Please Read: Before starting the Control Center upgrade/uninstall process, you must backup the entire "conf" directory found under Control Center install location. Please follow the steps below before upgrading: The following instructions apply to maintenance upgrades. 1. Stop Control Center engine If you are upgrading from a pre-6.1.2.1 release to 6.2.0.0 (i.e. upgrading FROM 5.4.2.2 through 6.1.2.0 TO 6.2.0.0), the initial upgrade to 6.2.0.0 cannot be a rolling upgrade. You must bring down all EPs and upgrade each EP to 6.2.0.0 before starting any of the EPs again. All EPs must be in sync for the initial upgrade to 6.2.0.0, before being started. After the initial upgrade to 6.2.0.0, you may resume with rolling upgrades (eg. 6.2.0.0 to 6.2.0.0 iFix01), where one EP is brought down at a time, upgraded, then restarted. 2. Back up the existing configuration data: If upgrading from 5.4.2.2 or prior, back up \conf directory found under Control Center install location. Backup your Control Center database. If upgrading from 6.0.0.0 or later, run exportConfig.sh/bat under \bin. The script creates a folder with all of the configuration data from the database and the conf folder. The location of this folder is conf-exported/{date_time}/conf. As per your need, for recovery purpopse, backup your existing Control Center database. 3. Proceed normally with installing the latest version of Control Center in original . (The installer would automatically un-install the previous version - but all of the configuration data will still be there). 4. Run configCC.sh 5. Start the Control Center engine. 6. Ensure the engine starts, and a user can login to the Control Center web console and access the links in the hamburger menu, including "Launch Classic Console". -------------------------------------------- 6.2.0.0 iFix08 (Released 05/11/2021) 1. IT36651/MFT-12027/TS005305922 (2021/04/22) Description of issue: Excessive database cursor usage resulted in reoccuring "ORA-01000: maximum open cursors exceeded" errors and/or seeing high database cursor usage by ICC. Description of fix: Reduced cursor usage by changing more logic to stop caching queries that would never be used again. 2. CC-5039 (2021/04/28) Description of issue: HTTP Error 500 javax.servlet.ServletException: org.apache.jasper.JasperException while launching the SCC launch page. Description of fix: Removed obsolete jasper jars from cdbrowser.war. 3. LS-68 (2021/04/29) Description of issue: configCC failed from 6.1.x upgrade to 6.2.0.0 (AUDIT_LOG gone and installer log missing from data collector). Description of fix: Corrected a reference to an upgrade script ccd1000001_iFix1_[dbtype]_changes.sql which did not get executed during configCC (name was missing an underscore). Also corrected the name of the the installation log in the data collector (i.e. IBM_Sterling_Control_Center_V6.2_Install_mm_dd_yyyy_hh_mm_ss.log). The version reference had been changed to uppercase beginning with 6.2.0.0 (i.e. v6.2 >> V6.2) 4. LS-55 (2021/04/29) Description of issue: INFO messages that are filling up Engine logs: "Adding stat with Unknown Process name ......". Description of fix: Changed this message from INFO to DEBUG as to not fill the logs. 4.1 IT36868/MFT-11976/TS004975555 (2021/04/30) Description of issue: The email test function in the web UI fails if the SMTP server requires authentication (i.e. System Settings >> Email Server >> Test). Description of fix: Corrected the Email Server test function to properly pass the username/password in the request. 5. MFT-12039 (2021/05/04) Description of issue: Required updates to address the following vulnerability: Upgrade Jar ICU4J - CVE-2020-10531 - CVSS 9.8 Description of fix: Applied updates to above components. 6. MFT-12040 (2021/05/04) Description of issue: Required updates to address the following vulnerability: Upgrade Jar Apache HttpClient - CVE-2020-13956 - CVSS 5.3 Description of fix: Applied updates to above components. 7. MFT-12041 (2021/05/04) Description of issue: Required updates to address the following vulnerability: Upgrade Jar Spring Framework - CVE-2020-5421 - CVSS 5.3 Description of fix: Applied updates to above components. 8. MFT-12043 (2021/05/04) Description of issue: Required updates to address the following vulnerabilities: Upgrade Jar - Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Serverr - CVE-2020-27218 - CVSS 5.8 + CVE-2020-27216 - CVSS 7.8 Description of fix: Applied updates to above components. 9. CC-5982 (2021/05/04) Description of issue: On switching from non secure CCM mode to secure configuration in all products mode (CCM/CCD), facing issue in downloading jnlp file, error in remoteUIURL api. Description of fix: Added in required file for configuring secure port and ssl. 10. MFT-12038 (2021/05/04) Description of issue: Required updates to address the following vulnerabilities: Upgrade Jar Apache Ant - CVE-2020-1945 - CVSS 6.5 / CVE-2020-11979 - CVSS 5 Description of fix: Applied updates to above components. 11. MFT-12105 (2021/05/04) Description of issue: Required updates to address the following vulnerabilities: Upgrade Jar CKeditor WYSIWYG editor: - CVE-2021-26271 CVSS 7.5 / CVE-2021-26272 - CVSS 7.5 / CVE-2018-17960 - CVSS 6.1 / CVE-2020-9281 - CVSS 6.1 Description of fix: Applied updates to above components. 12. MFT-12102 (2021/05/04) Description of issue: Required updates to address the following vulnerability: Upgrade Jar JasperReports - CVE-2018-18809 - CVSS 9.9 Description of fix: Applied updates to above components. 13. MFT-12036 (2021/05/04) Description of issue: Required updates to address the following vulnerabilities: Upgrade Jar IBM MQ - CVE-2020-4310 - CVSS 5.9 / CVE-2020-4320 5.3 / CVE-2019-4762 CVSS 5.9 / CVE-2020-4338 CVSS 5.1 Description of fix: Applied updates to above components. 14. MFT-12042 (2021/05/04) Description of issue: Required updates to address the following vulnerability: Upgrade Jar Guava: Google Core Libraries for Java - CVE-2020-8908 - CVSS 5.4 Description of fix: Applied updates to above components. 15. MFT-12124 (2021/05/05) Description of issue: Strengthen algorithm of encrypting internal keys. Description of fix: Changed key encryption algorithm. 16. MFT-12037 (2021/05/05) Description of issue: Required updates to address the following vulnerabilities: Upgrade Jar Hibernate ORM - CVE-2020-25638 - CVSS 7.4 / CVE-2019-14900 CVSS Description of fix: Applied updates to above components. 17. MFT-12138 (2021/05/08) Description of issue: CD Server definition was erroneously after upgrading from 6.1.x. After the upgrade, the web UI has logic to query all the CD servers that do not have a value for CC_SERVER.DUAL_HOST_NAME column and updates the value. The query that retrieved the Servers did not have this additional condition: AND logicallyDeleted = 0. When this process posts a cluster event, it posts the cluster event for an already deleted server entity. And it causes the EP to delete an active server. Description of fix: Corrected the conditional query. 18. IT36829/MFT-12092/TS005514377/TS005581175/TS005596248/TS005552025 (2021-05-10) Description of issue: During server reassignment CC_SERVER.PROPERTIES entry for server becoming null rendering the server unable to be monitored. Description of fix: When server entities are updated, if up-to-date properties are not available from the node service, which happens when the node service is stopped, the logic was updated to no longer null out CC_SERVER.PROPERTIES. 19. MFT-12144 (2021/05/10) Description of issue: Upgrade to 6200 (from 6002 and 6130) fails in configCC, when using Oracle database. Description of fix: Added a check to skip execution of the offending script when upgrading with an Oracle database. -------------------------------------------- 6.2.0.0 iFix07 (Released 04/12/2021) 1. IT36373/MFT-11877/TS005005223 (2021-03-26) Description of issue: During SEAS Authenticated User logging into Web Console, "extended authentication check failed" error occurs. Description of fix: Fixed the issue by addressing the case mis-match while checking the existence of the user ID. 2. MFT-12007 (2021-04-06) Description of issue: Not able to schedule/automate the Server Status Report. The following message was displayed in the classic console when attempting schedule the report: "The following Report Types are not supported: Server Status Report". Description of fix: Corrected saved report type validation logic. 3. MFT-11749 (2021-03-25) Description of issue: Address vulnerablities: -General Information Disclosure CVE-2021-20529 CVSS 5.3 -Clickjacking in cdbrowser Description of fix: Removed webserver version from response / Upgraded to to latest cdbrowser.war file. 4. IT36496/MFT-11643/MFT-11775/MFT-11823/MFT-11824 (2021-04-07) Description of issue: Required IBM JRE upgrade to address the following vulnerabilities: -Flaw in the CertPath impl. allows bypass of cert. fingerprint checks - CVE-2020-14782 - CVSS 3.7 -User could gain unauthorized read access to java embedded accessible data. CVE-2020-114781 - CVSS 3.7 -Buffer overflow in widely used function writing characters to a file - CVE-2020-27221 - CVSS 9.8 -Unauthenticated attacker could cause a denial of service - CVE-2020-2773 - CVSS 3.7 Description of fix: Upgraded from 8.0.6.15 to 8.0.6.25. 5. MFT-11886 (2021-04-08) Decription of issue: Remove remaining sccwebstart.war Jasper dependencies (and remove Jasper jars). This is a follow-on fix to MFT-11885 in previous iFix06 where the Jasper jars had to be re-instated due to some remaining dependencies in some of the reports. Description of fix: Removed the remaining dependencies and removed all Jasper jars from sccwebstart.war. -------------------------------------------- 6.2.0.0 iFix06 (Released 03/19/2021) 1. IT35740/MFT-11783/TS004884358 (2021-01-29) Description of issue: Node messages shown in the Swing console sometimes include the full exception stack trace. Description of fix: Stopped appending the exception trace to the message text (in most cases) to be displayed by the Swing console. 2. MFT-11767 (2021-02-01) Description of issue: Unable to run CX Summary Report resulting in the following error messages: ERROR ScheduledReportsJob - Unable to generate report output. Exception Msg :Could not load the following font: pdfFontName: DejaVu Sans / pdfEncoding: Cp1252 / isPdfEmbedded : false Description of fix: Corrected font specification in the report template. 3. LS-62 (2021-02-04) Description of issue: When tracing is enabled for monitored Connect:Direct server the output goes to the console instead of the appropriate log file. Description of fix: Redirected console output generated by the CDAIJ to the appropriate log file via code changes in Control Center. 4. IT35755/MFT-11773/TS004868677 (2021-02-09) Description of issue: Default summarizer computed invalid transfer durations for SFG redeliveries. Description of fix: Adjusted summarizer logic to account for the fact that SFG redeliveres are done with the same process ID as the original deliveries and that those processes have multiple end events but a single start event. 5. IT35848/MFT-11764/TS004546288 (2021-02-09) Description of issue: AdHoc Reports do not allow the report to be saved as PDF, XLS, XML. Description of fix: Added a new "Report Output Format" selection screen in the report wizard which allows the user to select one of the following formats: HTML, PDF, CSV, Single sheet XLS, Multi Sheets XLS. HTML is the default. 6. MFT-11803 (2021-02-09) Description of issue: Warnings generated in engine log when updating Servers in swing console: Warning: Neither heartbeat interval nor polling interval was specififed for [server name] Description of fix: Removed warning message. 7. MFT-11799 (2021-02-09) Description of issue: After exporting and importing config to a new instance, when admin user first logs in to web UI, it prompts for email address. This would seem to indicate that the email address, which was already defined in the instance when config was exported, is not being included in export. Description of fix: Corrected logic to correctly import the admin user email address. 8. MFT-11800 (2021-02-09) Description of issue: Port to maint branch RUNBATCH allows creation o a user with no pasword. Description of fix: Added logic to verify password is present and conforms to password policy. 9. CC-4336 (2021-02-09) Description of issue: Audit log entries for changes to System Settings are not showing up in ICC Conig Changes Audit report. Description of fix: Corrected audit log logic to correctly display System Setting objects in the report. 10. MFT-11801 (2021-02-10) Description of issue: Logger errors running exportConfig.sh Description of fix: Corrected casing of the following reference in some scripts/xml files: FROM configEximLogger.xml TO ConfigEximLogger.xml 11. MFT-11798 (2021-02-10) Description of issue: Engine will not start after importing configuration with DVG-restricted Role. Description of fix: Moved reference to VisibilityService.xml to a common startup services list. 12. MFT-11802 (2021-02-10) Description of issue: DB Info statistics panel not displaying correct record count. Description of fix: Corrected panel display. 13. IT35963/MFT-11781/TS004901712 (2021-02-12) Description of issue: IBM Control Center classic console fails to open when launching sccwebstart.war, while downloading a jasper jar file, resulting in the following stack trace error message: java.io.IOException: Server returned HTTP response code: 503 for URL: host-name:port/webstart/lib/Jasper_Jars/jasperreports-6.7.0.jar Description of fix: Removed obsolete jasper jar files from sccwebstart.war 14. IT35971/MFT-11766/TS004818440 (2021-02-12) Description of issue: Error while processing osa event :: NullPointerException","statusCode":"BAD_REQUEST","statusCodeValue":400} Description of fix: Added guard code to check for unconfigured parameters. 15. MFT-11817 (2021-02-14) Description of issue: Cannot enable node discovery for servers that use cert based authentication. Description of fix: Allow for discovery if a secure protocol in in use. 16. IT35892/MFT-11695/TS004688667 (2021-02-17) Description of issue: High cursor count associated with Control Center in Oracle database Description of fix: The query used to obtain the events needed to summarize processes was being cached by Control Center, causing a cursor to be left open as long as it was, but there's no point in caching those queries as they're never used again, so the fix was to stop caching them. 17. CC-4945 (2021-02-18) Description of issue: Getting exception: Invalid new install bundle Description of fix: Modifed error message to include install bundle ID. 18. IT36004/MFT-11851/TS004956346 (2021-02-27) Description of issue: CCTR135I slow inserts into EVENTS occurring Description of fix: Changed some queries used for MSSQL servers related to handling alerts, improved the logic used to automatically handle alerts, and added a new index to CC_PROCESS for MSSQL server databases. 19. MFT-11846 (2021-03-01) Description of issue: Duplicate records in NODE_TYPE table caused shutdown. This condition can exist if an old 5.4.2.2 release is upgraded to a 6.x release. The following error mesages were displayed in the engine log. ERROR SQLExceptionShutdownHandler - ** SQLExceptionShutdownHandler entered with sqlex=java.lang.IllegalStateException: Found more than one NodeType with NODE_TYPE "3"! ERROR SQLExceptionShutdownHandler - ** Event not updated or details on what was being done when error occurred -> Found more than one NodeType with NODE_TYPE "3"! ERROR SQLExceptionShutdownHandler - Found more than one NodeType with NODE_TYPE "3"! Description of fix: Added logic to check if the NODE_TYPE table contains a primary key. If there is no primary key, the table is re-created with primary key and re-populated with one of each NODE_TYPE (i.e. DROP, CREATE, INSERT). 20. MFT-11885 (2021-03-03) Description of issue: The following reports cannot be created in the classic console after implementing MFT-11781: [Configuration Management/all reports], [Monitoring/High Watermark Report], [Audit/Sterling Connect:Direct Configuration Changes Audit Report]. Some jars were removed from sccwebstart.war believed to have no remaining dependencies across all reports. Description of fix: Re-instated the previously removed Jasper jars in sccwebstart. There will be a follow-on fix to eliminate the remaining dependecies on these jars from the reports mentiond above, so they may be removed again later. 21. MFT-11908 (2021-03-08) Description of issue: See null pointer exceptions, and node services are started and stopped multiple times when server reassignments are performed. Description of fix: Adjusted the logic that handles server updated cluster events to ignore them if the server was in the process of being reassigned. 22. IT36169/MFT-11928/TS005067737 (2021-03-10) Description of issue: Customer wanted to use the embedded flag expression (?s) in the regex for a milestone parameter value but the existing validation logic would not permit parenthesis to be specified in the value Description of fix: Updated validation logic to allow parenthesis to be specified. 23. IT36205/MFT-11866/TS005079378 (2021-03-12) Description of issue: Scheduled reports fail to run due to a problem creating temporary tables. Description of fix: Added logic to detect if the temp tables normally used during report execution fail to be created. If so, use a CSV file instead to create the report. 24. IT36206/MFT-11831/TS005021428 (2021-03-12) Description of issue: Automated reports are not being emailed, resulting in the following error message found in the engine.log: CRPT038E Error while trying to send E-Mail message. Error message : Access to default session denied Automated Report Group : [report-group] Schedule : [schedule-name] Schedule Time : hh:mm Report Name : [report-name] Description of fix: Modified the email send function to create a new session instance, instead of using the default session instance. 