• Register
    • Login
    • Search
    • Recent
    • Tags
    • Popular
    1. Home
    2. mumcs01

    Please Note This forum exists for community support for the Mango product family and the Radix IoT Platform. Although Radix IoT employees participate in this forum from time to time, there is no guarantee of a response to anything posted here, nor can Radix IoT, LLC guarantee the accuracy of any information expressed or conveyed. Specific project questions from customers with active support contracts are asked to send requests to support@radixiot.com.

    Radix IoT Website Mango 3 Documentation Website Mango 4 Documentation Website
    • Profile
    • Following 0
    • Followers 0
    • Topics 4
    • Posts 9
    • Best 5
    • Controversial 0
    • Groups 1

    mumcs01

    @mumcs01

    Chief Product Officer, Radix IoT, LLC.
    5
    Reputation
    32
    Profile views
    9
    Posts
    0
    Followers
    0
    Following
    Joined Last Online
    Website www.radixiot.com Location Chicago, IL
    mumcs01 Unfollow Follow
    administrators

    Best posts made by mumcs01

    • Apache CVE-2021-44228 log4j Remote Code Execution Vulnerability Resolution

      On December 9th, 2021, an exploit was discovered in the widely used Apache Log4j logging libraries. This bug exposes a class of security vulnerability known as a Remote Code Execution Vulnerability. This package is widely used in Java-based enterprise applications and cloud services across verticals and institutions worldwide. Mango also uses this package.

      Following the publication of this information by Apache, Radix has produced two high-priority security updates:
      • 4.2.4 which is an update to the 4.2 series of Mango.
      • 3.7.9 is an update to the legacy 3.7 series of Mango.

      All customers, specifically those with public IP-facing connections, should immediately upgrade to mitigate the risk of this exploit.

      For customers that are unable for technical reasons to upgrade to these newest versions, the is a manual alternative that can be followed below depending on your version.

      Further public information can be found on this exploit here: https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/apache-releases-log4j-version-2150-address-critical-rce

      Version: Mango 4.0+

      Linux Environments

      If you are starting Mango via start-mango.sh or our supplied systemd mango.service file:

      • If you do not have start-options.sh in your data directory:
        • Copy start-options.sh from Mango installation directory to your data directory
        • Edit start-options.sh and add the following line:
      MA_JAVA_OPTS="$MA_JAVA_OPTS -Dlog4j2.formatMsgNoLookups=true"
      • Restart Mango

      Verify that Mango loaded your start-options.sh file and the java process was started with the -Dlog4j2.formatMsgNoLookups=true option:

      ps aux | grep java

      If you are not using Mango's supplied start-mango.sh or mango.service file to start Mango:

      • Set the Java system property log4j2.formatMsgNoLookups=true (This is done by providing the following argument to java -Dlog4j2.formatMsgNoLookups=true)
      • Restart Mango

      Windows Environments

      • Ensure the java property log4j2.formatMsgNoLookups is set to true. This is done by adding -Dlog4j2.formatMsgNoLookups=true to the Java command that starts Mango.
      • Restart Mango

      Version: Mango 3.6-3.7

      Linux Environments
      The fix is dependent on how Mango is being started. By default Mango will use the ma.sh start command, if you are using this command:

      • Add an extension to the bin/ext-enabled folder that is an executable file with this content:
      #!/bin/bash

case "$1" in

    init)

    #Disable lookups during message formatting

  JAVAOPTS="$JAVAOPTS -Dlog4j2.formatMsgNoLookups=true"

        ;;

esac
      • Restart Mango

      Windows Environments

      • Ensure the java property log4j2.formatMsgNoLookups is set to true. This is done by adding -Dlog4j2.formatMsgNoLookups=true to the Java command that starts Mango.
      • Restart Mango

      If you have questions please contact Radix IOT customer support at support@radixiot.com

      posted in Mango General
      mumcs01
      mumcs01
    • RE: Pricing Link Broken

      Hi Everyone. As promised we have added Series 4 pricing to the radixiot.com website. You can find it under Products / Pricing. At this point, it is a direct PDF, but as we have eluded to we have a 100% new website coming out hopefully in the next month that merges all of the other websites into one resource, and this will include an interactive pricing page.

      You can also directly link to the pricing here:
      https://radixiot.com/wp-content/uploads/2021/10/mango_v12.0_pricing_guide-FINALa.pdf

      posted in User help
      mumcs01
      mumcs01
    • Upgrade Server Location Changing

      With the release of Mango Series 4, we have a new upgrade system we are launching! In the next several weeks Mango v4 users will be offered an upgrade through the standard upgrade process to upgrade to v4.2. (A future newsletter and post here will provide more info). So long as you perform this upgrade by November 15th your system will receive notifications and be able to access the upgrade server into the future without any problems.

      For users that are still on Mango 3, or for those customers in series 4 that choose to not upgrade by November 15th, you will need to change the location of where Mango looks for updates to this new update location. You only need to do this once on your Mango system, and from there on out, you’ll get upgrade notifications into the future.

