Fix Readme
Abstract
The following document is a list of fixes, along with their descriptions, for the IBM Business Automation Workflow on Cloud October 2025 Maintenance. For older maintenance and other related documents, refer to the links in the Related Information section at the bottom of this document.
Content
The IBM Business Automation Workflow on Cloud service will be undergoing a regularly scheduled maintenance window for critical bug fixes and security updates.
This maintenance is being deployed by the Cloud Pak for Business Automation as a Service Site Reliability Engineering (SRE) team. Maintenance is applied to non-prod environments first followed by prod as per schedules which are emailed tenant administrators.
This maintenance is being deployed by the Cloud Pak for Business Automation as a Service Site Reliability Engineering (SRE) team. Maintenance is applied to non-prod environments first followed by prod as per schedules which are emailed tenant administrators.
- WebSphere Application Server fixes for all Business Automation Workflow on Cloud tenants
- Business Automation Workflow fixes for v24.0.1 tenants
- Business Automation Workflow fixes for v24.0.0 tenants
- Business Automation Workflow fixes for v23.0.2 tenants
- Business Automation Workflow fixes for v21.0.3.1 tenants
WebSphere Application Server fixes for all Business Automation Workflow on Cloud tenants
| Fix ID | Fix Details | Additional Pre-requisite Fixes |
|---|---|---|
| Update to WebSphere 8.5.5.28 | https://www.ibm.com/support/pages/85528-websphere-application-server-v85528 | |
| 8.5.5.11-WS-WASBundledSDK8-LinuxX64-IFPH67979 | https://www.ibm.com/support/pages/ph67979-ship-java-8-sr8-fp51-websphere-application-server-traditional-bundled-java-8 | N/A |
| 8.5.5.24-WS-WAS-IFPH66028 | https://www.ibm.com/support/pages/ph66167ibm-websphere-application-server-could-provide-weaker-expected-security-cve-2025-33142 | |
| 8.5.5.24-WS-WAS-IFPH65941 | https://www.ibm.com/support/pages/ph67817ibm-websphere-application-server-affected-denial-service-cve-2025-36099-cvss-49 |
Business Automation Workflow fixes for v24.0.1.0 tenants
| Fix ID | Fix Details | Additional Pre-requisite Fixes |
|---|---|---|
| 8.6.80024010-WS-BPM-IFDT443993 | DT443993 Enterprise Content Management File Uploader does not allow selecting multiple files - IBM Business Automation Workflow | |
| 8.6.80024010-WS-BPM-IFDT446595 | Security vulnerability (CVE-2025-7783) in form-data-4.0.0.tgz affects Workflow centre and Process Designer - IBM Business Automation Workflow | |
| 8.6.80024010-WS-BPM-IFDT450355 | CVE-2025-41242 - Update Spring framework in Business Automation Workflow | |
| 8.6.80024010-WS-BPM-IFDT424599 | The vulnerability (CVE-2015-7450) is a remote code execution (RCE) issue that affects Commons Collections version 3.1 and earlier | |
| 8.6.80024010-WS-BPM-IFDT446350 | DT446350: CVE-2025-7783 - form-data-4.0.0.tgz affects Process Admin Console | 8.6.80024010-WS-BPM-IFDT425091 |
| 8.6.80024010-WS-BPM-IFDT442383 | SECURITY APAR - MULTIPLE CVEs - VULNERABILITIES IN NODE.JS AND MODULES MIGHT AFFECT THE IBM BPM CONFIGURATION EDITOR - IBM Business Automation Workflow | |
| 8.6.80024010-WS-BPM-IFDT434513 | DT434513 Searching processes in Process Portal results in "org.apache.lucene.search.BooleanQuery$TooManyClauses: maxClauseCount is set to 1024" error | |
| 8.6.80024010-WS-BPM-IFDT425284 | IBM BAW 24.0.1 Critical vulnerability CVE-2022-42920 | |
