Readme for IBM Cloud Pak for Business Automation 24.0.1 IF006

Fix Readme

Abstract

The following document is for IBM Cloud Pak for Business Automation 24.0.1 IF006. It includes the CASE package download, installation information, and the list of APARs/Known Issues that are resolved in this interim fix.

Content

Readme file for:	IBM Cloud Pak® for Business Automation
Product Release:	24.0.1
Update Name:	24.0.1 IF006
Fix ID:	24.0.1-WS-CP4BA-IF006
Publication Date:	17 December 2025

Prerequisites and supersedes
Components impacted
Before installation
Installing the interim fix
Performing the necessary tasks after installation
Uninstalling
List of fixes
Known Limitations
Document change history

Prerequisites and supersedes

Supersedes all prior interim fixes for Cloud Pak for Business Automation 24.0.1.

Components impacted

General
Cloud Pak for Business Automation Operator
Automation Document Processing
Automation Decision Services
Business Automation Application
Business Automation Insights
Business Automation Navigator
Business Automation Studio
Business Automation Workflow including Automation Workstream Services
Enterprise Records
FileNet Content Manager
Operational Decision Manager
User Management Service
Workflow Process Service
Cloud Pak for foundational services Operator

Before installation

Ensure you take regular backups of any databases associated with the environment.
Ensure your operators are in a healthy state, before upgrading.
If one or more operators are failing, then it can prevent the system from completing an upgrade.
It is recommended to check a few of the important CR statuses to ensure there are not failures and the statuses appear ready for the various installed components. Check the status of the following CRs when they exist:

oc get icp4acluster -o yaml 
oc get content -o yaml
oc get Foundation -o yaml

Remove any image settings in CRs
If you used any individual image tag settings in your CRs, it could prevent the operator from updating the images to the appropriate version. Ensure you remove any of these settings when you upgrade. This doesn't apply to starter installation as it requires a new install.

Installing the interim fix

This interim fix contains the following version of Cloud Pak for Business Automation and Cloud Pak Foundational Services (CPFS):

Cloud Pak for Business Automation 24.0.1-IF006
Cloud Pak Foundational Services 4.16

Note: This interim fix only supports the Cloud Pak Foundational Services listed above. It is important that you deploy or upgrade Cloud Pak for Business Automation using the catalog sources in this readme document. If you have other Cloud Paks installed on the same OCP cluster, be sure to check the compatibility of the Cloud Pak Foundational Services versions listed above with other Cloud Paks' specifications.

Cloud Pak for Business Automation (CP4BA) 24.0.1 interim fixes are released to the v24.1 operator channel. Once the operators are upgraded, it triggers rolling updates for all the pods it manages to ensure they are updated to the appropriate version to match the operator.

NOTE :

If you have freshly deployed Automation Document Processing as a part of your CP4BA deployment and the deployment is configured with a Microsoft Active Directory ( MSAD) LDAP or IBM Security Directory Server ( SDS / TDS) LDAP follow the steps for Business Teams Service , you must follow the post upgrade steps listed in Completing the IBM Automation Document Processing upgrade after upgrading to this 24.0.1 interim fix
Starting with this interim fix, Java 17 or a version newer is required and must be installed on the bastion host where the deployment scripts are executed before running either a fresh installation or an upgrade to this iFix. Users can specify a custom Java installation directory using the flag --java-path while executing the cp4a-deployment.sh script or cp4a-prerequisites.sh script.

Step 1: Download the installation and upgrade scripts

Download the 24.0.1 IF006 branch by using the following git clone command.
```
git clone -b 24.0.1-IF006 https://github.com/icp4a/cert-kubernetes.git
```

Step 2: Perform an online/offline fresh installation or an upgrade on an existing online/offline deployment.

Depending on the current setup and state of your existing environment, there are various actions that need to be taken. The following scenarios cover what actions might be needed for a particular setup.

For an upgrade scenario, these are the Cloud Pak foundational services migration modes supported -

Migration Mode	Support
Cluster-scoped to Namespace-scoped	Supported (This is the recommended approach if your current deployment is using cluster-scoped CPFs)
Namespace-scoped to Namespace-scoped	Supported (If your CPFs deployment is already namespace-scoped, then continue to remain at namespace-scoped)
Cluster-scoped to Cluster-scoped	Not Supported (Please follow the recommended upgrade from Cluster-scoped to Namespace-scoped for CPFs)
Cluster-scoped ("All namespaces") to Cluster-scoped ("All namespaces")	Supported ( There is no migration path from Cluster-scoped ("All namespaces") to Namespace-scoped )

Note: The recommended migration mode for an instance with cluster scoped Cloud Pak foundational services is to namespace scoped Cloud Pak foundational services.

