Readme for IBM Cloud Pak for Business Automation 25.0.1 IF001

Fix Readme

Abstract

The following document is for IBM Cloud Pak for Business Automation 25.0.1 IF001. It includes the CASE package download, installation information, and the list of APARs/Known Issues that are resolved in this interim fix.

Content

Readme file for:	IBM Cloud Pak® for Business Automation
Product Release:	25.0.1
Update Name:	25.0.1 IF001
Fix ID:	25.0.1-WS-CP4BA-IF001
Publication Date:	30 April 2026

Prerequisites and supersedes
Components impacted
Before installation
Installing the interim fix
Performing the necessary tasks after installation
Uninstalling
List of fixes
Known Limitations
Document change history

Prerequisites and supersedes

Supersedes all prior interim fixes for Cloud Pak for Business Automation 25.0.1.

Components impacted

General
Cloud Pak for Business Automation Operator
Automation Document Processing
Automation Decision Services
Business Automation Application
Business Automation Insights
Business Automation Navigator
Business Automation Studio
Business Automation Workflow including Automation Workstream Services
Enterprise Records
FileNet Content Manager
Operational Decision Manager
User Management Service
Workflow Process Service

Before installation

Ensure you take regular backups of any databases associated with the environment.
Ensure your operators are in a healthy state, before upgrading.
If one or more operators are failing, then it can prevent the system from completing an upgrade.
It is recommended to check a few of the important CR statuses to ensure there are not failures and the statuses appear ready for the various installed components. Check the status of the following CRs when they exist:

oc get icp4acluster -o yaml 
oc get content -o yaml
oc get Foundation -o yaml

Remove any image settings in CRs
If you used any individual image tag settings in your CRs, it could prevent the operator from updating the images to the appropriate version. Ensure you remove any of these settings when you upgrade. This doesn't apply to starter installation as it requires a new install.

Installing the interim fix

This interim fix contains the following version of Cloud Pak for Business Automation and Cloud Pak Foundational Services (CPFS):

Cloud Pak for Business Automation 25.0.1-IF001
Cloud Pak Foundational Services 4.18

Note: This interim fix only supports the Cloud Pak Foundational Services listed above. It is important that you deploy or upgrade Cloud Pak for Business Automation using the catalog sources in this readme document. If you have other Cloud Paks installed on the same OCP cluster, be sure to check the compatibility of the Cloud Pak Foundational Services versions listed above with other Cloud Paks' specifications.

Cloud Pak for Business Automation (CP4BA) 25.0.1 interim fixes are released to the v25.1 operator channel. Once the operators are upgraded, it triggers rolling updates for all the pods it manages to ensure they are updated to the appropriate version to match the operator.

NOTES :

Automation Document Processing is not supported for a CP4BA Starter Deployment with this interim fix.
Starting with this interim fix, Java 17 or a version newer is required and must be installed on the bastion host where the deployment scripts are executed before running either a fresh installation or an upgrade to this iFix. Users can specify a custom Java installation directory using the flag --java-path while executing the cp4a-deployment.sh script or cp4a-prerequisites.sh script.

Step 1: Download the installation and upgrade scripts

Download the 25.0.1-IF001 branch by using the following git clone command.
```
git clone -b 25.0.1-IF001 https://github.com/icp4a/cert-kubernetes.git
```

Step 2: Perform an online/offline fresh installation or an upgrade on an existing online/offline deployment.

Depending on the current setup and state of your existing environment, there are various actions that need to be taken. The following scenarios cover what actions might be needed for a particular setup.

For an upgrade scenario, these are the Cloud Pak foundational services migration modes supported -

Migration Mode	Support
Cluster-scoped to Namespace-scoped	Supported (This is the recommended approach if your current deployment is using cluster-scoped CPFs)
Namespace-scoped to Namespace-scoped	Supported (If your CPFs deployment is already namespace-scoped, then continue to remain at namespace-scoped)
Cluster-scoped to Cluster-scoped	Not Supported (Please follow the recommended upgrade from Cluster-scoped to Namespace-scoped for CPFs)
Cluster-scoped ("All namespaces") to Cluster-scoped ("All namespaces")	Supported ( There is no migration path from Cluster-scoped ("All namespaces") to Namespace-scoped )

Note: The recommended migration mode for an instance with cluster scoped Cloud Pak foundational services is to namespace scoped Cloud Pak foundational services.

Scenario 1: You are installing a Starter deployment online or have an existing online Starter deployment
Warning: If you have an existing Cloud Pak Foundation Services instance installed at the cluster scoped level or in the namespace where CP4BA is being installed, then it is not supported. The Starter deployment of CP4BA is only supported when deploying into a new namespace without CPFs.
Actions: Starter deployments do not support upgrades; however, you can use this interim fix content to perform a Starter deployment. To deploy a Starter deployment using the content of this interim fix, please see install a new Starter environment and use the installation scripts from the branch that you cloned above.
Scenario 2: You are installing online Production deployment
Warning: If you have an existing Cloud Pak Foundation Services instance installed at the cluster scoped level or in the namespace where CP4BA is being installed, then it is not supported. The Production deployment of CP4BA is only supported when deploying into a new namespace without CPFs.
Actions: To deploy an online Production deployment without using a local registry, please follow steps in install a new online Production environment and use the installation scripts from the branch that you cloned above.
Scenario 3: You are installing offline/airgap Production deployment
Warning: If you have an existing Cloud Pak Foundation Services instance installed at the cluster scoped level or in the namespace where CP4BA is being installed, then it is not supported. The Production deployment of CP4BA is only supported when deploying into a new namespace without CPFs.
Note: As prerequisites for this scenario, you must follow steps here to set up the bastion host to mirror images to the registry and further to set up the private registry. The mirroring of images can be completed using "oc mirror" for the mirroring images process. If you are looking to install only a set of capabilities then you can make use of filters listed in Table 1 so that you can only download the specific set of images that you require.
Actions:
1. To deploy an airgap/offline Production deployment, find mirror file cp4ba-case-to-be-mirrored-25.0.1-IF001.txt for this interim fix from the branch that you cloned above under the scripts/airgap directory. Execute this command from your bastion host to download the CASE files.
```
oc ibm-pak get -c file://(absolute path to file)/cp4ba-case-to-be-mirrored-25.0.1-IF001.txt
```
  The absolute path to file needs to be a path starting from "/". For example, "/opt".
2. You will need to mirror the images associated with the new cp4ba-case-to-be-mirrored-25.0.1-IF001.txt mirror file.
```
export CASE_NAME=ibm-cp-automation
export CASE_VERSION=25.1.1
export CASE_INVENTORY_SETUP=cp4aOperatorSetup
export TARGET_REGISTRY=<target-registry>
export NAMESPACE=<cp4ba_namespace_name>
```
  Follow the instructions for either mirroring option in Mirroring images to the private registry using the new CASE version associated with this interim fix.
3. Login to the cluster and go to namespace for the operator from the bastion host.
```
oc login https://<CLUSTERIP>:<port> -u <ADMINISTRATOR>
oc project ${NAMESPACE}
```
4. From your bastion host, install the catalog sources and operators using the steps listed in Install Catalog Source and Operators using cluster admin script.
5. Follow the remaining steps from Question 6 listed here to complete the installations of offline/airgap Production deployment.
Scenario 4: Your installed Production deployment version is 24.0.1 IF001 and older
Warning:
If your production deployment version is older than 24.0.1-IF001, please follow instructions in Knowledge Center to upgrade to 24.0.1-IF002 first and follow instructions to upgrade from 24.0.1-IF002 to 25.0.1-IFixes.
Actions:
Follow the supported upgrading path documented in Upgrading CP4BA to 24.0.1. After you have successfully upgraded the deployment to 24.0.1-IF002, you may proceed to follow Scenario 5 below.
Scenario 5: Your installed Production deployment version is 24.0.1 IF002 and newer
Warning:
All instructions to download the installation and upgrade scripts in the Knowledge Center links referenced below can be ignored. Instead use the installation and upgrade scripts downloaded in Step 1
Actions:
For online upgrade, follow the upgrade instructions documented in Upgrading CP4BA multi-pattern clusters from 24.0.1 in online environment.
For offline upgrade, you must first complete the prerequisites by following steps here to set up the bastion host to mirror images to the registry and further to set up the private registry. The mirroring of images can be completed using "oc mirror" for the mirroring images process manually  or using"oc mirror" for the mirroring images process by script . Once the mirroring of images is completed, follow the upgrade instructions documented in Upgrading CP4BA multi-pattern clusters from 24.0.1 in online environment.
Scenario 6: Your installed Production deployment is 25.0.1 GA or newer.
Note:
For a dedicated deployment or namespace scoped deployment, the value for < CP4BA Namespace > should be the namespace where all IBM Cloud Pak foundational services/CP4BA Operators and Services are deployed. If the CP4BA Operators and Services are deployed in different namespaces( separation of duties), the value for < CP4BA Namespace > should be the namespace where all IBM Cloud Pak foundational services/CP4BA Operators are deployed in.
Warning:
For a CP4BA Deployment with BAI ( Business Automation Insights ) selected as an optional component, it is recommended to create BAI savepoints before starting the upgrade process to this interim fix. For Flink event processing to resume from its previous state, savepoints are required to be created before the upgrade and specified in the updated CR. BAI savepoints can be created by following the below steps.
- Retrieve the name of the InsightsEngine custom resource file.
```
InsightsEngine_CR=$(kubectl get InsightsEngine --no-headers --ignore-not-found -n <CP4BA-Namespace> -o name)
```
  Retrieve and export the below details.
```
export MANAGEMENT_URL=$(kubectl get ${InsightsEngine_CR} --no-headers --ignore-not-found -n <CP4BA Namespace> -o jsonpath='{.status.components.management.endpoints[?(@.scope=="External")].uri}')
export MANAGEMENT_AUTH_SECRET=$(kubectl get ${InsightsEngine_CR} --no-headers --ignore-not-found -n <CP4BA Namespace> -o jsonpath='{.status.components.management.endpoints[?(@.scope=="External")].authentication.secret.secretName}')
export MANAGEMENT_USERNAME=$(kubectl get secret ${MANAGEMENT_AUTH_SECRET} --no-headers --ignore-not-found -n <CP4BA Namespace> -o jsonpath='{.data.username}' | base64 -d)
export MANAGEMENT_PASSWORD=$(kubectl get secret ${MANAGEMENT_AUTH_SECRET} --no-headers --ignore-not-found -n <CP4BA Namespace> -o jsonpath='{.data.password}' | base64 -d)
```
  Create BAI savepoints and store them in a temporary file called bai.json.
```
curl -X POST -k -u ${MANAGEMENT_USERNAME}:${MANAGEMENT_PASSWORD} "${MANAGEMENT_URL}/api/v1/processing/jobs/savepoints" -o ./bai.json
```
  Scale down the CP4BA and Insights Engine Operator.
  oc scale --replicas=0 deployment ibm-cp4a-operator oc scale --replicas=0 deployment ibm-insights-engine-operator
- Retrieve the recovery path locations for each BAI component for which BAI savepoints are created from ./bai.json and update the bai_configuration section of the custom resource file. For Example: If there is a BAI savepoint being created for navigator component, then the updated custom resource file should have the below configuration.
```
bai_configuration:
  navigator:
    recovery_path: /mnt/pv/savepoints/dba/bai-navigator/savepoint-fb88f4-42027046b73b
  ... 
  # Add recovery_path for all other components
```
- Once the upgrade has been completed, make sure to remove all instances of the recovery_path parameters from the updated custom resource file.
Actions:
From the branch that you cloned above navigate to the scripts directory and perform the following steps to upgrade the CP4BA operators and deployment.
1. Upgrade the CP4BA operators.
  - Warning:
    The script with the upgradeOperator option will scale the CP4BA Operators down to zero. You must execute the script with the upgradeDeploymentStatus mode to scale them back in.
  - Actions:
    Run the cp4a-deployment.sh script with the upgradeOperator option to upgrade the IBM Cloud Pak foundational services/CP4BA operators:
```
./scripts/cp4a-deployment.sh -m upgradeOperator -n <CP4BA Namespace>
```
  - If you are upgrading from 25.0.1 GA to 25.0.1 IF001, you may encounter an issue where the ODM operator CSV fails to complete its upgrade.
    - Check the CSV status by running:
```
oc get csv
```
      If the upgrade is stuck, the output will look similar to this:
      Name Display Version Replaces Phase
      ibm-odm-operator.v25.1.0 IBM Operational Decision Manager 25.1.0 Upgrading
      ibm-odm-operator.v25.1.1 IBM Operational Decision Manager 25.1.1 ibm-odm-operator.v25.1.0 Error
    - If after several minutes the ibm-odm-operator.v25.1.1 CSV remains stuck in the Installing or Error phase, delete its predecessor by running:
```
oc delete csv ibm-odm-operator.v25.1.0
```
    - After a few minutes, only one CSV should remain and its phase should show as Succeeded:
      Name Display Version Replaces Phase
      ibm-odm-operator.v25.1.1 IBM Operational Decision Manager 25.1.1 ibm-odm-operator.v25.1.0 Succeeded
2. Wait for the operators to complete their upgrades.
  By default all subscriptions are set to automatic, but if you have any subscriptions set to manual then you need to approve any pending InstallPlans.
  Use the below command to see the current status of the install plans.
```
oc get installPlan
```
  The upgrade will be blocked, if any of the needed InstallPlans are not approved. It is not recommended to set subscriptions to manual as this makes the upgrade more error prone.
3. You can use the following scripts to check the status of the upgrades.
  - Warning:
    The script will scale the CP4BA deployments down to zero. You must execute the cp4a-deployment.sh script with upgradeDeploymentStatus option to scale them back up.
  - Actions:
    [OPTIONAL] Run the cp4a-deployment.sh script with upgradeOperatorStatus option to check that the upgrade of the CP4BA operator and its dependencies is successful:
```
./scripts/cp4a-deployment.sh -m upgradeOperatorStatus -n <CP4BA Namespace>
```
4. Start up the upgraded CP4BA Operators.
  Run the cp4a-deployment.sh script with upgradeDeploymentStatus option to check that the upgrade of the CP4BA deployment is successful:
```
./scripts/cp4a-deployment.sh -m upgradeDeploymentStatus -n <CP4BA Namespace>
```
  Note: If you are using the P8BPMREST CPE end point, you must wait for the CPE components status to display "Done" and then execute the below command to make it accessible.
```
kubectl patch zenextension <CUSTOM_RESOURCE_FILENAME>-cpe-zen-extension -n <CP4BA NAMESPACE> --type=merge -p '{"metadata": {"annotations": {"checksum_cpe_ips": "0"}}}'
```

