============================================ IBM Sterling Connect:Direct File Agent 1.4.0 Fix List Document ============================================ This document describes maintenance updates for IBM Sterling Connect:Direct File Agent 1.4.0. Maintenance updates are cumulative and provided as fix packs or interim fixes (iFixes). Content: - Important Notices - About Fix Packs and iFixes - Instructions for upgrading File Agent - Description of iFixes and Updates ================= Important Notices ================= - File Agent requires Java 7 or later. For most platforms the installer is bundled with an IBM Runtime Environment Java (JRE). - The format of the fix list document was changed with fix pack 1.4.0.1 for better readability. ========================== About Fix Packs and iFixes ========================== Fix packs and interim fixes (iFixes) deliver maintenance and updates to an existing product version of IBM Sterling Connect:Direct File Agent. They are cumulative and include iFixes as well as updates added since the previous fix pack and in any earlier fix pack. You only need to install the latest one available. Fix packs and critical iFixes can be downloaded from the IBM Fix Central website at https://www.ibm.com/support/fixcentral/. Non-critical iFixes are typically provided by IBM Support in response to a customer case to address the reported issue. They can also be requested though IBM Support on demand. ===================================== Instructions for upgrading File Agent ===================================== Windows: 1. Download the fix pack or iFix for Windows from IBM Fix Central. 2. Unzip the downloaded file to a temporary folder. 3. Stop the "IBM Sterling Connect Direct File Agent" service. 4. Uninstall File Agent. 5. Reinstall File Agent using the FAInstall.exe installer from the download. Linux or UNIX: 1. Download the fix pack or iFix for the Linux or UNIX platform from IBM Fix Central. 2. Unzip the downloaded file to a temporary directory. 3. Stop File Agent. 4. Copy configuration files (*.ser) to another location. 5. Remove existing File Agent installation directory. 6. Reinstall File Agent using the FAInstall.bin installer from the download. 7. Copy configuration files back to the installation directory. OS/390 or z/OS: 1. Download the fix pack or iFix for z/OS from IBM Fix Central. 2. Unzip the downloaded file to a temporary directory. 3. File Agent must already be installed as per instructions in the Connect:Direct for z/OS Install Guide. 4. Take the three maintenance jars from the download and overlay the jars in the installation directory. Other or Java: (requires Java 7 or later preinstalled) 1. Download the fix pack or iFix for Java from IBM Fix Central. 2. Unzip the downloaded file to a temporary directory. 3. Stop File Agent. 4. Copy configuration files (*.ser) to another location. 5. Remove existing File Agent installation directory. 6. Reinstall File Agent using the FAInstall.jar installer from the download: java -jar FAInstall.jar 7. Copy configuration files back to the installation directory. ================================= Description of iFixes and Updates ================================= =========================================== iFixes after 1.4.0.0 (General Availability) =========================================== 1.4.0.0_iFix001) QC 18030 date: 2010/12/07 ------------------------------------------- Continue processing files if process name information cannot be retrieved for a process. 1.4.0.0_iFix002) QC 18045 date: 2010/12/08 ------------------------------------------- Reconnect to submit processes, if the C:D node gets re-cycled, and the connection is lost. 1.4.0.0_iFix003) QC 18208 date: 2011/01/07 ------------------------------------------- Added a system property "trace", which when enabled will display Connect:Direct traces. 1.4.0.0_iFix004) QC 18367 date: 2011/01/11 ------------------------------------------- Changed the informational message is locked and cannot be processed to is in delay period and cannot be processed. 1.4.0.0_iFix005) QC 19105 date: 2011/04/22 ------------------------------------------- Allow SNMP listener ports between 0 and 65535. 1.4.0.0_iFix006) QC 19181 date: 2011/05/17 ------------------------------------------- Modified the code to display the warning message about a process not being found. 1.4.0.0_iFix007) QC 20233 date: 2011/10/21 ------------------------------------------- Modified the code that builds the regular expression for a simple match. 1.4.0.0_iFix008) QC 20513 date: 2012/01/26 ------------------------------------------- File name variables inside longer submit process symbol values may result in a symbol value with inadvertent double quotes embedded. 1.4.0.0_iFix009) RTC 324005 / APAR IC83308 date: 2012/05/10 ------------------------------------------------------------ Always add start(^) and end($) anchors when building a simple match. 1.4.0.0_iFix010) RTC 336126 / APAR IC84774 date: 2012/06/21 ------------------------------------------------------------ Disable .console.stdout file in cdfa$.lax on Windows to prevent it from filling up disk space. CDFA.log already has the same information. 1.4.0.0_iFix011) QC 16496 date: 2012/07/04 ------------------------------------------- The system property -Dcasesensitive=true must be added to the cdfa.lax file to honor case sensitivity when using symbolics not supported by File Agent, and when connected to z/OS. 1.4.0.0_iFix012) RTC 338195 / APAR IC85117 date: 2012/07/05 ------------------------------------------------------------ Updated log4j 1.2.16 to fix an java.io.InterruptedIOException when interrupting the Gateserver thread at shutdown on Solaris. 1.4.0.0_iFix013) RTC 341662 / APAR IC85743 date: 2012/08/02 ------------------------------------------------------------ Version information will be displayed in V.R.M.F format. Fixed the version reported to Sterling Control Center. 1.4.0.0_iFix014) RTC 344434 date: 2012/08/21 --------------------------------------------- If ignoreos390volumes is true, strip off all indication of volumes so that archived datasets look just like the restored dataset and are not treated as being new/different. 1.4.0.0_iFix015) RTC 365252 / APAR IC94012 date: 2013/10/08 ------------------------------------------------------------ File Agent should automatically escape special file name characters stored in FA_* variables. Specifically, ()'~& The user has no way to manually escape these because they're only found at runtime, then plugged into the FA_* variables. Added for when PNODE is Windows. Other platforms not changed yet. This feature is "On" by default. To disable, start File Agent with --disableAutoEscape. In addition, File Agent is now certified on Microsoft Windows Server 2012. 1.4.0.0_iFix016) RTC 411224 / APAR IC99436 date: 2014/01/28 ------------------------------------------------------------ IBM Sterling Connect:Direct File Agent is affected by a vulnerability in the IBM Runtime Environment, Java(TM) Technology Edition (CVE-2013-1500). 1.4.0.0_iFix017) RTC 412063 date: 2014/02/14 --------------------------------------------- Change the default install folder name on UNIX back to "FileAgent". 1.4.0.0_iFix018) RTC 368850 / APAR IC99411 date: 2014/02/25 ------------------------------------------------------------ Fixed a java.lang.NoClassDefFoundError exception at startup when SNMP source port range is configured. 1.4.0.0_iFix019) RTC 414185 date: 2014/04/03 --------------------------------------------- Obfuscate API password in configuration report (-r). 1.4.0.0_iFix020) RTC 453743 / APAR IT07059 date: 2015/02/18 ------------------------------------------------------------ Multiple vulnerabilities in IBM Java SDK affects IBM Sterling Connect:Direct File Agent (CVE-2014-3065, CVE-2014-6468). Updated the JRE. 1.4.0.0_iFix021) RTC 459300 / APAR IT07947 date: 2015/03/24 ------------------------------------------------------------ Enhanced File Agent log monitoring and alerting. 1.4.0.0_iFix022) RTC 460416 / APAR IT09238 date: 2015/06/02 ------------------------------------------------------------ Installs on AIX 5.3 and Solaris 9 systems fail due to bundling JRE 7. Sterling Connect:Direct for UNIX 4.1.0 supports those operating systems, so this fix bundles JRE 6 for them. NOTICE: This iFix marks the end of support for AIX 5.3 and Solaris 9. 1.4.0.0_iFix023) RTC 469046 / APAR IT09495 date: 2015/06/17 ------------------------------------------------------------ A vulnerability in IBM Java Runtime affects IBM Sterling Connect:Direct File Agent (CVE-2015-0383). Updated the hybrid JREs on Solaris and HP-UX. 1.4.0.0_iFix024) RTC 461731 / APAR IT10974 date: 2015/08/31 ------------------------------------------------------------ Improved the error message when File Agent is unable to list directories / files in a directory, like when the user does not have read permission, replacing the user-unfriendly "WinDir.scanDir ... filter list of files is null" messages. 1.4.0.0_iFix025) RTC 502610 / APAR IT18290 date: 2016/12/09 ------------------------------------------------------------ Fixed a java.lang.IndexOutOfBoundsException in the ConfigFileWatcher thread sometimes occurring before a configuration refresh. Also rearranged the sequence to first check for shutdown before checking the configuration. Fixed a "Service name:FileAgent not found." exception occasionally occurring during shutdown. Added a new log INFO message to show the number of restarts for configuration refresh: "Services have stopped and will be restarted (#)" 1.4.0.0_iFix026) RTC 535414 / APAR IT20205 date: 2017/04/26 ------------------------------------------------------------ Support for new File Agent variables for 2-digit year, milliseconds and counters: %FA_FDATE2. The date a file was last modified. This value has 6 characters representing year (2-digit), month, and day, for example 170426. %FA_FDATE_YEAR2. The year (2-digit) in which a file was last modified, for example 17. %FA_DATE2. The current date. This value has 6 characters representing year (2-digit), month, and day, for example 170426. %FA_DATE_YEAR2. The current year (2-digit), for example 17. %FA_FTIME_MS. The millisecond a file was last modified, for example, 067. %FA_TIME_MS. The current millisecond, for example 067. %FA_NUM2. A 5-digit number in the range of 00000..99999, for example 00345. The counter always starts with 0 at File Agent startup and is increased by 1 on every process submission. The counter remains its current value through a configuration refresh. %FA_NUM3. A 9-digit number in the range of 000000000..999999999, for example 000006789. The counter always starts with 0 at File Agent startup and is increased by 1 on every process submission. The counter remains its current value through a configuration refresh. 1.4.0.0_iFix027) RTC 535596 date: 2017/04/26 --------------------------------------------- Multiple date/time variables specified in the same rule can resolve to different values in the command after substitution. 1.4.0.0_iFix028) RTC 466327 date: 2018/04/30 --------------------------------------------- Updated installer to support newer Windows and UNIX OS versions. 1.4.0.0_iFix029) RTC 469046 date: 2018/04/30 --------------------------------------------- Upgraded the JRE to IBM Runtime Environment, Java(TM) Technology Edition version 8 on Windows. 1.4.0.0_iFix030) RTC 563325 / APAR IT25476 date: 2018/06/22 ------------------------------------------------------------ Improved first-failing snapshot capturing. Added stack trace to snaps file and generated a more unique filename. 1.4.0.0_iFix031) MFT-9482 / APAR IT25319 date: 2018/08/17 ---------------------------------------------------------- A vulnerability in IBM Java Runtime affects IBM Sterling Connect:Direct File Agent (CVE-2018-2602). Updated or upgraded the IBM Runtime Environment, Java(TM) Technology Edition to JRE 8 for Windows, AIX, Linux and HP-UX Itanium JRE 7 for Solaris SPARC and x86 JRE 6 for HP-UX PA-RISC NOTICE: This is the last release to be published for File Agent 1.4.0 for HP-UX PA_RISC. In the future, releases for this platform will be available on demand only from Customer Support. 1.4.0.0_iFix032) MFT-9881 date: 2018/09/12 ------------------------------------------- Ignore duplicate watchdir entries to prevent files being processed twice. (partial fix; restriction: case-sensitive on Windows) 1.4.0.0_iFix033) MFT-9055 date: 2018/09/13 ------------------------------------------- Add support for connecting to a Connect:Direct server using a Java Connection Utility (JCU) file. A JCU file contains all required connection information, including the server's address and user credentials. To enable the use of a JCU file: (1) Type the value jcu in both the Userid for API and the Password for API fields. (2) Create or update the JCU file by running the following command line from the File Agent directory: java -classpath CDJAI.jar com.sterlingcommerce.cd.sdk.JCU "-fcddef.jcu" Enter Node, Address, Port, UserId, Password and Protocol ("tcpip") for your CD node. Note that the associated fields from the File Agent configuration will be ignore for this connection. 1.4.0.0_iFix034) MFT-9989 / APAR IT26921 date: 2018/11/12 ---------------------------------------------------------- Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling Connect:Direct File Agent (CVE-2018-165, CVE-2018-12539). Updated the IBM Java Runtime to addressed the applicable CVEs. 1.4.0.0_iFix035) MFT-10094 / APAR IT28785 date: 2019/04/12 ----------------------------------------------------------- Installer fails on some UNIX systems with error "Installer User Interface Mode Not Supported". Updated installer, which also adds support for newer Windows and UNIX OS versions. 1.4.0.0_iFix036) MFT-10245 / APAR IT28783 date: 2019/04/12 ----------------------------------------------------------- Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling Connect:Direct File Agent (CVE-2018-1890, CVE-2018-12547). Updated the IBM Java Runtime to addressed the applicable CVEs. 1.4.0.0_iFix037) MFT-10247 date: 2019/04/29 -------------------------------------------- Support for multiple ICC Event Processors. 1.4.0.0_iFix038) MFT-10246 date: 2019/04/30 -------------------------------------------- Support for making the SNMP status trap frequency configurable. 1.4.0.0_iFix039) MFT-10323 date: 2019/04/30 -------------------------------------------- Make specifying the API password optional. When API userid is "jcu", also make specifying API host and port optional, since they will be loaded from the JCU file anyway. 1.4.0.0_iFix040) MFT-10334 date: 2019/05/03 -------------------------------------------- Improve File Agent Field Help readability by increasing the font size and updating some help contents. 1.4.0.0_iFix041) MFT-10015 date: 2019/05/06 -------------------------------------------- Ignore duplicate watchdir entries on Windows to prevent files being processed twice. This completes 1.4.0.0_iFix032 on Windows. 1.4.0.0_iFix042) CDUA-1470 date: 2019/05/20 -------------------------------------------- Support for SUSE Linux Enterprise Server (SLES) on IBM POWER architecture (LE). 1.4.0.0_iFix043) CDWA-748 date: 2019/05/24 ------------------------------------------- Updated IBM Application Interface for Java (AIJ) to allow an empty API password. 1.4.0.0_iFix044) MFT-10378 date: 2019/06/11 -------------------------------------------- When API host DNS name is set to a loopback address, send the host IP address in SNMP traps instead. 1.4.0.0_iFix045) CDWA-748 date: 2019/06/14 ------------------------------------------- Updated IBM Application Interface for Java (AIJ) and added its new cdaij.properties file. Set allow.no.password.local.connection=true (default) to allow File Agent attempting a sign-on when no API password has been configured. Otherwise the AIJ will fail the sign-on attempt directly. 1.4.0.0_iFix046) MFT-10497 / APAR IT30052 date: 2019/08/21 ----------------------------------------------------------- Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling Connect:Direct File Agent on AIX platform (CVE-2019-4473, CVE-2019-11771). Updated the IBM Java Runtime to 8.0.5.40 64-bit on AIX to addressed the applicable CVEs. 1.4.0.0_iFix047) MFT-10591 / APAR IT30400 date: 2019/09/26 ----------------------------------------------------------- Installation on some systems with limited 32 bit library support may fail, reporting "JRE libraries are missing or not compatible." Also, File Agent installed on an EFS file system in an Amazon Web Services EC2 instance will fail to start, reporting "Error: missing 'j9vm' JVM". 1.4.0.0_iFix048) FLAG-75 date: 2019/12/17 ------------------------------------------ Updated logging, i.e. logging of files found is more compact now. 1.4.0.0_iFix049) FLAG-70 date: 2019/12/17 ------------------------------------------ Support for high availability is introduced. When running multiple File Agents from different folders or on different computers, specify a shared work directory (-w) on the command line. The shared work directory allows the File Agents to synchronize work and determine who is active or standby. The shared work directory must exist before starting File Agent and must be available to all instances. 