Fix Readme
Abstract
The following document is a list of fixes, along with their descriptions, for the IBM Business Automation Workflow on Cloud July 2025 Maintenance. For older maintenance and other related documents, refer to the links in the Related Information section at the bottom of this document.
Content
The IBM Business Automation Workflow on Cloud service will be undergoing a regularly scheduled maintenance window for critical bug fixes and security updates.
This maintenance is being deployed by the Cloud Pak for Business Automation as a Service Site Reliability Engineering (SRE) team. The outage to the tenant production RUN environments will be intermittent and limited to 60 minutes or less during the first hour of the maintenance window.
This maintenance is being deployed by the Cloud Pak for Business Automation as a Service Site Reliability Engineering (SRE) team. The outage to the tenant production RUN environments will be intermittent and limited to 60 minutes or less during the first hour of the maintenance window.
- WebSphere Application Server fixes for all Business Automation Workflow on Cloud tenants
- Business Automation Workflow fixes for v24.0.1 tenants
- Business Automation Workflow fixes for v24.0.0 tenants
- Business Automation Workflow fixes for v23.0.2 tenants
- Business Automation Workflow fixes for v21.0.3.1 tenants
WebSphere Application Server fixes for all Business Automation Workflow on Cloud tenants
| Fix ID | Fix Details | Additional Pre-requisite Fixes |
|---|---|---|
| 8.5.5.11-WS-WASBundledSDK8-LinuxX64-IFPH66499 |
Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to the April 2025 CPU |
N/A |
| 8.5.5.24-WS-WAS-IFPH66028 |
PH66028:IBM WebSphere Application Server affected by a cross-site scripting vulnerability (CVE-2025-33104 CVSS 4.4) |
|
| 8.5.5.24-WS-WAS-IFPH65941 |
PH65941:IBM WebSphere Application Server is vulnerable to server-side request forgery (CVE-2025-27907 CVSS 4.1) |
Business Automation Workflow fixes for v24.0.1.0 tenants
| Fix ID | Fix Details | Additional Pre-requisite Fixes |
|---|---|---|
| 8.6.80024010-WS-BPM-IFDT439593 | [DT439593] CVE-2025-33197 - Security vulnerability cross-site scripting - IBM Business Automation Workflow | |
| 8.6.80024010-WS-BPM-IFDT439782 | [DT439782] Multiple security vulnerabilities affect swagger-ui - IBM Business Automation Workflow | |
| 8.6.80024010-WS-BPM-IFDT409117 | [DT409117] BAI BPEL events arrive in Kafka but do not seem to be processed by the flink job properly so they do not show up in ES or BAI dashboard - IBM Business Automation Workflow |
Business Automation Workflow fixes for v24.0.0.0 tenants
Business Automation Workflow fixes for v23.0.2 tenants
| Fix ID | Fix Details | Additional Pre-requisite Fixes |
|---|---|---|
| 8.6.60023020-WS-BPM-IFDT437853 | [DT437853] User may observe slow performance when server starts after upgrading to BAW 23.0.2 or a later version - IBM Business Automation Workflow | 8.6.60023020-WS-BPM-IFDT364060 |
| 8.6.60023020-WS-BPM-IFDT386696 | [DT386696] Jackson 2.15 limits the size of a JSON string object to 5 million - IBM Business Automation Workflow |
Business Automation Workflow fixes for v21.0.3.1 tenants
| Fix ID | Fix Details | Additional Pre-requisite Fixes |
|---|---|---|
| 8.6.30021031-WS-BPM-IFDT438042 | [DT438042]: After installing DT398149 you are unable to open the Workflow Center console - Business Automation Workflow - IBM Business Automation Workflow | Supersedes: DT398149,DT378426 |
| 8.6.30021031-WS-BPM-IFDT425284 | [DT425284]: CVE-2022-42920 Vulnerable Apache Commons BCEL library included in Business Automation Workflow related JAR files | |
| 8.6.30021031-WS-BPM-IFDT425285 | [DT425285] CVE-2023-20861, CVE-2023-20863, CVE-2024-22243, CVE-2024-22262, CVE-2024-38809 in Spring Framework - IBM Business Automation Workflow | Supersedes: DT208578,DT365552, DT397840 |
| 8.6.30021031-WS-BPM-IFDT424599 | [DT424599] Outdated open-source library versions bundled with IBM Business Automation Workflow - IBM Business Automation Workflow |
Note: Clear browser cache before signing in following the maintenance window.
Related Information
[{"Type":"MASTER","Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSLRPC","label":"IBM Business Automation Workflow on Cloud"},"ARM Category":[{"code":"a8mKe000000GmaiIAC","label":"Maintenance"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
26 June 2025
UID
ibm17238144