Please Read: Before starting the Control Center upgrade/uninstall process, you must backup the entire "conf" directory found under Control Center install location. Please follow the steps below before upgrading: The following instructions apply to maintenance upgrades. 1. Stop Control Center engine 2. Back up the existing configuration data: If upgrading from 5.4.2.1 or prior, back up \conf directory found under Control Center install location. If upgrading from 6.0.0.0 or later, run exportConfig.sh/bat under \bin. The script creates a folder with all of the configuration data from the database and the conf folder. The location of this folder is conf-exported/{date_time}/conf. As per your need, for recovery purpopse, backup your existing Control Center database. 3. Proceed normally with installing the latest version of Control Center in original . (The installer would automatically un-install the previous version - but all of the configuration data will still be there). 4. On Unix, Linux platforms, run configCC.sh -------------------------------------------- List of Fixes (or Enhancements) included in Control Center 6.0.0.2 iFix15 (Released 03/24/2021) 1. IT36328/MFT-11977/TS005274501 (2021-03-24) Description of issue: After upgrading from 6.1.3.0 iFix04 to iFix05, SEAS users cannot logon (when using a secure SEAS connection). The following error messages were displayed in /log/SeasService.log -Exception occurred validating password for user: xxxxxxxx - java.lang.SecurityException: Signers of 'com.sterlingcommerce.security.provider.SecurityProperties' do not match signers of other classes in package -java.lang.SecurityException: Signers of 'com.sterlingcommerce.security.provider.SecurityProperties' do not match signers of other classes in package -com.sterlingcommerce.hadrian.common.net.ConnectionException: java.lang.SecurityException: Signers of 'com.sterlingcommerce.security.provider.SecurityProperties' do not match signers of other classes in package Description of fix: Unsigned a couple of SEAS API jars used by Control Center to avoid signing these jars twice. This caused a problem after some jar signing changes were made in the previous iFix in MFT-11945. -------------------------------------------- List of Fixes (or Enhancements) included in Control Center 6.0.0.2 iFix14 (Released 03/22/2021) 1. IT36282/MFT-11945/TS005212567 (2021-03-22) Description of issue: Java jar signing certificate expired on 2021-03-14, at which time users could no longer launch the classic console via webstart because the jars were not signed with a timestamp. Description of fix: Implemented a new jar signing process using a current certificate and also turned on the the jar signing timestamp. This timestamp is used to verify the code was signed prior to the certificate's expiration date. -------------------------------------------- List of Fixes (or Enhancements) included in Control Center 6.0.0.2 iFix13 (Released 01/08/2021) 1. IT34412/MFT-11460/TS004223470 (2020-10-01) Description of issue: Customer received a Cognos email notification due the mobile "Apple Push Notification" certificate nearing expiration. The following error/warn messages were also observerd in \Cognos\logs\mob.log: ERROR com.cognos.mobile.server.apns.APNSSocket - Mobile Apple Push Notification certificate has expired. Please visit http://www-01.ibm.com/support/docview.wss?uid=swg24034258 to download and install the latest certificate. WARN com.cognos.mobile.server.apns.APNSCertificateExpiredChecker - Your Apple Push Notification Certificate expired 39 days ago. This certificate expires yearly, but does not cause any functional / operational issue with the product, since the mobile feature is not used. Description of fix: Updated the installer with the latest Apple Push Notification certificate. Please refer to the link in the above error message if you would like to update the certificate yourself in lieu of applying the fix package for this issue. 2. IT35419/MFT-11442 (2021-01-06) Description of issue: Requirement to address the following vulnerability in Apache ActiveMQ: CVE-2020-13920 CVSS 5.3 Description of fix: Upgraded to Apache ActiveMQ 5.15.14 (from 5.15.9) 3. IT35421/MFT-11505 (2021-01-06) Description of issue: Requirement to address the following vulnerability in Websphere/Liberty: CVE-2020-10693 CVSS 5.3. Description of fix: Upgraded Websphere Liberty to 20.0.0.12 (from 20.0.0.5). -------------------------------------------- List of Fixes (or Enhancements) included in Control Center 6.0.0.2 iFix12 (Released 09/21/2020) 1. IT33567/MFT-11256/TS003891769 (2020-7-15) Description of issue: WLP (Websphere Liberty) encoded passwords (i.e. keystore/truststore/database) are written to the engine.log These encoded passwords should be masked. Description of fix: Changed the log display to mask the password. Before and After examples follow: Before fix: [StreamConsumerThread - ] INFO StreamConsumer - OUT-->{xor}Lz4sLCgwLTs= After fix: [StreamConsumerThread - ] INFO StreamConsumer - OUT-->{xor}************ 2. IT34299/MFT-11272 - (2020-08-03) Description of issue: Required commons-codec upgrade to address Apache Commons disclosure 177835 (CVSS 7.5). Description of fix: Upgraded to commons-code-1.14. 3. IT34300/MFT-11333 (2020-08-08) Description of issue: Required IBM JRE upgrade to address CVE-2020-14578 (CVSS 3.7) and CVE-2020-14579 (CVSS 3.7)in the Q3 2020 Java CPU. Description of fix: Upgraded from 7.0.10.65 to 7.0.10.70. -------------------------------------------- List of Fixes (or Enhancements) included in Control Center 6.0.0.2 iFix11 (Released 07/08/2020) 1. IT33047/MFT-11173/TS003722362 (2020-06-02) Description of issue: The Connect:Direct Secure Plus ciphers presented in the ICC console [Configure servers -> Secure+ ] are incomplete with what is seen in SPCLI (Secure Plus Client). Control Center was only requesting the cipher lists for SSL/TLS, but not for TLS1.1 and TLS1.2 Descripton of fix: Corrected the logic to request the cipher suites for all protocols (SSL/TLS/TLS1.1/TLS1.2). 2. IT33399/MFT-10981/MFT-11113 (2020-06-30) Description of issue: Required IBM JRE upgrade to address CVE-2020-2654 (CVSS 4.3) and CVE-2020-2781 (CVSS 5.3)in the Q2 2020 Java CPU. Description of fix: Upgraded from 7.0.10.60 to 7.0.10.65. 3. IT33400/MFT-11012/MFT-11013/MFT-11095 (2020-06-30) Description of issue: Required Websphere/Liberty upgrade to address multiple vulnerabilities: CVE-2019-17573 (CVSS 6.1), CVE-2020-4303/4304 (CVSS 6.1), CVE-2020-4329 (CVSS 3.0) Description of fix: Upgraded Websphere Liberty to 20.0.0.5 (from 20.0.0.2). -------------------------------------------- List of Fixes (or Enhancements) included in Control Center 6.0.0.2 iFix10 (Released 04/23/2020) 1. IT31831/MFT-10894 (2020-02-13) Description of issue: ICC going down intermittently due to database retries being exhausted Description of fix: Added new engine property DO_NOT_CALCULATE_ROW_COUNTS, with a default of false, to allow users to stop ICC from initiating queries at startup to ascertain the number of rows in EVENTS and the various _STATS_LOG database tables. Also added logic to avoid spurious logging of runtime exceptions from SLC logic about "Process Queue informatiion not present in event". 2. IT32628/MFT-10872 (2020-02-19) Description of issue: Required IBM JRE upgrade to address CVE-2019-4732 (CVSS 7.2) in the Q1 2020 Java CPU. Description of fix: Upgraded from 7.0.10.55 to 7.0.10.60. 3. IT32629/MFT-10873/MFT-10893 (2020-02-21) Description of issue: Required Websphere/Liberty upgrade to address multiple vulnerabilities: CVE-2019-4720, CVE-2019-12406 Description of fix: Upgraded Websphere Liberty to 20.0.0.2 (from 19.0.0.12). -------------------------------------------- List of Fixes (or Enhancements) included in Control Center 6.0.0.2 iFix09 (Released 01/15/2020) 1. IT31508/MFT-10794 (2019-12-17) Description of issue: Required IBM JRE upgrade to address CVE-2019-2989 (CVSS 6.8) in the Q4 2019 Java CPU. Description of fix: Upgraded from 7.0.10.50 to 7.0.10.55. 2. IT31509/MFT-10817 (2020-01-08) Description of issue: Required Webbsphere/Liberty upgrade to address multiple vulnerabilities: CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9517, CVE-2019-9518, CVE-2019-4441, CVE-2019-4304, CVE-2019-4305 Description of fix: Upgraded Websphere Liberty to 19.0.0.12 (from 19.0.0.4). -------------------------------------------- List of Fixes (or Enhancements) included in Control Center 6.0.0.2 iFix08 (Released 10/11/2019) 1. IT29742/R17647/MFT-10410 (2019-07-17) Description of issue: Cognos MSSQL JDBC string is not created correctly in /Cognos/configuration/cogstartup.xml for the construct of server\instance (the backslash "\" gets removed during configCC). This causes the Cognos DB connection to fail. Description of fix: Modified the code to change the backslash into a semicolon (i.e server;instance), which is a valid alternative construct. 2. R17706/MFT-9089 (2019-09-03) Description of issue: The java.security override file (/conf/CC_java.security) is not properly referenced by the Cognos jvm. The file is used to override properties specified in the java master security file (/jre/lib/security/java.security). Description of fix: Added code during engine startup to ensure the following property is set in /Cognos/wlp/usr/servers/cognosserver/jvm.options: -Djava.security.properties=/conf/CC_java.security. 3. IT30548/MFT-10571 (2019-09-20) Description of issue: Required IBM JRE upgrade to address CVE-2019-4473 / CVE-2019-11771 (CVSS 8.4) in the Q3 2019 Java CPU. Note: CVE's only apply to AIX. Other platforms are not affected. Description of fix: Upgraded from 7.0.10.40 to 7.0.10.50. -------------------------------------------- List of Fixes (or Enhancements) included in Control Center 6.0.0.2 iFix07 (Released 06/25/2019) 1. IT28819/R17566/MFT-10285 (2019-04-16) Description of issue: ICC is unable to successfully monitor a CD i5 system using iASP resources Description of fix: Logic added to detect whether or not iASP is being used and if so, the path used to find the CDSTATFILE is now prefixed with the iASP name. 2. IT28883/R17572/MFT-10191 (2019-04-22) Description of issue: Any time a server group or server name contains the string "GIS" it is changed to "SI". Description of fix: Fixed the logic that was originally put in place to address the name change for the abbreviation of Gentran Integration Server to Sterling Integrator to only change GIS to B2Bi when appropriate. 3. IT28939/R17574/MFT-10315 (2019-04-25) Description of issue: When running the certificate expiry task which raises events for Connect:Direct servers with certficates that have expired, an exception occurred processing one certificate that caused no more certificates to be processed. Description of fix: All exceptions are now caught when processing Connect:Direct server certificates so processing will continue for certificates on other Connect:Direct servers even if a problem is found. Also, the error that is logged has been enhanced to include the certificate name and text to allow for easier problem determination. 4. IT28250/R17538/MFT-10169 (2019-05-09) Description of issue: Control Center cannot connect to a MSSQL database when the DB server is hardened (i.e. allows only TLSv1.2). In this scenario, the DB server requires the logon exchange to use TLSv1.2. However, the IBM JRE uses the default SSL context of TLS only (i.e. -Dcom.ibm.jsse2.overrideDefaultTLS=false). This protocol imcompatibility causes Control Center to fail when attempting any database connection. Description of fix: Changed the default SSL context to match that of the Oracle JRE (i.e. allow TLS V1.0, V1.1, and V1.2) via JVM property: -Dcom.ibm.jsse2.overrideDefaultTLS=true. In order to revert back to the old default value of -Dcom.ibm.jsse2.overrideDefaultTLS=false, set COM_IBM_JSSE2_OVERRIDE_DEFAULT_TLS=FALSE in /conf/InstallationInfo.properties per the following: InstallationInfo.properties JRE options.default ---------------------------------------- ---------------------------------------- COM_IBM_JSSE2_OVERRIDE_DEFAULT_TLS=FALSE -Dcom.ibm.jsse2.overrideDefaultTLS=false COM_IBM_JSSE2_OVERRIDE_DEFAULT_TLS=TRUE -Dcom.ibm.jsse2.overrideDefaultTLS=true property NOT specified -Dcom.ibm.jsse2.overrideDefaultTLS=true The above InstallationInfo.properties setting will cause the following options.default files to be updated during configCC.bat|sh execution: \jre\bin\default\options.default Windows (used if jvm NOT using compressed references) \jre\bin\compressedrefs\options.default Windows (used if jvm using compressed references) \Cognos\jre\bin\default\options.default Windows (used if jvm NOT using compressed references) \Cognos\jre\bin\compressedrefs\options.default Windows (used if jvm using compressed references) ----------------------------------------------------------------------------------------------------------------- /jre/lib/amd64/default/options.default Linux (used if jvm NOT using compressed references) /jre/lib/amd64/compressedrefs/options.default Linux (used if jvm using compressed references) /Cognos/jre/lib/amd64/default/options.default Linux (used if jvm NOT using compressed references) /Cognos/jre/lib/amd64/compressedrefs/options.default Linux (used if jvm using compressed references) ----------------------------------------------------------------------------------------------------------------- /jre/lib/ppc64/default/options.default AIX (used if jvm NOT using compressed references) /jre/lib/ppc64/compressedrefs/options.default AIX (used if jvm using compressed references) /Cognos/jre/lib/ppc64/default/options.default AIX (used if jvm NOT using compressed references) /Cognos/jre/lib/ppc64/compressedrefs/options.default AIX (used if jvm using compressed references) 5. IT29096/R17588/MFT-10261 (2019-05-13) Description of issue: Requirement to address the following vulnerability in Websphere/Liberty: CVEID: CVE-2019-4046 5.9. Description of fix: Upgraded Websphere Liberty to 19.0.0.4 (from 19.0.0.2). 6. R17622/MFT-10309 (2019-06-20) Description of issue: exportConfig hangs when attempting to upgrade from 6002 iFix03 to 6002 iFix06. When an install/upgrtade runs (i.e. CCInstall64.bin/exe) the acton first performed is to run exportConfig from the existing installation. In this instance, exportConfig hung and never returned control the the installer to either continue installation nor error out. The install had to be cancelled. The ExportUtil program which is executed via the exportConfig.bat/sh script does not output many useful console messages to indicate the flow and progression of the exportConfig function. Description of fix: Added additional console messages to the exportConfig to display flow and progress in order to help determine where the logic was getting hung. -------------------------------------------- List of Fixes (or Enhancements) included in Control Center 6.0.0.2 iFix06 (Released 04/15/2019) 1. IT26990/R17454/MFT-10000 (2018-11-26) Description of issue: ICC was falling behind in monitoring of B2Bi servers because regardless of how much data was available, B2Bi would only respond with one record less than the limit specified by ICC. Description of fix: Rather than going in to catchup mode, which means the logic would not wait monitor rest time number of seconds before requesting more data, only when record limit number of records were returned, ICC will enter catchup mode whenever 90% of the specified record limit, or more, records are returned by the monitored server. 2. IT26855/R17435/MFT-9986 (2018-11-26) Description of issue: ICC would not start because the SLC service was unable to initialize itself. Description of fix: Problem was found in one specific SLC schedule whose monitor window started at the same time the transition from Daylight Saving Time to Standard time. The logic got stuck in a loop calculating the next time the SLC should be active. Fixed the logic to not loop. 3. IT28645/R17545/MFT-10210 (2019-03-12) Description of issue: Required IBM JRE upgrade to address CVE-2018-3180 (CVSS 5.6) in the Oct 2018 Java CPU and CVE-2018-1890 (CVSS 5.6) in the Jan 2019 Java CPU. Description of fix: Upgraded from 7.0.10.30 to 7.0.10.40. 4. IT28716 / R17553 / MFT-10239 / MFT-10240 / MFT-10259 / MFT-10261 (2019-03-25) Description of issue: Requirement to address the following vulnerabilities in Websphere/Liberty: CVE-2018-3169 CVSS 8.3 / CVE-2014-7810, CVSS 5 / CVE-2018-1767 CVSS 6.1 Description of fix: Upgraded Websphere Liberty to 19.0.0.2 (from 18.0.0.4). 5. IT28715 / R17562 / MFT-10260 (2019-04-11) Description of issue: Requirement to address the following vulnerability in Apache ActiveMQ: CVE-2019-0222 CVSS 7. Description of fix: Upgraded to Apache ActiveMQ 5.15.9 -------------------------------------------- List of Fixes (or Enhancements) included in Control Center 6.0.0.2 iFix05 (Released 11/15/2018) 1. NoAPAR/MFT-9878 (2018-09-14) Description if issue: rep.xml file reported as not accessable or readable when doing a scheduled report. Description of fix: Added logic to further clarify any error that may occur. 2. IT26308/MFT-9919 (2018-09-14) Description of issue: Customer received a Cognos email notification due the mobile "Apple Push Notification" certificate nearing expiration. The following warning message was also observerd in \Cognos\logs\mob.log: "2018-09-10 19:30:08,889 [pool-47-thread-1] WARN com.cognos.mobile.server.apns.APNSCertificateExpiredChecker - Your Apple Push Notification Certificate will expire in 9 days." This certificate expires yearly, but does not cause any functional / operational issue with the product, since the mobile feature is not used. Description of fix: Updated the installer with the latest Apple Push Notification certificate. There will be a subsequent Control Center fix to attempt to permanently disable the mobile feature within Cognos, as to avoid having to update the certificate annually. Please refer to the following link if you would like to update the certificate yourself in lieu of applying the fix package for this issue: http://www-01.ibm.com/support/docview.wss?uid=swg24034258 3. IT26601/R17385/MFT-9963 (2018-10-11) Description of issue: Required IBM JRE upgrade to address CVE-2018-1656 in the July 2018 Java CPU. Description of fix: Upgraded from 7.0.10.25 to 7.0.10.30. 4. IT26875/R17439/MFT-9999 (2018-11-08) Description of issue: Address security issues in ActiveMQ 5.14.2. Description of fix: Upgraded ActiveMQ to 5.15.6. 5. IT27713/R17502/MFT-10111 (2019-01-10) Description of issue: Due to changes made by IBM in November 2018 Data Collectors from Windows Servers will not unpack correctly in ECuRep Description of fix: Any place back slashes were used in archived files they have been replaced with forward slashes. -------------------------------------------- List of Fixes (or Enhancements) included in Control Center 6.0.0.2 iFix04 (Released 08/30/2018) 1. IT25146/R569306 (2018-05-24) Description if issue: Data stored in CONFIG_JOBS related to configuration management jobs is not purged according to the system's purge settings when the database has been partitioned. Description of fix: Added logic to initiate the purge of configuration management jobs from CONFIG_JOBS when a partitioned database is used. 2. IT25323/R570222 (2018-06-12) Description of issue: Configuration changes are not being reflected as the current version Description of fix: Updated the GUI logic to sort the versions by the version's date instead of ID 3. IT25405/R570773 (2018-06-19) Description of issue: Arrived file route and delivery step names need to be unique to facilitate step based SLCs. Description of fix: Instead of just using ArrivedFile, Route and Delivery for step names, the arrived file key, route key, and delivery key values will be appended to the respective step names created to make them all unique. 