HENGSHI SENSE Security Vulnerability Handling FAQ
Issues Related to MinIO Low Version Vulnerabilities
CVE Numbers: CVE-2023-28432 CVE-2024-24747
Generally, if built-in components have vulnerabilities, the HENGSHI SENSE product will automatically upgrade them to a stable major version during product updates. If you wish to upgrade manually ahead of the HENGSHI SENSE product update, you can refer to this document for guidance.
The entire process involves manually replacing the old version of MinIO and copying the data from the old version to the new MinIO instance.
1. Add minio alias
Download the mc command to the system in advance mc
chmod +x mc
sudo cp mc /usr/local/bin/
# Execute mc --version to see multiple options of mc, which indicates normal operation
mc alias set old-minio http://IP:9000 hengshi hengshi202020
The following output indicates success:
Added `old-minio` successfully.
2. Copy Old Data to Local
mkdir backup-old-minio-data
mc cp --recursive old-minio/hengshi/ backup-old-minio-data/
3. Replace Minio Version
Rename the new minio.RELEASE.xxx
program to minio
and copy it to the ${HENGSHI_HOME}/lib/minio/
directory.
Note
<HENGSHI_HOME>
is your installation directory variable, not a specific path. For example, if installed under /opt/hengshi
, the full path would be /opt/hengshi/lib/minio/
.
Stop the Minio service:
/opt/hengshi/bin/hengshi-sense-bin stop minio
Rename the minio-data
directory:
cd /opt/hengshi
mv minio-data minio-data.bak
Replace Minio:
cd /opt/hengshi/lib/minio/
mv minio minio.bak
mv minio.RELEASE.2024-02-04T22-36-13Z minio
chmod +x minio
Start the Minio service:
/opt/hengshi/bin/hengshi-sense-bin start minio
# At this point, a new minio-data directory is generated, and its data is empty.
4. Copy Data to the New Minio
mc mb old-minio/hengshi # Create a new bucket
mc cp --recursive backup-old-minio-data/ old-minio/hengshi/