IBM Support

Fix packs for DataPower Gateway 10.6.0.x

Download


Downloadable File

File link File size File description

Abstract

Lists of fixes in IBM DataPower Gateway 10.6.0.x fix packs.

Download Description

Fix packs and firmware images are located in either Fix Central, Passport Advantage, or the Entitled Registry.

In IBM Knowledge Center you can find information about new and changed features, limitations, and restrictions.

Updated component firmware on HSM-equipped appliances to 2.09-0702

10.6.0.2 updates HSM-equipped appliances to support FIPS 140-3.

  • For HSM-equipped appliances with component firmware 2.09-0702 and later, the following restrictions apply.
    • The key transport algorithm must be rsa-oaep-mgf1p or rsa-oaep.
    • OAEP parameters are unsupported.
    • The OAEP digest algorithm cannot be md5 and ripemd160.
    • For the rsa-oaep key transport algorithm, the OAEP digest algorithm and the MGF algorithm must match.
  • For HSM-equipped appliances with component firmware 2.04-49 and earlier, the key transport algorithm must be rsa-1_5.

Library upgrade to support TLS

10.6.0.0 includes an updated library to support TLS and cryptographic operations. The updated crypto library improves security and usability, but the added complexity of this implementation comes with a performance cost. This update is needed to maintain the proper security posture, which includes CVE updates.

Important



10.6.0.3

Release date: 11 December 2024
Last modified: 11 December 2024
Status: Available

APAR
Description
IT46852 REST LOADCONFIGURATION WITH NESTED OBJECTS OR ARRAYS MIGHT RESULT IN AN INCORRECT CONFIGURATION
IT46861 REMOVE INTERNAL USER SESSIONS FROM THE LIST OF ACTIVE USERS
IT47054 WEB SERVICE PROXY WIZARD DISPLAYS (NONE) FOR ALL PROCESSING RULES WHEN NOT USING THE DEFAULT POLICY
IT47059 IN NEW GUI, EDITING A FILE IN NESTED DIRECTORY ON AN OBJECT PAGE CAN RETURN AN ERROR
IT47116 AUTOMATIC DRR SHOULD RESULT IN THE SAME CONFIGURATION AS A MANUAL DRR
IT47124 IN POLICY EDITOR, STYLESHEET PARAMETERS WITHOUT A TYPE DO NOT DISPLAY
IT47158 GATEWAY PEERING MONITOR DOES NOT STOP WHEN DOMAIN IS DISABLED OR QUIESCED
IT47183 APIC V5C UDP MIGHT THROW UNEXPECTED ERROR FOR A KEY IN THE CONFIGURATION TO IMPORT
IT47184 UPDATE DATAPOWER REDIS LIBRARY TO ADDRESS CVES - CVE-2024-31449 & CVE-2024-31228
IT47185 GATEWAY MIGHT RESTART IF GATEWAY PEERING IS DOWN DUE TO THE REFERENCED PEERING GROUP BEING DOWN.
IT47186 REMOVING GATEWAY-PEERING PRODUCT LINKS CAN RESULT IN UNEXPECTED BEHAVIOR
IT47187 API CONNECT GATEWAY EXTENSION CANNOT COMPLETE IF A PREVIOUS EXTENSION CONTAINED AN INVALID EXTENSION
IT47190 RATE LIMIT STATUS PROVIDER NOT RESET CORRECTLY
IT47191 REPEATEDLY CREATING AND DELETING APIC CATALOGS FROM A SCRIPT CAN CAUSE AN ERROR
IT47193 APIC GRAPHIQL EDITOR DOES NOT UNDERSTAND NEW OPTIONS
IT47227 APIC V5C UDP POLICY DELETE MIGHT LEAVE ORPHANED OBJECTS
IT47228 B2B GATEWAY MIGHT RESTART WHEN AN ERROR OCCURS IN A ONE-WAY PULL TO AN INBOUND GATEWAY
IT47240 API GATEWAY INCORRECTLY REJECTS INTEGERS WITH EXPONENTS AS INCORRECT PARAMETERS
IT47242 API GATEWAY INCORRECTLY REJECTS FLOATING POINT NUMBER WITH EXPONENT AS INCORRECT PARAMETER
IT47257 APIC PARAMETER VALIDATION ERROR SHOULD RETURN HTTP 400 RESPONSE CODE
IT47258 OUTBOUND SNI SETTINGS FOR A DATAPOWER MQ CLIENT MIGHT NOT BE APPLIED AFTER THE CONFIGURATION CHANGE
IT47304 DATAPOWER MIGHT RESTART WHEN ADDING A GATEWAY-PEERING INSTANCE TO A GATEWAY-PEERING GROUP
IT47386 DATAPOWER GATEWAY MIGHT HANG AND RESTART WHEN PROCESSING HIGH RATES OF HTTP/2 TRAFFIC
IT47394 HIGH SEVERITY VULNERABILITY IN MQ (CVE-2024-25016)
IT47395 ADDRESS FALSE POSITIVE RESULTS FROM VULNERABILITY SCAN

