VOOZH about

URL: https://www.ibm.com/support/pages/node/715557

⇱ Fix list for IBM WebSphere Application Server Liberty


Fix list for IBM WebSphere Application Server Liberty

Product Readmes


Abstract

Fixes for WebSphere Application Server Liberty are delivered in fix packs periodically.  This is a complete listing of all the fixes for Liberty with the latest fixes at the top.

New fix pack numbering was introduced starting 16.0.0.2. Fix pack 16.0.0.2 for WebSphere Application Server Liberty is the first of a series of common Liberty levels that apply to both Version 8.5 and Version 9.0 of WebSphere Application Server on all supported platforms.

Content


  
Release Date
Total number of APARs
Total number of Security APARs
Total number of Open Liberty Release Fixes
👁 Image
16 June 2026
2
2
11
👁 Image
19 May 2026
4
1
6
👁 Image
21 April 2026
5
4
14
👁 Image
24 March 2026
5
2
9
👁 Image
24 February 2026
4
1
3
👁 Image
27 January 2026
2
1
14
👁 Image
2 December 2025
1
1
8
👁 Image
4 November 2025
3
0
6
👁 Image
7 October 2025
6
1
8
👁 Image
9 September 2025
4
4
6
👁 Image
12 August 2025
3
2
12
👁 Image
15 July 2025
2
0
17
👁 Image
17 June 2025
0
0
9
👁 Image
20 May 2025
1
0
9
👁 Image
22 April 2025
2
2
4
👁 Image
25 March 2025
1
0
8
👁 Image
25 February 2025
1
1
9
👁 Image
28 January 2025
2
0
11
👁 Image
3 December 2024
5
1
10
👁 Image
5 November 2024
2
1
6
👁 Image
8 October 2024
3
0
7
👁 Image
10 September 2024
4
1
12
👁 Image
13 August 2024
3
0
9
👁 Image
16 July 2024
1
0
9
👁 Image
18 June 2024
3
1
14
👁 Image
21 May 2024
3
3
7
👁 Image
23 April 2024
6
3
10
👁 Image
26 March 2024
4
1
12
👁 Image
27 February 2024
1
0
8
👁 Image
30 January 2024
1
0
14
👁 Image
12 December 2023
3
2
10
👁 Image
14 November 2023
3
0
10
👁 Image
17 October 2023
5
0
16
👁 Image
19 September 2023
1
0
13
👁 Image
22 August 2023
4
1
8
👁 Image
25 July 2023
3
0
9
👁 Image
27 June 2023
4
1
11
👁 Image
30 May 2023
4
0
16
👁 Image
2 May 2023
3
0
15
👁 Image
4 April 2023
2
0
11
👁 Image
7 March 2023
6
2
15
👁 Image
7 February 2023
1
0
15
👁 Image
20 December 2022
4
1
9
👁 Image
22 November 2022
4
1
15
👁 Image
25 October 2022
5
1
8
👁 Image
27 September 2022
3
1
8
👁 Image
30 August 2022
3
0
12
👁 Image
2 August 2022
4
2
14
👁 Image
5 July 2022
1
0
4
👁 Image
7 June 2022
3
2
12
👁 Image
10 May 2022
4
0
14
👁 Image
12 April 2022
5
0
13
👁 Image
15 March 2022
4
2
20
👁 Image
15 February 2022
7
2
16
👁 Image
18 January 2022
6
2
18
👁 Image
3 December 2021
1
0
13
👁 Image
5 November 2021
2
0
17
👁 Image
8 October 2021
5
2
14
👁 Image
10 September 2021
3
0
11
👁 Image
13 August 2021
1
0
7
👁 Image
15 July 2021
4
1
14
👁 Image
18 June 2021
2
0
11
👁 Image
21 May 2021
4
0
19
👁 Image
23 April 2021
3
2
12
👁 Image
26 March 2021
2
0
18
👁 Image
26 February 2021
3
0
12
👁 Image
29 January 2021
2
0
24
👁 Image
27 November 2020
6
0
16
👁 Image
30 October 2020
2
1
12
👁 Image
2 October 2020
6
1
11
👁 Image
4 September 2020
4
0
10
👁 Image
7 August 2020
2
0
10
👁 Image
9 July 2020
2
0
14
👁 Image
12 June 2020
4
0
15
👁 Image
15 May 2020
3
2
14
👁 Image
17 April 2020
6
1
19
👁 Image
20 March 2020
6
1
18
👁 Image
21 February 2020
11
2
29
👁 Image
24 January 2020
2
1
23
👁 Image
13 December 20191113
👁 Image
15 November 20198219
👁 Image
18 October 20198218
👁 Image
20 September 2019619
👁 Image
23 August 20196019
👁 Image
25 July 20194114
👁 Image
28 June 2019508
👁 Image
31 May 2019308
👁 Image
3 May 2019
4
1
15
👁 Image
5 April 2019
10
1
25
👁 Image
8 March 2019
9
0
18
👁 Image
8 February 201911124
👁 Image
14 December 2018
29
3
51
👁 Image
21 September 2018
31
5
38
👁 Image
29 June 2018
45
1
29
👁 Image
16 March 2018
32
3
84
👁 Image
21 December 2017
54
2
👁 Image
17 October 2017
109
3
👁 Image
13 June 2017
115
1
👁 Image
14 March 2017
90
0
👁 Image
13 December 2016
103
1
👁 Image
16 September 2016
107
7
👁 Image
24 June 2016
121
5
👁 Image
18 March 2016
141
2
👁 Image
11 December 2015
78
2
👁 Image
11 September 2015
👁 Image
26 June 2015
👁 Image
13 March 2015
👁 Image
8 December 2014
👁 Image
18 August 2014
👁 Image
28 April 2014
👁 Image
11 November 2013
👁 Image
14 June 2013
Fix pack 26.0.0.6
Fix release date: 16 June 2026     
Last modified: 16 June 2026     
Status: Recommended     

👁 Image
Download Fix pack 26.0.0.6
TitleIdea
Allow OutboundIp / Outbound Interface for IHS liberty plugin80
APAR

Security APAR

Description
PH70798IBM WebSphere Application Server Liberty is affected by a security bypass vulnerability (CVE-2026-5516 CVSS 4.4)
PH70807IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a denial of service (CVE-2026-4410 CVSS 4.8)
Issue/PRDescription
30564WINDOWS_SERVICE_STOP_TIMEOUT not used in stop command for Windows Service
31630HTTP/2 Intermittent server quiesce failure when the same connection stream is attempted to be closed multiple threads
33515A race condition in SocketRWChannelSelector causes CancelledKeyException
34288An NPE occurs in the TCP Channel Layer during Socket read due to a race condition seen in HTTP/2 connections
34506SecurityUtility AES encoding --key help text is out of date 26.0.0.3
34573io.openliberty.mpTelemetry.2.0.thirdparty is missing metric APIs (and a few others). Similarly for the stable io.openliberty.io.opentelemetry.2.1 jar
34773java9.options not loaded on Windows when JAVA_HOME not set
34802fix AES encryption issues with featureUtility
34857FFDC for AlreadyBound exception in EJBRemoteRuntimeImpl during application start
34863featureUtility exits with return code of 0 with malformed server.xml
34922IBM WebSphere Application Server Liberty is affected by a security bypass vulnerability (CVE-2026-5516)

  Back to top 

Fix pack 26.0.0.5
Fix release date: 19 May 2026     
Last modified: 19 May 2026     
Status: Superseded     

👁 Image
Download Fix pack 26.0.0.5
TitleIdea
Remove weaker ciphers from the HIGH cipher list in Liberty101
APARSecurity APARDescription
PH70261Fix ACEE buildup and OIDC identity assertion issues in SAF credential management
PH70352IBM WebSphere Application Server Liberty is affected by identity spoofing (CVE-2026-3621 CVSS 7.5)
PH70374APAR #PH70374 product updates
PH70802Update handlebars.js
Issue/PRDescription
34594Update basicRegistry metatype description to clarify that it is not recommended to use in production
34638corbaname parsing fails when using non-ascii Latin 1 characters
34642PKCE is being enforced by the oauthProvider even when the Authorization Code Grant isn't used
34657Fix classloading conflict with cached JspApplicationContext
34664java.lang.ClassCastException org.apache.jasper.runtime.JspApplicationContextImpl in multi module JSP Application
34716Subject Leak When a feature that use Security Service is Enabled, and appSecurity Disabled (CVE-2026-3621)

  Back to top 

Fix pack 26.0.0.4
Fix release date: 21 April 2026     
Last modified: 21 April 2026     
Status: Superseded     

👁 Image
Download Fix pack 26.0.0.4
TitleIdea
Support selecting JWT signature and decryption algorithms from JOSE header155
WebContainer displayCustomizedExceptionText property needs to be documented40
APARSecurity APARDescription
PH65130JAX-WS LoggingFeature dynamic update is broken for SOAP message print-outs
PH70017IBM WebSphere Application Server Liberty is affected by server-side request forgery (CVE-2026-1561)
PH70078IBM WebSphere Application Server Liberty could provide weaker than expected security (CVE-2025-14917 CVSS 6.7)
PH70327IBM WebSphere Application Server Liberty is affected by a privilege escalation vulnerability (CVE-2025-14915 CVSS 6.5)
PH70510WebSphere Liberty is affected by a prototype pollution vulnerability due to immutable (CVE-2026-29063 CVSS 8.7)
Issue/PRDescription
27680Issue with extracting file extension when handling CSS #{resource} expressions
30253Setting the client property com.ibm.ws.jaxrs.client.disableCNCheck to true cannot be set back to false without restarting app
33093Embedded RAR fails to initialize when additional EAR lib present
33341Check for EC type keys to include in samlmetadata endpoint
33474Update Yoko to correct implementation / negotiation and use of char codec to support use of non-ASCII characters
33808Update OL welcome page to display running version
34149Fix thread context propagation for JAX-RS async client callbacks with ManagedExecutorService
34287Shutdown race condition in PersistentExecutorImpl causing IllegalStateException
34293JAX-WS LoggingFeature dynamic update is broken for SOAP message print-outs
34444IBM WebSphere Application Server Liberty is affected by a privilege escalation vulnerability (CVE-2025-14915 CVSS 6.5)
34446WebSphere Liberty is affected by a prototype pollution vulnerability due to immutable (CVE-2026-29063 CVSS 8.7)
34447IBM WebSphere Application Server Liberty could provide weaker than expected security (CVE-2025-14917 CVSS 6.7)
34448IBM WebSphere Application Server Liberty is affected by server-side request forgery (CVE-2026-1561)
34527When using -Xbootclasspath/a JVM option an application is not able to load classes/resources from the configured artifacts

  Back to top 

Fix pack 26.0.0.3
Fix release date: 24 March 2026     
Last modified: 24 March 2026     
Status: Superseded     

👁 Image
Download Fix pack 26.0.0.3
TitleIdea
Upgrade Jandex Version to Support the Latest Persistent Format Version to Shorten CDI scanning processing156
Liberty z/OS SyncToOSThread support for J2C resource adapters255
APARSecurity APARDescription
PH69577ZosConnect failure in XML or JSON parsing
PH69658IBM WebSphere Application Server Liberty could provide weaker than expected security (CVE-2025-14923 CVSS 4.7)
PH69729IBM WebSphere Application Server Liberty is affected by a denial of service due to jose4j (CVE-2024-29371 CVSS 7.5)
PH70359API Discovery update lodash
PH70386Update description for mapDistributedIdentities
Issue/PRDescription
30276Fix MYFACES-4679 in 2.3 and Higher
33976Server script timeout caused by IPv4/IPv6 mismatch
33996MemoryInformation class depends on unavailable wmic command
34017Missing error message in JMX REST client
34019Unable to create default RESTEasy implementation of ClientBuilder using the OSGi framework class loader
34052NullPointerException resurfaced in Open Liberty due to removal of EclipseLink 2.7.16 fix
34057schemaGen generates XSD schemas with missing attributes for onError type elements
34164IBM WebSphere Application Server Liberty could provide weaker than expected security (CVE-2025-14923 CVSS 4.7)
34171IBM WebSphere Application Server Liberty is affected by a denial of service due to jose4j (CVE-2024-29371 CVSS 7.5)

  Back to top 

Fix pack 26.0.0.2
Fix release date: 24 February 2026     
Last modified: 24 February 2026     
Status: Superseded     

👁 Image
Download Fix pack 26.0.0.2
APARSecurity APARDescription
PH68674Issue #PH68674 Handle not getting storage
PH69389Add synchronization in deactivate
PH69485IBM WebSphere Application Server Liberty is affected by a remote code execution vulnerability (CVE-2025-14914 CVSS 7.6)
PH69777Update swagger-ui dependency
Issue/PRDescription
32996"WARNING package sun.security.action not in java.base" shows up in console.log starting in Java 24
33623Create MessagingEngine Introspector
33927IBM WebSphere Application Server Liberty is affected by a remote code execution vulnerability (CVE-2025-14914 CVSS 7.6)

  Back to top 

Fix pack 26.0.0.1
Fix release date: 27 January 2026     
Last modified: 27 January 2026     
Status: Superseded     

👁 Image
Download Fix pack 26.0.0.1
TitleIdea
Liberty z/OS - SyncToOSThread available for EJBs187
A very high volume of messages written to the WebSphere Liberty messages.log has the ability to severely impact the performance of a server131
APARSecurity APARDescription
PH68817IBM WebSphere Application Server Liberty is affected by cross-site scripting (CVE-2025-12635 CVSS 5.4)
PH69144Fix the thread spawning issue in DelayedCachedOutputStreamCleaner
Issue/PRDescription
31493SessionContext is null
32028add script nonce to embedded java script in saml websso
32960SVT Regression - Liberty InstantOn app can't start with .spec.serviceability with operator 1.5.0 or later
33456NPE in PathUtils
33468Executor pool shrinks below coreThreads and gets stuck there
33475Update Yoko to correct locate request failure / retry logic
33492Update Expression Language 5.0 API and IMPL version 10.1.49
33506Guard against malformed AIProtocolItemStream
33543Fix the thread spawning issue in DelayedCachedOutputStreamCleaner
33561Server package 
33571mpOpenAPI does not correctly merge x-ibm-zcon-roles-allowed
33609wlp passwords keys may fail to decode
33617IBM WebSphere Application Server Liberty is affected by cross-site scripting (CVE-2025-12635 CVSS 5.4)
33686NullPointerException occurs in SocketRWChannelSelector

  Back to top 

Fix pack 25.0.0.12
Fix release date: 2 December 2025     
Last modified: 2 December 2025     
Status: Superseded     

👁 Image
Download Fix pack 25.0.0.12
Title
Support FIPS 140-3 in Liberty with IBM Semeruapplication
APARSecurity APARDescription
PH68424IBM WebSphere Application Server Liberty is affected by SMTP injection due to Jakarta Mail (CVE-2025-7962 CVSS 7.5)
Issue/PRDescription
32803400 Request Header Or Cookie Too Large error in OIDC with WASOidcNonce cookies
33029Hibernate CDI compatibility flag broken for hibernate 6.6.23
33162Provide a mechanism to change the default format of error pages like CWWWC0005I
33170Intermittent exception on Http 2.0 connection close
33219TCP WorkQueueManager race condition
33235AccessControlException in Mutiny / MicroProfile Reactive
33403OIDC login may fail if WASOidcCode cookie is too large
33427NPE in com.ibm.ejs.util.Util.toHexString

  Back to top 

Fix pack 25.0.0.11
Fix release date: 4 November 2025     
Last modified: 4 November 2025     
Status: Superseded     

👁 Image
Download Fix pack 25.0.0.11
APARSecurity APARDescription
PH68255Fix issue preventing Swagger UI to render in some cases
PH68322Sending multipart/form-data with mpRestClient asynchronous @restclient
PH684250c4 abend in bboatrue when using WebSphere Optimized Local Adapters with CICS 6.3
Issue/PRDescription
1357Error message for CWWKS9660E can be incorrect when apps do not use User Registries
31628Support continued authentication when custom Subject is not in cache
32908Design Issue Inconsistent behaviour for `server create` with server names containing non-alphanumeric characters
32954AutoDecompress is not working correctly
32999[PH68322] Fix the exception in multipart data asynchronous call
33098`appsWriteJSON` not working correctly when JSON record ends with new line

  Back to top 

Fix pack 25.0.0.10
Fix release date: 7 October 2025     
Last modified: 7 October 2025     
Status: Superseded     

👁 Image
Download Fix pack 25.0.0.10
Title
Add option to configure a private library to override classes and resources in an application
Support Java 25 in Open Liberty
APARSecurity APARDescription
PH67612Add support for CICS 6.2 in WebSphere Optimized Local Adapters on WebSphere Liberty
PH67833IBM WebSphere Application Server Liberty could provide weaker than expected security due to crypto.js (CVE-2020-36732 CVSS 5.3)
PH67970WASSAML request cookies building up in HTTP request and leading to 400 bad request error
PH68069Missing feature description for zosIdentityPropagation-1.0 feature
PH68082Connection handle to database remains active indefinitely
PH68239Using OpenJ9 JDK 8, featureUtility fails with "SHA512 MessageDigest not available"
Issue/PRDescription
21498openidConnectProvider jwkRotationTime does not allow documented setting of 30m
27025UOWScopeCallback registered with UserTransaction is called for BEGIN events but NOT for END events when UOWManager is used
32673JSP jdkSourceLevel=15 is set in OAuth Features
32713400 Request Header Or Cookie Too Large error in SAML
32741Getting NoClassDefFoundError for slf4j for Spring Boot applications using jetty starter
32787Apache Aries Activator needs updates to accommodate changes in OpenJ9 OpenJDK 17
32789Connection handle to database remains active indefinitely
32934Using OpenJ9 JDK 8, featureUtility fails with "SHA512 MessageDigest not available"
Fix pack 25.0.0.9
Fix release date: 9 September 2025     
Last modified: 9 September 2025     
Status: Superseded     

👁 Image
Download Fix pack 25.0.0.9
TitleIdea
Automatically propagate SAF identity when client and server are in the same sysplex17
APARSecurity APARDescription
PH66669IBM WebSphere Application Server Liberty is affected by a stored cross-site scripting vulnerability (CVE-2025-36000 CVSS 4.4)
PH66953IBM WebSphere Application Server Liberty is affected by a denial of service (CVE-2025-36047 CVSS 5.3)
PH67132IBM WebSphere Application Server Liberty is affected by a denial of service due to Apache Commons FileUpload (CVE-2025-48976 CVSS 7.5)
PH67546IBM WebSphere Application Server Liberty is affected by a security bypass vulnerability (CVE-2025-36124 CVSS 5.9)
Issue/PRDescription
31374For HTTP stats, the http route attribute is not merging/abstracting requests that contain Path params for springboot application
31962openidConnectClient cannot handle low case "bearer" as token_type
32118DuplicateHomeNameException occurs during EJB application restart after an error occurs during the application start
32151Using parentLast delegation causes inconsistent parent delegation when using common library references
32197MP OpenAPI does not preserve the order of maps when merging documents
32497`CORBA MARSHAL` when sending a `Comparable` field containing a `String`

  Back to top 

Fix pack 25.0.0.8
Fix release date: 12 August 2025     
Last modified: 12 August 2025     
Status: Superseded     

👁 Image
Download Fix pack 25.0.0.8
APARSecurity APARDescription
PH64682IBM WebSphere Application Server Liberty is affected by a security bypass vulnerability (CVE-2024-56339 CVSS 3.7)
PH67183IBM WebSphere Application Server Liberty is affected by a denial of service (CVE-2025-36097 CVSS 7.5)
PH67283APAR PH67283 Dynamic routing routing rules object initialize as null - prevents routing rule JSON update
Issue/PRDescription
27885WS-AT participant could not be registered as TM is null in HA environment with a load balancer
28189MP Rest Client Warning output because clients are not automatically closed
30420JAVA_HOME set incorrectly in some situations
31077JSON mapping setting not honored for log header in messages.log
31108Update to MyFaces 3.0.3
31954java.lang.ClassCastException on server start
31967Server fails to start when recovery log tables are empty
31994CORBA MARSHAL sending java.util.Date to IBM WebSphere Application Server (traditional)
32040AutoExpand follows symlinks in the expanded directory and deletes contents
32046OpenAPI servers have the wrong protocol when proxy does https termination and uses same port as liberty server
32079Remove misleading warning CWWKL0084W emitted by delegate class loaders
32092MicroProfile RestClient applications leak when stopped

   Back to top 

Fix pack 25.0.0.7
Fix release date: 15 July 2025     
Last modified: 15 July 2025     
Status: Superseded     

👁 Image
Download Fix pack 25.0.0.7
TitleIdea
Extend the scope of the maxFiles parameter in logging configuration108
APARSecurity APARDescription
PH66642NPE in TagFiles when JspOption "usePageTagPool" is used
PH66915Upgrade RXA to 2.3.0.18
Issue/PRDescription
11570favicon.ico and .json content type is text/plain
30621OSGi sun.misc.UnsafestaticFieldOffset warnings in console log in Java 24
30654Server dump command does not include log files on OpenShift
31172SSE Responses with Compression Enabled Are Not Written Out in Open Liberty
31619MP OpenAPI UI shows extended header for OpenAPI 3.1 documents
31646@Transactional(NOT_SUPPORTED) doesn't re-enable UserTransaction
31679IllegalAccessError occurs when GLIBC defines a proxy class for a package private bean class in Spring
31684[PH66642] NPE in TagFiles when JspOption "usePageTagPool" is used
31687Server starts even though onError=FAIL and CWWKO0221E - port conflict - occurs
31689When using webModuleClassPathLoader=ear the JARs included in EAR lib/ can get added to the EAR loader twice
31734An Ambigious Bean Name Exception is thrown if two different wars have the same bean name and a Liberty runtime extension can see all app classes
31737Write timeout value mismatch with HTTP2
31741MicroProfile REST Client Classloading Issue In User Feature Bundles
31774OpenAPI does not check for version specific annotations on app restart
31795Add retries when attempting to install native liberty package on linux for packaging FAT
31833Potential thread-safety issue when removal of ConnectionEventListener overlaps a connection error notification
31947addHttpSessionAttributeListener ArrayIndexOutOfBoundsException occurred and the application did not start

  Back to top 

Fix pack 25.0.0.6
Fix release date: 17 June 2025     
Last modified: 17 June 2025     
Status: Superseded     

👁 Image
Download Fix pack 25.0.0.6
Issue/PRDescription
30725Improve webContainer metatype descriptions to include equivalent WebSphere traditional custom property names
30916CWWKO0801E not tracked when SSL handshake failure is caught from Read Callback
31015Update faces-4.0 to MyFaces 4.0.3
31263Plugin Config generation caching issues
31492Fix AUTOCOMPLETE_OFF_VIEW_STATE Logging in jsf-2.3 and faces-4.0
31501RestfulWS ClientBuilder.keyStore() and ClientBuilder.trustStore() methods are prioritized behind Liberty's SSL config
31549NullPointerException in MCWrapper.getConnection when aborted connection is reused
31561Fault Tolerence causes a crash when used on an EJB
31605NullPointerExeption Cannot invoke "org.osgi.resource.Capability.getResource()" because "currentCandidate" is null
Fix pack 25.0.0.5
Fix release date: 20 May 2025     
Last modified: 20 May 2025     
Status: Superseded     

👁 Image
Download Fix pack 25.0.0.5
APARSecurity APARDescription
PH66379Not able to config Liberty 25.0.0.3 + Java 21 with FIPS 140-2
Issue/PRDescription
30545Update the jsf-2.3 feature to MyFaces 2.3.11
30871Enhance the behaviour of ignoreWriteAfterCommit property to more closely mimic tWAS behaviour
31057"CWMOT5100I" emitted for MicroProfile Telemetry for /health and /metrics even with "OTEL_SDK_DISABLED=true" set
31167Lookup of a subcontext fails for ejblocal namespace
31205Unclear how to correctly configure library element's folder and path
31228Update SmallRye OpenAPI to 4.0.9
31231Listing the transaction objects in jndi results in NameClassPair with empty names and implementation class names
31247WLP version 25.0.0.3 start up intermittently fails with AuthCacheImpl NPE
31347[PH66379] Not able to config Liberty 25.0.0.3 + Java 21 with FIPS 140-2

  Back to top 

Fix pack 25.0.0.4
Fix release date: 22 April 2025     
Last modified: 22 April 2025     
Status: Superseded     

👁 Image
Download Fix pack 25.0.0.4
APARSecurity APARDescription
PH65394IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Apache CXF (CVE-2025-23184 CVSS 7.5)
PH65529IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Netty (CVE-2025-25193 CVSS 5.5)
Issue/PRDescription
30320Design Issue Including Directories Outside of WLP Root
31007Server-started message displayed when server failed to start
31089Update to MyFaces 4.0.3
31105AES password encryption generated on and after 25.0.0.2 does not work on previous Liberty versions
Fix pack 25.0.0.3
Fix release date: 25 March 2025     
Last modified: 25 March 2025     
Status: Superseded     

👁 Image
Download Fix pack 25.0.0.3
TitleIdea
Support FIPS 140-3 in Liberty with IBM JDK 8139
APARSecurity APARDescription
PH65108UnknownHostException causes loop in RESTMBeanServerConnection.java
Issue/PRDescription
30598`enable-directory-browsing="true"` does not work with EE10 and later
30711[PH65108] UnknownHostException causes loop in RESTMBeanServerConnection.java
30757Liberty Closes the Persistent Connection in error state
30758JMX client doesn't fully consume heartbeat input stream, leaving sockets in CLOSE_WAIT state
30858otel.java.disabled.resource.providers is ignored by Liberty when creating OpenTelemetrySdk objects
30861JSPErrorReport unexpected tag 15 in SDEInstaller
30890Enterprise bean arguments not provided to JACC / Jakarta Authorization PolicyContext handler
30959NullPointerException can happen when starting mpOpenAPI features

  Back to top

Fix pack 25.0.0.2
Fix release date: 25 February 2025     
Last modified: 25 February 2025     
Status: Superseded     

👁 Image
Download Fix pack 25.0.0.2
APARSecurity APARDescription
PH64741IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Netty (CVE-2024-47535 CVSS 5.5)
Issue/PRDescription
30303MP OpenAPI 4.0 NPE during validation
30371HTTP AccessLogging prevents CICS JVM from terminating
30514OpenAPI 3.1 properties included when OpenAPI 3.0 output is configured
30529Possible bug in Open Liberty java.io.FileNotFoundException JAR entry com/jcraft/jsch/jce/SignatureEdDSA.class not found after upgrading to Java 17 and Open Liberty 24.0.0.12
30533Incorrect recursive substitution checking of 'ExtendedDocumentRoot.jspAttributes'
30567HTTP Stat should not resolve HTTP route for requests that end with 4xx respone code
30605Typo in metatype description of soLinger attribute
30674IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Netty (CVE-2024-47535 CVSS 5.5)
30683Remove javaee-6.0 platform from j2eeManagement versionless feature
Fix pack 25.0.0.1
Fix release date: 28 January 2025     
Last modified: 28 January 2025     
Status: Superseded     

👁 Image
Download Fix pack 25.0.0.1
TitleIdea

Reduce size of SMF 120-11 user data when only one instance is present

20

Add option to process war manifest class path like WebSphere

112
APARSecurity APARDescription
PH63238MYFACES-4679 - Ajax events can trigger actions unintentionally
PH64427Rolling back a Liberty fix pack using the IBM Installation Manager GUI results in all Liberty features being removed
Issue/PRDescription
28266Investigate possible memory leak in sipcontainer
28889Invalid multipart content with empty stream regression
29648Fix MYFACES-4679
29946Update Expression Language 5.0 API and IMPL version 10.1.31
30245Lease log creation may fail when configured for peer recovery
30258MP Telemetry does not provide the `io.opentelemetry.api.baggage.propagation` package
30341UpgradeHandler fails to notify the application of the initial data
30363Failed to install versionless features with JEE10 and MP7 plafforms
30383Connectionpool Metrics do not repopulate when restarting an application for all MP Metric features (that support monitor metrics)
30399CNTR0020E caused by java.lang.NoClassDefFoundError com/ibm/ejs/container/util/ExceptionUtil
30414Port MYFACES-4117 (No default name for @FacesComponent with createTag=true and no tagName)
Fix pack 24.0.0.12
Fix release date: 3 December 2024     
Last modified: 3 December 2024     
Status: Superseded     

👁 Image
Download Fix pack 24.0.0.12
TitleIdea
Open Liberty will retain configurations when server.xml is unintentionally deleted, as deleting this file currently triggers the removal of all configurations113
APARSecurity APARDescription
PH62444Delay Aiocb address release
PH63673IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to GraphQL Java (CVE-2024-40094 CVSS 5.3)
PH63904OLGH29988 Classloader issue when @Context injecting implementation provided by the application
PH64154OLGH30194 RestfulWS ClientBuilder.keyStore() and ClientBuilder.trustStore() methods are ignored in EE9+
PH63185Webcontainer exceptions are emitted with FFDCS as of 24.0.0.9 with monitor-1.0
Issue/PRDescription
28987Introduces a configuration attribute to allow checked exceptions from @Transactional interceptors
29693Liberty server hang during shutdown with struck thread in transaction recovery
29802Fixes broken Gitter and outdated Twitter links in the Open Liberty default page
29868FeatureManager fail when installing versionless features from server.xml, leading to a NullPointerException
29903Misleading metatype descriptions where child elements of headers were incorrectly labeled as attributes
29915Changes to partitionedCookie in webAppSecurity were not being audited in logs
29988Classloader issue when @Context injecting implementation provided by the application
30018featureUtility does not connect to proxy when set with environment variable
30027Adjusts AuthUtil to handle cases where trailing whitespace is missing in the Authorization header
30194RestfulWS ClientBuilder.keyStore() and ClientBuilder.trustStore() methods are ignored in EE9+
Fix pack 24.0.0.11
Fix release date: 5 November 2024     
Last modified: 5 November 2024     
Status: Superseded     

👁 Image
Download Fix pack 24.0.0.11
APARSecurity APARDescription
PH63505OLGH29711 setServerStarted method throws exception in ThreadPoolController.startupCompleted()
PH63533IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Google Protocol Buffers (CVE-2024-7254 CVSS 7.5)
Issue/PRDescription
27487com.ibm.ws.microprofile.metrics.tck.launcher.MetricsClassLoaderTest_10.testClassLoaderUnloads
29711setServerStarted method throws exception in ThreadPoolController.startupCompleted()
29730Provide option to dynamically enable/disable CXF GZIP interceptors for JAX-WS clients
29788TCCL is different in CDI extension constructor and Observer methods
29800restConnector.py README incorrectly instructions on configuration of JYTHONPATH
29822HTTP Metrics are creating new metrics (i.e., routes HTTP routes) for each explicit http request made by JSF / Jakarta Faces
Fix pack 24.0.0.10
Fix release date: 8 October 2024     
Last modified: 8 October 2024     
Status: Superseded     

👁 Image
Download Fix pack 24.0.0.10
APARSecurity APARDescription
PH62271OLGH29055 Fix Part#Write Location for Abolsute FileName Paths
PH63066OLGH29556 Resource Leakage File Handlers to tranlog directory
PH63185FFDCS are now occurring with Webcontainer exceptions as of 24.0.0.9
Issue/PRDescription
28609Deadlock occurs when system runs out of memory and both System Err and System Out streams are in use at the same time
29055Fix Part#Write Location for Abolsute FileName Paths
29477Trailer fields are missing in HttpServletResponse after some time
29555weld 5.1.1.SP1 has a memory leak and should be updated to (at least) 5.1.1.SP2
29556Resource Leakage File Handlers to tranlog directory
29584Webcontainer exceptions are emitted with FFDCS as of 24.0.0.9 with monitor-1.0
29591Using the mpTelemetry-1.1 feature in a z/OS Connect server on Zos leads to FFDCs

 Back to top

Fix pack 24.0.0.9
Fix release date: 10 September 2024     
Last modified: 10 September 2024     
Status: Superseded     

👁 Image
Download Fix pack 24.0.0.9
APARSecurity APARDescription
PH58796IBM WebSphere Application Server Liberty is vulnerable to information disclosure (CVE-2023-50314 CVSS 5.3)
PH62686OLGH29127 WS-AT fails when downstream runtime is non-Liberty
PH62693Provide better error when user try to deploy server package using invalid extension
PH62695OLGH29124 JAX-RS Dynamic Outbound SSL Regression
Issue/PRDescription
29447Cannot reflect on an injected ServletContext
26171@Transactional may throw a checked exception which is not allowed according to the interceptor specification #26171
26886java.lang.IllegalStateException Subject is read-only from WebAppFilterManager.invokeFilters
29037StackOverflowError when tracing restfulWs-3.1
29124[PH62695] jaxrs Regression by #27782
29127[PH62686] WS-AT fails when downstream server is non-Liberty
29221openid connect client feature fails SRVE0216E post body contains less bytes than specified by content-length
29277CDI does not set the TCCL during shutdown
29288Update WadlGenerator to explicitly only return the stylesheet
29306App fails to start with NPE when restore/deploy to OCP a checkpoint app image with authCache
29381org.omg.CORBA.BAD_PARAM when Yoko trace is enabled
29432OpenLiberty Database Session Replication - org.jboss.weld.module.web.HttpSessionBean$SerializableProxy - ClassNotFoundException
Fix pack 24.0.0.8
Fix release date: 14 August 2024     
Last modified: 14 August 2024     
Status: Superseded     

👁 Image
Download Fix pack 24.0.0.8
TitleIdea
Error code and error message serviceability improvement for DeploymentAPI
Use the Audit 2.0 feature to avoid generating unnecessary REST Handler records106
APARSecurity APARDescription
PH62107Return HTTP 405 for non-post to collective maintenance mode APIs
PH62445Error code and error message serviceability improvement for DeploymentAPI
PH60644Add support for CICS 6.1 in WebSphere Optimized local Adapters for Websphere Liberty
Issue/PRDescription
25704Support versionless Jakarta EE/MicroProfile features
27598Faces 4.0 Fix WebSocketTests so that "onerror listener" occurs
28658Enhance saml websso cookie handling
28698MYFACES-4672 Ajax MultiPart File Upload Encounters 'Uncaught TypeError G.hasKey is not a function'
28961JAX-WS Client does not Auto redirect when connecting to a WSDL URL
29083Port MYFACES-4423 to Liberty (oam.Flash.REDIRECT should not be set when Flash is disabled)
29086JWK parsing does not tolerate leading whitespace
29144Cannot make JAX-WS request for gzip Content-Encoding
29165Platform OpenAPI endpoints don't set security headers
Fix pack 24.0.0.7
Fix release date: 16 July 2024     
Last modified: 16 July 2024     
Status: Superseded     

👁 Image
Download Fix pack 24.0.0.7
APARSecurity APARDescription
PH61509OLGH28877 Memory leak in JAXRSClientConfigHolder
Issue/PRDescription
28155Deliver Oracle 23 support
28855OpenTelemetry does not filter out arquillian-liberty-support
28521XML Binding 4.0 Remove RI from TCCL and add new feature tests
28515Warning "Validation not enabled for module" when  + 
28615Regression with jaxb / WADL2java
28652FFDC for index out of bounds in web container, WebApp.handleRequest()
28716Admin Center Server Config tool does not work to save changes using source view
28814In an edge case OpenTelemetry does not honour the priority of mpConfig ConfigSources
28877Memory leak in JAXRSClientConfigHolder

  Back to top

Fix pack 24.0.0.6
Fix release date: 18 June 2024     
Last modified: 18 June 2024     
Status: Superseded     

👁 Image
Download Fix pack 24.0.0.6
Title
Updates have been made to better handle the scenario where an exception occurs when the server is stopped while asynchronous tasks are running and also to avoid the NullPointerException. A more meaningful message will now be logged in this scenario
APARSecurity APARDescription
PH59682IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354 CVSS 7.0)
PH61042PH59682 regressed the 
PH61110APIDiscovery delay processing if aggregator not yet active
Issue/PRDescription
28414Classloading issue involving JAXBContext and JAXBContextFactory with webProfile-10.0
27858JspOption jdkSourceLevel Disabled Unintentionally
28118Port MYFACES-4658
28235Enabling openidConnectClient feature causes the body request not to be forwarded to the application's servlet (starting from WLP 24.0.0.3)
28280If an application fails to start when doing a checkpoint the checkpoint still succeeds
28350J2CA0081E Method destroy failed occurs during server shutdown
28421Bump netty dependencies to 4.1.109.Final
28431Generate Set-Cookie from the SessionCookieConfig may not include additional attributes
28459GRPC connections hang with security enabled
28475Environment variables not available during service startup within Kubernetes/OpenShift
28479Invalid JASPIC warning CWWKS1652A in log when AuthResult.SEND_SUCCESS is received from the JASPIC provider
28493restfulWS-3.1 Headers with multiple values in a multipart (EntityPart) object held are held in a List of size 1
28552NoClassDefFoundError org/apache/commons/io/input/NullInputStream when using collectives file transfer
28521XML Binding 4.0: Remove RI from TCCL
Fix pack 24.0.0.5
Fix release date: 21 May 2024     
Last modified: 21 May 2024     
Status: Superseded     

👁 Image
Download Fix pack 24.0.0.5
Title
The JPA Container has been updated to improve handling of syntax errors parsing JPQL during server start by implementing a retry mechanism and logging additional diagnostics
APARSecurity APARDescription
PH59146IBM WebSphere Application Server Liberty is vulnerable to a denial of service (CVE-2024-22353 CVSS 5.9)
PH59781IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service (CVE-2024-25026 CVSS 5.9)
PH60146IBM WebSphere Application Server Liberty is vulnerable to a denial of service (CVE-2024-27268 CVSS 5.9)
Issue/PRDescription
28101FeatureUtility prints warning when user repositories doesn't have authentication
28125Incompatibility reported between sipServlet-1.1 and WebSockets
28152FeatureUtility custom repository connection issue
28160CWWKE0701E bundle com.ibm.ws.ssl ... The activate method has thrown an exception java.lang.ExceptionInInitializerError
28248Overflowing the usecount of the OSGi service
28285JPQLException Syntax error parsing
28344SSO should not use application/json on request to JWK
Fix pack 24.0.0.4
Fix release date: 23 April 2024     
Last modified: 23 April 2024     
Status: Superseded     

👁 Image
Download Fix pack 24.0.0.4
APARSecurity APARDescription
PH59117IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to server-side request forgery (CVE-2024-22329 CVSS 4.3)
PH60149IBM WebSphere Application Server Liberty is vulnerable to cross-site scripting (CVE-2024-27270 CVSS 4.7)
PH60199IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to jose4j (CVE-2023-51775 CVSS 7.5)
PH60642Updates to API Discovery Swagger UI
PH60644Add Support for CICS 6.1 in WebSphere Optimized local adapters for WebSphere Liberty
PH60659OLGH27886: NullPointerException can occur in Kernel ClassLoader
Issue/PRDescription
28083Server does not start with space in file path
24925UUID not working as GeneratedValue Id in some cases
26771Websocket Out of Memory Leak caused by Expired Sessions
27620Invalid encoded request URI should return 400 instead of 500
27778The server start command resolves symbolic links incorrectly on z/OS 3.1
27779StackOverFlow in JSP Caused by Recurisve JspContextWrapper#include call
27833JAX-RS and RestfulWS monitor bundles' filters are still creating objects when REST is filtered out of monitor-1.0
27886NullPointerException can occur in Kernel ClassLoader
27900NullPointerException may occur for HTTPs requests to WebContainer
27971WLP_INSTALL_DIR set incorrectly when wlp/bin is a symbolic link
Fix pack 24.0.0.3
Fix release date: 26 March 2024     
Last modified: 26 March 2024     
Status: Superseded     

👁 Image
Download Fix pack 24.0.0.3
APARSecurity APARDescription
PH59660BBOA1CNG RC:12, RSN:256 when starting more than 58 Liberty servers using WOLA
PH59903Modify command to list ANGEL processes get ABEND0C4
PH60113IBM WebSphere Application Server Liberty could provide weaker than expected security (CVE-2023-50312 CVSS 5.3)
PH60182Liberty 23.0.0.6 connect via WOLA failing if IMS DBCTL enabled
Issue/PRDescription
18105Implement OpenID Connect Back-Channel Logout 1.0
23607Enable verbose garbage collection by default on IBM Java/Semeru
26195mpHealth-2.2 responds with a status UP briefly during startup
26590Latest gRPC code levels and the IBM gRPC Servlet code are no longer an exact fit for flushes
27077FeatureUtility returns 403 if repo pwd is encoded
27218cfw performance update
27652Windows server command doesn't handle space in path unless JAVA_HOME set
27659CWWKS9590W warning message shows up with some newer ciphers are configured
27667Fix for CWWKS9590W Warning
27135SessionCache does not work after upgrading to 23.0.0.10
27715Job can not be purged when using the Java batch In-Memory Persistence
27716runAsServer before signing/verifying jws and encrypting/decrypting jwe
27777Parameters are not replaced in error message CWMMH0050E in french language

  Back to top

Fix pack 24.0.0.2
Fix release date: 27 February 2024     
Last modified: 27 February 2024     
Status: Superseded     

👁 Image
Download Fix pack 24.0.0.2
APARSecurity APARDescription
PH59680Liberty server using ZOSLOCALADAPTERS-1.0 does not shut down after outofmemory error with ZOSAIO disabled
Issue/PRDescription
26680io.openliberty.cdi.4.0.internal.services.fragment bundle cannot resolve dynamically against the host bundle
26939Delete lease when peer recovery is unnecessary
27290[JPA 2.2] EclipseLink Deliver Issue #1981
27294Memory leak in CXF caused by large number of PidInfo objects
27396Handling of locked Transaction Log Lease Table needs improvment
27398Server start fails on OS/400
27421Resource adapter install fails due to ArrayIndexOutOfBoundsException
27588EclipseLink for JPA 3.1 may encounter IllegalArgumentException Unsupported api 0

 Back to top

Fix pack 24.0.0.1
Fix release date: 30 January 2024     
Last modified: 30 January 2024     
Status: Superseded     

👁 Image
Download Fix pack 24.0.0.1
APARSecurity APARDescription
PH55398OLGH26221 Port MYFACES-4606 (Issuing Element Not Found in Request Parameter Map for Ajax Requests) to Liberty
Issue/PRDescription
25135jakarta.el.ELException The class [...] must be public, in an exported package, non-abstract and not an interface
26342ReactiveMessaging "CDI container is not available"
26831Bad value in ApplicationManager config cause ApplicationManager service to fail
26832Server should be able to reclaim its recovery logs on startup
26844Deadlock reported in sipcontainer when proxybranch times out
27008[PH55398] [OLGH26221] Port MYFACES-4606 (updated fix)
27062CWWKC1101E IllegalStateException CWWKC1013E Unable to start task null because the component in application WEB that submitted it is unavailable
27080Liberty SAML SP fails to generate response to the IdP initiated logout request
27093mpMetrics-5.0 Feature Returns Response in ISO-8859-1 Instead of UTF-8 when Accessing /metrics Endpoint
27159Upgrade Jackson 1.6.2 Dependency
27191On z/OS server start from the bin directory fails
27204Slow performance in DirectoryRepositoryClient
27208Date format in log files includes an extra trailing space character with Java versions 20 or later
27249PasswordUtil throws NullPointerException on certain input

 Back to top

Fix pack 23.0.0.12
Fix release date: 12 December 2023     
Last modified: 12 December 2023     
Status: Superseded     

👁 Image
Download Fix pack 23.0.0.12
APARSecurity APARDescription
PH57336zosConnect failure in its XML or JSON parser
PH57878IBM WebSphere Application Server Liberty is vulnerable to a denial of service (CVE-2023-44487 CVSS 7.5)
PH57933IBM WebSphere Application Server Liberty is vulnerable to information disclosure due to Apache Santuario (CVE-2023-44483 CVSS 6.5)
Issue/PRDescription
25467A better error for the NullPointer we get if WithSpan is on the class level
26655OpenAPI UI required fields have an extra character
26722Microprofile Rest Client (CDI) mpConfig property "proxyAddress" not respected
26809Lease timestamp not updated for home server when recoveryGroups and tran logs in a database is configured and database outage > couple of seconds occurs
26818Processing 
26846JAX-WS After upgrade to WLP 23.0.0.9 SOAP client generates a SOAP header part in the SOAP body
26893Space in value of -D option in jvm.options breaks server package command
26911Registered RestClientBuilderListeners are not called for injected rest client instances for MP Rest Client 1.x and 2.x
26942Liberty startup script does not resolve symbolic link to bin directory
26943NO_USER_REGISTRY message is not output properly
Fix pack 23.0.0.11
Fix release date: 14 November 2023     
Last modified: 14 November 2023     
Status: Superseded     

👁 Image
Download Fix pack 23.0.0.11
APARSecurity APARDescription
PH57110Remove products with pid value of UNKNOWN
PH57261[OLGH26375] Update the shared class cache URL used for non jar / zip files
PH57579IBM WebSphere Application Server Liberty could provide weaker than expected security (CVE-2023-46158 CVSS 4.9)
Issue/PRDescription
25786Update to latest Expression Language 5.0 - 10.1.11
25962Deadlock reported in sipcontainer when cancelling session in proxy mode
26332Websocket Null Argument to OnMessage After DecodeException
26375Stale class content used after updating application archives
26390Port MYFACES-4628
26419StackOverflowError when tracing jaxrs-2.0
26596Memory Leak in com.ibm.ws.request.interrupt.internal.InterruptibleThreadInfrastructureImpl
26609CDI will not create an EJBDescriptor for archive containing bean-discovery-mode=none
26636JAX-WS: @WebFault annotated Exceptions are not properly serialized as SOAPFaults on 22.0.0.8 and above
26683Component metadata is not present during CDI Startup events
Fix pack 23.0.0.10
Fix release date: 17 October 2023     
Last modified: 17 October 2023     
Status: Superseded     

👁 Image
Download Fix pack 23.0.0.10
APARSecurity APARDescription
PH55995[OLGH26267] Login or Authentication may fail on Z/os when using the IBMJCEHYBRID provider
PH56266[OLGH25997] Correction fix to PH42468 to remove delay in closing connection in Websocket application
PH56959Null Pointer Exception when defining empty routing rule
PH57076[OLGH26341] Failure at server startup of bundle COM.IBM.WS.SECURITY.TOKEN.LTPA
PH57263[OLGH26357] Springboot 3 thin utility may cause NOCLASSDEFFOUND error
Issue/PRDescription
11453Potential leak caused by JSTL tags
25759Enable user to set CXF's useHttpsURLConnectionDefaultSslSocketFactory property for outbound JAX-RS Client Requests
25640WithSpanInterceptor doesn't call instrumentation.end()
25781Liberty cannot be immediately restarted after stopping with localConnector-1.0 feature on Windows with hotspot
25855When two apps are configured with the same context root, neither is reachable
25997Websocket close delay
26023Liberty 23.0.0.9 - 6% Performance Throughput Regression on MicroProfile 6 OpenAPI scenario
26054CDI can throw NullPointerException if application startup fails
26076Thread safety issues in com.ibm.ws.jaxrs20.cdi.component.ThreadBasedHashMap may cause problems under load
26158Telemetry-1.0 Disabled warning message
26171@Transactional may throw a checked exception which is not allowed according to the interceptor specification
26216Port MYFACES-4606
26221Port MYFACES-4606 (Issuing Element Not Found in Request Parameter Map for Ajax Requests) to Liberty
26306Fix Documentation for Supported Java versions
2634123.0.0.9 CWWKE0701E bundle com.ibm.ws.security.token.ltpa failure at server startup
26437Packaging Springboot 3 application embedded with Open Liberty does not work

Back to top

Fix pack 23.0.0.9
Fix release date: 19 September 2023     
Last modified: 19 September 2023     
Status: Superseded     

👁 Image
Download Fix pack 23.0.0.9
APARSecurity APARDescription
PH56334Collective replica communication issue when using OpenJDK
Issue/PRDescription
22358Update Social Login redirection processing
23732startWinService & stopWinService default timeouts in server.bat script too short
25291Return 400 status for invalid URI
25743The shutdown order between CDI and EJB is not enforced
25759Enable user to set CXF's useHttpsURLConnectionDefaultSslSocketFactory property for outbound JAX-RS Client Requests
25782Calling stop on an already stopped server hangs for 30 seconds and then reports an error on WSL
25834OpenLiberty 23.0.0.7 with webProfile-8.0 logs messages saying it requires annotations in the jakarta.annotation namespace
25866Unexpected end of file from server
25927CWWKS1706E + CWWKS1739E errors occurs when minimal jwks data is provided by Identity Provider
25932Absolute file paths fail with the file transfer API when running under servlet 6
25958sed command in server script returning incorrect value on Solaris
25978The SPI for registering CDI extensions and Beans will scan the entire archive without an extension

  Back to top

Fix pack 23.0.0.8
Fix release date: 22 August 2023     
Last modified: 22 August 2023     
Status: Superseded     

👁 Image
Download Fix pack 23.0.0.8
Title
Use OIDC Connect with the strongest flow for web applications using the Authcode with PKCE
APARSecurity APARDescription
PH55940Correction fix to PH53171
PH56004IBM WebSphere Application Server Liberty is vulnerable to a denial of service (CVE-2023-38737 CVSS 5.9)
PH56052A bundle in an OSGi application with the following manifest header will fail to start
PH56063OSGi applications compiled to Java 17 may fail to start
Issue/PRDescription
25193Two inaccurate descriptions and one formatting problem in openidConnectProvider
25580Non-daemon Liberty Timer threads preventing JVM shutdown in CICS (Java 17)
25632MYFACES-4512
25646Semicolon inside text parameter in Reason header will result in the sipcontainer dropping the request
25693MYFACES-4611
25700Potential memory leak in Liberty version of org.jboss.resteasy.plugins.server.servlet.ServletUtil
25712NullPointerException when using app-defined javamodule data source for JPA
25804Unable to make field private final int sun.nio.ch.SocketChannelImpl.fdVal accessible when using Java 17
Fix pack 23.0.0.7
Fix release date: 25 July 2023     
Last modified: 25 July 2023     
Status: Superseded     

👁 Image
Download Fix pack 23.0.0.7
APARSecurity APARDescription
PH55130Collective replica set is not able to communicate each other on AIX and IBM JDK8
PH55181z/OS data is incorrectly collected for products with an UNKNOWN product ID
PH55442Update REST API Discovery UI dependencies
Issue/PRDescription
19861Concurrency errors when using same JWT access token for inbound propagation
21501Update the jsf-2.3 feature to MyFaces 2.3.10
21502Update the faces-3.0 feature to MyFaces 3.0.2
25111MYFACES-4469 IllegalArgumentException occurs in occurs in FacesConfigurator.purgeConfiguration
25354Update faces-4.0 to MyFaces 4.0.1
25368GlobalOpenTelemetry is missing public methods
25429WithSpan anotation does not work when name or kind is set
25457Local host/port and remote host/port are reversed in message CWWKO0801
25479Unable to make field long java.nio.Buffer.address accessible when using Java 17

   Back to top

Fix pack 23.0.0.6
Fix release date: 27 June 2023     
Last modified: 27 June 2023     
Status: Superseded     

👁 Image
Download Fix pack 23.0.0.6
APARSecurity APARDescription
PH53192The /api/explorer URL from openapi-3.0 does not return the Content-Security-Policy header
PH54214WOLA does not recognize IMS regions they are invoked with LOCKMAX=## specified
PH54373IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to GraphQL Java (CVE-2023-28867 CVSS 7.5)
PH54810Liberty on z/OS ECSA storage used by server resmgr are not being released when server stops
PH55317

wmqMessagingClient-3.0 feature throws java.lang.ClassNotFoundException

Issue/PRDescription
23838Invalidating a transaction user can lead to deadlocks in sipcontainer
23938ExpirationTimer can cause deadlocks in proxy mode
23950[JPA 2.2] EclipseLink Deliver Issue #1779
24752Update Expression Language 5.0 to latest 10.1.8 version
24981server version command ignores JAVA_HOME set in server's server.env
25017Posting Form-Data with the new Jakarta EE 10 Multipart Support fails
25046Liberty accesses readonly subject
25168transport close timing issue when streams are closing and a close/goaway frame comes in
25210DnsContextFactory not accessible in java 17
25212Transaction Manager configuration options shutdownOnLogFailure, logRetryInterval and logRetryLimit should be published
25283JSF Container's Application.getWrapped returns null
25316Exception when doing trace statement bubbles up to the application
25351OIDC check_session_iframe does not parse origin correctly when path is included in referer
25352org.omg.CORBA.DATA_CONVERSION illegal char value for string
25402Messaging secure CommsOutboundChain may be started with wrong sslOptions
Fix pack 23.0.0.5
Fix release date: 30 May 2023     
Last modified: 30 May 2023     
Status: Superseded     

👁 Image
Download Fix pack 23.0.0.5
APARSecurity APARDescription
PH53475[OLGH24864] FRAME_SIZE_ERROR is generated when both http/2 and compression are used
PH54050[OLGH25097] UI ADMINCENTER correction
PH54100Use unauth service if auth service product registration fails
PH54173Add Java 11 check to cacheDirPerm supported check
Issue/PRDescription
24577Static fields leaked on application restarts
24599[JPA 3.0] EclipseLink Deliver Issue #1823
24751Update Expression Language 4.0 to the latest 10.0.27 version
24864HTTP/2 max frame size exceeded when compression is used
24939`requestTiming-1.0` causes elevated (or spiking) CPU performance due to the `SlowRequestManager`
24948OIDC RP-initiated logout end_session should verify the id_token_hint issuer
24986SSLHandshakeException occurs while closing HTTPConduit
25008NullPointerExcetion or ArrayIndexOutOfBoundsException in SearchBridge when using custom input/output configuration
25010EntryNotFoundException thrown in federated registries when using custom input/output configuration
25097Update adminCenter
25152Request Timing metrics not showing up with `mpMetrics-5.0` (when used with `requestTiming-1.0` feature
25169295651: Concurrent persistent failover timers - server not releasing claim on scheduled task when unable to run it
Fix pack 23.0.0.4
Fix release date: 2 May 2023     
Last modified: 2 May 2023     
Status: Superseded     

👁 Image
Download Fix pack 23.0.0.4
APARSecurity APARDescription
PH50863IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998 CVSS 7.5)
PH52912CWWKO1100E: The ScheduledExecutorService OSGi service is not available
PH53883IBM WebSphere Application Server Liberty is vulnerable to a privilege escalation due to RESTEasy (CVE-2023-0482 CVSS 5.3)
Issue/PRDescription
24585Insufficient Infinispan cache creation for Liberty httpSessionCache
24004Allow more output to response following exception in forward based on wc parm
24323SIPcontainer should stop parsing non-utf8 characters when acceptNonUtf8Bytes is set to false
24469Java 11 NoSuchAlgorithmException SHA1PRNG when FIPS enabled TS012071744
24565RegistryHelper.getUserRegistry throws an IllegalStateException if no user registries are present
24578Application can't recover from exceptions thrown during startup
24598[JPA 2.1] EclipseLink Deliver Issue #1823
24683Port MYFACES-4594
24730Cleanup non-daemon threads at the server shutdown
24793JSP Options to pick up web-ext jsp-attribute values on start up (honor disableTldSearch to improve app start up time)
24804Encrypted value for internalClientSecret within oauthProvider does not work
24915Server hangs at startup when enabling trace specification com.ibm.ws.*=all
24938SOAP 1.1 Web service request to SOAP 1. Provider acting as gateway fails when wsAtomicTransaction feature is enabled
24955PH53918 UnsupportedOperationException is thrown after upgrading to 22.0.0.10 or later
24958Configurable option for FileUpload
Fix pack 23.0.0.3
Fix release date: 4 April 2023     
Last modified: 4 April 2023     
Status: Superseded     

👁 Image
Download Fix pack 23.0.0.3
APARSecurity APARDescription
PH52888NullPointerException in Singleton EJBs as JAX-RS sub resources
PH53171Fix Collection replica communication problem on AIX and IBM Semeru
Issue/PRDescription
24092Aborted managed connections invoking endRequest and end are causing problems in JDBC driver code
24223Monitor-1.0 returns strange values for standard deviation
24444JAX-RS NPE in Singleton EJB Sub Resource
24462Cleanup any asyncServlet non-daemon threads at the server shutdown
24465JDBC DB2 values for queryDataSize need to be updated
24543OIDC client issue in cluster environment, starting 22.0.0.10 version
24566AcmeCA feature with revocation enabled can fail to initialize on certain OS and JDK combinations
24584pluginUtility merge action generates incorrect output for some inputs
24585Insufficient Infinispan cache creation for Liberty httpSessionCache
24631Fix ClassCastException during the de-serialization of CDI Injected Event
24651Liberty Server hangs randomly

Back to top

Fix pack 23.0.0.2
Fix release date: 7 March 2023     
Last modified: 7 March 2023     
Status: Superseded     

👁 Image
Download Fix pack 23.0.0.2
IdeaDescription
LIBERTY-I-40Add timeout option to server stop command
TWAS-I-43Admin Center support for datasource configuration validation
APARSecurity APARDescription
PH52074[OLGH24157] Validate header names
PH52079IBM WebSphere Application Server Liberty is vulnerable to information disclosure due to Apache James MIME4J (CVE-2022-45787 CVSS 5.5)
PH52095IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery due to Apache CXF (CVE-2022-46364 CVSS 9.8)
PH52167[OLGH24077] DoNotAllowDuplicateSetCookie property not working
PH52364Check file existence before delete
PH52713Feature resolver may pick multiple versions of the same singleton feature
Issue/PRDescription
16007Runtime injection of detailed method trace fails for a CDI bean
23410UnrecoverableKeyException occurs when using WS-Security Callback handler on Liberty 22.0.0.9
23676Transaction manager unavailable when stopping resource adapters during server shutdown
23954The authCache->cacheRef and webAppSecurity->loggedOutCookieCacheRef server configuration elements are not included in the documentation
23976Add option to support old format of start-info in multipart/related SOAP messages
24001Fix configuration attribute name used in CWWKS1738E message
24007server dump command fails in WL on IBM i
24047Memory in com.ibm.ws.wsat.service.WebClient when creating thread context class loaders
24048Possible performance issue in com.ibm.ws.wsat.service.impl.WebClientImpl
24056Batch-2.1 feature content is active even when configuring batch-1.0 or 2.0
24077DoNotAllowDuplicateSetCookies http channel config option is not working
24155Memory leak in JaxRsFactoryImplicitBeanCDICustomizer
24157Validate HTTP header names
24293Scheduled Futures leak resources from Managed Executor Services on application stop
24371Server fails to start due to conflict on servlet feature

Back to top

Fix pack 23.0.0.1
Fix release date: 7 February 2023     
Last modified: 7 February 2023     
Status: Superseded     

👁 Image
Download Fix pack 23.0.0.1
APARSecurity APARDescription
PH49341A race condition of transaction timeout could leave an indoubt transaction at RM side
Issue/PRDescription
22434Race condition of transaction timeout could leave an indout transaction at RM side
23273Scripts do not respect the enable_variable_expansion indicator in server.env
22786PKCE parameters not copied by oauthForm.js
23392Stopping liberty Windows service immediately after starting results in hang condition
23425A syntax error in JSP compile should consistantly output error JSPG0077E
23567decode url query string before final redirection of the originial request
23582Messaging client hangs during shutdown
23583[22.0.0.9] Unmarshaller error when Unmarshaller obtained [from pool]
23613Intermittent NPE at com.ibm.ws.security.javaeesec.cdi.extensions.HttpAuthenticationMechanismsTracker.getAuthMechs(HttpAuthenticationMechanismsTracker.java202)
23690JTOpen Toolbox driver 11.1 JDBC connections fail from Open Liberty to IBM i
23748CDI Shared Library bean visibility problems
23771IndexOutOfBoundsException can occur during a resource outage.
23782JDBCDriverService; issue with Boolean parameters
23883Default keystore file not getting detected on file monitoring
23885Use mininum jdkSourceLevel of 1.8 for JDK 20+
Fix pack 22.0.0.13
Fix release date: 20 December 2022     
Last modified: 20 December 2022     
Status: Superseded     

👁 Image
Download Fix pack 22.0.0.13
APARSecurity APARDescription
PH49482HttpSession options issue
PH50057Connecting a member to a Controller Replica fails
PH50342IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Google protobuf-java (CVE-2022-3171, CVE-2022-3509)
PH50815Check for webenab products before removing product marker
Issue/PRDescription
22405OidcClientImpl does not properly declare a dependency on SecurityService
22738SSLContext defined in ClientBuilder.newBuilder().sslContext(sslcontext) not preserved with restfulWS-3.0
23146JspFactory.getDefaultFactory().getEngineInfo().getSpecificationVersion() return incorrect version
23273Scripts do not respect the enable_variable_expansion indicator in server.env
23310Additional fixes for JSR375 (javasec) Decorator and Alternative
23326Liberty default HttpAuthenticationMechanisms do not call HttpMessageContext.responseUnauthorized
23403HTTP/2 Intermittent server quiesce failure when stream is closed with an exception
23462NullPointerException in com.ibm.ws.rsadapter.impl.DB2Helper.isAuthException
23478NullPointerException in InstallFeatureAction for .esa files
Fix pack 22.0.0.12
Fix release date: 22 November 2022     
Last modified: 22 November 2022     
Status: Superseded     

👁 Image
Download Fix pack 22.0.0.12
APARSecurity APARDescription
PH49719IBM WebSphere Application Server Liberty is vulnerable to denial of service due to GraphQL Java (CVE-2022-37734 CVSS 7.5)
PH49876zosConnect failure in XML or JSON parsing
PH50062MDB class leak on application stop
PH50353Updates to usage metering to set protocols and ciphers for the connection
Issue/PRDescription
21808Provide a way for Custom User Registries to use the uniqueId instead of the securityName
22771In SIP headers, need to handle encoded values (%xx) while not causing error on valid Tag formats ending with %
22865Datasource changes are not propagating to JPA during dynamic config update
22909MDB class Java heap leak on application stop
22918Intermittent NPE at com.ibm.ws.security.javaeesec.cdi.extensions.HttpAuthenticationMechanismsTracker.getAuthMechs(HttpAuthenticationMechanismsTracker.java:186)
22933MP JWT 1.2 and 2.0 TCKs won't run at 22.0.0.11
22963com.ibm.ws.jpa.container.v21.cdi lacks a package-info.java file
22965Generating ssl key for FilterServer, when running FilterConfigTest takes too long
23017MP Reactive Messaging: NullPointerException during Kafka partition rebalance
23031Failed to parse Created TimeStamp in UsernameTokenValidator
23059Uses constraint violation for org.joda.time packages
23183EJB Handle deserialization fails with org.omg.CORBA.TRANSIENT: attempt to establish connection failed
23186IdentityStore validate method not getting called for BasicAuthentication request
23225IllegalStateException in dynacache when app server is stopping
23252AmbiguousResolutionException when same class is present twice and certain features are used

  Back to top

Fix pack 22.0.0.11
Fix release date: 25 October 2022     
Last modified: 25 October 2022     
Status: Superseded     

👁 Image
Download Fix pack 22.0.0.11
APARSecurity APARDescription
PH48467java.lang.ArrayIndexOutOfBoundsException is thrown when purging data while shutting down a connection
PH48810IBM WebSphere Application Server Liberty is vulnerable to a Denial of Service due to Neko HTML (CVE-2022-24839 CVSS 7.5)
PH49305Multiple values in request header "X-Forwarded-For" not logged
PH49341A race condition of transaction timeout could leave an indout transaction at RM side
PH49933Servers using Intelligent Management intermittently fail to pulbish application endpoints
Issue/PRDescription
22303On z/OS running Java 11 a FFDC with caused by AttachNotSupportedException occurs when feature localConnector-1.0 is specified.
22361Cannot start Jenkins 2.346.3 with Java 17 when using AD authentication
22397MYFACES-4450: tabindex not rendered for outputLabel
22434A race condition of transaction timeout could leave an indout transaction at RM side
22584com.ibm.websphere.appserver.api.kernel.service_1.1-javadoc.zip is missing in the Liberty images
22660java.lang.ArrayIndexOutOfBoundsException when PurgeDataDuringClose=true
22688HTTP Access logging need to log multiple X-Forwarded-For headers
22721Update nekohtml version used in openid-2.0
Fix pack 22.0.0.10
Fix release date: 27 September 2022     
Last modified: 27 September 2022     
Status: Superseded     

👁 Image
Download Fix pack 22.0.0.10
ComponentSecurity APARAPARDescription
Channel FrameworkPH46816IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to HTTP header injection (CVE-2022-34165 CVSS 5.4)
Intelligent Management ComponentPH47454Error 503 returned from ODR after an application update with the war name changed while the ear file name stays the sam
Liberty z/OSPH49234Attach fails on z/OS running with Java 11 when a started task is used to start a server specifying the localConnector-1.0 feature
Issue/PRDescription
20599JDBC connection not validated when numConnectionsPerThreadLocal is used
21340[JPA 2.2] EclipseLink: Deliver Issue #1245
21805Removed hideMessage logging attribute not dynamically picked
21914JobOperator.getRunningExecutions output includes job executions that aren't running
22189Missing NLS strings for allowAuthenticationFailOverToAuthMethod options
22221Session timing issue during server shutdown
22227Yoko marshals null fields incorrectly when the field is declared as a non-serializable class
22347FFDCIgnore not honored on or after 22.0.0.4
Fix pack 22.0.0.9
Fix release date: 30 August 2022     
Last modified: 30 August 2022     
Status: Superseded     

👁 Image
Download Fix pack 22.0.0.9
ComponentSecurity APARAPARDescription
GeneralPH48187LTPAToken validation failure for users with space characters in the user name caused by PH47867
Intelligent Management ComponentPH48622DynamicRouting utility fails parsing commandline
Liberty z/OSPH48202Unpredictable results when cancelling the angel process without registered Liberty Servers first
Issue/PRDescription
21126Update GSON library dependency to 2.9.0
21666java.lang.IllegalStateException: Subject is read-only from WebAppFilterManager.invokeFilters
21737Combine with MicroProfile OpenAPI: Example of date-time in Schema cannot display this format "YYYY-MM-DDTHH:mm:SSZ", will report "OrderedMap" or this "YYYY-MM-DDTHH:mm:SS.MSZ" format
21837LTPA SSO failure for certain usernames
21845featureUtility - Not decoding repository passwords when executing
21858Multiple protocols not always getting honored with the IBMJDK
21880OpenAPI 2.0+ throws error at startup
21937MP Fault Tolerance 1.x can log an FFDC when a method times out at the same time as it completes
21955Liberty does not provide exported packages for java.* packages at runtime in the OSGi framework insteance
21973Expiration fields are not compared in an LTPA Token
22012CXF property cxf.ignore.unsupported.policy is not processed correctly in Liberty 22.0.0.8
22040Invalid character warning for colon in WorkQueueManagerImplMBeanWrapper objectName
Fix pack 22.0.0.8
Fix release date: 2 August 2022     
Last modified: 2 August 2022     
Status: Superseded     

👁 Image
Download Fix pack 22.0.0.8
ComponentSecurity APARAPARDescription
GeneralPH45225CICS link servers do not reconnect to a Liberty profile server after the Liberty profile server is recycled
PH45750IBM WebSphere Application Server Liberty is vulnerable to spoofing due to Eclipse Paho (CVE-2019-11777 CVSS 7.5)
PH46073Duplicate of PH47867
PH47867IBM WebSphere Application Server Liberty is vulnerable to Identity Spoofing (CVE-2022-22476 CVSS 5.0)
Issue/PRDescription
11959Weld does not mark org.jboss.weld.context.ConversationContext.conversations as dirty when retrieving it from session storage
20939Classpath visibility unclear -> NoClassDefFoundError: javax.cache.CacheException since 22.0.0.4 (maybe since 22.0.0.3)
20950Memory Leak with JSF's ViewScopeContextualStorage (MYFACES-4433)
21204[JPA 2.1] EclipseLink: Deliver Bug #579409
21214Server start fails when directory has spaces
21398Add additional details to `exposeWebInfOnDispatch` Server configuration description
21473ClassCastException FFDC occurs when using audit-1.0 with other features like requestTiming-1.0 or eventLogging-1.0
21526UI generated by `openapi-3.1` feature doesn't show the link specific endpoints
21601Port MYFACES-4432 to JSF 2.3 and Faces 3.0 (Resolve request object in facelets)
21615EJB persistent timers that were deferred during app start do not run when app finishes starting
21651290399-Fix umask command for IBM i in server script
21664featureUpdate downloads fail in Windows, due to #20945
21735PausableComponentException when closing message endpoints on server shutdown
21740Inactivity timeout value larger than 2147483 seconds causes immediate cache invalidation
Fix pack 22.0.0.7
Fix release date: 5 July 2022     
Last modified: 5 July 2022     
Status: Superseded     

👁 Image
Download Fix pack 22.0.0.7
ComponentSecurity APARAPARDescription
Virtual Member Manager (VMM)PH46082Add warning message when failed login delay is disabled
Issue/PRDescription
19832OpenIdConnectClient not working with proxy settings given in jvm.options
20933FeatureUtility only checks one Maven repository
21148Transactions summary trace is missing
21441The openapi-3.1 liberty feature generates wrong property name for annotation @Schema
Fix pack 22.0.0.6
Fix release date: 7 June 2022     
Last modified: 7 June 2022     
Status: Superseded     

👁 Image
Download Fix pack 22.0.0.6
ComponentSecurity APARAPARDescription
Intelligent Management ComponentPH43910Liberty routing rules do not always respect a webserver assignment using the '*' wildcard
Liberty Administrative CenterPH45086IBM WebSphere Application Server Liberty is vulnerable to an Information Disclosure (CVE-2022-22393 CVSS 3.1)
SecurityPH46072IBM WebSphere Application Server Liberty is vulnerable to Identity Spoofing (CVE-2022-22475 CVSS 7.1)
Issue/PRDescription
14425EclipseLink: Deliver Bug #567087
18844The com.ibm.websphere.logging.WsLevel class is not visible as an API
20082CWWKE0702E: Could not resolve module: com.ibm.ws.ejbcontainer.remote [852] Bundle was not resolved because of a uses constraint violation.
20908Default session meta cache name failed with RH DataGrid
20981ArrayOutOfBounds exception on z/OS with either full or JMX audit events enabled on shutdown
21004featureUtility viewSettings doesn't show repository settings
21043Bump netty dependencies to 4.1.77.Final
21050Liberty OIDC error is being returned with incorrect characters
21060Correct Service Release and Fixpack processing in JavaInfo
21079Refresh token is not cleaned up when a JWT access_token had been issued
21097Custom claims not passed to the back end
21108Admin center enhancement
Fix pack 22.0.0.5
Fix release date: 10 May 2022     
Last modified: 10 May 2022     
Status: Superseded     

👁 Image
Download Fix pack 22.0.0.5
ComponentSecurity APARAPARDescription
GeneralPH42822WebSphere Liberty z/OS 20.0.0.9 java.lang.NullPointerException at com.ibm.ws.jaxrs.JAXRSRuntimeDelegate$ClassloaderReference
Liberty z/OSPH45221NPE in com.ibm.ws.zos.wlm.internal.UnauthorizedWLMNativeServices.CreateJoinWorkUnit()
PH45329Liberty server fails to start with JVM gpf after a racroute request=auth call
PH45749z/OS Product registration message CWWKB0108I does not contain full version
Issue/PRDescription
20283Fix duplicate error messages in RESTful WS (JAXRS)
20306Bump netty dependencies to 4.1.75.Final
20476NPE when outputting SimpleTimer close to the end of a full minute.
20509JSP included jar dependency check incorrect
20522Update ExpressionLanguage 4.0 API/Impl to 10.0.18
20627schemaGen improve command line options parsing
20669Extra text found in description of connectionManager purgePolicy
20676WEBCONTAINER THREADS HUNG WHILE CLOSING WEBSOCKETS
20693Springboot application packaged with OL 22.0.0.3 failed to run
20730Deadlock in memory session and logging handler
20762Port MYFACES-4431 to JSF (Custom Navigation Handler Thows NPE during Flow Handling)
20782FeatureUtility isf does not resolve already installed user feature
20818JaxRS-Client fails performing PATCH-requests with Java17
20858localConnector problems with some combinations of jdk.attach.allowAttachSelf and com.ibm.tools.attach.enable
Fix pack 22.0.0.4
Fix release date: 12 April 2022     
Last modified: 12 April 2022     
Status: Superseded     

👁 Image
Download Fix pack 22.0.0.4
ComponentSecurity APARAPARDescription
Contexts and Dependency Injection (CDI)PH44666OpenAPI UI is missing CSS
GeneralPH45006During server shutdown OSGi applications may log null pointer exceptions (FFDCs)
JavaServer Pages (JSP)PH44627Null Pointer Exception in JSP after 21.0.0.7 when skipMetaInfResourcesProcessing=true
Liberty Archive InstallPH44289Install of z/OS Liberty interim fix fails with CRIMA1076E
Liberty KernelPH45316Liberty packaging fixes - Ensure the proper set of features are packaged when several valid versions exist

       

Issue/PRDescription
18177Liberty OP configured with SAML IdP, logout at OP is not propagated to the IdP
19627MP JWT 1.2 fails to load all relevant MP Config properties
19767Bump gRPC dependencies to 1.43.2
19937context-root for web-ext is no longer honored with WLP 22.0.0.1
20082CWWKE0702E: Could not resolve module: com.ibm.ws.ejbcontainer.remote [852] Bundle was not resolved because of a uses constraint violation
20247webContainer property skipMetaInfResourcesProcessing=true can cause NullPointerException in JSP taglib
20293Add security headers to OpenAPI UI
20298Avoid ConcurrentModificationException during dynamic configuration updates for federatedRepository and user repositories
20303NPE during handshake when CLIENT_AUTH or SERVER_AUTH is missing in the certificate extension
20310OpenAPI UI is broken (missing CSS)
20353NullPointerException in EJBWARRuntimeImpl when dynamically updating server configuration
20403LibertyRestClientBuilderImpl nonProxyHosts PatternSyntaxException
20441Timing window where cancellation of scheduled task is ignored
Fix pack 22.0.0.3
Fix release date: 15 March 2022     
Last modified: 15 March 2022     
Status: Superseded     

