This document provides installation instructions for Unified CCE 12.5(2) ES42. It also contains a list of Unified CCE issues resolved by this engineering special. Review all installation information before installing the product. Failure to install this engineering special as described can result in inconsistent Unified CCE behavior.
This document contains these sections:
In the Product
Alert Tool, you can set up profiles to receive email notification of new
Field Notices, Product Alerts, or End of Sale information for your selected
products.
The Product
Alert Tool is available at https://www.cisco.com/cisco/support/notifications.html.
This ES patch includes fixes for defects and a security vulnerability listed in Resolved Caveats section.
This section lists the Unified CCE components on which you can and cannot install this engineering special.
You can install Unified CCE 12.5(2) ES42 on these Unified CCE components:
All ICM servers that has websetup (PG, AW , Logger, Router and Rogger)
and admin client machines.
Do not install this engineering special on any components other than the following:
The installation or uninstallation of this patch requires a planned maintenance window with some expected downtime of a few seconds / minutes: No
Note: Remove patches in the reverse order of their installation. For example, if you installed patches 3, then 5, then 10 for a product, you must uninstall patches 10, 5, and 3, in that order, to remove the patches from that product.
This section provides a list of significant Unified CCE defects resolved by this engineering special. It contains these subsections:
Note: You can view more information on and track individual Unified CCE defects using the Cisco Bug Search tool, located at: https://bst.cloudapps.cisco.com/bugsearch/search?null.
This section lists caveats specifically resolved by Unified CCE 12.5(2) ES42.
Caveats in this section are ordered by UNIFIED CCE component, severity, and then identifier.
|
Identifier |
Severity |
Component |
Headline |
|
CSCwe94791 |
2 |
web.config.api |
Contacts
are not getting uploaded for API Campaign due to Tomcat Java OutOfMemory |
|
CSCwf16719 |
2 |
web.config.api |
Tomcat
memory usage keeps growing during pcb bulk import |
|
CSCwh81453 |
3 |
security |
Assessment
of Apache Struts version 2.5.31 to vulnerability CVE-2023-41835 |
Caveats are ordered by severity then defect number.
Defect Number: CSCwe94791
Component: web.config.api
Severity: 2
Headline: Contacts are not getting uploaded for API Campaign due to Tomcat Java OutOfMemory
Symptom:
Contacts are not getting uploaded in bulk for API Campaign. System gets into
out of memory and halts
Conditions: CCE 12.5/12.6 PCB Bulk Import API, normal Import works CCBU
Tomcat ran into Java OutOfMemory on the Logger server
Workaround: Restart the Logger tomcat services.
Further Problem Description: This issue is regression of CSCvz50705.
Customers
are trying to upload the contacts Via the API Import process,Prior
to the JavaOutOf Memory could see the delay in
updating the database records.
CCBU_ajp-nio-127.0.0.1-8009-exec-5-6-REST_API_INFO: Time to take to write into the database
for 6 records is 484
CCBU_ajp-nio-127.0.0.1-8009-exec-7-6-REST_API_INFO: Time to take to write into the database
for 30 records is 1141
0000009022:
10.1.47.46: Mar 09 2023 12:47:47.969 +0530:
%CCBU_ajp-nio-127.0.0.1-8009-exec-9-6-REQUEST_END:
%[PARAM_TIME_ELAPSED=2738924]: Request complete
0000025755:
10.1.47.46: Mar 09 2023 12:47:50.844 +0530:
%CCBU_ajp-nio-127.0.0.1-8009-exec-9-3-REST_API_EXCEPTION: %[exception=java.lang.OutOfMemoryError: Java heap space][message_string=uncaught exception thrown by the api]: The REST API has caught an exception
0000025756:
10.1.47.46: Mar 09 2023 12:47:52.750 +0530:
%CCBU_ajp-nio-127.0.0.1-8009-exec-9-3-EXCEPTION_INFO: %[build_date=Sep
06, 2022 7:13 AM][build_type=rel][exception=java.lang.OutOfMemoryError: Java heap space
Defect Number: CSCwf16719
Component: web.config.api
Severity: 2
Headline: Tomcat memory usage keeps growing during pcb bulk import
Tomcat
memory usage keeps growing during personal call back bulk import.
Symptom: Tomcat memory usage keeps growing during personal call back bulk
import.
Conditions: 1. Run 1000 requests of pcb bulk
import (number of records 1 to 3) 2. Monitor memory and CPU usage, if possible
monitor response time average value, median etc (you need to run test from Jmeter for that).
Workaround: NA
Further Problem Description: Tomcat memory usage keeps growing during
personal call back bulk import.
Defect Number: CSCwh81453
Component: security
Severity: 3
Headline: Assessment of Apache Struts version 2.5.31 to vulnerability CVE-2023-41835
Symptom: Packaged Contact Center Enterprise includes a version of Apache Struts that
is affected by the vulnerabilities identified by the following Common
Vulnerability and Exposures (CVE) IDs:
CVE-2023-41835
This
bug was opened to address the potential impact on this product.
Conditions:
Device with default configuration.
Workaround:
Not available or not applicable.
Further Problem Description: Additional details about the vulnerabilities
listed above can be found
at
https://www.cve.org/.
<B>PSIRT
Evaluation:</B>
The
Cisco PSIRT has assigned this bug the following CVSS version 3.1 score.
The
Base CVSS score as of the time of evaluation is: 5.3
https://sec.cloudapps.cisco.com/security/center/cvssCalculator.x?version=3.1&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE
ID CVE-2023-41835 have been assigned to document this issue.
Additional
information on Cisco's security vulnerability policy can be
found
at the following URL:
https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html
You can access current Cisco documentation on the Support pages at the following sites:
To provide comments about this document, send an email message to the following address:
contactcenterproducts_docfeedback@cisco.com
We appreciate your comments.
Cisco.com is a starting point for all technical assistance. Customers and partners can obtain documentation, troubleshooting tips, and sample configurations from online tools. For Cisco.com registered users, additional troubleshooting tools are available from the TAC site.
Cisco.com provides a broad range of features and services to help customers and partners streamline business processes and improve productivity. Through Cisco.com, you can find information about Cisco and our networking solutions, services, and programs. You can also resolve technical issues with online technical support and download software packages. Valuable online skill assessment, training, and certification programs are also available.
Customers and partners can self-register on Cisco.com to obtain additional personalized information and services. Registered users can order products, check on the status of an order, access technical support, and view benefits specific to their relationships with Cisco.
The Cisco TAC site is available to all customers who need technical assistance with a Cisco product or technology that is under warranty or covered by a maintenance contract.
If you have a priority level 3 (P3) or priority level 4 (P4) problem, contact TAC by going to https://www.cisco.com/c/en/us/support/index.html.
P3 and P4 level problems are defined as follows:
In each of the above cases, use the Cisco TAC site to quickly find answers to your questions.
If you cannot resolve your technical issue by using the TAC online resources, Cisco.com registered users can open a case online by using the TAC Case Open tool at the following site: https://mycase.cloudapps.cisco.com/create/start/
If you have a priority level 1(P1) or priority level 2 (P2) problem, contact TAC by telephone and immediately open a case. To obtain a directory of toll-free numbers for your country, go to the following sites:
P1 and P2 level problems are defined as follows: