============================================ IBM Sterling Connect:Direct File Agent 1.4.0 Fix List Document ============================================ This document describes maintenance updates for IBM Sterling Connect:Direct File Agent 1.4.0. Maintenance updates are cumulative and provided as fix packs or interim fixes (iFixes). Content: - Important Notices & Requirements - About Fix Packs and iFixes - Instructions for upgrading File Agent - Description of iFixes and Updates ================================ Important Notices & Requirements ================================ - File Agent 1.4.0.3 and later requires Java 8 or 17. It has been tested and certified with IBM SDK Java Technology Edition 8 and IBM Semeru Runtime 17. - IBM Semeru Runtime Version 17 Installers with bundled runtime have been updated to IBM Semeru Runtime 17 on supported platforms, such as AIX, Linux x64 & PPC and Windows. For additional information and requirements on Semeru Runtimes, Version 17 support, see https://www.ibm.com/support/pages/semeru-runtimes-support. - AIX: XL C++ Runtime 16.1.0.7 or later is required. - UI: FreeType font rendering library (typically freetype2) is required when opening the File Agent Configurator UI. - File Agent on HP-UX is deprecated. Fixes will be available on demand only until end of support is reached. - File Agent on Solaris x86 is no longer support. - Security updates are described below using the following definitions: Affected: The software product contains code, which has a documented vulnerability. Based on currently available information, however, we believe that the issue is likely not exploitable. However, as a best practice and from an abundance of caution, we recommend customers update their systems as soon as practical. Vulnerabilities evolve, and a means of exploiting any issue may emerge at any time. Vulnerable: The software product contains code, which has a documented vulnerability. Our analysis shows that the issue may be exploitable. ========================== About Fix Packs and iFixes ========================== Fix packs and interim fixes (iFixes) deliver maintenance and updates to an existing product version of IBM Sterling Connect:Direct File Agent. They are cumulative and include iFixes as well as updates added since the previous fix pack and in any earlier fix pack. You only need to install the latest one available. Fix packs and critical iFixes can be downloaded from the IBM Fix Central website at https://www.ibm.com/support/fixcentral/. Non-critical iFixes are typically provided by IBM Support in response to a customer case to address the reported issue. They can also be requested though IBM Support on demand. ===================================== Instructions for upgrading File Agent ===================================== Windows: 1. Download the fix pack or iFix for Windows from IBM Fix Central. 2. Unzip the downloaded file to a temporary folder. 3. Stop the "IBM Sterling Connect Direct File Agent" service. 4. Uninstall File Agent. 5. Reinstall File Agent using the FAInstall.exe installer from the download. Linux/UNIX platforms with bundled runtime: 1. Download the fix pack or iFix for your platform UNIX platform from IBM Fix Central. 2. Unzip the downloaded file to a temporary directory. 3. Stop File Agent. 4. Copy configuration files (*.ser) to another location. 5. Remove existing File Agent installation directory. 6. Reinstall File Agent using the FAInstall.bin installer from the download. 7. Copy configuration files back to the installation directory. Other platforms (without bundled runtime): 1. Ensure IBM SDK Java Technology Edition 8 or IBM Semeru Runtime 17 is already installed and set as your default Java runtime. 2. Download the fix pack or iFix for Java from IBM Fix Central. 3. Unzip the downloaded file to a temporary directory. 4. Stop File Agent. 5. Copy configuration files (*.ser) to another location. 6. Remove existing File Agent installation directory. 7. Reinstall File Agent using the FAInstall.jar installer from the download: java -jar FAInstall.jar 8. Copy configuration files back to the installation directory. ================================= Description of iFixes and Updates ================================= =========================================== iFixes after 1.4.0.0 (General Availability) =========================================== 1.4.0.0_iFix001) QC 18030 date: 2010/12/07 ------------------------------------------- Continue processing files if process name information cannot be retrieved for a process. 1.4.0.0_iFix002) QC 18045 date: 2010/12/08 ------------------------------------------- Reconnect to submit processes, if the C:D node gets re-cycled, and the connection is lost. 1.4.0.0_iFix003) QC 18208 date: 2011/01/07 ------------------------------------------- Added a system property "trace", which when enabled will display Connect:Direct traces. 1.4.0.0_iFix004) QC 18367 date: 2011/01/11 ------------------------------------------- Changed the informational message is locked and cannot be processed to is in delay period and cannot be processed. 1.4.0.0_iFix005) QC 19105 date: 2011/04/22 ------------------------------------------- Allow SNMP listener ports between 0 and 65535. 1.4.0.0_iFix006) QC 19181 date: 2011/05/17 ------------------------------------------- Modified the code to display the warning message about a process not being found. 1.4.0.0_iFix007) QC 20233 date: 2011/10/21 ------------------------------------------- Modified the code that builds the regular expression for a simple match. 1.4.0.0_iFix008) QC 20513 date: 2012/01/26 ------------------------------------------- File name variables inside longer submit process symbol values may result in a symbol value with inadvertent double quotes embedded. 1.4.0.0_iFix009) RTC 324005 / APAR IC83308 date: 2012/05/10 ------------------------------------------------------------ Always add start(^) and end($) anchors when building a simple match. 1.4.0.0_iFix010) RTC 336126 / APAR IC84774 date: 2012/06/21 ------------------------------------------------------------ Disable .console.stdout file in cdfa$.lax on Windows to prevent it from filling up disk space. CDFA.log already has the same information. 1.4.0.0_iFix011) QC 16496 date: 2012/07/04 ------------------------------------------- The system property -Dcasesensitive=true must be added to the cdfa.lax file to honor case sensitivity when using symbolics not supported by File Agent, and when connected to z/OS. 1.4.0.0_iFix012) RTC 338195 / APAR IC85117 date: 2012/07/05 ------------------------------------------------------------ Updated log4j 1.2.16 to fix an java.io.InterruptedIOException when interrupting the Gateserver thread at shutdown on Solaris. 1.4.0.0_iFix013) RTC 341662 / APAR IC85743 date: 2012/08/02 ------------------------------------------------------------ Version information will be displayed in V.R.M.F format. Fixed the version reported to Sterling Control Center. 1.4.0.0_iFix014) RTC 344434 date: 2012/08/21 --------------------------------------------- If ignoreos390volumes is true, strip off all indication of volumes so that archived datasets look just like the restored dataset and are not treated as being new/different. 1.4.0.0_iFix015) RTC 365252 / APAR IC94012 date: 2013/10/08 ------------------------------------------------------------ File Agent should automatically escape special file name characters stored in FA_* variables. Specifically, ()'~& The user has no way to manually escape these because they're only found at runtime, then plugged into the FA_* variables. Added for when PNODE is Windows. Other platforms not changed yet. This feature is "On" by default. To disable, start File Agent with --disableAutoEscape. In addition, File Agent is now certified on Microsoft Windows Server 2012. 1.4.0.0_iFix016) RTC 411224 / APAR IC99436 date: 2014/01/28 ------------------------------------------------------------ IBM Sterling Connect:Direct File Agent is affected by a vulnerability in the IBM Runtime Environment, Java(TM) Technology Edition (CVE-2013-1500). 1.4.0.0_iFix017) RTC 412063 date: 2014/02/14 --------------------------------------------- Change the default install folder name on UNIX back to "FileAgent". 1.4.0.0_iFix018) RTC 368850 / APAR IC99411 date: 2014/02/25 ------------------------------------------------------------ Fixed a java.lang.NoClassDefFoundError exception at startup when SNMP source port range is configured. 1.4.0.0_iFix019) RTC 414185 date: 2014/04/03 --------------------------------------------- Obfuscate API password in configuration report (-r). 1.4.0.0_iFix020) RTC 453743 / APAR IT07059 date: 2015/02/18 ------------------------------------------------------------ Multiple vulnerabilities in IBM Java SDK affects IBM Sterling Connect:Direct File Agent (CVE-2014-3065, CVE-2014-6468). Updated the JRE. 1.4.0.0_iFix021) RTC 459300 / APAR IT07947 date: 2015/03/24 ------------------------------------------------------------ Enhanced File Agent log monitoring and alerting. 1.4.0.0_iFix022) RTC 460416 / APAR IT09238 date: 2015/06/02 ------------------------------------------------------------ Installs on AIX 5.3 and Solaris 9 systems fail due to bundling JRE 7. Sterling Connect:Direct for UNIX 4.1.0 supports those operating systems, so this fix bundles JRE 6 for them. NOTICE: This iFix marks the end of support for AIX 5.3 and Solaris 9. 1.4.0.0_iFix023) RTC 469046 / APAR IT09495 date: 2015/06/17 ------------------------------------------------------------ A vulnerability in IBM Java Runtime affects IBM Sterling Connect:Direct File Agent (CVE-2015-0383). Updated the hybrid JREs on Solaris and HP-UX. 1.4.0.0_iFix024) RTC 461731 / APAR IT10974 date: 2015/08/31 ------------------------------------------------------------ Improved the error message when File Agent is unable to list directories / files in a directory, like when the user does not have read permission, replacing the user-unfriendly "WinDir.scanDir ... filter list of files is null" messages. 