book
Article ID: KB0100412
calendar_today
Updated On:
Description
This hotfix is cumulative. This is the fifth hotfix for TIBCO Managed File
Transfer (MFT) Command Center 8.4.2 and TIBCO Managed File Transfer (MFT)
Internet Server 8.4.2.
Environment
All supported environments
Resolution
Hotfix TIB_mftccis_8.4.2_HF-005 can be downloaded from TIBCO Support Portal (https://support.tibco.com).
You will need to provide your TIBCO Support Portal credentials. Once logged in you can download the hotfix by selecting the “Downloads” -> “Hotfixes” option. Then go to “/AvailableDownloads/MFT/CommandCenter-InternetServer/8.4.2/” to download the hotfix.
The .zip file has the Readme file inside. Please unzip the file and review the Readme file for instructions on how to apply the hotfix.
================================================================================
Closed Issues in 8.4.2_HF-005 (This Release)
MFCC-7762
Httpparamchecking is not performed on the update user page.
MFCC-7761
ThThe "tibcosamldirect" cookie is changed from unsecured to secured.
MFCC-7749
Updating an LDAP user fails with the following error message "Update failed.
LDAP managed fields cannot be modified: SendOnlyToUserID".
MFCC-7742
When compression to back-end SSH servers is configured, the data is not
compressed.
MFCC-7729
Spring-core is upgraded to version 5.3.28.
MFCC-7728
STRUTS is upgraded to version 2.5.31.
MFCC-7727
Guava is upgraded to version 32.0.1.
MFCC-7726
Not-yet-commons-ssl is upgraded to version 0.3.17.
MFCC-7725
jSoup is upgraded to version 1.16.1.
MFCC-7724
Protobuf and google-oauth-client are upgraded to versions 3.21.7 to 1.34.1
respectively.
MFCC-7717
Access to External Entities in XML Parsing is disabled.
MFCC-7715
The following exception occurs when retrieving an ADLS Gen2 directory list that
contains more than 5000 files in the directory:
"Exception occurred while retrieving fileList."
MFCC-7714
When uploading multiple files through the browser client and the fileshare
client, some of the uploads are unsuccessful.
MFCC-7709
JQuery-ui is upgraded to version 1.13.2.
MFCC-7705
When an LDAP user is synced, the FullName is incorrectly set to the User Id.
MFCC-7701
Connection Manager does not work in a High Availability Active/Active mode.
Note:
The socks-servers element in the reverseProxyDMZ.xml file of the Internet
Server has the following changes:
1. A new attribute (retryFailedConnection) is added, which defines the
interval (in seconds) for retrying a failed connection in CMA.
The default interval is set to 300 seconds.
2. The"loadbalance"attribute supports the following values:
: aa: Indicates the usage of Active/Active Load balancing from Internet
Server to CMA
: ap: Indicates the usage of Active/Passive Load balancing from
Internet Server to CMA
: no: Specifies the usage of existing connection to CMA until it is
interrupted
The reverseProxyDMZ.xml file is located in the following directory:
<MFT-Install>/server/webapps/cfcc/WEB-INF
To enable High Availability modeafter installing this hotfix update the
"loadBalance" attribute parameter.
Here is an example of the "socks-servers" element:
<socks-servers loadBalance="aa" retryFailedConnection="300">127.0.0.1:41080;
10.1.1.3.1:41080</socks-servers>
Note: aa and ap should only be defined if multiple IP Addresses are defined
for the socks-servers element.
Note: After changing this parameter, you must restart MFT Internet Server.
MFCC-7696
Uploads to GCP using CMEK encryption fails with the following error message:
Exception in upload: 400 Bad Request..
MFCC-7694
When an upload to Google Cloud storage fails at the beginning of the transfer,
the audit record incorrectly shows a successful transfer and a 0 byte file is
created on Google Cloud Storage.
MFCC-7692
Uploads and downloads of 0 byte files fail when the target server is SharePoint.
MFCC-7687
FIPS installer script (fips/sh, fips.bat) fails to delete fips jars when the
MFT server is running.
MFCC-7685
Json-smart jar is upgraded to version 2.4.10.
MFCC-7618
When "Allow FTP Site/Platform Server Pass Through" is set to "Yes", Platform
Server client downloads from a target Platform Server for Windows or
UNIX can fail with the following error message:
"SiftTlv.SetVal() -> fieldVal in SetTLV is NULL ptr for RecordFormat"
MFCC-7615
Support for Amazon S3 encryption keys defined in the bucket is added.
