|
Ibm® Sterling Connect: Direct
|
| bet | 4/6 | | Sana | 25.12.2019 | | Hajmi | 79.91 Kb. | | #4856 |
Reported Severity: 5
4.7.0.4_iFix005: RTC503830 / APAR IT15761
Description of Issue: Submitting a new process does not fail gracefully when the TCQ is full. Instead the process gets an invalid process number of 0 assigned, leading to further errors and issues. Subsequent attempts to submit will hang.
Description of Fix: Improved the logic to get the next available process number in regards to error handling, performance and testing all process numbers.
Fix Availability Date: 16 June 2016
High Impact: N
Reported Severity: 3
4.7.0.4_iFix006: RTC503082 / APAR IT15901
Description of Issue: The solidDB database is configured to listen on LocalHost only, but it listens on all network interfaces (0.0.0.0) instead.
Description of Fix: Reconfigured solidDB to listen on 127.0.0.1.
Workaround: Edit the solidDB6.5\cdwinnt\solid.ini file, locate the Listen property in the [Com] section and replace "LocalHost" with "-i127.0.0.1" within this property. Restart the "IBM solidDB - Connect Direct v4.7.0" service for the changes to take effect. For example:
[Com]
Listen=tcpip -i127.0.0.1 23470
Fix Availability Date: 28 June 2016
High Impact: N
Reported Severity: 2
4.7.0.4_iFix007: RTC499730 / APAR IT16049
Description of Issue: Fast and Secure Protocol (FASP) bridging through Sterling Secure Proxy (SSP).
Description of Fix: Added support for FASP bridging through SSP. See the Release Notes for further information regarding support for FASP.
FASP requires a license key for use. Download the license key from Passport Advantage when you download the fix pack.
Fix Availability Date: 30 June 2016
High Impact: N
Reported Severity: 5
4.7.0.4_iFix008: RTC502918 / APAR IT16047
Description of Issue: A long running process is deleted instead of put on HOLD when trying to pause the process from CD Requester.
Description of Fix: Resolved.
Fix Availability Date: 30 June 2016
High Impact: N
Reported Severity: 2
4.7.0.4_iFix009: RTC502160 / APAR IT16005
Description of Issue: Sterling Control Center and the Application Interface for Java (AIJ) fail to retrieve statistics for a badly coded RUN TASK that had failed with LSMR003I. The following errors appear in the Sterling Control Center logs:
CNCD024E Error getting stats from server. [...] Details: com.sterlingcommerce.scc.common.NodeServiceException: CNCD058E Error getting data from server. [...] Details: KQVString.parse() detected data problem at location 8
Description of Fix: The short message text for LSMR003I, LSMR014I and LSMR015I included custom text from the command. This text has now been removed.
Fix Availability Date: 06 July 2016
High Impact: N
Reported Severity: 2
4.7.0.4_iFix010: RTC507599
Description of Issue: When receiving multiple concurrent large files, usually multi-terabyte, a Windows error 665 feedback code is sometimes received with an LSNF008i error. Microsoft indicates this is usually caused due to the file being written having too many fragments. In Connect:Direct, 20KB blocks of data are written to the disk file and with a terabyte file, this would be many blocks.
Description of Fix: The write block size has been increased to 256KB reducing the number of blocks written and reducing the file fragments.
Fix Availability Date: 22 July 2016
High Impact: N
Reported Severity: 3
4.7.0.4_iFix011: RTC507456 / RFE (ID 91139) / APAR IT16532
Description of Issue: When importing a keycert with an encrypted RSA private key, which uses the traditional SSLeay compatible format for private key encryption, the import keycert operation will fail reporting "PEM KeyStore open exception - asn1 parse failure: ..." The further text will usually refer to an issue involving DER length or DER sequence. SPCli will also report an SPCG761E message.
Description of Fix: Fixed code so that importing a keycert with an encrypted RSA private key works successfully.
Fix Availability Date: 26 July 2016
High Impact: N
Reported Severity: 5
4.7.0.4_iFix012: RTC507880 / APAR IT16387
Description of Issue: When a process was redirected by a remote Connect:Direct for z/OS PLEX manager, it occasionally did not continue immediately but was scheduled for a later retry using the short retry timer interval.
Description of Fix: The product has been updated to let the redirected process restart to its new destination as a soon as possible, persistently.
Fix Availability Date: 29 July 2016
High Impact: N
Reported Severity: 2
4.7.0.4_iFix013: RTC502169 / APAR IT16662
Description of Issue: SDK functions WaitForCompletion() and CdWaitOnProcess() may return prematurely on busy nodes, suggesting that the process has already completed when it it has not.
Description of Fix: Updated the SDK's internal timing for checking processes on the TCQ.
Fix Availability Date: 18 August 2016
High Impact: N
Reported Severity: 4
4.7.0.4_iFix014: RTC502919
Description of Issue: All directory restrictions for Download/Upload/Process/Program get wiped out when updating a User Functional Authority definition and the combined total length of directory names exceeds a large value (around 730 to 740 characters; may vary).
Description of Fix: Resolved. The maximum length for each directory name is 255 characters.
Fix Availability Date: 07 September 2016
High Impact: N
Reported Severity: 4
4.7.0.4_iFix015: RTC496608 / RFE 399737 (ID 39962)
Description of Issue: Enable client authentication for Secure+ client connections received from IBM Sterling Control Center, without a password.
Description of Fix: Clients connecting from an AIJ based product like IBM Sterling Control Center, can use Secure+ certificates to authenticate client connections to the Connect:Direct Windows server.
Fix Availability Date: 07 September 2016
High Impact: N
Reported Severity: 5
4.7.0.4_iFix016: RTC508300
Description of Issue: Add support for Client Source IP Checking.
Description of Fix: Client Source IP Checking is configured in Functional Authorities (optional). A new field has been added to Functional Authorities to specify one or more IP addresses and/or host names (comma separated) to be used to validate the Client connection's remote IP address or host name. If the validation fails, the Client connection is rejected.
Fix Availability Date: 07 September 2016
High Impact: N
Reported Severity: 5
4.7.0.4_iFix017: RTC497388 / APAR IT17150
Description of Issue: A process may start twice under rare conditions when the local node is busy with many processes starting to the same remote node and some of these sessions getting rejected. The symptoms include error messages like:
LSMR016I Open of ckpt file failed. Errno=2
LSMG007I Step return code file write failed. (fdbk=2)
LSMG235I SMGR failed to open the user process return code file - No such file or directory
LTQA004I Attempt to terminate a process, but TCQ handle invalid
Description of Fix: Resolved.
Fix Availability Date: 21 September 2016
High Impact: Y
Reported Severity: 2
4.7.0.4_iFix018: RTC517545 / APAR IT18565
Description of Issue: LCCA081I occurring when IBM Control Center requests a Secure+ Node Refresh.
Description of Fix: Updated timeout for Secure+ API commands.
Fix Availability Date: 23 December 2016
High Impact: N
Reported Severity: 3
4.7.0.4_iFix019: RTC522708 / APAR IT18566
Description of Issue: The CD Configuration Utility (CDConfig.exe) stopped working while trying to extract user configuration. The problem was caused by some bad registry settings for User Functional Authority.
Description of Fix: Fixed the application crash and updated CDConfig to display error messages when extraction has failed. Updated the code to reject usernames containing a backslash and to skip creating Order registry values for User Functional Authority.
Fix Availability Date: 23 December 2016
High Impact: N
Reported Severity: 4
4.7.0.4_iFix020: RTC509562 / APAR IT18600
Description of Issue: When refreshing initialization parameters, any Retry Message IDs (retry.msgids) and Retry Error Codes (retry.codes) get added to the list over again instead of overwriting the current value. The list keeps growing with every refresh. Trying to reset the initialization parameters to "" fails with an error:
LIPF008E - Invalid value for keyword retry.codes
Though you can still reset the initialization parameters by setting no value, like retry.msgids= or retry.codes=.