1.4.0.0_iFix025) RTC 502610 / APAR IT18290 date: 2016/12/09 ------------------------------------------------------------ Fixed a java.lang.IndexOutOfBoundsException in the ConfigFileWatcher thread sometimes occurring before a configuration refresh. Also rearranged the sequence to first check for shutdown before checking the configuration. Fixed a "Service name:FileAgent not found." exception occasionally occurring during shutdown. Added a new log INFO message to show the number of restarts for configuration refresh: "Services have stopped and will be restarted (#)" 1.4.0.0_iFix026) RTC 535414 / APAR IT20205 date: 2017/04/26 ------------------------------------------------------------ Support for new File Agent variables for 2-digit year, milliseconds and counters: %FA_FDATE2. The date a file was last modified. This value has 6 characters representing year (2-digit), month, and day, for example 170426. %FA_FDATE_YEAR2. The year (2-digit) in which a file was last modified, for example 17. %FA_DATE2. The current date. This value has 6 characters representing year (2-digit), month, and day, for example 170426. %FA_DATE_YEAR2. The current year (2-digit), for example 17. %FA_FTIME_MS. The millisecond a file was last modified, for example, 067. %FA_TIME_MS. The current millisecond, for example 067. %FA_NUM2. A 5-digit number in the range of 00000..99999, for example 00345. The counter always starts with 0 at File Agent startup and is increased by 1 on every process submission. The counter remains its current value through a configuration refresh. %FA_NUM3. A 9-digit number in the range of 000000000..999999999, for example 000006789. The counter always starts with 0 at File Agent startup and is increased by 1 on every process submission. The counter remains its current value through a configuration refresh. 1.4.0.0_iFix027) RTC 535596 date: 2017/04/26 --------------------------------------------- Multiple date/time variables specified in the same rule can resolve to different values in the command after substitution. 1.4.0.0_iFix028) RTC 466327 date: 2018/04/30 --------------------------------------------- Updated installer to support newer Windows and UNIX OS versions. 1.4.0.0_iFix029) RTC 469046 date: 2018/04/30 --------------------------------------------- Upgraded the JRE to IBM Runtime Environment, Java(TM) Technology Edition version 8 on Windows. 1.4.0.0_iFix030) RTC 563325 / APAR IT25476 date: 2018/06/22 ------------------------------------------------------------ Improved first-failing snapshot capturing. Added stack trace to snaps file and generated a more unique filename. 1.4.0.0_iFix031) MFT-9482 / APAR IT25319 date: 2018/08/17 ---------------------------------------------------------- A vulnerability in IBM Java Runtime affects IBM Sterling Connect:Direct File Agent (CVE-2018-2602). Updated or upgraded the IBM Runtime Environment, Java(TM) Technology Edition to JRE 8 for Windows, AIX, Linux and HP-UX Itanium JRE 7 for Solaris SPARC and x86 JRE 6 for HP-UX PA-RISC NOTICE: This is the last release to be published for File Agent 1.4.0 for HP-UX PA_RISC. In the future, releases for this platform will be available on demand only from Customer Support. 1.4.0.0_iFix032) MFT-9881 date: 2018/09/12 ------------------------------------------- Ignore duplicate watchdir entries to prevent files being processed twice. (partial fix; restriction: case-sensitive on Windows) 1.4.0.0_iFix033) MFT-9055 date: 2018/09/13 ------------------------------------------- Add support for connecting to a Connect:Direct server using a Java Connection Utility (JCU) file. A JCU file contains all required connection information, including the server's address and user credentials. To enable the use of a JCU file: (1) Type the value jcu in both the Userid for API and the Password for API fields. (2) Create or update the JCU file by running the following command line from the File Agent directory: java -classpath CDJAI.jar com.sterlingcommerce.cd.sdk.JCU "-fcddef.jcu" Enter Node, Address, Port, UserId, Password and Protocol ("tcpip") for your CD node. Note that the associated fields from the File Agent configuration will be ignore for this connection. 1.4.0.0_iFix034) MFT-9989 / APAR IT26921 date: 2018/11/12 ---------------------------------------------------------- Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling Connect:Direct File Agent (CVE-2018-165, CVE-2018-12539). Updated the IBM Java Runtime to addressed the applicable CVEs. 1.4.0.0_iFix035) MFT-10094 / APAR IT28785 date: 2019/04/12 ----------------------------------------------------------- Installer fails on some UNIX systems with error "Installer User Interface Mode Not Supported". Updated installer, which also adds support for newer Windows and UNIX OS versions. 1.4.0.0_iFix036) MFT-10245 / APAR IT28783 date: 2019/04/12 ----------------------------------------------------------- Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling Connect:Direct File Agent (CVE-2018-1890, CVE-2018-12547). Updated the IBM Java Runtime to addressed the applicable CVEs. 1.4.0.0_iFix037) MFT-10247 date: 2019/04/29 -------------------------------------------- Support for multiple ICC Event Processors. 1.4.0.0_iFix038) MFT-10246 date: 2019/04/30 -------------------------------------------- Support for making the SNMP status trap frequency configurable. 