Manual update of CICS Explorer is required to resolve security risk
CICS Explorer APAR IV20931 resolves a security risk by including an update to the embedded Java™ Runtime Environment (JRE) provided in the standalone CICS Explorer versions for Windows™ and Linux™. This update requires that you manually update the JRE by following the steps in this document to re-install the CICS Explorer to the latest fix level.
The stand-alone versions of CICS Explorer for Windows and Linux (1.0.0, 1.0.1, 1.1.0 and 1.1.1), include an embedded Java Runtime Environment (JRE). For the security APAR IV20931, there is an updated embedded JRE now available in the latest downloads available from the CICS Explorer download sites.
This newer JRE is included in the CICS Explorer with versions 184.108.40.206, 220.127.116.11, 18.104.22.168 and 22.214.171.124 and higher. But, you must manually update the JRE by reinstalling one of these new versions of the CICS Explorer because the on-line update site and the archive from Fix Central are unable to update this component. (Note: You are only required to do the manual re-install once. Subsequent updates to the CICS Explorer from the on-line update site and Fix Central should be successful.)
Refer to Latest version of CICS Explorer and CICS Tools plug-ins for CICS TS V4 or V3 for more information about additional APARs available with these new versions.
Follow these steps to re-install the CICS Explorer to one of these newer versions of the stand-alone CICS Explorer:
- Backup the current CICS Explorer installation (where the executable cicsexplorer.exe is) by either copying it in an alternative folder or into an archive. If upgrading to a new release or modification level (v.r.m.f) of the CICS Explorer, you should also back up your workspace by taking a similar backup of the cicsexplorer folder.
- Remove the CICS Explorer from its current location by deleting the folder or moving (or cutting) it elsewhere.
- Download one of the new versions of the CICS Explorer at your appropriate release level. For example, if you are currently running CICS Explorer V126.96.36.199 and your are unable to upgrade to the latest version (188.8.131.52 or higher) then you should download version 184.108.40.206 (or higher). CICS Explorer versions 220.127.116.11, 18.104.22.168, and 22.214.171.124 (or higher) are available from the CICS Explorer releases no longer available on primary download page and version 126.96.36.199 (or higher) is available on the primary download page at IBM CICS Explorer downloads.
- Extract the new CICS Explorer then it will be ready to use.
- Re-install the appropriate versions of plug-ins for the chosen version of CICS Explorer. See CICS Explorer and CICS tools plug-ins release compatibility reference tables if you need to determine the releases of the CICS tools plug-ins for CICS Explorer that are compatible with the release of the CICS Explorer that you are using.
- Restart the CICS Explorer and ensure that the workspace is as before.
To verify that the updated JRE is in your CICS Explorer, use the CICS Explorer integrated capability to create a zip file containing service data:
- Select Explorer > Trace > Collect Service Data from the CICS Explorer menu.
- Select where to save the zip file.
- Look at the saved zip file the SystemSummary.txt. The java.full.version or java.runtime.version field should include a reference to sr10 in its identifier to indicate the version is at least Service Release 10. For example:
java.fullversion=JRE 1.6.0 IBM J9 2.4 Linux x86-32 jvmxi3260sr10fp1-20120202_101568 (JIT enabled, AOT enabled)
java.runtime.version=pxi3260sr10fp1-20120321_01 (SR10 FP1)
CICS/TS CICS TS CICS Transaction Server