Oracle Financial Services Data Management Application Pack v8.0.7.1.0 One-off Patch Release #1 (8.0.7.1.1)

OFS Financial Services Data Management Application Pack is a separately licensed product.

Description

ID 32295486 - CVE-2020-17530: APACHE STRUTS UPDATE TO AT LEAST 2.5.26

Pre-installation Requirements

The minimum patch set level must be OFS DM Application Pack v8.0.7.1.0.

Installing this Release

To install this release, follow these steps:

1.        Log in to My Oracle Support, and search for 32295486 under the Patches and Updates tab.

2.       Download the 32295486_GENERIC.zip archive file and copy it to your OFSAA server in Binary mode.

3.       Shut down all the OFSAAI services.

For more information, see the Stopping Infrastructure Services section in the Oracle Financial Services Data Management Application Pack Installation Guide.

4.      Extract the contents of the patch archive file using the command:

unzip -a <name of the file to be extracted>

For example: unzip -a 32295486_GENERIC.zip

Note: The "-a" option is mandatory to unzip the patch.
If you notice the error message: “unzip: not found [No such file or directory”, before the package is installed, contact your UNIX administrator.

5.       Assign RWX (755) permissions to the folder by executing the command:

chmod -R 755 OFS_DM

6.      Navigate to the following directory:

<>/OFS_DM/conf

7.       Update the params.conf file with the upload model parameter as 0.

8.      Navigate to the following directory:

<>/OFS_DM/bin

9.      Execute the install command:

./install.sh

10.   Verify the patch installation logs in the following directory:

<>/OFS_DM/logs

Contact Oracle support in case of any error.

11.     Download the Struts Libraries version 2.5.30.

12.    Delete the following existing Struts Libraries in the path $FIC_WEB_HOME/webroot/WEB-INF/lib:

a.       xwork-core-2.3.x.jar

b.       struts2-core-2.3.x.jar

13.    Extract the struts-2.5.30-min-lib.zip file.

14.   Copy the following files from the extracted path to $FIC_WEB_HOME/webroot/WEB_INF/lib/:

a.       commons-lang3-3.8.1.jar

b.       commons-lang-2.4.jar

c.       commons-io-2.6.jar

d.       commons-fileupload-1.4.jar

e.       commons-logging-1.2.jar

f.        freemarker-2.3.31.jar

g.       javassist-3.20.0-GA.jar

h.       log4j-api-2.12.4.jar

i.         log4j-core-2.12.4.jar

Note: The log4j libraries must be downloaded from this link.

j.         ognl-3.1.29.jar

k.       struts2-core-2.5.30.jar

15.    Generate the application EAR or WAR file and redeploy the application onto your configured web application server.

For more information on generating and deploying the EAR or WAR file, see the Post Installation Configuration section in the Oracle Financial Services Data Management Application Pack Installation Guide.

16.    Start all the OFSAAI services.

For more information, see the Starting Infrastructure Services section in the Oracle Financial Services Data Management Application Pack Installation Guide.

NOTE: Additionally to download Struts Library version 2.5.33, see 3001518.1.

Oracle Financial Services Software   |   Copyright © 2021, Oracle and/or its affiliates. All rights reserved.   |   Phone: +1.650.506.7000   |   Fax: +1.650.506.7200   |   www.oracle.com/industries/financial-services/index.html