4. IT25413/R570840 (2018-06-19) Description of issue: When an invalid response from the B2Bi server was received it's logged, and when that response contained a password, it was not obfuscated. Description of fix: Added a new XML element name, auth, to the list of elements whose values need to be obfuscated before they are logged. 5. IT25517/R571053/R571448 (2018-06-28) Description of issue: SFG Data received from B2Bi repeatedly causing an exception resulting in ICC erroneously showing the server as down. Description of fix: Logic added to watch for this situation and avoid exceptions being incurred with no loss of data. 6. IT25542/R569559 (2018-08-03) Description of issue: When multiple Control Center Automated Reports use separate schedules with the same time, the reports can fail with an CANNOT_FORWARD_TO_ABSOLUTE_AFFINITY_NODE error. Description of fix: Modified the code to call the Cognos email logic inside the Cognos lock where the report is run instead of it running outside of the Cognos lock. 7. IT26110/R572235 (2018-08-03) Description of issue: Required JRE upgrade to address a security vulnerability listed in the April 2018 Quarterly Java CPU (CVE-2018-2783). Description of fix: Upgraded Control Center to IBM JRE 7.0.10.25 (from 7.0.10.20). -------------------------------------------- List of Fixes (or Enhancements) included in Control Center 6.0.0.2 iFix03 (Released 05/22/2018) 1. IT25081/R568293 (2018-05-05) Description if issue: The jar signing certificate used by Control Center is set to expire on June 21, 2018. Control will stop functioning on this date. You must upgrade to 6.0.0.2 iFix03 or later in order to correct this. Description of fix: Replaced the certificate used for signing the jar files with a multi-year expiration date. -------------------------------------------- List of Fixes (or Enhancements) included in Control Center 6.0.0.2 iFix02 (Released 04/16/2018) 1. IT24122/R561380 (2018-02-19) Description of fix: The truststore/keystore password, was sometimes displayed in the clear in the server properties panel for SI servers. Description of issue: Modified the logic to always mask the store password(s) in the display. 2. IT24546/R565387 (2018-03-27) Description of issue: When configCC is partitioning CD_STATS_LOG, it gets error "ORA-00932: inconsistent datatypes: expected DATE got NUMBER" because of the column order. Description of fix: Changed the partitioning insert SQL for CD_STATS_LOG to include the column names so order will not matter. 3. IT24686/R565758 (2018-04-09) Description of issue: When clicking on a Sterling File Gateway process in the Web console Completed process view, an error message that says "A system error has occurred. Please contact your system administrator." is displayed. Description of fix: The issue was caused by a message key word whose prefix contained an invalid XML character - "Params/". The fix was to eliminate "Params/" prefix from the keyword name. 4. IT24569/R565795 (2018-04-02) Description of issue: Required upgrade to Java 7.0.10.20 to resolve Jan 2018 quarterly Java security issues. Description of fix: Upgraded to Java 7.0.10.20. -------------------------------------------- List of Fixes (or Enhancements) included in Control Center 6.0.0.2 iFix01 (Released 02/15/2018) 1. R548223 / IT22571 (2017-10-02) Description of issue: False Workflow SLC alerts. Workflow SLCs with a calendar schedule, and one or more duration milestones, were not terminating the milestone monitor logic at the end of the SLC's monitoring window, causing erroneous events to be generated if events that met the milestone criteria were received after the end of the SLC's monitoring window. Description of fix: Fixed the logic so the Workflow SLC's milestone monitors would be terminated at the end of the SLC's monitoring window. 2. IT21877/R546855 (2017-10-04) Description of issue: Unable to monitor C:D i/5 Description of fix: Stopped using host name for database name when making connection. 3. R552668/IT22774 (2017-10-12) Description of issue: The JCE unlimited strength policy files located in are overwritten during each install/upgrade. Description of fix: Updated the installer to preserve (copy) the unlimited strength policy files during upgrade. 4. R546048 (2017-10-13) Description of issue: The cogstartup.xml file was not being captured when the data collector ran Description of fix: Updated the path to the file to be "configuration" instead of "Configuration" as case matters on all systems except Windows. Also fixed path to the installation log file and included two new Cognos configuration files in data collector output per customer support request. 5. R547481 (2017-11-03) Description of issue: Running Database Events report sometimes causes SQL errors when data collected for XML_STRING column has more than 4000 characters. Description of fix: Changed temporary table XML_STRING column, created for Database Events report, from varchar(4000) to clob. 6. IT22985/R552794 (2017-11-02) Description of issue: The keystore/truststore passwords are not encrypted in the /web/wlp/usr/servers/defaultServer/bootstrap.properties file. Description of fix: Modified the code to correctly encrypt the passwords during engine startup. 7. R554679 (2017-11-02) Description of issue: Cognos fails to start on Windows when there is a space in the installation directory path. This was caused by missing double quotes on a property specified in \Cognos\bin64\bootstrap_wlp_winx64.xml. Description of fix: Corrected bootstrap_wlp_winx64.xml to include the double quotes on the following property: "-Djava.security.properties=${install_path}/../conf/CC_java.security". 8. IT23022/R551461 Description of issue: The following obsolete Cognos jar/script files caused multiple vulnerabilities to be flagged during a scan. /Cognos/webapps/p2pd/WEB-INF/lib/commons-fileupload-1.3.jar /Cognos/webapps/p2pd/WEB-INF/lib/shiro-core-1.2.1.jar /Cognos/webapps/p2pd/WEB-INF/lib/jython/Lib tzparse.py Description of fix: Updated the Control Center installer to remove these files during install/upgrade, to ensure there are no future false positives hits against these files. 9. IT23154/R555154 (2017-11-14) Description of issue: Unable to select New York as a time zone for SLC schedules. Users can choose EST as a time zone for SLC schedules, but unlike New York, EST does not have Daylight Saving Time. Description of fix: Update thick client logic to allow the selection of New York as a time zone for SLC schedules. 10. R556161 (2017-11-16) Description of issue: Web server (WLP) could not connect to the database on zLinux. Description of fix: Corrected the code to allow successful database connection on zLinux. 11. IT23818/R558900 (2018-01-24) Description of issue: A MSSQL database was erroneously globalized when a new instance 2 of Control Center was installed using an exported conf from instance 1 -and- with a new/clean database. When instance 1 was originally installed, the user selected NO to the prompt: "Do you want your database to support globalization? If you select yes, your database size can increase significantly." The database in the original instance 1 was correctly NOT globalized. However, during the original installation, the following property was erroneously set in /conf/InstallationInfo.properties: CCENTER_MSSQL_GLOBAL=true (it should have been set to false). This is what caused the database in instance 2 to be erroneously globalized. Note: The globalization in instance 2 only occurred in this particular scenario (i.e. using an exported conf with a clean new database) during the install. Description of fix: Corrected the configuration logic to ensure the proper value is set in InstallationInfo.properties (true|false), per the user answer (yes|no). 12. R560630 (2018-02-12) Description of issue: See empty error message when attempting to logon via Swing console. Description of fix: Updated the jar used for JAAS when running the console with the IBM JRE on Windows 10. -------------------------------------------- List of Fixes (or Enhancements) included in Control Center 6.0.0.2 (Released 09/01/2017) 1. R471147 / IT10129 (2015-07-17) Description of issue: All secure SEAS connections began failing after 1-2 days from engine startup. The keystore and truststore passwords were erroneously changed when retrieving the engine properties to be displayed in the classic GUI and web UI. The intent was to mask out the passwords for display purposes in a copy of the properties. However, the actual property was set to the mask characters, causing all subsequent secure SEAS connections to fail until the next engine re-cycle. Description of fix: Corrected the code to clone the properties and then update the copy to mask out the passwords. 2. R469846 (2015-07-25) Description of issue:: The following error message appears when accessing the web UI menu: Monitor -> Completed Processes, Monitor -> Completed File Transfers --and-- Monitor -> Queued Processes from Web Console: "Unable to get a connection from DataSource!". The dataSource.xml file contained incorrect data base connection information for a Oracle RAC w/SCAN definition. The code that builds dataSource.xml was searching for a hostname separator of semicolon ";". This separator is present for RAC w/o SCAN (multiple hostnames). However RAC w/SCAN only uses one hostname. Therefore there is no semicolon present for this type of RAC definition. Consequently the code erroneously detected this as a non-RAC connection definition and created an incorrect dataSource.xml. Description of fix: Changed the search string to look in the data connection url for "FAILOVER_MODE", instead of a semicolon ";" (hostname separator). FAILOVER_MODE is always present in a RAC defined url, but never in a non-RAC definition. 