TPS-3941
Info | Value |
---|---|
Patch Name | Patch_20200420_TPS-3941_v1_6.5.1 |
Release Date | 2020-04-20 |
Target Version | 20180116_1512-6.5.1 |
Product affected | Talend ESB Runtime |
Introduction
This patch is independent. It solves the Vulnerability in Jetty 9.3.14 by upgrading the Jetty/Pax-web version to 9.3.27/6.0.12.
NOTE: To download this patch, liaise with your Support contact at Talend.
Fixed issues
This patch contains the following fixes:
- TESB-28819: [6.5.1] Vulnerability in Jetty 9.3.14
Prerequisites
Consider the following requirements for your system:
- Talend ESB Runtime 6.5.1 must be installed.
Installation
Installing the patch manually
Apply the patch to an existing/running Runtime 6.5.1 container:
1) The Runtime container is started/running
2) WARN, all deployed Data Services & Routes, all started ESB Infra-services, have to be undeployed/uninstalled from Runtime container. and reinstall them again after step 5)
3) Copy&Replace the patch files of the system/ folder, into the 'Runtime_Home/system/'
- On Linux:
cp -rf ./system Runtime_Home/system
- On Windows:
xcopy system\*.* Runtime_home\system /s
- (Press "y" when prompting if overwrite some of the features xml files)
4) Update&Refresh the existing Jetty/Pax-web related features/bundles
- karaf@trun()> la |grep 9.3.14.v20161028 (get the Bundle IDs to be uninstalled in the next command)
-
karaf@trun()> uninstall 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183
-
karaf@trun()> la |grep "Pax Web" (get the Bundle IDs to be uninstalled in the next command)
-
karaf@trun()> uninstall 189 190 191 192 274
-
karaf@trun()> feature:repo-add mvn:org.ops4j.pax.web/pax-web-features/6.0.12/xml/features
- karaf@trun()> feature:repo-remove mvn:org.ops4j.pax.web/pax-web-features/6.0.7/xml/features
-
karaf@trun()> feature:repo-refresh
-
karaf@trun()> feature:install pax-jetty/9.3.27.v20190418
5) Restart the Runtime container
- karaf@trun()> la |grep Jetty (check if the Jetty version is upgraded to 9.3.27.v20190418)
- karaf@trun()> la |grep "Pax Web" (check if the pax-web version is upgraded to 6.0.12)
Apply the patch to a new Runtime 6.5.1 container:
1) Unzip the Runtime 6.5.1 container
2) Copy&Replace the patch files of the system/ folder, into the 'Runtime_Home/system/'
- On Linux:
cp -rf ./system Runtime_Home/system
- On Windows:
xcopy system\*.* Runtime_home\system /s
- (Press "y" when prompting if overwrite some of the features xml files)
3) Start the Runtime 6.5.1 container
- karaf@trun()> la |grep Jetty (check if the Jetty version is upgraded to 9.3.27.v20190418)
- karaf@trun()> la |grep "Pax Web" (check if the pax-web version is upgraded to 6.0.12)