VOOZH about

URL: https://www.ibm.com/support/pages/node/715559

โ‡ฑ Fix list for IBM WebSphere Application Server traditional V9


Fix list for IBM WebSphere Application Server traditional V9

Product Readmes


Abstract

IBM WebSphere Application Server traditional provides periodic fixes for the base and Network Deployment editions of release V9. The following is a complete listing of fixes for V9 with the most recent fix at the top.

Content


  
Release Date
Total number of APARs
Total number of Security APARs
๐Ÿ‘ Image
16 June 2026
35
3
๐Ÿ‘ Image
24 March 2026
33
4
๐Ÿ‘ Image
2 December 2025
28
2
๐Ÿ‘ Image
9 September 2025
25
4
๐Ÿ‘ Image
17 June 2025
28
2
๐Ÿ‘ Image
25 March 2025
22
0
๐Ÿ‘ Image
3 December 2024
26
5
๐Ÿ‘ Image
10 September 2024
44
4
๐Ÿ‘ Image
18 June 2024
30
5
๐Ÿ‘ Image
26 March 2024
31
0
๐Ÿ‘ Image
12 December 2023
49
0
๐Ÿ‘ Image
19 September 2023
48
1
๐Ÿ‘ Image
28 June 2023
56
4
๐Ÿ‘ Image
4 April 2023
73
1
๐Ÿ‘ Image
22 November 2022
49
6
๐Ÿ‘ Image
30 August 2022
59
3
๐Ÿ‘ Image
7 June 2022
58
2
๐Ÿ‘ Image
15 March 2022
62
3
๐Ÿ‘ Image
3 December 2021
56
1
๐Ÿ‘ Image
10 September 2021
83
1
๐Ÿ‘ Image
18 June 2021
106
10
๐Ÿ‘ Image
26 March 2021
100
4
๐Ÿ‘ Image
27 November 2020
88
5
๐Ÿ‘ Image
4 September 2020
64
7
๐Ÿ‘ Image
12 June 2020
63
3
๐Ÿ‘ Image
20 March 2020
104
4
๐Ÿ‘ Image
13 December 2019
73
5
๐Ÿ‘ Image
20 September 2019
77
2
๐Ÿ‘ Image
28 June 2019
93
2
๐Ÿ‘ Image
5 April 2019
87
6
๐Ÿ‘ Image
14 December 2018
74
16
๐Ÿ‘ Image
21 September 2018
80
4
๐Ÿ‘ Image
29 June 2018
129
6
๐Ÿ‘ Image
16 March 2018
87
5
๐Ÿ‘ Image
21 December 2017
110
0
๐Ÿ‘ Image
17 October 2017
175
5
๐Ÿ‘ Image
13 June 2017
147
3
๐Ÿ‘ Image
14 March 2017
114
3
๐Ÿ‘ Image
13 December 2016
134
3
๐Ÿ‘ Image
16 September 2016
170
6
Fix Pack 9.0.5.28

Fix release date: 16 June 2026
Last modified: 16 June 2026
Status: Recommended

๐Ÿ‘ Image
Download Fix Pack 9.0.5.28  

IdeaDescription
TWAS-I-309tWAS 9.0.5: Introduce a distributed logged out token cache
TWAS-I-313Use the JDKโ€™s effective cipher list instead of the securityLevel setting for TLS/SSL negotiation
LIBERTY-I-80Allow OutboundIp / Outbound Interface for IHS liberty plugin
ComponentSecurity APARAPARDescription
Administrative Console (all non-scripting)PH69349java.lang.NullPointerException in tpvnavtree.jsp
Edge ComponentsFixlistDetailed List of APARs for Edge Components
GeneralPH68038Incorrect active session count due to application failure with HTTP 403 errors
PH69829APAR representing new features for managed Liberty servers in IBM Modernized Runtime Extension for Java (MoRE)
PH69853Fix jython imaplib module to prevent intaking additional commands
PH69884Update cryptographic algorithm for SNMP based performance monitoring in WebSphere Application Server
PH69927Addressing processing of archives with negative offsets in Tarfile Jython Module
PH70008JAX-RS 2.0 can handle URL redirection incorrectly
PH70361Update poplib module in bundled jython
PH70371Add custom access logging of ephemeral port used between HTTP plugin and application server
PH70385Allow extended retryInterval for connection timeout
PH70532Button does not respond in map users/groups to role panel
PH70751tWAS Jython fix for CVE-2026-0865
PH70776Addressing CVE-2025-12781 of tWAS Jython
PH70794Hang in com/ibm/ws/session/store/mtm/MTMBootstrap.handleBootstrapRequest
PH70847Update API discovery dependencies
โœ“PH71342IBM WebSphere Application Server is affected by multiple vulnerabilities when using Web Server Plug-ins (CVE-2026-8633 CVSS 9.8, CVE-2026-8620 CVSS 7.5)
IBM HTTP ServerFix ListDetailed list of APARs for IBM HTTP Server
Intelligent Management ComponentPH71005Unable to access the administrative console
Plug-inPH69340This update adds outbound source-interface binding to the WebSphere/Liberty Web Server Plug-in
PH69824Global plugin configuration properties are ignored after APAR PH64677
PH70169GSK_ERROR_BAD_KEYFILE_PASSWORD / (GSK ERROR 408) after applying plugin fix pack 9.0.5.26 or 8.5.5.28
โœ“PH71376IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by multiple vulnerabilities when using the Web Server Plug-ins (CVE-2026-9072 CVSS 8.1, CVE-2026-8858 CVSS 7.5, CVE-2026-10852 CVSS 5.9)
PMI/Performance ToolsPH69687Some portlet metrics are not displayed in metrics application
SchedulerPH70040Isolation level setting for task ID range assignment
SecurityPH67358Provide an option to use X-Forwarded-For for IP address in audit log
PH69621Remove the weaker ciphers from the strong list in the cipher suite settings for SSL
PH69686Applications start successfully despite LDAP connectivity failures, resulting in authorization errors at runtime (SECJ0053E)
PH70244Provide additional options to customize the CSIv2 session idle time and session cleanup intervals
PH70544Introduce logged out token cache
Session Initiation Protocol (SIP) Containerโœ“PH70616IBM WebSphere Application Server is affected by a denial of service (CVE-2026-4410 CVSS 4.8)
Transaction ServicePH69977TXInterceptorHelper logs misleading FFDC
PH70573Sanitize contextId parameter in reliable messaging component
Web Services (for example: SOAP or UDDI or WSGW or WSIF)PH70259After migrating from Win2012 to Win2019 / same WAS version and same APPWSWS7087E: An integrity problem occurred with the connection pool
Web Services SecurityPH69368Problem description: WebSphere errors on special character in SAML token
PH69515OIDC might get a state cookie error when the clientSecret parameter is not set
WebSphere Common Configuration Model (WCCM)PH70740Application startup fails with IllegalArgumentException
Fix Pack 9.0.5.27

Fix release date: 24 March 2026
Last modified: 24 March 2026
Status: Superseded

๐Ÿ‘ Image
Download Fix Pack 9.0.5.27  

IdeaDescription
TWAS-I-390Security Concern: Connection filter (allow/denied) functionality for SOAP Connection Port -WebSphere ND (8.5.5.x /9.0.5.x)
ComponentSecurity APARAPARDescription
Channel FrameworkIT47199Third party component updates for fix pack 9.3.0.30
PH69339Connection filter (allow/denied) functionality for SOAP connect
PH69698Update IBM WebSphere MQ JCA resource adapter version 9.3
Edge ComponentsFixlistDetailed List of APARs for Edge Components
GeneralPH66549ClassCastException when using FaultTolerance annotations on EJB
PH67818Upgrading commons-lang from 2.4 to 3.18
PH68018Add AppDynamics API package to OSGi boot delegation
โœ“PH68418IBM WebSphere Application Server is affected by SMTP injection due to Jakarta Mail (CVE-2025-7962 CVSS 7.5)
PH68922Upgrade cryptographic algorithm for SNMP based performance monitoring in WebSphere Application Server
PH68990Upgrade jnr-posix Jython module to 3.1.8
PH69248Apache CXF temporary files used by JAXRS2.0 are not cleaned until WebSphere Application Server JVM is restarted
PH693001Q 2026 updates for managed Liberty servers
PH69320Performance improvement of Jython XML minidom methods
PH69730Applying preferences in static cluster operations -> active tasks redirects to blank page.
โœ“PH69757IBM WebSphere Application Server is affected by a denial of service due to jose4j (CVE-2024-29371 CVSS 7.5)
PH69839Update Swagger UI dependencies
PH70070German translation of IBM WebSphere Application Server console for 9.0.5.24 is incorrect
IBM HTTP ServerFix ListDetailed list of APARs for IBM HTTP Server
InstallPH69283Mismatch of IHS architecture. Installed 64-bit IHS appears as 32-bit in IHS logs and apache -v command output
Java 2 Connectivity (J2C)PH68776NullPointerException occurs in WebSphere Application Server V9.0.5.24
Java Management Extensions (JMX) or JMX Client APIPH69643Java SDK retrieval failure in admin agent servers in 9.0.5.25
Java Persistence API (JPA)PH69379Updating StreamInterceptor with input size limit and time out
PD tools (for example: Log Analyzer)PH68718The memory buffer dump only contained trace data for one thread.
Plug-inPH69341MemoryLeak with HTTP plugin module when using ODRLib with UseAltEventProcessor=true introduced in APAR PH63596
PH69914plugin-cfg.xml file generated with the genplugincfg.sh command is incomplete
SchedulerPH69763Duplicate task ID in scheduler service
Securityโœ“PH68243IBM WebSphere Application Server Liberty is affected by cross-site scripting (CVE-2025-12635 CVSS 5.4)
PH68795Certificate updates are not reflected on SOAP connections without a restart
PH68921Missing class in a JAR file for IBM i platform
โœ“PH68976IBM WebSphere Application Server could provide weaker than expected security (CVE-2025-13333 CVSS 4.4)
Servlet Engine/Web ContainerPH68722A NullPointerException occurs when requesting to a non-existing application/context root using a secured HTTPS connection
System Management/RepositoryPH68363After upgrade to WebSphere 9.0.5.24 fine grained authorization on application is not working.
Transaction ServicePH67747Exception case is not handled and therefore only visible in logs and retrying forever
Web Services (for example: SOAP or UDDI or WSGW or WSIF)PH67420Web service component may reuse keep-alive connections closed by the remote end
WebSphere Common Configuration Model (WCCM)PH69361Delayed server start caused by hung thread
Fix Pack 9.0.5.26

Fix release date: 2 December 2025
Last modified: 2 December 2025
Status: Superseded

๐Ÿ‘ Image
Download Fix Pack 9.0.5.26  

ComponentSecurity APARAPARDescription
Administrative Console (all non-scripting)PH66923OOM heap issue while navigating on Admin Console-logging panel
PH68469The layout of save changes message page is wrong in Chinese
Edge ComponentsFixlistDetailed List of APARs for Edge Components
GeneralPH66494Remove deprecated IBM Support Assistant Data Collection Tool from WebSphere Application Server 8.5.5 and 9.0.5
PH66834Memory issue with IBM_HTTP_Server - ODRLIB
โœ“PH67137WebSphere Application Server is affected by a denial of service due to Apache commons fileupload (CVE-2025-48976 CVSS 7.5)
PH67454Executing osgiCfgInit.sh shows error Command not found: gosh
PH67935Update REST API Discovery (Swagger) dependencies
PH68008Add HttpSessionAttributeListener ArrayIndexOutOfBoundsException occurred and the application did not start
PH68016Button leading to Blank Page in shared libraries
PH68024Upgrade Apache commons lang3 to 3.18.0 from 3.0.1
PH68117Upgrade commons-lang prereq for prereq.jaxrs
IBM HTTP ServerFix ListDetailed list of APARs for IBM HTTP Server
Intelligent Management ComponentPH67377Unable to expand Dynamic Clusters
Java 2 Connectivity (J2C)PH67656rollback() should not be called while in auto-commit mode. J2CA0081E: Method destroy failed while trying to execute method
Java Management Extensions (JMX) or JMX Client APIPH67624When adding a NEW node to an existing NodeGroup on a WebSphere cell resources are disappearing from the console
PH68494When migrating WASPostUpgrade fails with - com.ibm.websphere.management.exception.AdminException: Invalid input
Plug-inPH66833Memory leak in Web Server plug-ins for IBM WebSphere Application Server
PH67568Plugin attempts routing non-affinity requests to servers with weight=0 causing delays
Runtime and ClassloaderPH61460Throw HungThreadException for automatic collection mustgather
PH65282PlatformHelperFactory logs misleading FFDC and NCDFE
SecurityPH66805AdminTask.binaryAuditLogReader report fails to create HTML files with StringIndexOutofBoundsException
โœ“PH67817IBM WebSphere Application Server is affected by a denial of service (CVE-2025-36099 CVSS 4.9)
PH68116Multiple SPNEGO MECH credentials with the same usage (Initiate) were attempted to be added to a single object
System Management/RepositoryPH678499.0.5.26 updates for Managed Liberty Servers
WebSphere Common Configuration Model (WCCM)PH68381Performance problem due to improper TLD handling
WMQ messaging providersPH67458BouncyCastle libraries should not be exported from the MQ Resource Adapter
Fix Pack 9.0.5.25

Fix release date: 9 September 2025
Last modified: 9 September 2025
Status: Superseded

๐Ÿ‘ Image
Download Fix Pack 9.0.5.25  

ComponentSecurity APARAPARDescription
Administrative Console (all non-scripting)PH61807WebSphere administrative console displays incorrect user status on the "administrative user roles" panel
PH64018Set permissions-policy header for the admin console
PH66969Not able to install the same war file after making mistake and cancel to start new unless logoff and login back to console
PH67096Changes to the clientmode property are not saved in administrative console and wsadmin
PH67374Error when creating a cluster member based off of a traditional application server template
Channel FrameworkPH67027Update the IBM MQ JCA resource adapter
Edge ComponentsFixlistDetailed List of APARs for Edge Components
EJB Containerโœ“PH66674IBM WebSphere Application Server is affected by arbitrary code execution (CVE-2025-36038 CVSS 9.0)
General๏ปฟPH20984Potential deadlock when receiving SIB JMS messages using readahead
PH65895Job not being properly initialized using java batch
PH66510SAML web inbound filters are not working properly
PH66732Add proper message when the user tries to set the session cookie again after the response is already committed
PH669199.0.5.25 updates for managed Liberty servers
PH66921Update API discovery UI dependencies
PH66962Upgrade Commons BeanUtils to 1.11.0 from 1.9.4
โœ“PH67120IBM WebSphere Application Server is affected by a denial of service (CVE-2025-36097 CVSS 7.5)
PH67160Default JNDI name for a managedThreadFactory during application install results in an error
IBM HTTP ServerFix ListDetailed list of APARs for IBM HTTP Server
Java 2 Connectivity (J2C)PH66634A NullPointerException occurs in MCWrapper.getConnection when the system attempts to reuse a previously aborted connection
Java SDKPH65229Recent update to commons digester caused unsupported operation in some applications
ProfilePH67197Remove outdated material from customized instructions in zpmt
Securityโœ“PH64683IBM WebSphere Application Server is affected by a security bypass vulnerability (CVE-2024-56339 CVSS 3.7)
โœ“PH66167IBM WebSphere Application Server could provide weaker than expected security (CVE-2025-33142 CVSS 5.3)
PH66978When global security is enabled, access to unprotected EJBs is denied for unauthenticated users
Web Services (for example: SOAP or UDDI or WSGW or WSIF)PH63064JAX-WS component returns CWWIM4537E and CWWIM4529E as a faultstring when "webservices.unify.faults" is set to false
PH66561Application deployment using wsdeploy (JAX-RPC), which triggers annotation scans, will fail with a deployment error
z/OSPH66282Add support for CICS 6.2 in websphere optimized local adapters for WebSphere traditional
Fix Pack 9.0.5.24
Fix release date: 17 June 2025
Last modified: 17 June 2025
Status: Superseded

๐Ÿ‘ Image
Download Fix Pack 9.0.5.24

IdeaDescription
TWAS-I-374Allow IBM HTTP Server behind a proxy/LB that performs SSL offloading to become aware that the original request uses https
ComponentSecurity APARAPARDescription
Administrative Console (all non-scripting)PH65966After upgrading to 9.0.5.23, version column shows blank
PH66015Button leading to blank page in shared lib and map users to role panel
Administrative Scripting Tools (for example: wsadmin or ANT)PH65556Mime types update for Jython 2.7.2
Channel FrameworkPH66532ClassNotFoundException: com.ibm.mq.connector.ResourceAdapterImpl may occur when starting the ODR
Edge ComponentsFixlistDetailed List of APARs for Edge Components
General๏ปฟPH65786ECSA storage growth after high number of server cancellations caused by cellpool leak
PH65083ConcurrentModificationException from JAX-RS module
PH65927The translation of "Operator" in Chinese admin console is wrong in the "Administrative User Roles" -> "User" Page
PH659349.0.5.24/1.0.0.1 updates for Managed Liberty Servers
PH65946Oracle DataSource connection Using ojdbc8.jar fails after 9.0.5.23 fix pack
โœ“PH66028IBM Websphere Application Server affected by a Cross-Site Scripting vulnerability (CVE-2025-33104 CVSS 4.4)
PH66062Clean up temp files used by CXF in JAX-RS 2.0
PH66100Deployment related annotation processing not working
PH66107The MORE transaction service configuration attribute for option Propagate XA Resource transaction timeout is incorrect
PH66426Support AES-256 password encryption
IBM HTTP ServerFix ListDetailed list of APARs for IBM HTTP Server
Object Request Broker (ORB)PH65395Server terminates abnormally due to a timing window when OutOFMemory error is being processed
Plug-inPH64677After PH48747, the web server can't start due to damaged heap storage when config parsing fails
PH65100The PH48747 custom property names are case sensitive
PH65415After PH48747, the default ConnectionTimeout and ServerIOTimeout seconds are used during plugin hostname verification at start
PH66134Enable SSL session reuse between the application server and WebSphere webserver plug-in over TLSv12 On Zos
PMI/Performance ToolsPH65987WebSphere Application Server perfservlet JDBC connection pool counters unexpected results.
SecurityPH59438Support FIPS 140-3
PH65121LDAP registry initialization delay
PH65544Improved FFDC log format
PH65873NullPointerException in DWLMClientImpl when starting WebSphere proxy server
Systems Management Functionsโœ“PH65941IBM Websphere Application Server is vulnerable to Server-Side Request Forgery (CVE-2025-27907 CVSS 4.1)
Web Services SecurityPH65119OIDC might emit an error when UserInfo is valid
PH65833NoSuchAlgorithmException upon receipt of asymmetric key wrap in SAML SSO and WS-Security
PH66129JAX-WS WS-Security might cause a ConcurrentModificationException
Fix Pack 9.0.5.23
Fix release date: 25 March 2025
Last modified: 25 March 2025
Status: Superseded

๐Ÿ‘ Image
Download Fix Pack 9.0.5.23
ComponentSecurity APARAPARDescription
Administrative Console (all non-scripting)PH60269The 'online documentation' on the product welcome page of the console is broken
PH63920XOR to AES encryption
PH64017Fields in the configuration problems panel should be visible for all users regardless of their role
Edge ComponentsFixlistDetailed List of APARs for Edge Components
General๏ปฟPH60118WCG_WCGILOUT_ROUTING_MODE=DUAL_THREADED causes occasional ABENDEC3
PH63648Update commons.io
PH63805Update REST API Discovery dependencies
PH64026WebSphere node agent abend 0c4 with WebSphere z/OS 9.0.5.19 in bboclsur
PH64229Abend 0c4 on nodeagent shutdown
PH64316Warning about a missing dependency displayed in logs
PH64671CDI component functionality change - remove Weld Developer Mode from WebSphere
IBM HTTP ServerFix ListDetailed list of APARs for IBM HTTP Server
Java 2 Connectivity (J2C)PH64351Datasource description update to follow the default Db2 jdbc securityMechanism changed in Db2 11.5.9
Java Transaction Service (JTS)PH63993WebSphere Application Server CR abort dump is generated during normal termination
JavaServer Faces (JSF) SunRI implementationPH62283MyFaces generates the oam.flash.REDIRECT cookie even when org.apache.myfaces.FLASH_SCOPE_DISABLED is set
PH63238MyFaces-4679 - ajax events can trigger actions unintentionally
MigrationPH63629Update the migration toolkit in WebSphere Application Server to the latest version
Object Request Broker (ORB)PH63977WebSphere servant region ABEND 0C4 with websphere z/OS 9.0.5.19 in RoadKillCppUtilities.timeoutOnMatch
PD tools (for example: Log Analyzer)PH64505Improve recovery processing
SecurityPH61655DNS name validation logic is removed in Subject Alternative Names for asterisks and the digits in the first letter
PH64005SECJ0352E could not get the users matching the pattern printing the full stack trace filling up the logs
PH65161Upgrade to 9.0.5.22 and 8.5.5.27 could trigger "The specified sslAlias:name does not exist." error
Servlet Engine/Web ContainerPH62271javax.servlet.http.Part#write(filename) does not write to absolute locations during file uploads
Workload Management (WLM)PH63570Memory leak in WLM RouterMediator during Multi-Thread Heavy Load Testing
Fix Pack 9.0.5.22
Fix release date: 3 December 2024
Last modified: 3 December 2024
Status: Superseded

๐Ÿ‘ Image
Download Fix Pack 9.0.5.22
ComponentSecurity APARAPARDescription
Administrative Console (all non-scripting)โœ“PH62937IBM WebSphere Application Server is vulnerable to stored cross-site scripting (CVE-2024-45073 CVSS 4.8)
โœ“PH62952IBM WebSphere Application Server is vulnerable to cross-site scripting (CVE-2024-45087 CVSS 4.8)
PH63012After updating to fix pack 8.5.5.26 or 9.0.5.20 the deployment manager fails to start due to corruption of the server.xml file
Channel FrameworkPH59305WebSphere Application Server v9.0.5.x JMS application fails with CWSIT0088E Exception due to delay in messaging engine
Edge ComponentsFixlistDetailed List of APARs for Edge Components
GeneralPH62516Update JAX-RS WadlGenerator to explicitly only return the stylesheet
PH62653Conngetconnectionlogic=all doesn t print anything in trace log
โœ“PH63540IBM WebSphere Application Server is vulnerable to stored cross-site scripting (CVE-2024-45071 CVSS 5.5)
โœ“PH63541IBM WebSphere Application Server is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2024-45072 CVSS 5.5)
PH63596Odrlib may fail to update started server information when a new process is started during a cell restart
IBM HTTP ServerFix ListDetailed list of APARs for IBM HTTP Server
JavaServer MyFaces (JSF) Apache MyFaces implementation๏ปฟPH58180JSF dependencies are out of date
PH62139JSF ajax file upload encounters haskey type error
MigrationPH61708Waspreupgrade.sh fails when migrating from Linux to Windows
PH61992Update liberty advisor in was to generate a migration report with a target cloud of containers
PD tools (for example: Log Analyzer)PH60295NullPointerException occurs during the Java Core action in the diagnostic plan, when -xdump:location is used
Runtime and ClassloaderPH62307Use J9 javadump api for thread dumps when available
SecurityPH60895WebSphere z/OS does not roll back to a correct state after failing to enable AES password encryption on a cell
PH61411WebSphere Application Server password encryption causes delayed transactions
PH62052SSL exception when TLS1.3 is used with sp800_131
PH62578Validation failed: jceccaracfks not found when modifying a keystore on the admin console
PH63778When MQDefaultSSLSettings is configured, SSL Configuration uses CellDefaultSSLSettings instead of expected MQDefaultSSLSettings
Transaction ServicePH62355HaGroupMemberAlreadyExistsException may occur during compensation service startup
Web Services SecurityPH62934OIDC: increase nonce characters to 22 or more
PH62980OIDC TAI cannot modify authorize endpoint when using discovery
WebSphere Common Configuration Model (WCCM)โœ“PH63032IBM WebSphere Application Server is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2024-45086 CVSS 5.5)
WMQ messaging providersPH62644JSON should not be exported from the MQ resource adapter
Workload Management (WLM)PH61482Work load manager - add option to skip validation during cluster member creation
Fix Pack 9.0.5.21
Fix release date: 10 September 2024
Last modified: 10 September 2024
Status: Superseded

๐Ÿ‘ Image
Download Fix Pack 9.0.5.21
ComponentSecurity APARAPARDescription
Administrative Console (all non-scripting)PH61204Javax.management.builder.initial on z/OS does not over-ride the default value when set as a WebSphere variable
PH61392Application deployment failure via Admin Console due to multiple clicks
โœ“PH61546IBM WebSphere Application Server is vulnerable to cross-site scripting (CVE-2024-35153 CVSS 4.8)
Channel FrameworkPH61653The Partitioned attribute is incorrectly added to some cookies
PH62132Update the IBM WebSphere MQ JCA Resource Adapter to version 9.3.0.20
Default Messaging ComponentPH54462SIB makes conflicting updates in its datastore DB, leading to deadlock and rollback of transactions
PH59057To capture the timestamp and call stack at the point the dispatcher is requested to be stopped
PH61472SibDBupgrade tool fails when being used with Oracle databases
Edge ComponentsFixlistDetailed List of APARs for Edge Components
GeneralPH57884High Memory Utilization Caused by the WebSocket EndpointManager
PH59838Wstemp folder is growing due to JAXRS command starts new session
PH60948Error importing smtplib in jython
PH61043SystemOut log header does not contain ifix information after installing java ifixes
PH61430OutOfMemoryError after deploying Java Batch application
PH61601Trace when the session timeout has been overriden by web.xml
IBM HTTP ServerFix ListDetailed list of APARs for IBM HTTP Server
Intelligent Management ComponentPH61621XHAD1034W: Problem creating standby deployment manager node level managementScope: CreateManagementScope
Java 2 Connectivity (J2C)PH60663Incorrect connection in-use time in ConnLeakLogic trace
PH61078Server termination hang after Db2 disaster recovery
PH61221Datasource utilization is incorrectly logged in the logs
PH61512Was_EndpointInitialState property is deleted after updating Embedded MQ Resource Adapter
PH61701J2CA0041E messages are logged as an error message rather than the exception being thrown
Java Persistence API (JPA)PH59839Wstemp folder is growing due to JPA command starts new session
MigrationPH62258Updates in the migration tooling to further support for derby migrations
Object Request Broker (ORB)๏ปฟPH61541WebSphere Application Server traditional V9 control region a 0C4 ABEND +16A6 into BBOOWORK
PD tools (for example: Log Analyzer)PH48587ThreadPoolModule.percentUsed not exposed under the Prometheus metrics endpoint
PH60733Logviewer tool remove quote character
Plug-inPH60994Apache server graceful restarts overflow the plugin LD_LIBRARY_PATH environment variable causing web server crash
PH61169After PH56263, webserver fails to start when not defining kdb and sth
PMI/Performance Toolsโœ“PH61489IBM WebSphere Application Server is vulnerable to remote code execution vulnerability (CVE-2024-35154 CVSS 7.2)
Runtime and ClassloaderPH52585WSVR0661W: Some bundles failed to resolve
PH61335Cannot opt out of "forbidden classes" such as Log4j
SecurityPH57364SPNEGO web authentication validation fails
โœ“PH58798IBM WebSphere Application Server is vulnerable to an information disclosure (CVE-2023-50315 CVSS 5.3)
PH60833When security audit is enabled, an HTTP session will be started if non exists
PH60850Wsadmin AdmiTask.createKeyStore causes NullPointerException creating KDB keystore
PH61385PH61385 iFix supersedes PH59682, PH59304, PH58869, PH61068
PH61797Java.lang.NoClassDefFoundError: com.ibm.websphere.ras.Tr is thrown after PH58869 is applied
PH61803CMSKeyStore creation may fail for older java version
PH61808The specified sslAlias=DefaultSSLSettings does not exist
Servlet Engine/Web ContainerPH60242Add a configurable timeout to webcontainer thread pool operation
Transaction ServicePH50987Incorrect behavior when rollback transaction after timeout
PH61060Repair the corrupt tran/partner log entry on systems that do not have the fix for PH56881 already installed
Web Services (for example: SOAP or UDDI or WSGW or WSIF)PH60420Escaped character in CDATA section of a SOAP request causing xml parsing problems
PH62101No soap faults msg returned with webservices.allowNullInAxisFault = true (PH56866)
Web Services Securityโœ“PH61504IBM WebSphere Application Server is vulnerable to identity spoofing (CVE-2024-37532 CVSS 8.8)
Fix Pack 9.0.5.20
Fix release date: 18 June 2024
Last modified: 18 June 2024
Status: Superseded

๐Ÿ‘ Image
Download Fix Pack 9.0.5.20

IdeaDescription
TWAS-I-356Support for Cookies Having Independent Partitioned State (CHIPS)
ComponentSecurity APARAPARDescription
Administrative Console (all non-scripting)PH59478Cannot set trace specification by groups in the administrative console
Administrative Scripting Tools (for example: wsadmin or ANT)PH57456PM59405 not properly included in WebSphere Application Server V9
PH59984Java.lang.noclassdeffounderror: javax.annotation.sql.datasourcedefinition
PH60922Ws_ant fails with ClassNotFoundException
Channel Frameworkโœ“PH59781IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service (CVE-2024-25026 CVSS 5.9)
PH60142Update the IBM WebSphere MQ JCA resource adapter to version 9.3.0.16
PH61176Support the partitioned cookie attribute
DB Connections/ Connection PoolingPH60510Backport of Apache Derby fixes
Default Messaging Component๏ปฟPH58878SIB server shows error "org.osgi.framework.serviceexception: the use count for the service overflowed."
Edge ComponentsFixlistDetailed List of APARs for Edge Components
GeneralPH59298Update axis version in uddi.ear installable application
PH60029Error creating client_auth_token during server shutdown though PH47643 is installed
โœ“PH60195IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service due to jose4j (CVE-2023-51775 CVSS 7.5)
PH60671PCT on Windows generate forward slashes when creating webserver response file
IBM HTTP ServerFix ListDetailed list of APARs for IBM HTTP Server
Intelligent Management ComponentPH61247Resolves the issue of native_stdout being filled up with repeating debug timestamps
Java 2 Connectivity (J2C)PH59466Java.lang.nullpointerexception at com.ibm.ejs.j2c.freepool.createManagedConnectionWithMCWrapper
Java Persistence API (JPA)โœ“PH59117IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to server-side request forgery (CVE-2024-22329 CVSS 4.3)
MigrationPH51549Usage of term "master" in migration messages must be addressed
PH61699Derby10.3.jar and Derby10.5.jar were removed and Derby10.8.jar is updated
Plug-inPH59064IHS server on Windows operating system fails to start after enabling the ODRlib
PH59527Slow memory leak in Web Server Plug-ins for IBM WebSphere Application Server
PH61471Apache based WebServer parent process may exit during startup with SIGPIPE
Runtime and Classloaderโœ“PH59682IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354 CVSS 7.0)
Securityโœ“PH58869IBM WebSphere Application Server could provide weaker than expected security (CVE-2023-50313 CVSS 5.3)
PH59304IllegalArgumentException when enabling SP800-131/FIPS140-2 with TLSv1.3 post Java upgarde to SR8FP5 and later
PH61068When PH59304 is applied over PH58869, NoSuchMethodError calling getCipherList
Session Initiation Protocol (SIP) ContainerPH59243NullPointerException in SIP code
System Management/RepositoryPH57089"datapowermgr_inbound_secure" still remains in port setting of the deployment manager after 9.0.5.15
Transaction ServicePH57438WebSphere Application Server hangs indefinitely due to exhausted orb thread pool caused by misbehaving resource adapter
Web Services SecurityPH59784Saml NullPointerException in HttpPostRequestConsumer when no subjectConfirmation element in assertion
WebSphere Common Configuration Model (WCCM)PH58806Update SAX parser flags in JDT and EMF
Fix Pack 9.0.5.19
Fix release date: 26 March 2024
Last modified: 26 March 2024
Status: Superseded

๐Ÿ‘ Image
Download Fix Pack 9.0.5.19
ComponentSecurity APARAPARDescription
Administrative Console (all non-scripting)PH57273"The output file for the operation is null" message (null) appears when take system dump from administrative console.
Administrative Scripting Tools (for example: wsadmin or ANT)PH59054Upgrade to use Ant 1.9.16
Edge ComponentsFixlistDetailed List of APARs for Edge Components
GeneralPH58275Update Axis version in UDDI.ear installable application
PH53734Include javax.servlet.resources
PH55289Upgrade Jackson version used by JAX-RS
PH56028NullPointerException in com.ibm.ws.cdi.impl.managedObject.CDIEJBManagedObjectFactoryImpl.createContext
PH56695Usage metering serviceability improvements
PH57058Wasservice command needs additional debugging info on Linux
PH58017Intermittently Adminconfig.getid( /server:odr/proxysettings:/ ) return nothing even when the object exists
IBM HTTP ServerFix ListDetailed list of APARs for IBM HTTP Server
Intelligent Management ComponentPH58487In IPv4/IPv6 dual stack environments, Intelligent Management enabled web servers and ODRs sporadically return 404/503
PH59488Not automatically restart the application after group rollout completed
Java 2 Connectivity (J2C)PH50702Handle list code may dead lock with older resource adapters
PH51368Switch current locks to synchronized
PH58090Deadlock during Db2 HADR failover
PH58534Averaging for stuck detection is failing
Java SDKPH55398Missing source button id:value pair from request parameters in ajax requests
JavaServer Pages (JSP)PH49514JSP taglib objects not cleaned up properly
PH50620Expression language service loader error causes ClassNotFoundException
PH51645Repeated JSP re-compilation after the manual update of the JSP file under heavy load
JNDI/NamingPH59047Passwords can be seen in FFDC files
MigrationPH57504Upgrade the migration toolkit in WebSphere Application Server to the latest version
Plug-inPH58250Define serverIOTimeout > 66000 secs via isc
SecurityPH57998Error detected while opening the certificate database
System Management/RepositoryPH55755Include -xms256m in iscdeploy.sc script joptions setting
Transaction ServicePH58504Provide mechanism to specify JTA commitPriority of wscoordinators
Web Services (for example: SOAP or UDDI or WSGW or WSIF)PH58070Validate ServiceFactory.getService
PH59301Web services API ServiceFactory.getService() is not validating input data
Web Services SecurityPH55077OIDC enable introspection to use UserInfo endpoint
PH56076Saml Web SSO might fail with no principal in trust association error
PH57126SAML importSAMLIpMetadata wsadmin command might fail with NullPointerExcepion error
PH58024OidcClientHelper.getJwtClaimsAsMap api might return null although JWT parameter is valid

Back to Top

Fix Pack 9.0.5.18
Fix release date: 12 December 2023
Last modified: 12 December 2023
Status: Superseded

๐Ÿ‘ Image
Download Fix Pack 9.0.5.18
ComponentSecurity APARAPARDescription
Administrative Console (all non-scripting)PH55437Websphere administrative console displays its own login page after an error when it is protected by a TAI
PH55566Problems in the console identity panel of the administrative console
PH55702For some user roles, the federated repository page shows a blank page
PH56203The InternalFileRepository text should be a link for users with the admin role
PH56496Error 400 when clicking cluster topology tab
PH57081Next page button in "Java Authentication and Authorization Service" page does not work
Administrative Scripting Tools (for example: wsadmin or ANT)PH56797When using AdminApp.edit() to run -MapRolesToUsers, a empty string used in place of a role name causes incorrect behavior
Channel FrameworkPH56229Timestamp in http_access.log (NCSA access log) is incorrect after WebSphere Application Server upgrade to 9.0.5.16
PH56821Package MQ 9.1.0.17 RA for WebSphere Application Server 9.0.5.15 and 9.0.5.16
Edge ComponentsFixlistDetailed List of APARs for Edge Components
GeneralPH53554Print proper message when enterprise application level session manager settings are used
PH55311Federated repositories get API incorrectly returns users which do not meet the user defined search criteria
PH55471Federated repositories certificate filter does not recognize a plus sign (+)delimiter
PH55523Websphere v8.5.5.x Java Batch application fails with J2CA0045E errors after receiving Socket connect timed out error
PH56054Update API discovery dependencies
PH56266After applied PH42468, always waiting 8.5s before closing websockets
PH56482The WS-Security sample keystores expired
PH56518wsadmin.sh jython files are created with rw------- (600) permissions
PH56574Batch code bug which is causing a lookup failure and subsequent retry(s)
PH56649Update COMMONS-COMPRESS to 1.21 in Jython
PH56650Update guava in Jython 2.7
PH56766WebSphere windows service helper tool (wasservicehelper) logs incorrect command in its report file
PH56805Update Apache Batik SVG toolkit library to 1.17
PH56806OAuth provider might fail with an SQL error when retrieving tokens from the token store
PH56866JaxWS injects invalid xml in SOAP response for LDAP failure
PH57206NullPointerException may occur when checking cookie names at encodeURL function
PH62809Remove jython email module
IBM HTTP ServerFix ListDetailed list of APARs for IBM HTTP Server
Java 2 Connectivity (J2C)PH54703Always average stuck values using stuckQueryInterval
PH55788When federated node name contain CellManager, install resource adapter failed
PH56962Application fails with J2CA0045E/J2CA0027E errors after WebSphere Application Server upgrade from v9.0.5.13 to 9.0.5.15
PH57293WebSphere Application Server can over log DSRA8207I messages when using the Oracle JDBC driver
PD tools (for example: Log Analyzer)PH55109Null Pointer Exception when obtaining JSON output for HPEL logs in LogViewer
Plug-inPH55990Improve 413 error reporting in WebSphere Application Server plugin
PH56263Plugin startup takes out servers because they were not fully started
PH56386Plugin topology generation does not persist all config values
PH56499A failure to start the websphere plugin does not produce adequate messaging
PH56705Plugin ANT script doesn not preserve existing permissions
PH57259Plugin may overlook SecureHostVerfification under certain conditions of Intelligent Management
PH57339After PH48747, plugin generation does not create routing rules
SchedulerPH55283Class loader leak in work manager daemon thread
SecurityPH49777Incorrect output during ORB connection
PH55146Customize certificate monitor email alert subject
PH55723Null Pointer Exception occurs after change to com.ibm.isecurityutilityimpl.passwordutil with WebSphere Application Server on IBM i
PH55837Remove unnecessary information from FFDC output
System Management/RepositoryPH55165Running ADMINTASK.VALIDATECONFIGPROPERTIES returns ADMG0836I: A null value specified for property adjustPort
PH57266Using WSADMIN with SOAP and wrong password does not return proper message
Transaction ServicePH56881NullPointerException during recovery of Web Services-Atomic Transactions (WS-AT) subordinate in WSATRecoveryCoordinator.fromLogData causes recovery to fail
Web Services (for example: SOAP or UDDI or WSGW or WSIF)PH55695Web services application ibmasyncrsp.ear may be flagged by scanners
Web Services SecurityPH56494SAML recipient is not retrieved if the SubjectConfirmationData element is not the first child

Back to Top

Fix Pack 9.0.5.17
Fix release date: 19 September 2023
Last modified: 19 September 2023
Status: Superseded

๐Ÿ‘ Image
Download Fix Pack 9.0.5.17
ComponentSecurity APARAPARDescription
Administrative Console (all non-scripting)PH53446Removal of data power admin commands and related files
PH54394"The report no longer exists" error message in Liberty Advisor
PH55326Clicking "help" (left side of logout) does not work in the WebSphere Application Server Administrative Console on WebSphere 9.0
Edge ComponentsFixlistDetailed List of APARs for Edge Components
Federated RepositoriesPH51970NullPointerException returned when federated repository attempts to retrieve the external identifier (getAttributesByExtID)
GeneralPH51485OIDC TAI: update JWK cache to associate with discovered OP
PH52106Update the IBM WebSphere MQ JCA resource adapter to version 9.1.0.16
PH52796NullPointerExceptions seen in servant region for gridContainer
PH53044Out of memory with lot of instances of com.IBM.ws.cdi.classic.CDIArchiveImpl
PH53520Serviceability improvement to aid in debugging CWLRB5841E db2 sql error: sqlcode=-433, sqlstate=22001
PH54161A CWWIM001E error can be encountered on various code paths
PH54588Update Apache Commons Codec to 1.15 for usage metering
PH55042OIDC: Support PKCE
PH55104Used to back port python script email/utils.py
PH55626Increment bundle-version for WebSphere Customization Toolbox (WCT)
IBM HTTP ServerFix ListDetailed list of APARs for IBM HTTP Server
InstallPH54022Patch 9.0.5.15 breaks jython scripts
Java 2 Connectivity (J2C)PH41002Improve dsconfig helper tracing
PH54595NullPointerException in com.ibm.ejs.j2c.poolManager.stuckConnectionSupport
PH54677WebSphere Application Server shutdown may hang when connection validation retries specified
PH55245Allow JTA transaction timeout to skip JDBC 4.1+ datasource abort mechanism and behave as per older JDBC datasource
MigrationPH55426Update the WebSphere migration toolkit for application binaries to the 23.0.0.2 version
PD tools (for example: Log Analyzer)PH54093Collector tool fails with NullPointerException
PH55179Large number of ffdc files causing slow down during server startup
Plug-inPH53629Plugin does not allow for content body larger than 1386820698 in version 855
PH54077Plugin propagation does not wait long enough for node synchronization in some cases
PH54363Plugin Configuration Tool leaves a program file artifact
PH54601Crash in detailedlog function of web server plugin
PH54768Plug-in serverIOTimeout value is used in the SSL handshake during connection creation
PH55213WebSphere plugin HostVerificationStartupCheck problems with Liberty servers configured with tcpOption waitToAccept="true"
PH55238WebServer startup delays with HostVerificationStartupCheck=true
PH55888Response buffer overflow logged by the Web Server plugin
PMI/Performance ToolsPH54141No warning message about the performance impact after selecting the "all" performance monitoring infrastructure statistic set
PH54614Mbean for ActiveCount orb.thread.pool is incorrect after servant crash
Runtime and ClassloaderPH52701NullPointerException occurs at CompoundClassLoader
PH54218Get jar placed into both the ear and war class loader
SecurityPH52832A subject is created with incorrect principal name when a request comes from a foreign trusted realm
PH53800Provide 4 character cipher support for the WebSphere Application Server daemon using system SSL
PH53876Standalone LDAP uses the wrong SSL configuration
โœ“PH54406IBM WebSphere Application Server could provide weaker than expected security (CVE-2023-35890 CVSS 5.1)
PH55392ContinueAfterTAIError does not behave as expected
Session Initiation Protocol (SIP) ContainerPH53665Sipcontainer forwards retransmitted ACK when allow.lower.cseq.in.ack is set to true
PH55528StringIndexOutOfBoundsException in SIP container during cancel processing - cancel not propagated
System Management/RepositoryPH54438Running AdminTask.validateConfigProperties returns ADMG0811I: Changing value for this property ****. New value specified is null. Old value was null.
PH54615Unstoppable server is not killed by node agent
PH54978Slowness caused by unnecessary scanning for EJB content
Transaction ServicePH53972Serviceability enhancement for diagnosing XA protocol violations in scenarios where resource managers violates the XA specification
Web Services SecurityPI56836Update jax-ws ws-security to allow customization of canonicalization algorithm
WebSphere Common Configuration Model (WCCM)PH54323Update ICU4J time zone database to 2023a
z/OSPH55040Add support for CICS 6.1 in WebSphere optimized local adapters for WebSphere Traditional

Back to Top

Fix Pack 9.0.5.16
Fix release date: 28 June 2023
Last modified: 28 June 2023
Status: Superseded

๐Ÿ‘ Image
Download Fix Pack 9.0.5.16

IdeaDescription
TWAS-I-104Display iFix applied in JOBLOG
ComponentSecurity APARAPARDescription
Administrative Console (all non-scripting)โœ“PH52785IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console (CVE-2023-24966 CVSS 6.1)
PH53159Deadlock seen in WASResourceSetImpl
PH53830A blank page displayed when opening the Tivoli Performance Viewer
PH54120Changes were made to the Eclipse help subsystem (iehs.war)
PH54585Websphere Application Server for z/OS 9.0.5.15 generic JVM arguments not expanded in jvm.options files
Administrative Scripting Tools (for example: wsadmin or ANT)PH52518AdminServerManagement.rippleStartSingleCluster hangs
PH53011AdminNodeManagement.SyncActiveNodes() takes too much time to complete
PH53105Remove lib directory from Jython.jar in Jython2.7.2
DB Connections/ Connection PoolingPH51636When a data source 4.0 is being used by application with missingpassword NullPointerException is thrown
PH52361Wrong message key for messages WRRN0006W and WTRN0005W
Edge ComponentsFixlistDetailed List of APARs for Edge Components
GeneralPH49962Eclipselink throws classcastexception during update with identity generation
PH50200Change the default SSL protocol for the daemon to TLSv1.2
PH51431EclipseLink does not support non-breaking space characters in SQL/JPQL query strings
PH51639CDI should tread shared library BDAs as application BDAs
PH51819Update commons net to version 3.9.0 in CIM
PH51978EclipseLink parameter support for db2 zos escape clause
PH51980EclipseLink throws exception on DB2ZOS when obtaining current timestamp
PH52000Backupconfig.sh fails with FileNotFoundException at service level 9.0.5.10
PH52313Memory leak in JAX-RS vector
PH52879Update jQuery and handlebars dependencies for API Discovery (Swagger) UI
PH53138Add debug to help diagnose problem when getting workspace is not valid error
PH53142Update commons-fileupload.jar used in struts
โœ“PH53252IBM WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection vulnerability (CVE-2023-27554 CVSS 6.3)
PH53324Escape CXF's services listing stylesheet path in jaxrs-2.0
PH53389Update the Apache commons-net library in the WebSphere Customization Toolbox to version 3.9.0
PH53496Update REST API discovery (swagger) dependencies
PH53549Update commons BeanUtils to include latest bug fixes
PH53559Add support to EclipseLink for Oracle 21 support
PH53663Update XML BCEL library
PH53798Discontinue BluemixUtility commands
IBM HTTP ServerFix ListDetailed list of APARs for IBM HTTP Server
InstallPH53172Support sha-2 in remote execution and access (RXA)
Intelligent Management ComponentPH51240Health management restart task may not restart all targets successfully
PH54204Intelligent Management enabled Plugin causes a segmetation fault
JavaServer Pages (JSP)PH53463Upgrade to commons-beanutils v1.9.4
JNDI/NamingPH52245Error message needs to be more clear when binding an object to non-naming context
MigrationPH52734Enable the binary scanner to generate a trace file from the wsadmin AdminTask createMigrationReport command
PH53676Update the migration toolkit in was to the latest version
Object Request Broker (ORB)PH50123Excessive consumption of subpool228 key 2 common storage
PD tools (for example: Log Analyzer)PH53928Systemcore diagnostic plan action does not work on z/OS
Plug-inPH47848Preconditioning code for new functions
โœ“PH48747IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to spoofing when using Web Server Plug-ins (CVE-2022-39161 CVSS 4.8)
PH52853Plugin piped logging missing end of line carriage return character on Windows operating systems
PH53838WebSphere plugin configuration fails on AIX if bash is not avaialble
Runtime (zSeriesยฎ)PH53682Log information about installed ifixes and apars at server startup
Runtime and ClassloaderPH51481Errors reading configuration files contain insufficient detail
SecurityPH52363After server has been running for a few hours, SpnegoTokenHelper API may fail due to the lack of Kerberos credential
PH53333EnablePasswordEncryption command fails with CWPKI0773E
Servlet Engine/Web Containerโœ“PH50863IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998 CVSS 7.5)
PH51470Elapsed time of request in the NCSA access log could be a negative value
PH52074Validate HTTP header names
Session Initiation Protocol (SIP) ContainerPH52502Parsing bad SIP requests/responses can lead to high CPU
System Management/RepositoryPH53103The message of IBMJGSSProvider is shown when startserver or stopserver command is executed on Windows platform
PH53199Misleading error message in stopserver.log when client try to stop a server that is already stopped
PH53332Improve error when the server registered as Windows service and the service fail to start
Web Services SecurityPH52459OIDC: emits a CWTAi2086E error when a JWT is signed with a PS256 key
z/OSPH51677WebSphere daemon ABEND=SCC3 reason=C9C20008

Back to Top

Fix Pack 9.0.5.15
Fix release date: 4 April 2023
Last modified: 4 April 2023
Status: Superseded

๐Ÿ‘ Image
Download Fix Pack 9.0.5.15
IdeaDescription
TWAS-I-324IBM HTTP Server: Add SSLMinimumRSAKeySize directive to reject client certificates with small RSA keys
ComponentSecurity APARAPARDescription
Administrative Console (all non-scripting)PH50486A dollar sign in -xtrace is not processed correctly and servant.jvm.options file is not updated
PH50841The ability to administer DataPower appliances has been removed from the WebSphere Application Server administrative console
PH51708A dollar sign in a JVM generic argument is not processed correctly and the servant.jvm.options file is not updated
PH51816Removal of extraneous debug messages in the systemout logs
PH51822Admin console displays incorrect string for externalCacheGroup
PH51849Remove the use of knowledge center in the WebSphere Application Server administrative console
PH52119The page help link for the LDAP test query panel is broken
PH52137The background colour and navigation links are the same colour when using the "my tasks" view
โœ“PH52925IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console (CVE-2023-26283 CVSS 5.4)
Administrative Scripting Tools (for example: wsadmin or ANT)PH49149Unnecessary information printed in wsadmin trace
Edge ComponentsFixlistDetailed List of APARs for Edge Components
EJB ContainerPH50062Message-driven bean (MDB) class java heap leak on application start/stop
EJBDeploy (WSAD)PH50465Remove the Apache axis 1.4 from EJBDdeploy tool
PH50478The heap size for the EJBDeploy tool is not enough
GeneralPH25000Upgrade Jython to 2.7.2
PH43374The nodeAgent was not taking action when JVM "crashes"
PH44317Add log message to notify the user that the syncnode command failed due to missing key and trust files
PH49778High Java heap usage for com.ibm.ws.jaxrs20.cdi.component.jaxrsFactoryImplicitBeanCDICustomizer
PH49914Update Apache Batik SVG toolkit library to 1.16
PH50353Usage metering not handling multiple SSL protocol
PH50582Executorservicesimpl is creating thread pools with application class loaders as their thread context class loaders and whether t
PH50666OSGi application fails to find bundle dependencies due to partial EBA expansion
PH50812Update Jython used by wsadmin
PH50979Remove lib/ensurepip directory from Jython
PH50986Update Python scripts in Jython 2.1
PH51396The optional libraries wsjpatrace.jar file has been removed
PH51496Update the apache commons-net library in the ibm support assistant data collector tool to version 3.9.0
PH52116Allow users to configure a fromAddress for audit notifications
PH52311Memory leak in JAXRSFactoryImplicitBeanCDICustomizer
PH52503Do not use redirect-query-check with CXF'ss static resource list
PH52509Apache CXF's MTOM implementation follows the url defined in the xop:include href attribute by default
PH52888NullPointerException in singleton EJB JAX-RS sub resources
IBM HTTP ServerFix ListDetailed list of APARs for IBM HTTP Server
IBM iPH50815Issues after uninstallation on IBM i
Intelligent Management ComponentPH49275Update Jansson from version 2.0.1 to 2.14
Java 2 Connectivity (J2C)PH47898Better handling of connection error events on free connections
PH48686Override stuck connection support seconds with millisecond units
PH49341A race condition of transaction timeout could leave an indoubt transaction at RM side
PH50820Adding warning messages for rar properties that are being removed
PH51313Print connection leak info in FFDC when J2CA0045E
PH51644Miss threadID and not reported as suspected leak
PH51659IndexOutOfBoundsException can occur during a resource outage
PH51748Add additional trace for pool maintenance thread
PH52757Negative connections seen in the connection pool
Java Management Extensions (JMX) or JMX Client APIPH22062Log the default JVM maximum heap size computation
Java Message Service (JMS)PH44389In WebSphere Application Server v9.0.5.x, modifySIBJMSActivationSpec command sets JNDI destination lookup to null
LoggingPH53925Improved the collector tool to not collect redundant template files from the profiles config directory in the collector output jar
PH53926Improved the collector tool to include the security domain configuration files in the collector output jar
MigrationPH51206Update the Websphere migration toolkit for application binaries to the 22.0.0.7 version
PMI/Performance ToolsPH35234High cpu issue when the web uri pmi url is enabled
SecurityPH46257Change was to use the IBMJCEPlusFIPS provider when fips is enabled
PH47643Error creating client_auth_token during shutdown
PH49944ReceiveCertificate command fails when the response file does not contain a complete chain
PH50256Server AES password encryption fails to initialize when client properties file is not found
PH50799Issues an informative error in the logs when the key manager fails to initialize
PH51280JVM process was not starting, after customizing / modifying the cipher list
PH51421Add parameter to genAndReplaceCertificates
PH51611EnablEPasswordEncryption wsadmin admintask operation fails with CWPKI0773E on IBM i
PH51918After upgrading to 9.0.5.14 the server does not start with SSL errors to LDAP
Servlet Engine/Web ContainerPH47287Suppress some header data in the trace
PH48467Java/lang/arrayindexoutofboundsexception when purgeDataDuringClose=true is set
PH49305Multiple values in request header "x-forwarded-for" not logged
PH52167Http channel custom property donotallowduplicatesetcookies=true is not preventing multiple set-cookie headers from being created
System Management/RepositoryPH48526FFDC for InstanceNotFoundException gets created at start or stop of an application
PH49746SetAutoAccept flag should not be set during fileTransfer
Transaction ServicePH49974WS-transactions initialization failure when javax.xml.rpc.serviceFactory system property specified
Web Services (for example: SOAP or UDDI or WSGW or WSIF)PH50431Admin ThinClient support for WDT
PH50618Remove soap-sec_app22.war as it is very old and not used anymore
Web Services SecurityPH51700ImportSAMLIdpMetadata should not emit sso_1.idp_1.EntityID
PH51712Admintask.deleteSAMLtaisso does not delete the signing certificate
PH51805Admintask.importSAMLIdpMetadata emits SECJ8043E when IDP exists anywhere
PH52683OIDC an NullPointerException can occur when evaluating a filter value
WebSphere Common Configuration Model (WCCM)PH47492NullPointerException from org.eclipse.jem.util.registryReader.readRegistry during application update
PH52005This apar is to add a cache in EMF of the SAXParserFactory
z/OSPH50140Websphere 9.0.5.11 BBOA8000I: the current CICS level 0506 is not supported after CICS is upgraded to v5.6

Back to Top

Fix Pack 9.0.5.14
Fix release date: 22 November 2022
Last modified: 22 November 2022
Status: Superseded

๐Ÿ‘ Image
Download Fix Pack 9.0.5.14
ComponentSecurity APARAPARDescription
Administrative Console (all non-scripting)โœ“PH47531IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console (CVE-2022-34336 CVSS 5.4)
PH49318Drop down selection makes items un-clickable starting from fixpack 9.0.0.11
โœ“PH50116IBM WebSphere Application Server is vulnerable to Cross-site Scripting (CVE-2022-22477 CVSS 6.1)
Channel Frameworkโœ“PH46816IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to HTTP header injection (CVE-2022-34165 CVSS 5.4)
Dynamic CachePH47936Inactivity timeout value larger than 2147483 seconds causes immediate cache invalidation
Edge ComponentsFixlistDetailed List of APARs for Edge Components
Federated RepositoriesPH49752Setting custom property com.ibm.websphere.security.ldap.groupBaseDN results in login failure
PH49768Adding cache to urbridge in federated repositories
PH49910CWWIM1999E IllegalArgumentException: class group does not have a feature named password
PH49932Urbridge removes uniqueID from personAccount and group dataObjects
GeneralPH37481Leaked connections in com.ibm.ws.batch.schedulerStoreFactory
PH43324The managesdk command may not detect the default locations where custom encryption classes reside
PH47365Improve message when addNode fails due to disabling non-SSL port in WebSphere
PH47827NullPointerException during batch job execution
PH48009Security hardening: Apache commons collections
PH48552com.ibm.ws.orb_8.5.0.jar needs JDK orb 8 classes
PH48612Register deployment manager with WebSphere automation
PH49381OAuth TAI: add regular expressions and logical OR to filter property
PH49382Saml web inbound: Add regular expressions and logical OR to filter property
โœ“PH49655IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console (CVE-2022-40750 CVSS 5.4)
PH49790Application ajaxProxy.war does not accept HTTP requests
IBM HTTP ServerFix ListDetailed list of APARs for IBM HTTP Server
Java 2 Connectivity (J2C)PH38284Add ConnWaitTimeoutPoolContent trace string,ConnWaitTimeoutJavacoreInterval and MaxConnWaitTimeoutJavacore properties to allow client generate javacores when J2CA0045E report for a datasource to help debug performance issue with J2CA0045E
PH38720Add messages to report connections are aborted for transaction timeout or abort purge which will help to determine root cause of the closed connection
Java Persistence API (JPA)PH41746OpenJPA IllegalArgumentException setting persistence properties on entityManagers
MigrationPH42947Server1 extra entry was found in serverindex.xml file due to which the ports were changed
PH48997Migration process from WebSphere Application Server Version 8 to Version 9 does not migrate configuration file
Object Request Broker (ORB)PH48618Outbound IIOP locate request hangs and fails with BBOO0049E
Plug-inPH48383Plug-in should not crash if WebSphere returns null DWLM information and caused IBM HTTP Server crashed
Runtime and ClassloaderPH46573Add full headers to error-stream logs
SecurityPH41442Provide TLSv1.3 protocol support for daemon system SSL
PH41795Update in System SSL ciphers (z/OS only)
PH44422LDAP connection retries take long time
PH47302SecurityObjectLocator#getSecurityConfig() returns null when run in local mode
PH48140Renewing WebSphere Application Server generated personal certificate not reflected by SOAP port connection
PH48145WebSphere formLogout does not invoke TAI logouts
PH48637SSL configuration built from JVM properties not taking FIPS into account when filling in SSL protocol
PH49180SystemOut.log flooded with SECJ0352E with ICH31005I message
PH49360Improve error handling in wsadmin scenario
PH49497Retrieve from port not honoring SSL protocol
System Management/RepositoryPH48128The syncNode.sh command fails on z/OS with zMFA's one-time use password
Transaction Serviceโœ“PH47385IBM WebSphere Application Server is vulnerable to Server-Side Request Forgery (CVE-2022-35282 CVSS 4.3)
PH47514IIOP request should be prohibited if the transaction context has already timed out in a subordinate
PH48393Incorrect locking in transaction sevice partnerLogtable subClass
Web Services (for example: SOAP or UDDI or WSGW or WSIF)PH46878Allow ServiceDescription object to be kept in cache for future use
โœ“PH49111IBM WebSphere Application Server is vulnerable to SOAPAction spoofing (CVE-2022-38712 CVSSS 5.9)
Web Services SecurityPH47550SAML SSO: Add useJavaScript property
PH48083Update the OpenID Connect (OIDC) replying party (RP) to logout from an OIDC provider (OP) with RP-initiated logout
PH49279OIDC: Add regular expressions and logical OR support to filter property
PH49373SAML: Add regular expressions and logical OR support to filter property
PH49566OIDC: CWTAI2047E when more than one key without "alg" claim in JWK

Back to Top

Fix Pack 9.0.5.13
Fix release date: 30 August 2022
Last modified: 30 August 2022
Status: Superseded

๐Ÿ‘ Image
Download Fix Pack 9.0.5.13
ComponentSecurity APARAPARDescription
Administrative Console (all non-scripting)PH45303Changes in admin console cookies to meet RFC 6265 compliance
โœ“PH46332IBM WebSphere Application Server is vulnerable to cross-site scripting CVE-2022-22477 CVSS 6.1)
โœ“PH46342IBM WebSphere Application Server is vulnerable to an information disclosure (CVE-2022-22473 CVSS 3.7)
Enterprise Edition (EE)PH46247Array out of range exception from jaxb unmarshaller when using qname Java type
Federated RepositoriesPH46082Add warning message when failed login delay is disabled
PH47025File repository account lockout policy can delay expiring failed logins
GeneralPH36335OIDC TAI cannot process encrypted JWT (JWE) or id tokens
PH43934Eclipselink update queries reuse timestamp values for version locking
PH44128Eclipselink criteria api support for parameter values in order by clause
โœ“PH44339IBM WebSphere Application Server is vulnerable to Spoofing (CVE-2022-22365 CVSS 5.6) 
PH45297OIDC: introspection requests might fail after access token is refreshed
PH45382Update GSon jar used in kc.war module
PH45431Eclipselink criteria api support for parameter values in criteriabuilder isNull function
PH45432Eclipselink may obtain incorrect identity values on SQLServer
PH45453PCT response file has invalid paths
PH457040C4 abend in IIOP connection closing code
PH45740OIDC setting SignatureAlgorithm to none results in error
PH45755EclipseLink negate expression inappropriately sets integer as return type
PH45943Changing node maintenance mode state fails and hung thread warnings (WSVR0605W) are observed in systemout.log
PH46163Enhance parser of was-usage-metering.properties
PH46324OIDC: CWTAI2047E error occurs when no kid claim in the JWT header
PH46408OIDC: getvalidaccesstoken might fail with illegalargumentexception
PH46423File repository account lockout not ignored on versions 8.0 and lower
PH46743Update the WebSphere migration toolkit for application binaries to the 22.0.0.3
PH46751Memory leak executing eclipselink batch queries
PH46914Routing rules fail with underscore names
PH47272OIDC TAI requires hardcoded signature algorithm
PH47482OIDC add value to useRealm property to mean default realm name
PH47541Improve DB2 query performance on eclipselink by altering parameter binding behavior
PH47715WebSphere service crash in ntdll.dll
IBM HTTP ServerFix ListDetailed list of APARs for IBM HTTP Server
Intelligent Management ComponentPH46914Routing rules fail with underscore names
Java 2 Connectivity (J2C)PH39586Adapter code reports java.sql.SQLException: unsupported feature for the optional method
PH44499Oracle UCP connection pool cleanup during connection testing
PH44986Warnings emitted by DB2 driver for unknown kerberos properties
Java Management Extensions (JMX) or JMX Client APIPH38127Update information returned from SOAP response
PH44727BackupConfig.sh script failed to execute with error WSVR0019E
Java Message Service (JMS)PH45838Issue in control region with handling connection with async read outstanding
JNDI/NamingPH46634Use inclusive language in naming server code
MigrationPH45605WASPreUpgrade fails when the profiles are in the $WAS_HOME directory
PD tools (for example: Log Analyzer)PH45926WebSphere control region abend: NoClassDefFoundError (C9C21235)
Plug-inPH46638Server markdown and retry when 505 is received instead of 100-continue
PH46938IBM WebSphere Application Server webserver plugin may not forward request
PH47314Plugin error: loadsecuritylibrary(<number>): skitlib 0x<hex value> but rc=<num>
PMI/Performance ToolsPH43914PMI asynccontext response time cannot be set
PH45048WSThreadPoolStats appear to be missing the relevant static variable id for percentage used
Runtime and ClassloaderPH39981JVM MBean dumpthreads() can create heap or system core dumps
PH43152Runtime module code does not have the necessary thread context protection
PH45954Remove WMIC from clearClassCache.bat
SchedulerPH45977Duplicate execution of ScheduleAtFixedRate
SecurityPH41795Update in the SSSL ciphers (z/OS only)
PH45406The addNode operation fails during creation of a chained certificate due to java.lang.NumberFormatException
PH45670NullPointerException in socket factory in 8.5.5.21 and 9.0.5.11
PH45688Changing the WebSphere default protocol to TLSv1.3,TLSv1.2
PH46142Qop settings page does not work for daemon SSL config
PH46566TLSv1.3 failback for thin client
PH46993Add constrained delegation support to spnego function
System Management/RepositoryPH44845The message of IBMJGSSprovider is shown when startServer or stopServer command is executed
Web Services SecurityPH47461Saml SSO: add value to useRealm property to mean default realm name
WebSphere Common Configuration Model (WCCM)PH46154Blocked threads in com/ibm/ws/bo/boExtendedMetadata.containsPackage under heavy load

Back to Top

Fix Pack 9.0.5.12
Fix release date: 7 June 2022
Last modified: 7 June 2022
Status: Superseded

๐Ÿ‘ Image
Download Fix Pack 9.0.5.12
ComponentSecurity APARAPARDescription
Administrative Console (all non-scripting)โœ“PH43148IBM WebSphere Application Server is vulnerable to remote code execution due to Dojo (CVE-2021-23450 CVSS 9.8)
PH43252Mapping policy sets can take a long time
Default Messaging ComponentPH42891Sibus table deliverydelay_time column missing problem after migration from V8.5 to V9.0
Dynamic CachePH43733Distributedmap.remove() results in NullPointerException when replication configuration is incorrect
Federated RepositoriesPH42406Support account lockout in WIM file repository
PH42735Hang occurs when attributeRangSstep value is set larger than recommended
PH44204Nested group members are not correctly found after setting applyEntityTypeSearchFilterForGroupMembership custom property
GeneralPH36899Improvements to WSGRID takeover
PH37642GetJobDetails api output missing fields
PH39030WebSphere batch job dispatch can timeout under load
PH41012WebSphere Customization Toolbox should be updated to clarify the default of "generate ca certificate" is for non-production environment
PH42468Webcontainer threads hung while closing websockets
PH42973Update messages in federated repositories
PH43324ClassNotFoundException when running the managesdk.bat command on the Windows operating system
PH43334Incorrect Struts action parameter processing for UDDI.ear
PH43383WebSphere Application Server start failed by deadlock between the server.startup thread
โœ“PH43760IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to Clickjacking (CVE-2021-39038 CVSS 4.4)
PH45586Update the WebSphere migration toolkit for application binaries to the 22.0.0.1 version
IBM HTTP ServerFix ListDetailed list of APARs for IBM HTTP Server
Intelligent Management ComponentPH44199SystemOut.log files contain error message 'ODCTreeImpl E ODCF0002E: Exception: The string "--" is not permitted within comments '
PH44203Middleware servers display issue when filter function is used in conjunction with non-default value for maximum rows preference
Java 2 Connectivity (J2C)PH44437Work manager code requires synchronization of unprotected boolean value
PH44801NullPointerException is thrown during start after upgrading to 8.5.5.21
Java Message Service (JMS)IT33764Ivt run on wildfly-20 ignored destination lookup and connectionfactorylookup activation properties
IT37502WebSphere Application Server transaction recovery fails when activation specs are configured to use bindings_then_client
IT37878WebSphere Application Server activation specifications do not pause when an mdb calls setrollbackonly()
IT39822Update bouncy castle shipped with IBM MQ 9.1 lts to version 1.70
PH37169NullPointerException when wmq_jms_client_details tag is missing in OSGI bundle
PH41928503 received when server is stopping, not able to retry request
PH42333TCP connections to WebSphere MQ leak when using JMS 2.0
PH45235Update the IBM WebSphere MQ JCA resource adapter to version 9.1.0.11
Messaging ProvidersPH41825Message remains locked
Object Request Broker (ORB)PH44329WebSphere z/OS 9.0.5 abends with "java/lang/outofmemoryerror" "failed to create a thread: retval -1073741830
PD tools (for example: Log Analyzer)PH41439FFDC generating javax.xml.parsers.factoryconfigurationerror: provider
PH42911Duplicate prometheus metrics ear code in runtime jar
PH43845Collector tool does not correctly output information in the os/system file on Windows platforms
PH44134Collector tool does not include the profile file listing and permissions, if it exists outside of installation root directory
PH44209Additional diagnostic data needed for WebSphere Application Server traditional
Plug-inPH44327Plug-in can see an increase in file descriptors when the plug-in reloads the xml file
PH45148Adding custom properties to plugin-config.xsd file
Portlet Container EnvironmentPH44227IllegalStateException occurs during portlet event processing within Portlet Container's CacheHelper Class
Runtime and ClassloaderPH40901NullPointerException during JIT EJB stub generation
SecurityPH42057Error when disabling custom password encryption
PH42887Kerberos error message after upgrading to 8.5.5.20 and 9.0.5.8
PH43573WebSphere Application Server 8.5.5.20 may use a default cipher list during handshaking
PH43950Setting sslenabled on customRegistry results in ClassCastException
PH44602NullPointerException in WebSphere socket factory in 8.5.5.21 and 9.0.5.11
PH45080Issue an error when certificate request file path contains spaces
PH45124Add the WebSphere disabled algorithms to the configuration during profile creation
PH45689LoginModules can no longer be created unless the loginModule class is in the classpath
Servlet Engine/Web ContainerPH43825Support urlencoded string in the ssl certificate
System Management/RepositoryPH43697Non-planned task clean up causes a FFDC
Transaction ServicePH44495Thread hang in transactionimpl.resumeassociation due to race condition when a transaction is used across multiple threads
Web Services (for example: SOAP or UDDI or WSGW or WSIF)PH44071Incorrect error handling in UDDI GUI application
Web Services SecurityPH30118OIDC TAI: discovery endpoint may be invoked multiple times
PH43722Saml SSO may emit CWWSS5601E NullPointerException error when decrypting encrypted assertions
PH44467OIDC TAI: filter requests based on the iss claim in the JWT
PH44692OIDC: add methods to the oidcclienthelper api to verify JWTS
PH45044OIDC RP add ability to turn off revoke endpoint

Back to Top

Fix Pack 9.0.5.11
Fix release date: 15 March 2022
Last modified: 15 March 2022
Status: Superseded

๐Ÿ‘ Image
Download Fix Pack 9.0.5.11
ComponentSecurity APARAPARDescription
Administrative Console (all non-scripting)PH38069JDWP configuration does not allow an IP address, only a port number
PH41622SESN0008E error when using admin console
PH42423A chainEndPointFilter is set for ORB transport chains page
Default Messaging ComponentPH31734Admin console reports incorrect messaging queue information
EJB ContainerPH43960java.lang.ClassFormatError: JVMCFRE106 duplicate method; class=a/b/c/_EJSRemote0SLASBCbean_cab9549d_Tie, offset=51525 reports
Federated RepositoriesPH42990Improve logging of JNDI_CALL search trace to include the referral setting
GeneralPH38967BufferOverflowException causes activation specs to stop
PH38042-XX:+PrintHeapAtGC should be added as a default JVM argument on WebSphere 9 for Solaris and HP-UX
PH39085Processing Base64 encoded data using JAXB can cause a loop
PH39881User able to login after failed creation
PH40124The ldapLoginGroupFilter setting is not honored when a group searches for a group
PH41073EclipseLink weaved entity has null value in hidden attribute
PH41336WSGrid job submission may fail after APAR PH35447
PH41630EclipseLink NullPointerException from batch policy
PH41638EclipseLink may return empty weaved entity from em.find()
PH41649EclipseLink throws exception for parameters used in CriteriaBuilder update query
PH41806Usage metering not reporting metrics for WebSphere ILAN
PH42031EclipseLink exception for concurrent queries with case/coalesce expressions
PH42079Update EclipseLink to support ASM 9.2 for Java 18
PH42093Update the WebSphere migration toolkit for application binaries to the 21.0.0.4 version
PH42103JaxRsFactoryImplicitBeanCDICustomizer does not release creational contexts
PH42111Excess memory consumption
PH43816JNDI failure after upgrading WebSphere Application Server to 9.0.5.10
IBM HTTP ServerFix ListDetailed list of APARs for IBM HTTP Server
Intelligent Management ComponentPH37335Multiple im enabled web server definitions with the same shortname may overwrite active routing rules definitions
PH42111Excess memory consumption
Java 2 Connectivity (J2C)PH25286Add diagnostics to message when a method is not found in a resource adapter
PH35564Add support for encoding the passwords inside of the customer datasource property "connectionProperties"
PH36595Connection wait timeout is accounted twice
PH38667Allow container managed behavior for direct lookups
PH41279CMPConnectorFactory is removed unexpectedly when deleting JDBC provider from a server template
Java Message Service (JMS)PH41078Issue in control region with handling connection with async write outstanding
JavaServer Pages (JSP)PH39923NPE in JspBatchCompiler.sh
Messaging ProvidersPH41504Appservers go into retry cycle with error message "exception caught increasing range of unique key generator!"
MigrationPH24791Document allowSameRelease option for WASPostUpgrade
PH40233Improve migration of cluster level libraries with variables
PH40856AES encryption files not migrated
PD tools (for example: Log Analyzer)PH39243Add ISO-8601 date option for systemout/err.log files.
Plug-inPH38773Add propagateKeyring option to httpPluginManagement.py
PH43382Plug-in propagation occurs even though its set to manual
Programming Model Extensions (PME)โœ“PH41676WebSphere Application Server is vulnerable to a Denial of Service (CVE-2021-38951 CVSS 7.5)
Runtime and ClassloaderPH37476In AIX and Linux, lastModified() timestamp is not detailed to millisecond
PH37493osgi.configuration.area.readOnly=true not taking affect for servant region
PH40676Allow WebSphere Application Server to return jar URLs rather than wsjar
PH42759Block class loads for vulnerable classes
PH42899Block classes with known vulnerabilities from being loaded by the application and library class loaders
SchedulerPH30623Fix NULL pointer when customer scheduler is used
SecurityPH36842Support for a customized list of SSL protocols
PH37362At admin console, JAAS - system logins > web inbound, "set order" button can cause security.xml corruption
PH39883The user "unauthenticated" (in lowercase) asserted by TrustAssociationInterceptor is no longer authenticated
PH39917Unable to retrieve group in a custom stand-alone user registry implementation
PH40186Replace certificate function did not replace certificate alias name
PH40544LTPA token expiration message (SECJ0371W) was intermittently thrown with the old expiration time in year 1970
PH41020CSR fails validation due to extra lines RFC822 name = user@domain
PH41313Provide an option to include application name in the terse audit function
Transaction ServicePH27371Adding support for Kerberos Keytab and CCache during XA recovery
Web Services (for example: SOAP or UDDI or WSGW or WSIF)โœ“PH42728Vulnerability in Apache Log4j affects WebSphere Application Server (CVE-2021-44228 CVSS 10)
โœ“PH42762
Web Services SecurityPH39666OIDC RP initial login may fail when OIDC stateId name contains special characters
PH40532OIDC TAI might not remove oauth access token cache entries
PH40533OIDC TAI might encounter a thread hang when sessions are removed from the local cache
PH43169OidcClientHelper.getAccessTokenFromSubject() might return NULL when using JWT SSO

Back to Top

Fix Pack 9.0.5.10
Fix release date: 3 December 2021
Last modified: 3 December 2021
Status: Superseded

๐Ÿ‘ Image
Download Fix Pack 9.0.5.10
ComponentSecurity APARAPARDescription
Administrative Console (all non-scripting)PH39232A dollar sign in -xdump is not processed correctly and servant.jvm.options file is not updated
PH39747Domino webserver definitions cannot be changed in the console
PH39939Default truststore name in the SSL configuration panel is incorrect
PH39949Confusing wording in admin console around application startup
Administrative Scripting Tools (for example: wsadmin or ANT)PH40488Improve debugging statements in wsadmin when running certain AdminTask commands
PH40626AdminApplication.AdminApplication.stopApplicationOnCluster throws error when one of the cluster member in stopped state
EJB ContainerPH36416EJB Singleton bean possible deadlock during lifecycle methods
Federated Repositoriesโœ“PH38929WebSphere Application Server is vulnerable to Information Disclosure (CVE-2021-29842 CVSS 3.7)
GeneralPH02744org.osgi.framework.ServiceException: The use count for the service overflowed when creating a javax.naming.InitialContext
PH36354Deadlock in logging code
PH38133Incorrect Expression Language (EL) Method Matching with Varargs
PH39123Http sessions should not be using Data Replication Service thread pool
PH39339Node configuration error on WebSphere Application Server 8.5.5 nodes after upgrading Dmgr to WebSphere Application Server 9.0.5.7 and later
PH39398SESN8558E Message giving wrong error details
PH40345Update the WebSphere Migration Toolkit for Application Binaries to the 21.0.0.3 version
IBM HTTP ServerFix ListDetailed list of APARs for IBM HTTP Server
Intelligent Management ComponentPH37071Certificate monitor fails on secondary dmgr in HADmgr configuration
PH37897Application edition management feature fails to clean up admin sessions
PH40934Provide option for AEM deploy to not start another server if only one is running
Java 2 Connectivity (J2C)PH39960Null pointer exception occurs when stopping the server
PH40106IBM MQ activation specification uses incorrect class path for XA recovery when resource adapter native library path specified
Java Message Service (JMS)IT32295IBM MQ classes for Java application hangs when using the BINDINGS transport and getting messages with the MQGMO_CONVERT option
IT32554Channel exits written in Java are unable to access the local address used by the channel
IT33500IBM MQ-JMS Connection's ExceptionListener is not called when a JMS Session's TCP/IP socket is disconnected
IT33852IBM MQ Classes for JMS generate NullPointerExceptions when an application is accessing a queue or a topic
IT34684JMSCC0108 reported by the IBM MQ resource adapter references the wrong version of the product documentation
IT34967IBM MQ Classes for JMS BROKERPUBQMGR property validation failure with asterisk characters
IT36124Update the version of Bouncy Castle shipped within the IBM MQ installation
IT36701MQ-JMS applications connected to EBCDIC character set queue managers fail to move messages to BOQ or DLQ
IT37224java.lang.NullPointerException thrown when multiple threads connecting to the QMGR concurrently
IT37486Update Bouncy Castle to level 1.69 on IBM MQ
PH27943Add extra information to CWSIS1577E and CWSIS1578E error messages
PH37666MDB listener port has inconsistent status across multiple servants
PH40283Update the IBM WebSphere MQ JCA resource adapter to version 9.1.0.9
Java Persistence API (JPA)PH40302EclipseLink behavior change for boolean values in case select expressions
Java SDKPH38339StringIndexOutOfBoundsException occurs in MyFaces when creating a resource
JavaServer Pages (JSP)PH35599Out of memory in JspBatchCompiler.sh
MigrationPH39100WASpostupgrade from 7.0 to 9.0 fails with ArrayIndexOutofBoundsException
Plug-inPH38773Add propagateKeyring option to httpPluginManagement.py
PH40758Crash shortly after startup with intelligent management enabled
PH4141299spluginsbootstrapiis8.ant may fail if path contains a space
PMI/Performance ToolsPH40246WebSphere Application Server prometheus application enhancements 2
ProfilePH39056Running two zpmt.sh jobs at the same time can create the same targetRelativeDir
SecurityPH34539Running addnode could cause the SSL configuration to change and reset the soap connection
PH36184LDAP certificate filter does not recognize a plus sign '+' delimiter
PH37483With application security enabled, 500 is returned when http request has more reference to the parents/upper directory
PH37872LtpaToken getting refreshed using the custom CacheKey instead having to relogin
PH38655WebSphere Application Server 9.0.5.7 EJB Thin Client jars not recognizing TLSv1.3 protocol
PH39176com.ibm.websphere.tls.DisabledAlgorithms property is not honored in a certain Java thin client scenario
PH39568StopServer and serverStatus fails to work after upgrading to 9.0.5.8 and 8.5.5.20
PH40437Class cast Exception in WebCollaborator in 9.0.5.8
PH40829WebSphere Application Server tries to invoke TLS1.3 and fails even though it is not the default protocol
Web Services (for example: SOAP or UDDI or WSGW or WSIF)PH38944"ERROR CASE - PRIMCONTAINS() FOUND NULL ZIPFILE" error may be seen in DMGR log when installing an application
Web Services SecurityPH39847OIDC RP: Entry is never removed from cache when initial login is via introspection
WebSphere Common Configuration Model (WCCM)PH38310XML parser does not recognize the setting which disables processing of doc type
Workload Management (WLM)PH29620Cluster ripple stops processing cluster members when a members nodeagent is down
z/OSPH37413WOLA causes ABEND SB78-8 while testing recovery in an IMS ESAF

Back to Top

Fix Pack 9.0.5.9
Fix release date: 10 September 2021
Last modified: 10 September 2021
Status: Superseded

๐Ÿ‘ Image
Download Fix Pack 9.0.5.9
ComponentSecurity APARAPARDescription
Administrative Console (all non-scripting)PH364768.5.5.18 console security tightening
PH36632Update commons-io in the admin console
PH38485Unable to configure logging parameters on the admin console
Administrative Scripting Tools (for example: wsadmin or ANT)PH36027Improve message when rename node is run against an unmanaged node
EJB ContainerPH28694EJB method names that differ only in capitalization may result in org.omg.CORBA.BAD_OPERATION
PH37410Getting secj0053e, cntr0020javax.ejb.AccessLocalException, com.ibm.websphere.csi.CSIAccessException when accessing an EJB method
Enterprise Edition (EE)PH36441Fix deserialization issue for lists when jaxb.fp.fallback.for.typed.arrays is enabled
Federated RepositoriesPH30775NullPointerException is thrown when creating a property extension (lookaside) repository
GeneralPH36210WebSphere z/OS 9.0.5.7 server fails to start - JVMJNCK031E JNI error in callstaticvoidmethoda: argument #4 is null
PH34673Application start/stop issues in WebSphere Application Server ND V9.0.5.5.x
PH35225Improve handling of cancel notifications in compute grid
PH35226Making log part rotation configurable based on file size or number of lines in compute grid
PH35447Property to enable preference to use local connection between compute grid scheduler and endpoint servers
PH35789Same fix as PI78935 but for transaction commit processing
PH35877Session ActiveCount shows a negative value
PH36236Compile error returns com.ibm.ws.exception.wsNestedException is unknown
PH36731Intermittent eclipseLink concurrentModificationException
PH36828EclipseLink support for embeddable fields as join targets
PH36833EclipseLink support for input parameters in select clause
PH36839EclipseLink throws NullPointerException from embedded temporal mapkeys
PH36841EclipseLink criteria builder trim function creates incorrect SQL
PH36843EclipseLink throws exception for criteriaBuilder queries with only literal values
PH36966Non-translated warning message in WebSphere logs
PH37038Charset="utf8" fails with unsupportedencodingexception in wink JAXRS
PH37099Prevent high CPU resulting from concurrent server-status access
PH37142Allow Intelligent Management enabled web servers to honor affinity over application edition routing policies
PH37202RemoveAttributesOnInvalidate does not work at web moulde or application level configuration
PH37590Invalid bundle-version in derby
PH37715EclipseLink illegalArgumentException from criteria builder case expressions
PH37742EclipseLink support for parameter values in case/coalesce expressions
PH37763EclipseLink support for parameter values in criteria builder in expressions
PH37788Use first found EJBDescriptor for mdb
PH37833EclipseLink criteria builder coalesce classcastexception when using literals
PH37837EclipseLink support for parameter values in having clause
PH37916Update EclipseLink to support ASM 9.1 for Java 17
PH37919Honor ability to set umask on the process used to launch assisted life cycle servers and correct the default umask to actually be 022
PH39180Exception: java.lang.NullPointerException at com.ibm.ws.odc.nd.ODCTreeImpl.commitTransaction(ODCTreeImpl.java:1047) - DMGR SystemOut
PH39373WebSphere windows service fails when the hostname contains the word "test"
PI50904Invalid url request values need more specific details in the exception produced
IBM HTTP ServerFix ListDetailed list of APARs for IBM HTTP Server
Java 2 Connectivity (J2C)PH32900Tolerate hung connections during error cleanup
PH34972Invalid properties in the ra.xml causes WebSphere v8.5.5.x resource adapter update to fail
PH36295J2CModule PMI object memory leak
Java Management Extensions (JMX) or JMX Client APIPH36026Improve log message when the node agent restarts an unresponsive application server
Java Message Service (JMS)PH35855WebSphere control region failed with abend 0c4 in com/ibm/ws390/xmem/proxy/xmemproxycrcpputilities.queueinboundreq
Java Persistence API (JPA)PH35414Bean validation leaking application class loaders
Java SDKPH36923java.lang.NullPointerException caused by PH34711
MigrationPH36102MIGR0285E: An unexpected internal error occurred with exception java.io.eofException: unexpected end of zlib input stream error
PH36493WASPostUpgrade fails with NPE processing domain-security.xml configuration file
PH37617A NullPointerException occurs when processing a virtualhosts.xml that contains a mime type entry with no type specified
PH38010Update the migration toolkit for application binaries to the latest version - 21.0.0.2
Object Request Broker (ORB)PH37257WebSphere z/OS 9.0.5.7 abends with abend0c4 in com/ibm/ws390/sm/smf/smfjactivity.cutsmfst9asyncrecord
PD tools (for example: Log Analyzer)PH38048Prometheus endpoint enhancements for performance monitoring infrastructure metrics on WebSphere Application Server traditional
PH38053Add new server scrape duration metric for prometheus metrics endpoint
Plug-inPH36744Ant script does not clean up extraneous files
PH37891Plug-in error message repeatedly logged - "error: ws_transport: address_as_string: unknown family 4098"
PH38203Unix PluginCfgMerge lacks was.install.root which causes WVER0001E
ProfilePH32486"APPLICATIONS" button of Suse GUI is not displayed after installing WebSphere Application Server
Runtime and ClassloaderPH39733Provide a switch to disable Java cores for unexpected shutdowns
Securityโœ“PH34690Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2021-29736 CVSS 5.0)
PH36017Fix message formatting error in PH36017 in 9058
PH36593Provide an option to turn off hostname information for audit function
PH36615Qshell command line remains hidden after prompting for password with administrative security enabled for a profile
PH36732Add ability to delete corrupted keystore
PH36733A Certificate Signing Request (CSR) is created with an extra information in the Subject Alternate Name(SAN) field
PH36858Add warning during server start when TLSv1 or TLSv1.1 is configured
PH36864Message CWPKI0429I has an incorrect parameter that needs to be fixed
PH36934CWSCF0002I: Flooding the logs
PH36985SSL failed handshake with a bad cert error
PH37067CWPKI0045E correction
PH37396Serviceability improvement to aid in debugging issues with EJB deployment descriptors and role permissions
PH37447Profile creation fails when the domain name starts with a digit
PH37462javax.net.ssl.keystore, javax.net.ssl.truststore properties are not honored
PH38493Remove unnecessary manual garbage collecting in security code
System Management/RepositoryPH29354Add jvm option to narrow down trace spec for command line tools
PH30748Error creating client_auth_token during shutdown
PH38349ADMU3029I: Conflict detected on port 9999 for endpoint jsr160rmi_connector_address of the server server1
Transaction ServicePH35202Server using Enable_dbtxLog_PeerLocking=true fails to start if the transaction log tables are empty
PH36461Transaction recovery fails due to org.xml.sax.SAXParseException: the namespace prefix "wsa" WebSphere Application Server not declared
Web Services (for example: SOAP or UDDI or WSGW or WSIF)PH34951NullPointerException error may occur with Axis2 marshaller
PH35078Soap response message is not valid, but WebSphere parsing should not fail it with NullPointerException
PH37152IWAE0017E Unable to replace original archive - during role mapping
Web Services SecurityPH35481OIDC apis may not find idToken token on runAs subject
WebSphere Common Configuration Model (WCCM)PH35698NullPointerException from org.eclipse.jem.util.registryReader.readRegistry during application update

Back to Top

Fix Pack 9.0.5.8
Fix release date: 18 June 2021
Last modified: 18 June 2021
Status: Superseded

๐Ÿ‘ Image
Download Fix Pack 9.0.5.8
ComponentSecurity APARAPARDescription
Administrative Console (all non-scripting)PH32886Incorrect variable definition leads to failure in transformer script
PH33656Wsadmin Jython command does not change status of schedulerJNDI name
PH33754The OK button of login configuration page for Java authentication and authorization (JAAS) not working consistently
PH33795Default scope should not affect virtualhosts.xml. There is only one scope for virutalhosts
PH35829Not able to move a target of a SIP application router to another SIP application router through the administrative console
Default Messaging ComponentPH29166Message engine deadlock problem
PH31182Loop when trying to delete the first message in the queue
Dynamic CachePH35811com.ibm.ws.cache.CacheConfig.batchUpdateMilliseconds does not affect the batch update daemon on receiving side
EJB ContainerPH33683EJB timer service does not adjust based on Daylight Saving Time adjustment
PH34623Harden legacy EJB APIS
EJBDeploy (WSAD)PH36122Remove unnecessary was.product file from EJBDeploy tool
GeneralPH17014Manifest attributes for annotation filtering are not being honored
PH21496CWSAH0009E: An internal error occurred
PH21936FileNotFoundException may occur during migration of OSGI application
PH22740OSGI application fails to start in Azure environment
PH29774Close files after CDI is initialized
PH30607Warning message CWSAA0037W indicating duplicate JNDI name is issued in error
PH31840Moveable DMGR fails to create VIPARANGE DVIPA on 2nd LPAR
PH32163Deadlock condition in memory session and logging console handler
PH32868Exported ear file does not include latest application files
PH33368CWSIK0901E: An internal messaging error
PH33712Check package name when injecting EJBs
โœ“PH34067XML External Entity (XXE) Injection vulnerability in WebSphere Application Server (CVE-2021-20453 CVSS 8.2)
โœ“PH34122Vulnerability in Dojo affects WebSphere Application Server (CVE-2020-5258 CVSS Score 7.5)
โœ“PH34501Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server
โœ“PH34906XML External Entity (XXE) Injection vulnerability in WebSphere Application Server (CVE-2021-20492 CVSS 6.5)
โœ“PH34944Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server
PH35767Update the migration toolkit in WebSphere Application Server to the latest version
โœ“PH36253Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2021-29754 CVSS 4.2)
PH37034Update the version of log4j contained in the installable uddi.ear application
IBM HTTP ServerFix ListDetailed list of APARs for IBM HTTP Server
IBM iPH35467QSVTAP24 service program not updated by fix pack if ownership incorrect
Intelligent Management ComponentPH31531ArrayIndexOutOfBoundsException in ODR vector operation
PH34475Intelligent Management enabled web servers and On Demand Routers (ODR) return 404 error codes for requests that could be served by the mapped applications default servlet
PH34977Intelligent Management enabled plug-in attempts too many retries when application with session affinity returns 503
PH35058Unable to configure Java SDKs from console for ODR servers
โœ“PH35098Directory Traversal vulnerability in WebSphere Application Server ND (CVE-2021-20517 CVSS 6.4)
PH35997After upgrade to 9.0.5.7 static content which WebSphere Application Server previously being served by IHS WebSphere Application Serverreturning 404 error codes
PH36124WASX7017E: Exception received while running file "dumpIMPState.py"
PH37099Prevent high CPU resulting from concurrent server-status access
Java 2 Connectivity (J2C)PH31288J2CA0045E - Tolerating the connection error occurred event during the MatchManagedConnention
PH31875J2CA0079E: getManagedConnection internal illegal state = STATE_INACTIVE MCW
PH33941Deadlock issue when close JMS connection
PH34294Data source url property syntax validation does not allow new format in admin console
PH35899Java.security.unrecoverableKeyException after upgrading to WebSphere 8.5.5.19
Java Message Service (JMS)IT32212Topic handles are not closed when a Classes for Java MQQueueManager disconnects
IT32639JMS ConnectionFactory property CNLIST does not work in Apache Tomcat
IT32708Java MQ client application ArrayIndexOutOfBoundsException when using MQCCRED with TLS and SSLPEER
IT32925Update JMQI trace to remove unnecessary values from the options field
IT32987NullPointerException occurs when activation specification or WASlistener port is configured to use message retention
IT33590Resource adapter deployed into embedded WebSphere Liberty started via Liberty SPIs cannot make secure connections to MQ.
โœ“IT33772

IBM MQ is vulnerable to a remote code execution vulnerability (CVE-2020-4682)

IT34219Update Bouncy Castle shipped by IBM MQ
PH26041Adding support for 64 bit JVMS into the IMS adapter - JAVA
PH26255MQ JMS in CICS JVM server working with OSGI bundles fails with RC2058 MQRC_Q_MGR_NAME_ERROR.
PH31692Not all message listeners started in the control region after startup
PH34514WebSphere z/OS 9.0.5.2 Java.io.ioException: XMemProxy channel in a Servant failed to read from controller region
PH34576During shutdown of server, control region experiences hang in com/ibm/son/mesh/CfwTCPImpl.complete
PH34639destDescription message header with no value set after editing MQ topic configuration
PH34715Update the IBM WebSphere MQ JCA resource adapter to version 9.1.0.7
PH34816Server shutdown hangs due to deadlocked threads in Control region
Java SDKโœ“PH34711Vulnerability in Apache MyFaces affects WebSphere Application Server (CVE-2021-26296 CVSS 8.8)
JavaServer MyFaces (JSF) Apache MyFaces implementationPH36923java.lang.NullPointerException caused by PH34711
MigrationPH33872WASPostMigration fails with Java.lang.NoSuchMethodException
Object Request Broker (ORB)PH35522WebSphere Application Server servant or adjunct region may not come down quickly after a 5C6 ABEND
OtherPH34947AppScan: open source security vulnerabilities in isclite
Plug-inPH34305Adding deprecated messaging to plug-in topology centric generation
PH34566Limit number of retries for 503 responses
PH34644Adding log messages to 99SBootStrapPluginsIHS.ant to alert of bad httpd.conf path
PH36211Crash with plug-in 8.5.519 on Linux PPC64LE
PH36487WebSphere Application Server Webserver plug-in possible crash in detailedLog function
PH36942Ant script fails in post install processing
PMI/Performance ToolsPH35521Web application module PMI stats are sometimes not shown in the metrics.ear application output
SchedulerPH31154XOR encoding KeyStorePasswords and TrustStorePasswords used in Data source custom properties lead to SSLHandShake errors
SecurityPH28393Login audit for SPNEGO and Kerberos login
PH30522Do not allow a keySetGroup referenced by the default LTPA auth mechanism to be deleted
PH30570Provide an option to use only custom cookie name in traditional WebSphere
PH33038Intermittent error parsing an unchanged wsjaas.conf
PH34028Server does not start after enabling AES encryption
PH34899NullPointerException in security interceptor during WebSphere Application Server server startup
PH34963The underscores (_) in DN name cause profile creation error
PH35227The certificate monitor did not renew the default certificate on  8.5.5.17 using JDK1.7
PH35299A custom cache key is not returned correctly when the subject has more than one hashtable in the credential
PH35329If an extremely large number is input for LTPA timeout, it may exceed the maximum long value, resulting in an invalid token
PH35421Admin_repository_save audit events are not generated in an AdminAgent environment
PH35998When certificates contain multiple DNS or IP values not all values are displayed when viewing the certificate information
PH36007The GenAndReplaceCertificate task is not working when not connected to the server
PH36017eEror message CWPKI0662E is vague and does not provide user with much information to help them
PH36649AdminTask.validateAdminName results in NullPointerException when ran as operator role
Service Data Objects (SDO)PH35619Use of "OneDB" causes many "not a recognized database type" message error messages
Servlet Engine/Web ContainerPH29912Change default value for wc suppressHtmlRecursiveErrorOutput
PH35019There are scenarios where the http dispatcher will set a 404 status and send a response without ever engaging the web container
PH35470PMI stats for the servlet are not collected for application until application is restarted
PI80786HTTP 500 is returned from a request with too many parent directories (forward slashes) in the url
System Management/RepositoryPH35272"ADMG0811I: Changing value for this property password" message displayed when the value has not changed
Web Services (for example: SOAP or UDDI or WSGW or WSIF)โœ“PH34048XXE Injection Vulnerability in WebSphere Application Server (CVE-2021-20454 CVSS 8.2)
PH35981OverlappingFileLockException on z/OS after applying PH26972 interim fix
Web Services SecurityPH33170OIDC JWT authentication using custom cache key can be slow
PH34227OIDC RP: Support the Basic_Start_Authorization scope
PH34840OIDC RP: Make the state parameter alphanumeric
PH35185OIDC RP may fail with CWTAI2007E saying a noce claim is required when the nonce is present

Back to Top

Fix Pack 9.0.5.7
Fix release date: 26 March 2021
Last modified: 26 March 2021
Status: Superseded

๐Ÿ‘ Image
Download Fix Pack 9.0.5.7
ComponentSecurity APARAPARDescription
Administrative Console (all non-scripting)PH29167Performance and diagnostic advisor configuration causes warning message in the administrative console
PH29429Admin console not working correctly in some cases with fine grained security
PH30923Admin console is slow displaying security endpoint configuration
PH31120WebSphere z/OS 8.5.5.* details of com.ibm.ws.management.util.zos.TransformationError not in joblog
PH31184Fixes/enhancements for PH31613
PH31219Property to allow the monitoring role to do testConnections in the integrated solutions console
PH31564Setting string value on J2eeResourceProperty to empty string removes attribute
PH34318Extra character at the top of managing repository page
Dynamic CachePH31693Programmatically created object cache instances cannot be configured for replication
Federated RepositoriesPH33842CWWIM5107E error message seen reporting a failure against a WebServer node
GeneralPH31135Abend 0c4 in bbodaslu entry point BBODAL03 when daemon is stopped
PH26641IndexOutOfBoundsException when performing some of apis on SDO list
PH27557Apache Derby component currency update
PH29720EclipseLink jpql coalesce function uses improper whitespace
PH29786EclipseLink criteria builder in() expression creates incorrect SQL
PH29794EclipseLink in() expression fails with Oracle limit
PH29809EclipseLink ignores lowercase attributeOverride values on elementCollections
PH30128EclipseLink intermittent ConcurrentModificationException
PH30163WebSocket write thread could spin indefinitely on race condition
PH30529WebSphere Application Server service entered the running state msg is sometimes recorded twice
PH30827Session active for over 1 hour is not invalidated
PH30837EclipseLink converts boolean values to integer values in case expressions
PH31008Cryptic exception when session max count exceeded
PH31150NullPointerException during getSession when request contains a session ID with invalid length
PH31267For WSGrid STEP_COMPLETE_EXECUTION_FAILED should be rc -14 but throws -16
PH31416Improve performance of WebSphere EL implementation
PH31454Remove jackson-databind vulnerability CVE-2019-10172
PH31499Update EclipseLink to support ASM 9.0 for Java 16
PH31571EclipseLink intermittent NullPointerException from weaved entity code
PH31965WebSphere Application Server service generation fails on SLES 15 and above
PH32188Update the migration toolkit in WebSphere to version 20.0.0.4
PH32352Print trace points if cookies or url rewriting is enabled
PH32501Print trace points if session shared between WebModules
PH32561Print a message saying that the custom property is needed if the length of the JSESSIONID cookie is greater than 23 chars
PH32837WebSphere Windows service does not indicated started on German, Dutch and Japanese environments
PH33251Misleading message warning.jaxrs.cdi.provider.mismatch with JAX-RS 2.0
PH33299WebSphere Application Server Windows service continues to run when WebSphere ends unexpectedly
PH33596The WebSphere Windows service should not use startserver.log for its log file
โœ“PH33648Directory traversal vulnerability in WebSphere Application Server (CVE-2021-20354 CVSS 5.9)
PH34424Update Apache HttpClient to 4.5.13 for usage metering
IBM HTTP ServerFix ListDetailed list of APARs for IBM HTTP Server
InstallPH33568WebSphere Application Server 9.0.5.6 does not support the 64-bit version of Installation Manager 1.9.1.4 for HPUX
PH3464664-bit Installation Manager on z/OS generates warning messages
Intelligent Management ComponentPH32919ODC does not carry url-patterns associated with filter-mapping definitions held in module level WEB-INF/web.xml files resulting in 404 responses
Java 2 Connectivity (J2C)PH32187Receiving J2CA0646E error when updating MQ resource adapter
PH33233NullPointerException reported when getConnection for the database datasource that has no schema
Java Message Service (JMS)PH25633WebSphere Application Server throws Javax.transaction.HeuristicMixedException during JMS provider
PH28619JTA commit priority not applied to MQ provider JMS XAResources
PH32909zWAS channel framework leak of com/ibm/ws/tcp/channel/impl/ZAioTCPConnLink objects
MigrationPH30608NullPointerException when running WASPostUpgrade from profile root
Object Request Broker (ORB)PH27734zWAS poor filesystem performance due to CKACCESS / FSACCESS CML lock contention
PD tools (for example: Log Analyzer)PH29537[RFE 276826] Increase max number of historical files from 200 to any positive number in WebSphere Application Server traditional
PH30146Remove -serverName from -help listing in collector
PH30984Increase collector tool max heap memory size
Plug-inPH29434Avoid hang in odrHttpResponseContextClean() when using IM "MaxRequestsPerDaemon" option
PH29829Customers should not have their plugin-key.kdb/sth files within /etc
PH29837Plug-in IHS Ant script is not able to set the bits folder
PH29856PluginConfigGeneratorNLS.cprops files list 8.5 instead of 9.0
PH29951Plug-in cannot manually propagate without overrideAutoProp
PH30071Conflict between mod_deflate and the WebSphere Application Server plug-in
PH31857IBM WebSphere Application Server web server plug-in sets the incorrect default for IgnoreAffinityRequest settings
PH32280IHS server/plug-in loop at startup with zero byte plugin-cfg.xml file
PH32435Encoded characters (%2f etc) in URI
PH32528Plug-in does not allow personal certificates signed by CAS using weak signature algorithms such as Sha1WithRSA
PH32738Applying Plug-in fix pack 9.0.5.4 creates an unexpected empty file "c:\program"
PH33264System crashed when plug-in handles non-WebSphere request
PMI/Performance ToolsPH24409WebSphere Application Server traditional prometheus endpoint
PH29087TPV in WebSphere Application Server admin console shows incorrect activeCount value after servant region is restarted
Runtime and ClassloaderPH32612Unexpected server shutdown produces no additional debug data
PH32866WSVR0332I caused by unnecessary class loader package definition
SecurityPH30511Failed to create dynamic cluster and seeing lots of WKSP0501I: xx workspaces exist in the wstemp directory
PH30569Provide an option to only show the info user need in wsadmin getSSLConfig command
PH31086WIM exception in wsadmin using RMI with / character in username
PH31613Gssapi/kerberos ldap bind authentication support for LDAP
PH32041Plug point for custom password encryption is not working on 8.5.5.18
PH32284MalformedURLException connecting to stand-alone LDAP server with SSL(ldaps)
PH32467Provide option to tell the JSSE to use the server side s cipher order in a SSL communication
PH34651The RSA-PSS algorithm needs to be disabled when IBMJCEFIPS provider is being used
Services Component ArchitecturePH31130Node federation timeout
Servlet Engine/Web ContainerPH33180Enable TrustedHeaderOrigin to be configured with hostnames and IP segments
System Management/RepositoryPH24460Add configurable write timeout to IPCconnectorInboundLink
PH31439Non planned task management tasks never get deleted
PH32369Queue/topic connectionFactories for generic JMS providers are not selectable when mapping application resource references
PH32869Temporary EAR file not deleted after partial application update
PH33352JMS topics and queues for genericJMS providers are not selectable when mapping resource references
Transaction ServicePH29639Control process is terminated with error C9C21862 following a RRS RC 761
Web Services (for example: SOAP or UDDI or WSGW or WSIF)PH26629Error may occur when calling serviceDelegate.releaseService() SPI in client application
PH28223StringIndexOutOfBounds exception occurs during policy set attachment
PH29763Need an option to enable WSDLl4J verbose messages
โœ“PH33037Directory Traversal vulnerability in WebSphere Application Server (CVE-2020-5016 CVSS 5.3)
Web Services SecurityPH23614OIDC add programmatic support for some OAuth functions
PH30368OIDC RP may not delete session cookie when SameSite cookie policy=lax
PH30911OIDC RP: Allow a resource parameter to be sent to the token and authorize endpoints
PH31682OIDC RP may not load config from a non-default security domain
โœ“PH31727XXE vulnerability in WebSphere Application Server (CVE-2020-4949 CVSS 8.2)
PH32257NotSerializableException with OIDC
PH32421SAML assertions are not created with audienceRestriction
WebSphere Common Configuration Model (WCCM)PH31370Update ICU4J time zone information
PH32277Application Deployment is slow when application has many EJB jars
โœ“PH33228XML External Entity (XXE) Injection vulnerability in WebSphere Application Server (CVE-2021-20353  CVSS 8.2)
Workload Management (WLM)PH27505WLM can get in a loop when receiving compressed data running on z15 hardware

Back to Top

Fix Pack 9.0.5.6
Fix release date: 27 November 2020
Last modified: 27 November 2020
Status: Superseded

๐Ÿ‘ Image
Download Fix Pack 9.0.5.6
ComponentSecurity APARAPARDescription
Administrative Console (all non-scripting)PH26166Performance problems in certain collection pages of the WebSphere Application Server Admin Console
โœ“PH26220WebSphere Application Server Admin Console is vulnerable to cross-site scripting (CVE-2020-4578 CVSS 5.4)
PH26874ADMA8019E warning even if "validate input" parameter set to off during the deployment
PH28097j_security_check allows GET requests
PH28098Users without appropriate roles can access links that eventually throw errors
PH28336WebServer virtual host creation failure
โœ“PH29871WebSphere Application Server Admin Console is vulnerable to a directory traversal vulnerability (CVE-2020-4782 CVSS 6.5)
PH30566After updating to WebSphere Application Server 8.5.5.18 and WAS 9.0.5.5 accessing the admin console fails with 500 error
PH31320Tivoli Performance Viewer (TPV) servlet summary report page not rendering images correctly
Default Messaging ComponentPH27391Possible hang during JMS session close called from exception handler
EJB ContainerPH26295Injection processing in adjunct region for z/OS for war modules causes CWNEN0044E error
PH27497CNTR5010E, CNTR0075E errors after migrating from WebSphere V8.5.5.x to V9.0.5.x
PH27912CNTR5104E or CNTR5102E occurs at EJB start after upgrading WebSphere to V8.5.5.16, V9.0.5.0, V9.0.5.1, or V9.0.5.2
Federated RepositoriesPH23888ldaphelper.getRDN failover does not properly account for escaped commas
PH28634Remove extra logging from UI script
GeneralPH17014m\Manifest attributes for annotation filtering are not being honored
PH26451ODRLIB should consider all VCs when searching for the server app a request has affinity with in multi-cell topologies
PH27629CDI resource injection of managedExecutorService
PH27825Deadlock in HPEL code when running sip tracing
PH27883CWXRS0003W message in adjunct region with DynaCache enabled
PH28308Eclipse link illegal access warning from reflection
PH28420WSGRID batch job fails with ABEND0C4 in ImqBin
PH28458JaxRsClientImpl memory leak related to hash set
PH28535JaxRs ServletException should include root cause
PH28733Server not shutting down when started in recovery mode when using HPEL
PH28795Update the migration toolkit in WebSphere Application Server to latest version and remove setting sourceJava and sourceAppserver manually
PH28961Update EclipseLink to support ASM 8.0.1
PH28985Update EclipseLink to support ANTR 3.5.2
IBM HTTP ServerFix ListDetailed list of APARs for IBM HTTP Server
InstallPH29376Silently install any required Visual C++ redistributable runtimes on Windows
PH30851Updating fix pack 8.5.5.15 with the interim fix PH25216 fails
Intelligent Management ComponentPH26451ODRLIB should consider all VCs when searching for the app
PH29876WebSphere 9.0.5.1 through 9.0.5.4 renameCell command fails on Windows
Java 2 Connectivity (J2C)PH28590Plain text password in ffdc log
Java Management Extensions (JMX) or JMX Client APIPH24396Add ability to generate multiple JavaCores before node agent restarts unresponsive application servers
Java Message Service (JMS)IT27711Trace enhancements for the IBM MQ classes for Java/JMS
IT30751Java application remains connected to queue manager if PCFAgent.connect() throws an exception
IT31238MQ classes for Java application cannot get NameValueData from RFH2 when using CCSID 1200 with little endian encoding
IT31623MQ classes for JMS incorrectly treat messages with headers that have a CCSID field set to -2 as poison messages
IT31900MQ Classes for JMS application unable to consume a JMS MapMessage containing Unicode escape sequences
IT32835Update Bouncy Castle shipped by IBM MQ v9.1
PH26694An MDB bound to MQ via a listener port stops consuming messages after an mqrc_connection_broken error
PH26914A rare timing condition may lead to the file store stopping
PH30037Update the IBM WebSphere MQ JCA resource adapter to Version 9.1.0.6
SE72595JAVA MQCONNX fails with CC=2, RC=2009 in non-threaded environment on IBM i
Java SDKPH27131WASAnnotationHelper map memory leak
JNDI/NamingPH27291com.ibm.ws.naming.util.helpers.isJavaContextChangeAllowed() not correctly detected the clientcontainer stacktrace
โœ“PH27583WebSphere Application Server is vulnerable to an information disclosure vulnerability
(CVE-2020-4629 CVSS 2.9)
MigrationPH29310MIGR0272E: The migration function cannot complete the command. caused by: java.lang.classNotFoundException: com.ibm.websphere.mo
Object Request Broker (ORB)PH27364WebSphere z/OS 8.5.5.17 ABEND 0C4 (gpf) in com/ibm/ws/asynchbeans/services/wlm/enclavemanager.deRegisterWorkunit
Plug-inPH26422Flexibility needed in setting $wssn used in place of host: header
PH26475Switch iis_webserver plug-in binaries to symlinks
PH26856ServerIOTimeoutRetry defaults to 0 (none) if property does not exist in plug-in configuration
PH27966Plug-in does not set special header $wsxx for WebSocket request
PH27968Allow non-rfc5280 certificates by default
PH28096http_plugin.log entries for SSL read/write errors are treated like a timeout
Runtime and ClassloaderPH26130Add parallel class loading support to WebSphere Application Server application class loaders
SecurityPH12072SMF records not recorded with security auditing using the SMF emitter with SECURITY_FORM_LOGIN and SECURITY_FORM_LOGOUT
PH25204After server is restarted, SpnegoTokenHelper API may fail due to the lack of Kerberos credential
PH26308ldaptestquery tool for stand-alone ldap server is not honoring specific ssl settings set at test query tool
PH26841Java2 security is accessing unexpected places
PH27580Custom encoding plug-in fails to load when the file path includes space
PH28196Sensitive Information may be stored in a system dump
PH29343Allow receiveCertificate to handle PKCS7 files
PH29377Unable to read multiple certs from a cert file
PH29549Displaying email entry in SAN for information user did not provide
PH29840Create the ability to select TLSV1.3 protocol
System Management/RepositoryPH26777Enable post sync deploy processing on the Dmgr with system prop
PH28307WebSphere 9.0.5.1 through 9.0.5.4 renamecell command fails on windows
PH30918Incorrect Java library path set when a server SDK is different from the node/profile sdk
Transaction ServicePH10643Cascading server restart due to transaction auto peer recovery locking issue
PH22988Communication delay between WebSphere Application Server and MQ
PH23464Provide a mechanism to disable one-phase commit optimization
PH23968Java.util.ConcurrentModificationException when stopping server
Web Services (for example: SOAP or UDDI or WSGW or WSIF)PH26204org.apache.axiom.om.omException: a data handler was not found
PH26778Axis2 JAXBUtils class consuming large amount of memory
PH26972zWAS JAXBContext cache corruption possible in multi-servant environments
โœ“PH27157WebSphere Application Server is vulnerable to an information disclosure vulnerability (CVE-2020-4576 CVSS 5.3)
โœ“PH27509WebSphere Application Server is vulnerable to an information disclosure vulnerability (CVE-2020-4643 CVSS 7.5)
PH28645AbstractMethodError in WsdlReaderImpl.getDocument
PH29156Jax-WS client may not send request to provider: expose SerializeSecurityContext at JVM level
Web Services SecurityPH27514OIDC TAI add basic auth support for the JWK endpoint
PH27827OIDC RP support unique clientId and clientSecret for introspection endpoint
PH27971OIDC RP: Expose end_session_endpoint with an api
PH28253OIDC RP should intercept callback from OP without special filter config
PH28386PODC RP: Give the option to validate a JWT access token
PH28534OIDC TAI: Do not load config entry if no filter defined
PH29099OIDC RP: ClassNotFoundException for jsonutil$dupekeydisallowinglinkedhashmap
z/OSPH28143Abend DC2-4f003b24 in the zWebSphere daemon process in module bbgorb

Back to Top

Fix Pack 9.0.5.5
Fix release date: 4 September 2020
Last modified: 4 September 2020
Status: Superseded

๐Ÿ‘ Image
Download Fix Pack 9.0.5.5
ComponentSecurity APARAPARDescription
Administrative Console (all non-scripting)PH21166Connection pool timeout hover help is confusing
Contexts and Dependency Injection (CDI)PI95074WELD-2466 null pointer exception in Web service calls
EJBDeploy (WSAD)PH24687How a deprecated message when running EJBDeploy
GeneralPH21046First element in list gets duplicated when parent is copy of another parent with a child list that replaced with copy of itself
PH21285ClassCastException setting max query results in EclipseLink
PH21925EclipseLink DB2 z/OS uses invalid query to ping database
PH24296Update EclipseLink to support ASM 7.3.1 for Java 15
PH24309EclipseLink does not correctly identify Oracle 19c platform
PH24526EclipseLink exception after migrating to Liberty 19.0.0.12/20.0.0.3
PH25463With HPEL enabled and "enable log record buffering" set to true, the text log is not updated instantly
PH25728Performance: JAXRS2.0 slow performance doing getBeanManager
PH25972Updating the WebSphere Application migration toolkit (binary scanner) in WebSphere Application Server to the latest version
โœ“PH26083WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4534 CVSS 7.8)
โœ“PH26761Vulnerability in Apache Batik affects WebSphere Application Server (CVE-2019-17566 CVSS 7.5)
PI97483EclipseLink re-sorts insert and removes statements within a single transaction at commit
IBM HTTP ServerFix ListDetailed list of APARs for IBM HTTP Server
InstallPH26325Fail to check VisualStudio 2013 redistributable package during IHS fix pack install
Intelligent Management ComponentPH25657ODR needs to handle encoded URI request patterns
PH25931Min/max instance script update does not update min/max nodes
โœ“PH26354WebSphere Application Server ND is vulnerable to cross-site scripting (CVE-2020-4575 CVSS 4.7)
PH26364Improper handling of INADDR_ANY by the Intelligent Management communication layer (P2P/SON) results in NPE
PH27037New property ppedition.rollout.softreset.waitToQuiesceApplication to set quiesce interval
PH27806Deadlock between com/ibm/ws/odc/nd/ODCTreeImpl and org/eclipse/osgi/framework/internal/core/BundleRepository blocks start-up
Java 2 Connectivity (J2C)PH21284Incorrect waitingThreadcount due to mishandling of interrupted threads
PH21407Out of Memory message is occuring when J2CModule reference is not freed up (j2cmodule = null)
PH23168NullPointerException with ShowPoolContents
Java Message Service (JMS)PH19730Launch client jobs failed to complete with error message of "components failed to initialize"
MigrationPH25522java.lang.NullPointerException while running migration BBOWMPOS job
PH26093Migration to WebSphere Application Server V9 moves all of the applications to the node profile
PH26288WASPostUpgrade extracts a file before its parent directory with regard to shared libraries
Plug-inPH23808SSLMapMode does not work correctly with the im enabled plug-in (odrlib)
PH26192Web server crashes when WebSphere plug-in dynamically reloaded
Runtime and ClassloaderPH24756WebSphere Application Server JVM start failed on parsing Meta-INF/ejb-jar_merged.xml
Schedulerโœ“PH27414WebSphere Application Server could allow a remote attacker to execute arbitrary code (CVE-2020-4589 CVSS 8.1)
SecurityPH21030java.lang.NullPointerException in com.ibm.ws.security.web.WebCollaborator is seen at Tomcat startup when using com.ibm.ws.ejb.thinclient_9.0.jar
PH21586ADMG0012E Unable to add the custom properties in CA client configurations
PH22557Creating a custom CA client by implementing WSPKIClient interface provided by WebSphere failed class loader
PH25309Preventing users from making a deletion of a certificate if the alias is being used in dynamic SSL config or SSL config
PH25855LTPAToken2 value is same after relogin
PH26401Add certificate extension support
PH27328The ModifyAuditPolicy command throws a NullPointerException
Servlet Engine/Web ContainerPH24879OutOfMemory event on Web service bais.create()
Session Initiation Protocol (SIP) ContainerPH25483SIP re-invite might be sent to wrong interface
System Management/RepositoryPH16464SERVER_LOG_ROOT is not set for a node agent initially
โœ“PH23853Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362 CVSS 7.5)
โœ“PH26952WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4464 CVSS 8.8)
Transaction Serviceโœ“PH25074WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4450 CVSS 9.8) and Information Exposure (CVE-2020-4449 CVSS 7.5)
PH25955Remove_partner_log_entry does not work for xaResource.recover() failure
Web Services (for example: SOAP or UDDI or WSGW or WSIF)PH22498JAX-PRC Web service client creation fails if an http redirect switches protocol when accessing the WSDL url
PH22765WSWS7054E error during WSDL generation due to ClassNotFoundException on javax.validation.ConstraintViolation
Web Services SecurityPH21827OIDC tai: NotSerializableException for JwtClaims error may occur
PH24501SAML Web SSO TAI may fail signature verification when a keyinfo contains both keyname and X509Data
PH24737OIDC RP: Make the introspection response available via api
PH25547OIDC incorrect behavior if opaque token is in authorization header and useJwtFromRequest=ifPresent
PH25697OIDC RP sessionCacheTimeoutMinutes=0 is not overriding idToken exp claim
PH25774OIDC RP: session cookie value is too short
PH26523OIDC RP allow call to userInfo endpoint to be disabled
PH26842SAML Web SSO ClassNotFoundException for TrustAssociationUtil in 9.0.5.4
PH26925OIDC RP generates JavaScript with extra end-script to send to op
PH27173OIDC RP login may fail when nonce is enabled
PH27213OIDC TAI: Give option to not write LTPA cookie in RP path
WebSphere Common Configuration Model (WCCM)PH25334Application update failure slow due to excessive retries
z/OSPH23733Unexpected transaction CPLT abend ASIB when transaction is rolled back
PH24730Repetitive characters at the end of message BBOA7101E
PH25359ABEND 0E0 interruption code 28 in BBOA1REG

Back to Top

Fix Pack 9.0.5.4
Fix release date: 12 June 2020
Last modified: 12 June 2020
Status: Superseded

๐Ÿ‘ Image
Download Fix Pack 9.0.5.4
ComponentSecurity APARAPARDescription
Administrative Console (all non-scripting)PH20162The configure scanner page is not enabled for monitor with admin access to an application
PH20878Add content-security_policy to the response header on the Dmgr
PH21177Update copyright for admin console
PH23369The color settings of console identity is backed to default
PH23600Hover help for ORB tracing is not helpful
PH23783Support url to go directly to three specific pages in the admin console
EJBDeploy (WSAD)PH21271Failed to run EJBDeploy when installing application by admin console
Federated RepositoriesPH23240Adding a node from 9.0.5.1+ dmgr fails for 8.5.5.17+ node with CWWIM5106E
GeneralPH17297Corrections are needed to the documentation in the IBM Docs for IBM WebSphere Application Server Version 8.5
PH18158SESN8558E: An attempt was made to write more than 2M to the large column
PH19392When checkpointing is turned on, it increases the node synchronization time
PH19805Display run_jobs_under_user_credential at startup
PH20390Add MaxHeap MaxInt error message
PH20397zOS atomic rollout fails when updating edition due to incorrect web server state
PH20735Dmgr CR issued ABEND0C4-11 dump after stop command
PH21049Enable-CDI manifest property not working if applied to war or jar modules
PH21413Validate zeroearcopy apps when running the binary scanner
PH22238HeapDetect: error notifying monitor: 52 message is logged on st
PH22517WS-Security may decode Kerberos token and retrieve the realm name for the principal name
PH23010NullPointerException can occur when JAXRS application is restarted without also restarting the containing server
PH23125Need informative message when session table does not exist on db
PH24552PI89036 causes native_stdout to fill up with repeating debug
โœ“PH25216Remote code execution vulnerability in WebSphere Application Server ND (CVE-2020-4448 CVSS 9.8)
IBM HTTP ServerFix ListDetailed list of APARs for IBM HTTP Server
Java 2 Connectivity (J2C)PH20373java.lang.indexOutOfBoundsException thrown from com.ibm.ejs.container.beano.reassociatehandlelist
Java Message Service (JMS)PH20912Unable to set sameSite cookie option with response.addHeader
PH21305Hang in adjunct region when deactivating IBM MQ resource adapter
PH22157Add support for the same site cookie attribute
Java SDKPH22773ConcurrentModificationException during JSF initialization
MigrationPH21293Better message for preventing double clone federated node migration
PH22671Incorrect server unique id in cluster.xml after clone migration
PH23359Message MIGR0590I is incorrectly formatted
PH24741Migration to WebSphere Application Server V9 may fail to carry forward some SSL endpoint configurations
Object Request Broker (ORB)PH22275HandshakeCompletedNotifier Failures Cause Socket timeouts
PD tools (for example: Log Analyzer)PH14607FileNotFoundException appear when running tWAS logViewer
PH15449No stack trace printed when NullPointerException printed
PH20856OSGI logs are not captured by collector tool
PH21934Profile root is not captured by collector tool for Windows 2016
Plug-inPH21258z/OS plug-in bld version does not show fix pack level
PH21768Plug-in fix pack does not update IIS_webserver copy of binary
PH22593Plug-in-gen dose not refer session management configuration of app-level which override when set web-level setting exist
Runtime and ClassloaderPH20328Wsadmin renameNode() and adminConfig.save() commands deleting wsBundleMetadata/jsf-myfaces.xml
SecurityPH14756NullPointerException in certificateMapper.getDNSubfield WebSphere setup with global security LDAP with security domain
PH19164If custom encryption module throws passwordEncryptException or passwordDecryptException, it can corrupt passwords in security.xml
PH20571When the audit policy is loaded, a commandValidationException occurs (SECj6051E)
PH21890External authentication retrieved user via TAI intercept as unauthenticated failed with null for getUserPrincipal
PH22986The renewed certificate is not honored when certificate expiration monitor renewed a certificate
PH23211Password on commandline is not masked correctly
Servlet Engine/Web ContainerPH17559NullPointerException occurs if a filter is first mapped to a named servlet, but the named servlet is added later
โœ“PH20847 Information Disclosure in WebSphere Application Server (CVE-2020-4329 CVSS 4.3)
Session Initiation Protocol (SIP) ContainerPH21349SIP notify arriving before 202 for refer causes a memory leak
PH22590: B2buaHelper.getPendingMessages might return an empty list when
System Management/Repositoryโœ“PH21511Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276 CVSS 7.5)
PH21848Display the absolute path value of the temporary location if the copy of asset fails
Web Services SecurityPH21178OIDC RP: Access-token refresh may be attempted when it should not
PH21611OIDC RP may attempt to refresh access tokens that are not expired
PH22038OIDC RP: session cookie name should to be related to provider_<id>.identifier but related to provider_<id>.clientid
PH22195OIDC RP: Enable use OpenID provider's well known configuration url
PH22621OIDC RP: Add programmatic support for grant_type = client_credentials
PH23572OIDC RP code flow cannot be used if JavaScript is not enabled
PH23697OIDC RP support RS512 support to OIDC TAI signature algorithm
PI96403OIDC RP does not support implicit login flow for initial requests
z/OSPH22659zWAS crash in bbog_failuremonitor::dispatchrecovery(mvs::stoken) following normal shutdown

Back to Top

Fix Pack 9.0.5.3
Fix release date: 20 March 2020
Last modified: 20 March 2020
Status: Superseded

