IBM Support

Readme for IBM Cloud Pak for Business Automation 24.0.0 IF009

Fix Readme


Abstract

The following document is for IBM Cloud Pak for Business Automation 24.0.0 IF009. It includes the CASE package download, installation information, and the list of APARs/Known Issues that are resolved in this interim fix.

Content

Readme file for:IBM Cloud Pak® for Business Automation
Product Release:24.0.0
Update Name:24.0.0 IF009
Fix ID:24.0.0-WS-CP4BA-IF009
Publication Date:30 April 2026

 

Contents

 

Prerequisites and supersedes

  • Supersedes all prior interim fixes for Cloud Pak for Business Automation 24.0.0.
 

Important Upgrade Notice for CP4BA 24.0.0 Customers

Customers running CP4BA 24.0.0 are advised to plan for an upgrade to CP4BA 24.0.0-IF012 (GA at end of November 2026) to continue receiving Common Vulnerabilities and Exposures (CVE) fixes and support. In addition, the EnterpriseDB (EDB) license will end by December 2026. All releases, including CP4BA 24.0.0, will transition to Cloud Native PostgreSQL (CNPG) starting with CP4BA 24.0.0-IF012.

Important: This CP4BA 24.0.0-IF009 is the last iFix that supports direct upgrades from CP4BA 21.0.3-IF00x. Customers upgrading from CP4BA 21.0.3-IF00x should upgrade to 24.0.0 GA or IF001 through IF009. After completing this upgrade, IF010, IF011, and subsequent iFixes can be applied.

Consider planning your upgrade path early to ensure a smooth transition and continued support.

 

Components impacted

 

Before installation

  1. Ensure you take regular backups of any databases associated with the environment.
  2. Ensure your operators are in a healthy state, before upgrading.   
    If one or more operators are failing, then it can prevent the system from completing an upgrade.  
    It is recommended to check a few of the important CR statuses to ensure there are not failures and the statuses appear ready for the various installed components. Check the status of the following CRs when they exist:
  3. oc get icp4acluster -o yaml 
oc get content -o yaml
oc get Foundation -o yaml
  4. Remove any image settings in CRs  
    If you used any individual image tag settings in your CRs, it could prevent the operator from updating the images to the appropriate version. Ensure you remove any of these settings when you upgrade. This doesn't apply to starter installation as it requires a new install.
 

Installing the interim fix

This interim fix contains the following version of Cloud Pak for Business Automation and Cloud Pak Foundational Services (CPFS):
  • Cloud Pak for Business Automation 24.0.0-IF009
  • Cloud Pak Foundational Services 4.6.21
Note:  This interim fix only supports the Cloud Pak Foundational Services listed above. It is important that you deploy or upgrade Cloud Pak for Business Automation using the catalog sources in this readme document.  If you have other Cloud Paks installed on the same OCP cluster, be sure to check the compatibility of the Cloud Pak Foundational Services versions listed above with other Cloud Paks' specifications.
 
 
Cloud Pak for Business Automation (CP4BA) 24.0.0 interim fixes are released to the v24.0 operator channel. Once the operators are upgraded, it triggers rolling updates for all the pods it manages to ensure they are updated to the appropriate version to match the operator.
 

Upgrading with MongoDB embedded services.

If you are upgrading with embedded MongoDB database of IBM Automation Decision Services or IBM Automation Document Processing. Please check the FCV(FeatureCompatibilityVersion) version before upgrading. If the FCV version is 5.0, you will need to manually set the FCV version to 6.0. If FCV version is 6.0, you do not need to perform the following commands. If you are upgrading from 21.0.3.x or 23.0.2.x, it is recommended to first upgrade to 24.0.0 GA before 24.0.0 IF009. This is to ensure a smooth migration for the embedded Mongo instance with minimal manual interventions. After upgrading to 24.0.0 GA, then proceed with the following steps below.

Note: The appropriate MongoDB client binary (mongo or mongosh) depends on the version of CP4BA installed currently. If any of the commands below return a mongo: command not found error, re-run them using the alternate client (mongosh).
 

  1. Identify the the MongoDB pod by running the command below to get the podID.

    kubectl get pods | grep icp4adeploy-mongo

  2. Check the FCV version by running the command below.
    Note: $MONGO_INITDB_ROOT_USERNAME is the value from file /etc/credentials/admin/MONGO_ROOT_USERNAME and $MONGO_INITDB_ROOT_PASSWORD is the value from file /etc/credentials/admin/MONGO_ROOT_PASSWORD. You can find the MONGO_ROOT_USERNAME and MONGO_ROOT_PASSWORD files in the Mongo pod.

    For Automation Document Processing:

    kubectl exec icp4adeploy-mongo-deploy-<podID> –- bash -c 'mongo -u "$MONGO_INITDB_ROOT_USERNAME" -p "$MONGO_INITDB_ROOT_PASSWORD" --eval "db.adminCommand({getParameter: 1, featureCompatibilityVersion: 1})"'

    For Automation Decision Services:

    kubectl exec icp4adeploy-mongo-deploy-<podID> -- bash -c 'mongo --norc --tls --tlsAllowInvalidCertificates -u "$MONGO_INITDB_ROOT_USERNAME" -p "$MONGO_INITDB_ROOT_PASSWORD" --eval "db.adminCommand({getParameter: 1, featureCompatibilityVersion: 1})"'
  3. If the FCV version is 5.0 you need to set the FCV version to 6.0. If FCV version is 6.0, you do not need to perform the following commands. 

  4.  Upgrade to FCV version to 6.0.

    kubectl exec icp4adeploy-mongo-deploy-<podID> -- bash -c 'mongo --norc --tls --tlsAllowInvalidCertificates -u "$MONGO_INITDB_ROOT_USERNAME" -p "$MONGO_INITDB_ROOT_PASSWORD" --eval "db.adminCommand({ setFeatureCompatibilityVersion: \"6.0\" })"'

  5. Verify the FCV version is 6.0.

    kubectl exec icp4adeploy-mongo-deploy-<podID> -- bash -c 'mongo --norc --tls --tlsAllowInvalidCertificates -u "$MONGO_INITDB_ROOT_USERNAME" -p "$MONGO_INITDB_ROOT_PASSWORD" --eval "db.adminCommand({getParameter: 1, featureCompatibilityVersion: 1})"'
 
 
Step 1: Download the installation and upgrade scripts

  1. Download the 24.0.0 IF009 branch by using the following git clone command.

    git clone -b 24.0.0-IF009 https://github.com/icp4a/cert-kubernetes.git
 
Step 2:  Perform an online/offline fresh installation or an upgrade on an existing online/offline deployment.
 
Depending on the current setup and state of your existing environment, there are various actions that need to be taken. The following scenarios cover what actions might be needed for a particular setup.  
 

For an upgrade scenario, these are the Cloud Pak foundational services migration modes supported -

Migration Mode Support
Cluster-scoped to Namespace-scopedSupported (This is the recommended approach if your current deployment is using cluster-scoped CPFs)
Namespace-scoped to Namespace-scopedSupported (If your CPFs deployment is already namespace-scoped, then continue to remain at namespace-scoped)
Cluster-scoped to Cluster-scoped Not Supported (Please follow the recommended upgrade from Cluster-scoped to Namespace-scoped for CPFs)
Cluster-scoped ("All namespaces") to Cluster-scoped ("All namespaces")Supported  ( There is no migration path from Cluster-scoped ("All namespaces") to Namespace-scoped )


Note: The recommended migration mode for an instance with cluster scoped Cloud Pak foundational services is to namespace scoped Cloud Pak foundational services.

 
  • Scenario 1: You are installing a Starter deployment online or have an existing online Starter deployment
    Warning: If you have an existing Cloud Pak Foundation Services instance installed at the cluster scoped level or in the namespace where CP4BA is being installed, then it is not supported. The Starter deployment of CP4BA is only supported when deploying into a new namespace without CPFs.  
    Actions: Starter deployments do not support upgrades; however, you can use this interim fix content to perform a Starter deployment. To deploy a Starter deployment using the content of this interim fix, please see install a new Starter environment and use the installation scripts from the branch that you cloned above.
  • Scenario 2: You are installing online Production deployment  
    Warning: If you have an existing Cloud Pak Foundation Services instance installed at the cluster scoped level or in the namespace where CP4BA is being installed, then it is not supported. The Production deployment of CP4BA is only supported when deploying into a new namespace without CPFs.
    Actions: To deploy an online Production deployment without using a local registry, please follow steps in install a new online Production environment and use the installation scripts from the branch that you cloned above.
  • Scenario 3: You are installing offline/airgap Production deployment
    Warning: If you have an existing Cloud Pak Foundation Services instance installed at the cluster scoped level or in the namespace where CP4BA is being installed, then it is not supported. The Production deployment of CP4BA is only supported when deploying into a new namespace without CPFs.
    Note: As prerequisites for this scenario, you must follow steps here to set up the bastion host to mirror images to the registry and further to set up the private registry. The mirroring of images can be completed using "oc mirror" for the mirroring images process. If you are looking to install only a set of capabilities then you can make use of filters listed in Table 1 so that you can only download the specific set of images that you require. Please note that if the set of capabilities includes Business Automation Workflow,Process Federation Server,Workflow Process Service or Business Automation Insights make sure to include the filter "ibm_es_1_1_2470" .
    Actions:

    1. To deploy an airgap/offline Production deployment, find mirror file cp4ba-case-to-be-mirrored-24.0.0-IF009.txt for this interim fix from the branch that you cloned above under the scripts/airgap directory. Execute this command from your bastion host to download the CASE files.

      oc ibm-pak get -c file://(absolute path to file)/cp4ba-case-to-be-mirrored-24.0.0-IF009.txt

      The absolute path to file needs to be a path starting from "/". For example, "/opt".

    2. You will need to mirror the images associated with the new cp4ba-case-to-be-mirrored-24.0.0-IF009.txt mirror file. 

      export CASE_INVENTORY_SETUP=cp4aOperatorSetup
export TARGET_REGISTRY=<target-registry>
export NAMESPACE=<cp4ba_namespace_name>

      Follow the instructions for either mirroring option in Mirroring images to the private registry using the new CASE version associated with this interim fix.

    3. Login to the cluster and go to namespace for the operator from the bastion host.

      oc login https://<CLUSTERIP>:<port> -u <ADMINISTRATOR>
oc project ${NAMESPACE}
    4. From your bastion host, install the catalog sources and operators using the steps listed in Install Catalog Source and Operators using cluster admin script.
    5. Follow the remaining steps from Question 6 listed here to complete the installations of offline/airgap Production deployment.
  • Scenario 4: Your installed Production deployment version is 21.0.3 IF031 or newer.  
    Note: Direct upgrade from versions prior to 21.0.3 IF031 are not supported. If you are upgrading from a prior version then you would need to perform incremental upgrading using the instructions from each prior version to 21.0.3 IF031 or newer.  
    Warning:  
    All instructions to download the installation and upgrade scripts in the Knowledge Center links referenced below can be ignored. Instead use the installation and upgrade scripts downloaded in Step 1.  
    Actions:    
    For online upgrade, follow the upgrade instructions documented in Upgrading CP4BA multi-pattern clusters from 21.0.3.  
    For offline upgrade, you must first complete the prerequisites by following steps here to set up the bastion host to mirror images to the registry and further to set up the private registry. The mirroring of images can be completed using "oc mirror" for the mirroring images process. Once the mirroring of images is completed, follow the upgrade instructions documented in Upgrading CP4BA multi-pattern clusters from 21.0.3.
  • Scenario 5: Your installed Production deployment version is 22.0.2 IF006 .  
    Note: Direct upgrade from versions prior to 22.0.2 IF006 are not supported. If you are upgrading from a prior version then you would need to perform incremental upgrading using the instructions from each prior version to 22.0.2 IF006.  
    Warning:  
    All instructions to download the installation and upgrade scripts in the Knowledge Center links referenced below can be ignored. Instead use the installation and upgrade scripts downloaded in Step 1.  
    Actions:    
    For online upgrade, follow the upgrade instructions documented in Upgrading CP4BA multi-pattern clusters from 22.0.2 in online environment.  
    For offline upgrade, you must first complete the prerequisites by following steps here to set up the bastion host to mirror images to the registry and further to set up the private registry. The mirroring of images can be completed using "oc mirror" for the mirroring images process. Once the mirroring of images is completed, follow the upgrade instructions documented in Upgrading CP4BA multi-pattern clusters from 22.0.2 in online environment.
  • Scenario 6: Your installed Production deployment version is 23.0.2 IF006 (If you do not have 23.0.2 IF006 you need to upgrade to 23.0.2 IF006 before proceeding with this upgrade).  
    Warning:  
    All instructions to download the installation and upgrade scripts in the Knowledge Center links referenced below can be ignored. Instead use the installation and upgrade scripts downloaded in Step 1.  
    Actions:    
    For online upgrade, follow the upgrade instructions documented in Upgrading CP4BA multi-pattern clusters from 23.0.2 in online environment.  
    For offline upgrade, you must first complete the prerequisites by following steps here to set up the bastion host to mirror images to the registry and further to set up the private registry. The mirroring of images can be completed using "oc mirror" for the mirroring images process. Once the mirroring of images is completed, follow the upgrade instructions documented in in Upgrading CP4BA multi-pattern clusters from 23.0.2 in online environment.
  • Scenario 7:  Your installed Production deployment is 24.0.0 GA or newer and is online.

    Note:  
    For a dedicated deployment or namespace scoped deployment, the value for < CP4BA Namespace >  should be the namespace where all IBM Cloud Pak foundational services/CP4BA Operators and Services are deployed. If the CP4BA Operators and Services are deployed in different namespaces( separation of duties), the value for < CP4BA Namespace > should be the namespace where all IBM Cloud Pak foundational services/CP4BA Operators are deployed in.  
    Warning:  
    For a CP4BA Deployment with BAI ( Business Automation Insights ) selected as an optional component, it is recommended to create BAI savepoints before starting the upgrade process to this interim fix. For Flink event processing to resume from its previous state, savepoints are required to be created before the upgrade and specified in the updated CR. BAI savepoints can be created by following the below steps.

    •  Retrieve the name of the InsightsEngine custom resource file.

      InsightsEngine_CR=$(kubectl get InsightsEngine --no-headers --ignore-not-found -n <CP4BA-Namespace> -o name)
      Retrieve and export the below details.
      export MANAGEMENT_URL=$(kubectl get ${InsightsEngine_CR} --no-headers --ignore-not-found -n <CP4BA Namespace> -o jsonpath='{.status.components.management.endpoints[?(@.scope=="External")].uri}')

export MANAGEMENT_AUTH_SECRET=$(kubectl get ${InsightsEngine_CR} --no-headers --ignore-not-found -n <CP4BA Namespace> -o jsonpath='{.status.components.management.endpoints[?(@.scope=="External")].authentication.secret.secretName}')

export MANAGEMENT_USERNAME=$(kubectl get secret ${MANAGEMENT_AUTH_SECRET} --no-headers --ignore-not-found -n <CP4BA Namespace> -o jsonpath='{.data.username}' | base64 -d)

export MANAGEMENT_PASSWORD=$(kubectl get secret ${MANAGEMENT_AUTH_SECRET} --no-headers --ignore-not-found -n <CP4BA Namespace> -o jsonpath='{.data.password}' | base64 -d)

      Create BAI savepoints and store them in a temporary file called bai.json.

      curl -X POST -k -u ${MANAGEMENT_USERNAME}:${MANAGEMENT_PASSWORD} "${MANAGEMENT_URL}/api/v1/processing/jobs/savepoints" -o ./bai.json

       Scale down the CP4BA and Insights Engine Operator.

      oc scale --replicas=0 deployment ibm-cp4a-operator
oc scale --replicas=0 deployment ibm-insights-engine-operator

    • Retrieve the recovery path locations for each BAI component for which BAI savepoints are created from ./bai.json and update the bai_configuration section of the custom resource file. For Example: If there is a BAI savepoint being created for navigator component, then the updated custom resource file should have the below configuration.

      bai_configuration:
 navigator:
  recovery_path: /mnt/pv/savepoints/dba/bai-navigator/savepoint-fb88f4-42027046b73b
 ... 
 # Add recovery_path for all other components
    • Once the upgrade has been completed, make sure to remove all instances of the recovery_path parameters from the updated custom resource file.

    Actions:   
    From the branch that you cloned above navigate to the scripts directory and perform the following steps to upgrade the CP4BA operators and deployment.

