Document toolboxDocument toolbox

Nexus Documentation
CURL vulnerability information (CVE-2023-38545) - Nexus awareness advisory on Microsoft's update KB5014754

Log 4J vulnerability information for Digital Access

Owned by Ann Base (Deactivated)
Last updated: Dec 18, 2023 by Josefin Klang (Deactivated)
2 min read

As stated on Nexus DOC it is highly recommended to upgrade Digital Access to version 6.1.1 or later. If this is not possible, an option is presented in this article on how to patch the Digital Access images directly.

Internet access is required when fetching the Alpine image used for the tar operation. If your network is air-gapped, please contact Nexus support on how to prepare the Alpine image and how to manually upload it to the environment running the Digital Access images.



Prerequisites

It is recommended to patch all Java based Digital Access services:

  • Policy service

  • Authentication service

  • Distribution service

If you encounter problems using this patch procedure, please contact Nexus support.

Step-by-step instruction

  1. Download the file Dockerfile-patch-log4j from the Support Download portal.

  2. Place the docker file on the server running the old versions of Nexus images.



This is the syntax of the docker build command. Before you run the command, update REPLACE1 and REPLACE2, see an example in step 1 below:

docker build command syntax
docker build \ --file ./Dockerfile-patch-log4j \ --tag log4j-patch/REPLACE1 \   --build-arg SRC_IMAGE=REPLACE2

  1. Run the docker build command.

    Example: docker build command

    docker build \  --file ./Dockerfile-patch-log4j \  --tag log4j-patch/policy-service:6.0.7.73936 \  --build-arg SRC_IMAGE=nexusimages.azurecr.io/smartid-digitalaccess/policy-service:6.0.7.73936



  2. Backup the docker-compose.yml file and then change the image to, for example:
    log4j-patch/policy-service:6.0.7.73936



Restart the containers:

// In case of docker-swarm docker stack rm da //where da is the deployment stack name bash /opt/nexus/scripts/start-all.sh // to start the services // Other setups docker-compose down docker-compose up -d





If something goes wrong, revert by doing:

  1. Restore original image in the docker-compose.yml file and restart the containers.







Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions