Ibm® Sterling Connect: Direct




Download 79.91 Kb.
bet1/6
Sana25.12.2019
Hajmi79.91 Kb.
#4856
  1   2   3   4   5   6

IBM® Sterling Connect:Direct® for Microsoft Windows 4.7.0

Fix List Document
This document describes maintenance updates for IBM® Sterling Connect:Direct® for Microsoft Windows 4.7.0. It includes information and instructions for all product features, including the Server, Requester, Common Utilities, Secure+, JRE, solidDB and the SDK. Maintenance updates are always cumulative and provided as fix packs or interim fixes (iFixes).
Contents

  • Important Notices

  • About Fix Packs and iFixes

  • Before running the Installer Executable

  • Applying a Fix Pack or iFix to an existing Installation

  • Performing a new Installation or an Upgrade of an existing Installation

  • Description of iFixes and Updates

Important Notices


  • IBM Sterling Connect:Direct for Microsoft Windows 4.7.0.6 introduced support for 'Operator' user local functional authority type. To support this functionality both, Sterling Connect:Direct Requester and Sterling Connect:Direct for Microsoft Windows server must be upgraded to 4.7.0.6 or later.



  • An InstallShield vulnerability (CVE-2016-2542) was disclosed by Flexera, which affects all base, fix pack and iFix installers prior to IBM Sterling Connect:Direct for Microsoft Windows 4.7.0.4. The vulnerability was address in version 4.7.0.4 and later. For more information, and when installing a version prior to 4.7.0.4, review the security bulletin at http://www.ibm.com/support/docview.wss?uid=swg21979075:
    Security Bulletin: Vulnerability in InstallShield affects IBM Sterling Connect:Direct for Microsoft Windows (CVE-2016-2542)



  • There have been some reports of antivirus software detecting a threat within Sterling Connect:Direct for Windows, resulting in the normal operation of Connect:Direct being blocked. IBM believes the threat results to be a false positive. You should ensure that you have the latest updates for your antivirus software and in case of any questions, please contact IBM Technical Support.



  • Starting with version 4.7.0.5, CD Secure+ Admin Tool (SPAdmin) and CD Secure+ CLI (SPCli) will display warnings when deprecated cipher suites or protocols are configured. Since these cipher suites and protocols can expose your node to known vulnerabilities, it is highly recommended that you update your Secure+ configuration accordingly. Please not that deprecated cipher suites and protocols may be disabled in a future update.



  • When applying an iFix or fix pack to IBM Sterling Connect:Direct for Microsoft Windows installed in a failover cluster environment, run the installer executable on each machine in the cluster where the product is installed. Follow the instructions outlined in the cluster white paper at http://www-01.ibm.com/support/docview.wss?uid=swg27040600:
    Deploying IBM Connect:Direct in a Microsoft Windows Failover Cluster



  • When installing or updating IBM Sterling Connect:Direct SDK for Windows and using the Active X controls, verify that the CDStats.ocx and CDSubmit.ocx components are registered correctly. If they do not function properly, use regsvr32.exe to first unregister and then register these components again.


About Fix Packs and iFixes
Fix packs and interim fixes (iFixes) deliver maintenance and updates to an existing product version of IBM Sterling Connect:Direct for Microsoft Windows. They are cumulative and include iFixes as well as updates added since the previous fix pack and in any earlier fix pack. You only need to apply the latest one available. Fix packs and critical iFixes can be downloaded from the IBM Fix Central website at https://www.ibm.com/support/fixcentral/. Non-critical iFixes are typically provided by IBM support in response to a customer PMR to address the reported issue.
Fix packs and iFixes are provided as a single installer executable (.EXE). File naming conventions refer to the product name, version, fix pack (fp) and iFix (if), if applicable. Here are some examples:


  • Sterling Connect:Direct (CDWindows) fix pack 4.7.0.5
    4.7.0.5-SterlingConnectDirectforMicrosoftWindows-x86-fp0005.exe

    Sterling Connect:Direct (CDWindows) iFix 4.7.0.4_iFix023
    4.7.0.4-SterlingConnectDirectforMicrosoftWindows-x86-fp0004-if023.exe

  • Stand-alone Sterling Connect:Direct Requester (CDRequester) fix pack 4.7.0.5
    4.7.0.5-SterlingConnectDirectRequesterStandAlone-x86-fp0005.exe

  • Sterling Connect:Direct SDK/SDK.Net (CDSDK) fix pack 4.7.0.5
    4.7.0.5-SterlingConnectDirectSDK-x86-fp0005.exe

Before running the Installer Executable


  • Review the fix list document (CDWin470FixList.rtf) carefully. It provides details on individual fixes, updates and changes included in a fix pack. It includes information on all features including Server, Requester, Common Utilities, Secure+, JRE, solidDB and SDK.