    1. Upgrade the CP4BA operators.
      • Warning:   
        The script with the upgradeOperator option will scale the CP4BA Operators down to zero. You must execute the script with the upgradeDeploymentStatus mode to scale them back in. 

      • Actions:  
        Run the cp4a-deployment.sh script with the upgradeOperator option to upgrade the IBM Cloud Pak foundational services/CP4BA operators:  
         

        ./scripts/cp4a-deployment.sh -m upgradeOperator -n <CP4BA Namespace>

    2. Wait for the operators to complete their upgrades.  
      By default all subscriptions are set to automatic, but if you have any subscriptions set to manual then you need to approve any pending InstallPlans.  
      Use the below command to see the current status of the install plans.

      oc get installPlan

      The upgrade will be blocked, if any of the needed InstallPlans are not approved. It is not recommended to set subscriptions to manual as this makes the upgrade more error prone.

    3. You can use the following scripts to check the status of the upgrades.
      • Warning:  
        The script will scale the CP4BA deployments down to zero. You must execute the cp4a-deployment.sh script with upgradeDeploymentStatus option to scale them back up.

      • Actions:  
        [OPTIONAL] Run the cp4a-deployment.sh script with upgradeOperatorStatus option to check that the upgrade of the CP4BA operator and its dependencies is successful:

        ./scripts/cp4a-deployment.sh -m upgradeOperatorStatus -n <CP4BA Namespace>

    4. Start up the upgraded CP4BA Operators.  
      Run the cp4a-deployment.sh script with upgradeDeploymentStatus option to check that the upgrade of the CP4BA deployment is successful:

      ./scripts/cp4a-deployment.sh -m upgradeDeploymentStatus -n <CP4BA Namespace>


      Note: If you are using the P8BPMREST CPE end point, you must wait for the CPE components status to display "Done" and then execute the below command to make it accessible.

      kubectl patch zenextension <CUSTOM_RESOURCE_FILENAME>-cpe-zen-extension -n <CP4BA NAMESPACE> --type=merge -p '{"metadata": {"annotations": {"checksum_cpe_ips": "0"}}}'
    • Scenario 8:  Your installed Production deployment is 24.0.0  GA or newer and using airgap/offline.

      Note:  
      As prerequisites for this scenario, you must follow steps here to set up the bastion host to mirror images to the registry and further to set up the private registry.  
      For a dedicated deployment or namespace scoped deployment, the value for < CP4BA Namespace >  should be the namespace where all IBM Cloud Pak foundational services/CP4BA Operators and Services are deployed. If the CP4BA Operators and Services are deployed in different namespaces( separation of duties), the value for < CP4BA Namespace > should be the namespace where all IBM Cloud Pak foundational services/CP4BA Operators are deployed in.   
      Warning:  
      For a CP4BA Deployment with BAI ( Business Automation Insights ) selected as an optional component, it is recommended to create BAI savepoints before starting the upgrade process to this interim fix.  For Flink event processing to resume from its previous state, savepoints are required to be created before the upgrade and specified in the updated CR. BAI savepoints can be created by following the below steps.

      •  Retrieve the name of the InsightsEngine custom resource file.

        InsightsEngine_CR=$(kubectl get InsightsEngine --no-headers --ignore-not-found -n <CP4BA-Namespace> -o name)
        Retrieve and export the below details.
        export MANAGEMENT_URL=$(kubectl get ${InsightsEngine_CR} --no-headers --ignore-not-found -n <CP4BA Namespace> -o jsonpath='{.status.components.management.endpoints[?(@.scope=="External")].uri}')

export MANAGEMENT_AUTH_SECRET=$(kubectl get ${InsightsEngine_CR} --no-headers --ignore-not-found -n <CP4BA Namespace> -o jsonpath='{.status.components.management.endpoints[?(@.scope=="External")].authentication.secret.secretName}')

export MANAGEMENT_USERNAME=$(kubectl get secret ${MANAGEMENT_AUTH_SECRET} --no-headers --ignore-not-found -n <CP4BA Namespace> -o jsonpath='{.data.username}' | base64 -d)

export MANAGEMENT_PASSWORD=$(kubectl get secret ${MANAGEMENT_AUTH_SECRET} --no-headers --ignore-not-found -n <CP4BA Namespace> -o jsonpath='{.data.password}' | base64 -d)

