On August 18, 2021, we have discovered a critical issue in the TD/OMS V12/V13/V14 fallback process that requires immediate attention. This issue was found by our internal QA process. Our internal QA process mimics situations that might not occur in day-to-day operations. Nevertheless, everyone is strongly advised to upgrade.

Are you at risk?

1. Sign on as QSECOFR or equivalent
2. Write down your TD/OMS Product Library and replace it below
3. Run STRSQL
4. Run: select * from oms_library/omfbc

If the file OMFBC contains records, then a "file override" leak can cause severe problems. If the file does not have records then your risk is low. However, we still strongly advise installing the upgrade.

Please read this page completely before you upgrade.

Automatic Update Process

1. Download the executable from the link below
2. Run the executable which will create a task in your TD/OMS System Application. If it appears, accept the firewall access request for the FTP program.
3. Deploy the task to the production machines ONLY
4. Release the remote job that was submitted
5. Deploy the task to the local machine
6. Release the job that was submitted

In all cases, watch the DSPLOGOMS process to see if the deployment process is waiting for locks.

Use DSPPINOMS to confirm that your version is of August 20, 2021 or later.

All customer with versions prior to V12 must upgrade to at least V12 (V13 is the current version).

Manual Update Process

1. From the link below, download the zip file and upload the containing SAVF to library OMSPTF
2. Log on as QSECOFR or equivalent
3. Restore the library $PTFLIB (use DSPSAVF to see the name) with: RSTLIB SAVLIB($PTFLIB)  DEV(*SAVF) SAVF(OMSPTF/$PTFLIB)
4. Make sure that all objects are restored by examining the result messages of the RSTLIB command
5. Add the $PTFLIB and $OMSLIB to the library list: 10 $PTFLIB  20 $OMSLIB
6. Run SBMJOB CMD(OMSINSTALL FROL($PTFLIB) TOOL($OMSLIB))
7. Use DSPLOGOMS to see if the deployment process is waiting for locks
8. Do this on all machines

Use DSPPINOMS to confirm that your version is of August 20, 2021 or later.

Downloads

1. Log in to the extranet
2. Use the table below to pick your download.

• Your version is V14.0 M00 -> Download V140KEPM00 from the latest
• Your version is V13.1 M01 -> Download V131KEPM02
• Your version is V13.1 M00 -> Download V131KEPM01
• Your version is V13.0 M03 -> Download V131KEPM00
• Your version is V13.0 M02 -> Download V130KEPM03
• Your version is V13.0 M01 -> Download V130KEPM02
• Your version is V12.1 M02 -> Download V121KEPM01
• Your version is V12.1 M01 -> Download V121KEPM01
• Your version is V12.1 M00 -> Download V121KEPM01
• Your version is V12.0 M03 -> Download V121KEPM00
• Your version is V12.0 M02 -> Download V120KEPM03
• Your version is V12.0 M01 -> Download V120KEPM02

All customers with version prior to V12 must upgrade to V13.

Upgrade Clients

If your current version is V12.1Mxx or V13.1Mxx then a client upgrade is not needed.

If your current version is v12.0Mxx or V13.0Mxx then you should also upgrade the client:

• Version 12 clients
• Version 13 clients

Mitigation

 The patch should be installed immediately. If you cannot do so, you can mitigate the risk by ensuring that there is no data in the OMFBC file in your TD/OMS library. The file should always be empty.

• Locate the OMFBC file in the TD/OMS library
• CLRPFM _library name_/OMFBC

Do this on all machines. Please note that due to this issue, the OMFBC file can slowly fill again.

What is wrong

• During a transfer, the fallback library is created (typically a name like OM123456)
• File OMFBC (fall-back contents) is copied into this library and cleared
• During a transfer, information is written in the OMFBC file in the fallback library
• During the transfer, the override can get lost. At this point, we don't know why.
• This will cause the fallback to using OMFBC in the normal TD/OMS library
• The file in the normal TD/OMS library has undefined contents that can cause a rollback of unrelated objects and even remove objects from production libraries.
   

What was fixed

1. The member in file OMFBC in the normal TD/OMS library is removed so that never a wrong OMFBC can be used
2. The process now points to the file directly instead of depending on an override