PQ93643: SHIP INTERNAL DEFECT FIXES FOR SERVICE LEVEL W502015. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description Ship internal defect fixes for Service Level W502015.Local fix Problem summary **************************************************************** * USERS AFFECTED: All users of WebSphere Application Server * * V5.0 for z/OS * **************************************************************** * PROBLEM DESCRIPTION: APAR PQ93643 addresses the following * * defect in WebSphere Application Server * * V5.0 for z/OS: * * * * (botp_ PQ85045) When JSPs that are * * escaped out of context root are * * included, the JspBatcCompiler was * * accepting them as valid documents. * * * * (MD20395) A JMS startup failure can be * * caused by having the wrong jobname in * * the BBOTCPII member. * * * * (MD20397) Job BBOWCPYZ ended with a * * return code of 4: * * IEB177I BBO5DMNZ WAS SELECTED BUT * * NOT FOUND IN ANY INPUT DATA SET * * * * (MD20420) ServletException in: * * /secure/layouts/addPropLayout.jsp * * null' on CSIv2 Authentication pages * * * * (MD20439) Updates to Administrative * * Console CSIv2 Authentication Additional * * Settings are ignored. * **************************************************************** * RECOMMENDATION: * **************************************************************** APAR PQ93643 addresses the following defect in WebSphere Application Server V5.0 for z/OS: (botp_ PQ85045) JSP includes can use directory escapes to include files outside of the context root of the webapp. This is contrary to the behavior of WebSphere Application Server version 4.0.1 for z/OS and OS/390 and is not the expected behavior. For example in the jsp include directive <jsp:include page="{relativeURL | <%= expression %>}" flush="true" /> the relative URL should not allow the file name to go beyond the context root. (MD20395) The JMS direct address port (&ASJDADDP) is opened from an address space whose name is often, but not always, &MQSSID.WEMP - for example, WMQXWEMP. However, under certain circumstances, other jobnames like WMQX123W are used. Member BBOTCPII reserves the port to &MQSSID.WEMP explicitly, which can cause a JMS startup failure: +CSQX218E +WMQX CSQXLSTT Listener unable to bind to port 5559 address 0.0.0.0, TRPTYPE=TCP INDISP=QMGR, RC=0000006F (where 5559 is the port reserved in BBOTCPII.) Instead, member BBOTCPII should reserve the direct address port to generic OMVS like the follow: &ASJDADDP. TCP OMVS ; JMS Server Direct Address port (MD20397) The JMS proclib setup job BBOWCPYZ copies member BBO5DMNZ into the customer's proclib, but BBO5DMNZ is not generated by the customization process for JMS. BBOWCPYZ will fail if the customer uses a new <customer specified HLQ>.CNTL data set for JMS customization. Since the daemon's STEPLIB is not updated for JMS, the BBO5DMNZ proc should not be copied by BBOWCPYZ. (MD20420) On both of the CSIv2 Authentication pages in the Administrative Console (Servers > Application Servers > server name > Server Security > CSIv2 Inbound Authentication and Servers > Application Servers > server name > Server Security > CSIv2 Outbound Authentication), the following message appears where the Additional Properties links should be: ServletException in:/secure/layouts/addPropLayout.jsp null' (MD20439) The CSIv2 Inbound/Outbound Authentication Additional Settings for Server Security - Servers > Application Servers > servername > Server Security > CSIv2 Inbound Authentication (or CSIv2 Outbound Authentication) > Additional Settings - are not saved in the security.xml file. In other words, updates are accepted, but then ignored.Problem conclusion APAR PQ93643 fixes the following defect in WebSphere Application Server V5.0 for z/OS. (botp_ PQ85045) No check on the location of the included jsp was made - this APAR corrects that. (MD20395) Dialog JCL skeleton BBOTCPII will be updated to reserve the direct address port to generic OMVS instead of &MQSSID.WEMP. (MD20397) Dialog skeleton BBOWCPYZ will be updated so that BBO5DMNZ is not copied. (MD20420) Code changed to properly initialize internal refId variable. (MD20439) Code was using a different technique to process the values entered than is done for other security.xml Additional Settings and it was not working. The code was modified to use the standard processing technique. APAR PQ93643 is associated with SERVICE LEVEL W502015 of WebSphere Application Server V5.0 for z/OS.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: UQ92596 Modules/Macros
Publications Referenced
|
Document Information |
Current web document: swg1PQ93643.html
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PQ93643
IBM Group: Software Group
Modified date: Oct 5, 2004
(C) Copyright IBM Corporation 2000, 2009. All Rights Reserved.