Background
XPLG update release includes new features, optimizations and bug fixes. This release also addresses Apache Log4j moderate vulnerability (CVE-2021-44832) that was recently published.
Apache announced that Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code.
The Apache Log4j 2 is an open-source Java package that allows developers to log activity within applications. More information is available here.
XPLG product suite impact
Recently we have published patch 8067 that migrates all used Log4j libraries within XPLG to Apache Log4j2 version 2.16.0. Following Apache later announcement, patch 8069 was released to migrate all used libraries to Apache Log4j2 version 2.17.0.
Following the latest Apache announcement, patch 8218 is now released to migrate all used libraries to Apache Log4j2 version 2.17.1 (latest patch includes all, if you haven’t updated yet please proceed only with the latest patch as detailed below).
Release Notes:
PortX
Data Forwarding - introducing a new console for data forwarding. Forward logs data from XPLG to other systems over Syslog, HTTP, CEF and more in real time.
Embedded JSON parser - additional plugins and enhanced capabilities to dynamically parse complex JSON objects.
Automatic encoding assignment for data listeners.
XpoLog
New dynamic search results gadget - stream unlimited number of events to dashboards.
Support multi-tab searches - run multiple simultaneous searches in different tabs.
General
Bug fixes.
Security updates.
__________________________________________________________________________________________________________________________________________________________
This article guides you through the process of updating your XPLG environment with the latest security update. The procedure is performed in 2 steps:
Update environment with main patch - this patch will update the software and will also replace all necessary components in the product suite to use the latest Log4J version 2.17.1.
Only following verification of successful main patch deployment, run a clean up of all other Log4J versions inside XPLG directories.
* It is very important to follow the steps in the order described below to complete the process successfully. The process is short and simple and is completed within minutes - deployment is similar to the software updates we occasionally release.
Upgrade/Update procedure
Prerequisites
· This patch requires Java 1.8. Go to the System Status Console at PORTX > System > System Health and check the 'Java Version' under the 'System Information' section.
· Ensure you have a valid V7 valid - Go to PORTX > Settings > License to verify. Contact us for additional information.
IMPORTANT: OS level Services (only for Linux deployments):
In case you're running XPLG processes as services (Linux OS systemctl, init.d, systemd, etc.) follow the below steps, if not move to STEP I below.Stop each of the XPLG instances services using systemctl/service command.
Start each instance manually ('sh /INSTALL_DIR/runXpoLog.sh start')
Proceed to upgrade procedure via GUI.
STEP I
Update Procedure main patch (via GUI)
Download the update - XPLG Update Patch (save it - do not extract).
Apply a valid XPLG 7 license (if upgrading from an earlier version - PortX > Settings > License).
Open a browser to XpoLog and go to the Updates pages (PortX > System > About), click the 'publish patch', select the zip file that was downloaded at #1 and run.
Note: if you're running a cluster, select to publish the patch to all listed nodes.XPLG will automatically deploy the update, and restart - you should see a message indicating a successful deployment once done.
Verify at PortX > System > About that the update is listed and the installed version is 7.8247
Note: if the patch is not listed or any other error is listed when verifying, please contact support@xplg.com
STEP II
Update Procedure Log4J cleanup patch (via GUI)
DO NOT PERFORM THIS STEP BEFORE COMPLETION AND VERIFICATION OF STEP I ABOVE
Download the update - XPLG Log4J Cleanup Patch (save it - do not extract).
Open a browser to XpoLog and go to the Updates pages (PortX > System > About), click the 'publish patch', select the zip file that was downloaded at #1 and run.
Note: if you're running a cluster, select to publish the patch to all listed nodes.XPLG will automatically deploy the update, and restart - you should see a message indicating a successful deployment once done.
Verify at PortX > System > About that the update is listed as:
Version: 7 | Build: 1000 | <DATE_OF_DEPLOY> | XpoLog Center 7 remove log4j Patch - February 2022 |
Note: if the patch is not listed or any other error is listed when verifying, please contact support@xplg.com
Post Update Procedure
OS level Services (only for Linux deployments):
In case you're running XPLG processes as services (Linux OS systemctl, init.d, systemd, etc.) follow the below steps.Stop each of the XPLG instances manually ('sh /INSTALL_DIR/runXpoLog.sh stop')
Start all instances services using systemctl/service command.