Remove or upgrade Log4j in FITS

uclibs / ucrate

Scholar@UC: University of Cincinnati's self-submission institutional repository

https://scholar.uc.edu

Other

5 stars 3 forks source link

Remove or upgrade Log4j in FITS #959

Closed hortongn closed 11 months ago

hortongn commented 2 years ago

Descriptive summary

Info Sec is requiring us to upgrade our Log4j instances to a current, safe version. FITS includes Log4j 1.x.

A new version of FITS was just released on 1/3/22 to address security issues, but they didn't upgrade FITS. https://github.com/harvard-lts/fits/releases/tag/1.5.1

We need to explore how we can remove or upgrade Log4j without breaking FITS. Keep in mind that some versions of FITS are known to not work so well with Hyrax.

scherztc commented 2 years ago

We can upgrade to version 1.15.5 to fix the log4jf vulnerability.

https://github.com/harvard-lts/fits/releases

hortongn commented 2 years ago

We should test it in our local environment and then on scholar-dev to make sure that version of FITS works well with Hyrax. Try it with all types of files and verify it is extracting the technical metadata properly. Some versions of FITS are known to not work well with Samvera.

scherztc commented 2 years ago

Sudo -i
cd /opt/fits
download from https://github.com/harvard-lts/fits/releases/download/1.5.5/fits-1.5.5.zip
unzip fits-1.5.5.zip
Overwrite ALL
chmod +x fits.sh

scherztc commented 1 year ago

There is a FITS Servlet now available that increases Hyrax performance 4x. Page Load Times with FITS Servlet : 3 Seconds Page Load Times with FITS utility : 12 Seconds Page Load Times with PostGres v Fedora : .5 Seconds I am making an issue for it. https://github.com/harvard-lts/FITSservlet

scherztc commented 11 months ago

FITS Description on DEV (1.5.5)

Height: 591 Width: 811 File Format: jpeg (JPEG File Interchange Format) File Size: 54279 Original Checksum: 123bbb19a218f846e5b41fbfd53869d7 Mime Type: image/jpeg

scherztc commented 11 months ago

FITS Description on QA (1.5.5)

Height: 591 Width: 811 File Format: jpeg (JPEG File Interchange Format) File Size: 54279 Original Checksum: 123bbb19a218f846e5b41fbfd53869d7 Mime Type: image/jpeg

scherztc commented 11 months ago

FITS Description on PROD (1.5.5)

Height: 591 Width: 811 File Format: jpeg (JPEG File Interchange Format) File Size: 54279 Original Checksum: 123bbb19a218f846e5b41fbfd53869d7 Mime Type: image/jpeg

scherztc commented 11 months ago

Closed with upgrade of FITS to version 1.5.5 on all web servers.