Please Read: Before starting the Control Center upgrade/uninstall process, you must backup the entire "conf" directory found under Control Center install location. Please follow the steps below before upgrading: The following instructions apply to maintenance upgrades. 1. Stop Control Center engine If you are upgrading from a pre-6.1.2.1 release to 6.1.2.1 (i.e. upgrading FROM 5.4.2.2 through 6.1.2.0 TO 6.1.2.1), the initial upgrade to 6.1.2.1 cannot be a rolling upgrade. You must bring down all EPs and upgrade each EP to 6.1.2.1 before starting any of the EPs again. All EPs must be in sync for the initial upgrade to 6.1.2.1, before being started. After the initial upgrade to 6.1.2.1, you may resume with rolling upgrades (eg. 6.1.2.1 to 6.1.2.1 iFix01), where one EP is brought down at a time, upgraded, then restarted. 2. Back up the existing configuration data: If upgrading from 5.4.2.2 or prior, back up \conf directory found under Control Center install location. Backup your Control Center database. If upgrading from 6.0.0.0 or later, run exportConfig.sh/bat under \bin. The script creates a folder with all of the configuration data from the database and the conf folder. The location of this folder is conf-exported/{date_time}/conf. As per your need, for recovery purpopse, backup your existing Control Center database. 3. Proceed normally with installing the latest version of Control Center in original . (The installer would automatically un-install the previous version - but all of the configuration data will still be there). 4. On Unix, Linux platforms, run configCC.sh -------------------------------------------- 6.1.2.1 iFix04 (Released 07/08/2020) 1. IT32651/MFT-11059/TS003396613 (2020-4-24) Description of issue: Reoccuring "ORA-01000: maximum open cursors exceeded" errors and/or seeing high database cursor usage by ICC. Description of fix: Reduced cursor usage by changing two queries to no longer be cached. Also slightly altered the logic that logs when SQL exceptions occur to better log the SQL command value. 2. IT32611/MFT-11055/TS003575866 (2020-4-24) Description of issue: When ICC is far behind in monitoring SFG servers, perhaps because monitoring was paused, or ICC was down for an extended amount of time, it struggles to ever catch up. Description of fix: Made some small logic changes to address an inefficiency in queries initiated to retrieve "missing" arrived file route and delivery data. Altered the default engine property values for FG_RETRY_INTERVAL and FG_MAX_RETRIES. These properties control how often, and how frequently, ICC will request missing route and delivery data from SFG. Default for FG_RETRY_INTERVAL is now 2000. (A number of milliseconds.) Its default was 10000. Also, before, if the value specified was less than 60, ICC would instead use a much larger value. That's no longer the case. Default for FG_MAX_RETRIES is now 2. It was 10. Also, before the changes for this issue, even if FG_MAX_RETRIES were to be set to 0, ICC would have retried once anyway. That's no longer the case. Also, one new engine property was added - MAX_B2B_EVENT_AGE_IN_MINUTES_TO_LOOK_BACK_IN_DB_FOR. It's default is 64800, which equates to 45 days. This engine property tells ICC to not try to attempt to retrieve any missing arrived file route or delivery data for events that are older than the value specified, which would be 45 days if the default is not overridden. Finally, a small change was made to do a better job of logging SQL exceptions when they occur. 3. MFT-11093/TS003646841 (2020-4-29) Description of issue: When ICC is shutdown errors may fill up all log files from services that don't notice a shutdown is in progress. Description of fix: Logic added to ControllerMonitor, EventProcessorMonitor, ProcessSummaryService, ProcessSummaryWorker, ClusterEventMonitor, EnvironmentMonitor, and EventMonitor to watch for when ICC is shutting down and they now terminate their looping when that occurs. 4. IT32677/MFT-11085/TS003602851 (2020-4-29) Description of issue: When SSP adapters are assigned to multiple SSP engines ICC has problems handling their status. Description of fix: ICC logic updated to handle the situation where one SSP adapter may be assigned to more than one SSP engine. 5. IT32676/MFT-11047/TS003572480 (2020-4-29) Description of issue: Rules created or updated by the Swing console that have return code as a criteria process return code values as strings instead of as numeric values. Description of fix: Changed the Swing console logic that generates the rule match string to treat return code values as numerics instead of strings. Note treating return codes as strings in rules created or updated by the Swing console has occurred for > 10 years. Also, rules created or updated by the web console treat return code values as numerics. In case the original logic in the Swing console is still desired, an engine property was added, HANDLE_RULE_RETURNCODE_THE_ORIGINAL_WAY, whose default is false, and it may be set to true to get the original, albeit errant, behavior. 6. IT32909/MFT-11105/TS003635144 (2020-05-04) Description of issue: Customer ran configCC.sh specifying Oracle JDBC driver ojdbc8.jar after previously having configured using ojdbc7.jar. The following error resulted because both jars were now in the classpath: com.sterlingcommerce.scc.common.SCCException: CJDB014E Cannot create a new connection for URL jdbc:oracle:thin:[host:port:service]. Description of fix: Updated an internal list of database drivers to be excluded from the classpath to ensure only the current specified driver is added. 7. IT32851/MFT-11127/TS003606190 (2020-05-13) Description of issue: When starting Control Center, runEngine.sh does not return to the bash prompt (i.e. user must hit ENTER). Description of fix: Modified runEngine.sh/runEngineCold.sh so that control is returned to the bash prompt without any user interaction. 8. IT32884/MFT-11131/TS003675945 (2020-05-15) Description of issue: Under certain conditions when the CEP starts, any of its monitored servers temporarliy rassigned to other EPs will remain temporarliy reassigned and must be first manually reasigned to the server they're temporarily assigned to and then reassigned back to the CEP to put things back as they should be. Description of fix: At start up, the CEP will reassign all of its monitored servers temporarily reassigned to other EPs back to itself. 9. IT32912/MFT-11140/TS003699052 (2020-05-19) Description of issue: Attempting to use read Action and creating Action through REST APIs gets error com.ibm.tenx.ws.WebServiceException: Method not allowed. Description of fix: Those APIs had simply not been enabled, so now they and others that should have been are. 10. IT32996/MFT-11135/TS003646841 (2020-05-28) Description of issue: Dates displayed in Web console Recent transfer activity widget are incorrect for some time zones. Description of fix: When console user's preferred time zones are not whole hour offsets from UTC, they are rounded to the closest time zone that is a whole hour offset from UTC and this caused problems for the logic that displayed dates on the chart, which has now been corrected. 11. IT33399/MFT-10981/MFT-11113 (2020-06-23) Description of issue: Required IBM JRE upgrade to address CVE-2020-2654 (CVSS 4.3) and CVE-2020-2781 (CVSS 5.3)in the Q2 2020 Java CPU. Description of fix: Upgraded from 8.0.6.5 to 8.0.6.10. 12. IT33400/MFT-11012/MFT-11013/MFT-11095 (2020-06-23) Description of issue: Required Websphere/Liberty upgrade to address multiple vulnerabilities: CVE-2019-17573 (CVSS 6.1), CVE-2020-4303/4304 (CVSS 6.1), CVE-2020-4329 (CVSS 3.0) Description of fix: Upgraded Websphere Liberty to 20.0.0.5 (from 20.0.0.2). -------------------------------------------- 6.1.2.1 iFix03 (Released 04/23/2020) 1. IT31524/MFT-10647/TS002847898 (2020-1-15) Description of issue: When using Internet Explorer browser, the ICC Recent File Transfer Activity widget on the dashboard shows the wrong dates. Description of fix: Internet Explorer does not support converting of a text string such as 2019-12-26T00:00:00.000-0600 to a date. So java script code in the 10x framework was attempting to form the date manually but did not take into account the timezone. The java script logic was changed to apply the timezone to correct the issue. 2. IT31543/MFT-10828/TS003193813 (2020-1-15) Description of issue: Adjacent node parallel session and default class parameters are not required for CD z/OS servers. Description of fix: Stop forcing an entry to be made for these parameters. 3. IT31635/MFT-10820/TS002901477 (2020-01-23) Description of issue: Completed file transfer view missing transfers Description of fix: Logic used to prevent file transfers in a process from being double counted was causing file transfers to not be counted at all. When processes end, they and the transfers they perform are summarized. Some processes may stop and/or be suspended before they complete, and when this occurs they'll be summarized. And when they're resumed, and they complete, again, they'll be summarized again. In this case the process, while technically not stopping and resuming, did include multiple connection shutdown events, which are treated as a process end. The logic that prevented transfers from being double counted was reworked to prevent transfers in processes that are summarized more than once to be counted once, and only once. 4. IT31540/MFT-10868/TS003288993 (2020-1-31) Description of issue: Excessive java logging displays trust and key store passwords. Description of fix: Set javalogging.properties level back to WARNING from FINEST. 5. MFT-10860 (2020-2-14) Description of issue: Excessive logging of errors when data collected from a monitored server precedes the earliest database partition. Description of fix: Changed logging from error to debug when this condition occurs. 6. IT31899/MFT-10861/TS003289277 (2020-2-18) Description of issue: Customer requested some query changes, and new indices, to improve ICC performance. Description of fix: A new properties file was introduced - sql.properties. (It is modifiable via the Web console.) At the instruction of customer support, SQL may be added to sql.properties to override the SQL ICC uses (for certain queries). Over time the list of queries that may be specified will grow. For now just two queries may be overridden via sql.properties. Both of which are used by the ICC QueuedProcessesClearJob. ICC looks for the sql property values "getQueuedProcessCount" and "getQueuedProcesses" to get the SQL to use to override its existing SQL. Note that updates to sql.properties do NOT require ICC to be restarted for the changes to take effect. 7. IT32628/MFT-10872 (02-19-2020) Description of issue: Required IBM JRE upgrade to address CVE-2019-4732 (CVSS 7.2) in the Q1 2020 Java CPU. Description of fix: Upgraded from 8.0.6.0 to 8.0.6.5. 8. IT32086/MFT-10597/TS002749779 (2020-03-05) Description of issue: Loading the first static page in a Cognos workspace and other things with Cognos are slow. Description of fix: Customer felt part of the slowness was due to the speed of the Cognos Java Authentication Provider (JAP) logic, so via a new system property, USE_CACHED_USERS_AND_ROLES_IN_JAP, users will be able to cause the JAP to run faster. The JAP will run faster when USE_CACHED_USERS_AND_ROLES_IN_JAP is set TRUE (it will be FALSE by default) because it will stop requesting the current list of ICC users and roles every time it is invoked and instead only retrieve the list once, at startup. The effect of this change will be that Cognos will not be aware of any modifications to the list of ICC users and roles after ICC starts, unless it is stopped and restarted. To set USE_CACHED_USERS_AND_ROLES_IN_JAP you must edit {ICC Installation folder}/Cognos/wlp/usr/servers/cognosserver/bootstrap.properties and add the following line to it: USE_CACHED_USERS_AND_ROLES_IN_JAP=TRUE 9. IT32085/MFT-10956/TS003437021 (2020-03-06) Description of issue: ICC will not start. While loading rules the error "Invalid value specified for 'tagName.nonResolutionActionId'." occurred. Description of fix: The message "CRUL090E Error while saving merged Rules." was changed to "CRUL090E Error while saving merged Rules during processing of Rule ID: {0}". This will allow ICC to note the name of the name of the problematic rule that caused ICC to not start in the message logged, which will simplify troubleshooting. 10. IT32094/MFT-10905/TS003332342 (2020-03-06) Description of issue: Cognos failed to start due to a weak cipher list in the Cognos configuration file /Cognos/configuration/cogstartup.xml, when attempting to regenerate it's cryptographic keys. Description of fix: Updated /Cognos/configuration/cogstartup_SCC_Template.tmp to include additional strong ciphers in element cognosCryptoCiphersuite. This template is used to create the Cognos configuration file when configCC.sh|bat is executed. 11. IT32149/MFT-10913/TS003366915 (2020-03-11) Description of issue: If sess.pnode.max is set to 0 in an Unix remote node entry, the advance panel values can not be updated. Description of fix: Set the proper valid value range for the default class parameter. 12. IT32178/MFT-10927/TS003385016 (2020-03-13) Description of issue: Connect:Direct Browser in Control Center gets error: "There is an IO error: Return Code 712" for the following functions: User Functions tab: "Select Process" and "Select Statistics" and Admin Functions tab: "Network Map", "Functional Authority" and "Proxy". These functions write to a temporary file. The path name generated erroneously included a file name instead of a valid directory name after a web server upgrade. Description of fix: Modifed /web/wlp/usr/servers/defaultServer/server.xml by removing the .war suffix in the following cdbrowser application definition: BEFORE: location="${shared.app.dir}/cdbrowser.war" (generates invalid path name: /web/wlp/usr/shared/apps/cdbrowser.war/cdbrowser) AFTER: location="${shared.app.dir}/cdbrowser" (generates valid path name: /web/wlp/usr/shared/apps/cdbrowser/cdbrowser) 13. MFT-10993 (2020-03-24) Description of issue: Required CDBrowser upgrade to address a few security issues (Updated jasper-runtime-5.5.23.jar from jasper-runtime-5.5.15.jar/Clickjacking Issue fixed/Removed struts 1 references from C:D Browser code/ Jasper-runtime upgrade). Description of fix: Upgraded to C:D Browser 1.5.0.2 iFix26 (from iFix22). 14. IT32629/MFT-10873/MFT-10893 (2020-03-30) Description of issue: Required Websphere/Liberty upgrade to address multiple vulnerabilities: CVE-2019-4720, CVE-2019-12406 Description of fix: Upgraded Websphere Liberty to 20.0.0.2 (from 19.0.0.12). 15. IT32379/MFT-10940/TS003404923 (2020-04-03) Description of issue: When a monitored Connect:Direct File Agent uses the loopback address (127.0.0.1) to communicate with its Connect:Direct server, ICC does not accept its traps. Description of fix: For ICC to accept traps from Connect:Direct File Agents, the trap c_submitNode value must match the address and port used by ICC to monitor its Connect:Direct server. A change was made so ICC will also accept the trap if the source address of the trap matches the address of a monitored Connect:Direct server. -------------------------------------------- 6.1.2.1 iFix02 (Released 01/15/2020) 1. IT30684/MFT-10633/TS002781942 (2019-11-01) - Spurious logging from summarizer when transfers falsely reported as having an excessive duration Description of issue: Internal logic was passing process events out of order to the summarizer because invalid millisecond values were stored in EVENTS.DATE_TIME, which caused it to get "confused" and pair step start and step end events for transfers incorrectly. Description of fix: Logic used to sort the process events was fixed. Instead of sorting by EVENTS.DATE_TIME and then EVENTS.SEQ_NUM, the logic now sorts on EVENTS.SERIAL_NUM when it can, which will always be right and more efficient. 2. IT30678/MFT-10633/TS002781942 (2019-11-01) - MSSQL HY008 (Operation cancelled) SQL errors occuring and monitored servers get paused Description of issue: Contention on ICC database tables is causing MSSQL to cancel one or more operations, which typically results in a monitored server being paused. Description of fix: HY008 was added to the list of recoverable errors in DatabaseProperties.xml and logic was added to check to see if a recoverable error occurred. So now, when an HY008 SQL error occurs with an MSSQL database, the SQL will be retried, and monitored servers will not be paused until the retry count has been exhausted. Also, the NOLOCK hint was added to the queries used by the EventMonitor logic when an MSSQL database is used to lessen contention on the ICC database and lower the chances of an HY008 SQL error occurring. 3. IT30699/MFT-10680/TS002855275 (2019-11-05) - Some configCC short cut options not working. Description of issue: Short cut options -jms and -email are not working properly. Description of fix: Correct short cut logic. Note that updating email info requires the cognos also be configured which will now happen if the email option is chosen. 4. IT30856/MFT-10478/TS002271409 (2019-11-05) - Cannot launch console after upgrade to 6.1.2 Description of issue: The classic console will sometimes fail to open from the Control Center launch page, due to an error caused by a ServiceLoader conflict during Websphere initialization. When this occurs, the only option is to stop and start the webserver (i.e. stopWebAppServer.sh|bat / startWebAppServer.sh|bat) -OR- stop and start Control Center. You can identify the error by looking for the following messages in /web/wlp/usr/server/defaultServer/log/messages.log. com.ibm.ws.session.WASSessionCore I SESN0176I: A new session context will be created for application key default_host/webstart com.ibm.ws.webcontainer E SRVE8059E: An unexpected exception occurred when trying to retrieve the session context java.util.ServiceConfigurationError: org.apache.logging.log4j.util.PropertySource: Provider org.apache.logging.log4j.util.EnvironmentPropertySource not a subtype at java.util.ServiceLoader.fail(ServiceLoader.java:250) at java.util.ServiceLoader.access$300(ServiceLoader.java:196) Description of fix: Modified engine startup logic and startWebAppServer.bat|sh scripts to cause a slight delay when loading the webstart application (sccwebstart.war). The default value is 10 seconds. This allows Websphere and the other applications to fully load/initialize and avoid the offending ServiceLoader conflict. The delay value can be changed as follows: -Engine startup: Specify the number of seconds in /conf/InstallationInfo.properties: WEBSTART_COPY_DELAY=n[n] (eg. WEBSTART_COPY_DELAY=15). -startWebAppServer.bat|sh: Specify the number of seconds as argument 1 (eg. ./startWebAppServer.sh 15). 5. IT30919/MFT-10693 (2019-11-07) Description of issue: Customer received a Cognos email notification due the mobile "Apple Push Notification" certificate nearing expiration. The following error/warn messages were also observerd in \Cognos\logs\mob.log: ERROR com.cognos.mobile.server.apns.APNSSocket - Mobile Apple Push Notification certificate has expired. Please visit http://www-01.ibm.com/support/docview.wss?uid=swg24034258 to download and install the latest certificate. WARN com.cognos.mobile.server.apns.APNSCertificateExpiredChecker - Your Apple Push Notification Certificate expired 39 days ago. This certificate expires yearly, but does not cause any functional / operational issue with the product, since the mobile feature is not used. Description of fix: Updated the installer with the latest Apple Push Notification certificate. There will be a subsequent Control Center fix to attempt to permanently disable the mobile feature within Cognos, as to avoid having to update the certificate annually. Please refer to the link in the above error message if you would like to update the certificate yourself in lieu of applying the fix package for this issue. 6. CCP-15677/CCP-15684 (2019-11-08) Description of issue: Security vulnerabilities (CVE-2017-17485 / CVE-2018-11307 / CVE-2017-7525 / CVE-2017-15095 / CVE-2018-14721 / CVE-2018-14720 / CVE-2018-14718 / CVE-2018-14719 / CVE-2018-19362 / CVE-2018-19360 / CVE-2018-19361 / CVE-2018-7489) found in jackson-databind-2.9.1.jar. Description of fix: Deleted jackson-databind-2.9.1.jar as it was determined that it was not used. 7. MFT-10407 (2019-11-12) Descripton of issue: The .console.out file (i.e. \bin\.console.out) is never rolled over when Control Center executes as a Windows started service, but works properly when the engine is started via runEngine.bat. Description of fix: Added logic to detect when the engine is starting as a Windows service and if so, call the ConsoleManager to manage the .console.out files. As part of this fix additional changes were made to allow a user to control the number of backup /bin/.console.out files (Windows) -and- /bin/nohup.out files (Linux/Unix) by setting a corresponding property in /conf/InstallationInfo.properties as follows (default is 5). Linux/Unix: NO_OF_BACKUPS_FOR_UNIX_STD_OUT_FILE=n[n] Windows: NO_OF_BACKUPS_FOR_WINDOW_STD_OUT_FILE=n[n] 8. CCP-15877/CCP-15822 (2019-11-18) Description of issue: Security XML External Entity (XXE) Vulnerability found ICC web console and java console XML updates. Description of fix: Modified ICC web console and java console to not allow DOCTYPE in XML definitions. 9. CCP-15844 (2019-11-20) Description of issue: The event count associated with summarized processes is wrong intermittently. The process summarization logic may summarize multiple processes at once and it always calculates the earliest start of all processes being summarized and uses that value when selecting events associated with the processes it is about to summarize. If there are events associated with a process to be summarized that precede the "start" event for a process, and also precede the earliest start for processes about to be summarized, then those events will not be accounted for in the total events. This problem typically just affects the summarized process detail view and does not affect the count of file transfers. Description of fix: Modified the logic that obtains the events associated with the process/processes to be summarized to select events used for summarization starting 10 seconds prior to the earliest start event for the processes to be summarized. 10. MFT-10738 (2019-11-20) Description of issue: Logging by the SLC service is done in the Jetty log file instead of the SLC log file. Description of fix: Updated EngineLogger.xml to specify the correct appender for SLC service logging. 11. IT31012/MFT-10719 (2019-11-20) Description of issue: When the servers in a server group referenced by a Workflow SLC milestone change, the SLC match logic for events is not updated. Description of fix: The Workflow SLC event matching logic was updated to handle updates to the contents of a server group referenced by one of its milestones. 12. MFT-10543 (2019-11-21) Description of issue: Erroneous warn/error messages (shown below) and exception stack trace occur in the Control Center CCClient log beginning in 6.1.2.0. The GUI Console comes up fine, otherwise. [Thread-nn]WARN ProcessGetterThread - Warning: Not able to get an instance of SCCAgent in GUI mode. [Thread-nn]ERROR EventProcessorGetterThread - Could not initialize class com.sterlingcommerce.scc.agent.SCCAgent Description of fix: Corrected the logic which produced the warn/error messages and stack trace. 13. IT31061/MFT-10664 (2019-11-26) Description of issue: Cognos fails to start when it attempts to use the ICC third party certificate that has expired. Description of fix: When trying to determine if the ICC third party certificate can be used by Cognos, check if the certificate has expired before deciding to use it. If its expired, use the Cognos CA signed certificate to secure Cognos. Also the following was added to help notify the user that the ICC certificate has expired or is about to expire. When the configCC Keystore / Truststore step is executed, the code will check the key certificate in the ICC keystore and warn the user if the certificate has expired, will expire within 30 days or is not yet valid. When the ICC Engine starts, the code will check the key certificate in the ICC keystore and the trusted signing certificates in the ICC Truststore and write to the engine log any certificate that is expired, about to expire or is not valid yet. When the ICC Engine finds an expired, soon to expire or not yet valid certificate, it will generate events with the below message ids. Rules can be written to generate alerts or emails when an event has any of these message ids. Expired - CCTR143I CCTR143I The ICC {0} certificate with alias {1} has expired. Certificate Date Range: {2} CCTR143I The ICC Trust Store certificate with alias my_expiredCert has expired. Certificate Date Range: Wed Feb 04 21:11:28 UTC 2009 to Mon Feb 03 21:11:28 UTC 2014 Soon to Expired - CCTR144I CCTR144I The ICC {0} certificate with alias {1} will expire within 30 days. Certificate Date Range: {2} CCTR144I The ICC Keystore certificate with alias my_expiringCert will expire within 30 days. Certificate Date Range: Thu Oct 24 12:01:29 CDT 2019 to Wed Nov 13 11:01:29 CST 2019 Not Yet Valid - CCTR145I CCTR145I The ICC {0} with alias {1} is not yet valid. Certificate Date Range: {2} CCTR145I The ICC Keystore with alias my_2020Cert is not yet valid. Certificate Date Range: Wed Jan 01 06:02:38 UTC 2020 to Sat Dec 29 06:02:38 UTC 2029 14. MFT-10614 (2019-11-26) Description of fix: Spaces in the xml filename of an emailList causing the emailList to go missing both when importing the xml file into the database and when importing to the imported folder from the conf. Description of issue: Corrected the logic for both scenarios to properly handle spaces in the file name. 15. IT31137/MFT-10553 (2019-11-27) Description of issue: Beginning with 6.1.2.0 the Completed File Agent Activity display no longer works in the classic console. Description of fix: Corrected the logic to re-direct the user from the classic console to the web UI and properly display Completed File Agent Activity after clicking on File Agent in the Control Center console (in the same fashion as other re-directs, like Active Alerts for example). Please note the following display limitation in the overall context of Completed File Agent Activity: -Completed File Agent Activity will be enabled in the case of single/multiple file agent selection of a single CD Node. -Completed File Agent Activity will be disabled in the case of single/multiple file agent selection of multiple CD Nodes. -Completed File Agent Activity will be disabled in the case of server group. 16. IT31227/MFT-10703 (2019-12-02) Description of fix: Cognos temporary report files are not being removed in 6.1.2.1. Description of issue: Implemented logic to correctly call Cognos temporary report file cleanup processing. 17. CCP-15843 (2019-12-03) Description of issue: Some engine.properties are not being added to the database during fresh installs. Description of fix: Added the following engine.properties with default values to a new install: SUMMARY_TABLES_PURGE_ROLL_UP, SUMMARY_TABLES_PURGE_FILE_COUNTS, SUMMARY_TABLES_PURGE_QUEUE_SIZE, TIME_TO_START_EPS_MINUTES. 18. IT31155/MFT-10770 (2019-12-4) Description of issue: The Brazil/East and America/Sao_Paulo are still defined to have DST and it causes the time in the ICC log files to be wrong and when running configCC the choices for the engine timezones presented are incorrect. Description of fix: TimeZones.xml was updated for Brazil/East and America/Sao_Paulo, as were the time zone definitions hard coded in ICC, which are used prior to updating the TimeZones.xml data. Also, in case there are still issues, two new engine properties were added: - TIMEZONE_OFFSET_MINUTES - no default, use to override whatever the server ICC is running on is using if necessary - TIMEZONE_USE_DAYLIGHT_TIME - default is false, use to override whatever the server ICC is running on is using if necessary These properties may be specified in the script/bat file used to run configCC if the changes made to TimeZones.xml and the internal time zones are insufficient to address the problems seen. Finally, know after upgrading ICC, but prior to restarting ICC, the updated TimeZones.xml file will be in conf/system. When ICC is restarted though the data in this file will simply be deleted if the database table CC_FILES has a TimeZones.xml entry. Users may either update TimeZones.xml manually via the Web console, or, prior to restarting ICC after the upgrade, they may run the following SQL to remove TimeZones.xml from CC_FILES: DELETE FROM CC_FILES WHERE FILE_NAME = 'TimeZones.xml' 19. IT31510/MFT-10732 (2019-12-06) Description of fix: Requirement to address pdfbox security vulnerability CVE-2019-0228 CVSS 5.5. Description of issue: Upgraded to pdfbox 2.0.17 (from 2.0.13). 20. IT31275/CCP-15918 (2019-12-13) Description of issue: Some SLC events errouneous have the transfer event attribute set true causing file transfer counts to be wrong. Description of fix: Explicitly initialized the SLC event attribute for transfer to be false. 21. IT31511/MFT-10793 (2019-12-17) Description of issue: Required IBM JRE upgrade to address CVE-2019-2989 (CVSS 6.8) in the Q4 2019 Java CPU. Description of fix: Upgraded from 8.0.5.40 to 8.0.6.0. 22. IT31332/MFT-10778 (2019-12-19) Description of issue: When maximum cursors exceeded error occurs when inserting events for a monitored server, instead of retrying the failed query, the monitored server is paused. Description of fix: Add additional recoverable error codes to the DatabaseProperties.xml file for Oracle databases. 23. IT31512/MFT-10816 (2019-12-20) Description of issue: Required Webbsphere/Liberty upgrade to address multiple vulnerabilities: CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9517, CVE-2019-9518, CVE-2019-4441, CVE-2019-4304, CVE-2019-4305 Description of fix: Upgraded Websphere Liberty to 19.0.0.12 (from 19.0.0.4). 24. IT31400/MFT-10673 (2020-01-02) Description of issue: Using stopEngine.sh -np fails to stop the engine. Description of fix: Implement a linux only option to support the -np stop engine option. 25. MFT-10823 (2020-01-08) Description of issue: The java.security override file (/conf/CC_java.security) is not properly referenced by the Cognos jvm. The file is used to override properties specified in the java master security file (/jre/lib/security/java.security). Description of fix: Added code during engine startup to ensure the following property is set in /Cognos/wlp/usr/servers/dataset-service/jvm.options: -Djava.security.properties=/conf/CC_java.security. --------------------------------------------- 6.1.2.1 iFix01 (Released 10/14/2019) 1. IT30088/R17638/MFT-10333 (2019-09-13) - Some transmissions do not appear on the ICC dashboard Description of issue: At first the issue was transmissions not appearing, then it was too many transmissions appearing. Description of fix: To address transmissions not appearing, a change was made to the summarization logic to deal with process end events received from CD zOS servers not up-to-date on maintenance that were sending process end events with no process name. To address too many transmissions appearing, a change to the summarization logic, the DefaultSummarizer to be specific, to fix the start time and end time set for summarized file transfers. 2. IT30173/R17710/MFT-10526 (2019-09-13) Description of issue: DVGs with criteria that only specified server groups not triggering Description of fix: Added logic to expand server group to the servers they include when initializing DVGs at system startup so DVG criteria not empty. 3. CCP-15713 (2019-09-13) Description of issue: Null pointer exception occurs while creating Simple SLCs, which caused ICC to shut down. Description of fix: Logic didn't handle the case when creating the first Workflow/Simple SLC or the first Wildcard SLC in the system correctly and threw a null pointer exception, which subsequently caused ICC to believe a database error occurred and to then shutdown. Logic updated to handle this situation correctly now. 4. CCP-15545/R17676 (2019-09-17) Description of issue: Changing the property value for CLEAR_NODE_STATUS_AT_CEP_STARTUP had no effect. It always stayed true. Description of fix: Moved the point in the logic where the property value was ascertained to be after the point where engine property values were initialized. Because it was being set prior to initialization of all engine property values, it always used the default value of TRUE. 5. MFT-10592/IT30309 (2019-09-17) Description of issue: Unsupported database dialect: DB2zOS when starting EP. Description of fix: Add DB2zOS to database type selection logic. 6. IT30132/R17704/MFT-10530 (2019-09-18) Description of issue: A XML parsing exception is thrown during engine startup when engine property SI_SERVER_LICENSE is set to false (default is true). False causes Control Center to not issue the SI OpsCommand "getLicense". The following error message will be present in the engine log when this occurs: [CCEngineWebClientSvc] ERROR CCNode - CXML001E Error while converting XML string to XML document. Document: null Stack Trace: com.sterlingcommerce.component.common.ComponentException: CXML001E Error while converting XML string to XML document. Document: null at com.sterlingcommerce.component.common.util.XMLUtil.getDocument(XMLUtil.java:290) at com.sterlingcommerce.component.common.util.XMLUtil.getDocument(XMLUtil.java:262) at com.sterlingcommerce.scc.client.proxy.CCNode.createGISLicenseExtensions(CCNode.java:2511) at Description of fix: Added guard code to check if the property is set to false and if so, skip some processing which references SI server license info. 7. CCP-14898 (2019-09-18) Description of issue: Getting error message indicating a duplicate Action while trying to load the database from the native conf file action.xml. This was caused by the action.xml previously being loaded into the database but also remaining in the native file conf directory due to a subsequent parsing error. Prior to this fix, all items (actions in this case) remained in the conf until all were loaded into the databse. [CCEngine(CCENTERT1)] ERROR MdActionController - CMDA014E Action load failed. [CCEngine(CCENTERT1)] ERROR MdActionController - RULE043E Duplicate Action. Action ID : Alert if consumer has not requested file Descriptiuon of fix: Modified the logic so that after each element from the conf directory is loaded into the database, the item is immediately moved from the conf into the imported-yyyymmddhhmms conf, instead of performing all moves after all items have been loaded in to the database. 8. MFT-10199/MFT-10440 (2019-09-19) Description of issue: Security vulnerabilities (CVE-2019-0227 / CVE-2014-3596 / CVE-2012-5784) found in axis.jar. Description of fix: axis.jar has been updated with fix for the above issues. 9. IT30548/MFT-10572 (2019-09-20) Description of issue: Required IBM JRE upgrade to address CVE-2019-4473 / CVE-2019-11771 (CVSS 8.4) in the Q3 2019 Java CPU. Note: CVE's only apply to AIX. Other platforms are not affected. Description of fix: Upgraded from 8.0.5.37 to 8.0.5.40. 10. R17706/MFT-9089 (2019-09-23) Description of issue: The java.security override file (/conf/CC_java.security) is not properly referenced by the Cognos jvm. The file is used to override properties specified in the java master security file (/jre/lib/security/java.security). Description of fix: Added code during engine startup to ensure the following property is set in /Cognos/wlp/usr/servers/cognosserver/jvm.options: -Djava.security.properties=/conf/CC_java.security. 11. CCP-15633 (2019-09-25) Description of issue: The CCAPI sample documentation incorrectly referenced two jar files in the sample command execution. Description of fix: Changed the documentation references from --> to: lib\icu4j-59.1.jar --> lib\icu4j-62_1.jar and lib\10x-db-openjpa-3.9.0.jar --> lib\10x-app-db-openjpa-3.9.0.jar. 12 CCP-15432 (2019-09-25) Description of issue: When I right-click on a server called rhel504101sp snd select Completed Processes or Active Alerts in the classic console, I am redirected to the web UI, but get an error saying "server RHEL504101SP is not found". Description of fix: Corrected the code to preserve the context of mixed case when the re-direct occurs. 13. IT30437/MFT-10567 (2019-09-25) Description of issue: The Connect:Direct Secure Plus ciphers presented in the ICC console [Configure servers -> Secure+ ] are incomplete with what is seen in SPCLI (Secure Plus Client). Control Center was only requests the cipher lists for SSL/TLS, but not for TLS1.1 and TLS1.2 Descripton of fix: Corrected the logic to request the cipher suites for all protocols (SSL/TLS/TLS1.1/TLS1.2). 14. IT30534/MFT-10549 (2019-09-25) Description of issue: Users are unable to view the preview text when changing User Preferences in the web UI. The following error displays: " has not been granted access to Calendars". Description of fix: Corrected the code to always allow a user to view preview text in user preferences. 15. IT30549/MFT-10159 (2019-09-25) Description of issue: Required upgrade to latest Cognos fix pack to address multiple vulnerabilities. Description of fix: Upgraded to Cognos 11.0.13.2 (from 11.0.13 IF1014). 16. IT03412/MFT-10586 (2019-09-26) Description of issue: After upgrading to 6.1.2.1, configCC.sh fails with the following error messages, immediately after replying to the prompt: Do you want to enable authentication for the Event Repository? (Y/N) [N] : com.ibm.tenx.db.PersistenceException: org.apache.openjpa.persistence.RollbackException: The transaction has been rolled back. See the nested exceptions for details on the errors that occurred. FailedObject: com.ibm.cc.model.Files-../conf:engine.properties This was caused by the engine.properties exceeding a length of 4000 (in xml format stored in the the CC_FILES table) and the configCC logic erroneously attempting to store the data in column CONTENT (instead of CONTENT_CLOB). Description of fix: Corrected the logic in configCC to check for a length value of > 4000 and if so, store the data in the CONTENT_CLOB column. 17. IT30067/R17698/MFT-10533 (2019-10-01) Description of issue: When API calls to create a ICC entity fail, the HTTP response returns a 201 (HttpServletResponse.SC_CREATED) even if the creation of the entity failed. Description of fix: Modified the HTTP response code to return 202 (HttpServletResponse.SC_ACCEPTED) if there is any error in processing the request. Response 202 means that a request was accepted for processing, but was not completed for some reason. 18. CCP-15737 (2019-10-01) Description of issue: Getting message "Database server version 18.0 not supported" when using an Oracle 18c database server (during Windows install and Linux configCC), Descriptiuon of fix: Modified code to check for Oracle 18c as a supported DB server/version. 19. IT30068/R17691/MFT-10445 (2019-10-02) Description of issue: Sometimes when Cognos is running in active mode on EP1 and switches to standby mode in a multi-EP ICC installation, ICC doesn't always recognize the switch (because ICC can still ping the standby Cognos) and stays connected to the standby Cognos on EP1 instead of switching to the active Cognos on EP2. Only when EP1 is stopped does ICC recognize that EP2 has the active Cognos. Description of fix: Modified the ICC Cognos ping logic to also check if the Cognos it can ping is also the active Cognos. And if it is not, signal a ping failure so ICC will reconnect and find the true active Cognos. 20. CCP-15696 (2019-10-02) Descripton of issue: When running the SFG Route by Poducer reports, some step types (Arrived File, Route, Delivery) are missing data. They don't have expected Start/End times as well as other values. This was due to a check in the code comparing for an exact match on step name of "Route" or "Delivery". By default Control Center constructs unique step names (i.e. engine property defaults to true true). Prior to this fix a workaround is to specify this engine property with a value of false. Description of fix: Changed the step name code check from "equals" to "startsWith" Route or Delivery. 21. CCP-15638 (2019-10-02) Description of issue: SQL Error: SQLCODE=-803 (duplicate INSERT attempted) - caused by multiple threads trying to update CC_FILES with statRecordIds at the same time. When multiple monitored server's service is started at the same time, during a upgrade from a ICC release that has statRecordIds still in the conf (instead of CC_FILES), some monitored server service may not start. However, from the second start of ICC onward, the issue will not occur (since statRecordIds will no longer be in conf). So its just an issue with the first engine start after an upgrade from 5.4 or 6.0. Description of fix: Synchronized the code that imports statRecordIds so that only the first thread will update the CC_FILES table. 22. IT30536/MFT-10632 (2019-10-10) Description of issue: Cannot generate Cognos reports due to case sensitivity when checking the Cognos url http://host.name:58085/p2pd/servlet/dispatch. The Cognos configuration (cogstartup.xml) contained uppercase hostname http://HOST.NAME:58085/p2pd/servlet/dispatch. The following message sequence repeated thousands of times in /log/CognosReportService.log: [CognosConnectionTimer] INFO CognosReportService - Cognos Report Server is ready to use! [CognosConnectionTimer] INFO CognosReportService - Periodically connect to: http://HOST.NAME:58085/p2pd/servlet/dispatch [CognosConnectionTimer] ERROR CognosReportService - The Active Cognos, http://host.name:58085/p2pd/servlet, is not the Cognos ICC is connected to, http://HOST.NAME:58085/p2pd/servlet/dispatch. Will try to get connected to Active Cognos. [CognosConnectionTimer] INFO CognosReportService - Active Cognos appears to be unavailable [CognosConnectionTimer] INFO CognosReportService - http://HOST.NAME:58085/p2pd/servlet/dispatch is not available. Begin to connect to other COGNOS Instance. Description of fix: Corrected the code to treat the url check as case insensitive. 23. CCP-15808 (2019-10-11) Description of issue: A second EP can erroneously start acting as the CEP (Controller Event Processor), even though the current CEP is still up and running. Once this occurs, each EP thinks it is the CEP and they can both remain in this state, until Control Center is re-cycled. This scenario can occur if the second EP determines the current CEP has not checked-in for a while and then attempts to ping the CEP before the Access Control Service is initialized. Description of fix: Modified logic in the Controller Monitor Service to determine if Access Control is initialized. If not, then skip the ping attempt and try again later after initialization is completed. -------------------------------------------- ************************************************************************************************* All fix items listed ABOVE represent fixes made after 6.1.2.1 GA (i.e. 6.1.2.1 iFix01 and later). All fix items listed BELOW represent fixes included in 6.1.2.1 GA. ************************************************************************************************* -------------------------------------------- 6.1.2.1 (Released 08/29/2019) The following represent 6.1.2.0 iFixes included in 6.1.2.1 GA base release 1. IT29742/R17647/MFT-10410 (2019-07-11) Description of issue: The Cognos MSSQL JDBC string is not created correctly in /Cognos/configuration/cogstartup.xml for the construct of server\instance (the backslash "\" gets removed during configCC). This causes the Cognos DB connection to fail. Example: serverinstance:60012 (but should contain be backslash i.e. server\instance). Description of fix: Modified the code to change the backslash into a semicolon (i.e server;instance), which is a valid alternative construct. 2. IT29774/MFT-10443 (2019-07-16) Description of issue: (Applicable to AIX installs only) Error when configuring a secure Cognos connection during configCC, after installing/upgrading to Control Center 6.1.2.0 iFix03, due to missing Cognos files. Cognos was upgraded from 11.0.13 to 11.0.13 IF1014 in Control Center 6.1.2.0 iFIx03. In this set of Cognos fix packages, the AIX installer was missing two files required to configure a secure Cognos connection. The following messages are written to /log/CCInstall.log when this error occurs: [main] DEBUG CCenterInstallCognosConfiguration - [/bin/sh, -c, /Cognos/bin/extractCert.sh /conf/../Cognos/configuration/signkeypair/jCAKeystore NoPassWordSet] [StreamConsumerThread - CMD] INFO StreamConsumer - CMD ERR-->/Cognos/bin/extractCert.sh[11]: ./ThirdPartyCertificateTool.sh: not found Description of fix: Added files ThirdPartyCertificateTool.jar and ThirdPartyCertificateTool.sh to Cognos directory /Cognos/bin. 3. IT29773/R17635/MFT-10404 (2019-07-17) Description of issue: After upgrading from 6.0.0.1 iFix07 to 6.1.2.0_iFix01, an extra entry erroneously gets created in the CC_SERVER table. This additional server name was created using the existing EP (Control Center) name with a value of "-1" appended. This scenario will only occur in the context of a pre-6.1.x.x to 6.1.x.x or later upgrade and one of the following occurs: 1) The Control Center (EP) name is changed via configCC in the 6.0.x.x installation prior to the upgrade -OR- 2) The Control Center (EP) name is changed during a Windows installation. Description of fix: Corrected the code to ensure there is no residual reference to the original Control Center (EP) name after the name change. 4. R17657 (2019-08-02) Description of issue: EventMonitor may be slow in reconstituting events to be passed to the SLC service. Description of fix: Added entry to EventMonitor metrics to show the delta between the event's ACTIONS_COMPLETED value, which is when it was processed by an EP, and the current time in EventMonitor when that same event was reconstituted for delivery to the SLC service. This metric should help us to know when the EventMonitor is behind and the SLC service could generate bogus "did not occur on time" events because of that. 5. IT29936/R17672/MFT-10471 (2019-08-07) Description of issue: Web Console Environmental Health widget, when you drill down on a donut, is not listing the same number of server data as the count shown. Description of fix: When doing the database query to get the server data to list, set flag to not use the DISTINCT keyword so each row is shown. 6. IT29946/R17673/MFT-10420 (2019-08-08) Description of issue: WebUI used a hardcoded value of 20 minutes to time out a report run. Description of fix: Add reportTimeLimit tag to the ReportService.xml config file to specify the time out value. 7. IT29949/R17674/MFT-10433 (2019-08-08) Description of issue: EventMonitor isn't passing events on to the SLC service to avoid false alerts from occurring. Description of fix: Added new, dynamic, engine property, EVENT_MONITOR_JUST_SLC, with a default value of false. When EVENT_MONITOR_JUST_SLC is set to true, which takes effect without restarting ICC - hence it is called dynamic, the EventMonitor logic will only reconstitute the types of events the SLC service requires, process starts, process ends, step starts, and step ends, and by limiting the amount of work EventMonitor has to do, it will be able to pass data on to the SLC service faster than it could otherwise. This property should never be set true when Connect:Direct File Agents are being monitored as the EventMonitor logic passes events on to both the FileAgentService and the SlcService, or if it is running fast enough when EVENT_MONITOR_JUST_SLC is false. 8. IT29988/R17675/MFT-10478 (2019-08-12) Description of issue: The classic console will sometimes fail to open from the Control Center launch page, due to an error caused by a Serviceloader conflict during Websphere initialization. When this occurs, the only option is to stop and start the webserver (i.e. stopWebAppServer.sh|bat / startWebAppServer.sh|bat) -OR- stop and start Control Center. You can identify the error by looking for the following messages in /web/wlp/usr/server/defaultServer/log/messages.log. com.ibm.ws.session.WASSessionCore I SESN0176I: A new session context will be created for application key default_host/webstart com.ibm.ws.webcontainer E SRVE8059E: An unexpected exception occurred when trying to retrieve the session context java.util.ServiceConfigurationError: org.apache.logging.log4j.util.PropertySource: Provider org.apache.logging.log4j.util.EnvironmentPropertySource not a subtype at java.util.ServiceLoader.fail(ServiceLoader.java:250) at java.util.ServiceLoader.access$300(ServiceLoader.java:196) Description of fix: Removed conflicting classes from ccwc-6.1.jar to avoid the offending Serviceloader error. -------------------------------------------- List of Fixes (or Enhancements) included in Control Center 6.1.2.0 iFix03 (Released 07/01/2019) 1. IT28811/R17565/MFT-10272 (2019-04-16) Description of issue: Classic Console Netmap filter not functioning for CD windows servers. Description of fix: Correct CD windows references. 2. IT28819/R17566/MFT-10285 (2019-04-16) Description of issue: ICC is unable to successfully monitor a CD i5 system using iASP resources Description of fix: Logic added to detect whether or not iASP is being used and if so, the path used to find the CDSTATFILE is now prefixed with the iASP name. 3. IT28883/R17572/MFT-10191 (2019-04-22) Description of issue: Any time a server group or server name contains the string "GIS" it is changed to "SI". Description of fix: Fixed the logic that was originally put in place to address the name change for the abbreviation of Gentran Integration Server to Sterling Integrator to only change GIS to B2Bi when appropriate. 4. IT28909/R17570/MFT-10301 (2019-04-24) Description of issue: The Content-Security-Policy default-src header does not include the default host name and so some web console pages are blocked. Description of fix: Fixed the logic that adds host names to the Content-Security-Policy header to include the default host name and any Cognos host name. 5. IT28939/R17574/MFT-10315 (2019-04-25) Description of issue: When running the certificate expiry task which raises events for Connect:Direct servers with certficates that have expired, an exception occurred processing one certificate that caused no more certificates to be processed. Description of fix: All exceptions are now caught when processing Connect:Direct server certificates so processing will continue for certificates on other Connect:Direct servers even if a problem is found. Also, the error that is logged has been enhanced to include the certificate name and text to allow for easier problem determination. 6. IT28988/R17576/MFT-10293 (2019-04-27) Description of issue: Menu items seem to disappear on Windows 10/Server 2016 when hovered over. Description of fix: Ensure that text remains a viewable color. 7. R17520/MFT-10326 (2019-05-01) Description of issue: Excessive delay when handling Alerts with DVG set. Description of fix: Custom queries substituted for the ones generated by OpenJPA to effect the appropriate database updates required to handle alerts with DVGs set. 8. IT29019/R17579/MFT-10258 (2019-05-02) Description of issue: Windows install fails when using Oracle SCAN, due to a DB connection failure. The Windows GUI installer does not honor the "Oracle RAC/SCAN" radio button when using a SCAN DB (i.e. a single DB host name/ip is specified). Since the installer does not correctly recognize this as a RAC/SCAN DB the wrong JDBC connection string is used, causing the connection to fail. Description of fix: Corrected the installer to properly set the result variable to true when the user selects the yes radio button. 9. IT29068/R17584/MFT-10346 (2019-05-09) Description of issue: Bad performance do to invalid index name hint specified in a Oracle SQL query. The query erroneously specified EVENTS_STAT_INDEX instead of the correct index name of EVENTS_STAT_IDX. Description of fix: Corrected the query to use the proper index name hint as follows: SELECT /*+ INDEX(EVENTS EVENTS_STAT_IDX) */ "EVENT_ID", "NODE_ID", "NODE_TYPE", "NODE_NAME", "ORIG_NODE", "PROC_ID", "PROC_NAME", "DATE_TIME", "XFER", "SUBMITTER", "EVENT_TYPE", "RET_CODE", "XFER_DIRECTION", "FILE_SIZE", "SOURCE_FILE", "DEST_FILE", "XML_STRING", "STEP_NAME", "TAG_XML", "SERIAL_NUM", "SEQ_NUM", "MSG_ID", "SHORT_MSG", "CC_NAME". 10. IT29096/R17588/MFT-10261 (2019-05-14) Description of issue: Requirement to address the following vulnerability in Websphere/Liberty: CVEID: CVE-2019-4046 5.9. Description of fix: Upgraded Websphere Liberty to 19.0.0.4 (from 19.0.0.2). 11. IT29536/MFT-10133 (2019-05-31) Description of issue: Required Cognos iFix package upgrade to address multiple vulnerabilities in ICU and JSCH components. Please note that a Black Duck scan incorrectly repoted the CVEs against ICU (International Components for Unicode) for Java (icu4j-4.8.1.1.jar). The CVEs that were identified are actually with ICU for C++. The following CVEs have been addressed by patching the Cognos 4.8.1 version of ICU for C++ (icu .dll or .so files). CVE Cognos APAR (or statement of not vulnerable) ------------- -------------------------------------------- CVE-2016-5725 PH08423 JSCH upgrade to jsch-0.1.55.jar (from 0.1.5.3) due to vulnerability CVE-2014-7923 PI95434 ICU for C++ [updates applied to icu .dll or .so files) CVE-2014-8147 PI95434 ICU for C++ [updates applied to icu .dll or .so files) CVE-2017-15422 PI95434 ICU for C++ [updates applied to icu .dll or .so files) CVE-2014-9654 PI95434 ICU for C++ [updates applied to icu .dll or .so files) CVE-2011-4599 PI95434 ICU for C++ [updates applied to icu .dll or .so files) CVE-2014-8146 PI95434 ICU for C++ [updates applied to icu .dll or .so files) CVE-2014-7926 PI95434 ICU for C++ [updates applied to icu .dll or .so files) CVE-2014-9911 Cognos is not vulnerable CVE-2015-5922 Cognos is not vulnerable CVE-2017-15396 Cognos is not vulnerable Description of fix: Upgraded from Cognos 11.0.13 to 11.0.13 IF1014. 12. IT29535/R17611/MFT-10397 (2019-06-12) Description of issue: Apache Commons FileUpload - Old Versions Still Exist After Upgrade (CVE-2016-1000031). A prior fix originally addressed this issue, which you can see further down in this fix list (IT25861/R568327 (2018-06-27)). However, the older commons-fileupload-1.3.2.jar erroneously remained in a Cognos directory (i.e. /Cognos/webapps/p2pd/WEB-INF/lib). Description of fix: Updated the installer to copy commons-fileupload-1.3.3.jar (instead of 1.3.2) into the above mentioned directory. -------------------------------------------- List of Fixes (or Enhancements) included in Control Center 6.1.2.0 iFix02 (Released 04/15/2019) 1. IT27408/R17480/MFT-9870 (2019-01-24) Description of issue: If a Control Center scheduled report is running when the connection to the Cognos is lost, either due to temporary unavailability or due to Cognos fail over from Active to Standby, the report fails. Description of fix: Added Control Center fail over logic to allow the scheduled reports to retry the failed report after the connection with Cognos has been re-established. Added new engine properties parameter COGNOS_REPORT_RECOVERY_RETRY_TIMES which defaults to 15 but can be set to any value 1 to 60. New Parameter: COGNOS_REPORT_RECOVERY_RETRY_TIMES=15 | 1-60 A failed Control Center scheduled report will retry 15 times (by default) before giving up. If the failure is just a temporary failed ping response, the recovery should only take 1-2 tries. If its a Cognos fail over, where the Standby Cognos is becoming the Active Cognos, it could take 8-15 tries, depending on how fast the fail over occurs. Each try takes 1 minute, so if you know it takes more than 15 minutes for your Standby Cognos can become active, you will need to change to a higher retry value. You can update this value by the web console properties panel by adding/updating this line in engine.properties: 15 For example, if it takes 18 minutes for your Standby Cognos to become the Active Cognos, set this value to 20 (18 plus a little buffer). Maximum value is 60. 2. R17517/MFT-10145 (2019-02-01) Description of issue: Unable to update data for several ICC service configurations Description of fix: Added DiscoveryService.xml, EventProcessorService.xml, and NodeConfigService.xml to the properties that may be viewed and updated via the ICC Web console. 3. IT28024 / MFT-10146 (2019-02-07) Description of issue: If the WebSphere locale is set to a locale not supported by ICC, message bundles are not loaded resulting in the web console not functioning. Description of fix: Added logic to load English versions of message bundles if the locale set is not supported by ICC. 4. IT28298 / MFT-10187 (2019-03-05) Description of issue: Control Center launch page statement of classic console minimum JRE level is incorrect. Description of fix: Change statement to JAVA 1.8 update 191. 