IBM Support

Readme for IBM Business Automation Workflow 24.0.0.0 interim fixes

Fix Readme


Abstract

This readme is for IBM Business Automation Workflow 24.0.0.0 interim fixes released periodically to resolve security vulnerabilities and other defects. It includes information about downloading, updating an installation, and other information about interim fixes for the 24.0.0.0 release.

Content

Readme file forIBM Business Automation Workflow and Process Federation Server (Traditional)
Product release24.0.0.0
Publication date30 October 2025
 
 

About

This is a cumulative fix for 24.0.0.0. These types of fixes:
  • Use an incrementing identifier, such as 24.0.0.0-IF007, 24.0.0.0-IF008, etc. Note: for 24.0.0.0, the sequence starts at IF007, which corresponds to the latest equivalent for Business Automation Workflow on containers released alongside the first cumulative fix for Business Automation Workflow (Traditional) 24.0.0.0.
  • Remove the need for administrators to track applied fixes and determine which ones to fetch and apply, thus reducing preparation time before applying fixes. Fixes are bundled into a single package and released at regular, predictable intervals. This approach also removes the need to check prerequisite and superseded fixes - all prerequisites are included, and superseded fixes are excluded from the single package.
  • Simplify troubleshooting if new issues arise, and accelerate issue resolution by reducing the variability in customer-installed environments.
  • Are packaged as IBM Installation Manager fix packages, similar to individual interim fixes.
  • Include a single consolidated readme file, like this one, with update instructions, and any optional instructions and mandatory or optional post-Installation Manager update steps. More information about the fix, such as which known issue fixes are shipped with this fix, are also included.
  • Align with fixes for related offerings that include Business Automation Workflow capability, such as Business Automation Workflow on containers and Cloud Pak for Business Automation. Fixes released at the same time for these offerings should contain the same fix content, as the individual fixes apply to each of them.
  • Should provide all that customers need to maintain their Business Automation Workflow environment(s).
  • Are delivered with open source libraries and other dependencies that include open source libraries. Vulnerabilities (CVEs) for these libraries are published regularly. These interim fixes include fixes for these libraries.
  • Bundle all fixes since the 24.0.0.0 base release, including previous cumulative interim fixes on top of that base release. They supersede previous cumulative interim fixes (if any) and may supersede individual interim fixes. Because these fixes are cumulative, only the latest in the series needs to be applied. You can also upgrade from a previous release (V.R.M) and simultaneously apply the latest cumulative interim fix for 24.0.0.0.
Business Automation Workflow and complementary interim fixes history
Fix  & Download linkSuperseded cumulative interim fixes Process Federation Server fix  & Download linkComplimentary on containers fixReleased
24.0.0.0  IF007None24.0.0.0 IF00724.0.0.0 IF007October 2025
The previous table is chronologically listed in reverse order, with more recent fixes listed at the top.

Components impacted (and links to fix lists in this document)

Applying a fix to Business Automation Workflow Installation

This fix applies to the following IBM Business Automation Workflow editions:
  • IBM Business Automation Workflow Enterprise 24.0.0.0
  • IBM Business Automation Workflow Express 24.0.0.0
  • IBM Business Automation Workflow Enterprise Service Bus 24.0.0.0
Follow these procedures to back up your existing installation, apply the fix onto the deployment manager and each managed node, and restart the deployment manager and nodes.
 
Important notes
  • IBM Workflow Center and Workflow Server versions do not need to match, and Workflow Server 24.0.0.x can connect to a back-level Workflow Center. You can update Workflow Server first and test your applications to make sure that they still work normally after the update. Update Workflow Center last. For more information about rolling update of case projects and legacy solutions, see Performing a rolling upgrade.
  • You can also use offline deployment between Workflow Server 24.0.0.y and Workflow Center 24.0.0.x
  • To interact with Workflow Center, IBM Integration Designer must be at V8.5.7 or later.
Prerequisites
  • Ensure that you have at least 18 GB of disk space, including temporary disk space.
  • Ensure that there are no custom JAR files in the system classpath of IBM Business Automation Workflow. The system classpath includes install_root/lib, install_root/lib/ext, install_root/plugins, install_root/java/jre/lib/ext, install_root/BPM/Lombardi/lib, install_root/BPM/Lombardi/plugins, and so on.
  • Download the cumulative fix repository to a local directory so that the files can be used with Installation Manager during the update process. Find the download link in the Business Automation Workflow and complimentary interim fixes history table, earlier in this document. Note the location where you downloaded the file.
 
Procedure
  1. Stop all the Java™ processes associated with the IBM Business Automation Workflow products that are being updated. If you apply this fix when a Java process related to WebSphere Application Server is running, the product might not continue to run successfully.
    1. Stop the single cluster or the three clusters in the following order: Support, Application, and then Messaging.    
      Note: Make sure that a graceful shutdown is performed to ensure that there are no in-doubt transactions.
    2. Stop any other servers, the node agents, and then the deployment manager.
    3. Stop any other associated JVMs, such as the Profile Management Tool or the Quick Start console.
    4. If you have a Microsoft Windows service or another function that automatically restarts the servers when they are down, ensure that the service or function is disabled until the update process is complete.

  2. Backup your IBM Business Automation Workflow environment.    
    Note: Instead of completing the steps below, consider doing an overall file system backup of all files on your machine, or if available, take a snapshot of the (virtual) machine. This allows for faster and more reliable recovery than doing separate backups. If you choose to use file system or system image backups, make sure to: 

    • Back up any customization as described in steps 1.1 and 1.7
    • Back up the databases

    Important:

    • During the update, the CaseEventEmitter WAR and CaseEventEmitter json files in the install_root/CaseManagement/analytics/ directory are overwritten. If you are using IBM Business Automation Insights and modified these files, back them up and restore the JSON file after the update.
    • During the update, the BPMEventEmitter WAR archive file and sample configuration files in the install_root/BPM/analytics/configTemplates and install_root/BPM/Lombardi/tools/def directories are overwritten. Back up the following files if you customized them:
      • install_root/BPM/analytics/configTemplates/BPMEventEmitter.yml
      • install_root/BPM/Lombardi/tools/def/BPMEventEmitter.properties

    Perform the following steps:

    1. Back up the IBM Business Automation Workflow installation files. This fix updates the core product files and all the existing profiles that require a maintenance update.
    2. If your profiles are separated from the installation files, back up your IBM Business Automation Workflow profiles. Run the backupConfig command to back up the configuration files of each profile. See Backing up and restoring administrative configuration files in the WebSphere Application Server product documentation.    
      Important:
    3. Back up all the Installation Manager files that are mentioned in Backing up IBM Installation Manager agent data and shared files for recovery with IBM Business Process Manager (BPM). If you are applying patches to other products installed with Installation Manager, be sure to take backups of those products as well. This data is not required for a normal rollback. However, if you have an Installation Manager failure or a problem that corrupts the file system data, you need these files to recover from it. Having either a full file system backup or all of these directories ensures that you can roll back to a consistent state for all products that were installed with Installation Manager.
    4. Back up all databases associated with this IBM Business Automation Workflow environment.    
      Database contents and schemas are not changed during this fix update. However, if you face an issue some time after you completed the fix update, which requires you to rollback, your database content might need to be restored, too. Therefore, make a backup of your databases at the same time as you make the profile backup.
    5. Optional: Back up your Process Portal customization. During the update, Process Portal content and snapshots can be updated.    
      Customization that you applied to the Process Portal deployed as a snapshot must be redone on the latest version after you update your environments. For example, Setting up collaboration features for business users.
    6. Optional: Customization to the Process Portal mentioned in Customizing and rebranding interfaces can be overwritten. Make a local copy of your changes before you update or keep a record of your modifications.
  3. If you are upgrading from a swinging profiles environment, complete all but the last step in Applying an interim fix or cumulative fix by swinging profiles. Instead of running the next two steps in these upgrading instructions, use the same information to apply the fix to the main product installation during the first step of the swinging profile instructions.    
    Important: Do not complete the last step of the swinging profile instructions and restart the environment only if you are told to in the instructions below.
  4. Apply the fix onto the deployment manager installation interactively or silently:

  5. Apply the fix onto all managed node installations interactively or silently:

    Start the deployment manager server.

    • Notes:
      • The deployment manager profile is updated automatically during the first server startup after the fix is applied.
      • Databases are not changed when you apply this fix.
      • It takes time to complete the profile upgrade when the server starts for the first time. This time can be significantly longer than the time it takes to normally launch. You can monitor the profile_root/properties/service/productDir/logs/runConfigActions.log file to see the activity that is in progress during the profile upgrade process. The result of each activity is logged with either INSTCONFSUCCESS or INSTCONFFAILED. If an activity failed, see Identifying and recovering from profile upgrade or toolkit upgrade errors.
    • Warning:
      • Do not attempt to bypass the automated update tasks. If these tasks are not performed successfully, it could lead to environment corruption. The use of a runConfigActions.disableAtServerStartup file can corrupt an IBM Business Automation Workflow environment.
    • Run the following command:
      • On Windows, go to the dmgr_profile_root\bin directory and run startManager.bat.
      • On Linux or UNIX, go to the dmgr_profile_root/bin directory and run startManager.sh.
  6. Check for and fix errors, as described in Identifying and recovering from profile upgrade or toolkit upgrade errors before you continue.
  7. For each managed node in the network deployment environment, complete the following steps.
    • Start the node agent.
      • On Windows, go to the node_profile_root\bin directory and run startNode.bat.
      • On Linux or UNIX, go to the node_profile_root/bin directory and run startNode.sh.
    • Ensure that node synchronization is completed. It can take several minutes to complete when you update the system applications. Do not terminate this task abruptly or run a duplicate node synchronization because it could affect the configuration data for the node. You can check the node agent log or syncNode.log for progress of the related operations. Use the syncNode command to force synchronization if required.
    • Note:
      • The managed node profile is updated automatically during the first server startup after the fix is applied.
  8. On each Node, check for and fix errors, as described in Identifying and recovering from profile upgrade or toolkit upgrade errors, before you continue.
  9. Use the Ripplestart option to start the single cluster or to start your three clusters in this sequence: Messaging, Application, and then Support. See Starting and stopping a cluster.
  10. If you are installing this cumulative fix as part of an upgrade from IBM Business Automation Workflow 23.0.2 or older, then the Process Portal search index will be automatically rebuilt on the first server restart.
    If you are already on IBM Business Automation Workflow 24.0.0 and that before this cumulative fix installation you previously had not already applied the individual fixes for DT412485 and DT423276, then, once the server is started, you must manually run the processIndexFullReindex command to rebuild the search index.
    While the search index is being rebuilt, the search facility in Workplace and Process Portal is unavailable or incomplete. To monitor the rebuilding of the index, in the SystemOut.log file, look for the CWLLG0764I and CWLLG0765I messages that identify the start and completion of the index rebuild. 
    Note: To leverage the new search implementation provided as part of the fix for DT412485, you must set <use-new-process-instance-search> to true in 100Custom.xml as in the following example:
    <properties>
        <server>
            <search-index merge="mergeChildren">
                <use-new-process-instance-search>true</use-new-process-instance-search>
            </search-index>
        </server>
    </properties>
  11. Optional: If you are updating an external Content Platform Engine, or an external Content Navigator at the same time as applying this fix:
    • If you are updating an external Content Platform Engine , run the updateBPMExternalECM command to update the Content Platform Engine libraries on Business Automation Workflow.
    • If you are updating an external Content Navigator, run the setExternalNavigator command.
    • Restart the deployment environment.
  12. Optional: If you are using case management, follow these instructions to update it:
    • Run the IBM Business Automation Workflow Case Configuration tool and configure the profile either from the GUI (see Running the Case configuration tool tasks for the development environment) or the command line (see Configuring the development environment by using the command line). Based on your current development environment, open and edit the predefined profile that is located in dmgr_profile_root/CaseManagement/DE_name/profiles/ICM_dev. If you are using custom profiles, then make sure the configuration is synced between the custom profile and predefined profile after update. For example:
      • On Windows: C:\Program Files\ibm\Workflow\v18.0\profiles\DmgrProfile\CaseManagement\De1\profiles\ICM_dev.cfgp
      • On Linux or UNIX: /opt/ibm/Workflow/v18.0/profiles/DmgrProfile/CaseManagement/De1/profiles/ICM_dev/ICM_dev.cfgp    
        Note: On AIX, if IBM SDK is updated to version 8.0.6.25 or later, the Eclipse launcher may be unable to load libjgskit.so and libjgsk8iccs_64.so. You must export the LIBPATH variable before you run the configmgr_cl command. To export LIBPATH, use the following command, where <baw_install_root> is your Business Automation Workflow installation path: LIBPATH=$LIBPATH:<baw_install_root>/java/jre/lib/ppc64:<baw_install_root>/java/jre/lib/icc.
    • Edit the Configure Case Integration with IBM Business Automation Workflow Task by using the GUI or the configibmbpm.xml file. Ensure that the context root for Process Server application and CPE Workflow services application (ICMBPMServices) is correct. Save the task.
    • If you are using an external Content Platform Engine, edit the Deploy the Content Platform Engine Gateway Service Task by using the GUI or the deploygateway.xml file. Ensure that the IBM Business Automation Workflow server cluster name is correct. Save the task.
    • Run all tasks in this profile. Right-click the profile and select Run all tasks or run configmgr_cl execute -profile myprofile.
    • Restart the deployment environment.
    • Upgrade the existing solutions. See Upgrading and converting case solutions.
  13. Optional: Update to the latest toolkit    
    After IBM Workflow Center is successfully updated, update your projects to the latest IBM Business Automation Workflow toolkit levels so that you can integrate the latest fixes associated with the toolkit objects. You need to modify your project only if it includes a toolkit snapshot with a different snapshot ID than the toolkits included with your current product version.
  14. Optional: Update to the latest API    
    Update embedded product JAR files in any custom applications, plugins, services, and so on, in order to use product APIs. For example, if you use Case API in a custom application, ensure that the Case API .jar file in your custom application is updated as part of the update.
  15. Optional: If you are using IBM Business Automation Insights, restore the JSON file that you backed up in step 3. After the update, your Case event emitter application must be updated. For more information, see Installing and configuring the Case event emitter.
  16. Optional: If you are using the deprecated desktop Process Designer, after Workflow Center is updated, existing desktop Process Designer users must follow the instructions for Updating desktop IBM Process Designer.
  17. Optional: If you are using Process Portal customization:
    • Perform any needed customization by using the updated application content.
    • If you used the BPMUpdateTheme task to apply a custom theme, run the BPMUpdateTheme task again to reapply the custom theme.
  18. Your IBM Business Automation Workflow environment is now updated. Perform any application validation testing you require at this time.
Identifying and recovering from profile upgrade or toolkit upgrade errors
Use the following information to check for the success of the upgrade commands. These commands are run during deployment manager startup and update all deployment environments at once. Profile upgrade is also run during the startup of each managed node.    
In the log locations, profile_root is the root directory of the server that is starting up either the deployment manager profile or the managed node profile.
  • Profile upgrade    
    Log location: profile_root/logs/BPMConfig_upgrade_profileName_timestamp.log    
    Success message: 'The BPMConfig.bat -upgrade -profile <profilePath>' command completed successfully.'
  • bootstrapProcessServerData command    
    Log location: profile_root/logs/bootstrapProcessServerData.log    
    Success message: 'The bootstrapping of data completed successfully.'
  • BPMUpdateSystemApp command    
    Log location: profile_root/logs/BPMUpdateSystemApp_timestamp.log    
    Success message: 'execute Cumulative BPMUpdateSystemApp completed successfully.'    
     
