Nexus Documentation
CURL vulnerability information (CVE-2023-38545) - Nexus awareness advisory on Microsoft's update KB5014754

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

This article describes the steps that must be done when upgrading from PRIME 3.6 to PRIME 3.7. The instructions cover relevant changes for standard features that can be used by configuration in PRIME Designer or configuration files. Customization changes in internal APIs etc are not included.

Prerequisites

 Prerequisites

Upgraded PRIME to 3.7, see Upgrade PRIME.

Step-by-step instructions

 Certificate Manager

When PRIME was upgraded from 3.6 to 3.7, the Certificate Manager (CM) SDK was upgraded to 7.16. The connection from PRIME 3.7 is not backwards-compatible to older CM servers below 7.15. Follow these steps if you need to downgrade the connection to CM 7.14.

  1. In both PRIME Designer and PRIME Explorer Tomcat applications, navigate to the WEB-INF/lib/ directory.
  2. The zip archive jarsForNexusCm-7.14.zip, which is part of the software delivery, contains all necessary files. Replace the following files:
    • cmcommon-7.16.1.jar > cmcommon-7.14.0.jar
    • cmsdk-7.16.1.4.jar > cmsdk-7.14.0.jar
    • common-7.16.1.jar > common-7.14.0.jar
    • csp-7.16.1.jar > csp-7.14.0.jar
  3. Add the following file:
    • log4j-1.2-api-2.10.0.jar
 Certificate templates

There are necessary updates for certificate configurations in PRIME Designer.

  1. In PRIME Designer, go to Home > Certificates.
  2. Check if the SAN_EMAIL certificate attribute is used with a comma separated list in any of the certificate templates. Comma separated attribute configurations, for example, SAN_EMAIL = "email1@domain.com, email2@domain.com" are no longer supported.
  3. If you find any comma separated lists, split them up to separate attributes, for example: SAN_EMAIL = email1@domain.com, SAN_EMAIL = email2@domain.com.
 Postlogin processes

The postlogin process can now be applied to any Authentication profile (not only the Core Object based ones), and the processes can be defined differently for each profile, for example like this: 

<util:map id="loginProcessesMapping" 
			key-type="de.vps.act.kernel.authentication.AuthProfileType">
		<entry key="INTERNAL" value="loginProcessAllAuthProfiles"/>
		<entry key="CLIENT_CERT_INTERNAL" value="loginProcessAllAuthProfiles"/>
		<entry key="SAML_SSO_CORE_OBJECT" value="loginProcess"/>
		<entry key="USER_PASSWORD_CORE_OBJECT" value="loginProcess"/>
</util:map>

The loginProcessUserName has been extracted as a separate bean to serve both PRIME Explorer and PRIME USSP configurations: 

<bean id="loginProcessUser" class="java.lang.String">
	<constructor-arg value="loginProcessUserName"/>
</bean>

The value in the constructor-arg is the actual user name that will be used when running the processes.

The postlogin processes have also been implemented for PRIME USSP.

 Activiti 5.22

Activiti Process Engine has been updated to version 5.22.0. The configuration must be uploaded again.

  1. In PRIME Explorer, go to the Admin page.
  2. Click Upload configuration and select the file with the latest configuration.
 Nexus Card SDK
Nexus PRIME 3.7 requires a new Card SDK. You need to update the corresponding clients to Card SDK Version 5.3, see Nexus Card SDK.

This article is valid from Nexus PRIME 3.7

Related information

  • No labels

Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions