a CWPTF0002W warning message is reported in the SystemOut.log
PI68110 Incorrect logging by ModuleLocatorClassAdapter
PI68142 HPEL reader throws NullPointerException error while given invalid java log level
PI68354 REST API discovery could be missing API in web application with two or more JAX-RS application classes
PI68432 When user applications are using Websocket Decoders a slow memory leak can occur.
PI68582 Health controller cycle length is not being honored
PI68755 Remote migration jar needs message about incompatible JDK
PI68772 Some endpoints are not accessible from the Swagger Explorer
PI68822 Proper exception handling during API discovery bundle activation
PI68835 REST API Discovery Swagger document may show unsecure port instead of secure one if deployment manager is used
PI68840 REST API Discovery will not display APIs if application is published that includes syntactically incorrect Swagger document
PI68850 Sescription of some REST APIs may be missing from Swagger document.
PI68867 Error opening an application to display list of application profiles.
PI68911 NullPointerException in com.ibm.ejs.ras.Tr.formatObj using trace in thin client
PI69052 logViewer -includeExtensions component command gets: Pattern can not be null
PI69325 OAuth emits NullPointerException when no state parameter in request
PI69332 The "serialize session access" option may not work correctly
PI69739 An out-of-date message appears on starting a dynamic cluster in a cell after migrating to version 9
PI69840 A NoClassDefFoundError or NoSuchMethodError may be thrown when accessing Swagger annotations.
PI69939 Dynamic Routing stops working when the collective controller becomes stopped or unavailable
PI70026 Can not configure Compute Grid Job Scheduler using default Derby datasource
PI70141 Servlet does not get correctly refreshed
PI70358 Every SystemErr log record line is ending with a "null", with High Performance Extensible Logging ( HPEL) enabled.
PI70608 Standalone or embedded WCT tool eclipse.exe has an old signed certificate
PI70689 Enable REST API discovery UI to support authentication per REST operation
PI70841 OpenJPA s ConfigurationImpl.loadGlobals() has java.util.ConcurrentModificationException
PI71044 java.lang.IllegalArgumentException: Ilegal decimaltype. From commondata.getExternalBytecounts
PI71060 Different classloaders used for client app and resource adapter (for application client).
PI71210 Deployment fails when @EJB contains beanName and EJB descriptor contains <lookup-name>
PI71667 Application fails with WELD-001408: Unsatisfied dependencies for type Validator with qualifiers @Default
PI71734 Failover does not work with CDI 1.2
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server.
Install PI67697 The chutils utility command does not work for V9
PI69037 The command bin\migration\bin>..\..\infocenter.bat fails: Product is not recognized as an internal or external command
Java 2 Connectivity (J2C) PI65595 InstanceNotFoundException occurs when stopping an application hosting message endpoints
PI67203 java.lang.NoClassdefFoundError: com.ibm.ws.jdbc.jcc.db2statement
PI71193 IllegalStateException when transaction timeout occurs and abort is used
Java Message Service (JMS) PI63193 SRVE8094W happens even if invokeFlushAfterServiceForStaticFile=false
PI66925 Update CWMSR0063E message to clearly state it is only applicable to WMQ
PI69469 Update WMQ RA to 9.0.0.0 ga level
PI70332 System property to enable SSL Channel timeoutValueInSSLClosingHandshake property
Java Persistence API (JPA) PI61488 An application restart could cause an application classloader leak when using bean validation
PI65593 The database schema name cannot be configured in was with openjpa.jdbc.SchemaFactory
PI66770 JPA returns incorrect results when using a native query and @SqlResultSetMapping
PI67790 java.lang.ClassCastException using JPA
JavaServer MyFaces (JSF) Apache MyFaces implementation PI67525 inputFile tag is not working properly on Liberty
JSP PI66271 When using c:import to import a file that does not exist, an error 500 is received
PI67257 An escaped EL expression is being run if an escaped dollar sign precedes the former expression
Migration PI68035 Remote migration changing hostname variables of IPC connector and node_ipv6 endpoints
PI68775 Remote syntax check for sequential DS sources results in RDZ exception while a user error message is expected.
PI69958 MIGR0272E error running WASPostUpgrade command on V9.0 base
PI70399 Migration to v9.0 fails when install path contains a space
PI70612 Disable web servers when doing a clone migration
Object Request Broker (ORB) PI69833 Cobol Container support does not work in Websphere Application Server for z/OS version 9.0.
