IBM WebSphere Application Server Archives

IBM i PTF Guide, Volume 26, Number 44

November 11, 2024 Doug Bidwell

The number of patches slowed down last week, and we are not sure if that had anything to do with the election in the United States, but what we do know is we all got a break. And we will take it, and then get back to work.

There are a number of security vulnerabilities with WebSphere middleware, an issue with drive logging, and several fixes for TGTRLS in the RPG compilers.

First, we have Security Bulletin: IBM WebSphere Application Server is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2024-45086), which you can read about here. This …
Read more
IBM i PTF Guide, Volume 26, Number 32

August 19, 2024 Doug Bidwell

You knew that this was not going to last forever. We had a few weeks where there were not any security vulnerabilities in the IBM i stack, and now you have three you need to attend to this week. There are some patches for WebSphere middleware as well.

Let’s start with the security issues.

First, we have Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to July 2024 CPU, which you can read all about here. The affected products include:
```
Affected Product(s)					Version(s)
IBM WebSphere Application Server			
```
…
Read more
IBM i PTF Guide, Volume 26, Number 27

July 15, 2024 Doug Bidwell

Get your PTF patching fingers all cracked and stretched because you will be doing some typing this week. There are a three security issues you need to cope with and a slew of patches that run the gamut of subsystems on the platform. As usual, let’s start with the security vulnerabilities.

First, we have Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to a denial of service and bypassing security restrictions due to multiple vulnerabilities, which you can find out more about here. The patches for this issue, by IBM i release level, …
Read more
IBM i PTF Guide, Volume 26, Number 19

May 20, 2024 Doug Bidwell

You will need a little time to deal with some security vulnerabilities this week, so set aside some time. There is also a warning about infrastructure changes for electronic fixes from IBM and, for those of you who care, a new release of the IBM MQ message queuing middleware.

You can find out about the new MQ 9.4, which delivers improved cross-platform connectivity, observability, and modernization capabilities, at this link. And as for preparing customer firewalls and proxies for the upcoming infrastructure changes – Call Home, Electronic Fix Distribution – check out this link.

That leaves the three …
Read more
IBM i PTF Guide, Volume 26, Number 18

May 13, 2024 Doug Bidwell

Well, this week is a little bit lighter when it comes to new security vulnerabilities in the IBM i stack, so that is a good way to start out the next five business days plus the extra that system admins often have to do because weekends are when it is safe to tweak systems.

On the vulnerability front, we have Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354), which you can find out more about at this link. Here is the list of affected …
Read more
IBM i PTF Guide, Volume 26, Number 8

February 26, 2024 Doug Bidwell

It is a rare week when there is not some sort of security bulletin that affects all of the major operating systems, and this week is not one of those rare weeks. There are three security vulnerabilities affecting the current IBM i releases as well as a group of security patches for the vintage IBM i 7.2 release. Let’s get started with the security vulnerabilities, as is our common practice.

First, we have Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to January 2024 CPU, which you can …
Read more
IBM i PTF Guide, Volume 26, Number 7

February 19, 2024 Doug Bidwell

Aside from two new security vulnerabilities, it has been a pretty quiet week in IBM i PTF Land. There are some updates for the current releases of IBM i – that would be IBM i 7.4 and IBM i 7.5 that are both on standard support and IBM i 7.3 that is on extended support – and of course there are some new defective PTFs that Big Blue needs to make you aware of, as often happens because all modern platforms are complex and all of them sometimes have patches that have unintended consequences.

Let’s start with the security issues, …
Read more
IBM i PTF Guide, Volume 25, Number 33

August 14, 2023 Doug Bidwell

You can tell that it is still summer, and one of the last weeks before the holiday season is over, by the dearth of patches to the IBM i platforms. That said, we do have two new security vulnerabilities this week as well as some patches for the High Availability group within IBM i 7.5.

First, we have Security Bulletin: Vulnerability in IBM Java SDK affects IBM WebSphere Application Server due to CVE-2022-40609, which you can find out more about here. The affected releases are WebSphere Application Server 8.5 and 9.0.

Second, we have Security Bulletin: IBM Facsimile Support …
Read more
IBM i PTF Guide, Volume 25, Number 24

June 12, 2023 Doug Bidwell

It is one of those quiet weeks in PTF Land, which probably means next week or the week after won’t be if history is any guide. This week, we have Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to April 2023 CPU. More information is available here. Below are the affected products and versions.
```
Affected Product(s)				Version(s)
IBM WebSphere Application Server		9.0
IBM WebSphere Application Server		8.5
IBM WebSphere Application Server Liberty	Continuous delivery
```
Here is the rundown of PTF Groups by IBM i release level since we …
Read more
IBM i PTF Guide, Volume 25, Number 6

February 6, 2023 Doug Bidwell

American airspace had a new security vulnerability last week in the form of a Chinese balloon loaded with who knows what, and here are the new security vulnerabilities you need to worry about for the IBM i platform. There are three new ones that you need to shoot down over the ocean, just like US Air Force did with that “surveillance” balloon after it traversed the heartland of the country from Montana to South Carolina.

First, we have Security Bulletin: IBM WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2023-23477), which you can find out more about …
Read more

Content archive

Recent Posts

Subscribe

Pages

Search