3. R470455 (2015-07-30) Description of issue: Sterling Control Center disconnects from MQ FTE Coordinator when Message is older than DB partition range Description of fix: If the log date is older than the minimum partition date, ignore the record and continue (do not SHUN the node); If the log date is newer than the maximum partition date, continue to SHUN the node. 4. R466949 (2015-06-30) Description of issue: When adding a server to a server group, if the server group is related to a number of SLCs, it will take long time to complete. Description of fix: Ignore the check of the schedule access when adding the server which reduce the time cost. 5. R468471 (2015-08-05) Description of issue: By design, when Control Center is configured to emit events to a JMS queue, the JMS queue must always be available. If Control Center cannot contact the JMS queue to emit an event, it retries the operation and if the retries have been exhausted, the Control Center engine is brought down. Description of fix: To avoid this shutting down of the Control Center engine, two new properties may be added to the conf/engine.properties file: IGNORE_JMS_ERRORS=false|true (false is the default) IGNORE_JMS_ERRORS_RETRY_MINUTES=10|nn (n > 0, 10 is the default) With IGNORE_JMS_ERRORS=true specified, Control Center will ignore the retry specifications in the JMS configuration and, instead when there is a failure to connect to the JMS queue, will ignore the error. After getting an error, all attempts to emit events will be ignored until the retry minutes have expired, and then the next event to be emitted will cause Control Center to retry the connection. If this fails, Control Center will retry again after the retry minutes expires. Note: retrying on each event would cause an unacceptable slow-down of Control Center performance since each retry attempt involves a TCP time-out. When the JMS connection is first recognized as down, a new event is generated (Event Type 15, message id CJMS001E) to indicate that the JMS connection is down. When the JMS connection is subsequently available, another event is generated (Event Type 15, message id CJMS002E) to indicate that the JMS connection is up. Rules may be written against these events and appropriate action can be taken. While the JMS connection is unavailable, events will be lost (not emitted to JMS). Appropriate messages in the Control Center log indicate how many events were lost during each outage. 6. R464142 (2015-08-05) Description of issue: The Cognos UDF (User Defined Function) convertToUserPrefTZ parameter data type mismatch the data type on MSSQL DB which causes this issue. The Cognos UDF convertToUserPrefTZ accepts datetime as VARCHAR, but in MSSQL DB it is NVARCHAR. Description of fix: Cast datetime to VARCHAR in the Report to make convertToUserPrefTZ work. 7. IT10451 / R473243 (2015-08-06) Description of issue: runEngineCold.sh misses parallel GC parameter compared with runEngine.sh, and also the order of other parameters is not same. Description of fix: Refactor runEngine.sh and runEngineCold.sh to the same JVM parameters with same order. 8. IT09664 / R461177 (2015-08-10) Description of issue: Control Center could not log on to a SI server when SOAP_SYNC_ONLY=true was set in the engine.properties file. The SI server replied with an empty document (i.e. no license info.). The license information is no longer used by Control Center and is obsolete. A decision has been made in gradually remove the getLicense request logic in future releases of SI. Description of fix: Created a new Control Center property for engine.properties: SI_SERVER_LICENSE=true | false (default value is true). When this property is set to false, Control Center will not issue a getLicense request to SI during logon and no license information will be present on the SI server license tab in the GUI. 9. R466233 (2015-08-12) Description of issue: If the records that were inserted into EVENTS table contained some duplicate keys, The nodes Control Center monitored will be paused. Description of fix: Removed the pausing node logic, when the SQLException was caught, we just throw it. 10. IT08307 / R465881 (2015-08-21) Description of issue: A CREATE TABLE command failed, when trying to run a Cognos report, using a DB2 LUW database: SQL Exception msg : DB2 SQL Error: SQLCODE=-622, SQLSTATE=56031, SQLERRMC=IN DATABASE. This was due to the "IN DATABASE" clause erroneously being inserted into the SQL command. This clause applies only to DB2zOS (not DB2 LUW). Description of fix: Corrected the code to insert the IN DATABASE clause when the database type is only DB2zOS. 11. R460797 (2015-08-25) Description of issue: When login user is External Authenticated User, the password is not persisted in control center, so when open the Cognos Report Web Page with related parameter is invalid that cause the authentication failure. Description of fix: Use token to implement SSO mechanism that allow the user to open the Cognos Report Web from Swing or Web Console 12. IT10153/R471753 (2015-09-07) Description of issue: When Control Center Engine receives invalid events (eg. PNODE name length > 255) from CD, when insert this event into database, there will be a SQLException thrown out that will cause the engine shut down. Description of fix: Add the protection code before inserting the invalid event to database, that is truncate the invalid data to a max valid length before doing the insertion. 13. IT11104 / R468691 (2015-09-07) Description of issue: ConfigCC adding leading space to the RAC port number. Description of fix: It is caused by the DB info setting, especially oracle RAC. There is an extra white space in the value recorded in InstallationInfo.properties. Remove it. 14. R474900/IT11091 (2015-09-08) Description of Issue: Report Date Time is converted to eastern time zone without considering Daylight Saving Time. Description of fix: Change report original time zone to time zone with offset, for example, EST is GMT-04:00 in Daylight Saving Time. 15. IT08341/R473286 (2015-09-15) Description of issue: In very rare case, if engine shut down abnormally and you have workflow SLC setup, the restarting of engine could be blocked by the exception on SLC monitoring window. Description of fix: Adjust the logic so exceptions on monitoring window due to abnormal shutdown will no longer block restart. 16. IT11391/R477831 (2015-09-22) Description of issue: Root Cause Analysis: Control Center engine shutdown due to SQLCODE=-401, SQLSTATE=42818 during initialization, after configuring Control Center to use a DB2zOS database. This was caused by incorrect DB2zOS SQL syntax in the WHERE clause [i.e. WHERE ......... PART_KEY >= TO_DATE(?, 'YYYY-MM-DD')]. An existing query was recently updated with modified syntax for all databases for performance improvement. The same query was erroneously used for both DB2 LUW and DB2zOS. Description of fix: Corrected the DB2zOS WHERE clause syntax to specify [WHERE ........ PART_KEY >= ?]. 17. IT11094/R476544 (2015-09-30) Description of issue: There are Oracle ORA-12899 errors in the engine log when run some report. Description of fix: Double quote the report csv data to handle data which contains comma or CRLF. 18. IT11555/R478353 (2015-10-02) Description of issue: The following SQL error occurred when running a "Netmap Connections Summary Report": ORA-01795: maximum number of expressions in a list is 1000. This occurs if the query contains more 1000 than items in an IN(......) clause when using an Oracle database. Description of fix: Modified the query to use multiple IN(.....) clauses , if needed, each containing 1000 items. 19. IT11401/R475815 (2015-10-10) Description of Issue: SCC takes an inordinate amount of time to stop once shutdown issued. Logs show there are nodes seem to be playing catch up and are still collecting stats, stopping engine appears to hang. Description of fix: Remove the synchronization in NodeService.stopExecutor which will occasionally cause stopping executor hang, and also stop node service when shutting down engine. 20. IT12004/R480598 (2015-10-26) Description of issue: When user tries to use the Sterling B2B Integrator Dashboard sign on, it does not open a valid page. Description of fix: Change link for B2Bi dashboard to go directly to the URL instead of using redirect, since B2Bi no longer allows CC to automatically sign in. 21. IT12290/R479816/R483566 (2015-11-18) Description of issue: R479816 - stopEngine.bat -np does not backup conf, trigger engine shutdown rule and log engine shutdown message CCTR083E. Description of issue: R483566 - stopEngine.bat|sh -np does not remove the statistics checkpoint file: /conf/services/system/StatisticsService.xml at shutdown, causing long running recovery processing during the next engine startup. Description of fix: Allow user specify a default stop engine np user id in engine.properties, and this user id will be used to shutdown the engine, because it is not possible to issue an graceful shutdown with no userid/password on Windows. This also resolves R483566 on Linux/Unix. 22. IT12289/R482054 (2015-11-18) Description of issue: Active alerts could not be inserted into CC_ALERT table due to wrong partition keys. Description of fix: Make sure the CC_ALERT table do daily operation each time and add indexes to CC_ALERT table to speed the purge process. 23. R483772 (2015-11-25) Description of issue: Address security issues in Websphere Liberty 8.5.5 Description of fix: Updated Websphere Liberty to 8.5.5.6 24. R482542 (2015-11-25) Description of issue: The Connect:Direct Browser user interface failed to connect via TLSv1.0, which was finally traced down to the lack of the -Djsse.enableCBCprotection=false JVM option. CDBrowser secure connections began failing after the last JRE upgrade in ContorlCenter. Description of fix: Updated /wlp/usr/servers/defaultServer/jvm.options with -Djsse.enableCBCprotection=false. 