============================================ IBM Sterling Connect:Express Services for Sterling B2Bi 5.2.0 Fix List Document ============================================ This document describes maintenance updates for IBM Sterling Connect:Express Services for Sterling B2Bi. Maintenance updates are cumulative and provided as fix packs or interim fixes (iFixes). Content: - Important Notices - About Fix Packs and iFixes - Description of iFixes and Updates ================= Important Notices ================= - Command Line requires Java 8 or later. ========================== About Fix Packs and iFixes ========================== Fix packs and interim fixes (iFixes) deliver maintenance and updates to an existing product version of IBM Sterling Connect:Express Command Line. They are cumulative and include iFixes as well as updates added since the previous fix pack and in any earlier fix pack. You only need to install the latest one available. Fix packs and critical iFixes can be downloaded from the IBM Fix Central website at https://www.ibm.com/support/fixcentral/. Non-critical iFixes are typically provided by IBM Support in response to a customer case to address the reported issue. They can also be requested though IBM Support on demand. ================================= Description of iFixes and Updates ================================= =========================================== iFixes after 5.2.0.11 =========================================== Services, cxcmd and CXJAI are now embedded in cxservices.jar and are no longer deployed separately. cxcmd jar is now embedded in CXsession WEB-INF/lib and also includes its own CXJAI jar. CXSession versions displayed now also include CXSession version. CXSession, cxcmd and CXJAI version can differ. 5.2.0.11_iFix001) IT35748 / CXM-3116 date: 2021/02/09 ----------------------------------------------------------- On Windows, install.cmd fails to locate the installer.jar file and installService.cmd file. On Unix, install.sh fails to locate the installer.jar file. 5.2.0.11_iFix002) IT39626 / CXM-3147 date: 2021/11/26 ----------------------------------------------------------- In CXSession, Some JSP constructed URL can contain accented characters. Result is a HTTP ERROR 404 /CXSession/jsp/bad_request.jsp 5.2.0.11_iFix003) date: 2022/05/04 ----------------------------------------------------------- In CXSession war for the standalone j2e server (tomcat, jetty), index.html page does not redirect to the right JSP page 5.2.0.11_iFix004) IT42625 / CXM-3209 date: 2022/11/29 ----------------------------------------------------------- cxcmd, cxjai updated to 1.4.0.11-01 APAR IT34268 increased the NetworkMessageSize field size to 5 for Connect:Express Windows but some cxjai components were not updated accordingly. The affected components are: - journal - session Some values from mode=get command are shifted and invalid. 5.2.0.12 date: 2023/03/29 ----------------------------------------------------------- No update on Connect:Express services for B2Bi. Update applies on the Web application, CXSession. An internal security scan detected some potential security issues on some JSP pages. JSP pages are updated to fix the following: - Session cookie now includes SameSite=Strict; httponly; Path= - http headers now include: X-XSS-Protection=0; mode=block. X-Frame-Options=SAMEORIGIN. X-Content-Type-Options=nosniff. Content-Security-Policy=default-src 'self'; img-src 'self'; frame-ancestors 'none'; form-action 'self'. Server name is no longer sent. Strict-Transport-Security=max-age=31536000; includeSubDomains; preload. - JSP error page is redesigned to not display JSP stack and includes a link to the home/logging page. - All http errors/exceptions are landing to this new JSP page. - css and images folders have an empty index.html page to avoid browsing =========================================== iFixes after 5.2.0.12 ===========================================