IBM Support

Fix list for IBM WebSphere Application Server traditional V9

Product Readmes


Abstract

IBM WebSphere Application Server traditional provides periodic fixes for the base and Network Deployment editions of release V9. The following is a complete listing of fixes for V9 with the most recent fix at the top.

Content

Release Date
Total number of APARs
Total number of Security APARs
26 March 2024
32
0
12 December 2023
49
0
19 September 2023
48
1
28 June 2023
57
4
4 April 2023
73
1
22 November 2022
49
6
30 August 2022
59
3
7 June 2022
58
2
15 March 2022
62
3
3 December 2021
56
1
10 September 2021
83
1
18 June 2021
106
10
26 March 2021
100
4
27 November 2020
88
5
4 September 2020
64
7
12 June 2020
63
3
20 March 2020
104
4
13 December 2019
73
5
20 September 2019
77
2
28 June 2019
93
2
5 April 2019
87
6
14 December 2018
74
16
21 September 2018
80
4
29 June 2018
129
6
16 March 2018
87
5
21 December 2017
110
0
17 October 2017
175
5
13 June 2017
147
3
14 March 2017
114
3
13 December 2016
134
3
16 September 2016
170
6
Fix Pack 9.0.5.19
Fix release date: 26 March 2024
Last modified: 26 March 2024
Status: Recommended

Download Fix Pack 9.0.5.19
Fixes:
Component Security APAR APAR Description
Administrative Console (all non-scripting) PH57273 "The output file for the operation is null" message (null) appears when take system dump from administrative console
Administrative Scripting Tools (for example: wsadmin or ANT) PH59054 Upgrade to use Ant 1.9.16
Edge Components Fixlist Detailed List of APARs for Edge Components
General PH58275 Update Axis version in UDDI.ear installable application
PH53734 Include javax.servlet.resources
PH55289 Upgrade Jackson version used by JAX-RS
PH56028 NullPointerException in com.ibm.ws.cdi.impl.managedObject.CDIEJBManagedObjectFactoryImpl.createContext
PH56695 Usage metering serviceability improvements
PH57058 Wasservice command needs additional debugging info on Linux
PH58017 Intermittently Adminconfig.getid( /server:odr/proxysettings:/ ) return nothing even when the object exists
IBM HTTP Server Fix List Detailed List of APARs for Edge Components
Intelligent Management Component PH58487 In IPv4/IPv6 dual stack environments, Intelligent Management enabled web servers and ODRs sporadically return 404/503
PH59488 Not automatically restart the application after group rollout completed
Java 2 Connectivity (J2C) PH50702 Handle list code may dead lock with older resource adapters
PH51368 Switch current locks to synchronized
PH58090 Deadlock during Db2 HADR failover
PH58534 Averaging for stuck detection is failing
Java SDK PH55398 Missing source button id:value pair from request parameters in ajax requests
JNDI/Naming PH59047 Passowords can be seen in FFDC files
JSP PH49514 JSP taglib objects not cleaned up properly
PH50620 Expression language service loader error causes ClassNotFoundException
PH51645 Repeated JSP re-compilation after the manual update of the JSP file under heavy load
Migration PH51549 Usage of term "master" in migration messages must be addressed
PH57504 Upgrade the migration toolkit in WebSphere Application Server to the latest version
Plug-in PH58250 Define serverIOTimeout > 66000 secs via isc
Security PH57998 Error detected while opening the certificate database
System Management/Repository PH55755 Include -xms256m in iscdeploy.sc script joptions setting
Transaction Service PH58504 Provide mechanism to specify JTA commitPriority of wscoordinators
Web Services (for example: SOAP or UDDI or WSGW or WSIF) PH58070 Validate ServiceFactory.getService
PH59301 Web services API ServiceFactory.getService() is not validating input data
Web Services Security PH55077 OIDC enable introspection to use UserInfo endpoint
PH56076 Saml Web SSO might fail with no principal in trust association error
PH57126 SAML importSAMLIpMetadata wsadmin command might fail with NullPointerExcepion error
PH58024 OidcClientHelper.getJwtClaimsAsMap api might return null although JWT parameter is valid
 Back to Top
 
Fix Pack 9.0.5.18
Fix release date: 12 December 2023
Last modified: 12 December 2023
Status: Superseded

Download Fix Pack 9.0.5.18
Fixes:
Component Security APAR APAR Description
Administrative Console (all non-scripting) PH55437 Websphere administrative console displays its own login page after an error when it is protected by a TAI
PH55566 Problems in the console identity panel of the administrative console
PH55702 For some user roles, the federated repository page shows a blank page
PH56203 The InternalFileRepository text should be a link for users with the admin role
PH56496 Error 400 when clicking cluster topology tab
PH57081 Next page button in "Java Authentication and Authorization Service" page does not work
Administrative Scripting Tools (for example: wsadmin or ANT) PH56797 When using AdminApp.edit() to run -MapRolesToUsers, a empty string used in place of a role name causes incorrect behavior
Channel Framework PH56229 Timestamp in http_access.log (NCSA access log) is incorrect after WebSphere Application Server upgrade to 9.0.5.16
PH56821 Package MQ 9.1.0.17 RA for WebSphere Application Server 9.0.5.15 and 9.0.5.16
Edge Components Fixlist Detailed List of APARs for Edge Components
General PH53554 Print proper message when enterprise application level session manager settings are used
PH55104 Used to back port python script email/utils.py
PH55311 Federated repositories get API incorrectly returns users which do not meet the user defined search criteria
PH55471 Federated repositories certificate filter does not recognize a plus sign (+)delimiter
PH55523 Websphere v8.5.5.x Java Batch application fails with J2CA0045E errors after receiving Socket connect timed out error
PH56054 Update API discovery dependencies
PH56266 After applied PH42468, always waiting 8.5s before closing websockets
PH56482 The WS-Security sample keystores expired
PH56518 wsadmin.sh jython files are created with rw------- (600) permissions
PH56574 Batch code bug which is causing a lookup failure and subsequent retry(s)
PH56649 Update COMMONS-COMPRESS to 1.21 in Jython
PH56650 Update guava in Jython 2.7
PH56766 WebSphere windows service helper tool (wasservicehelper) logs incorrect command in its report file
PH56805 Update Apache Batik SVG toolkit library to 1.17
PH56806 OAuth provider might fail with an SQL error when retrieving tokens from the token store
PH56866 JaxWS injects invalid xml in SOAP response for LDAP failure
PH57206 NullPointerException may occur when checking cookie names at encodeURL function
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server
Java 2 Connectivity (J2C) PH54703 Always average stuck values using stuckQueryInterval
PH55788 When federated node name contain CellManager, install resource adapter failed
PH56962 Application fails with J2CA0045E/J2CA0027E errors after WebSphere Application Server upgrade from v9.0.5.13 to 9.0.5.15
PH57293 WebSphere Application Server can over log DSRA8207I messages when using the Oracle JDBC driver
PD tools (for example: Log Analyzer) PH55109 Null Pointer Exception when obtaining JSON output for HPEL logs in LogViewer
Plug-in PH55990 Improve 413 error reporting in WebSphere Application Server plugin
PH56263 Plugin startup takes out servers because they were not fully started
PH56386 Plugin topology generation does not persist all config values
PH56499 A failure to start the websphere plugin does not produce adequate messaging
PH56705 Plugin ANT script doesn not preserve existing permissions
PH57259 Plugin may overlook SecureHostVerfification under certain conditions of Intelligent Management
PH57339 After PH48747, plugin generation does not create routing rules
Scheduler PH55283 Class loader leak in work manager daemon thread
Security PH49777 Incorrect output during ORB connection
PH55146 Customize certificate monitor email alert subject
PH55723 Null Pointer Exception occurs after change to com.ibm.isecurityutilityimpl.passwordutil with WebSphere Application Server on IBM i
PH55837 Remove unnecessary information from FFDC output
System Management/Repository PH55165 Running ADMINTASK.VALIDATECONFIGPROPERTIES returns ADMG0836I: A null value specified for property adjustPort
PH57266 Using WSADMIN with SOAP and wrong password does not return proper message
Transaction Service PH56881 NullPointerException during recovery of Web Services-Atomic Transactions (WS-AT) subordinate in WSATRecoveryCoordinator.fromLogData causes recovery to fail
Web Services (for example: SOAP or UDDI or WSGW or WSIF) PH55695 Web services application ibmasyncrsp.ear may be flagged by scanners
Web Services Security PH56494 SAML recipient is not retrieved if the SubjectConfirmationData element is not the first child
Fix Pack 9.0.5.17
Fix release date: 19 September 2023
Last modified: 19 September 2023
Status: Superseded

Download Fix Pack 9.0.5.17
Fixes:
Component Security APAR APAR Description
Administrative Console (all non-scripting) PH53446 Removal of data power admin commands and related files
PH54394 "The report no longer exists" error message in Liberty Advisor
PH55326 Clicking "help" (left side of logout) does not work in the WebSphere Application Server Administrative Console on WebSphere 9.0
Edge Components Fixlist Detailed List of APARs for Edge Components
Federated Repositories PH51970 NullPointerException returned when federated repository attempts to retrieve the external identifier (getAttributesByExtID)
General PH51485 OIDC TAI: update JWK cache to associate with discovered OP
PH52106 Update the IBM WebSphere MQ JCA resource adapter to version 9.1.0.16
PH52796 NullPointerExceptions seen in servant region for gridContainer
PH53044 Out of memory with lot of instances of com.IBM.ws.cdi.classic.CDIArchiveImpl
PH53520 Serviceability improvement to aid in debugging CWLRB5841E db2 sql error: sqlcode=-433, sqlstate=22001
PH54161 A CWWIM001E error can be encountered on various code paths
PH54588 Update Apache Commons Codec to 1.15 for usage metering
PH55042 OIDC: Support PKCE
PH55104 Used to back port python script email/utils.py
PH55626 Increment bundle-version for WebSphere Customization Toolbox (WCT)
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server
Install PH54022 Patch 9.0.5.15 breaks jython scripts
Java 2 Connectivity (J2C) PH41002 Improve dsconfig helper tracing
PH54595 NullPointerException in com.ibm.ejs.j2c.poolManager.stuckConnectionSupport
PH54677 WebSphere Application Server shutdown may hang when connection validation retries specified
PH55245 Allow JTA transaction timeout to skip JDBC 4.1+ datasource abort mechanism and behave as per older JDBC datasource
Migration PH55426 Update the WebSphere migration toolkit for application binaries to the 23.0.0.2 version
PD tools (for example: Log Analyzer) PH54093 Collector tool fails with NullPointerException
PH55179 Large number of ffdc files causing slow down during server startup
Plug-in PH53629 Plugin does not allow for content body larger than 1386820698 in version 855
PH54077 Plugin propagation does not wait long enough for node synchronization in some cases
PH54363 Plugin Configuration Tool leaves a program file artifact
PH54601 Crash in detailedlog function of web server plugin
PH54768 Plug-in serverIOTimeout value is used in the SSL handshake during connection creation
PH55213 WebSphere plugin HostVerificationStartupCheck problems with Liberty servers configured with tcpOption waitToAccept="true"
PH55238 WebServer startup delays with HostVerificationStartupCheck=true
PH55888 Response buffer overflow logged by the Web Server plugin
PMI/Performance Tools PH54141 No warning message about the performance impact after selecting the "all" performance monitoring infrastructure statistic set
PH54614 Mbean for ActiveCount orb.thread.pool is incorrect after servant crash
Runtime and Classloader PH52701 NullPointerException occurs at CompoundClassLoader
PH54218 Get jar placed into both the ear and war class loader
Security PH52832 A subject is created with incorrect principal name when a request comes from a foreign trusted realm
PH53800 Provide 4 character cipher support for the WebSphere Application Server daemon using system SSL
PH53876 Standalone LDAP uses the wrong SSL configuration
PH54406 IBM WebSphere Application Server could provide weaker than expected security (CVE-2023-35890 CVSS 5.1)
PH55392 ContinueAfterTAIError does not behave as expected
Session Initiation Protocol (SIP) Container PH53665 Sipcontainer forwards retransmitted ACK when allow.lower.cseq.in.ack is set to true
PH55528 StringIndexOutOfBoundsException in SIP container during cancel processing - cancel not propagated
System Management/Repository PH54438 Running AdminTask.validateConfigProperties returns ADMG0811I: Changing value for this property ****. New value specified is null. Old value was null.
PH54615 Unstoppable server is not killed by node agent
PH54978 Slowness caused by unnecessary scanning for EJB content
Transaction Service PH53972 Serviceability enhancement for diagnosing XA protocol violations in scenarios where resource managers violates the XA specification
Web Services Security PI56836 Update jax-ws ws-security to allow customization of canonicalization algorithm
WebSphere Common Configuration Model (WCCM) PH54323 Update ICU4J time zone database to 2023a
z/OS PH55040 Add support for CICS 6.1 in WebSphere optimized local adapters for WebSphere Traditional
Fix Pack 9.0.5.16
Fix release date: 28 June 2023
Last modified: 28 June 2023
Status: Superseded

Download Fix Pack 9.0.5.16
 Enhancements:
Idea
 Description
TWAS-I-104
Display iFix applied in JOBLOG
Fixes:
Component Security APAR APAR Description
Administrative Console (all non-scripting) PH52785 IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console (CVE-2023-24966 CVSS 6.1)
PH53159 Deadlock seen in WASResourceSetImpl
PH53830 A blank page displayed when opening the Tivoli Performance Viewer
PH54120 Changes were made to the Eclipse help subsystem (iehs.war)
PH54585 Websphere Application Server for z/OS 9.0.5.15 generic JVM arguments not expanded in jvm.options files
Administrative Scripting Tools (for example: wsadmin or ANT) PH52518 AdminServerManagement.rippleStartSingleCluster hangs
PH53011 AdminNodeManagement.SyncActiveNodes() takes too much time to complete
PH53105 Remove lib directory from Jython.jar in Jython2.7.2
DB Connections/ Connection Pooling PH51636 When a data source 4.0 is being used by application with missingpassword NullPointerException is thrown
PH52361 Wrong message key for messages WRRN0006W and WTRN0005W
Edge Components Fixlist Detailed List of APARs for Edge Components
General PH49962 Eclipselink throws classcastexception during update with identity generation
PH50200 Change the default SSL protocol for the daemon to TLSv1.2
PH51431 EclipseLink does not support non-breaking space characters in SQL/JPQL query strings
PH51639 CDI should tread shared library BDAs as application BDAs
PH51819 Update commons net to version 3.9.0 in CIM
PH51978 EclipseLink parameter support for db2 zos escape clause
PH51980 EclipseLink throws exception on DB2ZOS when obtaining current timestamp
PH52000 Backupconfig.sh fails with FileNotFoundException at service level 9.0.5.10
PH52313 Memory leak in JAX-RS vector
PH52879 Update jQuery and handlebars dependencies for API Discovery (Swagger) UI
PH53138 Add debug to help diagnose problem when getting workspace is not valid error
PH53142 Update commons-fileupload.jar used in struts
PH53252 IBM WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection vulnerability (CVE-2023-27554 CVSS 6.3)
PH53324 Escape CXF's services listing stylesheet path in jaxrs-2.0
PH53389 Update the Apache commons-net library in the WebSphere Customization Toolbox to version 3.9.0
PH53496 Update REST API discovery (swagger) dependencies
PH53549 Update commons BeanUtils to include latest bug fixes
PH53559 Add support to EclipseLink for Oracle 21 support
PH53663 Update XML BCEL library
PH53798 Discontinue BluemixUtility commands
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server
Install PH53172 Support sha-2 in remote execution and access (RXA)
PH54022 Fixpack 9.0.5.15 breaks Jython scripts
Intelligent Management Component PH51240 Health management restart task may not restart all targets successfully
PH54204 Intelligent Management enabled Plugin causes a segmetation fault
JavaServer Pages (JSP) PH53463 Upgrade to commons-beanutils v1.9.4
JNDI/Naming PH52245 Error message needs to be more clear when binding an object to non-naming context
Migration PH52734 Enable the binary scanner to generate a trace file from the wsadmin AdminTask createMigrationReport command
PH53676 Update the migration toolkit in was to the latest version
Object Request Broker (ORB) PH50123 Excessive consumption of subpool228 key 2 common storage
PD tools (for example: Log Analyzer) PH53928 Systemcore diagnostic plan action does not work on z/OS
Plug-in PH47848 Preconditioning code for new functions
PH48747 IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to spoofing when using Web Server Plug-ins (CVE-2022-39161 CVSS 4.8)
PH52853 Plugin piped logging missing end of line carriage return character on Windows operating systems
PH53838 WebSphere plugin configuration fails on AIX if bash is not avaialble
Runtime (zSeries®) PH53682 Log information about installed ifixes and apars at server startup
Runtime and Classloader PH51481 Errors reading configuration files contain insufficient detail
Security PH52363 After server has been running for a few hours, SpnegoTokenHelper API may fail due to the lack of Kerberos credential
PH53333 EnablePasswordEncryption command fails with CWPKI0773E
Servlet Engine/Web Container PH50863 IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998 CVSS 7.5)
PH51470 Elapsed time of request in the NCSA access log could be a negative value
PH52074 Validate HTTP header names
Session Initiation Protocol (SIP) Container PH52502 Parsing bad SIP requests/responses can lead to high CPU
System Management/Repository PH53103 The message of IBMJGSSProvider is shown when startserver or stopserver command is executed on Windows platform
PH53199 Misleading error message in stopserver.log when client try to stop a server that is already stopped
PH53332 Improve error when the server registered as Windows service and the service fail to start
Web Services Security PH52459 OIDC: emits a CWTAi2086E error when a JWT is signed with a PS256 key
z/OS PH51677 WebSphere daemon ABEND=SCC3 reason=C9C20008
Fix Pack 9.0.5.15
Fix release date: 4 April 2023
Last modified: 4 April 2023
Status: Superseded

Download Fix Pack 9.0.5.15
 Enhancements:
Idea
 Description
TWAS-I-324
IBM HTTP Server: Add SSLMinimumRSAKeySize directive to reject client certificates with small RSA keys
Fixes:
Component Security APAR APAR Description
Administrative Console (all non-scripting) PH50486 A dollar sign in -xtrace is not processed correctly and servant.jvm.options file is not updated
PH50841 The ability to administer DataPower appliances has been removed from the WebSphere Application Server administrative console
PH51708 A dollar sign in a JVM generic argument is not processed correctly and the servant.jvm.options file is not updated
PH51816 Removal of extraneous debug messages in the systemout logs
PH51822 Admin console displays incorrect string for externalCacheGroup
PH51849 Remove the use of knowledge center in the WebSphere Application Server administrative console
PH52119 The page help link for the LDAP test query panel is broken
PH52137 The background colour and navigation links are the same colour when using the "my tasks" view
PH52925 IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console (CVE-2023-26283 CVSS 5.4)
Administrative Scripting Tools (for example: wsadmin or ANT) PH49149 Unnecessary information printed in wsadmin trace
Edge Components Fixlist Detailed List of APARs for Edge Components
EJB Container PH50062 Message-driven bean (MDB) class java heap leak on application start/stop
EJBDeploy (WSAD) PH50465 Remove the Apache axis 1.4 from EJBDdeploy tool
PH50478 The heap size for the EJBDeploy tool is not enough
General PH25000 Upgrade Jython to 2.7.2
PH43374 The nodeAgent was not taking action when JVM "crashes"
PH44317 Add log message to notify the user that the syncnode command failed due to missing key and trust files
PH49778 High Java heap usage for com.ibm.ws.jaxrs20.cdi.component.jaxrsFactoryImplicitBeanCDICustomizer
PH49914 Update Apache Batik SVG toolkit library to 1.16
PH50353 Usage metering not handling multiple SSL protocol
PH50582 Executorservicesimpl is creating thread pools with application class loaders as their thread context class loaders and whether t
PH50666 OSGi application fails to find bundle dependencies due to partial EBA expansion
PH50812 Update Jython used by wsadmin
PH50979 Remove lib/ensurepip directory from Jython
PH50986 Update Python scripts in Jython 2.1
PH51396 The optional libraries wsjpatrace.jar file has been removed
PH51496 Update the apache commons-net library in the ibm support assistant data collector tool to version 3.9.0
PH52116 Allow users to configure a fromAddress for audit notifications
PH52311 Memory leak in JAXRSFactoryImplicitBeanCDICustomizer
PH52503 Do not use redirect-query-check with CXF'ss static resource list
PH52509 Apache CXF's MTOM implementation follows the url defined in the xop:include href attribute by default
PH52888 NullPointerException in singleton EJB JAX-RS sub resources
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server
IBM i PH50815 Issues after uninstallation on IBM i
Intelligent Management Component PH49275 Update Jansson from version 2.0.1 to 2.14
Java 2 Connectivity (J2C) PH47898 Better handling of connection error events on free connections
PH48686 Override stuck connection support seconds with millisecond units
PH49341 A race condition of transaction timeout could leave an indoubt transaction at RM side
PH50820 Adding warning messages for rar properties that are being removed
PH51313 Print connection leak info in FFDC when J2CA0045E
PH51644 Miss threadID and not reported as suspected leak
PH51659 IndexOutOfBoundsException can occur during a resource outage
PH51748 Add additional trace for pool maintenance thread
PH52757 Negative connections seen in the connection pool
Java Management Extensions (JMX) or JMX Client API PH22062 Log the default JVM maximum heap size computation
Java Message Service (JMS) PH44389 In WebSphere Application Server v9.0.5.x, modifySIBJMSActivationSpec command sets JNDI destination lookup to null
Logging PH53925 Improved the collector tool to not collect redundant template files from the profiles config directory in the collector output jar
PH53926 Improved the collector tool to include the security domain configuration files in the collector output jar
Migration PH51206 Update the Websphere migration toolkit for application binaries to the 22.0.0.7 version
PMI/Performance Tools PH35234 High cpu issue when the web uri pmi url is enabled
Security PH46257 Change was to use the IBMJCEPlusFIPS provider when fips is enabled
PH47643 Error creating client_auth_token during shutdown
PH49944 ReceiveCertificate command fails when the response file does not contain a complete chain
PH50256 Server AES password encryption fails to initialize when client properties file is not found
PH50799 Issues an informative error in the logs when the key manager fails to initialize
PH51280 JVM process was not starting, after customizing / modifying the cipher list
PH51421 Add parameter to genAndReplaceCertificates
PH51611 EnablEPasswordEncryption wsadmin admintask operation fails with CWPKI0773E on IBM i
PH51918 After upgrading to 9.0.5.14 the server does not start with SSL errors to LDAP
Servlet Engine/Web Container PH47287 Suppress some header data in the trace
PH48467 Java/lang/arrayindexoutofboundsexception when purgeDataDuringClose=true is set
PH49305 Multiple values in request header "x-forwarded-for" not logged
PH52167 Http channel custom property donotallowduplicatesetcookies=true is not preventing multiple set-cookie headers from being created
System Management/Repository PH48526 FFDC for InstanceNotFoundException gets created at start or stop of an application
PH49746 SetAutoAccept flag should not be set during fileTransfer
Transaction Service PH49974 WS-transactions initialization failure when javax.xml.rpc.serviceFactory system property specified
Web Services (for example: SOAP or UDDI or WSGW or WSIF) PH50431 Admin ThinClient support for WDT
PH50618 Remove soap-sec_app22.war as it is very old and not used anymore
Web Services Security PH51700 ImportSAMLIdpMetadata should not emit sso_1.idp_1.EntityID
PH51712 Admintask.deleteSAMLtaisso does not delete the signing certificate
PH51805 Admintask.importSAMLIdpMetadata emits SECJ8043E when IDP exists anywhere
PH52683 OIDC an NullPointerException can occur when evaluating a filter value
WebSphere Common Configuration Model (WCCM) PH47492 NullPointerException from org.eclipse.jem.util.registryReader.readRegistry during application update
PH52005 This apar is to add a cache in EMF of the SAXParserFactory
z/OS PH50140 Websphere 9.0.5.11 BBOA8000I: the current CICS level 0506 is not supported after CICS is upgraded to v5.6
Fix Pack 9.0.5.14
Fix release date: 22 November 2022
Last modified: 22 November 2022
Status: Superseded

Download Fix Pack 9.0.5.14
Component Security APAR APAR Description
Administrative Console (all non-scripting) PH47531 IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console (CVE-2022-34336 CVSS 5.4)
PH49318 Drop down selection makes items un-clickable starting from fixpack 9.0.0.11
PH50116 IBM WebSphere Application Server is vulnerable to Cross-site Scripting (CVE-2022-22477 CVSS 6.1)
Channel Framework PH46816 IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to HTTP header injection (CVE-2022-34165 CVSS 5.4)
Dynamic Cache PH47936 Inactivity timeout value larger than 2147483 seconds causes immediate cache invalidation
Edge Components Fixlist Detailed List of APARs for Edge Components
Federated Repositories PH49752 Setting custom property com.ibm.websphere.security.ldap.groupBaseDN results in login failure
PH49768 Adding cache to urbridge in federated repositories
PH49910 CWWIM1999E IllegalArgumentException: class group does not have a feature named password
PH49932 Urbridge removes uniqueID from personAccount and group dataObjects
General PH37481 Leaked connections in com.ibm.ws.batch.schedulerStoreFactory
PH43324 The managesdk command may not detect the default locations where custom encryption classes reside
PH47365 Improve message when addNode fails due to disabling non-SSL port in WebSphere
PH47827 NullPointerException during batch job execution
PH48009 Security hardening: Apache commons collections
PH48552 com.ibm.ws.orb_8.5.0.jar needs JDK orb 8 classes
PH48612 Register deployment manager with WebSphere automation
PH49381 OAuth TAI: add regular expressions and logical OR to filter property
PH49382 Saml web inbound: Add regular expressions and logical OR to filter property
PH49655 IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console (CVE-2022-40750 CVSS 5.4)
PH49790 Application ajaxProxy.war does not accept HTTP requests
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server
Java 2 Connectivity (J2C) PH38284 Add ConnWaitTimeoutPoolContent trace string,ConnWaitTimeoutJavacoreInterval and MaxConnWaitTimeoutJavacore properties to allow client generate javacores when J2CA0045E report for a datasource to help debug performance issue with J2CA0045E
PH38720 Add messages to report connections are aborted for transaction timeout or abort purge which will help to determine root cause of the closed connection
Java Persistence API (JPA) PH41746 OpenJPA IllegalArgumentException setting persistence properties on entityManagers
Migration PH42947 Server1 extra entry was found in serverindex.xml file due to which the ports were changed
PH48997 Migration process from WebSphere Application Server Version 8 to Version 9 does not migrate configuration file
Object Request Broker (ORB) PH48618 Outbound IIOP locate request hangs and fails with BBOO0049E
Plug-in PH48383 Plug-in should not crash if WebSphere returns null DWLM information and caused IBM HTTP Server crashed
Runtime and Classloader PH46573 Add full headers to error-stream logs
Security PH41442 Provide TLSv1.3 protocol support for daemon system SSL
PH41795 Update in System SSL ciphers (z/OS only)
PH44422 LDAP connection retries take long time
PH47302 SecurityObjectLocator#getSecurityConfig() returns null when run in local mode
PH48140 Renewing WebSphere Application Server generated personal certificate not reflected by SOAP port connection
PH48145 WebSphere formLogout does not invoke TAI logouts
PH48637 SSL configuration built from JVM properties not taking FIPS into account when filling in SSL protocol
PH49180 SystemOut.log flooded with SECJ0352E with ICH31005I message
PH49360 Improve error handling in wsadmin scenario
PH49497 Retrieve from port not honoring SSL protocol
System Management/Repository PH48128 The syncNode.sh command fails on z/OS with zMFA's one-time use password
Transaction Service PH47385 IBM WebSphere Application Server is vulnerable to Server-Side Request Forgery (CVE-2022-35282 CVSS 4.3)
PH47514 IIOP request should be prohibited if the transaction context has already timed out in a subordinate
PH48393 Incorrect locking in transaction sevice partnerLogtable subClass
Web Services (for example: SOAP or UDDI or WSGW or WSIF) PH46878 Allow ServiceDescription object to be kept in cache for future use
PH49111 IBM WebSphere Application Server is vulnerable to SOAPAction spoofing (CVE-2022-38712 CVSSS 5.9)
Web Services Security PH47550 SAML SSO: Add useJavaScript property
PH48083 Update the OpenID Connect (OIDC) replying party (RP) to logout from an OIDC provider (OP) with RP-initiated logout
PH49279 OIDC: Add regular expressions and logical OR support to filter property
PH49373 SAML: Add regular expressions and logical OR support to filter property
PH49566 OIDC: CWTAI2047E when more than one key without "alg" claim in JWK
Fix Pack 9.0.5.13
Fix release date: 30 August 2022
Last modified: 30 August 2022
Status: Superseded

Download Fix Pack 9.0.5.13
Component Security APAR APAR Description
Administrative Console (all non-scripting) PH45303 Changes in admin console cookies to meet RFC 6265 compliance
PH46332 IBM WebSphere Application Server is vulnerable to cross-site scripting CVE-2022-22477 CVSS 6.1)
PH46342 IBM WebSphere Application Server is vulnerable to an information disclosure (CVE-2022-22473 CVSS 3.7)
Enterprise Edition (EE) PH46247 Array out of range exception from jaxb unmarshaller when using qname Java type
Federated Repositories PH46082 Add warning message when failed login delay is disabled
PH47025 File repository account lockout policy can delay expiring failed logins
General PH36335 OIDC TAI cannot process encrypted JWT (JWE) or id tokens
PH43934 Eclipselink update queries reuse timestamp values for version locking
PH44128 Eclipselink criteria api support for parameter values in order by clause
PH44339 IBM WebSphere Application Server is vulnerable to Spoofing (CVE-2022-22365 CVSS 5.6) 
PH45297 OIDC: introspection requests might fail after access token is refreshed
PH45382 Update GSon jar used in kc.war module
PH45431 Eclipselink criteria api support for parameter values in criteriabuilder isNull function
PH45432 Eclipselink may obtain incorrect identity values on SQLServer
PH45453 PCT response file has invalid paths
PH45704 0C4 abend in IIOP connection closing code
PH45740 OIDC setting SignatureAlgorithm to none results in error
PH45755 EclipseLink negate expression inappropriately sets integer as return type
PH45943 Changing node maintenance mode state fails and hung thread warnings (WSVR0605W) are observed in systemout.log
PH46163 Enhance parser of was-usage-metering.properties
PH46324 OIDC: CWTAI2047E error occurs when no kid claim in the JWT header
PH46408 OIDC: getvalidaccesstoken might fail with illegalargumentexception
PH46423 File repository account lockout not ignored on versions 8.0 and lower
PH46743 Update the WebSphere migration toolkit for application binaries to the 22.0.0.3
PH46751 Memory leak executing eclipselink batch queries
PH46914 Routing rules fail with underscore names
PH47272 OIDC TAI requires hardcoded signature algorithm
PH47482 OIDC add value to useRealm property to mean default realm name
PH47541 Improve DB2 query performance on eclipselink by altering parameter binding behavior
PH47715 WebSphere service crash in ntdll.dll
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server
Intelligent Management Component PH46914 Routing rules fail with underscore names
Java 2 Connectivity (J2C) PH39586 Adapter code reports java.sql.SQLException: unsupported feature for the optional method
PH44499 Oracle UCP connection pool cleanup during connection testing
PH44986 Warnings emitted by DB2 driver for unknown kerberos properties
Java Management Extensions (JMX) or JMX Client API PH38127 Update information returned from SOAP response
PH44727 BackupConfig.sh script failed to execute with error WSVR0019E
Java Message Service (JMS) PH45838 Issue in control region with handling connection with async read outstanding
JNDI/Naming PH46634 Use inclusive language in naming server code
Migration PH45605 WASPreUpgrade fails when the profiles are in the $WAS_HOME directory
PD tools (for example: Log Analyzer) PH45926 WebSphere control region abend: NoClassDefFoundError (C9C21235)
Plug-in PH46638 Server markdown and retry when 505 is received instead of 100-continue
PH46938 IBM WebSphere Application Server webserver plugin may not forward request
PH47314 Plugin error: loadsecuritylibrary(<number>): skitlib 0x<hex value> but rc=<num>
PMI/Performance Tools PH43914 PMI asynccontext response time cannot be set
PH45048 WSThreadPoolStats appear to be missing the relevant static variable id for percentage used
Runtime and Classloader PH39981 JVM MBean dumpthreads() can create heap or system core dumps
PH43152 Runtime module code does not have the necessary thread context protection
PH45954 Remove WMIC from clearClassCache.bat
Scheduler PH45977 Duplicate execution of ScheduleAtFixedRate
Security PH41795 Update in the SSSL ciphers (z/OS only)
PH45406 The addNode operation fails during creation of a chained certificate due to java.lang.NumberFormatException
PH45670 NullPointerException in socket factory in 8.5.5.21 and 9.0.5.11
PH45688 Changing the WebSphere default protocol to TLSv1.3,TLSv1.2
PH46142 Qop settings page does not work for daemon SSL config
PH46566 TLSv1.3 failback for thin client
PH46993 Add constrained delegation support to spnego function
System Management/Repository PH44845 The message of IBMJGSSprovider is shown when startServer or stopServer command is executed
Web Services Security PH47461 Saml SSO: add value to useRealm property to mean default realm name
WebSphere Common Configuration Model (WCCM) PH46154 Blocked threads in com/ibm/ws/bo/boExtendedMetadata.containsPackage under heavy load
Fix Pack 9.0.5.12
Fix release date: 7 June 2022
Last modified: 7 June 2022
Status: Superseded

Download Fix Pack 9.0.5.12
Component Security APAR APAR Description
Administrative Console (all non-scripting) PH43148 IBM WebSphere Application Server is vulnerable to remote code execution due to Dojo (CVE-2021-23450 CVSS 9.8)
PH43252 Mapping policy sets can take a long time
Default Messaging Component PH42891 Sibus table deliverydelay_time column missing problem after migration from V8.5 to V9.0
Dynamic Cache PH43733 Distributedmap.remove() results in NullPointerException when replication configuration is incorrect
Federated Repositories PH42406 Support account lockout in WIM file repository
PH42735 Hang occurs when attributeRangSstep value is set larger than recommended
PH44204 Nested group members are not correctly found after setting applyEntityTypeSearchFilterForGroupMembership custom property
General PH36899 Improvements to WSGRID takeover
PH37642 GetJobDetails api output missing fields
PH39030 WebSphere batch job dispatch can timeout under load
PH41012 WebSphere Customization Toolbox should be updated to clarify the default of "generate ca certificate" is for non-production environment
PH42468 Webcontainer threads hung while closing websockets
PH42973 Update messages in federated repositories
PH43324 ClassNotFoundException when running the managesdk.bat command on the Windows operating system
PH43334 Incorrect Struts action parameter processing for UDDI.ear
PH43383 WebSphere Application Server start failed by deadlock between the server.startup thread
PH43760 IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to Clickjacking (CVE-2021-39038 CVSS 4.4)
PH45586 Update the WebSphere migration toolkit for application binaries to the 22.0.0.1 version
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server
Intelligent Management Component PH44199 SystemOut.log files contain error message 'ODCTreeImpl E ODCF0002E: Exception: The string "--" is not permitted within comments '
PH44203 Middleware servers display issue when filter function is used in conjunction with non-default value for maximum rows preference
Java 2 Connectivity (J2C) PH44437 Work manager code requires synchronization of unprotected boolean value
PH44801 NullPointerException is thrown during start after upgrading to 8.5.5.21
Java Message Service (JMS) IT33764 Ivt run on wildfly-20 ignored destination lookup and connectionfactorylookup activation properties
IT37502 WebSphere Application Server transaction recovery fails when activation specs are configured to use bindings_then_client
IT37878 WebSphere Application Server activation specifications do not pause when an mdb calls setrollbackonly()
IT39822 Update bouncy castle shipped with IBM MQ 9.1 lts to version 1.70
PH37169 NullPointerException when wmq_jms_client_details tag is missing in OSGI bundle
PH41928 503 received when server is stopping, not able to retry request
PH42333 TCP connections to WebSphere MQ leak when using JMS 2.0
PH45235 Update the IBM WebSphere MQ JCA resource adapter to version 9.1.0.11
Messaging Providers PH41825 Message remains locked
Object Request Broker (ORB) PH44329 WebSphere z/OS 9.0.5 abends with "java/lang/outofmemoryerror" "failed to create a thread: retval -1073741830
PD tools (for example: Log Analyzer) PH41439 FFDC generating javax.xml.parsers.factoryconfigurationerror: provider
PH42911 Duplicate prometheus metrics ear code in runtime jar
PH43845 Collector tool does not correctly output information in the os/system file on Windows platforms
PH44134 Collector tool does not include the profile file listing and permissions, if it exists outside of installation root directory
PH44209 Additional diagnostic data needed for WebSphere Application Server traditional
Plug-in PH44327 Plug-in can see an increase in file descriptors when the plug-in reloads the xml file
PH45148 Adding custom properties to plugin-config.xsd file
Portlet Container Environment PH44227 IllegalStateException occurs during portlet event processing within Portlet Container's CacheHelper Class
Runtime and Classloader PH40901 NullPointerException during JIT EJB stub generation
Security PH42057 Error when disabling custom password encryption
PH42887 Kerberos error message after upgrading to 8.5.5.20 and 9.0.5.8
PH43573 WebSphere Application Server 8.5.5.20 may use a default cipher list during handshaking
PH43950 Setting sslenabled on customRegistry results in ClassCastException
PH44602 NullPointerException in WebSphere socket factory in 8.5.5.21 and 9.0.5.11
PH45080 Issue an error when certificate request file path contains spaces
PH45124 Add the WebSphere disabled algorithms to the configuration during profile creation
PH45689 LoginModules can no longer be created unless the loginModule class is in the classpath
Servlet Engine/Web Container PH43825 Support urlencoded string in the ssl certificate
System Management/Repository PH43697 Non-planned task clean up causes a FFDC
Transaction Service PH44495 Thread hang in transactionimpl.resumeassociation due to race condition when a transaction is used across multiple threads
Web Services (for example: SOAP or UDDI or WSGW or WSIF) PH44071 Incorrect error handling in UDDI GUI application
Web Services Security PH30118 OIDC TAI: discovery endpoint may be invoked multiple times
PH43722 Saml SSO may emit CWWSS5601E NullPointerException error when decrypting encrypted assertions
PH44467 OIDC TAI: filter requests based on the iss claim in the JWT
PH44692 OIDC: add methods to the oidcclienthelper api to verify JWTS
PH45044 OIDC RP add ability to turn off revoke endpoint
Fix Pack 9.0.5.11
Fix release date: 15 March 2022
Last modified: 15 March 2022
Status: Superseded

Download Fix Pack 9.0.5.11
Component Security APAR APAR Description
Administrative console (all non-scripting) PH38069 JDWP configuration does not allow an IP address, only a port number
PH41622 SESN0008E error when using admin console
PH42423 A chainEndPointFilter is set for ORB transport chains page
Default Messaging Component PH31734 Admin console reports incorrect messaging queue information
EJB Container PH43960 java.lang.ClassFormatError: JVMCFRE106 duplicate method; class=a/b/c/_EJSRemote0SLASBCbean_cab9549d_Tie, offset=51525 reports
Federated Repositories PH42990 Improve logging of JNDI_CALL search trace to include the referral setting
General PH38967 BufferOverflowException causes activation specs to stop
PH38042 -XX:+PrintHeapAtGC should be added as a default JVM argument on WebSphere 9 for Solaris and HP-UX
PH39085 Processing Base64 encoded data using JAXB can cause a loop
PH39881 User able to login after failed creation
PH40124 The ldapLoginGroupFilter setting is not honored when a group searches for a group
PH41073 EclipseLink weaved entity has null value in hidden attribute
PH41336 WSGrid job submission may fail after APAR PH35447
PH41630 EclipseLink NullPointerException from batch policy
PH41638 EclipseLink may return empty weaved entity from em.find()
PH41649 EclipseLink throws exception for parameters used in CriteriaBuilder update query
PH41806 Usage metering not reporting metrics for WebSphere ILAN
PH42031 EclipseLink exception for concurrent queries with case/coalesce expressions
PH42079 Update EclipseLink to support ASM 9.2 for Java 18
PH42093 Update the WebSphere migration toolkit for application binaries to the 21.0.0.4 version
PH42103 JaxRsFactoryImplicitBeanCDICustomizer does not release creational contexts
PH42111 Excess memory consumption
PH43816 JNDI failure after upgrading WebSphere Application Server to 9.0.5.10
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server
Intelligent Management Component PH37335 Multiple im enabled web server definitions with the same shortname may overwrite active routing rules definitions
PH42111 Excess memory consumption
Java 2 Connectivity (J2C) PH25286 Add diagnostics to message when a method is not found in a resource adapter
PH35564 Add support for encoding the passwords inside of the customer datasource property "connectionProperties"
PH36595 Connection wait timeout is accounted twice
PH38667 Allow container managed behavior for direct lookups
PH41279 CMPConnectorFactory is removed unexpectedly when deleting JDBC provider from a server template
Java Message Service (JMS) PH41078 Issue in control region with handling connection with async write outstanding
JSP PH39923 NPE in JspBatchCompiler.sh
Messaging Providers PH41504 Appservers go into retry cycle with error message "exception caught increasing range of unique key generator!"
Migration PH24791 Document allowSameRelease option for WASPostUpgrade
PH40233 Improve migration of cluster level libraries with variables
PH40856 AES encryption files not migrated
PD tools (for example: Log Analyzer) PH39243 Add ISO-8601 date option for systemout/err.log files.
Plug-in PH38773 Add propagateKeyring option to httpPluginManagement.py
PH43382 Plug-in propagation occurs even though its set to manual
Programming Model Extensions (PME) PH41676 WebSphere Application Server is vulnerable to a Denial of Service (CVE-2021-38951 CVSS 7.5)
Runtime and Classloader PH37476 In AIX and Linux, lastModified() timestamp is not detailed to millisecond
PH37493 osgi.configuration.area.readOnly=true not taking affect for servant region
PH40676 Allow WebSphere Application Server to return jar URLs rather than wsjar
PH42759 Block class loads for vulnerable classes
PH42899 Block classes with known vulnerabilities from being loaded by the application and library class loaders
Scheduler PH30623 Fix NULL pointer when customer scheduler is used
Security PH36842 Support for a customized list of SSL protocols
PH37362 At admin console, JAAS - system logins > web inbound, "set order" button can cause security.xml corruption
PH39883 The user "unauthenticated" (in lowercase) asserted by TrustAssociationInterceptor is no longer authenticated
PH39917 Unable to retrieve group in a custom stand-alone user registry implementation
PH40186 Replace certificate function did not replace certificate alias name
PH40544 LTPA token expiration message (SECJ0371W) was intermittently thrown with the old expiration time in year 1970
PH41020 CSR fails validation due to extra lines RFC822 name = user@domain
PH41313 Provide an option to include application name in the terse audit function
Transaction Service PH27371 Adding support for Kerberos Keytab and CCache during XA recovery
Web Services (for example: SOAP or UDDI or WSGW or WSIF) PH42728 Vulnerability in Apache Log4j affects WebSphere Application Server (CVE-2021-44228 CVSS 10)
PH42762
Web Services Security PH39666 OIDC RP initial login may fail when OIDC stateId name contains special characters
PH40532 OIDC TAI might not remove oauth access token cache entries
PH40533 OIDC TAI might encounter a thread hang when sessions are removed from the local cache
PH43169 OidcClientHelper.getAccessTokenFromSubject() might return NULL when using JWT SSO
Fix Pack 9.0.5.10
Fix release date: 3 December 2021
Last modified: 3 December 2021
Status: Superseded

Download Fix Pack 9.0.5.10
Component Security APAR APAR Description
Administrative console (all non-scripting) PH39232 A dollar sign in -xdump is not processed correctly and servant.jvm.options file is not updated
PH39747 Domino webserver definitions cannot be changed in the console
PH39939 Default truststore name in the SSL configuration panel is incorrect
PH39949 Confusing wording in admin console around application startup
Administrative Scripting Tools (for example: wsadmin or Ant) PH40488 Improve debugging statements in wsadmin when running certain AdminTask commands
PH40626 AdminApplication.AdminApplication.stopApplicationOnCluster throws error when one of the cluster member in stopped state
EJB Container PH36416 EJB Singleton bean possible deadlock during lifecycle methods
Federated Repositories PH38929 WebSphere Application Server is vulnerable to Information Disclosure (CVE-2021-29842 CVSS 3.7)
General PH02744 org.osgi.framework.ServiceException: The use count for the service overflowed when creating a javax.naming.InitialContext
PH36354 Deadlock in logging code
PH38133 Incorrect Expression Language (EL) Method Matching with Varargs
PH39123 Http sessions should not be using Data Replication Service thread pool
PH39339 Node configuration error on WebSphere Application Server 8.5.5 nodes after upgrading Dmgr to WebSphere Application Server 9.0.5.7 and later
PH39398 SESN8558E Message giving wrong error details
PH40345 Update the WebSphere Migration Toolkit for Application Binaries to the 21.0.0.3 version
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server
Intelligent Management Component PH37071 Certificate monitor fails on secondary dmgr in HADmgr configuration
PH37897  Application edition management feature fails to clean up admin sessions 
PH40934  Provide option for AEM deploy to not start another server if only one is running
Java 2 Connectivity (J2C) PH39960 Null pointer exception occurs when stopping the server
PH40106 IBM MQ activation specification uses incorrect class path for XA recovery when resource adapter native library path specified
Java Message Service (JMS) IT32295 IBM MQ classes for Java application hangs when using the BINDINGS transport and getting messages with the MQGMO_CONVERT option
IT32554 Channel exits written in Java are unable to access the local address used by the channel
IT33500 IBM MQ-JMS Connection's ExceptionListener is not called when a JMS Session's TCP/IP socket is disconnected
IT33852 IBM MQ Classes for JMS generate NullPointerExceptions when an application is accessing a queue or a topic
IT34684 JMSCC0108 reported by the IBM MQ resource adapter references the wrong version of the product documentation
IT34967 IBM MQ Classes for JMS BROKERPUBQMGR property validation failure with asterisk characters
IT36124 Update the version of Bouncy Castle shipped within the IBM MQ installation
IT36701 MQ-JMS applications connected to EBCDIC character set queue managers fail to move messages to BOQ or DLQ
IT37224 java.lang.NullPointerException thrown when multiple threads connecting to the QMGR concurrently
IT37486 Update Bouncy Castle to level 1.69 on IBM MQ
PH27943 Add extra information to CWSIS1577E and CWSIS1578E error messages
PH37666 MDB listener port has inconsistent status across multiple servants
PH40283 Update the IBM WebSphere MQ JCA resource adapter to version 9.1.0.9
Java Persistence API (JPA) PH40302 EclipseLink behavior change for boolean values in case select expressions
Java SDK PH38339 StringIndexOutOfBoundsException occurs in MyFaces when creating a resource
JSP PH35599 Out of memory in JspBatchCompiler.sh
Migration PH39100 WASpostupgrade from 7.0 to 9.0 fails with ArrayIndexOutofBoundsException
Plug-in PH38773 Add propagateKeyring option to httpPluginManagement.py
PH40758 Crash shortly after startup with intelligent management enabled
PH41412 99spluginsbootstrapiis8.ant may fail if path contains a space
PMI/Performance Tools PH40246 WebSphere Application Server prometheus application enhancements 2
Profile PH39056 Running two zpmt.sh jobs at the same time can create the same targetRelativeDir
Security PH34539 Running addnode could cause the SSL configuration to change and reset the soap connection
PH36184 LDAP certificate filter does not recognize a plus sign '+' delimiter
PH37483 With application security enabled, 500 is returned when http request has more reference to the parents/upper directory
PH37872 LtpaToken getting refreshed using the custom CacheKey instead having to relogin
PH38655 WebSphere Application Server 9.0.5.7 EJB Thin Client jars not recognizing TLSv1.3 protocol
PH39176 com.ibm.websphere.tls.DisabledAlgorithms property is not honored in a certain Java thin client scenario
PH39568 StopServer and serverStatus fails to work after upgrading to 9.0.5.8 and 8.5.5.20
PH40437 Class cast Exception in WebCollaborator in 9.0.5.8
PH40829 WebSphere Application Server tries to invoke TLS1.3 and fails even though it is not the default protocol
Web Services (for example: SOAP or UDDI or WSGW or WSIF) PH38944 "ERROR CASE - PRIMCONTAINS() FOUND NULL ZIPFILE" error may be seen in DMGR log when installing an application
Web Services Security PH39847 OIDC RP: Entry is never removed from cache when initial login is via introspection
WebSphere Common Configuration Model (WCCM) PH38310 XML parser does not recognize the setting which disables processing of doc type
Workload Management (WLM) PH29620 Cluster ripple stops processing cluster members when a members nodeagent is down
z/OS PH37413 WOLA causes ABEND SB78-8 while testing recovery in an IMS ESAF
Fix Pack 9.0.5.9
Fix release date: 10 September 2021
Last modified: 10 September 2021
Status: Superseded

Download Fix Pack 9.0.5.9
Component Security APAR APAR Description
Administrative console (all non-scripting) PH36476 8.5.5.18 console security tightening
PH36632 Update commons-io in the admin console
PH38485 Unable to configure logging parameters on the admin console
Administrative Scripting Tools (for example: wsadmin or Ant) PH36027 Improve message when rename node is run against an unmanaged node
EJB Container PH28694 EJB method names that differ only in capitalization may result in org.omg.CORBA.BAD_OPERATION
PH37410 Getting secj0053e, cntr0020javax.ejb.AccessLocalException, com.ibm.websphere.csi.CSIAccessException when accessing an EJB method
Enterprise Edition (EE) PH36441 Fix deserialization issue for lists when jaxb.fp.fallback.for.typed.arrays is enabled
Federated Repositories PH30775 NullPointerException is thrown when creating a property extension (lookaside) repository
General PH36210 WebSphere z/OS 9.0.5.7 server fails to start - JVMJNCK031E JNI error in callstaticvoidmethoda: argument #4 is null
PH34673 Application start/stop issues in WebSphere Application Server ND V9.0.5.5.x
PH35225 Improve handling of cancel notifications in compute grid
PH35226 Making log part rotation configurable based on file size or number of lines in compute grid
PH35447 Property to enable preference to use local connection between compute grid scheduler and endpoint servers
PH35789 Same fix as PI78935 but for transaction commit processing
PH35877 Session ActiveCount shows a negative value
PH36236 Compile error returns com.ibm.ws.exception.wsNestedException is unknown
PH36731 Intermittent eclipseLink concurrentModificationException
PH36828 EclipseLink support for embeddable fields as join targets
PH36833 EclipseLink support for input parameters in select clause
PH36839 EclipseLink throws NullPointerException from embedded temporal mapkeys
PH36841 EclipseLink criteria builder trim function creates incorrect SQL
PH36843 EclipseLink throws exception for criteriaBuilder queries with only literal values
PH36966 Non-translated warning message in WebSphere logs
PH37038 Charset="utf8" fails with unsupportedencodingexception in wink JAXRS
PH37099 Prevent high CPU resulting from concurrent server-status access
PH37142 Allow Intelligent Management enabled web servers to honor affinity over application edition routing policies
PH37202 RemoveAttributesOnInvalidate does not work at web moulde or application level configuration
PH37590 Invalid bundle-version in derby
PH37715 EclipseLink illegalArgumentException from criteria builder case expressions
PH37742 EclipseLink support for parameter values in case/coalesce expressions
PH37763 EclipseLink support for parameter values in criteria builder in expressions
PH37788 Use first found EJBDescriptor for mdb
PH37833 EclipseLink criteria builder coalesce classcastexception when using literals
PH37837 EclipseLink support for parameter values in having clause
PH37916 Update EclipseLink to support ASM 9.1 for Java 17
PH37919 Honor ability to set umask on the process used to launch assisted life cycle servers and correct the default umask to actually be 022
PH39180 Exception: java.lang.NullPointerException at com.ibm.ws.odc.nd.ODCTreeImpl.commitTransaction(ODCTreeImpl.java:1047) - DMGR SystemOut
PH39373 WebSphere windows service fails when the hostname contains the word "test"
PI50904 Invalid url request values need more specific details in the exception produced
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server
Java 2 Connectivity (J2C) PH32900 Tolerate hung connections during error cleanup
PH34972 Invalid properties in the ra.xml causes WebSphere v8.5.5.x resource adapter update to fail
PH36295 J2CModule PMI object memory leak
Java Management Extensions (JMX) or JMX Client API PH36026 Improve log message when the node agent restarts an unresponsive application server
Java Message Service (JMS) PH35855 WebSphere control region failed with abend 0c4 in com/ibm/ws390/xmem/proxy/xmemproxycrcpputilities.queueinboundreq
Java Persistence API (JPA) PH35414 Bean validation leaking application class loaders
Java SDK PH36923 java.lang.NullPointerException caused by PH34711
Migration PH36102 MIGR0285E: An unexpected internal error occurred with exception java.io.eofException: unexpected end of zlib input stream error
PH36493 WASPostUpgrade fails with NPE processing domain-security.xml configuration file
PH37617 A NullPointerException occurs when processing a virtualhosts.xml that contains a mime type entry with no type specified
PH38010 Update the migration toolkit for application binaries to the latest version - 21.0.0.2
Object Request Broker (ORB) PH37257 WebSphere z/OS 9.0.5.7 abends with abend0c4 in com/ibm/ws390/sm/smf/smfjactivity.cutsmfst9asyncrecord
PD tools (for example: Log Analyzer) PH38048 Prometheus endpoint enhancements for performance monitoring infrastructure metrics on WebSphere Application Server traditional
PH38053 Add new server scrape duration metric for prometheus metrics endpoint
Plug-in PH36744 Ant script does not clean up extraneous files
PH37891 Plug-in error message repeatedly logged - "error: ws_transport: address_as_string: unknown family 4098"
PH38203 Unix PluginCfgMerge lacks was.install.root which causes WVER0001E
Profile PH32486 "APPLICATIONS" button of Suse GUI is not displayed after installing WebSphere Application Server
Runtime and Classloader PH39733 Provide a switch to disable Java cores for unexpected shutdowns
Security PH34690 Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2021-29736 CVSS 5.0)
PH36017 Fix message formatting error in PH36017 in 9058
PH36593 Provide an option to turn off hostname information for audit function
PH36615 Qshell command line remains hidden after prompting for password with administrative security enabled for a profile
PH36732 Add ability to delete corrupted keystore
PH36733 A Certificate Signing Request (CSR) is created with an extra information in the Subject Alternate Name(SAN) field
PH36858 Add warning during server start when TLSv1 or TLSv1.1 is configured
PH36864 Message CWPKI0429I has an incorrect parameter that needs to be fixed
PH36934 CWSCF0002I: Flooding the logs
PH36985 SSL failed handshake with a bad cert error
PH37067 CWPKI0045E correction
PH37396 Serviceability improvement to aid in debugging issues with EJB deployment descriptors and role permissions
PH37447 Profile creation fails when the domain name starts with a digit
PH37462 javax.net.ssl.keystore, javax.net.ssl.truststore properties are not honored
PH38493 Remove unnecessary manual garbage collecting in security code
System Management/Repository PH29354 Add jvm option to narrow down trace spec for command line tools
PH30748 Error creating client_auth_token during shutdown
PH38349 ADMU3029I: Conflict detected on port 9999 for endpoint jsr160rmi_connector_address of the server server1
Transaction Service PH35202 Server using Enable_dbtxLog_PeerLocking=true fails to start if the transaction log tables are empty
PH36461 Transaction recovery fails due to org.xml.sax.SAXParseException: the namespace prefix "wsa" WebSphere Application Server not declared
Web Services (for example: SOAP or UDDI or WSGW or WSIF) PH34951 NullPointerException error may occur with Axis2 marshaller
PH35078 Soap response message is not valid, but WebSphere parsing should not fail it with NullPointerException
PH37152 IWAE0017E Unable to replace original archive - during role mapping
Web Services Security PH35481 OIDC apis may not find idToken token on runAs subject
WebSphere Common Configuration Model (WCCM) PH35698 NullPointerException from org.eclipse.jem.util.registryReader.readRegistry during application update
Fix Pack 9.0.5.8
Fix release date: 18 June 2021
Last modified: 18 June 2021
Status: Superseded

