Page Comparison

Background

XPLG update release includes new features, optimizations and bug fixes. This release also addresses Apache Log4j moderate vulnerability (CVE-2021-44832) that was recently published.
Apache announced that Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. The

The Apache Log4j 2 is an open-source Java package that allows developers to log activity within applications. More information is available here.

...

• New dynamic search results gadget - stream unlimited number of events to dashboards.

• Support multi-tab searches - run multiple simultaneous searches in different tabs.

General

• Bug fixes.

• Security updates.

__________________________________________________________________________________________________________________________________________________________

This article guides you through the process of updating your XPLG environment with the latest security update. The procedure is performed in 2 steps:

...

Upgrade/Update procedure

Prerequisites

·        This patch requires Java 1.8. Go to the System Status Console at PORTX > System > System Health and check the 'Java Version' under the 'System Information' section.

·        Ensure you have a valid V7 valid - Go to PORTX > Settings > License to verify. Contact us for additional information.

• IMPORTANT: OS level Services (only for Linux deployments):
  In case you're running XPLG processes as services (Linux OS systemctl, init.d, systemd, etc.) follow the below steps, if not move to STEP I below.

  • Stop each of the XPLG instances services using systemctl/service command.

  • Start each instance manually ('sh /INSTALL_DIR/runXpoLog.sh start')

  • Proceed to upgrade procedure via GUI.

STEP I

Update Procedure main patch (via GUI)

...

Update Procedure Log4J cleanup patch (via GUI)
DO NOT PERFORM THIS STEP BEFORE COMPLETION AND VERIFICATION OF STEP I ABOVE

1. Download the update - XPLG Log4J Cleanup Patch (save it - do not extract).

2. Open a browser to XpoLog and go to the Updates pages (PortX > System > About), click the 'publish patch', select the zip file that was downloaded at #1 and run.
   Note: if you're running a cluster, select to publish the patch to all listed nodes. 

3. XPLG will automatically deploy the update, and restart - you should see a message indicating a successful deployment once done.

4. Verify at PortX > System > About that the update is listed as as:

...

• OS level Services (only for Linux deployments):
  In case you're running XPLG processes as services (Linux OS systemctl, init.d, systemd, etc.) follow the below steps.

  • Stop each of the XPLG instances manually ('sh /INSTALL_DIR/runXpoLog.sh stop')

  • Start all instances services using systemctl/service command.