PEM CM v6.2.4 Release Notes
New Features & Enhancements (What’s New)
Known Host Key Grab
Customers can now easily grab and assign known host keys for SFTP Hub to Partner connections through PEM Community Manager (PCM). A new button named Known Host Key Grab is introduced, which gets enabled upon entering Host and Port, which will fetch the Key from remote server and prompt for a name to be used for the Key. The Key would be stored with the name in B2Bi and auto selected in the Known Host Key dropdown in PCM.
The configuration to fetch the Known Host Key needs to be provided in the PCM Configuration File under connectivity section. Refer to Configuring PCM Installation – IBM Documentation for more details.
Enable “Both” as Authentication Type for User Accounts
Customers can now select “Both” in the Authentication Type drop down available in User ID tab of the Configure User pop-up menu for the applicable protocol setups in PCM. This allows customers to create and manage user accounts in B2Bi with an Authentication Type as Both.
The out-of-box PEM Standard Partner_Onboard Activity can now be used to onboard partner, where the user account can be set to Both as the Authentication Type.
Improvised Logout Mechanism for SEAS and CM Profiles
The logout mechanism is improvised for CM and SEAS profiles on the application side. The logout operation now ends the session and invalidates the token, providing a more secure user experience.
Enable/Disable Option for Edit & Upload Feature
Customers can now control the Edit and Upload options in File Transfer Search via a new parameter, edit-and-upload, in the application configuration file. This enhancement provides flexibility to restrict/allow users to access the Edit and Upload option.
The configuration parameter for Edit and Upload is added under the file-transfer -> search with the name edit-and-upload and accepts either true or false. Refer to Configuring PCM Installation – IBM Documentation for more details.
Note: This is relevant for users whose roles include the Edit and Upload module.
Unrestricted Roles in File Transfer Search
Customers can now define roles that bypass user-based filters in the File Transfer Search via a new parameter, unrestricted-roles, in the application configuration file. This enhancement allows roles with lower privileges to access all file transfer search records, regardless of partner assignments. It accepts a comma-separated list of role names. Users with roles specified in this parameter can search through all file transfer records, whereas users with lower privileges can only view transactions related to their assigned partners. Refer to Configuring PCM Installation – IBM Documentation for more details.
Note: This is relevant for users whose roles are not superadmin.
Dis-allow special characters for Partner/Application parameters
In PEM Community Manager (PCM), customers can now dynamically provide special characters to restrict certain protocol parameters based on special characters defined in the application.yml file. Profile Name and Profile ID are universally restricted across all protocols. Protocol-specific parameters like username in B2B SFTP/FTP/FTPS (P2H), As2Identifier in AS2, and username in Mailbox are also validated based on these character restrictions for both Partner/Application modules.
The configuration for disallowed special characters needs to be provided in the PCM Configuration File under cm protocol. Refer to Configuring PCM Installation – IBM Documentation for more details.
SAML Configurations in Helm Charts
SAML configurations are now integrated directly into the Helm charts. It eliminates the need of customization to Helm charts during the deployment of PEM CM application on a SAML profile, making deployments easier and consistent.
Expanded Correlation CLOB Storage in PCM File Transfer Search
The size of the correlation CLOB columns in the PCM file transfer search table is increased from 1 MB to 3 MB allowing broader search criteria. Additionally, all the correlation data is now stored in lowercase for easier access and improved efficiency.
Security Enhancements
Several security enhancements are added. The migration to Java 17 and the upgrade of dependent libraries to ensure compatibility with JDK 17 is part of this. Additionally, Content Security Policy (CSP) headers are implemented to enhance application security.
Business Process Enhancements
The standard file processing core business processes are enhanced to improve the performance of the executions.
Below is the list of Business Process which are modified
| Name | Change Description |
|---|---|
| CM_CoreProcess | The logic is updated to handle metadata for processing Drop Process in Asynchronous mode. The Typing Service is modified to fetch the Typing Map from Property File.