MFCC-7586
After a new installation, the "Propagate Lockout" and "Propagate to Servers"
fields in the Lockout Management page are set to "Null" and the users are not
locked out.
MFCC-7584
Though the ADLS Gen2 "Create Directory" operation is successful, the
following error message is displayed in the audit record:
"404 The specified path does not exist."
MFCC-7582
The ANTLR jar file is removed from distribution.
MFCC-7580
Jakarta-activation is upgraded to version 2.0.1.
MFCC-7571
Tomcat is upgraded to version 9.0.74.
MFCC-7569
Websocket information is added to the Diagnostic page.
MFCC-7568
A mouseover has been included in the Internet Server Browser page that
displays the transfer description.
MFCC-7563
You can now override the Visibility parameter in the User definition for
the LDAP defined user.
MFCC-7551
The Email Server definition Email Options tab's "Use TLS" parameter does
not have the Start TLS option.
MFCC-7550
When the Statistics page in the Command Center is accessed or searched,
the following error message is written to the catalina.out file:
"ParseExceptionMsg"
MFCC-7549
The silent-setup script references the incorrect log4j libraries in the
classpath.
MFCC-7548
On the HTTPS transfer browser client, completed transfers incorrectly
remain in the upload window after closing and opening the Upload Transfer
window.
MFCC-7547
You can now configure the maximum number of multipart file uploads in the
web.xml file.
MFCC-7534
When a group on the Manage Groups page has a large number of users
(10,000 or more), clicking any Group ID can cause the Update Groups page to
hang for several minutes.
MFCC-7356
The Promotion Utility does not include the TransferRight attribute upon
promotion of a user.
================================================================================
Closed Issues in 8.4.2_HF-004
MFCC-7565
The SSHClientAuthenticationMethod web.xml parameter is added to override the
Global SSH Client Authentication Method for an Internet Server instance.
The valid values are:
Password: The MFT SSH Server will use Password Authentication
Key: The MFT SSH Server will use Key Authentication
PasswordOrKey: The MFT SSH Server will use Password or Key Authentication
PasswordAndKey: The MFT SSH Server will use Password and Key Authentication
If this parameter is not defined or if a different value is defined, use the
Global SSH Client Authentication Method value.
MFCC-7562
On ADLS Gen2 uploads, there is no receive timeout and when a network error
occurs, the transfer hangs.
MFCC-7559
Access Key and Confirm Access Key fields are visible for Azure server
definitions when the Authentication Type is "Managed Identities".
MFCC-7544
Apache Commons File Upload is upgraded to version 1.5.
MFCC-7543
For an ADLS GEN2 Upload, FlushWithClose is not set and an Azure Storage Event
is not created.
MFCC-7538
The default value for the "AuditRetryCount" web.xml parameter is changed to 1.
MFCC-7537
Connection Manager Agent (CMA)/Connection Manager Server (CMS) Tomcat is
upgraded to version 9.0.70.
(Note: The following CMA/CMS jar files are distributed with this hotfix:
CMAInstall.jar
CMSInstall.jar )
- Upgrade CMA
1. Copy the CMAInstall.jar file to the CMA installation directory.
2. unjar CMAInstall.jar: jar -xf CMAInstall.jar.
a. Execute cmainstall.bat (Windows) or cmainstall.sh (Linux).
b. Accept the default values by pressing Enter for all prompts except
Step 9 (Test Connection).
c. In Step 9, enter the address and port for your database,
and run the test.
3. This installation upgrades the CMA Tomcat application server to version
9.0.70.
-Upgrade CMS
1. Copy the CMSInstall.jar file to the CMS installation directory.
2. unjar CMSInstall.jar: jar -xf CMSInstall.jar.
a. Execute cmsinstall.bat (Windows) or cmsinstall.sh (Linux).
b. Accept the default values by pressing Enter for all prompts.
3. This installation upgrades the CMS Tomcat application server to version
9.0.70.
MFCC-7536
When running a high volume of ADLS GEN2 transfers, transfers may fail with a
"Connect Timeout" or "Receive Timeout" error.
MFCC-7522
The Collector stops collecting audit records from a server when a parsing error
occurs for an audit record.
MFCC-7520
Large Azure Blob transfers fail with a token authorization error after 60 to 90
minutes.
MFCC-7517
No options are provided to define AWS regions that are not in the
"Amazon S3 Region" drop-down box.
MFCC-7514
When transferring ADLS Gen2 files, the number of AD token renewals are
reduced.
MFCC-7506
When a user access the Platform Server Node, Platform Server Profile, or
Platform Server Responder profile pages, the following error message is
displayed in catalina.out:
"Cannot read the array length because "<local3>" is null".
MFCC-7495
When a user is checking alerts for a Platform Server transfer, the following
error message is displayed in catalina.out:
"AlertActionProcessorJMS.doAlertAction: Caught an exception while retrieving
alert definition or audit info. Skip this field (VirtualAlias,FTPAlias)".
MFCC-7492
When users log into the Internet Server transfer page, the users are not
notified that their password expires soon.
MFCC-7472
When using a database connection with SSL=YES, users are unable to enable and
test FIPS.
MFCC-7457
When a scheduler request fails, users are not notified that the scheduler job
failed.
MFCC-7454
The AllowUserDefinedJavaClasses web.xml parameter is added to restrict
user-defined Java classes from being configured or executed.
The valid values are:
True: User-defined Java classes can be configured and executed from
the scheduler and alerts
This is the default value.
False: User-defined Java classes cannot be configured and executed.
MFCC-7453
The AllowCustomServerDefinition web.xml parameter is added to restrict the
following actions:
- user custom servers from being configured.
- transfers executing on a previously defined custom server.
The valid values are:
True: Custom servers can be configured and transfers can execute to a
Custom server.
This is the default value.
False: Custom servers cannot be configured and transfers cannot
execute to a Custom server.
MFCC-7451
The database password and encrypt key environment variables are not cleared
before creating child processes.
MFCC-7447
Tomcat is upgraded to version 9.0.70.
MFCC-7417
When using a FileZilla SFTP client, SharePoint downloads are slow.
MFCC-7415
When the Server definition "disable flag" is selected, users are still able to
transfer files.
MFCC-7413
In the Browser transfer page, when a user attempts to add an SSH-RSA Public
Key, the request fails with the "invalid data type" error.
MFCC-7411
The following Trace message is incorrectly written to catalina.out:
"JMSTransferHandler.process: authenticating xxxxxx".
MFCC-7399
The Comtblg.dat and Comtblg.cp037 translation tables do not convert EBCDIC tab
(0x05) to ASCII tab (0x09).
MFCC-7204
When using Java 13 or higher, ADLS Gen2 uploads and SharePoint renames fail.
MFCC-6838
When transferring files with a target SFTP Server, no option is provided to
trust all SSH Keys when multiple servers are behind a load balancer.
MFCC-6257
SharePoint Servers do not support HTTP Proxy servers.
MFCC-5644
Google Storage and ADLS Gen2 storage do not support HTTP Proxy servers.
================================================================================
Closed Issues in 8.4.2_HF-003
MFCC-7404
SFTP downloads from target SharePoint servers fail with the
following error message:
"Failed to read file".
MFCC-7392
If FileShare is disabled and Mailbox is enabled, user self-registration fails.
MFCC-7391
SFTP transfers are not restricted when the User definition "Client Protocols
Allowed" parameter is set to "Platform Server".
MFCC-7385
When using a REST call to update a Transfer Service, the service parameters
revert to default MFT configuration.
MFCC-7379
If any UNIX permissions are provided on the Transfer definition and
the Azure Server definition authentication is set to "Active
Directory" or "Manage Identity", transfers to Azure ADLS Gen2 fail.
MFCC-7360
jAdaptive Maverick Legacy Client and Server is upgraded to version 1.7.48.
MFCC-7352
Tomcat server is upgraded to version 9.0.68.
MFCC-7297
z/OS record delimiters are lost when sending RECFM=V(B) files from Platform
Server for z/OS to Internet Server to a target Platform Server for z/OS.
To enable this capability, set the following parameters:
- Set "Transfer Definition > Client Permissions >
Allow FTP Site/Platform Server Pass Through" to "Yes".
- Set this Platform Server for z/OS process parameter: MAINTAINRDW=YES.
- Ensure the transfer is a binary transfer with no delimiters specified.
Note: This only works when sending datasets with RECFM=V or RECFM=VB.
Do not specify the MAINTAINRDW parameter when transferring RECFM=F
or RECMF=FB files.
MFCC-7281
The Admin Command-Line Interface "Delete Protocol Public Key" fails to delete
the server public key.
MFCC-7280
The Admin Command-Line Interface "Get Protocol Key" action fails to return
the Protocol public key.
MFCC-7237
If an error occurs while inserting the Audit record, retry the Audit insert
request with a wait between each request.
The following new web.xml parameter are added to define the number of
tries and the retry interval:
AuditRetryCount Valid Values: 1 to 10, Default=5 tries
AuditRetryWait Valid Values: 1 to 10, Default=5 seconds
MFCC-7220
Create an environment variable for the Keystore Password that overrides the
"keystorePass" value in server.xml.