5. IT28250/R17538/MFT-10169 (2019-03-08) Description of issue: Control Center cannot connect to a MSSQL database when the DB server is hardened (i.e. allows only TLSv1.2). In this scenario, the DB server requires the logon exchange to use TLSv1.2. However, the IBM JRE uses the default SSL context of TLS only (i.e. -Dcom.ibm.jsse2.overrideDefaultTLS=false). This protocol imcompatibility causes Control Center to fail when attempting any database connection. Description of fix: Changed the default SSL context to match that of the Oracle JRE (i.e. allow TLS V1.0, V1.1, and V1.2) via JVM property: -Dcom.ibm.jsse2.overrideDefaultTLS=true. In order to revert back to the old default value of -Dcom.ibm.jsse2.overrideDefaultTLS=false, set COM_IBM_JSSE2_OVERRIDE_DEFAULT_TLS=FALSE in /conf/InstallationInfo.properties per the following: InstallationInfo.properties JRE options.default ---------------------------------------- ---------------------------------------- COM_IBM_JSSE2_OVERRIDE_DEFAULT_TLS=FALSE -Dcom.ibm.jsse2.overrideDefaultTLS=false COM_IBM_JSSE2_OVERRIDE_DEFAULT_TLS=TRUE -Dcom.ibm.jsse2.overrideDefaultTLS=true property NOT specified -Dcom.ibm.jsse2.overrideDefaultTLS=true The above InstallationInfo.properties setting will cause the following options.default files to be updated during configCC.bat|sh execution: \jre\bin\default\options.default Windows (used if jvm NOT using compressed references) \jre\bin\compressedrefs\options.default Windows (used if jvm using compressed references) \Cognos\jre\bin\default\options.default Windows (used if jvm NOT using compressed references) \Cognos\jre\bin\compressedrefs\options.default Windows (used if jvm using compressed references) ----------------------------------------------------------------------------------------------------------------- /jre/lib/amd64/default/options.default Linux (used if jvm NOT using compressed references) /jre/lib/amd64/compressedrefs/options.default Linux (used if jvm using compressed references) /Cognos/jre/lib/amd64/default/options.default Linux (used if jvm NOT using compressed references) /Cognos/jre/lib/amd64/compressedrefs/options.default Linux (used if jvm using compressed references) ----------------------------------------------------------------------------------------------------------------- /jre/lib/ppc64/default/options.default AIX (used if jvm NOT using compressed references) /jre/lib/ppc64/compressedrefs/options.default AIX (used if jvm using compressed references) /Cognos/jre/lib/ppc64/default/options.default AIX (used if jvm NOT using compressed references) /Cognos/jre/lib/ppc64/compressedrefs/options.default AIX (used if jvm using compressed references) 6. IT28646 / R17542 / MFT-10209 (2019-03-13) Description of issue: Required IBM JRE upgrade to address CVE-2018-3180 (CVSS 5.6) in the Oct 2018 Java CPU and CVE-2018-1890 (CVSS 5.6) in the Jan 2019 Java CPU. Description of fix: Upgraded from 8.0.5.27 to 8.0.5.30. 7. IT28716 / R17553 / MFT-10239 / MFT-10240 / MFT-10259 / MFT-10261 (2019-03-22) Description of issue: Requirement to address the following vulnerabilities in Websphere/Liberty: CVE-2018-3169 CVSS 8.3 / CVE-2014-7810, CVSS 5 / CVE-2018-1767 CVSS 6.1 Description of fix: Upgraded Websphere Liberty to 19.0.0.2 (from 18.0.0.4). 8. IT28686 / R17559 / MFT-10200 (2019-04-05) Description of issue: Occasionally a scheduled "SFG Route Detail by Producer" report does not run to completion (i.e. no results returned). This was caused by producer being a null value in a record. Description of fix: Added guard code to allow the report to continue running when the producer is null. 9. IT28708 / R17561 / MFT-10188 (2019-04-06) Description of issue: Classic console does not show file agent status. Description of fix: Updated file agent handling. 10. IT28677 / R17558 /MFT-10252 (2019-04-08) Description of issue: Whenever the Red Hat Version is 6.10 or greater (version of 6.1x), then when comparing it with 6.5 (minimum required level) the result returned was erroneously that 6.10 is a lower version than 6.5 and because of that we were getting unsupported version of Linux error message during configCC. Description of fix: Added a new function to correctly compare the digits after decimal places. 11. IT28715 / R17562 / MFT-10260 (2019-04-08) Description of issue: Requirement to address the following vulnerability in Apache ActiveMQ: CVE-2019-0222 CVSS 7. Description of fix: Upgraded to Apache ActiveMQ 5.15.9 -------------------------------------------- List of Fixes (or Enhancements) included in Control Center 6.1.2.0 iFix01 (Released 01/22/2019) 1. IT26990/R17454/MFT-10000 (2018-11-26) Description of issue: ICC was falling behind in monitoring of B2Bi servers because regardless of how much data was available, B2Bi would only respond with one record less than the limit specified by ICC. Description of fix: Rather than going in to catchup mode, which means the logic would not wait monitor rest time number of seconds before requesting more data, only when record limit number of records were returned, ICC will enter catchup mode whenever 90% of the specified record limit, or more, records are returned by the monitored server. 2. IT25800/R17352/MFT-9890 (2018-12-7) Description of issue: Database performance with MSSQL non-globalized databases still exists. Description of fix: A problem was discovered with the previous delivery for this issue where the database URL used by the EP still included SendStringParametersAsUnicode, with a value of FALSE, even when the user did choose to globalize the ICC MSSQL database. This problem is now rectified. 3. IT26855/R17435/MFT-9986 (2018-12-7) Description of issue: ICC would not start because the SLC service was unable to initialize itself. Description of fix: Problem was found in one specific SLC schedule whose monitor window started at the same time the transition from Daylight Saving Time to Standard time. The logic got stuck in a loop calculating the next time the SLC should be active. Fixed the logic to not loop. 4. R17471/CCP-14836 (2018-12-7) Description of issue: Using a CCAPI based application to retrieve DVGs, like the CCAPI Sample program does, results in a Null Pointer Exception being thrown. Description of fix: Changed the logic used both by the CCAPI and the engine to realize when it was being executed by a CCAPI based program and not run code that only works in the engine environment. 5. R17406/CCP-14719 (2018-12-7) Description of issue: Server view process count does not include queued processes. Description of fix: SQL used to ascertain the count of processes modified to find both completed and processes that have started, but not completed, within the timeframe to be displayed. 6. R17474/CCP-14837 (2018-12-9) Description of issue: When two configuration versions of the same object are created in the same millisecond the list of versions may be in the wrong order. Description of fix: The query to retrieve configuration versions was ammended to use the version ID as a tie breaker when the times the versions are created show to be the same. 7. IT27338/R17479/MFT-9871 (2018-12-12) Description of issue: Cognos creates a WIndows service which by default is set to start automatically after each machine re-boot. This can cause the Cognos service to be started outside the scope of Control Center and cause problems with Control Center / Cognos interoperability. Control Center must initiate Cognos startup during normal Control Center startup initialization. Description of fix: Added code during engine startup to ensure the Cognos Windows service is set to start on demand (instead of automatically), by issuing the following Windows Service Control command: sc config "IBM Cognos:ppppp" start= demand (where ppppp = Cognos dispatcher port). The following new messages will be seen in the engine log, showing the command execution and results: INFO CognosStarter - Running Windows Service Control command: [CMD, /C, sc config "IBM Cognos:ppppp" start= demand] INFO CognosStarter - [SC] ChangeServiceConfig SUCCESS INFO CognosStarter - Windows Service Control command Exit Value is 0 8. IT27184/R17473/MFT-10030 (2018-12-13) Description of issue: EventMonitor is in catchup mode and as a result SLCs generate false alerts. Description of fix: Sped up one aspect of the EventMonitor logic, revised the metrics it outputs once an hour, made it only log that it is in catchup when it transitions to that mode, and changed a query used by EventMonitor (for MSSQL only) to retrieve event data that caused some events to be processed by it more than once. (Note the query change made for MSSQL databases was a copy of the change made for R17484/MFT-10058 done in ICC releases 6110 and 6120). One new engine.properties property was added named EVENT_MONITOR_THREADS. It's default value is 2. You may set it to any valid integer starting at 1. In theory, the higher the value, the more threads that will be applied to make the one aspect of EventMonitor logic altered go faster. In reality, since threads require CPUs to run them, the hardware used to run ICC on will actually dictate the optimum value for EVENT_MONITOR_THREADS. Setting the value higher than 8 is not advised. 9. MFT-8464 / R17457 (2018-12-12) Description of issue: Email Action with an extra comma in the 'to' address gets error when trying to move from conf to CC_USER table, preventing the engine from starting. Description of fix: Modified code to recognize extra commas so null or blank email addresses don't get created. 10. CPP-14680 / R17389 (2018-12-12) Description of issue: The web console Email list addresses import address / export address links do not align to the end of the text box. Description of fix: Modified css to align import addresses / export addresses on web console Email List panel. 11. CCP-11246 / R17469 (2018-12-12) Description of issue: When a user with server=none permission redirects from the java console to the web console by selecting a server from the node tree, the web console gets a null pointer exception (NPE). Description of fix: If a user has server=none permission, redirect to the selected web console for all servers instead of trying to redirect to just that specific server. 12. IT27431 / R17487 / MFT-10063 (2018-12-19) Description of issue: The Data Collector (runDataCollector.bat|sh) is not including the /conf directory in the zip file. A non-related change erroneously caused the source path to not be fully qualified. Description of fix: Corrected the logic to construct the full path. 13. IT27657 / R17493 / MFT-10085 (2019-01-03) Description of issue: The Data Collector (runDataCollector.bat|sh) does not return to the command line prompt upon completion. A non-related change erroneously caused a java thread to remain active upon program exit, leaving the JVM active and never returning control to the script. Description of fix: Corrected the logic to ensure the program exited and correctly returns control the the runDataCollector script. 14. IT27662/R17485/MFT-10051 (2018-12-17) Description of issue: Control Center late sending out email notifications Description of fix: After ascertaining from metrics gathered produced by the initial changes for this problem that the queries used to set the arrived file source were primarily responsible for the processing slowdowns experienced when setting the SET_ARRIVED_FILE_SOURCE property true, the algorithm used to set the arrived file source values was altered to use an in memory cache of file names, which is updated while processing AFT data, while processing SFG data instead of queries. Two new engine properties were added: - B2BI_FILE_NAME_CACHE_SIZE and - USE_QUERY_TO_SET_ARRIVED_FILE_SOURCE B2BI_FILE_NAME_CACHE_SIZE takes any integer value greater than zero. It's default is 300000. USE_QUERY_TO_SET_ARRIVED_FILE_SOURCE takes either True or False. It's default is False. 15. IT27672/R17491/MFT-10086 (2019-01-07) Description of issue: Upgrade failing with unsupported driver file message when mssql-jdbc-7.0.0.jre8.jar used Description of fix: Addressed spots in logic that needed to be updated to allow valid JDBC driver file names to be specified without error. 16. CCP-14769 / MFT-10073 / R17476 (2019-01-07) Description of issue: Security scan found SerialDos Limited Deserialization Vulnerability Description of fix: Remove deserialization calls for the web server 10x pages. 17. CCP-14770 / MFT-10074 / R17477 (2019-01-07) Description of issue: Security scan found XML External Entity (XXE) Vulnerability Description of fix: Do not allow xml to set document type in web server. 18. CCP-14777 / MFT-10075 / R17486 (2019-01-07) Description of issue: Security scan found that alert comments have no input validation for harmful characters. Description of fix: Add validator to alert comments to not allow characters "& ` \" ' < > | #". 19. CCP-14768 / MFT-10105 / R17490 (2019-01-07) Description of issue: Security scan found Commons Collections Deserialization Vulnerability Description of fix: Upgrade from WebSphere Application Server 18.0.0.1 to WebSphere Application Server 18.0.0.4 20. CCP-14789 / MFT-10083 / R17489 (2019-01-08) Description of issue: Security scan found Missing or insecure "X-XSS-Protection" header Description of fix: Add a new security filter which sets the X-XSS-Protection header. 21. CCP-14790 / MFT-10083 / R17489 (2019-01-08) Description of issue: Security scan found Authentication Bypass Using HTTP Verb Tampering Description of fix: Add a new security filter which limits verbs that can be used. 22. CCP-14788 / MFT-10083 / R17489 (2019-01-08) Description of issue: Security scan found Missing or insecure "X-Content-Type-Options" header Description of fix: Add a new security filter which adds X-Content-Type-Options header. 23. CCP-14846 / MFT-10079 / R17488 (2019-01-08) Description of issue: Security scan found Missing Security Relevant HTTP Headers in Launch Page Description of fix: Add security headers to index.jsp for IBM Control Center launch page. 24. IT27713 / R17502 / MFT-10111 (2019-01-10) Description of issue: Due to changes made by IBM in November 2018 Data Collectors from Windows Servers will not unpack correctly in ECuRep Description of fix: Any place back slashes were used in archived files they have been replaced with forward slashes. 25. IT27740/R17503/MFT-10110 (2019-01-11) Description of issue: Customer had used an incorrect upgrade process, which resulted in Control Center not starting due to an "orphan CC_CONTROLLER record" Description of fix: At startup, logic was added such that if it finds the CC_CONTROLLER table references an EP that no longer exists, or a server that is not an EP, and there is but a single EP defined then update the CC_CONTROLLER table such that it will reference a valid EP and startup will continue rather than abort. In all cases, even when "recovery" is not performed, new messages will be written to the engine log describing the issue detected and the attempt to recover, or not, from it rather than just logging that a null pointer exception occurred. 