Fix list for IBM WebSphere Application

Server V8.5
Product Readmes

Abstract
IBM WebSphere Application Server provides periodic fixes for the base and
Network Deployment editions of release V8.5. The following is a complete listing of
fixes for V8.5 with the most recent fix at the top.
Content
Back to all versions

Total number of
Release Date Total number of APARs Security APARs
Fix Pack 8.5.5.17 9 March 2020 137 8
Fix Pack 8.5.5.16 3 September 2019 153 6
Fix Pack 8.5.5.15 4 March 2019 131 16
Fix Pack 8.5.5.14 20 August 2018 187 11
Fix Pack 8.5.5.13 5 February 2018 212 5
Fix Pack 8.5.5.12 21 July 2017 240 10
Fix Pack 8.5.5.11 23 December 2016 177 6
Fix Pack 8.5.5.10 15 August 2016 208 7
Fix Pack 8.5.5.9 18 March 2016 150 2
Fix Pack 8.5.5.8 11 December 2015 111 2
Fix Pack 8.5.5.7 11 September 2015
Fix Pack 8.5.5.6 26 June 2015
Fix Pack 8.5.5.5 13 March 2015
Fix Pack 8.5.5.4 8 December 2014
Fix Pack 8.5.5.3 18 August 2014
Fix Pack 8.5.5.2 28 April 2014
Fix Pack 8.5.5.1 11 November 2013
Refresh Pack 8.5.5 14 June 2013
Fix Pack 8.5.0.2 15 April 2013
Fix Pack 8.5.0.1 29 October 2012