1.4.0.0_iFix039) MFT-10323 date: 2019/04/30 -------------------------------------------- Make specifying the API password optional. When API userid is "jcu", also make specifying API host and port optional, since they will be loaded from the JCU file anyway. 1.4.0.0_iFix040) MFT-10334 date: 2019/05/03 -------------------------------------------- Improve File Agent Field Help readability by increasing the font size and updating some help contents. 1.4.0.0_iFix041) MFT-10015 date: 2019/05/06 -------------------------------------------- Ignore duplicate watchdir entries on Windows to prevent files being processed twice. This completes 1.4.0.0_iFix032 on Windows. 1.4.0.0_iFix042) CDUA-1470 date: 2019/05/20 -------------------------------------------- Support for SUSE Linux Enterprise Server (SLES) on IBM POWER architecture (LE). 1.4.0.0_iFix043) CDWA-748 date: 2019/05/24 ------------------------------------------- Updated IBM Application Interface for Java (AIJ) to allow an empty API password. 1.4.0.0_iFix044) MFT-10378 date: 2019/06/11 -------------------------------------------- When API host DNS name is set to a loopback address, send the host IP address in SNMP traps instead. 1.4.0.0_iFix045) CDWA-748 date: 2019/06/14 ------------------------------------------- Updated IBM Application Interface for Java (AIJ) and added its new cdaij.properties file. Set allow.no.password.local.connection=true (default) to allow File Agent attempting a sign-on when no API password has been configured. Otherwise the AIJ will fail the sign-on attempt directly. 1.4.0.0_iFix046) MFT-10497 / APAR IT30052 date: 2019/08/21 ----------------------------------------------------------- Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling Connect:Direct File Agent on AIX platform (CVE-2019-4473, CVE-2019-11771). Updated the IBM Java Runtime to 8.0.5.40 64-bit on AIX to addressed the applicable CVEs. 1.4.0.0_iFix047) MFT-10591 / APAR IT30400 date: 2019/09/26 ----------------------------------------------------------- Installation on some systems with limited 32 bit library support may fail, reporting "JRE libraries are missing or not compatible." Also, File Agent installed on an EFS file system in an Amazon Web Services EC2 instance will fail to start, reporting "Error: missing 'j9vm' JVM". 1.4.0.0_iFix048) FLAG-75 date: 2019/12/17 ------------------------------------------ Updated logging, i.e. logging of files found is more compact now. 1.4.0.0_iFix049) FLAG-70 date: 2019/12/17 ------------------------------------------ Support for high availability is introduced. When running multiple File Agents from different folders or on different computers, specify a shared work directory (-w) on the command line. The shared work directory allows the File Agents to synchronize work and determine who is active or standby. The shared work directory must exist before starting File Agent and must be available to all instances. 1.4.0.0_iFix050) FLAG-33 date: 2019/12/18 ------------------------------------------ Terminate instead of launching configurator when no viable configuration could be found. 1.4.0.0_iFix051) FLAG-78 date: 2019/12/18 ------------------------------------------ Improved time to shutdown File Agent and to restart after a configuration refresh. 1.4.0.0_iFix052) MFT-10803 date: 2019/12/18 -------------------------------------------- Ignore empty watchdir entries (""). 1.4.0.0_iFix053) MFT-10963 / APAR IT32172 date: 2020/03/11 ---------------------------------------------------------- Installation fails on Windows Server 2019 with an error: "Flexeraaw7$aaa: Windows DLL failed to load". 1.4.0.0_iFix054) MFT-10969 / APAR IT32244 date: 2020/03/19 ----------------------------------------------------------- There is a vulnerability in the IBM Runtime Environment Java Technology Edition, Version 7 and 8 used by IBM Sterling Connect:Direct File Agent on Microsoft Windows. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE (CVE-2019-4732). 1.4.0.0_iFix055) FLAG-83 date: 2020/03/20 ----------------------------------------- Support for Microsoft Windows Server 2019. All iFixes and fix packs listed above are accumulated in fix pack 1 (1.4.0.1). ==================== iFixes after 1.4.0.1 ==================== 1.4.0.1_iFix001) MFT-11437 / APAR IT34532 date: 2020/10/14 ----------------------------------------------------------- When a directory scan detects that a previously existing file is gone, the checkpoint status is correctly updated, but may not be saved to disk. This can lead to an incorrect checkpoint status after a restart. 1.4.0.1_iFix002) MFT-11477 / APAR IT34592 date: 2020/10/19 ----------------------------------------------------------- File Agent can get into an endless loop when a user requests a shutdown during startup or restart. The log will fill up with messages: INFO - System event: "Error finding service drone" 1.4.0.1_iFix003) MFT-11310 / APAR IT34817 date: 2020/11/06 ----------------------------------------------------------- Improved the high availability feature (-d). Added debug logging and removed the temporary debug code that was added after 1.4.0.1. Added a stand-alone application to test file locking: com.sterlingcommerce.cd.cdcommon.RAFile 1.4.0.1_iFix004) MFT-11581 / date: 2020/11/18 --------------------------------------------- cdfa option list fix -typo on --ignoreos390filetype parameter. -Added -h, --help option to display options list -Some obsolete options removed from options list (-z -W -r) -Help jar updated 1.4.0.1_iFix005) MFT-11631 / APAR IT36510 date: 2021/03/11 ----------------------------------------------------------- There is a vulnerability in the IBM Runtime Environment Java Technology Edition, Version 7 and 8 used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE (CVE-2020-14782) on AIX, Linux, Solaris and Windows. 1.4.0.1_iFix006) MFT-11829 / APAR IT36189 date: 2021/03/11 ----------------------------------------------------------- There is a vulnerability in the IBM Runtime Environment Java Technology Edition, Version 7 and 8 used by IBM Sterling Connect:Direct File Agent on AIX and Linux. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE (CVE-2020-27221). 1.4.0.1_iFix007) FLAG-110 date: 2021/03/25 ------------------------------------------- Support for S3 object store on Linux, performance improvements and new File Agent variables: %FA_WATCHED_FILE_FOUND. On S3 Object Stores, the value is the object name detected before any scheme substitution occurred. On other file systems, the value is the same as %FA_FILE_FOUND. %FA_FSTYPE. The file or object File System type. Windows, Unix, OS390, AWSS3. %FA_SCHEME. On S3 Object Stores only. This is the object scheme when Connect Direct File Agent discovered the object. %FA_OUTSCHEME. On S3 Object Stores only. This is the object scheme if a scheme substitution occurred. Without substitution, value is the same as %FA_SCHEME. All iFixes and fix packs listed above are accumulated in fix pack 2 (1.4.0.2). ==================== iFixes after 1.4.0.2 ==================== 1.4.0.2_iFix001) MFT-12031 / APAR IT36551 date: 2021/04/08 ----------------------------------------------------------- Checkpoint conversion fails on Unix when moving to 1.4.0.2. 1.4.0.2_iFix002) FLAG-133 date: 2021/04/16 ------------------------------------------- On Windows, File Agent does non case sensitive match on S3 objects. 1.4.0.2_iFix003) MFT-12085 / APAR IT37065 date: 2021/05/11 ----------------------------------------------------------- On Linux and AIX, Files can be processed twice after upgrade to 1.4.0.2. Occurs only once. 1.4.0.2_iFix004) MFT-12151 / APAR IT37066 date: 2021/05/14 ----------------------------------------------------------- File Agent can't process files without write permission on other: WARN - File ignored during this scan (In use) 1.4.0.2_iFix005) MFT-12283 date: 2021/06/22 (disabled) ------------------------------------------------------- When a scan finds that a previously processed file has changed but is being ignored (in delay), it incorrectly removes the file from the checkpoint. Nevertheless the file is correctly processed during the next scan. 1.4.0.2_iFix006) MFT-12258 date: 2021/06/23 -------------------------------------------- Removed stale CDFAConfigGuide.pdf from the installation. The latest documentation is available online (also as PDF download): https://www.ibm.com/docs/en/connect-direct/6.1.0?topic=agent-sterling-connectdirect-file-overview Also removed the obsolete cdfa.bat file on Windows. 1.4.0.2_iFix007) MFT-11786 / APAR IT37647 date: 2021/07/15 ----------------------------------------------------------- Updated the installer to fix an unquoted Windows Service binpath created by InstallAnywhere when installing on a file system that has the 8dot3name setting disable. 1.4.0.2_iFix008) MFT-12242 / APAR IT37680 date: 2021/07/19 ----------------------------------------------------------- There are vulnerabilities in Apache Commons (CVE-2020-1953) and in FasterXML jackson-databind (CVE-2018-7489) used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the CVEs. 1.4.0.2_iFix009) FLAG-192 date: 2021/07/20 ------------------------------------------- The Java Connection Utility (JCU) no longer requires the user to enter a password. An empty password is required when setting up certificate-based user authentication in File Agent. 1.4.0.2_iFix010) MFT-12377 / APAR IT37822 date: 2021/07/29 ----------------------------------------------------------- Disabled verbose logging by default again and fixed its log level in log4j2.properties. Issue was introduced in 1.4.0.2_iFix005. 1.4.0.2_iFix011) MFT-11631 / APAR IT36510 date: 2021/08/09 ----------------------------------------------------------- There is a vulnerability in the IBM Runtime Environment Java Technology Edition, Version 7 and 8 used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE (CVE-2020-14782) on HP-UX. 1.4.0.2_iFix012) FLAG-254 / date: 2021/09/21 ----------------------------------------------------------- The logging configuration update watch interval no longer works with log4j2. A property must be set in the configuration file to enable configuration change watch. monitorInterval=nn (nn in seconds) is the property to set in log4j2.properties file. 1.4.0.2_iFix013) MFT-12771 / APAR IT39415 date: 2021/12/12 ----------------------------------------------------------- There is a vulnerability in Apache Log4j used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE (CVE-2021-44228) and updated Log4j to version 2.15.0. 