Fix Readme
Abstract
This readme is for IBM Business Automation Workflow on containers 24.0.1.0 interim fixes released periodically to resolve security vulnerabilities, as well as other defects. It includes information about the CASE package download, installation, and other information about interim fixes for the 24.0.1.0 release.
Content
| Readme file for | IBM Business Automation Workflow on containers |
|---|---|
| Product release | 24.0.1.0 |
| Publication date | 28 February 2025 |
Contents
Prerequisites and superseding fixes
Components impacted
Before installation
Installing the interim fix
Performing the necessary tasks after installation
Uninstalling
List of fixes
Document change history
Components impacted
Before installation
Installing the interim fix
Performing the necessary tasks after installation
Uninstalling
List of fixes
Document change history
Prerequisites and superseding fixes
- To apply the interim fix you have to be at product version level 24.0.1.
- Each interim fix typically supersedes all other previous interim fixes shipped for 24.0.1.0, and compliments a simultaneously delivered interim fix for IBM Cloud Pak for Business Automation 24.0.1. Consult the following table for specific relationships.
- Business Automation Workflow on containers delivers container images that include operating system level and other open source libraries. Vulnerabilities (CVEs) for these libraries are published regularly. These interim fixes include fixes for these libraries. Consult the superseded and related Cloud Pak for Business Automation 24.0.1 Readmes for specific information about vulnerabilities and other defects that have been addressed.
Business Automation Workflow on containers interim fixes
| Interim fix name | Superseded interim fix names | CASE package | Complimentary Cloud Pak for Business Automation interim fix name | Released |
| 24.0.1.0 IF005 | See note (*) below | ibm-cs-bawautomation-2.8.5.tgz | 24.0.1 IF005 | September 2024 |
| 24.0.1.0 IF004 | See note (*) below | ibm-cs-bawautomation-2.8.4.tgz | 24.0.1 IF004 | July 2024 |
| 24.0.1.0 IF002 | * Note: All previous interim fixes listed in this table | ibm-cs-bawautomation-2.8.2.tgz | 24.0.1 IF002 | April 2024 |
| 24.0.1.0 IF001 | None | ibm-cs-bawautomation-2.8.1.tgz | 24.0.1 IF001 | February 2024 |
This table is chronologically listed in reverse order, with more recent fixes listed at the top.
Components impacted
Before installation
a. Ensure you back up all databases associated with the environment.
b. Ensure your operators are in a healthy state before upgrading.
If one or more operators are failing, the system might be prevented from completing an upgrade. Check a few of the important custom resource (CR) statuses for failures and to ensure the statuses appear ready for the various installed components.
Check the status of the following CRs when they exist:
oc get icp4acluster -o yamlInstalling the interim fix
Two stages are involved in an update: 1. updating the operators, and 2. updating the images for the deployments and pods
After the operator is upgraded, rolling updates for all the pods the operator manages are triggered to ensure they are updated to the appropriate version that matches the operator. However there are some circumstances that can prevent this from occurring (see further details below)
To install the interim fix follow the general procedure described for Upgrading to 24.0.1.0 but use the supplemental information below that applies to the specific setup you have.
Updating the operators
For an online installation of the interim fix:
- Business Automation Workflow 24.0.1.0 interim fixes are released to the v24.1 operator channel.
- If your environment was installed before 24.0.1.0 IF002, has access to the IBM entitled registry, and has an automatic v24.1 channel subscription, enterprise installations are upgraded automatically. This upgrade usually occurs when the interim fix is released or when images are mirrored for air-gap setup. From 24.0.1.0 IF002 onwards a new, pinned catalogue source is introduced to prevent the risk of incompatible operator updates. Operators need to be updated to use the new catalog. In an online OCP installation the operator upgrade and pinned catalogue creation is taken care of for you when you run the upgradeOperator script as part of the instructions linked below.
- If your environment was installed at 24.0.1.0 IF002 level or later it will use the pinned catalog from the outset. This catalog needs to be updated with each subsequent interim fix update (via the upgradeOperator script).
Follow the procedure described for Upgrading to 24.0.1.0 with the following modifications:
- At step 3 follow the link to access the required archive file. For example, for 24.0.1.0 IF002 : 24.0.1.2.tar
- At step 4.c remove individual image tag settings in your Business Automation Workflow CR file.
Note that there can be a delay before the operator is updated (e.g. the default refresh interval for the catalog source can cause a delay of up to 45 minutes).
For installing the interim fix in an air gapped/offline/private registry environment:
- Use the CASE package that is associated with the interim fix being applied. It is typically recommended that the latest interim fix be applied. To identify the appropriate CASE package, as well as links to obtain each package, see the table under Prerequisites and superseding fixes.
- Use the same method as you did for the initial setup to mirror the new catalogs or images to your offline registry, taking care to use the appropriate CASE package for the interim fix level you are updating to. For more information, see Mirroring images to the private registry.
If you have subscriptions set to manual, you must approve all the pending operator updates.
Important: Do not set subscriptions to manual because it can make the the upgrade more error prone if some of the many operator updates are not approved. By default all subscriptions are set to automatic.
Updating the deployments and pods
After the operators are updated, the update of the related deployments and pods are triggered by the newly updated operators to ensure the version matches the operator.
Important: Using individual image tag settings in your Business Automation Workflow CR file could prevent the operator from updating the images to the appropriate version. Ensure you remove these settings for a production installation and apply the modified CR as instructed in the linked upgrade instructions above.
Performing the necessary tasks after installation
Review the installation
Review the CR yaml status section and operator logs after the upgrade to ensure no failures prevented your pods from upgrading.
oc get icp4acluster -o yaml > CP4BAconfig.yaml
oc logs deployment/ibm-cp4a-operator -c operator > operator.logTo verify the expected image digest for a particular image, review the
ibm-cs-bawautomation\inventory\cp4aOperatorSdk\resources.yaml file in the CASE package. This file has a listing of the images managed by the Cloud Pak for Business Automation operator and their expected digest for this particular interim fix level.Uninstalling
There is no procedure to uninstall the interim fix.
List of fixes
The following Known Issues (APARs) are specific to Business Automation Workflow on containers. Depending on the components and capabilities you installed and configured, additional fix information might apply to you. See the "List of Fixes" in the readmes linked under Complimentary Cloud Pak for Business Automation interim fixes in the Prerequisites and superseding fixes section in this document. These readmes detail vulnerability fixes shipped with interim fixes for included operating system level and other open source libraries. The fixes below are also listed in those readmes, but they are also listed here as a convenience.
Fixes that involve security are indicated with an X mark.
Business Automation Workflow
24.0.1.0 IF005
| Known Issue | Security | Behavior change | Title |
|---|---|---|---|
| DT419489 | X | CVE-2024-38820, CVE-2025-22233 - Update Spring framework in Business Automation Workflow | |
| DT426117 | X | Update cometD library to 5.0.21 | |
| DT440290 | X | CVE-2025-48734 in commons-beanutils | |
| DT445908 | X | CVE-2025-27817, CVE-2025-27818 in kafka-clients-3.8.1.jar affecting event emitters | |
| DT446327 | X | [BAW-CaseEmitters] CVE-2025-27817, CVE-2025-27818 in kafka-clients-3.8.1.jar reported for Case Emitters | |
| DT446350 | X | CVE-2025-7783 - form-data-4.0.0.tgz affects Process Admin Console | |
| DT447031 | X | CVE-2025-36172 Cross-Site Scripting vulnerability in Case Client | |
| DT437853 | User may observe slow performance when server starts after upgrading to BAW 23.0.2 or a later version | ||
| DT438377 | Cloud Pak for Business Automation zen_performance parameters not passed to WorkflowRuntime CR | ||
| DT447005 | Process instance migration API call /ops/std/bpm/containers/migrate_without_policyfile fails | ||
| DT447504 | When the current stage is the first stage, an attempt to restart a non-existent prior case stage results in a failure with error FNRCE0007E | ||
| DT448066 | Locale initialization issues in Business Automation Workflow 24.0.1 cause incorrect language while using Date time picker- IBM Business Automation Workflow | ||
| DT448347 | tw.system.currentProcessInstance.parentCase.terminateActivities() API does not terminate failed workflow instances |
24.0.1.0 IF004
| Known Issue | Security | Behavior change | Title |
|---|---|---|---|
| DT439593 | X | Security vulnerability cross-site scripting | |
| DT439782 | X | Multiple security vulnerabilities affect swagger-ui | |
| DT398711 | When restating an Openshift Cluster you may see the Workflow pods get into a Init:CrashLoopBackOff state with a permissions error - Cloud Pak for Business Automation | ||
| DT435617 | Slowness in Case REST /bawtasks API call | ||
| DT436471 | Server Type Not Visible in Admin Console When Configured via Desktop Designer | ||
| DT436615 | You notice that the Single select view from the UI toolkit shows the placeholder text or blank value within the selection popup | ||
| DT439827 | Included Apache Johnzon classes might cause conflicts with Java External Services |
24.0.1.0 IF002
| Known Issue | Security | Behavior change | Title |
|---|---|---|---|
| DT417496 | X | CVE-2024-31141 in kafka-clients reported for bai-events-java-sdk | |
| DT424716 | X | Security vulnerability CVE-2025-1495 lack of authorization validation affects Workflow Center and Business Automation Studio | |
| DT425691 | X | Security vulnerability CVE-2025-1838 affects IBM Workflow Center and IBM Business Automation Studio | |
| DT433330 | X | Security vulnerabilities CVE-2024-57965, CVE-2025-27152 and CVE-2025-27789 affect Process Admin Console | |
| DT395245 | Unable to upload file using BPM document list control after installing the DT213423 & DT380377 fixes | ||
| DT419248 | You see error in case activities cshs view, FNRPA0556E The deployed task type info object for the {GUID} task type was not found after solution deployment. | ||
| DT423276 | Unable to search Task in the Process Portal Work Dashboard | ||
| DT423451 | The BPM document list component can upload the same file multiple times | ||
| DT425091 | The Process Admin Console displays the html encoded text of the Exposed Process Variable's external description | ||
| DT425681 | Even though monitoring for Workflow is enabled there are no prometheus events | ||
| DT425711 | Workflow pods are slow or fail to startup due to the IBM_BPM_Portal application - Cloud Pak for Business Automation | ||
| DT426664 | Business Automation Workflow pod repeatedly restarting after applying Interim fix 4 for 24.0.0 | ||
| DT431851 | baw-db-init pod is going into 'CrashLoopBackOff' while moving inflight process instances from traditional Business Automation Workflow 24.0.1.0 to Cloud Pak for Business Automation 24.0.1 | ||
| DT433874 | Blank editor property sheets after renaming an activity | ||
| DT434439 | The Case REST API ''/writableappspaces/{appspace}/roles/{role}/member'' has a 1k limit for the number of returned users. | ||
| DT434695 | Saved search acceleration tools table column size limitation of 128 chars impacts IBM Business Automation Workflow Case dynamic filters |
24.0.1.0 IF001
| Known Issue | Security | Behavior change | Title |
|---|---|---|---|
| DT416464 | When invoking an external Web service, the request might be serialized using an incorrect namespace in service implementation | ||
| DT419081 | Cloud Pak for Business Automation operator fails to add https or port for a embedded Process Federation Server | ||
| DT422768 | In IBM Business Automation Workflow 24.0.0, you may see a com.fasterxml.jackson.core.exc.StreamConstraintsException when calling a REST API with a String variable greater than 20 million bytes | ||
| DT423206 | LDAP groups can't be found when searching group while editing collaborators when sc_restricted_internet_access: true is set | ||
| DT423710 | BPMUpdateSystemApp command fails when starting Deployment Manager for the first time after upgrading to 24.0.1 |
Document change history
[{"Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SS8JB4","label":"IBM Business Automation Workflow"},"ARM Category":[{"code":"a8m50000000CcWOAA0","label":"Security"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Type":"MASTER"}]
Was this topic helpful?
Document Information
Modified date:
10 November 2025
UID
ibm17183042