Description of Fix: Resolved an issue introduced with 4.7.0.4. The specified values will overwrite the existing values.
Fix Availability Date: 29 December 2016
High Impact: N
Reported Severity: 3
4.7.0.4_iFix021: RTC524705 / APAR IT18663
Description of Issue: Attempting to bulk update all remote nodes, for example "update remotenode name=* protocol=defaulttoln", fails with an error in CD Secure+ CLI (SPCli.cmd):
SPCG271E rc=8 The specified node(s) ".Keystore" do not exist in this parmfile.
Description of Fix: Excluded reserved node entries, like .Keystore, from wildcard updates.
Fix Availability Date: 05 January 2017
High Impact: N
Reported Severity: 3
4.7.0.4_iFix022: RTC525020
Description of Issue: SSL/TLS Handshake from Sterling Connect:Direct to Sterling Secure Proxy (SSP) fails when using a SHA-2 certificate and multiple protocols enabled.
Description of Fix: Resolved.
Fix Availability Date: 16 January 2017
High Impact: N
Reported Severity: 3
4.7.0.4_iFix023: RTC525545 / APAR IT18910
Description of Issue: Codepage conversion fails with MBCS002E FDBK=-9 when the first record is very small and a subsequent record is much longer.
Description of Fix: Optimized the codepage conversion to manage its buffers more efficiently. The updated code also requires significantly less memory, which can save up to 2,7 MB of memory per session manager.
Fix Availability Date: 16 January 2017
High Impact: N
Reported Severity: 2
4.7.0.4_iFix024: RTC529700
Description of Issue: The Certificate Viewer in CD Secure+ Admin Tool (SPAdmin) does not word wrap public keys.
Description of Fix: Resolved. The public key values for RSA and EC now match IBM iKeyman representation.
Fix Availability Date: 20 February 2017
High Impact: N
Reported Severity: 4
4.7.0.4_iFix025: RTC528142 / APAR IT19770
Description of Issue: The Secure+ KeyStore has an issue importing multiple certificates with the same the X509 Common Name (CN).
Description of Fix: The Secure+ KeyStore requires each certificate to have a unique alias name which is used to associate Identity/KeyCerts with Secure+ Nodes. During certificate import, when label names are not provided, the alias name is generated from the X509 Common Name (CN) component of the Subject Name. In cases where the same CN is assigned to multiple certificates, the import may skip otherwise valid certificates. A unique ID generator has been added to allow multiple certificates using the same CN to co-exist. Use the new AddWithUniqueLabel option to import these certificates from the CD Secure+ Admin Tool (SPAdmin) or the CD Secure+ CLI (SPCli).
Fix Availability Date: 20 February 2017
High Impact: N
Reported Severity: 2
4.7.0.4_iFix026: RTC530106
Description of Issue: Secure+ API performance enhancement.
Description of Fix: Improved the performance of Secure+ API commands, for example when refreshing certificates is issued from IBM Control Center.
Fix Availability Date: 20 February 2017
High Impact: N
Reported Severity: 5
4.7.0.4_iFix027: RTC528788 / APAR IT19769 / CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843
Description of Issue: Vulnerabilities were reported in zlib. zlib is used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs.
Description of Fix: Updated zlib components.
Fix Availability Date: 22 February 2017
High Impact: Y
Reported Severity: 2
4.7.0.4_iFix028: RTC529668 / APAR IT19772 / CVE-2016-2183
Description of Issue: An OpenSSL vulnerability disclosed by the OpenSSL Project affects GSKit. IBM Sterling Connect:Direct for Microsoft Windows uses GSKit and therefore is also vulnerable. This vulnerability is known as the SWEET32 Birthday attack.
|
| |