25. IT36247/MFT-11878/TS005095362 (2021-03-12) Description of issue: User getting HTTP ERROR 503 Service Unavailable when trying to access the web UI. The cause of this was an SQL syntax error due to the existence of 1000+ user roles being defined. The following error was displayed in ccweb.log: Caused by: java.sql.SQLSyntaxErrorException: ORA-01795: maximum number of expressions in a list is 1000 Description of fix: Modified the logic which constructs the query to limit each IN clause to a maximum of 999 items. 26. IT36273/MFT-11870/TS005076913 (2021-03-16) Description of issue: Reinstalling to a deleted/cleared directory fails. Description of fix: Update CCNameConfigurator to treat this as if installation.propeties had AGENT_NAME_INSTALLED=true and CCENTER_NAME=existing_ep_name specified. 27. IT36274/MFT-11903/TS005023041 (2021-03-18)MFT-11903: TS005023041 - High CPU on EPs that are not the CEP Description of issue: High CPU on EPs that are not the CEP. Description of fix: Changed the DeploymentService, a CCD service, to only run when it is on the CEP. Other changes made include moving the DeploymentService.xml and LicenseDataCollectorService.xml configuration files to the database at startup, and allowing their values to be modified via the ICC Web interface. 28. IT36282/MFT-11945/TS005212567 (2021-03-18) Description of issue: Java jar signing certificate expired on 2021-03-14, at which time users could no longer launch the classic console via webstart because the jars were not signed with a timestamp. Description of fix: Implemented a new jar signing process using a current certificate and also turned on the the jar signing timestamp. This timestamp is used to verify the code was signed prior to the certificate's expiration date. -------------------------------------------- 6.2.0.0 iFix05 (Released 01/22/2021) 1. CC-4221 (2020-11-27) Description of issue: CognosStopper erroneously called during self initiated shutdown due to a database outage. The following error messages occurred in the engine.log: ERROR CognosStopper - CRUL041E Error while invoking user operation: CognosStopper for rule: CognosStopper ERROR CognosStopper - Cannot run program "/bin/sh" (in directory "/Cognos/bin"): error=2, A file or directory in the path name does not exist. Description of fix: Removed the call to the deprecated code. 2. CC-4095 (2020-11-30) Description of issue: Multiple bundle are getting added with same name from CCD UI Description of fix: Updated database upgrade scripts to ensure a unique index is created on CC_BUNDLE table to prevent multiple bundles with the same name. 3. CC-3901 (2020-12-01) Description of issue: After upgrade of CCD installer from 1.2 to 6.2 if we do not confirm truststore and keystore and reconfirm it second time getting truststore already been used error. Description of fix: Added logic to detect and recover from duplicate truststore. 4. CC-4222 (2020-12-01) Description of issue: Unable to delete tokens message in Jetty log as follows: main] c.a.a.s.ScheduledAuthenticationTasks :Error while deleting Tokens :: [ACCESS: [token here - long character string] Description of fix: Corrected logic to delete tokens. 5. CC-4126 (2020-12-01) Description of issue: Server export is exporting only first page data irrespective of navigation of list Description of fix: Corrected logic to export all servers (not just the currently displayed page). 6. CC-4199 (2020-12-02) Description of issue: Users added with Web console do not set time zone preference, resulting in Swing console NullPointerException. Description of fix: Set default timezone setting to UTC. 7. CC-1853 (2020-12-02) Description of issue: Search is disabled if filter is made hidden with the filter icon toggle Description of fix: Corrected filter icon toggle processing leave search enabled. 8. MFT-11625/IT35132/TS004557926 (2020-12-02) Description of issue: StartWebAppServer.bat will fail if %DATE% has a comma in it. Description of fix: Remove a date/time entry from the name of the jettyStartup log file. 9. MFT-11667/IT35201/TS004500628 (2020-12-09) Description of issue: The web UI is not loading, although port 58082 is up. HTTP 503 error. This was caused by two MSSQL JDBC drivers at different JRE levels both in a directory. The presence of both correct/invalid drivers (mssql-jdbc-8.4.1.jre8.jar/mssql-jdbc-8.4.1.jre14.jar) caused a conflict. Description of fix: Added logic in configCC to delete all JDBC drivers for all JRE levels (not just JRE 8 levels) from /web/ccbase/lib/ext prior to installing the current user specified JDBC driver. 10. CCP-12386 (2020-12-09) Description of issue: Missing permissions cause install/configuration failures. Description of fix: Added code to check required database permissions before proceeding. 11. CC-4036 (2020-12-10) Description of issue: Intermittent NPE when starting an EP as it starts monitoring its servers Description of fix: Fixed the logic that caused this. 12. LS-38 (2020-12-10) Description of issue: Users use the EST time zone errouneously thinking it supports Daylight Saving Time when they really should use the time zone named America/New_York Description of fix: Logic added to remove EST as a choice and to update current usage to be America/New_York. The one area that may require manual modifications are reports. Scheduled reports using EST will be updated, but report criteria specifying EST will have to be manually updated. 13. CC-3572 (2020-12-10) Description of issue: Counts displayed of active Swing console users can be incorrect. Description of fix: Logic added to address incorrect Swing console user counts. 14. IT35194/CC-4313/MFT-11633/TS004561575 (2020-12-10) Description of issue: Tag mapped value not being set consistently. This occurred whenever the value came from XML string and contained a new line character or other non-alphanumeric characters. Description of fix: The logic used to extract the tag mapped value from XML string was updated to account for any valid value, including new line characters. 15. IT34943/CC-4314/MFT-11546/TS004390039 (2020-12-10) Description of issue: ICC doesn't recognize the 'replication' events from Global Mailbox Description of fix: The real issue was ICC when ICC determined that the GM server went down, it set the status of all the servers components to UNKNOWN, resulting in red lines that never changed because new status events from the components are not sent when the GM server restarts. So rather than change the status of an OSA servers components to UNKNOWN when the OSA server is determined to be down, the status of its components will be left as they are.. Also, before this update, when heartbeat event received, server's status would only be changed to up/active if its status was down or unknown. Now the status will be changed to active, and a server up event broadcast, if it was not in an active status before receiving the heartbeat event. 16. CC-4037 (2020-12-10) Description of issue: Errors in engine log when deleting B2B server in multi-EP system Description of fix: Logic that caused errors to be logged has been fixed. 17. CC-3941 (2020-12-10) Description of issue: Performance problems caused when using Swing console in multi-EP environment. Description of fix: In a multi-EP environment, requests for data made by Swing consoles are sometimes forwarded to other EPs, which has a negative impact on performance. The bulk of these remote procedure calls have been eliminated for data from monitored Connect:Direct servers and for Connect:Direct File agents. 18. IT34944/CC-4315/MFT-11576/TS004456801 (2020-12-10) Description of issue: ICC shows SEAS down, even though SEAS up. Description of fix: New diagnostic ability added to the EventProcessorService, which handles OSA events for processing. Specifically a new log file, EventProcessorServiceEvents, was added to allow all OSA data received, from servers like SEAS and GM, to be seen. If the EngineLogger.xml is updated, such that debug level logging is enabled for EventProcessorServiceEvents, all events processed by the EventProcessorService will be written to the EventProcessorServiceEvents log file. 19. CC-4216 (2020-12-10) Description of issue: Weak cipher suites warning message appears in jetty log. Description of fix: Disabled weak cipher suites which caused the warning message from jetty default log files 20. CC-3838 (2020-12-10) Description of issue: Slow running Server Inventory report. Description of fix: Eliminate remote calls to EP when when this report is run in cluster mode. 21. MFT-11472 (2020-12-11) Description of issue: Upgrade from 6.0.0.x with a STAG database to 6.2.0.0 fails. After running configCC, engine startup fails with the following error message: ERROR CCEngine(CCenter) - CCTR142E The Event Processor name has not been properly configured since its location is not set. Please run configCC to configure event processor name. Name: CCenter Description of fix: Corrected logic to properly reference both the PROD and STAG database connection pools as needed. 22. CC-3782 (2020-12-14) Description of issue: Audit log creating multiple entries for adding SNMP host and other objects in System Setting. Description of fix: Modified logic to create audit log entry for add and delete. 23. MFT-11481 (2020-12-16) Description of issue: Unable to login in web console after upgrading to ICC 6.2 Description of fix: Corrected Oracle upgrade scripts. 24. CC-4219 (2020-12-17) Description of issue: Web App log messages are in different time zone than the Jetty Log messages Description of fix: Corrected logging configuration files to use consistent time zones. 25. LS-52 (2020-12-17) Description of issue: Oracle JDBC driver ojdbc10.jar remained in /lib/thirdparty after having been erroneously specified during configCC. When the customer ran configCC again to specify the correct ojdbc8.jar, the presence of both correct/invalid drivers (ojdbc8.jar/ojdbc10.jar) caused a conflict. Description of fix: Added ojdbc10.jar to a list of drivers to ensure it is excluded from the classpath (i.e. only the current JDBC driver is added). 26. CC-4009 (2020-12-17) Description of issue: Cannot enter initparms for license and install agent on CDW and CDU servers. Description of fix: Add support for the new fields. 27. MFT-11468 (2020-12-17) Description of issue: Json documentation fot heartbeat interval listed to value as a string and not a number. Description of fix: Change code to accept a sting that is a number with a warning as well as a number. 28. CC-4215 (2020-12-21) Description of issue: Monitor rest time ignored for CD servers with manage and monitoring turned off. When a CD server is configured with both Do not monitor and Do not allow configuration management selected, the internal logic in the CD Node service ignores the monitor rest time and polls the server every 60 seconds. Description of fix: Corrected logic to always use monitor rest time, regardless of the settings for Do not monitor and Do not allow configuration management. 29. CC-4375/MFT-11718 (2020-12-21) Description of issue: Error occurs importing monitored server from exported configuration at startup while processing the server's time zone value. Description of fix: Logic used to ascertain time zone from database treated the time zone ID as a numeric value instead of the string it is. This was fixed. 30. CC-4255 (2020-12-21) Description of issue: Servers configured to not be monitored or managed had a fixed monitor rest time of one minute instead of honoring the configuring monitor rest time. Description of fix: Logic changed to honor the configured monitor rest time even for servers not monitored or managed. 31. CC-4362 (2020-12-23) Description of issue: Database purge and movement timed scheduling not working properly. Note daily scheduling works fine. Description of fix: Correct tome zone handling. 32. MFT-11650 (2020-12-28) Description of issue: Can not access the Web Console, gets error HTTP ERROR 503 Service Unavailable. This was caused by a program referencing table lowercased column name instead of uppercased. Following error message found in ccweb-yyyy-mm-dd.log: [ main] o.h.e.j.s.SqlExceptionHelper : Invalid column name 'm_version'. Description of fix: Corrected code to referenced columns names in uppercase. 33. LS-35 (2020-12-28) Description of issue: I have multiple Connect Direct servers not U/W/Z defined in CCD/CCM and they show in the CCD Web Console, but the CCD Dashboard OS Distribution does not show these as part of Unknown or as the platform they are. CD i5/OS servers are not being counted. Description of fix: Corrected logic to count/display OS distributions as expected in categories: Unix, Unknown, Windows, Z/OS. 34. CC-4213 (2020-12-29) Description of issue: Bad error text when adding a duplicte SNMP host (i.e. error message pop-up box only partially display). Description of fix: Corrected error display. 35. LS-47 (2020-12-29) Description of issue: Error messages with stack trace written to engine.log when executing startWebAppServer.sh due to a normal InteruptedException. Beginning of of stack trace messages follow: [StreamConsumerThread - //bin/startWebAppServer.sh] ERROR StreamConsumer - RULE011E Error while executing user operation: //bin/startWebAppServer.sh Stack Trace: java.io.IOException: Stream closed at java.io.BufferedInputStream.getBufIfOpen(BufferedInputStream.java:181) Description of fix: Removed logic which catches this type of exception. Processing continues as normal (but without displaying the stack trace). 36. CC-4101 (2020-12-30) Description of issue: Users and Roles summary report shows incorrect IP address for logged in user. Description of fix: Corrected report. 37. CC-3724/CC-4086/MFT-11716 (2020-12-30) Description of issue: CCM 6.2>User having view permission on system setting not able to view Audit Logs Swing UI. Description of fix: Corrected permissions checking to properly allow audit logs visibility. 38. CC-4208 (2021-01-03) Description of issue: Misspelling on Successful Windows Installation Dialog. Description of fix: Correct dialog display. 39. LS-19 (2021-01-03) Description of issue: Errors in install logs are confusing customers (i.e. multiple occurrences of the following message): ERROR Unable to locate appender "B2BConversionAppender" for logger config "B2BConversion" (multiple occurrences of this line) Description of fix: 40. CC-4414 (2021-01-04) Description of issue: Non-admin users unable to update custom views, properties for web console, caused by erroneous authentication failure for non-admin user. Description of fix: Corrected authentication parameter. 41. MFT-11589 (2021-01-05) Description of issue: Required updates to address the following vulnerabilities. CVE-2020-1953 CVSS 7.5 - ccroot/lib/thirdparty/commons-configuration2-2.7.jar CVE-2012-5784 CVSS 5.8, CVE-2014-3596 CVSS 5.8, CVE-2018-8032 CVSS 4.3 , CVE-2019-0227 CVSS 5.4 - ccroot/lib/thirdparty/axis-ant.jar Description of fix: Applied updates to above components. 42. CC-4365 (2021-01-05) Description of issue: In License API , historical usage, no of servers are coming up as blank Description of fix: Corrected logic to display historical usage. 43. CC-4433 (2021-01-07) Description of issue: Connection type,connection timeout and status monitor rest time are getting displayed as blank on editing server. Description of fix: Corrected display logic. 44. CC-4482 (2021-01-07) Description of issue: Required update to address vulnerability dom4j: flexible XML framework for Java CVE-2020-10683 CVSS 7.5 Description of fix: Removed affected obsolete jar file: /lib/Cognos_Jars/dom4j-1.6.1-osgi.jar 45. LS-53 (2021-01-08) Description of issue: ConfigureEntitlement locks up when customer tries running the script (configureEntitlement.sh) with the following console error message: Exception while executing com.sterlingcommerce.scc.agent.install.EntitlementConfigurator:java.lang.RuntimeException: java.sql.SQLSyntaxErrorException: ORA-00942: table or view does not exist Description of fix: Correct configuration logic. 46. MFT-11719 (2021-01-10) Description of issue: Configuration Changes Audit Report does not show or allow editing of servers/groups. Description of fix: Corrected logic in the classic console to initialize all report subpanels allowing fields to be displayed/edited. 47. CC-4403 (2021-01-11) Description of issue: Getting FilenameEventTypeFilter exception while upgrading installer from CCD 1.2 to 6.2 with the following error in ccinstall.log: UPDATE CC_SEERVER SET TIMEZONE_ID - timezone.TIMEZONE_ID FROM CC_SERVER server, CC_TIMEZONE timezone WHERE NODE_TYPE_ID NOT IN(0,99,98) and NODE_TYPE_ID is NOT NULL AND timezone.IANA_CODE = server.TIMEZONE_ID SQL Error 209 Error: Ambiguos column name 'TIMEZONE_ID' Description of fix: Corrected SQL upgrade scripts to properly set timezone in CC_SERVER table. 48. CC-4526 (2021-01-12) Description of issue: Setting B2Bi server BP selection to be not monitored reverts back to monitored (i.e. Server Properties >> Settings >> Selected Business Process to be: Monitored / Not Monitored) Description of fix: Corrected logic to preserve the udated setting. 49. CC-3819 (2021-01-12) Description of issue: Requirement to upgrade cdbrowser.war to address the following vulnerability: CVE-2020-8022 CVSS 3.1 Description of fix: Upgraded cdbrowser.war with fix. 50. MFT-11715 (2021-01-14) Description of issue: Not able to update CD Server license settings from Swing UI (i.e. agent.enable and agent.installation_id) Description of fix: Updated a validation properties table to allow these arameters. 51. CC-4532 (2021-01-14) Description of issue: Error when an OSA (SEAS) server and server group is first created, resulting in the following error message: [ClusterEventMonitor] ERROR ClusterEventMonitor - Exception occurred processing configuration changed event Configuration Changed(nnn, day mon dd hh:mm:ss TZ yyyy, Monitor_event_repository, ) in com.sterlingcommerce.scc.agent.services.security.ServerGroupMgr java.lang.RuntimeException: CUSR007E User not found for user ID: Unknown Description of fix: Corrected to skip updating user role when creating a new server group due to a cluster event because there is no user id in this type of request. 