10.6.0.2

Release date: 30 October 2024
Last modified: 30 October 2024
Status: Available

APAR
Description
IT45888 DATAPOWER MIGHT WATCHDOG RELOAD DURING THE PROCESSING OF A SAVE INTERNAL-STATE COMMAND.
IT46468 HTTP/2 SHOULD WORK WITH TLS 1.2 AND TLS 1.3 OR WITH ONLY TLS 1.3
IT46594 PING EBMS DESTINATION ACTION IS MISSING IN THE NEW UI
IT46627 DATAPOWER MIGHT RESTART AFTER A STATIC ROUTE IS ADDED
IT46633 DATAPOWER MIGHT RESTART WHEN ASYNCHRONOUS GATEWAYSCRIPT WRITES TO OUTPUT AFTER THE CONNECTION IS CLOSED
IT46665 THE PROBE OF INTERNAL RULES/ACTIONS SHOULD NOT BE COLLECTED
IT46718 UPDATE SERVER SUBSCRIPTION WHEN ORG AND CAT NAME CHANGE IN AN API COLLECTION
IT46756 PREVENT AUTOFILLED PASSWORD FIELD FROM BEING USED TO DISPLAY CERTIFICATE DETAILS
IT46760 FOR OAUTH PROVIDER, REQUEST BODY PARAMETERS MIGHT NOT BE REDACTED BEFORE THEY ARE SENT TO THE ANALYTICS ENDPOINT
IT46764 THE AAA CONFIGURATION EDIT SEEMS TO BE WORKING INCORRECTLY IN THE NEW DATAPOWER UI
IT46836 DATAPOWER RELOAD OCCURS WHEN ATTEMPTING TO PROCESS AN EMPTY OAUTH TOKEN
IT46867 APIC GATEWAY SERVICE ERROR SHOULD TRIGGER CATALOG REFRESH
IT46868 UI DOES NOT SHOW NEWLY UPLOADED FILE IN APPLICATION DOMAIN
IT46869 SPECIAL CHARACTERS NOT RECOGNIZED IN LDAP XSL CONFIGURATION
IT46870 TIMEOUT IS NOT CONSIDERED IN AN SOAP TCPCONNECTIONTEST REQUEST.
IT46875 CATALOG UPDATES THAT FAIL TO COMPLETE SUCCESSFULLY MIGHT STILL RETURN OK RESPONSE
IT46891 WHEN UNITS-OF-WORK IS ENABLED, THE TRANSACTION CANNOT COMPLETE IF THE REPLY2QM IN MQMD IS NOT FOUND
IT46896 FROM AN OBJECT CONFIGURATION, THE SHOW COMMAND WITH AN EXTRA SPACE CAUSES A RESTART
IT46897 GATEWAY MIGHT RESTART WHEN MODIFYING GATEWAY PEERING OBJECT TO CHANGE LOCAL ADDRESS
IT46898 GATEWAY MIGHT RESTART WHEN RUNNING GATEWAYSCRIPT DURING REPUBLISH
IT46899 DATAPOWER MQV9 CONNECTION ERROR REASON CODE 2393
IT46905 WSP POLICY RULES NOT SHOWN FOR AN OPERATION IN NEW UI
IT46918 USE OF ELEMENTS WITH THE SAME LOCAL-NAME() RESULT IN FAILURE WITH WSDL FILES THAT ARE SET FOR STRICT CONFORMITY.
IT46946 GATEWAY SERVICE MIGHT FAIL TO PROCESS CHANGES FOR A CATALOG THAT CONTAINS OAUTH CONFIGURATIONS.
IT46962 OVA DATAPOWER PLATFORM DOES NOT ALLOW NTP TO BE SET BY OVF-ENV.XML
IT46973 Upgrading can cause XSLT to fail, DataPower cannot handle valid use of @xsi:nil
IT46984 RATE LIMIT HEADERS FOR ASSEMBLY COUNT LIMITS ARE MISSING FOR API REQUEST
IT46992 SNI MAPPING DOES NOT UPDATE WITH NEW CERTIFICATE
IT46998 API COLLECTION WITH % IN ORGANIZATION NAME OR ID MIGHT CAUSE GATEWAY RESTART
IT47001 APIC GATEWAY MIGHT RESTART IF OAUTH REFRESH TOKEN IS MISSING REQUIRED ELEMENTS
IT47005 APIC PARSES MIME BOUNDARY STRINGS INCORRECTLY
IT47006 UNCAUGHT EXCEPTION IN API CONNECT GATEWAY SERVICE WHEN THERE IS NO DATA IN GATEWAY PEERING DATABASE FOR A CATALOG
IT47007 API MANAGER REGISTRY UPDATE SHOULD CLEAR XSLT CACHE FOR NEW/UPDATED FILES
IT47021 MEDIUM SEVERITY VULNERABILITY IN NSS (CVE-2023-6135)
IT47117 API GATEWAY MIGHT NOT GET ITS FULL CONFIGURATION AFTER A RESTART
IT47122 UPDATE KERNEL TO ADDRESS SEVERAL FALSE POSITIVE VULNERABILITIES
IT47123 DATAPOWER MQ CLIENT REPORTS MESSAGE CODE 0X8D200052 "THE (XYZ) REQUEST FAILED (2500)"
IT47127 UPDATE XML LIBRARY TO ADDRESS CVE-2024-25062
IT47128 MEDIUM SEVERITY VULNERABILITIES IN KERNEL - CVE-2023-52340 & CVE-2023-25775
IT47143 HIGH SEVERITY VULNERABILITY IN NODE - CVE-2024-45590 & CVE-2024-45296
IT47144 HIGH SEVERITY VULNERABILITY IN DPOS - CVE-2024-2961
IT47145 MEDIUM SEVERITY VULNERABILITY IN KERNEL - CVE-2024-22365
IT47226 NETWORK DENIAL OF SERVICE IN OS KERNEL - CVE-2023-52881

