Please Read: Before starting the Control Center upgrade/uninstall process, you must backup the entire "conf" directory found under Control Center install location. Please follow the steps below before upgrading: The following instructions apply to maintenance upgrades. 1. Stop Control Center engine If you are upgrading FROM a pre-6.1.3.0 iFix07 release TO 6.1.3.0 iFix07 or later (i.e. upgrading FROM 5.4.2.2 through 6.1.3.0 iFix06 TO 6.1.3.0 iFix07 or later), the initial upgrade to 6.1.3.0 iFix07 or later cannot be a rolling upgrade. You must bring down all EPs and upgrade each EP to 6.1.3.0 iFix07 or later before starting any of the EPs again. All EPs must be in sync for the initial upgrade to 6.1.3.0 iFix07 or later, before being started. After the initial upgrade to 6.1.3.0 iFix07 or later, you may resume with rolling upgrades (eg. 6.1.3.0 iFix07 to 6.1.3.0 iFix08), where one EP is brought down at a time, upgraded, then restarted. 2. Back up the existing configuration data: If upgrading from 5.4.2.2 or prior, back up \conf directory found under Control Center install location. Backup your Control Center database. If upgrading from 6.0.0.0 or later, run exportConfig.sh/bat under \bin. The script creates a folder with all of the configuration data from the database and the conf folder. The location of this folder is conf-exported/{date_time}/conf. As per your need, for recovery purpopse, backup your existing Control Center database. 3. Proceed normally with installing the latest version of Control Center in original . (The installer would automatically un-install the previous version - but all of the configuration data will still be there). 4. On Unix, Linux platforms, run configCC.sh -------------------------------------------- 6.1.3.0 iFix16 (Released 2023-03-14) 1. IT43096/TS011971789/MFT-14039 (2023-02-10) Description of issue: configCC fails when attempting to upgrade to newer MSSQL JDBC driver(s). Please add support for all MSSQL 9.2, 9.4, 10.2, 11.2 and 12.2 JDBC drivers. Description of fix: Added support for all current MSSQL JDBC drivers. NOTE: The very first time when upgrading an existing Control Center installation to use mssql-jdbc-10.2.0.jre8.jar or above, you must specify yes to configCC question to re-enter the database information (both for Production and Cognos database prompts). This causes the connection url in /conf/system/services/JDBCService.xml --and-- /web/wlp/usr/servers/defaultServer/dataSource.xml --and-- /Cognos/configuration/cogstartup.xml to be updated with an additional required parameter in the connection URL string (trustServerCertificate=true). 2. MFT-14126 (2023-03-05) Description of issue: Required Apache commons-fileupload upgrade to address CVE-2023-24998 - CVSS 7.5 - Potential Denial Of Service. Description of fix: Upgraded to commons-fileupload-1.5.jar (from commons-fileupload-1.3.3.jar). -------------------------------------------- 6.1.3.0 iFix15 (Released 2023-01-27) 1. CC-11380/MFT-13900 (2022-12-09) Description of issue: Required IBM JRE upgrade to address CVE-2022-21626 - CVSS 5.3 - Potential Denial Of Service. Description of fix: Upgraded from 8.0.7.15 to 8.0.7.20. 2. MFT-13901 (2022-12-09) Description of issue: Required IBM JRE upgrade to address CVE-2022-3676 - CVSS 6.5 - IBM Java OpenJ9 could allow a remote attacker to bypass security restrictions Description of fix: Upgraded from 8.0.7.15 to 8.0.7.20. 3. IT42923/TS011700085/MFT-13991 (2023-01-18) Description of issue: After upgrading to 6.1.3.0 iFix12+, customer noticed additional ephemeral port(s) being used by Cognos. Beginning with iFix12, Cognos was upgraded in Control Center from 11.0.13 to 11.1.7. A new Cognos service was introduced with 11.1, known as "computeService" aka "flint service". By default this service uses an ephemeral port in range of 0-65535. This can result in the system randomly selecting a well known port number in the lower ranges. Description of fix: Made changes to ensure listening port used for this service will be the Cognos base port + 17 (example: Cognos base port 58085 + 17 = 58102). Note 1: Cognos ports: base port + 1-16 have always been used (hence adding the new port as +17). Note 2: You must run configCC and re-configure the Cognos parameters for the +17 port assignment to take effect (i.e. Do you want to give different Cognos parameters(Y/N)?y Are you sure about your selection? (Y/N)y). -------------------------------------------- 6.1.3.0 iFix14 (Released 11/23/2022) 1. MFT-13477 (2022-07-20) Description of issue: Reports whose criteria specified TODAY and/or TOMORROW for criteria for data to be included used an incorrect starting date if the UTC date differed from the local date. Description of fix: Corrected the logic used to compute the starting date whenever TODAY or TOMORROW was specified for date criteria. 2. IT41668/MFT-13542 (2022-08-01) Description of issue: Need to remove an obsolete jar, which was flagged with CVE-2022-32532. The jar is no longer shipped with/used by Cognos, but the Control Center installer has an action to install it. So, to be clear, this jar was flagged as a false positive, since the jar is no longer loaded/executed beginning with 6.1.3.0 iFix12 / Cognos 11.1.7. Description of fix: Removed obsolete jar from installation: /Cognos/webapps/p2pd/WEB_INF/lib/shiro-core-1.3.2.jar. 3. IT41665/TS009920296/MFT-13484 (2022-08-02) Description of issue: File Agent SNMP listen address displayed by web console does not reflect correct address listening Description of fix: The display only issue was rectified. The message logged when the CEP updates the SNMP listen address was corrected, and an audit event is no longer generated when the change is initiated by the system. 4. IT41664/TS010151751/MFT-13550 (2022-08-02) Description of issue: Monthly File Transfer report would not allow an end year to be specified beyond 2022 Description of fix: Selectable years changed to start at 2015 and go through 2030. 5. IT41663/TS009667981/MFT-13460 (2022-08-04) Description of issue: When multiple SEAS authenticated users attempt to log on, or use RESTful APIs, simultaneously erroneous authentication errors are logged and may cause the Control Center event processors to have to be restarted for authentication to work again. Description of fix: Made the logic that requests authentication from the SEAS server be thread-safe. 6. LS-153 (2022-08-17) Description of issue: NodeServiceLogger, used to obtain additional detailed logging from the NodeConfigService, and more, was not in EngineLogger.xml. Description of fix: Added NodeServiceLogger entry to EngineLogger.xml with log level set to INFO. 7. MFT-13613 (2022-08-23) Description of issue; Query used by ClearProcessQueueJob task, which is responsible for cleaning completed jobs from the queued process list, resulted in full table scan being done. Description of fix: Query changed to not use inequality to limit types of nodes events were retrieved for. 8. LS-156 (2022-09-08) Description of issue: Trying to add a filter to the Events screen is giving and ERROR A system error has occurred. Please contact your system administrator. Following is top of resulting stack trace error found in //web/wlp/usr/servers/defaultServer/logs/application.log: [8/4/22 14:28:12:835 UTC] 00002fae id=00000000 SystemOut O [ERROR] 2022-08-04 14:28:12.834 [LargeThreadPool-thread-478] com.ibm.tenx.ui.page.Page {} - java.lang.NumberFormatException: For input string: "Xml" java.lang.NumberFormatException: For input string: "Xml" at java.lang.NumberFormatException.forInputString(NumberFormatException.java:76) ~[?:2.9 (01-04-2022)] at java.lang.Integer.parseInt(Integer.java:592) ~[?:2.9 (01-04-2022)] Description of fix: Corrected filter logic to check for string numeric value. 9. IT42131/TS010557381/MFT-13680 (2022-09-22) Description of issue: Exception trying to delete FILE_COUNTS data Description of fix: Logic wasn't passing date in appropriate format for SQL used to do purging for all database types supported by Control Center and that has been rectified now. 10. IT4258/MFT-13692 (2022-09-25) Description of issue: Required IBM JRE upgrade to address CVE-2021-2163 - CVSS 5.3 - When JAR files signed with SHA-1 are disallowed (now the default behaviour), they may not be rejected in some circumstances. The fix ensures that JAR files signed with SHA-1 are always rejected when SHA-1 is disabled via the jdk.security.legacyAlgorithms security property. Description of fix: Upgraded from 8.0.7.11 to 8.0.7.15. Security Bulletin: https://www.ibm.com/support/pages/node/6841057 11. MFT-13476 (2022-10-5) Description of issue: A Connect:Direct copy terminiation statistic with a non-printable character resulted in an EventMonitor error "Exception occurred converting XMLString to notification", which causes the event to not be passed to the SLC service for evaluation. Description of fix: The CERT value in Connect:Direct statistics is now passed to the "stripNonValidXMLCharacters" method before being included in events that are constructed from them. 12. IT42559/MFT-13789 (2022-10-05) Description of issue: Required Cognos upgrade to apply latest security fixes. Description of fix: Upgraded to latest Cognos fix package 11.1.7.6 (from 11.1.7.5). IBM Cognos Analytics Security Bulletin: https://www.ibm.com/support/pages/node/6828527 IBM Sterling Control Center Security Bulletin: https://www.ibm.com/support/pages/node/6841269 13. IT42476/MFT-13835/TS011125500/TS011229472 (2022-11-14) Description of issue: Unable to open SCC GUI Console after PC Java upgrade to 8_351. A couple of obsolete webstart jars had been erroneously signed with both SHA1 and SHA256, causing the error in newer java upgrade. Description of fix: Removed the jars from the installer. 14. IT42560/MFT-13693 (2022-11-17) Description of issue: Requirement to address the following vulnerability in Websphere/Liberty: CVE-2022-34165 - CVSS 5.4. Description of fix: Upgraded Websphere Liberty to 22.0.0.12 (from 21.0.0.10). IBM Websphere Security Bulletin: https://www.ibm.com/support/pages/node/6618747 IBM Sterling Control Center Security Bulletin: https://www.ibm.com/support/pages/node/6841273 15. IT42561/MFT-13748 (2022-11-17) Description of issue: Requirement to address the following vulnerability in Websphere/Liberty: CVE-2022-24839 - CVSS 7.5. Description of fix: Upgraded Websphere Liberty to 22.0.0.12 (from 21.0.0.10). IBM Websphere Security Bulletin: https://www.ibm.com/support/pages/node/6824871 IBM Sterling Control Center Security Bulletin: https://www.ibm.com/support/pages/node/6841271 -------------------------------------------- 6.1.3.0 iFix13 (Released 07/19/2022) 1. MFT-13085 (2022-03-18) Description of issue: Correct AIX/Linux install prompt typo for CC_Cognos_yymmddhhmm_[platform].zip (should be SCC_Cognos_...). Description of fix: Corrected typo in the installer. 2. IT38521/TS006717865/MFT-13106 (2022-03-28) Description of issue: Lack of full TLSv1.3 support for Connect:Direct node configuration in Control Center classic console in the following two scenarios: -right click on Connect Direct node -> Configure Server -> Secure+ -> Secure+ Nodes -> double click on Secure+ entry: (list does not contain TLS1.3 ciphers supported by the server) -right click on Connect Direct node -> Configure Server -> Secure+ -> Secure+ Cipher Suites -> column "Name": (list does not contain TLS1.3 ciphers supported by the server) Description of fix: Corrected logic to request the TLSv1.3 ciphers supported by the server. 3. IT40478/TS008771692/MFT-13087 (2022-04-04) Description of issue: Unable to update a CD netmap entry when verifying that CD and CC objects match. Description of fix: Corrected logic to properly compare objects. 4. IT40239/MFT-12895/TS008176538 (2022-04-04) Description of issue: Upgraded, but still see this older Log4j jar: saas-log-log4j-1.2.0.jar. Description of fix: Updated jars. 5. MFT-13155 (2022-04-06) Description of issue: Engine log fills with warning messages when older OSA monitored servers like SSP or SEAS send a JSON packet with that specifies the heartbeat interval in a string rather than a number. Description of fix: Changed logging level from WARN to DEBUG. 6. MFT-13059 (2022-04-21) Description of issue: Times shown in web consoles for users whose preferred timezone is a custom time zone are incorrect and other similar issues are occurring. Description of fix: Corrected logic. There may still be other time display problems, but many were corrected by the updates associated with this defect. 