=============================================================================== Readme file for: IBM Platform Web Services Product/Component Release: 9.1.3.2 SAS Update name: IBM Platform Web Services Update APAR: P103291 Publication date: 4 Nov 2019 Last modified: 4 Nov 2019 This update will fix the problem: Allow users to update some Vulnerable loose jars (names and versions are as below): - Jackson-annotations 2.10.0 - Jackson-core 2.10.0 - Jackson-databind 2.10.0 - ICU4J 64.2 - commons-io 2.6 - httpclient 4.5.10 - httpcore 4.4.12 =============================================================================== ========================= CONTENTS ========================= 1. Abbreviations 2. About IBM Platform Web Services for SAS 3. Supported operating systems 4. Products or components affected 5. Installation and Configuration 6. Copyright ========================= 1. Abbreviations ========================= N/A ========================= 2. About Platform Web Services ========================= IBM Platform Web Services (Platform Web Services) is a web application launched by SAS on the SAS tc Server, which provides RESTful web services APIs to monitor and control LSF jobs, hosts, and queues, manage Platform Web Services'users and permissions, and audit user actions. ========================= 3. Supported operating systems ========================= RHEL 5/6/7 64-bit SLES 10/11 64-bit Windows Server 2008 32-bit and 64-bit Windows Server 2008 R2 64-bit Windows 7 32-bit and 64-bit ========================= 4. Products or components affected ========================= platform/WEB-INF/lib/commons-io-2.6.jar platform/WEB-INF/lib/httpclient-4.5.10.jar platform/WEB-INF/lib/httpcore-4.4.12.jar platform/WEB-INF/lib/icu4j-64.2.jar platform/WEB-INF/lib/jackson-annotations-2.10.0.jar platform/WEB-INF/lib/jackson-core-2.10.0.jar platform/WEB-INF/lib/jackson-databind-2.10.0.jar ========================= 5. Installation and Configuration ========================= Specific installation instructions for applying patch (this information should contain, backup of existing modules instructions, use of correct environment variables, syntax to start/stop daemons,etc): 1) Stop PWS 2) Go into the webapps/platform directory 3) Backup and remove the following jar file - platform/WEB-INF/lib/commons-io-2.1.jar - platform/WEB-INF/lib/httpclient-4.1.2.jar - platform/WEB-INF/lib/httpcore-4.1.2.jar - platform/WEB-INF/lib/icu4j-53.1.jar - platform/WEB-INF/lib/icu4j.jar - platform/WEB-INF/lib/jackson-annotations-2.8.1.jar - platform/WEB-INF/lib/jackson-core-2.8.1.jar - platform/WEB-INF/lib/jackson-databind-2.8.1.jar 4) Copy the below jars in this package to the same directory as step #3. - platform/WEB-INF/lib/commons-io-2.6.jar - platform/WEB-INF/lib/httpclient-4.5.10.jar - platform/WEB-INF/lib/httpcore-4.4.12.jar - platform/WEB-INF/lib/icu4j-64.2.jar - platform/WEB-INF/lib/jackson-annotations-2.10.0.jar - platform/WEB-INF/lib/jackson-core-2.10.0.jar - platform/WEB-INF/lib/jackson-databind-2.10.0.jar 5) Start PWS ========================= 6. Copyright ========================= ©Copyright IBM Corporation 2019 U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. IBM®, the IBM logo and ibm.com®, are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.