Download Fix Pack 9.0.5.8
Component Security APAR APAR Description
Administrative console (all non-scripting) PH32886 Incorrect variable definition leads to failure in transformer script
PH33656 Wsadmin Jython command does not change status of schedulerJNDI name
PH33754 The OK button of login configuration page for Java authentication and authorization (JAAS) not working consistently
PH33795 Default scope should not affect virtualhosts.xml. There is only one scope for virutalhosts
PH35829 Not able to move a target of a SIP application router to another SIP application router through the administrative console
Default Messaging Component PH29166 Message engine deadlock problem
PH31182 Loop when trying to delete the first message in the queue
Dynamic Cache PH35811 com.ibm.ws.cache.CacheConfig.batchUpdateMilliseconds does not affect the batch update daemon on receiving side
EJB Container PH33683 EJB timer service does not adjust based on Daylight Saving Time adjustment
PH34623 Harden legacy EJB APIS
EJBDeploy (WSAD) PH36122 Remove unnecessary was.product file from EJBDeploy tool
General PH17014 Manifest attributes for annotation filtering are not being honored
PH21496 CWSAH0009E: An internal error occurred
PH21936 FileNotFoundException may occur during migration of OSGI application
PH22740 OSGI application fails to start in Azure environment
PH29774 Close files after CDI is initialized
PH30607 Warning message CWSAA0037W indicating duplicate JNDI name is issued in error
PH31840 Moveable DMGR fails to create VIPARANGE DVIPA on 2nd LPAR
PH32163 Deadlock condition in memory session and logging console handler
PH32868 Exported ear file does not include latest application files
PH33368 CWSIK0901E: An internal messaging error
PH33712 Check package name when injecting EJBs
PH34067 XML External Entity (XXE) Injection vulnerability in WebSphere Application Server (CVE-2021-20453 CVSS 8.2)
PH34122 Vulnerability in Dojo affects WebSphere Application Server (CVE-2020-5258 CVSS Score 7.5)
PH34501 Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server
PH34906 XML External Entity (XXE) Injection vulnerability in WebSphere Application Server (CVE-2021-20492 CVSS 6.5)
PH34944 Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server
PH35767 Update the migration toolkit in WebSphere Application Server to the latest version
PH36253 Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2021-29754 CVSS 4.2)
PH37034 Update the version of log4j contained in the installable uddi.ear application
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server
IBM i PH35467 QSVTAP24 service program not updated by fix pack if ownership incorrect
Intelligent Management Component PH31531 ArrayIndexOutOfBoundsException in ODR vector operation
PH34475 Intelligent Management enabled web servers and On Demand Routers (ODR) return 404 error codes for requests that could be served by the mapped applications default servlet
PH34977 Intelligent Management enabled plug-in attempts too many retries when application with session affinity returns 503
PH35058 Unable to configure Java SDKs from console for ODR servers
PH35098 Directory Traversal vulnerability in WebSphere Application Server ND (CVE-2021-20517 CVSS 6.4)
PH35997 After upgrade to 9.0.5.7 static content which WebSphere Application Server previously being served by IHS WebSphere Application Serverreturning 404 error codes
PH36124 WASX7017E: Exception received while running file "dumpIMPState.py"
PH37099 Prevent high CPU resulting from concurrent server-status access
Java 2 Connectivity (J2C) PH31288 J2CA0045E - Tolerating the connection error occurred event during the MatchManagedConnention
PH31875 J2CA0079E: getManagedConnection internal illegal state = STATE_INACTIVE MCW
PH33941 Deadlock issue when close JMS connection
PH34294 Data source url property syntax validation does not allow new format in admin console
PH35899 Java.security.unrecoverableKeyException after upgrading to WebSphere 8.5.5.19
Java Message Service (JMS) IT32212 Topic handles are not closed when a Classes for Java MQQueueManager disconnects
IT32639 JMS ConnectionFactory property CNLIST does not work in Apache Tomcat
IT32708 Java MQ client application ArrayIndexOutOfBoundsException when using MQCCRED with TLS and SSLPEER
IT32925 Update JMQI trace to remove unnecessary values from the options field
IT32987 NullPointerException occurs when activation specification or WASlistener port is configured to use message retention
IT33590 Resource adapter deployed into embedded WebSphere Liberty started via Liberty SPIs cannot make secure connections to MQ.
IT33772

IBM MQ is vulnerable to a remote code execution vulnerability (CVE-2020-4682)
IT34219 Update Bouncy Castle shipped by IBM MQ
PH26041 Adding support for 64 bit JVMS into the IMS adapter - JAVA
PH26255 MQ JMS in CICS JVM server working with OSGI bundles fails with RC2058 MQRC_Q_MGR_NAME_ERROR.
PH31692 Not all message listeners started in the control region after startup
PH34514 WebSphere z/OS 9.0.5.2 Java.io.ioException: XMemProxy channel in a Servant failed to read from controller region
PH34576 During shutdown of server, control region experiences hang in com/ibm/son/mesh/CfwTCPImpl.complete
PH34639 destDescription message header with no value set after editing MQ topic configuration
PH34715 Update the IBM WebSphere MQ JCA resource adapter to version 9.1.0.7
PH34816 Server shutdown hangs due to deadlocked threads in Control region
Java SDK PH34711 Vulnerability in Apache MyFaces affects WebSphere Application Server (CVE-2021-26296 CVSS 8.8)
JavaServer MyFaces (JSF) Apache MyFaces implementation PH36923 java.lang.NullPointerException caused by PH34711
Migration PH33872 WASPostMigration fails with Java.lang.NoSuchMethodException
Object Request Broker (ORB) PH35522 WebSphere Application Server servant or adjunct region may not come down quickly after a 5C6 ABEND
Other PH34947 AppScan: open source security vulnerabilities in isclite
Plug-in PH34305 Adding deprecated messaging to plug-in topology centric generation
PH34566 Limit number of retries for 503 responses
PH34644 Adding log messages to 99SBootStrapPluginsIHS.ant to alert of bad httpd.conf path
PH36211 Crash with plug-in 8.5.519 on Linux PPC64LE
PH36487 WebSphere Application Server Webserver plug-in possible crash in detailedLog function
PH36942 Ant script fails in post install processing
PMI/Performance Tools PH35521 Web application module PMI stats are sometimes not shown in the metrics.ear application output
Scheduler PH31154 XOR encoding KeyStorePasswords and TrustStorePasswords used in Data source custom properties lead to SSLHandShake errors
Security PH28393 Login audit for SPNEGO and Kerberos login
PH30522 Do not allow a keySetGroup referenced by the default LTPA auth mechanism to be deleted
PH30570 Provide an option to use only custom cookie name in traditional WebSphere
PH33038 Intermittent error parsing an unchanged wsjaas.conf
PH34028 Server does not start after enabling AES encryption
PH34899 NullPointerException in security interceptor during WebSphere Application Server server startup
PH34963 The underscores (_) in DN name cause profile creation error
PH35227 The certificate monitor did not renew the default certificate on  8.5.5.17 using JDK1.7
PH35299 A custom cache key is not returned correctly when the subject has more than one hashtable in the credential
PH35329 If an extremely large number is input for LTPA timeout, it may exceed the maximum long value, resulting in an invalid token
PH35421 Admin_repository_save audit events are not generated in an AdminAgent environment
PH35998 When certificates contain multiple DNS or IP values not all values are displayed when viewing the certificate information
PH36007 The GenAndReplaceCertificate task is not working when not connected to the server
PH36017 eEror message CWPKI0662E is vague and does not provide user with much information to help them
PH36649 AdminTask.validateAdminName results in NullPointerException when ran as operator role
Service Data Objects (SDO) PH35619 Use of "OneDB" causes many "not a recognized database type" message error messages
Servlet Engine/Web Container PH29912 Change default value for wc suppressHtmlRecursiveErrorOutput
PH35019 There are scenarios where the http dispatcher will set a 404 status and send a response without ever engaging the web container
PH35470 PMI stats for the servlet are not collected for application until application is restarted
PI80786 HTTP 500 is returned from a request with too many parent directories (forward slashes) in the url
System Management/Repository PH35272 "ADMG0811I: Changing value for this property password" message displayed when the value has not changed
Web Services (for example: SOAP or UDDI or WSGW or WSIF) PH34048 XXE Injection Vulnerability in WebSphere Application Server (CVE-2021-20454 CVSS 8.2)
PH35981 OverlappingFileLockException on z/OS after applying PH26972 interim fix
Web Services Security PH33170 OIDC JWT authentication using custom cache key can be slow
PH34227 OIDC RP: Support the Basic_Start_Authorization scope
PH34840 OIDC RP: Make the state parameter alphanumeric
PH35185 OIDC RP may fail with CWTAI2007E saying a noce claim is required when the nonce is present
Fix Pack 9.0.5.7
Fix release date: 26 March 2021
Last modified: 26 March 2021
Status: Superseded

Download Fix Pack 9.0.5.7
Component Security APAR APAR Description
Administrative console (all non-scripting) PH29167 Performance and diagnostic advisor configuration causes warning message in the administrative console
PH29429 Admin console not working correctly in some cases with fine grained security
PH30923 Admin console is slow displaying security endpoint configuration
PH31120 WebSphere z/OS 8.5.5.* details of com.ibm.ws.management.util.zos.TransformationError not in joblog
PH31184 Fixes/enhancements for PH31613
PH31219 Property to allow the monitoring role to do testConnections in the integrated solutions console
PH31564 Setting string value on J2eeResourceProperty to empty string removes attribute
PH34318 Extra character at the top of managing repository page
Dynamic Cache PH31693 Programmatically created object cache instances cannot be configured for replication
Federated Repositories PH33842 CWWIM5107E error message seen reporting a failure against a WebServer node
General PH31135 Abend 0c4 in bbodaslu entry point BBODAL03 when daemon is stopped
PH26641 IndexOutOfBoundsException when performing some of apis on SDO list
PH27557 Apache Derby component currency update
PH29720 EclipseLink jpql coalesce function uses improper whitespace
PH29786 EclipseLink criteria builder in() expression creates incorrect SQL
PH29794 EclipseLink in() expression fails with Oracle limit
PH29809 EclipseLink ignores lowercase attributeOverride values on elementCollections
PH30128 EclipseLink intermittent ConcurrentModificationException
PH30163 WebSocket write thread could spin indefinitely on race condition
PH30529 WebSphere Application Server service entered the running state msg is sometimes recorded twice
PH30827 Session active for over 1 hour is not invalidated
PH30837 EclipseLink converts boolean values to integer values in case expressions
PH31008 Cryptic exception when session max count exceeded
PH31150 NullPointerException during getSession when request contains a session ID with invalid length
PH31267 For WSGrid STEP_COMPLETE_EXECUTION_FAILED should be rc -14 but throws -16
PH31416 Improve performance of WebSphere EL implementation
PH31454 Remove jackson-databind vulnerability CVE-2019-10172
PH31499 Update EclipseLink to support ASM 9.0 for Java 16
PH31571 EclipseLink intermittent NullPointerException from weaved entity code
PH31965 WebSphere Application Server service generation fails on SLES 15 and above
PH32188 Update the migration toolkit in WebSphere to version 20.0.0.4
PH32352 Print trace points if cookies or url rewriting is enabled
PH32501 Print trace points if session shared between WebModules
PH32561 Print a message saying that the custom property is needed if the length of the JSESSIONID cookie is greater than 23 chars
PH32837 WebSphere Windows service does not indicated started on German, Dutch and Japanese environments
PH33251 Misleading message warning.jaxrs.cdi.provider.mismatch with JAX-RS 2.0
PH33299 WebSphere Application Server Windows service continues to run when WebSphere ends unexpectedly
PH33596 The WebSphere Windows service should not use startserver.log for its log file
PH33648 Directory traversal vulnerability in WebSphere Application Server (CVE-2021-20354 CVSS 5.9)
PH34424 Update Apache HttpClient to 4.5.13 for usage metering
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server
Install PH33568 WebSphere Application Server 9.0.5.6 does not support the 64-bit version of Installation Manager 1.9.1.4 for HPUX
PH34646 64-bit Installation Manager on z/OS generates warning messages
Intelligent Management Component PH32919 ODC does not carry url-patterns associated with filter-mapping definitions held in module level WEB-INF/web.xml files resulting in 404 responses
Java 2 Connectivity (J2C) PH32187 Receiving J2CA0646E error when updating MQ resource adapter
PH33233 NullPointerException reported when getConnection for the database datasource that has no schema
Java Message Service (JMS) PH25633 WebSphere Application Server throws Javax.transaction.HeuristicMixedException during JMS provider
PH28619 JTA commit priority not applied to MQ provider JMS XAResources
PH32909 zWAS channel framework leak of com/ibm/ws/tcp/channel/impl/ZAioTCPConnLink objects
Migration PH30608 NullPointerException when running WASPostUpgrade from profile root
Object Request Broker (ORB) PH27734 zWAS poor filesystem performance due to CKACCESS / FSACCESS CML lock contention
PD tools (for example: Log Analyzer) PH29537 [RFE 276826] Increase max number of historical files from 200 to any positive number in WebSphere Application Server traditional
PH30146 Remove -serverName from -help listing in collector
PH30984 Increase collector tool max heap memory size
Plug-in PH29434 Avoid hang in odrHttpResponseContextClean() when using IM "MaxRequestsPerDaemon" option
PH29829 Customers should not have their plugin-key.kdb/sth files within /etc
PH29837 Plug-in IHS Ant script is not able to set the bits folder
PH29856 PluginConfigGeneratorNLS.cprops files list 8.5 instead of 9.0
PH29951 Plug-in cannot manually propagate without overrideAutoProp
PH30071 Conflict between mod_deflate and the WebSphere Application Server plug-in
PH31857 IBM WebSphere Application Server web server plug-in sets the incorrect default for IgnoreAffinityRequest settings
PH32280 IHS server/plug-in loop at startup with zero byte plugin-cfg.xml file
PH32435 Encoded characters (%2f etc) in URI
PH32528 Plug-in does not allow personal certificates signed by CAS using weak signature algorithms such as Sha1WithRSA
PH32738 Applying Plug-in fix pack 9.0.5.4 creates an unexpected empty file "c:\program"
PH33264 System crashed when plug-in handles non-WebSphere request
PMI/Performance Tools PH24409 WebSphere Application Server traditional prometheus endpoint
PH29087 TPV in WebSphere Application Server admin console shows incorrect activeCount value after servant region is restarted
Runtime and Classloader PH32612 Unexpected server shutdown produces no additional debug data
PH32866 WSVR0332I caused by unnecessary class loader package definition
Security PH30511 Failed to create dynamic cluster and seeing lots of WKSP0501I: xx workspaces exist in the wstemp directory
PH30569 Provide an option to only show the info user need in wsadmin getSSLConfig command
PH31086 WIM exception in wsadmin using RMI with / character in username
PH31613 Gssapi/kerberos ldap bind authentication support for LDAP
PH32041 Plug point for custom password encryption is not working on 8.5.5.18
PH32284 MalformedURLException connecting to stand-alone LDAP server with SSL(ldaps)
PH32467 Provide option to tell the JSSE to use the server side s cipher order in a SSL communication
PH34651 The RSA-PSS algorithm needs to be disabled when IBMJCEFIPS provider is being used
Services Component Architecture PH31130 Node federation timeout
Servlet Engine/Web Container PH33180 Enable TrustedHeaderOrigin to be configured with hostnames and IP segments
System Management/Repository PH24460 Add configurable write timeout to IPCconnectorInboundLink
PH31439 Non planned task management tasks never get deleted
PH32369 Queue/topic connectionFactories for generic JMS providers are not selectable when mapping application resource references
PH32869 Temporary EAR file not deleted after partial application update
PH33352 JMS topics and queues for genericJMS providers are not selectable when mapping resource references
Transaction Service PH29639 Control process is terminated with error C9C21862 following a RRS RC 761
Web Services (for example: SOAP or UDDI or WSGW or WSIF) PH26629 Error may occur when calling serviceDelegate.releaseService() SPI in client application
PH28223 StringIndexOutOfBounds exception occurs during policy set attachment
PH29763 Need an option to enable WSDLl4J verbose messages
PH33037 Directory Traversal vulnerability in WebSphere Application Server (CVE-2020-5016 CVSS 5.3)
Web Services Security PH23614 OIDC add programmatic support for some OAuth functions
PH30368 OIDC RP may not delete session cookie when SameSite cookie policy=lax
PH30911 OIDC RP: Allow a resource parameter to be sent to the token and authorize endpoints
PH31682 OIDC RP may not load config from a non-default security domain
PH31727 XXE vulnerability in WebSphere Application Server (CVE-2020-4949 CVSS 8.2)
PH32257 NotSerializableException with OIDC
PH32421 SAML assertions are not created with audienceRestriction
WebSphere Common Configuration Model (WCCM) PH31370 Update ICU4J time zone information
PH32277 Application Deployment is slow when application has many EJB jars
PH33228 XML External Entity (XXE) Injection vulnerability in WebSphere Application Server (CVE-2021-20353  CVSS 8.2)
Workload Management (WLM) PH27505 WLM can get in a loop when receiving compressed data running on z15 hardware
Fix Pack 9.0.5.6
Fix release date: 27 November 2020
Last modified: 27 November 2020
Status: Superseded

Download Fix Pack 9.0.5.6
Component Security APAR APAR Description
Administrative console (all non-scripting) PH26166 Performance problems in certain collection pages of the WebSphere Application Server Admin Console
PH26220 WebSphere Application Server Admin Console is vulnerable to cross-site scripting (CVE-2020-4578 CVSS 5.4)
PH26874 ADMA8019E warning even if "validate input" parameter set to off during the deployment
PH28097 j_security_check allows GET requests
PH28098 Users without appropriate roles can access links that eventually throw errors
PH28336 WebServer virtual host creation failure
PH29871 WebSphere Application Server Admin Console is vulnerable to a directory traversal vulnerability (CVE-2020-4782 CVSS 6.5)
PH30566 After updating to WebSphere Application Server 8.5.5.18 and WAS 9.0.5.5 accessing the admin console fails with 500 error
PH31320 Tivoli Performance Viewer (TPV) servlet summary report page not rendering images correctly
Default Messaging Component PH27391 Possible hang during JMS session close called from exception handler
EJB Container PH26295 Injection processing in adjunct region for z/OS for war modules causes CWNEN0044E error
PH27497 CNTR5010E, CNTR0075E errors after migrating from WebSphere V8.5.5.x to V9.0.5.x
PH27912 CNTR5104E or CNTR5102E occurs at EJB start after upgrading WebSphere to V8.5.5.16, V9.0.5.0, V9.0.5.1, or V9.0.5.2
Federated Repositories PH23888 ldaphelper.getRDN failover does not properly account for escaped commas
PH28634 Remove extra logging from UI script
General PH17014 m\Manifest attributes for annotation filtering are not being honored
PH26451 ODRLIB should consider all VCs when searching for the server app a request has affinity with in multi-cell topologies
PH27629 CDI resource injection of managedExecutorService
PH27825 Deadlock in HPEL code when running sip tracing
PH27883 CWXRS0003W message in adjunct region with DynaCache enabled
PH28308 Eclipse link illegal access warning from reflection
PH28420 WSGRID batch job fails with ABEND0C4 in ImqBin
PH28458 JaxRsClientImpl memory leak related to hash set
PH28535 JaxRs ServletException should include root cause
PH28733 Server not shutting down when started in recovery mode when using HPEL
PH28795 Update the migration toolkit in WebSphere Application Server to latest version and remove setting sourceJava and sourceAppserver manually
PH28961 Update EclipseLink to support ASM 8.0.1
PH28985 Update EclipseLink to support ANTR 3.5.2
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server
Install PH29376 Silently install any required Visual C++ redistributable runtimes on Windows
PH30851 Updating fix pack 8.5.5.15 with the interim fix PH25216 fails
Intelligent Management Component PH26451 ODRLIB should consider all VCs when searching for the app
PH29876 WebSphere 9.0.5.1 through 9.0.5.4 renameCell command fails on Windows
Java 2 Connectivity (J2C) PH28590 Plain text password in ffdc log
Java Management Extensions (JMX) or JMX Client API PH24396 Add ability to generate multiple JavaCores before node agent restarts unresponsive application servers
Java Message Service (JMS) IT27711 Trace enhancements for the IBM MQ classes for Java/JMS
IT30751 Java application remains connected to queue manager if PCFAgent.connect() throws an exception
IT31238 MQ classes for Java application cannot get NameValueData from RFH2 when using CCSID 1200 with little endian encoding
IT31623 MQ classes for JMS incorrectly treat messages with headers that have a CCSID field set to -2 as poison messages
IT31900 MQ Classes for JMS application unable to consume a JMS MapMessage containing Unicode escape sequences
IT32835 Update Bouncy Castle shipped by IBM MQ v9.1
PH26694 An MDB bound to MQ via a listener port stops consuming messages after an mqrc_connection_broken error
PH26914 A rare timing condition may lead to the file store stopping
PH30037 Update the IBM WebSphere MQ JCA resource adapter to Version 9.1.0.6
SE72595 JAVA MQCONNX fails with CC=2, RC=2009 in non-threaded environment on IBM i
Java SDK PH27131 WASAnnotationHelper map memory leak
JNDI/Naming PH27291 com.ibm.ws.naming.util.helpers.isJavaContextChangeAllowed() not correctly detected the clientcontainer stacktrace
PH27583 WebSphere Application Server is vulnerable to an information disclosure vulnerability
(CVE-2020-4629 CVSS 2.9)
Migration PH29310 MIGR0272E: The migration function cannot complete the command. caused by: java.lang.classNotFoundException: com.ibm.websphere.mo
Object Request Broker (ORB) PH27364 WebSphere z/OS 8.5.5.17 ABEND 0C4 (gpf) in com/ibm/ws/asynchbeans/services/wlm/enclavemanager.deRegisterWorkunit
Plug-in PH26422 Flexibility needed in setting $wssn used in place of host: header
PH26475 Switch iis_webserver plug-in binaries to symlinks
PH26856 ServerIOTimeoutRetry defaults to 0 (none) if property does not exist in plug-in configuration
PH27966 Plug-in does not set special header $wsxx for WebSocket request
PH27968 Allow non-rfc5280 certificates by default
PH28096 http_plugin.log entries for SSL read/write errors are treated like a timeout
Runtime and Classloader PH26130 Add parallel class loading support to WebSphere Application Server application class loaders
Security PH12072 SMF records not recorded with security auditing using the SMF emitter with SECURITY_FORM_LOGIN and SECURITY_FORM_LOGOUT
PH25204 After server is restarted, SpnegoTokenHelper API may fail due to the lack of Kerberos credential
PH26308 ldaptestquery tool for stand-alone ldap server is not honoring specific ssl settings set at test query tool
PH26841 Java2 security is accessing unexpected places
PH27580 Custom encoding plug-in fails to load when the file path includes space
PH28196 Sensitive Information may be stored in a system dump
PH29343 Allow receiveCertificate to handle PKCS7 files
PH29377 Unable to read multiple certs from a cert file
PH29549 Displaying email entry in SAN for information user did not provide
PH29840 Create the ability to select TLSV1.3 protocol
System Management/Repository PH26777 Enable post sync deploy processing on the Dmgr with system prop
PH28307 WebSphere 9.0.5.1 through 9.0.5.4 renamecell command fails on windows
PH30918 Incorrect Java library path set when a server SDK is different from the node/profile sdk
Transaction Service PH10643 Cascading server restart due to transaction auto peer recovery locking issue
PH22988 Communication delay between WebSphere Application Server and MQ
PH23464 Provide a mechanism to disable one-phase commit optimization
PH23968 Java.util.ConcurrentModificationException when stopping server
Web Services (for example: SOAP or UDDI or WSGW or WSIF) PH26204 org.apache.axiom.om.omException: a data handler was not found
PH26778 Axis2 JAXBUtils class consuming large amount of memory
PH26972 zWAS JAXBContext cache corruption possible in multi-servant environments
PH27157 WebSphere Application Server is vulnerable to an information disclosure vulnerability (CVE-2020-4576 CVSS 5.3)
PH27509 WebSphere Application Server is vulnerable to an information disclosure vulnerability (CVE-2020-4643 CVSS 7.5)
PH28645 AbstractMethodError in WsdlReaderImpl.getDocument
PH29156 Jax-WS client may not send request to provider: expose SerializeSecurityContext at JVM level
Web Services Security PH27514 OIDC TAI add basic auth support for the JWK endpoint
PH27827 OIDC RP support unique clientId and clientSecret for introspection endpoint
PH27971 OIDC RP: Expose end_session_endpoint with an api
PH28253 OIDC RP should intercept callback from OP without special filter config
PH28386 PODC RP: Give the option to validate a JWT access token
PH28534 OIDC TAI: Do not load config entry if no filter defined
PH29099 OIDC RP: ClassNotFoundException for jsonutil$dupekeydisallowinglinkedhashmap
z/OS PH28143 Abend DC2-4f003b24 in the zWebSphere daemon process in module bbgorb
Fix Pack 9.0.5.5
Fix release date: 4 September 2020
Last modified: 4 September 2020
Status: Superseded

Download Fix Pack 9.0.5.5
Component Security APAR APAR Description
Administrative console (all non-scripting) PH21166 Connection pool timeout hover help is confusing
Contexts and Dependency Injection (CDI) PI95074 WELD-2466 null pointer exception in Web service calls
EJBDeploy (WSAD) PH24687 How a deprecated message when running EJBDeploy
General PH21046 First element in list gets duplicated when parent is copy of another parent with a child list that replaced with copy of itself
PH21285 ClassCastException setting max query results in EclipseLink
PH21925 EclipseLink DB2 z/OS uses invalid query to ping database
PH24296 Update EclipseLink to support ASM 7.3.1 for Java 15
PH24309 EclipseLink does not correctly identify Oracle 19c platform
PH24526 EclipseLink exception after migrating to Liberty 19.0.0.12/20.0.0.3
PH25463 With HPEL enabled and "enable log record buffering" set to true, the text log is not updated instantly
PH25728 Performance: JAXRS2.0 slow performance doing getBeanManager
PH25972 Updating the WebSphere Application migration toolkit (binary scanner) in WebSphere Application Server to the latest version
PH26083 WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4534 CVSS 7.8)
PH26761 Vulnerability in Apache Batik affects WebSphere Application Server (CVE-2019-17566 CVSS 7.5)
PI97483 EclipseLink re-sorts insert and removes statements within a single transaction at commit
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server
Install PH26325 Fail to check VisualStudio 2013 redistributable package during IHS fix pack install
Intelligent Management Component PH25657 ODR needs to handle encoded URI request patterns
PH25931 Min/max instance script update does not update min/max nodes
PH26354 WebSphere Application Server ND is vulnerable to cross-site scripting (CVE-2020-4575 CVSS 4.7)
PH26364 Improper handling of INADDR_ANY by the Intelligent Management communication layer (P2P/SON) results in NPE
PH27037 New property ppedition.rollout.softreset.waitToQuiesceApplication to set quiesce interval
PH27806 Deadlock between com/ibm/ws/odc/nd/ODCTreeImpl and org/eclipse/osgi/framework/internal/core/BundleRepository blocks start-up
Java 2 Connectivity (J2C) PH21284 Incorrect waitingThreadcount due to mishandling of interrupted threads
PH21407 Out of Memory message is occuring when J2CModule reference is not freed up (j2cmodule = null)
PH23168 NullPointerException with ShowPoolContents
Java Message Service (JMS) PH19730 Launch client jobs failed to complete with error message of "components failed to initialize"
Migration PH25522 java.lang.NullPointerException while running migration BBOWMPOS job
PH26093 Migration to WebSphere Application Server V9 moves all of the applications to the node profile
PH26288 WASPostUpgrade extracts a file before its parent directory with regard to shared libraries
Plug-in PH23808 SSLMapMode does not work correctly with the im enabled plug-in (odrlib)
PH26192 Web server crashes when WebSphere plug-in dynamically reloaded
Runtime and Classloader PH24756 WebSphere Application Server JVM start failed on parsing Meta-INF/ejb-jar_merged.xml
Scheduler PH27414 WebSphere Application Server could allow a remote attacker to execute arbitrary code (CVE-2020-4589 CVSS 8.1)
Security PH21030 java.lang.NullPointerException in com.ibm.ws.security.web.WebCollaborator is seen at Tomcat startup when using com.ibm.ws.ejb.thinclient_9.0.jar
PH21586 ADMG0012E Unable to add the custom properties in CA client configurations
PH22557 Creating a custom CA client by implementing WSPKIClient interface provided by WebSphere failed class loader
PH25309 Preventing users from making a deletion of a certificate if the alias is being used in dynamic SSL config or SSL config
PH25855 LTPAToken2 value is same after relogin
PH26401 Add certificate extension support
PH27328 The ModifyAuditPolicy command throws a NullPointerException
Servlet Engine/Web Container PH24879 OutOfMemory event on Web service bais.create()
Session Initiation Protocol (SIP) Container PH25483 SIP re-invite might be sent to wrong interface
System Management/Repository PH16464 SERVER_LOG_ROOT is not set for a node agent initially
PH23853 Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362 CVSS 7.5)
PH26952 WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4464 CVSS 8.8)
Transaction Service PH25074 WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4450 CVSS 9.8) and Information Exposure (CVE-2020-4449 CVSS 7.5)
PH25955 Remove_partner_log_entry does not work for xaResource.recover() failure
Web Services (for example: SOAP or UDDI or WSGW or WSIF) PH22498 JAX-PRC Web service client creation fails if an http redirect switches protocol when accessing the WSDL url
PH22765 WSWS7054E error during WSDL generation due to ClassNotFoundException on javax.validation.ConstraintViolation
Web Services Security PH21827 OIDC tai: NotSerializableException for JwtClaims error may occur
PH24501 SAML Web SSO TAI may fail signature verification when a keyinfo contains both keyname and X509Data
PH24737 OIDC RP: Make the introspection response available via api
PH25547 OIDC incorrect behavior if opaque token is in authorization header and useJwtFromRequest=ifPresent
PH25697 OIDC RP sessionCacheTimeoutMinutes=0 is not overriding idToken exp claim
PH25774 OIDC RP: session cookie value is too short
PH26523 OIDC RP allow call to userInfo endpoint to be disabled
PH26842 SAML Web SSO ClassNotFoundException for TrustAssociationUtil in 9.0.5.4
PH26925 OIDC RP generates JavaScript with extra end-script to send to op
PH27173 OIDC RP login may fail when nonce is enabled
PH27213 OIDC TAI: Give option to not write LTPA cookie in RP path
WebSphere Common Configuration Model (WCCM) PH25334 Application update failure slow due to excessive retries
z/OS PH23733 Unexpected transaction CPLT abend ASIB when transaction is rolled back
PH24730 Repetitive characters at the end of message BBOA7101E
PH25359 ABEND 0E0 interruption code 28 in BBOA1REG
Fix Pack 9.0.5.4
Fix release date: 12 June 2020
Last modified: 12 June 2020
Status: Superseded