Refer to Setting Up IBM Sterling B2B Integrator – IBM Documentation for more details on configuring Typing Maps. |
| CM_ProcessRules | The logic is included to handle the metadata between sub process for executing PUT services inside Drop Process in Asynchronous mode. |
| CM_Database_LogInfo | The process is changed to build all the activity data and load it to database in a single invocation. |
| CM_Database_LogInformation | The logic is updated to use the activity metadata from the parent process and load it to database. |
| CM_DropProcess | The logic is included to handle the metadata between sub process for processing Drop Process in Asynchronous mode. |
| CM_S_FTP_S_PUT | The process is updated to invoke CM_Database_LogInfo business process for loading metadata to PCM. |
| CM_MailBox_PUT | The process is updated to invoke CM_Database_LogInfo business process for loading metadata to PCM. |
| CM_AWSS3_PUT | The process is updated to invoke CM_Database_LogInfo business process for loading metadata to PCM. |
| CM_FileSystem_PUT | The process is updated to invoke CM_Database_LogInfo business process for loading metadata to PCM. |
| CM_MQ_PUT | The process is updated to invoke CM_Database_LogInfo business process for loading metadata to PCM. |
| CM_CustomScript | The logic is updated to fetch the Script Parameters from PCM Rule Properties. |
| XSTL -> CM_EnvelopeLoad_Status | The XSLT is updated to collect the Error Information and send it back as response. |
Note: The import of the IBM PCM 6.2.4 version Business Process would override your existing business process and hence it is recommended to import only what is required.
KC Changes
1) In the link Configuring PCM Installation – IBM Documentation for the highlighted content in the screenshot below update as
Perform Test Connection, Archive Reprocess and Known Host Key Grab, configure….
2) In the link Partner_Onboard_V1 – IBM Documentation. for the highlighted area, please provide the comment as
UserAccount-> AuthenticationType | Provide the Authentication Type of the account (INTERNAL, EXTERNAL, BOTH) |
3) In the link Setting Up IBM Sterling B2B Integrator – IBM Documentation, add the below point in between point 3 and point 4.
Update Typing Map information in the CM_cache.properties file.
(CM_cache.properties contains the list of Typing Maps that are used to find the Sender ID, Receiver ID and Transaction Types when files are processed by IBM Sterling B2B Integrator through out of box PCM Business Process).
## List of Typing Maps separated by space
TYPINGMAPLIST=CM_Typing_EDI CM_Typing_EDIFACT
4) In the link Configuring PCM Installation – IBM Documentation referenced point 20 content to be updated as provided under updated section below:
Updated section:
20. Set the default time range, max file length and edit and upload for PCM UI file transfer search screen. The following example shows the default values for the required parameters
file-transfer: search: edit-and-upload: false #provide false for disabling/hiding edit and upload button in file transfer search in UI when viewing a file time-range: 24 #Hours, Time range in File Transfer search screen in UI max-file-length: 20 #Default is 10 MB max file size allowed to view |
5) In the link Configuring PCM Installation – IBM Documentation referenced point 7 content to be updated as provided under updated section below:
cm: color: black # Available Themes: red, green, grey, yellow, black #api-connect-enabled: true #This should not be released to precisely protocol: disallowed-special-characters: “!@#:$%^&*()+?,<>{}[]|;\”‘/\\” #We need to add the special characters in double quotes, by default <> are restricted and make sure escape characters are being handled properly
|
6) In the link Configuring PCM Installation – IBM Documentation referenced point 20 content to be updated as provided under updated section below:
Updated section:
20. Provide comma seperated roles to un restrict file transfer search assigned partner-based filter for lower privileged users. The following example shows the default values for the required parameters
file-transfer: search: edit-and-upload: false #provide false for disabling/hiding edit and upload button in file transfer search in UI when viewing a file time-range: 24 #Hours, Time range in File Transfer search screen in UI max-file-length: 20 #Default is 10 MB max file size allowed to view unrestricted-roles: super_admin #Provide comma seperated roles to un restrict file transfer search partner based filter for lower privileged users |
L3 Fixes
L3REQ-62767: PCM Test Connectivity and File Reprocess Feature
Customers can now configure HTTPS-enabled connectivity adapters in Sterling Integrator (SI) and perform connectivity tests from PCM for partners and applications.
