Readme file for: IBM® FileNet® P8 Content Platform Engine Container
Update name: 5.5.8.0-P8CPE-Container
Fix ID: 5.5.8.0-P8CPE-Container-IF006
Publication date: 28 February 2024
Last modified date: 28 February 2024
This Interim Fix can be deployed on Red Hat OpenShift, or a certified Kubernetes managed container environment. The interim fix supports the rolling update feature in Kubernetes which enables you to keep your environment up and running while applying the minor version update to each of the services in your configuration. For more information about installations and major upgrades see below "Installation" section.
The following changes are introduced in this 5.5.8.0-P8CPE-Container-IF006 Interim Fix:
The following changes are introduced in this 5.5.8.0-P8CPE-Container-IF005 Interim Fix:
The following changes are introduced in this 5.5.8.0-P8CPE-Container-IF004 Interim Fix:
The following changes are introduced in this 5.5.8.0-P8CPE-Container-IF003 Interim Fix:
The following changes are introduced in this 5.5.8.0-P8CPE-Container-IF002 Interim Fix:
The following changes are introduced in this 5.5.8.0-P8CPE-Container-IF001 Interim Fix:
User-based license metrics User Name Hashing can be disabled by FileNetEngine application JVM option. Application Servers deployed with the FileNetEngine application using the latest listener.jar library can request user names be stored in clear text by disabling user name hashing with the new JVM option "filenet.pch.USERNAMEHASH=disabled". The default mode is "enabled". Note that data already extracted and stored by the ILMTCollector tool into a local Derby database in hashed form will not be updated to non-hashed form. Only new data extracted from a CPE instance with the JVM option filenet.pch.USERNAMEHASH=disabled will store user names in clear text.
This interim fix requires:
Following are some known problems and restrictions that are related to this Interim Fix:
You can access the container images in the IBM Entitled Registry (Docker registry).
Important: If you are using this Interim Fix as a part of a new deployment of the FileNet Content Manager containers, you must deploy the container as described in the Knowledge Center topic Deploying a new P8 domain by using containers. Additionally review the GitHub Interim Fix Update Readme file for other important information that may be required when installing the container deployment. Link to the Interim Fix Update Readme file provided below.
Important: If you are using this Interim Fix as a part of a upgrading an existing deployment, you must deploy the container as described in the Knowledge Center topic Upgrading container deployments. Additionally review the GitHub Interim Fix Update Readme file in the ibm-ecm/container-samples GitHub repository for other important information that may be required when upgrading the container deployment. Link to the Interim Fix Update Readme file provided below.
To use this Interim Fix to update a deployment of the container to a new minor version, follow the procedures in the Interim Fix Update Readme file
After the operator processing completes, verify the Content Platform Engine deployment.
Updates to the Content Platform Engine client files must be installed as needed on the Content Platform Engine clients. See the Readme for the Content Platform Engine interim fix 5.5.8.0-P8CPE-Container-IF006 for details.
Updates to the Content Platform Engine client tools must be installed as needed on the Content Platform Engine tools. See the Readme for the Content Platform Engine interim fix 5.5.8.0-P8CPE-IF006 for details.
The following table lists the product fixes included in this interim fix.