Name	Display	Version	Replaces	Phase
ibm-odm-operator.v25.1.0	IBM Operational Decision Manager	25.1.0		Upgrading
ibm-odm-operator.v25.1.1	IBM Operational Decision Manager	25.1.1	ibm-odm-operator.v25.1.0	Error

Name	Display	Version	Replaces	Phase
ibm-odm-operator.v25.1.1	IBM Operational Decision Manager	25.1.1	ibm-odm-operator.v25.1.0	Succeeded

Scenario 7: Your installed Production deployment is 25.0.1 GA or newer and using airgap/offline.
Note:
As prerequisites for this scenario, you must follow steps here to set up the bastion host to mirror images to the registry and further to set up the private registry.
For a dedicated deployment or namespace scoped deployment, the value for < CP4BA Namespace > should be the namespace where all IBM Cloud Pak foundational services/CP4BA Operators and Services are deployed. If the CP4BA Operators and Services are deployed in different namespaces( separation of duties), the value for < CP4BA Namespace > should be the namespace where all IBM Cloud Pak foundational services/CP4BA Operators are deployed in.
Warning:
For a CP4BA Deployment with BAI ( Business Automation Insights ) selected as an optional component, it is recommended to create BAI savepoints before starting the upgrade process to this interim fix. For Flink event processing to resume from its previous state, savepoints are required to be created before the upgrade and specified in the updated CR. BAI savepoints can be created by following the below steps.
- Retrieve the name of the InsightsEngine custom resource file.
```
InsightsEngine_CR=$(kubectl get InsightsEngine --no-headers --ignore-not-found -n <CP4BA-Namespace> -o name)
```
  Retrieve and export the below details.
```
export MANAGEMENT_URL=$(kubectl get ${InsightsEngine_CR} --no-headers --ignore-not-found -n <CP4BA Namespace> -o jsonpath='{.status.components.management.endpoints[?(@.scope=="External")].uri}')
export MANAGEMENT_AUTH_SECRET=$(kubectl get ${InsightsEngine_CR} --no-headers --ignore-not-found -n <CP4BA Namespace> -o jsonpath='{.status.components.management.endpoints[?(@.scope=="External")].authentication.secret.secretName}')
export MANAGEMENT_USERNAME=$(kubectl get secret ${MANAGEMENT_AUTH_SECRET} --no-headers --ignore-not-found -n <CP4BA Namespace> -o jsonpath='{.data.username}' | base64 -d)
export MANAGEMENT_PASSWORD=$(kubectl get secret ${MANAGEMENT_AUTH_SECRET} --no-headers --ignore-not-found -n <CP4BA Namespace> -o jsonpath='{.data.password}' | base64 -d)
```
  Create BAI savepoints and store them in a temporary file called bai.json.
```
curl -X POST -k -u ${MANAGEMENT_USERNAME}:${MANAGEMENT_PASSWORD} "${MANAGEMENT_URL}/api/v1/processing/jobs/savepoints" -o ./bai.json
```
  Scale down the CP4BA and Insights Engine Operator.
  oc scale --replicas=0 deployment ibm-cp4a-operator oc scale --replicas=0 deployment ibm-insights-engine-operator
- Retrieve the recovery path locations for each BAI component for which BAI savepoints are created from ./bai.json and update the bai_configuration section of the custom resource file. For Example: If there is a BAI savepoint being created for navigator component, then the updated custom resource file should have the below configuration.
```
bai_configuration:
  navigator:
    recovery_path: /mnt/pv/savepoints/dba/bai-navigator/savepoint-fb88f4-42027046b73b
  ... 
  # Add recovery_path for all other components
```
- Once the upgrade has been completed, make sure to remove all instances of the recovery_path parameters from the updated custom resource file.
Actions:
Perform the following steps and then the upgrade of operators and deployments will start.
1. To upgrade an airgap/offline Production deployment, find mirror file cp4ba-case-to-be-mirrored-25.0.1-IF001.txt for this interim fix from the branch that you cloned above under the scripts/airgap directory. Execute this command from your bastion host to download the CASE files:
```
oc ibm-pak get -c file://(absolute path to file)/cp4ba-case-to-be-mirrored-25.0.1-IF001.txt
```
  The (absolute path to file) needs to be a path starting from "/". For example, "/opt".
2. You will need to mirror the images associated with the new cp4ba-case-to-be-mirrored-25.0..txt mirror file.
```
export CASE_NAME=ibm-cp-automation
export CASE_VERSION=25.1.1
export CASE_INVENTORY_SETUP=cp4aOperatorSetup
export TARGET_REGISTRY=<target-registry>
export NAMESPACE=<cp4ba_namespace_name>
```
  Follow the instructions for either mirroring option in Mirroring images to the private registry using the new CASE version associated with this interim fix. If you are looking to install only a set of capabilities then you can make use of filters listed in Table 1 so that you can only download the specific set of images that you require.
3. From the branch that you cloned above navigate to the scripts directory and perform the following steps to upgrade the CP4BA operators.
  - Warning:
    The script with the upgradeOperator option will scale the CP4BA Operators down to zero. You must execute the script with the upgradeDeploymentStatus mode to scale them back in.
  - Actions:
    Run the cp4a-deployment.sh script with the upgradeOperator option to upgrade the IBM Cloud Pak foundational services/CP4BA operators:
```
./scripts/cp4a-deployment.sh -m upgradeOperator -n <CP4BA Namespace>
```
  - If you are upgrading from 25.0.1 GA to 25.0.1 IF001, you may encounter an issue where the ODM operator CSV fails to complete its upgrade.
    - Check the CSV status by running:
      oc get csv
      If the upgrade is stuck, the output will look similar to this:
      Name Display Version Replaces Phase
      ibm-odm-operator.v25.1.0 IBM Operational Decision Manager 25.1.0 Upgrading
      ibm-odm-operator.v25.1.1 IBM Operational Decision Manager 25.1.1 ibm-odm-operator.v25.1.0 Error
    - If after several minutes the ibm-odm-operator.v25.1.1 CSV remains stuck in the Installing or Error phase, delete its predecessor by running:
      oc delete csv ibm-odm-operator.v25.1.0
    - After a few minutes, only one CSV should remain and its phase should show as Succeeded:
      Name Display Version Replaces Phase
      ibm-odm-operator.v25.1.1 IBM Operational Decision Manager 25.1.1 ibm-odm-operator.v25.1.0 Succeeded
Wait for the operators to complete their upgrades.
By default all subscriptions are set to automatic, but if you have any subscriptions set to manual then you need to approve any pending InstallPlans.
Use the below command to see the current status of the install plans.
```
oc get installPlan
```
The upgrade will be blocked, if any of the needed InstallPlans are not approved. It is not recommended to set subscriptions to manual as this makes the upgrade more error prone.
You can use the following scripts to check the status of the upgrades.
- Warning:
  The script will scale the CP4BA deployments down to zero. You must execute the cp4a-deployment.sh script with upgradeDeploymentStatus option to scale them back up.
- Actions:
  [OPTIONAL] Run the cp4a-deployment.sh script with upgradeOperatorStatus option to check that the upgrade of the CP4BA operator and its dependencies is successful:
```
./scripts/cp4a-deployment.sh -m upgradeOperatorStatus -n <CP4BA Namespace>
```
Start up the upgraded CP4BA Operators.
Run the cp4a-deployment.sh script with upgradeDeploymentStatus option to check that the upgrade of the CP4BA deployment is successful:
```
./scripts/cp4a-deployment.sh -m upgradeDeploymentStatus -n <CP4BA Namespace>
```
Note: If you are using the P8BPMREST CPE end point, you must wait for the CPE components status to display "Done" and then execute the below command to make it accessible.
```
kubectl patch zenextension <CUSTOM_RESOURCE_FILENAME>-cpe-zen-extension -n <CP4BA NAMESPACE> --type=merge -p '{"metadata": {"annotations": {"checksum_cpe_ips": "0"}}}'
```

