TPS-5469 (cumulative patch) - 8.0

Version
8.0
Language
English
Product
Talend Big Data
Talend Big Data Platform
Talend Data Fabric
Talend Data Integration
Talend Data Management Platform
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Real-Time Big Data Platform
Module
Talend Identity and Access Management

TPS-5469 (cumulative patch)

Info Value
Patch Name Patch_20230317_TPS-5469_v1
Release Date 2023-03-17
Target Verson 20230317_1-V8.0.1
Product affected IAM

Introduction

This patch is cumulative. It includes all previous generally available patches for Talend IAM 8.0.1.

NOTE: For information on how to obtain this patch, reach out to your Support contact at Talend.

Fixed issues

This patch contains the following fixes:

  • TPS-5469: [8.0.1] Patch apache commons-text CVE-2022-42889
  • TPS-5180: [8.0.1] Patch Spring4Shell CVE-2022-22965
  • TPS-5054: [8.0.1] Patch log4j CVE in Syncope
  • TPS-5081: [8.0.1] Patch log4j in Syncope to 2.17.1

Prerequisites

Consider the following requirements for your system:

  • Talend IAM 8.0.1 must be installed.

Installation

  1. Stop IAM
  2. Create a backup directory
    $ mkdir -p <backup_dir>
    
  3. Copy original *.war files to the backup directory
    $ cp <TALEND>/iam/apache-tomcat/webapps/idp.war <backup_dir>
    $ cp <TALEND>/iam/apache-tomcat/webapps/oidc.war <backup_dir>
    $ cp <TALEND>/iam/apache-tomcat/webapps/scim.war <backup_dir>
    $ cp <TALEND>/iam/apache-tomcat/webapps/sts.war <backup_dir>
    $ cp <TALEND>/iam/apache-tomcat/webapps/sts-tac.war <backup_dir>
    $ cp <TALEND>/iam/apache-tomcat/webapps/syncope.war <backup_dir>
    $ cp <TALEND>/iam/apache-tomcat/webapps/syncope-console.war <backup_dir>
    $ cp <TALEND>/iam/apache-tomcat/webapps/syncope-enduser.war <backup_dir>
    
    Note: if you made any changes in extracted service app before don't forget backup them too.
  4. Remove original webapp directories and files
    $ rm -rf <TALEND>/iam/apache-tomcat/webapps/oidc*
    $ rm -rf <TALEND>/iam/apache-tomcat/webapps/idp*
    $ rm -rf <TALEND>/iam/apache-tomcat/webapps/scim*
    $ rm -rf <TALEND>/iam/apache-tomcat/webapps/sts*
    $ rm -rf <TALEND>/iam/apache-tomcat/webapps/syncope*
    
  5. Unzip the patch file:
    $ unzip Patch_20230317_TPS-5469_v1.zip
    
  6. Copy patched war file to webapps directory replacing the original one
    $ cp *.war <TALEND>/iam/apache-tomcat/webapps/
    
  7. Start IAM

Uninstallation

  1. Stop IAM
  2. Remove patched webapp directories and files
    $ rm -rf <TALEND>/iam/apache-tomcat/webapps/oidc*
    $ rm -rf <TALEND>/iam/apache-tomcat/webapps/idp*
    $ rm -rf <TALEND>/iam/apache-tomcat/webapps/scim*
    $ rm -rf <TALEND>/iam/apache-tomcat/webapps/sts*
    $ rm -rf <TALEND>/iam/apache-tomcat/webapps/syncope*
    
  3. Copy saved *.war files from the backup directory
    $ cp <backup_dir>/*.war <TALEND>/iam/apache-tomcat/webapps/
    
  4. Start IAM

Affected files for this patch

The following files are installed by this patch: - oidc.war - idp.war - scim.war - sts.war - sts-tac.war - syncope.war - syncope-console.war - syncope-enduser.war