25. IT10752 / R458864 (2015-12-16) Description of issue: The following error occurred when Control Center was trying to insert a record into the EVENTS table (DB2zOS database), as part of a batch insert (100 INSERT requests): Nested SQL exception[100]: Message: A NON-ATOMIC INSERT STATEMENT SUCCESSFULLY COMPLETED FOR SOME OF THE REQUESTED ROWS, POSSIBLY WITH WARNINGS, AND ONE OR MORE ERRORS SQLSTATE: 22529 Error code: -253 05 Mar 2015 13:08:56,896 284279010 [WRZN031F(1)] WARN RecoverableDAO - Exception while setting the Auto commit level back to original setting. Message:[jcc][t4][10335][10366][3.63.75] Invalid operation: Connection is closed. ERRORCODE=-4470, SQLSTATE=08003 05 Mar 2015 13:09:02,720 284284834 [WRZN031F(1)] INFO SCCEngine - com.ibm.db2.jcc.am.BatchUpdateException: [jcc][t4][102][10040][3.63.75] Batch failure. The batch was submitted, but at least one exception occurred on an individual member of the batch. Use getNextException() to retrieve the exceptions for specific batched elements. ERRORCODE=-4229, SQLSTATE=null Description of fix: Added a new property in engine.properties to allow the failed batch request to be re-tried as individual SQL INSERT requests. By re-trying each INSERT individually, the true SQL error will be exposed for each error. So this fix may resolve the retry failure in and of itself, by retrying as individual request, but more importantly, this will allow the ability to find root cause for each specific SQL error occurring in the original batch INSERT. RETRY_NON_DUP_EXCEPTION_IN_BATCH Specifices how to retry a database batch update request for non-duplicate errors true = retry a batch update request in batch mode (default value) false = retry a batch update request as individual SQL requests false can be used to expose the actual error of each failing request during retry 26. R486944/IT12835 (2015-12-17) Description of issue: When attempting to change the role Permissions for Console Timeout and Console refresh to Use System Setting, it changes to Manage after the update. Description of fix: Adding additional logic in Role adaptor to map User System Setting to correct value instead of manage. 27. IT12896/R485216 (2015-12-18) Description of Issue: Control Center 6.0.0.0_iFix02 shut down from a SQL timeout. The SQL which selects distinct DVG from a huge EVENTS_EXT table causes the query timeout, and after 60 times retries, engine shutdown. Description of fix: Select distinct DVG from CC_DATA_VISIBILITY_GROUP instead of EVENTS_EXT. 28. R477212 (2015-12-23) Description of issue: Control Center cannot connect to a monitored CC FTP Agent. The following error message is displayed in the classic GUI in the Server Properties (General tab page): "CFTP056E Failed to connect to Agent. Check for invalid Agent IP address or port specification". The FTP Agent packaged in Control Center 6.0.0.1 through 6.0.0.1 iFix02 encounters this error, due to some logic erroneously being executed in common code in the context of the FTP Agent. Description of fix: Corrected the logic to only execute in the context of the Control Center engine. 29. IT12993/R487831 (2015-12-30) Description of Issue: Getting empty data for the column 'MAILBOX_FLAGS' from view 'V_CE_STATS_LOG'. Description of fix: Make an additional CmulistRequest to C:E and get the mail box flags in response. 30. IT13177/R475879 (2016-01-13) Description of Issue: The normal authentication does not work for Exchange server given the fact that CC5.3 is using an older version of java mail library. Description of fix: Now updated the authentication to adopt ssl so that both old lib in cc5.3 and new lib in cc6.1 work for Exchange server. 31. IT13181/R488083 (2016-01-31) Description of issue: The following error occurred during engine startup after upgrading from CC 6000 to 6001: DB2 SQL Error: SQLCODE=-206, SQLSTATE=42703, SQLERRMC=T0.FASP_SUPPORTED. This occurred when configCC.sh|bat was executed the for the first time after the upgrade -and- Init DB=Yes is specified. In this scenario, the 6001 upgrade script was not executed. Consequently, the existing CC_xxxx configuration tables were not altered for the 6001 environment. One of the commands in the upgrade script is to add a column named FASP_SUPPORTED to the CC_SERVER table. Hence the error message above indicating the column name does not exist. Description of fix: Corrected configCC DB initialization logic to recognize the context of the upgrade (i.e. from 6000 to 6001 with DB Init=Yes) and to correctly execute the DB upgrade script to update the existing CC_xxxxx configuration tables. 32. IT13569/R482313 (2016-01-31) Description of issue: Max heap size for web is lost on upgrade. The /web/wlp/usr/servers/defaultServer/jvm.options file was overwritten during an install/upgrade. This file should preserve all user modifications across Control Center upgrades. Description of fix: Corrected the configuration setting in the installer such that the jvm.options file is not overwritten during upgrade installation. 33. IT12898 /R477362 /IT12897 /R482987 (2016-02-15) Description of issue: The execution of getting completed processes for DVG timeout, after 60 times retries, engine shutdown. Description of fix: Use partitioned column DATE_TIME in the SQL for partitioned Oracle DB optimization, and optimize the get data logic to first get last 7 days data, if the last 7 days data satisfies the max rows specified, stop searching. 34. R491911 (2016-02-22) Description of issue: stopEngine.sh does not stop all of the processes on a Solaris cluster. Description of fix: Change every non-Windows platform away from ./startup.sh to ./cogconfig.sh -s to start Cognos, and from ./shutdown.sh to ./cogconfig.sh -stop to stop Cognos in cogconfigSCC.sh. 35. IT13937/R492291 (2016-02-22) Description of issue: After applying 6001 iFix03 2/1/16 Control Center can no longer send emails. Description of fix: Add support for SMTP anonymous log on: if email user and password is specified, adopt strict security; if email user or password is not specified, then go back to old logic, weak policy. 36. R489154 (2016-02-16) Description of issue: HTTP Response Splitting in WAS (Webshpere Application Server) Description of fix: Upgrade Control Center to WAS Liberty 8.5.5.8 37. IT13944/R489149 (2016-02-11) Description of issue: Required upgrade to Java 7.0.9.30 to resolve Jan 2016 quarterly Java security issues Description of fix: Upgraded to Java 7.0.9.30 38. 480093 (2016-02-11) Description of issue: The runDataCollector should not copy the SCCRootPass.enc and SCCRootPassDigest files. These files are the installation's encrypted master key and hash value. They are not required for IBM support. Description of fix: Excluded these files from the data collector output zip file. 39. IT13982/R489457 (2016-03-09) Description of issue: ERROR RecoverableDAO - Operation failed. The index entry of length 910 bytes for the index 'EVENT_FILE_SEARCH' exceeds the maximum length of 900 bytes. This occurred when the index contained data that caused the length of the index key to exceed the max length of 900 in MSSQL (i.e. DEST_FILE and SOURCE_FILE - column width is 1020 for each). Description of fix: (Applies only to MSSQL) Modified the index to move SOURCE_FILE and DEST_FILE from the key to the include columns as follows: Old: CREATE INDEX EVENT_FILE_SEARCH ON EVENTS(DATE_TIME, SEQ_NUM, XFER, NODE_ID, NODE_TYPE, SOURCE_FILE, DEST_FILE) New: CREATE INDEX EVENT_FILE_SEARCH ON EVENTS(DATE_TIME, SEQ_NUM, XFER, NODE_ID, NODE_TYPE) INCLUDE(SOURCE_FILE, DEST_FILE) 40. IT14132/R480832 (2016-03-14) Description of issue: Many DB duplicate errors (ORA-00001 on Oracle) occurs when monitoring a C:D server whose UTC delta is greater than Control Center's. Description of fix: Set UTC delta value to the UTC delta value of monitored server instead of Control Center when adding a server in Control Center. 41. IT14370/R495445 (2016-03-16) Description of issue: After fix R487831, batch status flags (Mailbox Flags) are not consistently populated in Conntect:Enterprise Unix statistics records (CE_STATS_LOG table). The fix attempted to pair up each stat record request with a batch directory listing request and populate each stat record with the corresponding Mailbox Flags. However this logic was flawed. There is not a way to reliably populate each stat record with the batch status flags at the time of the event. Description of fix: Removed the original fix 487831. There will be no alternative fix since there is no way to pair up all CEU stat records with the correct status flags at the time of the event. 42. IT14405/R494467 (2016-03-21) Description of issue: Control Center is looking for a license key in the INITPARMS file, which no longer exits because IBM had development removed the need for license keys. Description of fix: Add code to handle no license key scenario. 43. IT14511/R490253 (2016-03-28) Description of issue: SI server repeatedly disconnects from Control Center every few minutes and displays up-down-up-down due to a null pointer exception being thrown, due to a missing route event key in a FileGateway record. The following display shows the top few lines of the offending stack trace: java.lang.NullPointerException at com.sterlingcommerce.scc.agent.services.node.gis.FgHistoryHandler$RouteEventRecordByTimeComparator.compare(FgHistoryHandler.java:1964) at com.sterlingcommerce.scc.agent.services.node.gis.FgHistoryHandler$RouteEventRecordByTimeComparator.compare(FgHistoryHandler.java:1955) Description of fix: Added guard code to detect the missing key and prevent the exception. 