        Create BAI savepoints and store them in a temporary file called bai.json.

        curl -X POST -k -u ${MANAGEMENT_USERNAME}:${MANAGEMENT_PASSWORD} "${MANAGEMENT_URL}/api/v1/processing/jobs/savepoints" -o ./bai.json

         Scale down the CP4BA and Insights Engine Operator.

        oc scale --replicas=0 deployment ibm-cp4a-operator
oc scale --replicas=0 deployment ibm-insights-engine-operator

      • Retrieve the recovery path locations for each BAI component for which BAI savepoints are created from ./bai.json and update the bai_configuration section of the custom resource file. For Example: If there is a BAI savepoint being created for navigator component, then the updated custom resource file should have the below configuration.

        bai_configuration:
  navigator:
    recovery_path: /mnt/pv/savepoints/dba/bai-navigator/savepoint-fb88f4-42027046b73b
  ... 
  # Add recovery_path for all other components
      • Once the upgrade has been completed, make sure to remove all instances of the recovery_path parameters from the updated custom resource file.

      Actions:    
      Perform the following steps and then the upgrade of operators and deployments will start.

      1. To upgrade an airgap/offline Production deployment, find mirror file cp4ba-case-to-be-mirrored-24.0.0-IF007.txt for this interim fix from the branch that you cloned above under the scripts/airgap directory. Execute this command from your bastion host to download the CASE files:

        oc ibm-pak get -c file://(absolute path to file)/cp4ba-case-to-be-mirrored-24.0.0-IF009.txt

        The (absolute path to file) needs to be a path starting from "/". For example, "/opt".

      2. You will need to mirror the images associated with the new cp4ba-case-to-be-mirrored-24.0.0-IF009.txt mirror file. 

        export CASE_NAME=ibm-cp-automation
export CASE_VERSION=24.0.9
export CASE_INVENTORY_SETUP=cp4aOperatorSetup
export TARGET_REGISTRY=<target-registry>
export NAMESPACE=<cp4ba_namespace_name>

        Follow the instructions for either mirroring option in Mirroring images to the private registry using the new CASE version associated with this interim fix. If you are looking to install only a set of capabilities then you can make use of filters listed in Table 1 so that you can only download the specific set of images that you require.Please note that if the set of capabilities includes Business Automation Workflow,Process Federation Server,Workflow Process Service or Business Automation Insights make sure to include the filter "ibm_es_1_1_2470"

         
      3.  From the branch that you cloned above navigate to the scripts directory and perform the following steps to upgrade the CP4BA operators.
        • Warning:   
          The script with the upgradeOperator option will scale the CP4BA Operators down to zero. You must execute the script with the upgradeDeploymentStatus mode to scale them back in. 

        • Actions:  
          Run the cp4a-deployment.sh script with the upgradeOperator option to upgrade the IBM Cloud Pak foundational services/CP4BA operators:  
           

          ./scripts/cp4a-deployment.sh -m upgradeOperator -n <CP4BA Namespace>

      4. Wait for the operators to complete their upgrades.  
        By default all subscriptions are set to automatic, but if you have any subscriptions set to manual then you need to approve any pending InstallPlans.  
        Use the below command to see the current status of the install plans.

        oc get installPlan

        The upgrade will be blocked, if any of the needed InstallPlans are not approved. It is not recommended to set subscriptions to manual as this makes the upgrade more error prone.

      5. You can use the following scripts to check the status of the upgrades.

        • Actions:  
          [OPTIONAL] Run the cp4a-deployment.sh script with upgradeOperatorStatus option to check that the upgrade of the CP4BA operator and its dependencies is successful:

          ./scripts/cp4a-deployment.sh -m upgradeOperatorStatus -n <CP4BA Namespace>

      6. Start up the upgraded CP4BA Operators.  
        Run the cp4a-deployment.sh script with upgradeDeploymentStatus option to check that the upgrade of the CP4BA deployment is successful:

        ./scripts/cp4a-deployment.sh -m upgradeDeploymentStatus -n <CP4BA Namespace>


        Note: If you are using the P8BPMREST CPE end point, you must wait for the CPE components status to display "Done" and then execute the below command to make it accessible.

        kubectl patch zenextension <CUSTOM_RESOURCE_FILENAME>-cpe-zen-extension -n <CP4BA NAMESPACE> --type=merge -p '{"metadata": {"annotations": {"checksum_cpe_ips": "0"}}}'
 

Performing the necessary tasks after installation

 
a. Review the installation
It is recommended that you review the CR yaml status section and operator logs after the upgrade to ensure there are no failures preventing your pods from upgrading.
oc get icp4acluster icp4adeploy -o yaml > CP4BAconfig.yaml
oc logs deployment/ibm-cp4a-operator -c operator > operator.log
If you are interested in verifying the expected image digest for a particular image, then you can review the ibm-cp-automation\inventory\cp4aOperatorSdk\resources.yaml file in the CASE package. This file has a listing of the images managed by the CP4BA operator and their expected digest for this particular interim fix level.
 
 

Uninstalling

There is no procedure to uninstall the interim fix.
 

List of Fixes

APARs/Known Issues fixed by this interim fix are listed in the following tables.
 
The columns are defined as follows: 
 
Column titleColumn description
APAR/Known IssueThe defect number
TitleA short description of the defect
Sec.A mark indicates a defect related to security
Cont.A mark indicates a defect specific to the Cloud Pak integration of the component
B.I.A mark indicates the fix has a business impact. Details are found in the title column or the APAR/Known Issue document
 
General
Known IssueTitleSec.Cont.B.I.
N/A
Cloud Pak for Business Automation delivers container images that include operating system level and other open source libraries. Vulnerabilities (CVEs) for these libraries are published regularly.
This interim fix includes fixes for these libraries to address: 
 
CVE List TBD
 
Previous interim fixes have included fixes which are also addressed with this interim fix. Consult the Related links section for readmes of previous interim fixes, at the bottom of this document.
   
N/AIn addition to the list above and those related to a Known Issue listed in the following tables this interim fix addresses vulnerabilities listed in Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for April 2026   

 

Back to top

Cloud Pak for Business Automation Operator
Known IssueTitleSec.Cont.B.I.
N/AN/A   

 

Back to top

Automation Document Processing
Known IssueTitleSec.Cont.B.I.
N/AN/A   

 

Back to top

Automation Decision Services
Known IssueTitleSec.Cont.B.I.
N/AN/A   

 

Back to top

Known IssueTitleSec.Cont.B.I.
N/AN/A   

 

Back to top

Business Automation Insights
Known IssueTitleSec.Cont.B.I.
N/AN/A   

 

Back to top

Business Automation Navigator
Business Automation Studio
Known IssueTitleSec.Cont.B.I.
DT389925Security vulnerability in IBM Workflow Center and IBM Business Automation StudioX  
DT461441Security vulnerability (CVE-2025-13465) in lodash lib affects IBM Workflow Center, Process Designer and Business Automation StudioX  
DT462619Security vulnerability (CVE-2026-25639) affects common-integration libraryX  
DT460832A NullPointerException occurs in a process that contains a user task having a null input variable expression   
DT461283Visibility rules do not match between desktop Process Designer and Process Designer   
DT463510The heritage human service transformer is not handling // comments when processing multi-line conditions of decision gateways   

 

Back to top

Business Automation Workflow including Automation Workstream Services
Known IssueTitleSec.Cont.B.I.
DT458127CVE findings in a library called lz4-java-1.8.0.jar for Case EmittersX  
DT460278CVE-2024-29371 for jose4j found in CaseManager applicationX  
DT460287The Rhino jars packaged in Case Event emitter are vulnerableX  
DT460289The lz4-java library packaged in the Case History Emitter is vulnerableX  
DT460923CVE-2025-13465 in lodash versions 4.0.0 packaged with Process Admin ConsoleX  
DT465159Update immutable-5.1. to address CVE-2026-29063X  
DT398505The LSW_ENV_VAR_VAL table gets updated each time a Content Integration Task gets executed   
DT456747Object Store List Not loading in Business Automation Workflow Admin Desktop   
DT459460Preventing Script Injection in Rest Parameters   
DT459828/home/forward-log.sh: line 48 /etc/filebeat/filebeat.yml: Read-only file system error when enabling Filebeat - Cloud Pak for Business Automation   
DT460832A NullPointerException occurs in a process that contains a user task having a null input variable expression   
DT461716Business Automation Workflow (BAW) server is shut down when a large number of Business Automation Insights (BAI) messages buildup due to RecordTooLargeException   
DT463127JMS custom_xml settings are not applied for baw_configuration   
DT463715Federated Data Repository partitioning must be more resilient   
DT463998The existing configuration of Business Automation Workflow Case client plug-in gets wiped out every time the case-init job is run   
DT464334Removing the Workflow Liberty customization parameter from the CR does not remove the previously configured setting - Cloud Pak for Business Automation   
DT464744Business Automation Workflow audit log generates logs which have an incorrect JSON format   
DT464906Opening and closing work items from a user in-basket is slow due to retrieving repeated number of requests for retrieving choice lists   
DT465541Properties are not displayed in the correct order within system-generated views when adding discretionary tasks from the Add Activity page   
DT468472Update Cloud Pak for Business Automation documentation to mandate recovery path or Flink HA for bai_configuration changes   

 

Back to top

Enterprise Records
Known IssueTitleSec.Cont.B.I.
N/AN/A   

 

Back to top

FileNet Content Manager
Operational Decision Manager (based on ODM-9.0.0.1-IF023)
Known IssueTitleSec.Cont.B.I.
DT457876PERFORMANCE SLOWNESS OF SIMULATION REPORTS TAB   
DT466051IMPOSSIBLE TO USE A 4 LETTERS LOCALE FOR DISPLAY LOCALE IN BUSINESS CONSOLE   
DT450186TECHNICAL RULE EDITOR IN RD DOES NOT SHOW TABS   
DT463396RESIZING THE BUSINESS CONSOLE WINDOW DOESN'T ALWAYS BEHAVE AS EXPECTED   
DT459391TAB KEY IS NOT WORKING IN RULE DESIGNER B2X EDITOR   
DT461021RULE DESIGNER DEBUGGER DOES NOT STOP ON BREAKPOINT IN RULES WITH SPACE IN NAME   
DT461796DEBUGGER DOES NOT STOP AT DECISION TABLE BREAKPOINT IN RULE DESIGNER   
DT466101CANNOT CREATE EXCEL DOMAIN   
DT462733DIFFERENCES IN RULEAPP GENERATED FROM BUILDCOMMAND AND RULE DESIGNER   
DT459723IN DECISION TABLE COLUMN EDITOR THE PLACEHOLDERS ARE AT THE END OF THE COMPLETION LIST   
DT458167UNEXPECTED ERROR USING THE DECISIONCENTER WEBHOOK NOTIFICATION   
DT466825MIGRATION SCRIPT MAY THROW EXCEPTIONS WHEN DROPPING AND RE-CREATING INDEXES   
DT462293BACKGROUND DELETION THROWS REFERENTIAL INTEGRITY CONSTRAINT VIOLATION   
DT460300MALFORMED SOAP REQUEST NOT RELEASED FROM XU POOL   
DT465307PLACEHODERS LOCATION IN COMPLETION LIST USING HIERARCHICAL MODE   

 

Back to top

User Management Service
Known IssueTitleSec.Cont.B.I.
N/AN/A   

Back to top

Workflow Process Service
Known IssueTitleSec.Cont.B.I.
DT460923CVE-2025-13465 in lodash versions 4.0.0 packaged with Process Admin ConsoleX  
DT453907After upgrading to v24.0.0, Workflow Process Service is no longer available   
DT460832A NullPointerException occurs in a process that contains a user task having a null input variable expression   
DT461716Business Automation Workflow (BAW) server is shut down when a large number of Business Automation Insights (BAI) messages buildup due to RecordTooLargeException   
DT463715Federated Data Repository partitioning must be more resilient   
DT464744Business Automation Workflow audit log generates logs which have an incorrect JSON format   

 

Back to top

Known Limitations

Document change history

  • 30 April 2026: Initial publish.

  • 31 July 2025: Initial publish.

    • [{"Type":"MASTER","Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBYVB","label":"IBM Cloud Pak for Business Automation"},"ARM Category":[{"code":"a8m0z0000001gWWAAY","label":"Other-\u003ECloudPak4Automation Platform"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"24.0.0"}]

    Document Information

    Modified date:
    04 May 2026

    UID

    ibm17262617

    Page Feedback