Skip to content

Create security patch delivery

Security patches are included in each delivery from Build Place, so no additional Middle Tier patching is typically required. However, if no deliveries have been applied for a long time, it's recommended to apply the latest patches to maintain system security. In urgent cases, IFS will communicate which patches and versions need to be applied. If a critical vulnerability is discovered, an out-of-band delivery of Middle Tier containers may be necessary.

If possible create an "empty" build place delivery with no db modifications and apply it with normal procedures. The Middle Tier containers can also be security patched without a delivery from the Build Place. Then a local delivery can be created manually i.e. copy the necessary parts to construct a delivery from a previous delivery, and update it to include latest security patches (latest middle tier containers and helm chart).

Follow these steps to manually create a delivery with latest security patches:

  • Check if the installed Middle Tier is an older version than the latest release by IFS. The Middle Tier (Framework service update) version can be found in the IFS Client, in account settings for the user or else in the global.helmChartVersion from the latest delivery log.
  • Create a new delivery folder. Have an earlier delivery available. Make a new delivery by copying installer and installerupdater folders from the earlier delivery into the new delivery.
  • Download the latest installer that holds references to the patched containers using the ifsinstallerupdater.
  • Verify in the updater log that the new Middle Tier version was downloaded.
  • Deploy the new Middle Tier containers using the newly downloaded ifsinstaller.
  • Verify in the installer log that the new Middle Tier version is applied.
Example on a windows server:
    cmd> mkdir c:\temp\hotfix-delivery-SU12
    cmd> xcopy c:\temp\previous_delivery\ifsinstaller c:\temp\hotfix-delivery-SU12\ifsinstaller /e /i
    cmd> xcopy c:\temp\previous_delivery\ifsinstallerupdater c:\temp\hotfix-delivery-SU12\ifsinstallerupdater /e /i
    cmd> cd c:\temp\hotfix-delivery-SU12\ifsinstallerupdater
    cmd> .\ifsinstallerupdater.cmd --set helmRepo=https://ifscloud.jfrog.io/artifactory/helm --set helmUser=ale-123 --set helmPwd=xyz
         (read the console that the downloaded version correspond to the by IFS communitacted version )

More info on IFS Cloud Installer Updater

NOTE: In air-gapped environments the creation of a security patch delivery need to be performed on a server with internet access. The delivery is then moved to the secure network. The new patched middle tier images also need to be moved to the air-gapped local repository using the download.sh tool with the new version referred to in the version.yaml in the delivery. Read more about Air gap considerations