Maintenance

Maintenance
WebSphere Commerce Version 9 fixes and new functions are delivered using a Continuous Delivery Update Package.

Continuous Delivery Update Packages
The following list describes key characteristics of CD Update Packages:

Each new Update Package is an accumulation of the previous updates plus new fixes and enhancements. For example, WebSphere Commerce Version 9.0.0.3 contains all the functions and fixes from Versions 9.0.0.1 and 9.0.0.2.
An Update Package is the only mechanism that IBM uses to deliver features and fixes. Interim fixes are not provided.
IBM intends to release Update Packages monthly, or more frequently if security vulnerabilities are identified. The timing and frequency is not guaranteed and can change without notice at IBM's sole discretion.
New features, or enhancements to existing features, that could affect custom code are disabled by default.
WebSphere Commerce follows the continuous delivery (CD) model with product technical support for three years and extended support for two additional years. This model is referred to as a standard three-plus-two (3+2) policy. The lifecycle of WebSphere Commerce is extended based on the standard CD model. A standard CD model follows a 2+1 policy. See IBM software support lifecycle policy.

Following the release of WebSphere Commerce Version 9.0.0.8, the 9.0.0.x versions have entered their maintenance phase. New features will be delivered in version 9.0.1 and later releases. APARs and fixes only will be released for the designated Long Term Support Release (LTSR) branch of 9.0.0.x, starting with version 9.0.0.9. The 9.0.0.x LTSR branch will be supported with new fix releases only through December 30, 2019.

WebSphere Commerce runtime WebSphere Commerce Developer
Delivery format Docker images for deploying new Docker containers.

Do not manually change files (such as editing configurations or updating application code) within a running Docker container. Otherwise, your configurations and code might be lost after updating the environment.
Instead, customize code in the WebSphere Commerce Developer environment and then deploy code into new Docker images.

Compressed installation .pak file installed with IBM Installation Manager. Use this package to update an existing WebSphere Commerce Developer Version 9 installation.
Download location IBM Passport Advantage. IBM Passport Advantage.
Co-requisite software Update Packages includes fixes to the co-requisite software programs, WebSphere Application Server, WebSphere Application Server Liberty, IBM HTTP Server, and the CentOS Linux distribution, which are bundled in the Docker images.
Do not manually apply co-requisite fixes to the runtime environment. Instead, wait for the fix to be included in the official WebSphere Commerce Update Package. Otherwise, our changes might be overwritten when you apply the next WebSphere Commerce Update Package. If you decide to manually apply fixes, it is your responsibility to track the changes that you made in the runtime environment. We need to reapply any fixes that are not included in the official Update Package. For information, see Fixes included in WebSphere Commerce runtime Update Packages.
Note: If an Update Package includes fixes to WebSphere Application Server or WebSphere Application Server Liberty, it is recommended that you also update the development environment to the same levels to ensure compatibility.
Update Packages do not include fixes to the co-requisite software.
We need to manually apply maintenance to co-requisite software such as WebSphere Application Server, WebSphere Application Server Liberty, or Rational Application Developer.
Note: If WebSphere Application Server and WebSphere Application Server Liberty are updated in the Docker containers, IBM recommends updating the development environment to the same levels to ensure compatibility.
Security fixes Update Packages include the latest security fixes for WebSphere Commerce and for all corequisite software.

For CentOS base operating system: IBM will perform Docker image security scans and monitor the Common Vulnerabilities and Exposure (CVE) database. If CentOS releases a new version that includes fixes to CVE issues, then IBM will update the Docker images with the new CentOS version.
For WebSphere Application Server, WebSphere Liberty, and the IBM Java SDK: IBM will apply any necessary fixes that are announced by the IBM Product Security Incident Response Team (PSIRT).

Update Packages include security fixes to WebSphere Commerce but do not include security to the co-requisite software.
We need to manually apply security fixes to co-requisite software such as WebSphere Application Server, WebSphere Application Server Liberty, or Rational Application Developer.
Note: If WebSphere Application Server and WebSphere Application Server Liberty are updated in the Docker containers, IBM recommends updating the development environment to the same levels to ensure compatibility.
Installation WebSphere Commerce runtime Update Package overview WebSphere Commerce Developer Update Package overview

Related concepts
WebSphere Commerce runtime Update Package overview

	WebSphere Commerce runtime	WebSphere Commerce Developer
Delivery format	Docker images for deploying new Docker containers. Do not manually change files (such as editing configurations or updating application code) within a running Docker container. Otherwise, your configurations and code might be lost after updating the environment. Instead, customize code in the WebSphere Commerce Developer environment and then deploy code into new Docker images.	Compressed installation .pak file installed with IBM Installation Manager. Use this package to update an existing WebSphere Commerce Developer Version 9 installation.
Download location	IBM Passport Advantage.	IBM Passport Advantage.
Co-requisite software	Update Packages includes fixes to the co-requisite software programs, WebSphere Application Server, WebSphere Application Server Liberty, IBM HTTP Server, and the CentOS Linux distribution, which are bundled in the Docker images. Do not manually apply co-requisite fixes to the runtime environment. Instead, wait for the fix to be included in the official WebSphere Commerce Update Package. Otherwise, our changes might be overwritten when you apply the next WebSphere Commerce Update Package. If you decide to manually apply fixes, it is your responsibility to track the changes that you made in the runtime environment. We need to reapply any fixes that are not included in the official Update Package. For information, see Fixes included in WebSphere Commerce runtime Update Packages. Note: If an Update Package includes fixes to WebSphere Application Server or WebSphere Application Server Liberty, it is recommended that you also update the development environment to the same levels to ensure compatibility.	Update Packages do not include fixes to the co-requisite software. We need to manually apply maintenance to co-requisite software such as WebSphere Application Server, WebSphere Application Server Liberty, or Rational Application Developer. Note: If WebSphere Application Server and WebSphere Application Server Liberty are updated in the Docker containers, IBM recommends updating the development environment to the same levels to ensure compatibility.
Security fixes	Update Packages include the latest security fixes for WebSphere Commerce and for all corequisite software. For CentOS base operating system: IBM will perform Docker image security scans and monitor the Common Vulnerabilities and Exposure (CVE) database. If CentOS releases a new version that includes fixes to CVE issues, then IBM will update the Docker images with the new CentOS version. For WebSphere Application Server, WebSphere Liberty, and the IBM Java SDK: IBM will apply any necessary fixes that are announced by the IBM Product Security Incident Response Team (PSIRT).	Update Packages include security fixes to WebSphere Commerce but do not include security to the co-requisite software. We need to manually apply security fixes to co-requisite software such as WebSphere Application Server, WebSphere Application Server Liberty, or Rational Application Developer. Note: If WebSphere Application Server and WebSphere Application Server Liberty are updated in the Docker containers, IBM recommends updating the development environment to the same levels to ensure compatibility.
Installation	WebSphere Commerce runtime Update Package overview	WebSphere Commerce Developer Update Package overview