44. IT14326/R492583 (2016-03-14) Description of issue: In a few places in CC to get data from database, it created cache for the results retrieved from DB, but the cache was not released after use. Description of fix: Release the cache after usage. 45. IT14661/R496364 (2016-04-06) Description of issue: A pop-up window starts flashing across the screen when trying to view alert comment history in Swing Console. Description of fix: Remove the focus listener which causes the issue because there is another selection listener which is enough to display the comment. 46. IT14717/R497595 (2016-04-07) Description of issue: Error happened while running "Alerts Report". Description of fix: Change the length of COMMENTS column in alert report table matching the length in EVENT_COMMENTS table. 47. IT14848/R498312 (2016-4-8) Description of issue: Database schema upgrade fails when a Control Center 6.0 that uses SQL Server database with case sensitive collation is upgraded to CC 6.0.0.1 or above. Description of fix: Updated the SQL Server command to avoid case sensitivity of SQL Server database. 48. IT14439/R495894 (2016-04-15) Description of issue: Address security issues in Websphere Liberty 8.5.5.8 Description of fix: Updated Websphere Liberty to 8.5.5.9 49. IT14434/R495891 (2016-04-15) Description of issue: Upgrade embedded Connect Direct interface component to support new features in Connect:Direct Description of fix: Upgraded the following embedded components : CD JAI Version to 1.1.00 Fix 000019 General Availability Build April 12 2016 09:27 CD Browser to Version 1502 iFix16 50. IT14437/R495732 (2015-04-18) Description of issue: Address security issues in Apache ActiveMQ 5.11.1 Description of fix: Updated Apache ActiveMQ to 5.13.2 51. IT14907/R492146 (2016-04-26) Description of issue: SCC does not refresh configuration versions after Daylight saving time ends. Description of fix: Adjust the next scheduled job delay according Daylight saving time change. 52. R499813 (2016-04-22) Description of issue: Running User Role report gives "ORA-12899: value too large for column..." in Engine log. Description of fix: Change the length of DESCRIPTION column in user role summary report table from 50 to 255. 53. IT14992/R499167 (2016-04-27) Description of issue: Alert Report does not run because of query timeout. Description of fix: Improve the query by adding date filter and alert filter. 54. R501141 (2016-05-05) Description of issue: Monitoring of MQMFT servers not keeping up with activity Description of fix: Fixed faulty logic that determined when we should and should not wait for the polling interval before checking for more messages from the server. 55. IT14515/R484727 (2016-05-09) Description of issue: Potentially Inactive Netmap Entries Report & Potentially Missing Netmap Entries Report run failed with CDIS012E error in Engine log. Description of fix: Adding node type in getNodeIdsForNodeDiscoveryReports method of ReportsTierBehavior class to get node id list, so that the node id list will only contain the node id with specified node type. 56. IT15241/R501505 (2016-05-11) Problem description: PART_KEY value for CE_STATS_LOG database table based on UTC, not local time, like other database PART_KEY values. Problem resolution: Make the PART_KEY computation logic used for CE_STATS_LOG be consistent with other tables, which are based on local time, not UTC. 57. IT15360/R501641 (2016-05-18) Description of issue: Automated Report intermittently display UTC time on "Date Time" column instead of local time. Description of fix: Replace "#sq($account.parameters.timezone)#" expression in report definition with specific time zone. 58. IT15418/R499726 (2016-05-25) Description of issue: Trying to run a SFG Route Detail by Producer Report in Control Center using multiple Producers and getting no output. Description of fix: Add code to handle "|" operator for "Match", "Doesn't Match", "Contains", "Wildcard" while building the report output of SFG Route Detail by Producer Report. 59. IT15402/R500705 (2016-05-24) Description of issue: SLC Summary Report does not complete and has error "String or binary data would be truncated" in Engine log. Description of fix: The actual content length of MATCHING_PROPERTIES column is bigger than the length it was defined in cognos_tables.properties. So change the definition of MATCHING_PROPERTIES from MATCHING_PROPERTIES @VARCHAR@(4000) to MATCHING_PROPERTIES @CLOB@. 60. IT15537/R502948 (2016-05-31) Description of issue: Batch file /bin/StopHtmlAdaptor.bat is missing from Control Center Windows installation. Description of fix: Updated the Control Center Windows installer to correctly copy the file to the bin directory. 61. IT15564/R503793 (2016-06-02) Description of issue: Required upgrade to Java 7.0.9.40 to resolve April 2016 quarterly security issues. Description of fix: Upgraded to Java 7.0.9.40 62. IT15426/R501409 (2016-06-07) Description of issue: After upgrading to java 8.0_91, users cannot log on to the Control Center classic console via webstart and also cannot create/modify saved reports, when their "user.dir" property value points to the java install directory . Beginning with this java release, users are restricted from creating/updating files within the java install directory. This resulted in a java IOException when the Control Center GUI code (running on the user's local machine) attempted to save the .profile, CCenterHttpsParms.properties, and temporary files created when updating saved reports. Note: "user.dir" and "user.home" are system properties set by the jvm (java virtual machine) environment, not by Control Center. Description of fix: Modified log on logic to ignore the exception when .profile and CCenterHttpsParms.properties cannot be created/updated, to use the path location in "user.home", instead of "user.dir". Also modified the report create/update logic to use the "user.home" value for temporary files. 63. IT15541/R493319 (2016-06-14) Description of issue: EBICS is not listed in the protocol list when defining a B2Bi server. Description of fix: Add EBICS to the protocol list that Control Center can monitor. 64. IT15871/R504434 (2016-06-27) Description of issue: Cognos doesn't work when Control Center and Cognos database is configured for MSSQL, which is connected by \. The database connection failure is caused by an incorrectly formatted datasource connection string. Description of fix: Corrected the datasource connection string. 65. IT15976/R504698 (2016-07-01) Description of issue: Agents for monitored MQMFT servers not showing appropriate status. Description of fix: Some MQMFT agents used non text messages for their status, which were not used by Control Center. Logic added to Control Center to attempt to use non text messages, which works for MQMFT agents that send them. 66. IT15407/R500660 (2016-07-05) Description of issue: Database queries used to recover data missed that is used to create Statistics service roll up table data timed out. Description of fix: When the Statistics Service recovery logic runs, limit how far back the system will look for data for servers that have yet to have any data summarized to just five days. A new engine property (MAX_DAYS_STATS_DATA_TO_RECOVER) has been created which allows this value to be adjusted. Specify the following in /conf/engine.properties. # MAX_DAYS_STATS_DATA_TO_RECOVER=5 # Specifies the maximum number of days the Statistics service recovery logic will go back for data # for a server for which no previously summarized data exists in the ROLL_UP table. Default is 5. # This value only affects the recovery logic for the statistics service and it does not affect # servers that have summarized data in the ROLL_UP table. 67. IT15566/R503808 (2016-07-08) Description of issue: Address security issues in 10x HTTPS response headers. Description of fix: Updated response headers with proper configuration settings. 68. R505744 (2016-07-07) Description of issue: When a Control Center using Oracle with partitioned tables is upgraded, a few indexes remained un-partitioned on a partitioned table. This issue occurs only when Oracle database is used for Control Center. Run the following query against your Control Center schema to check if the above issue exists or not. SELECT TABLE_NAME,INDEX_NAME from USER_INDEXES U1 WHERE U1.PARTITIONED = 'NO' AND EXISTS (SELECT * FROM USER_INDEXES U2 WHERE U2.TABLE_NAME = U1.TABLE_NAME AND U2.PARTITIONED = 'YES') Description of fix: Database tables upgrade process has been fixed to create the indexes(that are introduced in the new release) as the partitioned indexes. If this issue exists after newer maintenance release is installed, drop and re-create the affected indexes with LOCAL option. Example commands: DROP INDEX PROC_INDEX; DROP INDEX EVENTS_EXT_PKEY_IX; DROP INDEX EVENTS_SERIAL_NUM; DROP INDEX EVENT_FAILED_SERACH; CREATE INDEX PROC_INDEX ON EVENTS(PROC_ID, DATE_TIME) LOCAL; CREATE INDEX EVENTS_EXT_PKEY_IX ON EVENTS_EXT(PART_KEY) LOCAL; CREATE INDEX EVENTS_SERIAL_NUM ON EVENTS(SERIAL_NUM) LOCAL; CREATE INDEX EVENT_FAILED_SERACH ON EVENTS(XFER, DATE_TIME, RET_CODE) LOCAL; 69. IT16639/R508878 (2016-08-18) Description of issue: The priority number is not correct when using duplicate or create function to generate a new rule until the console is exited and restarted. Description of fix: Update the relative priority for each metadata rule after new metadata rule is created. 70. IT16705/R511158 (2016-08-22) Description of issue: The installer (CCInstall64.bin|exe) ran out of memory, causing the process to hang. Description of fix: Updated the InstallAnywhere project definition, increasing the installer memory allocation from .5GB to 1.5GB. 71. IT16802/R511216 (2016-10-10) Description of issue:: The secure plus keys and attributes mismatch in EventVariables.properties and SCCNotification object. Description of fix: Set both the corresponding EventVariables.properties and RuleMatchMatchKeyInfo.properties in the notification for the following elements: CSPE/secureEnabled -and- CSPS/cipherSuite -and- CSPP/secureProtocol to allow for proper rule action variable substitution and rule matching. 