HENGSHI SENSE Security Vulnerability FAQ

Issues Related to Handling Vulnerabilities in Lower Versions of MinIO

The default installed version of MinIO in HENGSHI is "2022-02-18T01-50-10Z"

CVE Numbers: CVE-2023-28432 CVE-2024-24747

Generally, if there are vulnerabilities in the built-in components, the main HENGSHI program will automatically upgrade them to a stable major version during its upgrade. If you do not plan to upgrade soon or do not want to wait for the next version of HENGSHI, you can refer to this document for manual upgrades.

The entire process involves manually replacing the old version of MinIO and copying the old version's data to the new MinIO instance.

1. Add minio alias

Download the mc command to the system in advance mc

chmod +x mc
sudo cp mc /usr/local/bin/
# Execute mc --version to see multiple options of mc, which indicates normal operation

mc alias set old-minio http://IP:9000 hengshi hengshi202020

Consider it successful if the following content is returned

Added `old-minio` successfully.

2. Copy Old Data to Local

mkdir backup-old-minio-data
mc cp --recursive old-minio/hengshi/ backup-old-minio-data/

3. Replace minio version

Download minio.RELEASE.2024-02-04T22-36-13Z to the <HENGSHI_HOME>/lib/minio/ directory.

Tip

<HENGSHI_HOME> is your installation directory variable, not a specific path. For example, if installed under /opt/hengshi, the full path would be /opt/hengshi/lib/minio/.

Stop the minio service

/opt/hengshi/bin/hengshi-sense-bin stop minio

Rename minio-data

cd /opt/hengshi
mv minio-data minio-data.bak

Replace minio

cd /opt/hengshi/lib/minio/
mv minio minio.bak
mv minio.RELEASE.2024-02-04T22-36-13Z minio
chmod +x minio

Start the minio service

/opt/hengshi/bin/hengshi-sense-bin start minio
# At this point, a new minio-data directory is generated, and the data inside is empty.

4. Copy data to the new MinIO

mc mb old-minio/hengshi # Create a new bucket
mc cp --recursive backup-old-minio-data/ old-minio/hengshi/