Readme File for IBM® Platform Symphony 7.1 Fix Pack 1
Interim Fix 469044
Readme file for: IBM Platform Symphony Developer
Edition (DE)
Product/Component Release: 7.1 Fix Pack 1
Update
Name: Interim Fix 469044
Fix
ID:
sym-7.1-build469044
Publication
date:
September 15, 2017
Interim fix on upgrading Apache Struts to
version 2.3.34 in IBM Platform Symphony 7.1 Fix Pack 1 Developer Edition (DE)
in order to fix Struts security vulnerabilities CVE-2017-9804 (S2-050) and
CVE-2017-12611 (S2-053).
Contents
1. List of
Fixes
2. Download location
3. Products or
components affected
4. Installation
and configuration
5. Copyright and trademark
information
1.
List of Fixes
APAR: P102379
2. Download
location
Download interim
fix 469044 from the following location: https://www.ibm.com/eserver/support/fixes/
3. Products or components
affected
Component name, Platform, Fix
ID:
PMC, linux2.6-glibc2.3-x86_64/Windows-x86_64, sym-7.1-build469044
4.
Installation and configuration
Follow
these steps to upgrade Struts in a cluster with Platform Symphony Developer
Edition installed:
Before installation
1. Log
on to the Platform Symphony Developer Edition host in the cluster and download
the struts-2.3.34-lib.zip package from the following location:
http://archive.apache.org/dist/struts/2.3.34/struts-2.3.34-lib.zip.
2. Shut
down the Platform Symphony Developer Edition:
> soamshutdown
3. For
backup purposes, move the files corresponding to your host operating system to
a backup directory.
o On a Linux host:
> mkdir -p /tmp/guibackup/symgui
> mv
$SOAM_HOME/gui/3.1/lib/commons-collections-3.2.1.jar
/tmp/guibackup/
>
mv $SOAM_HOME/gui/3.1/lib/commons-digester-1.8_1.jar
/tmp/guibackup/
>
mv $SOAM_HOME/gui/3.1/lib/commons-fileupload-1.3.1.jar
/tmp/guibackup/
>
mv $SOAM_HOME/gui/3.1/lib/commons-io-1.2.jar /tmp/guibackup/
>
mv $SOAM_HOME/gui/3.1/lib/commons-logging-1.1.1.jar /tmp/guibackup/
>
mv $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/commons-fileupload-1.3.1.jar /tmp/guibackup/symgui/
>
mv $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/commons-lang3-3.1.jar /tmp/guibackup/symgui/
>
mv $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/freemarker-2.3.18.jar /tmp/guibackup/symgui/
>
mv $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/javassist-3.9.0.GA.jar /tmp/guibackup/symgui/
>
mv $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/ognl-3.0.6.jar /tmp/guibackup/symgui/
>
mv $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/org.apache.commons-io-1.4.jar /tmp/guibackup/symgui/
>
mv $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/struts2-core-2.3.16.3.jar /tmp/guibackup/symgui/
>
mv $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/struts2-json-plugin-2.3.16.3.jar
/tmp/guibackup/symgui/
>
mv
$SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/struts2-spring-plugin-2.3.16.3.jar /tmp/guibackup/symgui/
>
mv $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/xwork-core-2.3.16.3.jar /tmp/guibackup/symgui/
o
On a Windows host:
>
mkdir
c:\temp\guibackup\symgui
>
move "%SOAM_HOME%\gui\3.1\lib\commons-collections-3.2.1.jar" c:\temp\guibackup\
> move "%SOAM_HOME%\gui\3.1\lib\commons-digester-1.8_1.jar"
c:\temp\guibackup\
> move "%SOAM_HOME%\gui\3.1\lib\commons-fileupload-1.3.1.jar"
c:\temp\guibackup\
> move "%SOAM_HOME%\gui\3.1\lib\commons-io-1.2.jar"
c:\temp\guibackup\
> move "%SOAM_HOME%\gui\3.1\lib\commons-logging-1.1.1.jar " c:\temp\guibackup\
> move "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\commons-fileupload-1.3.1.jar"
c:\temp\guibackup\symgui
> move "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\commons-lang3-3.1.jar"
c:\temp\guibackup\symgui
> move "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\freemarker-2.3.18.jar"
c:\temp\guibackup\symgui
> move "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\javassist-3.9.0.GA.jar"
c:\temp\guibackup\symgui
> move "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\ognl-3.0.6.jar"
c:\temp\guibackup\symgui
> move "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\struts2-core-2.3.16.3.jar"
c:\temp\guibackup\symgui
> move "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\struts2-json-plugin-2.3.16.3.jar"
c:\temp\guibackup\symgui
> move "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\struts2-spring-plugin-2.3.16.3.jar"
c:\temp\guibackup\symgui
> move "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\xwork-core-2.3.16.3.jar"
c:\temp\guibackup\symgui
> move "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\org.apache.commons-io-1.4.jar"
c:\temp\guibackup\symgui
Installation
On the
Platform Symphony Developer Edition host, unzip the struts-2.3.34-lib.zip
package and copy the files for your host operating system to your
installation directory.
o
On a Linux host:
> unzip -u struts-2.3.34-lib.zip
>
cd struts-2.3.34/lib/
> cp commons-collections-3.2.2.jar
$SOAM_HOME/gui/3.1/lib/
> cp
commons-digester-2.0.jar $SOAM_HOME/gui/3.1/lib/
> cp
commons-fileupload-1.3.2.jar $SOAM_HOME/gui/3.1/lib/
> cp
commons-io-2.2.jar $SOAM_HOME/gui/3.1/lib/
> cp
commons-lang3-3.2.jar $SOAM_HOME/gui/3.1/lib/
> cp
commons-logging-1.1.3.jar $SOAM_HOME/gui/3.1/lib/
> cp
commons-io-2.2.jar $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/
> cp
commons-fileupload-1.3.2.jar $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/
> cp commons-lang3-3.2.jar
$SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/
> cp
freemarker-2.3.22.jar $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/
> cp
javassist-3.11.0.GA.jar $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/
> cp
ognl-3.0.21.jar $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/
> cp
struts2-core-2.3.34.jar $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/
> cp
struts2-json-plugin-2.3.34.jar $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/
> cp
struts2-spring-plugin-2.3.34.jar $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/
> cp
xwork-core-2.3.34.jar $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/
> cp
xstream-1.4.10.jar $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/
> cp velocity-1.6.4.jar
$SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/
o
On a Windows host:
> unzip struts-2.3.34-lib.zip
>
cd struts-2.3.34\lib
>
copy commons-collections-3.2.2.jar "%SOAM_HOME%\gui\3.1\lib\"
>
copy commons-digester-2.0.jar "%SOAM_HOME%\gui\3.1\lib\"
> copy commons-fileupload-1.3.2.jar "%SOAM_HOME%\gui\3.1\lib\"
> copy commons-io-2.2.jar "%SOAM_HOME%\gui\3.1\lib\"
> copy commons-lang3-3.2.jar "%SOAM_HOME%\gui\3.1\lib\"
> copy commons-logging-1.1.3.jar "%SOAM_HOME%\gui\3.1\lib\"
> copy commons-io-2.2.jar "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\"
> copy
commons-fileupload-1.3.2.jar "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\"
> copy commons-lang3-3.2.jar "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\"
> copy freemarker-2.3.22.jar "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\"
> copy javassist-3.11.0.GA.jar "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\"
> copy ognl-3.0.21.jar "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\"
> copy struts2-core-2.3.34.jar "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\"
> copy
struts2-json-plugin-2.3.34.jar "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\"
> copy
struts2-spring-plugin-2.3.34.jar "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\"
> copy
xwork-core-2.3.34.jar "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\"
> copy
xstream-1.4.10.jar "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\"
> copy
velocity-1.6.4.jar "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\"
After
installation
1. On
the Platform Symphony Developer Edition host,
delete all subdirectories and files in the GUI work directory:
o On
a Linux host, enter the following
command:
> rm -rf $SOAM_HOME/gui/work/*
o On a Windows
host, enter the following command:
> del /f /s /q "%SOAM_HOME%\gui\work\*"
2. Clear
your browser cache.
3. Start the Platform Symphony Developer Edition:
> soamstartup
Uninstallation
1.
Shut
down the Platform Symphony Developer Edition:
2. Delete
all the .jar files that were introduced by this fix.
o
On a Linux host:
>
rm -fr
$SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/struts2-spring-plugin-2.3.34.jar
>
rm -fr
$SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/struts2-core-2.3.34.jar
>
rm -fr
$SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/struts2-json-plugin-2.3.34.jar
>
rm -fr
$SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/javassist-3.11.0.GA.jar
>
rm -fr $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/freemarker-2.3.22.jar
>
rm -fr $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/ognl-3.0.21.jar
>
rm -fr $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/xwork-core-2.3.34.jar
>
rm -fr $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/xstream-1.4.10.jar
>
rm -fr $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/velocity-1.6.4.jar
>
rm -fr
$SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/commons-fileupload-1.3.2.jar
>
rm -fr $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/commons-lang3-3.2.jar
>
rm -fr $SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/commons-io-2.2.jar
>
rm -fr $SOAM_HOME/gui/3.1/lib/commons-collections-3.2.2.jar
>
rm -fr $SOAM_HOME/gui/3.1/lib/commons-digester-2.0.jar
>
rm -fr $SOAM_HOME/gui/3.1/lib/commons-fileupload-1.3.2.jar
>
rm -fr $SOAM_HOME/gui/3.1/lib/commons-io-2.2.jar
>
rm -fr $SOAM_HOME/gui/3.1/lib/commons-lang3-3.2.jar
>
rm -fr $SOAM_HOME/gui/3.1/lib/commons-logging-1.1.3.jar
o On
a Windows host:
>
del
"%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\struts2-spring-plugin-2.3.34.jar"
>
del "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\struts2-core-2.3.34.jar"
>
del
"%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\struts2-json-plugin-2.3.34.jar"
>
del
"%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\javassist-3.11.0.GA.jar"
>
del "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\freemarker-2.3.22.jar"
>
del "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\ognl-3.0.21.jar"
>
del
"%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\xwork-core-2.3.34.jar"
>
del "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\xstream-1.4.10.jar"
>
del "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\velocity-1.6.4.jar"
>
del
"%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\commons-fileupload-1.3.2.jar"
>
del
"%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\commons-lang3-3.2.jar"
>
del "%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\commons-io-2.2.jar"
>
del "%SOAM_HOME%\gui\3.1\lib\commons-collections-3.2.2.jar
>
del "%SOAM_HOME%\gui\3.1\lib\commons-digester-2.0.jar
>
del "%SOAM_HOME%\gui\3.1\lib\commons-fileupload-1.3.2.jar"
>
del "%SOAM_HOME%\gui\3.1\lib\commons-io-2.2.jar"
>
del "%SOAM_HOME%\gui\3.1\lib\commons-lang3-3.2.jar"
>
del "%SOAM_HOME%\gui\3.1\lib\commons-logging-1.1.3.jar
3. On
the Platform Symphony Developer Edition host,
restore your backup files.
o
On a Linux host:
> mv /tmp/guibackup/*.jar $SOAM_HOME/gui/3.1/lib/
> mv /tmp/guibackup/symgui/*.jar
$SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/lib/
> move c:\temp\guibackup\*.jar
"%SOAM_HOME%\gui\3.1\lib\"
> move c:\temp\guibackup\symgui\*.jar
"%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\lib\"
4. On
the Platform Symphony Developer Edition host,
delete all subdirectories and files in the GUI work directory:
o On
a Linux host, enter the following
command:
> rm -rf $SOAM_HOME/gui/work/*
o On a Windows
host, enter the following command:
> del /f /s /q
"%SOAM_HOME%\gui\work\*"
5. Clear
your browser cache.
6. Start the Platform Symphony Developer Edition cluster:
> soamstartup
5.
Copyright and trademark information
© Copyright IBM Corporation 2017
U.S.
Government Users Restricted Rights - Use, duplication or disclosure restricted
by GSA ADP Schedule Contract with IBM Corp.
IBM®, the IBM logo and
ibm.com® are trademarks of International Business Machines Corp., registered in
many jurisdictions worldwide. Other product and service names might be
trademarks of IBM or other companies. A current list of IBM trademarks is
available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.