72. IT16841/R506208 (2016-09-01) Description of issue: Source file name incorrectly populated in MQ MFT File Transfer Report. Description of fix: Add filter to make MQ MFT File Transfer Report only select file transfer records from DB. 73. IT17040/R513947 (2016-09-15) Description of issue: Rules validation reports "actionId" as invalid in messages CRUL001E/CRUL003E when really the linked rule "resolutionActionId" -or- "nonResolutionActionId" is invalid. Description of Fix: Modified the logic to correctly report the element in error. 74. R512031 (2016-10-03) Description of issue: When Node Configuration job errors are logged they do not include the name of the monitored server the job ran for. Description of fix: The logged node configuration jobs will now include the server ID they ran on. 75. R507024 (2016-10-06) Description of issue: Because the completed process cache was limited in size to 200, and this MQMFT server had 1000s of busy agents, the file transfer requests for specific agents only remained in the cache for a couple of seconds. Also, while working on this problem, noticed that the max completed process cache specified for servers was not used by the node service, but rather the value in CCEngineService.xml - the over all value - was used. Description of fix: Allowed the completed process cache for MQMFT servers to have a limit of 2000. Plus made sure if a max completed value for a node service was specified, that it would be used. 76. IT17445/R516302 (2016-10-11) Description of issue: When attempting to import a rule using the Web Client, the temporary file name is incorrectly created when running with some versions of Internet Explorer. Description of fix: Added code to strip off the file directory from the imported file name before creating the temporary file name. 77. IT17721/R514816 (2016-11-07) Description of issue: Error occurred when a single node Oracle RAC environment was specified first and user selects to not re-configure Cognos Report Service in their second time configCC. Description of fix: Check ORACLE_RAC_OR_SCAN_CONNECTION flag in the InstallationInfo.properties file to see whether it is an Oracle RAC environment. If it is, use the RAC URL template. 78. IT17879/R519865 (2016-11-08) Description of issue: When a userid is deleted on Linux/Unix, the /conf/Users/user.xml file does not get deleted, if it contains any upper case characters. This is because the userid value in the file pathname is changed to lower case. In systems which are case sensitive, the file was not detected and consequently did not delete. Description of fix: Construct the file path name using the exact userid value that is being deleted (i.e. preserve the casing), when deleting the file. 79. IT17848/R515213 (2016-11-24) Description of issue: Size/Volume of Files over Time widgets use UTC time instead of console preferred time zone. Description of fix: Add date time conversion in the widgets. 80. IT18230/R522434 (2016-12-02) Description of issue: Control Center cannot establish a secure connection to SEAS (Sterling External Authentication Server) using TLSv1.2. When Control Center calls the SEAS API, the protocol is not set in the ssl parameter structure used to establish the secure connection. As a result, a default value of TLS is used. If the SEAS server is configured to use TLSv1.2, the connection is rejected, due to the mismatch in protocols. Description of fix: Added two new engine properties to allow both the secure protocol -and- cipher suite list to be configured for the secure connection between Control Center and SEAS. SEAS_SECURE_PROTOCOL=TLS | TLSv1.1 | TLSv1.2 Specifies the protocol(s) for secure connections between the engine and SEAS (Sterling External Authentication Server) Note: If this property is not specified, com.ibm.jsse2.overrideDefaultProtocol will be used as the protocol for SEAS secure connections SEAS_CIPHER_SUITES= Specifies a comma delimited cipher list for secure connections between the engine and SEAS (Sterling External Authentication Server) Example: SEAS_CIPHER_SUITES=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 For the Sun JSSE provider supported cipher suites, please refer to below link: http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SunJSSEProvider 81. R522814 (2016-12-02) Description of issue: Address security issues in Websphere Liberty 8.5.5.9 Description of fix: Updated Websphere Liberty to 16.0.0.3 82. IT18588/R524276 (2016-12-23) Description of issue: Scheduled reports emails sometimes mixed information from 2 different reports. Description of fix: Synchronized the writing of a temporary file used to create report objects to prevent one reports execution from corrupting another report's email variables. 83. R524228 (2017-01-03) Description of issue: Future date scheduling for Functional Authorities does not work. Description of fix: Remove the code which re-initializes the date user specified in the future and set the time zone of the scheduled date to the time zone specified by the user. 84. R521082 (2017-01-03) Description of issue: Database Events Report from Cognos spanning two pages. Description of fix: Change the default PDF orientation of Database Events Report to landscape. 85. IT18683/R524872 (2017-01-08) Description of issue: The starting/ending year filter of Monthly File Transfer Report will not go beyond 2016. Description of fix: Adding 2017~2022 to the starting/ending year list. 86. R526099 (2017-01-18) Description of issue: Address security issues in ActiveMQ 5.13.2. Description of fix: Upgraded ActiveMQ to 5.14.2. 87. IT18632/R520920 (2017-01-30) Description of issue: The java master security properties file (i.e. /jre/lib/security/java.security) is overwritten each time Control Center is upgraded. Consequently, any user changes to the file are lost with each successive upgrade. Description of fix: Enhancement to preserve user changes to the master security properties file. Created a new file to override properties in the "master security properties file" located in /jre/lib/security/java.security. The override file is located in /conf/CC_java.security. Any properties specified in CC_java.security will override those specified in the master security properties file. CC_java.security is preserved across each Control Center upgrade. 88. IT19031/R527877 (2017-01-31) Description of issue: Node discovery did not utilize the LDNS values in netmap entries that specified them which resulted in no TCP address being shown for TCP nodes Description of fix: Changed the logic for TCP nodes to utilize the LDNS value in the netmap when no TCP address was specified. 89. IT19058/R528011/R528185 (2017-02-03) Description of issue R528011: Unable to utilize event element queueId in email actions Description of issue R528185: Unable to utilize event element FG.WFID in email actions Description of fix: Added both items to the list of known event elements to allow variable substitution. 90. IT19136/R525881 (2017-02-08) Description of issue: Control Center engine stops by itself after a while when using X11 port forwarding. Description of fix: Added the following line in runEngine.sh -and- runEngineCold.sh scripts: "unset DISPLAY". 91. R530236 (2017-02-23) Description of issue: When SHRCNV is set to zero for a channel Control Center connects to for MQ monitoring, it never gets any messages Description of fix: Added logic to detect when the MQ channel we connect to has SHRCNV set to zero and the code now throws an exception with a helpful message that describes the problem, and solution, and fails the connection now. 92. IT19425/R530108 (2017-2-24) Description of issue: Web Console is not working when using Oracle RAC if JDBCService.xml has no keyword FAILOVER_MODE. Description of fix: Modified the code to look for keyword FAILOVER to determine if Oracle RAC is in use so that the Oracle RAC template can be used when creating the Web Consoles's dataSource.xml file. 93. IT19536/R531648 (2017-03-06) Description of issue: The filter on the rules listing panel in the Java GUI console does not filter correctly when key "Match Criteria" is used. Description of fix: Modified parameter file so filter will look for key of "match" instead of "effectiveMatch" since effectiveMatch is not longer stored in the rules xml. Also fixed key "Linked Rule" which was also not working. 94. R531842 (2017-03-09) Description of issue: Required upgrade to Java 7.0.10.1 to resolve Jan 2017 quarterly security issues. Description of fix: Upgraded to Java 7.0.10.1 95. IT19547/R530220 (2017-3-10) Description of Issue: Error from WLPPasswordEncoder when Control Center is installed on Windows in a directory with a blank in the name like "Program files". Error looks like "INFO StreamConsumer - ERR-->'D:\Program' is not recognized" Description of fix: Put double quotes around the Windows execution of the WLPPasswordEncoder bat file. 96. IT19426/R530421 (2017-03-15) Description of issue: The MSSQL query that determines how many partitions a table has does not work for partitioned tables that have been dropped and created. This results in losing data from the recreated table when the nightly bulk data mover runs. The upgrade script introduced by CC 6.1 dropped and recreated the CC_ALERT table. Description of fix: Changed the MSSQL query to be able to detect that a previously partitioned table has been dropped and recreated and therefore no longer partitioned. Added code to delete partition functions before recreating them for previously partitioned tables that have been dropped and recreated. Modified engine startup to notify user to run configCC if it detects some tables are partitioned but not all tables are partitioned via message "Not all Control Center database tables are partitioned. Run configCC.bat/sh to partition all tables." 