D2 ETA for Read-Only Operations

There is an interesting new ETA for D2:  ETA 208101: Documentum D2: Attempts to run content operations with read-only permissions may result in potential data loss.  It seems that a previous Content Server security patch (v7.1 P18 and v7.2 P02) shored up the security of the dmr_content object but disabled the following operations in D2:

  • Sending documents to workflows.
  • Creating new content based on templates.
  • Restoring objects from the D2 Recycle Bin (D2-Bin).
  • Applying Virtual Document templates.
  • Applying inheritance when creating new content.

Opps!  I’m guessing some of these operations are important to a lot D2 implementations.

If you are running D2, EMC advises NOT to install Content Server patch  v7.1 P18 and v7.2 P02 (or later) until a patch is available for D2 v4.2 or v4.5.

Stay Informed – Find All Documentum ESAs

You can find a list of all of the current year’s (and archived) EMC Security Advisories (ESAs) here:  https://support.emc.com/search/?text=docu45184.

You can also search the support knowledgebase for all ESAs, ETAs, Break-fixes, How Tos, and the security KB.  Here’s how:

  1. Open an ESA. Here is the ESA for the ShellShock vulnerability (BTW, Documentum is not affected):  https://support.emc.com/kb/192608
  2. In the search box at the top of the screen, enter ‘ESA’ as your search word and click the search button.
  3. From the resulting screen (even if it contains an error), click on the ‘Articles’ tab.
  4. Shazam!, all of the knowledgebase articles that concern security.

If you haven’t already, you should sign up to recieve ESAs and ETAs via email.  You can do so at https://support.emc.com/preferences/subscriptions.




Several Documentum Certificates Expire…today!

Several EMC Documentum code signing certificates expire TODAY.  The details are contained in this ETA: ETA 190867: Documentum Products: Certificates Expiring August 28, 2014.  According to the ETA, “EMC security policies require certificates to be re-signed annually, so users must update applets each year.”  The ETA contains links to all of the newly signed JARs.



EMC has issued ETA 187815: Documentum: Under certain error conditions, xDB may stop writing log records to the transaction log files potentially causing data loss, database corruption, and recovery issues

This is an xDB version 10.5.0 transaction log manager component issue. A situation may occur (for example, “no space left on the device”,  OutOfMemoryError, or other error conditions) in which the xDB server does not halt, but stops writing log records to the transaction log files. These missing transaction logs may cause data corruption errors, errors during read-only transactions, and errors during xDB startup/recovery.

The ETA contains a tool and long set of steps to follow to identify the problem.


Another Tech Advisory for Java and UCF

EMC just released ETA 177121: Documentum: UCF content transfer and file operations may experience operational issues for JRE versions 1.7.u45 / 1.7.u25.  There has been another change in the Java security baseline that affects the UCF. All WDK-based clients are affected.  The current JRE, 1.7u51, is not supported by Documentum WDK-based clients, and EMC recommends not to upgrade. EMC is working on certification of UCF applets for JRE 1.7u51.  In the meantime, the ETA provides a simple work around until certification is obtained. Follow the link to the ETA for more details.

If you are curious, here is the post from the last ETA concerning Java and the security baseline.

UCF – Java 1.7.u45 Conflict

EMC just released ETA: UCF content transfer and file operations may experience operational issues for JRE version 1.7.u45.  There has been a change in the Java security model that can cause problems with the UCF if client and server are not using the same version of the JRE you are using a JRE earlier than 1.7u25.  The bottom line is that client and server should be upgraded to JRE 1.7.u45, or all should remain at JRE 1.7.u25 or earlier.  All WDK-based clients are affected.  Follow the link (and discussion in the comments section) for more details.

Documentum 6.7 SP1 Tech Advisory

Last week, EMC released a technical advisory (ETA), ETA 171389, for Documentum 6.7 SP1 patch 19 & 20.  This advisory explains:

If Content Server 6.7 Service Pack (SP) 1 has been updated with Patch 19 or 20, the Content Server may not send a checkpoint to the DocBroker to indicate that it is active and is accepting connection requests. If this occurs and continues for more than approximately 10-15 minutes, the Content Server will be presumed down and connections may be unavailable to clients.

After 24 hours, the Content Server and repository may be removed from the DocBroker list and must be restarted to regain access. This behavior will continue to repeat itself until remediated.

The fix is to apply patch 21.  Find all the details here: https://support.emc/com/kb/171389.

%d bloggers like this: