How to upgrade WSO2 ESB - wso2

I'm running WSO2 ESB 4.0.3 and noticed 4.5 came out. I've tried searching but haven't been able to find anything regarding how to upgrade to the new version without breaking files I've changed. Anyone have any ideas or direct me to a document on how I can do this?
Thanks,
Jared

Unfortunately there is no "upgrade" szenario available. We installed a fresh copy of ESB 4.5 and then copied our configurations from the following directories:
lib/log4j.properties
lib/core
repository/conf
repository/components/lib
repository/resources
repository/deployment/server/synapse-configs/default
But these were the directories where we know that we made customizations. If you don't know anymore your changes from the original 4.0.3, download a fresh copy and compare with your current implementation of the ESB.
Attention: The important axis2.xml has changed a bit in its structure - so copying the file as it is will not work. Just copy the changed configuration lines in it.

For ESB specifically you need to pay attention to the followings if you have made any changes.
passthru-http.properties
synapse.properties
nhttp.properties
which were available under lib/core/WEB-INF/classes needs to be moved to repository/conf

Related

Log4j vulnerability with org.wso2.carbon.identity.application.authentication.framework

I am getting log4j-core -> 2.12.0 vulnerability with org.wso2.carbon.identity.application.authentication.framework
As per the github link - https://github.com/wso2/product-is/blob/v5.11.0/pom.xml
the compatible version for WSO2 IS v5.11 is 5.18.187
But as I checked over maven also, the specified version https://mvnrepository.com/artifact/org.wso2.carbon.identity.framework/org.wso2.carbon.identity.application.authentication.framework/5.18.187
is log4j core vulnerabilities in compile dependency https://mvnrepository.com/artifact/org.wso2.carbon.identity.framework/org.wso2.carbon.identity.testutil/5.18.187
Could you please suggest, if I should go with upgrading the version of org.wso2.carbon.identity.application.authentication.framework or should just add direct dependency for log4j-core 2.17.2
Upgrading the org.wso2.carbon.identity.application.authentication.framework would not be compatible with the other modules in the distribution and I recommend not doing so since it could lead to some breaking changes in the product features.
And upgrading the log4j-core dependency in the org.wso2.carbon.identity.application.authentication.framework to the 2.17.2 version alone would not work since there are other artifacts that were affected by the log4j vulnerability.
Since this vulnerability was identified, WSO2 has released an updated version for the product-is which you can download from their website.
The Version 5.11.0 - SERVICE PACK 01 which you can download from here would have the updated product-is v5.11.0 with the fixes for the log4j vulnerability. And it also includes bug fixes for the initial 5.11.0 release.
Hence, I recommend going with the already existing 5.11.0 - SERVICE PACK 01
instead of manually updating the affected artifacts.
Upgrading org.wso2.carbon.identity.application.authentication.framework might lead in to breaking changes and updating log4j-core dependency will not resolve the issue since there can be other components whcih are also affected by this vulnerability.
WSO2 has already identified and fixed this. I would like to recommend you to download and use the latest Identity Server version (IS 6.0.0) from the official WSO2 website or from git releases. The WSO2 team has paid special attention to fixing most of the 3rd party vulnerabilities in this release and there are so many new features available.
Updated 1:
You can follow the temporary solution specified in this doc if you don't have a paid subscription or are unable to get the latest Identity Server product (NOTE that it is a temporary fix).

WSO2 APIM: Configuration variables

(I know that this sounds as a newbie questions, but, you know, really, I don't finde the answer in docs)
In WSO2 products, and specifically in API Manager (2.1.0), we have to modify a lot of configuration files just to start.
We have seen that some configuration files (api-manager.xml, carbon.xml) use configurations variables. E.g., ${admin.username} to substitute by admin user.
We have found an old post (2016) explaining the use of configuration variables in WSO2 products
https://medium.com/#shan1024/overriding-configurations-in-wso2-products-using-deployment-properties-file-f096e96f782d
But we are not able to find the deployment.properties files referenced in that post, neither and official documentation.
Do you know if this works in APIM? Where have I to install this file?
As far as I know, deployment.yaml was introduced in Carbon kernel 5.2 onwards. But WSO2 APIM 2.x is based on Carbon kernel 4.4.X. Therefore APIM 2.x doesn't support that.
WSO2 APIM 3.X will support this feature.

Session Timeout in WSO2 4.1.1

We are using WSO2 4.1.1 for user management. Is there a way to do a session time out in WSO2 4.1.1?
(I am looking if there is a fix for this in WSO2 4.1.1. Currently, I am not looking at migrating to WSO2 4.5
where this is mentioned as a supported feature).
I am referring to the following link where it says the WSO2 4.1.1.code has been changed to handle session time out.
https://wso2.org/jira/browse/IDENTITY-1030
Are these changes available as a new version of jar compatible with the WSO2 4.1.1 version?
Thanks in advance for the help
You won't be able to get a new version of the jar and use it with the WSO2 IS 4.1.1. AFAIK, IS 4.1.1 was never released, I think you are using a build shared via dev# list.
Anyway, you can try following.
Checkout the source for the corresponding jars in WSO2 IS 4.1.1. Try to checkout from branch. For example: https://svn.wso2.org/repos/wso2/carbon/platform/branches/4.1.0/components/identity/org.wso2.carbon.identity.base/
Fix the issue and do 'mvn clean install'
Copy the target jar as a patch.
Run server with -DapplyPatches
In this way, you can try to fix this issue.
If we discover issues with any product after it has been released, you will be able to get the fix only in a newer version. Otherwise, you need to patch the existing jar versions.
I hope this helps.

Wso2 ESB don't deploy car

I am trying to remove the car of an Aplication.
I removed the .car by management console and removing the file in wso2esb-4.0.3/repository/deployment/server/carbonapps but wso2 dont put nothing in the log and dont remove the artifacts, I cant shutdown the server.
When I remove de .car and upload the file again the server dont re-deploy anything
The initial problem was that some artifacts had disapeared from management console, but the .car was deployed, a other instance of the .car are in the temp directory.
This was a known issue [1] and fixed from WSO2 ESB 4.5.0. I think its recommended to use the latest version of the product since in that case many bugs fixed and many new features are added to the product. You can find the latest distribution of WSO2 ESB 4.7.0 latest release here [2]
Hope this will help you.
[1] https://wso2.org/jira/browse/ESBJAVA-940
[2] http://wso2.com/products/enterprise-service-bus/
We had this problem too. It can also happen when you have deactivated a proxy within the web console.
Be sure all components from the specific .car file are running.
Uninstall the application (within the web-console)
Wait until all components are gone
If this is not working - you need to stop the server and remove all components (from that .car) from the file system manually. We did that a couple of times and it worked. (search for all affected components and remove them).
We finally solved the issue by upgrading to a new version of WSO2 ESB.

Websphere 6.1 jar needed for WebService annotation

I'm using WebSphere 6.1 with the EBJ3 Feature Pack installed. Does anyone know what jar I need to include in my project from the AppServer folder of my WebSphere installation in order to be able to use the #WebService annoation? I cannot seem to find it. Thanks.
You will require either:
The webservice Feature Pack for Websphere 6.1 http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg21264563
A JAXWS implementation, such the Reference Implementation http://jax-ws.java.net/
Pay attention to the order of installation of the Websphere Feature Packs
WAS_HOME/lib/j2ee.jar
Note that in WAS 7.0+, all JARs needed for development are located in WAS_HOME/dev/.
WAS_HOME/plugins/ - com.ibm.jaxws.tools_6.1.0.jar
You may also need to include com.ibm.jaxb.tools, com.ibm.ws.runtime and org.apache.axis2 jars too.