Name	Display	Version	Replaces	Phase
ibm-odm-operator.v25.1.0	IBM Operational Decision Manager	25.1.0		Upgrading
ibm-odm-operator.v25.1.1	IBM Operational Decision Manager	25.1.1	ibm-odm-operator.v25.1.0	Error

Name	Display	Version	Replaces	Phase
ibm-odm-operator.v25.1.1	IBM Operational Decision Manager	25.1.1	ibm-odm-operator.v25.1.0	Succeeded

Performing the necessary tasks after installation

a. Review the installation

It is recommended that you review the CR yaml status section and operator logs after the upgrade to ensure there are no failures preventing your pods from upgrading.

oc get icp4acluster icp4adeploy -o yaml > CP4BAconfig.yaml
oc logs deployment/ibm-cp4a-operator -c operator > operator.log

If you are interested in verifying the expected image digest for a particular image, then you can review the ibm-cp-automation\inventory\cp4aOperatorSdk\resources.yaml file in the CASE package. This file has a listing of the images managed by the CP4BA operator and their expected digest for this particular interim fix level.

Uninstalling

There is no procedure to uninstall the interim fix.

List of Fixes

APARs/Known Issues fixed by this interim fix are listed in the following tables.

The columns are defined as follows:

Column title	Column description
APAR/Known Issue	The defect number
Title	A short description of the defect
Sec.	A mark indicates a defect related to security
Cont.	A mark indicates a defect specific to the Cloud Pak integration of the component
B.I.	A mark indicates the fix has a business impact. Details are found in the title column or the APAR/Known Issue document

General
Cloud Pak for Business Automation Operator
Automation Document Processing
Automation Decision Services
Business Automation Application
Business Automation Insights
Business Automation Navigator
Business Automation Studio
Business Automation Workflow including Automation Workstream Services
Enterprise Records
FileNet Content Manager
Operational Decision Manager
User Management Service
Workflow Process Service

General

Known Issue	Title	Sec.	Cont.	B.I.
N/A	Cloud Pak for Business Automation delivers container images that include operating system level and other open source libraries. Vulnerabilities (CVEs) for these libraries are published regularly. This interim fix includes fixes for these libraries to address: CVE List TBD Previous interim fixes have included fixes which are also addressed with this interim fix. Consult the Related links section for readmes of previous interim fixes, at the bottom of this document.
N/A	In addition to the list above and those related to a Known Issue listed in the following tables this interim fix addresses vulnerabilities listed in Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for April 2026

Cloud Pak for Business Automation Operator

Known Issue	Title	Sec.	Cont.	B.I.
DT455215	During deployment of Business Automation Studio, the Task fails with unclear error: Error if target_env_name for default TOS is not dev_env_connection_definition
DT464432	Workflow operator fails during deployment with external IM URL
DT462338	CPFS catalogsources left behind post upgrade
DT460243	CP4BA: Default self-signed certificates for legacy routes do not get renewed automatically when expired
DT454619	Cloud Pak for Business Automation operator does not update the ca-cert-generation annotation in the secret for Kafka root ca cert when it updates the cert

Automation Document Processing

Known Issue	Title	Sec.	Cont.	B.I.
N/A	N/A

Automation Decision Services

Known Issue	Title	Sec.	Cont.	B.I.
DT461270	Exponent Values are inconsistently displayed in ADS Authoring RUN
DT456609	Decision Model reference list is not sorted
DT456606	Dependency selection breaks after sorting in Decision Model

Business Automation Application

Known Issue	Title	Sec.	Cont.	B.I.
Known Issue	Title	Sec.	Cont.	B.I.
N/A	N/A

Business Automation Insights

Known Issue	Title	Sec.	Cont.	B.I.
N/A	N/A

Business Automation Navigator

Known Issue	Title	Sec.	Cont.	B.I.
	Please see Business Automation Navigator Fix List APARs for Cloud Pak for Business Automation technote

Business Automation Studio

Known Issue	Title	Sec.
DT456161	CVE-2025-27789 reported for runtime-7.25.7.tgz in web Process Designer	X
DT457061	Server side Request Forgery affects IBM Business Automation Workflow and Cloud Pak for Business Automation	X
DT461441	Security vulnerability (CVE-2025-13465) in lodash lib affects IBM Workflow Center, Process Designer and Business Automation Studio	X
DT462331	Security vulnerability CVE-2025-68161 affects log4j-core	X
DT464058	Multiple security vulnerabilities (CVE-2026-27212 & CVE-2026-2327) affect IBM Business Automation Studio	X
DT452033	Unnamed Snapshot Deletion Fails via Swagger API
DT455215	During deployment of Business Automation Studio, the Task fails with unclear error: Error if target_env_name for default TOS is not dev_env_connection_definition
DT459989	Null pointer exceptions seen during snapshot deployment
DT461822	In the Process Performance dashboard the batch modify dialog is empty and shows an error