Download Fix Pack 9.0.5.4
Component Security APAR APAR Description
Administrative console (all non-scripting) PH20162 The configure scanner page is not enabled for monitor with admin access to an application
PH20878 Add content-security_policy to the response header on the Dmgr
PH21177 Update copyright for admin console
PH23369 The color settings of console identity is backed to default
PH23600 Hover help for ORB tracing is not helpful
PH23783 Support url to go directly to three specific pages in the admin console
EJBDeploy (WSAD) PH21271 Failed to run EJBDeploy when installing application by admin console
Federated Repositories PH23240 Adding a node from 9.0.5.1+ dmgr fails for 8.5.5.17+ node with CWWIM5106E
General PH17297 Corrections are needed to the documentation in the IBM Docs for IBM WebSphere Application Server Version 8.5
PH18158 SESN8558E: An attempt was made to write more than 2M to the large column
PH19392 When checkpointing is turned on, it increases the node synchronization time
PH19805 Display run_jobs_under_user_credential at startup
PH20390 Add MaxHeap MaxInt error message
PH20397 zOS atomic rollout fails when updating edition due to incorrect web server state
PH20735 Dmgr CR issued ABEND0C4-11 dump after stop command
PH21049 Enable-CDI manifest property not working if applied to war or jar modules
PH21413 Validate zeroearcopy apps when running the binary scanner
PH22238 HeapDetect: error notifying monitor: 52 message is logged on st
PH22517 WS-Security may decode Kerberos token and retrieve the realm name for the principal name
PH23010 NullPointerException can occur when JAXRS application is restarted without also restarting the containing server
PH23125 Need informative message when session table does not exist on db
PH24552 PI89036 causes native_stdout to fill up with repeating debug
PH25216 Remote code execution vulnerability in WebSphere Application Server ND (CVE-2020-4448 CVSS 9.8)
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server
Java 2 Connectivity (J2C) PH20373 java.lang.indexOutOfBoundsException thrown from com.ibm.ejs.container.beano.reassociatehandlelist
Java Message Service (JMS) PH20912 Unable to set sameSite cookie option with response.addHeader
PH21305 Hang in adjunct region when deactivating IBM MQ resource adapter
PH22157 Add support for the same site cookie attribute
Java SDK PH22773 ConcurrentModificationException during JSF initialization
Migration PH21293 Better message for preventing double clone federated node migration
PH22671 Incorrect server unique id in cluster.xml after clone migration
PH23359 Message MIGR0590I is incorrectly formatted
PH24741 Migration to WebSphere Application Server V9 may fail to carry forward some SSL endpoint configurations
Object Request Broker (ORB) PH22275 HandshakeCompletedNotifier Failures Cause Socket timeouts
PD tools (for example: Log Analyzer) PH14607 FileNotFoundException appear when running tWAS logViewer
PH15449 No stack trace printed when NullPointerException printed
PH20856 OSGI logs are not captured by collector tool
PH21934 Profile root is not captured by collector tool for Windows 2016
Plug-in PH21258 z/OS plug-in bld version does not show fix pack level
PH21768 Plug-in fix pack does not update IIS_webserver copy of binary
PH22593 Plug-in-gen dose not refer session management configuration of app-level which override when set web-level setting exist
Runtime and Classloader PH20328 Wsadmin renameNode() and adminConfig.save() commands deleting wsBundleMetadata/jsf-myfaces.xml
Security PH14756 NullPointerException in certificateMapper.getDNSubfield WebSphere setup with global security LDAP with security domain
PH19164 If custom encryption module throws passwordEncryptException or passwordDecryptException, it can corrupt passwords in security.xml
PH20571 When the audit policy is loaded, a commandValidationException occurs (SECj6051E)
PH21890 External authentication retrieved user via TAI intercept as unauthenticated failed with null for getUserPrincipal
PH22986 The renewed certificate is not honored when certificate expiration monitor renewed a certificate
PH23211 Password on commandline is not masked correctly
Servlet Engine/Web Container PH17559 NullPointerException occurs if a filter is first mapped to a named servlet, but the named servlet is added later
PH20847  Information Disclosure in WebSphere Application Server (CVE-2020-4329 CVSS 4.3)
Session Initiation Protocol (SIP) Container PH21349 SIP notify arriving before 202 for refer causes a memory leak
PH22590 : B2buaHelper.getPendingMessages might return an empty list when
System Management/Repository PH21511 Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276 CVSS 7.5)
PH21848 Display the absolute path value of the temporary location if the copy of asset fails
Web Services Security PH21178 OIDC RP: Access-token refresh may be attempted when it should not
PH21611 OIDC RP may attempt to refresh access tokens that are not expired
PH22038 OIDC RP: session cookie name should to be related to provider_<id>.identifier but related to provider_<id>.clientid
PH22195 OIDC RP: Enable use OpenID provider's well known configuration url
PH22621 OIDC RP: Add programmatic support for grant_type = client_credentials
PH23572 OIDC RP code flow cannot be used if JavaScript is not enabled
PH23697 OIDC RP support RS512 support to OIDC TAI signature algorithm
PI96403 OIDC RP does not support implicit login flow for initial requests
z/OS PH22659 zWAS crash in bbog_failuremonitor::dispatchrecovery(mvs::stoken) following normal shutdown
Fix Pack 9.0.5.3
Fix release date: 20 March 2020
Last modified: 20 March 2020
Status: Superseded

Download Fix Pack 9.0.5.3
Component Security APAR APAR Description
Administrative console (all non-scripting) PH17962 Request to allow web server log path to be outside of WebSphere Application Server and not require the .log file name extension
PH18268 When a scheduler that an EJB timer service uses no longer exists, the console does not display an error
PH18480 The client wants to use the admin console of the AdminAgent to restrict users who access Web admin console
PH18947 Information disclosure in WebSphere Application Server Admin Console (CVE-2019-4670)
PH19089 "Enable API Discovery Service" option missing from the Admin Console Web Container settings
PH19141 VMM - LDAP attribute configuration - example first add of mail gets replaced by the second add of title
PH19401 Administrative console fix to support bidirectional text fix in the breadcrumb and application install summary page
PH19920 When invalid characters are introduced in the Admin Console url error page java.lang.nullpointerexception is received
Contexts and Dependency Injection (CDI) PH15728 CDI not protecting the thread context classloader and loading a wrong version of xml parser
EJB Container PH18256 CNTR5104E received when deploying EJB application
PH18828 CORBA.MARSHAL: incompatibility between stub and tie on WebSphere batch application
Federated Repositories PH16420 Non-participating repositories are accessed from WIM get api
PH19260 WIMConfigurationException is thrown when updating caches on Admin Console
General PH08220 Add Db2/z named parameter support to EclipseLink
PH08470 Since moving to WebSphere 9.0.0.8, jsf-nls.jar is not being found
PH10785 javax.persistence.lock.timeout works incorrectly
PH10848 Return null for aggregate functions with primitive type
PH11280 PI58498 is not fixed on 8.5.5.13 under certain circumstances
PH11824 How to insert CLOB data using LOB locator in EclipseLink
PH12133 EclipseLink returns the wrong result for left joins with empty results from the right
PH13660 Reduce HPEL buffer flush interval and timer implementation
PH13805 Unidirectional onetomany mapping inserts with multiple foreign key references
PH14266 Update EclipseLink ASM version from 6.2 to 7.0
PH14747 EclipseLink binds untyped parameters on Db2
PH15440 Issue with EntityManager: em.unwrap(connection.class) returns null with the property "eclipselink.jdbc.exclusive-connection.mode" set "Always"
PH16450 EclipseLink: ORA-06550: Illegal character > in stored procedure on Oracle
PH16920 EclipseLink: AggregateObjectMapping support for EclipseLink cursor
PH17812 Intelligent Management Web Server Plug-in 9.0.5.1 crashes if an invalid trace specification is defined
PH17942 Some session attributes are not stored with sessionDB of Oracle
PH18042 Incorrect UOWexception thrown from UOWmanager when subordinate transaction is marked for rollback only
PH18842 Update EclipseLink ASM version from 7.0 to 7.1
PH18844 EclipseLinks COALESCE() JPQL function cannot handle null parameter values
PH18853 EclipseLink incorrectly detects the HANA database platform
PH18854 EclipseLink persistence provider property eclipselink.jdbc.sql-cast does not apply when set
PH18894 Change the default value of modifyActiveCountOnInvalidatedSession
PH18898 WebSocket connections closing results in hung threads
PH19061 Multiple plugin-cfg.xml files & folders under profile_home/config/cells/ causing Liberty report hung on console
PH19292 Issue with quotes
PH19880 Update WebSphere Application Server migration tools to work with binary scanner updates
PH19989 Denial of service in WebSphere Application Server (CVE-2019-12406)
PH20109 EclipseLink mixes indexed and named parameter types for cursors resultlist
PH20275 The session manager behavior after fix of PI78540 is not updated into the IBM Docs
PH20279 Update Eclipse link to support ASM 7.2 for Java 14
PH20314 Logviewer not able to write logviewer.pos file
PH20421 EclipseLink: Unrecognized JDBC cursor type for Db2
PH20729 AttributeOverride for complex embeddable mappings on EclipseLink fails
PH20786 Missing parameter markers for EclipseLink stored procedures on Db2 z/OS
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server
Intelligent Management Component PH11456 Custom transport chains added to dynamic cluster server templates are not properly propagated to dynamic cluster members.
PH16498 Implement the ability to disable the ODC REST Service
PH17812 Intelligent Management Web Server Plug-in 9.0.5.1 crashes if an invalid trace specification is defined
PH19190 cellname as IM property is not changed in the plug-in by scripting
PH19418 Not all Tomcat templates are displayed in the admin console during Tomcat server creation
PI89036 JVM crash on Windows in ProcessCPU64.dll while invoking PMI to collect CPU stats
Java 2 Connectivity (J2C) PH18072 J2CA0163E error occurs when starting application
PH18970 Connection pool hands out aborted connection
PH20223 RRA=all trace results in SECJ0314W violation of Java 2 security permission error
PH20681 Add support for IBM MQ XA recovery with QMIDS
PH20976 AccessControlException when using connection.abort(ex)
Java Message Service (JMS) PH15289 Updating the address include list for server transports causes an exception
PH18475 Client received HTTP 500 error for their request due to java.lang.illegalStateException in the CR
PH19528 WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)
PH20676 Update the IBM WebSphere MQ JCA resource adapter to version 9.1.0.4
Java Persistence API (JPA) PH18777 ConcurrentModificationException after PH07008
PH19943 "java:app" jndi names in jpa <[non-]jta-data-source> emits warning during app start
JSP PH20785 WebSphere Application Server is vulnerable to command execution (CVE-2020-4163)
Migration PH15764 WASPostUpgrade fails when the profile was created with symlinks
PH17993 rar files missing if app server node is clone migrated twice
PH18458 Migration is unable to resolve relative file paths correctly
PH18807 Allow migration.properties to be modified for z/OS WebSphere migration
PH19287 Excessive tracing with postUpgradeTrace=0 and preUpgradeTrace=0
PH19982 WASPreUpgrade issue
PH20869 Migration fails with java.lang.nosuchmethodexception:com.ibm.websphere.models.config.applicationserver.sipcontainer.sipcontainer
Plug-in PH19420 Plug-in propagation for managed definition on remote node fails to copy plugin-key.kdb to webserver location on the remote node
PH19922 Unnecessary polling can take place causing high CPU
PH20154 Plug-in WebSocket upgrade request response code not verified
PH20311 Plug-in does not read entire response from the socket when ESI is enabled and response shows data is not modified
PH20448 IHS crash on restart when plug-in log rotation is enabled
Runtime and Classloader PH18939 WebSphere Application Classloader provide wrong byte code to the JPA framework, which cause a ArrayIndexOutOfBoundsException
Security PH13835 Outbound EJB-WOLA connection fails no_permission due to transportlayer settings being picked up from incoming RMI call
PH16017 FFDC data output may display JAAS configuration information
PH18052 Add an option to use hostname in ORB IOR
PH20055 Provide an option to add KRBAuthnToken to Subject
Servlet Engine/Web Container PH15852 Missing translation key: Exception occurred while running ServletContainerInitializers onStartup method
Session Initiation Protocol (SIP) Container PH17737 WebSphere does not reject SIP invite with invalid CSEQ header
PH21614 SIP requests with appropriate CSEQ numbers receive message 500 incorrect CSEQ
System Management Configuration PH15796 Monitored directory deployment hangs when application is deployed on more than one target
System Management/Repository PH18800 SADMA7021I message in a deployment manager systemout.log file causes confusion
PH21881 Fix CD check in renameCell command
Transaction Service PH08281 Information services director fails when invoking a web service - deployment.xml composition unit is not found
Web Services (for example: SOAP or UDDI or WSGW or WSIF) PH16949 WebSphere Application Server 8.5.5.15 / 9.0.5.0 - issues with annotation scanning filters (include-scanning-packages etc.)
Web Services Security PH15248 OIDCClientHelper methods may return null unexpectedly
PH16455 JAX-WS engine did not redirect response with 301 status code
PH17304 OIDC RP cannot send a content-security-policy header to the openID connect provider
PH18150 The OIDC RP does not check the id-token for an acr value if the configured auth endpoint url includes "acr_values"
PH19189 OIDC RP cannot send a nonce parameter to an OpenID Connect provider
PH19333 OIDC RP: unable to override the realm name in an idToken
PH19907 OIDC RP: Login fails when createSession=true and http sessions exhausted
PH20118 OIDC RP: should not require scope claim on response from OP
PH21008 OIDC RP: The tai is completely disabled if any provider config fails to initialize
WebSphere Common Configuration Model (WCCM) PH16593 Application with duplicate servlet-url mapping fails to deploy in version 9
PH17696 Encrypted passwords deleted if custom encryption JAS is removed
PH19871 BO attributes are not working correctly after upgrading to WebSphere 8.5.5.16
PH20188 Incorrect time policy for Turkey in com.ibm.icu.jar
z/OS PH19192 WaitTime is not passed to BBOCLSCC under certain circumstances
Fix Pack 9.0.5.2
Fix release date: 13 December 2019
Last modified: 13 December 2019
Status: Superseded

Download Fix Pack 9.0.5.2
Component Security APAR APAR Description
Administrative console (all non-scripting) PH14295 Classloader conflict causing problems accessing the admin console in WebSphere Application Server
PH14552 java.lang.arrayIndexOutOfBoundsException: array index out of range: 1 exception on WebSphere Application Server 8.5.5.14 after BPM 18.0.0.1 upgrade
PH15415 Improve status text for scan error for the application migration scanner functionality
PH17272 An error is shown in the administrative console, when viewing the systemout.log.owner or thesystemerr.log.owner files
PI94624 Remove struts-legacy.jar from isclite.ear
Default Messaging Component PH16502 In WebSphere Application Server messaging engine stops due to DSRA9110E when short duration lock feature is enabled
Federated Repositories PH14099 Federated repository is not returning all requested attributes when searching
PH15390 NPE when an expected attribute is missing from LDAP entry
PH15543 CWWIM4564I saying it connected to the failover LDAP, when reconnecting with the primary LDAP
PH17028 AdminAgent console can display incorrect security configuration
PH17839 When adding an LDAP attribute that requires a boolean value, an invalidAttributeSyntax error occurs
PH18761 NullPointerException is thrown when running deregisterNode.sh wsadmin
General PH10371 lrcmd.sh script ignores values specified in soap.client.props
PH12982 "Write Interval" of HttpSession store configuration is not honored
PH13564 WOLA is not freeing IMS tpipe after an error
PH14473 Add translations for the access denied message
PH14926 Deserializing a session loads classes form different class loaders
PH15038 Provide "medium varchar(32672) for bit data" option
PH15134 CSA shortage with WebSphere Application Server z/OS fix pack 9.0.0.9 BBOO0335E BPX1LDX load of bbodpcrt failed rc=84, reason=BDF0624
PH15733 Simpledateformat usage in JAX-RS headers class causing arrayIndexOutOfBoundsException
PH15820 OAuth provider may create a principal with Realm name prepended to user name
PH16353 IBM Docs in WebSphere Application Server needs updated library (CVE-2015-7450)
PH16837 Unresolvable variable warning message CWLRB6203W: issued when no action is required
PH17314 Too many open files in WebSphere v8.5.5 SIBus messaging engine
PH17557 Upgrade Apache Commons BeanUtils in admin console (CVE-2019-10086)
PH18467 SEC-31: More secure password hashing for tWAS file registry
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server
Install PH15933 showSDK.sh is missing from tWAS 9.0
PH16993 Cannot install WebSphere Application Server 9.0 on Suse Linux Enterprise 15
PH17087 Remove relabel_linux.sh from WebSphere Application Server 9.0
PH17876 CRIMA1137W
PH18278 Warning message is issued when install IHS and plug-in 9.0.5.2 and 8.5.5.17 on Windows without MSVC 2013 runtime installed
Java 2 Connectivity (J2C) PH13031 oracle.jdbc.ReadTimeout setting not working using either jdbc-4.1 or jdbc-4.2 features
Java Management Extensions (JMX) or JMX Client API PH16983 Use trigger dump with request=exclusive instead of system dump
Java Message Service (JMS) PH01737 Changing default to NIO on HP platform
PH14915 At shutdown, when the fileStore is nearly full, threads persisting messages will hang
PH17473 Case sensitivity issues when headers are not being cached
PH17811 Update the IBM WebSphere MQ JCA resource adapter to version 9.1.0.3 + APAR IT30234
Java SDK PH16818 File descriptor leak in defaultFaceletFactory
JavaServer Pages (JSP) PH14966 JSF portlet bridge should not be bundled by WebSphere
JSP PH13983 Information disclosure in WebSphere Application Server (CVE-2019-4441)
Migration PH15110 Migration tool should notify the user in the case that the old value is not migrated
PH15970 Add JAXRS upgrade messages to the WASPostUpgrade log
PH16438 Migration fails in post migration step if configuration contains hostAlias defined with port="*"
PH17164 SIB service disabled during selective migration
PH18142 Running BBOWMPRO during a migration to a newer release of zWAS gets configuration mismatch error
PH18330 Migrating a cell using the clone option does not create a different profile key
Object Request Broker (ORB) PH13233 Remove unformatted trace entries
PD tools (for example: Log Analyzer) PH14607 FileNotFoundException appear when running tWAS logViewer
PH15079 Modify traceInit outputs BBOO0427E at 8.5.5.15
PH15449 No stack trace printed when nullpointerexception printed
PH17273 Collector tool does not collect properties files for IBM i platform
PH17283 Diagnostic plans utility is incompatible with the java_dump_opts
Plug-in PH13091 WebSphere plug-in has uneven distribution when multiple servers have a weight of 0
PH14563 Plug-in merge creates extra URI group when erroneous ports are within the VirtualHostGroup
PH17449 WAS HTTP plug-in fails to generate $wsra $wsrh headers
Profile PH11873 Create profile failed with java.net.uriSyntaxException: illegal character in path
Runtime and Classloader PH10673 Property com.ibm.ws.runtime.dumpShutdown=true causes two heap dumps and two Java cores during shutdown
Security PH09722 Reload the SSL runtime when certificate monitor execute
PH10457 replaceCertificate is not horned to replace a personal certificate with another personal certificate
PH11248 Information Disclosure in WebSphere Application Server (CVE-2019-4477)
PH15201 Ayyedmin console login page does not show images correctly after authentication setting is changed to non-default option
PH15965 Intermittent SECJ0129E after upgrade to 9.0.0.10 or 8.5.5.14
PH16741 Client certificate authentication not finding previously logged in subject
PH17654 WSVR0661W starts to happen after the application of 8.5.5.16
PH18217 Need to stop auditing subsystem from doing DNS lookup
Servlet Engine/Web Container PH16279 Memory leak in WebFragMergerImpl due to multiple start/stop of application without restarting the application server
PH18646 Servlet caching does not work with default context root URI
Session Initiation Protocol (SIP) Container PH15985 A Via header field in ACK requests might contain incorrect address in a dual stack environment
System Management/Repository PH14004 Path traversal vulnerability in WebSphere Application Server (CVE-2019-4442)
Web Services (for example: SOAP or UDDI or WSGW or WSIF) PH09116 NullPointerException generated due to a partial update of the EJB application
Web Services Security PH14676 OIDC IP: Omit client_secret OAuth 2.0 parameter if the client_secret is an empty string
PH15626 OIDC RP: Enable configuration of a login error url
WebSphere Common Configuration Model (WCCM) PH08678 In WebSphere V8.5.5 AdminTask.extractConfigProperties incorrectly sets the CCSID value to 0 as the default
Fix Pack 9.0.5.1
Fix release date: 20 September 2019
Last modified: 20 September 2019
Status: Superseded

Download Fix Pack 9.0.5.1
Component Security APAR APAR Description
Administrative console (all non-scripting) PH09977 Some Administrative console URLs are using target=_blank
PH10210 Administrative console Pre-Login Banner is not displayed when Client Certificate Authentication is enabled
PH11318 Do not display LOG_ROOT directories for Application Installation
PH11319 XSS issues with the WebSphere Admin Console (CVE-2019-4270)
PH12325 WebSphere Application Server Admin Console could allow a file traversal vulnerability (CVE-2019-4268)
PH12508 After upgrading WebSphere Application Server to fix pack 11 (9.0.0.11), receiving message java.io.FileNotFoundException:SRVE0190E: File not found:/LibertyAdvisorSummary
PH13030 Rename Liberty application migration analysis functionality
PH13295 Scopes in resource panels are unsorted which makes it hard to find a specific scope
PH13303 An 'Access denied' error is logged when the Liberty Advisor Summary column is populated regardless of user role
PH15351 Admin Console updates to RemoveNodeListener and AddNodeListener Servlets
PH15700 Target Java options are out of order on configure scanner page
Default Messaging Component PH07816 WebSphere Application Server V9 throws CWSIJ0047E errors after messaging engine restarts or failovers
Federated Repositories PH01831 LdapAdapter.authenticateWithPassword() discards the casual exception when throwing a new exception
PH11792 Changing WSTEMP directory to a different directory with the following property websphere.workspace.root is not being honored
PH12039 The WIM GET API does not consider the allowOperationIfReposDown setting on the realm
PH12167 Authentication fails with a cause by of illegal capacity
PI97871 Cannot change administrative user in federated repositories
General PH07819 After migrating from V8.5 to V9.0 JPA 2.1 application fails with ClassNotFoundException while loading JPA classes
PH09666 java.lang.NoClassDefFoundError: com/ibm/mq/MQXAQueueManager may occur when using IBM MQ queues in WebSphere Application Server
PH10279 Websocket client side connect does not set http query parameters
PH11818 Unnecessary annotation scan happens if a class implements java.util.EventListener
PH12312 Admin agent environments are unable to create migration reports through the console or wsadmin
PH12467 WsSessionInvalidatorThread should have a thread number
PH12630 JSESSIONID cookies may contain two consecutive dashes
PH13339 Implement fine grain permissions for migration commands
PH13638 Message CWSJR1138E was issued for JMS create session
PH13786 ABENDCC3 RSN040E0001 in local communication close processing
PH13798 Error resulting from PH09335 when USER_INSTALL_ROOT is unset
PH13807 NullPointerException in the Sib code may happen when Cross Component Trace is enabled
PH14088 Disabling isolation of third-party JAX-RS providers causes FileNotFoundException
PH14124 The updated version 19.0.0.3 in the binary scanner needs to be added in WebSphere Application Server traditional
PH14351 Update the binary scanner in WebSphere Application Server to 19.0.0.3.1
PI11818 Information Center does not mention whether the clean up setting can affect or remove component versions that are attached to a snapshot
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server
Identity Management PH18467 Enhanced file-based and database repository password hashing algorithms
Install PH11170 Incorrect output of versionInfo -fix packs
Intelligent Management Component PH11807 Routing policy HTTP rules console page broken and validation for duplicate ODR rules not throwing proper error
PH12773 Add/Remove neighbor loop with messages ODCF8041I, ODCF8040I, and CWOBB1009W
PH14613 Intermittent child process crashes on IBM HTTP Server and APACHE with intelligent management plug-in enabled
PH14796 /MiddlewareAgentRPCService/noadmin allows for arbitrary file access of files in the WAS/profiles/dmgr directory
Java 2 Connectivity (J2C) PH10198 2CA0695E: Unable to find primary pool manager during failover processing for a resource with a JNDI name of ibm/cm
PH12983 Missing mcwrapper id in J2C trace when a connection has reached its aged timeout
PH13915 High CPU when synchronizing resources.xml
Java Message Service (JMS) PH13273 Termination hung due to deadlocked threads in CR
PH15088 Attempting to create a managed DUPS_OK JMS session outside a global transaction results in an AUTO_ACKNOWLEDGE session being created
Java Persistence API (JPA) PH07008 Have OpenJPA updates the descriminator class cache as classes become loaded and registered in the metadata repository
PH13889 OpenJPA enhanced classes version change causes warning
Java SDK PH09730 ClassNotFoundException that occurs during JSF initialization
JavaServer Pages (JSP) PH12946 StringIndexOutOfBoundsException when using JSF 2.2 in Liberty
Migration PH14471 Need to suppress checkpoint messages during WASPreUpgrade operation
PH14583 WASPostUpgrade does not allow the option -clone true to be used with the option -setPorts useOld
PH14635 WASPreUpgrade in remote migration jar does not work on zLinux
PH15019 Spaces in the application name causes migration failure as WASMigrationAppInstaller gets parsing error
PH15020 When multiple applications are migrated as the same time, some may not get migrated
PH15060 WASPreUpgrade - The plug-ins directory was not in the list of WAS_INSTALL_ROOT protected directories
PH15373 Dmgr CoreGroup template is not found
Other PH13095 If the admin agent console times out, the username/password must be provided twice
PD tools (for example: Log Analyzer) PH12910 java.lang.StringIndexOutOfBoundsException & SRVE0232E occur while accessing admin console
PH14673 WebSphere Application Server Diag Plan summary log showing a wrong trace dump file directory
Plug-in PH09316 New plug-in configuration copies the etc/plugin-key.rdb file unnecessarily
PH11287 Web server Plug-in crashed in memcpy call ws_ReallySendRequest function
PH14125 Allow empty reason phrase on 100-Continue
Security PH06574 When creating a new webserver definition in the integrated solutions console, plugin-key.kdb (CMS keystrore) is not generated
System Management/Repository PH10218 Logging for JVM is not showing up on the console
PH11113 Cannot map a J2EE role named role to users and groups
PH12932 Missing Javadoc in the ManagedObjectMetadataHelper APIs
Transaction Service PH07541 Transaction scoped observers do not fire
PI95615 Application server startup fails with the message Base product version for node myNode is not available
Web Services (for example: SOAP or UDDI or WSGW or WSIF) PH08025 J2CA0045E on WebSphere Application Server V9 when a Web service uses a connection factory
PH10556 The <dmgr_profile>/temp/wscache/installExtract folder is not being cleaned up after the deployment or after DMGR restart
PH11905 Increased deployment manager startup time is caused by inefficient data structure
Web Services Security PH11684 OIDC: Failed to validate id token, exception thrown during verify [JsonObject]
PH13175 Tokens are not revoked when sessions are evicted from the cache
PH13533 Web Service request containing WS-AT Context fails if provider Web Service is configured to support WS-RM
WebSphere Common Configuration Model (WCCM) PH08461 During DMGR startup the /tmp folder is filling up and preventing the DMGR from starting
PH09294 Slow application startup for applications with many files
PH12669 NullPointerException occurs in EMF due to concurrent initialization
PH13545 Temporary files created during application deployment are never deleted
Refresh Pack 9.0.5.0
Fix release date: 28 June 2019
Last modified: 28 June 2019
Status: Superseded