| 8.6.80024010-WS-BPM-IFDT393654 | Duplicate types generated from wsdl files leads to a type name of TypeName1 vs. TypeName and triggers a java.lang.NullPointerExcception | |
| 8.6.80024010-WS-BPM-IFDT423276 | Unable to search Task in the Process Portal Work Dashboard | |
| 8.6.80024010-WS-BPM-IFDT424890 | After migrating to Business Automation Workflow 24.0.1, maps in mediation modules fail with CWLAS0002E because map was not found | |
| 8.6.80024010-WS-BPM-IFDT425691 | DT425691 Security vulnerability CVE-2025-1838 affects IBM Workflow Center and IBM Business Automation Studio | |
| 8.6.80024010-WS-BPM-IFDT425091 | DT425091: Process Admin Console does not display special characters properly in EPV's description field. | |
| 8.6.80024010-WS-BPM-IFDT424819 | 'Cases' icon is greyed out in Case Client when copying a default theme for customizing it - IBM Business Automation Workflow | |
Business Automation Workflow fixes for v24.0.0.0 tenants
| Fix ID | Fix Details | Additional Pre-requisite Fixes |
|---|---|---|
| 8.6.70024000-WS-BPM-IFDT450355 | CVE-2025-41242 - Update Spring framework in Business Automation Workflow | |
| 8.6.70024000-WS-BPM-IFDT446595 | Security vulnerability (CVE-2025-7783) in form-data-4.0.0.tgz affects Workflow centre and Process | 8.6.70024000-WS-BPM-IFDT433448 |
| 8.6.70024000-WS-BPM-IFDT446772 | DT446772: Process instance status can end in status completed even if the end node is a terminate one if there is a subprocess marked as reusable | |
| 8.6.70024000-WS-BPM-IFDT446350 | CVE-2025-7783 - form-data-4.0.0.tgz affects Process Admin Console | |
| 8.6.70024000-WS-BPM-IFDT446327 | DT446327: SECURITY - CVE-2025-27817, CVE-2025-27818 - CASE EVENT AND CASE HISTORY EMITTERS ARE AFFECTED MULTIPLE VULNERABILITIES - IBM Business Automation Workflow. | |
| 8.6.70024000-WS-BPM-IFDT445908 | CVE-2025-27817, CVE-2025-27818 in kafka-clients-3.8.1.jar affecting event emitters | 8.6.70024000-WS-BPM-IFDT417496 |
| 8.6.70024000-WS-BPM-IFDT387632 | Remove validation for case or activity properties for In-baskets when attempting to delete a case type or property from case type in Case Builder | |
| 8.6.70024000-WS-BPM-IFDT439979 | Heap utilization steadily increases, leading to JVM restarts. |
Business Automation Workflow fixes for v23.0.2 tenants
| Fix ID | Fix Details | Additional Pre-requisite Fixes |
|---|---|---|
| 8.6.60023020-WS-BPM-IFDT386125 | [DT386125] Passing the first argument of initializeContentObject() as the casetypename breaks the Split Case functionality |
Business Automation Workflow fixes for v21.0.3.1 tenants
| Fix ID | Fix Details | Additional Pre-requisite Fixes |
|---|---|---|
| 8.6.30021031-WS-BPM-IFDT439593 | Security vulnerability cross-site scripting in process-server.teamworks.war - IBM Business Automation Workflow | |
| 8.6.30021031-WS-BPM-IFDT409394 | DT409394 Cross site scripting reflected in IBM Business Automation Workflow | |
| 8.6.30021031-WS-BPM-IFDT439782 | DT439782 Multiple security vulnerabilities affect swagger-ui - IBM Business Automation Workflow |
Note: Clear browser cache before signing in following the maintenance window.
Related Information
[{"Type":"MASTER","Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSLRPC","label":"IBM Business Automation Workflow on Cloud"},"ARM Category":[{"code":"a8mKe000000GmaiIAC","label":"Maintenance"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
17 October 2025
UID
ibm17248287