Business Automation Workflow including Automation Workstream Services

Known Issue	Title	Sec.
DT456161	CVE-2025-27789 reported for runtime-7.25.7.tgz in web Process Designer	X
DT457061	Server side Request Forgery affects IBM Business Automation Workflow and Cloud Pak for Business Automation	X
DT458127	CVE findings in a library called lz4-java-1.8.0.jar for Case Emitters	X
DT458920	Multiple vulnerabilities in urllib3-2.5.0-py3-none-any.whl	X
DT459901	CVE-2026-22029 in router-1.23.0.tgz packaged with IBM Business Automation Workflow	X
DT459220	CVE-2025-68429 in addon-actions-8.6.14.tgz	X
DT459452	CVE-2025-68664 - LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs	X
DT460278	CVE-2024-29371 for jose4j found in CaseManager application	X
DT460287	The Rhino jars packaged in Case Event emitter are vulnerable	X
DT460289	The lz4-java library packaged in the Case History Emitter is vulnerable	X
DT460338	Security vulnerability CVE-2025-68161 in log4j library affects IBM Process Federation Server	X
DT460923	CVE-2025-13465 in lodash versions 4.0.0 packaged with Process Admin Console	X
DT460925	Updating undici to address CVE-2026-22036	X
DT462331	Security vulnerability CVE-2025-68161 affects log4j-core	X
DT463433	CVE-2026-2327 in markdown-it-14.1.0.tgz: bpm/ci.workflow-ai-agent_25.0.1 must be updated	X
DT464548	Update langgraph_checkpoint-3.0.1-py3-none-any.whl to address CVE-2026-27794	X
DT465142	Update langgraph-1.0.9-py3-none-any.whl to address CVE-2026-28277	X
DT465159	Update immutable-5.1. to address CVE-2026-29063	X
DT465509	Update PyJWT library to address CVE-2026-32597	X
DT467837	Update langchain_core-1.2.2 to address CVE-2026-40087	X
DT455841	Doc: Users may notice that all baw-server pods get into 0/1 status when baw-server-0 is restarting - Cloud Pak for Business Automation
DT456747	Object Store List Not loading in Business Automation Workflow Admin Desktop
DT457280	In-basket task counter is not displayed correctly after upgrading from 22.0.2 to 24.0.0.0
DT457699	''ERROR: The user profile could not be updated'' displayed at the bottom of Navigator Workplace Desktop
DT457731	Cannot use new provided models from watsonx.ai runtime that do not include max_output_tokens
DT459023	Username wraps onto next line in the comments dialog.
DT459336	UI Button Missing in Content Navigator on Initial Page Load
DT459451	The Case Client application fetches and loads static content slowly
DT459460	Preventing Script Injection in Rest Parameters
DT459828	/home/forward-log.sh: line 48 /etc/filebeat/filebeat.yml: Read-only file system error when enabling Filebeat - Cloud Pak for Business Automation
DT459989	Null pointer exceptions seen during snapshot deployment
DT460079	Process Portal doesn't display Arabic characters on a Cloud Pak for Business Automation environment with MS SQL Server
DT460222	REST API /std/bpm/uca/event_manager_tasks/DELETE fails with CWTBG0019E error and Microsoft SQL syntax errors
DT461413	Workplace Assistant generates inaccurate responses and unuseful summary
DT461680	Case Lock is not happening when two users opening the same workitem in the Inbasket at the same time
DT461716	Business Automation Workflow (BAW) server is shut down when a large number of Business Automation Insights (BAI) messages buildup due to RecordTooLargeException
DT461762	Workplace Assistant generates inaccurate responses and unuseful summary for case instances
DT461763	When Federated Data Repository indexing is enabled, excessive updates occur on the FED_PARTITIONING_AGENT table
DT461822	In the Process Performance dashboard the batch modify dialog is empty and shows an error
DT463421	Names are getting truncated in the UI if multiple users returned when reassigning a case to another user.
DT463715	Federated Data Repository partitioning must be more resilient
DT464334	Removing the Workflow Liberty customization parameter from the CR does not remove the previously configured setting - Cloud Pak for Business Automation
DT464432	Workflow operator fails during deployment with external IM URL
DT464603	Workflow tab goes blank and filters doesn't work after some filter condition changes
DT464744	Business Automation Workflow audit log generates logs which have an incorrect JSON format
DT464906	Opening and closing work items from a user in-basket is slow due to retrieving repeated number of requests for retrieving choice lists
DT465349	Issue where the emptyâlist message disappears after sorting in the ECM File List
DT465541	Properties are not displayed in the correct order within system-generated views when adding discretionary tasks from the Add Activity page
DT466819	Add Case Page validation errors not shown after updating to 24.0.1.0 IF006

Enterprise Records

Known Issue	Title	Sec.	Cont.	B.I.
N/A	N/A

FileNet Content Manager

APAR	Title	Sec.	Cont.	B.I.
	See FileNet Content Manager Release Fix List APARs for IBM Cloud Pak for Business Automation technote

Operational Decision Manager (based on ODM-9.5.0.1-IF009)