7. IT40570/MFT-13228/TS008241596 (2022-04-25) Description of issue: Control Center does not obtain 100% of statistics generated by monitored CD i5. This may manifest itself as processes in the Web console's Queued Process View that never complete. This was caused by Control Center not necessarily getting data with the same time stamp in the same order back from CD i5 when its requested. Description of fix: Logic added to Control Center to see if CD i5 CDSTATFILE has SEQUENCE column or not, and when it does, logic used to query for data updated to use it. To avoid this problem, customer must monitor CD i5 with a fix also. When Control Center detects a monitored CD i5 server that does not have the appropriate fix, a WARNING message will be logged with the following text: "CDSTATFILE does not have column SEQUENCE. Without the fix found in 3.8.03 PTF2204C collection of statistics may be problematic. Statistics may be missed." Another change was also made to avoid inappropriate duplicate server errors being issued for CD i5 servers with the same host name/IP address. 8. IT40573/MFT-13181/TS008931219 (2022-04-28) Description of issue: Not seeing file sizes for some SFG transfers. Description of fix: The configuration files fgEventCodes and FgMessages.properties needed to be updated to incorporate additional FG event codes that they were missing, including FG_0428, FG_0429, FG_0430, FG_0431, FG_0432, FG_0459, FG_0460, FG_0461 and FG_0710. If you are upgrading, as opposed to doing a new install, you will need to manually update your existing fgEventCodes "file" via the Web Console's ability to update properties, and insert the following new fgEventCode elements in it: FG_0428 9 FG_0429 1 FG_0430 2 FG_0431 2 TRUE FG_0432 9 FG_0461 4 TRUE TRUE FG_0710 9 ConsumerFilename ConsumerFileSize 9. IT40869/MFT-13277 (2022-05-09) Description of issue: Only processes that ended are affected by the purging of summary data. Description of fix: Logic was added to purge summarized processes that started, but do not have an ended value set. To disable this new purging behavior you may specify the engine property SUMMARY_TABLES_PURGE_PROCESSES_NOT_COMPLETED with a value of FALSE. 10. IT40870/MFT-13275/TS008820835 (2022-05-09) Description of issue: When the Swing console is connected to the non-CEP the display of queued node configuration jobs is not right. Description of fix: Logic was fixed to go to the database to obtain the current list of queued configuration jobs, regardless of the user's role, instead of using an internal cache of jobs when the role was found to be unrestricted. 11. IT40871/MFT-13070/TS008241404 (2022-05-09) Description of issue: The queued process view wouldn't show more than 250 queued processes for a server even after setting the XML element value for 'maxProcessQueueEventSize' in CCEngineService.xml. (It's default is 250.) And doing so caused Control Center to crash due to JDBC errors. Description of fix: Logic was fixed to address the problems caused by increasing 'maxProcessQueueEventSize' in CCEngineService.xml to values greater than the default of 255. 12. IT41103/TS009099520/MFT-13340 (2022-06-02) Description of issue: CD config mgmt has issues with Secure+ on CDU/CDW/CDZ 6.0 servers. When the user issues a refresh of the SecurePlus Ciphers, the following command is always included: select s+ciphersuites protocol=TLS1.3. If the CD server is at a level less than 6.1.0.0 (where TLSv1.3 support started), the request fails with the following error in the NodeConfigService logs: "Command failed. Command: select s+ciphersuites protocol=TLS1.3 , Error: Node detected error. SPCL114E Invalid key word 'Protocol' value specified. CCOD=8 FDBK=-1 SBST= LCCC058I" Description of fix: Added logic to only send the request if the C:D server is 6.1.0.0 or later. 13. IT41176/TS008869901/MFT-13385 (2022-06-09) Description of issue: When browser configured for language other than English it caused the display of event element times for alerts, and more, to be displayed erroneously. Description of fix: Updated logic to key on the event element name, instead of the label used, to know when to format date time values. 14. MFT-13513 (2022-06-29) Description of issue: Required Cognos upgrade to apply latest security fixes. Description of fix: Upgraded to latest Cognos fix package 11.1.7.5 (from 11.1.7.4 IF8). IBM Cognos Analytics Security Bulletin: https://www.ibm.com/support/pages/node/6597241?myns=swgother&mynp=OCSSTSF6&mync=E&cm_sp=swgother-_-OCSSTSF6-_-E IBM Sterling Control Center Security Bulletin: https://www.ibm.com/support/pages/node/6606983 15. MFT-13478 (2022-07-15) Description of issue: While monitoring CD i5 server errors occur causing "java.sql.SQLException: [SQL7049] An internal object limit has been exceeded." errors to be output to the engine/event processor log file. Description of fix: Updated logic that ascertains whether or not the CD i5 stat file has a SEQUENCE column to close its result set and for the logic that invoked it to only do so once at signon time instead of prior to each request for statistics. -------------------------------------------- 6.1.3.0 iFix12 (Released 03/18/2022) 1. LS-128 (2022-02-03) Description of issue: runDalaCollector.sh|exe results in Out Of Memory when running in a large environment (i.e. thousand of monitored servers). Description of fix: Increased heap size from 1GB to 2GB. 2. IT39933/MFT-12899/TS008052462 (2022-02-11) Description of issue: Cognos cannot be contacted if the lock is held by an EP that is no longer in the CC_SERVER table. Description of fix: Reset the lock if the EP no longer exists. 3. MFT-12900 (2022-02-22) Description of issue: Changes to configCC to better warn users about potential performance implicatons if configuring MSSQL globalization. Description of fix: Updated configCC MSSQL globalization prompt as follows: Globalization is only needed if data to be stored contains multi-byte characters, which are common in character sets such as Kanji. Database I/O performance may drop multiple orders of magnitude if globalization support is selected, so it is NOT recommended you do so with MSSQL. If you select Y (yes), then your database size can also increase significantly. Do you want your database to support globalization? (Y/N) [N] 4. IT40042/MFT-12997/TS008515135 (2022-02-23) Description of issue: When creating/updating a rule with the Web console, the validation logic for the file size parameter did not allow a value larger than 2,147,483,647 to be specified even though the java console allowed a value up to 9,223,372,036,854,775,807 to be specified. Description of fix: Validation logic for the Web console for file size, and other numeric type criteria, changed to allow the larger values to be specified just like the java console does. 5. IT40060/MFT-12995/TS008472243 (2022-02-23) Description of issue: Can not use OpenJDK 1.8.0_312-2-redhat on IBM control Center when attempting a secure connection from the classic console. The following error message displayed when trying to configure the keystore/truststore in the Control Center java console: "ControlCenterMessages: Unknown JVM vendor ..Red Hat, Inc". Decription of fix: Modified the client side code to allow "Red Hat" as a valid java vendor. 6. IT40082/MFT-13008/TS008241596 (2022-02-28) Description of issue: Control Center does not collect all stats from CD i5 servers consistently. Results in processes staying in the queued view and missing data in the completed process and file transfer views. Description of fix: Logic used to identify the Statistic file members that data should be retrieved from was fixed. 7. MFT-12993 (2022-02-28) Description of issue: Connect:Direct UNIX systems with netmaps that have node names with unprintable characters or no names at all cause problems in the configuration object versions created from them. Description of fix: Control Center will now ignore netmap nodes that have no names and log error messages when they, and names with unprintable characters, are encountered. 8. IT40123/MFT-12903/TS008181508/TS008022029/TS008167152 (2022-03-02) Description of issue: After upgrading to 6130 iFix10, old log4j*2 jar names appear in Websphere persistent osgi cache in /web/wlp/usr/servers/defaultServer/workarea/org.eclipse.osgi/ Description of fix: Modified web server startup script /web/wlp/bin/serverStart.sh to ensure the cache is cleared during each start (i.e. added --clean option). 9. IT40135/MFT-12992/TS008414433 (2022-03-03) Description of issue: Control Center's database ran out of space but it did not shutdown or generate the CJDB026E event. Description of fix: Issue boiled down to the fact that when the CJDB026E needed to be generated, because the database was unable to be updated, a new, unique event ID could not be obtained. The logic for generating the CJDB026E event was changed to not require the database anymore and the system will now shutdown as it should. 10. MFT-13071 (2022-03-11) Description of issue: configCC.bat|sh fails after upgrading to IBM JRE 8.0.7.5 during keystore/truststore configuraton due to invalid policy jar files. Description of fix: Updated Control Center with the latest security policy jar files provided in JRE 8.0.7.5. 11. MFT-12413 (2022-03-11) Description of issue: Required upgrade to Cognos 11.1.7 Long Term Support release to apply fixes no longer made in 11.0.13 and for compatibility with newer JRE 8 releases. Description of fix: Upgraded to latest Cognos fix package 11.1.7 IF8 (from 11.0.13). This includes the latest Cognos log4j security fixes: IBM Cognos Analytics 11.1.7 Interim Fix 8: https://www.ibm.com/support/pages/ibm-cognos-analytics-1117-interim-fix-8?msclkid=f746f657a55c11ec895f22d991f7c37c Security Bulletin (CVE-2021-44228): https://www.ibm.com/support/pages/node/6526474 Security Bulletin (CVE-2021-45046): https://www.ibm.com/support/pages/node/6528388 Security Bulletin (CVE-2021-45105, CVE-2021-44832): https://www.ibm.com/support/pages/node/6538720 ------------------------------------------------------------------------------------------------------------------ NOTE: MSSQL JDBC driver 7.4.1 causes workspaces to fail (i.e. mssql-jdbc-7.4.1.jre8.jar). Use JDBC driver 7.2.2 (i.e. mssql-jdbc-7.2.2.jre8.jar). If you have been using the MSSQL 7.4.1 driver, but not been accessing the workspaces, you would not notice any problems. To resolve this workspace issue, use the 7.2.2 driver (i.e. mssql-jdbc-7.2.2.jre8.jar). Reference: https://www.ibm.com/support/pages/microsoft-sql-server-jdbc-driver-741-fails-return-column-metadata-when-table-name-includes-underscore-character 12. IT40302/MFT-11643 (2022-03-11) Description of issue: Required IBM JRE upgrade to address CVE-2020-14782 - CVSS 3.7 - A flaw in the CertPath implementation allows certificate fingerprint checks to be bypassed under certain circumstances. Description of fix: Upgraded from 8.0.6.15 to 8.0.7.5. Security Bulletin: https://www.ibm.com/support/pages/node/6564767 13. IT40303/MFT-11775 (2022-03-11) Description of issue: Required IBM JRE upgrade to address CVE-2020-14781 - CVSS 3.7 - An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. Description of fix: Upgraded from 8.0.6.15 to 8.0.7.5. Security Bulletin: https://www.ibm.com/support/pages/node/6564761 14. IT40309/MFT-11823 (2022-03-11) Description of issue: Required IBM JRE upgrade to address CVE-2020-27221 - CVSS 9.8 - A buffer overflow flaw has been found in a widely used function in the OpenJ9 JVM, which is employed when writing characters to a file. Description of fix: Upgraded from 8.0.6.15 to 8.0.7.5. Security Bulletin: https://www.ibm.com/support/pages/node/6564757 15. IT40304/MFT-11824 (2022-03-11) Description of issue: Required IBM JRE upgrade to address CVE-2020-2773 - CVSS 3.7 - An unauthenticated attacker could cause a denial of service. Description of fix: Upgraded from 8.0.6.15 to 8.0.7.5. Security Bulletin: https://www.ibm.com/support/pages/node/6564759 16. IT40305/MFT-12281 (2022-03-11) Description of issue: Required IBM JRE upgrade to address CVE-2021-2161 - CVSS 5.9 - A flaw in the java.lang.ProcessBuilder API on the Windows platform could allow attacker to run unexpected commands, Description of fix: Upgraded from 8.0.6.15 to 8.0.7.5. Security Bulletin: https://www.ibm.com/support/pages/node/6564749 17. IT40310/MFT-12410 (2022-03-11) Description of issue: Required IBM JRE upgrade to address CVE-2021-2369 - CVSS 4.3 - A flaw in the JAR validation implementation may, under certain limited circumstances, lead to a failure to detect modified signed JAR files. Description of fix: Upgraded from 8.0.6.15 to 8.0.7.5. Security Bulletin: https://www.ibm.com/support/pages/node/6564747 18. IT40306/MFT-12739 (2022-03-11) Description of issue: Required IBM JRE upgrade to address CVE-2021-35578 - CVSS 5.3 - A maliciously crafted TLS 1.3 ClientHello packet can trigger a NullPointerException and an SSLException instead ofbeing rejected gracefully. Description of fix: Upgraded from 8.0.6.15 to 8.0.7.5. Security Bulletin: https://www.ibm.com/support/pages/node/6564751 19. IT40307/MFT-13012 (2022-03-11) Description of issue: Required IBM JRE upgrade to address CVE-2021-35550 - CVSS 5.9 - A flaw in the JSSE component causes cipher suites to be offered in the wrong order with some weaker cipher suites ahead of stronger suites. Description of fix: Upgraded from 8.0.6.15 to 8.0.7.5. Security Bulletin: https://www.ibm.com/support/pages/node/6564763 20. IT40308/MFT-13013 (2022-03-11) Description of issue: Required IBM JRE upgrade to address CVE-2021-35603 - CVSS 3.7 - Some operations in the JSSE component are implemented in a way that could be exploited by anattacker in a side-channel attack due to timing differences. Description of fix: Upgraded from 8.0.6.15 to 8.0.7.5. Security Bulletin: https://www.ibm.com/support/pages/node/6564753 -------------------------------------------- 6.1.3.0 iFix11 (Released 01/21/2022) 1. IT39706/MFT-12831 (2021-01-18) Description of issue: Apache Log4j2 Remote attack vulnerability CVE-2021-44832 - CVSS 6.6. Description of fix: Upgraded to Log4j 2.17.1 (from 2.17.0). NOTE: After the fix is applied, you need to additionally perform the steps at the following link, in order to mitigate the vulnerability in the Cognos component in Control Center: https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=Cognos&product=ibm/Information+Management/Cognos+Analytics&release=All&platform=All&function=fixId&fixids=11.x-BA-CA-MP-log4jFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http -------------------------------------------- 6.1.3.0 iFix10 (Released 12/22/2021) 1. IT39491/MFT-12809 (2021-12-21) Description of issue: Apache Log4j2 Denial-of-service vulnerability CVE-2021-45105 - CVSS 7.5. Description of fix: Upgraded to Log4j 2.17.0 (from 2.16.0). -------------------------------------------- 6.1.3.0 iFix09 (Released 12/17/2021) 1. IT39455/MFT-12765 (2021-12-16) Description of issue: Apache Log4j2 Denial-of-service vulnerability CVE-2021-45046 - CVSS 3.7. Description of fix: Upgraded to Log4j 2.16.0 (from 2.15.0). -------------------------------------------- 6.1.3.0 iFix08 (Released 12/14/2021) 1. MFT-12552 (2021-11-01) Description of issue: When you see a server with an alert badge on its icon in the Swing console and right click it to view its active alerts you can see nothing. Description of fix: The problem occurs for alerts based on SLC events from standard SLCs because while they have the server name in the event, they did not have the node type set. The fix was to change the query to only specify the server name but not the server type. 2. IT38918/MFT-12641/TS007291848 (2021-11-01) Description of isssue: Don't see expected SLC alerts associated with a specific server. Description of fix: Did not occur SLC alerts did not appear to be associated with servers whose name was in the alert. This is caused by the fact the queries included the node type, in addition to the name of the server, while the "did not occur" alerts themselves only had the name of the server. The web console query logic was changed to ignore server type when it also queried for specific server(s). 3. MFT-11458 (2021-11-19) Description of issue: GUI Console locks up with blank error window when initiating Secure+ node configuration Description of fix: The problem occurs when initiating a refresh for objects- typically initiated by the system when no version of data exists, and an error occurs. Note this can happen with any supported configuration object type. A change to the console was made to fix the error handling logic. 4. IT39385/TS007790083/MFT-12765 (2021-12-13) Description of issue: Apache Log4j2 Zero-Day/Log4Shell vulnerability CVE-2021-44228 CVSS 10.0. Description of fix: Upgraded to Log4j 2.15.0 (from 2.10.0). -------------------------------------------- 6.1.3.0 iFix07 (Released 10/13/2021) 1. IT36651/MFT-12027/TS005305922 (2021/04/22) Description of issue: Excessive database cursor usage resulted in reoccuring "ORA-01000: maximum open cursors exceeded" errors and/or seeing high database cursor usage by ICC. Description of fix: Reduced cursor usage by changing more logic to stop caching queries that would never be used again. 2. LS-55 (2021/04/29) Description of issue: INFO messages that are filling up Engine logs: "Adding stat with Unknown Process name ......". Description of fix: Changed this message from INFO to DEBUG as to not fill the logs. 3. LS-78 (2021-05-17) Description of issue: SEAS user logon fails via the classic console when the username is mixedcase/uppercase. The code in the engine erroneously passed the lowercase username value to SEAS, causing SEAS to reject the logon. Description of fix: Corrected the logic to preserve the casing of the username when passing the value to the SEAS API. 4. MFT-12185 (2021-05-24) Description of issue: Unable to launch classic console in 6130 resulting in a NullPointerException, after previously having configured a secure https connection and signing onto a 6200 instance. Description of fix: Added guard code to prevent the exception and allow successful logon. 5. IT37092/MFT-12153/TS005649292 (2021/06/02) Description of issue: Regardless of the number of summary days of data retained the web console dashboard widgets attempt to show a month of historic data. Description of fix: The dashboard content logic was changed to show a minimum of either 31 days of data, or the number of summary days of data retained (plus one day for the current day) 6. MFT-12213 (2021/06/02) Description of issue: After upgrade from 6.1.3 iFix06, config.sh displayed database tables out of sync message Description of fix: configCC process has been changed to run the schema changes scripts first and then validate the database tables to avoid the out of sync message. 7. IT36923/MFT-11868/TS004984094 (2021-06-04) Description of issue: The "Export All to CSV" function failed from the Completed File Transfers screen in the web UI. The original query to view the file transfer activity displayed relatively quickly on the screen with many entries. The error occured when attempting to Export all the returned/displayed activity to a CSV file. The error resulted in a pop-up error message stating a system error has occurred. Description of fix: Modified the completed process, completed file transfer and Export to CSV queries to improve performance and successfully create the CSV file. 8. MFT-12066 (2021-06-18) Description of issue: Required update to address the following PDFBox vulnerabilities: CVE-2021-31811 CVSS 5.5 / CVE-2021-31812 CVSS 5.5. See: https://www.ibm.com/support/pages/node/6471699 Description of fix: Applied update to above component. 9. IT36992/MFT-12112/TS005542296 (2021-06-21) Description of issue: Getting false alerts because the SLC service is not getting data in a timely fashion from the EventMonitor logic. Description of fix: A new engine property was added named PUT_EVENT_XML_IN_EVENTS and a new column EVENT_XML was added to the EVENTS database table. By default PUT_EVENT_XML_IN_EVENTS is false. When PUT_EVENT_XML_IN_EVENTS is set to be true, and EPs are restarted, the EVENTS.EVENT_XML column will be populated and the EventMonitor service will used data from that column instead of rebuilding it by reading data from possibly multiple tables. Performance testing has shown that when PUT_EVENT_XML_IN_EVENTS is set true that event insertion is slowed down by approximately 25%, but that performance of the EventMonitor service is approximately 75% faster. Another ramification of setting PUT_XML_IN_EVENTS is set true is that database table space requirements increase and heap space required by each EP drops slightly. 10. MFT-12282 (2021-06-23) Description of issue: Build date/time calculated using hour of day as 01-24 (instead of 00-23), causing confusion. Following example shows an engine log entry where the installer was built during 11pm: "Starting Engine 6.2.0.0_iFix08 - build June 21 2021 24:03". This should be calculated/displayed as 23:03 instead. Note: The example shown is from the 6.2.0.0 release, but same issue/fix applies to 6.1.3.0. Description of fix: Corrected the build process to use the SimpleDateFormat specification for hour of day 00-23. 11. IT37399/MFT-12257/TS005775429 (2021-06-23) Description of issue: After upgrading from 612 to 62 ICC crashing with out of memory (OOM) error Description of fix: Changes made to deal with "Maximum open cursors exceeded" issues exposed a logic error that had to do with how statements were being created, but not closed, when performing batch updates and inserts. The logic has been changed to use a single statement, instead of multiple ones, which is closed, which resolves the memory leak that was occurring. 12. MFT-12315 (2021-07-09) Description of issue: MSSQL errors occur during configCC when attempting SQL command: DROP PARTITION SCHEME|FUNCTION because these objects did not exist. Following messages found in ccinstall.log: ERROR DB_Init - Cannot drop the partition scheme 'XX_PART_SCHEME', because it does not exist or you do not have permission. ERROR DB_Init - Cannot drop the partition function 'XX_PART_FUNC', because it does not exist or you do not have permission. (where XX is corresponding table name prefix: eg. CD, CE, EV, etc.). Description of fix: Added a check to determine if the partition scheme and function exist. If not, then skip the DROP command(s). 13. IT37591/MFT-12260/TS005719790 (2021-07-12) Description of issue: RESTART / RESUME commands for a BP (Business Process) fails with the following error message returned in the SI Response: {newWorkflowId=null, isError=true, errorCode=-1, message=Not enough parameters...} Description of fix: Corrected the order of parameters passed to SI in the request. 14. IT37743/MFT-12356/TS006258581 (2021-07-23) Description of issue: Cannot update new initparms for CD license and Install Agent settings Description of fix: Add support for the new parameters. 15. T37744/MFT-12353/TS006075139 (2021-07-23) Description of issue: Unable to create a rule as shown in documentation: https://www.ibm.com/docs/en/control-center/6.1.3?topic=variables-by-event-type Description of fix: Corrected rule validation property table to allow the specified rule. 16. MFT-12494 (2021-09-03) Description of issue: Control Center build job completes as successful when jar signing fails. When this occurs, installers are created with unsigned jars. Description of fix: Corrected the build process to immediately end whenever jar signing fails. 17. MFT-12567 (2021-09-27) Description of issue: Error during configCC caused by specifying a MSSQL JDBC driver, which is not in the list of known drivers. The list is missing mssql-jdbc-8.2.2.jre8.jar, mssql-jdbc-8.4.1.jre8.jar, mssql-jdbc-9.2.1-jre8.jar and mssql-jdbc-9.4.0.jre8.jar. These are all compatible with MSSQL Server 2016 and 2017 (versions listed as compatible with Control Center 6.1.3.0). Description of fix: Updated the list with the above mentioned JDBC drivers. 18. CC-7888 (2021-10-01) Description of issue: Connect:Direct Configuration in classic console is missing C:D Unix initparms: cd.file.agent and cdfa.enable. Description of fix: Added support for these paramters. 19. IT38654/MFT-12553/TS006939941 (2021-10-08) Description of issue: Email addresses specified in email lists wre still receiving emails after being removed from the list. Description of fix: Properly initialize the addesses list before generating the email. Note this issue (before being fixed) caused a memory leak to occur EVERY TIME an email action runs! It may just be a few dozen bytes each time, but after a while that would add up. It also causes email actions to take longer and longer to run each time they're taken. So this fix will both boost performance and eliminate a memory leak. 20. MFT-12587 (20210-10-12) Description of issue: Requirement to address the following vulnerabilities in Websphere/Liberty: CVE-2021-35517 CVSS 5.5 / CVE-2021-36090 CVSS 7.5. See: https://www.ibm.com/support/pages/node/6489683 Description of fix: Upgraded Websphere Liberty to 21.0.0.10 (from 20.0.0.12). -------------------------------------------- 6.1.3.0 iFix06 (Released 03/24/2021) 1. IT36328/MFT-11977/TS005274501 (2021-03-24) Description of issue: After upgrading from 6.1.3.0 iFix04 to iFix05, SEAS users cannot logon (when using a secure SEAS connection). The following error messages were displayed in /log/SeasService.log -Exception occurred validating password for user: xxxxxxxx - java.lang.SecurityException: Signers of 'com.sterlingcommerce.security.provider.SecurityProperties' do not match signers of other classes in package -java.lang.SecurityException: Signers of 'com.sterlingcommerce.security.provider.SecurityProperties' do not match signers of other classes in package -com.sterlingcommerce.hadrian.common.net.ConnectionException: java.lang.SecurityException: Signers of 'com.sterlingcommerce.security.provider.SecurityProperties' do not match signers of other classes in package Description of fix: Unsigned a couple of SEAS API jars used by Control Center to avoid signing these jars twice. This caused a problem after some jar signing changes were made in the previous iFix in MFT-11945. -------------------------------------------- 6.1.3.0 iFix05 (Released 03/19/2021) 1. IT35740/MFT-11783/TS004884358 (2021-01-29) Description of issue: Node messages shown in the Swing console sometimes include the full exception stack trace. Description of fix: Stopped appending the exception trace to the message text (in most cases) to be displayed by the Swing console. 