Fix Pack 8.5.5.17

Fix release date: 9 March 2020
Last modified: 9 March 2020
Status: Recommended

Download Fix Pack 8.5.5.17 Back to Top

 Sec
urity
AP APA
Component AR R Description
PH1
✓ 1319 XSS issues with the Websphere Admin console (CVE-2019-4270)
PH1 WebSphere Application Server Admin Console could allow a file
✓ 2325 traversal vulnerability (CVE-2019-4268)
PH1 Classloader conflict causing problems accessing the admin console in
4295 Websphere Application Server
PH1 java.lang.arrayIndexOutOfBoundsException: array index out of range:
4552 1 exception on was 8.5.5.14 after BPM 18.0.0.1 upgrade
PH1 Admin console updates to removeNodelLstener and addNodeListener
5351 servlets
PH1 Improve status text for scan error for the application migration scanner
5415 functionality
PH1
5700 Target java options on 'Configure scanner…' pate are out of order
PH1 An error is shown in the administrative console, when viewing the
7272 systemout.log.owner or thesystemerr.log.owner files
PH1 Request to allow web server log path to be outside of WAS and not
7962 require the .log filename extension
PH1 When a scheduler that an EJB timer service uses no longer exists, the
8268 console does not display an error
PH1 After the update to WAS 8.5.5.16 there is a problem in the admin
8533 console with my tasks in the navigator on the left side
PH1 Information disclosure in WebSphere Application Server Admin
✓ 8947 Console (CVE-2019-4670)
PH1 When invalid characters are introduced in the admin console url error
Administrativ 9920 page java.lang.nullPointerException is received
e Console (all PI94
non-scripting) 624 Remove struts-legacy.jar from isclite.ear
Contexts and PH0 Null CDI bean results in a NullPointerException thrown in Apache
Dependency 5014 WebBeans code
Injection PH1 CDI not protecting the thread context classloader and loading a wrong
(CDI) 5728 version of XML parser
Default
Messaging PH1 Websphere Application Server messaging engine stops due to
Component 6502 DSRA9110E when short duration lock feature is enabled
PH1
8256 CNTR5104E received when deploying EJB application
EJB PH1 Corba.Marshal: incompatibility between stub and tie on Websphere
Container 8828 batch application
EJBDeploy PH2
(WSAD) 1271 Failed to run EJPDeploy when installing application by admin console
PH1 The WIM GET API does not consider the allowOperationIfReposDown
2039 setting on the realm
PH1
2167 Authentication fails with a cause by of illegal capacity
PH1 Federated repository is not returning all requested attributes when
4099 searching
PH1
5390 NullPointerException ocurrs when security trace is enabled
PH1 CWWIM4564I saying it connected to the failover LDAP, when
5543 reconnecting with the primary LDAP
PH1
6420 Non-participating repositories are accessed from WIM get api
PH1
7028 AdminAgent console can display incorrect security configuration
PH1 When adding an LDAP attribute that requires a boolean value, an
7839 InvalidAttributeSyntax error occurs
PH1 Enhanced file-based and database repository password hashing
8467 algorithms
PH1 NullPointerException is thrown when running deregisterNode.sh
8761 wsadmin
Federated PH1
Repositories 9289 NullPointerException occurs when security trace is enabled
PH1
0371 lrcmd.sh script ignores values specified in soap.client.props
PH1
1280 PI58498 is not fixed on 8.5.5.13 under certain circumstances
PH1
2982 "write Interval" of HTTPSession store configuration is not honored
PH1
3564 WOLA is not freeing IMS TPIPE after an error
PH1
3660 Reduce HPEL buffer flush interval and timer implementation
PH1
3786 ABENDCC3 RSN040E0001 in local communication close processing
PH1 NullPointerException in the SIBus component may occur when Cross
3807 Component Trace is enabled
PH1
4351 Update the binary scanner in tWAS to 19.0.0.3.1
PH1
4473 Add translations for the access denied message
PH1 PH14613: Intelligent Management enabled Plugin crashes in multicell
General 4613 environment
 PH1
4926 Deserializing a session loads classes form different class loaders
CSA shortage with Websphere Appserver z/OS fixpack 9.0.0.9
PH1 BBOO0335E BPX1LDX load of BBODPCRT failed RC=84,
5134 reason=BDF0624
PH1 OAuth provider may create a principal with realm name prepended to
5820 user name
PH1 Unresolvable variable warning message CWLRB6203W: issued when
6837 no action is required
PH1
7314 Too many open files in Websphere V8.5.5 SIBus messaging engine
PH1 Upgrade apache commons beanUtils in admin console (CVE-2019-
✓ 7557 10086)
PH1
7942 Some session attributes are not stored with session database of Oracle
PH1
8042 EmbeddableUOW cause RollbackException of global transactions
PH1
8894 Change the default value of ModifyActiveCountOnInvalidatedSession
PH1 Multiple plugin-cfg.xml files & folders under
9061 profile_home/config/cells/ causing Liberty report hung on console
PH2
0314 LogViewer not able to write logViewer.pos file
IBM HTTP Fix
Server List Detailed list of APARs for IBM HTTP Server
PH1
IBM i 8059 QueryWASInstalls command not listing 9.0 ND installs
PH1 Cannot install Websphere Application Server 9.0 on SUSE Linux
6993 Enterprise 15
PH1 CRIMA1137W: packages do not support the 64-bit version of
7876 installation manager
PH1 User's files and logs are deleted when applying ULB fixpack through
8202 installation manager
PH1
8236 Incorrect Java 7 EOS warning message on WAS 8.5.5.13 (Java 6)
PH1 Warning message is issued when install IHS and Plugin 9.0.5.2 and
8278 8.5.5.17 on Windows without MSVC 2013 runtime installed
PH2 Update ihs 8.5.5.16 fails with error getting file for installation on
Install 0560 Solaris
PH1 Custom transport chains added to dynamic cluster server templates are
1456 not properly propagated to dynamic cluster members
PH1 Intelligent Management enabled Plugin crashes in multicell
Intelligent 4613 environment
Management PH1 /MiddlewareAgentRPCService/noadmin/../<file_path> allows for
Component 4796 arbitrary file access of files in the WAS/profiles/dmgr directory
 PH1
5889 dumpIMPState.py enumerate function not available in Jython v2.1
PH1
6498 Implement the ability to disable the ODC REST Service
PI89 JVM CRASH ON WINDOWS IN PROCESSCPU64.DLL WHILE
036 INVOKING PMI TO COLLECT CPU STATS
PH1 2CA0695E: Unable to find primary pool manager during failover
0198 processing for a resource with a JNDI name of ibm/cm
PH1
Java 2 3915 High cpu when synchronizing resources.xml
Connectivity PH2 RRA=all trace results in SECJ0314W violation of Java 2 security