1.4.0.0_iFix050) FLAG-33 date: 2019/12/18 ------------------------------------------ Terminate instead of launching configurator when no viable configuration could be found. 1.4.0.0_iFix051) FLAG-78 date: 2019/12/18 ------------------------------------------ Improved time to shutdown File Agent and to restart after a configuration refresh. 1.4.0.0_iFix052) MFT-10803 date: 2019/12/18 -------------------------------------------- Ignore empty watchdir entries (""). 1.4.0.0_iFix053) MFT-10963 / APAR IT32172 date: 2020/03/11 ---------------------------------------------------------- Installation fails on Windows Server 2019 with an error: "Flexeraaw7$aaa: Windows DLL failed to load". 1.4.0.0_iFix054) MFT-10969 / APAR IT32244 date: 2020/03/19 ----------------------------------------------------------- There is a vulnerability in the IBM Runtime Environment Java Technology Edition, Version 7 and 8 used by IBM Sterling Connect:Direct File Agent on Microsoft Windows. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE (CVE-2019-4732). 1.4.0.0_iFix055) FLAG-83 date: 2020/03/20 ----------------------------------------- Support for Microsoft Windows Server 2019. All iFixes and fix packs listed above are accumulated in fix pack 1 (1.4.0.1). ==================== iFixes after 1.4.0.1 ==================== 1.4.0.1_iFix001) MFT-11437 / APAR IT34532 date: 2020/10/14 ----------------------------------------------------------- When a directory scan detects that a previously existing file is gone, the checkpoint status is correctly updated, but may not be saved to disk. This can lead to an incorrect checkpoint status after a restart. 1.4.0.1_iFix002) MFT-11477 / APAR IT34592 date: 2020/10/19 ----------------------------------------------------------- File Agent can get into an endless loop when a user requests a shutdown during startup or restart. The log will fill up with messages: INFO - System event: "Error finding service drone" 1.4.0.1_iFix003) MFT-11310 / APAR IT34817 date: 2020/11/06 ----------------------------------------------------------- Improved the high availability feature (-d). Added debug logging and removed the temporary debug code that was added after 1.4.0.1. Added a stand-alone application to test file locking: com.sterlingcommerce.cd.cdcommon.RAFile 1.4.0.1_iFix004) MFT-11581 / date: 2020/11/18 --------------------------------------------- cdfa option list fix -typo on --ignoreos390filetype parameter. -Added -h, --help option to display options list -Some obsolete options removed from options list (-z -W -r) -Help jar updated 1.4.0.1_iFix005) MFT-11631 / APAR IT36510 date: 2021/03/11 ----------------------------------------------------------- There is a vulnerability in the IBM Runtime Environment Java Technology Edition, Version 7 and 8 used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE (CVE-2020-14782) on AIX, Linux, Solaris and Windows. 1.4.0.1_iFix006) MFT-11829 / APAR IT36189 date: 2021/03/11 ----------------------------------------------------------- There is a vulnerability in the IBM Runtime Environment Java Technology Edition, Version 7 and 8 used by IBM Sterling Connect:Direct File Agent on AIX and Linux. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE (CVE-2020-27221). 1.4.0.1_iFix007) FLAG-110 date: 2021/03/25 ------------------------------------------- Support for S3 object store on Linux, performance improvements and new File Agent variables: %FA_WATCHED_FILE_FOUND. On S3 Object Stores, the value is the object name detected before any scheme substitution occurred. On other file systems, the value is the same as %FA_FILE_FOUND. %FA_FSTYPE. The file or object File System type. Windows, Unix, OS390, AWSS3. %FA_SCHEME. On S3 Object Stores only. This is the object scheme when Connect Direct File Agent discovered the object. %FA_OUTSCHEME. On S3 Object Stores only. This is the object scheme if a scheme substitution occurred. Without substitution, value is the same as %FA_SCHEME. All iFixes and fix packs listed above are accumulated in fix pack 2 (1.4.0.2). ==================== iFixes after 1.4.0.2 ==================== 1.4.0.2_iFix001) MFT-12031 / APAR IT36551 date: 2021/04/08 ----------------------------------------------------------- Checkpoint conversion fails on Unix when moving to 1.4.0.2. 