10.6.0.1

Release date: 28 August 2024
Last modified: 28 August 2024
Status: Available

APAR
Description
IT44550 DATAPOWER LOGS ERROR READING FROM CONNECTION: SYSTEM ERROR (110)
IT44570 AMQP HANDLER STUCK IN PENDING STATE AFTER APPLYING CONFIGURATION CHANGES.
IT44571 WHILE LOADING, AMQP HANDLER STOPS PULLING MESSAGES.
IT44865 MODIFYING THE RETRY INTERVAL OR THE COMMENT FIELD OF THE AMQP BROKER CAN CAUSE THE OBJECT TO GO DOWN IN THE PENDING STATE.
IT44904 DATAPOWER MIGHT RELOAD WHEN THE AMQP CONNECTION FOR THE AMQP URLOPENER IS BROKEN DUE TO NETWORK ERRORS
IT45143 LOG TARGET TRIGGER MIGHT HANG DURING A COPY OR MOVE OPERATION AGAINST AN EXTERNAL SERVER
IT45289 DATAPOWER VULNERABILITY FOR ERROR MESSAGE VERBOSITY
IT45380 SECURE BACKUP TIMES OUT AFTER UPGRADE
IT45389 API CONNECT GATEWAY EXTENSIONS MIGHT CAUSE HIGH MEMORY USE.
IT45793 TLS BAD LENGTH ERROR WHEN USING TLS VERSION 1.3 AND SESSION CACHING.
IT45832 DATAPOWER MIGHT RELOAD WHEN USING SELECT=XSL:NIL FOR AN XSLT TEMPLATE PARAMETER.
IT45849 DATAPOWER DOES NOT ALLOW THE SETTING OF A CUSTOM TLS PROFILE FOR WSDL RETRIEVAL.
IT45999 LOGS FOR THROTTLER USAGE CONTAIN AN INCORRECT VALUE FOR TOTAL TEMPORARY SPACE.
IT46069 ADD XSLT EXTENSION FUNCTION APIM:GETREGISTRY TO THE API GATEWAY XSLT COMPATIBILITY MODULE
IT46140 IN NEW UI, CERTIFICATE DETAILS IS MISSING
IT46150 SUPPRESS HTTP/2 HOST HEADER IN REQUEST
IT46160 NEW PROBE SHOWS INCORRECT OUTPUT IN XML FORMAT.
IT46184 AFTER UPGRADE, PREVIOUS VERSION OF ILMT SWIDTAGS MIGHT PERSIST AND BE INCLUDED IN SCAN REPORTS
IT46214 API CONNECT GATEWAY SHOULD ALLOW CASE-INSENSITIVE WSDL QUERY PARAMETER FOR WSDL RETRIEVAL
IT46248 API MANAGER DOES DETECT SEMANTIC SWAGGER ERRORS IN THE API THAT THE GATEWAY DETECTS.
IT46253 DATAPOWER RETURNS INCORRECT TIME REPRESENTATION.
IT46255 DATAPOWER UI AND REST MANAGEMENT REQUESTS DO NOT RETURN WARNINGS FOR FIRMWARE UPDATE ACTION.
IT46260 DATAPOWER UI DOES NOT DISPLAY LOGS THAT ARE NOT WRITTEN TO THE LOGTEMP: DIRECTORY.
IT46269 THE DEFAULT RECURSION LIMIT FOR REGULAR EXPRESSION CAUSES STACK OVERFLOW IN DATAPOWER.
IT46273 DATAPOWER MQV9+ CONFIGURATION FOR WS ENDPOINT REWRITE POLICY IS LOST ON SHUTDOWN OR RESTART
IT46278 APIC ERROR WHEN USING WSDLS WITH A DEFAULT XML NAMESPACE
IT46279 OPEN OBJECT LIST LOG LINKS IN NEW TAB
IT46299 WRONG STATUS CODE IN ACTIVITY LOG WITH ENABLED FORCEHTTP500FORSOAP11 TOGGLE
