Readme for IBM Cloud Pak for Business Automation 24.0.0 IF004

Fix Readme

Abstract

The following document is for IBM Cloud Pak for Business Automation 24.0.0 IF004. It includes the CASE package download, installation information, and the list of APARs/Known Issues that are resolved in this interim fix.

Content

Readme file for:	IBM Cloud Pak® for Business Automation
Product Release:	24.0.0
Update Name:	24.0.0 IF004
Fix ID:	24.0.0-WS-CP4BA-IF004
Publication Date:	31 January 2025

Prerequisites and supersedes
Components impacted
Before installation
Installing the interim fix
Performing the necessary tasks after installation
Uninstalling
List of fixes
Known Limitations
Document change history

Prerequisites and supersedes

Supersedes all prior interim fixes for Cloud Pak for Business Automation 24.0.0.

Components impacted

General
Cloud Pak for Business Automation Operator
Automation Document Processing
Automation Decision Services
Business Automation Application
Business Automation Insights
Business Automation Navigator
Business Automation Studio
Business Automation Workflow including Automation Workstream Services
Enterprise Records
FileNet Content Manager
Operational Decision Management
User Management Service
Workflow Process Service

Before installation

Ensure you take regular backups of any databases associated with the environment.
Ensure your operators are in a healthy state, before upgrading.
If one or more operators are failing, then it can prevent the system from completing an upgrade.
It is recommended to check a few of the important CR statuses to ensure there are not failures and the statuses appear ready for the various installed components. Check the status of the following CRs when they exist:

oc get icp4acluster -o yaml 
oc get content -o yaml
oc get Foundation -o yaml

Remove any image settings in CRs
If you used any individual image tag settings in your CRs, it could prevent the operator from updating the images to the appropriate version. Ensure you remove any of these settings when you upgrade. This doesn't apply to starter installation as it requires a new install.

Installing the interim fix

This interim fix contains the following version of Cloud Pak for Business Automation and Cloud Pak Foundational Services (CPFS):

Cloud Pak for Business Automation 24.0.0-IF004
Cloud Pak Foundational Services 4.6.9

Note: This interim fix only supports the Cloud Pak Foundational Services listed above. It is important that you deploy or upgrade Cloud Pak for Business Automation using the catalog sources in this readme document. If you have other Cloud Paks installed on the same OCP cluster, be sure to check the compatibility of the Cloud Pak Foundational Services versions listed above with other Cloud Paks' specifications.

Cloud Pak for Business Automation (CP4BA) 24.0.0 interim fixes are released to the v24.0 operator channel. Once the operators are upgraded, it triggers rolling updates for all the pods it manages to ensure they are updated to the appropriate version to match the operator.

Step 1: Download the installation and upgrade scripts

Download the 24.0.0 IF004 branch by using the following git clone command.
```
git clone -b 24.0.0-IF004 https://github.com/icp4a/cert-kubernetes.git
```

Step 2: Perform an online/offline fresh installation or an upgrade on an existing online/offline deployment.

Depending on the current setup and state of your existing environment, there are various actions that need to be taken. The following scenarios cover what actions might be needed for a particular setup.

For an upgrade scenario, these are the Cloud Pak foundational services migration modes supported -

Migration Mode	Support
Cluster-scoped to Namespace-scoped	Supported (This is the recommended approach if your current deployment is using cluster-scoped CPFs)
Namespace-scoped to Namespace-scoped	Supported (If your CPFs deployment is already namespace-scoped, then continue to remain at namespace-scoped)
Cluster-scoped to Cluster-scoped	Not Supported (Please follow the recommended upgrade from Cluster-scoped to Namespace-scoped for CPFs)
Cluster-scoped ("All namespaces") to Cluster-scoped ("All namespaces")	Supported ( There is no migration path from Cluster-scoped ("All namespaces") to Namespace-scoped )

Note: The recommended migration mode for an instance with cluster scoped Cloud Pak foundational services is to namespace scoped Cloud Pak foundational services.

Scenario 1: You are installing a Starter deployment online or have an existing online Starter deployment
Warning: If you have an existing Cloud Pak Foundation Services instance installed at the cluster scoped level or in the namespace where CP4BA is being installed, then it is not supported. The Starter deployment of CP4BA is only supported when deploying into a new namespace without CPFs.
Actions: Starter deployments do not support upgrades; however, you can use this interim fix content to perform a Starter deployment. To deploy a Starter deployment using the content of this interim fix, please see install a new Starter environment and use the installation scripts from the branch that you cloned above.
Scenario 2: You are installing online Production deployment
Warning: If you have an existing Cloud Pak Foundation Services instance installed at the cluster scoped level or in the namespace where CP4BA is being installed, then it is not supported. The Production deployment of CP4BA is only supported when deploying into a new namespace without CPFs.
Actions: To deploy an online Production deployment without using a local registry, please follow steps in install a new online Production environment and use the installation scripts from the branch that you cloned above.
Scenario 3: You are installing offline/airgap Production deployment
Warning: If you have an existing Cloud Pak Foundation Services instance installed at the cluster scoped level or in the namespace where CP4BA is being installed, then it is not supported. The Production deployment of CP4BA is only supported when deploying into a new namespace without CPFs.
Note: As prerequisites for this scenario, you must follow steps here to set up the bastion host to mirror images to the registry and further to set up the private registry. The mirroring of images can be completed using "oc mirror" for the mirroring images process. If you are looking to install only a set of capabilities then you can make use of filters listed in Table 1 so that you can only download the specific set of images that you require.Please note that if the set of capabilities includes Business Automation Workflow,Process Federation Server,Workflow Process Service or Business Automation Insights make sure to include the filter "ibm_es_1_1_2470"

Actions:
1. To deploy an airgap/offline Production deployment, find mirror file cp4ba-case-to-be-mirrored-24.0.0-IF004.txt for this interim fix from the branch that you cloned above under the scripts/airgap directory. Execute this command from your bastion host to download the CASE files.
```
oc ibm-pak get -c file://(absolute path to file)/cp4ba-case-to-be-mirrored-24.0.0-IF004.txt
```
  The absolute path to file needs to be a path starting from "/". For example, "/opt".
2. You will need to mirror the images associated with the new cp4ba-case-to-be-mirrored-24.0.0-IF004.txt mirror file.
```
export CASE_NAME=ibm-cp-automation
export CASE_VERSION=24.0.4
export CASE_INVENTORY_SETUP=cp4aOperatorSetup
export TARGET_REGISTRY=<target-registry>
export NAMESPACE=<cp4ba_namespace_name>
```
  Follow the instructions for either mirroring option in Mirroring images to the private registry using the new CASE version associated with this interim fix.
3. Login to the cluster and go to namespace for the operator from the bastion host.
```
oc login https://<CLUSTERIP>:<port> -u <ADMINISTRATOR>
oc project ${NAMESPACE}
```
4. From your bastion host, install the catalog sources and operators using the steps listed in Install Catalog Source and Operators using cluster admin script.
5. Follow the remaining steps from Question 6 listed here to complete the installations of offline/airgap Production deployment.
Scenario 4: Your installed Production deployment version is 21.0.3 IF031 or newer.
Note: Direct upgrade from versions prior to 21.0.3 IF031 are not supported. If you are upgrading from a prior version then you would need to perform incremental upgrading using the instructions from each prior version to 21.0.3 IF031 or newer.
Warning:
All instructions to download the installation and upgrade scripts in the Knowledge Center links referenced below can be ignored. Instead use the installation and upgrade scripts downloaded in Step 1.
Actions:
For online upgrade, follow the upgrade instructions documented in Upgrading CP4BA multi-pattern clusters from 21.0.3.
For offline upgrade, you must first complete the prerequisites by following steps here to set up the bastion host to mirror images to the registry and further to set up the private registry. The mirroring of images can be completed using "oc mirror" for the mirroring images process. Once the mirroring of images is completed, follow the upgrade instructions documented in Upgrading CP4BA multi-pattern clusters from 21.0.3.
Scenario 5: Your installed Production deployment version is 22.0.2 IF006 .
Note: Direct upgrade from versions prior to 22.0.2 IF006 are not supported. If you are upgrading from a prior version then you would need to perform incremental upgrading using the instructions from each prior version to 22.0.2 IF006.
Warning:
All instructions to download the installation and upgrade scripts in the Knowledge Center links referenced below can be ignored. Instead use the installation and upgrade scripts downloaded in Step 1.
Actions:
For online upgrade, follow the upgrade instructions documented in Upgrading CP4BA multi-pattern clusters from 22.0.2 in online environment.
For offline upgrade, you must first complete the prerequisites by following steps here to set up the bastion host to mirror images to the registry and further to set up the private registry. The mirroring of images can be completed using "oc mirror" for the mirroring images process. Once the mirroring of images is completed, follow the upgrade instructions documented in Upgrading CP4BA multi-pattern clusters from 22.0.2 in online environment.
Scenario 6: Your installed Production deployment version is 23.0.2 IF006 (If you do not have 23.0.2 IF006 you need to upgrade to 23.0.2 IF006 before proceeding with this upgrade).
Warning:
All instructions to download the installation and upgrade scripts in the Knowledge Center links referenced below can be ignored. Instead use the installation and upgrade scripts downloaded in Step 1.
Actions:
For online upgrade, follow the upgrade instructions documented in Upgrading CP4BA multi-pattern clusters from 23.0.2 in online environment.
For offline upgrade, you must first complete the prerequisites by following steps here to set up the bastion host to mirror images to the registry and further to set up the private registry. The mirroring of images can be completed using "oc mirror" for the mirroring images process. Once the mirroring of images is completed, follow the upgrade instructions documented in in Upgrading CP4BA multi-pattern clusters from 23.0.2 in online environment.
Scenario 7: Your installed Production deployment is 24.0.0 GA or newer and is online.
Note:
For a dedicated deployment or namespace scoped deployment, the value for < CP4BA Namespace > should be the namespace where all IBM Cloud Pak foundational services/CP4BA Operators and Services are deployed. If the CP4BA Operators and Services are deployed in different namespaces( separation of duties), the value for < CP4BA Namespace > should be the namespace where all IBM Cloud Pak foundational services/CP4BA Operators are deployed in.
Warning:
For a CP4BA Deployment with BAI ( Business Automation Insights ) selected as an optional component, it is recommended to create BAI savepoints before starting the upgrade process to this interim fix. For Flink event processing to resume from its previous state, savepoints are required to be created before the upgrade and specified in the updated CR. BAI savepoints can be created by following the below steps.
- Retrieve the name of the InsightsEngine custom resource file.
  InsightsEngine_CR=$(kubectl get InsightsEngine --no-headers --ignore-not-found -n <CP4BA-Namespace> -o name)
  Retrieve and export the below details.
  export MANAGEMENT_URL=$(kubectl get ${InsightsEngine_CR} --no-headers --ignore-not-found -n <CP4BA Namespace> -o jsonpath='{.status.components.management.endpoints[?(@.scope=="External")].uri}') export MANAGEMENT_AUTH_SECRET=$(kubectl get ${InsightsEngine_CR} --no-headers --ignore-not-found -n <CP4BA Namespace> -o jsonpath='{.status.components.management.endpoints[?(@.scope=="External")].authentication.secret.secretName}') export MANAGEMENT_USERNAME=$(kubectl get secret ${MANAGEMENT_AUTH_SECRET} --no-headers --ignore-not-found -n <CP4BA Namespace> -o jsonpath='{.data.username}' | base64 -d) export MANAGEMENT_PASSWORD=$(kubectl get secret ${MANAGEMENT_AUTH_SECRET} --no-headers --ignore-not-found -n <CP4BA Namespace> -o jsonpath='{.data.password}' | base64 -d)
  Create BAI savepoints and store them in a temporary file called bai.json.
```
curl -X POST -k -u ${MANAGEMENT_USERNAME}:${MANAGEMENT_PASSWORD} "${MANAGEMENT_URL}/api/v1/processing/jobs/savepoints" -o ./bai.json
```
  Scale down the CP4BA and Insights Engine Operator.
  oc scale --replicas=0 deployment ibm-cp4a-operator oc scale --replicas=0 deployment ibm-insights-engine-operator
- Retrieve the recovery path locations for each BAI component for which BAI savepoints are created from ./bai.json and update the bai_configuration section of the custom resource file. For Example: If there is a BAI savepoint being created for navigator component, then the updated custom resource file should have the below configuration.
```
bai_configuration:
  navigator:
    recovery_path: /mnt/pv/savepoints/dba/bai-navigator/savepoint-fb88f4-42027046b73b
  ... 
  # Add recovery_path for all other components
```
- Once the upgrade has been completed, make sure to remove all instances of the recovery_path parameters from the updated custom resource file.
Actions:
From the branch that you cloned above navigate to the scripts directory and perform the following steps to upgrade the CP4BA operators and deployment.
1. Upgrade the CP4BA operators.
  - Warning:
    The script with the upgradeOperator option will scale the CP4BA Operators down to zero. You must execute the script with the upgradeDeploymentStatus mode to scale them back in.
  - Actions:
    Run the cp4a-deployment.sh script with the upgradeOperator option to upgrade the IBM Cloud Pak foundational services/CP4BA operators:
```
./scripts/cp4a-deployment.sh -m upgradeOperator -n <CP4BA Namespace>
```
2. Wait for the operators to complete their upgrades.
  By default all subscriptions are set to automatic, but if you have any subscriptions set to manual then you need to approve any pending InstallPlans.
  Use the below command to see the current status of the install plans.
```
oc get installPlan
```
  The upgrade will be blocked, if any of the needed InstallPlans are not approved. It is not recommended to set subscriptions to manual as this makes the upgrade more error prone.
3. You can use the following scripts to check the status of the upgrades.
  - Warning:
    The script will scale the CP4BA deployments down to zero. You must execute the cp4a-deployment.sh script with upgradeDeploymentStatus option to scale them back up.
  - Actions:
    [OPTIONAL] Run the cp4a-deployment.sh script with upgradeOperatorStatus option to check that the upgrade of the CP4BA operator and its dependencies is successful:
```
./scripts/cp4a-deployment.sh -m upgradeOperatorStatus -n <CP4BA Namespace>
```
4. Start up the upgraded CP4BA Operators.
  Run the cp4a-deployment.sh script with upgradeDeploymentStatus option to check that the upgrade of the CP4BA deployment is successful:
```
./scripts/cp4a-deployment.sh -m upgradeDeploymentStatus -n <CP4BA Namespace>
```
- Scenario 8: Your installed Production deployment is 24.0.0 GA or newer and using airgap/offline.
  Note:
  As prerequisites for this scenario, you must follow steps here to set up the bastion host to mirror images to the registry and further to set up the private registry.
  For a dedicated deployment or namespace scoped deployment, the value for < CP4BA Namespace > should be the namespace where all IBM Cloud Pak foundational services/CP4BA Operators and Services are deployed. If the CP4BA Operators and Services are deployed in different namespaces( separation of duties), the value for < CP4BA Namespace > should be the namespace where all IBM Cloud Pak foundational services/CP4BA Operators are deployed in.
  Warning:
  For a CP4BA Deployment with BAI ( Business Automation Insights ) selected as an optional component, it is recommended to create BAI savepoints before starting the upgrade process to this interim fix. For Flink event processing to resume from its previous state, savepoints are required to be created before the upgrade and specified in the updated CR. BAI savepoints can be created by following the below steps.
  - Retrieve the name of the InsightsEngine custom resource file.
    InsightsEngine_CR=$(kubectl get InsightsEngine --no-headers --ignore-not-found -n <CP4BA-Namespace> -o name)
    Retrieve and export the below details.
    export MANAGEMENT_URL=$(kubectl get ${InsightsEngine_CR} --no-headers --ignore-not-found -n <CP4BA Namespace> -o jsonpath='{.status.components.management.endpoints[?(@.scope=="External")].uri}') export MANAGEMENT_AUTH_SECRET=$(kubectl get ${InsightsEngine_CR} --no-headers --ignore-not-found -n <CP4BA Namespace> -o jsonpath='{.status.components.management.endpoints[?(@.scope=="External")].authentication.secret.secretName}') export MANAGEMENT_USERNAME=$(kubectl get secret ${MANAGEMENT_AUTH_SECRET} --no-headers --ignore-not-found -n <CP4BA Namespace> -o jsonpath='{.data.username}' | base64 -d) export MANAGEMENT_PASSWORD=$(kubectl get secret ${MANAGEMENT_AUTH_SECRET} --no-headers --ignore-not-found -n <CP4BA Namespace> -o jsonpath='{.data.password}' | base64 -d)
    Create BAI savepoints and store them in a temporary file called bai.json.
    curl -X POST -k -u ${MANAGEMENT_USERNAME}:${MANAGEMENT_PASSWORD} "${MANAGEMENT_URL}/api/v1/processing/jobs/savepoints" -o ./bai.json
    Scale down the CP4BA and Insights Engine Operator.
    oc scale --replicas=0 deployment ibm-cp4a-operator oc scale --replicas=0 deployment ibm-insights-engine-operator
  - Retrieve the recovery path locations for each BAI component for which BAI savepoints are created from ./bai.json and update the bai_configuration section of the custom resource file. For Example: If there is a BAI savepoint being created for navigator component, then the updated custom resource file should have the below configuration.
```
bai_configuration:
  navigator:
    recovery_path: /mnt/pv/savepoints/dba/bai-navigator/savepoint-fb88f4-42027046b73b
  ... 
  # Add recovery_path for all other components
```
  - Once the upgrade has been completed, make sure to remove all instances of the recovery_path parameters from the updated custom resource file.
  Actions:
  Perform the following steps and then the upgrade of operators and deployments will start.
  1. To upgrade an airgap/offline Production deployment, find mirror file cp4ba-case-to-be-mirrored-24.0.0-IF004.txt for this interim fix from the branch that you cloned above under the scripts/airgap directory. Execute this command from your bastion host to download the CASE files:
```
oc ibm-pak get -c file://(absolute path to file)/cp4ba-case-to-be-mirrored-24.0.0-IF004.txt
```
    The (absolute path to file) needs to be a path starting from "/". For example, "/opt".
  2. You will need to mirror the images associated with the new cp4ba-case-to-be-mirrored-24.0.0-IF004.txt mirror file.
    export CASE_NAME=ibm-cp-automation export CASE_VERSION=24.0.4 export CASE_INVENTORY_SETUP=cp4aOperatorSetup export TARGET_REGISTRY=<target-registry> export NAMESPACE=<cp4ba_namespace_name>
    Follow the instructions for either mirroring option in Mirroring images to the private registry using the new CASE version associated with this interim fix. If you are looking to install only a set of capabilities then you can make use of filters listed in Table 1 so that you can only download the specific set of images that you require.Please note that if the set of capabilities includes Business Automation Workflow,Process Federation Server,Workflow Process Service or Business Automation Insights make sure to include the filter "ibm_es_2"
  3. From the branch that you cloned above navigate to the scripts directory and perform the following steps to upgrade the CP4BA operators.
    - Warning:
      The script with the upgradeOperator option will scale the CP4BA Operators down to zero. You must execute the script with the upgradeDeploymentStatus mode to scale them back in.
    - Actions:
      Run the cp4a-deployment.sh script with the upgradeOperator option to upgrade the IBM Cloud Pak foundational services/CP4BA operators:
      
      ./scripts/cp4a-deployment.sh -m upgradeOperator -n <CP4BA Namespace>
  4. Wait for the operators to complete their upgrades.
    By default all subscriptions are set to automatic, but if you have any subscriptions set to manual then you need to approve any pending InstallPlans.
    Use the below command to see the current status of the install plans.
```
oc get installPlan
```
    The upgrade will be blocked, if any of the needed InstallPlans are not approved. It is not recommended to set subscriptions to manual as this makes the upgrade more error prone.
  5. You can use the following scripts to check the status of the upgrades.
    Warning:
    The script will scale the CP4BA deployments down to zero. You must execute the cp4a-deployment.sh script with upgradeDeploymentStatus option to scale them back up.
    Actions:
    [OPTIONAL] Run the cp4a-deployment.sh script with upgradeOperatorStatus option to check that the upgrade of the CP4BA operator and its dependencies is successful:
    ./scripts/cp4a-deployment.sh -m upgradeOperatorStatus -n <CP4BA Namespace>
  6. Start up the upgraded CP4BA Operators.
    Run the cp4a-deployment.sh script with upgradeDeploymentStatus option to check that the upgrade of the CP4BA deployment is successful:
```
./scripts/cp4a-deployment.sh -m upgradeDeploymentStatus -n <CP4BA Namespace>
```

Performing the necessary tasks after installation

a. Review the installation

It is recommended that you review the CR yaml status section and operator logs after the upgrade to ensure there are no failures preventing your pods from upgrading.

oc get icp4acluster icp4adeploy -o yaml > CP4BAconfig.yaml
oc logs deployment/ibm-cp4a-operator -c operator > operator.log

If you are interested in verifying the expected image digest for a particular image, then you can review the ibm-cp-automation\inventory\cp4aOperatorSdk\resources.yaml file in the CASE package. This file has a listing of the images managed by the CP4BA operator and their expected digest for this particular interim fix level.

Uninstalling

There is no procedure to uninstall the interim fix.

List of Fixes

APARs/Known Issues fixed by this interim fix are listed in the following tables.

The columns are defined as follows:

Column title	Column description
APAR/Known Issue	The defect number
Title	A short description of the defect
Sec.	A mark indicates a defect related to security
Cont.	A mark indicates a defect specific to the Cloud Pak integration of the component
B.I.	A mark indicates the fix has a business impact. Details are found in the title column or the APAR/Known Issue document

General
Cloud Pak for Business Automation Operator
Automation Document Processing
Automation Decision Services
Business Automation Application
Business Automation Insights
Business Automation Navigator
Business Automation Studio
Business Automation Workflow including Automation Workstream Services
Enterprise Records
FileNet Content Manager
Operational Decision Management
User Management Service
Workflow Process Service

General

Known Issue	Title	Sec.	Cont.	B.I.
N/A	Cloud Pak for Business Automation delivers container images that include operating system level and other open source libraries. Vulnerabilities (CVEs) for these libraries are published regularly. This interim fix includes fixes for these libraries to address: CVE-2024-7254, CVE-2024-8096, RHSA-2024:9502, CVE-2024-6232, RHSA-2024:10379, RHSA-2024:8359, CVE-2024-52798, CVE-2024-47764, CVE-2024-45296, CVE-2024-43796, CVE-2024-45590, CVE-2024-43799, CVE-2024-48948, RHSA-2024:7848, CVE-2024-55565, CVE-2024-47561, CVE-2024-31033, CVE-2024-38808, CVE-2024-10220, CVE-2024-5321, CVE-2024-47874, CVE-2024-5206, CVE-2024-1135, CVE-2022-48773, CVE-2023-52492, CVE-2024-24857, CVE-2024-26851, CVE-2024-26924, CVE-2024-26976, CVE-2024-27017, CVE-2024-27043, CVE-2024-27062, CVE-2024-35839, CVE-2024-35898, CVE-2024-35939, CVE-2024-38540, CVE-2024-38541, CVE-2024-38564, CVE-2024-38586, CVE-2024-38608, CVE-2024-39503, CVE-2024-40924, CVE-2024-40961, CVE-2024-40983, CVE-2024-40984, CVE-2024-41009, CVE-2024-41042, CVE-2024-41066, CVE-2024-41092, CVE-2024-41093, CVE-2024-42070, CVE-2024-42079, CVE-2024-42244, CVE-2024-42284, CVE-2024-42292, CVE-2024-42301, CVE-2024-43854, CVE-2024-43880, CVE-2024-43889, CVE-2024-43892, CVE-2024-44935, CVE-2024-44989, CVE-2024-44990, CVE-2024-45018, CVE-2024-46695, CVE-2024-46826, CVE-2024-47668, CVE-2024-49949, CVE-2024-50082, CVE-2024-50099, CVE-2024-50110, CVE-2024-50142, CVE-2024-50192, CVE-2024-50256, CVE-2024-50264, CVE-2024-53088, CVE-2024-53122, RHSA-2024:9689, CVE-2023-48161, CVE-2024-21208, CVE-2024-21210, CVE-2024-21217, CVE-2024-21235, CVE-2021-25317, CVE-2023-4504, CVE-2024-47175, RHSA-2024:10979, RHSA-2024:8838, CVE-2024-29736, CVE-2024-32007, CVE-2024-41172, CVE-2024-29857, CVE-2024-30171, CVE-2024-30172, CVE-2024-34447, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-9143, CVE-2024-47072, CVE-2021-3903, CVE-2021-3928, CVE-2021-3968, CVE-2021-3973, CVE-2021-4136, CVE-2021-4173, CVE-2021-4187, CVE-2022-0213, CVE-2022-1616, CVE-2022-1620, CVE-2022-1725, CVE-2022-2042, CVE-2022-2257, CVE-2022-2304, CVE-2022-2817, CVE-2022-2862, CVE-2022-2874, CVE-2022-2889, CVE-2022-2982, CVE-2022-3016, CVE-2022-3099, CVE-2022-3134, CVE-2022-3278, CVE-2022-3297, CVE-2022-3324, CVE-2022-4141, CVE-2023-0051, RHSA-2025:0324, CVE-2024-10976, CVE-2024-10979, RHSA-2024:6754, RHSA-2024:9541, RHSA-2024:10244, RHSA-2024:11250, RHSA-2024:6783, RHSA-2024:9333, CVE-2017-1000383, CVE-2024-53920, RHSA-2024:10787, CVE-2024-10978, RHSA-2024:9404, CVE-2024-45490, RHSA-2024:6989, CVE-2024-4032 Previous interim fixes have included fixes which are also addressed with this interim fix. Consult the Related links section for readmes of previous interim fixes, at the bottom of this document.

Cloud Pak for Business Automation Operator

Known Issue	Title	Sec.	Cont.	B.I.
DT399826	- IBM License Service not working caused by missing annotation productMetric in Pod's description
DT419081	Cloud Pak for Business Automation operator fails to add protocol and port for a embedded Process Federation Server
DT400185	Cloud Pak for Business Automation operator fails to create a Egress Network Policy if Database Server used for ObjectStore is different from the GCD Database Server
DT400358	Namespace not taken into account for lc_bind_secret with cp4a-deployment.sh during generate mode - Cloud Pak for Business Automation
DT422434	CSS / GraphQL / CDRA /ViewOne folder-prepare init container does not have resource limits

Automation Document Processing

Known Issue	Title	Cont.	B.I.
DT382381	Some characters not getting recognized by OCR	X	X
DT393779	Need documentation stating table headers must be unique	X
DT395709	Deploy to Runtime documentation instructions are obsolete	X
DT396498	Long KVP alias names cause project import to fail	X	X
DT396850	Error in document upload causes extraction training to fail	X	X
DT396967	PostgreSQL ProjectCleanup script replaces db name with db use	X	X
DT397882	Extraction training fails with building complex kvps for a table error	X	X
DT409157	gitea-deploy is in Init:ImagePullBackOff status with starter deployment	X	X
DT416876	Unable to add a batch when using the BCAT template and the domain contains more than two parts	X	X
DT417504	DOCX file uploads fail with error converting office file to pdf	X	X
DT422890	Table rows may be assigned to wrong table when multiple tables exist	X	X

Automation Decision Services

Known Issue	Title	Sec.	Cont.	B.I.
DT421615	Completion menu fails when renaming the business rule
DT421616	Importing twice a decision service breaks its data type
DT421618	Samples wizard does not tell upgrade error
DT421619	Redirection issue at the first access of an ADS project
DT421620	Rule not found notification error when running an analysis while build already in progress
DT421621	No error raised and no completion in json dataset

Business Automation Application

Known Issue	Title	Sec.	Cont.	B.I.
DT406981	Security vulnerability CVE-2023-45288 impacts aae/dba-etcd with version 24.0.0.0 interim fix 003	X

Business Automation Insights

Known Issue	Title	Sec.	Cont.	B.I.
N/A	N/A

Business Automation Navigator

Known Issue	Title	Sec.	Cont.	B.I.
	Please see Business Automation Navigator Fix List APARs for Cloud Pak for Business Automation technote

Business Automation Studio

Known Issue	Title	Sec.
DT395401	SECURITY - CVE-2024-38808 IN SPRING EXPRESSIONS	X
DT396249	Security vulnerability in axios affects IBM Business Automation Studio and Workflow Center	X
DT398089	CVE-2024-49348 Prevent Reassignment of Comment Tasks	X
DT398149	Updating jjwt-api to 0.12.6	X
DT398749	CVE-2024-47554 - commons-io in BAW STANDARD	X
DT417095	Security vulnerability in cross-spawn-5.1.0 affects Process Designer	X
DT391193	'[property name] does not resolve to an existing business object property' validation error may appear on the process app or toolkit
DT394730	Unable to load error when editing decision tables
DT398438	You encounter an internal server error when you try to edit the server configuration in IBM Business Automation Workflow (BAW) Process Admin Console->Installed Apps->App Details->Servers page
DT400076	Case client displays an intermittent error when switching roles: Expecting { on line 1, column 4 instead, obtained token: Token: Number - 403
DT416464	When invoking an external Web service, the request might be serialized using incorrect namespace leading during issues in the Web service
DT418893	Online snapshot deployment fails for Case project in IBM Workflow Center and IBM Business Automation Studio
DT420482	Exception in IBM Business Automation Studio pod after deployment

Business Automation Workflow including Automation Workstream Services

Known Issue	Title	Sec.
DT395401	SECURITY - CVE-2024-38808 IN SPRING EXPRESSIONS	X
DT397840	CVE-2024-22262, CVE-2024-38809 in Spring Framework IBM Business Automation Workflow	X
DT398089	CVE-2024-49348 Prevent Reassignment of Comment Tasks	X
DT398149	Updating jjwt-api to 0.12.6	X
DT398542	Security - CVE-2024-47554 in Apache commons-io may affect BPM Event emitters	X
DT398749	CVE-2024-47554 - commons-io in BAW STANDARD	X
DT409394	CVE-2024-52364 Reflected Cross site scripting in IBM Business Automation Workflow	X
DT409397	CVE-2024-52364 Reflected Cross site scripting in IBM Business Automation Workflow	X
DT416868	CVE-2024-21538 in cross-spawn-5.1.0.tgz affects Process Admin Console	X
DT418808	Security vulnerability CVE-2024-47175 impacts with version 24.0.0.0 interim fix 003	X
DT418809	Security vulnerability CVE-2024-29857 impacts with version 24.0.0.0 interim fix 003	X
DT387108	Navigation to the last page fails with a NullPointerException when sorting by any business property that includes null values, causing the browser to become unresponsive
DT389490	Case client in-basket tabs are rendered incorrectly
DT390087	There is Case Swagger API version mismatch in the latest build
DT390215	Unable to add new filters to saved searches in Process Portal
DT391193	'[property name] does not resolve to an existing business object property' validation error may appear on the process app or toolkit
DT394400	The ''Go to a specified URL'' in End event does work as expected after upgrade to 23.0.2
DT394730	Unable to load error when editing decision tables
DT396882	The reloadTask BPM REST API incorrectly includes null properties in the response data
DT397283	The 'Select the first document in the list by default' feature in the case details page fails to load the right click options for the first document in case page
DT398147	IBM Business Automation Workflow - The work In-basket menu options do not appear when right-clicking on a work item in BAW desktop when using legacy case solution
DT398438	You encounter an internal server error when you try to edit the server configuration in IBM Business Automation Workflow (BAW) Process Admin Console->Installed Apps->App Details->Servers page
DT398663	Deployed Classic Case Builder Solution in CP4BA 23.0.2 appears as not deployed at every reload of the browser - Cloud Pak for Business Automation (CP4BA) 23.0.2
DT399826	- IBM License Service not working caused by missing annotation productMetric in Pod's description
DT400000	Cannot save audit manifest with Activity properties with error: java.lang.RuntimeException: The key [isBusinessObject] was not in the map
DT400076	Case client displays an intermittent error when switching roles: Expecting { on line 1, column 4 instead, obtained token: Token: Number - 403
DT400142	Default values in service flow might not be used after upgrading to IBM Business Automation Workflow V24.0.0
DT400225	CVE-2024-47554 in Apache commons-io may affect Case Event emitters
DT416464	When invoking an external Web service, the request might be serialized using incorrect namespace leading during issues in the Web service
DT419081	Cloud Pak for Business Automation operator fails to add https or port for a embedded Process Federation Server
DT419248	You see error in case activities cshs view, FNRPA0556E The deployed task type info object for the {GUID} task type was not found after solution deployment.
DT419609	Default Data Label Autocompletion Service called by Processes dashboard causes high CPU usage

Enterprise Records

Known Issue	Title	Sec.	Cont.	B.I.
N/A	N/A

FileNet Content Manager

APAR	Title	Sec.	Cont.	B.I.
	See FileNet Content Manager Release Fix List APARs for IBM Cloud Pak for Business Automation technote

Operational Decision Management

Known Issue	Title	Sec.	Cont.	B.I.
DT416665	RULE MAY DISAPPEAR IN BUSINESS CONSOLE
DT416799	RULE VERSION COMPARISON FAILS WHEN MODEL EXTENSION HAS STRUCT CUSTOM PROPERTY
DT417545	DECISION CENTER MERGE SHOWS FAKE DIFFERENCES
DT416953	OPENING RULEFLOW EDITOR MAY FREEZE RULE DESIGNER ON WINDOWS
DT400813	RULEFLOW NOT DISPLAYED USING NEW RULEFLOW EDITOR
DT406880	SUBFLOW NODE ID DISPLAY ISSUE
DT416634	DECISION CENTER BUSINESS CONSOLE MAY BE SLOW
DT387663	UNEXPECTED ASSERTION ERROR DURING EXECUTION
DT382009	NPE WHEN BUILDING RULES
DT393176	DECISION TABLE TOOLTIP TRUNCATED USING NEW DECISION TABLE EDITOR
DT395043	USING A METHOD WITH DYNAMIC DOMAIN PARAMETERS CAN BREAK THE DECISION TABLE EDITOR
DT395142	LONG RESPONSE TIME FOR DECISION TABLE EXPORT TO EXCEL IN BUSINESS CONSOLE
DT396364	CUSTOM VALUE EDITOR NOT LOADED IN DECISION TABLE EDITOR
DT396393	RES CONSOLE SHOWS NO ARCHIVE CONTENT FOR A DECISION ENGINE RULESET
DT397124	UNABLE TO APPLY DC MODEL ADDITION ON Z DB2
DT397258	UPDATE OBJECT IS NOT ALWAYS GENERATED IN DECISION ENGINE
DT397262	RTSCONFIGURATOR ROLE IS ABLE TO SEE THE IMPORT A PROJECT BUTTON IN BUSINESS CONSOLE
DT397785	PROBLEM WHEN PASTING FROM EXCEL INTO DECISION TABLE WHEN THERE ARE EMPTY CELLS
DT398018	PROJECT SECURITY PAGE DISPLAY MAY BE SLOW
DT399748	ODM DECISION CENTER POD COULD NOT BE READY ON FIPS CLUSTER

User Management Service

Known Issue	Title	Sec.	Cont.	B.I.
N/A	N/A

Workflow Process Service

Known Issue	Title	Sec.
DT395401	SECURITY - CVE-2024-38808 IN SPRING EXPRESSIONS	X
DT398089	CVE-2024-49348 Prevent Reassignment of Comment Tasks	X
DT398149	Updating jjwt-api to 0.12.6	X
DT398542	Security - CVE-2024-47554 in Apache commons-io may affect BPM Event emitters	X
DT398749	CVE-2024-47554 - commons-io in BAW STANDARD	X
DT416868	CVE-2024-21538 in cross-spawn-5.1.0.tgz affects Process Admin Console	X
DT391193	'[property name] does not resolve to an existing business object property' validation error may appear on the process app or toolkit
DT398438	You encounter an internal server error when you try to edit the server configuration in IBM Business Automation Workflow (BAW) Process Admin Console->Installed Apps->App Details->Servers page
DT400142	Default values in service flow might not be used after upgrading to IBM Business Automation Workflow V24.0.0
DT416464	When invoking an external Web service, the request might be serialized using incorrect namespace leading during issues in the Web service

Known Limitations

Cloud Pak for Business Automation 24.0.x Known Issues

Known issues in IBM Cloud Pak foundational services

Document change history

30 May 2025: Added DT387108 to Business Automation Workflow fix list, as well as DT400076 to both Business Automation Workflow and Business Automation Studio fix lists

31 January 2025: Initial publish.

Related Information

[Supersedes 24.0.0-IF003] Readme for Cloud Pak for Business Automation 24.0.0 I…

[Supersedes 24.0.0-IF002] Readme for Cloud Pak for Business Automation 24.0.0 I…

[Supersedes 24.0.0-IF001] Readme for Cloud Pak for Business Automation 24.0.0 I…

Fix list for Cloud Pak for Business Automation 24.0.0

Cloud Pak for Business Automation Interim fix download

Cloud Pak for Business Automation Fix list

[{"Type":"MASTER","Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBYVB","label":"IBM Cloud Pak for Business Automation"},"ARM Category":[{"code":"a8m0z0000001gWWAAY","label":"Other-\u003ECloudPak4Automation Platform"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"24.0.0"}]

Tips