1.4.0.2_iFix002) FLAG-133 date: 2021/04/16 ------------------------------------------- On Windows, File Agent does non case sensitive match on S3 objects. 1.4.0.2_iFix003) MFT-12085 / APAR IT37065 date: 2021/05/11 ----------------------------------------------------------- On Linux and AIX, Files can be processed twice after upgrade to 1.4.0.2. Occurs only once. 1.4.0.2_iFix004) MFT-12151 / APAR IT37066 date: 2021/05/14 ----------------------------------------------------------- File Agent can't process files without write permission on other: WARN - File ignored during this scan (In use) 1.4.0.2_iFix005) MFT-12283 date: 2021/06/22 (disabled) ------------------------------------------------------- When a scan finds that a previously processed file has changed but is being ignored (in delay), it incorrectly removes the file from the checkpoint. Nevertheless the file is correctly processed during the next scan. 1.4.0.2_iFix006) MFT-12258 date: 2021/06/23 -------------------------------------------- Removed stale CDFAConfigGuide.pdf from the installation. The latest documentation is available online (also as PDF download): https://www.ibm.com/docs/en/connect-direct/6.1.0?topic=agent-sterling-connectdirect-file-overview Also removed the obsolete cdfa.bat file on Windows. 1.4.0.2_iFix007) MFT-11786 / APAR IT37647 date: 2021/07/15 ----------------------------------------------------------- Updated the installer to fix an unquoted Windows Service binpath created by InstallAnywhere when installing on a file system that has the 8dot3name setting disable. 1.4.0.2_iFix008) MFT-12242 / APAR IT37680 date: 2021/07/19 ----------------------------------------------------------- There are vulnerabilities in Apache Commons (CVE-2020-1953) and in FasterXML jackson-databind (CVE-2018-7489) used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the CVEs. 1.4.0.2_iFix009) FLAG-192 date: 2021/07/20 ------------------------------------------- The Java Connection Utility (JCU) no longer requires the user to enter a password. An empty password is required when setting up certificate-based user authentication in File Agent. 1.4.0.2_iFix010) MFT-12377 / APAR IT37822 date: 2021/07/29 ----------------------------------------------------------- Disabled verbose logging by default again and fixed its log level in log4j2.properties. Issue was introduced in 1.4.0.2_iFix005. 1.4.0.2_iFix011) MFT-11631 / APAR IT36510 date: 2021/08/09 ----------------------------------------------------------- There is a vulnerability in the IBM Runtime Environment Java Technology Edition, Version 7 and 8 used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE (CVE-2020-14782) on HP-UX. 1.4.0.2_iFix012) FLAG-254 / date: 2021/09/21 ----------------------------------------------------------- The logging configuration update watch interval no longer works with log4j2. A property must be set in the configuration file to enable configuration change watch. monitorInterval=nn (nn in seconds) is the property to set in log4j2.properties file. 1.4.0.2_iFix013) MFT-12771 / APAR IT39415 date 2021/12/12 ----------------------------------------------------------- There is a vulnerability in Apache Log4j used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE (CVE-2021-44228) and updated Log4j to version 2.15.0. 1.4.0.2_iFix014) MFT-12788 / APAR IT39413 date 2021/12/15 --------------------------------------------------------- There is a vulnerability in Apache Log4j used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE (CVE-2021-45046) and updated Log4j to version 2.16.0. 1.4.0.2_iFix015) MFT-12792 / APAR IT39431 date 2021/12/16 --------------------------------------------------------- Logon failed for a local connection without password, because allow.local.connection=true was not set in cdjai.properties. 1.4.0.2_iFix016) MFT-12800 / APAR IT39465 date 2021/12/17 --------------------------------------------------------- Updated classpath settings in lax files on Windows. 1.4.0.2_iFix017) MFT-12805 / APAR IT39463 date 2021/12/20 --------------------------------------------------------- There is a vulnerability in Apache Log4j used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE (CVE-2021-45105) and updated Log4j to version 2.17.0.