Download Refresh Pack 9.0.5.0
Component Security APAR APAR Description
Administrative console (all non-scripting) PH10072 Add secure attribute to cookies
PH10464 URLs based on the admin console return error 500
PH10816 Serviceability issues for Liberty advisor feature
PH10824 UI bug fixes and changes for liberty advisor feature
PH10831 Add color to navigation border to make color change more visible
PH11381 Information Disclosure in WebSphere Application Server Admin Console (CVE-2019-4269)
EJB Container PH08828 OutOfMemory in InjectionEngine cache
PH12563 Support JIT deploy of EJB 1.x and 2.x modules
Federated Repositories PH05207 NullPointerException occurs when nameInRepository is not set in wimconfig.xml
PH08837 LDAP search fails with numberFormatException
PH10154 Group members are not listed (in manage users/groups) when domainNameForAuomaticDiscoveryOfLDAPServers is configured
PH11325 In rare cases, the federated repository attributes cache will store an attribute beyond the specified cache timeout
General PH01829 lrcmd command fails with socketTimeoutException
PH04833 Java batch scheduler in WebSphere V8.5.5 running OutOfMemory
PH05228 JSF portlet fails with illegalStateException when processing JSP
PH06301 CWLRB6179E: Failed to invoke EndPointCRMBean
PH07176 Checkpoint throws WKSP0009E error message
PH08375 WASServiceHelper.bat builds command contains "stopargs" twice
PH08510 WSGrid fails with java.lang.runtimeException: parse error 1
PH08548 The number of concurrent sub jobs running under a top-level batch job may exceed the configured maximum
PH08683 Fix tracing NPE in wasJaxrsClientTimeoutInterceptor
PH08898 WebSphere V8.5.5 job scheduler throws NullPointerException
PH08920 ConcurrentModificationException at CDI code
PH08934 IBM MQ listener port stopped working after upgrading to WebSphere V9.0.0.9
PH08993 CWLRB6203W is issued for properties which do not need a value
PH09233 CDI application with WEB-INF libary fails to start in loose config
PH09335 Managesdk.sh does not set user.install.root
PH09407 CommonExtensionsHelper class prints out a lot of information messages
PH09657 Usage Metering discards metrics on HTTP 500 response from metering service
PH10119 Add support for CICS 5.5 to optimized local adapters
PH10333 During extension of clusters jobs abended with rc=12 and existing endpoints are not found
PH10372 High memory usage consumed by logViewer
PH10542 java.lang.noClassDefFoundError: com.ibm.websphere.csi.j2eeName
PH10640 Versioninfo.bat returns the error "The system cannot find the path specified"
PH10843 JavaMail password hardcoded to null in the trace
PH11142 Running the wctcmd.bat from outside of the <wct_root> directory causes
PH11334 Need to check users WebSphere Application Server version and source Java version
PH11542 DefaultApplication changed in 9.0.0.11
PH12012 WebSphere Application Server V8.5 causing delay in J2C method "entering timing:"
PH12252 CDI cannot function with per module hot restarts. Currently it disables them on any app where CDI is enabled
PH12499 Upgrade JAXRS2.0 in WebSphere Application Server from Version 3.0.3 to 3.1.18
PH12560 Support customization of usage metering metrics
High Availability (HA) PH08584 Moving dynamic cluster to new core group fails to update dynamic cluster s server template
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server
Install PH09811 Installation of WebSphere Application Server V90 offerings were not blocked on Suse 11 patch
Intelligent Management Component PH07819 Remove DOM package version from VE import
PH09810 Health controller stops working when executing Health Policy actions
PH11655 OVERLAY_ TCP_ LISTENER_ ADDRESS port can be used to execute arbitrary code across cells
PH12533 Admin Console allows Client-side HTTP Parameter Pollution and xss
Java 2 Connectivity (J2C) PH04931 FFDC for java.lang.illegalStateException logged intermittently while many transactions starting in parallel is not a problem
PH07318 WebSphere Application Server does not properly handle exception thrown by Db2 driver
Java Message Service (JMS) PH09048 During TIBCO EMS server failover, transaction rollback issues may occur that lead to stuck messages on the TIBCO queue
PH09262 Update IBM WebSphere MQ JCA resource adapter to 9.1.0.1
PH09750 Hanging threads in com.ibm.ejs.jms.jmsQueueConnectionHandle.createQueueSession
PH11186 HTTP inbound channel custom properties trustedHeaderOrigin and trustedSensitiveHeaderOrigin do not work properly on z/OS
Java SDK PH06008 After migration from WebSphere Application Server 9.0.0.5 to  9.0.0.6 JSF failed with unable to create view "/web/common/loginsuccessblank.xhtml"
JSP PH08381 JSP compilation error when using line comment within JSP expression
PH11216 Redirect context root for missing slash fails in WebSphere Application Server V9.0 and Liberty when using HTTPS connection
Migration PH07835 Migrating a cell using the clone option does not create a different coreGroupUID
PH07936 Migrating to WebSphere Application Server V9.0 but application did not get deployed
PH09937 After migration, create element automatically that not exist before migration
PH10778 Selective migrations fixes
PI98398 Migration job BBOMDINS incorrectly refers to install_all_apps.py instead of new tool WASMigrationAppInstaller.sh
Plug-in PH08290 Plug-in needs to provide some GSKit scripts
PH08740 Apache v2.4 web server plug-in crashed caused by a conflict withmod_was_ap22_http and mod_hpfilter2.4
PH08998 WebSphere plug-in process is not properly cleaned up when using Apache piped logger rotate logs
PH09034 Set default connectionTTL to 28 if not present in configuration for the WebSphere Webserver plug-in
PH09316 New plug-in configuration copies the etc/plugin-key.rdb file unnecessarily
PH09639 HTML dashboards fail in web query with HTTP 500 when running in IE or Firefox
PH10258 ODRPortPathPrefix cannot be added from the WebSphere admin console
PH10504 Servlet request remote address value is incorrect with WebSphere Application Server 8.5.5.15 plugins fix pack level
Runtime and Classloader PH05460 Emit diagnostics for OSGIi unsatisfied bundle constraints diagnostics when starting a server
PH12606 Store application classes in shared class cache to improve server startup
PI91529 NullPointerException is thrown when processing application deployment.xml file
PI95165 java.lang.illegalStateException can occur when an updated CDI application is republished to WebSphere Application Server
PI97290 NullPointerExceptions while enabling the classloader traces
Security PH04135 Behavior difference in getRemoteUser() and getUsePrincipal() in V8.5.5 vs V9.0.0 when JASPIC is configured
PH06236 When selecting a certificate alias with mixed case an SECJ7428E error is received
PH08265 Cannot remove audit notification: SECJ7387E: Audit notification in use
PH09574 PI97974 was about LDAP search filter issue, which did not handle parenthesis correctly
Servlet Engine/Web Container PH10240 Add trace to display virtual host mapping for a request
PI99214 Error message "SRVE0190E: file not found: {0}" is missing file name
Session Initiation Protocol (SIP) Container PH07841 SIP parse errors seem to put the parsing thread into a tight loop indefinitely
System Management/Repository PH07140 Editing an application with EJB content in a WAR module may experience slow performance
PH10565 Stopping an application server with wrong user or/and password failed with error from stack trace
PH10810 Improve ADMA0245W message to include permission problem
Transaction Service PH05716 Backend JVM received mis-routed transactional protocol request needs to send back proper exception
Web Services Security PH08391 Set WebSphere Application Server saml cookie to httpOnly
PH08804 OIDC RP default identifiers are not available when customs are configured
PH10503 OIDC RelyingParty TAI sessionCacheTimeoutMinutes is in seconds
PH10892 OIDC RP has no api for obtaining tokens or manually triggering access token refresh
PH11107 OIDC RP always includes port number on redirect_uri parameter
PH12520 OIDC: Enable JWT SSO in WebSphere Application Server
WebSphere Common Configuration Model (WCCM) PH08461 During dmgr startup the /tmp folder is filling up and preventing the dmgr from starting
Fix Pack 9.0.0.11
Fix release date: 5 April 2019
Last modified: 5 April 2019
Status: Superseded

Download Fix Pack 9.0.0.11
Component Security APAR APAR Description
Administrative console (all non-scripting) PH05129 Prompt user for confirmation of stop cluster
PH05812 The restart does not always work because of a change to the JVM so this provides a system property to stop/wait/restart instead
PH06242 Change background color for admin console (RFE 120205)
PH06889 Problems changing web_install_root and config path
PH07676
Potential denial of service in WebSphere Application Server Admin Console (CVE-2019-4080)
PH07698 Incorrect application status for web server in target specific application status display
PH07915 Update Admin Console jsp to remedy false error
PH08979 Data power panels may show html in messages when creating objects
PH09151 Add liberty migration effort details to application collection page in admin console
EJB Container PH01591 Nonpersistent EJB timer dying if timeout throws exception on last retry
PH04528 Scheduler failed after migration com.ibm.ws.ejbcontainer.util.ScheduleExpressionParserException: second: value not valid in string: null
PH06774 ConcurrentModificationException from ReferenceContext starting web application
Enterprise Edition (EE) PH04187 Issue with the Windows 125x support in XLXP during conversion of bytes to UTF-8
Federated Repositories PH02868 Automatic discovery of LDAP servers fails with EntryNotFoundException
General PH00071 WebSphere z/OS 8.5.5.12 ABEND 0C4 in ORB_Request::setSystemException in control region
PH00353 JAX-WS web service requests may fail when using an unmanaged client and Java 8 if WS-Policy is used
PH00738 Push CDI beans to HTTP session on access
PH03222 CWNEN0044E javax.xml.ws.WebServiceContext failed to resolve when started in adjunct
PH03840 Attempting to create a new ilcontainer after sqlexception causes com.ibm.websphere.batch.ilc.ilcontainerexception
PH04583 RuntimeException in VapBinaryStreamToSerializableObjectConverter
PH04653 Updated CPU limit (--cpus) not recognized by usage metering feature
PH04727 Illegal locale value : zh-Hans-CN
PH05071 JVM hang when calling GarbageCollectorMXBean.getLastGcInfo for usageMetering-1.0
PH05126 Provide support for com.ibm.websphere.jaxrs.server.DisableIBMEJBJAXRSInEJBJarsupport
PH05157 When web request is processed, check that the affinity server has deployed the endpoint
PH05579 z/OS ABEND130 RC02350001 during invalidation of a session following HttpServletRequestWrapper.changeSessionId
PH05700 was-usage-metering.properties does not work in cluster name directory
PH06475 Override EclipseLink JDBC parameter binding
PH07141 Increase grammar's unresolved component cache size
PH07228 Final usage metrics not submitted on server shutdown
PH07247 Unnecessary HttpHostConnectException FFDC logged for usage metering
PH08182 Invocation.builder#acceptlanguage() sets an invalid accept-language header
PI92331 Large object com/ibm/xml/xml4j/internal/s1/util/symboltable$entry arrays
PI92638 Reduce the amount of class loading performed by CDI
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server
Install PH08611 Add prerequisite checker for Visual Studio 2013 runtime
Intelligent Management Component PH05157 When web request is processed, check that the affinity server has deployed the endpoint
PH05544 Custom property `HttpSessionCloneId` set at the sessionManager scope is not honored by ODC resulting in broken affinity
PH05754 Cannot set a timeout for URLReturnCodeMetric which can cause blocking of other metrics
PH06668 ARFM5024E: ARFM suffered unexpected exception while handling ODC event: com.ibm.wsspi.odc.ODCException: A svcgoal has no relationship with the following: cell (EXCM_HAS_NO_RELATIONSHIP1)
PH07605 AIX ODRLIB starts generating 404s after many odrlib restarts
PH07725 Cross-site scripting vulnerability in WebSphere Application Server Admin Console (CVE-2019-4030)
PH08082 String concatenation issue with intelligent management for web servers plug-in causes 404 error
PH08503 Configured cluster level resources are dropped when a dynamic cluster scales to zero members and back up again.
Java 2 Connectivity (J2C) PI97241 Server hang on server shutdown due to deadlock
Java Message Service (JMS) PH02713 Contention for the intrinsic lock in the JMSConnectionHandle.createSession method
PH06340 Potential denial of service vulnerability in WebSphere Application Server (CVE-2019-4046)
PH07036 Potential vulnerability in WebSphere Application Server (CVE-2018-1902)
PI95709 PreferredServerList are not saved as the sequence as defined by client
Java Persistence API (JPA) PH04012 Changing JPA spec level does not reset provider implementation class if one is set
Java SDK PH06389 JSF can leak JarFiles causing problems with application removal
Messaging Providers PH05525 WLM is failing the SIB destination lookup even though messaging engine is running without any issues
PH05890 Unexpected response from WebSphere Application Server to data power client request
Migration PH02818 Not all virtual host entries migrate when migrating to WebSphere Application Server v9.0
PH05565 Security domain definitions were not migrated correctly
PH06386 migration.sh is not supported on Solaris and should not be packaged
PH06941 SyntaxError: string constant too large in WASPostUpgrade application deployment
PH08887 Migration enhancements for WCMT4IC
Object Request Broker (ORB) PH08205 SMF 120 subtype 9 records should report the value of cvtzcbp
PD tools (for example: Log Analyzer) PH04941 Trace triggered by trace for use under L2 direction
PH06130 Trace to memory buffer stopped working when HPEL is enabled
Plug-in PH04047 WebSphere Application Server plug-in V9 for IHS V9 and Apache 2.4. forward useragent_ip to support use of mod_remoteip in IHS V9 and Apache 2.4
PH06308 WebSphere webserver plug-in crashes when handling WebSocket request in ESI cache
PH07999 WebSphere 9.0 plug-in using SSL fails to read entire message above 8k in size
PMI/Performance Tools PH05033 JVM runtime - ProcessCpuUsage counter shows zero value
PH05230 Count not present in the perfServlet xml output, under count TimeStatistic not present in the perfServlet xml
Profile PH08731 Increase default config file system size for WebSphere Application Server V9 dmgr/default/cell on z/OS on zPMT gui
Programming Model Extensions (PME) PH03333 Deadlock situation in DefaultWorkManager:AlarmManager
PH06673 WorkItem.getResult may return null and this cause NPE in customer's async bean application
Runtime and Classloader PH01742 Fix pack 9.0.0.7 or 9.0.0.8, did not update JPA configuration file correctly
PI83239 After upgrade to WebSphere 8.5, some applications using JAXB classes have noClassDefFoundError messages
PI88219 WSVR0320W warning messages due to the deprecated module deployment class loading mode
PI91331 Isolated shared library's parent is missing in the search path
PI99339 NoSuchMethodException generated for the missing method in the UrlStreamHandlerAdapter
Security PH02480 CMSKeystore is removed when webserver deletion is on hold without admin config save
PH05769 Weaker than expected security with WebSphere Application Server with SP800-131 transition mode (CVE-2018-1996)
PH07760 Correction for PH02461
PI98604 CWPKI0666E: certificate "certificate alias " is not a personal certificate
System Management/Repository PH03989 Issues with autodeploy feature on was 8.5.5 after applying Fixpack 13
PH06545 AdminApp.edit command may not update servers correctly when using the MapModulesToServers option
PH07946 Running managesdk on a node works but it modifies a JVM on another node
Transaction Service PH02450 WS-AT keeps consuming WebContainer threads
Web Services Security PH02192 WebSphere Application Server OIDC RP extra <br/> tag added in saved post body
PH03525 OIDC TAI may not intercept requests to http:// endpoints
PH04344 Invalidate SAML token when user logs out from WebSphere application
PH07297 Denial of Service vulnerability in Guava (CVE-2018-10237)
WebSphere Common Configuration Model (WCCM) PH01005 NullPointerException when application provides a Xalan.jar
PH06565 <multi-config> child elements are added to web.xml/web-merged.xml
Fix Pack 9.0.0.10
Fix release date: 14 December 2018
Last modified: 14 December 2018
Status: Superseded

Download Fix Pack 9.0.0.10
Component Security APAR APAR Description
Administrative console (all non-scripting) PH01617 Potential file traversal in WebSphere Application Server (CVE-2018-1770)
PH01621 Potential cross-site scripting in WebSphere Application Server Admin console (CVE-2018-1777)
PH01735 Inputting an invalid webserver conf file path on the console produces a blank page
PH02638 Getting blank screen in dmgr console when trying to update server template in dynamic cluster
PH04192 Potential XML External Entity Injection (XXE) with IBM Docs deployed on WebSphere Application Server (CVE-2018-1905)
PI98354 No test connection button for operator role in dataSourceName page in admin console
Default Messaging Component PH00027 After migrating to WebSphere Application Server V9, the CWSID0046E error is seen in the logs
Dynamic Cache PH02049 Cross-site scripting vulnerability in cache monitor (CVE-2018-1767)
Embedded/Express PH01284 Clean server OSGI cache on restart after hard shutdown
Enterprise Edition (EE) PH02564 Outstanding request counters have incorrect values
Federated Repositories PH02811 Privilege escalation vulnerability in WebSphere Application Server (CVE-2018-1901)
General PH00908 WASX7487E(bluemixutility.py) happens on remote wsadmin client
PH01108 NPE in CDI weld when migrating from WebSphere Java 6 to Java 8
PH01368 SAXParserFactory could not be instantiated
PH01590 ras_default_msg_dd rerouted messages should be formatted with a timestamp
PH01681 Case then and else scalar expression constants should not be casted to case operand type
PH01753 Potential security exposure in WebSphere OAuth 2.0 client (CVE-2018-1794)
PH01832 High CPU observed on the dmgr process driven by VisualizationEngine.CacheWorkItemsTP thread
PH02014 Infinite loop scanning multi-release jars for annotations
PH02031 Potential directory traversal vulnerability in WebSphere Application Server (CVE-2018-1797)
PH02063 Potential security bypass in WebSphere Application Server with Expression Language EL (CVE-2014-7810)
PH02310 Wctcmd command does not create a webserver definition
PH02564 Outstanding request counters have incorrect values
PH02919 Migration policy set issue
PH02992 Eclipse link: add support for null foreign keys with unidirectional one to many relationship
PH03324 Validation cluster may not appear on the Administrative console when using Application Editioning Validation capability
PH03492 Potential Cross-site scripting in SIBMsgMigrationUtility (CVE-2018-1798)
PH03514 When multiple JAX-RS applications are in the same war, WebSphere may select a provider from the wrong application
PH03523 Eclipse link criteria api does not support multiple constructors
PH03604 Update Apache Batik SVG toolkit library to 1.10
PH03710 Annotation scanning include-filters not working
PH04119 Administrative console `Runtime Operations > Applications` panel does not properly report application status
PH04234 Potential cross-site request forgery in WebSphere Application Server  Admin Console (CVE-2018-1926)
PH04886 Deadlock in DMGR when federating primary portal node
PI95333 There is no way to detect if a compute grid batch job is producing grossly excessive output in its job log
PI97045 Invalid content-type header logs arrayIndexOutOfBoundsException
PI97786 Eclipse link throws "argument type mismatch" for JPQL case expression
PI99507 Native outOfMemory errors due thread leak in OTIS connection handling
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server
Install PH02507 Cannot install WebSphere 9.0.0.7 or 9.0.0.8 on AIX 6.1
Java 2 Connectivity (J2C) PH02222 FreePoolSize reported incorrect count in TPV
Java Message Service (JMS) PH01447 Improvement to SSL closing handshake
PI98757 CreateContext() calls fail for IBM MQ provider using client-then-bindings mode
Java Persistence API (JPA) PH01768 Deadlock potential exists with orm xml processing for OpenJPA
PH02349 J2CA1004E seen in adjunct region
PI96578 A third-party JPA provider may throw an exception at the end of Local Transaction boundaries
Java SDK PH01566 JSF application initialization fails if the Faces Servlet mapping is only defined in a web-fragment.xml
PH03268 NPE at JSF initialization
PH04382 A context map in the JSF myfaces code is not being removed when the JSF viewscope bean is destroyed
Migration PH01746 Potential privilege escalation vulnerability in WebSphere Application Server after migration (CVE-2018-1840)
PH01984 java.lang.nosuchmethodexception
PH02468 Node_discovery_address port for federated node is 0 after remote clone migration
PI98695 Dmgr cannot get status of node after migrating dmgr with clone true and migrating federated node with clone false
Object Request Broker (ORB) PH01699 S0E0 abend with reason code 28 in orb_request::~orb_request()
PH03646 Daemon ABEND0C4 in bboclssa and possible termination
PI94719 WebSphere abend=00dc3000 rsncode=0a150001 moving node to new fix pack level
PD tools (for example: Log Analyzer) PH05042 Traditional WebSphere Application Server HPEL logging json format
PMI/Performance Tools PH01816 NullPointerException in repositorycache.getrcsdatasourceresources
Runtime and Classloader PH02197 Server assocated shared libraries not being picked up by WebSphere Application Server
Security PH00886 Improve formlogout processing
PH01676 createKrbConfigFile command leaves pipe character in Kerberos config file for encrypt types
PH02461 Modifying OIDC rp custom properties in a security domain via the admin console resulted in duplicates
PH04562 Potential information disclosure in WebSphere Application Server (CVE-2018-1957)
PI97974 Invalid user id that contains a parenthesis should be escaped for stand-alone ldap configuration
Session Initiation Protocol (SIP) Container PH01070 In a multi-homed environment a Via header field might not be set to the preferred outbound address
System Management/Repository PH01546 JVM custom property to disable node synchronization
PH02503 Server creation fails with NPE due to leftover application folders
PH03986 Code execution vulnerability in WebSphere Application Server (CVE-2018-1567)
PH04060 Code execution vulnerability in WebSphere Application Server (CVE-2018-1904)
PI91977 WebSphere Application Server config files length zero bytes
PI95973 Code execution vulnerability in WebSphere Application Server (CVE-2018-1567)
Transaction Service PH02967 NoClassDefFoundError initializing the Java EE application client environment
Web Services Security PH00569 Openid Connect relying party handling of id_token expiry is not configurable
PH01752 Possible security exposure in WebSphere saml web SSO (CVE-2018-1793)
WebSphere Common Configuration Model (WCCM) PI98177 Package objects not available from archive class loaders
>Fix Pack 9.0.0.9
Fix release date: 21 September 2018
Last modified: 21 September 2018
Status: Superseded

Download Fix Pack 9.0.0.9
Component
>Security APAR
>APAR
Description
Administrative console (all non-scripting) PI98780 Web server definition show incorrect status
PI99077 Options menu to set log trace pops up but does not set trace
PI99675 The kc.log file is being written under the user's home directory
Administrative Scripting Tools (for example: wsadmin or ANT) PI97106 Allow to create custom property with leading space
Contexts and Dependency Injection (CDI) PH00063 Injection point parameter issue incompatible reference - @inject java.lang.reflect.method
Default Messaging Component PI86995 Errors captured in SIB logs within output of objectMessage.toString()
EJB Container PI95982 timer.getInfo() not properly returning new instance
PI96086 Nested EJB async method calls not honoring nested get(timeout, unit) timeouts
Federated Repositories PI88864 Duplicate users returned if LDAP connectivity errors occur during paged searches
PI93552 java.lang.runtimeException: an invalid XML character (Unicode: 0x0) was found in the element content:group
General PH00250 EclipseLink MapsId processing failure with nested embeddable IDs with common persistent field names
PH00438 Provide switch to disable isolation of third-party JAX-RS providers
PH01114 CDI fails to parse xml objects
PH01221 Potential man-in-the-middle attack in WebSphere Application Server for JAXRS (CVE-2018-8039)
PH01352 Node-agent high CPU after TCPIP is forcefully stopped on z/OS
PH01719 Infra update for JDK 9/10/11 support for EclipseLink
PH01810 Provide connectivity with IBM Cloud Private metering
PI79520 Compute Grid Proxy job abends with CC 4084
PI85709 Add Watchdog timer to write waits on closing
PI89701 ODC error logic that runs on the dmgr is erroneously removing OSGI app data from the ODC data structures resulting in 404
PI92847 JPQLl with trim is not handled properly and it results in databaseException
PI95906 It takes very long time to update EBA
PI95971 The namespace prefix appresources is undeclared
PI96427 When mail trace is enabled passwords are changed to be *******
PI96471 Submit jobs option not available in WebSphere V8.5.5 JMC
PI96615 OTiS application uses wrong virtual host if we create the dmgr profile as a part of cell profile
PI97162 Multiple vulnerabilities in Apache Struts and Apache Commons that is used by WebSphere Application Server UDDI
PI97945 EclipselLnk JPA provider does not update version column as a bulk update parameter
PI97986 StringIndexOutOfBoundsException occurs when reading custom routing policies for OSGi applications
PI98187 HAMI0015E: Encountered an error activating member <null>. Exception was java.lang.NullPointerException v2
PI98400 Mail engine does not process password specified in mail session
PI99036 When using runtime provisioning in the dmgr, the help functions for the admin console are not available
PI99123 Message checkin for RTC247424.3 serviceability improvement feature
PI99361 Upon deployment, the <context-root uri..> entry in the ibm-web-ext.xml is changing position within the file
PI99410 NullPointerException happened in the SNMP agent systemout.log
PI99546 NullPointerException during shutdown at com.ibm.ws.bbson.interest.InterestManagerImpl$InterestAlarmListener.sendMsgs(InterestManagerImpl.java:1264)
PI99672 Remove the first_rows hint from Oracle V10+ pagination queries
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server
IBM i PI95735 stopServer/stopNode/stopManager scripts hang when LOGOUTPUT is set to *PND in QWASJOBD
Install PH00270 versioninfo command of WebSphere Customization Toolbox does not work
PH00358 Cannot install 9.0 Caching Proxy with CBR feature on windows
PI98012 Warning message during the interim fix installation of IHS v9
Java 2 Connectivity (J2C) PH00304 WebSphere Application Server Liberty not respecting max connection pool setting
PI93901 NullPointerException in admin console when trying to display connection factory status for CICSECI resource adapter
PI96072 NullPointerException in com.ibm.ejs.j2c.j2cutili
PI97372 Intermittent J2CA0046E/NullPointerException when obtaining a connection from datasource
PI98542 Error in pretest SQL string may result in unhandled open connections to db server
Java Message Service (JMS) PH00865 Update the IBM WebSphere MQ JCA resource adapter to the latest version 9.0.0.4
PI96735 Access log "maxfiles" attribute not working as intended with value of 0
Java Persistence API (JPA) PI97483

Eclipse link re-sorts insert and removes statements within a transaction
PI97686 OpenJPA query cache miss results in classCastException
PI97786 Eclipse link thros "Argument type mismatch" for JPQL case expression
Migration PH01218 Remote migration jar WASPreUpgrade.bat fails when path to Java contains a space
PI98798 MIGR0573W seen running WASPreUpgrade on node profiles
Other PI97486 Left panel of admin console does not disappear after auto log-off due to session timeout
PD tools (for example: Log Analyzer) PH00472 Diagnostic plan cannot match messages from system.out or system.err
PH01211 TRAS0018I missing when using "modify servername, tracejava"
PMI/Performance Tools PI97663 NPE in perfmodules.getConfigFromXmlFile
Programming Model Extensions (PME) PI96604 StreamCorruptedException in workarea on WebSphere Application Server V8.5 with JDK 8.0.5.5 (sr5/fp5)
PI96800 CDI resource injection does not work for managedExecutorService
Security PI94230 Certificate monitor does not refresh RSA keys after renewal
PI94239 Certificate monitor leaves temporary workspace
PI94291 Certificate notification not working with SMTP mail server
PI97276 Typo in empty truststore message
PI98768 Weaker than expected security using WebSphere Application Server(CVE-2018-1719)
Servlet Engine/Web Container PH01798 Improve message "SRVE0080E:Invalid content length"
System Management/Repository PH00755 Fixing concurrentModificationException reported during multi sync operation
PI69603 Extra data in FFDC file generated by JSR160RMIConnectorClient.reconnect exception
PI99486 Incorrect JDKSourceLevel values added when using "precompile javaserver pages files" during application deployment
Transaction Service PI93971 Control region terminates after WTRN0108I: contextDisassociation. Unexpected state: 3 and FailedXAResources = true
PI96153 The CWRLS0030 message in V9 has a link to a troubleshooting article in the WebSphere V855 knowledge center
Web Services (for example: SOAP or UDDI or WSGW or WSIF) PI88318 Incorrect version number was displayed when running endptEnabler.sh or endptEnabler.bat
PI92940 Avoid sudden high CPU usage and threads hung on busy servers
Web Services Security
PI78804 Information disclosure in WebSphere Application Server using SAML (CVE-2018-1614)
PI94538 OpenID connect relying party does not invoke the revocation endpoint on the OP during logout
PI95884 JAX-WS WS-Security cannot use SHA384 or SHA512 digest algorithms
PI96508 OIDC RP may not connect to token endpoint due to SSL handshake_failure
WebSphere Common Configuration Model (WCCM) PH00201 jsp_2_2.xsd is not packaged in the com.ibm.ws.wccm.jar
PI97612 Unset deployment descriptor attributes become set during deployment with web.xml using servlet 2.5 schema
PI98450 Improve performance of detection of multi-release jars
z/OS PI97012 CICS throws resp=8 resp2=34 going inbound via WOLA when servant is not started

Back to Top

Fix Pack 9.0.0.8
Fix release date: 29 June 2018
Last modified: 29 June 2018
Status: Superseded

Download Fix Pack 9.0.0.8
Component
Security APAR
APAR
Description
Administrative console (all non-scripting) PI90487 Start/stop of Webserver from the admin console fails after a change to the ProcessDef StartComamdArgs or StopCommandArgs
PI92079 Duplicate ports are assigned when the node uses different host alias in same host machine where the dmgr is running
PI92185 Accessing the admin console on the MS Edge browser causes some issues in the UI
PI92241 Admin console command assistance gave wrong output for EJBTimer configuration
PI92513 MANIFEST.MF file in isclite.ear does not get updated correctly with fix pack upgrade
PI92600 SIB admin panels render incorrectly
PI94097 "rollout update" option not shown during application update for users with both deployer and operator role
PI94144 ORB connection cache minimum cannot be set to 1 in the admin-console
PI95655 Bypass security vulnerability restrictions in WebSphere Application Server Admin Console (CVE-2015-0899)
PI95769 Dropdown menus for certain panels do not get populated
PI98312 Russian Translation for OK Button
        ✓ PI98928 Potential vulnerability in WebSphere Application Server (CVE-2015-0899)
Administrative Scripting Tools (for example: wsadmin or ANT) PI94447 AdminApplication.getAppDeploymentTarget returns incorrect values
Contexts and Dependency Injection (CDI) PI94494 Lookup for the java:app results in ConfigurationException if the lookup happens during the startup of the application
PI95074

weld-2466 null pointer exception in webservice calls
Default Messaging Component PI85830 JMS transit through the SIB corrupts double byte characters
PI87338 Expired messages is not be handled correctly when messaging engine restarts
Double Byte Character Set (DBCS) PI94519 UserInternationalization javadoc contains broken links
Dynamic Cache PI96665 Servlet caching does not support HTTP 1.1 transfer-encoding: chunked requests
EJB Container PI92731 "CORBA.MARSHAL: Incompatibility between Stub and Tie" on WebSphere scheduler application
PI93822 EJB auto-link fails for Java:global with beanName provided
PI93950 NullPointerException from EJSContainer postInvoke() method
PI93952 CWNEN0030E when multiple deployed editions of an application contain the same environment entries
PI95215 MessageEndpoints are not properly released
EJBDeploy (WSAD) PI97841 Add missing database options to EJBDeploy on admin console
Enterprise Edition (EE) PI93221 NullPointerException during JAXB.Unmarshal for @XmlMixed list
Federated Repositories PI88438 When defining a root Base DN for a federated repository, display and login problems occur
PI90846 Exception occurs when a mapping exists for PersonAccount or Group, but not both
PI91971 Poor performance using file-based registry under load
PI92274 Server fails to start when Domino Ldap server is not reachable
PI93225 Users logging in with parentheses in their names cause "unbalanced parethesis error"
General PI95676 In use count can be wrong after APAR PI77049 - causing ABEND=00DC3000 RSNCODE=0A150001
PI56169 Wrong ID logged when stopping an app server through the admin console
PI88319 Expired SIB messages might not be deleted after a messaging engine failure
PI90792 PluginMerge script has issue when merge the ODR generated plugin with cell generated plugin
PI91256 ODCF8101E java.lang.NullPointerException thrown
PI91323 Injection exception: java.lang.IllegalArgumentException
PI92056 Postinstaller messages are not printing out special characters
PI92182 The server stop processing gets hung up in SIB component
PI92477 WELD-2447 Client proxy serialization support should be container agnostic
PI92638 Reduce the amount of class loading performed by CDI
PI93374 Session Affinity can be broken and result in erroneous 503s
PI94745 Intelligent Management enabled Plugin crashes from memory corruption errors after freeing web modules on routing table updates
PI95381 OAuth 2.0 configured in a security domain may fail to initialize
PI95821 Stabilize Product Insights Enablement
PI96041 Incorrect headers in outbound request with JAX-RS 1.1
PI96187 Update bluemixUtility command for data sovereignty regulations
PI96443 Session not created on the database after changesessionid()
PI96616 Enable OSGI option cleanupOnSave
PI96685 Information disclosure in Apache Commons HttpClient used by WebSphere Application Server (CVE-2012-5783)
PI96748 Enhance workspace code to help reduce OOM problem
PI96826 IllegalArgumentException in classreader during the annotation scan
PI97338 WebSphere Application Server diagnostic plan
PI97881 Do not give creational contexts to non-contextual managed object
PI97986 StringIndexOutOfBoundsException occurs when reading custom routing policies for OSGi applications
High Availability (HA) PI94999 HMGR0232E exceptions happen when creating core group bridges in a cell
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server
IBM i PI97368 IBM i deploying .war through /httpadmin interface fails
Java 2 Connectivity (J2C) PI92626 Block the calling of several new methods on OracleConnection in the ojdbc8 12.2 driver that are unsafe
PI94863 Unable to get progress database connections from progress OpenEdge 11 datasource
PI96004 When using a JDBC 4.0 driver in WebSphere Application Server V9.0, connection, a timed out transaction cannot properly close connections
PI97001 Incorrect db2_classes16.jar file path in the default description for the Db2 UDB for iSeries (Native) JDBC provider in WebSphere Application Server
PI98140 Information disclosure in WebSphere Application Server (CVE-2018-1643)
Java Management Extensions (JMX) or JMX Client API
PI90009 Information disclosure in WebSphere Application Server (CVE-2017-1743)
Java Message Service (JMS) PI88594 Request to context root without trailing slash gets redirected, but the query string was not added to the redirect url
PI88676 Setting system date 100 years into the future generates an ArrayIndexOutOfBoundsException
PI89346 8.5.5.10 java.lang.OutOfMemoryError in z/OS control region with XCT enabled
Java Persistence API (JPA) PI92398 Under certain conditions OpenJPA can insert an embeddable object into the Datacache map
PI95766 DB representation of boolean values with Postgres is incorrect
PI95871 Wrong context classloader in org.apache.openjpa.enhance.pc
JNDI/Naming PI94660 Got a warning "NMSV0822W" message during a server startup
PI95598 Naming implementation in a IBM Thin Client for EJBs takes additional time while trying to look up EJBs in a wlp server
JSP PI87565 OutOfMemory issues from web container component WebComponentMetaDataImpl
PI87886 The generated_web.xml is empty when installing an application using an exported ear and pre-compiling JSP option
PI89577 Lambda expressions might fail to compile when using Java SDK 8 to compile JavaServer Pages (JSP)
PI92161 The JSP engine is unable to find .tag files within the /META-INF/TAGS folder of a loose jar file
Messaging Providers PI93516 JMS destination marked toBeDeleted cannot be destroyed and recreated
Migration PI93298 Port conflict after migrating from V7 on the same server into the same directory
PI93466 Remote WASPreUpgrade fails on Solaris with "test: argument expected" error
PI93488 Need ability to do config conversion from unsupported V6.1 configuration
PI93600 Syntax errors in bbomigrt2.sh
PI93622 Migrating from WebSphere V7 with a server-level security.xml causes postupgrade NullPointerException
PI95217 WASPostUpgrade failed with MIGR0464E due to NullPointerException
PI97582 WASPostUpgrade failing with NullPointerException coming from the serverIndexConfig
PD tools (for example: Log Analyzer) PI92935 Stopserver script intermittently results in hang, fails to stop server
Plug-in PI93554 Plugin propagate does not work from command line using GenPluginCfg.sh
PI94724 Admin console command helper generating an incorrect script command for adding StashFileLocation plug-in property
PI96048 Plugin generation should have a way to add RemoveSpecialHeaders to the configuration section
PI96130 HTTP2302: Function as_handler aborted the request without setting the status code
PI96649 Plug-in fails to write data with RC=10035 in windows
Runtime and Classloader PI72506 Support openConnection(url, proxy) using MultplexingURLStreamHandler in OSGI
PI84518 Administrative console libraries are not designed to be run with a PARENT_LAST application class loader
PI92979 High CPU utilization due to the classloader stack
Security PI88044 Calling purgeUserFromAuthCache or a user that is in a group permitted to a role does not take affect
PI88161 The ibm_security_logout page does not render correctly when the X-Content-Type-Options header value uses nosniff
PI89606 JASPIC user group information is lost when using the jaspicSession
PI90980 Potential spoofing vulnerability in WebSphere Application Server (CVE-2017-1788)
PI92316 Inconsistent behavior with replacing SSL certificates
PI94021 Not able to renew a self-signed wildcard certificate
PI95120 Authcache not updated with renewed subject
PI95256 Enabling security audit breaks WebSEAL trust association
PI96566 ArrayIndexOutOfBoundsException: array index out of range: 14
Security (zSeries®) PI96383 High CPU and increased AUX storage in WebSphere Daemon if connection is closed during SSL handshake
Servlet Engine/Web Container PI94228 Scheduler services startup issues due to the resource binding issues with JNDI
PI94848 OutOfMemoryError caused by a memory leak in WASAnnotationHelper
Session Initiation Protocol (SIP) Container PI89322 Headers in the sipproxy.log are different than in trace.log
PI93796 SIP Container uses a wrong interface for a loopback request
System Management/Repository PI88788 Not able to create a web server with Sun Java System template
PI92142 ADMU3011E unable to start a web server using startServer command
PI94531 Update the default values of JVM options -Xscmaxaot and -Xscmx to decrease application server startup time
PI94757 Issue with application edition management and ADMA0159W messages
Transaction Service PI53320 WS-RM internal error caused sequence containing application messages to be deleted
PI53384 WS-RM sequence reallocation processing may delete application messages from the persistent store
PI88168 WebSphere Application Server startup fails with WTRN0045W errors
PI89405 App server controller terminates with C9C21A44 followed by C9C21A30
PI92239 Client cannot unmount TRANLOG directory after calling disableMember on HAManager MBean when using memory-mapped files
PI96625 Update IBM WebSphere MQ JCA Resource adapter to version 9.0.0.3
Web Services (for example: SOAP or UDDI or WSGW or WSIF) PI78733 Two service clients displayed on administrative console for an application
PI80913 WASAxis2ConfigurationBuilder loads the jax-ws-catalog.xml file using a call to 'getResource' instead of 'getResources'
PI83389 JAXBException error occurred when a JAXB class was not included in JAXBContext
PI88248 ConcurrentModificationException error may occur when running JAX-RPC application with v v9
PI89987 Starting application fails with CWMDF0002E ArrayIndexOutOfBoundsException
PI91683 Require the ability to mask or remove the "axis2ns1" in Web services SOAP Fault
PI98251 Update HttpClient for CVE-2012-5783
Web Services Security PI88896 OIDC RP WebSphere Subject may not contain current access_token
PI90373 OIDC RP authorizationEndpointUrl does not handle query parameters correctly
PI92210 OIDC RP configuration of location of sign verify certificate is not customizable
PI92332 OIDC RP does not support OP UserInfo endpoint
WebSphere Common Configuration Model (WCCM) PI89821 The annotation scanning filter does not work when the filter is specified in the MANIFEST.MF of the application
PI93744 The log4j-api-2.9.1.jar contains classes under the META-INF directory cause an exception during startup
PI94037 Allow disabling CDI through application custom property

Back to Top

Fix Pack 9.0.0.7
Fix release date: 16 March 2018
Last modified: 16 March 2018
Status: Superseded

Download Fix Pack 9.0.0.7
Component
 Security APAR
APAR
Description
Administrative console (all non-scripting) PI84457 Incorrect handling of invalid parameters in the admin console
PI84888 KC_HOME property missing after migrating stand-alone WebSphere Application on z/OS from v8 to v9
PI87667 Java 2 security is enabled briefly during WebSphere Application Server for z/OS server startup even when it is configured off
PI87791 WebSphere admin console error message invalid format
PI89314 New log4j libraries packaged in KCCI
PI89327 MIGR0506E Migrate a profile that is registered to an admin agent
PI89498 Privilege escalation in WebSphere Application Server admin console (CVE-2017-1731)
PI90042 Information disclosure in WebSphere Application Server admin console (CVE-2017-1741)
PI90992 ADMG0301W Warning when adding an application to the server in IBM WebSphere Application Server v9.x Developer tools
PI91052 Set X-Content-Type-Options "nosniff" on Administrative console
PI91328 Update struts.jar for latest fixes
PI91512 Manageprofiles command failing to create new profile
PI91760 Classes are missing in the Administrative console after ear deployment
Administrative Scripting Tools (for example: wsadmin or ANT) PI85713 Wsadmin exits on sys.exit()
PI89671 Issue invoking Jython script over ws_ant protocol
Default Messaging Component PI86830 CWSIS1530E: The data type, 2, was found instead of the expected type, 3, for column
Enterprise Edition (EE) PI93060 JAXB Unmarshaller may not apply default values for xs:anyType
General
PI92492 Potential denial of service in WebSphere Application Server JAXRS (CVE-2017-12624)
PI75876 Enable session listener in portlet bridge runtime
PI81356 Incorrect job status caused application to hang
PI82819 Issue with allocating job numbers
PI83053 List elements go missing when moving the list from one DataObject into another
PI85595 Performance issue with SIB link connection when transferring large messages from one cell to another cell
PI86936 Disable per module hot restarts on CDI enabled applications
PI87050 Load module BBODPCRT can be deleted while still in use
PI87069 When running with Java8, EBCDIC strings data conversion shows wrong behavior
PI87723 NullPointerException occurs during application start
PI88268 EclipseLink: provide support for generating sequence values in an ascending sequence
PI89274 IndexOutOfBoundsException when setting a list on DataObject
PI89446 Product insights throws NullPointerException
PI89800 WSGrid writes the wrong version out in the messages
PI89955 JAX-RS 2.0: javax.ws.rs.core.Request.selectVariant() returns incorrect value
PI89970 NullPointerException in org.apache.cxf.jaxrs.impl.tl.ThreadLocalProviders.getContextResolver()
PI89997 ConcurrentModification error might happen when tracing amm code
PI90547 Update Weld to 2.4.5
PI90699 ProductInsights errors after resuming from sleep state
PI90782 Application startup fails due to NullPointerException during bean validation
PI90804 Security vulnerability in Apache Commons used by WebSphere Application Server (CVE-2016-1000031)
PI90848 [CXF-7071] Problems reading post request parameters
PI93050 Dynacache support for openJPA does not work
PI93477 CWSIP0001E: An internal messaging error occurred in com.ibm.ws.sib.processor.impl.AnycastInputHandler.consumerAttaching 
PM70911 {"integer type 0" != } returns true when it should return false
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server
IBM i PI89504 App server fails to start when generic JVM argument value contain blank(s)
Intelligent Management Component PI93376 ODR server cannot be started after being created on plinux due on incorrect version of HeapDetect setting
Java 2 Connectivity (J2C) PI90290 NullPointerException when using JDBC custom property jdbcTimingThreshold in WebSphere v8.5.5.x
PI90388 The resource adapter sending a CONNECTION_ERROR_OCCURRED on a connection while it is in the free pool results in a negative connection count
PI90945 Autocommit is not being reset back to default when using non-transactional Data source
PI92626 Block the calling of several new methods on OracleConnection in the OJDBC8 12.2 driver that are unsafe
Java Message Service (JMS) PI89806 NullPointerException generated when using async servlet and pmi on WebSphere Application Server v9
Java SDK PI90391 Fix bug MyFaces-4045 in IBM MyFaces implementation
PI90507 Instances of Action Listener in a Facelet are not being removed until app shutdown
JavaServer MyFaces (JSF) Apache MyFaces implementation PI87954 Hung thread issue in MyFaces getPropertyDescriptor
Messaging Providers PI37409 Possible abend EC3 timeout in WebSphere Application Server for z/OS servant region when running as client with WebServices and JMS (SIBus) in the same servant region
PI93628 Diagnostics for CWSOM0005W: The ObjectManager found that the log file was too full
Migration PI92375 Config host names not updated during migration when networks are isolated
PI92469 Configurations of new target profile template remain untouched during migration although they do not exist in old profile
PI92480 Migration process omitted LDAP failover configuration
PI92604 DMGR started after waspreupgrade even though not originally running
PI92605 WebSphere SSL protocol should be auto updated to SSL_TLSv2
PI92610 Original app deployment log and trace are overwritten by waspostupgrade when deployment is retried
PI92942 Migration changes the order of the login modules in the security.xml file
Plug-in PI89253 Unable to use ECDHE cipher on outbound handshake from http server plugin
PI89525 Invalid plug-in path for property "PluginInstallRoot" is created for WebSphere on iSeries
PI91280 Secure transports may use the wrong timeout value if URL timeouts are configured using SetEnvIf
PI91879 ConnectionTTL="0" in transport statements in the plugin-cfg.xml
PI92967 IBM WebSphere web server plugin for iPlanet/SunOne sending wrong response code
PMI/Performance Tools PI90503 Cannot start logging in Tivoli Performance Viewer
Runtime and Classloader PI86187 Bootstrap code to check the WebSphere product version xml files for updates to determine OSGi cache state
Security PI85356 Unable to delete keystores due to corrupted deleted.p12 file
PI86770 Remove unsupported security events from audit log
PI87414 After deleting the existing default certificates, the newly created default certificates are using SHA1
PI90068 WebSphere Application Server crashes when a user with disabled account logs in
Servlet Engine/Web Container
PI88642 Information disclosure in WebSphere Application Server (CVE-2017-1681)
Session Initiation Protocol (SIP) Container PI92202 NPE might occur when the SIP container tries to determine an interface a request came from
System Management/Repository PI80126 Application server fails to start, and throws a NullPointerException
PI89521 Admintask.extractConfigProperties is too slow
PI89756 Re-implement the fixes for PI75986 and PI78268
PI89938 Property file based configuration serviceability improvement
Web Services (for example: SOAP or UDDI or WSGW or WSIF) PI86063 SAMLresponse XMLOutputFactory does not recognize the property "reuse-instance"
Web Services Security PI88253 OIDC RP secure flag not set on the OIDCREQURL cookie
WebSphere Common Configuration Model (WCCM) PI88862 Failure to delete temporary file during application deployment
PI88964 CWWAM2601E errors during the startup of websphere application server v9.0
PI89038 Annotation not processed in the ra.xml file during deployment of CTG cicseci.rar with WebSphere configured with Java 8
PI89708 The log4j-api-2.9.1.jar contains classes under the META-INF directory cause an exception during startup
PI90832 WEB-INF/lib classloader order specification
PI91292 SaxParseException for a tag library does not display the file name
PI92105 Allow empty main-class attribute in manifest.mf for application client module

Back to Top

Fix Pack 9.0.0.6
Fix release date: 21 December 2017
Last modified: 21 December 2017
Status: Recommended

Download Fix Pack 9.0.0.6
Component
Security APAR
APAR
Description
Administrative console (all non-scripting) PI82507 WebSphere administrative console display consent banner before granting access
PI86654 The refresh does not delete the marker files created during uninstall
PI87525 EJB remote home binding setting is not displayed correctly on admin console
PI88509 ISC console's app deployment panel pause long time after finish button clicked, if clicked twice, deploys twice on large EAR
Dynamic Cache PI85747 Create a EntryInfo.SHARED_DEFAULT setting for the DynaCache sharing policy
Federated Repositories PI82997 Extra information may be in trace when configuring a RACF LDAP repository
PI83149 File registry.xml file not synchronized to nodes
PI85881 User set custom property java.naming.security.credentials may not be encoded before being printed to wimconfig.xml
General PI33088 Synchronization begin method does not get invoked on the restart of a top level job
PI75567 SchedulerException when deleting compute grid jobs from a clustered scheduler environment
PI77076 When enable "start components as needed", cannot submit job from other cluster member not host the scheduler
PI77232 Compute grid property overrides passed for a sub-job restart fail to be applied
PI78935 Transactions become corrupted after CWSIC8007E, CWSIC2029E and CWSIK0016E error-messages in the jfapchannel
PI80020 NullPointerException occurs while starting DMGR in policy set
PI80333 Support CPU constraints in Product Insights
PI80971 Allow modification of message driven bean bindings in OSGI applications to bind to listener ports
PI81527 In WebSphere V8.5.5, after a lost database connection, WSGrid hangs and jobs remain in submitted state
PI81777 How to disable the IBM batch implementation in WebSphere Application Server V9.0
PI81891 DMZ SIP proxy parsing via header incorrectly
PI81922 WS-Notification broker application fails with java.lang.NullPointerException
PI82298 WebSphere Application Server controller region abends with ab/s0dc3 prcs/03080002 after modify RESUMELISTENERS
PI82529 HTTP transport encoding cp943c will be used for JSTL params
PI82642 Job log sections on the endpoint to fail on write when full
PI83051 AdminJDBC.py script library to create a datasource fails on convertParamListToString
PI83743 The message CWLRB1800I: Job [xxx] step [nnn] is skipped. is not printing in WebSphere 8.5.5.7 with compute grid
PI83901 The context classloader is not getting set properly when loading CDI extensions at app startup
PI84836 Ack Request sent on 2xx retransmission might be mapped to the wrong application session
PI85092 Change of EclipseLink warning messages about multiple JMX MBeanServer instances
PI85268 Hover help for plug-in's RetryInterval is wrong in the WebSphere Application Server console.
PI85402 EclipseLink does not recognize Java 9 platform
PI85490 Deadlock caused by WsLogManager and SIB trace code
PI85587 java.lang.NullPointerException when starting an EBA containing an EJB
PI85865 NullPointerException in LRUHashMap
PI86758 Negative active session count is being reported
PI86840 EclipseLink embeddable processing does not correctly multiple consumers
PI86934 WebSphere SIP container delays 10 seconds when DNS is unreachable
PI87146 JAX-RS trying to interact with a CDIManagedObject after it has been released
PI87522 getRequestURI() in a JAX-RS resource throws IllegalArgumentException when URI contains UTF8 characters
PI87613 Product Insights should be disabled when no config is present
PI87963 The default initial and maximum heap sizes are incorrect for application servers created on an existing V90 profile
PI88152 Message enhancement for BluemixUtility.login() command with a federated user
PI88869 The AdminTask.createGenericServer() command failed with an IndexOutOfBoundsException in FFDC on z/OS
PI88908 The changeSessionId() method behaves differently with session replication enabled
PI90154 bluemixUtility fails to create/delete instances of Watson Discovery Service
PI90786 Web Service injection processor is not being registered.
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server.
Install PI89044 VersionInfo shows blank Java 8 build level and date
Intelligent Management Component PI82522 NPE at com.ibm.son.mesh.CfwTCPImpl.ready(CfwTCPImpl.java:887) logged in ODCF8601E message after shutdown invocation
PI84968 NullPointerExceptions are thrown in a node agent when another node agent is found stopped
PI85519 During start up of the JVMs, receiving CWPTF0002W messages in the systemout.log
PI86097 Intermittent issues with APC promptly responding to lazy start DC
PI87542 During node agent startup NullPointerException in WorkProfilerHAManagedItem, issue can be ignored
PI88185 WXIM0127E invalid value specified for routingLocations
PI88776 Health policy log message for garbage collection percentage threshold exceeded is missing message ID
PI89254 ActivityPublisher can move between DMGR and node agent, if ActivityPublisher is deactivated, NullPointerException occurs
PI89817 Delay when setting node into maintenance mode
Java 2 Connectivity (J2C) PI81163 Container-managed authentication alias not applied for JMS connection factories if mapping-configuration alias is not set
PI83198 Multi-threaded deployment exposes race condition in connection factory initialization code
PI87631 High number of rollback/aborts occurring during connection validation for JDBC connection pools
PI88017 JMS connections from WebSphere Application Server are not destroyed after upgrading was to fix pack V8.5.5.12
PI88123 JPA failure when defining data source custom property JDBCTimingThreshold
Java Message Service (JMS) PI81124 Closing WebSocket session will throw NullPointerException
PI81329 NCSA access logs %b option output displays "-" instead of the size of the response in bytes
PI81572 Parsing errors when the connection is reused and there is unread data on the wire after the response is read
PI86114 NullPointerException when attempting to create an activation specification using wsadmin
Java Persistence API (JPA) PI84016 jpa application behavior changes after migration to was 9.0.0.4
PI84428 ArrayIndexOutOfBoundsException from OpenJPA for @EmbeddedId
PI86053 EclipseLink adds default schema twice for seqs on Db2
Java SDK PI85492 Commit of HttpResponse in RENDER_RESPONSE(6)
PI89168 Protected-view not working in Liberty 16.0.0.4
PI89363 ProtectedViewException for a protectedview access while checking the OriginHeader for appContextPath
JSP PI82193 ClassCastException with TransformerFactoryImpl when running JSPBatchCompiler
PI87039 JspFactory.getDefaultFactory().getEngineInfo().getSpecificationVersion() issue
Messaging Providers PI76990 Mediation points stuck in waiting for status
Migration PI84973 Allow WASPreUpgrade to work specifying user.install.root as second positional parameter
PI86999 Error during deployment of post migration process, if multiple application editions exist; the base edition fails to install
PI89175 WASPreUpgrade.sh with "-machineChange true" fails with error MIGR0104E
Object Request Broker (ORB) PI85206 ABEND0C4 PIC-11 in module BBOCLSCC, a WOLA module running in a CICS region address space when stopping zWAS server timing window
PD tools (for example: Log Analyzer) PI82911 ulimit value to be printed to logs
PI85899 Collector tool failed to gather all docs.
PI87581 Trace output in runtime tab will show memory buffer as trace output instead of none
PI88370 Memory buffer trace output performance is slow when basic trace format is used
Plug-in PI76789 HTTPS requests fail with a 500 internal server error with the 64-bit plug-in on windows
PI84620 WebSphere plug-in needs better message for a wrong cert label
PI86280 Several misleading debug level messages in the WebSphere Application Server webserver plug-in
PI86414 400 is thrown when ESI is enabled but the response from the app server does not indicate ESI caching and client disconnects
PMI/Performance Tools PI77706 TPV statistic counter is aggregated incorrectly
Profile PI85714 PCT command line - wctcmd - with response file fails to configure IHS admin
Runtime and Classloader PI52066 clearclasscache.sh on z/OS completes with rc 1 even though the script worked
PI75794 JNDI namespace scoping issue occurring during runtime
PI88036 Export com.ibm.websphere.product.metadata.im packages within the server OSGI classloader network
Security PI80721 WebSphere default chained certificate does not have DNS names under subject alternative name field
PI81168 NullPointerException when attempting to create a keystore remotely in wsadmin
PI83677 Monitor role not showing FIPS information
PI85394 When using webapp security a session may be created even if one should not be created for the request
PI86143 Dynamic outbound SSL configuration incorrectly matching outbound request
Servlet Engine/Web Container PI82162 javax.servlet.ServletException: could not find endpoint information
PI89628 A directory might not be found when using JDK8 SR4 PK10
Session Initiation Protocol (SIP) Container PI86498 Record-Route header field might contain incorrect port
PI87745 In a multi-homed environment WebSphere puts wrong address family in a SIP response contact header field
PI88312 NullPointerException might be thrown when a failover occurs in WebSphere SIP container
System Management/Repository PI88658 When using a property file for autodeploy with the parameter userdefaultbindings the EAR is saved with different permission
PI90276 Set default value of JVM option -Xscmaxaot to 8M to decrease application server startup time
Transaction Service PI67513 ClassCastException thrown during ActiveMQ resource recovery
PI73138 Transaction recovery may fail when a resource adapter is embedded in an installed application
PI74163 WebSphere Application Server for z/OS started in recovery-only mode fails to complete when the compensation service is enabled
PI81452 Improve serviceability for activity service
Web Services Security PI82308 OpenID Connect (OIDC) Relying Party (RP) loses URL fragments during the login process
PI86752 OIDC RP is requiring optional iat claim in introspected access token
PI87354 OpenID Connect (OIDC) Relying Party (RP) does not logout user if OIDC session cookie is not present
z/OS PI90354 Loop in CICS ASID when BBOATRUE module delivered with 9005 level of WebSphere is used and CICS is not 5.4 level

Back to Top

Fix Pack 9.0.0.5
Fix release date: 17 October 2017
Last modified: 17 October 2017
Status: Superseded

Download Fix Pack 9.0.0.5
Component
Security APAR
APAR
Description
Administrative console (all non-scripting) PI77682 server.xml may have unexpected tags when server is created based on a custom template
PI79650 Logon screen contains extraneous information when specialized xml is used
PI80683 Admin Console Resource Environment custom property name in all capital letters may not be handled properly.
PI80889 Web Services Potential weak Client security bindings (CVE-2017-1501)
PI82078 Potential Cross-site scripting in WebSphere Application Server Admin Console (CVE-2017-1380)
PI82237 Increase the Java shared class cache size for WebSphere application server for z/os servant address spaces
PI82386 The deployed application has a possibility to be removed unexpectedly
PI83039 iscdeploys leaves temporary files
PI83138 Clicking the LDAP test query link causes NoSuchElementException which also leads to an NPE
PI83148 JavaEE default resources page goes blank if proxy server selected
PI83563 Update the batik library in isclite.ear to 1.9
PI83634 KC info messages in systemout.log have formatting issues
PI84716 com.ibm.websphere.security.spnego.useracmapmappingtosaf property value not displayed correctly in admin console
Administrative Scripting Tools (for example: wsadmin or ANT) PI83283 wsadmin determines scripting lang based on 1st JACL command in wsadmin interactive mode
DB Connections/ Connection Pooling PI80294 During application server start-up, the EJB timer service fails start
Default Messaging Component PI81815 In WebSphere v8.5.5, messaging engine takes unusually long time to start after failover and throws CWSID0032W warning messages
PI84053 Update IBM WebSphere MQ JCA resource adapter to version 9.0.0.1
Dynamic Cache PI81077 NPE occurs with the class ESISupport.java in the parentResponseIsJSPFacesServlet method
PI81162 dynacache does not replicate alias entries
PI84946 TimeToLive is not updated when cache entry is updated.
EJB Container PI77856 EJB 3.x stub class throws RemoteException for communication failure
PI85902 Lookup of remote EJBS may result in NoSuchObjectException
Enterprise Edition (EE) PI80477 JAXB fails to unmarshal arrays with custom type inside @xmlelement annotation
Federated Repositories PI65681 SPECJ0363E errors with illegalargument exceptions from sdoutil.createdataobject
PI67955 LDAP connection timeout leads to NullPointerException
PI69071 WASADMIN ChangeMyPassword command on file repository user command fails with 'Caller is not in the required role'
PI72152 Update the trace information for federated repositories
PI75159 A base entry of "root" defined on a microsoft active directory LDAP server is not supported
PI75642 It's slow to open "manage groups" page in WebSphere administrative console
PI75684 User and group DNS contain extra escaped spaces for RDNS with multiple trailing spaces
PI76481 LocalServiceProvider initialization fails with NullPointerException
PI79440 NullPointerException in urbridgexpathhelper.getexpression()
PI79452 NullPointerException in ldapconfigmanager.getsupportedproperties()
PI79781 Federated repositories fails to search repository when overlapping base dn's exist
PI81497 When one base DN is the subset of another in a federated repository, LDAP failures occur.
PI81722 Federated repositories throws AccessControlException when Java SecurityManager is enabled and an SSL connection is attempted
PI82111 Federated repositories fails to change password when JRE is Java 8
PI82306 Federated repositories uses wrong security domain
General PI66886 Updates and fixes for endpoint job purge
PI73588 Deadlock occurs in SIP Proxy under heavy TCP load.
PI74491 zWAS WOLA CICS messages: message and documentation updates messages prefixed with BBOA
PI76902 NoSuchMethodException when a program is using CONCAT function
PI77555 EclipseLink scrollable cursor results in a ClassCastException
PI79397 org.omg.corba.bad_operation when executing "select sql statement"
PI79787 Prevent WebSphere internal packages from being exposed to applications
PI79939 Missing Java runtime version information in the header of the high performance extensible logs (HPEL) binary logs
PI79990 The copyzos.sh script produces a "EDC5003I truncation of a record occurred during an i/o operation" error
PI80165 JAX-RS 2.0 options methods are not invoked when used in sub-resource locator classes
PI80273 inclusive=false of @DecimalMin and @DecimalMax does not work as expected
PI80467 Update how cells are obtained from the ORB cell pool
PI81025 managesdk command will log wsadmin interaction
PI81076 ServerSession numberOfNonPooledConnectionsUsed can become invalid when Exception is thrown connecting
PI81396 Unable to register a liberty server with product insights though an authentication required proxy
PI81591 WASService does not recognize running process
PI81653 zPMT emits message "EOFException: unexpected EOT looking for matching quote: '"
PI81699 Update the manifest file for com.ibm.jaxws.tools.jar to import javax.enterprise.inject
PI82020 WeldTerminalListener is not registered.
PI82110 Provide JDBC hang detection and timings feature to v9 and v855
PI82239 NullPointerException after stopping one of multiple jaxrs applications
PI83231 Add support for CICS 5.4 in WebSphere optimized local adapters for Liberty and WebSphere Application Server traditional
PI83279 GPF in com/ibm/ws390/tx/nativetransactioncontext.resume_tti
PI83281 Enhance bluemixutility login and listservices commands
PI83444 JAXRS server response does not contain a servlet exception when an unmapped checked exception occurs
PI83682 ProductInsights not reporting used JVM memory correctly
PI83742 Group ID for cells in product insighst contains wrong dmgr host
PI83986 HttpServletRequest#getRequestedSessionId() is executed with the session absent is different between WebSphere Application Server v8.5.5 and v9.0
PI84083 Usage Data is not queued if connection to bluemix PI host fails
PI84327 WebSphere Application Server Product Insights does not send in group name translations.
PI85666 Unable to login to Bluemix with bluemixUtility
High Availability (HA) PI82956 HMGR0152W message is misleading
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server
IBM i PI82789 Modify iSeries native launcher to honor new default VerboseGC enablement
Install PI79037 javax.xml.parsers.DocumentBuilderFactory cannot be instantiated
Intelligent Management Component PI78238 Due to a timing issue, sometimes APC will lose server information and not make placements as a result
PI78774 On Demand Router routes request to web module mapped with less specific virtual host match
PI80862 Dynamic cluster template does not persist change to modify log rotation from file size to a 24 hour period
PI80972 PAUSELISTENERS command issued using the process name instead of server shortname in edition control center
PI81191 Plugin with intelligent management enabled breaks affinity
PI81916 Changes in custom health actions are not picked up when nodes automatically sync
PI82527 ODR session affinity breaks when request contains multiple session cookies of the same name
PI82632 When a rollout fails, it takes a long time for the rollout process to finish
PI83363 Intelligent Management for Web Servers: When a server is stopped and restarted, the server might not be used for routing
PI84742 Disabling an applications 'Target Specific Application Status' while the application is running results in 404/503
PI85386 Display problem of AdminConsole at "INTERNALCLASSESACCESSMODE"
PI85618 Segfault when high traffic coming to the Intelligent Management Enabled plug-in and a Liberty member is stopped
Java 2 Connectivity (J2C) PI77612 J2CA0045E ConnectionTimeout happens too often after upgrading to 8.5.5.11
PI80822 NullPointerException thrown when requesting connections to a RAR from several threads
PI81554 J2CA0045E ConnectionWaitTimeoutException timeout is not calculated as expected in version 9.0.0.3
PI82761 Runtime performance advisor has hung thread with j2cdiagnosticalerthelperimpl.java on line 419
Java Management Extensions (JMX) or JMX Client API PI75519 Node federation fails because it cannot find the IPv6 address
Java Message Service (JMS) PI77007 Mis-identification of IBM MQ JMS provider
PI78975 Increase the configurable limit of the maximum header field size
PI80222 Change default of EnableBuildBackupList to be true
PI80377 New activiation specification properties - control build up/flow of MDB requests
PI81342 Web service call is failing after applying latest fix packs + IFPI70810
PI81569 Introduce switch for GetQueryString() to return original query string in forwarded servlet
PI81864 ConcurrentLinkedList TAIlSequenceNumberLock garbage collected
PI83369 Modifying advanced properties of activation spec resets arbitrary properties
Java Persistence API (JPA) PI80863 Issue with the way OpenJPA caches and reuses query parameters for between expressions when OpenJPA's QueryCache property enabled
PI81260 OpenJPA does not pass-through SSL connection properties that set using openjpa.ConnectionProperties when creating DB2 connection
PI81931 org.apache.openjpa.lib.util.parseexception
JavaServer MyFaces (JSF) Apache MyFaces implementation PI82893 javax.faces.interpret_empty_string_submitted_values_as_null value affects display behaviour for required fields
JSP PI79800 The JSP engine is not processing EL expressions correctly when they are in large blocks of character data
PI82426 Incorrect output for jsp in an expression tag when using certain string concatenations
Migration PI76634 Migration disabled source node before successful sync
PI78881 After a profile that WebSphere Application Server created in WebSphere Application Server 6.1 is migrated up to 9.0, images in the admin console return error 500 instead of displaying
PI79041 -requireEmbeddedDBMigration setting is not available on z based migrations
PI79985 Migration with cloning to v9 mis-handles the virtualhosts creating duplicate entries
PI81328 Running WebSphere Application Server PostUpgrade fails with AllAuthenticatedUsersInTrustedRealmsExtImpl
PI81390 Support z/OS migration specifying SMS classes for config file systems
PI83066 Migration job fails to read JCL started procedure names from old configuration
PI83890 Migration is not handling SPNEGO security settings correctly
PI84973 Allow WASPreUpgrade to work specifying userinstallroot as second positional parameter
PI85014 Remote WASPreUpgrade fails with embedded derby exception
Object Request Broker (ORB) PI79561 Add a timer to abend servant at shutdown if there are stalled threads
PD tools (for example: Log Analyzer) PI76878 zWAS LE ESTAE extension BBORLEXT update to suppress dumps for pgm checks of type pic 7 / 0c7 with DXC code of x'00' / 0x00
PI78318 HPEL message content filter is not working on multiline messages
PI80995 Asynchronous log records does not show up in systemout.log
PI82686 The -summary option information is missing in the -help option in the collector tool
Plug-in PI79492 Plugin is crashing because it cannot open the log file defined in its configuration
PI81951 Client failure may occur when the web server plug-in connection is reused and previous connection timed out waiting for response
PI81973 iPlanet web server cannot load the WebSphere plug-in on Solaris x86
PI82314 Application response without a reason phrase causes plug-in to return 500 error
PI82917 IBM WebSphere application server web server plug-in users with web sockets traffic
PMI/Performance Tools PI82624 perfServlet application returns empty version information
Proxy Server
PI82630 Potential Information Disclosure with WebSphere Application Server Proxy Server or On-demand-router (ODR) (CVE-2017-1381)
Runtime (zSeries®) PI81698 ABEND00C and ABEND0C4 in WebSphere Application Server after stop WebSphere Application Server issued
Runtime and Classloader PI77666 Thread context Class Loader not set up correctly during CDI bootstrap
PI80620 Message WSVR0655I is seen continuously in the systemout.log
PI82621 Handle NPE and emit serviceable failure message when parsing server endpoint metadata
Security PI76562 The expirationMonitorNotificationPeriod is set to zero by default
PI78326 WebSphere sub-domain servers with SPNEGO web authentication getting error SECJ6236E
PI80170 The managementScopes element fails to be deleted from security.xml when removing a server via WebSphere Application Server admin console
PI80962 Creation of remote keystore fails when existing keystore is specified
PI81050 Client certificate authentication failure does not fall back to basic authentication
PI82135 Converting certificates in CMS keystore may not delete an old signer certificate
PI82203 The password encryption might fail if multiple wsadmin commands are invoked without saving
PI82342 Each ORB/EJB request is making 3 LDAP search requests
PI82509 Incorrect output for JSP in an expression tag when using certain string concatenations
PI82602 Weaker than expected security after using PasswordUtil Commands (CVE-2017-1504)
PI82715 Removenode from admin console fails when AES password encryption is enabled
PI82721 A message of passwordutil wsadmin command needs to be modified for clarification.
PI82746 NPE at ORG.APA
Servlet Engine/Web Container PI81052 Issues with JSF portlets due to CDI regression
PI82547 NPE during servlet initialization process
PI83141 WebContainer Performance Issue When Under High Load
Session Initiation Protocol (SIP) Container PI78794 The SIP Container fails to parse a message when the size exceeds 2048 bytes and double CRLF is sent before the message
PI83395 In a multi-homed environment, multiple 200 responses are not proxied back to the originating endpoint.
System Management/Repository PI77669 Sequencing of PAUSELISTENER/RESUMELISTENER
PI79343 WebSphere Application Server may have insecure file permissions with custom startup script (CVE-2017-1382)
PI83464 Failure when attempting to create profile for cell with Java 7
PI86683 Migration fails for Federated Nodes when cell name is renamed
Transaction Service PI59372 Deadlock may occur in the CScope RecoveryManager
PI82951 "WTRN0029E: error closing the log in shutdown!" error when stopping a cluster
Web Services (for example: SOAP or UDDI or WSGW or WSIF) PI74335 WSWS3396E Handler Error: Protected state violation
PI76816 Message WASX7008E incorrectly reported a flawed integer port
PI78733 Two service clients displayed on administrative console for an application.
PI79863 Different prefixes are used for the same namespace url
PI80922 Issues with ResponseWrapper after PI60666
Web Services Security PI61915 More diagnostics required when the SAML web SSO redirect url is null
PI75355 ADMA0078W the file cannot be deleted when deploying new version of our applications, cannot delete old version of application
PI80317 OpenID Connect (OIDC) Relying Party(RP) may store incorrect data in DynaCache
PI80543 OIDC TAI cannot dynamically build callback URL
PI80549 OpenID connect (OIDC) Relying Party (RP) does not support post introspection endpoints
PI84244 OIDC RP does not restore single-quote characters in post data
WebSphere Common Configuration Model (WCCM) PI64475 Incomplete metadata obtained for Java EE modules when multiple resources are used
PI71928 EJB injection failing for some EJBs inside JSF backing beans
PI77392 Incorrect generation of ibm-metadata.xml when deploying with pre-generated merged descriptors
PI78526 EJBDeploy tool fails when setting metadata-complete during deployment
PI82255 Call in violation of protocol message during annotation scanning
PI82698 Remove "failed to open resource" warnings
PI83873 WebFragMergerImpl warning messages when starting an application in WebSphere Application Server 9
PI84113 ClassSourceException when using WDT
PI85035 Unable to deploy modules which use namespaces in the XML elements of deployment descriptors
z/OS PI69959 BBO# should allow for a transid to be included on CICS link command
PI78153 OTMA client timeout cannot be configured for WOLA

Back to Top

Fix Pack 9.0.0.4
Fix release date: 13 June 2017
Last modified: 13 June 2017
Status: Superseded

Download Fix Pack 9.0.0.4
Component
Security APAR
APAR
Description
Administrative console (all non-scripting) PI67363 Application server startup log4j error output
PI73570 Different behavior observed when updating PMI statistic through admin console and using wsadmin script
PI74709 Selecting to update multiple roles in an application causes the original users to be updated incorrectly
PI76705 Enable verbosegc by default on WebSphere Application Server for z/OS
PI77447 Inconsistent port assignment when creating multi-node cluster with wsadmin scripting.
PI78745 After running AdminTask.setIdMgrCustomProperty the Admin Console has extra information
PI78907 NullPointerEexception in the console when adding a new host with bad parameters.
PI79928 WIM LDAP panel navigation causes java.lang.NoSuchMethodException: Unknown property alias error
Administrative Scripting Tools (for example: wsadmin or Ant) PI74657 AdminServerManagement.stopAllServers throws error when the servers are already stopped.
PI80322 wsadmin interactive not throw error when issue wrong syntax command
Contexts and Dependency Injection (CDI) PI70323 Principal injection does not inject unauthenticated Subject when there is not an authenticated Subject in the context
PI72811 Allow excluded alternatives
PI77286 Vetoed EJBs throw NPE
PI77514 CDI observer for @initialized(applicationscoped.class) is not called inside jar
Default Messaging Component PI75834 MDB application startup failed due to CWSIP0211E
Dynamic Cache PI78148 SRVE0014E from DynaCache component after upgrading
PI78552 DYNA1064E while calling "getIdsSizeDisk()" by Commerce when XS is used as cache provider.
EJB Container PI66621 ReferenceContextImpl caching empty list of targets for JSP classes
General PI63058 Add timeout to OAuth cache
PI65688 MergeException at application start up
PI68308 High CPU in RMFGAT address space with most time spent in WLM module IWMI2PVT
PI68375 Local EJB references created from annotations incorrectly resolved as remote references.
PI70185 Unable to configure local mapping services on the administrative console
PI72848 Provide mechanism to retrieve WS-RM messages via SIB message store dump
PI72917 SQL timeout while updating CheckpointRepository table
PI73277 EclipseLink 2.6.3 does not support JPA-converter for primitive data types
PI73393 Ampersand character is not escaped by XCI serializer
PI73632 Java batch job scheduler is unable to refactor the job log file
PI74104 EclipseLink might add unused table in generated query
PI75485 issue message explaining from where session timeout is picked up
PI75512 Cleanup up WebSocket connection when outbound connection attempt fails at the app server
PI75593 Support third-party JAX-RS providers when jaxrs-1.1 feature is configured
PI76496 Creating an unmanaged http server on z/OS fails with ADMG0001E
PI76834 Unable to use DB2 XML data type with EclipseLink JPA; Null pointer produced
PI76992 Provide connectivity with IBM Cloud Product Insights
PI77554 Bean validation did not function correctly
PI77770 Potential cross-site request forgery with WebSphere Application Server enabled with OAuth (CVE-2017-1194)
PI77841 DeliveryDelay property is not set when a message is received through the MQLink
PI78038 Add Bluemix Utility support
PI78177 When a WebSocket connection is closed while reading data an object leak might occur
PI78316 XML parser validating normalizedString and token XSD string data types incorrectly
PI78540 WsSessionMgrComponentImpl throws NullPointerExceptions
PI78643 Eclipse link JPA/Auditing capability in EE Environment fails withJNDI name parameter type
PI78777 Internal libraries incorrectly available to applications.
PI78849 ManageSDK gives error deployment manager not running when running on node with security enabled
PI80719 Websocket race condition on writing data while closing can hang a thread
PI80897 SocialSphere live session count is huge
PI80901 Version numbers in symbolic names are too fine grained and can cause failover to fail between different versions of Liberty
PI82110 Provide JDBC hang detection and timing feature for V9 and V855
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server.
Install PI75153 Process detection is running when IM is invoked with -record and -skipInstall arguments
PI77292 was_classpath in profile level gets overwritten by the was_home/bin/setupCmdLine script
PI77697 IHS V9 install not creating service correctly
PI78601 The -installFixes option does not correctly handle superseding interim fixes
Intelligent Management Component PI76533 Modules in $WAS_INSTALL/lib are missing the program control bit
PI76865 Converted static cluster continues to show TYPE=static
PI76949 The 'IN' operator of Intelligent Management: HTTP operands does not work
PI77226 Additional retry logic needed for PI74867
PI77254 DMGR or Node Agent times out during shutdown issuing AdminException ADMU3060E
PI77303 APC is taking a long time to issue a runtime task to start an application server
PI77452 AdminTask.setMaintenanceMode sets the wrong server when the node name is wrong
PI79951 After updating an application module without restarting the application server; IM enabled web servers return 503 errors
PI79967 ODR custom log does not observe DST
PI80230 Cannot update custom action under the health policy when configuration validation is set higher than Low
PI81309 With Liberty Dynamic Routing, adding a cluster member to a collective might cause the web server plug-in to segfault.
Java 2 Connectivity (J2C) PI72640 java.lang.IllegalStateException is seen during database operations
PI75571 javax.xml.stream.XMLInputFactoryExceptions
PI76168 After global transaction ends, the reported auto commit value can be inconsistent with the Oracle JDBC driver
PI77391 NullPointerException in PoolManager.fatalErrorNotification()
Java Message Service (JMS) PI69684 Message processed by NOT_SUPPORTED MDB listening in SR using bindings mode remains on destination
PI76539 AdminTask.republishEDMessages fails due to insufficient or empty credentials
PI77306 Deadlock may occur when stopping listener port
PI78738 Loop while closing an SSL connection
PI80749 JMS 2.0 MQclient mode transaction keeps handles
Java Persistence API (JPA) PI66193 Memory leak in JPA persistence provider
JSP PI73022 JSP comments containing "%>" might throw a StringIndexOutOfBoundsException.
Migration PI75257 loginModules ordering issue on migration
PI78565 Usability and accessibility updates for z/OS Migration Toolkit
PI78586 Notification of changes to verboseModeGarbageCollection setting
PI78596 Federated node migration using the wrong SSL properties
PI79703 Enhancements to support Bluemix migrations.
PI79913 healthclass.xml missing cluster targetMemberships after migration
PI80746 External libraries not migrated when machineChange true
Object Request Broker (ORB) PI73950 Issuing the PauseListeners command is causing some http requests to fail.
PI76979 Timing window where timers are not calculated correctly
PI77049 Server is able to restart after ABENDDC3 RC 0A150001 when it should not
PD tools (for example: Log Analyzer) PI73425 Non-admin users cannot export HPEL logs when log format is set to basic/advanced
PI73807 Some Liberty message IDs conflict with traditional WebSphere Application Server
Plug-in PI73674 com.ibm.websphere.plg.zos.v85 fails to install
PI74689 Sun One web server uses ConnectTimeout for handshake and 100-continue
PI74882 Plugin should always present the ConnectionTTL property
PI75603 Plug-in LIBODR does not utilize all of the XML's SSL configuration
PI76515 Fix for genPlugincfg to account for administrative console command assist.
PI76835 Connections between web server and client may remain open when using Intelligent Management
PI77124 Plugin does not persist custom ServerIOTimeout value to existing stream
PI77181 Plugin config lock is not released when dynamic cfg update is attempted which disables Intelligent Management
PI77606 Domino plug-in fails on IBM i for V8.5.5 and higher
PI77874 Plugin offload/onload for SSL
PI77980 Unable to resolve images for a WSAS V9.0 application when using HTTP Server
PI79439 IHS V9.0 / Apache 2.4 with Intelligent Management enabled does not work after a graceful restart
PMI/Performance Tools PI70346 NullPointerException seen in NodeAgent SystemErr.log during TPV performance monitoring startup
Portlet Container Environment PI74986 NullPointerException in portlet container method StringUtils .convertMapToString if tracing is enabled
Profile PI71878 ManageProfiles command unable to select SSL protocol to use TLSv 1.2 or SSL_TLSv2
PI76486 Startup splash screen of PMT shows its version as v8.5 in locales except en_us
Runtime (zSeries®) PI74778 In IBM WebSphere Application Server for z/OS, ReadListener and WriteListener do not receive an expected SocketTimeoutException
Runtime and Classloader PI63856 Thread pool reuses threads instead of dispatching to new threads
PI78941 An application server may use an unexpected Java SDK after updating to SDK 8.0.
Scheduler PI74952 Classloader leak caused by EJB timer thread
Security PI69664 Data in dynacache may be overwritten when LTPA tokens of multiple requests expire at the same time.
PI69884 CMS option is not shown in iKeyman pulldown list
PI71849 The anonymousxxxxx directory of wstemp is stored by binaryAuditLogReader command is never deleted
PI72003 Unable to delete remote keystore from administrative console due to CWPKI0039E
PI73842 Intermittently Java 2 security runtime throws warning message SECJ0314W during application startup
PI73938 Dynamic outbound endpoint SSL configuration does not pick up correct hostname and sslconfig
PI75196 WebSphere JVM aborts when you try to stop the server with a non-existent user in local OS registry in Linux Redhat v7.
PI77129 Request method might be changed from Get to Post while processing an invalid WASPostParam cookie
PI77446 AES encryption support for PasswordUtil class
PI79988 Migration failure when SSL protocol is TLSv1.2
Session Initiation Protocol (SIP) Container PI76983 Wrong network interface being used for SIP Signaling
PI79119 With number.of.parse.errors.allowed set to -1, WebSphere drops well formed requests
System Management/Repository PI73035 FFDC logs are created in a directory relative to the current directory
PI73519 Potential Denial of Service with SOAP connectors (CVE-2016-8919)
PI75160 AdminTask.extractConfigproperties is failed with WASResourceException: java.util.NoSuchElementException
PI75986 Incorrect Java library path set when a server SDK is different from the node/profile SDK.
PI77078 CustomService configuration object created using property file based command cannot be viewed from console
PI77601 wsadmin extractConfigProperties command triggers InvalidAttributeNameException
PI79116 RenameCell does not update some artifacts
PI79382 Improve the ADMA5033E message
Transaction Service PI53380 WS-ReliableMessaging sequence may be misidentified as not existing
PI66462 Transaction log column is too short and reports a SqlDataException
PI72179 Transaction logging to RDBMS refinement for JDBC4.1 compliance
PI72191 Control region abend after BBOT0004E: RRS service ATRAFGT failed with return code 730
PI74356 java.lang.IllegalArgumentException: Logger passed as argument to setAttributes must be a named logger
PI75181 StackOverflow is caused by repeated calls to: ibm.wsdl.DefinitionImpl.getAllServices
PI75985 ClassCastException processing JAX-RPC request containing whitespace in WS-Coordination context
PI80483 Add method to suppress message WSVR0651 to trace.
Web Services (for example: SOAP or UDDI or WSGW or WSIF) PI72518 Web services call failed with 500 (Internal Server Error) response and Content-Length 0.
PI73343 Web project with @WebServiceRef does not generate ibm-webservicesclient-bnd during deployment
Web Services Security PI73318 Unique Cookie Names in WebSphere Application Server OIDC RP can accumulate on the browser
PI74857 Privilege escalation in full profile OIDC RP (CVE-2017-1151)
PI75095 OIDC ClassCastException java.util.ArrayList
PI76017 JAX-WS WS-Security Error CWWSS5634E with relative URI
PI78336 WebSphere Application Server OpenID connect Relying Party jndiCacheName Property does not work
WebSphere Common Configuration Model (WCCM) PI72163 Deployment manager crashes with OutOfMemory when application is deployed
PI76106 @Resource annotation loses shareable and AuthenticationType attributes
PI76439 Application client module created when empty "main-class:" found in manifest.mf of jar
PI77045 Slow startup of large, non-metadata-complete, web modules due to CDI annotation scans
PI78493 Servlet container initialization can fail on server created from template

Back to Top

Fix Pack 9.0.0.3
Fix release date: 14 March 2017
Last modified: 14 March 2017
Status: Superseded

Download Fix Pack 9.0.0.3
Component
Security APAR
APAR
Description
Administrative console (all non-scripting) PI56575 No command assistance link after updating the session pool properties of a connection factory via administrative console
PI60748 Fix incorrect warning in administrative console with changing from 64 bit mode to 31 bit mode
PI67851 Console 'show items at the following authorization group level' does not show drop down
PI70025 Administrative console becomes a blank white screen
PI70627 Potential cross-site scripting in WebSphere Application Server Admin Console (CVE-2016-8934)
PI71198 Console getting blank page when clicking on rollout update.
PI72154 Bind password is "pre-populated" incorrectly in VMM panel and authentication error comes up
PI73367 Potential cross-site scripting in administrative console (cve-2017-1121)
Administrative Scripting Tools (for example: wsadmin or Ant) PI70895 IllegalArgumentException may occur when running AdminJDBC.createDataSourceAtScope with @ and commas in the url
Dynamic Cache PI73233 Servlet caching cannot parse a WebSphere Development Tools generated cachespec.xml based on the cachespec.xsd schema.
PI73339 Unable to define an alternative cache provider to replace the default dynacache cache provider.
EJB Container PI66621 ReferenceContextImpl caching empty list of targets for JSP classes
PI69192 Remove unneeded information from FFDC log file
Enterprise Edition (EE) PI70714 Potential NullPointerException during JAXB unmarshalling
PI71238 IllegalArgumentException when getHours() is called
General PI60843 Message "CWSIS1577E: The persistent dispatcher cannot accept work" needs improvement
PI60850 CWSIS1578E message content should be more meaningful regarding why spill dispatcher cannot accept work
PI61450 Apache Wink code does not remove quotes from the boundary value.content-type: multipart/mixed; boundary="simple boundary"
PI65190 Modifying a copied tree causes corruption in the original tree
PI65490 Incorrect status of the job when end point server is restarted.
PI66789 WSGrid jobs not getting ended status returned when using SiBus
PI67305 EclipseLink assigns the same object instance to multiple embedded fields
PI68028 EclipseLink throws ValidationException when using nested embeddable with the same attribute name
PI69922 Javadoc AppConstants.APPDEPL_* fields are incorrect
PI70001 Controller abends with 0C4-3B in CF_TCP_Connection::init_As_Client
PI70371 Ampersand character within an entity reference is no longer escaped by XCI component.
PI70680 Deployment of persistence unit fails with DescriptorException
PI71380 Allow SAML web inbound to retrieve SAML assertion from an HTTP request parameter.
PI73118 Enhance the Intelligent Management Enabled WebSphere Plugin with routing rule capabilities.
PI73139 CDI would not inject classes from a war file into an ear lib in single classloader mode
PI73376 Configurations that contain an OSGi application fail to migrate to V9.0.
PI73384 A WebSphere Application Server for z/OS server is leaking heap pool 1 elements.
PI73401 OutOfMemory seen when multiple users are logged-in in JSF portlet application
PI73403 manageSDK help for -enableProfileAll task is missing -user and -password
PI73799 Memory leak from Portlet bridge: session objects
PI73829 Multiple occurences of the same stack trace are filling up the logs.
PI74264 ArrayIndexOutOfBoundsException generated by session management when application is managing HTTPSession through a framework
PI74721 Errant timeout can occur with async sends in WebSockets
PI75607 javax.persistence.PessimisticLockException when javax.persistence.lock.timeout set to 0
PI75608 Add EclipseLink support for Java 2 Security
PI75876 Enable session listener in Portlet Bridge runtime
PI75915 CDI failover does not work if bundles have different OSGI qualifiers
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server.
Install PI72143 Display Java 6 end of service warning during fix pack update
PI72209 V9.0 install creates Microsoft Windows registry key using 8.5.0.0 with a MajorVersion of 8
PI72398 versionInfo command of WebSphere Customization Toolbox does not work
PI74780 Allow IBM HTTP Server V9.0 on AIX 6.1
PI75677 javax.xml.stream.XMLInputFactory could not be instantiated
Intelligent Management Component PI67671 Application placement controller (APC) hangs and JVMs are not starting after minimum cluster violation
PI71329 DeadLock detected in NodeAgent process during shutdown of node
PI72200 On-Demand-Configuration (ODC) support for the Intelligent Management (IM) enabled web server routing rules feature.
PI72201 Configuration objects and AdminTasks in support of the Intelligent Management (IM) enabled web server routing rules feature.
PI73529 High CPU in ODR code caching
PI73782 Customization of log Filenames and paths is affected by variable SERVER_LOG_ROOT
PI74450 DeadLock detected in NodeAgent process during shutdown of node while users are unsubscribing from topics
PI74867 Health policies that have a "restart server" action occasionally do not restart due to port conflict
PI75474 Some requests receive 404 or 503 responses when introducing a new ODR Routing or GSC rule
Java 2 Connectivity (J2C) PI66697 J2CA0041E exceptions may occur, when ComponentMetaData instance is set to null in method getObjectInstance
PI69122 J2C pretest being used despite FailingConnectionOnly option
PI69522 Add abort option to MBean purgePoolContents
PI69995 Incorrect exception message CWTE_NORMAL_J2CA1009 displayed instead of translated error message
PI71092 java.lang.UnsupportedOperationException when accessing tested data source
PI72581 Remove network timeout from statement cache keys
PI74904 Connection count becomes wrong leading to J2CA0045E errors
Java Message Service (JMS) PI59008 The error CHFW0031E invalid call to WsByteBuffer method generated when stopping the server
PI66537 Correct the XSLT that process the IBM MQ RA's ra.xml
PI67946 Using pause_listeners_include_cra causes all activation specs to be resumed regardless of prior state
PI70081 When using AIO, performance issues can occur if a high number of open connections are opened on a pollset
PI70810 Wildcard property in DN of the certificate
Java Persistence API (JPA) PI67234 ServerPlatformException server platform class is not valid: null occurs with JPA 2.1
Java SDK PI69580 JSF message severities always set to ERROR after ValidatorException
JavaServer MyFaces (JSF) Apache MyFaces implementation PI45044 JSF problem in a portlet environment: form inputs inside a data table lose their values if validation fails
PI69581 Validators are not called when using selectManyCheckbox
Messaging Providers PI71240 SIB message deadlock after servant is restared due to ABENDEC3
Migration PI71093 Node migration to V9.0 fails when variables.xml is not in the cluster level.
PI73515 Provide clone option for z/OS migrations
PI74928 Files referenced by a profile's XML configuration are missing under the user install root after a migration
PI75028 WIM UserRegistry not working after migration
PD tools (for example: Log Analyzer) PI66291 IllegalArgumentException when enabling HPEL with text logging disabled
PI69131 VMDUMP039I processing dump event "GPF", please wait, during servant region abnormal termination
PI69845 Deadlock when the Java logging framework logs a warning in com.ibm.ws.logging.WsLogConfigurator
PI70169 Potential cross-site scripting in WebSphere Application Server Admin Console (CVE-2016-8934)
PI71530 WsLogManager deadlock
PI72211 HPEL logging fails to export the trace from the log viewer if there are spaces or a space in the directory path
PI73818 Include interim fix install history for Collector tool
Plug-in PI71413 V9 GenPluginCfg.bat fails when cmd line value contains parenthesis
PI72525 Plug-in generation creates erroneous directories when implementing log rotation.
PMI/Performance Tools PI70075 The PMI counters URIRequestCount, URIConcurrentRequests, URIServiceTime were disabled after starting server.
PI73261 Enabling the diagnostic alert "Connection Low Percent Efficiency Alert" results in NullPointerException
Profile PI67988 printDebugInfo: /websphere/base/appserver/bin/zCreateProfile.sh 205 FSUM7351 not found
PI73516 Cannot configure Domino 9 webserver using plug-in configuration tool gui & pct_responsefile.txt on V9.0
Programming Model Extensions (PME) PI68743 NullPointerException may occur in async bean code
Runtime (zSeries®) PI65226 z/OS WSAS hang in xmem proxy code reading parameter from http request body following multiple comm failures
Runtime and Classloader PI65836 Javacores continuously created on a hung thread
PI68357 Add messages for hot deployment events.
Security PI41238 ErrorPage parameter on AdminTask.addSAMLTAISSO has a misleading description
PI66478 Security code incorrectly calls JAXBPermission class
Servlet Engine/Web Container PI75528 The maxrequestSize option for MultipartConfig is not working
System Management/Repository PI69321 Enable verbose garbage collection by default
PI69590 MetadataCompleteForModules section is missing from the output of AdminTask.extractConfigProperties
PI71223 When the clusters are started some applications show as stopped but they are running
PI71926 Bind DN not saved correctly when editing security configuration
PI73098 addNode should not push BLAs, CUs, asset file for non targeted application
Transaction Service PI72028 ActivityPendingExceptions are thrown in the event of a JAX-WS request timeout that propagates a WS-Business Activity
PI72136 Server startup fails with CWRLS0009E error due to failure in the transaction manager recovery log service.
PI73221 java.lang.StackOverflowError may occur in JAX-WS web service client when processing provider side WS-Policy
PI73262 ScheduledExecutorService implementation does not use correct time interval if not specified in timeUnit.milliseconds
PI74874 Update IBM WebSphere MQ JCA Resource adapter to version 9.0.0.1
Web Services (for example: SOAP or UDDI or WSGW or WSIF) PI34058 Web Service Client policy sets might not function correctly if Application Editions are in use.
PI65042 Part of content in an element is lost after invoking a webservice
PI70321 Spurious WSSC1013E error logged by JAX-RPC web service
Web Services Security PI69720 CWWSS7542E error in Web Services Security SAML can be misleading
PI70402 SAML Web SSO OutOfMemory in KeyStoreManager
WebSphere Common Configuration Model (WCCM) PI65464 High CPU utilization may occur when copying business objects.
PI70110 EJB jar metadata TransactionAttribute may be incorrect