1.4.0.2_iFix014) MFT-12788 / APAR IT39413 date: 2021/12/15 ----------------------------------------------------------- There is a vulnerability in Apache Log4j used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE (CVE-2021-45046) and updated Log4j to version 2.16.0. 1.4.0.2_iFix015) MFT-12792 / APAR IT39431 date: 2021/12/16 ----------------------------------------------------------- Logon failed for a local connection without password, because allow.local.connection=true was not set in cdjai.properties. 1.4.0.2_iFix016) MFT-12800 / APAR IT39465 date: 2021/12/17 ----------------------------------------------------------- Updated classpath settings in lax files on Windows. 1.4.0.2_iFix017) MFT-12805 / APAR IT39463 date: 2021/12/20 ----------------------------------------------------------- There is a vulnerability in Apache Log4j used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE (CVE-2021-45105) and updated Log4j to version 2.17.0. 1.4.0.2_iFix018) MFT-12839 / date: 2022/01/05 ----------------------------------------------------------- Updated Log4j to version 2.17.1. 1.4.0.2_iFix019) MFT-12840 / date: 2022/01/05 ----------------------------------------------------------- An IOError is reported when a folder, sub folder or file is not readable. Logging is improved and error better reported with a more detailed message. 1.4.0.2_iFix020) MFT-12840 / date: 2022/01/20 ----------------------------------------------------------- Improve previous iFix019. When a folder does not exist, folder is marked 'as not readable'. Error is now correctly logged with message 'does not exist'. 1.4.0.2_iFix021) MFT-12890 / APAR IT39907 date: 2022/02/08 ----------------------------------------------------------- Startup can take a long time before the first directory scan gets started, especially when many directories are located on slow or remote file systems. Improved the method to resolve the list of watched directories and also added a warning for duplicate entries that will be ignored. 1.4.0.2_iFix022) MFT-13018 / APAR IT40131 date: 2022/03/02 ----------------------------------------------------------- On zOS, a java.util.ConcurrentModificationException occurs when scanning new files on a watched directory. Once this exception occurs, it occurs each time a new scan is scheduled and no more scan can be performed for this watched directory. PDS/PDSE support is improved. 1.4.0.2_iFix023) MFT-13091 / APAR IT40350 date: 2022/03/22 ----------------------------------------------------------- On zOS, a warning message is displayed with 'process name' not found. Process is located in DMPUBLIB and File Agent doesn't/can't check DMPUBLIB. This warning message is removed. 1.4.0.2_iFix024) MFT-13108 / APAR IT40409 date: 2022/03/28 ----------------------------------------------------------- On zOS, when process parameters substitution occurs, filename (%FA_FILE_FOUND.) contains the zOS specials attributes including the type and volume(s) (LOs390/dsn;A;VOLSER(s);). The substitution is invalid for CD. 1.4.0.2_iFix025) MFT-12994 / APAR IT40357 date: 2022/04/07 ----------------------------------------------------------- IBM Control Center was not able to associate File Agent with the correct Connect:Direct node when File Agent was using a Java Connection Utility (JCU) file and the specified API host/port did not match the configuration file. 1.4.0.2_iFix026) MFT-13406 / APAR IT41040 date: 2022/06/15 ----------------------------------------------------------- There are vulnerabilities in the IBM Runtime Environment Java Technology Edition, Version 7 and 8 used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVEs (CVE-2021-35550, CVE-2021-35603) on AIX, Linux, Solaris and Windows. 1.4.0.2_iFix027) MFT-13492 / APAR IT41451 date: 2022/07/15 ----------------------------------------------------------- There is a vulnerability in Apache Commons Configuration used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE (CVE-2022-33980). 1.4.0.2_iFix028) MFT-13546 date: 2022/08/11 ----------------------------------------------------------- Minor improvement to the stand-alone test application for high availability file locking: com.sterlingcommerce.cd.cdcommon.RAFile 1.4.0.2_iFix029) MFT-13782 / APAR IT42065 date: 2022/10/20 ----------------------------------------------------------- There is a vulnerability in Apache Commons Text used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE (CVE-2022-42889). 1.4.0.2_iFix030) MFT-13830 / APAR IT42172 date: 2022/11/08 ----------------------------------------------------------- There are vulnerabilities in jackson-databind used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVEs (CVE-2022-42003, CVE-2022-42004). 