Well guys I hit an odd thing where I went to go put somethin...

[Toby Mills]

Well guys

I hit an odd thing where I went to go put something in My Content after upgrading and got a security error saying I was trying to mess with ~otheruserbesidesme in the path name.

Its hard to get the new interface to show your user ID and the full paths so I went to legacy view to get these screenshots:

Ilias worked at this site before I did and hasnt signed in here for a while. But on signin - somehow Im getting pointed to his ID.

 

When I try to right-click and check Properties I get a security error:

 

Ive never seen it get confused like that.

I thought maybe somehow I was logged in as Ilias but nope - Im logged in as me:

 

Also checked to make sure my name was on the right user ID and it is.

Wanted to pass this along as something to watch out for.

I feel like Ill need to open a case around this, but really we dont use the My Content to speak of, so its not terribly important to me.

Let me see what I can collect and Ill try opening a case tomorrow if I cant find a good easy fix (as opposed to me manually messing with the repository).

[Toby Mills]

Some news. On Signin, Errors in my event log right after the config parameters are done listing and you get the message about

Done deleting old logs and traces

[2022-01-04 20:49:12,208] ERROR [ajp-nio-127.0.0.1-8009-exec-14:IBFSPersistenceHelper] toby.mills - ipAddr= 192.22.1.16 UrlID= URL0 URL= "http://devmachine8c1.local/ibi_apps/service/wf_security_check.jsp"

[2022-01-04 20:49:12,208] ERROR [ajp-nio-127.0.0.1-8009-exec-14:IBFSPersistenceHelper] toby.mills - Failed to execute: IBSSResourceDB.hierarchicalQueryCTE

javax.persistence.PersistenceException: Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.7.8.v20201217-ecdf3c32c4): org.eclipse.persistence.exceptions.DatabaseException

Internal Exception: com.microsoft.sqlserver.jdbc.SQLServerException: Incorrect syntax near 'ur_subordinates'.

Error Code: 102

Call: WITH RECURSIVE ur_subordinates AS (SELECT ID, CASCADEINCLUDES, CASCADESERVER, LINKID, NAME, OWNERID, OWNERTYPE, PARENTID, SHARES FROM UOA_RESOURCES WHERE PARENTID = UNION SELECT u.ID, u.CASCADEINCLUDES, u.CASCADESERVER, u.LINKID, u.NAME, u.OWNERID, u.OWNERTYPE, u.PARENTID, u.SHARES FROM UOA_RESOURCES u INNER JOIN ur_subordinates s ON s.ID = u.PARENTID) SELECT * FROM ur_subordinates

bind => [1 parameter bound]

Query: ReadAllQuery(name="IBSSResourceDB.hierarchicalQueryCTE" referenceClass=IBSSResourceDB sql="WITH RECURSIVE ur_subordinates AS (SELECT ID, CASCADEINCLUDES, CASCADESERVER, LINKID, NAME, OWNERID, OWNERTYPE, PARENTID, SHARES FROM UOA_RESOURCES WHERE PARENTID = UNION SELECT u.ID, u.CASCADEINCLUDES, u.CASCADESERVER, u.LINKID, u.NAME, u.OWNERID, u.OWNERTYPE, u.PARENTID, u.SHARES FROM UOA_RESOURCES u INNER JOIN ur_subordinates s ON s.ID = u.PARENTID) SELECT * FROM ur_subordinates")

 

Some research suggests maybe the query is incorrect, but if that were true, Id expect this to be a bigger deal.

Ill see if I can locate a good trace to turn on to see if I can get more info.

If anybody has ideas about the EclipseLink-4002 with an Error Code of 102, let me know.

Ive tried stopping all services on all clients and then wiping tomcats work localhost folder to make the webapp redeploy. No help there.

Checking our QA environment, I see the same error.

I wonder if theres something going on with our Servlet filter we use for authentication (authorization comes from WFRS Custom SQL provider). I should undo that security and see if this still occurs.

If you have put on the .06, would one of you guys look in your event.log to see if you also get this error It may be related to me getting the wrong users My Workspace since the errors talk about heirarchy

Thanks!

[Brian Baird]

Hi Toby, Ive just updated our dev environment and see similar behavior. In my case, I see lots of My Content folders.

 

image.png190293 8.79 KB

 

 

image.png1846765 76.2 KB

 

Im going to raise this with TIBCO and suggest you do the same

Many Tanks

Brian

[Toby Mills]

Thanks Brian

Im finally done with meetings and able to get back to this. I tried a few variations to see if I could get this to go away but no luck.

Our My Workspaces are swapped between 2 of us.

Were lucky that this is not bothering the rest of my testing so far. Our domain tree looks normal.

But the my content part is a drag for now.

Ill post here if I get any info thats helpful.

Time to package up files for a case.

Case opened Log files uploaded.

[Toby Mills]

I heard back from support today. They say this is a known issue and theyll be linking my case to others.

Ive asked if the division has an ETA on it (they probably dont) and if they can tell whether this is an upgrade issue as opposed to a fresh install.

[David Hall 5]

We discovered other issues along with what you are describing. One of the main issues is that all users can see all my content folderrs. We opened a case on this. The event logs show some problems with a few of the Webfocus Jar files

We were told by the Gold support staff on our bi-weekly call that this is a known issue and the offending code has been identified. We were also told this would be delivered via an 8207.28.07 release. (not to be confused with the 8207.0.hotfix04 that was posted today.

This release is supposed to be available the first part of next week

[David Hall 5]

On a related issue, we did a side by side comparrison of 8207.28.04 (that had not been upgraded) to one that had been upgraded to 8207.28.06. Problem was introduced in the 8207.28.06 release.

For those interested, on the WFRS side of things the log4j files in the ibi/home directory now have the version number removed from the file name.

[Toby Mills]

Thanks for the info on the timing of a release David.

Adrian told me yesterday he didnt have a time yet.

He also told me that the error would appear whether I did an upgrade or fresh install so no point in doing the fresh install I was going to try.

Not looking forward to reinstalling and reconfiguring our custom servlet filter, but Ill be happy to have the new one. I wonder if theyll package the apache log4j 2.17.1 as long as theyre at it Thatll get us past all 4 of the recently identified vulnerabilities if they include that.

[Warren Hinchliffe]

We were told today in our weekly support meeting that 8207.28.07 will be out this week or early next week.

[Toby Mills]

Cool deal. More installs to do.

Support told me that they already have the fix done and theyre just waiting on getting it packaged up. Sounds like thatll be soon.

[Warren Hinchliffe]

Just got the 8207.28.07 notification.

It has this fix in it.

CLRPT-3234

Multiple instances of My Content folders appear after upgrading to TIBCO WebFOCUS 8207.28.06.

[Warren Hinchliffe]

This is very confusing.

Is it a hotfix or a release

 

8207-28-07.PNG429930 63.6 KB

[Toby Mills]

I agree - the release notes sure make it sound like its supposed to have all the parts were waiting on, and it looks like the My Content issue related to 8207.28.06 has been addressed:

 

 

Closed Issues in 8207.28.0_HF-007 (This release)

CLRPT-3234

Multiple instances of My Content folders appear after upgrading to TIBCO WebFOCUS 8207.28.06.

 

And its telling us that it contains log4j 2.17.1 which we want.

Maybe they just put the real release out under the hotfix area

It sure appears by the readme that this is something with an installer:

 

image.png892477 13.8 KB

 

No lengthy description of individual jars this time.

Do you think they mean that Im on 8207.28.06 now, and this hotfix with the installer is going to get us to 8207.28.07

Sure sounds like its got the parts I need. I guess Ill just try downloading it and running the installers on on VM to see what happens. Gotta wait till tomorrow to get a snapshot of my VM before I try this. 10 machines to update again

[Warren Hinchliffe]

I downloaded the reporting server tar file (TIB_wf-rs_8207.28.07_linux26_x86_64.tar) and check the gen number.

Its a later gen that my 8207.28.04 install.

This leads me to believe there is a hotfix and a new release.

[Charles Morris 2]

does it strike anyone else that it seems like there are way more issues/hotfixes/hotfixes for hotfixes being released in the last year than previously Im not sure how anyone supporting a production environment even keeps up with it. Wonder what happened to QA

[Toby Mills]

I think we should try to understand what the word Hotfix means. I think in the past, this meant something less than a complete release. David and JNC have been around the business end way longer than me.

My understanding was that there were releases and these had installers. hotfixes on the other hand, were patches made to the existing releases. Generally speaking, the hotfixes were pretty targeted to a particular set of issues that were of high enough priority to try to get a fix out quicker to the customers that were affected. It was not unheard of to have these be individual files where we had to unjar, copy some file in, then re-jar the applications.

Seperately there are Private Fixes that are made specifically for certain customers needing certain things.

But releases were pretty straightforward. Youd be on 8007 and upgrade to 8009 or you might be 8007 with various hotfixes applied (Im trying to remember some of my customers setup).

Currently, its hard to tell whats what. It seems like maybe the idea is that 8207.28 is the major release. Any subsequent patches become hotfixes and end up after the .28. The hotfixes might be jar files to copy in manually, or they might have installers as the .06 release was. This newest thing (.07) being called a hotfix uses an installer too.

Itd be nice to have TIBCO just tell us that the numbers following the .28 represent hotfixes - or just make them a new release. When you go to the product download page, I think this should say you get the .07 release - presently it still says .06.

The way its being done now is not real intuitive (at least for me old brain).