TPRUN-8561 (cumulative patch)
| Info | Value |
|---|---|
| Patch Name | Patch20240920TPRUN-8561_v1 |
| Release Date | 2024-09-20 |
| Target Version | 8.0.1.20240515 |
| Product affected | Syncope/STS |
Introduction
This patch is cumulative. It includes all previous generally available patches for Syncope and STS.
NOTE: For information on how to obtain this patch, reach out to your Support contact at Talend or download it from Talend Update.
Fixed issues
This patch contains the following fixes:
- TPRUN-8598 : [8.0.1] Patch spring-web, logback and spring-security-core CVE in Syncope and sts
Prerequisites
Consider the following requirements for your system:
- Syncope must be installed on a Tomcat server installation doc.
Installation
- Stop Tomcat
- Create a backup directory
$ mkdir -p <backup_dir> - Copy original webapps directory to the backup directory
Note: if you made any changes in extracted service app before, don't forget to backup them too.$ cp -R apache-tomcat/webapps/sts* <backup_dir> $ cp -R apache-tomcat/webapps/syncope* <backup_dir> - Remove original webapp directories and files
$ rm -rf apache-tomcat/webapps/sts* $ rm -rf apache-tomcat/webapps/syncope* - Unzip the patch file:
$ unzip Patch_20220407_TPS-5180_v1.zip - Copy patched war files to webapps directory
Unzip the following files in webapps/ syncope-console.war syncope-enduser.war$ cp sts.war apache-tomcat/webapps/ $ cp syncope-console.war apache-tomcat/webapps/
Copy from the backup the following files, and any other configuration files that have been modified syncope-enduser/WEB-INF/classes/enduser.properties syncope-console/WEB-INF/classes/console.properties
- Start Tomcat
Uninstallation
To revert patch installation:
- stop Tomcat
- restore the backup files in webapps/ directory
- start Tomcat