Fix (APAR): PI52103 Status: Fix Release: 8.5.0.2 Operating System: AIX,HP-UX,IBM i,Linux,Solaris,Windows Supersedes Fixes: CMVC Defect: Byte size of APAR: 534911 Date: 20151112 Abstract: Vulnerability in Apache Commons Collections used by Liberty Description/symptom of problem: PI52103 resolves the following problem: Vulnerability in Apache Commons Collections used by Liberty Directions to apply fix: 1. Open a console and direct it to the location of your iFix jar 2. Run the command "java -jar 8.5.0.2-WS-WASProd_WLPArchive-IFPI52103.jar". The following launch options are available for the jar: --installLocation [LibertyRootDir] by default the jar will look for a "wlp" directory in its current location. If your Liberty profile install location is different to "wlp" and/or is not in the same directory as the jar then you can use this option to change where the jar will patch. [LibertyRootDir] can either be relative to the location of the jar or an absolute file path. --suppressInfo hides all messages other than confirming the patch has completed or error messages. 3. Stop your Liberty profile server(s). 4. Start your Liberty profile server(s) with the --clean parameter as a launch option (i.e. server start --clean). The --clean option only needs to be used once, all subsequent server starts will not require it. Directions to remove fix: 1. Stop your Liberty profile server(s). 2. You will need to delete the following files (file locations are relative to your Liberty profile install root): - lib/com.ibm.ws.org.apache.commons.collections.3.2.1_1.0.0.20151112-1638.jar - lib/fixes/8.5.0.2-WS-WASProd_WLPArchive-IFPI52103_8.5.2.20151112_1754.xml 3. Start your Liberty profile server(s) with the --clean parameter as a launch option (i.e. server start --clean). The --clean option only needs to be used once, all subsequent server starts will not require it. Directions to re-apply fix: 1. Follow the instructions to apply the fix. Additional Information: