LOTUSCONNECTIONS.org

Flash alert for WebSphere Application Server concerning a security risk.

And then why post it here , Lotus Connections runs on WAS 6.1.0.13
and thus is vulnerably.

Check out the fix here.

Problem Description:
Customers who have Web based applications, including Web services applications running on WebSphere Application Server, have the risk of an attacker having the ability to display application specific files contained within the war file. In addition, there is a potential risk for customers who are using the WebSphere administrative console with administrative security disabled. Credit to Edward Schaller for disclosing this problem to IBM.

For V6.1.0.11 through 6.1.0.21:

• Apply Interim Fix APAR PK81387
• –OR–
• Apply Fix Pack 23 or later (6.1.0.23 targeted to be available late March 2009).

Think this topic is a bit outdated but just giving it a go to spread the info.

Few months back posted this one, it’s about the errors you get when
specifying  alternate files to upload in a blog. For every file you would
like to upload in blogs you had to specify the MIME type in the WAS console.

Found out that this kind of configuration is not longer required in LC 2.0.1.
Also had this confirmed by the guys of IBM.

In Activities you have the option to send notifications to members
of an Activity. At my company we were a bit confused by the behavior
of the sending of these notification mails.

We had an activity with five members, when sending notification mails
to all the members of this activity the mailing was split in two.

One mail for three members and one for the other two.

The thing that then occurred with the members of that activity was that
they didn’t saw everybody in the “To:” field and started mailing everybody
who was not in the “To:” field.

Raised an PMR at IBM for this one and got a very logical answer for it .

In the QA_MEMBERPROFILE table of the OPNACT database for Activities you will
find a column Locale, this one holds the locale you last used in your browser
to visit the Activities page.

When a notification mail is sent to you it will be in the language set by that locale.

It explained for us why the mailing is split sometimes, some of our have
a Dutch browser, NL, and some use an EN version of their browser.

Not that it’s a solution for the “problem” we got, but eh we have a explanation for this .

(more…)

From my blog @ e-office

One of my colleagues Talitha came with a question to become
owner of an activity. Currently she is replacing Pauline. She allso
needed owner rights on a few activities owned by Pauline.

A while ago I posted my subscription for the LC 2.0 Administering exam.

As can be seen on the screenshot below this mission was completed successful .

About the questions of the exam itself, it was not to hard, there were a lot
of questions about the user registry used by WAS and population of the profiles database.

My thoughts are that if you work daily with Connections you can go through
this exam in a breeze.

Today I registered a date to take the exam of 957 Administering Lotus Connections 2.0.

After some calling with the people of Prometric I could find it under

Date / time

The default behavior for images used in Blog post is to be scaled down to a
maximum of 350px, both width and height, aspect ratio is kept.

This is not really handy for screenshots that are posted on Blogs.

Thanks to the reply of Chris Whisonant at the Lotus Connections forum
I learned how to configure this behavior.

http://www-10.lotus.com/ldd/lcforum.nsf/DateAllThreadedweb/42a2b16da056408bc12575210040b42f?OpenDocument

Made some extra edits so that scaled down images are clickable and a
full version of the image opens in a new window when you click on it.

Tested it with Firefox and IE

Changed the code in the file _day.vm as follow.

/opt/IBM/WebSphere/AppServer/profiles/AppSrv01/installedApps/localhostNode01Cell/Blogs.ear/blogs.war/themes/blog # vi _day.vm

function openImage(item)
{
window.open(item);
}

dojo.addOnLoad(function(){
dojo.query(‘.entryContentContainer img’).forEach(
function(item){

if(item.style != undefined && item.style.width != undefined && item.style.width == “100%”)
return;
if (item.width > 400) {
item.height = item.height * (400/item.width);
item.width = 400;
item.onclick=function(){openImage(this.src)};
item.style.cursor=’pointer’;
}
}
);
});

Since 1 december 2008 IBM released a bunch of new iFixes to fix a diversity of issues within
Lotus Connections 2.0.1.