52. CC-4277/MFT-11729 (2021-01-15) Description of issue: Cannot view any Staging DB or production DB Movement information in the web UI. Description of fix: Corrected logic to properly display the information. 53. CC-3820 (2021-01-15) Description of issue: Requirement to address the following vulnerability in Apache log4j: CVE-2020-9488 CVSS 3.1 Description of fix: Updated affected classes in Apache ActiveMQ 5.15.14. 54. CC-4554/CC-3819/CC4555 (2021-01-21) Description of issue: Multiple issues addressed in cdbrowser.war file (ClassNotFoundException / jasper.jar causing conflicts) Description of fix: Upgraded cdbrowser.war file with missing class added and removal of jasper.jar. -------------------------------------------- 6.2.0.0 iFix04 (Released 11/20/2020) 1. IT34725/MFT-11516/TS004361714 (2020-10-25) Description of issue: After ugrading from CCD 1.0.0.2 to 6.2.0.0 the engine fails to start with a java exception on the Name or Alias name too long. Description of fix: Made changes to ensure a CD server alias name is restricted to 25 characters and a unique hashed code is appended to a discovered server with duplicate name. 2. MFT-11541/TS004405705 (2020-10-29) Description of issue: Engine startup fails with a NullPoinerException (ServerGroupMgr.init failed) with the following error message: CCTR023E Start Service failed. Service: Agent:Name=CCEngineService,Type=0. This was caused by a service name entry placed in the wrong service startup list. Description of fix: Moved file entry "MetricsServices.xml" from monitorServicesList.txt to commonServicesList.txt. 3. CC-4035 (2020-11-02) Description of issue: When creating a role in the Control Center Director web UI, a server group of "ZZZZJAVA_CONSOLE_REDIRECT" is erroneously displayed in the "Select Server Groups" screen. Description of fix: Corrected logic to only populate the selection screen with valid server groups. 4. CC-4115/CC-4128 (2020-11-04) Description of issue: Unable to change SEAS persistent connection setting in Web UI. When changing Persistent Connection setting in the web UI, it sets incorrect XML tag persistenetConnection (instead of correct tag persistentConnection). The result is both tags present in XML, but the operative one remains unchanged. Description of fix: 5. IT34851/MFT-11555/TS004412991 (2020-11-07) Description of issue: The web UI is not loading, although port 58082 is up. HTTP 503 error. This was caused by an older JDBC driver erroneously remaining in a directory. The presence of both old and current drivers caused a conflict. The following error messages were dislayed in the web log (/web/ccbase/logs/ccweb_yyyy-mm-dd.log): Driver does not support get/set network timeout for connections. (java/sql/Connection.getNetworkTimeout()I) Failed to execute isValid() for connection, configure connection test query (java/sql/Connection.isValid(I)Z). Description of fix: Added logic in configCC to delete all JDBC drivers from /web/ccbase/lib/ext prior to installing the current user specified JDBC driver. 6. CC-4192 (2020-11-09) Description of issue: Getting invalid option in overflow menu for package in Control Center Director web UI. Description of fix: Corrected logic to not show any invalid overflow menu option. 7. IT34785/MFT-11564/TS004439237 (2020-11-10) Description of issue: configCC fails with error message: "ERROR DBConn - Not a valid MSSQL JDBC Driver" when specifying mssql-jdbc-8.4.1.jre8.jar Description of fix: Updated a list of all valid MSSQL JDBC drivers. 8. IT34934/MFT-11560/TS004416401 (2020-11-16) Description of issue: Cannot logon to the classic console getting either of the following error messages: "CSEC001E Either User Name or Password is invalid" or "ControlCenterMessages: extended authentication check failed". This occurs if a user attempts to logon using a secure connection and the keystore/truststore is invalid. This only occurs if the user logs into the web UI and then clicks on the hamburger menu and then clicks on the "Launch Classic Console" link. This error will not occur if the user logs onto the classic console navigating from the Control Center Launch Page by click the link on the web UI logon page. Description of fix: Set a system property to correct the problem. 9. IT34926/MFT-11574/TS004500628 (2020-11-16) Description of issue: The web server failed to initialize due to a mixed case column name definition. The following messages were found in /web/ccbase/logs/ccweb_yyyy-mm-dd.log: "SQL Error: 207, SQLState: S0001" and "Invalid column name: 'PROP_Value'". This error occured because the customer specified a collation setting of SQL_Latin1_General_CP850_BIN which is case sensitive. When a case sensitive collation setting is specified, both column name and value are treated as case sensitive in a SQL query. Description of fix: Changed a reference to a column name in the X_PROPERTY table from: "PROP_Value" to "PROP_VALUE". 10. LS-45 (2020-11-18) Description if issue: The following obsolete configCC console message is displayed during keystore/truststore configuration: "Warning: If you specified a new truststore file path, then you must reconfigure your Cognos HTTPS connection". Description of fix: Removed the warning message. -------------------------------------------- 6.2.0.0 iFix03 (Released 10/29/2020) 1. CC-3928 (2020-10-19) Description of issue: New CCM only install with Oracle DB throws exception in configCC: ERROR DeploymentJobMonitor - java.sql.SQLException: ORA-01003: no statement parsed. Description of fix: Added guard code to check for a null value to prevent the exception. 2. LS-40 (2020-10-19) Description of issue: Upgrade from CCM 613 shows CD servers with out address or port. Description of fix: Set hostname and port of CD server on upgrade. 3. CC-3971: (2020-10-19) Description of issue: Update Status count is not corrected on CCD dashboard. Description of fix: Corrected code to update status counts. 4. CCP-16878 (2020-10-20) Description of issue: When filtering based on Event Return Code under MQMFT FIle Transfer Report, it never comes with return codes as 40. We can see the return codes coming as 0,1,2 and 8 instead of standard MQ FTE return codes like 20,40, etc. Return code 40 means transfer fails and none of the files specified transferred. But in this report we show data of only successful transfer. So we won't be able to show return code 40 in the report. Description of fix: Removed return code filter from the MQMFT Report. 5. CC-4005 (2020-10-21) Description of issue: Enhancement to add source file to Connec:Direct Process Details report. Description of fix: Added new column "Source File Name" to the report. 6. CC-3800 (2020-10-21) Description of issue: NullPointerException in engine.log when CD Unix does nightly statistics archiving. Description of fix: Added guard code to check for a null value to prevent the exception. 7. CC-4043 (2020-10-22) Description of issue: User created on CCD 1.2 installation is not getting logged in after upgrading to 6.2 ifix01/02 Description of fix: Corrected logic to allow users login after upgrade. 8. CC-4040 (2020-10-22) Description of issue: Account lock message is not displayed when trying to reset password from CCD user details page for user having account locked. Description of fix: Corrected logic to display error message: "AUTH005E: Account is locked" 9. CC-4072 (2020-10-22) Description of issue: C:D server node name should be limited to a length of 16 on the "Overrides for Individual Servers" screen. Description of fix: Corrected "Node Name" input field edit check to allow a max length of 16. 10. IT34725/MFT-11516/TS004361714 (2020-10-25) Description of issue: Control Center Director Engine Startup failed after CCD was upgraded from 1.0.0.2 to the latest 6.2. The engine fails to start with a java exception due to the C:D server Name or Alias name too long (i.e. length greater than 16). Description of fix: Made changes to prevent installed CD server node names chosen by ICC from being too long. 11. CC-4075 (2020-10-25) Description of issue: On servers's create form (i.e. Add C:D Server >> Server Name / Alias Name), limit length of name field to 25 characters. Description of fix: Changed input max length check to 25. 12. CC-4022/CC-4065 (2020-10-27) Description of issue: CCD-New CD Win install package - DB password is specified but says that password is required with error meesage: "NWIN004E: Database password is mandatory for Windows OS". Description of fix: Corrected input field edit for "DB Password". 