Readme file for IBM(R) TRIRIGA(R) Application Platform 3.4.2.5 fix pack. Date: October 11, 2016 IBM Corporation Copyright(C) International Business Machines Corporation 2016. All rights reserved. US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. =============================================================================================== Table of Contents =============================================================================================== 1. Introduction 2. Information resources 3. Installation instructions 4. Resolved issues 5. Notices =============================================================================================== 1. Introduction =============================================================================================== This fix pack updates the TRIRIGA Application Platform product. ----------------------------------------------------------------------------------------------- Prerequisites and supported products ----------------------------------------------------------------------------------------------- To install this fix pack, you must already have IBM TRIRIGA Application Platform 3.4.2 installed. =============================================================================================== 2. Information resources =============================================================================================== Knowledge center URL: http://www-01.ibm.com/support/knowledgecenter/SSHEB3_3.4.2/com.ibm.tap.doc_3.4.2/product_landing.html Description: Access the Knowledge Center to view the product documentation. Topics include product overviews; installation and configuration tasks; instructions for using, administering, and troubleshooting the product; and security information. Real Estate and Facilities Management community on Service Management Connect URL: https://www.ibm.com/developerworks/servicemanagement/rfm/ Description: Use Service Management Connect to access blogs, wikis, forums, and communities. In Service Management Connect you can review information such as best practices, performance and tuning, and product integrations. You can also collaborate with IBM experts and the broader user community. IBM TRIRIGA Application Platform support resources portal URL: http://www.ibm.com/support/entry/portal/overview/software/tivoli/ibm_tririga_application_platform Description: The IBM support resources portal provides access to tools and resources to keep your systems, software, and applications running smoothly. From the support resources portal you can find fixes, service requests, useful links and an enhanced search to help you find information quickly. =============================================================================================== 3. Installation instructions =============================================================================================== The fix pack file can be extracted into any directory. Before extracting and running the fix pack, back up the existing TRIRIGA files and make a backup copy of the database. NOTE: In the patch folder for the 3.4.2.5 fix pack, when the fix pack installer backs up the ibm-tririga.war file, the back-up .war file appears as the ibs-tririga.war.bak file. Follow these steps to apply this fix pack: 1 Ensure that no database configuration changes are pending. 2 Shut down all of your application and process servers. 3 Take a backup of the database and of the TRIRIGA install directory. 4 For IBM WebSphere Application Server, after the backup has been completed, restart WebSphere. 5 For Oracle WebLogic installations, the Oracle WebLogic Application Server must be started and running while the fix pack is applied. 6 Download the 3.4.2-TIV-TAP-FP005 file. 7 Unzip the file and run the patch executable file (fixpack_tririga_v3.4.2.5.exe or fixpack_tririga_v3.4.2.5.bin). 8 In the Introduction panel, click Next. 9 In license agreement, accept the terms and click Next. (if you do not accept the terms, the patch will exit) 10 Choose the directory where TRIRIGA is installed. For example: c:\ibm\tririga\ Or /opt/ibm/tririga/ 11 Review the information and click Next. 12 The fix pack process will patch the WAR file, run any platform database fix pack scripts, and redeploy the WAR file in Liberty. 13 For Oracle WebLogic Application Server, delete all of the cache, tmp, and .wlnotdelete directories that may contain files left over from the previous application/ear installation For example: C:\oracle\weblogic10\user_projects\domains\tririga10domain\servers\tririgaServer\cache C:\oracle\weblogic10\user_projects\domains\tririga10domain\servers\tririgaServer\tmp Or /opt/oracle/weblogic10/user_projects/domains/tririga10domain/servers/tririgaServer/cache /opt/oracle/weblogic10/user_projects/domains/tririga10domain/servers/tririgaServer/tmp 14 For Oracle WebLogic Application Server, the fix pack process will attempt to redeploy the WAR file into the managed Server. However because of conditions in the server environment outside of IBM TRIRIGA's control, it may be necessary to manually redeploy the WAR file. Restart the application server when the fix pack has completed, and check the build number in the IBM TRIRIGA Administrator Console. If the old .war file is still shown, redeploy the .war file following Oracle's instructions for deploying a .war application into the managed server. The WAR file is located in the root TRIRIGA install directory: For example: c:\ibm\tririga\tririga-ibs.war /opt/ibm/tririga/tririga-ibs.war 15 For IBM WebShere Application Sever Liberty Core profile, the WAR file should be deployed and the cache directories will be automatically removed. All that is required is to restart Liberty. 