L3REQ-63683: PCM Documentation Update
The application.yml and readme application configuration file shared with the package will contain the default value required for cmks validation profile parameter has been added a comment same as the content available in IBM KC documentation for reference.
L3REQ-63688: PCM Decrypt Command Update
The decrypt command in the readme.txt file has been updated for better execution when using Docker, addressing issues reported by users.
L3REQ-63973: Enforcing Controls on Confidential Information
Controls have been implemented to prevent confidential information and PII from being stored in persistent cookies or cached on client systems. This fix is part of the broader CSP headers implementation.
L3REQ-62741: PCM File Transfer Question
The Edit and Upload options in File Transfer Search can now be enabled or disabled using a configurable parameter in the application.yml file, offering better control over file management operations.
L3REQ-63168: PCM User Auth “Both” Option for B2Bi
Customers can now select the “Both” setting from the Authentication Type dropdown in Configure User, allowing for better flexibility when managing FTP, FTPS, and SFTP partner connections in B2Bi.
L3REQ-63935: Cross-frame Scripting (XFS) and Clickjacking Protection
As part of the CSP headers implementation, we have addressed vulnerabilities related to Cross-frame Scripting (XFS) and clickjacking, ensuring the application is not susceptible to these types of attacks.
L3REQ-63939: Internet Facing Information System Issues
Fixes have been implemented as part of the CSP headers implementation to address vulnerabilities in internet-facing systems, enhancing overall security.
L3REQ-63965: PCM pen test issue with User ID accepting special characters
Fix includes new addition to application properties where customer can now provide the special characters to be restricted. The application will restrict the provided special characters for the following fields: Partner ID, Partner Name for all protocols
Partner/Application, B2B FTP, B2B SFTP, B2B FTPS Partner/Application Connected to Hub scenario, Mailbox protocols: Username and As2 Identifier in As2 protocol for partner/organization.
L3REQ-64249: PCM Issue with dataflow setup when using a + only in the File Name box.
Going forward, customers can see a warning message when creating Doc Handling for an already existing MFT flow setup or the other way around asking to confirm: An MFT flow is currently in place, and it takes precedence over Doc Handling flows. Are you sure you want to proceed with setting up a new document handling flow?
L3REQ-63979: PCM Internal error conditions that reveal detailed information regarding the information system must not be displayed to users
Fix includes validation for the required file type for the Import Workflow API from server side where customer will be restricted to only upload files with XML extension.
Known Issues
- Data Flow Reports provides inconsistent results when passing underscore ( _) special character as the input for any of the text fields available in the search criteria in PEM CM UI.
- When deleting B2Bi-FTP, B2Bi-FTPS, B2Bi-SFTP Partner Connecting to Hub,
Application Connecting to Hub setups with ‘Delete mailboxes in SI’ checkbox as selected, all the mailboxes associated with that partner/application will be deleted even if other partners are utilizing the same root mailbox.
- PCM doesn’t support creating AS2 Partner with192 bit AES CBC PKCS5 Padding encryption algorithm due to B2B API limitations.
- Auditing is not enabled for Create Mailbox in SI checkbox in B2Bi-FTP, B2Bi-FTPS, B2Bi-SFTP, Mailbox protocols.
- Auditing is not enabled for Non-Mandatory Fields for SFTP Hub to Partner.
- Customers may face intermittent issues in Oracle while deleting and recreating with the same user account in Partner/Application module where B2B API is being utilized to perform the delete operation.