The following formats are supported:
--Encrypted password (using the MFT clouddbconfig utility)--
export COM_TIBCO_MFT_CE_KEYSTORE_PWD=wDzQ89Of30Q7csFEc4nTq8O7vgI=
export COM_TIBCO_MFT_CE_KEYSTORE_PWD=$PWD:wDzQ89Of30Q7csFEc4nTq8O7vgI=
--Base64 Encoded password--
export COM_TIBCO_MFT_CE_KEYSTORE_PWD=B64:Y2hhbmdlaXQ=
--Clear Text password--
export COM_TIBCO_MFT_CE_KEYSTORE_PWD=CLR:changeit
MFCC-7208
When the transfer definition Server File Name is defined as a UNC
(that is, starts with \\...), transfers to a Windows OpenSSH SFTP server
fail. To enable transfers to a UNC, define the transfer definition Server
File Name in the following format:
UNC://uncname/directory/file
MFCC-7205
Uploading Files with ".docx" extension to the Microsoft SharePoint server fails
with the following error message:
"The upload session was not found. Error in uploading last chunk(s): File has
not been uploaded completely".
MFCC-7202
Create an environment variable for the database password that overrides the
DBPass value in web.xml.
The following formats are supported:
--Encrypted password (using the MFT clouddbconfig utility)--
export COM_TIBCO_MFT_CE_DB_PWD=j3HT8p5ZuV3S9/Mnb12Qpnj3/Uo=
export COM_TIBCO_MFT_CE_DB_PWD=PWD:j3HT8p5ZuV3S9/Mnb12Qpnj3/Uo=
--Base64 Encoded password--
export COM_TIBCO_MFT_CE_DB_PWD=B64:YWJjMTIz
--Clear Text password--
export COM_TIBCO_MFT_CE_DB_PWD=CLR:abc123
MFCC-7189
When promotion requests are configured to use REST v4.1, these requests fail
with the following error message:
"UnrecognizedPropertyException: unrecognized field "dateLastProcessed"".
MFCC-7174
The "Admin Changes" page does not track deleted PGP public keys or
Protocol public keys.
MFCC-6918
When the user authentication option is set to certificate and password,
the Audit details "Client Authentication Method" for Browser and FTPS clients
are incorrectly displayed.
MFCC-4493
When the upload window is closed during a transfer, active transfers are not
visible when the upload window is reopened.
================================================================================
Closed Issues in 8.4.2_HF-002
MFCC-7224
After installing MFT Internet Server version 8.4, when a user downloads a file
greater than 2GB from an SFTP server, the download fails.
MFCC-6843
An enhancement is made to the custom server to generate an error message when
a transfer fails.
MFCC-6831
The Recaptcha settings can be bypassed for "Password Reset", "Self Register",
and "Forgot User" requests.
MFCC-6830
The Password Reset emails are sent even when the Global "Allow User to Reset
Password" parameter is set to "No".
MFCC-6736
When a Platform Server Transfer definition configures the Schedule Date,
the date cannot be removed.
MFCC-4493
When the upload window is closed during an active upload transfer, users
are experiencing issues on the browser transfer client.
================================================================================
Closed Issues in 8.4.2_HF-001
MFCC-6828
Add Transfer requests can fail with the following error message:
"Unknown Column userDefinedData".
MFCC-6827
Department Admin is unable to view or create Scheduler Jobs or Calendars.
MFCC-6826
When a transfer to a target AS2 server is redirected, the transfer fails with
the following error message: "Proxy returned: HTTP protocol error. 302 Moved
Temporarily, | Failed to transfer file".
MFCC-6761
Additional validation is added to the DB Reports servlet.
MFCC-6755
The following message is displayed many times in the Command Center
catalina.out: "Internet Server Error: DBPwdEncrypt.decrypt - debug dnipwd,
empty value, idx of 0x00: 0".
MFCC-6754
When Transfer definitions are created through the 8.2 or 8.3 CLI, updating
the Transfer definitions through the Admin "Update Transfer" page fails with
the following error message:
"You entered an invalid Max Message Size".
MFCC-6748
File token #(HLQ) resolution changes from all but the last qualifier of the
file name to only the first qualifier of the file name.
MFCC-6747
The Apache Xalan Java XSLT library is removed from the distribution.
MFCC-6746
When the Mailbox server attempts to delete a file from a Platform Server
defined as TLS or Tunnel, the delete fails with either of the following error
messages:
"You are trying to connect to secure port",
"Error communicating with remote partner".
MFCC-6742
When a mailbox attachment file name contains an ampersand sign (&), the request
fails with the following error: "Unable to connect to server".
MFCC-6740
Poi and poi-ooxml is upgraded to version 3.17.
MFCC-6737
When a network error occurs on an Internet transfer initiated by JMS or the
Scheduler, the transfer can go into an infinite loop and utilize excessive CPU.
MFCC-6735
The Command Center "Activity > Internet Transfer > Active Transfer Details"
page does not display a value for "Bytes/Second".
MFCC-6732
When an admin user is locked out from Internet Server, the same admin user
cannot unlock the user from Command Center using ReleaseAllLocks.
MFCC-6726
If recaptcha is not configured, then the recaptcha javascript file is
not downloaded from google.
MFCC-6719
Add and Update PGP public key rest calls fail when the PGP key does not contain
any headers such as version or comment
MFCC-6717
When the desktop client was built and installed on a previous version of MFT,
the desktop and desktop-install pages will hang when the "Install" button is
clicked after installing MFT hotfix 8.4.2_HF-001 or above
Note: Resolution of this issue requires manual intervention.
There are two ways to resolve this:
1. Follow the instructions to rebuild the desktop client
2. Edit file: <MFT-Install>/server/webapps/cfcc/client/install.html
Change Line 10 to: (jquery version changed from 3.5.2 to 3.6.1)
<script type="text/javascript"
src="../public/libs/jquery/jquery-3.6.1.min.js"></script>
MFCC-6716
The REST upload fails if both User and System trace levels are set to
"No Tracing" or left blank.
MFCC-6713
After installing MFT version 8.4, users are unable to update the "Usage" and
"User Type" fields in the User definition.
MFCC-6708
When an LDAP user login fails, the error message is displayed in the
login trace file.
MFCC-6704
Antivirus checking fails when using Sophos ICAP interface.
MFCC-6696
Spring framework is upgraded to version 5.3.21.
MFCC-6690
SSH and Platform Server client logins ignore the users defined in the
web.xml DenyLoginIds parameter; users are locked out and and lockout
emails are sent.
MFCC-6689
When upgrading MFT from version 8.2 and using Postgres, the column
Files.Aux1 is incorrectly set to a 64-byte field instead of a
256-byte field.
MFCC-6688
When the browser selects the Swedish language, dates are displayed in
Portuguese.
MFCC-6684
When Command Center executes on Java 8 and Internet Server is running
a very high volume of transfers, Command Center can get
Out Of Memory exceptions.
MFCC-6676
The clouddbconfig script has a typographical error in valid values for
driver type.
MFCC-6673
When the server definition is updated, the server cache is not updated.
MFCC-6667
When User Profile is updating through the CLI, the request terminates
with an error.
MFCC-6666
On the FileShare Client, when the path is too long to display, the
Paths drop-down box does not display the directory list.
MFCC-6664
jQuery-ui is upgraded to version 1.13.1.
MFCC-6661
When a user logs in and changes their password through FileShare/Mailbox
client, after the user changes their password and presses "Home", they
are incorrectly redirected to the Password Change page.
MFCC-6654
On the Manage Scheduler Jobs page, the mouseover for currently
executing jobs does not work.
MFCC-6652
The Change Password page on the Admin pages displays the following
message:
"Your password will expire in null days"
MFCC-6596
SAML logins do not check the token validation time.
MFCC-6593
When a Transfer Service (Platform, SSH, FTP) uses a Protocol System
key name that contains an ampersand sign (&), the database config
record is updated correctly, but the "Configure xxxxxxx Server" page
shows the System key as "Use Default".
MFCC-6586
When Lockout Contention is set to "IS to IS" or "Both", Command Center
does not display Internet Server lockouts.
MFCC-6553
When uploading large files to a target Sharepoint server, excessive
memory is used.
MFCC-6486
Connectivity to third-party Amazon S3 compatible storage fails.
MFCC-6063
When the #(NoDrive) token is used to create a folder on a target
SharePoint Server, upload transfers failed with the following error
message:
"Failed to transfer file: /NewFolder/filename; ERROR FROM PROXY SERVER.
URI template of the newly created target must not be null..."
MFCC-4941
Admin REST calls do not include the capability to create, update, retrieve,
or delete Alerts.
Note: The Alert rest calls use REST version V4.2.
================================================================================
Issue/Introduction
TIBCO Managed File Transfer Command Center/Internet Server 8.4.2 hotfix HF-005 is now available