👁 Image
Download Fix pack 22.0.0.3
ComponentSecurity APARAPARDescription
JavaServer MyFaces (JSF) Apache MyFaces implementationPH43113ClassNotFoundException for SecureSerializedViewCollection during Session Persistence
Liberty Administrative CenterPH43817IBM WebSphere Application Server is vulnerable to remote code execution due to Dojo (CVE-2021-23450 CVSS 9.8)
Liberty KernelPH44064Liberty server command not working on IBM i platform after installing fix pack 22.0.0.2
Liberty System ManagementPH43223 IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to Clickjacking (CVE-2021-39038 CVSS 4.4)

Issue/PRDescription
12050@RolesAllowed rejects unauthenticated users when they mapped to an allowed (EVERYONE) role
19316Duplicate message key in com.ibm.ws.ui.tool.explore
19519LibertySSLSocketFactory cannot be loaded inside a custom feature
19613Bump netty dependencies to 4.1.72.Final
19659Update ExpressionLanguage 4.0 API/Impl to 10.0.14
19673JWT access token inbound propagation fails when a JWT sent as segments starts with "Bearer"
19780Adding Monitor Filter increases Startup Time.
19937Context-root for web-ext is no longer honored with WLP 22.0.0.1
19960OpenID Connect: Double URL Encoded State Parameter in Redirect location
19981ConcurrentModificationException in com.ibm.ws.security.openidconnect.clients.common.JtiNonceCache
19991featureUtility does not pass all features from server.xml to repository resolver
19999[JPA 2.2] EclipseLink: Deliver Bug #578262
20003Update Webcontainer ServletVersion Handling to Avoid SRVE8501E errors
20020AccessControlException thrown from Yoko calls to Class::getClassLoader
20063Server commands not working on IBM i after checkpoint changes
20064Fix server command on IBM i
20070503 response returned when request contained a 100-continue header
20165jsonpContainer-2.0 and jsonbContainer-2.0 features incorrectly use default providers.
20206Servers stop can fail in products that embed Liberty
20277False artifact io.openliberty.jaxrs30 in mvn repository
Fix pack 22.0.0.2
Fix release date: 15 February 2022     
Last modified: 15 February 2022     
Status: Superseded     

👁 Image
Download Fix pack 22.0.0.2
ComponentSecurity APARAPARDescription
Contexts and Dependency Injection (CDI)PH44762IBM WebSphere Application Server Liberty is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031 CVSS 5.4, CVE-2021-46708 CVSS 4.3)
GeneralPH41660After 21.0.0.9 upgrade "DefaultHostname" definition in bootstrap.properties does not overwrite Liberty default
PH43194Add support for CICS 5.6 to WOLA
PH43281API Discovery UI will not load
PH43530NullPointerException in JSP after 21.0.0.7
Intelligent Management ComponentPH41615Intelligent management WebServer plug-in is sometimes unable to route one HTTP session requests to the same member server
Virtual Member Manager (VMM)PH42489
IBM WebSphere Application Server Liberty is vulnerable to LDAP Injection (CVE-2021-39031 CVSS 7.5)
 
Issue/PRDescription
18299NullPointerException if used with mpMetrics 3.0
18941NullpointerException in JSP after upgrade
19177[JPA 2.2] EclipseLink: Deliver Bug #412391
19545OpenIdConnectClient cookies not getting deleted after logout
19608Oracle database helper logging `DSRA8207I` too frequently
19688Empty com.ibm.ws.logging.hideMessage hides all messages and does not create messages.log
19702Support for outbound channel selectors to start immediately
19707Runnable jar hangs after Ctrl + C
19780Adding Monitor Filter increases Startup Time
19781Calling `UserRegistry.isValidGroup` or `UserRegistry.isValidUser` when using `federatedRegistry-1.0` can return `true` when `false` should be returned
19785Federated SAF registries can incorrectly claim a SAF user or group is not in the realm when calling `UserRegistry.isValidGroup`
19826MP Fault Tolerance annotations at the class level of a Rest Client interface are ignored
19831The output of ./wlp/bin/productInfo featureInfo missing new lines
19841defautHostName does not get picked up from bootstrap.properties for cfw
19860Updating MicroProfile versions on server.xml causes issues with install manager
19897"ERROR: Input redirection is not supported, exiting the process immediately" reported with Open Liberty as a service on Windows
Fix pack 22.0.0.1
Fix release date: 18 January 2022     
Last modified: 18 January 2022     
Status: Superseded     

👁 Image
Download Fix pack 22.0.0.1
ComponentSecurity APARAPARDescription
GeneralPH42908HTTP/2 streams still accepted after server shutdown despite OLGH19193
Liberty Archive InstallPH41986Product validation fails by feature manager when PH39418 is installed
Runtime and ClassloaderPH42759Block class loads for vulnerable classes
Web ContainerPH42435SRVE0250I and SRVE0164E no longer emitted due to OLGH18992
Web Services (JAX-WS)PH42074 IBM WebSphere Application Server Liberty is vulnerable to an Information Disclosure (CVE-2022-22310 CVSS 4.8)
WebSphere MQ messaging providersPH42762Multiple vulnerabilities in Apache log4j affect IBM WebSphere Application Server Liberty (CVE-2021-4104 CVSS 8.1)
Issue/PRDescription
16320OAuth provider Multiple Connections are disallowed in current pre-existing attachment environment error TS003794701
17562Multiple duplicate element IDs cause excess memory allocations and looping.
18695Avoid inferring caller in LogRecord.getSourceClassName and LogRecord.getSourceMethodName in Liberty HPEL
19334Policy attachments file: policy-attachments-server.xml is not processed
19342[JPA 2.1] EclipseLink: Deliver Bug #463042
19348gRPC server property "httpEndpoints" is invalid
19366JMX file transfer errors should not expose resolved file paths
19413JAX-RS fails with 400 Bad Request when query string contains _type param
19433JNDI lookup to CORBA URL can hang
19505SRVE0250I and SRVE0164E messages not emitted unless trace is enabled
19514Test Failure: AutonomicalPolling1ServerTest.testAddPersistentExecs gets intermittent NullPointerException when transaction timeout aborts the connection
19522Unresolved gRPC bundles in feature
19547New HTTP/2 streams still accepted while server is closing
19567Memory Leak with mpJWT
19585Classes are still indexed by mpOpenAPI when mp.openapi.scan.disable=true
19589ArrayIndexOutOfBoundsException during startup with mpOpenApi
19630Application class loader to ignore designated classes
19631featureUtility installServerFeature fails when user feature is listed
Fix pack 21.0.0.12
Fix release date: 3 December 2021     
Last modified: 3 December 2021     
Status: Superseded     

👁 Image
Download Fix pack 21.0.0.12
ComponentSecurity APARAPARDescription
Liberty z/OSPH41840Cannot get a WOLA connection for a client after configuration update
Issue/PRDescription
7735Backport close stream weld properties overlay
17428OpenAPI 2.0 includes non-public fields in the generated documentation
17599wsoc connection causes quiesce error
18896OSGiBeanValidationImpl DS component needs to wait for all config to load.
18992Application fails to restart in server.xml update scenario
19051Server script depends on the `which` command
19057Port bind skipped at server startup
19087Throughput performance degradation in eclipselink due to Thread.getStackTrace calls
19127AccessControlException in WebAppSecurityCollaboratorImpl performDelegation(...)
19193Stop allowing creation of H2 streams if server is closing
19197ClassCastException in JSP relating to JDT internal classes
19227Bug Fix: Ensure ServletRequestListener#requestDestroyed is always called
19233Incorrect PostgreSQL session table query
Fix pack 21.0.0.11
Fix release date: 5 November 2021     
Last modified: 5 November 2021     
Status: Superseded     

👁 Image
Download Fix pack 21.0.0.11
ComponentSecurity APARAPARDescription
IBM iPH39665WebSphere Liberty server fails to start on IBM i running with Java 11
System Management FunctionsPH40204Deadlock found in SingletonServiceManagerImpl registerService
Issue/PRDescription
13990SAML JSP gets unexpected 500 error due to ClassCastException
16598ServletContainerInitializer is passed invalid @HandlesTypes classes
16811Response output may not close at end of dispatch forward
17155Multiple entries may be added to the Authentication Cache for a custom cache key hashtable login
17972`@Schema(multipleOf = )` can throw `NumberFormatException` in `mpOpenAPI-2.0` feature
18262server startWinService & stopWinService commands give incorrect/misleading return codes
18411Liberty message.log has repeating servlet lifecycle messages
18419ExpressionFactory#getClassNameServices fails if META-INF/services/javax.el.ExpressionFactory contains comments
18492gRPC service registration broken for EAR deployments
18663NullPointerException in JaxRsFactoryImplicitBeanCDICustomizer
18674HTTP/2 streams closed due to client window update delay
18751Bump netty dependencies to 4.1.68.Final
18813Test Failure: testJTATransactionUsedSeriallyWithOverlapAndCommitWithinLastStage NullPointerException
18836NPE when creating an HttpAuthenticationMechanism with the default package
18866Fix PasswordUtil.passwordEncode() with "hash" option
18925Cloudant NLS messages are not used
18973Investigate weld-osgi-bundle versions in feature files
Fix pack 21.0.0.10
Fix release date: 8 October 2021     
Last modified: 8 October 2021     
Status: Superseded     

👁 Image
Download Fix pack 21.0.0.10
ComponentSecurity APARAPARDescription
Liberty KernelPH39418Multiple Vulnerabilities in Apache Commons Compress affect WebSphere Application Server Liberty (CVE-2021-33517 CVSS 5.5, CVE-2021-36090 CVSS 7.5)
PH40489SPNEGO fails with 403 error on Java 11 at 21.0.0.9
Liberty System ManagementPH39935CWWKE0701E at Liberty startup reports a ConcurrentModificationException in the APIProviderAggregator class
Web ContainerPH40879Server start hangs caused by plugin-cfg.xml generation
Virtual Member Manager (VMM)PH38929WebSphere Application Server is vulnerable to Information Disclosure (CVE-2021-29842 CVSS 3.7)
Issue/PRDescription
17155Multiple entries may be added to the Authentication Cache for a custom cache key hashtable login
17489IllegalStateException is thrown when Liberty tries to update a readOnly subject
17950Fix SRVE8501E Warning
18281Possible Bug with deferServletRequestListenerDestroyOnError
18282Bug: AdminCenter SRVE0190E: File not found: /images/tools/wasdev_142x142.png
18299NullPointerException if used with mpMetrics 3.0
18348ContainerRequestContext.getAcceptableLanguages() - fails with IllegalArgumentException when invalid locales are specified in the Accept-Language header.
18404Create PluginGenerator Lock to Address FileNotFoundExceptions
18430Saml web sso sp initiated login flow resulting in buildup of WASSamlReq_xx cookies
18437JSF throws ClassNotFoundException for o.a.m.el.convert.ValueExpressionToValueBinding
18475Servlet ReadListener does not receive all HTTP request data
18503RuntimeCodebase cannot be located on collocated call
18530Startup hang caused by plugin-cfg generator changes
18552JAX-RS 2.0 and 2.1 implementation is executing resource method when Content-Type or Accept header contains invalid values
18663NullPointerException in JaxRsFactoryImplicitBeanCDICustomizer
Fix pack 21.0.0.9
Fix release date: 10 September 2021     
Last modified: 10 September 2021     
Status: Superseded     

👁 Image
Download Fix pack 21.0.0.9
ComponentSecurity APARAPARDescription
JavaServer Faces (JSF) Apache MyFaces implementationPH40182JSF faces-config parser throws NPE when XML namespace missing
JavaServer Pages (JSP)PH38133Incorrect Expression Language (EL) Method Matching with Varargs
Liberty z/OSPH39946Liberty logging hideMessage= parameter should also stop messages being written to messageLogDD=MSGLOG
Issue/PRDescription
16700Improve featureUtility performance with remote repository
17444Pull in BZ 65358 -- Varargs Method Matching (EL Patch)
17591IdentifyException accidentally externalized as unusable top level config element
17682Exception stack trace is exposed in error returns from JMX REST apis
17912Bump netty dependencies to 4.1.66.Final
18002`@Schema(multipleOf = )` validation check is wrong in `mpOpenAPI-2.0` feature
18009Wrong char count in ServletOutputStream with non-ASCII characters skips content
18091Remove system from code
18155JSF faces-config parser throws NPE when namespace missing
18213IOException FFDC logged after HTTP/2 stream is closed by client
18237Unexpectd FFDC from Jackson
Fix pack 21.0.0.8
Fix release date: 13 August 2021     
Last modified: 13 August 2021     
Status: Superseded     

👁 Image
Download Fix pack 21.0.0.8
ComponentSecurity APARAPARDescription
JavaServer Faces (JSF) Apache MyFaces implementationPH38339StringIndexOutOfBoundsException Occurs When Creating a Resource
Issue/PRDescription
16700Improve featureUtility performance with remote repository
16994Dynamic reconfig of discovery endpoint not updating endpoints in all cases
17313Ubuntu upgrade re-enabled openliberty@defaultServer
17678Port MYFACES-4065/MYFACES-4187 to JSF 2.2
17757Passivating remote EJB Stub fails when rmicCompatible=true
17799gRPC monitoring requires the enablement of both grpc-1.0 and grpcClient-1.0
17828Update JSP Logic to Avoid Race Condition Regarding trackDependencies
17904grpcClient-1.0 dynamic enablement unexpected behavior
Fix pack 21.0.0.7
Fix release date: 15 July 2021     
Last modified: 15 July 2021     
Status: Superseded     

👁 Image
Download Fix pack 21.0.0.7
ComponentSecurity APARAPARDescription
Contexts and Dependency Injection (CDI)PH37788Use first found ejbDescriptor for MD
GeneralPH35877Session ActiveCount shows a negative value
PH34906XML External Entity Injection (XXE) in WebSphere Application Server Java Batch (CVE-2021-20492 CVSS 6.5)
PH38224Invalid command line optional parameters with "featureUtility help installFeature"
Issue/PRDescription
14575OAuth client registration: Client IDs with GB18030 characters do not work
15726Re-introduce change reverted from 14248
16282Nullpointer exception during authorization using OidcLogic
17235FeatureUtility should return RC=20 when invalid action name is specified
17299Allow multiple version of singleton feature with featureUtility installFeature command
17344OIDC RP may fail to login if clientSecret is not configured TS005720300
17437NPE in com.ibm.tx.jta.util.logging.TxTr.initTrace
17478Invalid command line optional parameters are shown with "featureUtility help installFeature" and "featureUtility help installServerFeatures"
17482Unexpected results with JSP trackDependencies in the extended document root
17489IllegalStateException is thrown when Liberty tries to update a readOnly subject
17576OIDC Update the description for disableIssChecking
17593EJB Singleton Lifecycle Deadlock
17635Bump gRPC dependencies to 1.38.1
17658ConcurrencyPolicy loses queue slots when managed executor deactivates and erroneously cancels tasks of other executors
17666JavaMail tries to use a resource file that only exists in the implementation
Fix pack 21.0.0.6
Fix release date: 18 June 2021     
Last modified: 18 June 2021     
Status: Superseded     

👁 Image
Download Fix pack 21.0.0.6
ComponentSecurity APARAPARDescription
JavaServer Pages (JSP)PH36923java.lang.NullPointerException caused by PH34711
Liberty KernelPH37460Setting 'AutoExpand' to true causes the 'UseJandex' setting to be ignored
Issue/PRDescription
12778mpJWT-1.1 configured by using jwksUri results in CWWKS5523E at the first jwt token presented to the server
15023WASReqURLOidc cookie encodes the request url but does not decoded it upon successful redirection
16598ServletContainerInitializer is passed invalid @HandlesTypes classes
16743Pull in MyFaces 2.3.9
17040Revision to httpOption maxKeepAliveRequest default value
17047PluginGenerator FFDC: BundleContext is no longer valid
17117Test Failure: Failover1ServerCoordinatedPollingTest.testMultipleInstancesCompeteToRunManyLateTasksPC
17177Failed to locate data source, null Resourcefactory
17203ORB.init() called simultaneously on two threads during server start
17268APAR PH37460 useJandex is ignored when autoExpand is set
17294java.io.IOException might be thrown during AsyncContext.complete()
Fix pack 21.0.0.5

Fix release date: 21 May 2021     
Last modified: 21 May 2021     
Status: Superseded     

👁 Image
Download Fix pack 21.0.0.5

ComponentSecurity APARAPARDescription
Liberty OSGi ApplicationsPH28781CWWKZ0404E: An exception was generated when trying to resolve the contents of the application
Liberty z/OSPH35442Smf120 subtype 11 records sometimes missing values when a servlet request takes an error path
PH35542Abend 0C4 in ntv_registerserver reported on WebSphere Liberty z/OS 20.0.0.12 (wlp-1.0.47.cl201220201111-0736)
PH36576CWWKB0086E seen in angel in fix pack 21.0.0.3

Issue/PRDescription
13522Publish the WebContainer property enableMultiReadOfPostData
14174The WebContainer properties may not be updated accordingly.
14345ServletContext getContextPath() does not end with forward slash.
15216JDBC Kerberos problems on IBM JDK 8
16203IllegalStateException when calling CDI bean with @Transactional(Transactional.TxType.NEVER) from websocketEndpoint
16307Update Liberty to not block use of Oracle 21c JDBC driver with IBM Java 8 and Kerberos authentication.
16428Remove Internal From setHtmlContentTypeOnError
16495Rename plugin-cfg File Using Files#Move
16524Fix issue with spanning an audit record across audit logs when signing and encrypting of audit logs is enabled
16539SESSION ACTIVECOUNT SHOWS A NEGATIVE VALUE
16637Authorization failure occurs when LDAP or basic user attempts login in SAF federated registry
16661microprofile-config.properties is not loaded in OASFilter
16694Avoid virtual host missing warning if server is in the process of shutting down
16764Deploying two applications with mpOpenApi-2.0 enabled can cause IllegalStateException: SROAP00001: Model already initialized.
16772[JPA 2.1] EclipseLink: Deliver Bug #573094
16774PostgreSQL session table check missing qualifier name
16793Include RelayState in the logout response to IdP initiated slo requests
16808Issue16807 support new Java policy location per open JDK 9
16843Cleanup request thread data
Fix pack 21.0.0.4

Fix release date: 23 April 2021     
Last modified: 23 April 2021     
Status: Superseded     

👁 Image
Download Fix pack 21.0.0.4

ComponentSecurity APARAPARDescription
Administrative ConsolePH34122
Vulnerability in Dojo affects WebSphere Application Server (CVE-2020-5258 CVSS Score 7.5)
Java 2 Connectivity (J2C)PH33683EJB timer service does not adjust for daylight savings time
JavaServer Faces (JSF) Apache MyFaces implementationPH34711Vulnerability in Apache MyFaces affects WebSphere Application Server (CVE-2021-26296 CVSS 8.8
Issue/PRDescription
15336Replace DNS lookup with regular expression to get the domain name in SSO Cookie Domain function
15989MyFaces Update State Saving
16054HSTS Header not added on responses with 404 status
16113Shared Class Cache not generated on Windows
16118Create setHtmlContentTypeOnError Webcontainer Property
16160HTTP/2 ClassCastException during error handling
16184EJB timer service does not adjust for daylight savings time during fall adjustment
16301LDAP and Database Identity Stores fail to reprocess deferred EL expressions
16353Bump netty dependencies to 4.1.62.Final
16364Premature response completion in Async servlets
16410Improve messaging in ldapRegistry-3.0 when userFilter and groupFilter do not contain an AVA with %v
16416Java 2 Security exception when adding custom principal to the subject for Jaspic
Fix pack 21.0.0.3

Fix release date: 26 March 2021     
Last modified: 26 March 2021     
Status: Superseded     

👁 Image
Download Fix pack 21.0.0.3

ComponentSecurity APARAPARDescription
Liberty z/OSPH33563
SAFPasswordUtilityFactory.getInstance().passwordChange results ioException: exception in opening zip file after multiple calls
PH34338ABEND0C4 during Liberty server shutdown
Issue/PRDescription
5470NLS message CWWKE0031E is inaccurate when emitted from server script
11249JAXRS leaks memory when applications do not close their Client references
12606server.bat script does not read path of jvm.options correctly as documented
14926Bean Validation 1.1 NullPointerException from ValidationReleasableFactoryImpl
15646Issue15644ProperMergingOfJava2Permissions
15744Pull in MyFaces 2.3.8
15799Plugin Generator can cause server shutdown delay
15822LDAP group members may be ignored when the member's RDN starts with cn (and possibly other attribute names).
15853Bump netty dependencies from 4.1.52.Final to 4.1.59.Final
15857EJB client intermittently throws BAD_PARAM after server restart
15869MP Config AppPropertiesTrackingComponent synchronization
15878JAX-RS requests that do not specify the port fail with SSL
15927Cannot inject optional list with mpConfig-1.x
15943Merge multi-homed environment related changes into Liberty
15975Create a UDP connection using the selected outbound interface
15985Threads backing up during transaction processing due to use of Dictionary
16037Separating ciphers with two spaces results in unspecified behaviour
16060Eclipselink bundles lack javax.mail.internet
Fix pack 21.0.0.2

Fix release date: 26 February 2021     
Last modified: 26 February 2021     
Status: Superseded     

👁 Image
Download Fix pack 21.0.0.2

ComponentSecurity APARAPARDescription
Contexts and Dependency Injection (CDI)PH33219
AdminCenter web app is not updating status after an operation concludes
InstallPH33517Issue with <INCLUDE LOCATION> tag on Liberty 20.0.0.9 failed to support the WLP_USER_DIR in already built fixes
Java 2 Connectivity (J2C)PH31875J2CA0079E: getManagedConnection internal illegal state state = state_inactive mcw
Issue/PRDescription
11777prepareJSPThreadCount is not documented in Open Liberty - Investigate if any issues using it and document
12490IOExceptions thrown after HTTP/2 stream is closed by client
12694EclipseLink: Deliver Bug #538296
14109Update gRPC dependencies to 1.35
14175Expression Language 3.0 value lookup performance improvement
14248Update WC property suppressHtmlRecursiveErrorOutput
14934JAX-RS client creates a new SSLSocketFactory for every request
15040ClassCastException might happen when serving a static resource
15433System WABs may come online with the web container after server reports started
15550NullPointerException in HttpServletRequest or HttpServletResponse context proxies
15698
FeatureUtility not parsing Liberty custom environment variables
Fix pack 21.0.0.1

Fix release date: 29 January 2021     
Last modified: 29 January 2021     
Status: Superseded     

👁 Image
Download Fix pack 21.0.0.1

ComponentSecurity APARAPARDescription
InstallPH32961InstallUtility and FeatureUtility are working when the variable is a directory, but not part of a file name
Intelligent Management ComponentPH31732Restricting IP access in ssh keys in authorized_keys, results in ssh key being appended when collective member is restarted
Issue/PRDescription
10000HttpServletResponse.sendRedirect(String location) builds absolute URL including protocoll and server-name
12095PluginGenerator: BundleContext is no longer valid
12417Fix java.lang.IllegalStateException: jstl facade bundle can not be located
13515Add addstricttransportsecurityheader WebContainer prop to metatype
14532Plugin Generator can cause server shutdown delay
14815Recovery race
14925OAuth user registry lookups may use incorrect custom cache key
14928EclipseLink: Deliver Bug #514486
14936Issue when deploying Open Liberty application to Openshift
14950Pull MyFaces 2.3.7 into Open Liberty
14975OIDC RP: creating a subject with allowCustomCachKey=false results in a subject that includes a cache key
15174Include tag on windows not parsing correctly
15216JDBC Kerberos problems on IBM JDK 8
15220Add HTTP/2 IOException for misbehaving client error case
15237Clear federated repository specific information from AuditManager thread
15242Stop the ACME Certificate Checker Task when the server is stopping
15263HTTP TRACE method requests are rejected with a 403, and `enableTraceRequests="true"` does not help
15305Pull in CXF-8278
15315Enable server shutdown on recovery log failure
15337Dynacache initialization issue when ID is missing
15342CONTAINER_NAME env variable is not reflected in logstashCollector-1.0
15388Include tag file name unable to be parsed for featureUtility
15390Various thread safety issues in the Liberty scheduled executor
15550NullPointerException in HttpServletRequest or HttpServletResponse context proxies
Fix pack 20.0.0.12

Fix release date: 27 November 2020     
Last modified: 27 November 2020     
Status: Superseded     

👁 Image
Download Fix pack 20.0.0.12

ComponentSecurity APARAPARDescription
GeneralPH30714PortOpenRetries needs to do retries for hostname lookup failures
PH30744Increased CPU can occur after moving to Liberty version 19.0.0.7 or higher
InstallPH32363InstallUtility and featureUtility ignores included config files on Windows
Intelligent Management ComponentPH31277Health policies do not trigger
Java Persistence API (JPA)PH29720EclipseLink generates SQL for the coalesce function with incorrect whitespace.
Systems Management FunctionsPH30558Do not store Leader ID when server is stopping
Issue/PRDescription
14425EclipseLink: Deliver Bug #567087
14426EclipseLink: Deliver Bug #463350
14457EclipseLink: ClassCastException for Boolean-Typed JPS-Query
14540com.ibm.wsspi.cache.getProperties() returns empty map.
14542Java 15: IllegalAccessError when using MP Rest Client
14555TCP: add retry logic to hostname loookup when opening ports
14582Prevent jsonp-1.0 and jsonpContainer-1.1 from both starting.
14597Increased CPU when moving from Liberty 19.0.0.6 to newer releases.
14650MP GraphQL does not scan JARs in WEB-INF/lib for GraphQL components
14655Move participatingBaseEntry check to avoid inaccurate logging of CWIMK0004E message
14657Fix connection manager deadlock for purgePolicy=FailingConnectionOnly
14735Fix the Logging metatype description message for hideMessage
14743Variables in include files not recognized after config update
14781Wrong FailureScopeController used in peer recovery
14826Allow Spring Boot app with embedded launcher script to deploy
14828Server stop hang
Fix pack 20.0.0.11

Fix release date: 30 October 2020     
Last modified: 30 October 2020     
Status: Superseded     

👁 Image
Download Fix pack 20.0.0.11

ComponentSecurity APARAPARDescription
GeneralPH30494NullPointerException is received when using the PasswordChange API with more than one UserRegistry
Java 2 Connectivity (J2C)PH29942Vulnerability in Hibernate Validator affects WebSphere Application Server Liberty (CVE-2020-10693 CVSS 5.3)
Issue/PRDescription
7056HTTP/1.1 and HTTP/2 behave differently when a non-standard HTTP method is used
12312Update to commons daemon breaks windows servicel
12724Unable to Override JAX-RS SecurityContext in ContainerRequestFilter
13073FFDC raised when fallback method or handler throws exception
13830Federated repositories returns the string "null" instead of the value null for several methods
13861Getting ManagedThreadFactory from JNDI is failing in 20.0.0.9
13908Liberty Java security function does not honor JDK's java.policy file.
14003Test Failure: com.ibm.ws.microprofile.health20.fat.ApplicationStateHealthCheckTest.testPreLoadedApplicationsHealthCheckTest_mpHealth-3.0
14183Need an option to load a custom JaasLoginModule without going through com.ibm.ws.kernel.boot.security.LoginModuleProxy
14192Eclipselink: Wrong month is returned if OffsetDateTime is used in JPA 2.2 code
14377Server.xml config sources do not respect config_ordinal
14421EJB persistent timer may attempt to run after server stop issued
Fix pack 20.0.0.10

Fix release date: 2 October 2020     
Last modified: 2 October 2020     
Status: Superseded     

👁 Image
Download Fix pack 20.0.0.10

ComponentSecurity APARAPARDescription
Asynchronous beansPH29578CWWKE0701E: Frameworkevent error org.osgi.framework.serviceExcception
Liberty KernelPH27428NullPointerException because wsJarUrlStreamHandler creates unusable input stream
PH27908Unconverted adapt to web annotations from com.ibm.ws.openApi.internal.annotationScanner
PH28816During server startup, the warning "Unconverted adapt to web annotations" appears in server logs
Liberty z/OSPH28141Out of memory in cell pool using 500 connections
Web Services SecurityPH29368WebSphere Liberty running oauth-2.0 or openidConnectServer-1.0 features is vulnerable to a denial of service attack (CVE-2020-4590 CVSS 5.3)

Issue/PRDescription
11646Concurent Login Issue
11722mpHealth - readiness check reports UP when application fails to start
11847Add support for traditional websphere property: com.ibm.ws.webcontainer.suppresslastzerobytepackage
12613Enabling openTracing with no tracer class configured impacts performance
12790Need to limit how many times an OIDC refresh token can be used to get new tokens
13404Kafka connector can report failure for acknowledgements which eventually succeed
13551NullPointerException when starting an EJB module during server stop
13569Federated basicRegistry returns inconsistent results for case insensitive direct user lookups in scim-1.0
13613Support IIOP transmission of Supplemental Multilingual Plane characters (such as emoji) in (wide) Strings
13681Getting ManagedThreadFactory from JNDI is failing in 20.0.0.9
13817PostgreSQL tables are not automatically generated for transaction recovery
Fix pack 20.0.0.9

Fix release date: 4 September 2020     
Last modified: 4 September 2020     
Status: Superseded     

👁 Image
Download Fix pack 20.0.0.9

ComponentSecurity APARAPARDescription
EJB ContainerPH27497CNTR5010E,CNTR0075E Errors after migrating from WebSphere V8.5.5.X TO V9.0.5.X
PH27912CNTR5104E OR CNTR5102E occurs at EJB start after upgrading WebSphere to V8.5.5.16, V9.0.5.0, V9.0.5.1, OR V9.0.5.2
InstallPH30219<INCLUDE> Tag not being considered when installing server.xml
Java Persistence API (JPA)PH26967OpenJPA's class transformer needs to respect app classloader concurrency
PH28547JPA persistence activator retains classloader references, potentially leading to OutOfMemory condition
Issue/PR
Description
11504Occasional ArrayIndexOutOfBoundsException in JaspiServiceImpl.getDescription during Arquillian Tests
11556Connection leak when XAResource.recover fails
12832Bean Validation should consider @ValidateOnExecution when CDI is not enabled.
13027Jaxrs security not getting SSL Socket Factory updates
13036mpGraphql Exception allowlist not working. NullPointerException is thrown by mpConfig
13138
13170MDB method restricted from being private final for no methods listener
13309Application with EJB 2.x local interface that extends java.rmi.Remote fails to start
13331ignore extra ffdc when application fail to start due to vhost already removed by stop app
13447Http/2 -clean up connection on error
14183Need an option to load a custom JaasLoginModule without going through com.ibm.ws.kernel.boot.security.LoginModuleProxy
Fix pack 20.0.0.8

Fix release date: 7 August 2020     
Last modified: 7 August 2020     
Status: Superseded     

👁 Image
Download Fix pack 20.0.0.8

ComponentSecurity APARAPARDescription
Systems Management FunctionsPH27639Stopped application may show as started in collective controller.
SecurityPH34376RACF RACMAP filter fails to properly match on realm
Issue/PRDescription
12074Webcontainer property decodeUrlPlusSign issue
12312Update to commons daemon breaeks windows service
12450Batch: Fixes for remote partition job logs
12523Failed to parse Created TimeStamp in UsernameTokenValidator
12613Enabling openTracing with no tracer class configured impacts performance
12695JAX-RS Application Proxy should override getProperties()
12780CWMRX1001W seen in messages.log
12865spring-cloud-starter causes ApplicationStarted event to be fired before the ModuleStarted events for Spring Boot web apps
12967"peer not authenticated" failures in RP to OP communication on some versions of Java 11
13094MDB message listener method name restricted from starting with "ejb"
Fix pack 20.0.0.7

Fix release date: 9 July 2020     
Last modified: 9 July 2020     
Status: Superseded     

👁 Image
Download Fix pack 20.0.0.7

ComponentSecurity APARAPARDescription
Liberty System ManagementPH26177API Discovery UI fails
z/OSPH23733Unexpected Transaction CPLT ABEND ASIB when transaction is rolled back
Issue/PRDescription
8048Unable to write multipart data in Jax-Rs
12032Configuration for sslSessionTimeout is ignored at runtime
12067PluginUtility currently looks in the workarea for com.ibm.ws.jmx.local.address but should look in the logs/state directory
12352Correct spelling mistake in com.ibm.ws.jsp.jstl.facade/bnd.bnd
12375IllegalArgumentException occurs when processing SOAP response containing SOAP Fault
12399HTTP/2 read window not updated
12516Changes to SSL Session Timeout
12537H2 NPE HttpOutputStreamImpl.flushHeaders
12545syncQueryTimeoutWithTransactionTimeout="true" with totalTranLifetimeTimeout="0" results in SQLTimeoutException
12567Fault Tolerance 2.1: org.eclipse.microprofile.faulttolerance cannot be resolved
12599HTTP/2 connection termination performance
12708Entry and exit trace is missing when using OpenJDK with OpenJ9 version 8.
12715JAX-RS @Context injection into ContextResolver
Fix pack 20.0.0.6

Fix release date: 12 June 2020     
Last modified: 12 June 2020     
Status: Superseded     

👁 Image
Download Fix pack 20.0.0.6

ComponentSecurity APARAPARDescription
Administrative ConsolePH25475After logging in to admin center console, in the web browser console role is getting exposed
GeneralPH25479JAXRS resource not injecting objects via CDI constructor injection
Liberty z/OSPH25650Message CWWKO0230I is issued even if the Asynchronous I/O support was not activated
Virtual Member Manager (VMM)PH24423With SCIM-1.0 feature and LDAP registry, SCIM queries for group members do not deliver the display name for group members
Issue/PRDescription
9157Update Eclipselink 2.6_WAS to ASM 7.2 to support Java 14
10067Update JPA to fix EclipseLink bug 618
10236Update JPA to fix EclipseLink bug 558283
10240Update JPA to fix EclipseLink bug 558414
10812Update printSessionManagerConfigForDebug method to include cookieHttpOnly
11773[openidConnectServer-1.0] incorrect http status code for error response invalid_grant
11795EclipseLink: Deliver Bug #561664
11882Missing FunctionMapper
11927Include user name in CWWKS1773E error message TS003412433
11977May get an NPE in URLEncoder.encode when OAuth provder gets bad clientId TS003459997
11984JNDI lookup fails with org.osgi.framework.ServiceException
12019Application MBean status is not updated when application fails to start
12024The JCA SharedPool can leak MCWrapper objects
12212Cached configuration not used in some circumstances
12297Correct JSP 2.3. Feature File
Fix pack 20.0.0.5

Fix release date: 15 May 2020     
Last modified: 15 May 2020     
Status: Superseded     

👁 Image
Download Fix pack 20.0.0.5

ComponentSecurity APARAPARDescription
Liberty z/OSPH24366Liberty fails to remove the client address space level RESMGRs when cleaning up Liberty's client structures
Web ContainerPH20847Information disclosure in WebSphere Application Server (CVE-2020-4329 4.3)
Web Services SecurityPH24154Identify spoofing in WebSphere Application Server (CVE-2020-4421 5.0)
Issue/PRDescription
11475CWWKG0090E seen when using include that worked in previous version
11550SSL Channel: double release of WsByteBuffer race condition
11582NPE in OpentracingUtils.lookupAppName()
11590MetricProducer provides a simple timer and concurrent gauge with the wrong MetricType
11595SAML SP should use 401 instead of 403 when redirects user to IdP
11682Social login feature cookies may not use dynamically updated web app security config
11696Exception during UserTransaction thwarts @Fallback on @Asynchronous method
11716Changes for issue 11646
11746Unable to create logger error in server startWinService when WLP_OUTPUT_DIR set in server.env
11750Correct redirect location.
11755Update Weld3 to 3.1.4
11767Lock contention acquiring applicationTracersLock in OpentracingTracerManager.ensureTracer()
11785intermittent h2 timing test failure
11870H2 NPE check modification
Fix pack 20.0.0.4

Fix release date: 17 April 2020     
Last modified: 17 April 2020     
Status: Superseded     

👁 Image
Download Fix pack 20.0.0.4

ComponentSecurity APARAPARDescription
GeneralPH23757EJB persistent timer/deserialized context fails with CWWKC1004E (unavailable context) after mpContextpropagation-1.0 disabled
Install V8 and abovePH23517zosConsoleCommandDisplayWork-1.0 as an auto-feature is not installed
Liberty Archive InstallPH23233NullPointerException when installing the required WLP server's features from local repository
Liberty z/OSPH22112Display work with zosRequestLogging feature does not count servlet requests
PH23817gpf in liberty server during shutdown
Web Services SecurityPH22080Cross-site scripting vulnerability in samlWeb-2.0 (CVE-2020-4303, CVE-2020-4304)
 
