- 23 Apr 2024
- 4 Minutes to read
- Print
- DarkLight
- PDF
Pharos Blueprint 5.3 - Update 7 Security Patch Release Notes
- Updated on 23 Apr 2024
- 4 Minutes to read
- Print
- DarkLight
- PDF
Note: This update can only be applied to existing installations of Blueprint 5.3 Update 7 Analyst or Collector.
Blueprint 5.3 Update 7 Security Patch includes a security update to address a known security issue and must be applied to the Analyst and all Collectors. Please note:
This update will upgrade your Pharos API from version 5.4.1.61 to 5.4.2.1
This update requires MobilePrint version 2.5.0 or later (if used). Refer to the MobilePrint section below for more information.
Site Security Utility. A new utility is available to use with 5.4.2.1 or later Print Center/Pharos API. This optional but recommended tool adds further protection to credentials used by the Pharos API for communication between Pharos API instances and for MobilePrint communication with Pharos API. The tool and instructions are in the \Integrations\SiteSecurityUtility folder of the BP 5.3 Update 7 Security Patch download.
How to apply this Update
Warning: Blocked Files Depending on how this update or its files were copied to the target machine, some of the files may have been 'blocked' by Windows. Trying to update a Blueprint component with a blocked file will most likely prevent that component from working correctly. To check whether a file is blocked and/or unblock it, right-click the file in Windows Explorer and select 'Properties'. |
Warning: In use Files Under some conditions, the upgrader may be unable to replace files because they are in use. If this happens,
|
Updating Analyst or Collector
Installation Steps
If updating Analyst, make sure you have an up to date backup of the psbprint database.
Close the Window's Printers window (if it is open). Close any Pharos applications (e.g. Troubleshooter, Blueprint Administrator) that are open.
Note: you do not need to stop the Pharos Services. The update installer will do this automatically.Open an elevated Windows command prompt and run Patcher.exefrom the command line. No additional parameters are necessary.
The update installer does not create a log file. It is recommended that you run DebugView (http://technet.microsoft.com/en-us/sysinternals/bb896647) to capture the output of the installer. This output will include error messages if the installer fails.
Also, the existing Blueprint files will be backed up to BP53 in the Temp directory, before they're replaced with the updated versions.
If the update installer fails, you can correct the cause of the error and run Patcher.exe again.
At completion, the Patcher may automatically force a restart. Follow the remaining instructions after the restart.
To log the installation of MSI files associated with the update, edit <MsiLogFileDirectory> in the Patcher.xml file with a folder path.
If Site Monitor with a lite license is installed and the logged on user does not have permissions to remove the Site Monitor database, the DbAdminUser and EncryptedDbAdminPasswordelements can be populated in the patcher.xml to allow full uninstallation of Site Monitor.
Open an elevated command prompt and type in patcher /encrypt:MySecretPassword to retrieve the encrypted version of the Db Admin Password.
On Analyst, open the Blueprint Analyst, go to Reporting -> Publications and click on "Publish to Data Warehouse" on the toolbar.
Automated Server Deployment
Customers with a large number of Blueprint Servers may want to deploy this update using an automated software deployment tool (e.g. IBM's Tivoli).
To help with this process, the Patcher can be configured to send an e-mail at the end of the patching process indicating the patching attempt's success or failure. The configuration is held in the file Patcher.xml. Modify the file as follows:
Change the <automated> element from "false" to "true".
Set "to" to the e-mail address you want the notification sent to.
Set "from" to the e-mail address you want the notification to claim it was sent from.
Set smtpServerHost to the FQDN of the mail server.
Leave smtpServerPort alone, unless the mail server is using a non-standard port. Or you want the communication encrypted using SSL.
If the mail server and its Host are configured to support SSL, you can change useSSL to "true" and smtpServerPort to the SSL port (usually 465).
Set smtpUserName and smtpPassword to the user and password needed to use the mail server.
If you do not want to put an unencrypted password in the Patcher.xml file, you can put the password as encrypted text into smtpEncryptedPassword. You can encrypt the password by calling Patcher.exe from the command line with the flag "/encrypt:". e.g. Assume your mail server's password is "MySecretPassword".
Open an elevated command prompt and type in patcher /encrypt:MySecretPassword
Patcher.exe will return EncryptedPassword:L9EMZX9r1CkvI8rNybP/dikf09zwBPLMfl6OMk7/nXOCgZQpaePQDoGDULN3eAbe"
Set smtpEncryptedPassword="L9EMZX9r1CkvI8rNybP/dikf09zwBPLMfl6OMk7/nXOCgZQpaePQDoGDULN3eAbe"
If your deployment tool will run the patcher under an account that has permission to send e-mails, then you can set useDefaultCredentials to "true" and leave smtpUserName, smtpEncryptedPassword and smtpPassword blank.
Integrations
MobilePrint
The MobilePrint application has been updated to work with the updated security measures implemented in the Print Center. Ensure that your MobilePrint is updated to version 2.5.0 (if used).
MobilePrint won't be able to retrieve changes to its configuration until it is updated because it won't be able to establish communication with the Pharos API. Failing to update to the latest version might also lead to a situation where multiple logon requests are generated by MobilePrint. These logon requests do not present a substantial risk. Standard MobilePrint operations, such as file uploads and print release will continue to work.