Hardware Management Console Readme For use with HMC Version 10 Release 3 M1051 Date: 24 May 2024 (C) Copyright International Business Machines Corp., 2024 All rights reserved. Contents <#ibm-content> The information in this Readme contains the fix list and other package information about the Hardware Management Console. * PTF MF71687 <#MF71687> * PTF MF71688 <#MF71688> * Package information <#package> * Fixes included <#fixes> * Known issues and limitations <#known> * Best Practices <#best> * Installation <#install> Terminology *x86* - This term is used to reference the Intel hypervisors (KVM, VMWare, Xen) on which Virtual HMC can be installed. *Note*: HMC V10R3 release for x86 is not supported on bare metal (7042 hardware appliances). *ppc64 or ppc64le* - describes the Linux code that is compiled to run on Power-based servers or LPARS (Logical Partitions) PTF MF71687 HMC V10 R3 M1051.2 – for vHMC for x86_64 hypervisors (5765-VHX) This package represents an interim fix for HMC V10 R3 M1051 for vHMC on x86_64 hypervisors. You can also reference this package by APAR MB04452 and PTF MF71687. This PTF can be installed on HMC V10 R3 M1051. *Note:* This PTF supersedes MF71685. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# MF71687_x86.iso 3571095552 7bcc414b9d5ee3cbb25256ac9353c02b259f17ca MB04452 MF71687 Splash Panel information (or lshmc -V output) "version= Version: 10 Release: 3 Service Pack: 1051 HMC Build level 2405060155 MF71687 - iFix for HMC V10R3 M1051 ","base_version=V10R3 " PTF MF71688 HMC V10 R3 M1051.2 – for 7063 Hardware or vHMC for PowerVM (5765-HMB) This package represents an interim fix for HMC V10 R3 M1051 on 7063 machine type or vHMC for PowerVM. You can reference this package by APAR MB04453 and PTF MF71688. This PTF can be installed on HMC V10 R3 M1051. *Note:* This PTF supersedes MF71686. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# MF71688_ppc.iso 3560822784 33bcea6b8cd55d5bf2e9be09f87f0b394e634b7b MB04453 MF71688 Splash Panel information (or lshmc -V output) "version= Version: 10 Release: 3 Service Pack: 1051 HMC Build level 2405060155 MF71688 - iFix for HMC V10R3 M1051 ","base_version=V10R3 "" General fixes * Fixed an issue causing the GUI partition Virtual networks page to fail to launch with the error "/Error launching task an internal error occurred. Please contact your service administrator. [Cannot invoke "java.util.List.iterator()" because "networkBridges" is null]/". * Fixed an issue causing the HMC REST API to return status 401 (unauthorized) instead of status 503 (service unavailable) while the HMC is initializing after an HMC restart. * Fixed an issue preventing the icmp firewall rule from being added or removed using the chhmc command. * Fixed the Call home management outbound connectivity test to show the IP addresses obtained from using DNS resolution of esupport.ibm.com. Known Issues and Limitations * Dates, times, and numbers on the GUI Performance dashboard are shown in the format based on the HMC language instead of the browser language. * If log in to the HMC GUI is failing with this error for LDAP or auto-managed users: /Error: "Logon Error: Invalid credential or Timeout. Please try again after some time, if it repeats, please follow troubleshooting steps from IBM support."/ Use the following troubleshooting steps: Check whether the user is LDAP or auto-managed authentication type. If so, run the following command to change the LDAP configuration: o chhmcldap -o s --timelimit 30 --bindtimelimit 20 If log in to the GUI still fails, run the following command: o chhmcldap -o s --timelimit 30 --bindtimelimit 10 Best Practices * User sessions - The following best practices helps avoid performance degradations gradually over a period of time due to increased login sessions as well as security vulnerabilities such as unauthorized access to the active HMC sessions. o It is a best practice to logoff from HMC UI and then close the browser tab instead of directly closing the tab o Set Idle session timeout for all the users and not leave the timeout as '0' which leaves it as no timeout. **Previously released fixes also included in this PTF: * * *MF71685/MF71686* 04/04/24 * Fixed a rare issue that can cause an Enterprise BMC-based managed system to transition into Incomplete state instead of Recovery state. * Fixed an issue preventing the user from updating the password for a new Enterprise BMC-based system and transitioning it out of Pending Authentication state on the HMC. This issue occurs if the user waits longer than 30 minutes after connecting the system to the HMC before updating the password. * Fixed an issue that caused the entire GUI screen to go blank after a Delete Partition operation completed. * Fixed an issue that caused the Partition Virtual networks -> Adapter(s) -> Create Trunk Adapter panel to fail to load for an IBM i partition when no virtual networks exist. * Fixed an issue that caused the setting of the inband BMC credentials for a Power HMC 7063-CR2 to fail when the password is expired. * Fixed an issue that sometimes causes wrong or missing (NA) source VIOS names to be shown in Virtual SCSI mappings and Virtual FC mappings on the Edit Migration Settings GUI panel. * Fixed an issue causing SRC E35F0010 to be called home. * Fixed Java vulnerabilities: CVE-2024-20918, CVE-2024-20921, CVE-2024-20945, and CVE-2024-20952 * Fixed Apache Tomcat vulnerabilities: CVE-2024-23672 and CVE-2024-24549 * Fixed libxml2 vulnerabilities: CVE-2023-28484 and CVE-2023-29469 * Fixed libssh vulnerabilities: CVE-2023-1667 and CVE-2023-2283 * Fixed SSH vulnerability: CVE-2023-48795 * Fixed nghttp2 vulnerability: CVE-2023-44487 Installation Installation instructions for HMC Version 10 upgrades and corrective service can be found at these locations: Upgrading or restoring HMC Version 10 Release 3 Updating, upgrading, and migrating your HMC machine code Update(s)for HMC V10R3M1051