Remediation for CVE-2021-23463
To migrate from 3.10.00
- Backup previous bastillion.h2.db data store (possibly named keybox.h2.db)
- Copy old jetty/bastillion/WEB-INF/classes/keydb folder (and it's contents) to the jetty/bastillion/WEB-INF/classes directory of the new installation.
- Copy old jetty/bastillion/WEB-INF/classes/bastillion.jceks to the /jetty/bastillion/WEB-INF/classes directory of the new installation.
- Copy old jetty/bastillion/WEB-INF/classes/BastillionConfig.properties to the /jetty/bastillion/WEB-INF/classes directory of the new installation.
- Run the bastillion-upgrade-4.00.00.jar on the database copied to the new installation
java -jar bastillion-upgrade-4.00.00.jar /opt/Bastillion-jetty/jetty/bastillion/WEB-INF/classes/BastillionConfig.properties
- Adjust settings or copy as needed for the jaas.conf, log4j2.xml, keystore, jetty-ssl.xml and jetty-http.xml