16 For WebSphere Application Server, the WAR file will be redeployed and started automatically. If it fails to deploy, you can try to manually. The WAR file is located in the root TRIRIGA install directory: For example: c:\ibm\tririga\ibm-tririga.war /opt/ibm/tririga/ibm-tririga.war 17 For Oracle WebLogic Application Server, the fix pack process attempts to restart the managed server. You might need to manually restart the application server. ========================================================================================================== 5. Resolved issues ========================================================================================================== ---------------- Security Issues: ---------------- IBM does not intend to provide vulnerability details that could enable someone to craft an exploit. IBM uses the Common Vulnerability Scoring System (CVSS) as a standard for communicating the impact of security vulnerabilities in IBM products and solutions. CVSS is an industry open standard for assessing the severity or impact of computer system security vulnerabilities. This standard attempts to establish a numeric measure that represents how much concern or attention the vulnerability warrants. The resulting CVSS score is based on an assessment of a series of metrics. The CVSS Base Score represents the intrinsic and fundamental characteristics of the vulnerability that are typically constant over time and across user environments. For more information, see http://www-03.ibm.com/security/secure-engineering/bulletins.html ---------------------------------------------------------------------------------------------------------- The following security issues were resolved in the TRIRIGA Application Platform 3.4.2.5 fix pack ---------------------------------------------------------------------------------------------------------- CVEID: CVE-2016-6000 TITLE: Cross-site Scripting Vulnerability CVSS Base Score: 6.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116658 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) --- CVEID: CVE-2016-5980 TITLE: Cross-site Scripting Vulnerability CVSS Base Score: 5.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116465 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) ---------------------------------------------------------------------------------------------------------- The following issues were resolved in this fix pack. ---------------------------------------------------------------------------------------------------------- APAR #: IV82434 Defect: 215885 Description: The IMPORT_CONTENT_INCLUDE_EXTENSIONS property only allows documents with specified extensions to upload. --- Defect: 229493 Description: Performance logging was added to the startup classes. To enable performance logging, add the following category to log4j.xml in the configuration folder: --- APAR #: IV85756 Defect: 230949 Description: In CAD Integrator/Publisher and BIM, when you do a command that launches TRIRIGA, such as Edit Record or Launch Portal, authentication now occurs automatically and session expiration messages no longer display. --- APAR #: IV86579 Defect: 233659 Description: Resolved an issue that occurred in Liberty and WebSphere and prevented runtime filters from working when the filters contained multi-byte characters. --- Defect: 233837 Description: In My Reports, non-admin users can now add a related report. --- APAR #: IV86985 Defect: 234177 Description: In Internet Explorer, pop-up windows now display as modal windows to improve visibility and access to all areas of the form. --- APAR #: IV87143 Defect: 234595 Description: An issued was resolved where sorting a column on a query execution page did not sort. --- APAR #: IV86739 Defect: 234759 Description: When a US English user updates the value of a classification field with a full path, and no data language pack was ever imported into the system, the record is now updated in the page after an asynchronous workflow changes it to another state. --- Defect: 234760 Description: In a hierarchy record, the localized path now properly recalculates when the internal value with its name is updated but the localized value with its name is not updated by a language user. The language user is now able to see the correct and recalculated path. In a form, a record with a classification field that shows the full path is no longer marked as modified when it is loaded. --- APAR #: IV86578 Defect: 235498 Description: You can now configure a custom sign out redirect page for single sign-out capabilities. You can set the SSO_SINGLE_SIGN_OUT_REDIRECT_URL property to an external URL or page accessible with a different context root on the server so that users can sign-out of the SSO session. You must add the property to the TRIRIGAWEB.properties file. --- Defect: 237122 Description: In a record, when you enter a number into a non-currency field, the value no longer clears when you save the record. --- APAR #: IV87304 Defect: 237355 Description: The IMPORT_CONTENT_EXCLUDE_EXTENSIONS and IMPORT_CONTENT_INCLUDE_EXTENSIONS properties are now honored regardless of the case that they are entered in the TRIRIGAWEB.properties file. --- APAR #: IV87771 Defect: 237641 Description: Portal Section queries now display the maximum results that are specified in the Portal Builder. --- APAR #: IV88857 Defect: 239624 Description: Invalid BIRT reports no longer display stack traces in user browsers. --- APAR #: IV89017 Defect: 240615 Description: You can manually add the HONOR_DOCUMENT_PERMISSIONS_MODEL_FOR_DOWNLOAD property to the TRIRIGAWEB.properties file. The property enables or disables the legacy download behavior in a document smart object. If the property is set to TRUE, a user's or group's ability to download a document must be set explicitly on the Permissions tab of each document smart object. If the property is set to FALSE, when a user or group has access to view the document smart object, the user can download the document regardless of the group or user permissions set on the document's Permissions tab. The default value of the HONOR_DOCUMENT_PERMISSIONS_MODEL_FOR_DOWNLOAD property is TRUE. A document smart object includes a document that was uploaded in the Notes & Documents tab of a record, for example in a lease. --- APAR #: IV89067 Defect: 241240 Description: An Integration Object issue with the File To DC scheme was resolved. The issue occurred on the Integration Object record definition where if you select the Validation check box, the mapped number fields with decimal values caused validation to fail. --- APAR #: IV86610 Defect: 242207 Description: In the Internet Explorer 11 compatibility view, pop-up windows now display as layers to correctly perform the expected functionality. --- APAR #: IV88937 Defect: 242879 Description: Users in a group with no access to My Reports, Community Reports, or System Reports can search by using the locator query search functionality, and can run related reports for queries that they have access to. Also, for users group with no access to My Reports, Community Reports, or System Reports, in query sections, actions display and perform correctly. --- APAR #: IV82638 Defect: 242882 Description: When you run a report on a form with the Audit tab enabled, the actions at the bottom of the form now process correctly. --- APAR #: IV89474 Defect: 243685 Description: Accepting a user action no longer triggers a security warning. --- Defect: 243727 Description: In a form, the style of the action bar now matches the style of the upper navigation bar. You can change the style in the Tools > Style Manager > Form Styles > Form Tab/Actions Bar Background Color component. --- APAR #: IV89806 Defect: 244675 Description: A Download button was added to the Print Preview tab of a document record in a Notes & Documents tab. This button is only available when the value of the TRIRIGAWEB.property named HONOR_DOCUMENT_PERMISSIONS_MODEL_FOR_DOWNLOAD is set to false. You can change the button color by importing styles for the following classes: NO_PREVIEW_DOWNLOAD_BUTTON_COLOR, NO_PREVIEW_DOWNLOAD_BUTTON_COLOR_PRESSED. --- APAR #: IV85144 Defect: 245334 Description: External reports with format files that were previously in the system do not prevent community and report templates from loading. ==================================================================================================== 6. Notices ==================================================================================================== This information was developed for products and services offered in the US. This material might be available from IBM in other languages. However, you may be required to own a copy of the product or product version in that language in order to access it. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-IBM product, program, or service. IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not grant you any license to these patents. You can send license inquiries, in writing, to: IBM Director of Licensing IBM Corporation North Castle Drive, MD-NC119 Armonk, NY 10504-1785 US For license inquiries regarding double-byte character set (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to: Intellectual Property Licensing Legal and Intellectual Property Law IBM Japan Ltd. 19-21, Nihonbashi-Hakozakicho, Chuo-ku Tokyo 103-8510, Japan INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some jurisdictions do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Any references in this information to non-IBM websites are provided for convenience only and do not in any manner serve as an endorsement of those websites. The materials at those websites are not part of the materials for this IBM product and use of those websites is at your own risk. IBM may use or distribute any of the information you provide in any way it believes appropriate without incurring any obligation to you. Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information which has been exchanged, should contact: IBM Director of Licensing IBM Corporation North Castle Drive, MD-NC119 Armonk, NY 10504-1785 US Such information may be available, subject to appropriate terms and conditions, including in some cases, payment of a fee. The licensed program described in this document and all licensed material available for it are provided by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement or any equivalent agreement between us. The performance data discussed herein is presented as derived under specific operating conditions. Actual results may vary. The client examples cited are presented for illustrative purposes only. Actual performance results may vary depending on specific configurations and operating conditions. The performance data and client examples cited are presented for illustrative purposes only. Actual performance results may vary depending on specific configurations and operating conditions. Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. Statements regarding IBM's future direction or intent are subject to change or withdrawal without notice, and represent goals and objectives only. All IBM prices shown are IBM's suggested retail prices, are current and are subject to change without notice. Dealer prices may vary. This information is for planning purposes only. The information herein is subject to change before the products described become available. This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to actual people or business enterprises is entirely coincidental. COPYRIGHT LICENSE: This information contains sample application programs in source language, which illustrate programming techniques on various operating platforms. You may copy, modify, and distribute these sample programs in any form without payment to IBM, for the purposes of developing, using, marketing or distributing application programs conforming to the application programming interface for the operating platform for which the sample programs are written. These examples have not been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of these programs. The sample programs are provided "AS IS", without warranty of any kind. IBM shall not be liable for any damages arising out of your use of the sample programs. Each copy or any portion of these sample programs or any derivative work must include a (c) (your company name) (year). Portions of this code are derived from IBM Corp. Sample Programs. (c) Copyright IBM Corp. _enter the year or years_. Trademarks IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml. Terms and Conditions For Product Documentation Permissions for the use of these publications are granted subject to the following terms and conditions. Applicability These terms and conditions are in addition to any terms of use for the IBM website. Personal Use You may reproduce these publications for your personal, noncommercial use provided that all proprietary notices are preserved. You may not distribute, display or make derivative work of these publications, or any portion thereof, without the express consent of IBM. Commercial Use You may reproduce, distribute and display these publications solely within your enterprise provided that all proprietary notices are preserved. You may not make derivative works of these publications, or reproduce, distribute or display these publications or any portion thereof outside your enterprise, without the express consent of IBM. Rights Except as expressly granted in this permission, no other permissions, licenses or rights are granted, either express or implied, to the publications or any information, data, software or other intellectual property contained therein. IBM reserves the right to withdraw the permissions granted herein whenever, in its discretion, the use of the publications is detrimental to its interest or, as determined by IBM, the above instructions are not being properly followed. You may not download, export or re-export this information except in full compliance with all applicable laws and regulations, including all United States export laws and regulations. IBM MAKES NO GUARANTEE ABOUT THE CONTENT OF THESE PUBLICATIONS. THE PUBLICATIONS ARE PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE. Privacy Policy Considerations IBM Software products, including software as service solutions, (Software Offerings) may use cookies or other technologies to collect product usage information, to help improve the end user experience, to tailor interactions with the end user or for other purposes. In many cases no personally identifiable information is collected by the Software Offerings. Some of our Software Offerings can help enable you to collect personally identifiable information. If this Software Offering uses cookies to collect personally identifiable information, specific information about this offerings use of cookies is set forth below. This Software Offering does not use cookies or other technologies to collect personally identifiable information. If the configurations deployed for this Software Offering provide you as customer the ability to collect personally identifiable information from end users via cookies and other technologies, you should seek your own legal advice about any laws applicable to such data collection, including any requirements for notice and consent. For more information about the use of various technologies, including cookies, for these purposes, see IBMs Privacy Policy at www.ibm.com/privacy and IBMs Online Privacy Statement at www.ibm.com/privacy/details in the section entitled Cookies, Web Beacons and Other Technologies and the IBM Software Products and Software-as-a-Service Privacy Statement at www.ibm.com/software/info/product-privacy/.