26. R17504/CCP-14895 (2019-01-15) Description of issue: If Cognos report server debug is on, running reports results in the data collection / temporary table creation to occur twice. Description of fix: Modified debug logging in client side code to not call data collection a second time but to report the results from the prior call of the data collection. 27. IT27771/R17506/MFT-10115 (2019-01-15) Description of issue: Unable to open the classic console from the launch page. The level of JRE 8.0.5.22 was found to cause this intermittent problem. The error symptoms are as follows: On the client side the java console displays "JNLParseException[ Could not parse launch file. Error at line 0." On the web server side /web/wlp/usr/servers/defaultServer/logs/message.log displays "java.lang.NullPointerException". Description of fix: Upgraded the IBM JRE from 8.0.5.22 to 8.0.5.27. -------------------------------------------- ************************************************************************************************* All fix items listed ABOVE represent fixes made after 6.1.2.0 GA (i.e. 6.1.2.0 iFix01 and later). All fix items listed BELOW represent fixes included in 6.1.2.0 GA. ************************************************************************************************* -------------------------------------------- 6.1.2.0 (Released 12/15/2018) The following represent 6.1.1.0 iFixes included in 6.1.2.0 GA base release List of Fixes (or Enhancements) included in Control Center 6.1.1.0 iFix06 (Released mm/dd/yyyy - note: iFix06 was not yet released at time of this fix list compilation) 1. IT27092/R17456/CCP-14800 (2018-11-26) Description of issue: After enabling user key on 2 EP system, I cannot start engine nor can the user key be disabled on EP2 Description of fix: The logic used to see if the EP was already running previously needed to decrypt data before the user key was provided by the user. The logic was changed to not need the user key at that point during EP startup. 2. IT26933/R17436/MFT-9952 (2018-11-26) Description of issue: User key shows in plain text in the web console looking at Manage EP Properties Description of fix: Obfuscated the user key in the logs and in the display of the web console. 3. IT27093/R17460/CCP-14806 (2018-11-26) Description of issue: SEAS authenticated user cannot run reports via swing and UI or get to Cognos Welcome Page. Description of fix: Went back to using one time tokens instead of user ID and passwords for authentications because ICC does not know/retain password for SEAS authenticated users. 4. IT25800/R17352/MFT-9890 (2018-12-2) Description of issue: Database performance with MSSQL non-globalized databases. Description of fix: For new MSSQL databases, when globalized, character columns will all be NVARCHAR, and when not globalized all character columns will be VARCHAR. Also, when using a non-globalized database, the database connection URL will now include a new parameter - SendStringParametersAsUnicode, with a value of FALSE. The default value for this parameter is TRUE, but when TRUE, and using a non-globalized database, the database server tends to not use existing indices, slowing database performance. 5. R17406 (2018-12-2) Description of issue: Process count for server view did not include queued processes. Description of fix: Fixed logic to account for queued and completed processes in count for server view. -------------------------------------------- List of Fixes (or Enhancements) included in Control Center 6.1.1.0 iFix05 (Released 11/15/2018) 1. IT25712/R572061 (2018-08-03) Description of issue: Process summarization is slow. Description of fix: Added logic to output metrics from the process summarization logic once an hour to the engine logs so we can know where time is being spent. Also, two properties - DO_NOT_CALCULATE_ROW_COUNTS and PROCS_TO_SUMMARIZE_AT_ONCE, may now be updated and an engine restart for them to take effect is no longer required. Now, as soon as those properties are changed, they will be used. Additional engine logging to show property settings, along with when they are changed, has been added. 2. IT25897/R572786 (2018-08-03) Description of issue: Occasionally reports fail with error CM-CAM-4005 Unable to authenticate because the ICC to Cognos login has expired. And scheduled reports sometimes attempt to run before Cognos is fully up and configured. Description of fix: The login should only expire after a year of inactivity or if Cognos crashes but for some reason it is expiring after hours or days so added logic to check every minute that the Cognos login is still valid and if it gets a authentication error, login again. If a report fails on its first attempt due to authentication errors, wait one minute (so re-login can be done) and then try again. Also, do not allow scheduled reports to run unless Cognos is fully up and configured. If a scheduled report tries to run before Cognos is ready, it will wait a minute and try again until Cognos is ready. 3. IT25932/R17348 (2018-08-14) Description of issue: Null pointer exceptions occurred while processing events when checking a role that had been recently deleted. Description of fix: Ensure the role associated with a user about to be notified still exists before referencing it. 4. IT26069/MFT-9885/R17354 (2018-08-31) Description of issue: When running configCC to update Cognos properties, the EP's LAST_CHECKIN value gets updated in the CC_SERVER table, falsely implying the EP is running. Description of fix: Changed code to not update the CC_SERVER.LAST_CHECKIN value when configCC is run. 5. IT26242/MFT-9897/R17357 (2018-09-10) Description of issue: Using the web console to view events, completed processes, and completed file transfers for individual servers is slow. That slowness was determined to be due to the queries run by the web console logic to get the data back as far as a year from the present date. Description of fix: Added a new engine property - DEFAULT_DAYS_OF_HISTORY, with a default value of 366. When this engine property is specified, it can be used to reduce the range of data selected caused to be selected by the web console, which can reduce the amount of time it takes for the queries to run, making the web console seem to run faster. Valid value for DEFAULT_DAYS_OF_HISTORY is an integer, value 1 and higher. 6. IT26279/MFT-9884/R17349 (2018-09-14) Description of issue: Query to retrieve events associated with a component is very slow. Description of fix: A new index was added to the EVENTS table named EVENTS_COMPONENTS. Also, changes were made to ensure events associated with components set a value for EVENTS.COMPONENT_ID as they should. Finally, an issue found when attempting to stop or start a B2Bi adapter associated with multiple nodes was corrected. 7. IT26308/MFT-9919 (2018-09-14) Description of issue: Customer received a Cognos email notification due the mobile "Apple Push Notification" certificate nearing expiration. The following warning message was also observerd in \Cognos\logs\mob.log: "2018-09-10 19:30:08,889 [pool-47-thread-1] WARN com.cognos.mobile.server.apns.APNSCertificateExpiredChecker - Your Apple Push Notification Certificate will expire in 9 days." This certificate expires yearly, but does not cause any functional / operational issue with the product, since the mobile feature is not used. Description of fix: Updated the installer with the latest Apple Push Notification certificate. There will be a subsequent Control Center fix to attempt to permanently disable the mobile feature within Cognos, as to avoid having to update the certificate annually. Please refer to the following link if you would like to update the certificate yourself in lieu of applying the fix package for this issue: http://www-01.ibm.com/support/docview.wss?uid=swg24034258 8. No APAR/CCP-14678/R17359 (2018-09-14) Description of issue: The Cognos supplied jre located in /Cognos/jre sometimes might be lagging behind the latest Control Center supplied jre by one or more fix pack levels. Descripton of fix: Modified the installer to copy /jre to /Cognos/jre during installation/upgrade. 9.IT26462//MFT-9904/R17366 (2018-10-05) Description of issue: configCC is not remembering the Cognos database is a RAC SCAN. When an Oracle (RAC) SCAN database connection is configured, and the user prompts configCC to re-configure Cognos, the context of the database is mis-interpereted and the following existing values are either incorrectly displayed or missing altogether in the following user input display prompts: Cognos configuration ... Is your database for Cognos an Oracle RAC environment?(Y/N) [N] : ---> should be [Y] How many nodes are in this Oracle RAC environment? [2] ---> should be [1] Provide the database host name for Cognos: 1 []. : ---> should be [existing DB host]) Provide the database port number for Cognos: 1 []. : ---> should be [existing DB port]) When an Oracle (RAC) SCAN database connection is configured, and the user prompts configCC to NOT re-configure Cognos, the wrong database URL (connection string) is generated and congigCC fails due to a DB connection error. Description of fix: Corrected the logic to properly recognize the existing database is an Oracle RAC SCAN (i.e. only one host/ip pair is specified). 10. IT26600/R17383/MFT-9962 (2018-10-11) Description of issue: Required IBM JRE upgrade to address CVE-2018-1656 in the July 2018 Java CPU. Description of fix: Upgraded from 8.0.5.17 to 8.0.5.22. 11. R17413 (2018-10-22) Description of issue: The process count for servers in the Web console Server Group view did not necessarily include the count of queued processes. Description of fix: Corrected the query used to get the process count in two ways. First, the query now looks for processess started in a specific range to include queued processes. Plus, the date range used in the query now utilizes the engine property DEFAULT_DAYS_OF_HISTORY instead of always going back a full year. 12. IT26695/R17412/MFT-9960 (2018-10-22) Description of issue: Web console initiates a SELECT on the EVENTS table with no WHERE clause when handling multiple alerts if there are both Linked Rule and SLC alerts Description of fix: Corrected the logic used to find Linked Rule and SLC alerts to prevent a SELECT with no WHERE clause from being initiated to prevent a perceived hang in the Web console 13. IT26875/R17439/MFT-9999 (2018-11-08) Description of issue: Address security issues in ActiveMQ 5.14.2. Description of fix: Upgraded ActiveMQ to 5.15.6. -------------------------------------------- List of Fixes (or Enhancements) included in Control Center 6.1.1.0 iFix04 (Released 07/31/2018) 1. IT25144/R568829 (2018-05-23) Description of issue: When the first ICC user with role superuser is a externally authenticated user, ICC is not able to connect to Cognos due to an authentication failure. Description of fix: Changed code to distinguish between a null password and an blank password so that the token is used during authentication. 2. IT25146/R569306 (2018-05-24) Description if issue: Data stored in CONFIG_JOBS related to configuration management jobs is not purged according to the system's purge settings when the database has been partitioned. Description of fix: Added logic to initiate the purge of configuration management jobs from CONFIG_JOBS when a partitioned database is used. 3. IT25131/R568413 (2018-05-25) Description of issue: When IBM Control Center is installed using a MSSQL instance name, subsequent runs of configCC gets array index error when trying to process the instance name. Description of fix: Modified configCC to handle MSSQL Instance names. Modified Install Anywhere to not allow back slash in MSSQL host name for Cognos database. 4. IT25218/R568634 (2018-06-01) Description of issue: Control Center displaying incorrect CD Secure Plus enabled setting in server list view. Description of fix: Properly handle values returned by CD servers. Note that CDU will require an update. 5. IT25263/R562272 (2018-06-06) Description of issue: Data collector utility incurs an out of memory when running. Description of fix: Changed logic to read data added to data collector output in chunks instead of a file at a time to avoid problems when extremely large files exist. New property, DC_BUFFER_SIZE, added, with a default of 100000000 (100MB), which may be adjusted via the script/bat file used to run the utility if necessary. 6. IT25093/R568223 (2018-06-14) Description of issue: Control Center 6.0.0.1 and 6.1 - Performance/Deadlocks. Description of fix: Deadlock occurring on MSSQL server caused by contention between the query that inserted data in to EVENTS and a second query that updated alert events related to an SLC that were to be automatically handled. The update event logic was made more efficient to reduce contention on the EVENTS database table. 7. IT25395/R570754 (2018-06-18) Description of issue: Records Missing from CC_PROCESS table. Description of fix: Malformed JSON documents received from an OSA server were noted in the engine log with no helpful information. Logic was added to include the ID of the event, the ID of the originating server, as well as the JSON document text in the exception that is logged. 8. IT25405/R570773 (2018-06-18) Description of issue: Arrived file route and delivery step names need to be unique to facilitate step based SLCs. Description of fix: Instead of just using ArrivedFile, Route and Delivery for step names, the arrived file key, route key, and delivery key values will be appended to the respective step names created to make them all unique. 9. IT25413/R570840 (2018-06-19) Description of issue: When an invalid response from the B2Bi server was received it's logged, and when that response contained a password, it was not obfuscated. Description of fix: Added a new XML element name, auth, to the list of elements whose values need to be obfuscated before they are logged. 10. IT25861/R568327 (2018-06-27) Description of issue: Required upgrade of current version of Websphere Liberty in order to address CVE-2016-1000031 (apache commons-fileupload). Original Websphere Security Bulletin: https://www-01.ibm.com/support/docview.wss?uid=swg22011428 Description of fix: Upgraded Liberty from 16.0.0.4 to 18.0.0.1. 11. IT25541/R571451 (2018-06-27) Description of issue: Required upgrade to current thirdparty components (quartz and jgoodies). Description of fix: Upgraded to the latest component jar files. 