Readme File for IBM® Platform Symphony 7.1 Fix Pack 1 Interim Fix 469044

Readme file for: IBM Platform Symphony Developer Edition (DE)

Product/Component Release: 7.1 Fix Pack 1

Update Name: Interim Fix 469044

Fix ID: sym-7.1-build469044

Publication date: September 15, 2017

Interim fix on upgrading Apache Struts to version 2.3.34 in IBM Platform Symphony 7.1 Fix Pack 1 Developer Edition (DE) in order to fix Struts security vulnerabilities CVE-2017-9804 (S2-050) and CVE-2017-12611 (S2-053).

Contents

1.   List of Fixes

2.  Download location

3.   Products or components affected

4.   Installation and configuration

5.   Copyright and trademark information

1.    List of Fixes

APAR: P102379

2.    Download location

Download interim fix 469044 from the following location: https://www.ibm.com/eserver/support/fixes/

3.    Products or components affected

Component name, Platform, Fix ID:

PMC, linux2.6-glibc2.3-x86_64/Windows-x86_64, sym-7.1-build469044

4.    Installation and configuration

Follow these steps to upgrade Struts in a cluster with Platform Symphony Developer Edition installed:

Before installation

1.      Log on to the Platform Symphony Developer Edition host in the cluster and download the struts-2.3.34-lib.zip package from the following location:

http://archive.apache.org/dist/struts/2.3.34/struts-2.3.34-lib.zip.

2.      Shut down the Platform Symphony Developer Edition:

> soamshutdown

3.      For backup purposes, move the files corresponding to your host operating system to a backup directory.

o   On a Linux host:

> mkdir -p /tmp/guibackup/symgui

> mv $SOAM_HOME/gui/3.1/lib/commons-collections-3.2.1.jar /tmp/guibackup/

> mv $SOAM_HOME/gui/3.1/lib/commons-digester-1.8_1.jar /tmp/guibackup/

> mv $SOAM_HOME/gui/3.1/lib/commons-fileupload-1.3.1.jar /tmp/guibackup/

> mv $SOAM_HOME/gui/3.1/lib/commons-io-1.2.jar /tmp/guibackup/

> mv $SOAM_HOME/gui/3.1/lib/commons-logging-1.1.1.jar /tmp/guibackup/

> mv $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/commons-fileupload-1.3.1.jar /tmp/guibackup/symgui/

> mv $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/commons-lang3-3.1.jar /tmp/guibackup/symgui/

> mv $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/freemarker-2.3.18.jar /tmp/guibackup/symgui/

> mv $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/javassist-3.9.0.GA.jar /tmp/guibackup/symgui/

> mv $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/ognl-3.0.6.jar /tmp/guibackup/symgui/

> mv $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/org.apache.commons-io-1.4.jar /tmp/guibackup/symgui/

> mv $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/struts2-core-2.3.16.3.jar /tmp/guibackup/symgui/

> mv $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/struts2-json-plugin-2.3.16.3.jar /tmp/guibackup/symgui/

> mv $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/struts2-spring-plugin-2.3.16.3.jar /tmp/guibackup/symgui/

> mv $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/xwork-core-2.3.16.3.jar /tmp/guibackup/symgui/

o   On a Windows host:

> mkdir c:\temp\guibackup\symgui

> move "%SOAM_HOME%\gui\3.1\lib\commons-collections-3.2.1.jar" c:\temp\guibackup\

> move "%SOAM_HOME%\gui\3.1\lib\commons-digester-1.8_1.jar" c:\temp\guibackup\

> move "%SOAM_HOME%\gui\3.1\lib\commons-fileupload-1.3.1.jar" c:\temp\guibackup\

> move "%SOAM_HOME%\gui\3.1\lib\commons-io-1.2.jar" c:\temp\guibackup\

> move "%SOAM_HOME%\gui\3.1\lib\commons-logging-1.1.1.jar " c:\temp\guibackup\

> move "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\commons-fileupload-1.3.1.jar" c:\temp\guibackup\symgui

> move "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\commons-lang3-3.1.jar" c:\temp\guibackup\symgui

> move "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\freemarker-2.3.18.jar" c:\temp\guibackup\symgui

> move "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\javassist-3.9.0.GA.jar" c:\temp\guibackup\symgui

> move "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\ognl-3.0.6.jar" c:\temp\guibackup\symgui

> move "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\struts2-core-2.3.16.3.jar" c:\temp\guibackup\symgui

> move "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\struts2-json-plugin-2.3.16.3.jar" c:\temp\guibackup\symgui

> move "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\struts2-spring-plugin-2.3.16.3.jar" c:\temp\guibackup\symgui

> move "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\xwork-core-2.3.16.3.jar" c:\temp\guibackup\symgui

> move "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\org.apache.commons-io-1.4.jar" c:\temp\guibackup\symgui

Installation

On the Platform Symphony Developer Edition host, unzip the struts-2.3.34-lib.zip package and copy the files for your host operating system to your installation directory.

o   On a Linux host:

> unzip -u struts-2.3.34-lib.zip

> cd struts-2.3.34/lib/

> cp commons-collections-3.2.2.jar $SOAM_HOME/gui/3.1/lib/

> cp commons-digester-2.0.jar $SOAM_HOME/gui/3.1/lib/

> cp commons-fileupload-1.3.2.jar $SOAM_HOME/gui/3.1/lib/

> cp commons-io-2.2.jar $SOAM_HOME/gui/3.1/lib/

> cp commons-lang3-3.2.jar $SOAM_HOME/gui/3.1/lib/

> cp commons-logging-1.1.3.jar $SOAM_HOME/gui/3.1/lib/

> cp commons-io-2.2.jar $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/

> cp commons-fileupload-1.3.2.jar $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/

> cp commons-lang3-3.2.jar $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/

> cp freemarker-2.3.22.jar $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/

> cp javassist-3.11.0.GA.jar $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/

> cp ognl-3.0.21.jar $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/

> cp struts2-core-2.3.34.jar $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/

> cp struts2-json-plugin-2.3.34.jar $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/

> cp struts2-spring-plugin-2.3.34.jar $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/

> cp xwork-core-2.3.34.jar $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/

> cp xstream-1.4.10.jar $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/

> cp velocity-1.6.4.jar $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/

o   On a Windows host:

> unzip struts-2.3.34-lib.zip

> cd struts-2.3.34\lib

> copy commons-collections-3.2.2.jar "%SOAM_HOME%\gui\3.1\lib\"

> copy commons-digester-2.0.jar "%SOAM_HOME%\gui\3.1\lib\"

> copy commons-fileupload-1.3.2.jar "%SOAM_HOME%\gui\3.1\lib\"

> copy commons-io-2.2.jar "%SOAM_HOME%\gui\3.1\lib\"

> copy commons-lang3-3.2.jar "%SOAM_HOME%\gui\3.1\lib\"

> copy commons-logging-1.1.3.jar "%SOAM_HOME%\gui\3.1\lib\"

> copy commons-io-2.2.jar "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\"

> copy commons-fileupload-1.3.2.jar "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\"

> copy commons-lang3-3.2.jar "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\"

> copy freemarker-2.3.22.jar "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\"

> copy javassist-3.11.0.GA.jar "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\"

> copy ognl-3.0.21.jar "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\"

> copy struts2-core-2.3.34.jar "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\"

> copy struts2-json-plugin-2.3.34.jar "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\"

> copy struts2-spring-plugin-2.3.34.jar "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\"

> copy xwork-core-2.3.34.jar "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\"

> copy xstream-1.4.10.jar "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\"

> copy velocity-1.6.4.jar "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\"

 

After installation

1.      On the Platform Symphony Developer Edition host, delete all subdirectories and files in the GUI work directory:

o   On a Linux host, enter the following command:

> rm -rf $SOAM_HOME/gui/work/*

o   On a Windows host, enter the following command:

> del /f /s /q "%SOAM_HOME%\gui\work\*"

2.      Clear your browser cache.

3.      Start the Platform Symphony Developer Edition:

> soamstartup

Uninstallation

1.      Shut down the Platform Symphony Developer Edition:

> soamshutdown

2.      Delete all the .jar files that were introduced by this fix.

o   On a Linux host:

> rm -fr $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/struts2-spring-plugin-2.3.34.jar

> rm -fr $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/struts2-core-2.3.34.jar

> rm -fr $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/struts2-json-plugin-2.3.34.jar

> rm -fr $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/javassist-3.11.0.GA.jar

> rm -fr $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/freemarker-2.3.22.jar

> rm -fr $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/ognl-3.0.21.jar

> rm -fr $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/xwork-core-2.3.34.jar

> rm -fr $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/xstream-1.4.10.jar

> rm -fr $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/velocity-1.6.4.jar

> rm -fr $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/commons-fileupload-1.3.2.jar

> rm -fr $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/commons-lang3-3.2.jar

> rm -fr $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/commons-io-2.2.jar

> rm -fr $SOAM_HOME/gui/3.1/lib/commons-collections-3.2.2.jar

> rm -fr $SOAM_HOME/gui/3.1/lib/commons-digester-2.0.jar

> rm -fr $SOAM_HOME/gui/3.1/lib/commons-fileupload-1.3.2.jar

> rm -fr $SOAM_HOME/gui/3.1/lib/commons-io-2.2.jar

> rm -fr $SOAM_HOME/gui/3.1/lib/commons-lang3-3.2.jar

> rm -fr $SOAM_HOME/gui/3.1/lib/commons-logging-1.1.3.jar

 

o   On a Windows host:

> del "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\struts2-spring-plugin-2.3.34.jar"

> del "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\struts2-core-2.3.34.jar"

> del "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\struts2-json-plugin-2.3.34.jar"

> del "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\javassist-3.11.0.GA.jar"

> del "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\freemarker-2.3.22.jar"

> del "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\ognl-3.0.21.jar"

> del "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\xwork-core-2.3.34.jar"

> del "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\xstream-1.4.10.jar"

> del "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\velocity-1.6.4.jar"

> del "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\commons-fileupload-1.3.2.jar"

> del "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\commons-lang3-3.2.jar"

> del "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\commons-io-2.2.jar"

> del "%SOAM_HOME%\gui\3.1\lib\commons-collections-3.2.2.jar

> del "%SOAM_HOME%\gui\3.1\lib\commons-digester-2.0.jar

> del "%SOAM_HOME%\gui\3.1\lib\commons-fileupload-1.3.2.jar"

> del "%SOAM_HOME%\gui\3.1\lib\commons-io-2.2.jar"

> del "%SOAM_HOME%\gui\3.1\lib\commons-lang3-3.2.jar"

> del "%SOAM_HOME%\gui\3.1\lib\commons-logging-1.1.3.jar

3.      On the Platform Symphony Developer Edition host, restore your backup files.

o   On a Linux host:

> mv /tmp/guibackup/*.jar $SOAM_HOME/gui/3.1/lib/

> mv /tmp/guibackup/symgui/*.jar $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/

o   On a Windows host:

> move c:\temp\guibackup\*.jar "%SOAM_HOME%\gui\3.1\lib\"

> move c:\temp\guibackup\symgui\*.jar "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\"

4.      On the Platform Symphony Developer Edition host, delete all subdirectories and files in the GUI work directory:

o   On a Linux host, enter the following command:

> rm -rf $SOAM_HOME/gui/work/*

o   On a Windows host, enter the following command:

> del /f /s /q "%SOAM_HOME%\gui\work\*"

5.      Clear your browser cache.

6.      Start the Platform Symphony Developer Edition cluster:

> soamstartup

5.    Copyright and trademark information

© Copyright IBM Corporation 2017

U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

IBM®, the IBM logo and ibm.com® are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.