TPS-3941 - 6.5

EnrichVersion
6.5
EnrichProdName
Talend ESB
EnrichPlatform
Talend ESB

TPS-3941

Info Value
Patch Name Patch_20200420_TPS-3941_v1_6.5.1
Release Date 2020-04-20
Target Version 20180116_1512-6.5.1
Product affected Talend ESB Runtime

Introduction

This patch is independent. It solves the Vulnerability in Jetty 9.3.14 by upgrading the Jetty/Pax-web version to 9.3.27/6.0.12.

NOTE: To download this patch, liaise with your Support contact at Talend.

Fixed issues

This patch contains the following fixes:

  • TESB-28819: [6.5.1] Vulnerability in Jetty 9.3.14

Prerequisites

Consider the following requirements for your system:

  • Talend ESB Runtime 6.5.1 must be installed.

Installation

Installing the patch manually

Apply the patch to an existing/running Runtime 6.5.1 container:

1) The Runtime container is started/running

2) WARN, all deployed Data Services & Routes, all started ESB Infra-services, have to be undeployed/uninstalled from Runtime container. and reinstall them again after step 5)

3) Copy&Replace the patch files of the system/ folder, into the 'Runtime_Home/system/'

  • On Linux:
  • cp -rf ./system Runtime_Home/system
  • On Windows:
  • xcopy system\*.* Runtime_home\system /s
  • (Press "y" when prompting if overwrite some of the features xml files)

4) Update&Refresh the existing Jetty/Pax-web related features/bundles

  • karaf@trun()> la |grep 9.3.14.v20161028 (get the Bundle IDs to be uninstalled in the next command)

  • karaf@trun()> uninstall 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183

  • karaf@trun()> la |grep "Pax Web" (get the Bundle IDs to be uninstalled in the next command)

  • karaf@trun()> uninstall 189 190 191 192 274

  • karaf@trun()> feature:repo-add mvn:org.ops4j.pax.web/pax-web-features/6.0.12/xml/features

  • karaf@trun()> feature:repo-remove mvn:org.ops4j.pax.web/pax-web-features/6.0.7/xml/features

  • karaf@trun()> feature:repo-refresh

  • karaf@trun()> feature:install pax-jetty/9.3.27.v20190418

5) Restart the Runtime container

  • karaf@trun()> la |grep Jetty (check if the Jetty version is upgraded to 9.3.27.v20190418)
  • karaf@trun()> la |grep "Pax Web" (check if the pax-web version is upgraded to 6.0.12)

Apply the patch to a new Runtime 6.5.1 container:

1) Unzip the Runtime 6.5.1 container

2) Copy&Replace the patch files of the system/ folder, into the 'Runtime_Home/system/'

  • On Linux:
  • cp -rf ./system Runtime_Home/system
  • On Windows:
  • xcopy system\*.* Runtime_home\system /s
  • (Press "y" when prompting if overwrite some of the features xml files)

3) Start the Runtime 6.5.1 container

  • karaf@trun()> la |grep Jetty (check if the Jetty version is upgraded to 9.3.27.v20190418)
  • karaf@trun()> la |grep "Pax Web" (check if the pax-web version is upgraded to 6.0.12)