If not all of these log files exist, check the log files under profile_root/properties/service/productDir for error messages.
 
Recovering from startup errors
When you start the server for the first time after you apply this fix, you might see an error message similar to the following message:
runConfigActions script execution failed. Exit code: 1
                                                                                                                Exception caught while waiting for runConfigActions script to complete:
 
This error message indicates that a profile upgrade or toolkit upgrade error occurred. Take these actions:
  1. Check the profile upgrade log and confirm that the commands completed successfully.    
    If the commands did not run successfully, note the errors and review them to see if they explain the failure.
  2. Check the bootstrapProcessServerData command log and confirm that the command completed successfully.    
    Note: For managed nodes, the bootstrapProcessServerData command is not run during node startup.    
    If the command did not run successfully, note the errors and review them to see if they explain the failure.
  3. Check the BPMUpdateSystemApp command log and confirm that the command completed successfully.    
    Note: For managed nodes, the BPMUpdateSystemApp command is not run during node startup.    
    If the command did not run successfully, note the errors and review them to see if they explain the failure.
  4. Search the support site for possible reasons for the failure. If you cannot find a solution, engage IBM support.
  5. After the issue is resolved, restart the failing server to trigger another attempt of the upgrade step.
 
Troubleshooting tips
  • If you decreased the maximum heap size, the value reverts to the default when you update. If you increase it, the value is preserved.
  • If the bootstrapProcessServerData command fails with a NoClassDefFoundError or a NoSuchMethodError, make sure there are no product JAR files in install_root/lib/ext other than these four files:    
    bpm.security.tai.jar    
    jcrypt.jar    
    ssi4bpm-server.jar    
    wp.auth.tai.jar
  • If you are using a Db2 database and the bootstrapProcessServerData command fails with the error Db2 SQL Error: SQLCODE=-1476, SQLSTATE=40506, SQLERRMC=-964, you must increase the default log file size using the following SQL statement (where @DB_NAME@ specifies the name of your Process database):    
    UPDATE DB CFG FOR @DB_NAME@ USING LOGFILSIZ 16384 DEFERRED;    
    After you have run the SQL statement, restart the deployment manager or stand-alone server.
Rolling back the update
Multiple steps are needed to roll back the changes. If you omit steps, your environment can become out of sync and not function properly.
 
Note: The environment will return to the state it was in before this fix was installed. Any work done after applying  this fix is lost and might need to be re-done.
 
Rolling back requires that you successfully took a backup of your profiles and IBM Business Automation Workflow databases before you started this fix update.
 
Important: Unless you restore the profiles and databases from backup, profiles might not be usable after you roll back the update.
 
Procedure
To roll back the fix update and restore the profiles, complete the following steps:
  1. Ensure that you have EAR files for any applications that you installed since you ran the backupConfig command. Make note of any changes you made after backing up the profiles. Also, ensure that you have .zip files for offline deployment and the .twx files for online deployment for all process applications and toolkits that you deployed since you backed up the Process database.
  2. Stop all the Java processes associated with the products being rolled back.
    1. Stop the single cluster or the three clusters in the following order: Support, Application, and then Messaging.
    2. Stop any other servers, the node agents, and then the deployment manager.
    3. Stop any other associated JVMs, such as the Profile Management Tool or the Quick Start console.
    4. If you have a Windows service or another function that automatically restarts the servers when they are down, ensure that the service or function is disabled until the update process is complete.
  3. Roll back the update by using Installation Manager. See Rolling back fixes silently or  Rolling back fixes interactively for instructions.
  4. Restore the backup of all your IBM Business Automation Workflow environment databases.
  5. Run the restoreConfig command for each profile.
  6. Run one of the following commands to clear the OSGi configuration area:

    • On Windows: 

      install_root\bin\osgiCfgInit.bat -all

    • On Linux or UNIX: 

      install_root/bin/osgiCfgInit.sh -all
    • Otherwise, the OSGi cache might still refer to classes from the update that was applied before the rollback, which can cause problems in the rolled back (old) environment.

    • After you roll back, if you see an error when running the servicedeploy command, you can fix it by running the following script:

      install_root/serviceDeploy/clearServiceDeployCfg
      Running this script with no parameters fixes the error.
  7. Start your Business Automation Workflow environment.
    1. Start the deployment manager and each node agent.
    2. Start the single cluster or the three clusters in the following order: Messaging, Application, and then Support.
  8. The environment is now rolled back to its previous state.
  9. Re-install needed applications or snapshots, and redo any other applicable configuration changes that you made since you ran the backupConfig command.

Applying a fix to Process Federation Server Installation

You can apply this update on top of IBM Business Process Manager - Process Federation Server 24.0.0.0.
 
Follow these procedures to apply the fix.
 
Prerequisites
Download the cumulative fix repository to a local directory so that the files can be used with Installation Manager during the update process. Find the download link in the Business Automation Workflow and complimentary interim fixes history table, earlier in this document. Note the location where you downloaded the file. 
 
Procedure
You can apply updates to Process Federation Server interactively or silently.
Updating an installation interactively
Follow the steps described in Installing fixes on IBM Process Federation Server
 
Updating an installation silently by using the command line (imcl)    
You can use the command-line interface in Installation Manager to update your product installation silently. These steps update one installation of Process Federation Server.
  1. Gather the following information about your environment and the fix you are applying.
    • IM_INSTALL_LOCATION
    • INSTALL_DIR
      • The full path to the installation directory of the product you are updating.
    • REPOSITORY
      • The full path to the repository where you downloaded the cumulative fix that you are applying.
    • LOG_FILE
      • A full path and name for a log file to capture the logging output of the command.
    • FIX_PACKAGE
      • com.ibm.bpm.pfs.v85
  2. Using the information gathered in the previous step, run imcl with the command line below from the tools directory under the Installation Manager installation location. For more information, see Installing packages by using imcl commands.
    • Notes: By including the -acceptLicense parameter, you agree to the terms and licenses of this product.
    • IM_INSTALL_LOCATION/eclipse/tools/imcl install FIX_PACKAGE -acceptLicense -installationDirectory INSTALL_DIR -repositories REPOSITORY -log LOG_FILE
    • The following command is an example of updating Process Federation Server on Windows from local repositories: C:\IBM\Installation Manager\eclipse\tools\imcl.exe install com.ibm.bpm.pfs.v85 -acceptLicense -installationDirectory C:\IBM\WebSphere\Liberty -repositories C:\pfs\8.6.70024000-WS-BPMPFS-IF007.zip -log C:\silent\update.log
  3. When the silent update completes, check the log files to ensure that the update is completed successfully.
  4. Before you restart the server the first time, run the server start pfsserver --clean command for each installation that you updated, where pfsserver is the server name when you create the server.

Rolling back the update

You can roll back this fix by using one of the following options
Rolling back the updated installation interactively
Note: The following procedure rolls back only the Process Federation Server installation.
  1. Close all programs that were installed by using Installation Manager.
  2. Start Installation Manager. For information about where Installation Manager is installed, see Installation directories for the product and profiles.
  3. From the Start page of the Installation Manager, click Roll back.
  4. On the Roll Back Packages page, from the Package Group Name list, select the package group that contains the packages that you want to roll back and click Next.
  5. Select the version of the package that you want to roll back to and click Next.
  6. Read the summary information and click Roll Back to roll back the package.
    • When the rollback process completes, a message that confirms the success of the process is displayed near the top of the page.
  7. Optional: Click View log file to open the log file for the current session in a new window.
  8. Click Finish to close the wizard.
  9. Before you restart the server the first time, run the server start pfsserver --clean command for each installation that you rolled back, where pfsserver is the server name when you create the server.
Rolling back the update installation silently by using the command line (imcl)
Installation Manager offers a command-line interface to silently roll back your product installation to the previous version.
  1. Gather the following information about your environment and the target version you want to roll back to.
    • IM_INSTALL_LOCATION
    • INSTALL_DIR
      • The full path to the installation directory of the product that you updated.
    • LOG_FILE
      • A full path and name for a log file to capture the logging output of the command.
    • PACKAGE_VERSION_IDS
      • The package and version IDs for the target version you want to roll back to. You need the package ID followed by an underscore and the specific version ID. If you are rolling back multiple packages in the installation, separate each package and version ID with a space. If you supply only the package ID, the package is rolled back to the most recent previous version.
        • Note: To find the IDs of the packages you can roll back to, run this command: IM_INSTALL_LOCATION/tools/imcl listInstalledPackages -rollbackVersions -installationDirectory INSTALL_DIR
    • REPOSITORIES
      • Optionally, you might need to supply the fix repositories for the target of the rollback if you did not use the option to save files for rollback and do not have access to the live repository. Download and unpack the fix repositories for the target version. Gather the full directory path to your unpacked repositories associated with each fix package that you are applying. If you are rolling back multiple products, separate the repository directory paths with commas.
  2. Using the information gathered in the previous step, run the imcl command to roll back to the previous target version of a product in the installation: IM_INSTALL_LOCATION/eclipse/tools/imcl rollback PACKAGE_VERSION_IDS -installationDirectory INSTALL_DIR -log LOG_FILE
    • To include local repositories for the target version, add the -repositories REPOSITORIES option.
  3. When the rollback completes, check the log files to ensure that the rollback completed successfully.
  4. Before you restart the server the first time, run the server start pfsserver --clean command for each installation that you rolled back, where pfsserver is the server name when you create the server.

List of fixes

The following Known Issues (APARs) are specific to Business Automation Workflow (Traditional). These types of fixes will align with fixes for other related offerings where Business Automation Workflow capability is included, including Business Automation Workflow on containers and Cloud Pak for Business Automation. Fixes for all of these offerings released simultaneously should contain the same fix content given the individual fixes apply to each of them. However, there will be fixes that are unique to each offering. For example, see the "List of Fixes" in the readmes linked in Business Automation Workflow and complimentary interim fixes history table, earlier in this document.
 
Fixes that involve security are indicated with an X mark.
 
Business Automation Workflow
 
24.0.0.0 IF007
Known IssueSecurityBehavior changeTitle
DT386834X CVE-2023-33008 in Apache Johnzon affects BAStudio and Workflow Authoring
DT398089X CVE-2024-49348 Prevent Reassignment of Comment Tasks
DT398149X Updating jjwt-api to 0.12.6
DT392433X CVE-2024-43188 - Insufficient input validation in IBM Workflow Center and web Process Designer
DT395401X SECURITY - CVE-2024-38808 IN SPRING EXPRESSIONS
DT395404X CVE-2024-39338 in axios affects Process Admin Console
DT396249X Security vulnerability in axios affects IBM Business Automation Studio and Workflow Center
DT396474X CVE-2024-45296 in path-to-regexp affects IBM Business Automation Workflow
DT397840X CVE-2024-22262, CVE-2024-38809 in Spring Framework IBM Business Automation Workflow
DT398542X Security - CVE-2024-47554 in Apache commons-io may affect BPM Event emitters
DT416513X CVE-2024-28168 vulnerability in Apache XML Graphics FOP (BAW) - IBM Cloud Pak for Business Automation
DT416868X CVE-2024-21538 in cross-spawn-5.1.0.tgz affects Process Admin Console
DT417095X Security vulnerability in cross-spawn-5.1.0 affects Process Designer
DT417496X CVE-2024-31141 in kafka-clients reported for bai-events-java-sdk
DT418201X Multiple CVEs might affect the IBM BPM Configuration Editor
DT419006X CVE-2024-54179 Reflected Cross-Site Scripting (business calendar)
DT419489X CVE-2024-38820, CVE-2025-22233 - Update Spring framework in Business Automation Workflow
DT423873X Multiple security vulnerabilities affect IBM Workflow center & IBM Business Automation Studio
DT424601X Vulnerable spring .jar files found in icnSyncWeb.war within BAW
DT425691X Security vulnerability CVE-2025-1838 affects IBM Workflow Center and IBM Business Automation Studio
DT426117X Update cometD library to 5.0.21
DT433330X Security vulnerabilities CVE-2024-57965, CVE-2025-27152 and CVE-2025-27789 affect Process Admin Console
DT433448X Security vulnerabilities CVE-2024-45296 affects IBM Workflow Center and IBM Business Automation Studio
DT439593X Security vulnerability cross-site scripting
DT439782X Multiple security vulnerabilities affect swagger-ui
DT440290X CVE-2025-48734 in commons-beanutils
DT442383X Multiple CVEs in Node JS runtime affecting BPM Configuration Editor
DT445908X CVE-2025-27817, CVE-2025-27818 in kafka-clients-3.8.1.jar affecting event emitters
DT446327X CVE-2025-27817, CVE-2025-27818 in kafka-clients-3.8.1.jar may affect Case Event Emitters
DT446350X CVE-2025-7783 - form-data-4.0.0.tgz affects Process Admin Console
DT446595X Security vulnerability (CVE-2025-7783) in form-data-4.0.0.tgz affects Workflow centre and Process Designer
DT446906X CVE-2025-48976 - DoS vulnerability in commons-fileupload via Case Forms
DT446911X CVE-2025-48976 - DoS vulnerability in commons-fileupload via navigator
DT446922X CVE-2025-48976 - DoS vulnerability in commons-fileupload affects IBM Business Automation Workflow
DT447031X CVE-2025-36172 Cross-Site Scripting vulnerability in Case Client
DT448209X CVE-2025-22233, CVE-2024-38820, CVE-2025-41242 Update Spring framework in the OSGi bundles included within IBM Business Automation Workflow
DT450245X CVE-2025-41242 Path traversal vulnerability spring core effects IBM Business Automation Workflow
DT450487X CVE-2025-48976 - commons-fileupload-1.5.jar in Embedded ECM
DT451598X Security vulnerability in axios javascript Library affects IBM Process Designer, IBM Workflow center and IBM Business Automation Studio
DT452024X CVE-2025-52999 in jackson-core libs of IBM Business Automation Workflow
DT387108 When navigating to the last page of in-basket, Process Engine work items that have null values in the sort column will not be displayed other than the first page.Navigation to the last page fails with a NullPointerException when sorting by any business property that includes null values, causing the browser to become unresponsive (CP4BA)