Back to Top

Fix Pack 9.0.0.2
Fix release date: 13 December 2016
Last modified: 13 December 2016
Status: Superseded

Download Fix Pack 9.0.0.2
Component
Security APAR
APAR
Description
Administrative console (all non-scripting) PI60292 The admin script offered after creating a MailSession via the administrative console is incomplete
PI65924 Pipe "|" symbol cannot be used for external provider URL when configuring a 3rd party JMS provider.
PI66439 Session management bread crumb incorrect
Contexts and Dependency Injection (CDI) PI64266 Memory leak detector producing false positive reports
PI65337 Use of CDI interceptors in stateless EJBs causes exceptions to be wrapped in WeldException
Default Messaging Component PI70052 Syntax error in sibDBUpgrade.sh
Dynamic Cache PI68741 HTTP status code 200 is returned to a client when the servlet or JSP throws an exception
EJB Container PI60567 New system property to configure the EJB pool wait timeout
PI69642 NullPointerException deleting stateful EJB
Enterprise Edition (EE) PI67707 Inherited methods are ignored in the XLXP2 unmarshaller when scanning JAXB class for before/after events
General PI54362 Session manager error messages SESN0202E and SESN0201E need more details
PI57206 ODRLIB returned partial routing data from the ODC REST service, resulting in 404s
PI62655 SQLFeatureNotSupportedException may occur when Oracle native SQL statements are used
PI62976 Controller Region ABENDs with 0C4-11.
PI63135 Custom type conversion is sometimes bypassed in EL 3.0
PI63373 Unable to add a remote cell for Intelligent Management for web servers
PI64127 Add support for JSF 2.2 in Portlet Bridge
PI64840 Radio button for SunOne/iPlanet web server shows up in WCT for systems that are not supported in V9
PI65363 HeapDetect code is failing to determine the maximum heap size
PI65857 Modify the default for the maximum number of headers
PI66128 SAML Web SSO may reject requests when proxy is in use
PI66463 Error on otma_open call, RC = 8, RSN codes = 100 : 8 : 24 : 2
PI66534 Run plug-in configuration tool V9 to configure IHS admin server V9, service name V8.5 shows in Windows Service panel.
PI66582 Documentation in IBM Docs for WebSphere Application Server V9
PI66664 Application edition validation with inconsistent policies breaks affinity on the default edition
PI66698 Hang with high CPU occurs during rollout in certain situations
PI66971 pureApp autoRouteConfig.py failing with IllegalArgumentException with Jython 2.7
PI67034 Access WebSphere Application Server denied for property org.apache.jasper.constants.jsp_servlet_base.
PI67099 Provide option to add STS response header for HTTPs request
PI67571 HMGR0130I message needs more information about JVM termination
PI67629 a NamingException occurs indicating the application server could not resolve a url when Java security is enabled.
PI67633 Multiple server applications are added to the virtual cluster list
PI67980 Server does not stop after stop command is issued.
PI68011 Slow Deployment Manager start-up due to annotation scanning when several EJB modules have been deployed to the cell
PI68025 Protocol mismatch for HA manager datastacks in version 9 mixed cell environments
PI68090 If SERVER_LOG_ROOT variable is not set, a CWPTF0002W warning message is reported in the SystemOut.log
PI68110 Incorrect logging by ModuleLocatorClassAdapter
PI68142 HPEL reader throws NullPointerException error while given invalid Java log level
PI68354 REST API discovery could be missing API in web application with two or more JAX-RS application classes
PI68432 When user applications are using WebSocket Decoders a slow memory leak can occur.
PI68582 Health controller cycle length is not being honored
PI68755 Remote migration jar needs message about incompatible JDK
PI68772 Some endpoints are not accessible from the Swagger Explorer
PI68822 Proper exception handling during API discovery bundle activation
PI68835 REST API Discovery Swagger document may show unsecure port instead of secure one if deployment manager is used
PI68840 REST API Discovery will not display APIs if application is published that includes syntactically incorrect Swagger document
PI68850 Description of some REST APIs may be missing from Swagger document.
PI68867 Error opening an application to display list of application profiles.
PI68911 NullPointerException in com.ibm.ejs.ras.Tr.formatObj using trace in thin client
PI69052 logViewer -includeExtensions component command gets: Pattern cannot be null
PI69325 OAuth emits NullPointerException when no state parameter in request
PI69332 The "serialize session access" option may not work correctly
PI69739 An out-of-date message appears on starting a dynamic cluster in a cell after migrating to version 9
PI69840 A NoClassDefFoundError or NoSuchMethodError may be thrown when accessing Swagger annotations.
PI69939 Dynamic Routing stops working when the collective controller becomes stopped or unavailable
PI70026 Cannot configure Compute Grid Job Scheduler using default Derby datasource
PI70141 Servlet does not get correctly refreshed
PI70358 Every SystemErr log record line is ending with a "null", with High Performance Extensible Logging ( HPEL) enabled.
PI70608 Stand-alone or embedded WCT tool eclipse.exe has an old signed certificate
PI70689 Enable REST API discovery UI to support authentication per REST operation
PI70841 OpenJPA s ConfigurationImpl.loadGlobals() has java.util.ConcurrentModificationException
PI71044 java.lang.IllegalArgumentException: Illegal decimaltype. From commondata.getExternalBytecounts
PI71060 Different classloaders used for client app and resource adapter (for application client).
PI71210 Deployment fails when @EJB contains beanName and EJB descriptor contains <lookup-name>
PI71667 Application fails with WELD-001408: Unsatisfied dependencies for type Validator with qualifiers @Default
PI71734 Failover does not work with CDI 1.2
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server.
Install PI67697 The chutils utility command does not work for V9
PI69037 The command bin\migration\bin>..\..\infocenter.bat fails: Product is not recognized as an internal or external command
Java 2 Connectivity (J2C) PI65595 InstanceNotFoundException occurs when stopping an application hosting message endpoints
PI67203 java.lang.NoClassdefFoundError: com.ibm.ws.jdbc.jcc.db2statement
PI71193 IllegalStateException when transaction timeout occurs and abort is used
Java Message Service (JMS) PI63193 SRVE8094W happens even if invokeFlushAfterServiceForStaticFile=false
PI66925 Update CWMSR0063E message to clearly state it is only applicable to WMQ
PI69469 Update IBM MQ RA to 9.0.0.0 ga level
PI70332 System property to enable SSL Channel timeoutValueInSSLClosingHandshake property
Java Persistence API (JPA) PI61488 An application restart could cause an application classloader leak when using bean validation
PI65593 The database schema name cannot be configured in WebSphere Application Server with openjpa.jdbc.SchemaFactory
PI66770 JPA returns incorrect results when using a native query and @SqlResultSetMapping
PI67790 java.lang.ClassCastException using JPA
JavaServer MyFaces (JSF) Apache MyFaces implementation PI67525 inputFile tag is not working properly on Liberty
JSP PI66271 When using c:import to import a file that does not exist, an error 500 is received
PI67257 An escaped EL expression is being run if an escaped dollar sign precedes the former expression
Migration PI68035 Remote migration changing hostname variables of IPC connector and node_ipv6 endpoints
PI68775 Remote syntax check for sequential DS sources results in RDZ exception while a user error message is expected.
PI69958 MIGR0272E error running WASPostUpgrade command on V9.0 base
PI70399 Migration to v9.0 fails when install path contains a space
PI70612 Disable web servers when doing a clone migration
Object Request Broker (ORB) PI69833 Cobol Container support does not work in WebSphere Application Server for z/OS version 9.0.
PD tools (for example: Log Analyzer) PI63045 Unable to change log level
PI63178 Hung threads or infinite loop on startup in WeakHashmap.getEntry
PI66579 Deadlock due to frequent log rotation
Plug-in PI65153 HTTP IM plug-in does not have visibility to RemoveSpecialHeaders property
PI66812 Plug-in for IIS does not initialize correctly
PI67230 z/OS set_attributes does not set a & p attributes for mod_was_ap24_http.so .
PMI/Performance Tools PI67607 Tivoli Performance Viewer does not sum the ConcurrentHungThreadCount
Profile PI66897 Customization temporary directory cannot be shared
Runtime (zSeries®) PI63822 ABEND SEC3,RSN=0406002C does not terminate a WebSphere node agent
PI65437 Servant region abends with ABEND430/ABENDS430 and reason 02390815 during process signal handling
Runtime and Classloader PI54461 Application server process uses wrong hostname to communicate status to node agent
PI58591 Deadlock on startup between two WebSphere server.startup threads
PI62090 Classloader leak problems
Security PI62070 Full chain created in PKCS12 but not for JKS keystore
PI62375 Potential code execution vulnerability in WebSphere Application Server (CVE-2016-5983)
PI63726 Custom Kerberos login module for identity mapping
PI63989 Security auditing enabled log in calls via wsadmin are not being logged when using security_authn.
PI65120 NullPointerException from AdminTask.getInheritedSSLConfig command
PI68115 Remove 3DES ciphers from default cipher list
PI69042 Security crypto jar failed with Not signed by a trusted signer error after upgrade
PI69815 NullPointerException when printing error in WSX509TrustManager
PI70737 Unnecessary setCookie header might be set after applying interim fixes for PI62375.
Servlet Engine/Web Container PI58875 Application is started even though there has been a listener exception during application start up
PI61651 An uncaught exception in javax.servlet.AsyncListener.onComplete() might cause threads to hang
PI64898 Asynclistener in WEBAPPINVOCATIONCOLLABORATION is not being called correctly
PI67093 Information disclosure in IBM WebSphere Application Server CVE-2016-5986
PI67942 javax.servlet.HttpServletRequest.getRequestURI() might return a decoded value after dispatching
PI68061 Option to display customized text for some server errors
PI70493 Unhelpful message: uncaught.init.exception.thrown.by.servlet, logged when exception thrown during servlet initialization
Session Initiation Protocol (SIP) Container PI62617 The SIP container does not support setOutboundInterface() for Proxy and ProxyBranch interfaces
System Management/Repository PI67746 AdminApp.isAppReady() cannot retrieve the correct application distribution status in an AdminAgent environment
Transaction Service PI62603 BBOT0004E: RRS SERVICE ATRBACK FAILED WITH RETURN CODE=731 occurs when running request in a local transaction
PI68664 Record-level sharing (rls) is miscalculating the amount of data to be written to partner logs
PI69183 APAR PI18414 may result in the recovery log service using incorrect sequence numbers.
PI69314 Cannot find @Transactional annotation
Web Services (for example: SOAP or UDDI or WSGW or WSIF) PI54081 AdminApp.isAppReady and AdminApp.getDeployStatus show incorrect result after app expansion failure
PI56058 JAX-WS throws XMLStreamException upon an XML-SOAP message write attempt
PI58461 WSWS1002E when no matched value returned from servletImplName object from the servletClassMapping hashmap
PI60666 @XmlJavaTypeAdapter annotation failed to work
PI60791 AxisDescription objects might consume excessive memory
PI65925 A JAX-WS web service client does not honor an HTTP 307 redirect received from a web service provider.
PI66557 Information disclosure with malformed SOAP requests
PI67526 JAX-RS 1.1 and 2.0 clients do not contain javax.annotation.* classes as expected
PI67688 RuntimeException: Internal error thrown by org.codehaus.jackson.imp
Web Services Security PI64924 OpenID Connect RP cannot locate key in JWK set
WebSphere Common Configuration Model (WCCM) PI63177 Slow application update for web modules which have many web-inf/lib jars

Back to Top

Fix Pack 9.0.0.1
Fix release date: 16 September 2016
Last modified: 16 September 2016
Status: Superseded

Download Fix Pack 9.0.0.1
Component
Security APAR
APAR
Description
Administrative console (all non-scripting) PI56391 The please wait icon does not display on the admin screen when an application is uploading
PI59552 Application update corrupted deployment.xml with incorrect appcfg:ApplicationConfig reference.
PI60292 The admin script offered after creating a MailSession via the WebSphere Application Server administrative console is incomplete
PI60805 Update the flags on the CSRF token cookie
PI60959 Change in DN name of the certificate if it has special character in the name
PI60992 Unable to change maximum headers value in templates from administrative console.
PI61246 Unable to edit resource adapter custom properties
PI62111 Console displays blank page when "view or download the current web server plug-in configuration file" clicked using Chrome
PI62458 Administrative console is slow when using fine grained authorization.
PI63851 Going to the default Java persistence API settings panel from Dynamic Clusters > Server template causes CWWJP8807E error
PI63993 IBM Docs used by the administrative console to display console help created indices for unsupported locales
PI64086 Help link on welcome page points to 8.5.5 help instead of 9.0.0 help.
PI64087 32/64 bit checkboxes still show up on proxy and some other panels.
PI64303 Vulnerabilities in Apache Struts affects WebSphere Application Server (CVE-2016-1181, CVE-2016-1182)
PI65059 Administrative console servlet exception in user and groups administrative group roles
PI65218 WebSphere Application Server is affected by Apache Struts vulnerability (cve-2016-3092)
PI65602 SRVE0278E - Missing ibm-web-ext.xmi in iehs.war
PI65760 Map users and groups page not showing available users on the first time the page loads.
Administrative Scripting Tools (for example: wsadmin or Ant) PI59228 Unable to map web module with multi-line display name to server.
PI64075 NullPointerException is thrown with running an Ant task using ws_ant command line tool on z/OS
Default Messaging Component PI31587 WebSphere v8.5.5 service integration bus messaging engine fails to start if DB2 version is higher than 10.1
PI56146 When the message load is heavy, some of the messages move to exception destination with the CWSIK0035E exception
PI64827 JMSDestination header field is missing for the IBM MQ inbound messages which do not have destination header information
PI66355 sibDBUpgrade.sh yields different results on different Unix-based Operating Systems
Dynamic Cache PI62769 Disk off-load is turned off if app invokes the clearMemory API
EJB Container PI62639 NullPointerException in CDIEJBManagedObjectFactoryImpl.getEjbDescriptor when creating EJB instance to pre-load the bean pool
PI63932 CWNEN0011E during injection for NullPointerException in ResAutoLinkReferenceFactoryImpl
PI63980 Passivation issue with stateful session beans
PI65205 FFDC for TransactionRolledbackException when using UserTransaction in stateful bean ejbRemove method
Federated Repositories PI62166 Allow VMM realms to be added dynamically
General PI36921 Timing issue causes APC to see incorrect value of proactiveIdleStop, resulting in violation of minimum instances
PI40062 Application does not start during server start but then starts from console.
PI49810 Application fails to start after rolling update due to hung MessageReferenceHandler thread
PI52613 SAML SP-initiated web SSO requires dynacache or frontend affinity
PI52756 CDI is activated and generates error with no existence of beans.xml
PI54881 Threads being allocated to access an MDB that has already reached max sessions.
PI55697 OpenID Connect Relying Party: No entry in cache for state ID
PI56589 User/group mapping to a security role fails for EBA application if it belongs to a user registry configured in security domain
PI58114 ClassCastException when an equals comparison query is run on an entity with a composite @EmbeddedId
PI58166 Small timing window causes a deadlock when the APC.predictor custom property is changed
PI58509 DuplicateKeyException after migrating from WebSphere Compute Grid V8 to WebSphere Application Server V8.5
PI58666 JobScheduler in WebSphere Batch fails to start with CWLRB6261E
PI59912 Add ability to move messages from exception destination to the original destination via wsadmin
PI60131 Unavoidable clash detected in bus link
PI61934 runConfigActions fails but returns exit code 0
PI63141 A NullPointerException is encountered when attempting to service a request through the Java ODR causing the request to fail
PI63504 Remove message CPF9E17 when running WebSphere Application Server on IBM i.
PI63536 AdmiAgent login: com.ibm.wsspi.IPluginRegistryFactory getPluginRegistry error getting registry
PI63576 Crash on Microsoft Internet Information Services web server plug-in module
PI63586 The application placement controller cannot start or stop the server instances in the point cell in the multiple cell topology
PI63621 Singleton beans which are created from annotations may be incorrectly marked as local beans
PI63633 Thread-safety issue in the underlying (Apache) JSF 2.0 code causes WebContainer threads to hang
PI63763 com.ibm.xml.thinclient_9.0.0.jar needs to be com.ibm.xml.thinclient_9.0.jar
PI63906 WebTrustAssociationFailedException thrown by the OpenID Connect Relying Party during authorization
PI63915 Users get duplicate IBM WebSphere Application Server shortcuts on the Microsoft Windows start menu
PI63955 NullPointerException thrown by Weld when injecting an EJB into a CDI managed bean
PI64079 Processing persistence units in application client library jars can yield a NullPointerException.
PI64084 Microsoft Windows start menu items are confusing when multiple profiles created
PI64088 Application archive opened unnecessarily, slows performance
PI64129 CDI applications that inject Validator or ValidatorFactory Beans cannot be failed over in a cluster
PI64136 Portlet container changes to support JSF 2.2 Portlet bridge upload functionality
PI64139 Dynamic updates to JSP files are not picked up.
PI64222 Too many open files exception on property file causing uninstallation of apps deployed by monitored directory
PI64239 NullPointerException in CDIEJBManagedObjectFactoryImpl when accessing EJBs from client application modules.
PI64314 When running the eclenhancer script, errors are not being displayed.
PI64322 The migrateConfigTo85.py script is no longer needed in version 9
PI64324 The -clean option in the eclipse.ini causes issue with eXtreme Scale extension installation for zPMT in V9
PI64326 NullPointerException in CDIEJBManagedObjectFactoryImpl
PI64573 A 403 error may occur when using the OIDC RP
PI64662 When application server and node agent restart, bundle cache is re-expanded
PI64795 Move up Weld level to 2.3.4
PI65021 Rollback Batik library to 1.6.1 because it breaks Intelligent Management charting
PI65396 IHS crash in free call when using Intelligent Management
PI65466 OpenID Connect ear and py files and the OpenID py file are missing from IBM embedded WebSphere Application Server
PI65649 renameCell does not update some Extreme Scale Domains and health policy targets
PI65751 The interceptedPathFilter OIDC custom property should not be required
PI65815 Denial of service in the Apache Commons FileUpload used for Administering batch jobs using WebSphere Java Batch
PI65853 WebSphere Application Server Web Container affected by Apache Struts vulnerability (CVE-2016-3092)
PI66251 REST API Discovery Feature
PI66503 Migration tool generated migration jobs fail to find the migration temp directory due to a typo in the job template
PI66507 CICS abends when starting the WOLA Link Sever on z/OS 2.1
PI66530 ClassCastException when performing server configuration validation
PI67041 PlantsByWebSphere sample application fails for V9
PI67275 SystemExit exception thrown on running workclassoperations.py
PI67535 Incorrect EJB references generated by annotations processing for application client jar files
PI68014 Update sample jobs for FMID HBBO900
IBM HTTP Server Fix List Detailed list of APARs for IBM HTTP Server.
Install PI63766 Java 8 package not automatically selected when Edge Load Balancer package selected in IM 1.8.5
PI64328 Files in the <was_install>/properties folder are being overwritten when fix packs are installed
Java 2 Connectivity (J2C) PI61635 ActivationSpec config IDs are getting updated while making any changes to the existing application configuration
PI61989 Optimize connection pool behavior when the free pool distribution table size is set to one
PI63532 JNDI Lookup Failures
Java Message Service (JMS) PI58640 Exception WSCL0912E : Component could not be initialized running launchClient on Microsoft Windows.
PI59687 Some JMSExceptions related to queue manager connection errors are misidentified and connection cleanup does not occur
PI61894 An MDB app fails to start with EJB error, but the activation spec starts anyway and loops while trying to consume IBM MQ messages
PI64247 Websocket close frame reason code may be inaccurate on double-byte language machines
PI64562 Restarting a cancelled job fails
PI64570 Applications with WebSocket endpoints using CDI injections may not start correctly
JNDI/Naming PI62810 Naming NMSV0311W message needs to include name of object being updated.
JSP PI63554 HTTP error code: 500 after requesting a JSP page that statically imports more than one file from the same web fragment.
PI65333 A JSP error "unresolved compilation problem" is thrown during runtime
Migration PI64013 WebSphere clone migration option causing CoreGroup runtime issues between old and new servers.
PI64015 WebSphere migration has various application install issues
PI64016 WebSphere migration of Intelligent Management feature causes some server startup issues.
PI64074 Correct missing messages for migrations.
PI64276 WebSphere migration some config data not being migrated properly
Object Request Broker (ORB) PI59076 S0C4-38 Abend from out of a JVM method getOriginalROMMethod+4a
PI63625 0C4 abend in servant because a 64 bit heap pool 1 element was overlaid.
PI63926 zWAS crash in SMF code bboodsab.plx on first server startup after an IPL
PD tools (for example: Log Analyzer) PI61135 StackOverflow caused by SLF4J infinite lookup.
PI64143 ISADC tool not working properly for multiple options
PMI/Performance Tools PI60858 NullPointerExceptions on NodeAgent when starting TPVLogging via wsadim for 2 different servers at the same time
PI61355 NullPointerException on nodeAgent when starting TPV Logging for any server in deployment manager.
PI62283 NullPointerException in PMI class ModuleItem
Programming Model Extensions (PME) PI65037 java.lang.IllegalArgumentException: ThreadPool name already defined
Proxy Server PI60985 Add a custom property that will always clear the cache regardless of its state
Runtime PI63963 Rollout of an application edition may fail with error WPVR0011E due to condition WPVR0041W
PI64005 Message UTLS0008W occurs during server shutdown.
PI64315 Unexpected OSGi error log: The bundle is not marked as singleton
PI67176 A NoClassDefFoundError occurs during the static initialization of class com.ibm.ws.naming.util.RasUtil
Security PI32113 During Initialization of the WebSphere Application Server, there is a delay of 5 minutes or more.
PI48386 Extra information in Trace
PI50599 SSL CSR being sent to SSL clients after restarting WebSphere Application Server instead of expected certificate
PI53397 Outbound SSL with two-way SSL handshake fails because WebSphere does not send client certificate to SSL server
PI56086 HMGR0149E exception: The received token starts with null.
PI58172 SSLException error occurred when having a "#" in the keystore or truststore filepath.
PI58717 Unexpected GPF exception BOSSNAP
PI60049 Error WSVR0100W is not providing enough information about why the server fails to start.
PI60545 Gather and report minimal data for a web UI login and logout with audit
PI61077 Limitation of wsadmin API AdminTask AdminTask.exportSAMLSpMetadata
PI61695 NullPointerException for wasadmin AdminTask.mapUsersToNamingRole
PI62619 SAML Web SSO AdminTask command importSAMLIdpMetadata fails
PI63964 Form logout and EJB calls may not work when using JASPI
PI64506 Persona stress runs result in OutOfMemory after several days
PI66137 NullPointerException found in logs when creating the security server.
Servlet Engine/Web Container PI58920 Dispatcher type obtained from HttpServletRequest is not updated on post processes
PI62068 Remove Struts from WebSphere Application Server
PI63745 MessageSentException and NullPointerException thrown on an WebSocket request
PI63746 StringIndexOutOfBoundsException starting an app with a servlet annotated with @WebServlet("") or with empty servlet mapping
PI63972 Performance issue when running JSP.
PI64127 Add support for JSF 2.2 in Portlet bridge
PI64426 Annotations on instances of HttpUpgradeHandler are not processed
PI65771 Unable to inject programmatically added filters,servlets and listeners.
PI67470 ConcurrentModificationException thrown on getServletWrapper when serveServletsByClassname is enabled
Session Initiation Protocol (SIP) Container PI54003 Leak caused by new ProxyBranch created from response
PI54646 Unable to obtain SipURIs of available outbound interface
PI56387 SIP container incorrectly combines multiple SIP supported headers
PI60893 Deadlock caused by SIP Subscribe
PI61548 Potential Denial of Service in WebSphere Application Server if using SIP services (CVE-2016-2960)
Sessions and Session Management
PI60026 Bypass security restrictions in WebSphere Application Server (CVE-2016-0385)
System Management/Repository PI56966 There is no message logged by the NodeAgent when a server is terminated.
PI63461 AuditServiceProvider and AuditEventFactory settings are overwritten by PFBCT
PI63844 NullPointerException when creating a dynamic cluster
PI63987 Not invalidating generated Managed Beans deployment descriptor with initial deployment of an application.
PI64069 Application upload fails with java.net.SocketException: Invalid argument
PI64685 providerType is null or missing in configuration when JDBCProvider is created using properties file.
PI66884 Application start fails with UndefinedVariableException
Transaction Service PI45254 Collect more serviceability data for transaction log service
PI61057 WTRN0112E errors when running stand-alone application using the embeddable EJB container
PI61081 J2CA0030E occurs due to DSRA9350E: Operation connection.commit is not allowed during a global transaction
PI65127 Deadlock issue in tranlog database
PI67082 NullPointerException from InstalledOptionalPackageRepository shows in FFDC logs.
Web Services (for example: SOAP or UDDI or WSGW or WSIF) PI60370 During an installation of a web service application, ADMA0078W might happen.
PI63025 Repeatedly attempting to start an application that will not start might cause a memory leak
PI64053 WSWS7054E is thrown when deploying a JAX-WS web service application
PI64153 java.security.AccessControlException: Access denied ("java.util.PropertyPermission" "*" "read,write") happens in systemout.log
PI64288 ClassNotFoundException occurred when running launchClient script with web service application.
PI64415 Server start becomes slower when more applications are installed
PI64981 Fix Web Services performance drop and WSDL files requiring Internet access to include remote schema file
Web Services Security PI57565 WS-Security does not emit TokenType on reference to SAML token

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"General","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"9.0","Edition":"Base;Network Deployment","Line of Business":{"code":"LOB67","label":"IT Automation \u0026 App Modernization"}}]

Document Information

Modified date:
26 March 2024

UID

swg27048591

Page Feedback