What’s new in PMF9.1 release
Apache Cordova SDK now supports
- Android platform 14.0 and iOS version 18.0
- Cordova Browser 7.0.0
Support for OpenJDK 17.
Support for Android Push on target SDK 34.
Recommended security configuration has been added for enhanced security to customers.
Deployment on Red Hat OpenShift Container Platform (OCP) 4.15
Test Environment
PMF 9.1 release has been tested on the following environments.
| Operating system | Application server | Database |
| Ubuntu 22 | WebSphere Application Server Liberty Core 24.0.0.6 | IBM Db2 11.5.9 |
| Rhel 8.10 | WebSphere Application Server Liberty Core 24.0.0.6 | Oracle 19c |
| Rhel 9.3 and 9.4 | WebSphere Application Server Liberty Core 24.0.0.6 | IBM Db2 11.5.9 |
| Red Hat® OpenShift® Container Platform 4.15 | WebSphere Application Server Liberty Core 24.0.0.6 | IBM Db2 11.5.8 |
Security Configurations
Your application security can be enhanced by adding the following settings in the server.xml file. This is the best practice from the security aspect of the application.
- <ltpa expiration=”1H”/>
Expires single sign-on (SSO) Lightweight Third Party Authentication (LTPA) token from WebSphere Application Server Liberty within one hour to avoid any misuse for unintended access. If no value is set, then the default value for expiration is 2 hours.
- <webContainer disableXPoweredBy=”true” deferServletLoad=”false”/>
Disables exposure of servlet version that server is using or capable of, internally.
Security Fixes
PMF9.1 release has 65 critical and 156 high vulnerabilities fixed. Below is the complete list for reference.
Critical CVEs | Critical CVEs | Critical CVEs | Critical CVEs |
CVE-2024-24790 | CVE-2021-44906 | CVE-2019-14893 | CVE-2018-1270 |
CVE-2024-21742 | CVE-2021-42740 | CVE-2019-14892 | CVE-2018-11307 |
CVE-2023-45311 | CVE-2021-3918 | CVE-2019-14540 | CVE-2018-1000620 |
CVE-2023-45133 | CVE-2021-26291 | CVE-2019-14379 | CVE-2017-7658 |
CVE-2023-39017 | CVE-2021-23358 | CVE-2019-10747 | CVE-2017-7657 |
CVE-2023-24540 | CVE-2020-9548 | CVE-2019-10746 | CVE-2017-7525 |
CVE-2023-24538 | CVE-2020-9547 | CVE-2019-10202 | CVE-2017-5929 |
CVE-2022-46337 | CVE-2020-8840 | CVE-2019-10172 | CVE-2017-17485 |
CVE-2022-41853 | CVE-2020-24750 | CVE-2018-7489 | CVE-2017-16042 |
CVE-2022-40152 | CVE-2019-5413 | CVE-2018-19362 | CVE-2017-15095 |
CVE-2022-37865 | CVE-2019-20330 | CVE-2018-19361 | CVE-2016-3720 |
CVE-2022-26260 | CVE-2019-19919 | CVE-2018-19360 | CVE-2016-1000031 |
CVE-2022-25857 | CVE-2019-17531 | CVE-2018-14721 | CVE-2015-7501 |
CVE-2022-22965 | CVE-2019-17267 | CVE-2018-14720 | CVE-2015-5211 |
CVE-2022-22912 | CVE-2019-16943 | CVE-2018-14719 | |
CVE-2022-1996 | CVE-2019-16942 | CVE-2018-14718 | |
CVE-2022-1471 | CVE-2019-16335 | CVE-2018-1275 |
High CVEs | High CVEs | High CVEs | High CVEs |
CVE-2024-4068 | CVE-2022-38900 | CVE-2021-35515 | CVE-2019-13173 |
CVE-2024-39338 | CVE-2022-37866 | CVE-2021-33623 | CVE-2019-12086 |