DT187859  Open Next by Sequence action does not work unless Open Next action is also added to the work item toolbar
DT383336  Case client generates CDEWG3401 The following view definition cannot be found: CaseSearchView error
DT389442  YOU ENCOUNTER AN ERROR IF THE EVENT SUBSCRIPTIONS ARE EMPTY WHEN YOU OPEN THE EVENT SUBSCRIPTIONS TAB IN PROCESS ADMIN CONSOLE->INSTALLED APPS->APP DETAILS PAGE
DT389498  Unable to update or add a new toolkit version as a dependency in a process application
DT390087  There is Case Swagger API version mismatch in the latest build
DT390215  Unable to add new filters to saved searches in Process Portal
DT391167  Improve the design of the Case client Comment dialog layout
DT391193  '[property name] does not resolve to an existing business object property' validation error may appear on the process app or toolkit
DT391336  THE PROCESS ADMIN CONSOLE->PERFORMANCE->MONITORING PAGE DOES NOT WORK WHEN YOU SELECT A NONE ENGLISH LOCALE
DT391898  THE PROCESSES FROM OLDER VERSIONS OF BUSINESS AUTOMATION WORKFLOW(BAW) ARE NOT SHOWING UP IN THE IN-BASKET AFTER UPGRADING TO BAW V24.0.0.0
DT392764  Warning messages observed in server logs during application startup in IBM Business Automation Workflow
DT392892  NUMERIC VARIABLES NOT PASSED WITH CORRECT TYPE TO CLIENT-SIDE HUMAN SERVICES WHEN USING NEW DATA MAPPING MODE
DT393042  THE START TIME AND END TIME MAY BE CONVERTED INCORRECTLY WHEN YOU CREATE A DATE/TIME RANGE PERIOD IN THE BLACKOUT PERIODS PAGE IN THE PROCESS ADMIN CONSOLE
DT393473  Navigator Business Automation Workflow desktop is not fully accessible due to user permission error
DT394400  The ''Go to a specified URL'' in End event does work as expected after upgrade to 23.0.2
DT394730  Unable to load error when editing decision tables
DT394970  Cannot access Workflow center in zOS
DT395245  Unable to upload file using BPM document list control after installing the DT213423 & DT380377 fixes
DT395261  You see "org.apache.lucene.search.BooleanQuery$TooManyClauses: maxClauseCount is set to 1024" after upgrading to 24.0.0.0
DT396727  Service Message Object (SMO) message context and headers may be empty when multiple deployment environments in a single cell are used
DT396882  The reloadTask BPM REST API incorrectly includes null properties in the response data
DT397283  The 'Select the first document in the list by default' feature in the case details page fails to load the right click options for the first document in case page
DT398147  The work In-basket menu options do not appear when right-clicking on a work item in BAW desktop when using legacy case solution
DT398438  You encounter an internal server error when you try to edit the server configuration in IBM Business Automation Workflow (BAW) Process Admin Console->Installed Apps->App Details->Servers page
DT398663  Deployed Classic Case Builder Solution in CP4BA 23.0.2 appears as not deployed at every reload of the browser
DT400000  Cannot save audit manifest with Activity properties with error: java.lang.RuntimeException: The key [isBusinessObject] was not in the map
DT400076  Case client displays an intermittent error when switching roles: Expecting { on line 1, column 4 instead, obtained token: Token: Number - 403 on containers
DT400142  Default values in service flow might not be used after upgrading to IBM Business Automation Workflow V24.0.0
DT400408  After upgrading to BAW 24.0.0, Health Center shows Case Manager component unhealthy
DT400627  BAW upgrade from v23.x to v24.x failing during deployment manager server start
DT400667  Process instance migration fails on a case solution snapshot when using MSSQL database after upgrading to IBM Business Automation Workflow V24.0.0
DT409005  IBM Case Client throws an error when opening Case Comments widget containing a case comment from a user in the past but that user is later deleted from LDAP
DT409117  BAI BPEL events arrive in Kafka but do not seem to be processed by the flink job properly so they do not show up in ES or BAI dashboard
DT412485  When a user has access to a huge number of tasks, the search of process instances in Processes dashboard or through JS API can take very long.
DT416870  Case client in-basket tabs are rendered incorrectly for many Classic style themes
DT418769  Failed process instances with the error ''failed to update the row, this is most likely a benign warning caused by two threads making the same update and can be ignored''