1.4.0.2_iFix031) MFT-13902 / APAR IT42618 date: 2022/12/15 ----------------------------------------------------------- When converting an old checkpoint to a new format, an error can occur and conversion fails. File Agent Service restart indefinitely with the same error. 1.4.0.2_iFix032) MFT-13881 / APAR IT42632 date: 2022/12/29 ----------------------------------------------------------- When configuration file changed while FileAgent is processing directories, some files may be processed twice when FileAgent restarts. 1.4.0.2_iFix033) FLAG-280 date: 2023/01/26 ----------------------------------------------------------- Updated the installer to InstallAnywhere 2021. 1.4.0.2_iFix034) MFT-13863, MFT-13998 / APAR IT42944 date: 2023/01/26 ---------------------------------------------------------------------- There are vulnerabilities in the IBM Runtime Environment Java Technology Edition, Version 7 and 8 and Eclipse OpenJ9 used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVEs (CVE-2022-3676, CVE-2022-21626) on AIX, Linux, Solaris and Windows. 1.4.0.2_iFix035) FLAG-277 date: 2023/01/26 ----------------------------------------------------------- Disabled Java Attach API (com.ibm.tools.attach.enable) by default. 1.4.0.2_iFix036) FLAG-283 / APAR IT41040 date: 2023/02/01 ----------------------------------------------------------- There are vulnerabilities in the IBM Runtime Environment Java Technology Edition, Version 7 and 8 used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVEs (CVE-2021-35550, CVE-2021-35603) on HP-UX. See 1.4.0.2_iFix026 for other platforms. 1.4.0.2_iFix037) MFT-14000 / APAR IT43065 date: 2023/02/07 ----------------------------------------------------------- On zOS, when a rule or the default rule declares a process file located on the Unix file system, this file is not read as expected and process submitted to Connect:Direct is malformed. Error returned by CD is SCBI033I with message "Invalid process name in 'PROC' parameter". 1.4.0.2_iFix038) FLAG-285 / date: 2023/02/14 ----------------------------------------------------------- Updated Jackson libraries to 2.14.2 and Log4j to 2.20.0 1.4.0.2_iFix039) MFT-14264 / APAR IT43713 date: 2023/05/09 ----------------------------------------------------------- Vulnerabilities in the IBM Runtime Environment Java Technology Edition, Version 7 and 8 affect IBM Sterling Connect:Direct File Agent. Updated bundled IBM Java to version 8.0.8.0 on AIX, Linux, Solaris and Windows to address CVE-2022-21426, CVE-2023-21830 and CVE-2023-21843. In addition, updated bundled IBM Java to version 8.0.7.20 on HP-UX. 1.4.0.2_iFix040) MFT-14410 / IT43834 date: 2023/05/26 ----------------------------------------------------------- mft-shared updated to 20230519 for Spring Framework (CVE-2023-20863) and FasterJackson (PRISMA-2023-0067) 1.4.0.2_iFix041) MFT-14557 date: 2023/06/22 ----------------------------------------------------------- File Agent is affected by a vulnerability in jackson-databind (CVE-2023-35116). Updated FasterJackson libraries to 2.15.2. 1.4.0.2_iFix042) MFT-14539 / APAR IT44082 date: 2023/06/30 ----------------------------------------------------------- Vulnerabilities in the IBM Runtime Environment Java Technology Edition, Version 7 and 8 apply to IBM Sterling Connect:Direct File Agent. Vulnerable: CVE-2023-21930, CVE-2023-21939, CVE-2023-21967, CVE-2023-21968. Affected: CVE-2023-2597, CVE-2023-21937, CVE-2023-21938, CVE-2023-21954. Updated bundled IBM Java to version 8.0.8.5 on AIX, Linux and Windows. 1.4.0.2_iFix043) MFT-14571 / APAR IT44088 date: 2023/07/03 ----------------------------------------------------------- File Agent is affected by a vulnerability in BouncyCastle (CVE-2023-33201). Updated BouncyCastle libraries to 1.75. 1.4.0.2_iFix044) FLAG-294 / APAR IT44200 date: 2023/07/20 ----------------------------------------------------------- File Agent is affected by a vulnerability in Google Guava (CVE-2023-2976). Updated Guava libraries to 32.0.1. 1.4.0.2_iFix045) FLAG-301 date: 2023/10/30 ----------------------------------------------------------- Updated the installer to InstallAnywhere 2022 to support Windows 11 and Windows Server 2022. 1.4.0.2_iFix046) MFT-14968 / APAR IT44936 date: 2023/11/13 ----------------------------------------------------------- UDP port exhaustion may occur when sending SNMP traps to IBM Control Center. Updated File Agent to no longer allocate new ports with every event. NOTICE: This is the last release published for File Agent 1.4.0 for Solaris x64. File Agent has reached reached its end of support on this platform. 1.4.0.2_iFix047) MFT-15206 / APAR IT45208 date: 2024/01/03 ----------------------------------------------------------- Updated help pages for Process Arguments to include Submit parameters. 1.4.0.2_iFix048) FLAG-302 date: 2024/01/03 ----------------------------------------------------------- File Agent can be executed with a Java 8 or Java 17 IBM Runtime. 