Digital Business Automation Ideas


This is an IBM Automation portal for Digital Business Automation products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Please use the following category to raise ideas for these offerings for all environments (traditional on premises, containers, on cloud):

  • Cloud Pak for Business Automation - including Business Automation Studio and App Designer, Business Automation Insights

  • Business Automation Workflow (BAW) - including BAW, Business Process Manager, Workstream Services, Business Performance Center, Advanced Case Management

  • Content Services - FileNet Content Manager

  • Content Services - Content Manager OnDemand

  • Content Services - Daeja Virtual Viewer

  • Content Services - Navigator

  • Content Services - Content Collector for Email, Sharepoint, Files

  • Content Services - Content Collector for SAP

  • Content Services - Enterprise Records

  • Content Services - Content Manager (CM8)

  • Datacap

  • Automation Document Processing

  • Automation Decision Services (ADS)

  • Operational Decision Manager

  • Robotic Process Automation

  • Robotic Process Automation with Automation Anywhere

  • Blueworks Live

  • Business Automation Manager Open Edition

  • IBM Process Mining


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.


Add a new idea Subscribe
Status Future consideration
Workspace Operational Decision Manager
Created by Guest
Created on Jun 9, 2025

RELATED IDEAS

Add a parameter to be able to remove the remove the X-XSS-Protection from the headers on Containers

When you open the web.xml for the res.war or the DecisionRunner.war, and search for "X-XSS-Protection" you will find this setting:

<init-param>
<param-name>X-XSS-Protection</param-name>
<param-value>1; mode=block</param-value>
</init-param>

However the "X-XSS-Protection" header is currently deprecated in most modern browsers so it is recommended to remove this security feature unless legacy support is required.

See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-XSS-Protection

"Deprecated: This feature is no longer recommended.
Though some browsers might still support it, it may have already been removed from the relevant web standards, may be in the process of being dropped, or may only be kept for compatibility purposes. Avoid using it, and update existing code if possible;"

Furthermore, a security analysis for ODM will show that while it is being set, it can be removed safely since ODM is implementing a sufficient CSP policy.

On Kubernetes the customer does not have access to the web.xml, so we can not change this parameter on the user side.
So a new parameter should be provided in
https://www.ibm.com/docs/en/odm/8.12.0?topic=reference-odm-production-configuration-parameters
to allow the user to control this X-XSS-Protection parameter (to remove it if needed).

Idea priority Low
  • Admin
    Antony Viaud
    Jun 20, 2025

    Hello, thank you for your comments.

    This Idea is currently considered with low priority as it doesn't affect security. And other clients may still rely on it.

    Removing the X-XSS-Protection or enabling IT to tweak the web.xml in ODM containers can only be considered for a future release of ODM. So there is no immediate response we can propose to an older version of ODM.

    Thank you for your understanding

    Reply
  • Guest
    Jun 9, 2025

    PACS uses the off the shelf docker image available on IBM Fix Central. This docker image currently has been flagged with one of the Pen Test vulnerabilities as mentioned in the description.
                    For a clean report of Pen testing we would need the report to be free from any kind of issues.
                    We would like to request Product team to incorporate this feature in the docker image so that we can have a clean report.
                    Please help to let us know the feasibility of implementing the solution provided in the RFE ticket.

    Reply

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.