12. IT25517/R571053/R571448 (2018-06-29) Description of issue: SFG Data received from B2Bi repeatedly causing an exception resulting in ICC erroneously showing the server as down. Description of fix: Logic added to watch for this situation and avoid exceptions being incurred with no loss of data. 13. IT25622/R571843 (2018-07-09) Description of issue: Unable to use the CCAPI to retrieve server details for a server in a NEVER_CONTACTED status. Description of fix: Logic had been added to code used by the CCAPI and the Control Center EP and it should only run when running in an EP environment, otherwise an exception is thrown. Code was added to prevent this from occurring. 14: IT25397/R570710 (2018-07-06) Description of issue: Cognos schedules (not ICC schedules) are failing because they are authenticated using tokens and the token is deleted after being authenticated so they are not available for reuse. Description of fix: Changed the Cognos schedule authentication to use encrypted passwords and not tokens. Note, you will need to delete any existing Cognos schedule (the schedules created via the Cognos GUI, not those created via the ICC Java console GUI) and recreate them after installing this fix. 15. IT25542/R569559 (2018-07-06) Description of issue: When multiple Control Center Automated Reports use separate schedules with the same time, the reports can fail with an CANNOT_FORWARD_TO_ABSOLUTE_AFFINITY_NODE error. Description of fix: Modified the code to call the Cognos email logic inside the Cognos lock where the report is run instead of it running outside of the Cognos lock. 16. IT25678/R572140 (2018-07-20) Description of issue: When Cognos is starting and ICC is configuring it, a repetitive Null Pointer Exception causes large core dumps. Description of fix: Correct the Null Pointer Exception in a Cognos configuration debug message. 17. IT25712/R572061 (2018-07-23) Description of issue: Process summarization slow. Inefficient logic found in MQMFT node service logic, which may or may not be related, found. Description of fix: Logic that converts MQMFT data into IBM Control Center events was made more efficient. Also, logic was added to the Process summary service to cause it to output helpful metrics, once an hour, to the engine log file. Plus new warnings will be logged if the time it takes to summarize a process, or a file transfer, takes too long. Two new engine properties, MAX_TIME_TO_SUMMARIZE_PROCESS_WITHOUT_WARNING and MAX_TIME_TO_SUMMARIZE_FILE_TRANSFER_WITHOUT_WARNING, whose defaults are both 2000 (milliseconds), govern when those warnings would be logged. 18. IT25792/R572446 (2018-07-25) Description of issue: Sometimes java console users get error XQE-PLN-0148 when attempting to run a report and web console users get error DPR-ERR-2058 when going to the workspaces. Description of fix: ICC roles are only being added to Cognos accounts when the Cognos Authentication Module search method when it needs to be called with the first authentication to ensure its in place at the time needed. Added the loading of ICC users and roles to Cognos accounts at the time ICC connects to Cognos for the first time. 19. IT25676/R572148 (2018-07-27) Description of issue: Logic handling Server Component cluster events looks for the Server value in the event and throws an exception when it is not there. Also seeing ORA-02395 errors. Description of fix: Turns out the logic creating the Server Component cluster events used a string for server that actually gets translated when ICC runs in other countries, so it was changed to use a fixed constant of "ServerID" so this problem would not occur. For ORA-02395 errors, a new engine property, DO_NOT_CALCULATE_ROW_COUNTS, when specified with a value of TRUE, will tell ICC to not count the rows in its tables at startup and when the daily purge operation is done. 20. R571681 (2018-07-27) Description if issue: Handle new CDU initparm for file.ioexit. Description of fix: Added logic to support file.ioexit. 21. IT25868/R572233 (2018-07-17) Description of issue: Required IBM JRE upgrade to address CVE-2018-2783 in the April 2018 Java CPU. Original IBM Java APAR article: https://www-01.ibm.com/support/docview.wss?uid=swg1IJ06343 Description of fix: Upgraded from 8.0.5.10 to 8.0.5.17. -------------------------------------------- List of Fixes (or Enhancements) included in Control Center 6.1.1.0 iFix03 (Released 05/22/2018) 1. IT24844/R567618 (2018-04-25) Description of issue: When executing configCC.sh on a Linux RedHat 6 system, the error messages displaying the required Cognos libraries erroneously displayed the following RedHat 7 libraries: glibc-2.17-55.el7 (both i686 and x86_64 packages) libstdc++-4.8.2-16.el7 (both i686 and x86_64 packages) nspr-4.10.2-4.el7 (both i686 and x86_64 packages) nss-3.15.4-6.el7 (both i686 and x86_64 packages) motif-2.3.4-7.el7 (both i686 and x86_64 packages) Description of fix: Corrected the error messages to display the following RedHat 6 libraries: glibc-2.12-1.166.el6_7.1 (both i686 and x86_64 packages) libstdc++-4.4.7-16.el6 (both i386 and x86_64 packages) nspr-4.9.2-1.el6 (both i386 and x86_64 packages) nss-3.14.0.0-12.el6 (both i386 and x86_64 packages) openmotif-2.3.3-5.el6_3 (both i386 and x86_64 packages) 2. T24806/R565294 (2018-04-28) Description of issue: B2B node status and adapter status changes are only updated in Swing connected to the EP monitoring B2B. Description of fix: Updated logic to handle update events related to server components initiated by another EP for all Swing consoles regardless of the EP they're connected to. 3. R567012 / IT24932 (2018-05-02) Description of issue: Sometimes the Control Center engine cannot connect to Cognos even when Cognos is up due to installationInfo error because CONFIG_DIR has not been set. Description of fix: If Cognos saves a credential or a trusted credential, and when Cognos is started that credential is used instead of the values from the URL, then CONFIG_DIR is not set since its not saved in the Cognos credentials. This fix saves the CONFIG_DIR in the Cognos credentials. 4. IT25081/R568293 (2018-05-05) Description if issue: The jar signing certificate used by Control Center are set to expire on June 21, 2018. Control will stop functioning on this date. You must upgrade to 6.1.1.0 iFix03 or later in order to correct this. Description of fix: Replaced the certificate used for signing the jar files with a multi-year expiration date. -------------------------------------------- List of Fixes (or Enhancements) included in Control Center 6.1.1.0 iFix02 (Released 04/16/2018) 1. IT24101/R562331 (2018-02-19) Description of issue: Issues using tag mapping when trying to map the process data value Description of fix: The logic did not attempt to copy the processData element from the event when setting the EVENTS.TAG_XML column, which meant the mapped value for it was not there when the summarizer logic ran. 2. IT24100/R562520 (2018-02-19) Description of issue: Events passed to the DefaultSummarizer summarize method were missing values for message ID, message short text, and CC name Description of fix: Updated the SQL used to select data from EVENTS, which is subsequently used to create the event data passed to the summarizer method, to retrieve MSG_ID, SHORT_MSG, and CC_NAME. 3. IT23965/R556985 (2018/02/28) Description of Issue: The SFG Route Detail by Producer report is very slow when there are a large number of row in the EVENTS table. For some customers, its taking 4 hours to run the report. Description of Fix: Modified the query used to get the SFG Route Detail by Producer report data for better performance. Performance should go from hours to minutes. Created a new V_SFG_ROUTE_PRODUCER_REPORT view with just the columns needed for the report. Updated scripts to create the new View when ICC is installed or upgraded. Updated ReportService.xml to add new reportRecordReadLimit parameter with a default of 100000. Modified the java console report sort panel to specify "Max Database Records to Read" instead of "Max Records Returned" for the SFG Route Detail by Producer report. Modified the SFG Route Detail by Producer report filter code to account for missing data. Removed the filter for Consumer / Consumer File Name / Status from the SQL and let the filtering be done by code. Changed the status filter to be a drop down list with Routed and Failed as the two Process Status choices. New ReportService.xml parameter: reportRecordReadLimit=100000 Description: Determines the maximum value that can be set on the java console SFG Route Detail by Producer report Sort panel, "Max Database Records to Read" field. Determines the maximum number of records read from the database when generating the report. For example, if ReportService.xml has reportRecordReadLimit=400000, and the SFG Route Detail by Producer report Sort panel has "Max Database Records to Read"=200000, then when the SFG Route Detail by Producer report is run, it will read 200,000 records from V_SFG_ROUTE_PRODUCER_REPORT to generate the report. And since the SFG Route Detail by Producer report usually creates one report row per multiple records read, the resulting report will have less than 200,000 rows. If the report does not have as many rows of data as you want to see, increase "Max Database Records to Read" (to a max of 400000) on the sort panel until you get the desired number of rows. 4. IT24259/R562910 (2018-03-02) Description of issue: The web console does not reflect the correct number of adapters for a B2Bi cluster in the Web console dashboard after one of the nodes is stopped. Description of fix: Addressed a logic problem that caused the database to not be updated appropriately when the number of adapters changed. 5. IT24261/R563562 (2018-03-05) Description of issue: When CCenterHttpsParms.properties file is also copied on the Desktop it overrides what is in the \users\ folder but updates aren't saved there Description of fix: Whereever CCenterHttpsParms.properties file is, when updates are made, they will be saved to the original location of the properties file now 6. IT24298/R561033 (2018-03-06) Description of issue: The Remote node for Connect:Direct processes is not able to be seen, or filtered on, in the Web console queued process view as it was in the Java console Description of fix: The ability to customize the Web console's queued process view was added like it currently exists for the Completed process and file transfer views, and a Filter button was added to the Queued process view also like the one that exists in the Complete process and other views. 7. IT24187/R562809 (2018-02-23) Description of Issue: Server is being pauses when a batch update fails with a SQL Exception when the database is temporarily unavailable. Description of Fix: The recovery logic is checking the batch level SQL error codes / SQL state against DatabaseProperties.xml to see if a retry is needed when it needs to check the underlying record level SQL exception. Modified the recovery logic to check the error codes / SQL states of the record level exception instead of the batch level exception. Also added additional logging to show the error codes / SQL state of the exception that causes the batch not to retry to help with debugging. 8. IT24187/R564687 (2018-03-16) Description of issue: A monitored SI server was paused by the application during a short DB maintenance outage and server monitoring had to be manually resumed. Description of fix: Added DB2 error state 40506 and error code -1476 values to /conf/services/system/DatabaseProperties.xml. Including these values in the file will cause the server to NOT be paused when the DB2 data base is temporarily unavailable. This a follow-on to fix R562809 (Server getting paused when database maintenance performed), which made changes to expose the above mentioned error codes from within a generalized SQL batch update failure/code. 9. IT24428/R510512 (2018-03-20) Description of issue: The descriptions on the API Get Completed File List are wrong for how to enter date format and time format Description of fix: Description and help text for time format was updated. Turns out the date format documentation is correct. 10. IT24455/R565261 (2018-03-22) Description of issue: Control Center failed to start because two monitored servers with the same name existed in the database. Description of fix: If two users connected to different EPs created monitored servers with the same name at the same time it was possible to create two entries in the CC_SERVER table with the same name. An additional check was added to the console logic to prevent this from occurring. 11. IT24457/R565273 (2018-03-22) Description of issue: Server-type column settings for Completed Processes view are not being applied when viewing processes in a server-specific group. Description of fix: Addressed logic issue by passing types of servers in the group, instead of null, to the table display view logic. 12. IT24454/R565267 (2018-03-22) Description of issue: When running Alerts report, handled time and comment date are in UTC instead of preferred time Description of fix: Updated the Cognos configuration file for the report to convert the handled time and comment date to the user's preferred time zone. 13. IT24491/R564697 (2018-03-22) Description of issue: Changing the cert label to be used for a secure plus node required entering the cert reporisitory pass phrase which is not required for z/OS keyrings. Description of fix: Only require the pass phrase when specifying a new key database file for z/OS. 14. IT24549/R565301 (2018-03-27) Description of issue: RESTful API for roles (sccwebclient/svc/roles/) not returning correct information Description of fix: Updated the logic that ascertains the roles a user should be able to view based on thier role, and those are the roles the API will now return. 15. IT24576/R561198 (2018-03-29) Description of issue: ICC Secure+ Trusted Certificates Report does not honor updates to server groups unless the engine is restarted and sometimes hangs when submitted by the GUI console. Description of fix: Changed the code to get the server group list of servers from the engine server group manager cache instead of the old proxy cache that is not kept up to date. Changed the engine code to get the trusted certificates from the configuration cache instead of submitting a CD refresh job which could fail and hang the report. 16. IT24595/R561809 (2018-04-03) Description of issue: Unable to import renewed Secure+ certificate. Description of fix: Update code to pass required import mode to target CD. 17. IT24671/R561114 (2018-04-10) Description of Issue: Cognos user shown in Cognos Connection and Cognos Viewer panels show the first ICC user with superuser role instead of the web console or java console user. Description of Fix: When validating user on Cognos URLs, send a rest request to the ICC Engine to properly validate the user. Note: When a user has been authenticated to Cognos, Cognos creates a cam_passport cookie for that user. Cognos only allows a Cognos name space to be authenticated to once per browser session. So, even with this fix, if you sign on to the web console and go to the Group or Personal workspace, that user is authenticated to Cognos and saved into the cam_passport cookie. If you then open another window in the same browser and sign on to the web console with a different ICC user and go to the Group or Personal workspace, Cognos will not authenticate the new user but use the already authenticated from the first browser window. Once the browser session ends and the cam_passport cookie is deleted, the next workspace URL will cause that user to be authenticated. This is also true for the user shown on the Cognos Connection panel. This is a normal feature of browsers, keeping authenticated users in cookies so the user does not have to be re-authenticated until the session expires. 18. IT24686/R565758 (2018-04-19) Description of issue: When clicking on a Sterling File Gateway process in the Web console Completed process view, an error message that says "A system error has occurred. Please contact your system administrator." is displayed. Description of fix: The issue was caused by a message key word whose prefix contained an invalid XML character - "Params/". The fix was to eliminate "Params/" prefix from the keyword name. 19. IT24569/R565795 (2018-04-03) Description of issue: Required upgrade to Java 8.0.5.10 to resolve Jan 2018 quarterly Java security issues. Description of fix: Upgraded to Java 8.0.5.10. -------------------------------------------- List of Fixes (or Enhancements) included in Control Center 6.1.1.0 iFix01 (Released 02/14/2018) 1. IT23241/R556186 (2017-12-13) Description of issue: Even when the Engine.log4j rootlogger is set to ERROR, INFO level messages are written to the logs by node services. Description of fix: Node service logic would log data at DEBUG level when tracing was enabled, or at INFO level when tracing was disabled. Fixed Node service logic to log at level set for rootlogger when tracing disabled. 2. R557669 (2017-12-13) Description of issue: The datacollector did not include the files in the Cognos/wlp/usr/servers/cognosserver/logs folder in its output. Description of fix: Updated the datacollector logic to include the files in the Cognos/wlp/usr/servers/cognosserver/logs folder in its output. 3. RTC 556229 (2017-12-02) Description of issue: FTP W3C logs can cause a NumberFormatException if cs_bytes and sc_bytes have a dash. Description of fix: Allow W3C logs to have a dash in cs_bytes and sc_bytes. 4. IT23437/R557585 (2017-12-12) Description of Issue: Get Active Alerts and Get Active Alerts by Severity API's don't return alert id so user can't use it to call Handle Alert API. Description of Fix: Add alert id to the Get Active Alerts and Get Active Alerts by Severity API results. 5. IT23471 / R554775 (2017-12-13) Description of Issue: Cognos scheduled reports do not always run due to authentication errors when ICC tokens expire. Description of Fix: Modified Cognos authentication to use encoded password for authentication instead of ICC token which are deleted after authentication. 6. IT23328/R556467 (2017-12-20) Description of issue: Connection error when trying to make HTTPS requests to the Control Center API tool using the Interactive Console (via launch page), the following error results: Error in interactive console display: "Remote host closed connection during handshake". Error in Websphere/Liberty message log: E CWWKO0801E: Unable to initialize SSL connection. Unauthorized access was denied or security settings have expired. Exception is javax.net.ssl.SSLHandshakeException: Client requested protocol TLSv1 not enabled or not supported. This error only occurs when restricting the web server to use TLSv1.2 (i.e. engine.properties contains TLSv1.2). Description of fix: During engine startup, ensure the WLP jvm.options file (located in /web/wlp/usr/servers/defaultServer/jvm.options) contains the following property: -Dcom.ibm.jsse2.overrideDefaultTLS =true. When the value is set to true, it has the effect to allow/use TLSv1.2. 7. R556861 (2017-12-28) Description of issue: Failed HTTP REST call from Cognos Authentication Provider to ICC Web Service does not show HTTP response code. And commons-codec-1.9.jar is not being copied to Cognos AAA/lib. Description of fix: Add logging to SCCVisa to display the HTTP REST response code when debugging is enabled. Changed installer to copy commons-codec-1.9.jar to Cognos AAA/lib. 8. R555829 (2017-11-14) Description of issue: Updating users and roles is slow. Description of fix: A small inefficiency was removed from one part of the logic used to update and create roles. 9. R555828 (2017-11-14) Description of issue: CCAPI based application was able to construct a user object that referenced a role that was not in the database causing Control Center to not be able to be successfully restarted. Description of fix: The user creation logic will now throw an exception, instead of proceeding, when the role it references is not found in the Control Center database. 10. IT23618/R558893 (2018-01-09) Description of issue: The following obsolete Cognos jar/script files caused multiple vulnerabilities to be flagged during a scan. /Cognos/webapps/p2pd/WEB-INF/lib/commons-fileupload-1.3.jar /Cognos/webapps/p2pd/WEB-INF/lib/shiro-core-1.2.1.jar /Cognos/webapps/p2pd/WEB-INF/lib/jython/Lib/tzparse.py Description of fix: Updated the Control Center installer to remove these files during install/upgrade, to ensure there are no future false positive hits against these files 11.IT23612/R558657 (2018-01-04) Description of Issue: When ulimit is not set properly, Cognos BIBusTKServer process runs out of thread resources, leaving potentially thousands of pids, if Cognos is left up for weeks and the ulimit issue is not corrected. Then when Cognos is stopped, ICC tries to kill all those pids as listed in the cogserver.log, resulting in long delays. Description of Fix: When ICC detects that cogserver.log has more than the typical number of pids, issue a warning messages that Cognos has installation issues and don't try to kill all the pids. When this issue is hit after this fix has been applied, the Engine log will show these two new messages: WARN CognosStopper - Not running the Cognos stopper script to kill PIDs since there are more PIDs than normal. WARN CognosStopper - Check your Cognos cogserver log and your ICC CognosReportService log for installation errors that should be resolved. 12. IT23603/R559220 (2018-01-04) Description of Issue: Cognos takes too long to start when there are lots (100s or 1000s) of ICC roles defined. Description of Fix: Rewrite the logic that maps ICC roles to Cognos roles to reduce the number of Cognos queries needed from several thousand to a dozen. And remove the updating of workspace permission on workspace folders if the folders already exist. 13. IT23628/R558939 (2018-01-06) Description of Issue: Getting IllegalArgumentException for DAY_OF_WEEK when trying to open any SLC Schedule or Rule using the web console. Caused by having monthly calendars defined that are set for the last day of the month or the last weekday of the month. Description of Fix: Modified the web console calendar summary logic to recognize when DAY_OF_WEEK setting is for the last day of the month or the last weekday of the month. 14. IT23638/R557097 (2018-01-05) Description of issue: The following obsolete Cognos script file caused multiple vulnerabilities to be flagged during a scan. /Cognos/webapps/p2pd/WEB-INF/lib/jython/Lib/stat.py Description of fix: Updated the Control Center installer to remove this file during install/upgrade, to ensure there are no future false positive hits against this file. 15. IT23618/R558893 (2018-01-09) Description of issue: The following obsolete Cognos jar/script files caused multiple vulnerabilities to be flagged during a scan. /Cognos/webapps/p2pd/WEB-INF/lib/commons-fileupload-1.3.jar /Cognos/webapps/p2pd/WEB-INF/lib/shiro-core-1.2.1.jar /Cognos/webapps/p2pd/WEB-INF/lib/jython/Lib/tzparse.py Description of fix: Updated the Control Center installer to remove these files during install/upgrade, to ensure there are no future false positive hits against these files 16. IT23672/R557556 (2018-01-09) Description of issue: Some criteria was missing in the rule filter selection drop down menu for BP (Business Process) and AFT (Advanced File Transfer) events. Description of fix: Added the missing property attributes to cause all BP and AFT event criteria to be presented in the rule filter selection drop down menu. 17. R559666 (2018-01-16) Description of issue: When viewing alert details, the related events shown may be for the wrong process when multiple processes have the same ID. Description of fix: Updated the query used to find the correct process events to use more than just the process ID. 18. IT23749/R557171 (2018-01-16) Description of issue: Updates made via a console connected to one EP to an Action's email details are not propagated to other EPs in the same cluster. Description of fix: When Action's email details are updated, a cluster event is now generated, and looked for by all EPs and appropriate updates are now performed. 19. IT23757/R559844 (2018-02-03) Description of issue: The following obsolete Cognos script files and a cdbrowser jar file caused multiple vulnerabilities to be flagged during a scan. /Cognos/webapps/p2pd/WEB-INF/lib/jython/Lib/commands.py /Cognos/webapps/p2pd/WEB-INF/lib/jython/Lib/imghdr.py /Cognos/webapps/p2pd/WEB-INF/lib/jython/Lib/this.py /Cognos/webapps/p2pd/WEB-INF/lib/jython/Lib/xml/dom/NodeFilter.py /web/wlp/usr/shared/apps/cdbrowser/cdbrowser.war/WEB-INF/lib/jasper-runtime-5.5.15.jar Description of fix: Updated the Control Center installer to remove these files during install/upgrade, to ensure there are no future false positive hits against this file. 20. R560640 (2018-01-24) Description of issue: Seeing ERROR OSCommand - cannot run program "winmsd" at EP startup in engine log when EP starts. Description of fix: Added one more OS type to the list of systems winmsd is not run on. 21. R560630 (2018-01-24) Description of issue: See empty error message when attempting to logon via Swing console. Description of fix: Updated the jar used for JAAS when running the console with the IBM JRE on Windows 10. 22. IT23835/R559392 (2018-01-25) Description of issue: Error occurred migrating installation from Windows Server 2008 to Windows Server 2012 R2. Description of fix: Fixed logic to allow migration from any Windows Server OS to another Windows Server OS. 23. IT23818/R558900 (2018-01-25) Description of issue: A MSSQL database was erroneously globalized when a new instance 2 of Control Center was installed using an exported conf from instance 1 -and- with a new/clean database. When instance 1 was originally installed, the user selected NO to the prompt: "Do you want your database to support globalization? If you select yes, your database size can increase significantly." The database in the original instance 1 was correctly NOT globalized. However, during the original installation, the following property was erroneously set in /conf/InstallationInfo.properties: CCENTER_MSSQL_GLOBAL=true (it should have been set to false). This is what caused the database in instance 2 to be erroneously globalized. Note: The globalization in instance 2 only occurred in this particular scenario (i.e. using an exported conf with a clean new database) during the install. Description of fix: Corrected the configuration logic to ensure the proper value is set in InstallationInfo.properties (true|false), per the user answer (yes|no). 24. IT23750/R559520 (2018-01-27) Description of Issue: Users are able to use Cognos Report via the java and web console before Cognos is fully ready because it's status is set to STARTED too soon. Description of Fix: Changed the code to only set Cognos status to STARTED after all configuration of Cognos is complete. 25. IT23913/R561229 (2018-02-06) Description of issue: When running the Monthly File Transfer Activity Report multiple rows for the same server were shown for each month. Description of fix: It was ascertained that there would be multiple rows for a single server in the report if it happened to have been assigned to more than one EP while monitored transfers transpired. The SQL used to build the report data was modified to address this feature so only one row per server would be produced. 26. IT23937/R559843 (2018-02-07) Description of issue: ICC takes a long time to connect to Cognos when there are lots of ICC Roles/Users defined. Also, reports with large number of rows could cause java heap OutOfMemory errors. Description of fix: When ICC queries Cognos for roles, its the Cognos authentication provider that gets the roles and it was not coded to honor the paging of roles. Paging was added to the authentication provider search method. Also, removed unnecessary calls to Cognos to get report output since it was not needed and was causing OOM errors. 27. IT23999/R561606 (2018-02-09) Description of Issue: The Data Collector and the configuration exporter is not exporting the correct version of JDBCService.xml. And the SQL retry logic for engine restart is comparing SQL state against DatabaseProperties.xml needRestart errorCodes value instead of needRestart errorStates. Description of Fix: Modified the exporter to export JDBCService.xml from conf instead of from CC_FILES. Changed the SQL retry logic to compare SQL state against DatabaseProperties.xml needRestart errorStates instead of against needRestart errorCodes. 28. IT24122/R561380 (2018-02-06) Description of fix: The truststore/keystore password, was sometimes displayed in the clear in the server properties panel for SI servers. Description of issue: Modified the logic to always mask the store password(s) in the display. --------------------------------------------