Scenario 1: You are installing a Starter deployment online or have an existing online Starter deployment
Warning: If you have an existing Cloud Pak Foundation Services instance installed at the cluster scoped level or in the namespace where CP4BA is being installed, then it is not supported. The Starter deployment of CP4BA is only supported when deploying into a new namespace without CPFs.
Actions: Starter deployments do not support upgrades; however, you can use this interim fix content to perform a Starter deployment. To deploy a Starter deployment using the content of this interim fix, please see install a new Starter environment and use the installation scripts from the branch that you cloned above.
Scenario 2: You are installing online Production deployment
Warning: If you have an existing Cloud Pak Foundation Services instance installed at the cluster scoped level or in the namespace where CP4BA is being installed, then it is not supported. The Production deployment of CP4BA is only supported when deploying into a new namespace without CPFs.
Actions: To deploy an online Production deployment without using a local registry, please follow steps in install a new online Production environment and use the installation scripts from the branch that you cloned above.
Scenario 3: You are installing offline/airgap Production deployment
Warning: If you have an existing Cloud Pak Foundation Services instance installed at the cluster scoped level or in the namespace where CP4BA is being installed, then it is not supported. The Production deployment of CP4BA is only supported when deploying into a new namespace without CPFs.
Note: As prerequisites for this scenario, you must follow steps here to set up the bastion host to mirror images to the registry and further to set up the private registry. The mirroring of images can be completed using "oc mirror" for the mirroring images process. If you are looking to install only a set of capabilities then you can make use of filters listed in Table 1 so that you can only download the specific set of images that you require. Please note that if the set of capabilities includes Business Automation Workflow, Process Federation Server, Workflow Process Service or Business Automation Insights make sure to include the filter "ibm_es_1_1_2470".
Actions:
1. To deploy an airgap/offline Production deployment, find mirror file cp4ba-case-to-be-mirrored-24.0.1-IF006.txt for this interim fix from the branch that you cloned above under the scripts/airgap directory. Execute this command from your bastion host to download the CASE files.
```
oc ibm-pak get -c file://(absolute path to file)/cp4ba-case-to-be-mirrored-24.0.1-IF006.txt
```
  The absolute path to file needs to be a path starting from "/". For example, "/opt".
2. You will need to mirror the images associated with the new cp4ba-case-to-be-mirrored-24.0.1-IF006.txt mirror file.
```
export CASE_NAME=ibm-cp-automation
export CASE_VERSION=24.1.6
export CASE_INVENTORY_SETUP=cp4aOperatorSetup
export TARGET_REGISTRY=<target-registry>
export NAMESPACE=<cp4ba_namespace_name>
```
  Follow the instructions for either mirroring option in Mirroring images to the private registry using the new CASE version associated with this interim fix.
3. Login to the cluster and go to namespace for the operator from the bastion host.
```
oc login https://<CLUSTERIP>:<port> -u <ADMINISTRATOR>
oc project ${NAMESPACE}
```
4. From your bastion host, install the catalog sources and operators using the steps listed in Install Catalog Source and Operators using cluster admin script.
5. Follow the remaining steps from Question 6 listed here to complete the installations of offline/airgap Production deployment.
Scenario 4: Your installed Production deployment version is 21.0.3 IF031 or newer (If you do not have 21.0.3 IF031 or newer, you need to upgrade to 21.0.3 IF031 or newer before proceeding with this upgrade).
Note: Direct upgrade from 21.0.3 IF031 or newer to this interim fix is not supported. For this scenario, complete an upgrade to 24.0.0 GA or any of the newer 24.0.0 interim fixes, and then perform an upgrade from the 24.0.0 interim fix to this current interim fix.

Actions:
1. Complete a direct upgrade to 24.0.0 GA or a newer 24.0.0 interim fix.
  - For online upgrade, follow the upgrade instructions documented in Upgrading CP4BA multi-pattern clusters from 21.0.3.
  - For offline upgrade, you must first complete the prerequisites by following steps here to set up the bastion host to mirror images to the registry and further to set up the private registry. The mirroring of images can be completed using "oc mirror" for the mirroring images process. Once the mirroring of images is completed, follow the upgrade instructions documented in Upgrading CP4BA multi-pattern clusters from 21.0.3.
2. Complete an upgrade from 24.0.0 GA or a newer 24.0.0 interim fix to the current 24.0.1 interim fix.
  - For online upgrade, follow the instructions listed in Scenario 7.
  - For offline upgrade, follow the instructions listed in Scenario 8.
Scenario 5: Your installed Production deployment version is 22.0.2 IF006(If you do not have 22.0.2 IF006, you need to upgrade to 22.0.2 IF006 before proceeding with this upgrade).
Note: Direct upgrade from 22.0.2 IF006 to this interim fix is not supported. For this scenario, complete an upgrade to 24.0.0 GA first or a newer 24.0.0 interim fix, and then perform an upgrade to this current interim fix.
Actions:
1. Complete a direct upgrade to 24.0.0 GA or a newer 24.0.0 interim fix.
  - For online upgrade, follow the upgrade instructions documented in Upgrading CP4BA multi-pattern clusters from 22.0.2 in online environment.
  - For offline upgrade, you must first complete the prerequisites by following steps here to set up the bastion host to mirror images to the registry and further to set up the private registry. The mirroring of images can be completed using "oc mirror" for the mirroring images process. Once the mirroring of images is completed, follow the upgrade instructions documented in Upgrading CP4BA multi-pattern clusters from 22.0.2 in online environment.
2. Complete an upgrade from 24.0.0 GA or a newer 24.0.0 interim fix to the current 24.0.1 interim fix.
  - For online upgrade, follow the instructions listed in Scenario 7.
  - For offline upgrade, follow the instructions listed in Scenario 8.
Scenario 6: Your installed Production deployment version is 23.0.2 IF006 (If you do not have 23.0.2 IF006 you need to upgrade to 23.0.2 IF006 before proceeding with this upgrade).
Note: Direct upgrade from 23.0.2 IF006 to this interim fix is not supported. For this scenario, complete an upgrade to 24.0.0 GA first or a newer 24.0.0 interim fix, and then perform an upgrade to this current interim fix.
Actions:
1. Complete a direct upgrade to 24.0.0 GA or a newer 24.0.0 interim fix.
  - For online upgrade, follow the upgrade instructions documented in Upgrading CP4BA multi-pattern clusters from 23.0.2 in online environment.
  - For offline upgrade, you must first complete the prerequisites by following steps here to set up the bastion host to mirror images to the registry and further to set up the private registry. The mirroring of images can be completed using "oc mirror" for the mirroring images process. Once the mirroring of images is completed, follow the upgrade instructions documented in in Upgrading CP4BA multi-pattern clusters from 23.0.2 in online environment.
2. Complete an upgrade from 24.0.0 GA or a newer 24.0.0 interim fix to the current 24.0.1 interim fix.
  - For online upgrade, follow the instructions listed in Scenario 7.
  - For offline upgrade, follow the instructions listed in Scenario 8.
Scenario 7: Your installed Production deployment version is 24.0.0 GA or newer.
Warning:
All instructions to download the installation and upgrade scripts in the Knowledge Center links referenced below can be ignored. Instead use the installation and upgrade scripts downloaded in Step 1
Actions:
For online upgrade, follow the upgrade instructions documented in Upgrading CP4BA multi-pattern clusters from 24.0.0 in online environment.
For offline upgrade, you must first complete the prerequisites by following steps here to set up the bastion host to mirror images to the registry and further to set up the private registry. The mirroring of images can be completed using "oc mirror" for the mirroring images process manually or using"oc mirror" for the mirroring images process by script . Once the mirroring of images is completed, follow the upgrade instructions documented in Upgrading CP4BA multi-pattern clusters from 24.0.0 in online environment.
Scenario 8: Your installed Production deployment is 24.0.1 GA or newer.
Note:
For a dedicated deployment or namespace scoped deployment, the value for < CP4BA Namespace > should be the namespace where all IBM Cloud Pak foundational services/CP4BA Operators and Services are deployed. If the CP4BA Operators and Services are deployed in different namespaces( separation of duties), the value for < CP4BA Namespace > should be the namespace where all IBM Cloud Pak foundational services/CP4BA Operators are deployed in.
Warning:
For a CP4BA Deployment with BAI ( Business Automation Insights ) selected as an optional component, it is recommended to create BAI savepoints before starting the upgrade process to this interim fix. For Flink event processing to resume from its previous state, savepoints are required to be created before the upgrade and specified in the updated CR. BAI savepoints can be created by following the below steps.
- Retrieve the name of the InsightsEngine custom resource file.
```
InsightsEngine_CR=$(kubectl get InsightsEngine --no-headers --ignore-not-found -n <CP4BA-Namespace> -o name)
```
  Retrieve and export the below details.
```
export MANAGEMENT_URL=$(kubectl get ${InsightsEngine_CR} --no-headers --ignore-not-found -n <CP4BA Namespace> -o jsonpath='{.status.components.management.endpoints[?(@.scope=="External")].uri}')
export MANAGEMENT_AUTH_SECRET=$(kubectl get ${InsightsEngine_CR} --no-headers --ignore-not-found -n <CP4BA Namespace> -o jsonpath='{.status.components.management.endpoints[?(@.scope=="External")].authentication.secret.secretName}')
export MANAGEMENT_USERNAME=$(kubectl get secret ${MANAGEMENT_AUTH_SECRET} --no-headers --ignore-not-found -n <CP4BA Namespace> -o jsonpath='{.data.username}' | base64 -d)
export MANAGEMENT_PASSWORD=$(kubectl get secret ${MANAGEMENT_AUTH_SECRET} --no-headers --ignore-not-found -n <CP4BA Namespace> -o jsonpath='{.data.password}' | base64 -d)
```
  Create BAI savepoints and store them in a temporary file called bai.json.
```
curl -X POST -k -u ${MANAGEMENT_USERNAME}:${MANAGEMENT_PASSWORD} "${MANAGEMENT_URL}/api/v1/processing/jobs/savepoints" -o ./bai.json
```
  Scale down the CP4BA and Insights Engine Operator.
  oc scale --replicas=0 deployment ibm-cp4a-operator oc scale --replicas=0 deployment ibm-insights-engine-operator
- Retrieve the recovery path locations for each BAI component for which BAI savepoints are created from ./bai.json and update the bai_configuration section of the custom resource file. For Example: If there is a BAI savepoint being created for navigator component, then the updated custom resource file should have the below configuration.
```
bai_configuration:
      navigator:
        recovery_path: /mnt/pv/savepoints/dba/bai-navigator/savepoint-fb88f4-42027046b73b
      ... 
      # Add recovery_path for all other components
```
- Once the upgrade has been completed, make sure to remove all instances of the recovery_path parameters from the updated custom resource file.
Actions:
From the branch that you cloned above navigate to the scripts directory and perform the following steps to upgrade the CP4BA operators and deployment.
1. Upgrade the CP4BA operators.
  - Warning:
    The script with the upgradeOperator option will scale the CP4BA Operators down to zero. You must execute the script with the upgradeDeploymentStatus mode to scale them back in.
  - Actions:
    Run the cp4a-deployment.sh script with the upgradeOperator option to upgrade the IBM Cloud Pak foundational services/CP4BA operators:
```
./scripts/cp4a-deployment.sh -m upgradeOperator -n <CP4BA Namespace>
```
2. Wait for the operators to complete their upgrades.
  By default all subscriptions are set to automatic, but if you have any subscriptions set to manual then you need to approve any pending InstallPlans.
  Use the below command to see the current status of the install plans.
```
oc get installPlan
```
  The upgrade will be blocked, if any of the needed InstallPlans are not approved. It is not recommended to set subscriptions to manual as this makes the upgrade more error prone.
3. You can use the following scripts to check the status of the upgrades.
  - Warning:
    The script will scale the CP4BA deployments down to zero. You must execute the cp4a-deployment.sh script with upgradeDeploymentStatus option to scale them back up.
  - Actions:
    [OPTIONAL] Run the cp4a-deployment.sh script with upgradeOperatorStatus option to check that the upgrade of the CP4BA operator and its dependencies is successful:
```
./scripts/cp4a-deployment.sh -m upgradeOperatorStatus -n <CP4BA Namespace>
```
4. Start up the upgraded CP4BA Operators.
  Run the cp4a-deployment.sh script with upgradeDeploymentStatus option to check that the upgrade of the CP4BA deployment is successful:
```
./scripts/cp4a-deployment.sh -m upgradeDeploymentStatus -n <CP4BA Namespace>
```
  Note: If you are using the P8BPMREST CPE end point, you must wait for the CPE components status to display "Done" and then execute the below command to make it accessible.
```
kubectl patch zenextension <CUSTOM_RESOURCE_FILENAME>-cpe-zen-extension -n <CP4BA NAMESPACE> --type=merge -p '{"metadata": {"annotations": {"checksum_cpe_ips": "0"}}}'
```