PD tools (for example: Log Analyzer) PI63045 Unable to change log level
PI63178 Hung threads or infinite loop on startup in WeakHashmap.getEntry
PI66579 Deadlock due to frequent log rotation
Plug-in PI65153 HTTP IM plugin does not have visibility to RemoveSpecialHeaders property
PI66812 Plugin for IIS does not initialize correctly
PI67230 z/OS set_attributes does not set a & p attributes for mod_was_ap24_http.so .
PMI/Performance Tools PI67607 Tivoli Performance Viewer does not sum the ConcurrentHungThreadCount
Profile PI66897 Customization temporary directory cannot be shared
Runtime (zSeries®) PI63822 ABEND SEC3,RSN=0406002C does not terminate a WebSphere node agent
PI65437 Servant region abends with ABEND430/ABENDS430 and reason 02390815 during process signal handling
Runtime and Classloader PI54461 Application server process uses wrong hostname to communicate status to node agent
PI58591 Deadlock on startup between two WebSphere server.startup threads
PI62090 Classloader leak problems
Security PI62070 Full chain created in PKCS12 but not for JKS key store
PI62375 Potential code execution vulnerablity in WebSphere Application Server (CVE-2016-5983)
PI63726 Custom Kerberos login module for identity mapping
PI63989 Security auditing enabled log in calls via wsadmin are not being logged when using security_authn.
PI65120 NullPointerException from AdminTask.getInheritedSSLConfig command
PI68115 Remove 3DES ciphers from default cipher list
PI69042 Security crypto jar failed with Not signed by a trusted signer error after upgrade
PI69815 NullPointerException when printing error in WSX509TrustManager
PI70737 Unnecessary setCookie header might be set after applying interim fixes for PI62375.
Servlet Engine/Web Container PI58875 Application is started even though there has been a listener exception during application start up
PI61651 An uncaught exception in javax.servlet.AsyncListener.onComplete() might cause threads to hang
PI64898 Asynclistener in WEBAPPINVOCATIONCOLLABORATION is not being called correctly
PI67093 Information disclosure in IBM WebSphere Application Server CVE-2016-5986
PI67942 javax.servlet.HttpServletRequest.getRequestURI() might return a decoded value after dispatching
PI68061 Option to display customized text for some server errors
PI70493 Unhelpful message: uncaught.init.exception.thrown.by.servlet, logged when exception thrown during servlet initialization
Session Initiation Protocol (SIP) Container PI62617 The SIP container does not support setOutboundInterface() for Proxy and ProxyBranch interfaces
System Management/Repository PI67746 AdminApp.isAppReady() can not retrieve the correct application distribution status in an AdminAgent environment
Transaction Service PI62603 BBOT0004E: RRS SERVICE ATRBACK FAILED WITH RETURN CODE=731 occurs when running request in a local transaction
PI68664 Record-level sharing (rls) is miscalculating the amount of data to be written to partner logs
PI69183 APAR PI18414 may result in the recovery log service using incorrect sequence numbers.
PI69314 Can not find @Transactional annotation
Web Services (for example: SOAP or UDDI or WSGW or WSIF) PI54081 AdminApp.isAppReady and AdminApp.getDeployStatus show incorrect result after app expansion failure
PI56058 JAX-WS throws XMLStreamException upon an XML-SOAP message write attempt
PI58461 WSWS1002E when no matched value returned from servletImplName object from the servletClassMapping hashmap
PI60666 @XmlJavaTypeAdapter annotation failed to work
PI60791 AxisDescription objects might consume excessive memory
PI65925 A JAX-WS web service client does not honor an HTTP 307 redirect received from a web service provider.
PI66557 Information disclosure with malformed SOAP requests
PI67526 JAX-RS 1.1 and 2.0 clients do not contain javax.annotation.* classes as expected
PI67688 RuntimeException: Internal error thrown by org.codehaus.jackson.imp
Web Services Security PI64924 OpenID Connect RP cannot locate key in JWK set
WebSphere Common Configuration Model (WCCM) PI63177 Slow application update for web modules which have many web-inf/lib jars

Fix Pack 9.0.0.1
Fix release date: 16 September 2016
Last modified: 16 September 2016
Status: Superseded

Download Fix Pack 9.0.0.1

Component
Security APAR
APAR
Description
Administrative Console (all non-scripting) PI56391 The please wait icon does not display on the admin screen when an application is uploading
PI59552 Application update corrupted deployment.xml with incorrect appcfg:ApplicationConfig reference.
PI60292 The admin script offered after creating a MailSession via the WebSphere Application Server admininistrative console is incomplete
PI60805 Update the flags on the CSRF token cookie
PI60959 Change in DN name of the certificate if it has special character in the name
PI60992 Unable to change maximum headers value in templates from administrative console.
PI61246 Unable to edit resource adapter custom properties
PI62111 Console displays blank page when "view or download the current web server plug-in configuration file" clicked using Chrome
PI62458 Administrative Console is slow when using fine grained authorization.
PI63851 Going to the default java persistence API settings panel from Dynamic Clusters > Server template causes CWWJP8807E error
PI63993 Knowledge Center used by the administrative console to display console help created indices for unsupported locales
PI64086 Help link on welcome page points to 8.5.5 help instead of 9.0.0 help.
PI64087 32/64 bit checkboxes still show up on proxy and some other panels.
PI64303 Vulnerabilities in Apache Struts affects WebSphere Application Server (CVE-2016-1181, CVE-2016-1182)
PI65059 Administrative console servlet exception in user and groups administrative group roles
PI65218 WebSphere Application Server is affected by Apache Struts vulnerability (cve-2016-3092)
PI65602 SRVE0278E - Missing ibm-web-ext.xmi in iehs.war
PI65760 Map users and groups page not showing available users on the first time the page loads.
Administrative Scripting Tools (for example: wsadmin or ANT) PI59228 Unable to map web module with multi-line display name to server.
PI64075 NullPointerException is thrown with running an ant task using ws_ant command line tool on z/OS
Default Messaging Component PI31587 WebSphere v8.5.5 service integration bus messaging engine fails to start if DB2 version is higher than 10.1
PI56146 When the message load is heavy, some of the messages move to exception destination with the CWSIK0035E exception
PI64827 JMSDestination header field is missing for the MQ inbound messages which don't have destination header information
PI66355 sibDBUpgrade.sh yeilds different results on different Unix-based Operating Systems
Dynamic Cache PI62769 Disk off-load is turned off if app invokes the clearMemory API
EJB Container PI62639 NullPointerException in CDIEJBManagedObjectFactoryImpl.getEjbDescriptor when creating EJB instance to pre-load the bean pool
PI63932 CWNEN0011E during injection for NullPointerException in ResAutoLinkReferenceFactoryImpl
PI63980 Passivation issue with stateful session beans
PI65205 FFDC for TransactionRolledbackException when using UserTransaction in stateful bean ejbRemove method
Federated Repositories PI62166 Allow VMM realms to be added dynamically
General PI36921 Timing issue causes APC to see incorrect value of proactiveIdleStop, resulting in violation of minimum instances
PI40062 Application does not start during server start but then starts from console.
PI49810 Application fails to start after rolling update due to hung MessageReferenceHandler thread
PI52613 SAML SP-initiated web SSO requires dynacache or frontend affinity
PI52756 CDI is activated and generates error with no existence of beans.xml
PI54881 Threads being allocated to access an MDB that has already reached max sessions.
PI55697 OpenID Connect Relying Party: No entry in cache for stateid
PI56589 User/group mapping to a security role fails for EBA application if it belongs to a user registry configured in security domain
PI58114 ClassCastException when an equals comparison query is run on an entity with a composite @EmbeddedId
PI58166 Small timing window causes a deadlock when the APC.predictor custom property is changed
PI58509 DuplicateKeyException after migrating from WebSphere Compute Grid V8 to WebSphere Application Server V8.5
PI58666 JobScheduler in WebSphere Batch fails to start with CWLRB6261E
PI59912 Add ability to move messages from exception destination to the original destination via wsadmin
PI60131 Unavoidable clash detected in bus link
PI61934 runConfigActions fails but returns exit code 0
PI63141 A NullPointerException is encountered when attempting to service a request through the Java ODR causing the request to fail
PI63504 Remove message CPF9E17 when running WebSphere Application Server on IBM i.
PI63536 AdmiAgent login: com.ibm.wsspi.IPluginRegistryFactory getPluginRegistry error getting registry
PI63576 Crash on Microsoft Internet Information Services web server plugin module
PI63586 The application placement controller can not start or stop the server instances in the point cell in the multiple cell topology
PI63621 Singleton beans which are created from annotations may be incorrectly marked as local beans
PI63633 Thread-safety issue in the underlying (Apache) JSF 2.0 code causes WebContainer threads to hang
PI63763 com.ibm.xml.thinclient_9.0.0.jar needs to be com.ibm.xml.thinclient_9.0.jar
PI63906 WebTrustAssociationFailedException thrown by the OpenID Connect Relying Party during authorization
PI63915 Users get duplicate IBM WebSphere Application Server shortcuts on the Microsoft Windows start menu
PI63955 NullPointerException thrown by Weld when injecting an EJB into a CDI managed bean
PI64079 Processing persistence units in application client library jars can yield a NullPointerException.