13. CC-4067 (2020-10-27) Description of issue: CCD Server list view - "Node name" column is incorrect. It should be changed to "Server Alias/Name". Description of fix: Changed column name. -------------------------------------------- 6.2.0.0 iFix02 (Released 10/16/2020) 1. CC-4031 (2020-10-16) Description of issue: [CCD] License information is not displayed for Connect:Direct z/OS servers in the "License" tab. Description of fix: Corrected logic which retrieves the license information for display. 2. CC-3985 (2020-10-16) Description of issue: [CCD] Multi-select delete does not delete all the archived packages. Description of fix: Made modifications to disable overflow menus when one or more rows are selected on listng pages. 3. CC-4059 (2020-10-16) Description of issue: Cold start flag is erroneously set in runEngine.sh script, causing loss of data at engine start (i.e. runEngine.sh behaves same as runEngineCold.sh). Description of fix: Removed property -DCOLD_START=true from runEngine.sh. This issue/fix applies to AIX/Linux/zLinux installations. Windows is not affected by this. -------------------------------------------- 6.2.0.0 iFix01 (Released 10/15/2020) 1. CC3505 (2020-09-18) Description of issue: Jetty webserver version is returned in response headers. This information might help an attacker gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of Jetty. Description of fix: Setting property jetty.httpConfig.sendServerVersion=false in start.ini for hiding server the version. 2. IT34297/MFT-11373/TS004107066 (2020-09-22) Description of issue: Getting out of memory error on all but the CEP when adding multiple servers via batch creation utility. Also found that when initiating startHtmlAdaptor on command line, control is not returned, and CTRL-C doesn't break out of the command. Description of fix: As servers are added, the built in server groups are also updated appropriately. When 1000s of servers already exist, and 100s more are added quickly, the previous logic would keep the before and after server groups as servers are added, for each server added, in memory. With this fix, only one, before and after server group will be in memory at a time now. Also, for the startHtmlAdaptor problem, a System.exit() was added to the logic, and control is now returned when it completes. 3. CC-3729 (2020-09-22) Description of issue: Inconsistent password restrictions between config.bat/sh rules and Web UI change password rules. Description of fix: Set the same the same restrictions in config as are defaulted to in the Web UI. 4. CC-3896 (2020-09-22) Description of issue: SynchObject time for CD Configobjects has value "never" but NodeConfigService logic only accepts "NEVER". The system was creating a bunch of jobs to run to refresh servers for monitored C:D servers despite the fact that the synch time was set to "never". The engine.log display the following: "Unable to calculate delay before next SynchOjbectsTask" Description of fix: Changed the comparison to be case insensitive (i.e. NEVER, never, NevEr, etc, are all treated the same). 5. CC-3832 (2020-09-23) Description of issue: Server Inventory report from swing connect to different EPs, it only shows certain data for Servers that are monitored by that EP. otherwise data is blank or defaults to a value. Server Type, Node Name, Monitor, Configure, License Push and perhaps other fields are affected. Description of fix: Made changes to obtain the missing data for servers monitored by all EPs. 6. CC-3624 (2020-09-23) Description of issue: In the Swing UI, Functional Auth properties, the Admin field selection is not set. Since there is no explicit field name 'admin' in CD Windows, this field should not be displayed for CD Windows functional authorities. Whether the user selects any option or not, it still works. Description of fix: Disabled the Admin radio button on the Windows Functional Authority Properties. 7. CC-3781 (2020-09-24) Description of issue: Saved report listing in Web UI should be sorted by name, same as in the classic console. Description of fix: Corrected the web UI saved reports sort order. 8. CC-3860 (2020-09-25) Description of issue: Not able to run engine after enabling user key. Description of fix: Corrected userkey logic. 9. CC-3783 (2020-09-28) Description of issue: Blank row displaying at the end of Monthly File report which does not contain any data Description of fix: Removed erroneous blank row. 10. CC-3861 (2020-09-28) Description of issue: Error in partitioning of AUDIT_LOG with DB2 if DB2 database is 1 date ahead of current system database Description of fix: Corrected AUDIT_LOG partition logic which calclates the minimum partition date. 11. CC-3882 (2020-09-28) Description of issue: Error running config.sh when upgrading from 6.1.3 with DB2 10.x database. The resulting SQL error in ccinstall.log follows: Error code : InstallErrorCodeList.4008 / Error : DB2 SQL Error: SQLCODE=-440, SQLSTATE=42884, SQLERRMC=CHARACTER_LENGTH;FUNCTION, DRIVER=4.19.49 Description of fix: Made a SQL statement correction to upgrade script cc6020000_configCC_db2_changes.sql 12. IT34057/MFT-11393/TS004094974 (2020-09-28) Description of issue: Automated and scheduled reports do not run after upgrade to 6130. The following error message is written to the engine.log: "dd yyyy hh:mm:ss,nnn nnnnnnnnn [DefaultQuartzScheduler_Worker-10] WARN CCObject - File /rep.xml must be available and writable. Error message is: /rep.xml (Read-only file system)." Where: = home directory of the user who executed runEngine.bat|sh. Control Center writes temp file rep.xml to user.home when automated/scheduled reports are run. In this particular case, the customer had a requirement that the user's home directory (user.home) be read-only. Description of fix: Created a new optional property in /conf/InstallationInfo.properties to change user.home to a different (writeable) location: CCENTER_USER_HOME=. Example: CCENTER_USER_HOME=/data/control-center/user-home 13. CC-3881 (2020-09-29) Description of issue: Automated report in PDF format is truncated when there is a lot of data. Description of fix: Corrected report by allowing long rows to wrap instead of being truncated. 14. CC-3623 (2020-10-01) Description of issue: EP detail view in WEB UI shows a Cognos entry for report recovery time. Description of fix: Remove display of Cognos entry. 15. CCP-14679 (2020-10-01) Description of issue: Support for CDU initparm instance.id. Description of fix: Update tables for new initparm. 16. CC-3631 (2020-10-08) Description of issue: Alert count does not match alerts displayed. Description of fix: Include SLC generated alerts and update tab to show alert count is active plus handled. 17. CC-4021 (2020-10-09) Description of issue: There are two issues fixed for this defect. The CEP doesn't always cancel temporary server reassignments at startup, leaving servers temporarily reassigned away from the CEP even though they should not be, AND under certain circumstances monitored servers may be errouneously deleted when the CEP sees an EP starting that was previously down. If the database contains two servers with the same name, one logically deleted, and one not, and the server that was logically deleted was assigned to the EP just starting, the CEP errouneously reassigns the deleted server back to its EP, and that EP will attempt to delete it (again), causing the monitored server with that same name to be deleted from the system instead. Description of fix: For the first problem, fixed the logic at startup to ensure the CEP knows it is the CEP at startup, so temporarly server reassignments are always cancelled. For the second problem, fixed the queries used to ascertain servers to be reassigned to exclude logically deleted servers. 18. CC-3987 (2020-10-09) Description of issue: Bootstrap Certificate Validity field allows to specify the value up to 600 even though it is limited to 90 days (in CCD Server Default Settings), Description of fix: Corrected the validation logic to allow the max of 90 days. 19. CC-4025 (2020-10-09) Description if issue: Selected Data Visibility Group Count mismatch Description of fix: Corrected DVG count. 20. CC-4017 (2020-10-09) ???? maybe removed this from fix list ???? Description of issue: Packages filter height issue for diff resloution css fix Description of fix: 21. CC-4029 (2020-10-10) Description of issue: Swing console node tree not updated when servers are created or deleted. A problem was introduced with the fix for MFT-11373 ICC EP stopped monitoring the servers on CEP. The issue was caused by a change to the ServerGroupMgr updateServerGroup. Whenever this update is driven by a cluster event, an NPE occurs, causing, among other things, the update to the server group event to not be broadcast to Swing consoles. Description of fix: Corrected logic to perform the update for non-cluster events only. 22. LS-34 (2020-10-11) Description of issue: “Server Inventory Report” returns no servers even though many servers are defined. Description of fix: Corrected the filtering logic to properly display servers based on filter values. 23. LS-26 (2020-10-12) Description of issue: Not all messsage ID's are shown when creating a rule in Rule in the "IBM Control Center Message Lookup" screen. The last two lines displayed in the truncated list are "CXML009E" and "Environment". Description of fix: Corrected rule create logic to properly display all rule messages in the selection list. -------------------------------------------- ************************************************************************************************* All fix items listed ABOVE represent fixes made after 6.2.0.0 GA (i.e. 6.2.0.0 iFix01 and later). All fix items listed BELOW represent fixes included in 6.2.0.0 GA. ************************************************************************************************* -------------------------------------------- 6.2.0.0 (Released 09/18/2020) The following represent 6.1.3.0 iFixes included in 6.2.0.0 GA base release 6.1.3.0 iFix03 (Released 09/21/2020) 1. IT33567/MFT-11256/TS003891769 (2020-07-15) Description of issue: WLP (Websphere Liberty) encoded passwords (i.e. keystore/truststore/database) are written to the engine.log These encoded passwords should be masked. Description of fix: Changed the log display to mask the password. Before and After examples follow: Before fix: [StreamConsumerThread - ] INFO StreamConsumer - OUT-->{xor}Lz4sLCgwLTs= After fix: [StreamConsumerThread - ] INFO StreamConsumer - OUT-->{xor}************ 2. IT33545/MFT-11276/TS003927367 (2020-07-20) Description of issue: Problems upgrading to Control Center 6.1.3.0. Not recognizing EP already in CC_SERVER and adding new one and then ICC does not start. Description of fix: Logic that handles ensuring EP in CC_SERVER correctly refactored. 3. IT33623/MFT-11277/TS003911941 (2020-07-21) Description of issue: Null Pointer Exception occurring during refresh of Connect:Direct File Agent data in CC_SERVER_COMPONENT table. Description of fix: Fixed logic that didn't handle Connect:Direct servers that did not have file agents associated with them so the null pointer exception would no longer occur. 4. LS-21 (2020-07-22) Description of issue: It was determined in some cases that Control Center was listening on IPv6 addresses. This causes various problems. Currently, only IPv4 adddresses are supported in Control Center. Description of fix: Set a system property during application startup to ensure Control Center listens on IPv4 addresses (i.e. -Djava.net.preferIPv4Stack=true). 5. IT33623/MFT-11277/TS003911941 2020-07-28) Description of issue: When EPs are all restarted, some monitored servers are still temporarily reassigned. Description of fix: Added start up logic for the CEP to undo any temporary server reassignments. 6. IT34299/MFT-11272 (2020-07-29) Description of issue: Required commons-codec upgrade to address Apache Commons disclosure 177835 (CVSS 7.5). Description of fix: Upgraded to commons-code-1.14. 7. IT33623/MFT-11277/TS003911941 (2020-07-31) Description of issue: Exceptions occurring, and logged, by NodeServiceTableAdapter when updating servers - NodeServiceTableAdapter - Queue full. Description of fix: Changed logic to wait when the queue of servers to be updated is full. Note queue size can be increased via the Engine property UPDATE_SERVER_BUFFER_SIZE, which defaults to 500. 8. CC-3597 (2020-08-06) Description of issue: Unable to specify a port value less than 1024 when adding a B2Bi server to be monitored. Description of fix: Changed the validation logic to allow a port number as low as 1. 9. IT34300/MFT-11333 (2020-08-08) Description of issue: Required IBM JRE upgrade to address CVE-2020-14578 (CVSS 3.7) and CVE-2020-14579 (CVSS 3.7)in the Q3 2020 Java CPU. Description of fix: Upgraded from 8.0.6.10 to 8.0.6.15. 10. IT33876/MFT-11319/TS004013600(2020-08-12) Description of issue: Export of audit log to pdf fails with "java.lang.String cannot cast to java.lang.Boolean" (in classic console: Tools >> Audit Log >> Export List to PDF). Description of fix: Added code to catch the exception, allowing the export to complete. -------------------------------------------- 6.1.3.0 iFix02 (Released 07/08/2020) 1. IT32651/MFT-11059/TS003396613 (2020-4-29) Description of issue: Reoccuring "ORA-01000: maximum open cursors exceeded" errors and/or seeing high database cursor usage by ICC. Description of fix: Reduced cursor usage by changing two queries to no longer be cached. Also slightly altered the logic that logs when SQL exceptions occur to better log the SQL command value. 2. IT32611/MFT-11055/TS003575866 (2020-4-29) Description of issue: When ICC is far behind in monitoring SFG servers, perhaps because monitoring was paused, or ICC was down for an extended amount of time, it struggles to ever catch up. Description of fix: Made some small logic changes to address an inefficiency in queries initiated to retrieve "missing" arrived file route and delivery data. Altered the default engine property values for FG_RETRY_INTERVAL and FG_MAX_RETRIES. These properties control how often, and how frequently, ICC will request missing route and delivery data from SFG. Default for FG_RETRY_INTERVAL is now 2000. (A number of milliseconds.) Its default was 10000. Also, before, if the value specified was less than 60, ICC would instead use a much larger value. That's no longer the case. Default for FG_MAX_RETRIES is now 2. It was 10. Also, before the changes for this issue, even if FG_MAX_RETRIES were to be set to 0, ICC would have retried once anyway. That's no longer the case. Also, one new engine property was added - MAX_B2B_EVENT_AGE_IN_MINUTES_TO_LOOK_BACK_IN_DB_FOR. It's default is 64800, which equates to 45 days. This engine property tells ICC to not try to attempt to retrieve any missing arrived file route or delivery data for events that are older than the value specified, which would be 45 days if the default is not overridden. Finally, a small change was made to do a better job of logging SQL exceptions when they occur. 3. MFT-11093/TS003646841 (2020-4-29) Description of issue: When ICC is shutdown errors may fill up all log files from services that don't notice a shutdown is in progress. Description of fix: Logic added to ControllerMonitor, EventProcessorMonitor, ProcessSummaryService, ProcessSummaryWorker, ClusterEventMonitor, EnvironmentMonitor, and EventMonitor to watch for when ICC is shutting down and they now terminate their looping when that occurs. 4. IT32677/MFT-11085/TS003602851 (2020-4-29) Description of issue: When SSP adapters are assigned to multiple SSP engines ICC has problems handling their status. Description of fix: ICC logic updated to handle the situation where one SSP adapter may be assigned to more than one SSP engine. 5. IT32676/MFT-11047/TS003572480 (2020-4-29) Description of issue: Rules created or updated by the Swing console that have return code as a criteria process return code values as strings instead of as numeric values. Description of fix: Changed the Swing console logic that generates the rule match string to treat return code values as numerics instead of strings. Note treating return codes as strings in rules created or updated by the Swing console has occurred for > 10 years. Also, rules created or updated by the web console treat return code values as numerics. In case the original logic in the Swing console is still desired, an engine property was added, HANDLE_RULE_RETURNCODE_THE_ORIGINAL_WAY, whose default is false, and it may be set to true to get the original, albeit errant, behavior. 6. IT32909/MFT-11105/TS003635144 (2020-05-04) Description of issue: Customer ran configCC.sh specifying Oracle JDBC driver ojdbc8.jar after previously having configured using ojdbc7.jar. The following error resulted because both jars were now in the classpath: com.sterlingcommerce.scc.common.SCCException: CJDB014E Cannot create a new connection for URL jdbc:oracle:thin:[host:port:service]. Description of fix: Updated an internal list of database drivers to be excluded from the classpath to ensure only the current specified driver is added. 7. IT32808/MFT-11119/TS003623151 (2020-05-12) Description of issue: Changes introduced in 6130 caused CCTR034E and COSA028E events to not be generated for OSA type servers like SEAS and Global Mailbox, nor to set the status to 'Unknown' for server components associated with the OSA server deemed to be down. Description of fix: This ommission was corrected, so the code should behave as it did now in this area. 8. IT32851/MFT-11127/TS003606190 (2020-05-13) Description of issue: When starting Control Center, runEngine.sh does not return to the bash prompt (i.e. user must hit ENTER). Description of fix: Modified runEngine.sh/runEngineCold.sh so that control is returned to the bash prompt without any user interaction. 9. IT32884/MFT-11131/TS003675945 (2020-05-15) Description of issue: Under certain conditions when the CEP starts, any of its monitored servers temporarliy rassigned to other EPs will remain temporarliy reassigned and must be first manually reasigned to the server they're temporarily assigned to and then reassigned back to the CEP to put things back as they should be. Description of fix: At start up, the CEP will reassign all of its monitored servers temporarily reassigned to other EPs back to itself. 10. IT32912/MFT-11140/TS003699052 (2020-05-19) Description of issue: Attempting to use read Action and creating Action through REST APIs gets error com.ibm.tenx.ws.WebServiceException: Method not allowed. Description of fix: Those APIs had simply not been enabled, so now they and others that should have been are. 11. IT32996/MFT-11135/TS003646841 (2020-05-28) Description of issue: Dates displayed in Web console Recent transfer activity widget are incorrect for some time zones. Description of fix: When console user's preferred time zones are not whole hour offsets from UTC, they are rounded to the closest time zone that is a whole hour offset from UTC and this caused problems for the logic that displayed dates on the chart, which has now been corrected. 12. IT33033/MFT-11185/TS003699727 (2020-06-11) Description of issue: Process summary service logic repeatedly logging error messages when process ending type events handled that contained no process name. Description of fix: ICC process summarization logic was repeatedly receiving process interrupted events from monitored Connect:Direct servers that contained no process name and a process ID/number of 0, and when it did, it would log an error due to the lack of process name. The logic was updated to not log an error in this situation if the process ID was also zero since zero is an invalid process ID, which means these events could be safely ignored by the summarization logic. Logic also changed to not log an info message that started with "notifyProcessEndedDbOper() found batch = 0 and stmt = null, so no executeBatch() was NOT performed for events". It was only supposed to be a debug message, and is now. 13. IT33048/MFT-11142/TS003700086 (2020-06-02) Description of issue: User-Roles summary report doesn't show correct last logon dates. Description of fix: The last logon date stored in the user profile was only updated by the Swing console logic at logon if it ascertained that the current user was not always logged on. This logic was changed to always update the last logon time regardless of the perceived current logon status. 14. IT33062/MFT-11191/TS003776379 (2020-06-03) Description of issue: Swing console displays SSP servers configured to be monitored via multiple MQ servers as a single MQ server with a comma separated list of hosts and ports. Description of fix: Addressed problems in the swing console related to updating and viewing properties for SSP servers' connection information. 15. IT33399/MFT-10981/MFT-11113 (2020-06-28) Description of issue: Required IBM JRE upgrade to address CVE-2020-2654 (CVSS 4.3) and CVE-2020-2781 (CVSS 5.3)in the Q2 2020 Java CPU. Description of fix: Upgraded from 8.0.6.5 to 8.0.6.10. 16. IT33400/MFT-11012/MFT-11013/MFT-11095 (2020-06-28) Description of issue: Required Websphere/Liberty upgrade to address multiple vulnerabilities: CVE-2019-17573 (CVSS 6.1), CVE-2020-4303/4304 (CVSS 6.1), CVE-2020-4329 (CVSS 3.0) Description of fix: Upgraded Websphere Liberty to 20.0.0.5 (from 20.0.0.2). -------------------------------------------- 6.1.3.0 iFix01 (Released 04/29/2020) 1. IT32628/MFT-10872 (03-12-2020) Description of issue: Required IBM JRE upgrade to address CVE-2019-4732 (CVSS 7.2) in the Q1 2020 Java CPU. Description of fix: Upgraded from 8.0.6.0 to 8.0.6.5. 2. IT32178/MFT-10927/TS003385016 (2020-03-13) Description of issue: Connect:Direct Browser in Control Center gets error: "There is an IO error: Return Code 712" for the following functions: User Functions tab: "Select Process" and "Select Statistics" and Admin Functions tab: "Network Map", "Functional Authority" and "Proxy". These functions write to a temporary file. The path name generated erroneously included a file name instead of a valid directory name after a web server upgrade. Description of fix: Modifed /web/wlp/usr/servers/defaultServer/server.xml by removing the .war suffix in the following cdbrowser application definition: BEFORE: location="${shared.app.dir}/cdbrowser.war" (generates invalid path name: /web/wlp/usr/shared/apps/cdbrowser.war/cdbrowser) AFTER: location="${shared.app.dir}/cdbrowser" (generates valid path name: /web/wlp/usr/shared/apps/cdbrowser/cdbrowser) 3. IT32149/MFT-10976/TS003366915 (2020-03-17) Description of issue: If sess.pnode.max is set to 0 in an Unix remote node entry, the advance panel values can not be updated. Description of fix: Set the proper valid value range for the default class parameter. 4. IT32094/MFT-10961/TS003332342 (2020-03-17) Description of issue: Cognos failed to start due to a weak cipher list in the Cognos configuration file /Cognos/configuration/cogstartup.xml, when attempting to regenerate it's cryptographic keys. Description of fix: Updated /Cognos/configuration/cogstartup_SCC_Template.tmp to include additional strong ciphers in element cognosCryptoCiphersuite. This template is used to create the Cognos configuration file when configCC.sh|bat is executed. 5. IT31899/MFT-10861/TS003289277 (2020-3-17) Description of issue: Customer requested some query changes, and new indices, to improve ICC performance. Description of fix: A new properties file was introduced - sql.properties. (It is modifiable via the Web console.) At the instruction of customer support, SQL may be added to sql.properties to override the SQL ICC uses (for certain queries). Over time the list of queries that may be specified will grow. For now just two queries may be overridden via sql.properties. Both of which are used by the ICC QueuedProcessesClearJob. ICC looks for the sql property values "getQueuedProcessCount" and "getQueuedProcesses" to get the SQL to use to override its existing SQL. Note that updates to sql.properties do NOT require ICC to be restarted for the changes to take effect. 6. IT32086/MFT-10597/TS002749779 (2020-3-17) Description of issue: Loading the first static page in a Cognos workspace and other things with Cognos are slow. Description of fix: Customer felt part of the slowness was due to the speed of the Cognos Java Authentication Provider (JAP) logic, so via a new system property, USE_CACHED_USERS_AND_ROLES_IN_JAP, users will be able to cause the JAP to run faster. The JAP will run faster when USE_CACHED_USERS_AND_ROLES_IN_JAP is set TRUE (it will be FALSE by default) because it will stop requesting the current list of ICC users and roles every time it is invoked and instead only retrieve the list once, at startup. The effect of this change will be that Cognos will not be aware of any modifications to the list of ICC users and roles after ICC starts, unless it is stopped and restarted. To set USE_CACHED_USERS_AND_ROLES_IN_JAP you must edit {ICC Installation folder}/Cognos/wlp/usr/servers/cognosserver/bootstrap.properties and add the following line to it: USE_CACHED_USERS_AND_ROLES_IN_JAP=TRUE 7. IT32085/MFT-10956/TS003437021 (2020-3-17) Description of issue: ICC will not start. While loading rules the error "Invalid value specified for 'tagName.nonResolutionActionId'." occurred. Description of fix: The message "CRUL090E Error while saving merged Rules." was changed to "CRUL090E Error while saving merged Rules during processing of Rule ID: {0}". This will allow ICC to note the name of the name of the problematic rule that caused ICC to not start in the message logged, which will simplify troubleshooting. 8. CCP-15676 (2020-3-23) Description of issue: Security vulnerabilities - BlackDuck Scan - Upgrade Apache Xerces2 J Description of fix: Replaced xercesImpl-2.11.0.jar with xercesImpl-2.12.SP02-redhat-00001.jar. 9. CCP-15903 (2020-3-23) Description of issue: Security vulnerabilities - BlackDuck - Upgrade to Quartz from 2.2.3 to 2.3.2 Description of fix: Replaced quartz-2.2.3.jar with quartz-2.3.2.jar. 10. MFT-10994 (2020-03-24) Description of issue: Required CDBrowser upgrade to address a few security issues (Updated jasper-runtime-5.5.23.jar from jasper-runtime-5.5.15.jar/Clickjacking Issue fixed/Removed struts 1 references from C:D Browser code/ Jasper-runtime upgrade). Description of fix: Upgraded to C:D Browser 1.5.0.2 iFix26 (from iFix22). 11. IT32629/MFT-10873/MFT-10893 (2020-03-31) Description of issue: Required Websphere/Liberty upgrade to address multiple vulnerabilities: CVE-2019-4720, CVE-2019-12406 Description of fix: Upgraded Websphere Liberty to 20.0.0.2 (from 19.0.0.12). 12. IT32379/MFT-10940/TS003404923 (2020-04-03) Description of issue: When a monitored Connect:Direct File Agent uses the loopback address (127.0.0.1) to communicate with its Connect:Direct server, ICC does not accept its traps. Description of fix: For ICC to accept traps from Connect:Direct File Agents, the trap c_submitNode value must match the address and port used by ICC to monitor its Connect:Direct server. A change was made so ICC will also accept the trap if the source address of the trap matches the address of a monitored Connect:Direct server.