  • Log on with an account that has appropriate permissions to install software, typically an administrator account. When performing a silent mode installation, make sure the command prompt or batch file already has this permission prior to executing the actual command, for example by using 'Run as administrator' (RAA).

  • Take a backup, if applicable.

  • Close all other applications.

Applying a Fix Pack or iFix to an existing Installation
Use the installer executable to apply a fix pack or iFix to an existing installation of IBM Sterling Connect:Direct for Microsoft Windows 4.7.0. Enable the patch mode by specifying SEPATCH_ONLY_FLAG=1 on the command line (default).

Interactive Mode

To apply a fix pack or iFix interactively, simply double-click the installer executable in Windows Explorer or run it without any arguments from the command line. This is equivalent to the following command:

/v"SEPATCH_ONLY_FLAG=1 /l*v CDWinPatch.log"

Silent Mode

To apply a fix pack or iFix in silent mode, enter the following command line:

/v"SEPATCH_ONLY_FLAG=1 /l*v CDWinPatch.log /qn" /s /w /clone_wait

The command will wait for completion (/w /clone_wait) and return 0 if the operation was successful. Review the log file in case of failure. Include this log file when reporting an installation problem to IBM customer support.

Performing a new Installation or Upgrade of an existing Installation
Use the installer executable to perform a fresh installation of IBM Sterling Connect:Direct for Microsoft Windows 4.7.0 or to upgrade from an existing older release. Enable the installation/upgrade mode by overwriting the command line.

Interactive Mode

To install or upgrade interactively, enter the following command line:

/v"/l*v CDWinInst.log"

Silent Mode

To install or upgrade in silent mode, enter the following command line:

/v" CD_SRVR_INI_FILE=C:\cd_srvr.ini /l*v CDWinInst.log /qn" /s /w /clone_wait

The command will wait for completion (/w /clone_wait) and return 0 if the operation was successful. Review the log file in case of failure. Include this log file when reporting an installation problem to IBM customer support.

For more infomation on customizing and automating the installation, review the Getting Started Guide or the Enterprise Deployment Guide in the IBM Knowledge Center at https://www.ibm.com/support/knowledgecenter/SS4PJT_5.2.0/cd_52_welcome.html.

Description of iFixes and Updates
iFixes after 4.7.0.0
4.7.0.0_iFix001: RTC423820 / APAR IT01628

Description of Issue: When extracting a configuration using CD Configuration Tool (CDConfig.exe), some values greater than 254 are not displayed correctly. The affected parameters included the session related Initialization Parameters (Initparms.cfg: sess.pnode.max, sess.snode.max, sess.total, sess.default) and the Short/Long Term Retry Attempts in the Netmap (Map.cfg: SRetry/LRetry).

Description of Fix: Switched to another write function for the mentioned parameters.

Fix Availability Date: 14 May 2014

High Impact: N

Reported Severity: 4
4.7.0.0_iFix002: RTC422291 / APAR IT01363

Description of Issue: Event log message were still showing the product name in uppercase, like "CONNECT:Direct".

Description of Fix: The product name and event text source had already been updated to "Connect:Direct" many years ago. However these changes did not take effect until now.

Fix Availability Date: 14 May 2014

High Impact: N

Reported Severity: 4
4.7.0.0_iFix003: RTC423150 / APAR IT02000

Description of Issue: CSPA204E written to statistics when Sterling Control Center Secure Connection settings are changed.

Description of Fix: Fixed.

Fix Availability Date: 13 May 2014

High Impact: N

Reported Severity: 4
4.7.0.0_iFix004: RTC423196 / APAR IT02002

Description of Issue: Silent Installation fails when included Secure+ Client Key Certificate configuration. Error: SPCL103E rc=8 Invalid key word "CipherSuite".

Description of Fix: Fixed.

Fix Availability Date: 13 May 2014

High Impact: N

Reported Severity: 3
4.7.0.0_iFix005: RTC424498 / APAR IT01934 / CVE-2014-0963

Description of Issue: Vulnerability related to Record Processing in TLS 1.0 and later which can result in high CPU Utilization that requires a system reboot to resolve.

Description of Fix: Updated the version of GSKit.

Fix Availability Date: 30 May 2014

High Impact: Y

Reported Severity: 2
All iFixes and fix packs listed above are accumulated in fix pack 1 (4.7.0.1).

iFixes after 4.7.0.1
4.7.0.1_iFix001: RFE 401559 (ID 40797) / APAR IT03451

Description of Issue: Simple clicking OK button in CD Secure+ Admin tool, without changing any value is updating the node's record file.

Description of Fix: Updated SPAdmin to only write the record when the node was changed.

Fix Availability Date: 29 July 2014

High Impact: N

Reported Severity: 5
4.7.0.1_iFix002: RTC408632 / RFE 405966 (ID 42671) / APAR IT00728

Description of Issue: Sterling Connect:Direct for Windows Total Max Sessions enforcement

Description of Fix: Added a new initialization parameter sess.total. It works similar to sess.pnode.max and sess.snode.max, except that it limits the maximum concurrent connections for all remote nodes in total. Valid numeric values are 1 to 510. The initial value if not specified is the sum of sess.pnode.max plus sess.snode.max.

Fix Availability Date: 05 August 2014

High Impact: N

Reported Severity: 5
4.7.0.1_iFix003: RTC435753 / APAR IT04317

Description of Issue: CSPA303E, CSPE004E and CSPE005E errors occurring sporadically under high concurrency and when Strong Password Encryption (SPE) is enabled.

Description of Fix: Resolved a threading issue and updated the version of GSKit. Improved exception handling to avoid a potential crash situation.

Workaround: Temporarily disabled SPE.

Fix Availability Date: 09 September 2014

High Impact: N

Reported Severity: 2
4.7.0.1_iFix004: RTC436568 / RFE 400238 (ID 40159) / APAR IT04447

Description of Issue: Enable millisecond timestamp on statistics records in Sterling Control Center.

Description of Fix: The Connect:Direct Windows server now stores millisecond time resolution on some of the existing time stamps saved in its statistics logs. Please note that a Connect:Direct API client can choose whether or not to display the extra millisecond time resolution characters now available.

Fix Availability Date: 29 September 2014

High Impact: N

Reported Severity: 5
4.7.0.1_iFix005: RTC437894 / APAR IT04504

Description of Issue: Sterling Control Center was unable to catch up on statistics with a busy Connect Direct Windows node. Select Statistics queries started to take longer and longer to complete. The Connect Direct Windows node responded slowly and solidDB started to create lots of temporary files (sxs*.*).

Description of Fix: Widely increased the performance for the type of Select Statistics queries initiated by Sterling Control Center. These queries specify the LIMIT parameter and do not include wildcards or SFILE/DFILE.

Workaround: See the following Technote at https://www.ibm.com/support/entdocview.wss?uid=swg21682729: Many solidDB® temp files are being created and it caused the Connect:Direct Disk to fill up and CD statistic cannot be collected.

Fix Availability Date: 22 September 2014

High Impact: N

Reported Severity: 2
4.7.0.1_iFix006: RTC432574 / APAR IT04498

Description of Issue: A destination file may become corrupt when the user manually deletes the partial file but not the associated CKPT file while awaiting a checkpoint/restart. When the restart occurs, the first bytes up to the last valid checkpoint will all be 0 and the transfer continues from that point on.

Description of Fix: Updated the code to restart the transfer from the beginning of the file.

Fix Availability Date: 23 September 2014

High Impact: N

Reported Severity: 3
4.7.0.1_iFix007: RTC446820 / APAR IT05253 / CVE-2014-3566

Description of Issue: The SSLv3 protocol contains a number of weaknesses including POODLE (Padding Oracle On Downgraded Legacy Encryption, CVE-2014-3566). IBM Sterling Connect:Direct for Microsoft Windows is therefore also vulnerable when the SSLv3 protocol is used.

Recommendation: SSLv3 is an obsolete and insecure protocol. Use the TLS protocol instead. To fully disable SSLv3 and use TLS instead, ensure that all secure connections are configured to 'Enable TLS Protocol' and 'Disable Override'.

Description of Fix: Only enabled the protocols in the SSL handshake that are explicitly allowed for a connection.

Fix Availability Date: 04 November 2014

High Impact: Y

Reported Severity: 2
4.7.0.1_iFix008: RTC448109 / APAR IT05464

Description of Issue: Setup allows installation on unsupported Windows OS. While the installation or upgrade may complete successfully, the product will fail to run.

Description of Fix: Updated the minimum OS requirements for Setup to match the Release Notes: Microsoft Windows 7, Microsoft Windows Server 2008 R2 or higher (VersionNT>=601).

Fix Availability Date: 10 November 2014

High Impact: Y

Reported Severity: 2
All iFixes and fix packs listed above are accumulated in fix pack 2 (4.7.0.2).

iFixes after 4.7.0.2
4.7.0.2_iFix001: RTC436583 / RFE 407782 (ID 40949) / APAR IT05951

Description of Issue: Enable option to automatically delete a process from the TCQ after connection retries have been exhausted.

Description of Fix: Added a new initialization parameter conn.retry.exhaust.action. Valid values are hold or delete.

hold - Places Processes in the hold queue in “Held in Error” status after all retry attempts are used. This is the default value and retains the prior behavior of Connect:Direct.

delete - Causes the Processes to be permanently deleted from the TCQ after all short term and long term retries have been exhausted. The following example shows how to enable the Delete feature:

[TCQ Information]

conn.retry.exhaust.action=delete

Also added a new message id LCPF003E: Process Retry exceeded for &pname &pnum



Download 79.91 Kb.
  1   2   3   4   5   6




Download 79.91 Kb.