CVE-2024-30172 | CVE-2022-3517 | CVE-2021-28165 | CVE-2019-10172 |
CVE-2024-29857 | CVE-2022-3510 | CVE-2021-27516 | CVE-2019-10086 |
CVE-2024-26147 | CVE-2022-3509 | CVE-2021-23337 | CVE-2018-5968 |
CVE-2024-25710 | CVE-2022-32189 | CVE-2021-22569 | CVE-2018-3258 |
CVE-2024-24791 | CVE-2022-32149 | CVE-2021-20190 | CVE-2018-1272 |
CVE-2024-22262 | CVE-2022-3171 | CVE-2020-8203 | CVE-2018-12023 |
CVE-2024-22259 | CVE-2022-31129 | CVE-2020-8116 | CVE-2018-12022 |
CVE-2023-6378 | CVE-2022-30635 | CVE-2020-7788 | CVE-2018-10237 |
CVE-2023-51775 | CVE-2022-30633 | CVE-2020-7774 | CVE-2018-1000632 |
CVE-2023-5072 | CVE-2022-30632 | CVE-2020-7733 | CVE-2017-9735 |
CVE-2023-45287 | CVE-2022-30631 | CVE-2020-7729 | CVE-2017-7656 |
CVE-2023-45283 | CVE-2022-30630 | CVE-2020-7720 | CVE-2017-18640 |
CVE-2023-39325 | CVE-2022-29167 | CVE-2020-7661 | CVE-2017-18077 |
CVE-2023-2976 | CVE-2022-28948 | CVE-2020-36604 | CVE-2017-16138 |
CVE-2023-29403 | CVE-2022-2880 | CVE-2020-36518 | CVE-2017-16119 |
CVE-2023-29400 | CVE-2022-2879 | CVE-2020-36189 | CVE-2017-1000048 |
CVE-2023-28840 | CVE-2022-28131 | CVE-2020-36188 | CVE-2016-7051 |
CVE-2023-24998 | CVE-2022-27664 | CVE-2020-36187 | CVE-2016-5007 |
CVE-2023-24539 | CVE-2022-25883 | CVE-2020-36186 | CVE-2016-3092 |
CVE-2023-24537 | CVE-2022-25857 | CVE-2020-36185 | CVE-2016-15026 |
CVE-2023-24536 | CVE-2022-25851 | CVE-2020-36184 | CVE-2016-10540 |
CVE-2023-24534 | CVE-2022-25647(gson-parent) | CVE-2020-36183 | CVE-2015-8851 |
CVE-2022-46751 | CVE-2022-25647 | CVE-2020-36182 | CVE-2015-8315 |
CVE-2022-46175 | CVE-2022-24999 | CVE-2020-36181 | CVE-2015-6420 |
CVE-2022-45690 | CVE-2022-23648 | CVE-2020-36180 | CVE-2015-0254 |
CVE-2022-45689 | CVE-2022-1537 | CVE-2020-36179 | CVE-2014-0114 |
CVE-2022-45688 | CVE-2022-1471 | CVE-2020-35728 | CVE-2013-1768 |
CVE-2022-42004 | CVE-2022-0235 | CVE-2020-35491 | CVE-2012-6153 |
CVE-2022-42003 | CVE-2022-0144 | CVE-2020-35490 | WS-2021-0419 |
CVE-2022-41725 | CVE-2021-43138 | CVE-2020-28499 | WS-2020-0450 |
CVE-2022-41724 | CVE-2021-40690 | CVE-2020-24750 | WS-2020-0342 |
CVE-2022-41723 | CVE-2021-3820 | CVE-2020-24616 | WS-2019-0063 |
CVE-2022-41722 | CVE-2021-3807 | CVE-2020-10673 | WS-2019-0032 |
CVE-2022-41720 | CVE-2021-3777 | CVE-2020-10650 | WS-2016-0036 |
CVE-2022-41716 | CVE-2021-36373 | CVE-2019-20920 | |
CVE-2022-41715 | CVE-2021-36090 | CVE-2019-20149 | |
CVE-2022-40897 | CVE-2021-35517 | CVE-2019-14892 | |
CVE-2022-40152 | CVE-2021-35516 | CVE-2019-14439 |
Deprecations
Following application servers support is deprecated with this release
- WebSphere Application Server
- WebSphere Application Server Network Deployment
Windows Application
- Windows Mobile SDK is deprecated since PMF 9.0 (see Release Notes)
- As such, any Windows Mobile app is not supported in PMF 9.x.
- Therefore, customer is advised to remove any Windows Mobile apps in PMF Console.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article