Download
Abstract
SPSS Collaboration and Deployment Services 8.3.0/8.4.0 interim fix updates jackson-databind to 2.15.2 for addressing security vulnerability
Installation Instructions
Important Notes:
This Interim Fix provides important security fix to jackson-databind vulnerability CVE-2023-35116 on Collaboration and Deployment Services Repository Server. Refer to the separate section about installation instructions.
Prerequisites:
-----------------------------------------------
SPSS Collaboration and Deployment Services - Repository Server 8.3.0 or 8.4.0 must be installed before that is applying this interim fix.
Installation Instructions for Repository Server installed on WebSphere Traditional:
-------------------------------------------------------------------
1) Stop Repository Server. (if this server is running)
-------------------------------------------------------------------
1) Stop Repository Server. (if this server is running)
2) Extract the download package .zip file to a temporary directory.
3) Back up the following files by moving them to another directory on your local disk.
"<websphere-profile-dir-for-cads>/installedApps/<cell-name>/<ear-name>/lib/jackson-*.jar"
"[CADS_SERVER_INSTALL_DIR]/components/singleEarLibs/jackson-*.jar"
Notes: For the WebSphere cluster topology, the <websphere-profile-dir-for-cads> should include the profile directory of all managed nodes.
Notes: For the WebSphere cluster topology, the <websphere-profile-dir-for-cads> should include the profile directory of all managed nodes.
4) Copy all jars files of jackson-*-2.15.2.jar from temporary directory to following directory.
"<websphere-profile-dir-for-cads>/installedApps/<cell-name>/<ear-name>/lib"
"[CADS_SERVER_INSTALL_DIR]/components/singleEarLibs"
5) Start Repository Server.
5) Start Repository Server.
Installation Instructions for Repository Server installed on WebSphere Liberty:
---------------------------------------------------------------------------
1) Stop Repository Server. (if this server is running)
---------------------------------------------------------------------------
1) Stop Repository Server. (if this server is running)
2) Extract the download package .zip file to a temporary directory.
3) Back up the following file by copying them to another directory on your local disk.
"[CADS_SERVER_INSTALL_DIR]/toDeploy/liberty/cds8*.ear"
(cds8*.ear refers to cds83.ear or cds84.ear, selected based on the actual server version number)
4) Open archive cds8*.ear with file archive tool, e.g. 7zip, copy jackson-*-2.15.2.jar from temporary directory to:
"[CADS_SERVER_INSTALL_DIR]/toDeploy/liberty/cds8*.ear/lib", remove the original jackson-*.jar files first and save the ear file.
5) Copy jackson-*-2.15.2.jar from temporary directory to following folders and move out the original jackson-*.jar files first:
"[CADS_SERVER_INSTALL_DIR]/components/singleEarLibs"
6) Start Repository Server.
"[CADS_SERVER_INSTALL_DIR]/components/singleEarLibs"
6) Start Repository Server.
Installation Instructions for Repository Server installed on JBoss EAP:
---------------------------------------------------------------------------
1) Stop Repository Server.
---------------------------------------------------------------------------
1) Stop Repository Server.
2) Extract the download package .zip file to a temporary directory.
3) Back up the following file by copying them to another directory on your local disk.
"<JBoss_EAP_DIR>/standalone/deployments/cds8*.ear"
(cds8*.ear refers to cds83.ear or cds84.ear, selected based on the actual server version number)
4) Open archive cds8*.ear with file archive tool, e.g. 7zip, copy jackson-*-2.15.2.jar from temporary directory to:
"<JBoss_EAP_DIR>/standalone/deployments/cds8*.ear/lib", remove the original jackson-*.jar files first and save the ear file.
5) Copy jackson-*-2.15.2.jar from temporary directory to following folders and move out the original jackson-*.jar files first:
"[CADS_SERVER_INSTALL_DIR]/components/singleEarLibs"
6) Start Repository Server.
"[CADS_SERVER_INSTALL_DIR]/components/singleEarLibs"
6) Start Repository Server.
Uninstall Instructions:
-----------------------------------------------
-----------------------------------------------
1) Stop Collaboration and Deployment Services Repository Server.
2) Revert back the jackson-*.jar to the original place.
3) Start Collaboration and Deployment Services Repository Server.
On
[{"DNLabel":"8.3.0.0-IM-SCaDS-Jackson2152","DNDate":"26 Jun 2023","DNLang":"Language Independent","DNSize":"1.97 MB","DNPlat":{"label":"Power","code":"PF053"},"DNURL":"https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FSPSS+Collaboration+and+Deployment+Services&fixids=8.3.0.0-IM-SCaDS-Jackson2152&source=SAR","DNURL_FTP":"","DDURL":null},{"DNLabel":"8.4.0.0-IM-SCaDS-Jackson2152","DNDate":"26 Jun 2023","DNLang":"Language Independent","DNSize":"1.97 MB","DNPlat":{"label":"Linux","code":"PF016"},"DNURL":"https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FSPSS+Collaboration+and+Deployment+Services&fixids=8.4.0.0-IM-SCaDS-Jackson2152&source=SAR","DNURL_FTP":"","DDURL":null}]
[{"Type":"MASTER","Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS69YH","label":"IBM SPSS Collaboration and Deployment Services"},"ARM Category":[{"code":"a8m50000000CaeKAAS","label":"Collaboration and Deployment Services-\u003EC\u0026DS Repository Server"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"8.3.0;8.4.0"}]
Was this topic helpful?
Document Information
Modified date:
26 June 2023
UID
ibm17006835