Fix Readme
Abstract
Urgent and Apar information for IBM Security Verify Access 10.0.0.1 firmware upgrade.
Please read all urgent information in this document before performing any actions.
Content
Content
1) Steps to consider before applying firmware upgrade:
a) Read Upgrading to the current version
Please note: There is no need to create a backup partition, the partition backup will be over written during firmware update and current partition will become the backup partition
c) After the firmware update is applied, the external database schema updates MUST be applied via database update documentation
2) The firmware update should be applied as soon as possible for FULL software support of non-ISAM embedded software
Liberty
The non-ISAM embedded software must be applied via firmware update
3) This firmware update contains the following
Security vulnerabilities
Performance improvements
Memory leaks
Memory crashes
c) Performance testing of all business use cases in identical production if possible
IBM strongly recommends you subscribe to My Notifications, you will be able to receive the latest urgent information of this document and feedback of IBM Products.
You find more information about My Notifications here IBM My Notifications
APARS fixed in ISAM 10.0.0.1 firmware upgrade
APAR |
Description |
IJ15503 |
SP INITIATED SSO WITH PARTNER IDP FAILS WITH ERROR FBTLIB104E THE RECEIVED MESSAGE WAS NOT SIGNED |
IJ20226 |
PARAMETER IS NOT VALID : HVDB_ADDRESS: THIS VALUE MUST BE AN IP ADDRESS OR FULLY QUALIFIED DOMAIN NAME (FQDN) |
IJ20655 |
UPGRADE ISAM HARDWARE APPLIANCE CORRUPTS GRUB BOOT MENU |
IJ22428 |
WHEN ISSUE REFRESH TOKEN IS DISABLED AN INCORRECT VALUE FOR EXPIRES IN IS CALCULATED FOR THE ACCESS TOKEN |
IJ22571 |
ISAM SAML SP WITH LONG TARGER URL RESULTS IN HTTP 500 |
IJ22755 |
WEBSEAL -> MANAGING ADMINISTRATION PAGES -> IMPORT BEHAVIOR CHANGED FROM 906 TO 907 |
IJ23000 |
UNABLE TO SELECT “UNSPECIFIED” FOR DEFAULT NAMEID LMI will now list urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified for default NameID format |
IJ23062 |
ISPASSWORDVALID() FUNCTION NOT RENDERING CORRECT VALUE |
IJ23104 |
STS CHAIN EXCEPTION HIERARCHY_REQUEST_ERR WHEN USING USERANME AND PASSWORD MODULE New Boolean Advanced Configuration 'sts.wstrust.error.shortexception' display full STS exception stack (default:false) or display the exception message |
IJ23198 |
SUPPORT FOR PERSISTENT TIMEOUT CONFIGURATION FOR WAS LIBERTY |
IJ23488 |
STALE GSO CACHE ENTRIES FOR USER CANNOT BE REMOVED AT LOGIN Reverse Proxy configuration |
IJ23647 |
MMFA PUSH NOTIFICATION DOES NOT COMPLETE SUCCESFULLY |
IJ23797 |
ALLOWED GRANT TYPES ON DYNAMIC REGISTERED CLIENTS IGNORING NON-ALLOWED TYPES |
IJ23841 |
UNABLE TO DISABLE TLS RENEGOTIATION ON REVERSE PROXY ADMIN PORT Reverse Proxy, Authorization Server, Policy Server configuration [ssl] disable-renegotiation = false |
IJ23926 |
FONT FILE IN AAC TEMPLATE FILES PRODUCES 404 HTTP ERROR New string array advanced configuration 'sps.page.jsCompileFileExtensions' (default:html,json) compile extensions when retrieving pages specific to Federation flows |
IJ24035 |
OAUTH RELATED DB ARTIFACTS ARE NOT ALWAYS CLEANED UP AFTER USE |
IJ24036 |
OAUTH TEMPLATE PAGE'S ERROR CODE MACRO VALUE CHANGES WHEN THE PAGE IS CUSTOMISED WITH SCRIPTING |
IJ24151 |
GRANT MANAGEMENT NOT WORKING AT 9070 |
IJ24271 |
ISAM REVERSE PROXY 907 EDITING WEBSEAL CONFIGURATION VIA LMI CHANGES DEFAULT LANG |
IJ24277 |
DOCKER: ISAM_CLI SHUTDOWN NO LONGER WORKS AFTER V9.0.7.1 |
IJ24300 |
REST API DOES NOT VALIDATE DUPLICATE HOST ENTRIES |
IJ24874 |
REMOTE SYSLOG AGENT HIGH CPU ONLY RESOLVED BY RESTART |
IJ25189 |
THE PASSWORD SETTINGS IN THE [ITIM] STANZA ARE NOT OBFUSCATED |
IJ25439 |
AN ACCESS POLICY USING PROTOCOLCONTEXT.GETFEDERATIONNAME() RETURNS COMPANY NAME |
IJ25544 |
RESTAPI GET REQUEST DUPLICATE COOKIE HEADER RETURNE |
IJ25575 |
REST_API: EXPORT ADMINISTRATION PAGES ROOT AS A .ZIP FILE RESULTS IN "405 METHOD NOT ALLOWED" |
IJ25718 |
METHOD TO DELETE HASHED TOKENS FROM MAPPING RULE |
IJ25850 |
CANNOT DELETE CONTENTS OF DEFAULT LOCATION FOR POLICY SERVER AUDITING |
IJ25865 |
OIDC 'FBTOIC106E Invalid state' OBSERVED |
IJ25898 |
CANNOT USE LARGE TOKENS WITH IBM DB2 AS HVDB |
IJ26004 |
CANNOT USE LARGE TOKENS WITH IBM DB2 AS HVDB |
IJ26008 |
DBUPDATE TOOL INCORRECTLY REFERENCES SOLIDDB AS A VALID TARGET DATABASE FOR UPGRADE |
IJ26025 |
AAC AUDIT LOG SHOWS ACCESS TOKEN |
IJ26092 |
INTERNAL REDIRECT FROM VIRTUAL HOST JUNCTION FAILS TO RESOURCES ON STANDARD JUNCTION |
IJ26119 |
SPACE CHARACTERS ARE ENCODED AS PLUS SIGNS IN POC ATTRIBUTES WITH URL.ENCONDING.ENABLED=TRUE |
IJ26125 |
REST API TO RETRIEVE WEBSEAL CONFIGURATION DOES NOT SHOW EMPTY VALUES |
IJ26146 |
ISAM 9.0.7.0 UPGRADE CHANGES SERVER LOG (MSG_WEBSEALD-XXX.LOG) '--' SEPARATOR TO 'NEW LINE' SEPARATOR Reverse Proxy configuration |
IJ26175 |
HOW EFFECTIVELY CHANGE THE SPNAMEQUALIFIER FROM IDP MAPPING RULE |
IJ26345 |
IN-PLACE TRUSTEER PIP IS OVERWRITTEN DURING FIRMWARE UPGRADE |
IJ26399 |
RSA CONFIG: JAVA.LANG.NOCLASSDEFFOUNDERROR COM.RSA.AUTHAGENT.AUTHAPI.CONFIG.AGENTPROPERTIES (INITIALIZATION FAILURE) |
IJ26413 |
LMI SSL CERTIFICATE UPDATE IS NOT GUARANTTEED TO BE SUCCESSFUL ALL THE TIME |
IJ26416 |
DISALLOW PATH IN POLICY SERVER AUDITLOG SETTING Also enforces audit log file name must end in .log |
IJ26474 |
OAUTH JWKS FILE MISSING "ALG" FIELD |
IJ26646 |
MAKE PRE ISAM 9.0.7.0 UNAUTHENTICATED LOGOUT CONFIGURABLE Backward compatibility to restore pre-IJ15386 behavior |
IJ26710 |
RUNTIME LOGGING FALSE FBTSPS134E MESSAGES |
IJ26766 |
IMPORT-CLASS OF ATTRIBUTEUTIL THROWING "FUNCTION IMPORTCLASS MUST BE CALLED WITH A CLASS" |
IJ26833 |
IGNORES CLIENT ID MISMATCH BETWEEN HEADER AND BODY FOR TOKEN EXCHANGE New Boolean 'isva.oauth20.ignoreClientIdMismatch' if set to true ignores client ID mismatch between header and body for token exchange of a non-confidential client |
IJ26936 |
REMOTE SYSLOG FORWARDER STOPS SENDING EVENTS WHEN LOG FILE IS CLEARED Note: When any files are cleared the rsyslogd will reload and may resend portion of the log |
IJ26968 |
UNABLE TO CONNECT TO EXTERNAL POSTGRESQL 12 WITH SSL |
IJ27141 |
FEDERATION 30 SECOND DELAY ON DSC FAILOVER |
IJ27143 |
WEBSEAL ABENDS ON STARTUP WHEN APPLYING ENVIRONMENT VARIABLES |
IJ27306 |
ONLY WEBSEAL SERVERS SHOWN IN LMI DISTRIBUTED SESSION CACHE SERVERS SCREEN |
IJ27360 |
SCIM DEMO THROWS NPE IN 9071 |
IJ27362 |
SNIPPET-FILTER SHOULD NOT INSERT SNIPPETS INTO MANAGEMENT PAGES SERVED |
IJ27707 |
AVOID AAC RUNTIME CONTENTION WHICH CAUSE DISRUPTION/HANG Disable OAuth token cleanup thread via new REST API endpoint oauth20.tokenCache.cleanupWait to "-1" Restore OAuth token cleanup thread after work is completed via new REST API endpoint oauth20.tokenCache.cleanupWait > 0 (original setting) |
IJ27847 |
REVERSE PROXY ABENDS WHEN DESERIALIZING DSC SESSION DATA |
IJ27926 |
ISAM ON DOCKER SHOULD SHOW FIXPACK ON DASHBOARD AND UNDER FIXPACKS |
IJ27928 |
UPDATE TO MULTIPLE DEPENDENT SOFTWARE PRODUCTS Java Runtime 8.0.6.11 db2 jdbc drivers 11.5 isfs 2.1.0 log4j 2.13.2 |
Related Information
Was this topic helpful?
Document Information
Modified date:
12 October 2020
UID
ibm16339229