DT419609  Default Data Label Autocompletion Service called by Processes dashboard causes high CPU usage
DT422724  Process Admin Console Group Management member list does not show user display names
DT422768  In IBM Business Automation Workflow 24.0.0, you may see a com.fasterxml.jackson.core.exc.StreamConstraintsException when calling a REST API with a String variable greater than 20 million bytes
DT422946  Event Manager tasks are slow to execute and at times never complete, after upgrading to V24.0.0
DT423276  Unable to search Task in the Process Portal Work Dashboard
DT423338  Clicking the WorkflowCenter link in Case Builder solutions page fails in IBM Business Automation Workflow with custom context root
DT423451  The BPM document list component can upload the same file multiple times
DT424599  Vulnerable versions of spring .jar files are included within the OSGI bundle in BAW
DT424973  'Create a snapshot' button does not work in Process Designer V24.0.0.0
DT426721  SCA Import method bindings show no properties
DT433874  Blank editor property sheets after renaming an activity
DT434513  Searching processes in Process Portal results in ''org.apache.lucene.search.BooleanQuery$TooManyClauses: maxClauseCount is set to 1024'' error
DT435315  You may notice a performance issue related to memory usage when load testing includes heritage human services that do not reach an end event
DT435499  Coach UI is not displayed correctly in Workflow server after snapshot deployment
DT437586  When using the Processes dashboard and clicking on a process instance, details from another instance are displayed
DT437853  User may observe slow performance when server starts after upgrading to BAW 23.0.2 or a later version
DT438061  Quick Task Assignment Disposal Policy throws error:
DT439194  Workplace header disappears after page refresh in IBM Business Automation Workflow 24.0.x.0
DT439744  Get error: FNRCE0050E: E_OBJECT_MODIFIED when updating the Case Stage with completeParentCaseStage function
DT439979  Potential ClassLoaderRegistry Memory Retention Observed Post Java Upgrade in IBM Business Automation Workflow V24.0.0
DT440081  The REST API /ops/std/bpm/processes/count throws an exception when the process_ids parameter includes an instance id greater than 2147483647
DT442637  Administration service is unable to be opened due to /teamworks/process.lsw being cached unexpectedly
DT442676  TWObject de-serialization exception stops process instances that use nested heritage human services after migration to IBM Business Automation Workflow 24.0.0.0
DT442825  The BPM Document List allows you to press the Refresh and Load More buttons repeatedly causes the embedded document store to be unusable until the BAW Server is restarted
DT446772  Process instance status can end in status completed even if the end node is a terminate one if there is a subprocess marked as reusable
DT447017  Case Activity fails to complete due to DB deadlock
DT447504  Restarting previous case stage operation fails with FNRCE0007E when no prior stage exists in BAW
DT448347  tw.system.currentProcessInstance.parentCase.terminateActivities() API does not terminate failed workflow instances
DT448726  Data mappings of an activity in a service flow might not be shown
DT448911  Case component method createDiscretionaryTaskWithProps launches a new activity with display name instead of its symbolic name
DT450303  Uninitialized complex type business object variables cannot be updated in Process Inspector
DT451052  Process Instances cannot be deleted due to incorrect CAN_DELETE_INSTANCE value
DT451583  Document creation using a Content Integration step in a service flow that uses system lane user fails in an external Content Platform Engine environment - Business Automation Workflow
 
Process Federation Server
 
24.0.0.0 IF007
Known IssueSecurityBehavior changeTitle
DT443492  Cross-Site scripting via Unauthenticated Endpoint
DT396352  Process Federation Server not reading readTimeout of ibmPfs_remoteElasticSearch settings from the server.xml file
DT451296  Saved Searches imported into Process Federation Server might get saved with incorrect value for OWNER
 

Back to top

 

Document change history

  • 30 October 2024: Initial publish.
 

[{"Type":"MASTER","Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SS8JB4","label":"IBM Business Automation Workflow"},"ARM Category":[{"code":"a8m50000000CcWOAA0","label":"Security"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"24.0.0"}]

Document Information

Modified date:
09 December 2025

UID

ibm17246659

Page Feedback