Issue/PRDescription
4040Make RC consistent for starting liberty as a Windows Service
4873Allow CXF-specific client properties for the JAX-RS 2.X Client APIs
8933Authentication cache fails to find existing Subjects, slowing performance.
9692Non-English characters in logoutRedirectUrl of oauthProvider results in incorrect redirection
9986Application fails to start because of java.lang.IllegalStateException: Configuration pid com.ibm.ws.app.manager_23 was deleted
10707Thread safety problem in JSON logging field name mapping code
10986Invalid JSON data passed to @Path resource method(@Valid MyPojo) yields H500 instead of H400
11043java.security.AccessControlException: Access denied ('java.util.PropertyPermission' 'org.osgi.framework.bootdelegation' 'read')
11044custom-login-configuration not honored in java:comp/env bindings without binding-name
11108mpRestClient-1.3 ignoring hostnameVerifier configuration
11199EJB Persistent Timer/deserialized context fails with unavailable mp.cleared.context.provider after mpContextPropagation-1.0 disabled
11289ConcurrentModificationException during JSF application startup
11445The JarFileClassLoader throws an IllegalArgumentException when defining package com.ibm.websphere.ras.annotation
11454Remove lock contention and other perf improvements for starting multiple applications
11478Minor code issue in LdapHelper.getRDN in com.ibm.ws.security.wim.adapter.ldap
11510Timing window where server loses the ability to run a persistent timer if config update to disable execution overlaps a poll
11534Async implementation of MP rest client returns CompletionStage of Collection of HashMap but expected CompletionStage of Collection of a user defined type
11535AdapterUtil.createXAException utility method garbles message parameters
11543PH22080
Fix pack 20.0.0.3

Fix release date: 20 March 2020     
Last modified: 20 March 2020     
Status: Superseded     

👁 Image
Download Fix pack 20.0.0.3

ComponentSecurity APARAPARDescription
Liberty log analytics and monitoringPH22677Logstash error when parsing json
Liberty z/OSPH21809Liberty on z/OS message routing to msglog dd stops unexpectedly
PH21956JVM crash in zosLoggingBundleActivator.ntv_writeFile()
PH22759Abend on the z/OS Hard failure Cleanup Thread during server stop processing
Virtual Member Manager (VMM)PH21704SCIM fails to search when quotation marks are included in search filter
Web Services (JAX-WS, JAX-RS)PH22079Vulnerability in Apache CXF affects WebSphere Application Server Liberty (CVE-2019-17573)
Issue/PRDescription
8547Oracle connectionProperties being traced
9588Fix JWKS behavior that returns cached JWK despite the JWK not having right KID
10310EclipseLink: Deliver Bug #347987
10510Thread fails to complete during the quiesce period
10552Webcontainer Bundle Deactivation causes IO Exceptions for the Cached Plugin-cfg File
10697LDAP registry and URBridge are not un-escaping double quotation and apostrophes from the XPATH search expression
10712AsyncResponseImpl.initContinuation() throws NPE when Continuation is null
10730Javadoc of ConnectionManagerMBean.getJndiName is not accurate
10732Context-root attribute for server.xml web-ext element ignored
10762Missing warning when a server element is not present
10867German translation for 'Logout' incorrect for OIDC applications
10961Request URL mismatch between scheme and port
10981Yoko ORB shutdown thread hangs
10996Error parsing JSON when using ELK with logstashCollector-1.0
11052Basic registry throws PatternSyntaxException when search for users or groups includes braces
11105HTTP/2 stream initialization race conditions
11123Enhance NCSA access log 'enabled' attribute documentation
Fix pack 20.0.0.2

Fix release date: 21 February 2020     
Last modified: 21 February 2020     
Status: Superseded     

👁 Image
Download Fix pack 20.0.0.2

ComponentSecurity APARAPARDescription
GeneralPH10461When using BYO SSH keys, starting a collective controller keeps appending the ssh key to the authorized_keys file
PH11895PI81056 did not fully resolve the issue resulting in msg CWWKO0224E (hostname resolution error) during server startup
PH19384Liberty for z/OS server using optimized local adapters abends in method WOLANativeUtils.ntv_getClientService on shutdown
PH19528Denial of Service in WebSphere Application Server (CVE-2019-4720)
PH19989Denial of Service in WebSphere Application Server (CVE-2019-12406)
PH20816Install of common Java SDK for Liberty on z/OS fails with CRIMA1161E
PH20912Unable to set samesite cookie option with response.addHeader
PH21213Unable to install WebSphere Application Server Liberty V8.5 version 20.0.0.1 using IBM Installation Manager
PH21281Warnings showing the text "Unconverted adapt" appears in server logs
PH21564java.lang.SecurityException possible from messaging component calls to System.getProperty("line.separator")
PI93822EJB auto-link fails for java:global with beanName provided

Issue/PRDescription
8015 Delay TCP Port starts until server is initiailized
9085ServletCacheEngine ignore cache for App using default context root
9157Update Eclipselink 2.6_WAS to ASM 7.2 to support Java 14
9512OIDC RP does not reject requests that match more than one filter
10067EclipseLink: Deliver Bug #618
10142 Installing mpHealth 1.0 and 2.0 features together causes NullPointerException
10189Fault Tolerance reports an internal error when an asynchronous method returns null
10196H2 close with error produces invalid state
10236EclipseLink: Deliver Bug #558283
10238Default logging format not being set when using an invalid console/message logging format
10240EclipseLink: Deliver Bug #558414
10243Pull in MYFACES-4311 and add a FAT
10248JsonB provider not found when loaded from library
10293Test Failure: com.ibm.ws.testing.opentracing.test.FATOpentracing.testImmediate
10310 EclipseLink: Deliver Bug #347987
10337Java Batch: Error reported when JMS job dispatch message is redelivered
10384Support for SameSite attribute in Set-Cookie header is needed
10393PersistentTimerCoreTest.testDisabledLateTimerMessage FFDC indciates missing doPriv on abort
10397Retry port opening according to configurable number of retries
10426requestTiming-1.0: servletTiming server configuration does not work with servlet-4.0
10461Basic registry throws PatternSyntaxException when search filter contains paren
10462LDAP registry throws InvalidSearchFilterException when principalName search filter contains paren
10508Avoid using System.getProperty("line.separator") in messaging code
10559Need to quit warning about strange cookies sent from IBM ID
10578oidcclient does not expand ID attribute after 19.011
10582JAX-RS 2.0 ExceptionMapper is ignored when using mpOpenTracing
10587Yoko ORB shutdown thread hangs
10604Wrong encoding for special characters (Swedish language)
10702Decompression Ratio Support
Fix pack 20.0.0.1

Fix release date: 24 January 2020     
Last modified: 24 January 2020     
Status: Superseded     

👁 Image
Download Fix pack 20.0.0.1

ComponentSecurity APARAPARDescription
Liberty System ManagementPH20161OpenAPI Swagger UI vulnerability (CVE-2019-17495)
Web Services (JAX-WS, JAX-RS)PH18762Add support for gzip encoding
Issue/PRDescription
6956Liberty depends on the ps command during shutdown
8563Pull in MyFaces 2.3.6
8773OIDC Client Requests Tokens with the same auth code
9281auditUtility command/script file not found in 
9307Error message when MP Open Tracing feature is enabled but not in use
9441Auto-features which depend on kernel features do not get installed
9943 Map the Spring Boot application's context root to the application's welcome page (index)
9516Unfriendly user error message displayed and user is blocked from signing in to their application when their liberty session expires
9602H2 Synchronization problem with tests that are sending duplicate frames
9679H2 intermittent error when upgrade fails
9708For a batch job with partitioned step, the PartitionReducer's afterPartitionedStepCompletion gets ROLLBACK on normal completion.
9798Handling logging out of mp jwt flow introduces an error
9824 Cannot distinguish opaque token that contains two dots from JWT
9848Resource adapters might fail to start with Bean Validation 1.1 and CDI 1.2 enabled.
9886Unresolved module com.ibm.ws.rest.handler.validator.jca
9904javax.servlet.ServletRequest.getParameterValues returns null in Jaxrs applications
10006service.ranking can be removed from com.ibm.ws.persistence defaultInstances.xml
10030H2 connection error causes server timeout
10144Add additional support for range attributes on Active Directory Ldap searches
10165Fault Tolerance messages not output
10178Resource leak when installing features through Gradle on Windows
10215CXF cannot process a gzip encoded SOAP response
10228 Rest Client for MicroProfile loses entity on POST requests with status code 202 response
Fix pack 19.0.0.12

Fix release date: 13 December 2019     
Last modified: 13 December 2019     
Status: Superseded     

👁 Image
Download Fix pack 19.0.0.12

ComponentSecurity APARAPARDescription
Liberty Administrative CenterPH18799WebSphere Liberty is vulnerable to a Cross-site scripting vulnerability in the Admin Center  (CVE-2019-4663)
 
Issue/PRDescription
8395Remove obsolete com.ibm.ws.webcontainer.channelwritetype from Liberty's metadata and web container properties
9228LDAP registry returns error code 21 when updating boolean values
9293Opentracing can cause jaxrs exceptions to not be logged
9386NullPointerException when using dynamic filter to add mapping for servlet name
9455HTTP/2 malformed requests should cause stream reset
9499FFDC when Exception thrown by user code proxied using ContextService
9545Test Failure: junit.framework.TestSuite.com.ibm.ws.cdi12.fat.tests.SessionDestroyTests
9596Relax criteria for calling out an FFDC when dealing with the Selector logic
9607NPE in the SIP Container when a Digest challenge does not contain the `algorithm` field
9625Unable to load LibertySSLSocketFactory during transaction recovery
9676Class transformers can fail if a class is loaded from the shared classes cache
9692Non english characters in logoutRedirectUrl of oauthProvider results in incorrect redirection
9825JNDI literals parsing too verbose
Fix pack 19.0.0.11
Fix release date: 15 November 2019     
Last modified: 15 November 2019     
Status: Superseded     

👁 Image
Download Fix pack 19.0.0.11
ComponentSecurity APARAPARDescription
GeneralPH11427Service call by service.Create() does not time out in 30 seconds
PH17678Man in the middle vulnerability in OpenSAML (CVE-2014-3603)
PH18113Add Apache HttpClient library
PH18282SCIM API fails to retrieve a group or user with a forward slash in the DN
JavaServer Pages (JSP)PH13983Information disclosure in WebSphere Application Server (CVE-2019-4441)
Liberty z/OSPH18715java.lang.StringIndexOutOfBoundsException exception in com.ibm.ws.zos.registration.internal.ProductManager.start
SecurityPH18751Exceptions when using keystore ID="defaultkeystore" after upgrading to fix pack 19.0.0.9 on z/OS
PH29291NullPointerException might be thrown during EJB invocation on 19.0.0.9
Issue/PRDescription
4387Runnable JAR execution fails when WLP_USER_DIR env var is set to "other" location with CWWKE0005E
7701Pull in MyFaces 2.3.4
8152TAI negotiateValidateandEstablishTrust called twice during authentication.
81967234-TRACENPE COMMIT1
8404Confidential for Security Integrity fix CVE-2014-3603
8860jwkRetriever should not require an sslSocketFactory if using http
8899federatedRegistry-1.0 group membership may use a repository that does not participate in the realm
9085ServletCacheEngine ignore cache for App using default context root
9122Remove additional ; in WebApp.java
9129Update Commons BeanUtils to 1.9.4
9130Header Key retrieval fix for case sensitivity
9132correct certain JSP messages
9143NullPointerException might be thrown when the security audit is enabled for ejb.
9380IllegalStateException in JMX Connector RESTHandler from call to getWriter
9416Add Apache HttpClient v3.1 library
9436RACF SDBM LDAP registries may encounter OperationNotSupportedException
9437Test Failure (20180702-1422): com.ibm.ws.jdbc.fat.v41.JDBC41Test.testTransactionTimeoutAbort
9441Auto-features which depend on kernel features do not get installed
9451Fix Intermittent NullPointerException on TCP trace during shutdown
9472H2 Intermittent NPE in HttpOutputStreamImpl.flushHeaders()
Fix pack 19.0.0.10

Fix release date: 18 October 2019     
Last modified: 18 October 2019     
Status: Superseded     

👁 Image
Download Fix pack 19.0.0.10

ComponentSecurity APARAPARDescription
Contexts and Dependency Injection (CDI)PH05014Null CDI Bean results in a NullPointerException thrown in Apache WebBeans code
GeneralPH16611Multiple vulnerabilities in HTTP/2 implementation used by WebSphere Application Server Liberty
Intelligent Management ComponentPH16337Liberty OIDC is not working with dynamic routing plug-in
Liberty z/OSPH14100Out of storage condition caused by a leak in LSCL causing rc12 Reason Code 24 from BBOA1CNG
PH16940Liberty servers abend with an ABENDSEC3 RSN=20000800 when a Liberty server is shutdown using force or similar
SecurityPH15518Multiple vulnerabilities in WebSphere Application Server Liberty (CVE-2019-4304, CVE-2019-4305)
WebSphere Compute GridPH13367Job Partitions reported failing due to a deadlock on Java Batch Job Repository tables
WMQ messaging providersPH13286Provide mechanism to disable 1PC optimization
Issue/PRDescription
7767Expose JSF MyFaces Implementation classes as third-party
7849The JWK retriever does not remove stale JWK from cache
8532Deadlock issue when using persistence batch framework
8597Federation of a custom UserRegistry (CUR) results in different behavior than when stand-alone
8612export jsf-2.3 impl classes as third-party
8614export jsf-2.2 impl classes as third-party
8736Case TS001514963: requestTiming does not show all SQL queries
8808OIDC RP does notHTTP Auth header as containing a valid OIDC id_token
8840CWIML0514W occurs using uppercase group DN on getGroups
8863Failure to parse multiple comma separated links in an HTTP Link header on a Jaxrs Response object
8886GA Fault Tolerance - Metrics 2.0 integration
8903When JACC is enabled, annotated role mapping is not enforced properly.
8951OperationNotSupportedException: [LDAP: error code 53 - R000128 Filter is not supported (sdbm_search:1413)]
8979requestTiming-1.0 feature does not work in OpenLiberty
9021JSF File Descriptor leak in DefaultFaceletFactory
9033Erroneous CWWKL0058W warning when multiple JARs in library have META-INF/services
9069Web Admin Security Updates
9079Terminate misbehaving HTTP/2 connections
Fix pack 19.0.0.9

Fix release date: 20 September 2019     
Last modified: 20 September 2019     
Status: Superseded     

👁 Image
Download Fix pack 19.0.0.9

ComponentSecurity APARAPARDescription
Liberty Debug and TracingPH15280Leak of RACF ACEE control blocks in Liberty server
Liberty KernelPH17088 Apache Commons Compress denial of service vulnerability (CVE-2019-12402)
PH17796ConfigHash value in plugin-config.xml causing parsing issues
Liberty z/OSPH15877Angel stops without detecting active Liberty servers
SecurityPH15505Collectives keystore mismatch
WebSphere Compute GridPH10566Issues with remote partition restart if server crashes
 
Issue/PRDescription
7600social login linkedin flow is broken and needs updating
8169ProfileManager.getImpl call ignores realm allowOpIfRepoDown setting
8219Support direct HTTP/2
8473webAppSecurity overrideHttpAuthMethod set to BASIC or FORM does not function
8546HTTP/2 trailer improvements
8561CWIML4564I informational message lists wrong LDAP server.
8647java.lang.IllegalStateException when running Liberty wlp-webProfile7 19.0.0.8
8761Java Batch: Remote JVM partitions not restartable after executor shutdown
8793Custom fields not logging when using LogRecordContext and field names contain underscores
Fix pack 19.0.0.8

Fix release date: 23 August 2019     
Last modified: 23 August 2019     
Status: Superseded     

👁 Image
Download Fix pack 19.0.0.8

ComponentSecurity APARAPARDescription
Database Access, Connection Management, Merant/DataDirect driversPH15281Postgres SQL Large Object API blocked
Liberty z/OSPH13341The --clean action is ignored when WLP_ZOS_JOBNAME is set
SecurityPH15089A login might be required for unprotected resources when none of TAIs processed a request
Sessions and Session ManagementPH13932"Using collection QEJBASSN for session persistence." is always output with startup of Liberty servers
Virtual Member Manager (VMM)PH14786Using non ASCII characters (ex. Chinese) in an SCIM filter fails
Web ContainerPH14619ServletContext.getRealPath() should not return null for nonexistent files
Issue/PRDescription
5035Update ServletContext.getRealPath() behavior
7521Call Class.forName() within doPrivileged block from WASURLObjectFactoryFinder
8085HttpServletMapping.getPattern is not correct for /* mapping
8128Clean up URIMatcher40 and ServletWrapper
8141Adding mpConfig-1.3 feature while the server is running does not install the configuration feature properly
8250OIDC discovery endpoint does not emit the revocation endpoint
8252Eclipselink: Fix bug 547173
8274WSOC: fix a read during close timing window.
8277login process is carried out for unprotected resources even TAI does not intercepts a request
8304Loose application with MP Health not picking up changes after recompile - GM 19.0.0.7
8307Error on edit for OAuth client with no secret
8339openidconnect emits httpclient spurious log warnings for certain cookies
8346Liberty 19.0.0.7 Blocks *all* Large Object API functions for Postgres
8401Add doPrivileged block in WASInitialContextFactoryBuilder for class look up
8449content-length header should not be required for HTTP/2 requests
8458Channel framework chains not closing down before timeout
84608458 - Loop until cfw chain is closed
8474PushBuilder should ignore headers with null values
8482URBridgeEntity uses NLS message key, REQUIRED_IDENTIFIERS_MISSING, which is not defined
Fix pack 19.0.0.7

Fix release date: 25 July 2019     
Last modified: 25 July 2019     
Status: Superseded     

👁 Image
Download Fix pack 19.0.0.7

ComponentSecurity APARAPARDescription
Liberty Administrative CenterPH13994Clickjacking vulnerability in Liberty Admin Center (CVE-2019-4285)
SecurityPH13970After updating to 19.0.0.4, SESN0008E errors started occurring
Systems Management FunctionsPH13649Invalid command line optional parameter (--hostName) with "collective help addReplica"
Virtual Member Manager (VMM)PH13757SCIM 1.0 returns HTTP 404 return code for user search
Issue/PRDescription
5337NullPointerException in BridgeUtils seperateIDAndRealm(...)
6158Pull in MyFaces 2.3.3 once it is released
7539Federated Repositories LoginBridge does not handle output property mappings that are multi-valued
7552JPAContainer incorrectly sets App Classloader as the CCL
7612Scrub error response for unwanted characters
7670IllegalArgumentException in MP Metrics from timing issue
7854WSLogManager static fields not properly initialized in jdk7
7871Fix NPE in WebAppSecurityCollaboratorImpl when invoking web resource using custom HTTP method
7888socialLogin needs to produce choice menu with one provider and localAuth enabled
7920WASReqURL cookie path is not set when the context root of an application is set to root
7984When Auditing function is enabled, it is potential that SRVE0777E error is logged
7986Memory leak when stopping applications
8034NullPointerException in UniqueNameHelper.getValidDN
8096After updating to 19.0.0.4, SESN0008E errors started occurring
Fix pack 19.0.0.6

Fix release date: 28 June 2019     
Last modified: 28 June 2019     
Status: Superseded     

👁 Image
Download Fix pack 19.0.0.6

ComponentSecurity APARAPARDescription
Channel FrameworkPH13269Delay ALPN init until required and free ALPN resources on connection errors to prevent OutOfMemory
Liberty Debug and TracingPH11759Performance drops when writing a large amount of log entries to Liberty console log
Liberty z/OSPH12644Keys are not stored in ICSF with triple-length PCICC format
SecurityPH07530A NullPointerException is thrown during SAFKeyRingNotificationMbeanImpl initialization
Web Services SecurityPH11031OAuth runtime emits error when adding EXTENDEDFIELDS column many times
Issue/PRDescription
6317JAX-RS request context modified after client request
7207EclipseLink: Deliver Bug #421056
7433Avoid inferring caller in LogRecord.getSourceClassName and getSourceMethodName when processing System.out calls
7440Investigate possible difference in values between Prometheus and JSON format metrics
7632EclipseLink: Deliver Bug #421056 pt2
7634Session time based write option not honor small time interval
7695java.sql.Connection's network timeout not getting set to the correct value
7831Timing issue between deleted configuration and configuration store
Fix pack 19.0.0.5

Fix release date: 31 May 2019     
Last modified: 31 May 2019     
Status: Superseded     

👁 Image
Download Fix pack 19.0.0.5

ComponentSecurity APARAPARDescription
GeneralPH11801Liberty 19.0.0.3 cannot start Java health center starting with IBM JDK 8.0.5.31
SecurityPH08972Liberty on z/OS message CWWKS2934E issued during initialization is confusing when it does not reflect final status
Systems Management FunctionsPH11844Joining a member to a back level controller fails when the collective uses a collective-wide ssh key
Issue/PRDescription
6095Ability to extend the size of the log buffer beyond 8k on WebSphere Application Server Liberty Profile
6391Building .tar.gz server package fails on Windows
7307redirectcontextroot=true and redirected secure page causes null
7332remoteIp "proxies" Default Regex Adjustment
7407Better handle private headers during message deserialization
7434NullPointerException in MethodAttribUtils.getXMLCMCLockAccessTimeout
7441NullPointerException in AppDefinedResourceFactory
7448NPE in LTPAConfigurationImpl.loadConfig
Fix pack 19.0.0.4

Fix release date: 3 May 2019     
Last modified: 3 May 2019     
Status: superseded     

👁 Image
Download Fix pack 19.0.0.4

ComponentSecurity APARAPARDescription
Liberty z/OS PH10537SMF 120 subtype 11 and 12 records should report the value of cvtzcbp
 PH10538The RCVTID is not available to Java applications deployed in Liberty
Messaging ProvidersPH06340Potential denial of service vulnerability in WebSphere Application Server (CVE-2019-4046)
Security PI91146Liberty runs unnecessary authentication logic when TAI is configured
 
Issue/PRDescription
1338invokeForUnprotectedURI triggers unnecessary authentication
5376LdapConnection getAttributesByUniqueName() throws EntityNotFoundException for existing user
6756Initial requests with custom method (including PATCH) fail with HTTP/2
6982JAX-RS 2.1 Performance
6987Redirect Scheme and Port Mismatch
7044Externalize ThrowIOEForInboundConnections httpOptions
7052mpFT 2.0: Circuit Breaker metrics updated incorrectly when non-failure exception thrown
7071Outbound SSL Connection IOException
7080FT 2.0: Circuit breaker does not correctly restrict executions when in half-open state
7083Using Automatic WorkQueue for Async JAX-RS responses
7102Improve BNF Header Storage
7171inherited templated transient views raising "unable to create views" exceptions
7184Test Failure: EEConcurrencySpecTest.testListenerInvokeAnyWithTimeout Future.get interrupted during taskDone with CWWKC1120E
7211getManagedConnection: illegal state exception. State = STATE_INACTIVE after abort due to transaction timeout
7260Problems with resolution of environment variables
Fix pack 19.0.0.3

Fix release date: 5 April 2019     
Last modified: 5 April 2019     
Status: Superseded     

👁 Image
Download Fix pack 19.0.0.3

ComponentSecurity APARAPARDescription
Contexts and Dependency Injection (CDI)PH09834java.lang.VerifyError on OpenWebBeans with Java 8 update 11 and 7 update 65
EJB ContainerPH08828OutOfMemory in InjectionEngine cache
GeneralPH09657Usage Metering discards metrics on HTTP 500 response from metering service
PH12825TransactionScoped observers do not fire
Java Message Service (JMS)PH07036Potential Spoofing vulnerability in WebSphere Application Server (CVE-2018-1902)
Liberty Administrative CenterPH06250Accessability section 508 compliance for admin center
Liberty z/OSPH09140Liberty server request failures after the angel process is canceled
Web ContainerPH08872The servletRequeset.getContextPath() might return a different context path when using with OIDC client application.
Web Services (JAX-WS, JAX-RS)PH09634The policy-attachments-server.xml file under WEB-INF is not processed
Web Services SecurityPH09651OpenID Connect client authzParameter and tokenParameter values not updated when dynamically removed from server configuration
Issue/PRDescription
4300DefaultExtensionProcessor file.not.found message does not contain default message that takes a parameter
6019ApplicationManager startTimeout blocks startup when app is missing
6129Fix Java 2 Security issues with JSPs
6246Apply "useAuthenticationDataForUnprotectedResource" to jwtSso cookie
6255jsonp-1.1 API dependencies incorrect
6295ClassCastException when using binaryLog with --monitor
6317JAX-RS request context modified after client request
6360Filter out embedded server dependencies for Spring Boot 2.1.x
6407Test Failure (20190101-0221): com.ibm.ws.kernel.boot.ServerStartAsServiceTest.testWinServiceLifeCycle
6521Generic types are lost in MP Rest Client and JAX-RS clients due to bug in JsonBProvider
6527Stack overflow scheduling new ManagedScheduledExecutor task from task
6573Application exceptions should not be wrapped in EJBException
6628Command line variables are not working on windows
6641ClassNotFoundException thrown during sessionPostInvoke
6659ServletRequest.getContextPath() might return wrong value when OIDC app is in used
6668Externalize maxOpenConnections tcpOptions
6725Using slash slash comment in JSP expression spanning lines can get JSP error
6727JSP slash slash comment fix
6761Custom JAX-RS ParamConverter does not work for collection and array types
6768Using slash slash comment in JSP expression spanning lines can get JSP error, Java7 compatible
6790Loading classes from multi-release jars does not work
6812HTTP request header "If-Modified-Since" parsing fails with IllegalArgumentException if default Locale is not US
6822Automatic EJB Timer creation skipped if database tables do not exist
6868WebContainer: make code more service deactivate aware
6951ClassNotFoundException during JSF initialization
6953Tolerate missing ps
Fix pack 19.0.0.2

Fix release date: 8 March 2019     
Last modified: 8 March 2019     
Status: Superseded     

👁 Image
Download Fix pack 19.0.0.2

ComponentSecurity APARAPARDescription
GeneralPH07896Liberty server start hangs on "CWWKZ0018I: Starting application" when thread pool max size is set
Liberty z/OSPH08209Add support for CICS 5.5 for WebSphere Optimized Local Adapters
PH08497Message ICH408I is not generated when user lacks access to profile prefix in appl class
PH08753Ship assembler DSECT that maps SMF 120 subtype 11 z/OS connect user data
SecurityPH08030Changes needed in the SAFAuthorizationService API
Virtual Member Manager (VMM)PH08428NullPointerException is thrown when creating a SCIM user with missing name
Web Services SecurityPH06141Multipart/related SOAP part Content-Type issue
PH08466OAuth introspect endpoint does not return correct issuer if OpenID Connect provider configures issuerIdentifier
PH09706Liberty OIDC message numbers CWWKS1754 through CWWKS1759 are duplicated
Issue/PRDescription
4975Destroy of aborted connections and removal from the pool
5094Fix NPE in servlet cleanup for WebSocket request
5833The federatedRepositry-->primaryRealm-->defaultParents element should support multiple occurences in the server.xml
6017Auto plugin generation is inconsistent with OSGI applications
6183Incomplete SRVE0279E message
6273JAX-RS clearing RuntimeContext for server side message when resource invokes a client
6287Add default value to the remoteIp "proxies" attribute in the metatype.xml of the HTTP Channel
6298Update WebContainer.getCacheManager() to avoid NullPointerException
6323Invalid archive files no longer prevent apps from starting
6348Fix 500 error when servletPath is NULL
6371Handle exception on call to connection.abort
6381WLP 18.0.0.4 fails to rotate trace log on Windows
6408Fix for connection wait timeout message not being translated.
6427Connection wait time does not dynamically change to 0
6452showPoolContents waiting connection requests value is incorrect
6490Test Failure (20190203-0423): PolicyExecutorTest.testConcurrentUpdateMaxWaitForEnqueue
6518Redundant log file in workarea after sever start with errror: java.lang.IllegalArgumentException: The property 'osgi.configuration.area' ... is being overriden ...
6524SSL Channel throws NullPointerException during stress
Fix pack 19.0.0.1

Fix release date: 8 February 2019     
Last modified: 8 February 2019     
Status: Superseded     

👁 Image
Download Fix pack 19.0.0.1

ComponentSecurity APARAPARDescription
GeneralPH02684Add an openIDConnectClient configuration option to allow token reuse
PH07247Unnecessary HttpHostConnectException FFDC logged for usage metering
JavaServer MyFaces (JSF) Apache MyFaces implementationPH06135JSF 2.0 throws a NullPointerException during server shutdown
PH06389JSF can leak JarFiles causing problems with application removal
Liberty z/OSPH05262Calling request.login() from a servlet does not sync the ID to the thread
PH07190It is difficult to debug problems when the Liberty server connects to a earlier angel process
PH07213Ship assembler dsects for smf120 subtype 11 and subtype 12 records
PH07486Liberty generic MODIFY HELP output is too verbose
Web ContainerPI80786Http 500 is returned from a request with too many parent directories (forward slashes) in the url
PH05787ConcurrentModificationException
Web Services SecurityPH07297Denial of Service vulnerability in Guava (CVE-2018-10237)
Issue/PR
Description
3553Set 400 status code for invalid URI
3645User ID is not synced to the thread during HttpServletRequest.login()
4809Remove internal designation/updates for servletPathForDefaultMapping/make servlet-4.0 default / tests
50773645 sync user during login
5341Modify default ldapRegistry-3.0 read timeout to be 1 minute
5772AppClassLoader does not correctly handle null response from ClassFileTransformers
5785CWWKS9582E: The [defaultSSLConfig] sslRef attributes required by the orb element with the defaultOrb ID have not been resolved within 10 seconds.
5798H2: Separate Continuation Frame Checking Between Read And Write
5862ConcurrentModificationException happens when a web application receives a large number of requests immediately after it starts.
5963DataSourceDefinition, ConnectionFactoryDefinition, and AdministeredObject properties should not be path normalized
5970trackLoggedOutSSOCookies setting causing multiple login failure
5976ConcurrentModificationException from ReferenceContext starting web application
59835785-orbssltimeout2-commit1
5992JarFiles never released by JSF
6020Fix Open Liberty Windows Service name in server.bat
6036PollingDynamicConfig tasks can be leaked
6042Hot update broken in 18.0.0.4
6058Invalid connection pool Prometheus metric format (monitor, mpMetrics)
6073OL 18.0.0.4 server package does not package loose application as war
6113Pull MYFACES-4251 to JSF 2.3
6123Trace Specification logging level "off" does not work
6152NamingException masked when listing entries in a JNDI context
Fix pack 18.0.0.4

Fix release date: 14 December 2018     
Last modified: 14 December 2018     
Status: Superseded     

👁 Image
Download Fix pack 18.0.0.4

ComponentSecurity APARAPARDescription
DynaCachePH02049Cross-site scripting vulnerability in cache monitor (CVE-2018-1767)
GeneralPH02212Application with CDI 1.2 in Liberty 18.0.0.2 fail to start
PH02361WebSphere Liberty OIDC client implementation is proxy-unaware
PH02742NPE when doing direct forward operation
PH02750java.lang.classCastException occurs in OidcClientImpl.logout
PH03409Seemingly erratic thread pool growth during low or no-load situations after upgrading to 18.0.0.1
PH04652WebSphere Application Server Liberty for z/OS provides no metrics for usageMetering-1.0
PH04653Updated CPU limit (--cpus) not recognized by usage metering feature
PH05071JVM hang when calling GarbageCollectorMXBean.getLastGcInfo for usageMetering-1.0
PH06256CWWKS1739E: A signing key required by signature algorithm [RS256] was not available when upgrading to 18.0.0.3
PI97786eclipselink throws "argument type mismatch" for jpql case expression
PI99263ServletContext.getRealPath() returns null for resource in extended document root
Install V8 and abovePH03040Fixpack 18.0.0.3 cannot be installed on IBM i
PH04137Updating WebSphere Liberty for z/OS to fix pack 18.0.0.3 fails with NullPointerException
JavaServer Pages (JSP)PH02063Potential security bypass in WebSphere Application Server with Expression Language library (CVE-2014-7810)
Liberty z/OSPH02955Unable to use SAF Keyring for collective SSH communication
PH03549When the zosWlm-1.0 feature is enabled. the health indicator of the server is only ever set to 2 percent
PH03768EntryNotFoundException SAFGRP is not a valid group
PH04243EC3 abend reason code 20F00600 occurs after a 422 abend
PH04282Error authenticating when Liberty server tries to connect to a back-level angel process
PH05100OutOfMemory failure in Liberty under CICS when connected to an angel process
Messaging ProvidersPH00027After migrating to WebSphere Application Server V9, the CWSID0046E error is seen in the logs
Systems Management FunctionsPH03232Incorrect server state reported in a multicontroller collective
Virtual Member Manager (VMM)PH02811Privilege escalation vulnerability in WebSphere Application Server (CVE-2018-1901)
PH04136Attempt to create user in SCIM returns 500 HTTP status code with DefaultParentNotFoundException message
PH04147Attempt to update user ID in SCIM returns 500 HTTP status code with IllegalArgumentException message
Web Services (JAX-WS, JAX-RS)PH02234Issue when processing the caller token for UsernameToken
PH03014A property is set in the RequestContext but the interceptor does not read this property resulting in a NullPointerException
Web Services SecurityPH03004CWWKS1721E: The resource server received an error it was attempting to validate the access token z/OS Connect EE
PH05414OpenIdConnect client subject might not contain Id Token
WebSphere Compute GridPI87244Firewall prevents the Liberty Java batch tool from displaying job logs
Issue/PR
Description
1438JAAS login module shared library is missing protection domain
2663PH00738 Session scoped beans are not updated in the database when liberty is configured to only persist updated session attributes
3113ArrayIndexOutOfBounds in LdapConfigManager.setFilters()
3919Future does not return immediately when timeout fires when using timeout with Async
4132full tmp dir prevents server from reading server.env during startup
4135Pull in MyFaces 2.3.2 once released
4202Migration of JMS delivery delay.
4332Need to fix first line of output from Liberty JSON log format to actually be JSON
4535LogRecordContext API is missing from /wlp/dev/api/ibm jars
4760Expose a couple of packages to the thread-context in jsf-2.3
4792Fix BundleContext is no longer valid error on server shutdown
4853Provision compatible javax.annotations API for SpringBoot applications
4873Allow CXF-specific client properties for the JAX-RS 2.X Client APIs
4898H2: fix some HTTP/2 code and test issues uncovered by further parallel stream stress testing
4912Fix missing doPriv in unwrap
4913JSR375: When JASPIC is enabled, a login panel pops up even EVERYONE role is assigned
4955Externalize multiple httpOptions
4960Faces servlet mappings defined in web-fragment.xml do not work - jsf-2.2
5045Add a recursion counter for messagehandlers into BaseTraceService
5076NullPointerException in ClassLoadingServiceImpl
5088SpringBoot applications fail to start when a non jar file is in the library directory
5094

Fix NPE in servlet service which may happen when WebSocket is used

5114Test Failure (Liberty - Mac EBC - 20180915-0112): PolicyExecutorTest.testStartTimeout
5126HTTP/2 engine must tolerate priority frames received in any state and better handle flow control problems
5149update openidconnect client way of sending credentials to userinfo endpoint
5154Flush queued actions when an app is removed
5164/metrics output got truncated on Japanese locale
5244MYFACES-4252 Classpath._searchDir can throw NullPointerException
5277Fix Java 2 Security access issue in kernel DefaultFileStreamFactory
5293Deadlock in ZipFileArtifactNotifierImpl
5339H2: Fix race condition in multi-stream writing logic
5345Improve our serviceability around page search and chasing referrals for Ldap
5363MP Rest Client does not honor MP Config-specified providers
5383Occasional HTTP/2 MessageSentException: Message already sent
5395SSL config not used by RestClient
5425JAX-RS Client does not pool HTTPS connections
5428Fix bug in server package server-root command
5441JMSContextInjectionBean uses deprecated CDI method
5453Microprofile appProperties element not showing up in schema
5465Pull MYFACES-4260 to both jsf-2.2 and jsf-2.3 features
5483release bug: implement PH02361 in development stream
5498When using advanced connection manager property numConnectionsPerThreadLocal and connection fail during cleanup, the connection managers connection pool may fail to remove failing connections resulting in no connections being available.
5510Deliver fix for CVE-2014-7810
5557OpenId Connect clients might exhibit a thread leak
5560MessageSentException intermittently during flushBuffers
5585EJB timer ScheduleExpression serialization incompatibility
5590Failed to createMinimumEscapeHandler for unknown jaxb class
5637Expose jsf 2.3 org.apache.myfaces.push.cdi to thread context class loader
5647Fix --include default to have /usr for server and shared folder
5779Too many threads during low-load operation
6002CWWKS1739E error may occur when using OpenID Connect in 18.0.0.3
Fix pack 18.0.0.3

Fix release date: 21 September 2018     
Last modified: 21 September 2018     
Status: Superseded     

👁 Image
Download Fix pack 18.0.0.3

ComponentSecurity APARAPARDescription
GeneralPH00304The maximum connections setting of a data source's connection pool is not  always honored
PH01447Improvement to SSL Closing Handshake
PH01499APAR for OLGH4402
PH01610Application fails to start due to JAXBEXCEPTION after upgrading to 18.0.0.2
PI99176Information disclosure in WebSphere Application Server Liberty (CVE-2018-1683)
PI99600AccessControlException thrown when connecting to Health Center with Java 2 Security enabled
PI99672Remove the first_rows hint from Oracle V10+ pagination queries
Intelligent Management ComponentPH00735Null Pointer Exception when HTTP or HTTPS ports blank in server.xml
Java Persistence API (JPA)PH01681Then and else expressions should be case result instead of case operand type
Liberty z/OSPH01179Duplicate entries of the BBGZSCFM module are listed in the output of IPCS LPAMAP
PI96910ICH error messages are not issued during Liberty startup when checking for access to BBG.SECPFX.* and APPLl profiles
PI97659Display memlimit value and source as well as region information in Liberty log at startup
PI98758Setting enablefailover to false for the safregistry can produce misleading messages if authorized services are not available
PI99411The Liberty message log DD is not configurable
Security
PH01295Information disclosure in WebSphere Application Server Liberty (CVE-2018-1755)
PI97676Message CWWKS1100A may be misleading
PI99285User login fails when configuring zOS mapDistributedIdentities
Systems Management FunctionsPH00435Collective controller logs NoSuchElementException from LivenessMontiorV2
PH00566Member should fail over after continuous 2 minutes sendHeartBeat failure
PH00730The unnecessary information should not be generated in repository dump file
PH00926Collective repository dump should include non-sensitive host and jmx auth information to help diagnose issues
Virtual Member Manager (VMM)PH00881SCIM does not return paged results for requests that do not include the 'count' parameter
PH01668SCIM incorrectly returns 500 on MaxSearchResultsExceeded
PH01863SCIM updates to users can result in attributes being marked for deletion that were not designated for deletion by the request
PI99257Requests to SCIM to retrieve a resource by ID that do not include an ID result in an 500 HTTP status code
PI99317Request to SCIM "groups/{ID}" endpoint specifying "members" attribute does not return the group members
Web ContainerPH00448A CWWKE0702E message is printed when the webCache-1.0 feature is enabled
Web Services (JAX-WS, JAX-RS)
PH00401Potential man-in-the-middle attack in WebSphere Application Server Liberty for JAXWS(CVE-2018-8039)
PH01221Potential man-in-the-middle attack in WebSphere Application Server for JAXRS (CVE-2018-8039)
Web Services SecurityPH12959
OAuth provider does not update settings in the consent cache
PH03418Code execution vulnerability with OpenID connect in WebSphere Application Server Liberty (CVE-2018-1851)
PI95405Liberty may not find key in JWK by x5t
WebSphere Compute GridPH02256File access exceptions when running a Java Batch application with syncToOSThread enabled
Issue/PR
Description
2489Global error when there are no registries available (Ldap,etc) for VMMService
2659Capture security context from Java Batch thread when syncToOSThread is enabled
3422Check for override of default configuration and ignore
3489MP Rest Client does not use Liberty SSL config when making outbound requests
3522Update Xalan library
3853basicRegistry-1.0's 'ignoreCaseForAuthentication' attribute does not apply to getUsers(...) method
3952Add global error when user registry is not found
4002Incorrect CWWKZ0022W messages printed with VirtualHost Usage
4016Quiesce should not be blocked by application start
4028Liberty 18.0.0.1 startup issues with Arabic locale
4040Make RC consistent for starting liberty as a Windows Service
4044Server failure before framework startup can leave JVM running
4158Need to squelch "Could not obtain lock" errors appropriately
4186Need to improve config dropins processing
4203In 18.0.0.2 an IllegalArgumentException can occur when "maxParamPerRequest="-1"
4211Java 2 security issue in org.apache.cxf.transport.https.HttpsURLConnectionFactory
4244Add global error when user registry is not found
4272When a thread is interrupted waiting for a connection from the connection manager, maximum connections will be decremented.
4275NPE in JAXRS client when OpenTracing is included
4310Spring boot application deployment in Liberty throwing Class cast exception
4341PageControl's 'startIndex' is not honored when 'size' is greater than results
4345Add doPrivileged code for InetAddress related activity in messaging
4346Add doPrivileged code for InetAddress related activity in IIOP
4368ConcurrentModificationException when a JAXRS API has multiple consume and/or produce MediaTypes
4392Fix server hang issue when bootstrap.properties variable is incorrectly specified
4402Format problem with logs when traceFilename=stdout and traceFormat=ENHANCED / BASIC
4462NonPersistent EJB timer dying if timeout throws exception on last retry
4465RejectedExecutionException: Trigger.getNextRunTime: null creating EJB timer
4505SSL Closing handshake improvement
4521Install kernel does not throw exception if already installed features are specified again with a different capitalization
4530Install kernel map installs features without wlp/bin and wlp/dev contents
4531ManagedScheduledExecutor tries to run tasks during server shutdown
4550Injection race condition in JAX-RS during startup
4609Maven features should provide transitive dependencies for stable API, third-party API
4619PersonAccount's and Group's get(String), isSet(String), and unset(String) methods may throw NullPointerExceptions
4666Correct getServletPath for default mapping
4712release bug: mpjwt JsonWebToken.getAudience() return type noncompliant with spec when no audiences present.
4717Update Yoko to favour CSI endpoints
Fix pack 18.0.0.2

Fix release date: 29 June 2018     
Last modified: 29 June 2018     
Status: Superseded     

👁 Image
Download Fix pack 18.0.0.2

ComponentSecurity APARAPARDescription
Contexts and Dependency Injection (CDI)WELD-2447 ClientProxy serialization support should be container agnostic
WELD-2466 null pointer exception in webservice calls
DynaCacheNullPointerException occurs using a MetaDataGenerator
EJB ContainerMessageEndpoints are notProperly released
GeneralStabilizeProduct Insights Enablement
Update bluemixUtility command for data sovereignty regulations
Access log "maxfiles" attribute not working as intended with value of 0
APAR for OLGH2631
Garbage collection events not captured by logstashCollector-1.0 for IBM Java 8 SR 5 FP 6 and above
Intelligent Management ComponentCWWKS2910 error when using dynamic routing in Liberty on z/OS with SAF security
Java Persistence API (JPA)JPQL with trim is not handledProperly and it results in DatabaseException
EclipseLink throws ORA-00932 for CLOB fields in an ElementCollection
EclipseLink JPQL generation for nested arrays with 'in' expression
EclipseLink InsertObjectQuery concurrency failure
db representation of boolean values withPostgres is incorrect
PI97483Eclipselink re-sorts insert and removes statements within a transaction
Eclipselink throws "argument type mismatch" for JPQL case expression
JavaServer MyFaces (JSF) Apache MyFaces implementationClassloader issues in JSFExtensionFactory can cause NPE
Update of composite component within ui:repeat does not work
Liberty Administrative CenterIf Liberty Admin Center was accessed via reverseProxy,the Liberty server made an unnecessary request back to theProxy server
Liberty z/OSWebSphere Liberty AngelProcess does not identify its version and fix pack level during start-up
Command line script to detect if commandPort is enabled, for use duringPause/resume request
SMF120-11 timeused and starttime is only set for a forwarded servlet
Specifying an angel name of "" for the server does not register server to default angelProcess
It is difficult to automate WebSphere Liberty from messages on the z/OS console
Liberty on z/OS memory leak in 64bitPrivate due to native DirectByteBuffer support
ABEND0C1 in ntv_getAngelVersion with WebSphere Liberty version 18.0.0.1
SecurityCWWKS4106E: LTPA configuration error in Liberty
suppressUncoveredHttpMethodWarning configuration does not work
Authfilter in Liberty not matching when multiplePaths are defined
There is an issue with the cache
Systems Management FunctionsDeploying docker container as liberty collective member failed with error "already appears to be a member."
Improve the error handling of a Collective join command using sshPrivateKey option
Virtual Member Manager (VMM)SCIM returns HTTP status code 500 whenPassed an invalid filter
Web ContainerSRVE0266E : Error occured while initializing servlets:java.util.ConcurrentModificationException
Web Services (JAX-WS, JAX-RS)Attachments behavior change in Liberty after migrating from tWAS
Web Services SecurityIntermittent NPE in SocialLogin feature when a running server is reconfigured
Client authentication JWTS require "sub" claim
Information disclosure in WebSphere Application Server Liberty (CVE-2018-1553)
WebSphere Compute GridLiberty z/OS CWWKY0035I: An exception occurred while trying toPersist job java.lang.IllegalStateException: no match found
Liberty on z/OS: Batch JMS dispatcher change to lazy access of connection factory
JobPurge request deletes the batch db records even when the executor JVM is stopped
After batch events config change,atchManagerZos hangs waiting for job completion; batch job log events notPublished correctly
The dispatch (JMS) message for a stopped job can, if later consumed, cause a later restart execution of that job to fail.
Repeated delivery of Batch job dispatch JMS message resulting in ClassCastException each time
Issue/PR
Description
LDAP registry with global class mapping in groupMemberIdMap adds "objectclass=*" to Group searches
On restart of a Java Batch job, deserialization fails when checkpoint objects contain array type fields
JSP engine unable to find tag files within loose JAR file
Send and receive Strings in SIB messages using strict UTF8
In 18.0.0.1, the minify option is not making the runnable JAR package any smaller
Access Log "maxFiles" attribute not working as intended with value of 0
Kernel Service MBeans not properly exposed
Federated repositories does not restrict the names of extended properties
Package `com.ibm.websphere.kernel.server` is not exposed as IBM-API
Default app classloader ProtectionDomain set by common libraries
AsyncIO native direct ByteBuffer leak
Avoid full deserialization within ObjectMessage.toString()
NullPointerException from EJSContainer.postInvoke() method
Close streams for repositories represented by a single JSON file
Add mapping of all JSP files in web module into the generated_web.xml
Test Failure (20180420-0319): LoadTest.testCommitAndRollback RuntimePermission denied for WSJdbcTracer invoking newProxyInstance
ldapRegistry-3.0 does not configure a read timeout for JNDI connections
PI96086 - Nested EJB Async method calls not honoring nested get(timeout, unit) timeouts
suppressUncoveredHttpMethodWarning does not work
Redeploying WABs leads to OutOfMemoryError
JAXRSClientImpl.target(UriBuilder) fails with IllegalArgumentException when client built with input containing a template variable
Batch runtime should only transition to InstanceState.JMS_CONSUMED from JMS_QUEUED state.
java.sql.SQLFeatureNotSupportedException: Method org.postgresql.jdbc.PgPreparedStatement.getLargeUpdateCount is not yet implemented.
Failure to load JPA PersistenceServiceUnit used by Batch feature using V2 version of JobInstance entity.
Connection leak if failure occurs while managed connection is being constructed
Update EclipseLink binaries from 2.6.6.WAS-3e5c71a to 2.6.6.WAS-0ab4033
Security exceptions thrown when trying to use IIOP with Java 2 security
JAX-RS Client APIs fail when attempting PATCH method over HTTPS on IBM JDK
Validate paths within WAR files
Fix pack 18.0.0.1

Fix release date: 16 March 2018     
Last modified: 16 March 2018     
Status: Superseded     

👁 Image
Download Fix pack 18.0.0.1

ComponentSecurity APARAPARDescription
GeneralProduct insights attempts to send usage after failed registration
Java Persistence API (JPA)Under certain conditions OpenJPA can insert an embeddable into the Datacache map
Wrong context Classloader in org.apache.openjpa.enhance.pc
JavaServer MyFaces (JSF) Apache MyFaces implementationHung thread issue in MyFaces _getMetaDataTarget
Fix bug MyFaces-4045 in IBM myfaces implementation
Liberty Administrative CenterSaving changes to member's configuration files via Admin Center's Server Config tool get applied to the controller instead
Liberty KernelFileupload causes NullPointerException on getHeader() call
Open Liberty rollup for 18.0.0.1
Liberty OSGi ApplicationSlow start of the web services and error during the startup of the services
Liberty System ManagementMemory leak in liberty swagger library during application stop/start
Liberty z/OSAdd an informational message to WebSphere Application Server Liberty on z/OS logs to indicate which angel process is used
SMF 120-11 UserData added from a filter does not show up in the final SMF record
WebSphere Application Server Liberty on z/OS WOLA CICS link server fixes for RTXSYS and RTX parameters
An intermittent performance degradation is observed with CICS v5.4 and Liberty 17.0.0.3 compared to Liberty 17.0.0.1
WebSphere Application Server Liberty on z/OS crash in CICS BBOATRUE during shutdown when embedded Liberty servers are at a mix of 16.0.0.3 and 17.0.0.3
SecurityEnable the function of enforcing URL hostname verification as an attribute on the ssl element of server.xml
Potential spoofing vulnerability in WebSphere Application Server (CVE-2017-1788)
GetUserPrincipal().getName() returns garbled user ID on 17.0.0.3
Message CWWKS3005E issued when a Federated repository is configured
SAF API doc missing from Javadoc package in Liberty
SessionsRemove SessionManager instance when application is stopped
Systems Management FunctionsA Liberty collective controller sometimes logs a NullPointerException
Liberty collective intelligent management features may fail to function correctly intermittently
Web Container
Security vulnerability in Apache Commons FileUpload used by WebSphere Application Server (CVE-2016-1000031)
Application class loader is not set correctly in a thread during an async operation
Web Services (JAX-WS, JAX-RS)
Potential denial of Service in WebSphere Application Server Liberty for JAXWS(CVE-2017-12624)
Policy attachments not working as expected
Web Services EngineHigh CPU usage on Liberty when using IBM JDK
Web Services SecurityLiberty always honors RelayState during IdP-initiated SAMLWeb SSO
CICS_REGION_BUT_API_DISALLOWED surfaces using OAuth-2.0 feature
exp' is earlier than the 'iat' in OIDC token
Some 404 and 500 errors in OAuth or OpenID Connect might expose configuration information
Issue/PRDescription
Add stop command to readme file
Informative error message for collision with reserved resource adapter ids
Challenge when using request.authenticate with BasicAuthenticationMechanismDefinition
LDAP paging failure recovery reuses cookie when switching failover servers
Improve CDI performance by not loading too many classes
Readd ability for hot replace for trace injection for IBM Java 8.0.0.6+
MyFaces-4045 JSF 2.2 flow reentrancy fix
RememberMe cookieName needs to support EL expressions
Corrections to AnnotationTargetsImpl_Targets.isInstanceOf
Fix Java 2 Security problems with Bean Validation 2.0 code
Pull in MyFaces-4177 to JSF 2.3
Fix for resetting autocommit for non transactional datasources
Grant Hibernate validator accessPrivateMembers permission by default
Channel.ssl FFDCs thrown during server shutdown
Description of runIfQueueFull should refer to relation with maxPolicy
Pull in MyFaces-4066 to JSF 2.3
Fix and test issue where a connection error occurs on a free connection
Fix JPA 2.2 Bindings Files
Bean Validation CDI extension fixes
Pull in MyFaces-4176 - Search expression fails to resolve component outside of form
PI91306: UriInfo.getMatchedResources() does not return resource class information
Update EL handling in database and LDAP identity stores
PI87504: JAXRS server response does not contain a servlet exception when an unmapped checkedException occurs
Release JACC policy context in post invoke
Try to remove an existing SAF map before adding one
Update Bean Validation 2.0 descriptions to mention providers used
Thread context propagation for managed completable future
In beans.xml, element causes ProcessAnnotatedType<> events to not fire
Cannot register a second (synchronized) handler with an already active logging source
ConcurrentModificationException when both Console and Message JSON handlers are configured
If the command port is disabled when issuing a pause or resume request from the server script, issue a message saying so
Fix Java 2 Security errors in LogUtils by ensuring getClassLoader calls are in doPriv
Improve synchronization mechanism between BaseTraceService and MessageLogHandler
Property com.ibm.ws.jaxrs.client.disableCNCheck not honored
Fix NPE that may occur when multiple CDI-injected servlets are specified in the web.xml for a JAXRS application with load-on-startup specified
Fix IOException not closing socket
Fix JSF _ComponentAttributesMap performance issue
Address CVE-2017-1000208 vulnerability in Swagger Parser for MicroProfile OpenApi
Improve performance when JAX-RS applications are updated
Web binding overrides are not properly recognized with autoExpand apps is enabled
Fix exception when parsing faces-config-extension element
Cannot use app-defined for Bean Validation
SQLServer JDBC driver not recognized when defining a dataSource on
Fix for JDBC getClass().getInterfaces() method calls
Fix NPE in EJBAsyncRuntimeImpl.modified when updating asynchronous config
Fix BundleException Cannot connect region 'system.bundle' to itself
ServerEndpointControlMbean returns true when isPaused is called with an empty target
Resource.getRequestPath returns incorrect path in JSF 2.3
JDBC pool manager must avoid caching values obtained from the managed connection factory
Fixed JASPIC error and exception messages
Fix Java 2 Security errors related to JAX-RS getServiceReferences() and getService() methods
Fix context class loader in servlet async dispatch or runnable
Make consoleLogLevel default to an env variable setting first
Fix NPE that could occur during MyFaces validation
AccessControlException from JAX-RS 2.0 when servlet filter is used
No longer WARN on 404 Not Found
Fix writing of single-file-repositories
PushBuilder.push error conditions updated
AccessControlException from the EL API when using JSF 2.3
Java 2 Security issues in batch-1.0 feature
WebSockets for non-secure BASIC_AUTH adhere to session invalidation
Avoid overwriting updates made to the session cache by another thread
Implement HttpServletResponse.getTrailerFields()
PI93226: ConcurrentModificationException during application startup
Fix Java 2 Security issue with package minify
Remove SessionManager instance when app is stopped
Update HttpServletResponse setTrailerFields error conditions
Ensure header names are non empty and accept empty header values
Retrieve all values on multi-valued LDAP properties
Return the correct HttpServletMapping during include, async and when using a named dispatcher
Fix org.apache.myfaces.flow.cdi.FlowScopeBeanHolder incompatible across versions
Handle null/empty contracts in JAX-RS Client.register(...) calls
Fix CWWKS4106E: LTPA CONFIGURATION ERROR IN LIBERTY when using PKCS11Impl provider 
Fix for garbled User Principal when binary data is retrieved from registry
Throw IllegalStateException in SseEventSink.send when SseEventSink is closed 
Fix batch runtime table version determination
Close JAX-RS sink on exception
Fix ConcurrentModificationException during app startup
Product information for replaced products should not be displayed
Issue warning message when it is determined security not present
Fix ConcurrentModificationException during app startup
Fix JSON output of JSON console (remove duplicate basic messages and abide by consoleloglevel)
Fix java.lang.NullPointerException in AccessLogger
Fix NPE that can occur with certain logging configurations
Fix pack 17.0.0.4
Fix release date: 21 December 2017     
Last modified: 21 December 2017     
Status: Superseded     

👁 Image
Download Fix pack 17.0.0.4
Component
Security APAR
APAR
Description
EJB Container
Vulnerability in Apache Commons affects EJB Embeddable Container and JPA Client (CVE-2015-7450)
GeneralSupport CPU constraints in ProductInsights
Non-daemon threads are created with remote EJB using the IIOP transport
Liberty appserver automatically decompresses the bodies of incoming http-soap messages
TCP Channel access lists not documented
OpenJPA orm.xml default schema used over 'openjpa.jdbc.Schema' property
Liberty Oauth 2.0 may encounter a SQL syntax error for the option "LIMIT" during cleanup
ArrayIndexOutOfBoundsException from OpenJPA for query on EmbeddedId
EclipseLink does not recognize Java 9 platform
Cannot decode IOR due to ClassCastException
Liberty OpenID Connect Relying Party does not handle large id_tokens in implicit logins
Eclipselink generates sequence IDs incorrectly for @EmbeddedId classes that are shared across multiple entities
Correct mapper is not chosen due to the order and when mapper classes are represented by proxy object due to injection
Null pointer exception when TAI returns NULL TAIResult
OutOfMemory issues from webcontainer component WebComponentMetaDataImpl
Application reload when a JSP file under WEB-INF is updated
The groupProperties membershipAttribute does not work when filters exist
CWPMI0010W was found in the messages.log
Performance degredation when federating SAF registry
Help tet for the BatchManager listJobs command is unclear
FFDC java.lang.IllegalStateException: Module has been uninstalled. occurs when dynamically configuring Liberty
Incorrect value of FreeConnectionCount
Product Insights throws NullPointerException
Certain early startup and product script messages are not properly translated into non-English languages
OutOfMemoryError in ArrayList containing objects of type com.ibm.ws.logging.internal.impl.IntrospectionLevelMember
30 second delays for remote EJB when running as a collective member
BluemixUtility fails to create/delete instances of Watson Discovery service
CWWKB015E IWMEJOIN return code 2,135 during servlet read listener
ProductInsights errors after resuming from 'sleep' state
Java Persistence API (JPA)Issue with the way OpenJPA caches and reuses query parameters for BETWEEN expressions when OpenJPA's QueryCache property enabled
OpenJPA does not pass-through SSL connection properties that set using openjpa.ConnectionProperties when creating Db2 connection
JavaServer MyFaces (JSF) Apache MyFaces implementationjsf-2.0 MyFaces error handling cannot be enabled in production project stage
High CPU issues from org/apache/myfaces/
Protected-view not working in Liberty 16.0.0.4
ProtectedViewException for a protectedview access while checking the OriginJeader for appContextpath
Instances of action listener in a FaceLet are not being removed until app shutdown
Fix for MYFACES-3752
Liberty Application ServicesRemoving IBM-App-ForceRestart header causes applications not restarted
Liberty KernelOpen Liberty Rollup for 17.0.0.4
Liberty z/OSRemoval of possibly misleading FFDC z/OS liberty Async Servlet support
Messages occurring very early at startup are not printed to the MVS console when requested in the zosLogging configuration
When starting a Liberty server as a started task on z/OS from the server script there is no option to specify a job name
Performance Monitoring Toolsjava.lang.ClassNotFoundException dumped in the FFCD log file when PMI monitor feature is enabled
ConnectionPoolStats MBean was not available if enabled the trace with com.ibm.websphere.monitor.*=all
SecurityLiberty 17.0.0.2 is throwing ClassCastException when calling ibm_security_logout with Extreme Scale feature enabled
Session Initiation Protocol (SIP) ContainerThe SIP Container fails to parse a message when the size exceeds 2048 bytes and double CRLF is sent before the message
With number.of.parse.errors.allowed set to -1 WebSphere drops well formed requests
Systems Management FunctionsApplication state becomes stale at the Liberty collective controller
Incorrect collective member status shown in Admin Center
Password protected ssh keys cannot be used for remote host authentication
Web Services SecurityOIDC WASReqURLOidcp cookie constantly grow when LTPA token expired
OpenSAML used by WebSphere Liberty contains XML external entity (XXE) vulnerability (CVE-2013-6440)
LTPA cookie is not created in certain single sign-on scenarios
WebSphere Compute GridIn WebSphere Liberty 17.0.0.x Java batch executor fails with CWWKS0800E error
Fix pack 17.0.0.3
Fix release date: 17 October 2017     
Last modified: 17 October 2017     
Status: Superseded     

👁 Image
Download Fix pack 17.0.0.3
Component
Security APAR
APAR
Description
Dynamic Cache SRVE0014E from servlet caching
 DYNA1064E is logged on some dynacache APIs when the underlying cacheprovider does not support disk caching
EJB Container EJB remote injection fails with NPE if ORB not yet available
Federated Repositories Handle long data type from VMM for extended properties
 NullPointerException in URBridgeXPathHelper.getExpression()
 NPE in LdapConfigManager.getSupportedProperties()
 When one base DN is the subset of another in a federated repository, LDAP failures occur
 LDAP contexts getting leaked after first connection exception
General BBOA1INV Fails with RC = 8 RSN = 44, FFDC invalid group name returned
 Allow configurable maxFieldLength in the logstashCollector
 Remote EJB call with the same object in multiple arguments fails
 WSCredTokenCallbackImpl class is not visible to applications
 Liberty server needs to retry starting the TCP channel after error CWWKO0224E due to hostname resolution error
 Closing websocket session throws NullPointerException
 Task retry not immediate after XAResource rollback
 Provide support for CICS 5.4 in WebSphere Optimized local Adapters
 JAX-RSResponses contain unnecessary Cxf-Content-Language header
 AsyncContext.comple() fails when called from a readListener
 java.lang.RuntimePermission error when destroying an upgradeHandler
 For JAX-RS 2.0, a request may fail with a 404 because a resource class was incorrectly indicated as not found
 AppSecurity-2.0 does not include trustAssociation in Liberty
 productInsights does not register embedded WebSphere
 During server shutdown, if ProductInsights is trying to complete its first registration it may not cancel all of its tasks
 filenotificationmbean may not notify the listener
 Monitor function of AdminCenter does not display the correct value of "used connections"
 JAX-RS resource methods report as not found when using scientific notation as path parameters
 ClassCastException thrown when using remote EJBs in servlet with parent-last classloading
 Using reference-listener along with service factory causes TransactionManager errors
 ProductInsights not reporting used JVM memory correctly
 Path template variables in JAXRS 2.0 do not support scientific notation
 The context ClassLoader is not getting set properly when loading CDI extensions at app startup
 JAX-RS Client must access endpoints via authenticating proxy
 Usage data is not queued if connection to Bluemix Product Insights host fails
 WebSphere Application Server Product Insights does not send in group name translations
 Certificate login does not work with custom user registry on Liberty
 The application's classloader is leaked when restarting the app
 Open Liberty Rollup for 17.0.0.3
 Deadlock caused by WsLogManager and SIB trace code
 Commit of HTTP response in render_response(6)
 Register Windows service and start/stop service for Liberty fails if it is installed in directories names with a space
 Accumulation of org.apache.cxf.transport.http.osgi.HTTPTransportActivator objects
 OIDC does not recognize x5c tag in JWK
 Inconsistent aliasing between --jobParameterFile and --jobPropertiesFile in the batchManager and batchManagerZos CLI
 Use of the JAX-RS multipart media type results in a java.lang.ClassNotFoundException: javax.ws.rs.core.MediaType
 NullPointerException caused by external port component configuration
 CDI injection into JAX-RS classes is broken when using multiple apps and one app is not CDI-enabled
 JAXRS server response does not contain a servlet exception when an unmapped checkedException occurs
Install V8 and above Block installUtility/featureManager install userFeature '--to=core'
Java 2 Connectivity (J2C) Incorrect value of connectionPoolstats
 Intermittent sharing scope for data sources being created at the same time on two different threads
 Unable to install resource adapter using loose configuration file
Java Message Service (JMS) NCSA access logs %B option output displays "-" instead of the size of the response in bytes
 ConcurrentLinkedList tailsequencenumberlock garbage collected
Java Persistence API (JPA) Eclipselink scrollable cursor results in a ClassCastException
 OpenJPA caches and reuses the query parameters for BETWEEN expressions when OpenJPA's query cache is enabled
 OpenJPA does not honor SSL connection properties for DB2
Java SDK Hung thread issue in myfaces _getMetadataTarget
 Messages returned from JSF APIS are in the incorrect order
JavaServer MyFaces (JSF) Apache MyFaces implementation JAVAX.FACES.INTERPRET_EMPTY_STRING_SUBMITTED_VALUES_AS_NULL value affects display behaviour for required fields
Information disclosure in Apache MyFaces affects WebSphere Application Server (CVE-2011-4343)
Information Disclosure in WebSphere Application Server in JSF (CVE-2017-1583)
JavaServer Pages (JSP) HTTP transport encoding CP943C is used for JSTL params
 StackOverflowError generated due to the JSP TabLibraryCache recurses into loadWebInfMap with the value "/WEB-INF"
Liberty Application Services Configuration updates blocked by application restart
 Schema lists invalid attributes for resource adapters and EJB applications
Liberty Debug and Tracing NullPointerException in MultipleCriteriaFilter when retrieving logs from Liberty binary log
Liberty Kernel Synchronization in ConcurrentServiceReferenceElement creates a performance bottleneck
 Potential NullPointerException ServerXMLConfiguration.parseDirectoryFiles
 AccessControlExceptions in Liberty kernel code
Liberty System Management Correcting algorithm for collective deployment using a local file
Liberty z/OS .pid directory created with wrong permission settings
 WOLA ACEE copied from CICS invalid for TSS
 z/OS connect cannot read request that came in with transfer-encoding=chunked
 For products that embed Liberty, some bootstrap.properties do not take effect at server startup
 Prevent Error loop when TDQ is unavailable for write
 WebSphere Liberty servers with zOS connect failing to start with abend 0c4 in wolanativeutils.ntv_activatewolaregistration
 Message CWWKO0229I is not issued when asynchronous I/O is configured
Messaging Providers Default threadpoolstats data cannot be retrieved due to InstanceNotFoundException
Performance Monitoring Tools The Japanese translated message for TRAS0115W is incorrect
Security Distributed identity mapping not working in Liberty z/OS
 PasswordUtil API classes are not packaged in a separate PasswordUtil.jar file
 Liberty z/OS trace includes unnecessary information
Servlet Engine/Web Container JSF portlets may not be able to obtain a session ID
 
Information disclosure in WebSphere Application Server (CVE-2017-1681)
Virtual Member Manager (VMM) In Liberty VMM user registry cannot get groups for user from LDAP
 LDAPRegistry contextPool defaults do not match documentation
 LDAPRegistry attributesCache and searchResultsCache default timeout set too low
 LDAP registry cache is not used in some cases to retrieve cached attributes
 Federated repository may not use UniqueGroupIdMapping outputProperty when calling userRegistry.getUniqueGroupID
 Federated repository passes internal properties to customRepository implementations
 The LDAPRegistry contextPool timeout setting does not timeout after the configured time
 Federated Repositories is returning principal name instead of unique name for getUserSecurityName
 ArrayIndexOutOfBoundsException is thrown when groupMemberIdMap inside ldapRegistry is empty
Web Container WebContainer performance issue when under high load
Web Services (JAX-WS, JAX-RS) NullPointerException in org.apache.cxf.jaxrs.impl.tl.ThreadLocalProviders.getContextResolver()
  Correct Mapper is not chosen due to the order and when mapper classes are represented by proxy object due to injection
Web Services Security The groupId(s) get lost in id_token and introspection
 WebSphere Application Server XML crypto libraries cause classloader conflict with Java XML crypto in certain scenarios
 OIDC IDToken updates to the "sub" field do not take effect
 OIDC provider does not recognize custom realmname from token
 Database persistence for tokens might not function correctly when the backing database does not support CLOB data types
 OpenID Connect (OIDC) cookie not fully removed
 Refresh tokens are issued unconditionally even for clients that do not require them
 Secure flag is not set on the Liberty WASOidcCode cookie
WebSphere Compute Grid CDI injection of Java batch jobcontext fails with npe in the absence of an active job on the current thread
 StepListner.afterStep cannot catch an exception thrown by ItemProcessor.processItem
 batchManagerZos not available after minified server is extracted
 Prevent job start and restart of the same job from occurring simultaneously
 Support message delay/priority for Liberty Java Batch

Back to top

Fix pack 17.0.0.2
Fix release date: 13 June 2017     
Last modified: 13 June 2017     
Status: Superseded     

👁 Image
Download Fix pack 17.0.0.2
Component
Security APAR
APAR
Description
Channel FrameworkAdd watchdog timer to write waits on closing
Contexts and Dependency Injection (CDI)Allow excluded alternatives
Vetoed EJBs throw NullPointerException
CDI observer for @initialized(applicationscoped.class) is not called inside jar
Prevent WebSphere internal packages from being exposed to applications
Version numbers in symbolic names are too fine grained and can cause failover to fail between different versions of Liberty.
WeldTerminalListener is not registered
Database Access, Connection Management, Merant/DataDirect driversDSRA8020E Error is thrown when using IBM i Toolbox JDBC driver with WebSphere Liberty
EJB ContainerEJB 3.x Stub class throws RemoteException for communication failure
Deadlock with persistent EJB timers for Singleton beans
GeneralCWWKE0108I is written to stdout
The umask values is not shown in the server logs
The CICS Link server abends when unable to write to a TS Queue
Attributes missing from the element httpOptions and throws warning message
Cleanup up websocket connection when outbound connection attempt fails at the app server
Corrections are needed to the documentation in the Knowledge Center
JAXRS Client APIs do not use configured SSL settings
JAXRS application start fails with ClassNotFoundException when JSPs are specified in web.xml
ConstraintViolationException when using @Valid annotation
When a websocket connection is closed while reading data an object leak might occur
Liberty jaxb-2.2 feature does not expose some xlxp2 packages
Loop while closing an SSL connection
ProductInsights reports incorrect product version and host name
JAX-RS 2.0 Client calls fail when ssl-1.0 feature is enabled without any SSL configuration.
ContainerRequestContext.hasEntity() returns true for a GET request.
Endpoint MBean information does not update when server.xml <httpEndpoint> is modified
JAX-RS 2.0 OPTIONS methods are not invoked when used in sub-resource locator classes
AccessControlException thrown when finding resources if Java 2 security is enabled
For JAX-RS 2.0, a request may fail with a 404 because a resource class was incorrectly indicated as not found
Support for product insights in embedded server
The productInsights-1.0 does not support BASE ILAN edition
A jndiEntry config element with a value of "0" is parsed as a java.lang.String but should be a java.lang.Integer
Access Log file and ELK time stamps are not the same
Messages with digits in prefix of message ID have a blank messageId field in logstashCollector
Websocket race condition on writing data while closing can hang a thread
java.lang.ClassFormatError: JVMCFRE074 no Code attribute specified; is thrown
NullPointerException thrown when using a JAX-RS provider class without a public constructor
Unable to register a liberty server with product insights though an authentication required proxy
Intelligent Management ComponentNull return codes for health actions cause NullPointerException
Java 2 Connectivity (J2C)After configuring a connection factory for CICS RAR, the server issues J2CA8501E
JMS connection factories defined through annotations can fail to allocate connections
When using SQLJ context caching, auto commit and/or transaction isolation level become inconsistent
The WaitTime provided by the ConnectionPoolStats MBean is in nanoseconds when it should be (and is documented) in milliseconds
Bean Validation 1.1 @DecimalMin and @DecimalMax constraints inclusive property not working
Java Persistence API (JPA)Unable to use DB2 XML data type with EclipseLink JPA; Null pointer produced
NoSuchMethodException when a program is using CONCAT function
Eclipselink JPA/Auditing capablity in EE Environment fails with JNDI name parameter type
org.omg.CORBA.BAD_OPERATION when running a select SQL statement
ServerSession numberOfNonPooledConnectionsUsed can become invalid when Exception is thrown connecting
JavaServer MyFaces (JSF) Apache MyFaces implementationLeading '/' in JSF context param-value throws StringIndexOutOfBoundsException
ClassNotFoundException due to classes not being exported to the thread context
JavaServer Pages (JSP)The JSP Engine is not processing EL expressions correctly when they are in large blocks of character data
Failure to parse tag library when the taglib is defined in the application
Liberty Application ServicesMulti-address corbaname URLs do not fail over to the second address when the first address server is down
Application fails to initialize at startup with error CWWKZ0021E
Liberty Debug and TracingJUL Traces do not show up in logstash collector / bluemix log collector when binary logging is enabled
Failure if running binaryLog view serverName from wlp/usr/servers directory
Liberty KernelA server start may receive a java.util.MissingResourceException if started with a disabled command port
The server schema incorrectly includes some internal configuration attributes
ConfigUtility command line tool loosing equals sign on parameters ending with equals sign
Server create command (using Java 8) overwrites server.env file
SPI class, PathUtils is not normalizing leading double slashes
Liberty Log Analytics and MonitoringAllow configurable maxFieldLength in the logstashCollector
Liberty z/OSUpdate needed in module BBGZAFSM
.pid directory created with wrong permission settings
WOLA ACEE copied from CICS invalid for TSS
When the z/OS connect EE server is stopped and restarted, CICS issues an abend at the time of the WOLA rebind
Message CWWKB0392W is issued when the OTMA client name is specified in the zosLocalAdapters connection factory properties
The size of the Java heap grows over time when using the MSGLOG DD
Memory leak in SP132 KEY8 causes OUTOFMEMORY in Liberty
WebSphere OLA(WOLA) service request issues return code=8, reason code=96 when called from an IMS CCTL region
Prevent error loop when TDQ is unavailable for write
Performance Monitoring ToolsThe monitor-1.0 feature may not be able to monitor user runtime components
The Japanese translated message for TRAS0115W is incorrect
SecurityWSCredTokenCallbackImpl returns null even when token exists
Admin center does not work with AccessControlException after enabling Java2 security
MYFACES-3415 - [UI:REPEAT] Field value disappears if validation error exists on current site
Potential cross-site request forgery with WebSphere Application Server enabled with OAuth (CVE-2017-1194)
An authData element without an ID causes a NullPointerException in the logs
CWWKS9580E message might be logged after modifying the CSIv2 configuration
Intermittent CWWKS9520E message issued when CSIv2 is enabled
AccessControlException when using the servlet log method
NPE thrown in method authorizeEJB()
Sessions and Session ManagementSession activeCount shows a negative value
Incorrect messages were thrown at System output console when using JMX connector
Systems Management FunctionsRunning collective command in z/OS results in FSUM7332 syntax error
When trace is enabled extra information is being included in the controller's trace file
apiDiscovery urls may not update properly on Liberty Admin Center
Virtual Member Manager (VMM)UserRegistry methods that throw RuntimeExceptions can cause federated repository failures
An sslRef on an LDAPRegistry without matching ssl config causes security init failure
Federated Repository's participatingBaseEntry element does not allow name attribute to be empty string
In WebSphere Liberty, the context pool timeout value is not honored on the LDAP Registry
The ldapRegistry feature does not properly process LDAP entities with RDN values that contain characters that need escaping
VMM certificate authentication fails when DN contains non-default X509Certificate attributes
Web ContainerTAI cannot obtain the SSL endpoint information using direct connection
Provide an option to override the default values for the ESI properties in the plugin-cfg.xml
Exception from com.ibm.ws.webcontainer.osgi.mbeans.PluginGenerator during server stop
NullPointerException if login is required to access a servlet which uses a ReadListener.
Returned default html error page has extra closing tags
Access control exception due to read permission of a property from Cookie class
Unexpected error when an application is initializing during server stop
Enable Post Data to be read multiple times.
ServletException when creating a servlet, filter or listener from a ServletContextListener with Java2Security enabled
Plugin config file generation fails after a configuration update is made to a Liberty server when it is running
Web Services (JAX-WS, JAX-RS)JAXB context creation is very slow in Liberty during Web service load test
Web Services SecurityAdd authentication option to JWK endpoint invocation
OIDC IDToken updates to the "sub" field do not take effect
OIDC provider does not recognize custom realmname from token
Database persistence for tokens might not function correctly when the backing database does not support CLOB data types
OpenID Connect (OIDC) cookie not fully removed
An error may occur if the string representation of a subject includes an ID token that contains a claim with a non-string list
WebSphere Compute GridUsing batch injection in joblistener results in NullPointerException
Slow response when using batchpersistence in Liberty
When trying to stop an already completed job the error message does not return with the correct jobInstanceId
CDI implementation does not support batch artifact loading via batch.xml
Fix pack 17.0.0.1
Fix release date: 14 March 2017     
Last modified: 14 March 2017     
Status: Superseded     

👁 Image
Download Fix pack 17.0.0.1
Component
Security APAR
APAR
Description
Contexts and Dependency Injection (CDI) Message bean instances injected with the CDI @New annotations are not @PostConstruct'ed
 IllegalAccessException is emitted from InvocationContextImpl
 IllegalArgumentException in CreationalContextImpl only when trace is enabled
 CDI would not inject classes from a war file into an ear lib in single classloader mode
 CDI failover does not work if bundles have different OSGI qualifiers
Database Access, Connection Management, Merant/DataDirect drivers DSRA0080E refers to original exception message {0} instead of actual message
 After global transaction ends, the reported auto commit value can be inconsistent with the Oracle JDBC driver
General SSLSessionTimeout is not recognized as a valid attribute for sslOptions element
 configUtility find or install throws a NoClassDefFoundError when using local repository
 EclipseLink 2.6.3 does not support JPA-convertor for primitive data types
 Errant timeout can occur with async sends in WebSockets
 Memory leak in JAX-RS client.
 Failure to parse a java.util.Date object when creating a new javax.ws.rs.ServiceUnavailableException.
 Private lifecycle methods in JAX-RS resources are not invoked
Java 2 Connectivity (J2C) Connection sharing cannot be controlled in Liberty when using direct lookup
 java.lang.UnsupportedOperationException when accessing a tested data source
 Connection manager settings not honored
 Setting an agedTimeout value of 0 on a connection manager results in J2CA8011E
 Connection manager configuration intermittently ignored for application defined data source
Java Persistence API (JPA) EclipseLink might add unused table in generated query
 The JPA Container calls EntityManager.clear() instead of EntityManager.close() on cleanup
JavaServer Pages (JSP) Asynchronous dispatch to a JSP file under the WEB-INF directory fails.
 JSP comments containing "%>" might throw a StringIndexOutOfBoundsException.
Liberty Application Services After upgrade to 16.0.0.4. NamingException and ClassCastException occur on JNDI lookup on IBM i
 Intermittent NullPointerException from ApplicationStateMachineImpl when trace enabled or logging information in response to a failure
 OSGi Applications can take significantly longer to startup after upgrading Liberty
 A class that is both Remote and Serializable is mis-categorized during marshalling
Liberty Debug and Tracing Some server startup and early messages are not collected by logstachCollector-1.0 feature.
 Transaction trace lacks PropertyPermission to read system property "com.ibm.tx.tracer"
 Incorrect message IDs appearing on dashboard when using the Bluemix log collector
 Stack trace is not included in the message field of liberty_message type
 Filter tags in logstashCollector & bluemixLogCollector to avoid tags with special characters displaying oddly on dashboard
 New message IDs need to be assigned to a few existing TRAS messages.
Liberty Kernel Removing and adding a feature can result in a warning message about duplicate metatype definitions
 Some Liberty message IDs conflict with traditional WebSphere Application Server
 Error CWWKZ0404E can occur when starting an application on Liberty
 Liberty server does not start if jvm.options file contains spaces, after upgrade to 16.0.0.4
 java.lang.NullPointerException when starting an .ear application with autoExpand="true" in server.xml
 Resolution error for optional server config include should not create an exception
 Exception could be thrown and logged during a server shutdown if listeners timeout during quiesce
 Features that cannot be loaded because of Java version dependencies may still be reported as being loaded
 Liberty metatype registry problem - metatype extension duration changed from LONG to STRING in 16.0.0.4
Liberty z/OS WLM support is ignored when running z/OS Connect in async mode
 SPI for MVS MODIFY command support is documented to be externally available, but in fact is not available
 Loop in Liberty z/OS server when AsyncIO is enabled
 ABEND0C4 at BBGZSCFM+377E occurs during client bind
 When WLP_ZOS_PROCEDURE is set the foreground JVM uses the full set of JVM options
 WOLA service BBOA1URG fails with RC=12 RSN=240.
 Suppress FFDC for com.ibm.io.async.AsyncSocketChannel 453
 WebSocket-1.1 feature does not work in Liberty imbedded in CICS TS 5.3
 Liberty Server hang in termination after a hard failure on z/OS
 WOLA feature not started for 16.0.0.4 server using a version 4 Angel
 Message CWWKB0392W contains no message text in messages.log.
Performance Monitoring Tools Slow memory leak might lead to OutOfMemory in Liberty
 Monitor capability breaks when different thread pool name is speicified other than "Dafault Executor".
Security An AccessControlException is issued when restoring the security context using the ContextService APIs
 Web filters need to receive the AuthModule wrapped request or response when using JASPIC
 AccessControlException issued even when permission was granted in the permissions.xml file
 Process default SSL Setting not getting reset on a file update
 The method signature for java.security.SecureRandom.nextBytes() is no longer synchronized.
Session Initiation Protocol (SIP) Container SIP Router is initialized more than once.
 Order of OSGI bundle could cause a class not found exception.
Systems Management Functions A collective name sporadically changes between its given name and the default name
 Liberty collective member status becomes stale at the controller.
Web Container XML transformer factory changed during server start
 The pluginUtility displays an untranslated message when using the merge action to merge plugin-cfg.xml files in a directory.
 Application start fails to add context root in Virtual Host map
 Response committed on return from Forward even when async is started.
 Server quiesce not cleaned properly when write during close of upgraded connection goes asynchronous.
 The WebContainer 'enableMultiReadOfPostData' config property was visible but not implemented.
 The maxRequestSize optional attribute for MultipartConfig is ignored.
 When the plugin configuration is generated it may not have one of the ports
 CORS does not handle requests with PATCH methods correctly
 ServletRequest.getRequestURI() returns inconsistent results after AsyncContext.start().
 isFinished() could incorrectly return false in some scenarios
Web Services (JAX-WS, JAX-RS) Custom HTTP header blocks SOAPAction header
  HTTP servlet requests could be matched to incorrect cross-origin resource sharing (CORS) configuration
Web Services Security OIDC client cookie is not removed after it is used
WebSphere Compute Grid Batch job log REST URLs are incorrect for a failed job execution
 The ddlGen script may produce an empty file when run against a server with the Java Batch feature configured
 When using the batchManagerZos 'status' and 'listJobs' commands, the usage of --instanceId and --jobInstanceId are not universal.
 Job with Java batch COMPLETED status moves to STOPPING status after shutdown in executor.
 Provide V2 and V3 versions of existing Batch REST APIs
 Job executions REST API syntax is misleading
 Java Batch purge command fails after a job execution did not initialize correctly
 Java Batch jobs store JES job name and JES job ID with trailing spaces
WMQ messaging providers postCallWithException throws java.lang.IllegalStateException
 BundleException happens when adding a feature to a running server causing a bundle to be reinstalled
 Server startup fails with CWRLS0009E error due to failure in the transaction manager's recovery log service
z/OS Apache Wink does not remove quotes from the boundary value Content-type: multipart/mixed; boundary="simple boundary"

Back to top

Fix pack 16.0.0.4
Fix release date: 13 December 2016     
Last modified: 13 December 2016     
Status: Superseded     

👁 Image
Download Fix pack 16.0.0.4
Component
Security APAR
APAR
Description
Contexts and Dependency Injection (CDI)ContextNotActiveException in SessionScoped bean preDestroy()
Clean up all resources on an application startup failure on cdi-1.0 feature
@Inject Principal does not work in mutli-threaded environment.
Application fails with WELD-001408: Unsatisfied dependencies for type Validator with qualifiers @Default
Failover does not work with CDI 1.2
Database Access, Connection Management, Merant/DataDirect driversPurge policy ValidateAllConnections does not properly validate connections
Data source is not autodetecting MariaDB.
DynaCacheHTTP status code 200 is returned to a client when the servlet or JSP throws an exception
Plugging in an external cache provider does not work with the distributedMap-1.0 feature.
EJB ContainerReferenceContextImpl caching empty list of targets for JSP classes
javax.servlet.HttpServletRequest.getRequestURI() might return a decoded value after dispatching
NullPointerException deleting stateful EJB
GeneralExtra information in logs with Datasource custom properties
Access was denied for property org.apache.jasper.constants.jsp_servlet_base.
Provide option to add STS response header for HTTPs request
When user applications are using Websocket Decoders a slow memory leak can occur.
Errors are not logged when tasks submitted to managed executors fail
System property to enable SSL Channel timeoutValueInSSLClosingHandshake property
FFDC is produced for a NullPointerException in com.ibm.ws.tcpchannel.internal.SocketRWChannelSelector.updateSelector
Install V8 and aboveDefault server.xml is incorrect
Disk space validator returns NullPointerException.
Java 2 Connectivity (J2C)MQJCA1011: Failed to allocate a JMS connection
Connection manager might remain active after transaction manager has been disabled.
J2C pretest being used despite FailingConnectionOnly option
FFDC logged for resource adapter config property with getter that is named with "is" rather than "get"
Destination ID erroneously used for JCA 1.7 destinationLookup instead of JNDI name.
The value of ConnectionHandleCount on the ConnectionPool MBean is not accurate when in use connections are destroyed
Illegal State Exception when transaction timeout occurs and abort is used
Java Persistence API (JPA)The database schema name cannot be configured with openjpa.jdbc.SchemaFactory
JPA returns incorrect results when using a native query and @SqlResultSetMapping
ServerPlatformException Server platform class is not valid: null occurs with JPA 2.1
java.lang.ClassCastException using JPA
EclipseLink throws ValidationException when using nested embeddables with the same attribute name
Potential leak of org.apache.bval.cdi.BValExtension$Releasable objects when using JAX-RS, CDI 1.2, and Bean Validation 1.1.
Deployment of persistence unit fails with DescriptorException
OpenJPA's ConfigurationImpl.loadGlobals() has java.util.ConcurrentModificationException
javax.persistence.PessimisticLockException when javax.persistence.lock.timeout set to 0
Add EclipseLink support for Java 2 Security
JavaServer MyFaces (JSF) Apache MyFaces implementationinputFile tag is not working properly on Liberty
FlowBuilderFactoryBean Concurrency Issue
JavaServer Pages (JSP)An escaped EL expression is being run if an escaped dollar sign precedes the former expression
Null CodeSource location for classes loaded by JSPExtensionClassLoader
JSP property useJDKCompiler does not work in Liberty
A debugger does not stop at a breakpoint in a JavaSever Page (JSP).
Liberty Application ServicesAuto extracted web app files have incorrect timestamp.
When application autoExpand is enabled changes to an ear file are not detected by the Liberty server
ConcurrentModificationException in AppClassLoader when using the global library
When certain features are enabled the application property autoStart has no effect
Liberty KernelUsers of Liberty's OSGI EventAdmin service cannot change the topics of interest for a registered EventHandler
Starting a Web Application Bundle (WAB) can result in a deadlock sometimes when the WAB is installed and started dynamically
RuntimeException: Invalid call to WsByteBuffer occurs during shutdown
NullPointerException after a failure to bind an IIOP transport port
Schema for resource adapters contains an unused attribute.
Liberty System ManagementREST API Discovery missing APIs in web applications with multiple JAX-RS application classes
Liberty z/OSz/OS Connect is unresponsive to the STOP command from the z/OS Console
Liberty server at 16.0.0.3 may fail to start when using AsyncIO
When using the zosLocalAdapters-1.0 feature to talk to CICS, the CICS container LinkTaskRspContID already exists.
WebSphere Liberty "server" and native launcher handle a # in the middle of a JVM property inconsistently
Liberty Server hang in termination after a hard failure on z/OS
Startup time for Liberty for z/OS is unnecessarily slow.
Messaging ProvidersAllow more than one address to be specified in the remoteServerAddress field
Corrections to messages in JMS Messaging
Performance Monitoring ToolsEvents get lost when the logstashCollector config gets updated
SecurityFull chain created in PKCS12 but not for JKS key store
Potential code execution vulnerablity in WebSphere Application Server (CVE-2016-5983)
Make sure HTTPS URL connection default is set at the same time SSLContext is set.
Constrained delegation works only when Liberty trace is enabled
Java 2 Security permissions are not granted to a shared library when using the file element instead of a fileset
CWWKX8136W: Cannot validate the server identity
A NoClassDefFoundError or NoSuchMethodError may be thrown when accessing Swagger annotations.
IllegalAccessException on EL expression that processes isLast() of object referencing varStatus in JSTL for-each tag
NullPointerException when registering a Custom User Registry that returns a null realm name
NullPointerException when null password is passed into WSCallBackHandlerFactory
Provide better message when bad SSL configuration is used by CSIv2.
.InvalidNameException: Validation of the Collective DN failed. 0th element type was not dc
Systems Management FunctionsNon-ASCII names used in remote operations from a collective controller may become corrupted.
Remove extra information from trace file
New files added to a controller's configDropins/defaults directory are not replicated to other controllers in the collective.
Virtual Member Manager (VMM)CWWKS3006E error message seen during server shutdown.
Web ContainerAsyncListener onError not being called correctly
DestroyJavaVM() method call hangs and JVM fails to shut down when asynch servlet work has been performed
Polish the ReadListener
Option to display customized text for some server errors
A plugin-cfg.xml is generated with missing applications and future auto-generation fails.
A java.lang.NoClassDefFoundError error can occur when using the pluginUtility merge action.
A decrease in throughput can occur when many concurrent requests for JSP pages that make use of tag libraries.
WebSocket not working if application flushes without obtaining any outputStream or writer
java.lang.NullPointerException might occur during a request's cleanup.
Missing apostrophes in French and Italian pluginUtility text
Web Services (JAX-WS, JAX-RS)PI70196: ibm rest servlet cannot be mapped to two different urls:
Swagger API Explorer ignores protocol schemes for operations
IllegalArgumentException when getHours() is called
JAX-RS Client fails when running in OSGi bundles
Web Services SecurityJSON bits are missing from a URL when SAML authentication redirects a request
WSAS XML crypto libraries cause classloader conflict with Java XML crypto in certain scenarios
Support configurable context root for OIDC client redirect url
WebSphere Compute GridJava Batch REST: STOP request may not return JobNotRunningException even when the job batch status returns as COMPLETED.
An exception in the batch executor may cause a message to roll-back onto queue (and get re-delivered) instead of consumed.
Attempting to purge multiple job instances fails when their executions are not on the same endpoint
Batch REST request for job instance job log links fails with remote executions
WMQ messaging providersRecord-level sharing (rls) is miscalculating the amount of data to be written to partner logs
APAR PI18414 may result in the recovery log service using incorrect sequence numbers.
ELException, Can not find @Transactional annotation
CWWKZ0403E error message occurs due to error Unable to acquire the global write lock in time.

Back to top

Fix pack 16.0.0.3
Fix release date: 16 September 2016     
Last modified: 16 September 2016     
Status: Superseded     

👁 Image
Download Fix pack 16.0.0.3
Component
Security APAR
APAR
Description
Contexts and Dependency Injection (CDI)NullPointerException in InvocationContextImpl.configureTarget when destroying an already destroyed bean
EJB interceptors not called intermittently
NullPointerExceptions from CDI code
NullPointerException when doing injection with com.ibm.ws.cdi.immediate.ejb.start set to true
CDI javax.decorator.decorator annotation not working as expected
Ensure application scoped context is initalized properly and active during bean preDestroy
Race condition with session scoped contexts
Application ClassLoader leaked during application restart from CDI's RuntimeFactory
Use of CDI interceptors in stateless EJBs causes exceptions to be wrapped in WeldException
Memory leak occurs when an application is restarted
Move up Weld level to 2.3.4.Final from 2.2.16.Final.
Database Access, Connection Management, Merant/DataDirect driversOraclePreparedStatement.getReturnResultSet and OracleCallableStatement.getCursor fail after unwrapping statement
EJB ContainerNew system property to configure the EJB pool wait timeout
NullPointerException in CDIEJBManagedObjectFactoryImpl.getEjbDescriptor when creating EJB instance to pre-load the bean pool
AccessControlException: "accessDeclaredMembers" from com.ibm.wsspi.injectionengine.MethodMap.getMethods.
Application exception thrown from EJB constructor lost when @AroundConstruct interceptors present
Resource reference names starting with java:comp/env are ignored in ibm-ejb-jar-bnd.xml
FFDC for TransactionRolledbackException when using UserTransaction in stateful bean ejbRemove method
com.ibm.wsspi.resource.ResourceInfo not provided to ResourceFactory for <resource-env-ref> XML elements
Customer can get EJBExceptions related to non-persistent EJB Timers during server shutdown
GeneralDeadlock caused by SIP Subscribe
Potential Denial of Service in WebSphere Application Server if using SIP services (CVE-2016-2960)
NullPointerException in MemoryPersistenceManager
Automatically determine whether a submit or restart should be issued from the batchManager and batchManagerZos utilities.
Issuing "job.ended" CWWKY0010I message instead of "job.failed" CWWKY0011W message, upon job failure.
Install V8 and aboveDisplay proper asset list when embedded asset repo is missing during IM modify_add flow
Intelligent Management ComponentDynamic Routing fails to recognize the application until Collective Controllers are restarted
Reload of web server with Intelligent Management causes CWWKV0008W messages on a Liberty collective controller
Health condition is not set to the Liberty server in the Docker container.
DynamicRouting does not have route information for Liberty Docker on initial deployment
Java 2 Connectivity (J2C)Parked connection created by PoolManager results in setting a pre-existing client ID to a MQ connection
J2CA7002E is logged when server is stopped while in the process of installing a resource adapter.
The value of FreeConnectionCount on the ConnectionPool MBean is not accurate when in use connections are destroyed
Java Persistence API (JPA)ClassCastException when an equals comparison query is run on an entity with a composite @EmbeddedId
CDI applications that inject Validator or ValidatorFactory beans cannot be failed over in a cluster
EclipseLink assigns the same object instance to multiple embedded fields
JavaServer Faces (JSF) SunRI implementationWhen using the jsf-2.2 and beanValidation-1.1 features an OSGI warning message can be seen.
JavaServer MyFaces (JSF) Apache MyFaces implementationCustom type conversion is sometimes bypassed in EL 3.0
Thread-safety issue in the underlying (Apache) JSF 2.0 code causes WebContainer threads to hang
@PreDestroy methods are not invoked on session invalidation for JavaServer Faces (JSF) javax.faces.bean.ViewScoped beans.
JSF message severities always set to ERROR after ValidatorException
Validators are not called when using selectManyCheckbox
JavaServer Pages (JSP)The scratchdir JSP attribute is not documented on Liberty
A JSP error "unresolved compilation problem" is thrown during runtime
Liberty Application ServicesServer stop runs before the ServletContextListener implementation completes
ArrayIndexOutOfBoundsException may occur when doing a JNDI-lookup to a remote EJB that is located in another cell
Timing window in generation of Type Code objects from class TypeDescriptors, causes performance problems during JNDI lookup
java.lang.StackOverflowError on WAR
EJB connection helpers are both null
Starting an OSGi Application intermittently causes an endless loop.
IllegalStateException thrown on server shutdown
AccessControlExceptionthrown from AppClassLoader.getResources() call
Extended use of remote EJB may cause error mentioning Phaser parties.
Restarting ORB may cause socket bind exception
AccessControlException from JTMThreadFactory, JNDI lookup, and JmsManagedConnectionFactoryImpl
Configuring a non-default ORB may interfere with application client.
Liberty Archive Installz/OS IM offering failed to modify asset due to error 'Failed to load bundle com.ibm.was.determine.job.type'
Liberty KernelWhen coreThreads and maxThreads are the same value, CWWKE1200W messages, which indicate a hung thread, may appear erroneously
Embeddable Liberty command wlp/bin/server fails to run on old bourn shell used by Solaris 5.10
Product validation error when running installUtility install
Apache Commons Compress was incorrectly added to Liberty's JVM classpath
Inconsistent installUtility/feature error messages when installing features or depending features not found on repository
Path normalization of configuration variables can cause unwanted modifications
Liberty z/OSHTTP access logs are not tagged on z/OS.
CWWKF0015I and CWWKF0014W messages are misleading
WEBSOCKET-1.1 feature does not work in Liberty Imbedded in CICS TS 5.3
zosRequestLogging-1.0 feature does record the SAF mapped user ID in SMF 120 subtype 11 records.
Liberty z/OS unauthenticated ID experiences ICH408I calling HttpServletRequest.login with syncToOSThread enabled
Storage leak in subpool 249 key 2 when using the zosLocalAdapters-1.0 feature.
Liberty server processes the start of WOLA workload to slowly
SecurityIIOP sslRef mismatch not clear in error message
Security context not propagated into JCA resource adapter
jacc-1.5 feature does not package a separate API jar file even though it exposes the API.
Attempting to start or stop a member from the Liberty Admin Center running in a collector on z/OS results in CWWKS2910E
Potential open redirect security vulnerability in WebSphere Application Server Liberty CVE-2016-3040
When auth-method tag is not used in Liberty a NullPointerException is thrown
CWWKS9112W: Invalid run-as configuration for security-role name ApplicationRoleName in the application ApplicationName
Cross-site scripting vulnerability in OpenID Connect client CVE-2016-3042
configUtility and collective command line utilities do not support the custom password encryption
The message when the custom password encryption is not available is not acculate.
AccessControlException issued when an API tries to obtain an internal OSGi service via the kernel service SPIs.
An intermittent MalformedURLException is issued during the server shutdown when Java 6 is used and there are permissions defined
Sessions and Session Management
Bypass security restrictions in WebSphere Application Server (CVE-2016-0385)
Systems Management FunctionsCollective utility help text for --keystorePassword is incorrect.
A collective controller shared configuration file is removed after it is renamed.
A deploy rule without a defined restart command produces an exception during a deploy operation.
The --createConfigFile option of the collective utility allows the config file to be in the configDropins/defaults directory
The collective utility writes an unnecessary request to edit server.xml.
Liberty member in a Docker container ignores metadata defined in the admin-metadata.xml file included in the container.
Docker registry commands in the Docker deploy rule mistakenly prepend the repository with the user name.
Virtual Member Manager (VMM)Login failure if userFilter contains userAccountControl attribute
getUserDisplayName returning null when basicRegistry is configured
Web Container
Information Disclosure in WebSphere Application Server Liberty CVE-2016-0378
Application is started even though there has been a listener exception during application start up
An uncaught exception in javax.servlet.AsyncListener.onComplete() might cause threads to hang
SRVE8094W might happen even if invokeFlushAfterServiceForStaticFile=false
WebSphere Application Server Web Container affected by Apache Struts vulnerability (CVE-2016-3092)
Information disclosure in IBM WebSphere Application Server CVE-2016-5986
ConcurrentModificationException thrown on getServletWrapper when serveServletsByClassname is enabled
FFDC created when a feature is removed from server.xml.
Web Services (JAX-WS, JAX-RS)NullPointerException in org.apache.cxf.jaxrs.impl.tl.ThreadLocal Providers.getContextResolver()
ConcurrentModificationException in org.apache.cxf.jaxrs.JAXRSServiceFactoryBean
Web Services SecurityOIDC Client Service is not thread safe
OAuth provider does not encode non-ASCII characters properly
WMQ messaging providersCollect more serviceability data for transaction log service
Deadlock issue in tranlog database
Transaction service may fail to log data correctly when its logs are stored in a database and connection failure occurs
Fix pack 16.0.0.2
Fix release date: 24 June 2016     
Last modified: 24 June 2016     
Status: Superseded     

👁 Image
Download Fix pack 16.0.0.2
Component
Security APAR
APAR
Description
Contexts and Dependency Injection (CDI) Changes to JSP in EAR or WAR not picked up if CDI-1.2 feature enabled
 CDI forces a creation of an extra session, which causes memory usage issues.
DynaCache Servlet and Object Cache services are initialized multiple times during Liberty startup causing delays and exceptions
EJB Container Classloader leak associated with PCRegistry
 A method named ejbCreate on a managed bean may be treated as a post construct interceptor method
General WebSphere Application Server proxy - Too many open files
 Using WOLA with CICS version 5.3 causes BBOX abend
 NullPointerException when using IPv4/IPv6 loopback addresses
 CICS BBO (WebSphere) link server abends with WRITEQ TSQ BBO* error eibresp: 16 eibresp2: 0
 The HTTP Channel consumes additional memory, in specific circumstances, when processing inbound data.
 Quotes are automatically added to the cookie Path attribute on version 1 cookies
 NullPointerException when using batchManager to purge and no arguments specified
 High CPU utilization can occur for WebSocket sessions that expire using a non-default MaxIdleTimeout value
Response Splitting Vulnerability using a specific API CVE-2016-0359
 A job instance with zero executions cannot be stopped or restarted.
 Serviceability changes for batch feature
 The persistent user data and metric values are invalid when a job fails in the middle of a chunk step
 HTTP Channel Access Log does not properly record how much is written to the file
 For Double Byte languages an FFDC IllegalArgumentException can occur for a WebSocket connection that closes due to an error
Intelligent Management Component Web Server SSL certificate created by the Liberty dynamicRouting feature needs updating
Java Persistence API (JPA) ClassCastException using a shared JPA module on JPA 2.1
 JPA Merge fails intermittently with FOREIGN KEY constraint error
 Delay in application startup on Liberty
 When using jpa-2.1 with Bean Validation, XML constraints are not recognized
 Criteria Modelgen API is not included for the EclipseLink provider
 JPA PersistenceUnitUtil.getIdentifier() fails for nested EmbeddedId
 Eclipselink on Liberty is missing javax.json imports
 OpenJPA custom plugins can cause Classloader leaks
 Bean validation interceptor is invoked twice
JavaServer MyFaces (JSF) Apache MyFaces implementation MyFaces CDI support is disabled if non-CDI application is loaded first
 Flow beans are destroyed before the flow is finalized
JavaServer Pages (JSP)
XXE and RCE via XSL extension in JSTL XML parse and transform tags
 NullPointerException when using EL expressions returning null
 A StackOverflowError can occur when com.ibm.ws.el.reuseEvaluationContext is set to true
 There are unused message properties files packaged in the Expression Language (EL) 3.0 bundle.
Liberty Administrative Center Admin Center toolbox cannot save bookmarks with Explore search results which search on tags
Potential security vulnerability in Admin Center for Liberty CVE-2016-0389
Liberty Application Services Liberty server z/OS: Deadlock adding WABs to web container
 An OSGi web app using JSP and JSTL by default currently needs to explicitly import the JSTL spec packages.
 CWWKC2259E: "Unexpected child element defaultDatasource" in WebSphere Liberty for EJB 2.1
 EBA fails to resolve when blueprint-1.0 is active
 Common shared library classes return null when calling getProtectionDomain().getCodeSource().getLocation()
 Application classloaders are leaked by transaction monitoring threads.
 Classloading trace does not contain details of classpath being traversed.
 ClassLoader leak in CDI's RuntimeFactory
 ClastCastException doing a JNDI lookup
 Classloading perfomance of the Liberty ORB has been slightly improved.
Liberty Archive Install Failed to testConnection against wlp-feature-8559.zip
 License jar upgrade returns a confusing message when it fails due to invalid edition.
Liberty Debug and Tracing Null characters added to logs when truncated by user
 NullPointerException seen with logstashCollector-1.0 feature when access log source is enabled
 logstashCollector-1.0 feature reports a NullPointerException during server shutdown operation
 TRAS0120W message reports incorrect lost events
 Duplicate FFDC records are sent for the same failure by logstashCollector-1.0 feature.
 NullPointerException when eventLogging feature is removed
 Removal of ISADC script
 High Performance Extensible Logging (HPEL) binarylog view does not sort by time stamp
 Warning message should be issued when wrong source is specified.
 Unexpected null pointer exception appearing in FFDC logs with logstash collector whenever updating the source
Liberty Kernel ActiveMQ properties not being honored in JMSActivationSpec in Liberty
 Problems with serialization code
 Server command help is missing the --os option description
 When installUtility install serverName is run, the server logs and workarea were not created under WLP_OUTPUT_DIR
 During startup the application manager can cause an FFDC with a ConcurentModificationException causing no applications to start.
 Spurious error may be logged when bundle starts and immediately stops.
 Dynamically configuring one or more features from zero features delays starting applications by 30 seconds
 The help for the productInfo command line tool reports an error rather than provide the help text.
 Missing attribute message is confusing
 Server package zips when unpacked lack file permissions for scripts in bin folder.
 installUtility command may fail with a SocketException: "Too many open files"
Liberty System Management Merged plugin-cfg.xml generated by ClusterManager mbean generateClusterPluginConfig operation contains dup elements
 Collective create always treats --keystorePassword as a required argument
 Using the IBM JMX REST client from Liberty requires setting too many properties
 Swagger document and UI in apiDiscovery-1.0 did not show non-ASCII characters properly.
Liberty z/OS linkTaskChanID property does not work when used with z/OS Connect service provider
 z/OS WOLA CICS BBOC control transaction cannot support long command strings from the console
 z/OS Connect JSON Parse Error message missing JSON payload.
 IllegalArgumentException: com.ibm.ws.security.saf.SAFException: CWWKS2910E: SAF service IRRSIA00_CREATE did not succeed
 UserRegistry.getUsersForGroup() is not implemented in Liberty server
 Asian characters in UTF-8 encoded payloads are converted to escaped unicode characters
 Liberty server takes ABENDEC6 RC0000FD1D due to CPU time limit exceeded
 WOLA fails to reconnet to CICS TS after previous executions have succeeded
 ABEND 0C4 RSN=00000004 or a CICS ASRA ABEND when you have more than 128 WOLA connections in an address space
 CICS programs called over WOLA are being passed an incorrect channel or container name.
 An ABENDDC2/ABENDSDC2 occurs in program BBOATRUE when CICS is configured to use an embedded Liberty server.
Performance Monitoring Tools NullPointerException being thrown from requestTiming feature if any exception occured
Security Collective framework needs to support certificates signed by third party signers
 Improve the exception generated when client does not trust the server.
 NullPointerException from FeatureWebSecurityCollaboratorImpl
 NullpointerException when using ibm_securitylogout in Liberty
 OAuth or OpenID Connect response does not contain state parameter
 The French help text of the PasswordUtility command line utility contains typographical errors.
Systems Management Functions Liberty collective member status is incorrect
 When making a JMX Connection to a collective member, the JVM default for HTTPs connections is updated
Virtual Member Manager (VMM) Federated repository does not allow a user login with Turkish characters
 User login failure when uniqueUserIdMapping inputProperty set to non default values
Web Container Webcontainer intermittently generates a 500 error with StringIndexOutOfBoundsException
 WebContainer is setting the Content-Language
 Line feed code disappears when data is uploaded with enctype="multipart/form-data" in an HTML form
 Dispatcher type obtained from HttpServletRequest is not updated on post processes
 Development version of servlet SPI bundle does not match with runtime webcontainer bundle.
 Enable POST only for a form login
 AsyncContext.dispatch() might dispatch to an incorrect URI if using different versions of ServletRequest.startAsync()
 A 404 error might be generated when using redirectToWelcomeFile
Web Services (JAX-WS, JAX-RS) ClassNotFoundException on WebSecurityHelper
 JAX-RS MessageBodyWriter is not run
 ClassCastException: java.util.TreeMap incompatible with javax.ws.rs.core.MultivaluedMap
 HTTP Response header with invalid Date string is added to the response on a WebServices request
 JAX-RS 2.0 @Context injection from client side provider reports NullPointerException
 IllegalArgumentException inJAX-RS InjectionUtils.java code
 Update product.json model to match recent changes in API Connect
 When using JPA to persist an object, the JAX-RS engine does not correctly catch any exceptions that are thrown
 Security definition is missing from the filtered Swagger document returned by API Discovery Framework
 Using to get the HttpServletRequest and changeSessionId() always returns null
Information disclosure in JAX-RS API
 Suppress SOAP FAULT error message
Swagger processor may allow weaker than expected security
Web Services Security OIDC Relying party auth flow fails with 401 error when security trace is enabled
 OIDC relying party authentication failure due to CWWKS1704E error
 The groupId(s) get lost in id_token and introspection
WMQ messaging providers WS-AtomicTransaction participant recovery after a server crash may never complete
 Problem distributing transaction between WSAS traditional and Liberty using WS-AtomicTransaction.

Back to top

Fix pack 8.5.5.9
Fix release date: 18 March 2016     
Last modified: 18 March 2016     
Status: Superseded     

👁 Image
Download Fix pack 8.5.5.9
Component
Security APAR
APAR
Description
Contexts and Dependency Injection (CDI)Beans searched for through instance interface are not found
NullPointerException if all interceptors are on methods overriden, defined at class level or defined in a different method
Reduce contention in AbstractOwbBean.equals use
BeanManger.equals cannot distingiush between two BeanManagers for the same module after a restart
CDI is activated and generates error with no existence of beans.xml
Provide a fix for Weld bug in CDI 1.2
Objects of class NullInjectionPointImpl are visible in applicaiton code
ClassNotFoundException if application contains a jar which contains other archives
Database Access, Connection Management, Merant/DataDirect driversError when multiple threads attempt to authenticate to Mongo at the same time
EJB ContainerCWWKC2259E: "Unexpected child element" in Liberty profile for EJB 2.1
NullPointerException in AbstractEJBRuntime.bindAllRemoteInterfacesToContextRoot when using ejbRemote-3.2 feature
Improve message text when EJB SessionContext fails to serialize
Non-persistent EJB Timer created while application is stopping may not be removed
GeneralInitial TLSv1.0 application data packet read into the wrong buffer by the SSL channel
At startup end users requests routed with HTTP 404 response
WebSockets might not close the connection if sessionIdleTimeout is set
HTTP Channel getCookieValue throws ArrayIndexOutOfBoundsException when cookie is only one-digit double quote "
Unwanted CWWKC1556W warning when application starting or server shutting down
The HTTP Channel could cause the Operating System to send an RST packet when the connection is closed
Host name resolution with collectives on z/OS may not resolve properly
SSL handshake fails due to a java.lang.IllegalArgumentException.
Update one class in Apache Commons
The job logs are producing a date such as 2016-12-28 as opposed to 2015-12-28 during the last week of the year
Jobs containing split-flow may continue executing the (split-flow) even after the job is stopped.
The com.ibm.websphere.appserver.api.mediaServerControl.1.0_1.0.11.jar file in the dev/api/ibm directory is empty.
The MediaServerControl Javadoc provided contains accessibility issues.
Batch job logs do not contain the exception stack trace on step or job failures.
Remote partition wrongly ends in COMPLETED state when job is stopped, wrongly bypassing partition execution on restart.
IOExceptions is not thrown on inbound connections
Message's address is null in SipUdpConnLink
The exitStatus after the restart of an executor is not properly being rolled back to the correct value.
Install V8 and aboveUpdating Liberty using group-mode Installation Manager does not set group-write bits
An update to the licenses in IBM WebSphere Application Server Liberty V8.5.5.9 is required.
Intelligent Management ComponentAuto scaling does not fully scale in to the minimum number of servers or scale out to the maximum number of servers
A scaling controller might not register a scaling member correctly when the member starts.
ConcurrentModificationException in com.ibm.ws.scaling.controller.topology.RepositoryMonitor$UpdateHandler
In a Liberty collective, not all instances of an application are used when routing with Intelligent Management for Web Servers.
Java 2 Connectivity (J2C)Datasource connection pool minimumPoolSize to be 0 by default for newly created datasources
ClassNotFoundException when using generic RA in Liberty
Java Persistence API (JPA)A null value is returned when trying to use OpenJPA's DelegatingConnection's unwrap()
ClassCastException using a shared JPA module on JPA 2.1
Merging an unmanaged entity multiple (3) times leads to an exception.
Using java.sql.Timestamp data type for entity version value requests current timestamp from wrong SYSIBM table on DB2
ClassCastException is thrown in JPA when QueryCache is enabled
ddlGen script is shipped in ASCII instead of EBCDIC in Liberty 8.5.5.7
EntityNotFoundException in OpenJPA
OpenJPA fastpath broken on Java 8
OutOfMemoryError from org.apache.bval.cdi.BValExtension$Releasable objects not being released.
AbstractMethodError occurs when using JPA with beanvalidation-1.1 feature
NullPointerException from org.eclipse.persistence.queries.ReadObjectQuery under heavy loads
With a Liberty image consisting of only EE7 features, importing javax.persistence 2.1 with WDT requires an internal attribute.
JavaServer Faces (JSF) SunRI implementationDeploymentException occurs if different web modules in an enterprise application have CDI beans with the same name
JavaServer MyFaces (JSF) Apache MyFaces implementationJSF problem in a Portlet environment: Form inputs inside a data table lose their values if validation fails
h:selectManyCheckbox and h:selectOneRadio components do not support f:ajax tags.
MyFaces leaking file descriptors when reading stylesheet files
JSF component binding with ViewScope beans does not work and causes an exception
Fix EL 3.0 ImportHandler support in JSF 2.2
JSF ViewScope implicit objects are not resolved in JSP pages
Null renderer-type tag causes custom TagLib xml parse error
JavaServer Pages (JSP)Changing JavaServer Pages (JSP) features between requests can result in a java.lang.NullPointerException.
Liberty Application ServicesCWWKG0031E is received after commenting out a JNDI element and then adding it back at runtime
Application Manager change to make time waiting for apps at startup configurable
Application classes provides incorrect values when calling getProtectionDomain().getCodeSource().getLocation()
Intermittent ConcurrentModificationException thrown on startup when two Liberty apps use a privateLibraryRef.
Client container application fails to run
SPI classes under com.ibm.ws.container.service reference some non-SPI classes
NullPointerException in WABInstaller.java results in "Unable to install bundle" message
SPI classes under com.ibm.ws.javaee.dd reference some non-SPI types
Classloader.getResource("") does not return url to WEB-INF/classes
Liberty Debug and TracingRequest timing can accidently remove an executing request from the active request list
New "JSON" format added to binarylog command
ConcurrentModificationException in collector manager
Logging in InvocationContextImpl outputs array IDs instead of array contents
Liberty KernelInvoking productInfo with valid command but bad option does not give errors
WebSphere Liberty default executor auto-tuning is disabled when an embedder overrides the default ThreadFactory.
ScheduledExecutorService can temporarily leak classloaders for canceled tasks.
Wrong charset returned in page-not-found error when incorrect context root is requested.
Fix defect in Equinox framework to incorporate in Liberty
Liberty File URLs contain incorrect number of '/' characters
Configuration conflict warning message needs improvement
FileNotFoundException when application start-up fails.
JSP classloading ignores the application parent-last classloader setting
OSGi applications may be able to get access to OSGi services provided by Liberty feature bundles which are not considered API.
Deadlock may occur when creating a Java util logging Logger
Improper error when running Liberty scripts with unsupported Java version.
Changing SSLDefault may still require unnecessary configuration of defaultKeystore
Feature updates are less likely to result in unnecessary component activation and deactivation
When installing features using the installUtility jaccWeb-1.5 and ejbComponentMetadataDecorator-1.0 are not installed
Liberty System ManagementWrong locale in the content when calling REST API to generate schema
Liberty z/OSMore details is provided for some failures in WOLA connections via Liberty
Allow WOLA client to re-connect after a Liberty server failure or recycle
Default JAVA not read from java.env when server is started with a PROC.
Liberty on z/OS fails to route messages to MSGLOG DD card
z/OS Connect does not preserve JSON payload element ordering as shown in copybook files.
Basic authentication not working z/OS Connect dynamic services
Liberty on z/OS does not pick up the IFAUSAGE properties file in the product extension directory
When starting a Liberty server that has zoslocaladapters configured the sever abends with a System 106.
Liberty started task does not expand @WLP_INSTALL_DIR@ when used in the path specified by WLP_DEFAULT_JAVA_HOME in java.env.
Calls to WOLA services BBOA1* may hang when Liberty server is cancelled or ABENDs
Message CWWKB0101I does not provide enough information to diagnose problems connecting to an Angel process.
WLP_SKIP_UMASK=true is not working when Liberty server is started from a started task on z/OS
Messaging Providers[WARNING ] CWWKG0032W: Unexpected value specified for property
Performance Monitoring ToolsMonitor group filter does not work with the component which are not using the code intstrumentation.
SecurityNullPointerException thrown at com.ibm.ws.transport.iiop.security in Liberty profile
Login fails with mixed-case password phrase on z/OS.
Liberty incorrectly displays warning message aboutWSGUEST user missing the RESTRICTED attribute
Incorrectly returning CWWKS4306E when application URI is unprotected and Liberty receives an expired LtpaToken
CWWKE0702E: Could not resolve module: com.ibm.ws.management.security is logged when zosSecurity-1.0 is enabled.
Collective member certificate login fails with LDAP or Federated user registry
Sessions and Session ManagementSession attribute not stored with Oracle as database session persistence and MultiRowSchema=true
Systems Management FunctionsCollective replica restart may fail
Virtual Member Manager (VMM)LDAP binary attribut handling in VMM
Web ContainerFilter with only WebFilter annotation does not get invoked
AsyncContext.dispatch() dispatches to an incorrect URI
While using an upgrade request the quiesce operation did not complete
isFinished on a stream can return true before the stream is fully read
Unable to retrieve the REMOTE_USER from the WSRU header without using any security in Liberty
A redirect using an URI relative to the current request URL redirects to the wrong URL
Managed thread factory not available in ServletContextListener.contextInitialized
The Servlet SPI was refactored to provide a complete set of SPI classes.
Blocking write is not allowed once WriteListener is enabled.
If an error occurs during a request with a ReadListener and is upgraded, a quiesce operation may not complete properly
Web Services (JAX-WS, JAX-RS)@PreDestory method invoked twice when @RequestScoped annotated on resource class and no @Context field in the class
Data conversion issue for Multi-part MIME on mainframe (z/OS)
Liberty JAX-RS implementation may throw NullPointerException
User customized provider life cycle annotation @PostConstruct @PreDestroy not work or throw NullPoint Exception when stop server
Liberty profile JAX-RS 2.0 Client Side Built-in Providers Installation Performance Issue
Injection on implementation of ParamConverterProvider in JAX-RS 2.0 fails with NullPointerException
Customized EJB ExceptionMapper cannot be mapped to user defined Exception in more than two JAX-RS 2.0 Applications
ClassNotFoundException loading the jaxws-2.2 and appSecurity-2.0 features
Web Services Security
Cross site scripting vulnerability in Oauth Service Provider CVE-2015-7417
Add OpenID Connect relying party (RP) config option to specify whether to do client side redirect
Cross-site scripting vulnerablility in OIDC client web application
WMQ messaging providersDeadlock in controller due to timing window in the recovery log service; servant times out
Extended Unit of Work API may not throw errors back to the application when they occur during transaction end processing.
Thread safety defect in Unit of Work manager initialisation
When inside an @Transactional declarative transaction, an error is thrown upon entering an @TransactionScoped context.
Unable to find the @Transactional annotation
@TransactionScoped bean instances do not have their @PreDestroy-annotated destructors called.
Access to UserTransaction methods is not correctly disabled within nested @Transactional annotations
@Transactional rollBackOn/do not RollbackOn scans the exception class hierarchy in the wrong direction
@Transactional annotation processing code emits FFDC when encountering RuntimeExceptions in the dontRollBackOn list

Back to top

Fix pack 8.5.5.8
Fix release date: 11 December 2015     
Last modified: 11 December 2015     
Status: Superseded     

👁 Image
Download Fix pack 8.5.5.8
Component
Security APAR
APAR
Description
Contexts and Dependency Injection (CDI) Liberty Profile with CDI 1.2 and CDI enabled application has slow startup
 Publish the Weld 3rd party version on the repackaged Bundle-Description
 If CDI 1.2 is enabled then a BeanManager could be returned when resolving any JNDI value.
 Turn off beans.xml validation by default.
 ProcessInjectionTarget and ProcessInjectionPoint events are not fired when processing non-CDI Interceptors.
 Export weld packages so that DeltaSpike Scheduler can be supported
EJB Container A NameNotFoundException occurs for injection of resource into ManagedBean in EJB module
 IllegalStateException thrown during server stop when j2eeManagement feature is installed
General Root not injected on URL containing query but omitted path
HTTP response splitting vulnerability CVE-2015-2017
 An OutOfMemory error can occur from a leak in WebSockets when websocket session timeout is set
 Future.get can hang during ManagedTaskListener.taskStarting for repeating task
 Cleanup of resources can be missed after Thread.run for threads created by a ManagedThreadFactory.
 WLP does not handle requests successfully during shutdown
 The TCP Channel's Host Name Include and Exclude lists are case sensitive
 ExecutionException raised instead of AbortedException for aborted task
 BATCHMANAGER SCRIPT WebSphere Application Server SHIPPED IN ASCII ENCODING ON z/OS INSTEAD OF EBCDIC ON LIBERTY 8.5.5.7
 COMM_FAILURE exception raised during IIOP invocation due to IIOP connection being closed while in use
 Duplicate IIOP request IDs lead to incorrectly parsed response (from incorrectly handled reply message).
Install V8 and above LIBERTY 8557 CANNOT ROLLBACK TO LIBERTY 8553 AND BELOW
Intelligent Management Component java.lang.IllegalStateException: The ScalingMemberReplacementService service is not available
JavaServer MyFaces (JSF) Apache MyFaces implementation A java.lang.ClassNotFoundException can occur during deserialization of the HTTP session
 An UnsupportedOperationException is thrown with an eager ManagedBean containing a ManagedProperty in JSF 2.2
 The "class" attribute cannot be set in a custom tag in JSF 2.2
JavaServer Pages (JSP) JspTranslationException when using a JSP tag containing another tag with deferred-attributes
 JSP engine throwing an IllegalStateException when PageContext.findAttribute(string attributename) is called
 Memory leak in javax.el.BeanELResolver caused by application restarts
Intelligent Management Component Liberty collective server status is not in sync with DataPower status query
Liberty Application Services Unnecessary IllegalStateException FFDC created during some server stops
Liberty Archive Install Some download error messages are shared with install error messages, but the content of the message only mentions install.
Liberty Debug and Tracing NullPointerException when updating traceSpecification programmatically.
 NullPointer in MethodInfoImpl tracing
 Liberty core dumps when -Xhealthcenter:level=inprocess jvm option is used with health center agent version 3.0.5 or above
Liberty Kernel Problem with notify call for updateTrigger="mbean"
 Unused server.env file generated when creating client processes using Java 8
 Liberty featureManager command may hang until killed
 Unable to use wlp-featureRepo-8.5.5.7.zip as a directory based repository in WDT
 When setting the trace file name to 'stdout', the distinction between error and general output messages is lost.
 UPDATE TO COMMAND PRODUCTINFO VIEWLICENSEINFO
 When Java security is enabled application class loaders may get access to internal packages contained in liberty profile
 There needs to be a space character preceding the ellipses mark used in some install command line messages.
 SSL support does not start properly
 Errors after adding or configuring additional content to server when the server installation path contains unsafe characters
Liberty z/OS Security identity not propagated from batchManagerZos to batch exectuor in multi-server environment causes JobSecurityException
 Unintall zosBundle addon fails if use Java7 to run Liberty installUtility
 PERMISSION ERRORS ACCESSING RESOURCES IN THE SERVER'S WORKAREA DIRECTORY USING APPLICATION SYNCTOOSTHREAD WITH JSP INCLUDE TAG
 CWWKT0022E IN LIBERTY SERVER WHEN USING DVIPA HOSTNAME DEFINED BY VIPARANGE
 SERVICEABILITY ENHANCEMENTS TO ENABLE TRACING IN THE TOOLING THAT z/OS CONNECT USES
 The performance of inbound requests using the zosLocalAdapters feature is poor.
 z/OS CONNECT USE OF HTTP GET WITH INVOKEURI FAILS WITH WOLA SERVICE PROVIDER
 HIGH I/O AND CPU USAGE WITH ZOSCONNECTDATAXFORM DATA TRANSFORMER
 AFTER RESTARTING LIBERTY WITH z/OS CONNECT, NO z/OS CONNECT SERVICES ARE AVAILABLE
 CWWKE0701E MESSAGES SEEN AT LIBERTY SERVER STARTUP
 CONVERTTOJSONPRIMITIVE DATA TRANSFORMATION PART OF z/OS CONNECT USES HIGH CPU
 A z/OS modify command fails when running OSGi console commands.
Performance Monitoring Tools Excessive appendCustomSetString calls cause high CPU when using VE and PMI.
 Health manager dumps many files into member server's /tmp directory
Security Improve serviceability for form-logout processing.
 Fix keystore file monitoring so it is not polling by default.
 In Liberty profile ignoreCase=true is not honored for administrator-role entries
 The hashtable login module does not honor the uniqueId and security name when passing then userId
 App Server Classic to Liberty profile remote EJB lookup is not working when CSIv2 uses LTPA
 Liberty profile needs a meaningful message in the NO_PERMISSION exception when failing to decode a GSSUP token.
 Populating the users to the BasicRegistry might fail due to CWWKS3104E: Multiple users are defined error
 Access is denied with a WebSphereRuntimePermission for getSSLConfig in CSIv2 during a naming lookup.
Sessions and Session Management There is a duplicate creating table problem when using Informix as session database on Liberty profile
Systems Management Functions Automatically deployed member fails to start on Microsoft Windows
 Multiple clusters concurrently deploying to new host have JRE collision
 wlpInstallDir and/or jreInstallDir and/or otherInstallDir install to default location instead of to user specified one.
 Scaling member may change to automatic mode on member restart
 An improvement is made in the collective replica set management to better handle a network isolation condition.
 Collective controller does not start
Vulnerability in Apache Commons Collections used by Liberty
Virtual Member Manager (VMM) The principal name is listed as null in the error message CWIML4537E
Web Services Security WebSphere OAuth TAI template cache has a synchronized lock and can block a lot of threads
 CWWKS1758E: Validation failed for the ID token.
WMQ messaging providers Performance degradation on application startup
 In doubt transactions are not recovered on server restart

Back to top

Fix pack 8.5.5.7
Fix release date: 11 September 2015     
Last modified: 11 September 2015     
Status: Superseded     

👁 Image
Download Fix pack 8.5.5.7
Component
APAR
Description
Contexts and Dependency Injection (CDI)CDI decorator for an interface must directly implement cannot inherit from a super class
Injected parameters passed in wrong order
Performance Improvement on application startup
The same class appearing in multiple war files might cause the wrong bean manager to be returned.
Name given to a bean with @Named annotation is not the correct default if it begins with two or more capitals
CDI does not correctly verify and publish events for JEE Component Classes which support injection
Database Access, Connection Management, Merant/DataDirect driversAllow the user to specify the TLS_CLIENT_CERTIFICATE_SECURITY option on the securityMechanism property on properties.db2.jcc
DynaCacheThe webCacheMonitor feature does not work with JSP 2.3.
The Liberty profile cache monitor does not work with application security enabled.
GeneralNullPointerException thrown by UDP channel when stopping server.
Server not responding to Continue message as expected
ReInvites are frequently canceled with NullPointerExceptions
HTTP Channel prints FFDCs for MalformedMessageExceptions and IllegalStateExceptions while parsing request message
Exceptions when requestTiming is re-enabled
NullPointerException in batch JobOperatorImpl after dynamic server configuration change involving batch or its dependencies.,
A call to the Batch REST interface to restart a job fails when the job was previously started via the JobOperator.,
Issuing a STOP command to a Batch job does not result in the job being in the STOPPED state.,
FFDC is produced for a NullPointerException in com.ibm.ws.tcpchannel.internal.SocketRWChannelSelector.updateSelector.
Future.get hangs when attempted from taskSubmitted/taskStarting of tasks scheduled via a ManagedScheduledExecutorService.
A retry with rollback performed before the first checkpoint is taken causes a NullPointerException to be thrown.
Batch status of an instance is in STARTING when instance state is FAILED
Install V8 and aboveUpdating Liberty using Installation Manager on z/OS requires a large amount of disk space.
Installing Liberty v8.5.5.6 with features or addons using Installation Manager in silent mode fails due to out of disk space
Installation Manager unable to install assets from instance of the Liberty Asset Repository Service with no internet connection
Update WebSphere Application Server Liberty profile V8.5.5.7 licenses
Java 2 Connectivity (J2C)JDBC Wrapper implementation of ResultSet.isClosed returns false after DB2 JCC driver has closed the ResultSet
Missing translatable message for error path where invalid valid is specified for a numeric connector property
Java Persistence API (JPA)Expose the org.apache.openjpa.lib.rop package in the jpa-2.0 feature to enable the serialization/deserialization of ResultLists.
When using the jpa-2.1 feature, an entity containing a lazy field may fail to deserialize
Potential memory leak when both validation 1.1 and CDI 1.2 features are enabled.
JavaServer MyFaces (JSF) Apache MyFaces implementationHung thread caused by MyFaces
A java.lang.ClassNotFoundException can occur when the session is invalidated and the jsf-2.2 feature is being used.
Liberty Administrative CenterStopping Liberty profile 8.5.5.5 controller from the Admin Center causes error
Liberty Application ServicesValidationException occurs when using JAX-RS and more than one validation.xml
Enable strict checking of a single validation.xml file per application classpath.
Server with IIOP clients fills heap and throws OutOfMemoryError
Liberty Debug and Tracingbinarylog command causes java.lang.NullPointerException
Request timing does not work with Java EE 7 features
Liberty KernelAfter a configuration update a web request may temporarily result in an error
Collective controller returns garbled stdout of ServerCommands to JXM client
OSGi applications that contain blueprint.xml in bundle fragments do not start after Liberty update to 8.5.5.5
Product validation error using featureManager to install an add-on, such as extendedPackage-1.0 or javaee-7.0
ServiceException when stopping the server immediately after a configuration update
The configuration schema does not include a default value for the 'optional' attribute on the 'include' element.
Creating a new server can result in a server.env file being generated in the wrong place
IIOP/CSIv2 may fail to start correctly due to missing UserRegistry
Server dump command fails when a Java dump file cannot be found.
Default welcome page uses 'Beta' description for supported server
Liberty System ManagementFileTransferMBean.deleteFile(String) may not be able to delete an empty directory on IBM i operating systems
File transfer could sometimes fail due to controller deleting the file before the transfer is complete
JSONConverter incorrectly de-serializes MBeanServerNotificationFilter
If the appSecurity feature is installed no application starts unless SSL and a UserRegistry are configured correctly.
Liberty z/OSAdd mapped SAF identity to the SMF 120 subtype 11 records
z/OS connect in Liberty is not recognizing the mapped RACF userid is a member of a group
Abend S478 RC=4 when trying to stop the server
ABEND0C4 when running batchManagerZos from a dataset
Abend S478 RC=4 when trying to stop the server SP231
SecurityPotential spoofing vulnerability in WebSphere Application Server CVE-2015-4938
The authData configuration element needs enhancing to include alias and database in its description.
Javadoc relating to isServerSecurityEnabled needs to be updated to apply to its function in Liberty profile
Logout fails due to ConcurrentModificationException in high-stress, multi-threaded environment.
Remove SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA from the strong cipher list.
Add exception to security error message CWWKS1102E.
Enabling security through adminSecurity-1.0 may cause servlets to not configure completely
Systems Management FunctionsLiberty 'collectiveController replicaPort' limits size of port number
Collective join or replicate with --useHostCredentials option completes even if host credentials are missing.
Incorrect error message when host authentication credentials cannot be retrieved by collective controller.
A scaling member logs an FFDC with IllegalArgumentException during server shutdown
Collective and cluster member started/stopped state not promptly updated.
Improve collectives replica reconfiguration performance by improving internal storage structure in Frappe.
Virtual Member Manager (VMM)LDAP: Error code 53 - R000128 Filter is not supported
UserRegistry getUsers method does not use LDAP userFilter configuration specified in the server configuration
LdapRegistry does not work when the search results cache is defined as <searchResultsCache enabled="true" />
Ignore case configuration is not honored in LDAP repository configuration
Login fails when ibm-entryuuid attribute value is null for a user
Web ContainerProvide option to not flush internal response objects in FileServletWrapper.
Improve error messages SRVE9002E and SRVE8011E
Suppress SRVE0255E error message in systemout trace
There is an increased performance overhead for users of the SSL feature in Liberty profile
getParameter() does not work after getReader()
Liberty profile performance issue when using @postContruct and @preDestory annotations in servlets
Web Services (JAX-WS, JAX-RS)NullPointerException generated by Apache wink library when processing HEAD requests
WebServiceContext is lost, resulting in a NullPointerException
javax.xml.bind.UnmarshalException: unexpected element can occur on first request
Wrong media type for the response when using JAXRS-2.0
Web Services SecurityMust not call getClob for PostgreSQL
Fix pack 8.5.5.6
Fix release date: 26 June 2015     
Last modified: 22 June 2015     
Status: Superseded     

👁 Image
Download Fix pack 8.5.5.6
Component
APAR
Description
Contexts and Dependency Injection (CDI)CDI getInjectableReference() is not working as expected
PostConstruct method is not called if there is a second method of the same name
Nulls are being injected in place of EJBs that depend upon an @resource
An inherited qualifier with a value is overridden but the more distant value's ancestor is applied to a bean.
Database Access, Connection Management, Merant/DataDirect driversCleanup fails with an SQLException for unsupported operations
IllegalArgumentException when attempting to configure DB2 data source property keepAliveTimeOut
DynaCacheCache provider name description is incorrect and unclear.
EJB ContainerEJB application update time greater than two minutes when server is under load
GeneralHTTP response might have multiple Set-Cookie: JSESSIONID headers
The message: "BBOA8090E An error occurred during TRUE enablement with reason code 63" is not clear for client self-assist
Chunked request might fail to receive all responses caused by delayed last CRLF.
Channel framework NCSA access log service time
Allow for pre-CDI injections to work for websocket Server Endpoints when CDI is disabled.
The server does not shutdown with an active websocket session in use
IBM iserver start fails with "Command /QOpenSys/QIBM/ProdData/JavaVM/jdk70/32bit/bin/java not found"
Install V8 and aboveUpdate licenses for IBM WebSphere Application Server v8.5.5.6
Intelligent Management ComponentWeb server server-status page shows STARTED applications under STOPPED servers for Liberty collectives
Potential server hangs are possible during server stop when using the scalingMember feature
Dynamic routing in Liberty does not work if applications have an empty url-pattern for a servlet-mapping in web.xml
Java 2 Connectivity (J2C)IllegalStateException: context is null prevents resource adapter from being stopped
WorkContextLifecycleListener not notified of contextSetupCompleted
JavaServer MyFaces (JSF) Apache MyFaces implementationRequest to Prefix mapping of Faces servlet may return a 500 Error.
The jsf-2.0 feature might fail to start with java2security enabled
The el-3.0 and jsp-2.3 features should require a minimum of Java SE 1.7.
JavaServer Pages (JSP)New JSF applications may fail after deployment if another JSF application is deployed in the server using its own EL parser
javax.faces.application.FacesMessage is not serializable
Incorrect JSP translation for the expression
Comparison between encodings should be case-insensitive JSPG0088E
Liberty Administrative CenterAdminCenter line graphs plots can get out of sync with the summary field values.
Alert panel in Admin Centre's dashboard may not display all alerts.
Invisible close button on background task details dialog
Misaligned background steps description.
AdminCenter graphs do not display when using a browser with a Russian Locale.
If the AdminCenter Graphs slow down because of system load, the X axis labels of some graphs can become unreadable.
Bidirectional Preference toggle button on Mozilla Firefox browsers does not render correctly
If edit button is clicked before tools are fully loaded in user's tool box, then there is no remove icon on newly loaded tools.
A 400 error code displays in the console when loading Admin Center
Liberty Application ServicesFFDCs with IllegalStateException: Cannot stop from state UNINSTALLED created when Liberty profile server is shut down
Artifact SPI in Liberty profile missing classes StructureHelper and ArtifactContainerFactoryContributor
Exception logged during server shutdown
JNDI Contexts in the java: * namespaces are not serializable
Liberty Debug and TracingDuring High Performance Extensible Logging mode TruncatableThrowable exception is logged as wrapped exception
Liberty KernelAn IllegalStateException may be generated by the com.ibm.ws.classloading bundle on shutdown when unregistering a service.
Liberty profile %D NCSA access logging directive does not record the correct elapsed time for a request
REST connector can potentially use an invalid endpoint
400 bad request error from channel component while parsing headers with trailing white space
Nested elements are not merged if cardinality is 1 or -1
Updates to nested elements provided by a user extension may not result in a configuration update
Nested configuration with unresolved references can have incorrect values
An error parsing a file in configDropins prevents other files in configDropins from being loaded
Contextual proxy is not usable until the context service that created it is looked up or injected into an application.
Direct lookup of ManagedScheduledExecutorService sometimes returns wrong type.
Schema and feature list contain English when locale is set to pt_BR and zh_TW
Liberty OSGi SPI JARs do not compile with Java 7
Liberty executor can hang when work is submitted outbound over HTTP and back into the same server.
Java 8 VM no longer supports MaxPermSize
Symbolic links to server directories from Liberty usr/servers directory do not work as expected
File permissions too restrictive when WLP_SKIP_UMASK=true specified for Liberty profile server
IllegalArgumentException thrown when bootstrap property key is a zero-length string.
NullPointerException when installing a corrupt jar file
Files with extensions other than XML are read from configDropins
Specific application elements may not be removed correctly
Liberty System ManagementCollective deployment fails when using root directories as write paths.
Liberty z/OSWebSphere Application Server for z/OS can encounter CML lock contention when under heavy load.
UNPRINTABLE CHARACTERS IN SCRIPTS BBGJS2LS BBGLS2JS
Server started on z/OS with a started procedure does not place logs into the location specified by WLP_OUTPUT_DIR.
Using DFHJSON to format strings with numbers for the data, quotes(") were not placed around the data.
Distributed ID not properly mapped when used with WOLA in Liberty
Collectives are unable to start servers on z/OS that run as started tasks
zosLocalAdapters (WOLA) requests run as the UNAUTHENTICATED user instead of the client user
SecurityUnsupportedCryptoAlgorithmException is not included in com.ibm.websphere.appserver.spi.containerServices_1.0.0.jar
Server SSL port is blocked indefinitely when client authentication is used and the truststore is empty.
The certificateUtility createSSLCertificte tool does not give a useful message if the keystore already exists.
SSL configuration attribute added to the metatype.
Enforce the optional nonce parameter in the OIDC Authorization code flow(provider)
Enforce the optional nonce parameter in the OIDC Authorization code flow(client)
OpenID connect relying party fails when hostname contains "oidc"
Fix poorly worded error message that appears when the a keystore fails to load.
Allow larger ciphers, 256 bit ciphers, to be a part of the HIGH cipher list.
Support JSON array as custom claim
The securityUtility tool does not run if only the kernel feature is installed.
Systems Management FunctionsA FFDC java.util.NoSuchElementException was reported on the collective controller by ServerCommandsMBeanImpl class
Application ADDED notification being issued during Application removal.
FFDC with java.lang.IllegalArgumentException is thrown when removing a member from collectives
Concurrent cluster membership changes can result in a member being removed from a cluster.
Collective remove command did not handle bad user name correctly
Java home for the collective join command is not set correctly in a post join action operation with a server deployment.
Removing a running member from the collective does not stop it publishing its state data to the collective repository.
Virtual Member Manager (VMM)LDAP filter issues with VMM
User filter expressions containing a '!' do not work as expected.
Web ContainergetPathInfo returns a semi-colon for the ";xxxx" appended after the request URI
The server adds a /(slash) to the response URI if the inbound request URI has a ;(semi-colon)
Privilege escalation with serveservlets CVE-2015-1927
Add more details to the WebAppHostNotFoundException
Unhelpful message in console.log: Uncaught.init.exception.thrown.by.servlet
Add property to initialize the class during Class.forName()
Close does not wait for the timeout
No access to all org.apache.japser.el classes
Unsupported Operation Exception after programmattically added servlet context listener throws an exception
WebContainer throws a java.lang.IllegalArgument exception when parsing parameters
When HttpInputStream.isReady() is called after that same API has already returned false, an IllegalStateException can occur.
A java.io.IOException is not propagated back to a dispatch caller.
On an async request, fix the thread context state and transfer the security context between threads.
Web Services (JAX-WS, JAX-RS)jax-ws-catalog.xml support for META-INF for WAR module
Web Services SecurityObtain sensitive information with Apache WSS4J CVE-2015-0226
WMQ messaging providersNullPointerException in JNDINestedFrameworkSupport (JNDI lookup)
Potential java.util.ConcurrentModificationException when starting OSGi applications within WebSphere Development Tools.

Back to top

Fix pack 8.5.5.5
Fix release date: 13 March 2015     
Last modified: 11 March 2015     
Status: Superseded     

👁 Image
Download Fix pack 8.5.5.5
Component
APAR
Description
Contexts and Dependency Injection (CDI)StackOverflow error or NullPointerException occurs under heavy load
The @Produces annotation method on class results in a non-null injectionpoint instance on first invocation.
EJBs conflicting with listener configuration and CDI events
Database Access, Connection Management, Merant/DataDirect driversDSRA0304E and DSRA0302E messages with cause and exception as null creates confusion.
Connection cleanup fails when using an unsupported JDBC driver.
Unable to specify empty port number for DataDirect Connect for JDBC and Microsoft SQL Server JDBC Driver
DynaCacheDynaCache CWWDY1064E or DYNA1064E is written for containsKeyDisk() operation
EJB ContainerIntermittent FFDC of IllegalStateException when stopping a Liberty profile server with a message-driven bean application
UserTransaction cannot be used from a CDI instance created within the context of an EJB
GeneralSipApplicationSession accumulate after BYE transaction if reINVITE transaction not responded to
WebSphere can use the same from tag and via branch in two different requests even if call-ID is different.
While using the B2bUAHelper the branch becomes longer when the UAS sends the re-Invite. This fix is to shorten the branch.
Inbound 412 response not counted in PMI
SIP container splits the reason header into two headers due to a comma inside a quoted string
Print the levels of CICS modules to allow customer verification
IBM iOn Japanese IBM i partitions, when console.log exists, server start fails.
Install V8 and aboveInstallation Manager requires accepting license terms twice to install the Liberty offering with additional assets.
Update legal license for IBM WebSphere Application Server V8.5.5.5
Intelligent Management ComponentDynamic Routing to some application instances might fail when the application is installed in multiple clusters.
Liberty profile server may hang when using the scalingController feature
Auto scaling not monitoring host-level cpu or memory usage
Intelligent Management enabled WebSphere Plug-in does not route requests for Liberty servers with empty clone ID
"dynamicRouting setup" creates JKS formatted keystore instead even when,-keystoreType=PKCS12 parameter is specified
Scaling controller does not start a server to meet minimum instances when a host with capacity becomes available
Java Persistence API (JPA)Schema setting in the ORM file does not propagate to the generated sequences
NullPointerException in QueryKey.createKey using criteria with QueryCache enabled
First JPQL with left join fetch for lazy loaded specified and data cache enabled. Subsequent does not get loaded.
JPA pagination is not working
Use of JoinColumn targets to another JoinColumn key exposed as an attribute causes a ConstraintViolation exception
OpenJPA PersistenceException: LongId cannot be cast to <class name>
ApacheValidationProvider class not found when using third party packages that utilize Bean Validation.
JavaServer Faces (JSF) SunRI implementationThe jsf-2.0 bundle is unnecessarily declaring the org.apache.commons.logging.impl package as API.
JavaServer MyFaces (JSF) Apache MyFaces implementationMulti-window usage with server-side state saving throws a javax.faces.application.ViewExpiredException
Dependency injection of a JSF ManagedProperty comes after a @PostConstruct on Liberty Profile
JavaServer Pages (JSP)The JspWriterImp is not properly cleaning up resources in memory after a request completes.
Log the value of the jdkSourceLevel attribute used by the JSP container
Issue with duplicate JSP attributes
Liberty Administrative CenterScreen scrolls down to the bottom while typing in the input fields in deploy tool
Wrong message when deploying server package file located on the collective controller in Admin Center
Extra line shown in browser when going from the toolbox to any tool
Can not display server's actual status, always displays a straight line on monitor panel on Microsoft Internet Explorer
Liberty Application ServicesInstalling and uninstalling an application many times causes OutOfMemory
Deleting and re-adding the same zip application to the dropins folder can result in an IllegalStateException.
The server does not automatically restart a running application after annotation-based metadata has changed
The description of the autoStart attribute on the application config element is misleading.
Value of context root configuration is silently ignored when not applicable
Inability to resolve JSP modules due to incorrect internal feature dependencies for javax.jsp
Liberty Debug and TracingTimed Operations which are not available are displayed as null.
isAnyTracingEnabled should evaluate object as a precondition then the primitive boolean type.
Liberty KernelLiberty embedded server writes .cache files to the incorrect location
NullPointerException or IllegalArgumentException thrown during runtime class scanning or class weaving.
FFDC error when updating configuration to remove a feature
Add httpDispatcher property to control padding of a 404 message.
WDT show "base instance from which to inherit context" under the main "Thread Context Propagation" section.
ManagedServiceFactoryTracker/BundleContextImpl throw IllegalStateException when server is being stopped
Error deleting configuration for context service
The default executor of a WebSphere Application Server Liberty Profile server can deadlock in rare cases.
Server takes 5% longer to start after moving the Liberty profile wlp install directory.
Invoking the 'server' script from a shell with the CDPATH environment variable set may fail.
If users use a script to run multiple install actions, they may not know which messages are for installing which feature.
NullPointerException in thread pool code occurs during server shutdown
Using symbolic links to applications outside of the WLP install directory could result in an IllegalStateException.
Feature jca-1.6, jms-1.1, and mdb-3.1 cannot be installed from offline local directory
Websocket client code can miss processing incoming data that is received immediately after HTTP upgrade response headers.
Spurious FFDC reporting javax.management.InstanceNotFoundException
Applications containing symbolic links do not always restart when the linked content is changed.
Server shutdown hangs when using the sessionDatabase-1.0 feature
collectiveMember-1.0 exposes third-party JAX-RS APIs
When Liberty profile starts from a cached state the logs do not indicate the features that are installed.
Incorrect lookup of provisioned public Liberty profile features
A CWWKG0074E error message might be unnecessarily generated when certain server.xml elements are not properly configured.
The SPI package com.ibm.wsspi.http references non-SPI types.
Liberty System ManagementStructure of collective repository has changed in fix pack 8.5.5.4
Unable to invoke file transfer operations on paths terminating with slashes on collective host
Liberty z/OSApplication attempt to do authorization with SAF fails w/error code of 03008XXX (if SyncToOSThread is enabled)
The OLA load modules shipped by z/OS Connect Liberty Profile V8.5.5.2 are not compatible with same modules in WebSphere Application Server 8.5.5.2
Liberty Profile on z/OS supports LDAP but does not propertly map LDAP identities to SAF-based Ids
Message "IRR012I Verification Failed. User profile not found"
Wildcards are not allowed in service URLs for z/OS Connect on z/OS Liberty
Storage leak of ACEE objects in native storage when using zosSecurity-1.0 with certificate authentication
Excessive contention of the MVS local lock is seen when using WOLA in WebSphere Application Server for z/OS Liberty Profile.
Requests fail when Driving requests through z/OS Connect using data transformation.
Performance Monitoring ToolsServletStatsMXBean is reporting errorneous data when thread terminates.
SecurityCannot encode password with leading/trailing spaces
JaasLoginContextEntries with same name causes wrong behavior.
NullPointerException when specifying both OAuth20Mediator and data source in oauthProvider
CWWKE0701E when security ID value is null
Privilege escalation with IBM WebSphere Application Server Liberty profile
Making the information returned by the certificateUtility to include the SubjectDN the certificate was created with.
Privilege escalation vulnerability with Run-as user for EJB
Possible performance degradation when doing programmatic login.
Systems Management FunctionsAvoid creating member node path when cluster name is empty or null.
On z/OS environment, ServerCommandMBean failed to make remote connection as it used wrong encoding when is reading ssh key.
Under some conditions, a request to the CollectiveRepositoryMBean exceeds a time out and results in a null pointer exception.
After recovery from a failure Collective Repository Report: not ready
Collective controller unable to establish a TCP connection with its replicas
Adding or removing an application does not always reflect the correct final state of the application.
Message CWWKX8000E can be erroneously logged when a collective member loses its connection to a collective controller
Under extreme load, the controller cannot service all of the incoming http requests.
java.io.IOException: The filename, directory name, or volume label syntax is incorrect
Add National Language Support (NLS) for the default post transfer action.
Provide backward compatibility for admin metadata publishing
Repository monitor could not get service from repository member
Prevent a multi-replica collective controller replica set from reaching an inconsistent state in the data under rare conditions.
Server package deploying using host credentials failed with an ArrayIndexOutOfBoundsException
Virtual Member Manager (VMM)Property case sensitivity is not handled properly in search expression.
Web ContainerAn invalid cookie name causes an IllegalArgumentException to be thrown.
ServletConfig returns null on empty mappings list
Error page handling is broken when the web application is CDI enabled.
ServletRequest.isAsyncStarted() incorrectly returns false on a thread after AsynContext.dispatch() has been called.
A java.lang.NullPointerException occurs when attempting to add a listener programatically that does not exist.
Liberty profile SSL client certificate authentication does not work with IBM HTTP Server
An IllegalStateException is thrown on calling setWriteListener when getOutputstream is called from the readListener.
ServlerResponse.flushbuffer() does not work correctly.
When running an upgraded request the application cannot run a JNDI lookup.
Do not Invoke onAllDataRead() once onError() is called from ondataAvailable()
Need Plugin log file location as part of server.xml pluginConfiguration stanza
Web Services (JAX-WS, JAX-RS)java.lang.NullPointerException in JaxWsInjectionMetaDataListener interface
Applications using Apache Wink on WebSphere Application Server Liberty generate spurious ICH408I messages noting insufficient authority for guest user ID
JAXRS1.1 declares 2 APIs and 1 SPI, but the packages are not encountered at runtime.
There are no jars for javax.wsdl.* packages under the dev folder, although they are declared as spec API in the jaxws-2.2.mf.
Upgrade Apache http client to the latest version 4.3
@HandlerChain annotation cannot work with @WebServiceClient annotation
Liberty profile wsdlLocation attribute not working together with jax-ws-catalog.xml
Web Services SecurityAccess token not deleted in database when using custom mediator class
ResourceOwnerValidationMediator.init() is never invoked
Potential privilege escalation with OAUTH2
WMQ messaging providersApplication server failed to start because transaction recovery failed
EBA start issue due to OSGi framework NullPointerException in Liberty Core
XmlPullParserException when Liberty profile is configured with a local bundle repository
Fix pack 8.5.5.4
Fix release date: 8 December 2014     
Last modified: 4 December 2014     
Status: Superseded     