IT46315 API GATEWAY CANNOT COME UP AFTER DRR DUE TO PORT BIND ERROR
IT46326 IN NEW UI, CANNOT ENABLE OR DISABLE MEMBERS IN A LOAD BALANCER GROUP
IT46335 THE ADD WSDL INPUT FIELD FOR THE WSDL FILE URL CANNOT HANDLE URLS PROPERLY.
IT46340 IN NEW UI, EXPORT ACTION DOES NOT EXPORT ALL DOMAINS
IT46345 IN NEW UI, PROBE SCREEN STUTTERS WHEN SCROLLING THROUGH THE TRANSACTION LIST
IT46347 TCP PORT STATUS FILTER RESETS WHEN SCROLLING THROUGH RESULTS
IT46355 PARSED OBJECTS DOES NOT SERIALIZED TO THE BACKEND IF PROBE ENABLED
IT46376 WHEN NBLEAK IS ACTIVE, DATAPOWER MIGHT RESTART DURING AN OAUTH AUTHORIZATION CALL
IT46385 IN NEW UI, THE UNDO OPERATION FOR COMPARE CONFIGURATION MIGHT FAIL
IT46407 DATAPOWER MIGHT RELOAD WHILE PROCESSING AN XSLT
IT46418 FOR API GATEWAY, API QUERY PARAMETER PROCESSES INCORRECTLY WHEN THE QUERY NAME IS ENCODED IN THE URL
IT46426 MQV9+ HANDLER STOPS RETRIEVING MESSAGES FROM QUEUE
IT46438 REQUEST OR RESPONSE TYPE SOAP SERVICE CANNOT CORRECTLY PROCESS JSV VALIDATE ACTION IN RULE.
IT46454 WHEN A HEADER IS GREATER THAN 16 KB, SERVICE MIGHT THROW AN ERROR FOR A TLS HTTP/1.1 REQUEST
IT46479 DATAPOWER MIGHT LOAD DURING GARBAGE COLLECTION OF JSON KEYS
IT46480 IN OCP ENVIRONMENT THAT USE LOAD BALANCING FOR ROUTES, UI USAGE MIGHT FAIL
IT46484 WHEN REPLY-TO-Q IS SET TO EMPTY, MQV9+ HANDLER TRIES TO OPEN THE QUEUE
IT46493 DO NOT ALLOW UI TO RESET DEFAULT DOMAIN
IT46494 NOT ALL MEMORY RECOVERED WHEN USING PROBE
IT46495 ZE IT43340 FIX APAR - PLAN.SPACEID IS NOT AVAILABLE IN THE V5C CONTEXT
IT46512 DATAPOWER MIGHT RELOAD WHEN A NEW CONNECTION IS CREATED IN THE FAP CONNECTION POOL
IT46513 MEMORY LEAK WHEN USING APIGW:SET-VARIABLE EXTENSION FUNCTION IN XSLT OR GATEWAY SCRIPT
IT46531 APIGW V10 APIM MODULE COMPATIBILITY ISSUE WITH APIM.GETVARIABLE(REQUEST.BODY.SOMEPROPERTY)
IT46595 UI DOES NOT DISPLAY TEXT WHEN FONT DOWNLOADS FAIL
IT46612 PROBLEM PARSING MIME DATA MIGHT CAUSE PART OF PAYLOAD TO BE SKIPPED IN API CONNECT API CALL
IT46639 DATAPOWER XML FIREWALL PROBE CAPTURE MIGHT RESTART WHEN FILTERING BY PATH
IT46644 API CONNECT GATEWAY ON TENANTS MIGHT NOT START DUE TO NTP SERVICE
IT46662 DATAPOWER EBMS3 MIGHT USE WRONG DESTINATION ENCRYPTION SETTINGS IN B2B EXTERNAL PARTNER PROFILE
IT46663 DATAPOWER B2B GATEWAY SHOULD TREAT AS4 MESSAGE AS BINARY IF NO PARTINFO MIMETYPE IS FOUND