For the fixes and what they fix see the list below.

Use this url http://www-933.ibm.com/support/fixcentral/ to download these new ifixes.

Fix name:     2.0.1.0-LC-Multi-IFLO35859
Release date:     22-Dec-2008
Platforms:     AIX, Linux, Windows
Applies to versions:     2.0.1.0
Severity:     20 – High Impact/Medium Probability of Occurrence
Categories:     Function
Abstract:     Profiles: InLine Business card formats poorly in IE, makes the card unusable.

Fix name:     2.0.1.0-LC-Multi-IFLO35655
Release date:     22-Dec-2008
Platforms:     AIX, Linux, Windows
Applies to versions:     2.0.1.0
Severity:     30 – Moderate Impact/High Probability of Occurrence
Categories:     Compatibility
Abstract:     Allow PNG photos for upload to Profiles.

Fix name:     2.0.1.0-LC-Multi-IFLO36131
Release date:     22-Dec-2008
Platforms:     AIX, Linux, Windows
Applies to versions:     2.0.1.0
Severity:     30 – Moderate Impact/High Probability of Occurrence
Categories:     Function
Abstract:     /activities/service/html/autocompletemembers?member needs to return extid

Fix name:     2.0.1.0-LC-Multi-IFLO35840
Release date:     22-Dec-2008
Platforms:     AIX, Linux, Windows
Applies to versions:     2.0.1.0
Severity:     30 – Moderate Impact/High Probability of Occurrence
Categories:     Function
Abstract:     Modification of CSS styles specific to IE to fix dojo dialog to 400px height

Fix name:     2.0.1.0-LC-Multi-IFLO36188
Release date:     20-Dec-2008
Platforms:     AIX, Linux, Windows
Applies to versions:     2.0.1.0
Severity:     20 – High Impact/Medium Probability of Occurrence
Categories:     Function
Abstract:     Communities: IE browser hangs when posting a topic in Community Discussion Forums.

Fix name:     2.0.1.0-LC-Multi-IFLO35860
Release date:     20-Dec-2008
Platforms:     AIX, Linux, Windows
Applies to versions:     2.0.1.0
Severity:     30 – Moderate Impact/High Probability of Occurrence
Categories:     Function
Abstract:     Profiles: Cache issues in widgets and javlin card. When changing browser’s locale setting from English to French, the UI screens displayed in the new language for the current page, and all other future navigation.

Fix name:     2.0.1.0-LC-Multi-IFLO35887
Release date:     20-Dec-2008
Platforms:     AIX, Linux, Windows
Applies to versions:     2.0.1.0
Severity:     30 – Moderate Impact/High Probability of Occurrence
Categories:     Function
Abstract:     Profiles: For non-default ProfileType (for e.g., profileType=test), the page displays default widgets if the ProfileType does not define its own set of widgets.

Fix name:     2.0.1.0-LC-Multi-IFLO35785
Release date:     15-Dec-2008
Platforms:     AIX, Linux, Windows
Applies to versions:     2.0.1.0
Severity:     30 – Moderate Impact/High Probability of Occurrence
Categories:     Data
Abstract:     This is a change to allow the Connections antivirus software to work with Mcafee and Symantec ICAP scanners. Previously, the code only worked for Symantec.

Fix name:     2.0.1.0-LC-Multi-IFLO35784
Release date:     15-Dec-2008
Platforms:     AIX, Linux, Windows
Applies to versions:     2.0.1.0
Severity:     30 – Moderate Impact/High Probability of Occurrence
Categories:     Data
Abstract:     This is a change to allow the Connections antivirus software to work with Mcafee and Symantec ICAP scanners. Previously, the code only worked for Symantec.

