Fix (APAR): PK11017 Status: Fix Release: 5.1.1.4,5.1.1.3 Operating System: AIX,HP-UX,Linux,Linux Red Hat - pSeries,Solaris,Windows Supersedes Fixes: CMVC Defect: PK11017 Byte size of APAR: 33887 Date: 10/25/05 Abstract: Encoding an URL leads to printing sensitive query string information into trace logs. Description/symptom of problem: PK11017 resolves the following problem: If session trace is enabled and the application is encoding an url, then the full url is logged into the trace logs. This fix disables logging the queryString part of the URL being encoded into the trace logs, if a JVM system property hideSessionValue is defined to be true. This prevents sensitive information being passed in as a queryString from being logged into the trace files. NOTE: YOU MUST FIRST DOWNLOAD THE UPDATE INSTALLER TOOL IN ORDER TO INSTALL A FIX. The Update Installer can be downloaded from the following link: http://www-3.ibm.com/software/webservers/appserv/support/index.html Directions to apply fix: 1) Create temporary "fix" directory to store the jar file: UNIX: /tmp/WebSphere/fix Windows: c:\temp\WebSphere\fix 2) Copy jar file to the directory 3) Shutdown WebSphere 4) Follow the Fix installation instructions that are packaged with the Update Installer on how to install the Fix. 5) Restart WebSphere 6) The temp directory may be removed. Directions to remove fix: NOTE: FIXES MUST BE REMOVED IN THE ORDER THEY WERE APPLIED. DO NOT REMOVE A FIX UNLESS ALL FIXES APPLIED AFTER IT HAVE FIRST BEEN REMOVED. YOU MAY REAPPLY ANY REMOVED FIX. Example: If your system has fix1, fix2, and fix3 applied in that order and fix2 is to be removed, fix3 must be removed first, fix2 removed, and fix3 re-applied. 1) Shutdown WebSphere 2) Follow the instructions that are packaged with the Update Installer on how to uninstall the Fix. 3) Restart WebSphere Directions to re-apply fix: 1) Follow the instructions for uninstalling a Fix 2) Follow the instructions for installing a Fix Additional Information: --------------------------------------------------------------------------- iFix is for 5.1.1.3 and 5.1.1.4