Date: 2017-11-23 OS: Windows Etrack Incidents: 3933689 Errors/Problems Fixed: 3933689 - (JIRA ID: CFT-670) [DI] Update VIC to 2.1.3 to fix the KVKK / Turkey PII policy false negatives This hotfix provides fixes for following issues: 1) Update of third-party dependency (Jackson) to address vulnerability CVE-2017-15095. For more information about the vulnerability please see https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-15095 2) Incorrect matching with wildcards and proximity (custom policies only) 3) Fix for Turkey PII false negatives 4) vic_output.log file continues to grow until DataInsightVICClient service is restarted. Applies to: Data Insight Management Server, Data Insight Collector worker node (with Classification role) and Data Insight Classification Server. Install/Uninstall Instructions: Apply this hotfix to Data Insight Management Server, Data Insight Collector worker node (with Classification role) and Data Insight Classification Server. This hotfix can be applied to Data Insight version 6.1 only. FILE AFFECTED BY THIS PATCH: Windows: INSTALL_ROOT\vic\vic-service\* INSTALL_ROOT\bin\VICClient.exe INSTALL_ROOT\bin\VICClientService.exe INSTALL_ROOT\bin\VICServer.exe INSTALL_ROOT\bin\VICServerService.exe By default, value of INSTALL_ROOT on Windows is "C:\Program Files\DataInsight". Steps: Log into Data Insight Management Server, Data Insight Collector worker node (with Classification role) and Data Insight Classification Server and perform the following steps: 1. Unzip the patch files to a temporary folder. In this folder, locate the "patches" folder. This folder contains all files for help application. Example: If you unzip hotfix to C:\temp, it will create the following folder under C:\temp: C:\TEMP\ +---README +---patches +---bin +---vic-service +---DI6.1HF3.ps1 2. Start the 64-bit version of either Windows PowerShell or Windows PowerShell ISE with the "Run as administrator" option. The version of PowerShell must be 3.0 or later. You can determine the version that you are running by typing the following at the PowerShell prompt: $PSVersionTable.PSVersion If you are unable to run the script as DI6.1HF3.ps1 script is not digitally signed, type the following command to allow PowerShell to an unsigned script that was downloaded from the Internet: Set-ExecutionPolicy Unrestricted Run PowerShell script DI6.1HF3.ps1. This script does the following: a. Stops all Data Insight services. b. Installs required classification binaries. c. Copies updated classification policies to data dir. d. Brings the Data Insight services online. 3. It is strongly recommended to use PowerShell script for installation of this hotfix. However, if for some reason, it is possible to install the hotfix manually. Follow the instructions given below. 4. Stop all Data Insight services: From the command prompt, issue the following command: net stop DataInsightComm net stop DataInsightWeb net stop DataInsightConfig net stop DataInsightFpolicy net stop DataInsightFpolicyCMod net stop DataInsightCelerra net stop DataInsightWinnas net stop DataInsightGenericCollector net stop DataInsightWorkflow net stop DataInsightWatchdog net stop DataInsightVICServer net stop DataInsightVICClient 5. Install required classification binaries using following steps: For example, if you are patching Data Insight Collector worker node installed at "C:\Program Files\DataInsight" and data dir location as "C:\DataInsight\data" a. Copy and replace all the files from "patches\vic-service\" to "C:\Program Files\DataInsight\vic\vic-service\" b. Copy and replace all the files from "patches\vic-service\vic-definitions\library" to "C:\DataInsight\data\classification\vic-definitions\library" c. Copy and replace all the files from "patches\bin" to "C:\Program Files\DataInsight\bin" d. Delete following jar fils in "C:\Program Files\DataInsight\vic\vic-service\" i. vic-service-2.0.6.jar ii. vic-client-lib-2.0.6.jar e. Delete vic_output.log file in "C:\Program Files\DataInsight\log\" 6. Start Data Insight services: From the command prompt, issue the following command: net start DataInsightComm net start DataInsightWeb net start DataInsightConfig net start DataInsightFpolicy net start DataInsightFpolicyCMod net start DataInsightCelerra net start DataInsightWinnas net start DataInsightGenericCollector net start DataInsightWorkflow net start DataInsightWatchdog net start DataInsightVICServer net start DataInsightVICClient Additional Notes: 1. Apply this hotfix to Data Insight 6.1 only. 2. If a new Data Insight Classification Server or a Data Insight Collector worker node with Classification role is added, this hotfix needs to be applied.