Deployment type: T=Traditional application server, C=Containerized, A=All deployment types
APAR |
Deployment |
Description |
|---|---|---|
DT244913 |
A |
Case History: Activity Comments not showing up in time-line visualizer. |
PJ47131 |
A |
Enhancement: Add TLSv1.2 to Process Engine (PE) Workflow:sendMail property collection for tWAS 8.5.5 support. New flag is -Dcom.filenet.mail.smtp.protocols (e.g. -Dcom.filenet.mail.smtp.protocols=TLSv1.2) |
PJ47134 |
A |
Content Search Services (CSS) documents not indexed if CBRTemp area not found. |
PJ47135 |
A |
Process Engine (PE) Workflow System function xmlinsertchildfirst does not work for xsl reference after upgrade. |
PJ47159 |
A |
Penetration (PEN) Test (Low): IBM Administrative Console for Content Platform Engine (ACCE) HTML Code Injection-Authentication security vulnerability. |
PJ47161 |
A |
PSIRT ADV0085804 (CVE-2023-38366): IBM Administrative Console for Content Platform Engine (ACCE) Unauthenticated Path Traversal security vulnerability. Affected and vulnerable. See security bulletin 7039783. Resolved by IBM Content Navigator (ICN) toolkit icn3011.013.525. |
PJ47163 |
A |
Content Search Services (CSS) Content Based Retrieval (CBR) Indexing of Apple .pages causes Oracle Outside In Technology (OIT) Access Violation (961) error preventing indexing of other content elements. |
PJ47165 |
C |
Administration Console for Content Platform Engine (ACCE) unable to download Client API jar files individually in CP4BA container environment. |
PJ47171 |
A |
Administration Console for Content Platform Engine (ACCE) and Content Platform Engine (CPE) server should not allow domain updates which leave no one with Admin access. |
PJ47178 |
A |
Administration Console for Content Platform Engine (ACCE) local SMTP settings can not be turned off once enabled. |
PJ47185 |
A |
Content Engine (CE) versionSeries.markForDeletion(bin, "CmRecoveryItem") throws PERSIST_RECOVERYITEM_NOT_SUPPORTED in a sweep action after initial error. |
PJ47186 |
A |
Content Engine (CE) throws CONTENT_KEY_MISSING when using ASA with multiple content encryption keys. |
PJ47208 |
A |
PSIRT ADV0102948 (CVE-2023-47716): Content Platform Engine (CPE) user may gain authorization privileges of another user in specific cases security vulnerability. See security bulletin 7078780. |
PJ47211 |
A |
Thread deadlock contention is preventing Process Engine (PE) server from starting. |
PJ47220 |
A |
Content Engine (CE) server CMCL-P8-*.JAR file leak in /tmp folder. |
PJ47225 |
A |
Administration Console for Content Platform Engine (ACCE) can not list any ApplicationSpace of workflow system after adding more then two new workspaces including Japanese. |
PJ47228 |
A |
Administration Console for Content Platform Engine (ACCE) Simple Search Results and SQL Search Results are different. |
PJ47232 |
A |
Administration Console for Content Platform Engine (ACCE) Process Configuration Console (PCC) Error on Committing Changes - Failed API_TransferConfig. |
PJ47241 |
A |
Process Engine (PE) workflow case insensitive search using IN and collection is not correct. |
n/a |
A |
PSIRT ADV0094631 (CVE-2023-22045, CVE-2023-22049): IBM Java Runtime Environment (JRE) security vulnerabilities, affected, not vulnerable. Fixed in IBM JRE v8.0.8.10 (August 18, 2023). |
n/a |
A |
PSIRT ADV0102924 (CVE-2023-22081, CVE-2023-22067, CVE-2023-5676): IBM Java Runtime Environment (JRE) security vulnerabilities, affected, not vulnerable. Fixed in IBM JRE v8.0.8.15 (November 16, 2023). |
n/a |
A |
PSIRT ADV0105614 (WS-2023-0429, GHSA-r68h-jhhj-9jvm): ESAPI.jar security vulnerability in Administration Console for Content Platform Engine (ACCE)/IBN Content Navigator (ICN). Affected, not vulnerable. Resolved by IBM Content Navigator (ICN) toolkit icn3011.015.586 with ESAPI v2.5.3.1. |
n/a |
A |
PSIRT ADV0105883 (CVE-2022-46337): FileNet Deployment Manager (FDM) Apache Derby security vulnerability. Affected, not vulnerable. Resolved by private Apache Derby v10.14.3.0. |
APAR |
Deployment |
Description |
|---|---|---|
PJ47017 |
A |
PSIRT Advisory ADV0078746 (CVE-2023-24998): Apache Commons FileUpload security vulnerabilities. See security bulletin 6958745. Fixed in Apache commons-fileupload v1.6 (February 2023). |
PJ47019 |
A |
Issue with Administration Console for Content Platform Engine (ACCE) choicelists. |
