TPS-3171 - 6.4

author
Talend Documentation Team
EnrichVersion
6.4
EnrichProdName
Talend ESB
EnrichPlatform
Talend ESB

TPS-3171

Info Value
Patch Name Patch_20190626_TPS-3171_v1_6.4.1
Release Date 2019-06-26
Target Version 20170623_1246-6.4.1
Product affected Talend ESB Runtime

Introduction

This patch is independent. It solves the Vulnerability in Jetty 9.3.14 by upgrading the Jetty/Pax-web version to 9.3.27/6.0.12.

NOTE: To download this patch, liaise with your Support contact at Talend.

Fixed issues

This patch contains the following fixes:

  • TESB-25919: [6.4.1] Vulnerability in Jetty 9.3.14

Prerequisites

Consider the following requirements for your system:

  • Talend ESB Runtime 6.4.1 must be installed.

Installation

Installing the patch manually

Apply the patch to an existing/running Runtime 6.4.1 container: 1) The Runtime container is started/running 2) WARN, all deployed Data Services & Routes, all started ESB Infra-services, have to be undeployed/uninstalled from Runtime container. and reinstall them again after step 5) 3) Copy&Replace the patch files of the system/ folder, into the 'Runtime_Home/system/' On Linux: cp -rf ./system Runtime_Home/system On Windows: xcopy system*.* Runtime_home\system /s (Press "y" when prompting if overwrite some of the features xml files) 4) Update&Refresh the existing Jetty/Pax-web related features/bundles

karaf@trun()> feature:uninstall webconsole

karaf@trun()> la |grep 9.3.14.v20161028 (get the Bundle IDs to be uninstalled in the next command) karaf@trun()> uninstall 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172

karaf@trun()> la |grep "Pax Web" (get the Bundle IDs to be uninstalled in the next command) karaf@trun()> uninstall 178 179 180 181 261

karaf@trun()> feature:repo-add mvn:org.ops4j.pax.web/pax-web-features/6.0.12/xml/features

karaf@trun()> feature:install pax-jetty/9.3.27.v20190418 karaf@trun()> install mvn:org.ops4j.pax.web/pax-web-jsp/6.0.12 karaf@trun()> feature:install pax-http-jetty/6.0.12 karaf@trun()> start org.ops4j.pax.web.pax-web-jsp karaf@trun()> feature:install webconsole 5) Restart the Runtime container karaf@trun()> la |grep Jetty (check if the Jetty version is upgraded to 9.3.27.v20190418) karaf@trun()> la |grep "Pax Web" (check if the pax-web version is upgraded to 6.0.12)

Apply the patch to a new Runtime 6.4.1 container: 1) Unzip the Runtime 6.4.1 container 2) Copy&Replace the patch files of the system/ folder, into the 'Runtime_Home/system/' On Linux: cp -rf ./system Runtime_Home/system On Windows: xcopy system*.* Runtime_home\system /s (Press "y" when prompting if overwrite some of the features xml files) 3) Start the Runtime 6.4.1 container karaf@trun()> la |grep Jetty (check if the Jetty version is upgraded to 9.3.27.v20190418) karaf@trun()> la |grep "Pax Web" (check if the pax-web version is upgraded to 6.0.12)