The fix for the Text4Shell vulnerability is now available with Data360 DQ+ 7.1.6 is now available.
Below are the instructions to apply the Hotfix for 7.1.6:
7.1.6 Hotfix for cve-2022-42889 upgrades the Apache Commons Text version used in DQ+ to remove the vulnerability identified in cve-2022-42889
Steps:
- Download the fix pack into the /tmp folder.
- Give execute permission to the downloaded fix pack, for example:chmod 777 dqplus_IS-7.1-202202232146-6-fixpack.sh
- Extract the downloaded fix pack by running its name as a command, for example:./dqplus_IS-7.1-202202232146-6-fixpack.sh
Extracting a fix pack for the first time will create a directory at:
/opt/infogix/dqplus-7.1/maintenance
- Execute the ./apply-patch command from within /opt/infogix/dqplus-7.1/maintenance/dqplus_IS-7.1-202202232146-6-fixpack/bin.
To verify that the fix pack has been applied, navigate to the Help menu in the product and select About. The product's Updates information should be updated.