BusinessConnect 6.3.0 Hotfix 4 has been released

You can download this Hot Fix from the TIBCO Product Support website using your TIBCO Support username (email address) and password under “Downloads” and then “Hotfixes”

Once you have successfully logged into the server, you will find the hotfix packages under:

Listed below is a summary of updates included. Please refer to the associated readme document for any additional information.

================================================================================
Closed Issues in 6.3.0_HF-004 (This Release)

BC-9781
The following are the improvements made to internal Gateway Server:

1. The remote service uses an SSL certificate chain that has been signed using
 a cryptographically weak hashing algorithm (e.g. MD2, MD4, MD5, or SHA1). 

 Note: This plugin reports all SSL certificate chains signed with SHA-1 
 that expire after January 1, 2017 as vulnerable. This is in accordance with
 Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.

2. The remote host supports the use of SSL ciphers that offer medium strength
 encryption. Medium strength as any encryption that uses key lengths at least
 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.
 
3. At least one of the X.509 certificates sent by the remote host has a key
 that is shorter than 2048 bits. According to industry standards set by the
 Certification Authority/Browser (CA/B) Forum, certificates issued after 
 January 1, 2014 must be at least 2048 bits.

4. The remote host supports the use of a block cipher with 64-bit blocks in 
 one or more cipher suites. It is, therefore, affected by a vulnerability, 
 known as SWEET32, due to the use of weak 64-bit block ciphers. 
 A man-in-the-middle attacker who has sufficient resources can exploit this
 vulnerability, via a 'birthday' attack, to detect a collision that leaks the 
 XOR between the fixed secret and a known plain text, allowing the disclosure 
 of the secret text, such as secure HTTPS cookies, and possibly resulting in
 the hijacking of an authenticated session.

BC-9778
TIBCO BusinessConnect generated a private process message when a payload is 
picked up from the INBOX while using the SSHFTP server, the FTPS Server, 
or PartnerExpress.

BC-9763
TIBCO BusinessConnect does not release the DB connection when handling duplicate
transaction.

BC-9762
Multiple JMS errors were observed in the Interior Server logs. An enhancement has
been created to have the BO JMS transport more resilient in terms of reconnect.


BC-9761
Many NullPointerExceptions on outbound messages on a closed socket when
using Socks proxy. 

BC-9755
An enhancement to restrict the output response page not to disclose the server
details in header part due to security reason.

================================================================================
Closed Issues in 6.3.0_HF-003 

BC-9237
The value of column DISPLAY_NAME in table BC_BIZAGREEMENT was incorrect when
the business agreement was imported from a .csx file.

BC-9216
TIBCO BusinessConnect exported all external users when exporting participants.
This issue is fixed and TIBCO BusinessConnect exports only external users that
are related to exported participants.

BC-9207
TIBCO BusinessConnect did not close HTTPS connection when certificate 
verification failed.

BC-9193
TIBCO BusinessConnect did not pick up all files from specific external SFTP 
server sometimes.

To fix this issue, do the following: 
1. Add the following property in the .tra files of all the BusinessConnect Interior 
   Servers:
   java.property.<partner name>.sshftp.cache.disabled=true
2. Go to BusinessConnect > System Settings > Activated Protocol Plug-ins and 
   Properties > BC, add boolean property 'bc.sshftp.poller.client.blocking' 
   and set it as true.

BC-9192
A deadlock occurred while accessing TIBCO BusinessConnect Plug-in for SSH Server
or TIBCO BusinessConnect Plug-in for FTP Server.

BC-9185
TIBCO BusinessConnect Plug-in for SSH Server did not reject a login when the
password was not provided. To fix this issue, add the following line in the .tra
files of all the BusinessConnect Interior Servers:

java.property.bc.ldap.reject.authentication.without.password=true

BC-9139
A deadlock occurred when using Microsoft SQL Server and there was high throughput.

BC-9125
Search for Partner very slow under BusinessConnect > Business Agreements page.
Note: The fix provided in this build disables two of the existing features in 
the partner table list in the new business agreements page.
 - Sorting the table.
 - Search against protocol name.

BC-9115
TIBCO BusinessConnect threw out NullPointerException when handling synchronous 
receipt sometimes.

BC-9110
The error "ORA-01000: maximum open cursors exceeded" may occur when Non 
Repudiation Logging was enabled.

BC-9098
While importing a .csx file using bcappmanage tool of TIBCO BusinessConnect or 
from TIBCO Administrator, it hung if the .csx file included many operations.

================================================================================
Closed Issues in 6.3.0_HF-002

BC-9091
When TIBCO BusinessConnect enabled DB lock mechanism and multiple Interior 
Servers were deployed, TIBCO BusinessConnect occasionally failed to acquire
DB Lock in certain scenario while DB connection delay happened.

To resolve this issue, add the following property to the .tra files of 
all the BusinessConnect Interior Servers:

java.property.bc.DBLock.strongMode.enable=true

BC-9089
If TIBCO BusinessConnect SOAP Protocol 6.1.0 was installed, TIBCO BusinessConnect
threw OutOfMemoryError when handling CMI transactions.

BC-9046
When PGP Processing was enabled for the inbound SSHFTP poller in Business 
Agreement, TIBCO BusinessConnect did not pass the OriginalFileName field
correctly to the Private Process.

BC-9045
TIBCO BusinessConnect failed to calculate the key size of certain ciphers, 
and as a result, TIBCO BusinessConnect did not support these ciphers 
on AIX platform.

BC-9032
TIBCO BusinessConnect failed to send or cancel multiple transactions at a 
time in Log Viewer > Message Queue Logs.

BC-9012
TIBCO BusinessConnect failed to connect certain SFTP servers with I/O errors 
on Windows platform. 

To resolve this issue, add the following property to 
the .tra files of the BusinessConnect Interior Servers:

- To make this solution take effect for only one trading partner:
  java.property.<trading partner name>.sshftp.tcpnodelay=false
- To make this solution take effect for all trading partners:
  java.property.sshftp.tcpnodelay=false

================================================================================
Closed Issues in 6.3.0_HF-001

BC-8966
Cipher TLS_EMPTY_RENEGOTIATION_INFO_SCSV was disabled in TIBCO BusinessConnect.

BC-8959
TIBCO BusinessConnect did not allow SSLv2Hello protocol in Gateway Server.

There is a new property "bc.security.sslv2hello.enabled" added to Admin GUI
BusinessConnect -> System Settings -> Activated Protocol Plug-ins and Properties
-> BC after Initialize Database, it is unchecked by default. Gateway Server will 
allow SSLv2Hello protocol if this property is checked.

BC-8954
TIBCO BusinessConnect Gateway Server threw an exception at start up if HTTP/S service was 
only configured with "Secure CA Port" but not the "HTTP" and "HTTPS" ports.
s
BC-8953
When PGP encryption was enabled for outbound SSHFTP transport, file mask which
contain #(DocumentID) did not work.

BC-8952
When you stop BusinessConnect Gateway Server from TIBCO Administrator GUI, the HTTP/HTTPS
ports were not released by BusinessConnect Gateway Server services. To fix this issue, 
add the following line to gsengine.tra files of all TIBCO BusinessConnect Gateway Servers.

java.property.gs.webengine.socket.bindOnInit=false

BC-8951
TIBCO BusinessConnect did not support new property of NAESB 3.0 standard, such
as "receipt-security-selection", "refnum", and "refnum-orig".

There is a new property "GISB/NAESB Version" in HTTP/HTTPS transport, default value
is 2.0. if the value of this property is 3.0, TIBCO BusinessConnect will add "refnum",
"refnum-orig" and "receipt-security-selection" in outbound NAESB request.

BC-8942
TIBCO BusinessConnect failed to connect certain SFTP servers with I/O errors 
from Windows platform. To resolve this issue, add the following property in 
the .tra files of the BusinessConnect Interior Servers:

- To make this solution take effect for only one trading partner:
java.property.<trading partner name>.sshftp.tcpnodelay=false

BC-8909
When a schema in operation of TIBCO BusinessConnect SOAP Protocol referred to other
schema imported by WSDL tool, it could not be synchronized to a private process via 
BusinessConnect Palette.

BC-8906
TIBCO ActiveMatrix BusinessWorks Plug-in for BusinessConnect 6.0.1 failed to
import JMS transport settings with SSL configuration. This fix works with
TIBCO ActiveMatrix BusinessWorks Plug-in for BusinessConnect 6.1.0 and higher.

Note: Please copy configstore-core.jar and configstore-bc.jar of this
hotfix into {TIBCO_HOME}/bw/plugins/lib directory if TIBCO BusinessConnect 
Palette 6.x was installed.

BC-8774
When multiple Interior Servers were deployed, if XML requests were sent with the
txnGroupingID field from private processes, TIBCO BusinessConnect occasionally
failed to add converted EDI transactions for batching and DBLock error occurred.

================================================================================