Scenario 9: Your installed Production deployment is 24.0.1 GA or newer and using airgap/offline.
Note:
As prerequisites for this scenario, you must follow steps here to set up the bastion host to mirror images to the registry and further to set up the private registry.
For a dedicated deployment or namespace scoped deployment, the value for < CP4BA Namespace > should be the namespace where all IBM Cloud Pak foundational services/CP4BA Operators and Services are deployed. If the CP4BA Operators and Services are deployed in different namespaces( separation of duties), the value for < CP4BA Namespace > should be the namespace where all IBM Cloud Pak foundational services/CP4BA Operators are deployed in.
Warning:
For a CP4BA Deployment with BAI ( Business Automation Insights ) selected as an optional component, it is recommended to create BAI savepoints before starting the upgrade process to this interim fix. For Flink event processing to resume from its previous state, savepoints are required to be created before the upgrade and specified in the updated CR. BAI savepoints can be created by following the below steps.
- Retrieve the name of the InsightsEngine custom resource file.
```
InsightsEngine_CR=$(kubectl get InsightsEngine --no-headers --ignore-not-found -n <CP4BA-Namespace> -o name)
```
  Retrieve and export the below details.
```
export MANAGEMENT_URL=$(kubectl get ${InsightsEngine_CR} --no-headers --ignore-not-found -n <CP4BA Namespace> -o jsonpath='{.status.components.management.endpoints[?(@.scope=="External")].uri}')
export MANAGEMENT_AUTH_SECRET=$(kubectl get ${InsightsEngine_CR} --no-headers --ignore-not-found -n <CP4BA Namespace> -o jsonpath='{.status.components.management.endpoints[?(@.scope=="External")].authentication.secret.secretName}')
export MANAGEMENT_USERNAME=$(kubectl get secret ${MANAGEMENT_AUTH_SECRET} --no-headers --ignore-not-found -n <CP4BA Namespace> -o jsonpath='{.data.username}' | base64 -d)
export MANAGEMENT_PASSWORD=$(kubectl get secret ${MANAGEMENT_AUTH_SECRET} --no-headers --ignore-not-found -n <CP4BA Namespace> -o jsonpath='{.data.password}' | base64 -d)
```
  Create BAI savepoints and store them in a temporary file called bai.json.
```
curl -X POST -k -u ${MANAGEMENT_USERNAME}:${MANAGEMENT_PASSWORD} "${MANAGEMENT_URL}/api/v1/processing/jobs/savepoints" -o ./bai.json
```
  Scale down the CP4BA and Insights Engine Operator.
  oc scale --replicas=0 deployment ibm-cp4a-operator oc scale --replicas=0 deployment ibm-insights-engine-operator
- Retrieve the recovery path locations for each BAI component for which BAI savepoints are created from ./bai.json and update the bai_configuration section of the custom resource file. For Example: If there is a BAI savepoint being created for navigator component, then the updated custom resource file should have the below configuration.
```
bai_configuration:
      navigator:
        recovery_path: /mnt/pv/savepoints/dba/bai-navigator/savepoint-fb88f4-42027046b73b
      ... 
      # Add recovery_path for all other components
```
- Once the upgrade has been completed, make sure to remove all instances of the recovery_path parameters from the updated custom resource file.
Actions:
Perform the following steps and then the upgrade of operators and deployments will start.
1. To upgrade an airgap/offline Production deployment, find mirror file cp4ba-case-to-be-mirrored-24.0.1-IF006.txt for this interim fix from the branch that you cloned above under the scripts/airgap directory. Execute this command from your bastion host to download the CASE files:
```
oc ibm-pak get -c file://(absolute path to file)/cp4ba-case-to-be-mirrored-24.0.1-IF006.txt
```
  The (absolute path to file) needs to be a path starting from "/". For example, "/opt".
2. You will need to mirror the images associated with the new cp4ba-case-to-be-mirrored-24.0.1-IF006.txt mirror file.
```
export CASE_NAME=ibm-cp-automation
export CASE_VERSION=24.1.6
export CASE_INVENTORY_SETUP=cp4aOperatorSetup
export TARGET_REGISTRY=<target-registry>
export NAMESPACE=<cp4ba_namespace_name>
```
  Follow the instructions for either mirroring option in Mirroring images to the private registry using the new CASE version associated with this interim fix. If you are looking to install only a set of capabilities then you can make use of filters listed in Table 1 so that you can only download the specific set of images that you require. Please note that if the set of capabilities includes Business Automation Workflow, Process Federation Server, Workflow Process Service or Business Automation Insights make sure to include the filter "ibm_es_1_1_2470".
3. From the branch that you cloned above navigate to the scripts directory and perform the following steps to upgrade the CP4BA operators.
  - Warning:
    The script with the upgradeOperator option will scale the CP4BA Operators down to zero. You must execute the script with the upgradeDeploymentStatus mode to scale them back in.
  - Actions:
    Run the cp4a-deployment.sh script with the upgradeOperator option to upgrade the IBM Cloud Pak foundational services/CP4BA operators:
```
./scripts/cp4a-deployment.sh -m upgradeOperator -n <CP4BA Namespace>
```
4. Wait for the operators to complete their upgrades.
  By default all subscriptions are set to automatic, but if you have any subscriptions set to manual then you need to approve any pending InstallPlans.
  Use the below command to see the current status of the install plans.
```
oc get installPlan
```
  The upgrade will be blocked, if any of the needed InstallPlans are not approved. It is not recommended to set subscriptions to manual as this makes the upgrade more error prone.
5. You can use the following scripts to check the status of the upgrades.
  - Warning:
    The script will scale the CP4BA deployments down to zero. You must execute the cp4a-deployment.sh script with upgradeDeploymentStatus option to scale them back up.
  - Actions:
    [OPTIONAL] Run the cp4a-deployment.sh script with upgradeOperatorStatus option to check that the upgrade of the CP4BA operator and its dependencies is successful:
    ./scripts/cp4a-deployment.sh -m upgradeOperatorStatus -n <CP4BA Namespace>
6. Start up the upgraded CP4BA Operators.
  Run the cp4a-deployment.sh script with upgradeDeploymentStatus option to check that the upgrade of the CP4BA deployment is successful:
```
./scripts/cp4a-deployment.sh -m upgradeDeploymentStatus -n <CP4BA Namespace>
```
  Note: If you are using the P8BPMREST CPE end point, you must wait for the CPE components status to display "Done" and then execute the below command to make it accessible.
```
kubectl patch zenextension <CUSTOM_RESOURCE_FILENAME>-cpe-zen-extension -n <CP4BA NAMESPACE> --type=merge -p '{"metadata": {"annotations": {"checksum_cpe_ips": "0"}}}'
```