Known Issue	Title	Sec.	Cont.	B.I.
DT461796	DEBUGGER DOES NOT STOP AT DECISION TABLE BREAKPOINT IN RULE DESIGNER
DT463767	NO VALIDATION FOR INVALID INITIAL VALUE OF RULESET VARIABLES IN BUSINESS CONSOLE
DT467438	FAILURE RUNNING MIGRATION SCRIPT
DT466661	CANNOT EXECUTE SOAP REQUESTS WITH 7.0 AND 7.1 COMPATIBILITY MODES
DT454837	UNEXPECTED CAST EXCEPTION FOR BOOLEAN PROPERTY DURING RUNTIME RULE SELECTION
DT458139	UNABLE TO UPDATE STRUCT CUSTOM PROPERTY USING QUERY ACTION
DT466825	MIGRATION SCRIPT MAY THROW EXCEPTIONS WHEN DROPPING AND RE-CREATING INDEXES
DT461021	RULE DESIGNER DEBUGGER DOES NOT STOP ON BREAKPOINT IN RULES WITH SPACE IN NAME
DT459790	OUTPUT EXCEL FILE CONTAINS THE RULESET PARAMETERS IN AN INCORRECT ORDER
DT456707	RTSUSER CANNOT EXPORT SNAPSHOT FROM REST-API
DT455466	GENERATING OUTPUT REPORT FOR A TEST SUITE MAY TAKE A LONG TIME
DT458698	RULE UPDATE USING REMOTE API MIGHT NOT APPLY TO WORKING BASELINE PREVIOUSLY SET
DT459723	IN DECISION TABLE COLUMN EDITOR THE PLACEHOLDERS ARE AT THE END OF THE COMPLETION LIST
DT457400	RTSUSERS ARE UNABLE TO LOG IN DECISION CENTER
DT456480	DECISION SERVICE WITH INTERCEPTOR ENABLED LEAKS MANAGEMENT SESSION
DT465307	PLACEHODERS LOCATION IN COMPLETION LIST USING HIERARCHICAL MODE
DT462293	BACKGROUND DELETION THROWS REFERENTIAL INTEGRITY CONSTRAINT VIOLATION
DT463521	NPE WHEN RUNNING DECISION SERVICE WITH DATA TABLE OPEN IN NEW EDITOR IN RULE DESIGNER
DT466051	IMPOSSIBLE TO USE A 4 LETTERS LOCALE FOR DISPLAY LOCALE IN BUSINESS CONSOLE
DT460370	RES CONSOLE SHOWS 0 XU WHEN RES IS CONFIGURED TO TCP/IP MANAGEMENT SERVER
DT460300	MALFORMED SOAP REQUEST NOT RELEASED FROM XU POOL
DT459391	TAB KEY IS NOT WORKING IN RULE DESIGNER B2X EDITOR
DT458167	UNEXPECTED ERROR USING THE DECISIONCENTER WEBHOOK NOTIFICATION
DT451968	THE DIAGNOSTIC LAST VALUE IN PARENT BRANCH TAKES FOREVER
DT457379	SIMULATION CONFIGURATION COMPARISON DISPLAYS UNIX EPOCH FORMAT FOR DATE FIELD
DT450186	TECHNICAL RULE EDITOR IN RD DOES NOT SHOW TABS
DT462733	DIFFERENCES IN RULEAPP GENERATED FROM BUILDCOMMAND AND RULE DESIGNER
DT454985	INCORRECT VALUES POPULATED IN THE EXCEL REPORT GENERATED WHEN RUNNING THE TEST SUITE
DT453379	UNABLE TO VIEW DEPLOYMENT REPORT AFTER CLEANUP
DT465992	RULESET ARCHIVE BUILD MAY FAIL WITH EMPTYSTACKEXCEPTION
DT456837	NO VALIDATION PERFORMED ON SIMULATION DATA FILE UPLOAD
DT465586	RULESET BUILD FAILS WITH CLASSTOOLARGEEXCEPTION
DT457876	PERFORMANCE SLOWNESS OF SIMULATION REPORTS TAB
DT463349	HIDE RES CONSOLE BASIC AUTH PANEL WHEN SETTING OIDC.DISABLELOGINPANEL=TRUE
DT463073	ERROR ENCOUNTERED WHEN CHANGING CUSTOM EXPRESSION IN DECISION TABLE ROW

User Management Service

Known Issue	Title	Sec.	Cont.	B.I.
N/A	N/A

Workflow Process Service

Known Issue	Title	Sec.
DT459901	CVE-2026-22029 in router-1.23.0.tgz packaged with IBM Business Automation Workflow	X
DT460923	CVE-2025-13465 in lodash versions 4.0.0 packaged with Process Admin Console	X
DT460925	Updating undici to address CVE-2026-22036	X
DT459220	CVE-2025-68429 in addon-actions-8.6.14.tgz	X
DT457731	Cannot use new provided models from watsonx.ai runtime that do not include max_output_tokens
DT460222	REST API /std/bpm/uca/event_manager_tasks/DELETE fails with CWTBG0019E error and Microsoft SQL syntax errors
DT461716	Business Automation Workflow (BAW) server is shut down when a large number of Business Automation Insights (BAI) messages buildup due to RecordTooLargeException
DT461763	When Federated Data Repository indexing is enabled, excessive updates occur on the FED_PARTITIONING_AGENT table
DT463715	Federated Data Repository partitioning must be more resilient
DT464744	Business Automation Workflow audit log generates logs which have an incorrect JSON format

Known Limitations

Cloud Pak for Business Automation 25.0.x Known Issues

Known issues in IBM Cloud Pak foundational services

Document change history

30 April 2026: Initial publish.

Related Information

Fix list for Cloud Pak for Business Automation 25.0.1

Cloud Pak for Business Automation Fix list

Cloud Pak for Business Automation Interim fix download

[{"Type":"MASTER","Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBYVB","label":"IBM Cloud Pak for Business Automation"},"ARM Category":[{"code":"a8m0z0000001gWWAAY","label":"Other-\u003ECloudPak4Automation Platform"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"25.0.0"}]

Tips