20.02.05: Patch 5 for version 20.02

This topic contains information about the fixes in this patch and provides instructions for downloading and installing the patch.

This release consolidates the patches and hotfixes delivered for version 20.02 and later of Remedy platform components (Remedy AR System Server, Remedy Mid Tier, BMC CMDB, Atrium Integrator) into a single patch.

Because this patch includes the updates delivered in version 20.02.04, you can directly upgrade from version 20.02.00 or later to version 20.02.05 of Remedy IT Service Management Suite.

Updates

The Remedy 20.02.05 patch release applies to the Remedy Platform components (Remedy AR System Server, Remedy Mid Tier, BMC CMDB, Atrium Integrator).
Learn about the updates in this patch:
- 20.02.05: Patch 5 for version 20.02in the Remedy AR System online documentation.
- 20.02.05: Patch 5 for version 20.02in the BMC CMDB online documentation.

This patch includes fixes for the following security vulnerabilities:

Defect ID	CVSS v3 rating	Description
DRD21-59700	7.5	Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured. For more information, see https://nvd.nist.gov/vuln/detail/CVE-2023-24998.
DRD21-58722	7.5	Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. For more information, see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40152.

Defect fixes

This patch includes fixes for some customer defects. For more information about the defects fixed in this patch, see known and corrected issues.

Downloading the patch

The following table lists the patch components and links to the deployment packages on the BMC Electronic Product Download site:

Component	Link to the deployment package
Remedy Developer Studio	The latest available version of Remedy Developer Studio for on-premises environment is 21.3.10. Download the version here:AR System Clients: Developer Studio, Data Import Version 21.3.10
Remedy Mid Tier and Remedy AR System Server	Remedy AR System Server Version 20.02.05 Warning If you previously installed Remedy Mid Tier 20.02 by using a WAR file, and you want to upgrade to Remedy Mid Tier 20.02.05, download the applicable WAR file from the Electronic Product Download (EPD) site: For Windows — MidTierWar_windows9.1.10005.zip For Linux — MidtierWar_linux9.1.10005.tar For steps on installing Remedy Mid Tier using WAR file, see Configuring-your-web-server-and-installing-BMC-Remedy-Mid-Tier-with-a-war-file. Important After you apply the Remedy Mid Tier and Remedy AR System Server patch 20.02.05, update the arreportingapi91_build009.jar file with a new JAR file. For more information, see Knowledge Article number 000415593 (Support logon ID required)..
BMC CMDB	BMC Atrium Core Version 20.02.05
Atrium Integrator	Atrium Integrator Server:BMC Atrium Integrator Server Version 20.02.05 Atrium Integrator Client:BMC Atrium Integrator Client Version 20.02.05

Before you begin

Before deploying the Remedy Platform package, a Remedy service such as “Remedy Action Request System Server <servername>” or “BMC Remedy Email Engine - <servername>” should be up and running. Additionally, all processes enabled in the armonitor.cfg/conf file, such as Reconciliation server, plugin servers, and other processes, should be up and running.
(Optional) If you have customizations, create a snapshot for reconciliation. Capture a snapshot of your application objects. For instructions, see Capturing-a-snapshot-of-server-application-objects.
In a server group, install the 20.02.05 patch on your primary server first, and then install the patch on the secondary servers.
To get the latest updates and fixes for Developer Studio, we recommend that you use Developer Studio 21.3.10 version with the Remedy 20.02.05 patch.
The Remedy 20.02.05 patch is compatible with Open JDK versions 16 and 17.
However, to run the 20.02.05 patch with Open JDK version 16 or 17, perform the following steps:
1. Install Open JDK 11.
2. Run the Remedy 20.02.05 patch installer with Open JDK 11.
3. Upgrade your Open JDK version to Open JDK 16 or 17.
4. Update the Java paths.
  For more information, see Remedy AR Server -Running AR 2002 Patch005 installer with Openjdk 16 and 17 and Updating-Java-paths-after-upgrading-Java.

Applying the patch for on-premises deployment

A user with AR System administrator permission can apply the patch by performing the following tasks:

Task	Action	Additional information
1	Download the patch from EPD	Download the relevant patch from the Electronic Product Distribution (EPD) site.
2	Review the Before you begin section	Review the information in this section and perform the prerequisite steps for a successful patch deployment.
3	Run the patch installer	Run the patch installer in the following order: Install Remedy Developer Studio Upgrade Remedy Mid Tier and Remedy AR System Server Upgrade BMC CMDB Upgrade Atrium Integrator Server Upgrade Atrium Integrator Client

Running the patch installer

Perform the following steps to upgrade your Remedy Platform to version 20.02.05:

Important

In a server group, run the 20.02.05 patch installer on your primary server first, and then install the patch on the secondary servers.

