Apache Log4J vulnerability patch - Release blog
Hi there, eMagiz developers! As you probably have heard, a vulnerability has been discovered in the Apache Log 4j module. This vulnerability exposes applications worldwide. We analyzed our complete stack in response to this vulnerability, including our cloud and on-premise runtimes. Although there is no risk of this vulnerability on your current eMagiz runtime, we choose to upgrade the library in our runtimes. Our advice is to upgrade your runtime soonest. This blog will highlight the best migration approach given specific scenarios.
Migration Path
As you might already have seen via the notifications sent from our status page (https://status.emagiz.com), we will update our infrastructure with our upcoming release. This will lay the foundation for more infrastructural changes in our future. For specific information, please check out the notifications via our status page.
As a customer, you have the option to run your eMagiz solution within the eMagiz Cloud or your network (i.e., on-premise). Furthermore, you have the opportunity to run part of your solution in the eMagiz Cloud and part of your solution on-premise. For all these scenarios upgrading your complete environment needs a different approach. In the remainder of this blog, we will discuss the migration path for each of these scenario.
Before we dive into the various scenarios, we would like to define some general remarks:
- Make sure that your active release mimics what is currently running on an environment, as the upgrade will result in a clean slate based on the active release.
- For business-critical processes, we advise stopping these processes before executing the upgrade
- You will experience a short amount of downtime while executing this upgrade
- Each scenario has some additional specific restrictions and considerations.
1.1 Cloud Only
If your complete solution runs in the cloud, you need to upgrade to the latest cloud template suitable for your model. This will be the R13 template for double lane setups, and for single lane setups, this will be the R19 template.
Note that your Test and Acceptance environments are automatically scheduled to be upgraded after we release the templates. However, if the planned date is after this weekend, we urge you to manually change the planned date to any time during this weekend. See the section on changing the planned date of the upgrade for more information.
1.1.1 Considerations for this scenario
All data stored on EFS, such as the JMS Artemis folder, is kept. As a result, all this data is accessible again after the upgrade has been completed.
However, this does mean that any data stored on a custom folder on runtime will be deleted. So please take action accordingly by stopping these processes before upgrading the cloud template.
For single lane setups we advise to stop the core machine before migrating to the newest cloud template to ensure that the JMS will be started in the correct manner under the new cloud template. If this action is not performed beforehand a reset of the JMS runtime is required afterwards.
1.1.2 Upgrade your cloud template
To upgrade your cloud template please execute the following steps:
- Log in at my.emagiz.com
- Navigate to the eMagiz model for which you want to upgrade your cloud template.
- Navigate to the Deploy phase and open the Architecture tab
- eMagiz will show a pop-up that you can upgrade your cloud template. Please read the text carefully and select the appropriate action
- In case of a single lane you can press Apply to environment
- In case of a double lane you should first upgrade zone B and when that was successful upgrade zone A
- If you do not want to execute the update immediately but plan it, you can do that in a slightly different way. For more information on how to plan the upgrade, please see:
Cloud Management eMagiz
1.1.3 Change the planned date of an automatically scheduled upgrade
To change the date and time on which the upgrade will take place, please check out the microlearning on the subject and, in particular, the section on planned upgrade:
1.2 Hybrid (Cloud and on-premise)
In case you have a hybrid setup, you have your core machine(s) (which contains, among others, the JMS) running in the eMagiz Cloud, and you have at least one connector runtime running on-premise. This means that a two-step approach is needed to upgrade your complete model.
1.2.1 Considerations for this scenario
- All data stored on EFS, such as the JMS Artemis folder, is kept. As a result, all this data is accessible again after the upgrade has been completed.
- However, this does mean that any data stored on a custom folder on runtime will be deleted. So please act accordingly by stopping these processes before upgrading the cloud template.
- For single lane setups we advise to stop the core machine AND the connector machine before migrating to the newest cloud template to ensure that the JMS will be started in the correct manner under the new cloud template. If this action is not performed beforehand a reset of the JMS runtime is required afterwards.