PI64084 Microsoft Windows start menu items are confusing when multiple profiles created
PI64088 Application archive opened unnecessarily, slows performance
PI64129 CDI applications that inject Validator or ValidatorFactory Beans cannot be failed over in a cluster
PI64136 Portlet container changes to support JSF 2.2 Portlet bridge upload functionality
PI64139 Dynamic updates to JSP files are not picked up.
PI64222 Too many open files exception on property file causing uninstallation of apps deployed by monitored directory
PI64239 NullPointerException in CDIEJBManagedObjectFactoryImpl when accessing EJBs from client application modules.
PI64314 When running the eclenhancer script, errors are not being displayed.
PI64322 The migrateConfigTo85.py script is no longer needed in version 9
PI64324 The -clean option in the eclipse.ini causes issue with eXtreme Scale extension installation for zPMT in V9
PI64326 NullPointerException in CDIEJBManagedObjectFactoryImpl
PI64573 A 403 error may occur when using the OIDC RP
PI64662 When application server and nodeagent restart, bundle cache is re-expanded
PI64795 Move up Weld level to 2.3.4
PI65021 Rollback Batik library to 1.6.1 because it breaks Intelligent Management charting
PI65396 IHS crash in free call when using Intelligent Management
PI65466 OpenID Connect ear and py files and the OpenID py file are missing from IBM embedded WebSphere Application Server
PI65649 renameCell doesn't update some Extreme Scale Domains and health policy targets
PI65751 The interceptedPathFilter OIDC custom property should not be required
PI65815 Denial of service in the Apache Commons FileUpload used for Administering batch jobs using WebSphere Java Batch
PI65853 Websphere Application Server Web Container affected by Apache Struts vulnerability (CVE-2016-3092)
PI66251 REST API Discovery Feature
PI66503 Migration tool generated migration jobs fail to find the migration temp directory due to a typo in the job template
PI66507 CICS abends when starting the WOLA Link Sever on z/OS 2.1
PI66530 ClassCastException when performing server configuration validation
PI67041 PlantsByWebSphere sample application fails for V9
PI67275 SystemExit exception thrown on running workclassoperations.py
PI67535 Incorrect EJB references generated by annotations processing for application client jar files
PI68014 Update sample jobs for FMID HBBO900
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server.
Install PI63766 Java 8 package not automatically selected when Edge Load Balancer package selected in IM 1.8.5
PI64328 Files in the <was_install>/properties folder are being overwritten when fix packs are installed
Java 2 Connectivity (J2C) PI61635 ActivationSpec config IDs are getting updated while making any changes to the existing application configuration
PI61989 Optimize connection pool behavior when the free pool distribution table size is set to one
PI63532 JNDI Lookup Failures
Java Message Service (JMS) PI58640 Exception WSCL0912E : Component could not be initialized running launchClient on Microsoft Windows.
PI59687 Some JMSExceptions related to queue manager connection errors are misidentified and connection cleanup does not occur
PI61894 An MDB app fails to start with EJB error, but the activation spec starts anyway and loops while trying to consume MQ messages
PI64247 Websocket close frame reason code may be inaccurate on double-byte language machines
PI64562 Restarting a cancelled job fails
PI64570 Applications with websocket endpoints using CDI injections may not start correctly
JNDI/Naming PI62810 Naming NMSV0311W message needs to include name of object being updated.
JSP PI63554 HTTP error code: 500 after requesting a JSP page that statically imports more than one file from the same web fragment.
PI65333 A JSP error "unresolved compilation problem" is thrown during runtime
Migration PI64013 WebSphere clone migration option causing CoreGroup runtime issues between old and new servers.
PI64015 WebSphere migration has various application install issues
PI64016 WebSphere migration of Intelligent Management feature causes some server startup issues.
PI64074 Correct missing messages for migrations.
PI64276 WebSphere migration some config data not being migrated properly
Object Request Broker (ORB) PI59076 S0C4-38 Abend from out of a JVM method getOriginalROMMethod+4a
PI63625 0C4 abend in servant because a 64 bit heappool 1 element was overlaid.
PI63926 zWAS crash in SMF code bboodsab.plx on first server startup after an IPL
PD tools (for example: Log Analyzer) PI61135 StackOverflow caused by SLF4J infinite lookup.
PI64143 ISADC tool not working properly for multiple options
PMI/Performance Tools PI60858 NullPointerExceptions on NodeAgent when starting TPVLogging via wsadim for 2 different servers at the same time
PI61355 NullPointerException on nodeAgent when starting TPV Logging for any server in deployment manager.