Fix name:     2.0.1.0-LC-Multi-IFLO35783
Release date:     15-Dec-2008
Platforms:     AIX, Linux, Windows
Applies to versions:     2.0.1.0
Severity:     30 – Moderate Impact/High Probability of Occurrence
Categories:     Data
Abstract:     This is a change to allow the Connections antivirus software to work with Mcafee and Symantec ICAP scanners. Previously, the code only worked for Symantec.

Fix name:     2.0.1.0-LC-Multi-IFLO35782
Release date:     12-Dec-2008
Platforms:     AIX, Linux, Windows
Applies to versions:     2.0.1.0
Severity:     30 – Moderate Impact/High Probability of Occurrence
Categories:     Data
Abstract:     This is a change to allow the Connections antivirus software to work with Mcafee and Symantec ICAP scanners. Previously, the code only worked for Symantec.

Fix name:     2.0.1.0-LC-Multi-IFLO35377
Release date:     01-Dec-2008
Platforms:     AIX, Linux, Windows
Applies to versions:     2.0.1.0
Upgrades to version:     2.0.1.0
Severity:     30 – Moderate Impact/High Probability of Occurrence
Categories:     Data
Abstract:     There are two problems here, 1) It required the client to provide a ’slug’ header in order to upload a file, which should be optional, so the fix is to make this optional. When slug header is not provided a random file name will be generated. 2) when the slug header is provided, the file separator ‘.’ is missing so, instead of <slug>.extension you get <slug>extension, fix is to add the ‘.’.

Fix name:     2.0.1.0-LC-Multi-IFLO35376
Release date:     01-Dec-2008
Platforms:     AIX, Linux, Windows
Applies to versions:     2.0.1.0
Upgrades to version:     2.0.1.0
Severity:     30 – Moderate Impact/High Probability of Occurrence
Categories:     Data
Abstract:     The problem here is that the feed/entries/atom Atom feed supports tag filtering, however, it only works when ONE tag is provided, if using multiple tags then the filter will fail. This iFix is for supporting mutliple tags filtering.

A while ago IBM released the first IBM
Lotus Connections Administration certification.

Here the link which covers the objectives for the
exam: http://www-03.ibm.com/certify/tests/ovrL957.shtml

They already included a link to the registration area of the prometric website ( http://www.prometric.com/IBM/default.htm ) where you can register for the exam.

But for now I can’t find the 957 exam of Lotus Connections on the prometric website.

A while ago I posted my steps to upgrade DB2 from fix pack 4
to fix pack level 5. As this is an requirement for installing the
Lotus Connections 2.0.1 update.

Finally found some time to upgrade the Lotus Connections setup
at our company. I needed some more planning because our Connections
environment is used more and more by my colleagues at e-office.
What of course is a good cause, away from the Notes databases
up to Lotus Connections .

In my post for upgrading DB2 to fix pack level 5, I assumed that in case
of an upgrade you had to use the full install package of LC 2.0.1  ( C1L0ZML ).

But after reading the post from Luis Benitez about upgrading to LC 2.0.1
I found out that you will have to use other software packages in case
of an upgrade.

- C1L12ML
- Fix LC 2.0.1 + LotusConnectionsUpdateInstaller 2.0.1 + latest iFixes for 2.0.1

Check the PDF doc. for how I got my hands on this software.

Here is the PDF with the steps I took to upgrade our Connections setup
from LC 2.0 fixpack 1 to LC 2.0.1 + all required iFixes for LC 2.0.1.

upgrade-lc-201-linux

One important note for the upgraders is that the upgrade will
overwrite a number of your files in the LotusConnections-Config directory.

Below are the files that changed in my upgrade situation, they
will need some re-configuring after the upgrade.

FILE notification-config.xml
// Overwrites the e-mail addresses configured on whose be halve
// notification mails are sent
FILE profiles-config.xml
// Thing configured like additional profile fields, Sametime awareness,
// first name search are overwritten. Also things like edited labels in
// the property files are overwritten during the update process.
FILE LotusConnections-config.xml
// This files seems to be left intact, all of my entered URLS where kept.