2. LS-62 (2021-02-04) Description of issue: When tracing is enabled for monitored Connect:Direct server the output goes to the console instead of the appropriate log file. Description of fix: Redirected console output generated by the CDAIJ to the appropriate log file via code changes in Control Center. 3. IT35755/MFT-11773/TS004868677 (2021-02-09) Description of issue: Default summarizer computed invalid transfer durations for SFG redeliveries. Description of fix: Adjusted summarizer logic to account for the fact that SFG redeliveres are done with the same process ID as the original deliveries and that those processes have multiple end events but a single start event. 4. MFT-11817 (2021-02-12) Description of issue: Cannot enable node discovery for servers that use cert based authentication. Description of fix: Allow for discovery if a secure protocol in in use. 5. IT35892/MFT-11695 / TS004688667 (2021-02-16) Description of issue: High cursor count associated with Control Center in Oracle database Description of fix: The query used to obtain the events needed to summarize processes was being cached by Control Center, causing a cursor to be left open as long as it was, but there's no point in caching those queries as they're never used again, so the fix was to stop caching them. 6. IT36004/MFT-11851/TS004956346 (2021-02-23) Description of issue: CCTR135I slow inserts into EVENTS occurring Description of fix: Changed some queries used for MSSQL servers related to handling alerts, improved the logic used to automatically handle alerts, and added a new index to CC_PROCESS for MSSQL server databases. 7. IT36137/MFT-11831/TS004112165 (2021-02-25) Description of issue: The following error occurs when using the Control Center Interactive Console to create an action: "errorCode": 400, "errorDescription": "You must supply a value for \"enabled\"." This error occurs even though a value is correctly set in the request (i.e. "enabled": true,). Description of fix: Removed an erroneous duplicate category of "Action Services" on the main page which referenced ".../svc/actions/". Made corrections to the "Actions Services" category which references ".../svc/actiongroups/". 8. MFT-11846 (2021-03-02) Description of issue: Duplicate records in NODE_TYPE table caused shutdown. This condition can exist if an old 5.4.2.2 release is upgraded to a 6.x release. The following error mesages were displayed in the engine log. ERROR SQLExceptionShutdownHandler - ** SQLExceptionShutdownHandler entered with sqlex=java.lang.IllegalStateException: Found more than one NodeType with NODE_TYPE "3"! ERROR SQLExceptionShutdownHandler - ** Event not updated or details on what was being done when error occurred -> Found more than one NodeType with NODE_TYPE "3"! ERROR SQLExceptionShutdownHandler - Found more than one NodeType with NODE_TYPE "3"! Description of fix: Added logic to check if the NODE_TYPE table contains a primary key. If there is no primary key, the table is re-created with primary key and re-populated with one of each NODE_TYPE (i.e. DROP, CREATE, INSERT). 9. MFT-11908 (2021-03-08) Description of issue: See null pointer exceptions, and node services are started and stopped multiple times when server reassignments are performed. Description of fix: Adjusted the logic that handles server updated cluster events to ignore them if the server was in the process of being reassigned. 10. IT36169/MFT-11928/TS005067737 (2021-03-10) Description of issue: Customer wanted to use the embedded flag expression (?s) in the regex for a milestone parameter value but the existing validation logic would not permit parenthesis to be specified in the value Description of fix: Updated validation logic to allow parenthesis to be specified. 11. IT36282/MFT-11945/TS005212567 (2021-03-18) Description of issue: Java jar signing certificate expired on 2021-03-14, at which time users could no longer launch the classic console via webstart because the jars were not signed with a timestamp. Description of fix: Implemented a new jar signing process using a current certificate and also turned on the the jar signing timestamp. This timestamp is used to verify the code was signed prior to the certificate's expiration date. -------------------------------------------- 6.1.3.0 iFix04 (Released 01/08/2021) 1. IT34297/MFT-11373/TS004107066 (2020-09-21) Description of issue: Getting out of memory error on all but the CEP when adding multiple servers via batch creation utility. Also found that when initiating startHtmlAdaptor on command line, control is not returned, and CTRL-C doesn't break out of the command. Description of fix: As servers are added, the built in server groups are also updated appropriately. When 1000s of servers already exist, and 100s more are added quickly, the previous logic would keep the before and after server groups as servers are added, for each server added, in memory. With this fix, only one, before and after server group will be in memory at a time now. Also, for the startHtmlAdaptor problem, a System.exit() was added to the logic, and control is now returned when it completes. 2. IT34412/MFT-11460/TS004223470 (2020-10-01) Description of issue: Customer received a Cognos email notification due the mobile "Apple Push Notification" certificate nearing expiration. The following error/warn messages were also observerd in \Cognos\logs\mob.log: ERROR com.cognos.mobile.server.apns.APNSSocket - Mobile Apple Push Notification certificate has expired. Please visit http://www-01.ibm.com/support/docview.wss?uid=swg24034258 to download and install the latest certificate. WARN com.cognos.mobile.server.apns.APNSCertificateExpiredChecker - Your Apple Push Notification Certificate expired 39 days ago. This certificate expires yearly, but does not cause any functional / operational issue with the product, since the mobile feature is not used. Description of fix: Updated the installer with the latest Apple Push Notification certificate. Please refer to the link in the above error message if you would like to update the certificate yourself in lieu of applying the fix package for this issue. 3. IT34430/MFT-11331/TS003995403 (2020-10-02) Description of issue: Passing heartbeat interval as a string causes a cast exception resulting in the interval being set to the default. Description of fix: Log a warning when a string is received and try to convert the start to a number to use. If that fails log an error before setting it to the default. 4. CCP-16938 (2020-10-02) Description of issue: CDU initparm instance.id was not handled. Description of fix: Update tables for new CDU initparm. 5. CC-4021 (2020-10-09) Description of issue: There are two issues fixed for this defect. The CEP doesn't always cancel temporary server reassignments at startup, leaving servers temporarily reassigned away from the CEP even though they should not be, AND under certain circumstances monitored servers may be errouneously deleted when the CEP sees an EP starting that was previously down. If the database contains two servers with the same name, one logically deleted, and one not, and the server that was logically deleted was assigned to the EP just starting, the CEP errouneously reassigns the deleted server back to its EP, and that EP will attempt to delete it (again), causing the monitored server with that same name to be deleted from the system instead. Description of fix: For the first problem, fixed the logic at startup to ensure the CEP knows it is the CEP at startup, so temporarly server reassignments are always cancelled. For the second problem, fixed the queries used to ascertain servers to be reassigned to exclude logically deleted servers. 6. CC-4029 (2020-10-10) Description of issue: Swing console node tree not updated when servers are created or deleted. A problem was introduced with the fix for MFT-11373 ICC EP stopped monitoring the servers on CEP. The issue was caused by a change to the ServerGroupMgr updateServerGroup. Whenever this update is driven by a cluster event, an NPE occurs, causing, among other things, the update to the server group event to not be broadcast to Swing consoles. Description of fix: Corrected logic to perform the update for non-cluster events only. 7. CCP-11203 (2020-10-22) Description of issue: DVG restricted users cannot view data in the Audit Report for C:D configuration changes. DVGs should not affect a user's visibility of CD configurations changes in the Audit report. Description of fix: Modifed report logic as follows: If user does not have access to a C:D server because that user is server restricted, they will not be able to view configuration data for that server. 8. MFT-11472 (2020-10-23) Description of issue: Upgrade from 6.0.0.x with a STAG database to 6.1.3.0 fails. After running configCC, engine startup fails with the following error message: ERROR CCEngine(CCenter) - CCTR142E The Event Processor name has not been properly configured since its location is not set. Please run configCC to configure event processor name. Name: CCenter Description of fix: Corrected logic to properly reference both the PROD and STAG database connection pools as needed. 10. IT34813/MFT-11465/TS004217965 (2020-11-04) Description of issue: Error trying to use IP address for File Agent SNMP Listener Address in classic console (i.e. IBM Control Center >> System Settings >> File Agent). This represents the Control Center address which listens for File Agent traps. Customer noticed this field only accepts a hostname, but not an ip address. However, although this is an input field, the contents are effectively ignored and the listen address is always set to that of the CEP (Controller Event Processor). Description of fix: Changed the field to be display only and added field label text to indicate this is auto set: "SNMP Listener Address (Auto assigned to CEP)". 11. IT34944/MFT-11576/TS004456801 (2020-11-16) Description of issue: ICC shows SEAS down, even though SEAS up. Description of fix: New diagnostic ability added to the EventProcessorService, which handles OSA events for processing. Specifically a new log file, EventProcessorServiceEvents, was added to allow all OSA data received, from servers like SEAS and GM, to be seen. If the EngineLogger.xml is updated, such that debug level logging is enabled for EventProcessorServiceEvents, all events processed by the EventProcessorService will be written to the EventProcessorServiceEvents log file. 12. IT34943/MFT-11546/TS004390039 (2020-12-07) Description of issue: ICC doesn't recognize the 'replication' events from Global Mailbox Description of fix: The real issue was ICC when ICC determined that the GM server went down, it set the status of all the servers components to UNKNOWN, resulting in red lines that never changed because new status events from the components are not sent when the GM server restarts. So rather than change the status of an OSA servers components to UNKNOWN when the OSA server is determined to be down, the status of its components will be left as they are.. Also, before this update, when heartbeat event received, server's status would only be changed to up/active if its status was down or unknown. Now the status will be changed to active, and a server up event broadcast, if it was not in an active status before receiving the heartbeat event. 13. IT35194/MFT-11633/TS004561575 (2020-12-07) Description of issue: Tag mapped value not being set consistently. This occurred whenever the value came from XML string and contained a new line character or other non-alphanumeric characters. Description of fix: The logic used to extract the tag mapped value from XML string was updated to account for any valid value, including new line characters. 14. LS-52 (2020-12-17) Description of issue: Oracle JDBC driver ojdbc10.jar remained in /lib/thirdparty after having been erroneously specified during configCC. When the customer ran configCC again to specify the correct ojdbc8.jar, the presence of both correct/invalid drivers (ojdbc8.jar/ojdbc10.jar) caused a conflict. Description of fix: Added ojdbc10.jar to a list of drivers to ensure it is excluded from the classpath (i.e. only the current JDBC driver is added). 15. IT35304/MFT-11682/TS004569278 (2020-12-17) Description of issue: Version of monitored Connect:Direct servers was shown correctly by the Swing console but not the Web console Description of fix: Added logic to ensure the version value for monitored servers that's stored in the database, which is what the Web console displays, is updated as polling occurs. 16. CC-4362 (2020-12-23) Description of issue: Database purge and movement timed scheduling not working properly. Note daily scheduling works fine. Description of fix: Correct time zone handling. 17. IT35419/MFT-11442 (2021-01-06) Description of issue: Requirement to address the following vulnerability in Apache ActiveMQ: CVE-2020-13920 CVSS 5.3 Description of fix: Upgraded to Apache ActiveMQ 5.15.14 (from 5.15.9) 18. IT35421/MFT-11505 (2021-01-06) Description of issue: Requirement to address the following vulnerability in Websphere/Liberty: CVE-2020-10693 CVSS 5.3. Description of fix: Upgraded Websphere Liberty to 20.0.0.12 (from 20.0.0.5). -------------------------------------------- 6.1.3.0 iFix03 (Released 09/21/2020) 1. IT33567/MFT-11256/TS003891769 (2020-07-15) Description of issue: WLP (Websphere Liberty) encoded passwords (i.e. keystore/truststore/database) are written to the engine.log These encoded passwords should be masked. Description of fix: Changed the log display to mask the password. Before and After examples follow: Before fix: [StreamConsumerThread - ] INFO StreamConsumer - OUT-->{xor}Lz4sLCgwLTs= After fix: [StreamConsumerThread - ] INFO StreamConsumer - OUT-->{xor}************ 2. IT33545/MFT-11276/TS003927367 (2020-07-20) Description of issue: Problems upgrading to Control Center 6.1.3.0. Not recognizing EP already in CC_SERVER and adding new one and then ICC does not start. Description of fix: Logic that handles ensuring EP in CC_SERVER correctly refactored. 3. IT33623/MFT-11277/TS003911941 (2020-07-21) Description of issue: Null Pointer Exception occurring during refresh of Connect:Direct File Agent data in CC_SERVER_COMPONENT table. Description of fix: Fixed logic that didn't handle Connect:Direct servers that did not have file agents associated with them so the null pointer exception would no longer occur. 4. LS-21 (2020-07-22) Description of issue: It was determined in some cases that Control Center was listening on IPv6 addresses. This causes various problems. Currently, only IPv4 adddresses are supported in Control Center. Description of fix: Set a system property during application startup to ensure Control Center listens on IPv4 addresses (i.e. -Djava.net.preferIPv4Stack=true). 5. IT33623/MFT-11277/TS003911941 2020-07-28) Description of issue: When EPs are all restarted, some monitored servers are still temporarily reassigned. Description of fix: Added start up logic for the CEP to undo any temporary server reassignments. 6. IT34299/MFT-11272 (2020-07-29) Description of issue: Required commons-codec upgrade to address Apache Commons disclosure 177835 (CVSS 7.5). Description of fix: Upgraded to commons-code-1.14. 7. IT33623/MFT-11277/TS003911941 (2020-07-31) Description of issue: Exceptions occurring, and logged, by NodeServiceTableAdapter when updating servers - NodeServiceTableAdapter - Queue full. Description of fix: Changed logic to wait when the queue of servers to be updated is full. Note queue size can be increased via the Engine property UPDATE_SERVER_BUFFER_SIZE, which defaults to 500. 8. CC-3597 (2020-08-06) Description of issue: Unable to specify a port value less than 1024 when adding a B2Bi server to be monitored. Description of fix: Changed the validation logic to allow a port number as low as 1. 9. IT34300/MFT-11333 (2020-08-08) Description of issue: Required IBM JRE upgrade to address CVE-2020-14578 (CVSS 3.7) and CVE-2020-14579 (CVSS 3.7)in the Q3 2020 Java CPU. Description of fix: Upgraded from 8.0.6.10 to 8.0.6.15. 10. IT33876/MFT-11319/TS004013600(2020-08-12) Description of issue: Export of audit log to pdf fails with "java.lang.String cannot cast to java.lang.Boolean" (in classic console: Tools >> Audit Log >> Export List to PDF). Description of fix: Added code to catch the exception, allowing the export to complete. 11. CC-3598/MFT-11373/TS004107066 (2020-08-27) Description of issue: Engine in stuck state. Servers are up but last check-in time and logs are not updating. A deadlock occurred during synchronized access to the queues used to handle servers and server components to be updated. One thread can't put more data on the queue because it is full, while the other cannot pull anything out because the other thread that's waiting to put data on it, has the lock. Description of fix: Modifed the logic to avoid the deadlock. 12. IT34057/MFT-11382/TS004094974 (2020-08-31) Description of issue: Automated and scheduled reports do not run after upgrade to 6130. The following error message is written to the engine.log: "dd yyyy hh:mm:ss,nnn nnnnnnnnn [DefaultQuartzScheduler_Worker-10] WARN CCObject - File /rep.xml must be available and writable. Error message is: /rep.xml (Read-only file system)." Where: = home directory of the user who executed runEngine.bat|sh. Control Center writes temp file rep.xml to user.home when automated/scheduled reports are run. In this particular case, the customer had a requirement that the user's home directory (user.home) be read-only. Description of fix: Created a new optional property in /conf/InstallationInfo.properties to change user.home to a different (writeable) location: CCENTER_USER_HOME=. Example: CCENTER_USER_HOME=/data/control-center/user-home 13. IT34077/MFT-11373/TS004107066 (2020-09-01) Description of issue: EP stops monitoring monitored servers. Occurred when database I/O to EVENTS table was slow and events being broadcast for that fact. Description of fix: Do not broadcast a warning about EVENTS table updates or inserts taking too long if broadcasting an event that updates or inserts are taking too long. 14. IT34208/MFT-11397/TS004137199(2020-09-14) Description of issue: Change error messages in log files about column limits to warnings or info as appropriate. Description of fix: Changed selected error messages to warn or info. 15. IT34211/MFT-11400/TS004078386 (2020-09-15) Description of issue: Running congifCC loses Cognos TLSv1.2 setting (i.e. TLSv1.1 entry is re-populated into /Cognos/configuration/cogstartup.xml after each configCC from cogstartup_SCC_Template.tmp) Description of fix: Added logic during engine/Cognos startup to check if WEBSERVER_SECURE_PROTOCOL=TLSv1.2 (engine.properties). If so, remove the TLSv1.1 entry from cogstartup.xml. 16. MFT-11413 (2020-09-16) Description of issue: After updating Blacklist in SSP, the Audit Report displays wrong values. The following issues were observed: a. The Configuration object seems to show a tag instead of user-friendly object name. b. Audit events display in report when adding/removing from the blacklists, but not when changing the order of the objects. For example, user id blacklist is user1,user2 and I change it to user2,user1. I see nothing in the SSP Config Change report. Description of fix: Corrected logic to use friendly a user-friendly object name and properly display before/after values. 17. MFT-11414 (2020-09-16) Description of issue: Server that was in ready status did not show Shunned when bad id/pw used. Description of fix: Corrected logic to update the databse with the server staus of "Shunned". -------------------------------------------- 6.1.3.0 iFix02 (Released 07/08/2020) 1. IT32651/MFT-11059/TS003396613 (2020-4-29) Description of issue: Reoccuring "ORA-01000: maximum open cursors exceeded" errors and/or seeing high database cursor usage by ICC. Description of fix: Reduced cursor usage by changing two queries to no longer be cached. Also slightly altered the logic that logs when SQL exceptions occur to better log the SQL command value. 2. IT32611/MFT-11055/TS003575866 (2020-4-29) Description of issue: When ICC is far behind in monitoring SFG servers, perhaps because monitoring was paused, or ICC was down for an extended amount of time, it struggles to ever catch up. Description of fix: Made some small logic changes to address an inefficiency in queries initiated to retrieve "missing" arrived file route and delivery data. Altered the default engine property values for FG_RETRY_INTERVAL and FG_MAX_RETRIES. These properties control how often, and how frequently, ICC will request missing route and delivery data from SFG. Default for FG_RETRY_INTERVAL is now 2000. (A number of milliseconds.) Its default was 10000. Also, before, if the value specified was less than 60, ICC would instead use a much larger value. That's no longer the case. Default for FG_MAX_RETRIES is now 2. It was 10. Also, before the changes for this issue, even if FG_MAX_RETRIES were to be set to 0, ICC would have retried once anyway. That's no longer the case. Also, one new engine property was added - MAX_B2B_EVENT_AGE_IN_MINUTES_TO_LOOK_BACK_IN_DB_FOR. It's default is 64800, which equates to 45 days. This engine property tells ICC to not try to attempt to retrieve any missing arrived file route or delivery data for events that are older than the value specified, which would be 45 days if the default is not overridden. Finally, a small change was made to do a better job of logging SQL exceptions when they occur. 3. MFT-11093/TS003646841 (2020-4-29) Description of issue: When ICC is shutdown errors may fill up all log files from services that don't notice a shutdown is in progress. Description of fix: Logic added to ControllerMonitor, EventProcessorMonitor, ProcessSummaryService, ProcessSummaryWorker, ClusterEventMonitor, EnvironmentMonitor, and EventMonitor to watch for when ICC is shutting down and they now terminate their looping when that occurs. 4. IT32677/MFT-11085/TS003602851 (2020-4-29) Description of issue: When SSP adapters are assigned to multiple SSP engines ICC has problems handling their status. Description of fix: ICC logic updated to handle the situation where one SSP adapter may be assigned to more than one SSP engine. 5. IT32676/MFT-11047/TS003572480 (2020-4-29) Description of issue: Rules created or updated by the Swing console that have return code as a criteria process return code values as strings instead of as numeric values. Description of fix: Changed the Swing console logic that generates the rule match string to treat return code values as numerics instead of strings. Note treating return codes as strings in rules created or updated by the Swing console has occurred for > 10 years. Also, rules created or updated by the web console treat return code values as numerics. In case the original logic in the Swing console is still desired, an engine property was added, HANDLE_RULE_RETURNCODE_THE_ORIGINAL_WAY, whose default is false, and it may be set to true to get the original, albeit errant, behavior. 6. IT32909/MFT-11105/TS003635144 (2020-05-04) Description of issue: Customer ran configCC.sh specifying Oracle JDBC driver ojdbc8.jar after previously having configured using ojdbc7.jar. The following error resulted because both jars were now in the classpath: com.sterlingcommerce.scc.common.SCCException: CJDB014E Cannot create a new connection for URL jdbc:oracle:thin:[host:port:service]. Description of fix: Updated an internal list of database drivers to be excluded from the classpath to ensure only the current specified driver is added. 7. IT32808/MFT-11119/TS003623151 (2020-05-12) Description of issue: Changes introduced in 6130 caused CCTR034E and COSA028E events to not be generated for OSA type servers like SEAS and Global Mailbox, nor to set the status to 'Unknown' for server components associated with the OSA server deemed to be down. Description of fix: This ommission was corrected, so the code should behave as it did now in this area. 8. IT32851/MFT-11127/TS003606190 (2020-05-13) Description of issue: When starting Control Center, runEngine.sh does not return to the bash prompt (i.e. user must hit ENTER). Description of fix: Modified runEngine.sh/runEngineCold.sh so that control is returned to the bash prompt without any user interaction. 9. IT32884/MFT-11131/TS003675945 (2020-05-15) Description of issue: Under certain conditions when the CEP starts, any of its monitored servers temporarliy rassigned to other EPs will remain temporarliy reassigned and must be first manually reasigned to the server they're temporarily assigned to and then reassigned back to the CEP to put things back as they should be. Description of fix: At start up, the CEP will reassign all of its monitored servers temporarily reassigned to other EPs back to itself. 10. IT32912/MFT-11140/TS003699052 (2020-05-19) Description of issue: Attempting to use read Action and creating Action through REST APIs gets error com.ibm.tenx.ws.WebServiceException: Method not allowed. Description of fix: Those APIs had simply not been enabled, so now they and others that should have been are. 11. IT32996/MFT-11135/TS003646841 (2020-05-28) Description of issue: Dates displayed in Web console Recent transfer activity widget are incorrect for some time zones. Description of fix: When console user's preferred time zones are not whole hour offsets from UTC, they are rounded to the closest time zone that is a whole hour offset from UTC and this caused problems for the logic that displayed dates on the chart, which has now been corrected. 