TIBCO(R) Order Management 5.1.0 Hotfix-007 is now available

This hotfix can be downloaded from the TIBCO Support Web User Interface using your username and password for the TIBCO Support Web. Once logged in, you can find the hotfix under the Downloads Menu: "AvailableDownloads/ActiveFulfillment/5.1.0/Hotfix-7"

Files available for download:

TIB_om_5.1.0_HF-007_readme.txt
TIB_om_5.1.0_HF-007.zip
TIB_om_5.1.0.md5
TIB_om_5.1.0_HF-007_readme_addendum.pdf    

Please take a look at the Readme file for the instructions on how to apply the hotfix.

================================================================================
Closed Issues in 5.1.0_HF-007 (This Release)

AF-14585
Users belonging to "ROLE_USER" can submit orders wrongly, as only users belong 
to "ROLE_ADMIN" have order submission rights.

AF-14571
You cannot create custom roles for users, only admin roles or user roles are possible.

AF-14570
When using LDAP, you cannot publish or submit the order with the tenant ID as "TIBCO".

AF-14551
The Order Management System UI fails to show the order plans and an unexpected 
error occurs on the UI.

AF-14532
The missing drop-partition script for the archival database is added.

AF-14524
If the user created in Active Directory logs in with roles other than 
ROLE_ADMIN or ROLE_USER, the configurator UI fails to load.
    
AF-14515
You cannot use an email id as a user name in an existing Authorization service. 

AF-14492
On the Order Management System UI, "Plan-Item Status" filter had only "ERROR" value. 
This has been fixed with other values such as ERROR_HANDLER, EXECUTION.

AF-14428
When you set the value of "enablePurgeCompleteOrder" to true, the entry from 
the "order_amendment" table is not purged.

AF-14255
An unexpected execution plan occurs after the third amendment.

AF-14253
If some changes have been made to order details, order cannot be canceled.

AF-14252
After multiple amendments, an irrelevant error message is thrown.

AF-14145
When you send an amendment request, a null point exception is thrown and the
amendment plan generation fails.

AF-14142
Support for Red Hat Enterprise Linux Server x86‐64 version 8 has been added in this 
release of Hotfix.

AF-14131
After the fourth amendment, plan items and dependencies are missing from the plan.

AF-14129
Order Lock is not released after an Offer and Price Design (OPD) failure in the amendment.

AF-14127
The request to override the "owner" element in planItemExecute does not work as expected.

AF-14125
As sanitation of hazardous characters is not performed correctly on user input, a hacker can 
steal or manipulate customer sessions and cookies, and use this information to 
impersonate a legitimate user.

AF-14124
As sanitation of hazardous characters is not performed correctly on user input,
it is possible that a naive user can expose sensitive information such as username,
password, credit card number, and social security number.

AF-14123
Web application programming or configuration is not secured.
As a fix, change the session identifier values after login.

AF-14122
Sensitive cookies are leaked with improper, insecure, or a missing SameSite
attribute.
As a fix, review possible solutions for configuring the SameSite Cookie attribute
to the recommended values.

AF-14121
As the web server or application server is configured in an insecure way, it is
possible to retrieve information about the site's file system structure, which can
help
the attacker to map the website.
As a fix, issue a "404 ‐ Not Found" response status code for a forbidden resource,
or remove it completely.

AF-14120
As the web server or application server is configured in an insecure way, it is
possible to upload, modify, or delete web pages, scripts, and files on the web
server.
As a fix, disable WebDAV or do not allow HTTP methods that are not needed.

AF-14119
Temporary files are left in the production environment exposing the application
logic and other sensitive information such as user names and passwords.
As a fix, older versions of files are removed from the virtual directory.

AF-14101
When you start the Order Management System UI with the level set to "INFO"
in OMSUILog4j.xml, the OMSUI starts but some warning traces remain.

AF-14099
A dependency error occurs after you amend an order for the fourth time.

AF-14096
The SubmitOrderRequest fails on validation while mapping the linkID on the
OrderLine level. The OrderService WSDL file is updated and DB upgrade scripts
are introduced as a fix to this.

AF-14093
An unexpected error occurs when amending an order line.

AF-14080
PostgreSQL 9.6.x versions are deprecated from this hotfix release.

AF-14036
The Jeopardy system throws "Unable to acquire lock" error.

AF-13966
The Swagger documentation for the DataService API is updated to mention that 
the OrderRef or OrderId is mandatory.

AF-13964
An unexpected error occurs while invoking the data service with 
the TIBCO ActiveMatrix BusinessWorks™ 5.13 SOAPOverJMS protocol.

AF-13495
Readme files are added for each service to enhance the documentation.

AF-13169
To resolve the out-of-memory issue, the MinRAMPercentage and MaxRAMPercentage
jvm parameters are now exposed.

AF-11953
The "Cross‐Site Scripting" issue is identified in the vulnerability report.

AF-10286
When the "error handler" is set as internal and "retry failed" as true, the PlanItem 
goes in error immediately and the retry mechanism of the plan item does not happen.

AF-9225
Support for Oracle Data Guard and multiple database addresses in the 
jdbc url has been added.
================================================================================