👁 Image
Download Fix pack 8.5.5.4
Component
APAR
Description
Contexts and Dependency Injection (CDI)Interceptors are ignored on generic methods defined in an interface and then overriden in a subclassi
CDI issue is observed when an application is deployed with ScheduledExecutorService scheduled tasks
CDI application gets error: passivation capable beans must satisfy passivation capable dependencies
On extremely rare occasions a concurrent modification exception may be thrown during resource injection.
DynaCacheError appears in message log using WebSphere Development Tool (WDT) generated cachespec.xml.
Message observed message.log DYNA0044E: XML parsing warning: cvc-elt.1 when using a WDT generated cachespec.xml
Apichk errors in distributedMap-1.0 and webCache-1.0
distributedMap does not inherit properties of baseCache
ExternalCacheGroup does not work in distributedMap-1.0
DynaCache does not delete OSGi configuration of application defined caches when the application server is stopped.
Web caching does not support cachespec.xmls generated by WebSphere Developer Tools (WDT)
EJB ContainerEJB sessionContext.getCallerPrincipal() call not working in asyncbeans
Reference binding fails for a service that implements an interface but does register it
EJB container error scenarios should be improved
Reference and injection error scenarios should be improved
Adding an activationSpec or admin object for a started MDB fails intermittently
persistence.xml fails if property names contain leading or trailing whitespace
Extended persistence contexts are not joined to container-managed transactions
IBM iserver start status message is missing process Id on the IBM i platform
Install V8 and aboveUpdate license notices files for Liberty Profile
Improved the warning messges for invalid features that fail to be installed using the featureManager command.
Java 2 Connectivity (J2C)Resource adapter installation is aborted prematurely during shutdown, leading to other problems
Applications can be started before connection factories and administered objects from standalone resource adapters are ready.
Java Persistence API (JPA)Some l10n feature names are missing information
JavaServer Faces (JSF) SunRI implementationJSF MyFaces WebSocket issue
JavaServer MyFaces (JSF) Apache MyFaces implementationJSP and JSF TLD jar export-package and version Issues
An UnsupportedOperationException is encountered when initializing an eager application-scoped JSF ManagedBean
JavaServer Pages (JSP)Getting the IllegalStateException: component with duplicate ID message when using the shipped MyFaces 2.0
The JSR 303 implementation of BeanValidation cannot be configured as expected.
JSPG0046E: Unable to locate tagfile
A performance degradation can occur under heavy load for applications using the EL
Issue with JSP tag file compiled into invalid package/class name
Liberty Application ServicesProblems when running the server package command
java.lang.ClassNotFoundException in data sources after upgrading to Liberty Profile V8.5.5.2
Application name or module filename containing the # character fail unexpectedly
Setting classloader delegation mode to parentLast can result in JNDI lookup failures
Application archive errors are unclear
The javadoc for the com.ibm.wsspi.resource package is missing
FileNotFoundExceptions when file paths include spaces.
Message with prefix CWWKC0044W may be missing an insert.
Need to throw NameNotFoundException for invalid names for parity with full profile
Javadoc needs improvement
Javadoc changes to make methods use correct list structure
StateChangeException: CWWKS9110E when changing application deployment
Liberty Debug and TracingAccess logging shows incorrect time taken to process the request
Error message enabling trace specification in runtime even though the trace specification is valid.
StackOverFlowError or Infinite loop using HPEL logging.
Logging needs to be improved
Logging of Throwable parameter for which getStackTrace() returns null fails
When e.printStackTrace() is called, the output can be missing some lines of user code
Expose logging SPI
Binary log attribute cleanup
HPEL API not visible from applications
Liberty KernelLiberty profile server uses excessive CPU when TCPIP is stopped
Need improved messages for common parsing failures
Potential hang in server stop
Port listeners can be restarted twice when configuration is updated
Versioning of repository content does not work so any breaking changes to the data breaks old clients
Error message when you try to install a feature from the Liberty repository does not indicate the first failure
Path arguments to the featureManager tool are always relative to install directory
Errors in command-line utilities
Incorrect processing of configuration elements in the server.xml configuration file
Toleration for Java 7 and 8
Kernel programming interfaces should be improved
Kernel error scenarios should be improved
The server command needs to be improved
The handling of MIME types needs to be improved
NullPointerException in HandlerHolder line 240 during server shutdown
ProductUtility validate outputs errors multiple times
Deployment of a large application with very detailed trace enabled may cause a tracing loop
Running the ws-productutil.jar version command on z/os results in a missing property error.
NullPointerException in ConfigSigner
Minifying an empty server and installing an ESA feature causes a NullPointerException
RuntimeException: Invalid call to WsByteBuffer method. Buffer has already been released.
Liberty profile steals focus on Macs
Unable to find out which configuration attributes can be overridden by variables
Workarea paths too long
Avoid extraneous warnings and errors during configuration processing
Tolerate Equinox osgi.clean property
Intermittent IllegalStateException in AtomicServiceReference
IllegalStateException in FeatureManager
Server dump does not include shared configuration files
Private features are allowed to be included by features from different Liberty profile product extensions.
Application reports java.io.IOException: Exception in opening zip file,
OSGi application can fail to start with java.lang.Exception: ORPHANED,
Insufficient error messaging for ServerLock waitForStart()
Intermittent exceptions in org.apache.felix.scr.* classes
Need improved error messages for file permission problems
Liberty profile server incorrectly allows 2 data sources to be configured with the same JNDI name
Suppress erroneous error messages during server shutdown
NullPointerException in ThreadPoolController during server shutdown
Default landing and some error pages provided by the server load slowly.
Fix several kernel issues
Incorrect class name in error reporting from DynamicVirtualHost
NullPointerException during shutdown while updating features
Liberty embedded server fails to notify the user if the server fails to start
Feature display labels are translated into local language
ClassNotFoundException: com.ibm.ws.kernel.productinfo.ProdctInfo when using featureManager
The install directory cannot contain a plus sign
The server start command sometimes uses jvm.options for non-server processes
java.util.concurrent.RejectedExecutionException when default executor is dynamically updated
CWWKE0701E java.lang.ExceptionInInitializerError thrown from [com.ibm.ws.http.internal.VirtualHostImpl((79)]
Auto features that required an iFix were not previously installed by the featureManager install command but now are
Liberty System ManagementPax archives not supported in file transfer upload through a collective
Liberty z/OSOutbound service from WSAS to CICS via WOLA hangs
When REU=Y some requests to override a link succeed when all should fail
WebSphere WOLA API calls failing with abend BBOX in CICS for CICS TS 5.2
The WOLA three-part name allows mixed case while the CBIND class profile they must match requires upper-case
java/lang/StackOverflowError with loop in ntv_mapDirectByteBuff
java.lang.IllegalStateException: Native service for RRS transactional support is not active or available
CWWKB0227E message should be more accurate
An FFDC reporting a CTX4SWCH RC=368 is generated during server shutdown.
Messaging ProvidersEnabling Messaging Security may cause com.ibm.websphere.sib.exception.SIResourceException: uniqueUserId is null
Fix usability defects in JMS
Performance Monitoring ToolsMonitor attribute cleanup
Application deployment occurs before all the system bundles are started while removing the monitor-1.0 feature
When SUN Java is used for Liberty server, the processCPUUsage metric does not report the right CPU usage
ClassNotFoundException occured while querying monitoring data with traditional PMI Mbean (Perf MBean)
Plug-inIntelligent Management enabled WebSphere Plug-in stops routing after an application is removed and added.
SecurityInformation Disclosure in WebSphere Application Server
WASReqURL cookie might be overwritten if multiple login processes are performed
CWWKS4106E: LTPA configuration error when setting keysPassword in the server.xml,
Principal names or unique IDs containing special characters are not handled properly
Fix double-encoding of "state" parameter in OAuth flow
Parameter order should not matter for securityUtility command line tool
Exception could be thrown getting user registry during shutdown
Cancel button on default OAuth/OpenID Connect consent form pages does not work
Possible race condition could prevent access to keystore
The periodic Authentication Cache cleanup stops under certain OSGi DS timing conditions
Improvements to Javadoc accessibility for security SPIs and APIs
Change to make sure the RC4 ciphers are not used by default.
Improve the processing of multiple SSL configurations
User registry updates: Add getUsersForGroup method, do not require a user registry with appSecuirty-2.0 feature
NullPointerException from security collaborator
Intermittent SSL problem where the keystore information seems to be missing.
Remove unnecessary FFDC data while stopping the user registry
Support Japanese CP1399 codepage on z/OS
Add an option to track logged out LTPA tokens on a server so they cannot be used login on that server again
A Trust Association Interceptor cannot commit an HTTP servlet response to send a redirection
Expired tokens not cleaned from the token cache
Fix issue with OAuth/OIDC consent no longer being cached
User registry service is not ready for service and it causes creating the LTPA key to fail
Fix NPE during authorization.
Warning message CWWKS9112W may flood the logs when a security-role does not have valid run-as configuration
Potential Information Disclosure with Liberty profile servlets
Meta type is wrong for token limit per user and client
The OIDC and OAuth response on HTTP needs to be URL Encoded
An OAuth error message was hard-coded and did not exist in the message file
No message indicating OAuth endpoint service has started/is ready
Inconsistent behavior when OAuth20 configuration contains more than one identical filter.
Session Initiation Protocol (SIP) ContainerAllow configuring response code when a non-confirmed session is invalidated
SIP container does not handle error case where a UA uses the same to-tags in different responses.
SIP custom property dip.no.route.error.code is ignored if the application is down
SIP transaction is not being destroyed when application is un-deployed because of a timer
SIP container removes data from reason header if it contains white space
Unable to add Require: precondition to reliable 18x response
Negative PMI counter
Systems Management FunctionsCollective messages improvement
Singleton service fixes
Resolved multiple Frappe service registry and utility problems
Resolve multiple collective repository test failures
Resolve multiple collective member test failure problems
Failed to remove cluster member
Resolve multiple collective replica problems
Security utility writes XML files using default charset without XML declaration
Collective MBeans better report errors that occur when dependent services deactivate while in use.
Remote file transfer via collective controller not working with backslash path on Microsoft Windows
Extra information in log file
Wrong cluster member is being removed during startup of a different cluster member within the collective.
Resolved multiple Collective replication service issues
Resolve multiple collective repository issues
Resolve multiple collective singleton issues
Failed to deploy zip to a remote host
Virtual Member Manager (VMM)Propagation Login via external LtpaToken2 cookie does not create correct SecurityName when using Custom LdapRegistry
Web 2.0 and Mobile ToolkitUpdate to IBM Dojo Toolkit (idt) version 1.10.0
Web ContainerTag file is not found in loose configuration deployment
Request's parameters can be modified by the application (via string object modification).
If servlet init() method throws an exception then the remaining servlets in the web module are not initialized during startup.
404 not found error generated for a request without trailing slash
The servlet name was not output in the SRVE8500W message.
FFDC might be thrown by a filter when the server is shutting down
com.ibm.ws.webcontainer.webapp.WebApp.handleRequest NullPointerException
The configuration attributes for HTTP sessions should allow duration strings
ServletContext.getServerInfo() does not return version
Untranslated messages in the severe trace points
An empty string "" as the URL pattern of a servlet causes an unwanted 302 redirection and an exception
WebContainer Objects get nullified before final use, resulting in a NullPointerExceptions
The expected java.lang.IllegalArgumentException is not thrown when <distributable> element is added to web.xml
Call to getRequestDispatcher inside Filter init method causes an exception
General changes and updates to com.ibm.ws.webcontainer-8.0's metatype-mbeans.properties
Use of incorrect names in references in web.xml cause a NullPointerException
NullPointerException when there is an active request and the server is shutting down
Unable to generate a plugin-cfg.xml file when there is no http port declared in server.xml
ServletRequest.getRequestedSessionId() returns null for a client created jsessionId.
Cannot delete JSP using REST call
Web Services (JAX-WS, JAX-RS)PreDestroy method is not being called when class is to be destroyed
Info center documents use of LtpaAuthSecurityHandler, but we do not have this class available when using JAX-RS 1.1
The com.ibm.websphere.appserver.thirdparty.jaxrs_1.03 bundle cannot be resolved when loading jars under dev folder
If there are multiple path parameter in a resource method, there is only one path parameter generated in its corresponding wadl
Support third-party JAX-RS providers when jaxrs-1.1 feature is configured
Redundant error message might be displayed if user defines different URL mapping in web.xml for webservice endpoint.
Web Services SecurityCannot resolve com.ibm.websphere.appserver.thirdparty.wssecurity_1.0.1 bundle when using only wlp/dev directory.
Cannot read local cache file used in web services security configuration
WMQ messaging providersWorkCompletedException occurs when importing transaction via JCA
NullPointerException in FFDC coming from RecoveryManager.preShutdown
OSGi EBA applications intermittently fail to resolve
The osgi.jpa-1.0 feature is inexplicably superseded
Various small bug fixes related to OSGi Applications
Transaction log is created in the wrong location
XAFlowBackControl L3 diagnostic facility enabled in Liberty
Revised com.ibm.wsspi.uow javadoc to document new override of runUnderUow method on UOWManager
Fix pack 8.5.5.3
Fix release date: 18 August 2014     
Last modified: 12 August 2014     
Status: Superseded     

👁 Image
Download Fix pack 8.5.5.3
APARDescription
No thread pool stats MBean available when checking the MBeans thru JConsole
Bottom-up web services fails to generate the WSDL on the Mac using Java 1.7 hotspot 64-bit
Issue with JSF and WSRP
VerifyError JVMVRFY012 using OSGi applications
404 happens intermittently in Portal/WCM
Redeploying OSGi apps without restarting generates a ClassCastException
Default webapp error page is not provided
Potential Information Disclosure with Exception handling
NoClassdefFoundErrors for a particular JSP servlet. Causes permanent failure of loads
Not all JVM javax packages are available to applications
SRVE0288E appears at server startup
Explicitly configured RDN properties are not retrieved for users during login.
Subsystem-content with type=file in product extensions does not resolve relative to product extension location using with minify
Honor the searchTimeout property for login
AJAX form update with PrimeFaces 4.0 not rendering correctly
OpenJPA FetchJoin does not always get the correct result.
FileTransferMBean.deleteFile(String) method cannot delete an empty directory as documented in the javadoc.
CWWKS3002E message might be logged while switching user registry.
UIComponent.findComponent ignores overridden method findComponent of a NamingContainer.
NullPointerException from a JSF MyFaces implementation
OptimisticLockException may occur when JPA application uses Timestamp in @Version field
CWWJP9992E: openjpa.Enhance: Error
Spring load time weaving does not work with Liberty profile.
Blueprint bundles using JPA fail to start.
Application is redirected to HTTPs port of the applicaton server instead of IHS server port when confidential is set
Inserting facets causes IllegalStateException
Liberty server productInfo validate script fails after interim fix is installed
EmptyStackException when accessing an Instance that is created by a producer method that has an InjectionPoint as parameter.
Setting com.ibm.ws.logging.console.log.level=off still results in one line of output
When JAVA_HOME environment variable is set, Liberty Profile server does not start
OpenJPA runs superfluous select statement when calling EntityManager.persist(..)
JSP gets re-compiled redundantly if the owner of the JSP class is different than server ID that runs the server.
Serviceability apar to enhance dynacache tracing.
Transactional listeners added too late to observe begin event
NullPointerException generated when trying to get a file with spaces using getResourceAsStream()
Problems updating an application after a bad EBA has been installed
Server start fails to create default server on IBM i
OpenJPA-2286 ArgumentException: Attempt to compare incompatible types.
The secure JFAP chain does not start on time
java.sql.SQLException when performing a JPA query
Persistence unit defaults are ignored when there is more than one "mapping-file" element in persistence.xml.
Problem handling CDI interceptors
Prevent NullPointerException during WebApp shutdown
Deliver common install for Liberty profile repository features
Remove temporarily deployed artifacts
Liberty Profile restConnector does not release file handle after a file upload
No option to set Secure attribute for WASPostParam cookie
Quick restart of a Liberty Profile server results in port already in use error condition on Linux
Parent naming-container not reflected in client-ID
Blueprint application startup deadlocks when using a bean for a reference-listeners and the bean uses the reference
Memory leak in J2C PoolManager due to reaper alarms not being cancelled.
Parsing of ibm-web-ext.xml might fail using some XML parsers
z/OSMF V2R1 generates spurious ICH408I messages on user login
Liberty Profile is locking certain war files on Microsoft Windows preventing the undeploy process.
Issue with validation of strings with escaped commas
The package command fails with message CWWKE0070W indicating an invalid loose configuration file.
A join operation halts when the resouces/collective directory exists, but is empty.
No default charset is specified for a post transfer join action
Invoking isClosed() on native JDBC connection results in NullPointerException
Controller flight recorder missing from server dump
UnrecoverableKeyException: Cannot recover key: Invalid password for file
CertificateUtility tool does not provide a parameter for the user to set the key size
REST connector error "Argument type mismatch" when using CompositeData with byte []
Basic authentication requests fail in Liberty Profile
Configuration support needed for z/OS Connect
Resource adapter stops immediately after it is started.
Liberty sets incorrect product registration values when running in CICS
z/OS local adapter support is missing
Abend 0C1 reported in Liberty Profile V8.5.5 when trace on and zosSecurity enabled.
java.lang.StringIndexOutOfBoundsException occurs when starting OSGi application
Help for "collective addReplica" does not explain "endpoint"
Install time for resource adapter or start up time for application is not formatted correctly for some languages.
Memory leak occurs for JAX-WS managed client if using ibm-ws-bnd to customize properties
Memory leak when WAB bundles are stopped and restarted
Unable to customize unique ID attributes for LDAP servers
The output of the --createConfigFile option for the collective command should use a variable rather than an absolute path.
The MBean information stored within the collective repository does not remove stale data across a restart.
The initial state of a joined or replicated server is not set for a new server registered to the collective.
Javacore file is packaged into the server dump in an incorrect encoding.
Collective members are unregistered unexpectedly.
The Apache foundation's CMS migration required modifying the xml schema namespace for OpenJPA extended ORM documents..
Liberty server may hang when using the AdminCenter.
Changing the configuration of shared libraries can result in NoClassDefFoundError or ClassNotFoundException
Liberty generateClusterPluginConfig operation creates a plugin-cfg.xml file with extra entries that are not need
Add additional check in session manager to remove incorrect cloneIds if HttpSessionCloneId property is set.
z/OS local adapter support is missing
VMM makes too many LDAP JNDI calls with ibm-allGroups configured.
Add serviceability message to indicate missing login page or error page for form login
Failure to switch RRS context onto thread
binaryLog command missing expected results on filtering based on IncludeMessage filter.
SSL context gets changed during execution of application, causing handshake issue between servers
ClassNotFoundException in Liberty Profile when traditional PMI is enabled
The output of ws-schemagen.jar is incorrect for some child elements.
Server package command does not handle relative paths gracefully
Plugin config generation fails when no applications are defined
z/OS Connect service configured serviceGroupingName entry is missing from SMF 120 subtype 11 records.
NullPointerException during a z/OS Connect's attempt to access HTTP request data after the asynchronous request timed out.
Provide stack trace in FFDC when response already committed (SESN0066E) scenario occurs.
Applications fail to start when running Liberty servers in embedded mode without the Java agent.
getUserDisplayName is not returning the correct result per the configured attribute for user display name
Stop time for server is not formatted correctly for some languages.
On a restart the controller can end up in a bad state and not be able to start up.
A server package deployed through admin center deploy uses the host's default name, and not the deploy target host name.
No MBean exists to identify which Liberty server is being used.
Improve error message for installing wrong edition feature
Admin center explore visual representation improvements.
java.lang.IllegalStateException: BundleContext is no longer valid when undeploying application
Weaker than expected security when installing features with Liberty Repository
Bad login performance for the user if its is member of more number of groups.
When using Data-Direct Connect JDBC Driver for Oracle, the connection cleanup fails
Using CustomDataStoreHelper, TestConnection operation on Network Deployment edition fails with exception
Injection of datasource into CDI bean does not work correctly
A tag file is not found when an application is deployed with the option "Run server with resources within the workspace"
WSAT transaction failed when using JDBC and JPA together

Back to top

Fix pack 8.5.5.2
Fix release date: 28 April 2014     
Last modified: 25 April 2014     
Status: Superseded     

👁 Image
Download Fix pack 8.5.5.2
APARDescription
Files without group write permission when installing from a group mode installation manager on z/OS
Fail to login to an application with SSLHandshakeException
Support certificate authentication to fail over to a form base logon
Potential Security vulnerability with JavaServer Faces (JSF) 2.0
Tag attribute creates unnecessary string objects
FeatureUpdate failure in zos Liberty profile
Change description of maxConcurrency property to convey more details
StringIndexOutOfBoundsException thrown when URI is not normailzed
java.lang.NullPointerException may be thrown from the JAXB unmarshaller under load.
Potential Cross-site scripting vulnerability on OAuth
OpenJPA persistence.xml parameter roundTimeToMillisec causes cut-off of milliseconds in dates
Race condition in Liberty profile server on z/OS
Application resources are shut down before the application when shutting down a Liberty profile server
@Inject into non-CDI managed instances can intermittently fail
Liberty profile fails to package core dump on Linux
Provide an option to disable running of 'ALTER SEQUENCE ... INCREMENT BY' statement for sequences
EJB-in-WAR injection (JAX-RS) causes a ClassCastException
CDI application fails to start with WebBeansConfigurationException when a decorator bean class
Liberty Profile on IBM i does not properly load classes via a symbolic link
An applied interim fix is not detected and is not available at runtime.
A controller in a multiple-controller replica set fails to start. It never produces the 6011i message.
The initial placeholder configuration is not canceled resulting in an unneeded file in the controller's fdb directory.
The collective utility gives incorrect directions when a controller is replicated more than once to the same server.
Criteria API creates INNER JOIN instead of the expected LEFT OUTER JOIN
JSF MyFaces NavigationHandler throws a NullPointerException if current ViewId is null
Error changing server application publishing option from loose to non-loose config when using Oracle JDK causes failure.
Unclear error message when authentication data fails for JMS activation specification.
Cannot use SSL termination
When servlets are running premature deactivation of DataSourceService causes hangs and app restart
Potential denial of service with XML parser
The generated report message for timed operation need to be updated
Timed operation junk collection
Liberty Profile does not find the applications HandlerChain.xml file
Running collective join in a non-English language the signer trust prompt does not accept the non-English confirmation options.
Incorrect misleading error message output when installing Liberty Profile extensions archive on a incompatibly licensed Liberty install.
Common install kernel for WebSphere Liberty profile repository
Support for disabling the console bundle with Liberty profile on z/OS (Liberty/CICS)
java.lang.ArrayIndexOutOfBoundsException when using restConnector.jar
Support installing artifacts from WebSphere Liberty profile repository
Conversion errors from JMX REST connector
Allow container managed authentication for database session persistence
Some ESAs have an empty line in the OSGI-INF/SUBSYSTEM.MF file which causes extended content installation to fail
Third party security integration in Liberty profile server on z/OS
500 error occurs if serializing a cache object to persist to disk fails.
NullPointerException from LogViewer command
Self-extracting jar created using 'server package --include=usr' fails with error Failed to find license agreement files
Should be able to set up ISA DC wherever you want when installing Liberty core.
Port conflict message is not generated on Liberty profile collective controller
Cannot enable timedOperations report dynamically
Base enablement for JCA support
Support Certificate authentication to fail over to a Form Base Login
Potential Information Disclosure
JSP compile errors due to regular expressions
Restore com.ibm.ws.session.service.SessionManager interface
There are permission errors when accessing resources in the server's workarea directory using application syncToOSThread
ClassNotFoundException when the ServleltStatsMxBean is accessed from the Liberty Profile JMX client
Access logging does not appear to be dynamic
Re-enabling the HttpEndpoint on Liberty profile server does not work
WS-Adressing feature did not work correctly with JDK7
Pooled threads have unexpected context class loaders
Application reports java.io.IOException: Exception in opening zip file
Allow defaultHttpEndpoint host to be overridden without configuration change.
commons-upload.jar vulnerability
Web request failure due to a NumberFormatException while decrypting an LTPA token.
Collective member servers do not have read access to the collective repository outside of /sys.was.*
Creating the collective configuration writes to WLP_OUTPUT_DIR but reads from WLP_USER_DIR
Authentication errors when running under stress
Registering tag library in JSPx with default XML namespace causes a NullPointerException
Native Query with specified result class can throw NullPointerException when return data contains a null-valued column
ELexpressions are not evaluated when preceded by two backslashes
Timing window causing java.lang.IllegalStateException
Performance Monitoring Infrastructure (PMI) ActiveCount may be inaccurate when a session is accessed by multiple threads.
Slashes used in OpenJPA method EntityManager.createNativeQuery is removed in the resulting JDBC query
Transactions rolled back silently when coordinated by the UOWManager
Liberty Profile server opens extra listener on ephemeral port and localhost
Isolation level is not working properly for JPQL queries with nested sub-queries. It is generating incorrect query.
Session manager makes an unnecessary call to the database to retrieve session information when multi-row session persistence.
function publishEvent is called with UIComponent.class instead of source.getClass according to spec Java doc
NullPointerException when using AnnotatedType via ProcessAnnotatedType on @stateless EJB
Result of aggregate function max is 0 on empty table (instead of null)
CDI app fails to start with AmbiguousResolutionException due to how parameterized types are detected for injection
The cookie does not get set in the browser
Issues with download of files greater than 8gb.
Custom feature is not loaded
JPA finder cache does not account for dynamic FetchPlans
Async servlet lost original identity after resume
Incorrect locking behavior with JPA PESSIMISTIC_LOCK mode
Servlet <error page> processing incorrect for <error-code> <exception-type>
Exceptions are thrown if there is a new line after ${. The JSP does not load correctly.
Creating OAuth 2 custom mediator sees NoClassDefFoundError
GPF in Liberty Profile server in ntv_registerProduct
Poor performance using WMQ JMS in Liberty Profile server only
Liberty Profile throws IllegalStateException when browser closed connection.
Configuration validation for the repository client heartbeat and timeout do not report when the configuration is out of bounds
The url connection created when using the wsjar protocol does not properly implement the getContentLength() method.
When servers leave or join a cluster group no notification is printed in the log file.
Add secure flag to WASReqURL cookie for Liberty Profile
When the aged timeout is set beyond integer range a negative value is returned
The attribute 'ID' is not a recognized attribute for the element 'wasJmsEndpoint'
CWWKB0105E error when loading z/OS native code in a Liberty profile server.
No cache control headers were received from WebSphere Application Server OAuth.
Configuration in web.xml to load JSP during application initiation is not working.
JSPs with references to tag files fail with SRVE0777E
Unhandled exception during the initialization of the ServletContainerInitializer
OpenJPA: Version field returns NULL when explicity projected from a JOIN in select clause
Liberty Profile server starts despite port conflict failure in http endpoint/channel.
OpenJPA ExternalValue mapping works incorrectly with CriteriaAPI multiselects
NullPointerException thrown when determining the active user registry from the user registry service
Setting converterId breaks converter selection by type.
JSF.js: Calling JSF.getViewState() with a direct reference to a element throws an exception
Entity object instance generated by native SQL query may have null embeddable field
Console output for server start command does not currently indicate server startup failures.
Expose receive action permission for temporary destination queue
An exception can occur when an LTPA token timeout occurs and the CDI WebBeansConfigurationListener accesses the session
Compilation errors when a JSP contains an auto increment variable.
Stackoverflow in OpenJPA due to endless recursive calls in 'isLoaded'
Unable to associate different applications to differing HTTP endpoints
Liberty Profile for z/OS registers with IFAUSAGE using the wrong product owner.
Liberty Profile throws a NullPointerException from HttpDispatcherLink.sendResponse.
Inconsistent resolution of the variables in f:ajax@listener MethodExpressions
Liberty Profile web container does not destroy servlet when UnavailableException occurs
z/OS Liberty Profile server does not unregister with IFAUSAGE at server shutdown
NullPointerException occurred on Liberty Profile when performing programmatic isUserInRole check.
CData section in web.xml causes Liberty profile RuntimeException
Queries with a sort clause return fewer entries than the same query that does not have a sort clause.
Web services caching does not work properly dynacache changes the configuration value of required in components
JPA version field in a projection always returned as an integer
Allow Liberty profile to return jar URLs rather than wsjar URLs from classloaders.
Interim fixes do not apply new feature manifests
Batch update fails due to java.sql.SQLException: Unsupported feature and -2 return code from Oracle JDBC driver

Back to top

Fix pack 8.5.5.1
Fix release date: 11 November 2013     
Last modified: 10 November 2013     
Status: Superseded     

👁 Image
Download Fix pack 8.5.5.1
APARDescription
Liberty Profile fails to connect to LDAP when using SLDAP (SSL)
Error message CWWKS2910E with internal error code 0x02008002 may occur in stress environment with SAF security enabled.
SRVE0315E: An exception occurred: com.ibm.ws.webcontainer.webapp.web
Remove unneeded data in database analyzer and logs
Refresh Pack 8.5.5
Fix release date: 14 Jun 2013     
Last modified: 13 Jun 2013     
Status: Superseded     

👁 Image
Download Refresh Pack 8.5.5
APARDescription
Authorized handler for the HTTPs protocol not found.
OSGi applications using JPA can fail to start and issue no error messages.
Properties files in a directory in an ear file are not added to the classpath of a war inside the ear
java.net.MalformedURLExceptions are thrown when attempting to access URLs when multiple non-OSGi applications are installed
No property to disable the Liberty Profile Server welcome page
Server.xml is not honoring attributes for logging tag
Unable to retrieve list of users from LDAP registry when using getUsers()
Java.lang.NoClassDefFoundError during startup of Liberty Profile, shared library not available.
IllegalStateException while processing transactions.
Type2 datasource transactional="false" fails
CWWKC0060W for VT_CLASS_RESOURCE in WLP not documented
Message CWWKC0044W does not contain information necessary to debug problem
JSPs inside directories are not pre-compiled
FFDC reports contains excessive redundant information
EJB application exceptions not output to messages log
Unable to resolve included nested configuration located outside wlp\usr directory
IllegalStateException when removing transaction feature from the server configuration
IllegalMonitorStateException observed in trace incident reports
httpOnlyCookies configuration attribute not honored
Minor updates to transaction functionality
Configuration validation error when there is whitespace in empty elements
Configuration changes can be lost
JSP taglibs not available to the tools
Some HTTP requests are not served correctly
NoClassDefFoundError: com.ibm.ws.jsf.util.FacesMessages
Unexpected java.lang.IllegalArgumentException FFDC
SRVE8043E error when Liberty Profile is installed in path that has spaces
A web application throwing a RuntimeException prevents the servlet from being loaded
Application stop waits for 30 seconds when stopping server
Tools add wrong jars to client classpath
Extra information in trace.log
Untranslated message in log CWRLS0010_PERFORM_LOCAL_RECOVERY
Java.lang.ClassNotFoundException running SecurityUtility and ProductInfo commands
Some extra annotated fields are appearing in ffdc reports
File monitor returns duplicate entries for deleted directories
JPALookupDelegateImpl deactivate is not the inverse of activate
Error: Could not find or load main class when running isadc command
When using simple TAI Liberty Profile returns a 401 error when expecting a 403 error
System properties not applied over bootstrap properties
BundleException is thrown when there is only the beanvalidation-1.0 feature enabled
Throwing a RuntimeException from FileMonitor can stop all file monitoring
Translation error in help in French securityUtility
SecurityUtility fails with 0 exit value
Can not override the default JSP expression factory implementation.
Log message CWWKZ0019I incorrectly suggests the application is not completely started
JSP includes <%@include file="xxx.jsp" %> reports no error if file not found
Liberty Profile support for one way hash
REST connector client has JSONConverter marshalling problem for empty HashMap
Error CWWKZ0056E if there are spaces in the drop-ins location filename
Incorrect class version loaded by OSGi
productInfo compare does not take interim fixes on target into account
Running with session in memory and using the HTTP plugin, sessions may be lost
z/OS native launcher does not support PID_DIR and PID_FILE
OSGi application performance issue
State mismatch running Oauth with multiple iterations
Need to support the png mime-type by default
A dump or javadump action directed to a server with an empty --include= generates an incorrect error message.
Organize session config options into groups for Eclipse tooling
Server JMX connection fails if the network connection is changed while the server is started
Kernel launcher issues
A redirected HTTPs request with invalid port number receives a vague error message
ApplicationMonitor config element not dynamic
CWWKS2911E appears in logs 5 times for one error
Service difficulties due to bundle ordering issues
Excessive FFDC for BundleException
Inaccurate timestamps
NullPointerException in DropinMonitor.tidyUpMonitoredDirectory
Unconditional xx:MaxPermSize warning when using server script
Command "server start <server>" fails when umask is set to other than 000
Server.env does not override system.env if it contains an uncommented string in first line (liberty.env)
CWWKS security messages unclear
Tools show "Classloader Service" for the config entry for classloader
AuthCache sizes do not specify a valid range
Server config reports a nested element is removed when present
Default error page does not show HTML
Trace specification not using current format
NullPointerException in jpaemfactory.isOpen if EM factory not created
Applications attempt to start twice using RAD "RunAs" for JEE ear
The exception message was null when using unknown tags in server.xml
Keystore problem does not give a clear exception message
Improve message for missing data-source configuration
ABEND0EC3 with reason code 20F00400 in Liberty Server
Enable transaction logging to an rdbms
Application does not appear to have started
Server config application element type attribute picks up default from location attribute
java.lang.NoClassDefFoundError for javax.ws.rs.core.Application
Oauth could allow a remote attacker to obtain someone else's credentials
ProductInfo compare command output can be confusing when checking APAR inclusions.
NullPointerException when web.xml has a reference mismatch.
ExecutorService does not handle incorrect configuration nicely.
Missing JNDI feature diagnostic improvement
Improve performance for session database multi-row
Javax.faces.el.MethodNotFoundException: java.lang.NullPointerException
Improve values in generated plugin-cfg.xml file
Numerous FFDC files are being created for an exception.
Improvements to stack trace and logging

Back to top

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"ARM Category":[{"code":"a8m0z0000001ipVAAQ","label":"Download Documents (Bulletins, iFixes, Fixpacks)"}],"ARM Case Number":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"8.5.5;CD0","Line of Business":{"code":"LOB77","label":"Automation Platform"}}]

Was this topic helpful?

Document Information

Modified date:
16 June 2026

UID

swg27043863