Upgrade Legacy Registry Tools and Services to Fix Vulnerability

NASA-PDS / software-issues-repo

Issue tracking repository as a centralized entry point for general PDS software bugs and feature requests.

Apache License 2.0

0 stars 0 forks source link

Upgrade Legacy Registry Tools and Services to Fix Vulnerability #80

Closed jordanpadams closed 4 months ago

jordanpadams commented 9 months ago

💡 Description

Vulnerability identified on operational services. Need to fix and upgrade:

For PDS4 data

Services impacted

Harvest Legacy - https://github.com/NASA-PDS/harvest-legacy
Registry / Search Service - https://github.com/NASA-PDS/registry-mgr-legacy

For PDS3 data

Catalog Tool
- Storage Service
- Product Service

Indirectly related downstream:

Keyword Search
DS View

Sub-tasks

nutjob4life commented 9 months ago

Related: this pull request

jordanpadams commented 9 months ago

📆 September status: Work is underway with final implementation and testing completing this sprint, and deployment planned for next sprint.

nutjob4life commented 9 months ago

Related: this pull request

jordanpadams commented 8 months ago

Status: @nutjob4life working on tagging and releasing these with roundup

nutjob4life commented 8 months ago

Related: this pull request (yes, there are more and more of these!)

jordanpadams commented 7 months ago

📆 October status: Implementation completed. Running into bugs testing on staging machines, but still on schedule for production deployment at end of sprint.

jordanpadams commented 6 months ago

📆 November status: Deployment delayed 1 sprint due to permissions issues. Expected completion in January. This is an operations task so no impact on overall system delivery.

jordanpadams commented 5 months ago

📆 December status: Testing in progress. This is an operations task so no impact on overall system delivery.

jordanpadams commented 4 months ago

📆 01/2024 status: delayed due to IT Security concerns needing to be addressed. https://github.com/NASA-PDS/search-ui-legacy/issues/5 is pending. no impact on delivery,

tloubrieu-jpl commented 4 months ago

Waiting for response of the SAs (DSIO-4952)

jordanpadams commented 4 months ago

Unblocked by SSL issue we were seeing in Tomcat. New DSIO-5364 ticket created to update reverse proxies to connect with UI.

nutjob4life commented 4 months ago

Jordan also fixed a quick bug and is working next on getting reverse-proxies set up to test with UI.

jordanpadams commented 4 months ago

I think this is actually finally done! only catch is search-ui-legacy release is failing for some reason, but I think that is an issue with GitHub, and I just built and tagged locally for now. https://github.com/NASA-PDS/search-ui-legacy/actions/runs/8013573311

But here is what the keyword search now looks like hooked up to search-ui-legacy:

jordanpadams commented 4 months ago

NOTE: Looks like there is no PDS3 data. so we need to reload all of that.