IBM Platform Symphony 5.2 Fix Patch #224587 Readme File
IBM Platform Symphony Standard Edition includes the Apache Struts 2 framework. Security issues related to this framework include: struts 2 security issues(s2-015, s2-016, s2-017, s2-018, s2-019) and spring security issue(CRLF Injection)
Apply this fix to resolve these security issues. And this fix patch applies only to the following platform:
· Linux 64-bit//Windows 64 bit/Solaris 64-bit
This patch only includes bug fixes for Symphony
Readme file for: IBM® Platform Symphony
Product/Component Release: 5.2
Update Name: Fix pack
Fix ID: sym-5.2-build224587
Publication date: 1st Nov 2013
Last modified date: 1st Nov 2013
1. Download location
2. Products or components affected
3. System requirements
4. Installation and configuration
5. List of fixes
6. List of files
7. Copyright and trademark information
Product/Component Name, Platform, Fix ID:
Platform Symphony/, Linux 64-bit//Windows 64 bit/Solaris 64-bit, sym-5.2-build224587.
4.1 Before installation
1. Stop the WEBGUI service
Log on to the master host as the cluster administrator and run:
1) On Linux or Solaris
$ source $EGO_TOP/cshrc.platform
$ egosh user logon -u Admin -x Admin
$ egosh service stop WEBGUI
2) On Windows
> egosh user logon -u Admin -x Admin
> egosh service stop WEBGUI
2. Remove the following files to back up folder on all management hosts, or we can use to execute 4.1.2, 4.2 and 4.4.2 on Linux
1) On Linux
2) On Solaris
3) On Windows
4.2 Installation steps
Copy the binaries to the following directories on management hosts:
1) On Linux
$ cp $EGO_TOP/
$ unzip -u
2) On Solaris
Unzip the, and get ognl-3.0.6.jar, struts2-core- and xwork-core-
$ cp ognl-3.0.6.jar struts2-core- xwork-core- $EGO_TOP/gui/perf/1.2.6/perfgui/WEB-INF/lib/
3) On Windows
Unzip the, and get ognl-3.0.6.jar, struts2-core- and xwork-core-
> copy ognl-3.0.6.jar struts2-core- xwork-core- %SOAM_HOME%\..\gui\perf\1.2.6\perfgui\WEB-INF\lib\
4.3 After installation
1. Clean up the GUI work directory and the browser cache on all management hosts.
About the cleaning up GUI work directory, we need delete all subdirectories and files in this directory:
1) On Linux or Solaris
> source $EGO_TOP/cshrc.platform
> rm -rf $EGO_TOP/gui/work/*
2) On Windows
> del /f /s /q %SOAM_HOME%\..\gui\work\*
2. Start the WEBGUI service
Log on to the master host as the cluster administrator and run:
1) On Linux or Solaris
$ source $EGO_TOP/cshrc.platform
$ egosh user logon -u Admin -x Admin
$ egosh service start WEBGUI
2) On Windows
> egosh user logon -u Admin -x Admin
> egosh service start WEBGUI
4.4 Uninstalling
1. Stop the WEBGUI service
Log on to the master host as the cluster administrator and run:
1) On Linux or Solaris
$ source $EGO_TOP/cshrc.platform
$ egosh user logon -u Admin -x Admin
$ egosh service stop WEBGUI
2) On Windows
> egosh user logon -u Admin -x Admin
> egosh service stop WEBGUI
2. Restore the following files on all management hosts with the backed-up files
3) On Linux
2) On Solaris
3) On Windows
3. Clean up the GUI work directory and the browser cache on all management hosts.
About the cleaning up GUI work directory, we need delete all subdirectories and files in this directory:
1) On Linux or Solaris
> source $EGO_TOP/cshrc.platform
> rm -rf $EGO_TOP/gui/work/*
2) On Windows
> del /f /s /q %SOAM_HOME%\..\gui\work\*
4. Start the WEBGUI service
Log on to the master host as the cluster administrator and run:
1) On Linux or Solaris
$ source $EGO_TOP/cshrc.platform
$ egosh user logon -u Admin -x Admin
$ egosh service start WEBGUI
2) On Windows
> egosh user logon -u Admin -x Admin
> egosh service start WEBGUI
5. List of fixes
<SR#> [no]: Fix Struts 2 & Spring Security Issue.
6. List of files
7. Copyright and trademark information
© Copyright IBM Corporation 2013
U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
IBM®, the IBM logo and® are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at