Performing the necessary tasks after installation

a. Review the installation

It is recommended that you review the CR yaml status section and operator logs after the upgrade to ensure there are no failures preventing your pods from upgrading.

oc get icp4acluster icp4adeploy -o yaml > CP4BAconfig.yaml
oc logs deployment/ibm-cp4a-operator -c operator > operator.log

If you are interested in verifying the expected image digest for a particular image, then you can review the ibm-cp-automation\inventory\cp4aOperatorSdk\resources.yaml file in the CASE package. This file has a listing of the images managed by the CP4BA operator and their expected digest for this particular interim fix level.

Uninstalling

There is no procedure to uninstall the interim fix.

List of Fixes

APARs/Known Issues fixed by this interim fix are listed in the following tables.

The columns are defined as follows:

Column title	Column description
APAR/Known Issue	The defect number
Title	A short description of the defect
Sec.	A mark indicates a defect related to security
Cont.	A mark indicates a defect specific to the Cloud Pak integration of the component
B.I.	A mark indicates the fix has a business impact. Details are found in the title column or the APAR/Known Issue document

General
Cloud Pak for Business Automation Operator
Automation Document Processing
Automation Decision Services
Business Automation Application
Business Automation Insights
Business Automation Navigator
Business Automation Studio
Business Automation Workflow including Automation Workstream Services
Enterprise Records
FileNet Content Manager
Operational Decision Manager
User Management Service
Workflow Process Service