97. IT19854/R532156 (2017-03-24) Description of issue: Web Server fails to start when Control Center engine starts due to Null Pointer Exception or hang encountered trying to create web dataSource.xml from JdbcService.xml Description of fix: Modified Web Container Helper to be able to handle empty JDBC Service location. 98. IT20147/R534788 (2017-04-17) Description of issue: Using ICC, unable to modify CDW parameter "sess.total", see error 'Invalid value specified for parameter: sess.total Format:sess.total". Description of fix: Added sess.total to valid initialization parameters. 99. IT20267/R535610 (2017-04-18) Description of issue: When days are selected for weekly calendars via the web console, the day selected is not the day reflected in the summary text. Description of fix: Changed the web console calendar and format logic to use the same time zone. 100. R536413 (2017-04-22) Description of issue: The version of Connect:Direct Browser packaged with Control Center is not at the latest fix level (currently 1502 iFix16). Description of fix: Updated Control Center with Connect:Direct Browser 1502 iFix19. 101. IT20377/R536485 (2017-04-27) Description of issue: Database connection authorization failure occurred in Websphere/Liberty during Control Center startup. Reason: User ID or Password invalid. This was caused by a special character being included in the password (in this case an asterisk "*"). Special characters must be escaped in order to make sure they are treated as part of the password string (instead of a control character sequence). Description of fix: Insert an escape character for each of the following special characters contained in the password: \,^,&,*,@,[,],{,},:,=,!,-,(,),%,+,?,',~,|,$,.,#,_,<,>, and comma, prior to encoding/encrypting the password. 102. R536868 (2017-05-02) Description of issue: When SEAS DEBUG logging is turned on, the user password is erroneously logged in the clear. Description of fix: Mask the password in the logged auth request. 103. IT20578/R538398 (2017-05-16) Description of issue: The web console workspace widgets sometimes get a XQE-GEN-0005 error on the select a date filter. Description of fix: Made UserPrefTZ thread safe by getting instance of SimpleDateFormat for each thread. 104. IT20635/R534885 (2017-05-17) Description of issue: When Cognos gets an CM-SYS-5192 error trying to get report parameters, the report is not sent via email to the recipients. Description of fix: Catch the CM-SYS-5192 exception and use empty report parameters so the report will be run and an email will be sent. 105. IT20663/R536798 (2017-05-17) Description of issue: Reports are not including some z/OS managed nodes. Description of fix: Refresh nodes status in cache so reports recognize nodes as being secure plus and active. 106.IT20847/R539135 (2017-06-05) Description of issue: Unable to select a new certificate label in a CDU or CDW secure plus node after Certicom was removed from Connect Direct. Description of fix: Recognize that the new security tool kit is in place and that a certificate pass phrase is not required. 107. IT21137/R539290 (2017-06-24) Description of issue: When the Cognos Connection scheduling feature is used to run a report, the feature fails due to authentication failure. Description of fix: Modified the Control Center custom authentication provider to properly create a trusted credential which is needed for the Cognos scheduling feature since a user may not be signed on when the report schedule runs. 108. IT21206/R541851 (2017-06-26) Description of issue: Cannot logon to the web client if all the following conditions exist: 1) the engine is running on Windows 2) the database is MSSQL 3) the database password contains a special character of !. This began occurring in 6101 iFix04. Description of fix: Corrected the command string used to call the Websphere/Liberty password encoder, such that the database password string is now always enclosed in double quotes. This ensures database passwords containing spaces or special characters are properly encoded/encrypted and saved in the dataSource.xml. 109. R536386 (2017-07-13) Description of issue: PSIRT Advisory 7801 - 10x session id not updated with each request Description of fix: Get a new session with each web console sign on. 110. R544984 (2017-07-18) Description of issue: Workspaces display 'Workspace cannot be displayed" error in web console. Description of fix: Regenerated the SCCArchive.zip file with the workspace and widgets as it became corrupt and would not import anymore. 111. IT21499/R541929 (2017-07-19) Description of issue: There are world writable files in the "/tmp/.com_ibm_tools directory" on the server where IBM Control Center runs. The customer installation does not allow world writable files on their servers. The transient files created in this directory are generated by the IBM Java Attach API. This feature is enabled by default in the jvm. This issue only applies to Windows, Linux and AIX platforms, because the Java Attach API is specific to IBM (does not apply to SolarisSPARC). Description of fix: Created a new InstallationInfo.properties property called COM_IBM_TOOLS_ATTACH_ENABLE=NO|YES to allow the Java Attach API feature to be disabled when the engine and all other CC related java processes run. Instructions to disable the Java Attach API: 1. Install 6101 iFix06 or later 2. Add the following property to /conf/InstallationInfo.properties: COM_IBM_TOOLS_ATTACH_ENABLE=NO 3. Run configCC.sh|bat 4. Additionally, if you have the SCCFTPAgent installed, you will need to manually update two separate instances of a file named options.default, located in that JRE directory. Add the following property to the options.default files which correspond to your platform/OS in the list below: -Dcom.ibm.tools.attach.enable=no \jre\bin\default\options.default Windows \jre\bin\compressedrefs\options.default Windows ------------------------------------------------------------------------------ /jre/lib/amd64/default/options.default Linux /jre/lib/amd64/compressedrefs/options.default Linux ------------------------------------------------------------------------------- /jre/lib/ppc64/default/options.default AIX /jre/lib/ppc64/compressedrefs/options.default AIX 112. IT21529/R537557 (2017-07-27) Description of issue: Security Risk due to Authentication Bypass Using HTTP Verb Tampering Description of fix: Modified Control Center Web Console servlet to only allow HTTP POST, PUT, DELETE and GET verbs. 113. IT21972/R545468 (2017-08-11) Description of issue: Cannot logon to the web client if all the following conditions exist: 1) the engine is running on Windows and 2) the DB password contains a special character other than ^, @, [, ] ,{, } ,! or ;. Description of fix: Created a Windows only default special character list for the Websphere/Liberty password encoder so that only ^, @, [, ] ,{, } ,! and ; are encoded before calling the encoder. Added ; and / to the Unix default special character list. With this fix, a Windows or Unix database password with any of these special characters works: ~!@#$%^&*()_+{}|:<>?-=[]\;,./ Also, the default Windows and Unix special character list can be overridden by putting attribute WLP_PW_ENCODER_SPECIAL_CHARACTERS in /conf/installationInfo.properties. Prior to this fix, WLP_PW_ENCODER_SPECIAL_CHARACTERS was expected to be in engine.properties, but when a database password is set such that the Websphere/Liberty password encoder fails, the user can not sign on to the ICC web console to change engine.properties. Therefore, it has also been added to installationInfo.properties, which can be edited with a text editor. If WLP_PW_ENCODER_SPECIAL_CHARACTERS is in both engine.properties and installationInfo.properties, the value in installationInfo.properties takes precedence. Note that engine.properties is shared by all EP's in a multi-EP installation since it is in the database table CC_FILES. However, installationInfo.properties is on the file system so there is one per EP. If WLP_PW_ENCODER_SPECIAL_CHARACTERS is in installationInfo.properties in a multi-EP installation, it need to be in all EP's installationInfo.properties. After applying this fix, you should not have to set WLP_PW_ENCODER_SPECIAL_CHARACTERS at all. Its only provided in case a database type/JDBC Driver/special character combination is ever hit that is not handled by the default settings for WLP_PW_ENCODER_SPECIAL_CHARACTERS. The default setting for Windows is ^,@,[,],{,},!,; The default setting for Unix is \\,^,&,*,@,[,],{,},:,;,/,=,!,-,(,),%,+,?,',~,|,$,.,#,_,<,>,COMMA If WLP_PW_ENCODER_SPECIAL_CHARACTERS is set in engine.properties or installationInfo.properties, it will be shown in the Engine_{timestamp}.log as: INFO WLPPasswordEncoder - WLP_PW_ENCODER_SPECIAL_CHARACTERS: {value from installationInfo.properties or engine.properties} If WLP_PW_ENCODER_SPECIAL_CHARACTERS is NOT set in engine.properties or installationInfo.properties, it will be shown in the Engine_{timestamp}.log as: INFO WLPPasswordEncoder - Using default special characters: {default setting for Windows or Unix} And finally, this fix corrected a Cognos issue where, if the Cognos database password had special characters & or < or >, Cognos would not start. 114. IT22177/R549094 (2017-08-29) Description of issue: Cognos fails to start when authentication request comes before CONFIG_DIR is set. Cognos cogserver.log will show error "Please specify the CONFIG_DIR parameter..." in stack trace. Description of fix: Modified Cognos authentication provider to return UserRecoverableException when called before CONFIG_DIR is set so Cognos will try authentication again instead of getting error that stops Cognos from starting.