PI62283 NullPointerException in PMI class ModuleItem
Programming Model Extensions (PME) PI65037 java.lang.IllegalArgumentException: ThreadPool name already defined
Proxy Server PI60985 Add a custom property that will always clear the cache regardless of its state
Runtime PI63963 Rollout of an application edition may fail with error WPVR0011E due to condition WPVR0041W
PI64005 Message UTLS0008W occurs during server shutdown.
PI64315 Unexpected OSGi error log: The bundle is not marked as singleton
PI67176 A NoClassDefFoundError occurs during the static intialization of class com.ibm.ws.naming.util.RasUtil
Security PI32113 During Initialization of the WebSphere Application Server, there is a delay of 5 minutes or more.
PI48386 Extra information in Trace
PI50599 SSL CSR being sent to SSL clients after restarting WebSphere Application Server instead of expected certificate
PI53397 Outbound SSL with two-way SSL handshake fails because WebSphere does not send client certificate to SSL server
PI56086 HMGR0149E exception: The received token starts with null.
PI58172 SSLException error occurred when having a "#" in the keystore or truststore filepath.
PI58717 Unexpected GPF exception BOSSNAP
PI60049 Error WSVR0100W is not providing enough information about why the server fails to start.
PI60545 Gather and report minimal data for a web UI login and logout with audit
PI61077 Limitation of wsadmin API AdminTask AdminTask.exportSAMLSpMetadata
PI61695 NullPointerException for wasadmin AdminTask.mapUsersToNamingRole
PI62619 SAML Web SSO AdminTask command importSAMLIdpMetadata fails
PI63964 Form logout and EJB calls may not work when using JASPI
PI64506 Persona stress runs result in OutOfMemory after several days
PI66137 NullPointerException found in logs when creating the security server.
Servlet Engine/Web Container PI58920 Dispatcher type obtained from HttpServletRequest is not updated on post processes
PI62068 Remove Struts from WebSphere Application Server
PI63745 MessageSentException and NullPointerException thrown on an websocket request
PI63746 StringIndexOutOfBoundsException starting an app with a servlet annotated with @WebServlet("") or with empty servlet mapping
PI63972 Performance issue when running JSP.
PI64127 Add support for JSF 2.2 in Portlet bridge
PI64426 Annotations on instances of HttpUpgradeHandler are not processed
PI65771 Unable to inject programmatically added filters,servlets and listeners.
PI67470 ConcurrentModificationException thrown on getServletWrapper when serveServletsByClassname is enabled
Session Initiation Protocol (SIP) Container PI54003 Leak caused by new ProxyBranch created from response
PI54646 Unable to obtain SipURIs of available outbound interface
PI56387 SIP container incorrectly combines multiple SIP supported headers
PI60893 Deadlock caused by SIP Subscribe
PI61548 Potential Denial of Service in WebSphere Application Server if using SIP services (CVE-2016-2960)
Sessions and Session Management
PI60026 Bypass security restrictions in WebSphere Application Server (CVE-2016-0385)
System Management/Repository PI56966 There is no message logged by the NodeAgent when a server is terminated.
PI63461 AuditServiceProvider and AuditEventFactory settings are overwritten by PFBCT
PI63844 NullPointerException when creating a dynamic cluster
PI63987 Not invalidating generated Managed Beans deployment descriptor with initial deployment of an application.
PI64069 Application upload fails with java.net.SocketException: Invalid argument
PI64685 providerType is null or missing in configuration when JDBCProvider is created using properties file.
PI66884 Application start fails with UndefinedVariableException
Transaction Service PI45254 Collect more serviceability data for transaction log service
PI61057 WTRN0112E errors when running standalone application using the embeddable EJB container
PI61081 J2CA0030E occurs due to DSRA9350E: Pperation connection.commit is not allowed during a global transaction
PI65127 Deadlock issue in tranlog database
PI67082 NullPointerException from InstalledOptionalPackageRepository shows in FFDC logs.
Web Services (for example: SOAP or UDDI or WSGW or WSIF) PI60370 During an installation of a web service application, ADMA0078W might happen.
PI63025 Repeatedly attempting to start an application that will not start might cause a memory leak
PI64053 WSWS7054E is thrown when deploying a JAX-WS web service application
PI64153 java.security.AccessControlException: Access denied ("java.util.PropertyPermission" "*" "read,write") happens in systemout.log
PI64288 ClassNotFoundException occurred when running launchClient script with web service application.
PI64415 Server start becomes slower when more applications are installed
PI64981 Fix Web Services performance drop and WSDL files requiring Internet access to include remote schema file
Web Services Security PI57565 WS-Security does not emit TokenType on reference to SAML toke

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Component":"General","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"9.0","Edition":"Base;Network Deployment","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
10 September 2021

UID

swg27048591

Page Feedback