Product Name    : TIBCO® BPM Enterprise
Release Version : 4.3.5_HF-004
Release Date    : May 2026

================================================================================

Closed Issues in 4.3.5_HF-004 (This Release) 

NOTE: Where the closed issue is related to a TIBCO Support case, the relevant
case number (CN-xxxxxxxx) is given in brackets after the Issue number. 

WRM-12768 (CN-2547877, CN-2557907)
Timer events created prior to AMXBPM upgrade fail to trigger timeout 
post-upgrade to AMXBPM 4.3.5

WRM-12754 (CN-2546695, CN-2558353)
Update case action fails with a hibernate error"

WRM-12752 (CN-2545607)
Existing BDS application when upgraded after upgrading the environment to 4.3.5 HF 2 fails

WRM-12713 (CN-2528167)
Vulnerability for Apache CXF on AMX-BPM 4.3.2 installation - CVE-2024-28752

WRM-12641
Case document upload fails if www.springframework.org is not reachable

AMX-19653 (CN-2555726)
AMX BPM Vulnerability for Jetty CVE-2026-5795

AMX-19646 (CN-2550372)
INFO level logs were generated in BPM logs after upgrade to 4.3.5

AMX-19641 (CN-2551147)
Fix the vulnerability CVE-2025-11143 vulnerability that affects Jetty in 
TIBCO AMX BPM 4.3.5 HF02 and BPM 4.3.5 HF03 version.
Note: In case of an SSO failure, please review the runtime node log to determine 
if a referer validation error has occurred. You can identify this issue by looking
for the following log entry: com.tibco.amf.hpa.tibcohost.jetty.internal.RequestHeaderFilter
 - Referer validation failed - Referer Host: [host], Server Name: [server name], 
 Allowed Referers: [host names in whitelist]

AMX-19623
JRE HOME path update failure in AMX 344 HF2/BPM 435 HF2.

AMX-19618 (CN-2543762, CN-2545541)
Spring Framework Vulnerability ["CVE-2022-22970", "CVE-2022-22971"] 
["CVE-2022-22950"] detected in BPM 4.3.5 HF2 due to old version spring jars.

AMX-19616 (CN-2524305)
General tab is not fully rendered for SSL enabled JDBC XA type RT, SSL 
checkbox is always shown as unchecked

WRM-12771 (CN-2557748)
Exception raised in BPM API calls after upgrading to 4.3.5 HF3

WRM-12781 (CN-2554365)
ec_event_trigger not being processed

WRM-12776 (CN-2557806)
Existing BDS application in 4.3.2 when upgraded after upgrading the 
environment to 4.3.5 HF 2 fails

AMX-19612 (CN-2541392)
Resource Instance DataSource reinstallation uses an incorrect database user

================================================================================

Refer to the attached readme document (TIB_amx-bpm_4.3.5_HF-004_readme.txt) 
for installation instructions, and other additional information relating to this hotfix.

ALL

The hotfix can be downloaded from the TIBCO Support website (https://support.tibco.com).

Once logged on using your username and password, the hotfix can be found under the Downloads Menu:
AvailableDownloads/AMX_BPM/4.3.5/TIB_amx-bpm_4.3.5_hotfix004

TIBCO BPM Enterprise(R) 4.3.5 Hotfix 004 is available