๐Ÿ‘ Image
Download Fix Pack 9.0.5.3
ComponentSecurity APARAPARDescription
Administrative Console (all non-scripting)PH17962Request to allow web server log path to be outside of WebSphere Application Server and not require the .log file name extension
PH18268When a scheduler that an EJB timer service uses no longer exists, the console does not display an error
PH18480The client wants to use the admin console of the AdminAgent to restrict users who access Web admin console
โœ“PH18947Information disclosure in WebSphere Application Server Admin Console (CVE-2019-4670)
PH19089"Enable API Discovery Service" option missing from the Admin Console Web Container settings
PH19141VMM - LDAP attribute configuration - example first add of mail gets replaced by the second add of title
PH19401Administrative console fix to support bidirectional text fix in the breadcrumb and application install summary page
PH19920When invalid characters are introduced in the Admin Console url error page java.lang.nullpointerexception is received
Contexts and Dependency Injection (CDI)PH15728CDI not protecting the thread context classloader and loading a wrong version of xml parser
EJB ContainerPH18256CNTR5104E received when deploying EJB application
PH18828CORBA.MARSHAL: incompatibility between stub and tie on WebSphere batch application
Federated RepositoriesPH16420Non-participating repositories are accessed from WIM get api
PH19260WIMConfigurationException is thrown when updating caches on Admin Console
GeneralPH08220Add Db2/z named parameter support to EclipseLink
PH08470Since moving to WebSphere 9.0.0.8, jsf-nls.jar is not being found
PH10785javax.persistence.lock.timeout works incorrectly
PH10848Return null for aggregate functions with primitive type
PH11280PI58498 is not fixed on 8.5.5.13 under certain circumstances
PH11824How to insert CLOB data using LOB locator in EclipseLink
PH12133EclipseLink returns the wrong result for left joins with empty results from the right
PH13660Reduce HPEL buffer flush interval and timer implementation
PH13805Unidirectional onetomany mapping inserts with multiple foreign key references
PH14266Update EclipseLink ASM version from 6.2 to 7.0
PH14747EclipseLink binds untyped parameters on Db2
PH15440Issue with EntityManager: em.unwrap(connection.class) returns null with the property "eclipselink.jdbc.exclusive-connection.mode" set "Always"
PH16450EclipseLink: ORA-06550: Illegal character > in stored procedure on Oracle
PH16920EclipseLink: AggregateObjectMapping support for EclipseLink cursor
PH17812Intelligent Management Web Server Plug-in 9.0.5.1 crashes if an invalid trace specification is defined
PH17942Some session attributes are not stored with sessionDB of Oracle
PH18042Incorrect UOWexception thrown from UOWmanager when subordinate transaction is marked for rollback only
PH18842Update EclipseLink ASM version from 7.0 to 7.1
PH18844EclipseLinks COALESCE() JPQL function cannot handle null parameter values
PH18853EclipseLink incorrectly detects the HANA database platform
PH18854EclipseLink persistence provider property eclipselink.jdbc.sql-cast does not apply when set
PH18894Change the default value of modifyActiveCountOnInvalidatedSession
PH18898WebSocket connections closing results in hung threads
PH19061Multiple plugin-cfg.xml files & folders under profile_home/config/cells/ causing Liberty report hung on console
PH19292Issue with quotes
PH19880Update WebSphere Application Server migration tools to work with binary scanner updates
โœ“PH19989Denial of service in WebSphere Application Server (CVE-2019-12406)
PH20109EclipseLink mixes indexed and named parameter types for cursors resultlist
PH20275The session manager behavior after fix of PI78540 is not updated into the IBM Docs
PH20279Update Eclipse link to support ASM 7.2 for Java 14
PH20314Logviewer not able to write logviewer.pos file
PH20421EclipseLink: Unrecognized JDBC cursor type for Db2
PH20729AttributeOverride for complex embeddable mappings on EclipseLink fails
PH20786Missing parameter markers for EclipseLink stored procedures on Db2 z/OS
IBM HTTP ServerFix ListDetailed list of APARs for IBM HTTP Server
Intelligent Management ComponentPH11456Custom transport chains added to dynamic cluster server templates are not properly propagated to dynamic cluster members.
PH16498Implement the ability to disable the ODC REST Service
PH17812Intelligent Management Web Server Plug-in 9.0.5.1 crashes if an invalid trace specification is defined
PH19190cellname as IM property is not changed in the plug-in by scripting
PH19418Not all Tomcat templates are displayed in the admin console during Tomcat server creation
PI89036JVM crash on Windows in ProcessCPU64.dll while invoking PMI to collect CPU stats
Java 2 Connectivity (J2C)PH18072J2CA0163E error occurs when starting application
PH18970Connection pool hands out aborted connection
PH20223RRA=all trace results in SECJ0314W violation of Java 2 security permission error
PH20681Add support for IBM MQ XA recovery with QMIDS
PH20976AccessControlException when using connection.abort(ex)
Java Message Service (JMS)PH15289Updating the address include list for server transports causes an exception
PH18475Client received HTTP 500 error for their request due to java.lang.illegalStateException in the CR
โœ“PH19528WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)
PH20676Update the IBM WebSphere MQ JCA resource adapter to version 9.1.0.4
Java Persistence API (JPA)PH18777ConcurrentModificationException after PH07008
PH19943"java:app" jndi names in jpa <[non-]jta-data-source> emits warning during app start
JavaServer Pages (JSP)โœ“PH20785WebSphere Application Server is vulnerable to command execution (CVE-2020-4163)
MigrationPH15764WASPostUpgrade fails when the profile was created with symlinks
PH17993rar files missing if app server node is clone migrated twice
PH18458Migration is unable to resolve relative file paths correctly
PH18807Allow migration.properties to be modified for z/OS WebSphere migration
PH19287Excessive tracing with postUpgradeTrace=0 and preUpgradeTrace=0
PH19982WASPreUpgrade issue
PH20869Migration fails with java.lang.nosuchmethodexception:com.ibm.websphere.models.config.applicationserver.sipcontainer.sipcontainer
Plug-inPH19420Plug-in propagation for managed definition on remote node fails to copy plugin-key.kdb to webserver location on the remote node
PH19922Unnecessary polling can take place causing high CPU
PH20154Plug-in WebSocket upgrade request response code not verified
PH20311Plug-in does not read entire response from the socket when ESI is enabled and response shows data is not modified
PH20448IHS crash on restart when plug-in log rotation is enabled
Runtime and ClassloaderPH18939WebSphere Application Classloader provide wrong byte code to the JPA framework, which cause a ArrayIndexOutOfBoundsException
SecurityPH13835Outbound EJB-WOLA connection fails no_permission due to transportlayer settings being picked up from incoming RMI call
PH16017FFDC data output may display JAAS configuration information
PH18052Add an option to use hostname in ORB IOR
PH20055Provide an option to add KRBAuthnToken to Subject
Servlet Engine/Web ContainerPH15852Missing translation key: Exception occurred while running ServletContainerInitializers onStartup method
Session Initiation Protocol (SIP) ContainerPH17737WebSphere does not reject SIP invite with invalid CSEQ header
PH21614SIP requests with appropriate CSEQ numbers receive message 500 incorrect CSEQ
System Management ConfigurationPH15796Monitored directory deployment hangs when application is deployed on more than one target
System Management/RepositoryPH18800SADMA7021I message in a deployment manager systemout.log file causes confusion
PH21881Fix CD check in renameCell command
Transaction ServicePH08281Information services director fails when invoking a web service - deployment.xml composition unit is not found
Web Services (for example: SOAP or UDDI or WSGW or WSIF)PH16949WebSphere Application Server 8.5.5.15 / 9.0.5.0 - issues with annotation scanning filters (include-scanning-packages etc.)
Web Services SecurityPH15248OIDCClientHelper methods may return null unexpectedly
PH16455JAX-WS engine did not redirect response with 301 status code
PH17304OIDC RP cannot send a content-security-policy header to the openID connect provider
PH18150The OIDC RP does not check the id-token for an acr value if the configured auth endpoint url includes "acr_values"
PH19189OIDC RP cannot send a nonce parameter to an OpenID Connect provider
PH19333OIDC RP: unable to override the realm name in an idToken
PH19907OIDC RP: Login fails when createSession=true and http sessions exhausted
PH20118OIDC RP: should not require scope claim on response from OP
PH21008OIDC RP: The tai is completely disabled if any provider config fails to initialize
WebSphere Common Configuration Model (WCCM)PH16593Application with duplicate servlet-url mapping fails to deploy in version 9
PH17696Encrypted passwords deleted if custom encryption JAS is removed
PH19871BO attributes are not working correctly after upgrading to WebSphere 8.5.5.16
PH20188Incorrect time policy for Turkey in com.ibm.icu.jar
z/OSPH19192WaitTime is not passed to BBOCLSCC under certain circumstances

Back to Top

Fix Pack 9.0.5.2
Fix release date: 13 December 2019
Last modified: 13 December 2019
Status: Superseded

๐Ÿ‘ Image
Download Fix Pack 9.0.5.2
ComponentSecurity APARAPARDescription
Administrative Console (all non-scripting)PH14295Classloader conflict causing problems accessing the admin console in WebSphere Application Server
PH14552java.lang.arrayIndexOutOfBoundsException: array index out of range: 1 exception on WebSphere Application Server 8.5.5.14 after BPM 18.0.0.1 upgrade
PH15415Improve status text for scan error for the application migration scanner functionality
PH17272An error is shown in the administrative console, when viewing the systemout.log.owner or thesystemerr.log.owner files
PI94624Remove struts-legacy.jar from isclite.ear
Default Messaging ComponentPH16502In WebSphere Application Server messaging engine stops due to DSRA9110E when short duration lock feature is enabled
Federated RepositoriesPH14099Federated repository is not returning all requested attributes when searching
PH15390NPE when an expected attribute is missing from LDAP entry
PH15543CWWIM4564I saying it connected to the failover LDAP, when reconnecting with the primary LDAP
PH17028AdminAgent console can display incorrect security configuration
PH17839When adding an LDAP attribute that requires a boolean value, an invalidAttributeSyntax error occurs
PH18761NullPointerException is thrown when running deregisterNode.sh wsadmin
GeneralPH10371lrcmd.sh script ignores values specified in soap.client.props
PH12982"Write Interval" of HttpSession store configuration is not honored
PH13564WOLA is not freeing IMS tpipe after an error
PH14473Add translations for the access denied message
PH14926Deserializing a session loads classes form different class loaders
PH15038Provide "medium varchar(32672) for bit data" option
PH15134CSA shortage with WebSphere Application Server z/OS fix pack 9.0.0.9 BBOO0335E BPX1LDX load of bbodpcrt failed rc=84, reason=BDF0624
PH15733Simpledateformat usage in JAX-RS headers class causing arrayIndexOutOfBoundsException
PH15820OAuth provider may create a principal with Realm name prepended to user name
โœ“PH16353IBM Docs in WebSphere Application Server needs updated library (CVE-2015-7450)
PH16837Unresolvable variable warning message CWLRB6203W: issued when no action is required
PH17314Too many open files in WebSphere v8.5.5 SIBus messaging engine
โœ“PH17557Upgrade Apache Commons BeanUtils in admin console (CVE-2019-10086)
PH18467SEC-31: More secure password hashing for tWAS file registry
IBM HTTP ServerFix ListDetailed list of APARs for IBM HTTP Server
InstallPH15933showSDK.sh is missing from tWAS 9.0
PH16993Cannot install WebSphere Application Server 9.0 on Suse Linux Enterprise 15
PH17087Remove relabel_linux.sh from WebSphere Application Server 9.0
PH17876CRIMA1137W
PH18278Warning message is issued when install IHS and plug-in 9.0.5.2 and 8.5.5.17 on Windows without MSVC 2013 runtime installed
Java 2 Connectivity (J2C)PH13031oracle.jdbc.ReadTimeout setting not working using either jdbc-4.1 or jdbc-4.2 features
Java Management Extensions (JMX) or JMX Client APIPH16983Use trigger dump with request=exclusive instead of system dump
Java Message Service (JMS)๏ปฟPH01737Changing default to NIO on HP platform
PH14915At shutdown, when the fileStore is nearly full, threads persisting messages will hang
PH17473Case sensitivity issues when headers are not being cached
PH17811Update the IBM WebSphere MQ JCA resource adapter to version 9.1.0.3 + APAR IT30234
Java SDKPH16818File descriptor leak in defaultFaceletFactory
JavaServer Pages (JSP)โœ“PH13983Information disclosure in WebSphere Application Server (CVE-2019-4441)
PH14966JSF portlet bridge should not be bundled by WebSphere
MigrationPH15110Migration tool should notify the user in the case that the old value is not migrated
PH15970Add JAXRS upgrade messages to the WASPostUpgrade log
PH16438Migration fails in post migration step if configuration contains hostAlias defined with port="*"
PH17164SIB service disabled during selective migration
PH18142Running BBOWMPRO during a migration to a newer release of zWAS gets configuration mismatch error
PH18330Migrating a cell using the clone option does not create a different profile key
Object Request Broker (ORB)PH13233Remove unformatted trace entries
PD tools (for example: Log Analyzer)PH14607FileNotFoundException appear when running tWAS logViewer
PH15079Modify traceInit outputs BBOO0427E at 8.5.5.15
PH15449No stack trace printed when nullpointerexception printed
PH17273Collector tool does not collect properties files for IBM i platform
PH17283Diagnostic plans utility is incompatible with the java_dump_opts
Plug-inPH13091WebSphere plug-in has uneven distribution when multiple servers have a weight of 0
PH14563Plug-in merge creates extra URI group when erroneous ports are within the VirtualHostGroup
PH17449WAS HTTP plug-in fails to generate $wsra $wsrh headers
ProfilePH11873Create profile failed with java.net.uriSyntaxException: illegal character in path
Runtime and ClassloaderPH10673Property com.ibm.ws.runtime.dumpShutdown=true causes two heap dumps and two Java cores during shutdown
SecurityPH09722Reload the SSL runtime when certificate monitor execute
PH10457replaceCertificate is not horned to replace a personal certificate with another personal certificate
โœ“PH11248Information Disclosure in WebSphere Application Server (CVE-2019-4477)
PH15201Ayyedmin console login page does not show images correctly after authentication setting is changed to non-default option
PH15965Intermittent SECJ0129E after upgrade to 9.0.0.10 or 8.5.5.14
PH16741Client certificate authentication not finding previously logged in subject
PH17654WSVR0661W starts to happen after the application of 8.5.5.16
PH18217Need to stop auditing subsystem from doing DNS lookup
Servlet Engine/Web ContainerPH16279Memory leak in WebFragMergerImpl due to multiple start/stop of application without restarting the application server
PH18646Servlet caching does not work with default context root URI
Session Initiation Protocol (SIP) ContainerPH15985A Via header field in ACK requests might contain incorrect address in a dual stack environment
System Management/Repositoryโœ“PH14004Path traversal vulnerability in WebSphere Application Server (CVE-2019-4442)
Web Services (for example: SOAP or UDDI or WSGW or WSIF)PH09116NullPointerException generated due to a partial update of the EJB application
Web Services SecurityPH14676OIDC IP: Omit client_secret OAuth 2.0 parameter if the client_secret is an empty string
PH15626OIDC RP: Enable configuration of a login error url
WebSphere Common Configuration Model (WCCM)PH08678In WebSphere V8.5.5 AdminTask.extractConfigProperties incorrectly sets the CCSID value to 0 as the default

Back to Top

Fix Pack 9.0.5.1
Fix release date: 20 September 2019
Last modified: 20 September 2019
Status: Superseded

๐Ÿ‘ Image
Download Fix Pack 9.0.5.1
ComponentSecurity APARAPARDescription
Administrative Console (all non-scripting)PH09977Some Administrative console URLs are using target=_blank
PH10210Administrative console Pre-Login Banner is not displayed when Client Certificate Authentication is enabled
PH11318Do not display LOG_ROOT directories for Application Installation
โœ“PH11319XSS issues with the WebSphere Admin Console (CVE-2019-4270)
โœ“PH12325WebSphere Application Server Admin Console could allow a file traversal vulnerability (CVE-2019-4268)
PH12508After upgrading WebSphere Application Server to fix pack 11 (9.0.0.11), receiving message java.io.FileNotFoundException:SRVE0190E: File not found:/LibertyAdvisorSummary
PH13030Rename Liberty application migration analysis functionality
PH13295Scopes in resource panels are unsorted which makes it hard to find a specific scope
PH13303An 'Access denied' error is logged when the Liberty Advisor Summary column is populated regardless of user role
PH15351Admin Console updates to RemoveNodeListener and AddNodeListener Servlets
PH15700Target Java options are out of order on configure scanner page
Default Messaging ComponentPH07816WebSphere Application Server V9 throws CWSIJ0047E errors after messaging engine restarts or failovers
Federated RepositoriesPH01831LdapAdapter.authenticateWithPassword() discards the casual exception when throwing a new exception
PH11792Changing WSTEMP directory to a different directory with the following property websphere.workspace.root is not being honored
PH12039The WIM GET API does not consider the allowOperationIfReposDown setting on the realm
PH12167Authentication fails with a cause by of illegal capacity
PI97871Cannot change administrative user in federated repositories
GeneralPH07819After migrating from V8.5 to V9.0 JPA 2.1 application fails with ClassNotFoundException while loading JPA classes
PH09666java.lang.NoClassDefFoundError: com/ibm/mq/MQXAQueueManager may occur when using IBM MQ queues in WebSphere Application Server
PH10279Websocket client side connect does not set http query parameters
PH11818Unnecessary annotation scan happens if a class implements java.util.EventListener
PH12312Admin agent environments are unable to create migration reports through the console or wsadmin
PH12467WsSessionInvalidatorThread should have a thread number
PH12630JSESSIONID cookies may contain two consecutive dashes
PH13339Implement fine grain permissions for migration commands
PH13638Message CWSJR1138E was issued for JMS create session
PH13786ABENDCC3 RSN040E0001 in local communication close processing
PH13798Error resulting from PH09335 when USER_INSTALL_ROOT is unset
PH13807NullPointerException in the Sib code may happen when Cross Component Trace is enabled
PH14088Disabling isolation of third-party JAX-RS providers causes FileNotFoundException
PH14124The updated version 19.0.0.3 in the binary scanner needs to be added in WebSphere Application Server traditional
PH14351Update the binary scanner in WebSphere Application Server to 19.0.0.3.1
PI11818Information Center does not mention whether the clean up setting can affect or remove component versions that are attached to a snapshot
IBM HTTP ServerFix ListDetailed list of APARs for IBM HTTP Server
Identity ManagementPH18467Enhanced file-based and database repository password hashing algorithms
InstallPH11170Incorrect output of versionInfo -fix packs
Intelligent Management ComponentPH11807Routing policy HTTP rules console page broken and validation for duplicate ODR rules not throwing proper error
PH12773Add/Remove neighbor loop with messages ODCF8041I, ODCF8040I, and CWOBB1009W
PH14613Intermittent child process crashes on IBM HTTP Server and APACHE with intelligent management plug-in enabled
PH14796/MiddlewareAgentRPCService/noadmin allows for arbitrary file access of files in the WAS/profiles/dmgr directory
Java 2 Connectivity (J2C)PH101982CA0695E: Unable to find primary pool manager during failover processing for a resource with a JNDI name of ibm/cm
PH12983Missing mcwrapper id in J2C trace when a connection has reached its aged timeout
PH13915High CPU when synchronizing resources.xml
Java Message Service (JMS)PH13273Termination hung due to deadlocked threads in CR
PH15088Attempting to create a managed DUPS_OK JMS session outside a global transaction results in an AUTO_ACKNOWLEDGE session being created
Java Persistence API (JPA)PH07008Have OpenJPA updates the descriminator class cache as classes become loaded and registered in the metadata repository
PH13889OpenJPA enhanced classes version change causes warning
Java SDKPH09730ClassNotFoundException that occurs during JSF initialization
JavaServer Pages (JSP)PH12946StringIndexOutOfBoundsException when using JSF 2.2 in Liberty
MigrationPH14471Need to suppress checkpoint messages during WASPreUpgrade operation
PH14583WASPostUpgrade does not allow the option -clone true to be used with the option -setPorts useOld
PH14635WASPreUpgrade in remote migration jar does not work on zLinux
PH15019Spaces in the application name causes migration failure as WASMigrationAppInstaller gets parsing error
PH15020When multiple applications are migrated as the same time, some may not get migrated
PH15060WASPreUpgrade - The plug-ins directory was not in the list of WAS_INSTALL_ROOT protected directories
PH15373Dmgr CoreGroup template is not found
Administrative Console (all non-scripting)PH13095If the admin agent console times out, the username/password must be provided twice
PD tools (for example: Log Analyzer)PH12910java.lang.StringIndexOutOfBoundsException & SRVE0232E occur while accessing admin console
PH14673WebSphere Application Server Diag Plan summary log showing a wrong trace dump file directory
Plug-inPH09316New plug-in configuration copies the etc/plugin-key.rdb file unnecessarily
PH11287Web server Plug-in crashed in memcpy call ws_ReallySendRequest function
PH14125Allow empty reason phrase on 100-Continue
SecurityPH06574When creating a new webserver definition in the integrated solutions console, plugin-key.kdb (CMS keystrore) is not generated
System Management/RepositoryPH10218Logging for JVM is not showing up on the console
PH11113Cannot map a J2EE role named role to users and groups
PH12932Missing Javadoc in the ManagedObjectMetadataHelper APIs
Transaction ServicePH07541Transaction scoped observers do not fire
PI95615Application server startup fails with the message Base product version for node myNode is not available
Web Services (for example: SOAP or UDDI or WSGW or WSIF)PH08025J2CA0045E on WebSphere Application Server V9 when a Web service uses a connection factory
PH10556The <dmgr_profile>/temp/wscache/installExtract folder is not being cleaned up after the deployment or after DMGR restart
PH11905Increased deployment manager startup time is caused by inefficient data structure
Web Services SecurityPH11684OIDC: Failed to validate id token, exception thrown during verify [JsonObject]
PH13175Tokens are not revoked when sessions are evicted from the cache
PH13533Web Service request containing WS-AT Context fails if provider Web Service is configured to support WS-RM
WebSphere Common Configuration Model (WCCM)PH08461During DMGR startup the /tmp folder is filling up and preventing the DMGR from starting
PH09294Slow application startup for applications with many files
PH12669NullPointerException occurs in EMF due to concurrent initialization
PH13545Temporary files created during application deployment are never deleted

Back to Top

Refresh Pack 9.0.5.0
Fix release date: 28 June 2019
Last modified: 28 June 2019
Status: Superseded

๐Ÿ‘ Image
Download Refresh Pack 9.0.5.0
ComponentSecurity APARAPARDescription
Administrative Console (all non-scripting)PH10072Add secure attribute to cookies
PH10464URLs based on the admin console return error 500
PH10816Serviceability issues for Liberty advisor feature
PH10824UI bug fixes and changes for liberty advisor feature
PH10831Add color to navigation border to make color change more visible
โœ“PH11381Information Disclosure in WebSphere Application Server Admin Console (CVE-2019-4269)
EJB ContainerPH08828OutOfMemory in InjectionEngine cache
PH12563Support JIT deploy of EJB 1.x and 2.x modules
Federated RepositoriesPH05207NullPointerException occurs when nameInRepository is not set in wimconfig.xml
PH08837LDAP search fails with numberFormatException
PH10154Group members are not listed (in manage users/groups) when domainNameForAuomaticDiscoveryOfLDAPServers is configured
PH11325In rare cases, the federated repository attributes cache will store an attribute beyond the specified cache timeout
GeneralPH01829lrcmd command fails with socketTimeoutException
PH04833Java batch scheduler in WebSphere V8.5.5 running OutOfMemory
PH05228JSF portlet fails with illegalStateException when processing JSP
PH06301CWLRB6179E: Failed to invoke EndPointCRMBean
PH07176Checkpoint throws WKSP0009E error message
PH08375WASServiceHelper.bat builds command contains "stopargs" twice
PH08510WSGrid fails with java.lang.runtimeException: parse error 1
PH08548The number of concurrent sub jobs running under a top-level batch job may exceed the configured maximum
PH08683Fix tracing NPE in wasJaxrsClientTimeoutInterceptor
PH08898WebSphere V8.5.5 job scheduler throws NullPointerException
PH08920ConcurrentModificationException at CDI code
PH08934IBM MQ listener port stopped working after upgrading to WebSphere V9.0.0.9
PH08993CWLRB6203W is issued for properties which do not need a value
PH09233CDI application with WEB-INF libary fails to start in loose config
PH09335Managesdk.sh does not set user.install.root
PH09407CommonExtensionsHelper class prints out a lot of information messages
PH09657Usage Metering discards metrics on HTTP 500 response from metering service
PH10119Add support for CICS 5.5 to optimized local adapters
PH10333During extension of clusters jobs abended with rc=12 and existing endpoints are not found
PH10372High memory usage consumed by logViewer
PH10542java.lang.noClassDefFoundError: com.ibm.websphere.csi.j2eeName
PH10640Versioninfo.bat returns the error "The system cannot find the path specified"
PH10843JavaMail password hardcoded to null in the trace
PH11142Running the wctcmd.bat from outside of the <wct_root> directory causes
PH11334Need to check users WebSphere Application Server version and source Java version
PH11542DefaultApplication changed in 9.0.0.11
PH12012WebSphere Application Server V8.5 causing delay in J2C method "entering timing:"
PH12252CDI cannot function with per module hot restarts. Currently it disables them on any app where CDI is enabled
PH12499Upgrade JAXRS2.0 in WebSphere Application Server from Version 3.0.3 to 3.1.18
PH12560Support customization of usage metering metrics
High Availability (HA)PH08584Moving dynamic cluster to new core group fails to update dynamic cluster s server template
IBM HTTP ServerFix ListDetailed list of APARs for IBM HTTP Server
InstallPH09811Installation of WebSphere Application Server V90 offerings were not blocked on Suse 11 patch
Intelligent Management ComponentPH07819Remove DOM package version from VE import
PH09810Health controller stops working when executing Health Policy actions
PH11655OVERLAY_ TCP_ LISTENER_ ADDRESS port can be used to execute arbitrary code across cells
โœ“PH12533Admin Console allows Client-side HTTP Parameter Pollution and xss
Java 2 Connectivity (J2C)PH04931FFDC for java.lang.illegalStateException logged intermittently while many transactions starting in parallel is not a problem
PH07318WebSphere Application Server does not properly handle exception thrown by Db2 driver
Java Message Service (JMS)PH09048During TIBCO EMS server failover, transaction rollback issues may occur that lead to stuck messages on the TIBCO queue
PH09262Update IBM WebSphere MQ JCA resource adapter to 9.1.0.1
PH09750Hanging threads in com.ibm.ejs.jms.jmsQueueConnectionHandle.createQueueSession
PH11186HTTP inbound channel custom properties trustedHeaderOrigin and trustedSensitiveHeaderOrigin do not work properly on z/OS
Java SDKPH06008After migration from WebSphere Application Server 9.0.0.5 to  9.0.0.6 JSF failed with unable to create view "/web/common/loginsuccessblank.xhtml"
JavaServer Pages (JSP)PH08381JSP compilation error when using line comment within JSP expression
PH11216Redirect context root for missing slash fails in WebSphere Application Server V9.0 and Liberty when using HTTPS connection
MigrationPH07835Migrating a cell using the clone option does not create a different coreGroupUID
PH07936Migrating to WebSphere Application Server V9.0 but application did not get deployed
PH09937After migration, create element automatically that not exist before migration
PH10778Selective migrations fixes
PI98398Migration job BBOMDINS incorrectly refers to install_all_apps.py instead of new tool WASMigrationAppInstaller.sh
Plug-inPH08290Plug-in needs to provide some GSKit scripts
PH08740Apache v2.4 web server plug-in crashed caused by a conflict withmod_was_ap22_http and mod_hpfilter2.4
PH08998WebSphere plug-in process is not properly cleaned up when using Apache piped logger rotate logs
PH09034Set default connectionTTL to 28 if not present in configuration for the WebSphere Webserver plug-in
PH09316New plug-in configuration copies the etc/plugin-key.rdb file unnecessarily
PH09639HTML dashboards fail in web query with HTTP 500 when running in IE or Firefox
PH10258ODRPortPathPrefix cannot be added from the WebSphere admin console
PH10504Servlet request remote address value is incorrect with WebSphere Application Server 8.5.5.15 plugins fix pack level
Runtime and ClassloaderPH05460Emit diagnostics for OSGIi unsatisfied bundle constraints diagnostics when starting a server
PH12606Store application classes in shared class cache to improve server startup
PI91529NullPointerException is thrown when processing application deployment.xml file
PI95165java.lang.illegalStateException can occur when an updated CDI application is republished to WebSphere Application Server
PI97290NullPointerExceptions while enabling the classloader traces
SecurityPH04135Behavior difference in getRemoteUser() and getUsePrincipal() in V8.5.5 vs V9.0.0 when JASPIC is configured
PH06236When selecting a certificate alias with mixed case an SECJ7428E error is received
PH08265Cannot remove audit notification: SECJ7387E: Audit notification in use
PH09574PI97974 was about LDAP search filter issue, which did not handle parenthesis correctly
Servlet Engine/Web ContainerPH10240Add trace to display virtual host mapping for a request
PI99214Error message "SRVE0190E: file not found: {0}" is missing file name
Session Initiation Protocol (SIP) ContainerPH07841SIP parse errors seem to put the parsing thread into a tight loop indefinitely
System Management/RepositoryPH07140Editing an application with EJB content in a WAR module may experience slow performance
PH10565Stopping an application server with wrong user or/and password failed with error from stack trace
PH10810Improve ADMA0245W message to include permission problem
Transaction ServicePH05716Backend JVM received mis-routed transactional protocol request needs to send back proper exception
Web Services SecurityPH08391Set WebSphere Application Server saml cookie to httpOnly
PH08804OIDC RP default identifiers are not available when customs are configured
PH10503OIDC RelyingParty TAI sessionCacheTimeoutMinutes is in seconds
PH10892OIDC RP has no api for obtaining tokens or manually triggering access token refresh
PH11107OIDC RP always includes port number on redirect_uri parameter
PH12520OIDC: Enable JWT SSO in WebSphere Application Server
WebSphere Common Configuration Model (WCCM)PH08461During dmgr startup the /tmp folder is filling up and preventing the dmgr from starting

Back to Top

Fix Pack 9.0.0.11
Fix release date: 5 April 2019
Last modified: 5 April 2019
Status: Superseded

๐Ÿ‘ Image
Download Fix Pack 9.0.0.11
ComponentSecurity APARAPARDescription
Administrative Console (all non-scripting)PH05129Prompt user for confirmation of stop cluster
PH05812The restart does not always work because of a change to the JVM so this provides a system property to stop/wait/restart instead
PH06242Change background color for admin console (RFE 120205)
PH06889Problems changing web_install_root and config path
โœ“PH07676
Potential denial of service in WebSphere Application Server Admin Console (CVE-2019-4080)
PH07698Incorrect application status for web server in target specific application status display
PH07915Update Admin Console jsp to remedy false error
PH08979Data power panels may show html in messages when creating objects
PH09151Add liberty migration effort details to application collection page in admin console
EJB ContainerPH01591Nonpersistent EJB timer dying if timeout throws exception on last retry
PH04528Scheduler failed after migration com.ibm.ws.ejbcontainer.util.ScheduleExpressionParserException: second: value not valid in string: null
PH06774ConcurrentModificationException from ReferenceContext starting web application
Enterprise Edition (EE)PH04187Issue with the Windows 125x support in XLXP during conversion of bytes to UTF-8
Federated RepositoriesPH02868Automatic discovery of LDAP servers fails with EntryNotFoundException
GeneralPH00071WebSphere z/OS 8.5.5.12 ABEND 0C4 in ORB_Request::setSystemException in control region
PH00353JAX-WS web service requests may fail when using an unmanaged client and Java 8 if WS-Policy is used
PH00738Push CDI beans to HTTP session on access
PH03222CWNEN0044E javax.xml.ws.WebServiceContext failed to resolve when started in adjunct
PH03840Attempting to create a new ilcontainer after sqlexception causes com.ibm.websphere.batch.ilc.ilcontainerexception
PH04583RuntimeException in VapBinaryStreamToSerializableObjectConverter
PH04653Updated CPU limit (--cpus) not recognized by usage metering feature
PH04727Illegal locale value : zh-Hans-CN
PH05071JVM hang when calling GarbageCollectorMXBean.getLastGcInfo for usageMetering-1.0
PH05126Provide support for com.ibm.websphere.jaxrs.server.DisableIBMEJBJAXRSInEJBJarsupport
PH05157When web request is processed, check that the affinity server has deployed the endpoint
PH05579z/OS ABEND130 RC02350001 during invalidation of a session following HttpServletRequestWrapper.changeSessionId
PH05700was-usage-metering.properties does not work in cluster name directory
PH06475Override EclipseLink JDBC parameter binding
PH07141Increase grammar's unresolved component cache size
PH07228Final usage metrics not submitted on server shutdown
PH07247Unnecessary HttpHostConnectException FFDC logged for usage metering
PH08182Invocation.builder#acceptlanguage() sets an invalid accept-language header
PI92331Large object com/ibm/xml/xml4j/internal/s1/util/symboltable$entry arrays
PI92638Reduce the amount of class loading performed by CDI
IBM HTTP ServerFix ListDetailed list of APARs for IBM HTTP Server
InstallPH08611Add prerequisite checker for Visual Studio 2013 runtime
Intelligent Management ComponentPH05157When web request is processed, check that the affinity server has deployed the endpoint
PH05544Custom property `HttpSessionCloneId` set at the sessionManager scope is not honored by ODC resulting in broken affinity
PH05754Cannot set a timeout for URLReturnCodeMetric which can cause blocking of other metrics
PH06668ARFM5024E: ARFM suffered unexpected exception while handling ODC event: com.ibm.wsspi.odc.ODCException: A svcgoal has no relationship with the following: cell (EXCM_HAS_NO_RELATIONSHIP1)
PH07605AIX ODRLIB starts generating 404s after many odrlib restarts
โœ“PH07725Cross-site scripting vulnerability in WebSphere Application Server Admin Console (CVE-2019-4030)
PH08082String concatenation issue with intelligent management for web servers plug-in causes 404 error
PH08503Configured cluster level resources are dropped when a dynamic cluster scales to zero members and back up again.
Java 2 Connectivity (J2C)PI97241Server hang on server shutdown due to deadlock
Java Message Service (JMS)PH02713Contention for the intrinsic lock in the JMSConnectionHandle.createSession method
โœ“PH06340Potential denial of service vulnerability in WebSphere Application Server (CVE-2019-4046)
โœ“PH07036Potential vulnerability in WebSphere Application Server (CVE-2018-1902)
PI95709PreferredServerList are not saved as the sequence as defined by client
Java Persistence API (JPA)PH04012Changing JPA spec level does not reset provider implementation class if one is set
Java SDKPH06389JSF can leak JarFiles causing problems with application removal
Messaging ProvidersPH05525WLM is failing the SIB destination lookup even though messaging engine is running without any issues
PH05890Unexpected response from WebSphere Application Server to data power client request
MigrationPH02818Not all virtual host entries migrate when migrating to WebSphere Application Server v9.0
PH05565Security domain definitions were not migrated correctly
PH06386migration.sh is not supported on Solaris and should not be packaged
PH06941SyntaxError: string constant too large in WASPostUpgrade application deployment
PH08887Migration enhancements for WCMT4IC
Object Request Broker (ORB)PH08205SMF 120 subtype 9 records should report the value of cvtzcbp
PD tools (for example: Log Analyzer)PH04941Trace triggered by trace for use under L2 direction
PH06130Trace to memory buffer stopped working when HPEL is enabled
Plug-inPH04047WebSphere Application Server plug-in V9 for IHS V9 and Apache 2.4. forward useragent_ip to support use of mod_remoteip in IHS V9 and Apache 2.4
PH06308WebSphere webserver plug-in crashes when handling WebSocket request in ESI cache
PH07999WebSphere 9.0 plug-in using SSL fails to read entire message above 8k in size
PMI/Performance ToolsPH05033JVM runtime - ProcessCpuUsage counter shows zero value
PH05230Count not present in the perfServlet xml output, under count TimeStatistic not present in the perfServlet xml
ProfilePH08731Increase default config file system size for WebSphere Application Server V9 dmgr/default/cell on z/OS on zPMT gui
Programming Model Extensions (PME)PH03333Deadlock situation in DefaultWorkManager:AlarmManager
PH06673WorkItem.getResult may return null and this cause NPE in customer's async bean application
Runtime and ClassloaderPH01742Fix pack 9.0.0.7 or 9.0.0.8, did not update JPA configuration file correctly
PI83239After upgrade to WebSphere 8.5, some applications using JAXB classes have noClassDefFoundError messages
PI88219WSVR0320W warning messages due to the deprecated module deployment class loading mode
PI91331Isolated shared library's parent is missing in the search path
PI99339NoSuchMethodException generated for the missing method in the UrlStreamHandlerAdapter
SecurityPH02480CMSKeystore is removed when webserver deletion is on hold without admin config save
โœ“PH05769Weaker than expected security with WebSphere Application Server with SP800-131 transition mode (CVE-2018-1996)
PH07760Correction for PH02461
PI98604CWPKI0666E: certificate "certificate alias " is not a personal certificate
System Management/RepositoryPH03989Issues with autodeploy feature on was 8.5.5 after applying Fixpack 13
PH06545AdminApp.edit command may not update servers correctly when using the MapModulesToServers option
PH07946Running managesdk on a node works but it modifies a JVM on another node
Transaction ServicePH02450WS-AT keeps consuming WebContainer threads
Web Services SecurityPH02192WebSphere Application Server OIDC RP extra <br/> tag added in saved post body
PH03525OIDC TAI may not intercept requests to http:// endpoints
PH04344Invalidate SAML token when user logs out from WebSphere application
โœ“PH07297Denial of Service vulnerability in Guava (CVE-2018-10237)
WebSphere Common Configuration Model (WCCM)PH01005NullPointerException when application provides a Xalan.jar
PH06565<multi-config> child elements are added to web.xml/web-merged.xml

Back to Top

Fix Pack 9.0.0.10
Fix release date: 14 December 2018
Last modified: 14 December 2018
Status: Superseded

๐Ÿ‘ Image
Download Fix Pack 9.0.0.10
ComponentSecurity APARAPARDescription
Administrative Console (all non-scripting)โœ“PH01617Potential file traversal in WebSphere Application Server (CVE-2018-1770)
โœ“PH01621Potential cross-site scripting in WebSphere Application Server Admin console (CVE-2018-1777)
PH01735Inputting an invalid webserver conf file path on the console produces a blank page
PH02638Getting blank screen in dmgr console when trying to update server template in dynamic cluster
โœ“PH04192Potential XML External Entity Injection (XXE) with IBM Docs deployed on WebSphere Application Server (CVE-2018-1905)
PI98354No test connection button for operator role in dataSourceName page in admin console
Default Messaging ComponentPH00027After migrating to WebSphere Application Server V9, the CWSID0046E error is seen in the logs
Dynamic Cacheโœ“PH02049Cross-site scripting vulnerability in cache monitor (CVE-2018-1767)
Embedded/ExpressPH01284Clean server OSGI cache on restart after hard shutdown
Enterprise Edition (EE)PH02564Outstanding request counters have incorrect values
Federated Repositoriesโœ“PH02811Privilege escalation vulnerability in WebSphere Application Server (CVE-2018-1901)
GeneralPH00908WASX7487E(bluemixutility.py) happens on remote wsadmin client
PH01108NPE in CDI weld when migrating from WebSphere Java 6 to Java 8
PH01368SAXParserFactory could not be instantiated
PH01590ras_default_msg_dd rerouted messages should be formatted with a timestamp
PH01681Case then and else scalar expression constants should not be casted to case operand type
โœ“PH01753Potential security exposure in WebSphere OAuth 2.0 client (CVE-2018-1794)
PH01832High CPU observed on the dmgr process driven by VisualizationEngine.CacheWorkItemsTP thread
PH02014Infinite loop scanning multi-release jars for annotations
โœ“PH02031Potential directory traversal vulnerability in WebSphere Application Server (CVE-2018-1797)
โœ“PH02063Potential security bypass in WebSphere Application Server with Expression Language EL (CVE-2014-7810)
PH02310Wctcmd command does not create a webserver definition
PH02564Outstanding request counters have incorrect values
PH02919Migration policy set issue
PH02992Eclipse link: add support for null foreign keys with unidirectional one to many relationship
PH03324Validation cluster may not appear on the Administrative console when using Application Editioning Validation capability
โœ“PH03492Potential Cross-site scripting in SIBMsgMigrationUtility (CVE-2018-1798)
PH03514When multiple JAX-RS applications are in the same war, WebSphere may select a provider from the wrong application
PH03523Eclipse link criteria api does not support multiple constructors
PH03604Update Apache Batik SVG toolkit library to 1.10
PH03710Annotation scanning include-filters not working
PH04119Administrative console `Runtime Operations > Applications` panel does not properly report application status
โœ“PH04234Potential cross-site request forgery in WebSphere Application Server  Admin Console (CVE-2018-1926)
PH04886Deadlock in DMGR when federating primary portal node
PI95333There is no way to detect if a compute grid batch job is producing grossly excessive output in its job log
PI97045Invalid content-type header logs arrayIndexOutOfBoundsException
PI97786Eclipse link throws "argument type mismatch" for JPQL case expression
PI99507Native outOfMemory errors due thread leak in OTIS connection handling
IBM HTTP ServerFix ListDetailed list of APARs for IBM HTTP Server
InstallPH02507Cannot install WebSphere 9.0.0.7 or 9.0.0.8 on AIX 6.1
Java 2 Connectivity (J2C)PH02222FreePoolSize reported incorrect count in TPV
Java Message Service (JMS)PH01447Improvement to SSL closing handshake
PI98757CreateContext() calls fail for IBM MQ provider using client-then-bindings mode
Java Persistence API (JPA)PH01768Deadlock potential exists with orm xml processing for OpenJPA
PH02349J2CA1004E seen in adjunct region
PI96578A third-party JPA provider may throw an exception at the end of Local Transaction boundaries
Java SDKPH01566JSF application initialization fails if the Faces Servlet mapping is only defined in a web-fragment.xml
PH03268NPE at JSF initialization
PH04382A context map in the JSF myfaces code is not being removed when the JSF viewscope bean is destroyed
Migrationโœ“PH01746Potential privilege escalation vulnerability in WebSphere Application Server after migration (CVE-2018-1840)
PH01984java.lang.nosuchmethodexception
PH02468Node_discovery_address port for federated node is 0 after remote clone migration
PI98695Dmgr cannot get status of node after migrating dmgr with clone true and migrating federated node with clone false
Object Request Broker (ORB)PH01699S0E0 abend with reason code 28 in orb_request::~orb_request()
PH03646Daemon ABEND0C4 in bboclssa and possible termination
PI94719WebSphere abend=00dc3000 rsncode=0a150001 moving node to new fix pack level
PD tools (for example: Log Analyzer)PH05042Traditional WebSphere Application Server HPEL logging json format
PMI/Performance ToolsPH01816NullPointerException in repositorycache.getrcsdatasourceresources
Runtime and ClassloaderPH02197Server assocated shared libraries not being picked up by WebSphere Application Server
SecurityPH00886Improve formlogout processing
PH01676createKrbConfigFile command leaves pipe character in Kerberos config file for encrypt types
PH02461Modifying OIDC rp custom properties in a security domain via the admin console resulted in duplicates
โœ“PH04562Potential information disclosure in WebSphere Application Server (CVE-2018-1957)
PI97974Invalid user id that contains a parenthesis should be escaped for stand-alone ldap configuration
Session Initiation Protocol (SIP) ContainerPH01070In a multi-homed environment a Via header field might not be set to the preferred outbound address
System Management/RepositoryPH01546JVM custom property to disable node synchronization
PH02503Server creation fails with NPE due to leftover application folders
โœ“PH03986Code execution vulnerability in WebSphere Application Server (CVE-2018-1567)
โœ“PH04060Code execution vulnerability in WebSphere Application Server (CVE-2018-1904)
PI91977WebSphere Application Server config files length zero bytes
โœ“PI95973Code execution vulnerability in WebSphere Application Server (CVE-2018-1567)
Transaction ServicePH02967NoClassDefFoundError initializing the Java EE application client environment
Web Services SecurityPH00569Openid Connect relying party handling of id_token expiry is not configurable
โœ“PH01752Possible security exposure in WebSphere saml web SSO (CVE-2018-1793)
WebSphere Common Configuration Model (WCCM)PI98177Package objects not available from archive class loaders

Back to Top

Fix Pack 9.0.0.9
Fix release date: 21 September 2018
Last modified: 21 September 2018
Status: Superseded

๐Ÿ‘ Image
Download Fix Pack 9.0.0.9
ComponentSecurity APARAPARDescription
Administrative Console (all non-scripting)PI98780Web server definition show incorrect status
PI99077Options menu to set log trace pops up but does not set trace
PI99675The kc.log file is being written under the user's home directory
Administrative Scripting Tools (for example: wsadmin or ANT)PI97106Allow to create custom property with leading space
Contexts and Dependency Injection (CDI)PH00063Injection point parameter issue incompatible reference - @inject java.lang.reflect.method
Default Messaging ComponentPI86995Errors captured in SIB logs within output of objectMessage.toString()
EJB ContainerPI95982timer.getInfo() not properly returning new instance
PI96086Nested EJB async method calls not honoring nested get(timeout, unit) timeouts
Federated RepositoriesPI88864Duplicate users returned if LDAP connectivity errors occur during paged searches
PI93552java.lang.runtimeException: an invalid XML character (Unicode: 0x0) was found in the element content:group
GeneralPH00250EclipseLink MapsId processing failure with nested embeddable IDs with common persistent field names
PH00438Provide switch to disable isolation of third-party JAX-RS providers
PH01114CDI fails to parse xml objects
โœ“
PH01221Potential man-in-the-middle attack in WebSphere Application Server for JAXRS (CVE-2018-8039)
PH01352Node-agent high CPU after TCPIP is forcefully stopped on z/OS
PH01719Infra update for JDK 9/10/11 support for EclipseLink
PH01810Provide connectivity with IBM Cloud Private metering
PI79520Compute Grid Proxy job abends with CC 4084
PI85709Add Watchdog timer to write waits on closing
PI89701ODC error logic that runs on the dmgr is erroneously removing OSGI app data from the ODC data structures resulting in 404
PI92847JPQLl with trim is not handled properly and it results in databaseException
PI95906It takes very long time to update EBA
PI95971The namespace prefix appresources is undeclared
PI96427When mail trace is enabled passwords are changed to be *******
PI96471Submit jobs option not available in WebSphere V8.5.5 JMC
PI96615OTiS application uses wrong virtual host if we create the dmgr profile as a part of cell profile
โœ“
PI97162Multiple vulnerabilities in Apache Struts and Apache Commons that is used by WebSphere Application Server UDDI
PI97945EclipselLnk JPA provider does not update version column as a bulk update parameter
PI97986StringIndexOutOfBoundsException occurs when reading custom routing policies for OSGi applications
PI98187HAMI0015E: Encountered an error activating member <null>. Exception was java.lang.NullPointerException v2
PI98400Mail engine does not process password specified in mail session
PI99036When using runtime provisioning in the dmgr, the help functions for the admin console are not available
PI99123Message checkin for RTC247424.3 serviceability improvement feature
PI99361Upon deployment, the <context-root uri..> entry in the ibm-web-ext.xml is changing position within the file
PI99410NullPointerException happened in the SNMP agent systemout.log
PI99546NullPointerException during shutdown at com.ibm.ws.bbson.interest.InterestManagerImpl$InterestAlarmListener.sendMsgs(InterestManagerImpl.java:1264)
PI99672Remove the first_rows hint from Oracle V10+ pagination queries
IBM HTTP ServerFix ListDetailed list of APARs for IBM HTTP Server
IBM iPI95735stopServer/stopNode/stopManager scripts hang when LOGOUTPUT is set to *PND in QWASJOBD
InstallPH00270versioninfo command of WebSphere Customization Toolbox does not work
PH00358Cannot install 9.0 Caching Proxy with CBR feature on windows
PI98012Warning message during the interim fix installation of IHS v9
Java 2 Connectivity (J2C)PH00304WebSphere Application Server Liberty not respecting max connection pool setting
PI93901NullPointerException in admin console when trying to display connection factory status for CICSECI resource adapter
PI96072NullPointerException in com.ibm.ejs.j2c.j2cutili
PI97372Intermittent J2CA0046E/NullPointerException when obtaining a connection from datasource
PI98542Error in pretest SQL string may result in unhandled open connections to db server
Java Message Service (JMS)PH00865Update the IBM WebSphere MQ JCA resource adapter to the latest version 9.0.0.4
PI96735Access log "maxfiles" attribute not working as intended with value of 0
Java Persistence API (JPA)PI97483

Eclipse link re-sorts insert and removes statements within a transaction

PI97686OpenJPA query cache miss results in classCastException
PI97786Eclipse link thros "Argument type mismatch" for JPQL case expression
MigrationPH01218Remote migration jar WASPreUpgrade.bat fails when path to Java contains a space
PI98798MIGR0573W seen running WASPreUpgrade on node profiles
Administrative Console (all non-scripting)PI97486Left panel of admin console does not disappear after auto log-off due to session timeout
PD tools (for example: Log Analyzer)PH00472Diagnostic plan cannot match messages from system.out or system.err
PH01211TRAS0018I missing when using "modify servername, tracejava"
PMI/Performance ToolsPI97663NPE in perfmodules.getConfigFromXmlFile
Programming Model Extensions (PME)PI96604StreamCorruptedException in workarea on WebSphere Application Server V8.5 with JDK 8.0.5.5 (sr5/fp5)
PI96800CDI resource injection does not work for managedExecutorService
SecurityPI94230Certificate monitor does not refresh RSA keys after renewal
PI94239Certificate monitor leaves temporary workspace
PI94291Certificate notification not working with SMTP mail server
PI97276Typo in empty truststore message
โœ“
PI98768Weaker than expected security using WebSphere Application Server(CVE-2018-1719)
Servlet Engine/Web ContainerPH01798Improve message "SRVE0080E:Invalid content length"
System Management/RepositoryPH00755Fixing concurrentModificationException reported during multi sync operation
PI69603Extra data in FFDC file generated by JSR160RMIConnectorClient.reconnect exception
PI99486Incorrect JDKSourceLevel values added when using "precompile javaserver pages files" during application deployment
Transaction ServicePI93971Control region terminates after WTRN0108I: contextDisassociation. Unexpected state: 3 and FailedXAResources = true
PI96153The CWRLS0030 message in V9 has a link to a troubleshooting article in the WebSphere V855 knowledge center
Web Services (for example: SOAP or UDDI or WSGW or WSIF)PI88318Incorrect version number was displayed when running endptEnabler.sh or endptEnabler.bat
PI92940Avoid sudden high CPU usage and threads hung on busy servers
Web Services Security
โœ“
PI78804Information disclosure in WebSphere Application Server using SAML (CVE-2018-1614)
PI94538OpenID connect relying party does not invoke the revocation endpoint on the OP during logout
PI95884JAX-WS WS-Security cannot use SHA384 or SHA512 digest algorithms
PI96508OIDC RP may not connect to token endpoint due to SSL handshake_failure
WebSphere Common Configuration Model (WCCM)PH00201jsp_2_2.xsd is not packaged in the com.ibm.ws.wccm.jar
PI97612Unset deployment descriptor attributes become set during deployment with web.xml using servlet 2.5 schema
PI98450Improve performance of detection of multi-release jars
z/OSPI97012CICS throws resp=8 resp2=34 going inbound via WOLA when servant is not started

Back to Top

Fix Pack 9.0.0.8
Fix release date: 29 June 2018
Last modified: 29 June 2018
Status: Superseded

๐Ÿ‘ Image
Download Fix Pack 9.0.0.8
ComponentSecurity APARAPARDescription
Administrative Console (all non-scripting)Start/stop of Webserver from the admin console fails after a change to the ProcessDef StartComamdArgs or StopCommandArgs
Duplicate ports are assigned when the node uses different host alias in same host machine where the dmgr is running
Accessing the admin console on the MS Edge browser causes some issues in the UI
Admin console command assistance gave wrong output for EJBTimer configuration
MANIFEST.MF file in isclite.ear does not get updated correctly with fix pack upgrade
SIB admin panels render incorrectly
"rollout update" option not shown during application update for users with both deployer and operator role
ORB connection cache minimum cannot be set to 1 in the admin-console
โœ“
Bypass security vulnerability restrictions in WebSphere Application Server Admin Console (CVE-2015-0899)
Dropdown menus for certain panels do not get populated
Russian Translation for OK Button
        โœ“Potential vulnerability in WebSphere Application Server (CVE-2015-0899)
Administrative Scripting Tools (for example: wsadmin or ANT)AdminApplication.getAppDeploymentTarget returns incorrect values
Contexts and Dependency Injection (CDI)Lookup for the java:app results in ConfigurationException if the lookup happens during the startup of the application
Web Services (for example: SOAP or UDDI or WSGW or WSIF)

weld-2466 null pointer exception in webservice calls

Default Messaging ComponentJMS transit through the SIB corrupts double byte characters
Expired messages is not be handled correctly when messaging engine restarts
Double Byte Character Set (DBCS)UserInternationalization javadoc contains broken links
Dynamic CacheServlet caching does not support HTTP 1.1 transfer-encoding: chunked requests
EJB Container"CORBA.MARSHAL: Incompatibility between Stub and Tie" on WebSphere scheduler application
EJB auto-link fails for Java:global with beanName provided
NullPointerException from EJSContainer postInvoke() method
CWNEN0030E when multiple deployed editions of an application contain the same environment entries
MessageEndpoints are not properly released
EJBDeploy (WSAD)Add missing database options to EJBDeploy on admin console
Enterprise Edition (EE)NullPointerException during JAXB.Unmarshal for @XmlMixed list
Federated RepositoriesWhen defining a root Base DN for a federated repository, display and login problems occur
Exception occurs when a mapping exists for PersonAccount or Group, but not both
Poor performance using file-based registry under load
Server fails to start when Domino Ldap server is not reachable
Users logging in with parentheses in their names cause "unbalanced parethesis error"
GeneralIn use count can be wrong after APAR PI77049 - causing ABEND=00DC3000 RSNCODE=0A150001
Wrong ID logged when stopping an app server through the admin console
Expired SIB messages might not be deleted after a messaging engine failure
PluginMerge script has issue when merge the ODR generated plugin with cell generated plugin
ODCF8101E java.lang.NullPointerException thrown
Injection exception: java.lang.IllegalArgumentException
Postinstaller messages are not printing out special characters
The server stop processing gets hung up in SIB component
WELD-2447 Client proxy serialization support should be container agnostic
Reduce the amount of class loading performed by CDI
Session Affinity can be broken and result in erroneous 503s
Intelligent Management enabled Pluginร‚ crashes from memory corruption errors after freeing web modules on routing table updates
OAuth 2.0 configured in a security domain may fail to initialize
Stabilize Product Insights Enablement
Incorrect headers in outbound request with JAX-RS 1.1
Update bluemixUtility command for data sovereignty regulations
Session not created on the database after changesessionid()
Enable OSGI option cleanupOnSave
โœ“
Information disclosure in Apache Commons HttpClient used by WebSphere Application Server (CVE-2012-5783)
Enhance workspace code to help reduce OOM problem
IllegalArgumentException in classreader during the annotation scan
WebSphere Application Server diagnostic plan
Do not give creational contexts to non-contextual managed object
StringIndexOutOfBoundsException occurs when reading custom routing policies for OSGi applications
High Availability (HA)HMGR0232E exceptions happen when creating core group bridges in a cell
IBM HTTP ServerFix ListDetailed list of APARs for IBM HTTP Server
IBM iIBM i deploying .war through /httpadmin interface fails
Java 2 Connectivity (J2C)Block the calling of several new methods on OracleConnection in the ojdbc8 12.2 driver that are unsafe
Unable to get progress database connections from progress OpenEdge 11 datasource
When using a JDBC 4.0 driver in WebSphere Application Server V9.0, connection, a timed out transaction cannot properly close connections
Incorrect db2_classes16.jar file path in the default description for the Db2 UDB for iSeries (Native) JDBC provider in WebSphere Application Server
โœ“
Information disclosure in WebSphere Application Server (CVE-2018-1643)
Java Management Extensions (JMX) or JMX Client API
โœ“
Information disclosure in WebSphere Application Server (CVE-2017-1743)
Java Message Service (JMS)Request to context root without trailing slash gets redirected, but the query string was not added to the redirect url
Setting system date 100 years into the future generates an ArrayIndexOutOfBoundsException
8.5.5.10 java.lang.OutOfMemoryError in z/OS control region with XCT enabled
Java Persistence API (JPA)Under certain conditions OpenJPA can insert an embeddable object into the Datacache map
DB representation of boolean values with Postgres is incorrect
Wrong context classloader in org.apache.openjpa.enhance.pc
JavaServer Pages (JSP)OutOfMemory issues from web container component WebComponentMetaDataImpl
The generated_web.xml is empty when installing an application using an exported ear and pre-compiling JSP option
Lambda expressions might fail to compile when using Java SDK 8 to compile JavaServer Pages (JSP)
The JSP engine is unable to find .tag files within the /META-INF/TAGS folder of a loose jar file
JNDI/NamingGot a warning "NMSV0822W" message during a server startup
Naming implementation in a IBM Thin Client for EJBs takes additional time while trying to look up EJBs in a wlp server
Messaging ProvidersJMS destination marked toBeDeleted cannot be destroyed and recreated
MigrationPort conflict after migrating from V7 on the same server into the same directory
Remote WASPreUpgrade fails on Solaris with "test: argument expected" error
Need ability to do config conversion from unsupported V6.1 configuration
Syntax errors in bbomigrt2.sh
Migrating from WebSphere V7 with a server-level security.xml causes postupgrade NullPointerException
WASPostUpgrade failed with MIGR0464E due to NullPointerException
WASPostUpgrade failing with NullPointerException coming from the serverIndexConfig
PD tools (for example: Log Analyzer)Stopserver script intermittently results in hang, fails to stop server
Plug-inPlugin propagate does not work from command line using GenPluginCfg.sh
Admin console command helper generating an incorrect script command for adding StashFileLocation plug-in property
Plugin generation should have a way to add RemoveSpecialHeaders to the configuration section
HTTP2302: Function as_handler aborted the request without setting the status code
Plug-in fails to write data with RC=10035 in windows
Runtime and ClassloaderSupport openConnection(url, proxy) using MultplexingURLStreamHandler in OSGI
Administrative console libraries are not designed to be run with a PARENT_LAST application class loader
High CPU utilization due to the classloader stack
SecurityCalling purgeUserFromAuthCache or a user that is in a group permitted to a role does not take affect
The ibm_security_logout page does not render correctly when the X-Content-Type-Options header value uses nosniff
JASPIC user group information is lost when using the jaspicSession
โœ“
Potential spoofing vulnerability in WebSphere Application Server (CVE-2017-1788)
Inconsistent behavior with replacing SSL certificates
Not able to renew a self-signed wildcard certificate
Authcache not updated with renewed subject
Enabling security audit breaks WebSEAL trust association
ArrayIndexOutOfBoundsException: array index out of range: 14
Security (zSeriesยฎ)High CPU and increased AUX storage in WebSphere Daemon if connection is closed during SSL handshake
Servlet Engine/Web ContainerScheduler services startup issues due to the resource binding issues with JNDI
OutOfMemoryError caused by a memory leak in WASAnnotationHelper
Session Initiation Protocol (SIP) ContainerHeaders in the sipproxy.log are different than in trace.log
SIP Container uses a wrong interface for a loopback request
System Management/RepositoryNot able to create a web server with Sun Java System template
ADMU3011E unable to start a web server using startServer command
Update the default values of JVM options -Xscmaxaot and -Xscmx to decrease application server startup time
Issue with application edition management and ADMA0159W messages
Transaction ServiceWS-RM internal error caused sequence containing application messages to be deleted
WS-RM sequence reallocation processing may delete application messages from the persistent store
WebSphere Application Server startup fails with WTRN0045W errors
App server controller terminates with C9C21A44 followed by C9C21A30
Client cannot unmount TRANLOG directory after calling disableMember on HAManager MBean when using memory-mapped files
Update IBM WebSphere MQ JCA Resource adapter to version 9.0.0.3
Web Services (for example: SOAP or UDDI or WSGW or WSIF)Two service clients displayed on administrative console for an application
WASAxis2ConfigurationBuilder loads the jax-ws-catalog.xml file using a call to 'getResource' instead of 'getResources'
JAXBException error occurred when a JAXB class was not included in JAXBContext
ConcurrentModificationException error may occur when running JAX-RPC application with v v9
Starting application fails with CWMDF0002E ArrayIndexOutOfBoundsException
Require the ability to mask or remove the "axis2ns1" in Web services SOAP Fault
โœ“
Update HttpClient for CVE-2012-5783
Web Services SecurityOIDC RP WebSphere Subject may not contain current access_token
OIDC RP authorizationEndpointUrl does not handle query parameters correctly
OIDC RP configuration of location of sign verify certificate is not customizable
OIDC RP does not support OP UserInfo endpoint
WebSphere Common Configuration Model (WCCM)The annotation scanning filter does not work when the filter is specified in the MANIFEST.MF of the application
The log4j-api-2.9.1.jar contains classes under the META-INF directory cause an exception during startup
Allow disabling CDI through application custom property

Back to Top

Fix Pack 9.0.0.7
Fix release date: 16 March 2018
Last modified: 16 March 2018
Status: Superseded

๐Ÿ‘ Image
Download Fix Pack 9.0.0.7
ComponentSecurity APARAPARDescription
Administrative Console (all non-scripting)Incorrect handling of invalid parameters in the admin console
KC_HOME property missing after migrating stand-alone WebSphere Application on z/OS from v8 to v9
Java 2 security is enabled briefly during WebSphere Application Server for z/OS server startup even when it is configured off
WebSphere admin console error message invalid format
New log4j libraries packaged in KCCI
MIGR0506E Migrate a profile that is registered to an admin agent
โœ“
Privilege escalation in WebSphere Application Server admin console (CVE-2017-1731)
โœ“
Information disclosure in WebSphere Application Server admin console (CVE-2017-1741)
ADMG0301W Warning when adding an application to the server in IBM WebSphere Application Server v9.x Developer tools
Set X-Content-Type-Options "nosniff" on Administrative console
Update struts.jar for latest fixes
Manageprofiles command failing to create new profile
Classes are missing in the Administrative console after ear deployment
Administrative Scripting Tools (for example: wsadmin or ANT)Wsadmin exits on sys.exit()
Issue invoking Jython script over ws_ant protocol
Default Messaging ComponentCWSIS1530E: The data type, 2, was found instead of the expected type, 3, for column
Enterprise Edition (EE)JAXB Unmarshaller may not apply default values for xs:anyType
General
โœ“
Potential denial of service in WebSphere Application Server JAXRS (CVE-2017-12624)
Enable session listener in portlet bridge runtime
Incorrect job status caused application to hang
Issue with allocating job numbers
List elements go missing when moving the list from one DataObject into another
Performance issue with SIB link connection when transferring large messages from one cell to another cell
Disable per module hot restarts on CDI enabled applications
Load module BBODPCRT can be deleted while still in use
When running with Java8, EBCDIC strings data conversion shows wrong behavior
NullPointerException occurs during application start
EclipseLink: provide support for generating sequence values in an ascending sequence
IndexOutOfBoundsException when setting a list on DataObject
Product insights throws NullPointerException
WSGrid writes the wrong version out in the messages
JAX-RS 2.0: javax.ws.rs.core.Request.selectVariant() returns incorrect value
NullPointerException in org.apache.cxf.jaxrs.impl.tl.ThreadLocalProviders.getContextResolver()
ConcurrentModification error might happen when tracing amm code
Update Weld to 2.4.5
ProductInsights errors after resuming from sleep state
Application startup fails due to NullPointerException during bean validation
โœ“
Security vulnerability in Apache Commons used by WebSphere Application Server (CVE-2016-1000031)
[CXF-7071] Problems reading post request parameters
Dynacache support for openJPA does not work
CWSIP0001E: An internal messaging error occurred in com.ibm.ws.sib.processor.impl.AnycastInputHandler.consumerAttachingร‚ 
{"integer type 0" != } returns true when it should return false
IBM HTTP ServerFix ListDetailed list of APARs for IBM HTTP Server
IBM iApp server fails to start when generic JVM argument value contain blank(s)
Intelligent Management ComponentODR server cannot be started after being created on plinux due on incorrect version of HeapDetect setting
Java 2 Connectivity (J2C)NullPointerException when using JDBC custom property jdbcTimingThreshold in WebSphere v8.5.5.x
The resource adapter sending a CONNECTION_ERROR_OCCURRED on a connection while it is in the free pool results in a negative connection count
Autocommit is not being reset back to default when using non-transactional Data source
Block the calling of several new methods on OracleConnection in the OJDBC8 12.2 driver that are unsafe
Java Message Service (JMS)NullPointerException generated when using async servlet and pmi on WebSphere Application Server v9
Java SDKFix bug MyFaces-4045 in IBM MyFaces implementation
Instances of Action Listener in a Facelet are not being removed until app shutdown
JavaServer MyFaces (JSF) Apache MyFaces implementationHung thread issue in MyFaces getPropertyDescriptor
Messaging ProvidersPossible abend EC3 timeout in WebSphere Application Server for z/OS servant region when running as client with WebServices and JMS (SIBus) in the same servant region
Diagnostics for CWSOM0005W: The ObjectManager found that the log file was too full
MigrationConfig host names not updated during migration when networks are isolated
Configurations of new target profile template remain untouched during migration although they do not exist in old profile
Migration process omitted LDAP failover configuration
DMGR started after waspreupgrade even though not originally running
WebSphere SSL protocol should be auto updated to SSL_TLSv2
Original app deployment log and trace are overwritten by waspostupgrade when deployment is retried
Migration changes the order of the login modules in the security.xml file
Plug-inUnable to use ECDHE cipher on outbound handshake from http server plugin
Invalid plug-in path for property "PluginInstallRoot" is created for WebSphere on iSeries
Secure transports may use the wrong timeout value if URL timeouts are configured using SetEnvIf
ConnectionTTL="0" in transport statements in the plugin-cfg.xml
IBM WebSphere web server plugin for iPlanet/SunOne sending wrong response code
PMI/Performance ToolsCannot start logging in Tivoli Performance Viewer
Runtime and ClassloaderBootstrap code to check the WebSphere product version xml files for updates to determine OSGi cache state
SecurityUnable to delete keystores due to corrupted deleted.p12 file
Remove unsupported security events from audit log
After deleting the existing default certificates, the newly created default certificates are using SHA1
WebSphere Application Server crashes when a user with disabled account logs in
Servlet Engine/Web Container
โœ“
Information disclosure in WebSphere Application Server (CVE-2017-1681)
Session Initiation Protocol (SIP) ContainerNPE might occur when the SIP container tries to determine an interface a request came from
System Management/RepositoryApplication server fails to start, and throws a NullPointerException
Admintask.extractConfigProperties is too slow
Re-implement the fixes for PI75986 and PI78268
Property file based configuration serviceability improvement
Web Services (for example: SOAP or UDDI or WSGW or WSIF)SAMLresponse XMLOutputFactory does not recognize the property "reuse-instance"
Web Services SecurityOIDC RP secure flag not set on the OIDCREQURL cookie
WebSphere Common Configuration Model (WCCM)Failure to delete temporary file during application deployment
CWWAM2601E errors during the startup of websphere application server v9.0
Annotation not processed in the ra.xml file during deployment of CTG cicseci.rar with WebSphere configured with Java 8
The log4j-api-2.9.1.jar contains classes under the META-INF directory cause an exception during startup
WEB-INF/lib classloader order specification
SaxParseException for a tag library does not display the file name
Allow empty main-class attribute in manifest.mf for application client module

Back to Top

Fix Pack 9.0.0.6
Fix release date: 21 December 2017
Last modified: 21 December 2017
Status: Superseded

๐Ÿ‘ Image
Download Fix Pack 9.0.0.6
ComponentSecurity APARAPARDescription
Administrative Console (all non-scripting)WebSphere administrative console display consent banner before granting access
The refresh does not delete the marker files created during uninstall
EJB remote home binding setting is not displayed correctly on admin console
ISC console's app deployment panel pause long time after finish button clicked, if clicked twice, deploys twice on large EAR
Dynamic CacheCreate a EntryInfo.SHARED_DEFAULT setting for the DynaCache sharing policy
Federated RepositoriesExtra information may be in trace when configuring a RACF LDAP repository
File registry.xml file not synchronized to nodes
User set custom property java.naming.security.credentials may not be encoded before being printed to wimconfig.xml
GeneralSynchronization begin method does not get invoked on the restart of a top level job
SchedulerException when deleting compute grid jobs from a clustered scheduler environment
When enable "start components as needed", cannot submit job from other cluster member not host the scheduler
Compute grid property overrides passed for a sub-job restart fail to be applied
Transactions become corrupted after CWSIC8007E, CWSIC2029E and CWSIK0016E error-messages in the jfapchannel
NullPointerException occurs while starting DMGR in policy set
Support CPU constraints in Product Insights
Allow modification of message driven bean bindings in OSGI applications to bind to listener ports
In WebSphere V8.5.5, after a lost database connection, WSGrid hangs and jobs remain in submitted state
How to disable the IBM batch implementation in WebSphere Application Server V9.0
DMZ SIP proxy parsing via header incorrectly
WS-Notification broker application fails with java.lang.NullPointerException
WebSphere Application Server controller region abends with ab/s0dc3 prcs/03080002 after modify RESUMELISTENERS
HTTP transport encoding cp943c will be used for JSTL params
Job log sections on the endpoint to fail on write when full
AdminJDBC.py script library to create a datasource fails on convertParamListToString
The message CWLRB1800I: Job [xxx] step [nnn] is skipped. is not printing in WebSphere 8.5.5.7 with compute grid
The context classloader is not getting set properly when loading CDI extensions at app startup
Ack Request sent on 2xx retransmission might be mapped to the wrong application session
Change of EclipseLink warning messages about multiple JMX MBeanServer instances
Hover help for plug-in's RetryInterval is wrong in the WebSphere Application Server console.
EclipseLink does not recognize Java 9 platform
Deadlock caused by WsLogManager and SIB trace code
java.lang.NullPointerException when starting an EBA containing an EJB
NullPointerException in LRUHashMap
Negative active session count is being reported
EclipseLink embeddable processing does not correctly multiple consumers
WebSphere SIP container delays 10 seconds when DNS is unreachable
JAX-RS trying to interact with a CDIManagedObject after it has been released
getRequestURI() in a JAX-RS resource throws IllegalArgumentException when URI contains UTF8 characters
Product Insights should be disabled when no config is present
The default initial and maximum heap sizes are incorrect for application servers created on an existing V90 profile
Message enhancement for BluemixUtility.login() command with a federated user
The AdminTask.createGenericServer() command failed with an IndexOutOfBoundsException in FFDC on z/OS
The changeSessionId() method behaves differently with session replication enabled
bluemixUtility fails to create/delete instances of Watson Discovery Service
Web Service injection processor is not being registered.
IBM HTTP ServerFix ListDetailed list of APARs for IBM HTTP Server.
InstallVersionInfo shows blank Java 8 build level and date
Intelligent Management ComponentNPE at com.ibm.son.mesh.CfwTCPImpl.ready(CfwTCPImpl.java:887) logged in ODCF8601E message after shutdown invocation
NullPointerExceptions are thrown in a node agent when another node agent is found stopped
During start up of the JVMs, receiving CWPTF0002W messages in the systemout.log
Intermittent issues with APC promptly responding to lazy start DC
During node agent startup NullPointerException in WorkProfilerHAManagedItem, issue can be ignored
WXIM0127E invalid value specified for routingLocations
Health policy log message for garbage collection percentage threshold exceeded is missing message ID
ActivityPublisher can move between DMGR and node agent, if ActivityPublisher is deactivated, NullPointerException occurs
Delay when setting node into maintenance mode
Java 2 Connectivity (J2C)Container-managed authentication alias not applied for JMS connection factories if mapping-configuration alias is not set
Multi-threaded deployment exposes race condition in connection factory initialization code
High number of rollback/aborts occurring during connection validation for JDBC connection pools
JMS connections from WebSphere Application Server are not destroyed after upgrading was to fix pack V8.5.5.12
JPA failure when defining data source custom property JDBCTimingThreshold
Java Message Service (JMS)Closing WebSocket session will throw NullPointerException
NCSA access logs %b option output displays "-" instead of the size of the response in bytes
Parsing errors when the connection is reused and there is unread data on the wire after the response is read
NullPointerException when attempting to create an activation specification using wsadmin
Java Persistence API (JPA)jpa application behavior changes after migration to was 9.0.0.4
ArrayIndexOutOfBoundsException from OpenJPA for @EmbeddedId
EclipseLink adds default schema twice for seqs on Db2
Java SDKCommit of HttpResponse in RENDER_RESPONSE(6)
Protected-view not working in Liberty 16.0.0.4
ProtectedViewException for a protectedview access while checking the OriginHeader for appContextPath
JavaServer Pages (JSP)ClassCastException with TransformerFactoryImpl when running JSPBatchCompiler
JspFactory.getDefaultFactory().getEngineInfo().getSpecificationVersion() issue
Messaging ProvidersMediation points stuck in waiting for status
MigrationAllow WASPreUpgrade to work specifying user.install.root as second positional parameter
Error during deployment of post migration process, if multiple application editions exist; the base edition fails to install
WASPreUpgrade.sh with "-machineChange true" fails with error MIGR0104E
Object Request Broker (ORB)ABEND0C4 PIC-11 in module BBOCLSCC, a WOLA module running in a CICS region address space when stopping zWAS server timing window
PD tools (for example: Log Analyzer)ulimit value to be printed to logs
Collector tool failed to gather all docs.
Trace output in runtime tab will show memory buffer as trace output instead of none
Memory buffer trace output performance is slow when basic trace format is used
Plug-inHTTPS requests fail with a 500 internal server error with the 64-bit plug-in on windows
WebSphere plug-in needs better message for a wrong cert label
Several misleading debug level messages in the WebSphere Application Server webserver plug-in
400 is thrown when ESI is enabled but the response from the app server does not indicate ESI caching and client disconnects
PMI/Performance ToolsTPV statistic counter is aggregated incorrectly
ProfilePCT command line - wctcmd - with response file fails to configure IHS admin
Runtime and Classloaderclearclasscache.sh on z/OS completes with rc 1 even though the script worked
JNDI namespace scoping issue occurring during runtime
Export com.ibm.websphere.product.metadata.im packages within the server OSGI classloader network
SecurityWebSphere default chained certificate does not have DNS names under subject alternative name field
NullPointerException when attempting to create a keystore remotely in wsadmin
Monitor role not showing FIPS information
When using webapp security a session may be created even if one should not be created for the request
Dynamic outbound SSL configuration incorrectly matching outbound request
Servlet Engine/Web Containerjavax.servlet.ServletException: could not find endpoint information
A directory might not be found when using JDK8 SR4 PK10
Session Initiation Protocol (SIP) ContainerRecord-Route header field might contain incorrect port
In a multi-homed environment WebSphere puts wrong address family in a SIP response contact header field
NullPointerException might be thrown when a failover occurs in WebSphere SIP container
System Management/RepositoryWhen using a property file for autodeploy with the parameter userdefaultbindings the EAR is saved with different permission
Set default value of JVM option -Xscmaxaot to 8M to decrease application server startup time
Transaction ServiceClassCastException thrown during ActiveMQ resource recovery
Transaction recovery may fail when a resource adapter is embedded in an installed application
WebSphere Application Server for z/OS started in recovery-only mode fails to complete when the compensation service is enabled
Improve serviceability for activity service
Web Services SecurityOpenID Connect (OIDC) Relying Party (RP) loses URL fragments during the login process
OIDC RP is requiring optional iat claim in introspected access token
OpenID Connect (OIDC) Relying Party (RP) does not logout user if OIDC session cookie is not present
z/OSLoop in CICS ASID when BBOATRUE module delivered with 9005 level of WebSphere is used and CICS is not 5.4 level

Back to Top

Fix Pack 9.0.0.5
Fix release date: 17 October 2017
Last modified: 17 October 2017
Status: Superseded

๐Ÿ‘ Image
Download Fix Pack 9.0.0.5
ComponentSecurity APARAPARDescription
Administrative Console (all non-scripting)server.xml may have unexpected tags when server is created based on a custom template
Logon screen contains extraneous information when specialized xml is used
Admin Console Resource Environment custom property name in all capital letters may not be handled properly.
โœ“
Web Services Potential weak Client security bindings (CVE-2017-1501)
โœ“
Potential Cross-site scripting in WebSphere Application Server Admin Console (CVE-2017-1380)
Increase the Java shared class cache size for WebSphere application server for z/os servant address spaces
The deployed application has a possibility to be removed unexpectedly
iscdeploys leaves temporary files
Clicking the LDAP test query link causes NoSuchElementException which also leads to an NPE
JavaEE default resources page goes blank if proxy server selected
Update the batik library in isclite.ear to 1.9
KC info messages in systemout.log have formatting issues
com.ibm.websphere.security.spnego.useracmapmappingtosaf property value not displayed correctly in admin console
Administrative Scripting Tools (for example: wsadmin or ANT)wsadmin determines scripting lang based on 1st JACL command in wsadmin interactive mode
DB Connections/ Connection PoolingDuring application server start-up, the EJB timer service fails start
Default Messaging ComponentIn WebSphere v8.5.5, messaging engine takes unusually long time to start after failover and throws CWSID0032W warning messages
Update IBM WebSphere MQ JCA resource adapter to version 9.0.0.1
Dynamic CacheNPE occurs with the class ESISupport.java in the parentResponseIsJSPFacesServlet method
dynacache does not replicate alias entries
TimeToLive is not updated when cache entry is updated.
EJB ContainerEJB 3.x stub class throws RemoteException for communication failure
Lookup of remote EJBS may result in NoSuchObjectException
Enterprise Edition (EE)JAXB fails to unmarshal arrays with custom type inside @xmlelement annotation
Federated RepositoriesSPECJ0363E errors with illegalargument exceptions from sdoutil.createdataobject
LDAP connection timeout leads to NullPointerException
WASADMIN ChangeMyPassword command on file repository user command fails with 'Caller is not in the required role'
Update the trace information for federated repositories
A base entry of "root" defined on a microsoft active directory LDAP server is not supported
It's slow to open "manage groups" page in WebSphere administrative console
User and group DNS contain extra escaped spaces for RDNS with multiple trailing spaces
LocalServiceProvider initialization fails with NullPointerException
NullPointerException in urbridgexpathhelper.getexpression()
NullPointerException in ldapconfigmanager.getsupportedproperties()
Federated repositories fails to search repository when overlapping base dn's exist
When one base DN is the subset of another in a federated repository, LDAP failures occur.
Federated repositories throws AccessControlException when Java SecurityManager is enabled and an SSL connection is attempted
Federated repositories fails to change password when JRE is Java 8
Federated repositories uses wrong security domain
GeneralUpdates and fixes for endpoint job purge
Deadlock occurs in SIP Proxy under heavy TCP load.
zWAS WOLA CICS messages: message and documentation updates messages prefixed with BBOA
NoSuchMethodException when a program is using CONCAT function
EclipseLink scrollable cursor results in a ClassCastException
org.omg.corba.bad_operation when executing "select sql statement"
Prevent WebSphere internal packages from being exposed to applications
Missing Java runtime version information in the header of the high performance extensible logs (HPEL) binary logs
The copyzos.sh script produces a "EDC5003I truncation of a record occurred during an i/o operation" error
JAX-RS 2.0 options methods are not invoked when used in sub-resource locator classes
inclusive=false of @DecimalMin and @DecimalMax does not work as expected
Update how cells are obtained from the ORB cell pool
managesdk command will log wsadmin interaction
ServerSession numberOfNonPooledConnectionsUsed can become invalid when Exception is thrown connecting
Unable to register a liberty server with product insights though an authentication required proxy
WASService does not recognize running process
zPMT emits message "EOFException: unexpected EOT looking for matching quote: '"
Update the manifest file for com.ibm.jaxws.tools.jar to import javax.enterprise.inject
WeldTerminalListener is not registered.
Provide JDBC hang detection and timings feature to v9 and v855
NullPointerException after stopping one of multiple jaxrs applications
Add support for CICS 5.4 in WebSphere optimized local adapters for Liberty and WebSphere Application Server traditional
GPF in com/ibm/ws390/tx/nativetransactioncontext.resume_tti
Enhance bluemixutility login and listservices commands
JAXRS server response does not contain a servlet exception when an unmapped checked exception occurs
ProductInsights not reporting used JVM memory correctly
Group ID for cells in product insighst contains wrong dmgr host
HttpServletRequest#getRequestedSessionId() is executed with the session absent is different between WebSphere Application Server v8.5.5 and v9.0
Usage Data is not queued if connection to bluemix PI host fails
WebSphere Application Server Product Insights does not send in group name translations.
Unable to login to Bluemix with bluemixUtility
High Availability (HA)HMGR0152W message is misleading
IBM HTTP ServerFix ListDetailed list of APARs for IBM HTTP Server
IBM iModify iSeries native launcher to honor new default VerboseGC enablement
Installjavax.xml.parsers.DocumentBuilderFactory cannot be instantiated
Intelligent Management ComponentDue to a timing issue, sometimes APC will lose server information and not make placements as a result
On Demand Router routes request to web module mapped with less specific virtual host match
Dynamic cluster template does not persist change to modify log rotation from file size to a 24 hour period
PAUSELISTENERS command issued using the process name instead of server shortname in edition control center
Plugin with intelligent management enabled breaks affinity
Changes in custom health actions are not picked up when nodes automatically sync
ODR session affinity breaks when request contains multiple session cookies of the same name
When a rollout fails, it takes a long time for the rollout process to finish
Intelligent Management for Web Servers: When a server is stopped and restarted, the server might not be used for routing
Disabling an applications 'Target Specific Application Status' while the application is running results in 404/503
Display problem of AdminConsole at "INTERNALCLASSESACCESSMODE"
Segfault when high traffic coming to the Intelligent Management Enabled plug-in and a Liberty member is stopped
Java 2 Connectivity (J2C)J2CA0045E ConnectionTimeout happens too often after upgrading to 8.5.5.11
NullPointerException thrown when requesting connections to a RAR from several threads
J2CA0045E ConnectionWaitTimeoutException timeout is not calculated as expected in version 9.0.0.3
Runtime performance advisor has hung thread with j2cdiagnosticalerthelperimpl.java on line 419
Java Management Extensions (JMX) or JMX Client APINode federation fails because it cannot find the IPv6 address
Java Message Service (JMS)Mis-identification of IBM MQ JMS provider
Increase the configurable limit of the maximum header field size
Change default of EnableBuildBackupList to be true
New activiation specification properties - control build up/flow of MDB requests
Web service call is failing after applying latest fix packs + IFPI70810
Introduce switch for GetQueryString() to return original query string in forwarded servlet
ConcurrentLinkedList TAIlSequenceNumberLock garbage collected
Modifying advanced properties of activation spec resets arbitrary properties
Java Persistence API (JPA)Issue with the way OpenJPA caches and reuses query parameters for between expressions when OpenJPA's QueryCache property enabled
OpenJPA does not pass-through SSL connection properties that set using openjpa.ConnectionProperties when creating DB2 connection
org.apache.openjpa.lib.util.parseexception
JavaServer MyFaces (JSF) Apache MyFaces implementationjavax.faces.interpret_empty_string_submitted_values_as_null value affects display behaviour for required fields
JavaServer Pages (JSP)The JSP engine is not processing EL expressions correctly when they are in large blocks of character data
Incorrect output for jsp in an expression tag when using certain string concatenations
MigrationMigration disabled source node before successful sync
After a profile that WebSphere Application Server created in WebSphere Application Server 6.1 is migrated up to 9.0, images in the admin console return error 500 instead of displaying
-requireEmbeddedDBMigration setting is not available on z based migrations
Migration with cloning to v9 mis-handles the virtualhosts creating duplicate entries
Running WebSphere Application Server PostUpgrade fails with AllAuthenticatedUsersInTrustedRealmsExtImpl
Support z/OS migration specifying SMS classes for config file systems
Migration job fails to read JCL started procedure names from old configuration
Migration is not handling SPNEGO security settings correctly
Allow WASPreUpgrade to work specifying userinstallroot as second positional parameter
Remote WASPreUpgrade fails with embedded derby exception
Object Request Broker (ORB)Add a timer to abend servant at shutdown if there are stalled threads
PD tools (for example: Log Analyzer)zWAS LE ESTAE extension BBORLEXT update to suppress dumps for pgm checks of type pic 7 / 0c7 with DXC code of x'00' / 0x00
HPEL message content filter is not working on multiline messages
Asynchronous log records does not show up in systemout.log
The -summary option information is missing in the -help option in the collector tool
Plug-inPlugin is crashing because it cannot open the log file defined in its configuration
Client failure may occur when the web server plug-in connection is reused and previous connection timed out waiting for response
iPlanet web server cannot load the WebSphere plug-in on Solaris x86
Application response without a reason phrase causes plug-in to return 500 error
IBM WebSphere application server web server plug-in users with web sockets traffic
PMI/Performance ToolsperfServlet application returns empty version information
Proxy Server
โœ“
Potential Information Disclosure with WebSphere Application Server Proxy Server or On-demand-router (ODR) (CVE-2017-1381)
Runtime (zSeriesยฎ)ABEND00C and ABEND0C4 in WebSphere Application Server after stop WebSphere Application Server issued
Runtime and ClassloaderThread context Class Loader not set up correctly during CDI bootstrap
Message WSVR0655I is seen continuously in the systemout.log
Handle NPE and emit serviceable failure message when parsing server endpoint metadata
SecurityThe expirationMonitorNotificationPeriod is set to zero by default
WebSphere sub-domain servers with SPNEGO web authentication getting error SECJ6236E
The managementScopes element fails to be deleted from security.xml when removing a server via WebSphere Application Server admin console
Creation of remote keystore fails when existing keystore is specified
Client certificate authentication failure does not fall back to basic authentication
Converting certificates in CMS keystore may not delete an old signer certificate
The password encryption might fail if multiple wsadmin commands are invoked without saving
Each ORB/EJB request is making 3 LDAP search requests
Incorrect output for JSP in an expression tag when using certain string concatenations
โœ“
Weaker than expected security after using PasswordUtil Commands (CVE-2017-1504)
Removenode from admin console fails when AES password encryption is enabled
A message of passwordutil wsadmin command needs to be modified for clarification.
NPE at ORG.APA
Servlet Engine/Web ContainerIssues with JSF portlets due to CDI regression
NPE during servlet initialization process
WebContainer Performance Issue When Under High Load
Session Initiation Protocol (SIP) ContainerThe SIP Container fails to parse a message when the size exceeds 2048 bytes and double CRLF is sent before the message
In a multi-homed environment, multiple 200 responses are not proxied back to the originating endpoint.
System Management/RepositorySequencing of PAUSELISTENER/RESUMELISTENER
โœ“
WebSphere Application Server may have insecure file permissions with custom startup script (CVE-2017-1382)
Failure when attempting to create profile for cell with Java 7
Migration fails for Federated Nodes when cell name is renamed
Transaction ServiceDeadlock may occur in the CScope RecoveryManager
"WTRN0029E: error closing the log in shutdown!" error when stopping a cluster
Web Services (for example: SOAP or UDDI or WSGW or WSIF)WSWS3396E Handler Error: Protected state violation
Message WASX7008E incorrectly reported a flawed integer port
Two service clients displayed on administrative console for an application.
Different prefixes are used for the same namespace url
Issues with ResponseWrapper after PI60666
Web Services SecurityMore diagnostics required when the SAML web SSO redirect url is null
ADMA0078W the file cannot be deleted when deploying new version of our applications, cannot delete old version of application
OpenID Connect (OIDC) Relying Party(RP) may store incorrect data in DynaCache
OIDC TAI cannot dynamically build callback URL
OpenID connect (OIDC) Relying Party (RP) does not support post introspection endpoints
OIDC RP does not restore single-quote characters in post data
WebSphere Common Configuration Model (WCCM)Incomplete metadata obtained for Java EE modules when multiple resources are used
EJB injection failing for some EJBs inside JSF backing beans
Incorrect generation of ibm-metadata.xml when deploying with pre-generated merged descriptors
EJBDeploy tool fails when setting metadata-complete during deployment
Call in violation of protocol message during annotation scanning
Remove "failed to open resource" warnings
WebFragMergerImpl warning messages when starting an application in WebSphere Application Server 9
ClassSourceException when using WDT
Unable to deploy modules which use namespaces in the XML elements of deployment descriptors
z/OSBBO# should allow for a transid to be included on CICS link command
OTMA client timeout cannot be configured for WOLA

Back to Top

Fix Pack 9.0.0.4
Fix release date: 13 June 2017
Last modified: 13 June 2017
Status: Superseded

๐Ÿ‘ Image
Download Fix Pack 9.0.0.4
ComponentSecurity APARAPARDescription
Administrative Console (all non-scripting)Application server startup log4j error output
Different behavior observed when updating PMI statistic through admin console and using wsadmin script
Selecting to update multiple roles in an application causes the original users to be updated incorrectly
Enable verbosegc by default on WebSphere Application Server for z/OS
Inconsistent port assignment when creating multi-node cluster with wsadmin scripting.
After running AdminTask.setIdMgrCustomProperty the Admin Console has extra information
NullPointerEexception in the console when adding a new host with bad parameters.
WIM LDAP panel navigation causes java.lang.NoSuchMethodException: Unknown property alias error
Administrative Scripting Tools (for example: wsadmin or ANT)AdminServerManagement.stopAllServers throws error when the servers are already stopped.
wsadmin interactive not throw error when issue wrong syntax command
Contexts and Dependency Injection (CDI)Principal injection does not inject unauthenticated Subject when there is not an authenticated Subject in the context
Allow excluded alternatives
Vetoed EJBs throw NPE
CDI observer for @initialized(applicationscoped.class) is not called inside jar
Default Messaging ComponentMDB application startup failed due to CWSIP0211E
Dynamic CacheSRVE0014E from DynaCache component after upgrading
DYNA1064E while calling "getIdsSizeDisk()" by Commerce when XS is used as cache provider.
EJB ContainerReferenceContextImpl caching empty list of targets for JSP classes
GeneralAdd timeout to OAuth cache
MergeException at application start up
High CPU in RMFGAT address space with most time spent in WLM module IWMI2PVT
Local EJB references created from annotations incorrectly resolved as remote references.
Unable to configure local mapping services on the administrative console
Provide mechanism to retrieve WS-RM messages via SIB message store dump
SQL timeout while updating CheckpointRepository table
EclipseLink 2.6.3 does not support JPA-converter for primitive data types
Ampersand character is not escaped by XCI serializer
Java batch job scheduler is unable to refactor the job log file
EclipseLink might add unused table in generated query
issue message explaining from where session timeout is picked up
Cleanup up WebSocket connection when outbound connection attempt fails at the app server
Support third-party JAX-RS providers when jaxrs-1.1 feature is configured
Creating an unmanaged http server on z/OS fails with ADMG0001E
Unable to use DB2 XML data type with EclipseLink JPA; Null pointer produced
Provide connectivity with IBM Cloud Product Insights
Bean validation did not function correctly
โœ“
Potential cross-site request forgery with WebSphere Application Server enabled with OAuth (CVE-2017-1194)
DeliveryDelay property is not set when a message is received through the MQLink
Add Bluemix Utility support
When a WebSocket connection is closed while reading data an object leak might occur
XML parser validating normalizedString and token XSD string data types incorrectly
WsSessionMgrComponentImpl throws NullPointerExceptions
Eclipse link JPA/Auditing capability in EE Environment fails withJNDI name parameter type
Internal libraries incorrectly available to applications.
ManageSDK gives error deployment manager not running when running on node with security enabled
Websocket race condition on writing data while closing can hang a thread
SocialSphere live session count is huge
Version numbers in symbolic names are too fine grained and can cause failover to fail between different versions of Liberty
Provide JDBC hang detection and timing feature for V9 and V855
IBM HTTP ServerFix ListDetailed list of APARs for IBM HTTP Server.
InstallProcess detection is running when IM is invoked with -record and -skipInstall arguments
was_classpath in profile level gets overwritten by the was_home/bin/setupCmdLine script
IHS V9 install not creating service correctly
The -installFixes option does not correctly handle superseding interim fixes
Intelligent Management ComponentModules in $WAS_INSTALL/lib are missing the program control bit
Converted static cluster continues to show TYPE=static
The 'IN' operator of Intelligent Management: HTTP operands does not work
Additional retry logic needed for PI74867
DMGR or Node Agent times out during shutdown issuing AdminException ADMU3060E
APC is taking a long time to issue a runtime task to start an application server
AdminTask.setMaintenanceMode sets the wrong server when the node name is wrong
After updating an application module without restarting the application server; IM enabled web servers return 503 errors
ODR custom log does not observe DST
Cannot update custom action under the health policy when configuration validation is set higher than Low
With Liberty Dynamic Routing, adding a cluster member to a collective might cause the web server plug-in to segfault.
Java 2 Connectivity (J2C)java.lang.IllegalStateException is seen during database operations
javax.xml.stream.XMLInputFactoryExceptions
After global transaction ends, the reported auto commit value can be inconsistent with the Oracle JDBC driver
NullPointerException in PoolManager.fatalErrorNotification()
Java Message Service (JMS)Message processed by NOT_SUPPORTED MDB listening in SR using bindings mode remains on destination
AdminTask.republishEDMessages fails due to insufficient or empty credentials
Deadlock may occur when stopping listener port
Loop while closing an SSL connection
JMS 2.0 MQclient mode transaction keeps handles
Java Persistence API (JPA)Memory leak in JPA persistence provider
JavaServer Pages (JSP)JSP comments containing "%>" might throw a StringIndexOutOfBoundsException.
MigrationloginModules ordering issue on migration
Usability and accessibility updates for z/OS Migration Toolkit
Notification of changes to verboseModeGarbageCollection setting
Federated node migration using the wrong SSL properties
Enhancements to support Bluemix migrations.
healthclass.xml missing cluster targetMemberships after migration
External libraries not migrated when machineChange true
Object Request Broker (ORB)Issuing the PauseListeners command is causing some http requests to fail.
Timing window where timers are not calculated correctly
Server is able to restart after ABENDDC3 RC 0A150001 when it should not
PD tools (for example: Log Analyzer)Non-admin users cannot export HPEL logs when log format is set to basic/advanced
Some Liberty message IDs conflict with traditional WebSphere Application Server
Plug-incom.ibm.websphere.plg.zos.v85 fails to install
Sun One web server uses ConnectTimeout for handshake and 100-continue
Plugin should always present the ConnectionTTL property
Plug-in LIBODR does not utilize all of the XML's SSL configuration
Fix for genPlugincfg to account for administrative console command assist.
Connections between web server and client may remain open when using Intelligent Management
Plugin does not persist custom ServerIOTimeout value to existing stream
Plugin config lock is not released when dynamic cfg update is attempted which disables Intelligent Management
Domino plug-in fails on IBM i for V8.5.5 and higher
Plugin offload/onload for SSL
Unable to resolve images for a WSAS V9.0 application when using HTTP Server
IHS V9.0 / Apache 2.4 with Intelligent Management enabled does not work after a graceful restart
PMI/Performance ToolsNullPointerException seen in NodeAgent SystemErr.log during TPV performance monitoring startup
Portlet Container EnvironmentNullPointerException in portlet container method StringUtils .convertMapToString if tracing is enabled
ProfileManageProfiles command unable to select SSL protocol to use TLSv 1.2 or SSL_TLSv2
Startup splash screen of PMT shows its version as v8.5 in locales except en_us
Runtime (zSeriesยฎ)In IBM WebSphere Application Server for z/OS, ReadListener and WriteListener do not receive an expected SocketTimeoutException
Runtime and ClassloaderThread pool reuses threads instead of dispatching to new threads
An application server may use an unexpected Java SDK after updating to SDK 8.0.
SchedulerClassloader leak caused by EJB timer thread
SecurityData in dynacache may be overwritten when LTPA tokens of multiple requests expire at the same time.
CMS option is not shown in iKeyman pulldown list
The anonymousxxxxx directory of wstemp is stored by binaryAuditLogReader command is never deleted
Unable to delete remote keystore from administrative console due to CWPKI0039E
Intermittently Java 2 security runtime throws warning message SECJ0314W during application startup
Dynamic outbound endpoint SSL configuration does not pick up correct hostname and sslconfig
WebSphere JVM aborts when you try to stop the server with a non-existent user in local OS registry in Linux Redhat v7.
Request method might be changed from Get to Post while processing an invalid WASPostParam cookie
AES encryption support for PasswordUtil class
Migration failure when SSL protocol is TLSv1.2
Session Initiation Protocol (SIP) ContainerWrong network interface being used for SIP Signaling
With number.of.parse.errors.allowed set to -1, WebSphere drops well formed requests
System Management/RepositoryFFDC logs are created in a directory relative to the current directory
โœ“
Potential Denial of Service with SOAP connectors (CVE-2016-8919)
AdminTask.extractConfigproperties is failed with WASResourceException: java.util.NoSuchElementException
Incorrect Java library path set when a server SDK is different from the node/profile SDK.
CustomService configuration object created using property file based command cannot be viewed from console
wsadmin extractConfigProperties command triggers InvalidAttributeNameException
RenameCell does not update some artifacts
Improve the ADMA5033E message
Transaction ServiceWS-ReliableMessaging sequence may be misidentified as not existing
Transaction log column is too short and reports a SqlDataException
Transaction logging to RDBMS refinement for JDBC4.1 compliance
Control region abend after BBOT0004E: RRS service ATRAFGT failed with return code 730
java.lang.IllegalArgumentException: Logger passed as argument to setAttributes must be a named logger
StackOverflow is caused by repeated calls to: ibm.wsdl.DefinitionImpl.getAllServices
ClassCastException processing JAX-RPC request containing whitespace in WS-Coordination context
Add method to suppress message WSVR0651 to trace.
Web Services (for example: SOAP or UDDI or WSGW or WSIF)Web services call failed with 500 (Internal Server Error) response and Content-Length 0.
Web project with @WebServiceRef does not generate ibm-webservicesclient-bnd during deployment
Web Services SecurityUnique Cookie Names in WebSphere Application Server OIDC RP can accumulate on the browser
โœ“
Privilege escalation in full profile OIDC RP (CVE-2017-1151)
OIDC ClassCastException java.util.ArrayList
JAX-WS WS-Security Error CWWSS5634E with relative URI
WebSphere Application Server OpenID connect Relying Party jndiCacheName Property does not work
WebSphere Common Configuration Model (WCCM)Deployment manager crashes with OutOfMemory when application is deployed
@Resource annotation loses shareable and AuthenticationType attributes
Application client module created when empty "main-class:" found in manifest.mf of jar
Slow startup of large, non-metadata-complete, web modules due to CDI annotation scans
Servlet container initialization can fail on server created from template

Back to Top

Fix Pack 9.0.0.3
Fix release date: 14 March 2017
Last modified: 14 March 2017
Status: Superseded

๐Ÿ‘ Image
Download Fix Pack 9.0.0.3
ComponentSecurity APARAPARDescription
Administrative Console (all non-scripting)No command assistance link after updating the session pool properties of a connection factory via administrative console
Fix incorrect warning in administrative console with changing from 64 bit mode to 31 bit mode
Console 'show items at the following authorization group level' does not show drop down
Administrative console becomes a blank white screen
Potential cross-site scripting in WebSphere Application Server Admin Console (CVE-2016-8934)
Console getting blank page when clicking on rollout update.
Bind password is "pre-populated" incorrectly in VMM panel and authentication error comes up
โœ“
Potential cross-site scripting in administrative console (cve-2017-1121)
Administrative Scripting Tools (for example: wsadmin or ANT)IllegalArgumentException may occur when running AdminJDBC.createDataSourceAtScope with @ and commas in the url
Dynamic CacheServlet caching cannot parse a WebSphere Development Tools generated cachespec.xml based on the cachespec.xsd schema.
Unable to define an alternative cache provider to replace the default dynacache cache provider.
EJB ContainerReferenceContextImpl caching empty list of targets for JSP classes
Remove unneeded information from FFDC log file
Enterprise Edition (EE)Potential NullPointerException during JAXB unmarshalling
IllegalArgumentException when getHours() is called
GeneralMessage "CWSIS1577E: The persistent dispatcher cannot accept work" needs improvement
CWSIS1578E message content should be more meaningful regarding why spill dispatcher cannot accept work
Apache Wink code does not remove quotes from the boundary value.content-type: multipart/mixed; boundary="simple boundary"
Modifying a copied tree causes corruption in the original tree
Incorrect status of the job when end point server is restarted.
WSGrid jobs not getting ended status returned when using SiBus
EclipseLink assigns the same object instance to multiple embedded fields
EclipseLink throws ValidationException when using nested embeddable with the same attribute name
Javadoc AppConstants.APPDEPL_* fields are incorrect
Controller abends with 0C4-3B in CF_TCP_Connection::init_As_Client
Ampersand character within an entity reference is no longer escaped by XCI component.
Deployment of persistence unit fails with DescriptorException
Allow SAML web inbound to retrieve SAML assertion from an HTTP request parameter.
Enhance the Intelligent Management Enabled WebSphere Plugin with routing rule capabilities.
CDI would not inject classes from a war file into an ear lib in single classloader mode
Configurations that contain an OSGi application fail to migrate to V9.0.
A WebSphere Application Server for z/OS server is leaking heap pool 1 elements.
OutOfMemory seen when multiple users are logged-in in JSF portlet application
manageSDK help for -enableProfileAll task is missing -user and -password
Memory leak from Portlet bridge: session objects
Multiple occurences of the same stack trace are filling up the logs.
ArrayIndexOutOfBoundsException generated by session management when application is managing HTTPSession through a framework
Errant timeout can occur with async sends in WebSockets
javax.persistence.PessimisticLockException when javax.persistence.lock.timeout set to 0
Add EclipseLink support for Java 2 Security
Enable session listener in Portlet Bridge runtime
CDI failover does not work if bundles have different OSGI qualifiers
IBM HTTP ServerFix ListDetailed list of APARs for IBM HTTP Server.
InstallDisplay Java 6 end of service warning during fix pack update
V9.0 install creates Microsoft Windows registry key using 8.5.0.0 with a MajorVersion of 8
versionInfo command of WebSphere Customization Toolbox does not work
Allow IBM HTTP Server V9.0 on AIX 6.1
javax.xml.stream.XMLInputFactory could not be instantiated
Intelligent Management ComponentApplication placement controller (APC) hangs and JVMs are not starting after minimum cluster violation
DeadLock detected in NodeAgent process during shutdown of node
On-Demand-Configuration (ODC) support for the Intelligent Management (IM) enabled web server routing rules feature.
Configuration objects and AdminTasks in support of the Intelligent Management (IM) enabled web server routing rules feature.
High CPU in ODR code caching
Customization of log Filenames and paths is affected by variable SERVER_LOG_ROOT
DeadLock detected in NodeAgent process during shutdown of node while users are unsubscribing from topics
Health policies that have a "restart server" action occasionally do not restart due to port conflict
Some requests receive 404 or 503 responses when introducing a new ODR Routing or GSC rule
Java 2 Connectivity (J2C)J2CA0041E exceptions may occur, when ComponentMetaData instance is set to null in method getObjectInstance
J2C pretest being used despite FailingConnectionOnly option
Add abort option to MBean purgePoolContents
Incorrect exception message CWTE_NORMAL_J2CA1009 displayed instead of translated error message
java.lang.UnsupportedOperationException when accessing tested data source
Remove network timeout from statement cache keys
Connection count becomes wrong leading to J2CA0045E errors
Java Message Service (JMS)The error CHFW0031E invalid call to WsByteBuffer method generated when stopping the server
Correct the XSLT that process the IBM MQ RA's ra.xml
Using pause_listeners_include_cra causes all activation specs to be resumed regardless of prior state
When using AIO, performance issues can occur if a high number of open connections are opened on a pollset
Wildcard property in DN of the certificate
Java Persistence API (JPA)ServerPlatformException server platform class is not valid: null occurs with JPA 2.1
Java SDKJSF message severities always set to ERROR after ValidatorException
JavaServer MyFaces (JSF) Apache MyFaces implementationJSF problem in a portlet environment: form inputs inside a data table lose their values if validation fails
Validators are not called when using selectManyCheckbox
Messaging ProvidersSIB message deadlock after servant is restared due to ABENDEC3
MigrationNode migration to V9.0 fails when variables.xml is not in the cluster level.
Provide clone option for z/OS migrations
Files referenced by a profile's XML configuration are missing under the user install root after a migration
WIM UserRegistry not working after migration
PD tools (for example: Log Analyzer)IllegalArgumentException when enabling HPEL with text logging disabled
VMDUMP039I processing dump event "GPF", please wait, during servant region abnormal termination
Deadlock when the Java logging framework logs a warning in com.ibm.ws.logging.WsLogConfigurator
โœ“
Potential cross-site scripting in WebSphere Application Server Admin Console (CVE-2016-8934)
WsLogManager deadlock
HPEL logging fails to export the trace from the log viewer if there are spaces or a space in the directory path
Include interim fix install history for Collector tool
Plug-inV9 GenPluginCfg.bat fails when cmd line value contains parenthesis
Plug-in generation creates erroneous directories when implementing log rotation.
PMI/Performance ToolsThe PMI counters URIRequestCount, URIConcurrentRequests, URIServiceTime were disabled after starting server.
Enabling the diagnostic alert "Connection Low Percent Efficiency Alert" results in NullPointerException
ProfileprintDebugInfo: /websphere/base/appserver/bin/zCreateProfile.sh 205 FSUM7351 not found
Cannot configure Domino 9 webserver using plug-in configuration tool gui & pct_responsefile.txt on V9.0
Programming Model Extensions (PME)NullPointerException may occur in async bean code
Runtime (zSeriesยฎ)z/OS WSAS hang in xmem proxy code reading parameter from http request body following multiple comm failures
Runtime and ClassloaderJavacores continuously created on a hung thread
Add messages for hot deployment events.
SecurityErrorPage parameter on AdminTask.addSAMLTAISSO has a misleading description
Security code incorrectly calls JAXBPermission class
Servlet Engine/Web ContainerThe maxrequestSize option for MultipartConfig is not working
System Management/RepositoryEnable verbose garbage collection by default
MetadataCompleteForModules section is missing from the output of AdminTask.extractConfigProperties
When the clusters are started some applications show as stopped but they are running
Bind DN not saved correctly when editing security configuration
addNode should not push BLAs, CUs, asset file for non targeted application
Transaction ServiceActivityPendingExceptions are thrown in the event of a JAX-WS request timeout that propagates a WS-Business Activity
Server startup fails with CWRLS0009E error due to failure in the transaction manager recovery log service.
java.lang.StackOverflowError may occur in JAX-WS web service client when processing provider side WS-Policy
ScheduledExecutorService implementation does not use correct time interval if not specified in timeUnit.milliseconds
Update IBM WebSphere MQ JCA Resource adapter to version 9.0.0.1
Web Services (for example: SOAP or UDDI or WSGW or WSIF)Web Service Client policy sets might not function correctly if Application Editions are in use.
Part of content in an element is lost after invoking a webservice
Spurious WSSC1013E error logged by JAX-RPC web service
Web Services SecurityCWWSS7542E error in Web Services Security SAML can be misleading
SAML Web SSO OutOfMemory in KeyStoreManager
WebSphere Common Configuration Model (WCCM)High CPU utilization may occur when copying business objects.
EJB jar metadata TransactionAttribute may be incorrect

 Back to Top

Fix Pack 9.0.0.2
Fix release date: 13 December 2016
Last modified: 13 December 2016
Status: Superseded

๐Ÿ‘ Image
Download Fix Pack 9.0.0.2
ComponentSecurity APARAPARDescription
Administrative Console (all non-scripting)The admin script offered after creating a MailSession via the administrative console is incomplete
Pipe "|" symbol cannot be used for external provider URL when configuring a 3rd party JMS provider.
Session management bread crumb incorrect
Contexts and Dependency Injection (CDI)Memory leak detector producing false positive reports
Use of CDI interceptors in stateless EJBs causes exceptions to be wrapped in WeldException
Default Messaging ComponentSyntax error in sibDBUpgrade.sh
Dynamic CacheHTTP status code 200 is returned to a client when the servlet or JSP throws an exception
EJB ContainerNew system property to configure the EJB pool wait timeout
NullPointerException deleting stateful EJB
Enterprise Edition (EE)Inherited methods are ignored in the XLXP2 unmarshaller when scanning JAXB class for before/after events
GeneralSession manager error messages SESN0202E and SESN0201E need more details
ODRLIB returned partial routing data from the ODC REST service, resulting in 404s
SQLFeatureNotSupportedException may occur when Oracle native SQL statements are used
Controller Region ABENDs with 0C4-11.
Custom type conversion is sometimes bypassed in EL 3.0
Unable to add a remote cell for Intelligent Management for web servers
Add support for JSF 2.2 in Portlet Bridge
Radio button for SunOne/iPlanet web server shows up in WCT for systems that are not supported in V9
HeapDetect code is failing to determine the maximum heap size
Modify the default for the maximum number of headers
SAML Web SSO may reject requests when proxy is in use
Error on otma_open call, RC = 8, RSN codes = 100 : 8 : 24 : 2
Run plug-in configuration tool V9 to configure IHS admin server V9, service name V8.5 shows in Windows Service panel.
Documentation in IBM Docs for WebSphere Application Server V9
Application edition validation with inconsistent policies breaks affinity on the default edition
Hang with high CPU occurs during rollout in certain situations
pureApp autoRouteConfig.py failing with IllegalArgumentException with Jython 2.7
Access WebSphere Application Server denied for property org.apache.jasper.constants.jsp_servlet_base.
Provide option to add STS response header for HTTPs request
HMGR0130I message needs more information about JVM termination
a NamingException occurs indicating the application server could not resolve a url when Java security is enabled.
Multiple server applications are added to the virtual cluster list
Server does not stop after stop command is issued.
Slow Deployment Manager start-up due to annotation scanning when several EJB modules have been deployed to the cell
Protocol mismatch for HA manager datastacks in version 9 mixed cell environments
If SERVER_LOG_ROOT variable is not set, a CWPTF0002W warning message is reported in the SystemOut.log
Incorrect logging by ModuleLocatorClassAdapter
HPEL reader throws NullPointerException error while given invalid Java log level
REST API discovery could be missing API in web application with two or more JAX-RS application classes
When user applications are using WebSocket Decoders a slow memory leak can occur.
Health controller cycle length is not being honored
Remote migration jar needs message about incompatible JDK
Some endpoints are not accessible from the Swagger Explorer
Proper exception handling during API discovery bundle activation
REST API Discovery Swagger document may show unsecure port instead of secure one if deployment manager is used
REST API Discovery will not display APIs if application is published that includes syntactically incorrect Swagger document
Description of some REST APIs may be missing from Swagger document.
Error opening an application to display list of application profiles.
NullPointerException in com.ibm.ejs.ras.Tr.formatObj using trace in thin client
logViewer -includeExtensions component command gets: Pattern cannot be null
OAuth emits NullPointerException when no state parameter in request
The "serialize session access" option may not work correctly
An out-of-date message appears on starting a dynamic cluster in a cell after migrating to version 9
A NoClassDefFoundError or NoSuchMethodError may be thrown when accessing Swagger annotations.
Dynamic Routing stops working when the collective controller becomes stopped or unavailable
Cannot configure Compute Grid Job Scheduler using default Derby datasource
Servlet does not get correctly refreshed
Every SystemErr log record line is ending with a "null", with High Performance Extensible Logging ( HPEL) enabled.
Stand-alone or embedded WCT tool eclipse.exe has an old signed certificate
Enable REST API discovery UI to support authentication per REST operation
OpenJPA s ConfigurationImpl.loadGlobals() has java.util.ConcurrentModificationException
java.lang.IllegalArgumentException: Illegal decimaltype. From commondata.getExternalBytecounts
Different classloaders used for client app and resource adapter (for application client).
Deployment fails when @EJB contains beanName and EJB descriptor contains <lookup-name>
Application fails with WELD-001408: Unsatisfied dependencies for type Validator with qualifiers @Default
Failover does not work with CDI 1.2
IBM HTTP ServerFix ListDetailed list of APARs for IBM HTTP Server.
InstallThe chutils utility command does not work for V9
The command bin\migration\bin>..\..\infocenter.bat fails: Product is not recognized as an internal or external command
Java 2 Connectivity (J2C)InstanceNotFoundException occurs when stopping an application hosting message endpoints
java.lang.NoClassdefFoundError: com.ibm.ws.jdbc.jcc.db2statement
IllegalStateException when transaction timeout occurs and abort is used
Java Message Service (JMS)SRVE8094W happens even if invokeFlushAfterServiceForStaticFile=false
Update CWMSR0063E message to clearly state it is only applicable to WMQ
Update IBM MQ RA to 9.0.0.0 ga level
System property to enable SSL Channel timeoutValueInSSLClosingHandshake property
Java Persistence API (JPA)An application restart could cause an application classloader leak when using bean validation
The database schema name cannot be configured in WebSphere Application Server with openjpa.jdbc.SchemaFactory
JPA returns incorrect results when using a native query and @SqlResultSetMapping
java.lang.ClassCastException using JPA
JavaServer MyFaces (JSF) Apache MyFaces implementationinputFile tag is not working properly on Liberty
JavaServer Pages (JSP)When using c:import to import a file that does not exist, an error 500 is received
An escaped EL expression is being run if an escaped dollar sign precedes the former expression
MigrationRemote migration changing hostname variables of IPC connector and node_ipv6 endpoints
Remote syntax check for sequential DS sources results in RDZ exception while a user error message is expected.
MIGR0272E error running WASPostUpgrade command on V9.0 base
Migration to v9.0 fails when install path contains a space
Disable web servers when doing a clone migration
Object Request Broker (ORB)Cobol Container support does not work in WebSphere Application Server for z/OS version 9.0.
PD tools (for example: Log Analyzer)Unable to change log level
Hung threads or infinite loop on startup in WeakHashmap.getEntry
Deadlock due to frequent log rotation
Plug-inHTTP IM plug-in does not have visibility to RemoveSpecialHeaders property
Plug-in for IIS does not initialize correctly
z/OS set_attributes does not set a & p attributes for mod_was_ap24_http.so .
PMI/Performance ToolsTivoli Performance Viewer does not sum the ConcurrentHungThreadCount
ProfileCustomization temporary directory cannot be shared
Runtime (zSeriesยฎ)ABEND SEC3,RSN=0406002C does not terminate a WebSphere node agent
Servant region abends with ABEND430/ABENDS430 and reason 02390815 during process signal handling
Runtime and ClassloaderApplication server process uses wrong hostname to communicate status to node agent
Deadlock on startup between two WebSphere server.startup threads
Classloader leak problems
SecurityFull chain created in PKCS12 but not for JKS keystore
โœ“
Potential code execution vulnerability in WebSphere Application Server (CVE-2016-5983)
Custom Kerberos login module for identity mapping
Security auditing enabled log in calls via wsadmin are not being logged when using security_authn.
NullPointerException from AdminTask.getInheritedSSLConfig command
Remove 3DES ciphers from default cipher list
Security crypto jar failed with Not signed by a trusted signer error after upgrade
NullPointerException when printing error in WSX509TrustManager
Unnecessary setCookie header might be set after applying interim fixes for PI62375.
Servlet Engine/Web ContainerApplication is started even though there has been a listener exception during application start up
An uncaught exception in javax.servlet.AsyncListener.onComplete() might cause threads to hang
Asynclistener in WEBAPPINVOCATIONCOLLABORATION is not being called correctly
โœ“
Information disclosure in IBM WebSphere Application Server CVE-2016-5986
javax.servlet.HttpServletRequest.getRequestURI() might return a decoded value after dispatching
Option to display customized text for some server errors
Unhelpful message: uncaught.init.exception.thrown.by.servlet, logged when exception thrown during servlet initialization
Session Initiation Protocol (SIP) ContainerThe SIP container does not support setOutboundInterface() for Proxy and ProxyBranch interfaces
System Management/RepositoryAdminApp.isAppReady() cannot retrieve the correct application distribution status in an AdminAgent environment
Transaction ServiceBBOT0004E: RRS SERVICE ATRBACK FAILED WITH RETURN CODE=731 occurs when running request in a local transaction
Record-level sharing (rls) is miscalculating the amount of data to be written to partner logs
APAR PI18414 may result in the recovery log service using incorrect sequence numbers.
Cannot find @Transactional annotation
Web Services (for example: SOAP or UDDI or WSGW or WSIF)AdminApp.isAppReady and AdminApp.getDeployStatus show incorrect result after app expansion failure
JAX-WS throws XMLStreamException upon an XML-SOAP message write attempt
WSWS1002E when no matched value returned from servletImplName object from the servletClassMapping hashmap
@XmlJavaTypeAdapter annotation failed to work
AxisDescription objects might consume excessive memory
A JAX-WS web service client does not honor an HTTP 307 redirect received from a web service provider.
โœ“
Information disclosure with malformed SOAP requests
JAX-RS 1.1 and 2.0 clients do not contain javax.annotation.* classes as expected
RuntimeException: Internal error thrown by org.codehaus.jackson.imp
Web Services SecurityOpenID Connect RP cannot locate key in JWK set
WebSphere Common Configuration Model (WCCM)Slow application update for web modules which have many web-inf/lib jars
Fix Pack 9.0.0.1
Fix release date: 16 September 2016
Last modified: 16 September 2016
Status: Superseded

๐Ÿ‘ Image
Download Fix Pack 9.0.0.1
ComponentSecurity APARAPARDescription
Administrative Console (all non-scripting)The please wait icon does not display on the admin screen when an application is uploading
Application update corrupted deployment.xml with incorrect appcfg:ApplicationConfig reference.
The admin script offered after creating a MailSession via the WebSphere Application Server administrative console is incomplete
Update the flags on the CSRF token cookie
Change in DN name of the certificate if it has special character in the name
Unable to change maximum headers value in templates from administrative console.
Unable to edit resource adapter custom properties
Console displays blank page when "view or download the current web server plug-in configuration file" clicked using Chrome
Administrative console is slow when using fine grained authorization.
Going to the default Java persistence API settings panel from Dynamic Clusters > Server template causes CWWJP8807E error
IBM Docs used by the administrative console to display console help created indices for unsupported locales
Help link on welcome page points to 8.5.5 help instead of 9.0.0 help.
32/64 bit checkboxes still show up on proxy and some other panels.
โœ“
Vulnerabilities in Apache Struts affects WebSphere Application Server (CVE-2016-1181, CVE-2016-1182)
Administrative console servlet exception in user and groups administrative group roles
โœ“
WebSphere Application Server is affected by Apache Struts vulnerability (cve-2016-3092)
SRVE0278E - Missing ibm-web-ext.xmi in iehs.war
Map users and groups page not showing available users on the first time the page loads.
Administrative Scripting Tools (for example: wsadmin or ANT)Unable to map web module with multi-line display name to server.
NullPointerException is thrown with running an Ant task using ws_ant command line tool on z/OS
Default Messaging ComponentWebSphere v8.5.5 service integration bus messaging engine fails to start if DB2 version is higher than 10.1
When the message load is heavy, some of the messages move to exception destination with the CWSIK0035E exception
JMSDestination header field is missing for the IBM MQ inbound messages which do not have destination header information
sibDBUpgrade.sh yields different results on different Unix-based Operating Systems
Dynamic CacheDisk off-load is turned off if app invokes the clearMemory API
EJB ContainerNullPointerException in CDIEJBManagedObjectFactoryImpl.getEjbDescriptor when creating EJB instance to pre-load the bean pool
CWNEN0011E during injection for NullPointerException in ResAutoLinkReferenceFactoryImpl
Passivation issue with stateful session beans
FFDC for TransactionRolledbackException when using UserTransaction in stateful bean ejbRemove method
Federated RepositoriesAllow VMM realms to be added dynamically
GeneralTiming issue causes APC to see incorrect value of proactiveIdleStop, resulting in violation of minimum instances
Application does not start during server start but then starts from console.
Application fails to start after rolling update due to hung MessageReferenceHandler thread
SAML SP-initiated web SSO requires dynacache or frontend affinity
CDI is activated and generates error with no existence of beans.xml
Threads being allocated to access an MDB that has already reached max sessions.
OpenID Connect Relying Party: No entry in cache for state ID
User/group mapping to a security role fails for EBA application if it belongs to a user registry configured in security domain
ClassCastException when an equals comparison query is run on an entity with a composite @EmbeddedId
Small timing window causes a deadlock when the APC.predictor custom property is changed
DuplicateKeyException after migrating from WebSphere Compute Grid V8 to WebSphere Application Server V8.5
JobScheduler in WebSphere Batch fails to start with CWLRB6261E
Add ability to move messages from exception destination to the original destination via wsadmin
Unavoidable clash detected in bus link
runConfigActions fails but returns exit code 0
A NullPointerException is encountered when attempting to service a request through the Java ODR causing the request to fail
Remove message CPF9E17 when running WebSphere Application Server on IBM i.
AdmiAgent login: com.ibm.wsspi.IPluginRegistryFactory getPluginRegistry error getting registry
Crash on Microsoft Internet Information Services web server plug-in module
The application placement controller cannot start or stop the server instances in the point cell in the multiple cell topology
Singleton beans which are created from annotations may be incorrectly marked as local beans
Thread-safety issue in the underlying (Apache) JSF 2.0 code causes WebContainer threads to hang
com.ibm.xml.thinclient_9.0.0.jar needs to be com.ibm.xml.thinclient_9.0.jar
WebTrustAssociationFailedException thrown by the OpenID Connect Relying Party during authorization
Users get duplicate IBM WebSphere Application Server shortcuts on the Microsoft Windows start menu
NullPointerException thrown by Weld when injecting an EJB into a CDI managed bean
Processing persistence units in application client library jars can yield a NullPointerException.
Microsoft Windows start menu items are confusing when multiple profiles created
Application archive opened unnecessarily, slows performance
CDI applications that inject Validator or ValidatorFactory Beans cannot be failed over in a cluster
Portlet container changes to support JSF 2.2 Portlet bridge upload functionality
Dynamic updates to JSP files are not picked up.
Too many open files exception on property file causing uninstallation of apps deployed by monitored directory
NullPointerException in CDIEJBManagedObjectFactoryImpl when accessing EJBs from client application modules.
When running the eclenhancer script, errors are not being displayed.
The migrateConfigTo85.py script is no longer needed in version 9
The -clean option in the eclipse.ini causes issue with eXtreme Scale extension installation for zPMT in V9
NullPointerException in CDIEJBManagedObjectFactoryImpl
A 403 error may occur when using the OIDC RP
When application server and node agent restart, bundle cache is re-expanded
Move up Weld level to 2.3.4
Rollback Batik library to 1.6.1 because it breaks Intelligent Management charting
IHS crash in free call when using Intelligent Management
OpenID Connect ear and py files and the OpenID py file are missing from IBM embedded WebSphere Application Server
renameCell does not update some Extreme Scale Domains and health policy targets
The interceptedPathFilter OIDC custom property should not be required
โœ“
Denial of service in the Apache Commons FileUpload used for Administering batch jobs using WebSphere Java Batch
โœ“
WebSphere Application Server Web Container affected by Apache Struts vulnerability (CVE-2016-3092)
REST API Discovery Feature
Migration tool generated migration jobs fail to find the migration temp directory due to a typo in the job template
CICS abends when starting the WOLA Link Sever on z/OS 2.1
ClassCastException when performing server configuration validation
PlantsByWebSphere sample application fails for V9
SystemExit exception thrown on running workclassoperations.py
Incorrect EJB references generated by annotations processing for application client jar files
Update sample jobs for FMID HBBO900
IBM HTTP ServerFix ListDetailed list of APARs for IBM HTTP Server.
InstallJava 8 package not automatically selected when Edge Load Balancer package selected in IM 1.8.5
Files in the <was_install>/properties folder are being overwritten when fix packs are installed
Java 2 Connectivity (J2C)ActivationSpec config IDs are getting updated while making any changes to the existing application configuration
Optimize connection pool behavior when the free pool distribution table size is set to one
JNDI Lookup Failures
Java Message Service (JMS)Exception WSCL0912E : Component could not be initialized running launchClient on Microsoft Windows.
Some JMSExceptions related to queue manager connection errors are misidentified and connection cleanup does not occur
An MDB app fails to start with EJB error, but the activation spec starts anyway and loops while trying to consume IBM MQ messages
Websocket close frame reason code may be inaccurate on double-byte language machines
Restarting a cancelled job fails
Applications with WebSocket endpoints using CDI injections may not start correctly
JavaServer Pages (JSP)HTTP error code: 500 after requesting a JSP page that statically imports more than one file from the same web fragment.
A JSP error "unresolved compilation problem" is thrown during runtime
JNDI/NamingNaming NMSV0311W message needs to include name of object being updated.
MigrationWebSphere clone migration option causing CoreGroup runtime issues between old and new servers.
WebSphere migration has various application install issues
WebSphere migration of Intelligent Management feature causes some server startup issues.
Correct missing messages for migrations.
WebSphere migration some config data not being migrated properly
Object Request Broker (ORB)S0C4-38 Abend from out of a JVM method getOriginalROMMethod+4a
0C4 abend in servant because a 64 bit heap pool 1 element was overlaid.
zWAS crash in SMF code bboodsab.plx on first server startup after an IPL
PD tools (for example: Log Analyzer)StackOverflow caused by SLF4J infinite lookup.
ISADC tool not working properly for multiple options
PMI/Performance ToolsNullPointerExceptions on NodeAgent when starting TPVLogging via wsadim for 2 different servers at the same time
NullPointerException on nodeAgent when starting TPV Logging for any server in deployment manager.
NullPointerException in PMI class ModuleItem
Programming Model Extensions (PME)java.lang.IllegalArgumentException: ThreadPool name already defined
Proxy ServerAdd a custom property that will always clear the cache regardless of its state
RuntimeRollout of an application edition may fail with error WPVR0011E due to condition WPVR0041W
Message UTLS0008W occurs during server shutdown.
Unexpected OSGi error log: The bundle is not marked as singleton
A NoClassDefFoundError occurs during the static initialization of class com.ibm.ws.naming.util.RasUtil
SecurityDuring Initialization of the WebSphere Application Server, there is a delay of 5 minutes or more.
Extra information in Trace
SSL CSR being sent to SSL clients after restarting WebSphere Application Server instead of expected certificate
Outbound SSL with two-way SSL handshake fails because WebSphere does not send client certificate to SSL server
HMGR0149E exception: The received token starts with null.
SSLException error occurred when having a "#" in the keystore or truststore filepath.
Unexpected GPF exception BOSSNAP
Error WSVR0100W is not providing enough information about why the server fails to start.
Gather and report minimal data for a web UI login and logout with audit
Limitation of wsadmin API AdminTask AdminTask.exportSAMLSpMetadata
NullPointerException for wasadmin AdminTask.mapUsersToNamingRole
SAML Web SSO AdminTask command importSAMLIdpMetadata fails
Form logout and EJB calls may not work when using JASPI
Persona stress runs result in OutOfMemory after several days
NullPointerException found in logs when creating the security server.
Servlet Engine/Web ContainerDispatcher type obtained from HttpServletRequest is not updated on post processes
Remove Struts from WebSphere Application Server
MessageSentException and NullPointerException thrown on an WebSocket request
StringIndexOutOfBoundsException starting an app with a servlet annotated with @WebServlet("") or with empty servlet mapping
Performance issue when running JSP.
Add support for JSF 2.2 in Portlet bridge
Annotations on instances of HttpUpgradeHandler are not processed
Unable to inject programmatically added filters,servlets and listeners.
ConcurrentModificationException thrown on getServletWrapper when serveServletsByClassname is enabled
Session Initiation Protocol (SIP) ContainerLeak caused by new ProxyBranch created from response
Unable to obtain SipURIs of available outbound interface
SIP container incorrectly combines multiple SIP supported headers
Deadlock caused by SIP Subscribe
โœ“
Potential Denial of Service in WebSphere Application Server if using SIP services (CVE-2016-2960)
Sessions and Session Management
โœ“
Bypass security restrictions in WebSphere Application Server (CVE-2016-0385)
System Management/RepositoryThere is no message logged by the NodeAgent when a server is terminated.
AuditServiceProvider and AuditEventFactory settings are overwritten by PFBCT
NullPointerException when creating a dynamic cluster
Not invalidating generated Managed Beans deployment descriptor with initial deployment of an application.
Application upload fails with java.net.SocketException: Invalid argument
providerType is null or missing in configuration when JDBCProvider is created using properties file.
Application start fails with UndefinedVariableException
Transaction ServiceCollect more serviceability data for transaction log service
WTRN0112E errors when running stand-alone application using the embeddable EJB container
J2CA0030E occurs due to DSRA9350E: Operation connection.commit is not allowed during a global transaction
Deadlock issue in tranlog database
NullPointerException from InstalledOptionalPackageRepository shows in FFDC logs.
Web Services (for example: SOAP or UDDI or WSGW or WSIF)During an installation of a web service application, ADMA0078W might happen.
Repeatedly attempting to start an application that will not start might cause a memory leak
WSWS7054E is thrown when deploying a JAX-WS web service application
java.security.AccessControlException: Access denied ("java.util.PropertyPermission" "*" "read,write") happens in systemout.log
ClassNotFoundException occurred when running launchClient script with web service application.
Server start becomes slower when more applications are installed
Fix Web Services performance drop and WSDL files requiring Internet access to include remote schema file
Web Services SecurityWS-Security does not emit TokenType on reference to SAML token

Back to Top

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Component":"General","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"9.0","Edition":"Base;Network Deployment","Line of Business":{"code":"LOB77","label":"Automation Platform"}}]

Was this topic helpful?

Document Information

Modified date:
23 June 2026

UID

swg27048591