(J2C) 0223 permission error
Java
Management
Extensions
(JMX) or
JMX Client PH1
API 6983 Use TriggerDump with request=exclusive instead of SystemDump
PH0
1737 Changing default to NIO on HP platform
PH1 At shutdown, when the filestore is nearly full, threads persisting
4915 messages will hang
PH1 Updating the address include list for server transports causes an
Java Message 5289 exception
Service PH1
(JMS) 7473 Case sensitivity issues when headers are not being cached
Java
Persistence PH1
API (JPA) 8777 ConcurrentModificationException after PH07008
PH1
Java SDK 6818 File descriptor leak in defaultFaceletFactory
PH1
2946 StringIndexOutOfBoundsException when using JSF 2.2 in Liberty
PH1 Thread safety issue on the WeakHashMap with JSF SunRI causes the
2972 WebContainer threads to hang
JavaServer PH1
Pages (JSP) 4966 JSF portlet bridge should not be bundled by Websphere
PH1 Information disclosure in WebSphere Application Server (CVE-2019-
✓ 3983 4441)
PH2 WebSphere Application Server is vulnerable to command execution
JSP ✓ 0785 (CVE-2020-4163)
PH1 After the migration to v8.5, plugin-cfg.xml contains all cluster
3284 information even which is not supposed to be included
PH1
Migration 4635 WASPreUpgrade in remote migration jar does not work on zLinux
 PH1 Spaces in application name cause migration failure as
5019 WASMigrationAppInstaller gets parsing error
PH1 Migration tool should notify the user in the case that the old value is not
5110 migrated
PH1
5373 Coregroup template not found
PH1
5764 WASPostUpgrade fails when the profile was created with sym links
PH1 Running BBOWMPRO during a migration to a newer release of WAS
8142 z/OS gets configuration mismatch error
PH1
9983 WASPreUpgrade migration script fails to run on AIX
Migration fails with
PH2 java.lang.noSuchMethodException:com.ibm.websphere.models.config.
0869 applicationserver.sipontainer.impl.SIPContainerImpl
Object
Request
Broker PH1
(ORB) 3233 Remove unformatted cout trace entries
PH1
4607 FileNotFoundException appear when running tWAS LogViewer
PH1
4673 WAS diag plan trace dump file directory correction
PH1
5079 Modify traceInit outputs BBOO0427E at 8.5.5.15
PH1
PD tools (for 7273 Collector tool does not collect properties files for IBM i platform
example: Log PH1
Analyzer) 7283 Diagnostic plans utility is incompatible with the java_dump_opts
PH1 WebSphere plug-in has uneven distribution when multiple servers have
3091 a weight of 0
PH1 Plugin merge creates extra URI group when erroneous ports are within
4563 the VirtualHostGroup
PH1
7449 WAS HTTP plugin fails to generate $WSRA $WSRH headers
PH1 Plugin propagation for managed definition on remote node fails to copy
9420 plugin-key.kdb to webServer location on the remote node
PH1
9922 Unnecessary polling can take place causing high cpu
PH2
0154 Plugin websocket upgrade request response code not verified
PH2 Plug-in does not read entire response from the socket when ESI is
0311 enabled and response shows data is not modified
PH2
Plug-in 0448 IHS crash on restart when plugin log rotation is enabled
 PH1 Create profile failed with java.net.uriSyntaxException: illegal character
1873 in path
PH1
Profile 8889 Update WAS 8.5.5 IES for x86-32 platform
PH1 Property com.ibm.ws.runtime.dumpShutdown=true causes two
0673 heapdumps and two java cores during shutdown
Runtime and PH1 Corrupted KOR/CN/JPN locale messages during startserver if
Classloader 1036 WS_CMT_PI_STARTSERVER_CA_MESSAGES=true
PH0
9722 Reload the SSL runtime when certificate monitor executes
PH1 ReplaceCertificate is not horned to replace a personal certificate with
0457 another personal certificate
PH1 Information Disclosure in WebSphere Application Server (CVE-2019-
✓ 1248 4477)
PH1 Outbound EJB-WOLA connection fails NO_PERMISSION due to
3835 TransportLayer settings being picked up from incoming RMI call
PH1
5965 Intermittent SECJ0129E after upgrade to 9.0.0.10 or 8.5.5.14
PH1
6017 FFDC data output may display JAAS configuration information
PH1
6741 Client certificate authentication not finding previously logged in subject
PH1
7654 WSVR0661W starts to happen after the application of 8.5.5.16
PH1
8217 Need to stop auditing subsystem from doing DNS lookup
PH2
Security 0055 Provide an option to add KRBAuthnToken to Subject
PH1 Missing translation key: Exception occurred while running servlet
Servlet 5852 ContainerInitializers on startup
Engine/Web PH1 Memory leak in WebFragMergerImpl due to multiple start/stop of
Container 6279 application without restarting the application server
Session PH1 A via header field in ACK requests might contain incorrect address in a
Initiation 5985 dual stack environment
Protocol
(SIP) PH1
Container 7737 Websphere does not reject SIP invite with invalid CSEQ header
System
Management PH1 Monitored directory deployment hangs when application is deployed on
Configuration 5796 more than one target
PH1 Path traversal vulnerability in WebSphere Application Server (CVE-
System ✓ 4004 2019-4442)
Management/ PH1 ADMA7021I message in a deployment manager systemout.log file
Repository 8800 causes confusion
Web Services PH0 NullPointerException generated due to a partial update of the EJB
(for example: 9116 application
SOAP or
UDDI or
WSGW or PH1 WAS 8.5.5.15 / 9.0.5.0 - issues with annotation scanning filters
WSIF) 6949 (include-scanning-packages etc.)
PH1 OIDC RP: Omit client_secret oAuth 2.0 parameter if the client_secret
4676 is an empty string
PH1
5248 OIDCClientHelper methods may return null unexpectedly
PH1
5626 OIDC RP: Enable configuration of a login error url
PH1 OIDC RP cannot send a content-security-policy header to the
7304 openIDconnect provider
PH1 The OIDC RP does not check the id-token for an ACR value if the
8150 configured auth endpoint url includes "acr_values"
Web Services PH1
Security 9189 OIDC RP can not send a nonce parameter to an OP
PH0 In Websphere V8.5.5 AdminTask.extractConfigProperties incorrectly
8678 sets the CCSID value to 0 as the default
PH1
WebSphere 7696 Encrypted passwords deleted if custom encryption JAS is removed
Common PH1 BO attributes are not working correctly after upgrading to Websphere
Configuration 9871 8.5.5.16
Model PI77 Incorrect generation of ibm-metadata.xml when deploying with pre-
(WCCM) 392 generated merged descriptors
PH1
z/OS 9192 Waittime is not passed to BBOCLSCC under certain circmstances

Fix Pack 8.5.5.16

Fix release date: 3 September 2019
Last modified: 3 September 2019
Status: Superseded