JR54678 Business Space 8.5.7.0 interim fix dependency information and installation instructions: 1. Interim fix dependencies =========================== Prerequisite APARs: None Superseded APARs: JR55592 - RES DATASOURCE IN CONTENTHANDLER FRAMEWORK ALLOWS UNRESTRICTED ACCESS TO PROTECTED RESOURCES JR54571 - CRITICAL XXE VULNERABILITY. JR54574 - CRITICAL SSRF VULNERABILITY IN BUSINESS SPACE AND MASHUPS. JR54575 - ERROR CODES OF MASHUPS CAN BE USED TO DETECT SERVERS. JR54573 - USER ENUMERATION IS POSSIBLE BY UNPRIVILEGED USERS. JR54572 - BUSINESS SPACE 'LOCKEDDOWN' MODE DOES NOT LOCK THE REST API. JR53175 - IMPROVE CACHING IN BUSINESS SPACE AND MASHUPS COMPONENTS OF BPM AND BUSINESS MONITOR. JR53678 - PRIVATE CACHE CONTROL HEADERS FOR SOME FILES PREVENT CACHING OF CONTENT. 2. Interim fix installation order (Installation Manager) ======================================================== JR54678 (repository name: 8.5.7.0-WS-BPM-IFJR54678) 3. Interim Fix Installation instructions ======================================== a. Stop the stand-alone server or network deployment environment. b. For each physical installation (of Business Process Manager, Business Monitor, or stand-alone Business Space) in the environment, perform the following steps: Install the prerequisite APAR. Follow the following links. Follow http://www-01.ibm.com/support/docview.wss?uid=swg27041891#install http://www-01.ibm.com/support/docview.wss?uid=swg24037401 http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+Business+Monitor&release=8.5.7.0&platform=All&function=fixId&fixids=8.5.7.0-WS-BSPACE-IF0000001&includeSupersedes=0 i. Download 8.5.7.0-WS-BPM-IFJR54678.zip. ii. Edit Installation Manager preferences to point to the 8.5.7.0-WS-BPM-IFJR54678.zip repository. Then install the interim fix using instructions available at http://www-01.ibm.com/support/docview.wss?uid=swg27041891#install Note: There are several post installation steps. See steps 4.1, 4.2 and 4.3 below. 4. Post Installation Manager install instructions ================================================= 4.1 Follow these steps to restrict user and group search in Business Space to only the administrators. a. Launch the WebSphere Application Server administrative console. b. Navigate to Resources > Resource Environment > Resource environment providers > Mashups_ConfigService > Custom properties and create a new 'String' type property named 'com.ibm.mashups.usersearch.blocked'. Set the value to true. When set to true, only the administrators can search users or groups via Business Space UI. c. A restart the stand-alone server or network deployment environment is required. 4.2 Update the AJAX proxy configuration. a. Edit \BusinessSpace\SingleCluster\mm.runtime.prof\config\proxy-config.xml and add a new policy entry as shown below. Change the 'myserver:port' and the context root '/mum/ as applicable. GET POST PUT DELETE Note: If you need help, see 'Adding proxy policies to the Business Space Ajax proxy' at http://www-01.ibm.com/support/knowledgecenter/SS964W/com.ibm.wbpm.imuc.doc/topics/tcfg_bsp_ajax_add_policy.html b. Run the updateBlobConfig command using the wsadmin scripting client, designating the -serverName and -nodeName parameters for a stand-alone server or -clusterName for a cluster, -propertyFileName with the value of the path for the proxy-config.xml file, and -prefix with the value Mashups_. The following example uses Jython: AdminTask.updateBlobConfig('[-serverName server_name -nodeName node_name -propertyFileName "profile_root/BusinessSpace/node_name/server_name/mm.runtime.prof/config/proxy-config.xml" -prefix "Mashups_"]') AdminConfig.save() The following example uses Jacl: $AdminTask updateBlobConfig {-serverName server_name -nodeName node_name -propertyFileName "profile_root/BusinessSpace/node_name/server_name/mm.runtime.prof/config/proxy-config.xml" -prefix "Mashups_"} $AdminConfig save 4.3 Update Mashups and PageBuilder2 applications (BSpaceEAR.ear, mm.was.ear and PageBuilder2.ear). The EAR files are located at /installableApps/BusinessSpace/ 1. Manually update the Mashups EAR file, mm.was.ear, using the WebSphere Administrative Console. a. Open the WebSphere administrative console and navigate to Applications > Application types > WebSphere enterprise applications. b. Select the EAR file and choose “Export” to backup the version of the application prior to upgrading the application. c. Select the EAR file and choose “Update”. d. Choose to replace the entire application. e. Obtain the new EAR file from the file system at /installableApps/BusinessSpace. f. Make sure that server mappings are retained. g. Save the changes. h. If a network deployment environment is being used, then synchronize changes with nodes. Clear the browser's cache. 5. Uninstall instructions ========================= a. Stop the stand-alone server or network deployment environment. b. Using IBM Installation Manager, uninstall this interim fix. c. Start the stand-alone server or network deployment environment. d. Open the WebSphere administrative console and navigate to Applications > Application types > WebSphere enterprise applications. e. Select the Mashups and PageBuilder2 applications (BSpaceEAR.ear, mm.was.ear and PageBuilder2.ear) one at a time and choose “Update”. f. Choose to replace the entire application. g. Obtain the desired(previously exported or backed up) ear file(s) from the file system at /installableApps/BusinessSpace. h. Make sure that server mappings are retained. i. Save the changes. j. If a network deployment environment is being used, then synchronize changes with nodes. Clear the browser's cache. =========================