1.4.0.2_iFix049) MFT-14802, MFT-15090 / APAR IT45195 date: 2024/02/14 ---------------------------------------------------------------------- Vulnerabilities in the IBM Runtime Environment Java Technology Edition, Version 7 and 8, and IBM Semeru Runtime 17 apply to IBM Sterling Connect:Direct File Agent. Vulnerable: CVE-2023-5676, CVE-2023-22081 Affected: CVE-2023-22045, CVE-2023-22049, CVE-2023-22067 Updated bundled IBM Runtime to version 8.0.8.15 on Solaris SPARC and to version 17.0.9.0 on AIX, Linux and Windows. NOTICE: This is the last release published for File Agent 1.4.0 for HP-UX Itanium. In the future, releases for this platform will be available on demand only from Customer Support. ==================== iFixes after 1.4.0.3 ==================== 1.4.0.3_iFix001) MFT-15314 / APAR IT45520 date: 2024/02/19 ----------------------------------------------------------- On zOS, some rules evaluation fail because evaluation on file name is executed on file name + specials attributes including the type and volume(s) (LOs390/dsn;A;VOLSER(s);). The rule should evaluate only on the dataset name without the attributes. 1.4.0.3_iFix002) MFT-15426 / APAR IT45548 date: 2024/02/22 ----------------------------------------------------------- Configurator does not display help information on UNIX: "An attempt to locate a resource has failed." 1.4.0.3_iFix003) MFT-15411 / APAR IT45659 date: 2024/03/08 ----------------------------------------------------------- Vulnerabilities in the IBM Runtime Environment Java Technology Edition, Version 7 and 8 apply to IBM Sterling Connect:Direct File Agent. Vulnerable: CVE-2024-20952, CVE-2023-33850 Affected: CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945 Updated bundled IBM Java Runtime to version 8.0.8.20 on Solaris SPARC. 1.4.0.3_iFix004) MFT-15509 / APAR IT45660 date: 2024/03/08 ----------------------------------------------------------- Vulnerabilities in the IBM Semeru Runtime 17 apply to IBM Sterling Connect:Direct File Agent. Vulnerable: CVE-2024-20952 Affected: CVE-2024-20932, CVE-2024-20918, CVE-2024-20921, CVE-2024-20926, CVE-2024-20945, CVE-2024-22361 Updated bundled IBM Semeru Runtime to version 17.0.10.0 on AIX, Linux and Windows. 1.4.0.3_iFix005) MFT-15121 / APAR IT45874 date: 2024/04/04 ----------------------------------------------------------- Support for transferring files with non-standard characters in file name by enabling the allow.windows.encoding property in cdjai.properties file. Addressed subsequent failures/crash after the first encoding failure. Dump decoded / encoded error messages only in DEBUG mode. 1.4.0.3_iFix006) MFT-15121 / APAR IT45874 date: 2024/04/08 ----------------------------------------------------------- Fixed minor issue on AIJ to support transferring files with non-standard characters. 1.4.0.3_iFix007) FLAG-318 / date: 2024/04/08 ----------------------------------------------------------- OWASP scan reports invalid/previously fixed issues due to a jar manifest error. 1.4.0.3_iFix008) MFT-15626 / APAR IT45926 date: 2024/04/12 ----------------------------------------------------------- File Agent service crashes on Windows (>=1.4.0.3_iFix006). Enabled allow.windows.encoding=true by default. 1.4.0.3_iFix009) MFT-15628 / APAR IT46085 date: 2024/05/03 ----------------------------------------------------------- File Agent is affected by vulnerabilities in Bouncy Castle Affected: CVE-2024-29857, CVE-2024-30172, CVE-2024-30171 Updated BouncyCastle libraries to 1.78.0 1.4.0.3_iFix010) MFT-15547 / APAR IT46182 date: 2024/05/17 ----------------------------------------------------------- On AIX, the installer and java fail with "Illegal instruction" when Stack Execution Disable (SED) mode is enabled. 1.4.0.3_iFix011) MFT-15755 / APAR IT46181 date: 2024/05/17 ----------------------------------------------------------- Vulnerabilities in the IBM Runtime Environment Java Technology Edition, Version 7 and 8 apply to IBM Sterling Connect:Direct File Agent. Affected: CVE-2024-21094, CVE-2024-21085, CVE-2024-21011, CVE-2023-38264 Updated bundled IBM Java Runtime to version 8.0.8.25 on Solaris SPARC. 1.4.0.3_iFix012) MFT-15810 / APAR IT46522 date: 2024/07/11 ----------------------------------------------------------- Vulnerabilities in the IBM Semeru Runtime 17 apply to IBM Sterling Connect:Direct File Agent. Affected: CVE-2024-21085, CVE-2024-21012, CVE-2024-3933 Updated bundled IBM Java Runtime to version 17.0.11.0 on AIX, Linux x64 & PPC and Windows. 1.4.0.3_iFix013) MFT-16229 / APAR IT46952 date: 2024/09/25 ----------------------------------------------------------- Vulnerabilities in the IBM Runtime Environment Java Technology Edition, Version 7 and 8 apply to IBM Sterling Connect:Direct File Agent. Affected: CVE-2024-21147, CVE-2024-21145, CVE-2024-21140, CVE-2024-21144, CVE-2024-21138, CVE-2024-21131, CVE-2024-27267 Updated bundled IBM Java Runtime to version 8.0.8.30 on Solaris SPARC. 1.4.0.3_iFix014) MFT-16231 / APAR IT46953 date: 2024/09/25 ----------------------------------------------------------- Vulnerabilities in the IBM Semeru Runtime 17 apply to IBM Sterling Connect:Direct File Agent. Affected: CVE-2024-21145, CVE-2024-21144, CVE-2024-21131 Updated bundled IBM Java Runtime to version 17.0.12.0 on AIX, Linux x64 & PPC and Windows.