IT46664 UI FILE MANAGEMENT CANNOT COPY FILES TO NEWLY CREATED DIRECTORY
IT46666 RATE LIMIT REMAINING MIGHT BE UNSYNCED AFTER GETTING EVICTED EVENT.
IT46667 DEPLOYING LARGE GATEWAY EXTENSION MIGHT CAUSE LONG DEPLOYMENT DURATION.
IT46678 HIGH SEVERITY VULNERABILITY IN GLIBC
IT46680 CLIENT KEY FAILED TO BE UPDATED WITH SPECIAL CHARACTER IN KEY
IT46681 UNEXPECTED REMAINING IN LOCAL WHEN USING IPV6 ADDRESSES FOR RATE LIMIT GATEWAY PEERING IN CLUSTER MODE
IT46682 IN NEW UI, AUDIT RECORDS REPORT INCONSISTENT INTERFACE TYPE
IT46684 GATEWAY-PEERING GROUP CANNOT BE DELETED WHEN THE DOMAIN IS DELETED
IT46685 INTERMITTENT CRASH OCCURS WITH GATEWAY PEERING STATUS
IT46686 POTENTIAL DATA TRUNCATION AND DOS VULNERABILITY IN KERBEROS
IT46687 MEDIUM SEVERITY VULNERABILITIES IN KERNEL
IT46688 MEDIUM SEVERITY VULNERABILITY IN GO (CVE-2024-24789)
IT46689 HIGH SEVERITY VULNERABILITY IN NODE.JS (CVE-2024-22020)
IT46692 UPDATE NODEJS LIBRARY TO ADDRESS CVE-2024-4067
IT46693 UPDATE PYTHON LIBRARY TO ADDRESS CVE-2023-27043
IT46694 UPDATE OPENSSH LIBRARY TO ADDRESS CVE-2024-6387
IT46695 ADDRESS MEMORY LEAK IN FORM DATA
IT46696 SIGNATURE PAYLOAD STORED AS BINARY
IT46697 HIGH SEVERITY VULNERABILITY IN NODE.JS BRACES MODULE (CVE-2024-406)
IT46698 ENHANCE THE LOGIC OF MULTIPLE API CANDIDATES SCENARIO IN API ROUTING
IT46700 UNABLE TO OVERRIDE OAUTH-PROVIDER WHEN DEPLOY SET TO IMMEDIATE
IT46701 GWD ABILITY TO RECOVER WHEN RESTARTING DURING THE DEPLOYMENT OF LARGE EXTENSIONS
IT46708 DATAPOWER MIGHT HANG OR RESTART WHEN PROCESSING 10 GB OR LARGER DATA
IT46715 UI HANGS WHEN TRYING TO ACCESS WSP CONFIGURED WITH EMBEDDED POLICIES
IT46716 WEB SERVICE PROXY DOES NOT WORK WELL WITH GITOPS
IT46717 IN NEW UI, DOMAIN BACKUP-RESTORE OR EXPORT ACTIONS CAUSES CLI SESSIONS TO FREEZE
IT46719 PROBE SETTINGS UPDATED BY THE COMMIT OF THE GATEWAY PEERING MANAGER
IT46731 ADDING GATEWAY SERVICE TO A CATALOG RESPONDS WITH A 504 TIMEOUT
IT46732 API GATEWAY JSONATA EXPRESSION CAN NOW COERCE RESULTS INTO AN ARRAY
IT46740 PROCESSING OF CLOUD SNAPSHOT BY DATAPOWER (APIC-GW-SERVICE) MIGHT NOT BE REFLECTED IN CLOUD MANAGEMENT CONSOLE
IT46747 DATAPOWER MIGHT RELOAD WHEN GATEWAY PEERING USES A PEER GROUP AND PEERS HAVE DIFFERENT LENGTHS OF IP ADDRESSES
IT46906 API GATEWAY RESTARTS WHEN CLIENT SECURITY POLICY USES EXTRACT CREDENTIAL METHOD FROM HTTP