General

Known Issue	Title	Sec.	Cont.	B.I.
N/A	Cloud Pak for Business Automation delivers container images that include operating system level and other open source libraries. Vulnerabilities (CVEs) for these libraries are published regularly. This interim fix includes fixes for these libraries to address: CVE-2011-4969,CVE-2012-6708,CVE-2014-6071,CVE-2015-9251,CVE-2019-11358,CVE-2019-12900,CVE-2020-11022,CVE-2020-11023,CVE-2020-15138,CVE-2020-7656,CVE-2021-24112,CVE-2022-30241,CVE-2022-49043,CVE-2023-26048,CVE-2023-26049,CVE-2023-28642,CVE-2023-36478,CVE-2023-36479,CVE-2023-36807,CVE-2023-36810,CVE-2023-40167,CVE-2023-4039,CVE-2023-41900,CVE-2023-44487,CVE-2023-46250,CVE-2023-52355,CVE-2023-52356,CVE-2024-0450,CVE-2024-11079,CVE-2024-11168,CVE-2024-11392,CVE-2024-11393,CVE-2024-11394,CVE-2024-12133,CVE-2024-12243,CVE-2024-12718,CVE-2024-12720,CVE-2024-12797,CVE-2024-12798,CVE-2024-12801,CVE-2024-13009,CVE-2024-20952,CVE-2024-21011,CVE-2024-21012,CVE-2024-21068,CVE-2024-21085,CVE-2024-21094,CVE-2024-21208,CVE-2024-21210,CVE-2024-21217,CVE-2024-21235,CVE-2024-21626,CVE-2024-22201,CVE-2024-23337,CVE-2024-2410,CVE-2024-25621,CVE-2024-26462,CVE-2024-27318,CVE-2024-27319,CVE-2024-27454,CVE-2024-28219,CVE-2024-28863,CVE-2024-31580,CVE-2024-31583,CVE-2024-34155,CVE-2024-34156,CVE-2024-34158,CVE-2024-34397,CVE-2024-3596,CVE-2024-39705,CVE-2024-4531,CVE-2024-45310,CVE-2024-45336,CVE-2024-45338,CVE-2024-45341,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492,CVE-2024-4603,CVE-2024-47175,CVE-2024-47535,CVE-2024-47554,CVE-2024-47874,CVE-2024-49766,CVE-2024-49767,CVE-2024-49768,CVE-2024-49769,CVE-2024-50602,CVE-2024-5187,CVE-2024-5206,CVE-2024-52303,CVE-2024-52304,CVE-2024-52615,CVE-2024-52616,CVE-2024-53981,CVE-2024-5535,CVE-2024-55459,CVE-2024-55549,CVE-2024-56171,CVE-2024-56201,CVE-2024-56326,CVE-2024-56826,CVE-2024-56827,CVE-2024-6119,CVE-2024-6232,CVE-2024-6239,CVE-2024-6345,CVE-2024-6602,CVE-2024-7006,CVE-2024-7776,CVE-2024-8088,CVE-2024-8176,CVE-2024-8184,CVE-2024-8775,CVE-2024-9042,CVE-2024-9287,CVE-2024-9823,CVE-2024-9902,CVE-2025-0395,CVE-2025-0426,CVE-2025-0913,CVE-2025-10060,CVE-2025-10061,CVE-2025-10148,CVE-2025-1194,CVE-2025-12058,CVE-2025-12060,CVE-2025-1550,CVE-2025-1767,CVE-2025-2099,CVE-2025-22866,CVE-2025-22868,CVE-2025-22870,CVE-2025-22871,CVE-2025-22872,CVE-2025-24528,CVE-2025-24855,CVE-2025-24928,CVE-2025-25193,CVE-2025-27363,CVE-2025-27516,CVE-2025-27553,CVE-2025-27817,CVE-2025-2953,CVE-2025-30474,CVE-2025-31133,CVE-2025-32434,CVE-2025-3263,CVE-2025-3264,CVE-2025-3576,CVE-2025-3730,CVE-2025-3777,CVE-2025-3933,CVE-2025-40778,CVE-2025-40780,CVE-2025-4138,CVE-2025-4330,CVE-2025-43859,CVE-2025-4435,CVE-2025-4517,CVE-2025-4565,CVE-2025-46656,CVE-2025-4673,CVE-2025-4802,CVE-2025-48060,CVE-2025-4877,CVE-2025-48913,CVE-2025-49794,CVE-2025-49795,CVE-2025-49796,CVE-2025-5187,CVE-2025-5197,CVE-2025-52565,CVE-2025-52881,CVE-2025-53057,CVE-2025-53066,CVE-2025-5318,CVE-2025-53643,CVE-2025-53864,CVE-2025-53905,CVE-2025-53906,CVE-2025-54121,CVE-2025-55197,CVE-2025-56200,CVE-2025-5702,CVE-2025-58050,CVE-2025-58060,CVE-2025-58364,CVE-2025-58367,CVE-2025-58457,CVE-2025-58754,CVE-2025-59343,CVE-2025-59937,CVE-2025-6021,CVE-2025-6051,CVE-2025-61911,CVE-2025-61912,CVE-2025-62707,CVE-2025-62708,CVE-2025-64329,CVE-2025-6638,CVE-2025-6921,CVE-2025-8176,CVE-2025-8677,CVE-2025-8747,CVE-2025-8885,CVE-2025-9231,CVE-2025-9900,CVE-2025-9906,DSA-6015-1,GHSA-qr4w-53vh-m672,RHBA-2024:6679,RHSA-2024:10983,RHSA-2024:11111,RHSA-2024:6464,RHSA-2024:6754,RHSA-2024:6783,RHSA-2024:8914,RHSA-2024:9167,RHSA-2024:9192,RHSA-2024:9331,RHSA-2024:9333,RHSA-2024:9371,RHSA-2024:9404,RHSA-2024:9450,RHSA-2024:9468,RHSA-2024:9470,RHSA-2024:9474,RHSA-2024:9541,RHSA-2025:0925,RHSA-2025:10136,RHSA-2025:10148,RHSA-2025:10407,RHSA-2025:10699,RHSA-2025:11402,RHSA-2025:1330,RHSA-2025:1346,RHSA-2025:1350,RHSA-2025:13578,RHSA-2025:15010,RHSA-2025:15019,RHSA-2025:15099,RHSA-2025:15700,RHSA-2025:17415,RHSA-2025:17715,RHSA-2025:18286,RHSA-2025:18821,RHSA-2025:20801,RHSA-2025:20945,RHSA-2025:20956,RHSA-2025:21110,RHSA-2025:21111,RHSA-2025:2679,RHSA-2025:3107,RHSA-2025:3407,RHSA-2025:3634,RHSA-2025:4244,RHSA-2025:6977,RHSA-2025:7067,RHSA-2025:7076,RHSA-2025:7077,RHSA-2025:7109,RHSA-2025:7309,RHSA-2025:7410,RHSA-2025:7437,RHSA-2025:7444,RHSA-2025:8655,RHSA-2025:9430,RHSA-2025:9431,RHSA-2025:9877 Previous interim fixes have included fixes which are also addressed with this interim fix. Consult the Related links section for readmes of previous interim fixes, at the bottom of this document.

Cloud Pak for Business Automation Operator

Known Issue	Title	Sec.
DT450856	CVE-2025-22868 - golang.org/x/oauth2-v0.12.0	X
DT453970	Upgrading from global to private catalogs during upgrade results in catalogsources in two namespaces
DT447087	XOR encoding is required by certain properties in v25.0.0 although there isn't clear details on how to do this - IBM Cloud Pak for Business Automation
DT455329	Tuning IBM® WebSphere Liberty for FileNet Content Manager components

Automation Document Processing

Known Issue	Title	Sec.	Cont.	B.I.
DT449468	Content Analyzer custom annotations not working		X	X

Automation Decision Services

Known Issue	Title	Sec.	Cont.	B.I.
DT454442	No support for podAntiAffinity
DT458145	Missing Pod Disruption Budgets management in ADS components

Business Automation Application

Known Issue	Title	Sec.	Cont.	B.I.
DT452348	Some fields are unexpectedly highlighted as having an error in process portal tasks after upgrade to IBM Business Automation Workflow 24.0.1.0
DT456476	BatchUpdateExceptions are seen when indexing tasks which have been created by Business Automation Workflow 19.0.0.1 or older are not updated

Business Automation Insights

Known Issue	Title	Sec.	Cont.	B.I.
N/A	N/A

Business Automation Navigator

Known Issue	Title	Sec.	Cont.	B.I.
	Please see Business Automation Navigator Fix List APARs for Cloud Pak for Business Automation technote

Business Automation Studio

Known Issue	Title	Sec.
DT446922	CVE-2025-48976 - DoS vulnerability in commons-fileupload affects IBM Business Automation Workflow	X
DT447031	CVE-2025-36172 Cross-Site Scripting vulnerability in Case Client	X
DT448632	CVE-2025-48924 in Apache commons-lang may affect IBM Business Automation Workflow	X
DT451598	Security vulnerability in axios javascript Library affects IBM Process Designer, IBM Workflow center and IBM Business Automation Studio	X
DT456229	CVE-2025-13096 - XML Entity Expansion vulnerability in IBM Business Automation Workflow	X
DT457061	Server side Request Forgery affects IBM Business Automation Workflow and Cloud Pak for Business Automation	X
DT422724	Process Admin Console Group Management member list does not show user display names
DT435499	Coach UI is not displayed correctly in Workflow server after snapshot deployment
DT448726	Data mappings of an activity in a service flow might not be shown
DT449006	Unable to copy/Paste text or select hyperlinks when using Rich Text Editor in read-only Mode
DT452057	Debug Mode Freezes When Stepping Into a Service Flow in Process Designer Inspector- IBM Business Automation Workflow
DT452348	Some fields are unexpectedly highlighted as having an error in process portal tasks after upgrade to IBM Business Automation Workflow 24.0.1.0
DT452736	Regression in DT446343 causes CWLLG2229E error when copying assets
DT454461	bpm-dtp-date-active-color property not picked up from theme in Date/time picker view
DT456476	BatchUpdateExceptions are seen when indexing tasks which have been created by Business Automation Workflow 19.0.0.1 or older are not updated
DT452033	Unnamed Snapshot Deletion Fails via Swagger API
DT453198	In nested expandable tables, the chevron points in wrong direction

Business Automation Workflow including Automation Workstream Services

Known Issue	Title	Sec.	B.I.
DT446350	CVE-2025-7783 - form-data-4.0.0.tgz affects Process Admin Console	X
DT446922	CVE-2025-48976 - DoS vulnerability in commons-fileupload affects IBM Business Automation Workflow	X
DT450856	CVE-2025-22868 - golang.org/x/oauth2-v0.12.0	X
DT456229	CVE-2025-13096 - XML Entity Expansion vulnerability in IBM Business Automation Workflow	X
DT440290	CVE-2025-48734 in commons-beanutils	X
DT447031	CVE-2025-36172 Cross-Site Scripting vulnerability in Case Client	X
DT448632	CVE-2025-48924 in Apache commons-lang may affect IBM Business Automation Workflow	X
DT450355	CVE-2025-41242 - Update Spring framework in Business Automation Workflow	X
DT451477	Security - CVE-2025-58754 reported for axios-1.11.0	X
DT455668	CVE-2025-57352 in min-document	X
DT457061	Server side Request Forgery affects IBM Business Automation Workflow and Cloud Pak for Business Automation	X
DT454003	Persistent Object cache optimization is enabled by default in versions prior to 25.0.0.0		X
DT419413	[DOC] The Content Object created for a re-use case property has a broken reference to the associated choice list in IBM Web Process Designer
DT422724	Process Admin Console Group Management member list does not show user display names
DT435499	Coach UI is not displayed correctly in Workflow server after snapshot deployment
DT436090	CWLLG2156W: The database connection pool size (200) of the Workflow Server data source might be too small tuning queue capacity and cm_max_pool_size (CP4BA)
DT439845	Lack of security or owner on Quick Task Attachment Collection class leads to Quick Task Attachment Collection Disposal Policy throwing error E_ACCESS_DENIED
DT443567	Error in logs when loading portal components 'Caused by: java.lang.IndexOutOfBoundsException: No group 3'
DT443993	Enterprise Content Management File Uploader does not allow selecting multiple files
DT447005	Process instance migration API call /ops/std/bpm/containers/migrate_without_policyfile fails
DT447504	When the current stage is the first stage, an attempt to restart a non-existent prior case stage results in a failure with error FNRCE0007E
DT448347	tw.system.currentProcessInstance.parentCase.terminateActivities() API does not terminate failed workflow instances
DT448726	Data mappings of an activity in a service flow might not be shown
DT449006	Unable to copy/Paste text or select hyperlinks when using Rich Text Editor in read-only Mode
DT450150	Business Automation Workflow static files not being cached when Case Client desktop is loaded
DT450835	UCA processing leads to error : com.lombardisoftware.core.TeamWorksException: Type mismatch. Expected 'tw.object.BOName[]' type, but found 'tw.object.BOName[]'
DT451052	Process Instances cannot be deleted due to incorrect CAN_DELETE_INSTANCE value
DT451296	Saved Searches imported into Process Federation Server might get saved with incorrect value for OWNER
DT451768	Business Automation Workflow JMS pod liveness probe returning 500 error
DT451922	After upgrading to IBM Business Automation Workflow 24.0.1 Integer and Decimal views are unexpectedly right aligned
DT452329	The execution duration in Event Manager task history can be a negative value for short duration tasks
DT452348	Some fields are unexpectedly highlighted as having an error in process portal tasks after upgrade to IBM Business Automation Workflow 24.0.1.0
DT453431	Snapshot status not getting updated in Process Admin console
DT454461	bpm-dtp-date-active-color property not picked up from theme in Date/time picker view
DT454846	When updating an existing document to newer version(s) of the document having a different mime type, the mime type of the document always reflects the mime type of the first version
DT455683	When clicking on a ToDo task in the IBM Business Automation Workflow Case Client, the message Loading... appears but Task is not opened. Error in console: Uncaught TypeError: can't access property set, casePropController is undefined.
DT456476	BatchUpdateExceptions are seen when indexing tasks which have been created by Business Automation Workflow 19.0.0.1 or older are not updated
DT450286	Multiple content objects for the same parent case may be created for a Case solution
DT453198	In nested expandable tables, the chevron points in wrong direction
DT454434	Overlapping exposing items text in Process Admin Console
DT454906	When managing EPVs in the Process Admin Console, a full refresh of the browser is required for changes to take effect when updating variables
DT457084	db-init-job failing due to permissions when attempting to migrate process instances on 24.0.1
DT457658	MSSQL: ProgrammaticTransactionSupport incorrectly retries transactions on SQLSTATE S0001 for BadSqlGrammarException causing EM job failure in IBM Business Automation Workflow

Enterprise Records

Known Issue	Title	Sec.	Cont.	B.I.
N/A	N/A

FileNet Content Manager

APAR	Title	Sec.	Cont.	B.I.
	See FileNet Content Manager Release Fix List APARs for IBM Cloud Pak for Business Automation technote

Operational Decision Manager (based on ODM-9.0.0.1-IF018)

Known Issue	Title	Sec.	Cont.	B.I.
DT450600	WEBHOOK NOTIFICATION FAILS WITH CLASSNOTFOUNDEXCEPTION WHEN USING DECISIONCENTER APIS
DT452830	DECISION TABLE EDITOR AUTOMATIC FIT TO SCREEN PRODUCES UNEXPECTED OUTCOME
DT449841	RES CONSOLE DOES NOT REPORT RESOURCES USAGE PROPERLY
DT451817	INCORRECT RULE EXECUTION USING A BUILD COMMAND RULESET
DT453379	UNABLE TO VIEW DEPLOYMENT REPORT AFTER CLEANUP
DT450580	OUTOFMEMORY EXCEPTION WHILE DOING A RES BACKUP
DT451143	AFTER BRANCH DELETION SOME ARTIFACTS MAY NOT BE ACCESSIBLE
DT450239	PASTE IN DECISION TABLE IN VIEW MODE WORKS
DT452944	CLASSCASTEXCEPTION WHEN USING XSD:TIME IN XOM MAPPED TO ILRTIME IN BOM
DT454242	CODE INJECTION IN REPORT FORMATS KPI EDITOR
DT455504	COMPARE VERSIONS PAGE DOES NOT LOAD RESULTS
DT450802	NEW DECISION TABLE EDITOR STAYS STUCK ON LOADING
DT450179	DC SCHEMA MIGRATION FAILING WITH INFINITE LOOPS
DT454134	CODE INJECTION IN THE SIMULATION FIELDS
DT449931	IMPLEMENT DECISION TABLE DISPLAY OPTION TO AUTOMATICALLY FIT TO SCREEN
DT453050	DECISION CENTER SIMULATION PRINT FEATURE IS NOT WORKING
DT454103	NON-ADMIN USERS UNABLE TO LOGIN DECISION CENTER
DT454896	UNABLE TO SELECT A DATE IN THE DECISION TABLE EDITOR IN RULE DESIGNER
DT425576	DECISION SERVICE PROJECT HEADLESS BUILD FAILS WITH NPE
DT449071	RULETASK WARNING AND OLD RULE PACKAGE NAME DISPLAY IN PROPERTIES VIEW AFTER REFACTORING RULE PACKAGES
DT451862	DECISION CENTER DELETION SERVICE IS BLOCKED
DT452100	COMPARE OF DECISION CENTER SIMULATION CONFIGURATION WITH OLDER VERSION FAILED WITH NPE
DT456707	RTSUSER CANNOT EXPORT SNAPSHOT FROM REST-API
DT451854	IMPORT EXCEL FAILS WITH ERROR MESSAGE
DT456480	DECISION SERVICE WITH INTERCEPTOR ENABLED LEAKS MANAGEMENT SESSION
DT457400	RTSUSERS ARE UNABLE TO LOGIN DECISION CENTER

User Management Service

Known Issue	Title	Sec.	Cont.	B.I.
N/A	N/A

Workflow Process Service

Known Issue	Title	Sec.	B.I.
DT446350	CVE-2025-7783 - form-data-4.0.0.tgz affects Process Admin Console	X
DT450355	CVE-2025-41242 - Update Spring framework in Business Automation Workflow	X
DT451477	Security - CVE-2025-58754 reported for axios-1.11.0	X
DT455668	CVE-2025-57352 in min-document	X
DT456229	CVE-2025-13096 - XML Entity Expansion vulnerability in IBM Business Automation Workflow	X
DT454003	Persistent Object cache optimization is enabled by default in versions prior to 25.0.0.0		X
DT422724	Process Admin Console Group Management member list does not show user display names
DT447005	Process instance migration API call /ops/std/bpm/containers/migrate_without_policyfile fails
DT448726	Data mappings of an activity in a service flow might not be shown
DT450835	UCA processing leads to error : com.lombardisoftware.core.TeamWorksException: Type mismatch. Expected 'tw.object.BOName[]' type, but found 'tw.object.BOName[]'
DT451052	Process Instances cannot be deleted due to incorrect CAN_DELETE_INSTANCE value
DT452329	The execution duration in Event Manager task history can be a negative value for short duration tasks
DT453431	Snapshot status not getting updated in Process Admin console
DT456476	BatchUpdateExceptions are seen when indexing tasks which have been created by Business Automation Workflow 19.0.0.1 or older are not updated
DT450286	Multiple content objects for the same parent case may be created for a Case solution
DT454434	Overlapping exposing items text in Process Admin Console
DT454906	When managing EPVs in the Process Admin Console, a full refresh of the browser is required for changes to take effect when updating variables
DT457658	MSSQL: ProgrammaticTransactionSupport incorrectly retries transactions on SQLSTATE S0001 for BadSqlGrammarException causing EM job failure in IBM Business Automation Workflow

Cloud Pak for foundational services Operator

Known Issue	Title	Sec.	Cont.	B.I.
N/A	N/A

Known Limitations

Cloud Pak for Business Automation 24.1.x Known Issues

Known issues in IBM Cloud Pak foundational services

Document change history

17 December 2025: Initial publish.

Related Information

[Supersedes 24.0.1-IF005] Readme for IBM Cloud Pak for Business Automation 24.0…

[Supersedes 24.0.1-IF004] Readme for IBM Cloud Pak for Business Automation 24.0…

[Supersedes 24.0.1-IF002] Readme for IBM Cloud Pak for Business Automation 24.0…

Fix list for Cloud Pak for Business Automation 24.0.1

Cloud Pak for Business Automation Interim fix download

Cloud Pak for Business Automation Fix list

[{"Type":"MASTER","Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBYVB","label":"IBM Cloud Pak for Business Automation"},"ARM Category":[{"code":"a8m0z0000001gWWAAY","label":"Other-\u003ECloudPak4Automation Platform"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"24.0.1"}]

Tips