To install Remedy Developer Studio

Download Remedy Developer Studio version 21.3.10 here - AR System Clients: Developer Studio, Data Import Version 21.3.10.
Install Remedy Developer Studio by performing the steps given in Installing-the-BMC-Remedy-AR-System-Server.

To upgrade Remedy Mid Tier and Remedy AR System Server

Unzip the appropriate suite installer that you downloaded (for example, ARSuiteKitWindows.zip or ARSuiteKitLinux.zip).
Navigate to the Disk 1 folder.
Start the installer and then, in the lower right corner of the Welcome panel, click Next.
- (Windows) Run setup.exe.
- (UNIX) Run setup.bin.
In the lower right corner of the Welcome panel, click Next.
Review the license agreement, click I agree to the terms of license agreement, and click Next.
On the Install/Upgrade selection panel, click Upgrade, and click Next.
Resolve the errors and warnings, if reported, in the BMC Remedy Configuration Check report before proceeding with the upgrade.
After the installer validates your inputs provided in the previous panels, the Installation preview panel appears, listing the product and product features that will be upgraded.
Click Install.
The BMC Remedy AR System features you have selected are installed. After the post-installation cleanup, a summary of the installation appears.
Click View Log to review the installer log for any errors or warnings. The install logs are available at the following location:
- (Windows) C:\Users\Administrator\AppData\Local\Temp\arsystem_install_log.txt
- (UNIX) /tmp/arsystem_install_log.txt
To exit the BMC Remedy AR System installer, click Done.
After you apply the Remedy Mid Tier and Remedy AR System Server patch 20.02.05, update the arreportingapi91_build009.jar file with a new JAR file.
For more information, see Knowledge Article number 000415593 (Support logon ID required)..

To upgrade BMC CMDB

Unzip the installer.
Navigate to the Disk 1 folder.
Start the installer.
- For Windows, run setup.exe.
- For UNIX, run setup.sh.
In the Welcome panel, click Next.
Review the license agreement, click I agree to the terms of license agreement, and click Next.
In the AR System Server Information panel, perform the following actions:
1. Enter AR System username and password.
2. Enter AR System port number and host name.
3. Navigate to the directory in which you want to install BMC Atrium CMDB.
  The default locations are:
  - Windows: C:\Program Files\BMC Software\AtriumCore
  - UNIX or Linux: /opt/bmc/AtriumCore
4. Click Next.
  The installer validates the system resources of your computer.
If you have upgraded Tomcat before upgrading CMDB, on the Tomcat Deployment Directory Information panel, provide the path to the new Tomcat directory and wait for the Tomcat Service Name to get populated automatically.
In the Install mode panel, select Upgrade, and click Next.
During upgrade, only existing BMC Atrium Core components are upgraded.
In the Confirmation panel, review that the database is backed-up and the memory requirement is met. Then click Yes and Next.
Resolve the errors and warnings, if reported, in the BMC Configuration Check report before proceeding with the upgrade. If you ignore the installer instructions, the installer requires that you acknowledge those errors and warnings by selecting a check box before you proceed with installation or upgrade.
Review the NE Plugin and Atrium Plugin ports.
In the Java Information panel, select the JRE path and click Next.
The Run Health Check panel appears.
Click Next.
The installer validates your inputs in the previous panels, and then the Installation Preview panel appears, listing the product and product features that will be installed.
Click Install.
A summary of the installation appears.
Click View Log to review the installer log for any errors or warnings. The install logs are available at the following location:
- (Windows) C:\Users_<installUser>_\AppData\Local\Temp\atriumcore_install_log.txt
- (UNIX and Linux) \tmp\atriumcore_install_log.txt
If the installation fails, see Troubleshooting-BMC-Atrium-Core-issues.
To exit the BMC Atrium Core installer, click Done.
Restart BMC Remedy Mid Tier.

To upgrade Atrium Integrator Server and Client

To upgrade Atrium Integrator server and client, perform the steps given in Performing-the-Atrium-Integrator-upgrade.

Patch installation logs

You can check the log files to view the installation status or any related errors. For more information, see Working-with-logs.