BlueMind 4.5.x-5.0.x security vulnerability: how to proceed

deav · June 18, 2024, 2:41pm

A major security vulnerability affects all versions of BlueMind, from 4.5.x to 5.0, i.e. :

4.5.x
4.6.x
4.7.x
4.8.x
4.9.x
5.0.x

This vulnerability has been corrected in the latest releases (4.9.19 and 5.0.3). In the absence of an update, it is possible to correct the vulnerability by applying a patch and restarting the core.

It is imperative to perform these operations as soon as possible.

Fixing the vulnerability

Procedure for versions 4.5 to 5.0

Download the jar corresponding to your version and save it on the server concerned (bm-core) in the “/root” directory.

net.bluemind.common.cache.persistence-4.1.0-SNAPSHOT-for4.5.jar (sha256sum: c63f32a064ef4f9b965e8e1fd44724fd36a47985664b5a1fd9deeb65ea73fbcf)
net.bluemind.common.cache.persistence-4.1.0-SNAPSHOT-for4.6.jar (sha256sum: a1185cef003ac3087e000988fdee4eef70eddfda3f0581b2977e75c34ae1ef35)
net.bluemind.common.cache.persistence-4.1.0-SNAPSHOT-for4.7.jar (sha256sum: a4a859c651d28355f8c8e2b487854e4597e955fdb365ef152d078c15bbf02e19)
net.bluemind.common.cache.persistence-4.1.0-SNAPSHOT-for4.8.jar (sha256sum: 53a37a169ac25e9d5848669935264e691c2ee29d4295a3b75c75a2f2deb5c665)
net.bluemind.common.cache.persistence-4.1.0-SNAPSHOT-for4.9.jar (sha256sum: 1dab80e915a5bf82e44f2aa25c022bf76d1261614232127b6057ba30064857ce)
net.bluemind.common.cache.persistence-5.0.0-SNAPSHOT-for5.0.jar (sha256sum: 1dab80e915a5bf82e44f2aa25c022bf76d1261614232127b6057ba30064857ce)

Run the script corresponding to your version

script_correctif_apikey_v4.5.sh (sha256sum: 9949916791b9e40dad51a42fbdb6b84fa7921c7a928a7fdb8c1da22fee66855c)
script_correctif_apikey_v4.6.sh (sha256sum: 8d6dc09960aedfe32ddefd4d7632dba72cf0b66e40c16ac958611e9b9c06d8bd)
script_correctif_apikey_v4.7.sh (sha256sum: be0a8934e56f6474b02a8d65f25694470c4fadfbc69ac60e3426a5076f17a366)
script_correctif_apikey_v4.8.sh (sha256sum: f66b15ccb98faee7b46724de17e070c02e830e27de7f8a52d81759c3c6ed23f5)
script_correctif_apikey_v4.9.sh (sha256sum: d1012246779a7e6000f2d03f3941fd221c30421b11858aa9c392244966e43be4)
script_correctif_apikey_v5.0.sh (sha256sum: 03a6f24423a2cce6773eea10adfa3fda97951c80821692adfbcd3a371feea5c4)

Save the script in the “/root” directory on the same server and run it as root.

Planned or future updates

Only BlueMind versions >= 4.9.19 and >= 5.0.3 have the patch integrated: if you update to another version, you’ll need to re-apply this same procedure.