- For the on-premises & Cloud runtimes you will do a clean install which also means that the H2 database, if used in your entry, is created again. To prevent data loss please stop the Entry Flows after the data is successfully processed and before new data is sent.
- For the on-premises runtimes make sure that in case you adjusted the memory previously you do the same for the new runtime.
- For the on-premises runtimes make sure that you know under which account the service is currently running and make sure the new runtime will also start under that account.
1.2.2 Cloud update
The first step of the model is to upgrade the cloud section of your solution. The steps described in the Cloud Only section 1.1 should be followed and executed. For this part, the same restrictions apply as specified in that section.
1.2.3 On-premise Update
The second part of the model is to upgrade your connector runtimes currently running on-premise. To update these runtimes, you need to execute the following steps:
- Log in at my.emagiz.com
- Navigate to the eMagiz model for which you need to update the runtime(s)
- Navigate to the Deploy phase and open the Containers tab
- Select the environment for which you want to download the runtime(s)
- Select each runtime (one by one) and download each of them (one by one) by pressing the Download button
- After you have downloaded each one of them please check out one of the following microlearning (based on your operating system) on how to update.
Deploy local runtime for for Windows
Deploy local runtime for for Windows
1.3 On-premise Only
1.3.1 Considerations for this scenario
For the on-premise runtimes you will do a clean install which also means that the H2 database, if used in your entry, is created again. To prevent data loss please stop the entries after the data is successfully processed and before new data is send.
For the on-premise JMS runtime you need to ensure that all data is processed before stopping the JMS and installing and starting the new JMS. Please make sure that you stop all entry flows so that the environment can process all remaining messages before updating the JMS server. More information below in section 13.2
For the on-premise runtimes make sure that in case you adjusted the memory previously you do the same for the new runtime.
For the on-premise runtimes make sure that you know under which account the service is currently running and make sure the new runtime will also start under that account.
1.3.2 On-premise JMS Update
There is special attention needed to upgrade the JMS on-premise. On JMS level there is an Artemis folder that holds among others certain messages that still need to be processed. To ensure that there is no data loss please make sure that all data is processed before switching over to the new runtime for your JMS. To update the JMS runtime(s), you need to execute the following steps:
- Log in at my.emagiz.com
- Navigate to the eMagiz model for which you need to update the JMS runtime(s)
- Navigate to the Deploy phase and open the Containers tab
- Select the environment for which you want to download the JMS runtime(s)
- Select each runtime (one by one) and download each of them (one by one) by pressing the Download button
- After you have downloaded each one of them please check out one of the following microlearning (based on your operating system) on how to update. Before you stop the current JMS please make sure that no data is currently being processed within your model.
Deploy local runtime for for Windows
Deploy local runtime for for Windows
1.3.3 On-premise Update
The second part of the model is to upgrade your connector runtimes currently running on-premise. To update these runtimes, you need to execute the following steps:
- Log in at my.emagiz.com
- Navigate to the eMagiz model for which you need to update the runtime(s)
- Navigate to the Deploy phase and open the Containers tab
- Select the environment for which you want to download the runtime(s)
- Select each runtime (one by one) and download each of them (one by one) by pressing the Download button
- After you have downloaded each one of them please check out one of the following microlearning (based on your operating system) on how to update.
Deploy local runtime for for Windows
Deploy local runtime for for Windows
Key takeaways
Thanks to all that help build, those who tested and gave feedback to improve the product. To end this post, here are some key takeaways for you:
- If you have questions surrounding our Program Increment Planning, please get in touch with
- If you have feedback or ideas for us, talk to the Platypus
- Please inform us of new additions to the store (productmanagement@emagiz.com) so we can all benefit from these.
- Clear your browser cache (Ctrl + Shift + Del)
- Check out the release notes [here]
- Start thinking about how the license tracker can aid your development
- Start thinking about major, minor, and patch
- Upgrade to the latest build number
- Keep making great integrations
Let's stay in touch and till next time!