PJ47026 |
A |
Content Platform Engine (CPE) ping page reference to IBM.COM does not satisfy an AppScan security requirement. |
PJ47030 |
A |
FileNet Deployment Manager (FDM) java.lang.String incompatible with java.lang.Long error occurs when building principal half map from a previously converted entry template. |
PJ47033 |
A |
Administration Console for Content Platform Engine (ACCE): Performance Enhancement during folder browse to not return referentially contained folders. |
PJ47048 |
A |
|
PJ47049 |
A |
Process Engine (PE) Improve ISI error handling and Instruction Sheet Interpreter (ISI) tracing in load situations with Wait for Condition. |
PJ47052/DT196140 |
A |
Security finding (CVE-2023-25194) in kafka-clients reported for Content BAI Emitter. |
PJ47063 |
A |
Administration Console for Content Platform Engine (ACCE) still does not offer to save the modified search. |
PJ47064 |
A |
Case History database are performing implicit conversion due to non-matching datatypes between the query and the database. |
PJ47079 |
A |
Content Engine (CE) E_ACCESS_DENIED occurs when setting retention after freezing a document. |
PJ47081 |
A |
PSIRT jose4j security vulnerability in Administration Console for Content Platform Engine (ACCE). (jose4j removed) |
PJ47086 |
A |
Administration Console for Content Platform Engine (ACCE) event queue item issue. |
PJ47088 |
A |
PSIRT ADV0088146 (CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938, CVE-2023-2597): IBM Java Runtime Environment (JRE) security vulnerabilities, affected, not vulnerable. See security bulletin 7001699. Fixed in IBM JRE v8.0.8.5 (June 5, 2023). |
PJ47094 |
A |
PSIRT ADV0088146: Cross Site Scripting (XSS) in DetailedStatus security vulnerability. See security bulletin 7001699. |
PJ47105 |
A |
Content Platform Engine (CPE) Text Extractor Access Violation (961) error can occur extracting text from large files on AIX/Linux servers. |
PJ47108 |
T |
FileNet Deployment Manager (FDM) - convert service data for CmAcmPage/ICMPage objects does not convert for the .html file. |
PJ47129 |
A |
PSIRT ADV0093561 (CVE-2022-40609) IBM JRE Object Request Broker (ORB) Security Vulnerability. See security bulletin 7027874. |
APAR |
Deployment |
Description |
|---|---|---|
PJ46915 |
A |
Content Engine (CE) Storage: Azure Adaptive Security Appliance (ASA) upload large content timeout fix. |
PJ46923 |
A |
Administration Console for Content Platform Engine (ACCE) does not offer to save the modified search under all circumstances. |
PJ46943 |
A |
PSIRT ADV0070229 (CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628): IBM Java (JRE) LDAP security vulnerabilities. See security bulletin 6839869. Updated to IBM JRE 8.0.7.20 (November 2022) |
PJ46954 |
A |
Administration Console for Content Platform Engine (ACCE) SQL View search raises an error if the property "snlJointTest" is included. |
PJ46961 |
A |
Administration Console for Content Platform Engine (ACCE) Missing Recovery Item class when Cloning Custom Job. |
PJ46963 |
A |
Content Engine (CE) Wrong target class is used when evaluating a role permission. See technote 6955831. |
PJ46968 |
A |
Administration Console for Content Platform Engine (ACCE) SMPT Subsystem - eMail login password. |
PJ46980 |
A |
FileNet Deployment Manager (FDM) "DeploymentManagerCmd.bat --samples" does not display log messages to the console. |
PJ46991 |
A |
Administration Console for Content Platform Engine (ACCE) FLNVULN - LTPATOKEN2 cookie needs to be HTTPOnly, however not available in CPE. |
PJ46996 |
A |
PSIRT ADV0076206 (CVE-2022-27404, CVE-2022-37434, CVE-2022-43680, CVE-2022-1122): Oracle Outside In Technology (OIT) security vulnerabilities. See security bulletin 6857861. Fixed in Oracle Outside In Technology (OIT) v8.5.6 BP#4 p34881262 (January 2023). |
APAR |
Deployment |
Description |
|---|---|---|
PJ46657 |
A |
Content Engine (CE) Outside-In Technologies (OIT) Thumbnail of PDF hangs and fails to generate. |
PJ46843 |
A |
Administration Console for Content Platform Engine (ACCE) not able to access the Search option when SavedSearches folder is renamed. |
PJ46844 |
A |
Administration Console for Content Platform Engine (ACCE) bad error messages from Security Templates. |
PJ46845 |
A |
SCIM directory configuration does not support user with Domain Name (DN) length greater than 508 characters. |
