Skip to main content Skip to complementary content

TPS-5442 (cumulative patch)

Info Value
Patch Name Patch20230302TPS-5442_v1
Release Date 2023-03-02
Target Verson 20230302_1-V7.3.1
Product affected IAM

Introduction

This patch is cumulative. It includes all previous generally available patches for Talend IAM 7.3.1.

NOTE: For information on how to obtain this patch, reach out to your Support contact at Talend.

Fixed issues

This patch contains the following fixes:

  • TPS-5442: [7.3.1] Patch apache commons-text CVE-2022-42889
  • TPS-5054: [7.3.1] Patch log4j CVE in Syncope
  • TPS-5081: [7.3.1] Patch log4j to 2.17.1 in Syncope
  • TPS-5180: [7.3.1] Patch Spring4Shell CVE-2022-22965
  • TPS-4958: [7.3.1] Syncope with MySQL is not working
  • TPS-4814: [7.3.1] Wrong table name for on-premise cleaner in case of mysql usage

Prerequisites

Consider the following requirements for your system:

  • Talend IAM 7.3.1 must be installed.

Installation

  1. Stop IAM
  2. Create a backup directory
    $ mkdir -p <backup_dir>
    
  3. Copy original *.war files to the backup directory
    $ cp <TALEND>/iam/apache-tomcat/webapps/idp.war <backup_dir>
    $ cp <TALEND>/iam/apache-tomcat/webapps/oidc.war <backup_dir>
    $ cp <TALEND>/iam/apache-tomcat/webapps/scim.war <backup_dir>
    $ cp <TALEND>/iam/apache-tomcat/webapps/sts.war <backup_dir>
    $ cp <TALEND>/iam/apache-tomcat/webapps/sts-tac.war <backup_dir>
    $ cp <TALEND>/iam/apache-tomcat/webapps/syncope.war <backup_dir>
    $ cp <TALEND>/iam/apache-tomcat/webapps/syncope-console.war <backup_dir>
    $ cp <TALEND>/iam/apache-tomcat/webapps/syncope-enduser.war <backup_dir>
    
    
    Note: if you made any changes in extracted service app before don't forget to backup them too
  4. Remove original webapp directories and files
    $ rm -rf <TALEND>/iam/apache-tomcat/webapps/oidc*
    $ rm -rf <TALEND>/iam/apache-tomcat/webapps/idp*
    $ rm -rf <TALEND>/iam/apache-tomcat/webapps/scim*
    $ rm -rf <TALEND>/iam/apache-tomcat/webapps/sts*
    $ rm -rf <TALEND>/iam/apache-tomcat/webapps/syncope*
    
  5. Unzip the patch file:
    $ unzip Patch_20230302_TPS-5442_v1.zip
    
  6. Copy patched war file to webapps directory replacing the original one
    $ cp *.war <TALEND>/iam/apache-tomcat/webapps/
    
  7. Remove contents of work and temp directories in <TALEND>/iam/apache-tomcat
  8. Edit <TALEND>/iam/apache-tomcat/conf/iam.properties file, add the next line to it (if not present):
    iam.fediz.config=file://${CATALINA_BASE}/conf/fediz_config.xml
    
  9. Cleanup oidc and idp databases (how-to depends on DB vendor in use). For H2 (default), remove directories oidc and idp in <TALEND>/iam/apache-tomcat
  10. Start IAM

Uninstallation

  1. Stop IAM
  2. Remove patched webapp directories and files
    $ rm -rf <TALEND>/iam/apache-tomcat/webapps/oidc*
    $ rm -rf <TALEND>/iam/apache-tomcat/webapps/idp*
    $ rm -rf <TALEND>/iam/apache-tomcat/webapps/scim*
    $ rm -rf <TALEND>/iam/apache-tomcat/webapps/sts*
    $ rm -rf <TALEND>/iam/apache-tomcat/webapps/syncope*
    
  3. Copy saved *.war files from the backup directory
    $ cp <backup_dir>/*.war <TALEND>/iam/apache-tomcat/webapps/
    
  4. Remove contents of work and temp directories in <TALEND>/iam/apache-tomcat
  5. Cleanup oidc and idp databases (how-to depends on DB vendor in use)
  6. Start IAM

Affected files for this patch

The following files are installed by this patch:

  • oidc.war
  • idp.war
  • scim.war
  • sts.war
  • sts-tac.war
  • syncope.war
  • syncope-console.war
  • syncope-enduser.war

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!