TPS-5442 (cumulative patch)
Info | Value |
---|---|
Patch Name | Patch20230302TPS-5442_v1 |
Release Date | 2023-03-02 |
Target Verson | 20230302_1-V7.3.1 |
Product affected | IAM |
Introduction
This patch is cumulative. It includes all previous generally available patches for Talend IAM 7.3.1.
NOTE: For information on how to obtain this patch, reach out to your Support contact at Talend.
Fixed issues
This patch contains the following fixes:
- TPS-5442: [7.3.1] Patch apache commons-text CVE-2022-42889
- TPS-5054: [7.3.1] Patch log4j CVE in Syncope
- TPS-5081: [7.3.1] Patch log4j to 2.17.1 in Syncope
- TPS-5180: [7.3.1] Patch Spring4Shell CVE-2022-22965
- TPS-4958: [7.3.1] Syncope with MySQL is not working
- TPS-4814: [7.3.1] Wrong table name for on-premise cleaner in case of mysql usage
Prerequisites
Consider the following requirements for your system:
- Talend IAM 7.3.1 must be installed.
Installation
- Stop IAM
-
Create a backup directory
$ mkdir -p <backup_dir>
-
Copy original
*.war
files to the backup directory
Note: if you made any changes in extracted service app before don't forget to backup them too$ cp <TALEND>/iam/apache-tomcat/webapps/idp.war <backup_dir> $ cp <TALEND>/iam/apache-tomcat/webapps/oidc.war <backup_dir> $ cp <TALEND>/iam/apache-tomcat/webapps/scim.war <backup_dir> $ cp <TALEND>/iam/apache-tomcat/webapps/sts.war <backup_dir> $ cp <TALEND>/iam/apache-tomcat/webapps/sts-tac.war <backup_dir> $ cp <TALEND>/iam/apache-tomcat/webapps/syncope.war <backup_dir> $ cp <TALEND>/iam/apache-tomcat/webapps/syncope-console.war <backup_dir> $ cp <TALEND>/iam/apache-tomcat/webapps/syncope-enduser.war <backup_dir>
-
Remove original webapp directories and files
$ rm -rf <TALEND>/iam/apache-tomcat/webapps/oidc* $ rm -rf <TALEND>/iam/apache-tomcat/webapps/idp* $ rm -rf <TALEND>/iam/apache-tomcat/webapps/scim* $ rm -rf <TALEND>/iam/apache-tomcat/webapps/sts* $ rm -rf <TALEND>/iam/apache-tomcat/webapps/syncope*
-
Unzip the patch file:
$ unzip Patch_20230302_TPS-5442_v1.zip
-
Copy patched war file to webapps directory replacing the original one
$ cp *.war <TALEND>/iam/apache-tomcat/webapps/
- Remove contents of
work
andtemp
directories in<TALEND>/iam/apache-tomcat
-
Edit
<TALEND>/iam/apache-tomcat/conf/iam.properties
file, add the next line to it (if not present):iam.fediz.config=file://${CATALINA_BASE}/conf/fediz_config.xml
-
Cleanup
oidc
andidp
databases (how-to depends on DB vendor in use). For H2 (default), remove directoriesoidc
andidp
in<TALEND>/iam/apache-tomcat
- Start IAM
Uninstallation
- Stop IAM
-
Remove patched webapp directories and files
$ rm -rf <TALEND>/iam/apache-tomcat/webapps/oidc* $ rm -rf <TALEND>/iam/apache-tomcat/webapps/idp* $ rm -rf <TALEND>/iam/apache-tomcat/webapps/scim* $ rm -rf <TALEND>/iam/apache-tomcat/webapps/sts* $ rm -rf <TALEND>/iam/apache-tomcat/webapps/syncope*
-
Copy saved
*.war
files from the backup directory$ cp <backup_dir>/*.war <TALEND>/iam/apache-tomcat/webapps/
- Remove contents of
work
andtemp
directories in<TALEND>/iam/apache-tomcat
- Cleanup
oidc
andidp
databases (how-to depends on DB vendor in use) - Start IAM
Affected files for this patch
The following files are installed by this patch:
oidc.war
idp.war
scim.war
sts.war
sts-tac.war
syncope.war
syncope-console.war
syncope-enduser.war