PJ46870 |
A |
Replication continues even after a file system storage device is removed from an advanced storage area. |
PJ46871 |
A |
Process Engine (PE) CE_Operations.sendMailTemplate() failed after Axis2 v1.8.0 upgraded. |
PJ46882 |
A |
Content Engine (CE) Storage: Move content job sweep fails when updating storage policy for version 0.1 reserved documents. |
PJ46884 |
A |
Send MSSQL date/time columns as literals fails in locale other than en-us. |
PJ46885 |
A |
Add support for mapping members of a Static Role to FileNet Deployment Manager (FDM). |
PJ46886 |
A |
Administration Console for Content Platform Engine (ACCE) LocalizedString table is adding rows for choice list value display names for en-us, then en, then en-us locales. |
PJ46887 |
A |
Content Engine (CE) configured with SunOneProvider/Oracle Unified Directory (OUD) on Server Side Sort (SSS) results in error when searching without a filter. |
PJ46888 |
A |
Case Analyzer: Update Case Analyzer query to get full view definition from MSSQL. |
PJ46906 |
A |
Administration Console for Content Platform Engine (ACCE) unable to add item to choice list when an existing choice item has a null value. |
PJ46926 |
A |
Remove port number from TransportReciever config in PEWS axis2.xml. |
PJ46933 |
C |
Microsoft Active Directory (MSAD) Nested Group user access performance. |
APAR |
Deployment |
Description |
|---|---|---|
PJ44426 |
A |
Content Search Services (CSS) unable to find Brazil formatted dates in an excel file. |
PJ46366 |
A |
Content Search Services (CSS) Content Based Retrieval (CBR) Queries failing because space not preserved during PDF text extraction. |
PJ46534 |
A |
Content Search Services (CSS) TextExtraction with OIT fails on MS Word 2003 document with protected text: Search Export reports "file is corrupt (0x0009)" error. |
PJ46581 |
A |
Case Analyzer Database Latency with Oracle Database. |
PJ46762 |
A |
Case History Auditing of a GetObject action under impersonation fails with E_ACCESS_DENIED. |
PJ46770 |
A |
Problem when creating component queues in ACCE. |
PJ46771 |
A |
Process Engine (PE) Eventhandler code for CE subscriptions should do case insensitive check for connection point. |
PJ46785 |
A |
Administration Console for Content Platform Engine (ACCE) Custom Object creation does not retain the user defined Containment Name. |
PJ46786 |
A |
Administration Console for Content Platform Engine (ACCE) throws "cannot find object in collection" when updating a property template Description field from blank to a valid new value. |
PJ46794 |
A |
Initial document ingestion with storage area compression enabled causes Null Pointer Exception error. |
PJ46797 |
A |
Administration Console for Content Platform Engine (ACCE) performance issue it takes 30 seconds to display saved searches. |
PJ46798 |
A |
Content Platform Engine (CPE) fails to properly process username containing Scandinavian characters using SCIM provider. |
PJ46803 |
A |
Administration Console for Content Platform Engine (ACCE) Security tab is missing in Event Action. |
PJ46815 |
A |
PSIRT ADV0053879 (CVE-2022-21496): IBM Java (JRE) LDAP security vulnerabilities (April 2022 Oracle Critical Update Patch). See security bulletin 6591917. |
PJ46824 |
A |
"The repository is not available" error occurs on first attempt to logon to IBM Content Navigator (ICN). |
PJ46840 |
A |
Process Engine (PE) Process Designer (PD) may start either off-screen or minimized. |
PJ46841 |
A |
Multiple failed logons lock user when standalone Process Engine (PE) Process Designer (PD) tries a bad password. |
APAR |
Deployment |
Description |
|---|---|---|
PJ46568 |
A |
PSIRT ADV0032964 (CVE-2021-31811, CVE-2021-31812): Apache PDFBox security vulnerability. See security bulletin 6467839. Fixed in PDFBox/FontBox v2.0.25. |
PJ46677 |
A |
Content Platform Engine (CPE) S3 Storage URL Encoding implementation not fully compatible with Amazon Web Services (AWS) specs. |
PJ46692 |
A |
Administration Console for Content Platform Engine (ACCE) display error in the Audit Definitions configuration. |
PJ46694 |
A |
Case Analyzer Events are getting quarantined incorrectly. |
PJ46696 |
A |
Administration Console for Content Platform Engine (ACCE) plugin is not loading with navigator layout in IBM Content Navigator (ICN). |
PJ46702 |
A |
Administration Console for Content Platform Engine (ACCE) version translations in upper right are incorrect. |
PJ46709 |
A |
FileNet Deployment Manager (FDM) - Retrieve connection point half map from deploy data set with workflow definition does not extract Isolated Region. |
PJ46722 |
A |
FileNet Deployment Manager (FDM) - Retrieve and convert service data for CmAcmPage/ICMPage objects does not work. |
PJ46727 |
A |
FileNet Deployment Manager (FDM) - Reassign of an object store from version 5.5.1 fails. |
PJ46730 |
A |
Process Engine (PE) HTTP date header contains non-English words. |
PJ46742 |
A |
BAI Content Event Emitter does not use correct type for document properties in emitted events. |
PJ46748 |
A |
FileNet Deployment Manager (FDM) - Reassign of an object store fails if the directory configurations are in a different order. |
PJ46775 |
A |
FileNet Deployment Manager (FDM) - Retrieve principal data for ICN Entry Templates objects does not work. |
This information was developed for products and services offered in the U.S.A.
IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not grant you any license to these patents. You can send license inquiries, in writing, to:
IBM Director of Licensing IBM Corporation J74/G4 555 Bailey Avenue San Jose, CA 95141 U.S.A.
For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to:
Intellectual Property Licensing Legal and Intellectual Property Law IBM Japan, Ltd. 19-21, Nihonbashi-Hakozakicho, Chuo-ku Tokyo 103-8510, Japan
The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you.
This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice.
Any references in this information to non-IBM Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk.
IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you.
Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information which has been exchanged, should contact:
IBM Corporation J46A/G4 555 Bailey Avenue San Jose, CA 95141-1003 U.S.A.
Such information may be available, subject to appropriate terms and conditions, including in some cases, payment of a fee.
The licensed program described in this document and all licensed material available for it are provided by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement or any equivalent agreement between us.
Any performance data contained herein was determined in a controlled environment. Therefore, the results obtained in other operating environments may vary significantly. Some measurements may have been made on development-level systems and there is no guarantee that these measurements will be the same on generally available systems. Furthermore, some measurements may have been estimated through extrapolation. Actual results may vary. Users of this document should verify the applicable data for their specific environment.
Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products.
All statements regarding IBM's future direction or intent are subject to change or withdrawal without notice and represent goals and objectives only.
This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental.
COPYRIGHT LICENSE:
This information contains sample application programs in source language, which illustrate programming techniques on various operating platforms. You may copy, modify and distribute these sample programs in any form without payment to IBM, for the purposes of developing, using, marketing or distributing application programs conforming to the application programming interface for the operating platform for which the sample programs are written. These examples have not been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of these programs. The sample programs are provided "AS IS", without warranty of any kind. IBM shall not be liable for any damages arising out of your use of the sample programs.
IBM, the IBM logo and ibm.com are trademarks or registered trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.
Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both.
Microsoft, Windows, Windows NT and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.
UNIX is a registered trademark of The Open Group in the United States and other countries.
Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates.
Other product and service names might be trademarks of IBM or other companies.
| Date |
Description |
|---|---|
| 28 February 2024 |
Initial interim fix release. |