12. IT33033/MFT-11185/TS003699727 (2020-06-11) Description of issue: Process summary service logic repeatedly logging error messages when process ending type events handled that contained no process name. Description of fix: ICC process summarization logic was repeatedly receiving process interrupted events from monitored Connect:Direct servers that contained no process name and a process ID/number of 0, and when it did, it would log an error due to the lack of process name. The logic was updated to not log an error in this situation if the process ID was also zero since zero is an invalid process ID, which means these events could be safely ignored by the summarization logic. Logic also changed to not log an info message that started with "notifyProcessEndedDbOper() found batch = 0 and stmt = null, so no executeBatch() was NOT performed for events". It was only supposed to be a debug message, and is now. 13. IT33048/MFT-11142/TS003700086 (2020-06-02) Description of issue: User-Roles summary report doesn't show correct last logon dates. Description of fix: The last logon date stored in the user profile was only updated by the Swing console logic at logon if it ascertained that the current user was not always logged on. This logic was changed to always update the last logon time regardless of the perceived current logon status. 14. IT33062/MFT-11191/TS003776379 (2020-06-03) Description of issue: Swing console displays SSP servers configured to be monitored via multiple MQ servers as a single MQ server with a comma separated list of hosts and ports. Description of fix: Addressed problems in the swing console related to updating and viewing properties for SSP servers' connection information. 15. IT33399/MFT-10981/MFT-11113 (2020-06-28) Description of issue: Required IBM JRE upgrade to address CVE-2020-2654 (CVSS 4.3) and CVE-2020-2781 (CVSS 5.3)in the Q2 2020 Java CPU. Description of fix: Upgraded from 8.0.6.5 to 8.0.6.10. 16. IT33400/MFT-11012/MFT-11013/MFT-11095 (2020-06-28) Description of issue: Required Websphere/Liberty upgrade to address multiple vulnerabilities: CVE-2019-17573 (CVSS 6.1), CVE-2020-4303/4304 (CVSS 6.1), CVE-2020-4329 (CVSS 3.0) Description of fix: Upgraded Websphere Liberty to 20.0.0.5 (from 20.0.0.2). -------------------------------------------- 6.1.3.0 iFix01 (Released 04/29/2020) 1. IT32628/MFT-10872 (03-12-2020) Description of issue: Required IBM JRE upgrade to address CVE-2019-4732 (CVSS 7.2) in the Q1 2020 Java CPU. Description of fix: Upgraded from 8.0.6.0 to 8.0.6.5. 2. IT32178/MFT-10927/TS003385016 (2020-03-13) Description of issue: Connect:Direct Browser in Control Center gets error: "There is an IO error: Return Code 712" for the following functions: User Functions tab: "Select Process" and "Select Statistics" and Admin Functions tab: "Network Map", "Functional Authority" and "Proxy". These functions write to a temporary file. The path name generated erroneously included a file name instead of a valid directory name after a web server upgrade. Description of fix: Modifed /web/wlp/usr/servers/defaultServer/server.xml by removing the .war suffix in the following cdbrowser application definition: BEFORE: location="${shared.app.dir}/cdbrowser.war" (generates invalid path name: /web/wlp/usr/shared/apps/cdbrowser.war/cdbrowser) AFTER: location="${shared.app.dir}/cdbrowser" (generates valid path name: /web/wlp/usr/shared/apps/cdbrowser/cdbrowser) 3. IT32149/MFT-10976/TS003366915 (2020-03-17) Description of issue: If sess.pnode.max is set to 0 in an Unix remote node entry, the advance panel values can not be updated. Description of fix: Set the proper valid value range for the default class parameter. 4. IT32094/MFT-10961/TS003332342 (2020-03-17) Description of issue: Cognos failed to start due to a weak cipher list in the Cognos configuration file /Cognos/configuration/cogstartup.xml, when attempting to regenerate it's cryptographic keys. Description of fix: Updated /Cognos/configuration/cogstartup_SCC_Template.tmp to include additional strong ciphers in element cognosCryptoCiphersuite. This template is used to create the Cognos configuration file when configCC.sh|bat is executed. 5. IT31899/MFT-10861/TS003289277 (2020-3-17) Description of issue: Customer requested some query changes, and new indices, to improve ICC performance. Description of fix: A new properties file was introduced - sql.properties. (It is modifiable via the Web console.) At the instruction of customer support, SQL may be added to sql.properties to override the SQL ICC uses (for certain queries). Over time the list of queries that may be specified will grow. For now just two queries may be overridden via sql.properties. Both of which are used by the ICC QueuedProcessesClearJob. ICC looks for the sql property values "getQueuedProcessCount" and "getQueuedProcesses" to get the SQL to use to override its existing SQL. Note that updates to sql.properties do NOT require ICC to be restarted for the changes to take effect. 6. IT32086/MFT-10597/TS002749779 (2020-3-17) Description of issue: Loading the first static page in a Cognos workspace and other things with Cognos are slow. Description of fix: Customer felt part of the slowness was due to the speed of the Cognos Java Authentication Provider (JAP) logic, so via a new system property, USE_CACHED_USERS_AND_ROLES_IN_JAP, users will be able to cause the JAP to run faster. The JAP will run faster when USE_CACHED_USERS_AND_ROLES_IN_JAP is set TRUE (it will be FALSE by default) because it will stop requesting the current list of ICC users and roles every time it is invoked and instead only retrieve the list once, at startup. The effect of this change will be that Cognos will not be aware of any modifications to the list of ICC users and roles after ICC starts, unless it is stopped and restarted. To set USE_CACHED_USERS_AND_ROLES_IN_JAP you must edit {ICC Installation folder}/Cognos/wlp/usr/servers/cognosserver/bootstrap.properties and add the following line to it: USE_CACHED_USERS_AND_ROLES_IN_JAP=TRUE 7. IT32085/MFT-10956/TS003437021 (2020-3-17) Description of issue: ICC will not start. While loading rules the error "Invalid value specified for 'tagName.nonResolutionActionId'." occurred. Description of fix: The message "CRUL090E Error while saving merged Rules." was changed to "CRUL090E Error while saving merged Rules during processing of Rule ID: {0}". This will allow ICC to note the name of the name of the problematic rule that caused ICC to not start in the message logged, which will simplify troubleshooting. 8. CCP-15676 (2020-3-23) Description of issue: Security vulnerabilities - BlackDuck Scan - Upgrade Apache Xerces2 J Description of fix: Replaced xercesImpl-2.11.0.jar with xercesImpl-2.12.SP02-redhat-00001.jar. 9. CCP-15903 (2020-3-23) Description of issue: Security vulnerabilities - BlackDuck - Upgrade to Quartz from 2.2.3 to 2.3.2 Description of fix: Replaced quartz-2.2.3.jar with quartz-2.3.2.jar. 10. MFT-10994 (2020-03-24) Description of issue: Required CDBrowser upgrade to address a few security issues (Updated jasper-runtime-5.5.23.jar from jasper-runtime-5.5.15.jar/Clickjacking Issue fixed/Removed struts 1 references from C:D Browser code/ Jasper-runtime upgrade). Description of fix: Upgraded to C:D Browser 1.5.0.2 iFix26 (from iFix22). 11. IT32629/MFT-10873/MFT-10893 (2020-03-31) Description of issue: Required Websphere/Liberty upgrade to address multiple vulnerabilities: CVE-2019-4720, CVE-2019-12406 Description of fix: Upgraded Websphere Liberty to 20.0.0.2 (from 19.0.0.12). 12. IT32379/MFT-10940/TS003404923 (2020-04-03) Description of issue: When a monitored Connect:Direct File Agent uses the loopback address (127.0.0.1) to communicate with its Connect:Direct server, ICC does not accept its traps. Description of fix: For ICC to accept traps from Connect:Direct File Agents, the trap c_submitNode value must match the address and port used by ICC to monitor its Connect:Direct server. A change was made so ICC will also accept the trap if the source address of the trap matches the address of a monitored Connect:Direct server. -------------------------------------------- ************************************************************************************************* All fix items listed ABOVE represent fixes made after 6.1.3.0 GA (i.e. 6.1.3.0 iFix01 and later). All fix items listed BELOW represent fixes included in 6.1.3.0 GA. ************************************************************************************************* -------------------------------------------- 6.1.3.0 (Released 03/20/2020) The following represent 6.1.2.1 iFixes included in 6.1.3.0 GA base release 6.1.2.1 iFix03 (Released 04/23/2020) 1. IT31524/MFT-10647/TS002847898 (2020-1-15) Description of issue: When using Internet Explorer browser, the ICC Recent File Transfer Activity widget on the dashboard shows the wrong dates. Description of fix: Internet Explorer does not support converting of a text string such as 2019-12-26T00:00:00.000-0600 to a date. So java script code in the 10x framework was attempting to form the date manually but did not take into account the timezone. The java script logic was changed to apply the timezone to correct the issue. 2. IT31543/MFT-10828/TS003193813 (2020-1-15) Description of issue: Adjacent node parallel session and default class parameters are not required for CD z/OS servers. Description of fix: Stop forcing an entry to be made for these parameters. 3. IT31635/MFT-10820/TS002901477 (2020-01-23) Description of issue: Completed file transfer view missing transfers Description of fix: Logic used to prevent file transfers in a process from being double counted was causing file transfers to not be counted at all. When processes end, they and the transfers they perform are summarized. Some processes may stop and/or be suspended before they complete, and when this occurs they'll be summarized. And when they're resumed, and they complete, again, they'll be summarized again. In this case the process, while technically not stopping and resuming, did include multiple connection shutdown events, which are treated as a process end. The logic that prevented transfers from being double counted was reworked to prevent transfers in processes that are summarized more than once to be counted once, and only once. 4. IT31540/MFT-10868/TS003288993 (2020-1-31) Description of issue: Excessive java logging displays trust and key store passwords. Description of fix: Set javalogging.properties level back to WARNING from FINEST. 5. MFT-10860 (2020-2-14) Description of issue: Excessive logging of errors when data collected from a monitored server precedes the earliest database partition. Description of fix: Changed logging from error to debug when this condition occurs. -------------------------------------------- 6.1.2.1 iFix02 (Released 01/15/2020) 1. IT30684/MFT-10633/TS002781942 (2019-11-01) - Spurious logging from summarizer when transfers falsely reported as having an excessive duration Description of issue: Internal logic was passing process events out of order to the summarizer because invalid millisecond values were stored in EVENTS.DATE_TIME, which caused it to get "confused" and pair step start and step end events for transfers incorrectly. Description of fix: Logic used to sort the process events was fixed. Instead of sorting by EVENTS.DATE_TIME and then EVENTS.SEQ_NUM, the logic now sorts on EVENTS.SERIAL_NUM when it can, which will always be right and more efficient. 2. IT30678/MFT-10633/TS002781942 (2019-11-01) - MSSQL HY008 (Operation cancelled) SQL errors occuring and monitored servers get paused Description of issue: Contention on ICC database tables is causing MSSQL to cancel one or more operations, which typically results in a monitored server being paused. Description of fix: HY008 was added to the list of recoverable errors in DatabaseProperties.xml and logic was added to check to see if a recoverable error occurred. So now, when an HY008 SQL error occurs with an MSSQL database, the SQL will be retried, and monitored servers will not be paused until the retry count has been exhausted. Also, the NOLOCK hint was added to the queries used by the EventMonitor logic when an MSSQL database is used to lessen contention on the ICC database and lower the chances of an HY008 SQL error occurring. 3. IT30699/MFT-10680/TS002855275 (2019-11-05) - Some configCC short cut options not working. Description of issue: Short cut options -jms and -email are not working properly. Description of fix: Correct short cut logic. Note that updating email info requires the cognos also be configured which will now happen if the email option is chosen. 4. IT30856/MFT-10478/TS002271409 (2019-11-05) - Cannot launch console after upgrade to 6.1.2 Description of issue: The classic console will sometimes fail to open from the Control Center launch page, due to an error caused by a ServiceLoader conflict during Websphere initialization. When this occurs, the only option is to stop and start the webserver (i.e. stopWebAppServer.sh|bat / startWebAppServer.sh|bat) -OR- stop and start Control Center. You can identify the error by looking for the following messages in /web/wlp/usr/server/defaultServer/log/messages.log. com.ibm.ws.session.WASSessionCore I SESN0176I: A new session context will be created for application key default_host/webstart com.ibm.ws.webcontainer E SRVE8059E: An unexpected exception occurred when trying to retrieve the session context java.util.ServiceConfigurationError: org.apache.logging.log4j.util.PropertySource: Provider org.apache.logging.log4j.util.EnvironmentPropertySource not a subtype at java.util.ServiceLoader.fail(ServiceLoader.java:250) at java.util.ServiceLoader.access$300(ServiceLoader.java:196) Description of fix: Modified engine startup logic and startWebAppServer.bat|sh scripts to cause a slight delay when loading the webstart application (sccwebstart.war). The default value is 10 seconds. This allows Websphere and the other applications to fully load/initialize and avoid the offending ServiceLoader conflict. The delay value can be changed as follows: -Engine startup: Specify the number of seconds in /conf/InstallationInfo.properties: WEBSTART_COPY_DELAY=n[n] (eg. WEBSTART_COPY_DELAY=15). -startWebAppServer.bat|sh: Specify the number of seconds as argument 1 (eg. ./startWebAppServer.sh 15). 5. IT30919/MFT-10693 (2019-11-07) Description of issue: Customer received a Cognos email notification due the mobile "Apple Push Notification" certificate nearing expiration. The following error/warn messages were also observerd in \Cognos\logs\mob.log: ERROR com.cognos.mobile.server.apns.APNSSocket - Mobile Apple Push Notification certificate has expired. Please visit http://www-01.ibm.com/support/docview.wss?uid=swg24034258 to download and install the latest certificate. WARN com.cognos.mobile.server.apns.APNSCertificateExpiredChecker - Your Apple Push Notification Certificate expired 39 days ago. This certificate expires yearly, but does not cause any functional / operational issue with the product, since the mobile feature is not used. Description of fix: Updated the installer with the latest Apple Push Notification certificate. There will be a subsequent Control Center fix to attempt to permanently disable the mobile feature within Cognos, as to avoid having to update the certificate annually. Please refer to the link in the above error message if you would like to update the certificate yourself in lieu of applying the fix package for this issue. 6. CCP-15677/CCP-15684 (2019-11-08) Description of issue: Security vulnerabilities (CVE-2017-17485 / CVE-2018-11307 / CVE-2017-7525 / CVE-2017-15095 / CVE-2018-14721 / CVE-2018-14720 / CVE-2018-14718 / CVE-2018-14719 / CVE-2018-19362 / CVE-2018-19360 / CVE-2018-19361 / CVE-2018-7489) found in jackson-databind-2.9.1.jar. Description of fix: Deleted jackson-databind-2.9.1.jar as it was determined that it was not used. 7. MFT-10407 (2019-11-12) Descripton of issue: The .console.out file (i.e. \bin\.console.out) is never rolled over when Control Center executes as a Windows started service, but works properly when the engine is started via runEngine.bat. Description of fix: Added logic to detect when the engine is starting as a Windows service and if so, call the ConsoleManager to manage the .console.out files. As part of this fix additional changes were made to allow a user to control the number of backup /bin/.console.out files (Windows) -and- /bin/nohup.out files (Linux/Unix) by setting a corresponding property in /conf/InstallationInfo.properties as follows (default is 5). Linux/Unix: NO_OF_BACKUPS_FOR_UNIX_STD_OUT_FILE=n[n] Windows: NO_OF_BACKUPS_FOR_WINDOW_STD_OUT_FILE=n[n] 8. CCP-15877/CCP-15822 (2019-11-18) Description of issue: Security XML External Entity (XXE) Vulnerability found ICC web console and java console XML updates. Description of fix: Modified ICC web console and java console to not allow DOCTYPE in XML definitions. 9. CCP-15844 (2019-11-20) Description of issue: The event count associated with summarized processes is wrong intermittently. The process summarization logic may summarize multiple processes at once and it always calculates the earliest start of all processes being summarized and uses that value when selecting events associated with the processes it is about to summarize. If there are events associated with a process to be summarized that precede the "start" event for a process, and also precede the earliest start for processes about to be summarized, then those events will not be accounted for in the total events. This problem typically just affects the summarized process detail view and does not affect the count of file transfers. Description of fix: Modified the logic that obtains the events associated with the process/processes to be summarized to select events used for summarization starting 10 seconds prior to the earliest start event for the processes to be summarized. 10. MFT-10738 (2019-11-20) Description of issue: Logging by the SLC service is done in the Jetty log file instead of the SLC log file. Description of fix: Updated EngineLogger.xml to specify the correct appender for SLC service logging. 11. IT31012/MFT-10719 (2019-11-20) Description of issue: When the servers in a server group referenced by a Workflow SLC milestone change, the SLC match logic for events is not updated. Description of fix: The Workflow SLC event matching logic was updated to handle updates to the contents of a server group referenced by one of its milestones. 12. MFT-10543 (2019-11-21) Description of issue: Erroneous warn/error messages (shown below) and exception stack trace occur in the Control Center CCClient log beginning in 6.1.2.0. The GUI Console comes up fine, otherwise. [Thread-nn]WARN ProcessGetterThread - Warning: Not able to get an instance of SCCAgent in GUI mode. [Thread-nn]ERROR EventProcessorGetterThread - Could not initialize class com.sterlingcommerce.scc.agent.SCCAgent Description of fix: Corrected the logic which produced the warn/error messages and stack trace. 13. IT31061/MFT-10664 (2019-11-26) Description of issue: Cognos fails to start when it attempts to use the ICC third party certificate that has expired. Description of fix: When trying to determine if the ICC third party certificate can be used by Cognos, check if the certificate has expired before deciding to use it. If its expired, use the Cognos CA signed certificate to secure Cognos. Also the following was added to help notify the user that the ICC certificate has expired or is about to expire. When the configCC Keystore / Truststore step is executed, the code will check the key certificate in the ICC keystore and warn the user if the certificate has expired, will expire within 30 days or is not yet valid. When the ICC Engine starts, the code will check the key certificate in the ICC keystore and the trusted signing certificates in the ICC Truststore and write to the engine log any certificate that is expired, about to expire or is not valid yet. When the ICC Engine finds an expired, soon to expire or not yet valid certificate, it will generate events with the below message ids. Rules can be written to generate alerts or emails when an event has any of these message ids. Expired - CCTR143I CCTR143I The ICC {0} certificate with alias {1} has expired. Certificate Date Range: {2} CCTR143I The ICC Trust Store certificate with alias my_expiredCert has expired. Certificate Date Range: Wed Feb 04 21:11:28 UTC 2009 to Mon Feb 03 21:11:28 UTC 2014 Soon to Expired - CCTR144I CCTR144I The ICC {0} certificate with alias {1} will expire within 30 days. Certificate Date Range: {2} CCTR144I The ICC Keystore certificate with alias my_expiringCert will expire within 30 days. Certificate Date Range: Thu Oct 24 12:01:29 CDT 2019 to Wed Nov 13 11:01:29 CST 2019 Not Yet Valid - CCTR145I CCTR145I The ICC {0} with alias {1} is not yet valid. Certificate Date Range: {2} CCTR145I The ICC Keystore with alias my_2020Cert is not yet valid. Certificate Date Range: Wed Jan 01 06:02:38 UTC 2020 to Sat Dec 29 06:02:38 UTC 2029 14. MFT-10614 (2019-11-26) Description of fix: Spaces in the xml filename of an emailList causing the emailList to go missing both when importing the xml file into the database and when importing to the imported folder from the conf. Description of issue: Corrected the logic for both scenarios to properly handle spaces in the file name. 15. IT31137/MFT-10553 (2019-11-27) Description of issue: Beginning with 6.1.2.0 the Completed File Agent Activity display no longer works in the classic console. Description of fix: Corrected the logic to re-direct the user from the classic console to the web UI and properly display Completed File Agent Activity after clicking on File Agent in the Control Center console (in the same fashion as other re-directs, like Active Alerts for example). Please note the following display limitation in the overall context of Completed File Agent Activity: -Completed File Agent Activity will be enabled in the case of single/multiple file agent selection of a single CD Node. -Completed File Agent Activity will be disabled in the case of single/multiple file agent selection of multiple CD Nodes. -Completed File Agent Activity will be disabled in the case of server group. 16. IT31227/MFT-10703 (2019-12-02) Description of fix: Cognos temporary report files are not being removed in 6.1.2.1. Description of issue: Implemented logic to correctly call Cognos temporary report file cleanup processing. 17. CCP-15843 (2019-12-03) Description of issue: Some engine.properties are not being added to the database during fresh installs. Description of fix: Added the following engine.properties with default values to a new install: SUMMARY_TABLES_PURGE_ROLL_UP, SUMMARY_TABLES_PURGE_FILE_COUNTS, SUMMARY_TABLES_PURGE_QUEUE_SIZE, TIME_TO_START_EPS_MINUTES. 18. IT31155/MFT-10770 (2019-12-4) Description of issue: The Brazil/East and America/Sao_Paulo are still defined to have DST and it causes the time in the ICC log files to be wrong and when running configCC the choices for the engine timezones presented are incorrect. Description of fix: TimeZones.xml was updated for Brazil/East and America/Sao_Paulo, as were the time zone definitions hard coded in ICC, which are used prior to updating the TimeZones.xml data. Also, in case there are still issues, two new engine properties were added: - TIMEZONE_OFFSET_MINUTES - no default, use to override whatever the server ICC is running on is using if necessary - TIMEZONE_USE_DAYLIGHT_TIME - default is false, use to override whatever the server ICC is running on is using if necessary These properties may be specified in the script/bat file used to run configCC if the changes made to TimeZones.xml and the internal time zones are insufficient to address the problems seen. Finally, know after upgrading ICC, but prior to restarting ICC, the updated TimeZones.xml file will be in conf/system. When ICC is restarted though the data in this file will simply be deleted if the database table CC_FILES has a TimeZones.xml entry. Users may either update TimeZones.xml manually via the Web console, or, prior to restarting ICC after the upgrade, they may run the following SQL to remove TimeZones.xml from CC_FILES: DELETE FROM CC_FILES WHERE FILE_NAME = 'TimeZones.xml' 19. IT31510/MFT-10732 (2019-12-06) Description of fix: Requirement to address pdfbox security vulnerability CVE-2019-0228 CVSS 5.5. Description of issue: Upgraded to pdfbox 2.0.17 (from 2.0.13). 20. IT31275/CCP-15918 (2019-12-13) Description of issue: Some SLC events errouneous have the transfer event attribute set true causing file transfer counts to be wrong. Description of fix: Explicitly initialized the SLC event attribute for transfer to be false. 21. IT31511/MFT-10793 (2019-12-17) Description of issue: Required IBM JRE upgrade to address CVE-2019-2989 (CVSS 6.8) in the Q4 2019 Java CPU. Description of fix: Upgraded from 8.0.5.40 to 8.0.6.0. 22. IT31332/MFT-10778 (2019-12-19) Description of issue: When maximum cursors exceeded error occurs when inserting events for a monitored server, instead of retrying the failed query, the monitored server is paused. Description of fix: Add additional recoverable error codes to the DatabaseProperties.xml file for Oracle databases. 23. IT31512/MFT-10816 (2019-12-20) Description of issue: Required Webbsphere/Liberty upgrade to address multiple vulnerabilities: CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9517, CVE-2019-9518, CVE-2019-4441, CVE-2019-4304, CVE-2019-4305 Description of fix: Upgraded Websphere Liberty to 19.0.0.12 (from 19.0.0.4). 