TPS-5058 (cumulative patch) - 7.3

Introduction

This patch is cumulative. It includes all previous generally available patches for Talend LogServer 7.3.1.

NOTE: For information on how to obtain this patch, reach out to your Support contact at Talend.

Fixed issues

This patch contains the following fixes:

• TPS-5058: [7.3.1] Patch log4j CVE in LogServer

Prerequisites

Consider the following requirements for your system:

• Talend LogServer 7.3.1 must be installed.

Installation

1. Stop LogServer
2. Create a backup directory

   $ mkdir -p <backup_dir>
   

3. Copy original elasticsearch-* and logstash-* folders to the backup directory

   $ cp -a <TALEND>/logserv/elasticsearch-* <backup_dir>
   $ cp -a <TALEND>/logserv/logstash-* <backup_dir>
   

4. Remove vulnerable dependencies

   $ rm -rf <TALEND>/logserv/elasticsearch-*/lib/log4j*.jar
   $ rm -rf <TALEND>/logserv/logstash-*/logstash-core/lib/jars/log4j*.jar
   

5. Uzip the patch file in the root of LogServer

   $ cd <TALEND>/logserv
   $ unzip Patch_20211216_TPS-5058_v1.zip
   

   Note: if asked to override files please select yes/all
6. Start LogServer

Uninstallation

1. Stop LogServer
2. Remove patched directories and files

   $ rm -rf <TALEND>/logserv/elasticsearch-*/lib
   $ rm -rf <TALEND>/logserv/logstash-*/logstash-core/lib/jars
   

3. Copy saved folders from the backup directory

   $ cp -rf <backup_dir>/elasticsearch-*/lib <TALEND>/logserv/elasticsearch-*/lib
   $ cp -rf <backup_dir>/logserv/logstash-*/logstash-core/lib/jars <TALEND>/logserv/logstash-*/logstash-core/lib/jars
   

4. Start LogServer

Affected files for this patch

The following files are installed by this patch: - log4j-api.jar - log4j-core.jar - log4j-slf4j-impl.jar