We have identified a vulnerability

Installation Forum (Inactive)
We have identified a vulnerability ddavis14  2012-02-19 06:58
Status: Closed
 
Received alert about 11.3 vulnerability issues. Downloaded and installed current ver (19003 download which is diff. than 18991 listed on screen).
When labkey started the modules are now all 11.2. In addition the modules from existing project are all gone.
I can add modules to new projects but have not checked useability.
Finally would love for the vulnerability alert at the top of the page to go away.
Running 32 bit XP SP3. Used install w/ JRE.
Thanks,
DD
 
 
Brian Connolly responded:  2012-02-20 07:51
I am sorry that you have hit this problem.

I want to verify that the file you downloaded is named LabKey11.3-19003-Setup_includeJRE.exe. Is that correct?

One feature of the LabKey Server is that the server will periodically check if a new version is available(as you have seen) and it will also report all crashes back to LabKey (with important diagnostic information). LabKey investigates these crash reports to proactively fix any problems for the next release (you can read about these features at https://www.labkey.org/wiki/home/Documentation/page.view?name=configAdmin )

As part of the crash reports, we send back the version of the software that you are running.

From this information, I see that you are currently running 11.2 - 17257. This is same version of the LabKey Server that you were running before you upgraded to 11.3

Is it possible that you accidentally ran the LabKey Server installer for 11.2-17257 instead of 11.3-19003?

In order to fix this problem, I would like to ask you to do the following

1) Please download the LabKey11.3-19003-Setup_includeJRE.exe installer again from http://www.labkey.com/get_labkey_server.php.

2) Using the newly downloaded file, please execute LabKey11.3-19003-Setup_includeJRE.exe and perform the upgrade

This should successfully upgrade your server to the latest version of LabKey Server 11.3 (11.3-19003)

* NOTE: After double clicking on the installer executable, the very first dialog box (asking "Do you want to upgrade...") should say "LabKey Server 11.3 Setup" in the dialog header. If it says "LabKey Server 11.2 Setup", then please stop upgrade and respond on the message board. We can then jump on a web conference which will help me determine the problem and get your server upgraded.

-Brian
 
ddavis14 responded:  2012-02-20 16:44
Hi Brian,
Yes the ver. listed 19003 I checked since it was different than 18991 listed as current release. This has been changed now and they are both (icon for download and current release) pointing to 19003.

Not sure about what was installed but I ran whatever exe I downloaded.

I was def. running 11.3 prior to upgrade. I watched the add-ons/services (SAS etc) go from 11.3 to 11.2. Would your services send out notice to 11.3 not 11.2 users?

I repeated steps (1 and 2 in your response) now noting for sure install etc.

Below is error.
 Thanks,

500: Unexpected server error
A failure occurred during LabKey Server startup.


org.labkey.api.data.SqlScriptRunner$SqlScriptException: study-11.20-11.21.sql : ERROR: column "description" of relation "study" already exists
       at org.labkey.api.data.SqlScriptManager.runScript(SqlScriptManager.java:132)
       at org.labkey.api.data.SqlScriptRunner.runScripts(SqlScriptRunner.java:103)
       at org.labkey.api.module.DefaultModule.versionUpdate(DefaultModule.java:254)
       at org.labkey.api.module.ModuleUpgrader.upgrade(ModuleUpgrader.java:59)
       at org.labkey.api.module.ModuleUpgrader$1.run(ModuleUpgrader.java:75)
Caused by: org.postgresql.util.PSQLException: ERROR: column "description" of relation "study" already exists
       at org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2103)
       at org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:1836)
       at org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:257)
       at org.postgresql.jdbc2.AbstractJdbc2Statement.execute(AbstractJdbc2Statement.java:512)
       at org.postgresql.jdbc2.AbstractJdbc2Statement.executeWithFlags(AbstractJdbc2Statement.java:374)
       at org.postgresql.jdbc2.AbstractJdbc2Statement.execute(AbstractJdbc2Statement.java:366)
       at org.apache.tomcat.dbcp.dbcp.DelegatingStatement.execute(DelegatingStatement.java:264)
       at org.labkey.api.data.dialect.StatementWrapper.execute(StatementWrapper.java:979)
       at org.labkey.api.data.Table.execute(Table.java:204)
       at org.labkey.api.data.Table.execute(Table.java:428)
       at org.labkey.api.data.SqlScriptParser$Block.execute(SqlScriptParser.java:164)
       at org.labkey.api.data.SqlScriptParser.execute(SqlScriptParser.java:61)
       at org.labkey.core.dialect.PostgreSql83Dialect.runSql(PostgreSql83Dialect.java:750)
       at org.labkey.api.data.SqlScriptManager.runScript(SqlScriptManager.java:127)
       ... 4 more
 
Brian Connolly responded:  2012-02-21 12:45
I am sorry for not getting back to you immediately, but I wanted to try to reproduce the behavior, that you are seeing, here on a server in our offices.

I have been unable reproduce this behavior. Can you send me the log files from your server. These should help us understand the current state of the server and how best to get you up and working again.

If you send us the following files

- tomcat.log
- labkey.log
- labkey.log.1, labkey.log.2, labkey.log.3 and labkey.log.4 (if they exist)
- labkey-errors.log
- labkey-errors.log.1, labkey-errors.log.2, labkey-errors.log.3 and labkey-errors.log.4 (if they exist)

These files should be located in C:\Program Files (x86)\LabKey Server\apache-tomcat-5.5.33\logs or C:\Program Files\LabKey Server\apache-tomcat-5.5.33\logs

Please zip these files up and attach the zip file to your response.

Brian
 
Brian Connolly responded:  2012-02-21 14:29
Did you take a backup of your database before attempting the upgrade on Friday?

-Brian

PS: About the "18991" listed on the download page on friday. The current released version is 19003. There was mistake on the webpage. The links to the download files were correctly pointing to version 19003, the text on the top part of the page was incorrectly showing 18891.

After you reported it on Friday, I fixed the mistake, which is why it now says 19003. Thank you for reporting the problem.