24. IT31400/MFT-10673 (2020-01-02) Description of issue: Using stopEngine.sh -np fails to stop the engine. Description of fix: Implement a linux only option to support the -np stop engine option. 25. MFT-10823 (2020-01-08) Description of issue: The java.security override file (/conf/CC_java.security) is not properly referenced by the Cognos jvm. The file is used to override properties specified in the java master security file (/jre/lib/security/java.security). Description of fix: Added code during engine startup to ensure the following property is set in /Cognos/wlp/usr/servers/dataset-service/jvm.options: -Djava.security.properties=/conf/CC_java.security. --------------------------------------------- 6.1.2.1 iFix01 (Released 10/14/2019) 1. IT30088/R17638/MFT-10333 (2019-09-13) - Some transmissions do not appear on the ICC dashboard Description of issue: At first the issue was transmissions not appearing, then it was too many transmissions appearing. Description of fix: To address transmissions not appearing, a change was made to the summarization logic to deal with process end events received from CD zOS servers not up-to-date on maintenance that were sending process end events with no process name. To address too many transmissions appearing, a change to the summarization logic, the DefaultSummarizer to be specific, to fix the start time and end time set for summarized file transfers. 2. IT30173/R17710/MFT-10526 (2019-09-13) Description of issue: DVGs with criteria that only specified server groups not triggering Description of fix: Added logic to expand server group to the servers they include when initializing DVGs at system startup so DVG criteria not empty. 3. CCP-15713 (2019-09-13) Description of issue: Null pointer exception occurs while creating Simple SLCs, which caused ICC to shut down. Description of fix: Logic didn't handle the case when creating the first Workflow/Simple SLC or the first Wildcard SLC in the system correctly and threw a null pointer exception, which subsequently caused ICC to believe a database error occurred and to then shutdown. Logic updated to handle this situation correctly now. 4. CCP-15545/R17676 (2019-09-17) Description of issue: Changing the property value for CLEAR_NODE_STATUS_AT_CEP_STARTUP had no effect. It always stayed true. Description of fix: Moved the point in the logic where the property value was ascertained to be after the point where engine property values were initialized. Because it was being set prior to initialization of all engine property values, it always used the default value of TRUE. 5. MFT-10592/IT30309 (2019-09-17) Description of issue: Unsupported database dialect: DB2zOS when starting EP. Description of fix: Add DB2zOS to database type selection logic. 6. IT30132/R17704/MFT-10530 (2019-09-18) Description of issue: A XML parsing exception is thrown during engine startup when engine property SI_SERVER_LICENSE is set to false (default is true). False causes Control Center to not issue the SI OpsCommand "getLicense". The following error message will be present in the engine log when this occurs: [CCEngineWebClientSvc] ERROR CCNode - CXML001E Error while converting XML string to XML document. Document: null Stack Trace: com.sterlingcommerce.component.common.ComponentException: CXML001E Error while converting XML string to XML document. Document: null at com.sterlingcommerce.component.common.util.XMLUtil.getDocument(XMLUtil.java:290) at com.sterlingcommerce.component.common.util.XMLUtil.getDocument(XMLUtil.java:262) at com.sterlingcommerce.scc.client.proxy.CCNode.createGISLicenseExtensions(CCNode.java:2511) at Description of fix: Added guard code to check if the property is set to false and if so, skip some processing which references SI server license info. 7. CCP-14898 (2019-09-18) Description of issue: Getting error message indicating a duplicate Action while trying to load the database from the native conf file action.xml. This was caused by the action.xml previously being loaded into the database but also remaining in the native file conf directory due to a subsequent parsing error. Prior to this fix, all items (actions in this case) remained in the conf until all were loaded into the databse. [CCEngine(CCENTERT1)] ERROR MdActionController - CMDA014E Action load failed. [CCEngine(CCENTERT1)] ERROR MdActionController - RULE043E Duplicate Action. Action ID : Alert if consumer has not requested file Descriptiuon of fix: Modified the logic so that after each element from the conf directory is loaded into the database, the item is immediately moved from the conf into the imported-yyyymmddhhmms conf, instead of performing all moves after all items have been loaded in to the database. 8. MFT-10199/MFT-10440 (2019-09-19) Description of issue: Security vulnerabilities (CVE-2019-0227 / CVE-2014-3596 / CVE-2012-5784) found in axis.jar. Description of fix: axis.jar has been updated with fix for the above issues. 9. IT30548/MFT-10572 (2019-09-20) Description of issue: Required IBM JRE upgrade to address CVE-2019-4473 / CVE-2019-11771 (CVSS 8.4) in the Q3 2019 Java CPU. Note: CVE's only apply to AIX. Other platforms are not affected. Description of fix: Upgraded from 8.0.5.37 to 8.0.5.40. 10. R17706/MFT-9089 (2019-09-23) Description of issue: The java.security override file (/conf/CC_java.security) is not properly referenced by the Cognos jvm. The file is used to override properties specified in the java master security file (/jre/lib/security/java.security). Description of fix: Added code during engine startup to ensure the following property is set in /Cognos/wlp/usr/servers/cognosserver/jvm.options: -Djava.security.properties=/conf/CC_java.security. 11. CCP-15633 (2019-09-25) Description of issue: The CCAPI sample documentation incorrectly referenced two jar files in the sample command execution. Description of fix: Changed the documentation references from --> to: lib\icu4j-59.1.jar --> lib\icu4j-62_1.jar and lib\10x-db-openjpa-3.9.0.jar --> lib\10x-app-db-openjpa-3.9.0.jar. 12 CCP-15432 (2019-09-25) Description of issue: When I right-click on a server called rhel504101sp snd select Completed Processes or Active Alerts in the classic console, I am redirected to the web UI, but get an error saying "server RHEL504101SP is not found". Description of fix: Corrected the code to preserve the context of mixed case when the re-direct occurs. 13. IT30437/MFT-10567 (2019-09-25) Description of issue: The Connect:Direct Secure Plus ciphers presented in the ICC console [Configure servers -> Secure+ ] are incomplete with what is seen in SPCLI (Secure Plus Client). Control Center was only requests the cipher lists for SSL/TLS, but not for TLS1.1 and TLS1.2 Descripton of fix: Corrected the logic to request the cipher suites for all protocols (SSL/TLS/TLS1.1/TLS1.2). 14. IT30534/MFT-10549 (2019-09-25) Description of issue: Users are unable to view the preview text when changing User Preferences in the web UI. The following error displays: " has not been granted access to Calendars". Description of fix: Corrected the code to always allow a user to view preview text in user preferences. 15. IT30549/MFT-10159 (2019-09-25) Description of issue: Required upgrade to latest Cognos fix pack to address multiple vulnerabilities. Description of fix: Upgraded to Cognos 11.0.13.2 (from 11.0.13 IF1014). 16. IT03412/MFT-10586 (2019-09-26) Description of issue: After upgrading to 6.1.2.1, configCC.sh fails with the following error messages, immediately after replying to the prompt: Do you want to enable authentication for the Event Repository? (Y/N) [N] : com.ibm.tenx.db.PersistenceException: org.apache.openjpa.persistence.RollbackException: The transaction has been rolled back. See the nested exceptions for details on the errors that occurred. FailedObject: com.ibm.cc.model.Files-../conf:engine.properties This was caused by the engine.properties exceeding a length of 4000 (in xml format stored in the the CC_FILES table) and the configCC logic erroneously attempting to store the data in column CONTENT (instead of CONTENT_CLOB). Description of fix: Corrected the logic in configCC to check for a length value of > 4000 and if so, store the data in the CONTENT_CLOB column. 17. IT30067/R17698/MFT-10533 (2019-10-01) Description of issue: When API calls to create a ICC entity fail, the HTTP response returns a 201 (HttpServletResponse.SC_CREATED) even if the creation of the entity failed. Description of fix: Modified the HTTP response code to return 202 (HttpServletResponse.SC_ACCEPTED) if there is any error in processing the request. Response 202 means that a request was accepted for processing, but was not completed for some reason. 18. CCP-15737 (2019-10-01) Description of issue: Getting message "Database server version 18.0 not supported" when using an Oracle 18c database server (during Windows install and Linux configCC), Descriptiuon of fix: Modified code to check for Oracle 18c as a supported DB server/version. 19. IT30068/R17691/MFT-10445 (2019-10-02) Description of issue: Sometimes when Cognos is running in active mode on EP1 and switches to standby mode in a multi-EP ICC installation, ICC doesn't always recognize the switch (because ICC can still ping the standby Cognos) and stays connected to the standby Cognos on EP1 instead of switching to the active Cognos on EP2. Only when EP1 is stopped does ICC recognize that EP2 has the active Cognos. Description of fix: Modified the ICC Cognos ping logic to also check if the Cognos it can ping is also the active Cognos. And if it is not, signal a ping failure so ICC will reconnect and find the true active Cognos. 20. CCP-15696 (2019-10-02) Descripton of issue: When running the SFG Route by Poducer reports, some step types (Arrived File, Route, Delivery) are missing data. They don't have expected Start/End times as well as other values. This was due to a check in the code comparing for an exact match on step name of "Route" or "Delivery". By default Control Center constructs unique step names (i.e. engine property defaults to true true). Prior to this fix a workaround is to specify this engine property with a value of false. Description of fix: Changed the step name code check from "equals" to "startsWith" Route or Delivery. 21. CCP-15638 (2019-10-02) Description of issue: SQL Error: SQLCODE=-803 (duplicate INSERT attempted) - caused by multiple threads trying to update CC_FILES with statRecordIds at the same time. When multiple monitored server's service is started at the same time, during a upgrade from a ICC release that has statRecordIds still in the conf (instead of CC_FILES), some monitored server service may not start. However, from the second start of ICC onward, the issue will not occur (since statRecordIds will no longer be in conf). So its just an issue with the first engine start after an upgrade from 5.4 or 6.0. Description of fix: Synchronized the code that imports statRecordIds so that only the first thread will update the CC_FILES table. 22. IT30536/MFT-10632 (2019-10-10) Description of issue: Cannot generate Cognos reports due to case sensitivity when checking the Cognos url http://host.name:58085/p2pd/servlet/dispatch. The Cognos configuration (cogstartup.xml) contained uppercase hostname http://HOST.NAME:58085/p2pd/servlet/dispatch. The following message sequence repeated thousands of times in /log/CognosReportService.log: [CognosConnectionTimer] INFO CognosReportService - Cognos Report Server is ready to use! [CognosConnectionTimer] INFO CognosReportService - Periodically connect to: http://HOST.NAME:58085/p2pd/servlet/dispatch [CognosConnectionTimer] ERROR CognosReportService - The Active Cognos, http://host.name:58085/p2pd/servlet, is not the Cognos ICC is connected to, http://HOST.NAME:58085/p2pd/servlet/dispatch. Will try to get connected to Active Cognos. [CognosConnectionTimer] INFO CognosReportService - Active Cognos appears to be unavailable [CognosConnectionTimer] INFO CognosReportService - http://HOST.NAME:58085/p2pd/servlet/dispatch is not available. Begin to connect to other COGNOS Instance. Description of fix: Corrected the code to treat the url check as case insensitive. 23. CCP-15808 (2019-10-11) Description of issue: A second EP can erroneously start acting as the CEP (Controller Event Processor), even though the current CEP is still up and running. Once this occurs, each EP thinks it is the CEP and they can both remain in this state, until Control Center is re-cycled. This scenario can occur if the second EP determines the current CEP has not checked-in for a while and then attempts to ping the CEP before the Access Control Service is initialized. Description of fix: Modified logic in the Controller Monitor Service to determine if Access Control is initialized. If not, then skip the ping attempt and try again later after initialization is completed.