Data360 Analyze Product Announcements

 View Only

Data360 Analyze 3.8.5 & 3.10.1 Hotfix Announcement-Text4shell Vulnerability Hotfix

  Thread closed by the administrator, not accepting new replies.
  • 1.  Data360 Analyze 3.8.5 & 3.10.1 Hotfix Announcement-Text4shell Vulnerability Hotfix

    Employee
    Posted 10-25-2022 12:10
    No replies, thread closed.


    The fix for the Text4Shell vulnerability is now available with Data360 Analyze version 3.8.5 and 3.10.1 is now available.

    Below are the instructions to apply the Hotfix for 3.8.5 and 3.10.1

     

    3.8.5 Hotfix Notes:

     

    3.8.5 Hotfix for cve-2022-42889 upgrades the Apache Commons Text version used in Analyze to remove the vulnerability identified in cve-2022-42889

     

    Steps:

     

    1. Stop all components of the application (Tomcat (web application), Analyze Server, Postgres)
    2. Navigate to the installation directory of Analyze (<installDir>)
    3. Remove the following file within the <installDir>:

                       -              <installDir>/lib/java/commons-text-1.9.jar

    1. Rename the following file within the <installDir>, in order to make a backup of them:

                       -              <installDir>/conf/brain/versions.prop

                       -   <installDir>/tomcat/webapps/ROOT.war

       To:

                       -   <installDir>/conf/brain/versions.prop.bak

                       -   <installDir>/tomcat/webapps/ROOT.war.bak

    1. Unpack the hotfix source file archive into <installDir> respecting the folder structure inside the archive, this will unpack the following files:

                       -              <installDir>/conf/brain/versions.prop

                       -              <installDir>/lib/java/commons-text-1.10.0.jar

                       -   <installDir>/tomcat/webapps/ROOT.war

    1. Restart the application (all components)

     

    3.10.1 Hotfix Notes:  

    3.10.1 Hotfix for cve-2022-42889 upgrades the Apache Commons Text version used in Analyze to remove the vulnerability identified in cve-2022-42889    

    Steps: 

    1. Stop all components of the application (Tomcat (web application), Analyze Server, Postgres)
    2. Navigate to the installation directory of Analyze (<installDir>)
    3. Remove the following files within the <installDir>:                   <installDir>/tomcat/webapps/ROOT/WEB-INF/lib/commons-text-1.9.jar                   <installDir>/lib/java/commons-text-1.9.jar
    4. Rename the following file within the <installDir>, in order to make a backup of them:                   -              <installDir>/conf/brain/versions.prop   To:                   -   <installDir>/conf/brain/versions.prop.bak
    5. Unpack the hotfix source file archive
    6. Copy the extracted commons-text-1.10.0.jar into the following locations:                   <installDir>/tomcat/webapps/ROOT/WEB-INF/lib/commons-text-1.10.0.jar                   <installDir>/lib/java/commons-text-1.10.0.jar
    7. Copy the extracted versions.prop file to the following location:                   <installDir>/conf/brain/versions.prop
    8. Restart (all components)