10.6.0.0

Release date: 13 June 2024
Last modified: 13 June 2024
Status: Available

APAR
Description
IT44550 DATAPOWER LOGS ERROR READING FROM CONNECTION: SYSTEM ERROR (110)
IT45245 DATAPOWER MIGHT RESTART WHEN MONITORING GATEWAYSCRIPT FILES FOR UPDATES
IT45515 API GATEWAY REJECTS CALLS WHEN A HEADER NAME STARTS WITH '-'.
IT45786 DATAPOWER SHOULD NOT ALLOW DUPLICATE ENTRIES UNDER SFTP CLIENT POLICIES FOR USER AGENT
IT45833 MEDIUM SEVERITY VULNERABILITIES IN GOLANG
IT45855 MQV9+ OR MQMFT MIGHT NOT RETRIEVE MESSAGES WHILE UNITS-OF-WORK IS ENABLED
IT45966 API GATEWAY API WITH LONGEST BASE PATH IS NOT ROUTED WHEN THERE ARE MULTIPLE CANDIDATES.
IT45973 INCORRECT VALUE OF $(API.OPERATION.PATH) WHEN PATTERN KEYWORD IS SPECIFIED IN THE PATH PARAMETER.
IT46008 CSS BANNER NOT DISPLAYED IN NEW UI.
IT46030 COMPATIBILITY ISSUE OF OBJECT.PROTOTYPE.TOSTRING AFTER UPGRADE.
IT46043 CANNOT CONVERT API YAML OF FORCEHTTP500FORSOAP11 TO DATAPOWER CONFIGURATION.
IT46052 REMOVE THE ANGULAR.JS LIBRARY.
IT46054 CORRUPTED BINARY ATTACHMENTS IN MULTIPART HANDLING.
IT46061 DATAPOWER MIGHT RESTART WHEN PREPARING FOR USER ACTIVITY SUCH AS IMPORT, EXPORT, AND SO FORTH.
IT46062 APIM.SETVARIABLE OF MESSAGE.STATUS.CODE NEEDS TO SET THE REASON PHRASE WHEN INCLUDED.
IT46070 API GATEWAY LOGS MIGHT CONTAIN SPECIAL CHARACTERS FOR THE SPACE NAME.
IT46079 THE QUERY PARAMETER VALIDATION DOES NOT SUPPORT THE URL-ENCODED FORMAT.
IT46081 ADDRESS FALSE POSITIVE FINDINGS IN VULNERABILITY SCANS.
IT46096 WRONG API PARAMETER TYPE WHEN THE FORMAT IS BYTE, BINARY, DATE, DATE-TIME, OR PASSWORD.
IT46101 DATAPOWER B2B EBMS3 SOAP 1.2 MESSAGES INCORRECTLY SET THE MUSTUNDERSTAND ATTRIBUTE.
IT46105 UPDATE NODEJS LIBRARY TO ADDRESS CVE-2024-27982
IT46108 API WITH CONSUME DECLARATION DOES NOT HAVE A HIGHER PRIORITY.
IT46116 MIGRATED V5 POST RESPONSE EXTENSION CORRUPTS CLIENT RESPONSE
IT46117 GATEWAYSCRIPT MIGHT NOT THROW AN ERROR WHEN THE BUFFER OBJECT IS ACCESSED OUT OF BOUND.
IT46118 THE API GATEWAY MIGHT RESTART WHEN SENDING A MULTIPART MESSAGE WITH AN INVALID INVOKE URL IN THE INVOKE ASSEMBLY ACTION.
IT46119 API SUBSCRIPTION SERVICES WITH SAME BASE PATH AND OPERATION RETURN THE WRONG RESPONSE.
IT46131 API RATE LIMIT STATUS DOES NOT RETURN DATA FROM SECONDARY GATEWAY-PEERING INSTANCES.
IT46132 DATAPOWER FOR LINUX, SECURE RESTORE DOES NOT RESET THE PASSWORD FOR THE ADMIN ACCOUNT.
IT46135 TEMPORARY FILES THAT GATEWAYSCRIPT GENERATE DO NOT HONOR THE TTL IF A RELOAD HAPPENS BEFORE TTL IS REACHED.
IT46145 DATAPOWER FOR VMWARE, NEW UI DOES NOT DISPLAY ALL RAID ARRAY ACTIONS.
IT46146 REST API RETURNS NUMBER VALUES FOR THE NAME INSTEAD OF A STRING VALUE.
IT46156 DATAPOWER MQ CLIENT MIGHT GET UNEXPECTED CONNECTION ERRORS
IT46167 UNEXPECTED 404 RESPONSE FOR AN API PATH WITH MANY SPECIAL CHARACTERS.
IT46196 PROBE CANNOT CAPTURE TRANSACTIONS AFTER THE PROBE CAPTURE IS DELETED AND RE-CREATED.
IT46197 DATAPOWER MIGHT RESTART AFTER UPDATING OBJECTS IN CONFIGURATION SEQUENCES.
IT46255 DATAPOWER UI AND REST MANAGEMENT REQUESTS DO NOT RETURN WARNINGS FOR FIRMWARE UPDATE ACTION.
IT46261 GATEWAY PEERING GROUP MIGHT BE OPERATIONAL UP WHILE INVALID LOCAL NODE IS DEFINED FOR CLUSTER MODE.
IT46271 AFTER AN IRREGULAR RESTART, THE DATAPOWER APPLIANCE HAS OLD VERSIONS OF OBJECTS.
IT46274 UPDATE KERNEL TO ADDRESS CVE-2023-4016.
IT46276 UPDATE KERNEL TO ADDRESS MULTIPLE CVES.
IT46277 UPDATE KERNEL TO ADDRESS CVE-2023-38403.
IT46284 DATAPOWER MIGHT RESTART AFTER DISABLING OR DELETING A GATEWAY-PEERING CLUSTER NODE.
IT46285 API CONNECT GATEWAY SERVICE MIGHT RESTART WHEN /GATEWAY-SERVICE-CONFIGURATION-DELETE IS INVOKED WITH NO BODY.
IT46286 INCORRECT COUNT OF CAPTURED TRANSACTIONS IN THE NEW PROBE.
IT46292 ITX TAG MISSING FROM ILMT-SCAN IN ALL RELEASES
IT46293 MEMORY LEAK ON QUERYING SUBSCRIPTION WITH PATTERN
IT46294 CLEAN UP REFERENCE TO REMOVED CATALOG
IT46301 MEMORY LEAK TO ROUTE AN API CONNECT API WITH QUERY, HEADER, OR FORM PARAMETERS.
IT46324 ENABLING TLS ON GATEWAY PEERING GROUP MIGHT HANG GATEWAY
IT46448 CRITICAL SEVERITY VULNERABILITY IN OPENSSL (CVE-2024-4741)
IT46457 LOW SEVERITY VULNERABILITY IN OPENSSL (CVE-2024-4603)
IT46602 LOW SEVERITY VULNERABILITY IN OPEN-VM-TOOLS (CVE-2023-20867)
IT46621 RMI REQUESTS SHOULD BE REPORTED IN ACTIVE USERS STATUS PROVIDER
IT46823 HIGH SECURITY VULNERABILITY IN KERNEL

Change history
Last modified: 11 December 2024

  • 11 December 2024: Added fix list for the 10.6.0.3 fix pack.
  • 30 October 2024: Added fix list for the 10.6.0.2 fix pack.
  • 28 August 2024: Added fix list for the 10.6.0.1 fix pack.
  • 13 June 2024: Added fix list for the 10.6.0.0 fix pack.

Off

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB67","label":"IT Automation \u0026 App Modernization"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SS9H2Y","label":"IBM DataPower Gateway"},"ARM Category":[{"code":"a8m50000000L0rqAAC","label":"DataPower"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"10.6.0"}]

Problems (APARS) fixed
IT44550; IT45245; IT45786; IT45833; IT45855; IT45966; IT45973; IT46008; IT46030; IT46043; IT46052; IT46054; IT46061; IT46062; IT46070; IT46079; IT46081; IT46096; IT46101; IT46105; IT46108; IT46116; IT46117; IT46118; IT46119; IT46131; IT46132; IT46135; IT46145; IT46146; IT46156; IT46167; IT46196; IT46197; IT46255; IT46261; IT46271; IT46274; IT46276; IT46277; IT46284; IT46285; IT46286; IT46292; IT46293; IT46294; IT46301; IT46324; IT46448; IT46457; IT46602; IT45515; IT44550; IT44570; IT44571; IT44865; IT44904; IT45143; IT45289; IT45380; IT45389; IT45793; IT45832; IT45849; IT45999; IT46069; IT46140; IT46150; IT46160; IT46184; IT46214; IT46248; IT46253; IT46255; IT46260; IT46269; IT46273; IT46278; IT46279; IT46299; IT46315; IT46326; IT46335; IT46340; IT46345; IT46347; IT46355; IT46376; IT46385; IT46407; IT46418; IT46426; IT46438; IT46454; IT46479; IT46480; IT46484; IT46493; IT46494; IT46495; IT46512; IT46513; IT46531; IT46595; IT46612; IT46639; IT46644; IT46662; IT46663; IT46664; IT46666; IT46667; IT46678; IT46680; IT46681; IT46682; IT46684; IT46685; IT46686; IT46687; IT46688; IT46689; IT46692; IT46693; IT46694; IT46695; IT46696; IT46697; IT46698; IT46700; IT46701; IT46708; IT46715; IT46716; IT46717; IT46719; IT46731; IT46732; IT46740; IT46747; IT46823; IT46906; IT46621; IT45888; IT46468; IT46594; IT46627; IT46633; IT46665; IT46718; IT46756; IT46760; IT46764; IT46836; IT46867; IT46868; IT46869; IT46870; IT46875; IT46891; IT46896; IT46897; IT46898; IT46899; IT46905; IT46918; IT46946; IT46962; IT46973; IT46984; IT46992; IT46998; IT47001; IT47005; IT47006; IT47007; IT47021; IT47117; IT47122; IT47123; IT47127; IT47128; IT47143; IT47144; IT47145; IT47226; IT46852; IT46861; IT47054; IT47059; IT47116; IT47124; IT47158; IT47183; IT47184; IT47185; IT47186; IT47187; IT47190; IT47191; IT47193; IT47227; IT47228; IT47240; IT47242; IT47257; IT47258; IT47304; IT47386; IT47394; IT47395;

Document Information

Modified date:
11 December 2024

UID

ibm17156692