      Information on how to do this can be found at https://docs-v4.mango-os.com/updating-the-mango-store-path. Have any questions? Feel free to drop a note in the forum or you can reach out to support@radixiot.com”

      Remember, so long as you upgrade when 4.2 comes out - before 11/15 all of this will be automatic.

      posted in Announcements
      mumcs01
      mumcs01
    • RE: Apache CVE-2021-44228 log4j Remote Code Execution Vulnerability Resolution

      Additionally, the following test can be performed at a command prompt to test if the instance of Mango is vulnerable:

      Execute the following:

      curl "https://mango.example.com:8443/$\{java:runtime\}" --data ""

      Following this, Check the ma.log file or stdout

      If the instance is vulnerable you will see the following:

      WARN  2021-12-10T15:50:05,553 (com.serotonin.m2m2.web.mvc.spring.security.MangoAccessDeniedHandler.handle:65)[MangoAccessDeniedHandler] - Access denied to resource '/OpenJDK Runtime Environment (build 17+35-LTS) from Azul Systems, Inc.', for user '', IP address '127.0.0.1'

      If the instance is already patched and not vulnerable you will be the following:

      WARN  2021-12-10T15:53:31,895 (com.serotonin.m2m2.web.mvc.spring.security.MangoAccessDeniedHandler.handle:65)[MangoAccessDeniedHandler] - Access denied to resource '/${java:runtime}', for user '', IP address '127.0.0.1'
      posted in Mango General
      mumcs01
      mumcs01
    • Love Mango? Drop us a Note!

      Do you have a passion for Mango and have some free time on your hands, or are you looking for a place to use your Mango skills to grow your career? We are interested in talking if you do!!! Radix IoT, LLC is looking for folk with a background in Mango from all skill sets and backgrounds. We are actively looking in our community for people that love the art of Mango and speak our fun (and sometimes nerdy) language of automation and IoT.

      We offer highly flexible full-time, part-time, and even project-based opportunities for anyone with a good foundation in Mango. From Java developers to graphic designers that understand the Mango relationship of HTML5 and Angular to individuals who understand how to design and architect monitoring and management solutions. Please drop us a note! All conversations are confidential, and your location doesn't matter! We LOVE remote team members (ask any of us, even me).

      We would love to hear from you! Send us a note at: hr@radixiot.com

      Radix_round_sticker_OL--1-01.png

      posted in Announcements
      mumcs01
      mumcs01

    Latest posts made by mumcs01

    • NoSQL bug found in version 4.4.1. Please upgrade to 4.4.2!

      A critical error was found on the newly released v4.4.1 Mango NoSQL Database module released 1/23/23. This release has been disabled and is no longer available for download from any of the Mango download locations.

      Few people downloaded this version given the short period it was released, however, if you did download and install this it is recommended you upgrade to version 4.4.2, which will be released by the end of the day today.

      Description of the issue:
      There is a potential data loss in the Mango NoSQL Database v4.4.1 module, however, this is related only to exceptionally large samples of data.

      Resolution:
      Update to version 4.4.2

      posted in Announcements
      mumcs01
      mumcs01
    • RE: License questions

      Hi @gimmick. Thanks for using Mango.

      Drop me a note in email. I'd like to know a bit more about your project, and I'm positive we can work something out for.

      You can find me at michael.skurla@radixiot.com

      posted in Mango General
      mumcs01
      mumcs01
    • RE: Apache CVE-2021-44228 log4j Remote Code Execution Vulnerability Resolution

      Additionally, the following test can be performed at a command prompt to test if the instance of Mango is vulnerable:

      Execute the following:

      curl "https://mango.example.com:8443/$\{java:runtime\}" --data ""

      Following this, Check the ma.log file or stdout

      If the instance is vulnerable you will see the following:

      WARN  2021-12-10T15:50:05,553 (com.serotonin.m2m2.web.mvc.spring.security.MangoAccessDeniedHandler.handle:65)[MangoAccessDeniedHandler] - Access denied to resource '/OpenJDK Runtime Environment (build 17+35-LTS) from Azul Systems, Inc.', for user '', IP address '127.0.0.1'

      If the instance is already patched and not vulnerable you will be the following:

      WARN  2021-12-10T15:53:31,895 (com.serotonin.m2m2.web.mvc.spring.security.MangoAccessDeniedHandler.handle:65)[MangoAccessDeniedHandler] - Access denied to resource '/${java:runtime}', for user '', IP address '127.0.0.1'
      posted in Mango General
      mumcs01
      mumcs01
    • RE: CVE-2021-44228 log4j Remote Code Execution Vulnerability

      Thanks for the note! It's been a top priority today, and we are happy to have a resolution for everyone as of an hour ago. This vulnerability is going to be a pretty big deal for lots of software out in the wild, and we are super pleased we were able to get a fix out, and roll both 3.7 and 4.2 updates pretty much in hours for everyone.

      Please see the info here: https://forum.mango-os.com/topic/5404/apache-cve-2021-44228-log4j-remote-code-execution-vulnerability-resolution

      Have a wonderful weekend!
      MIke.

      posted in Mango General
      mumcs01
      mumcs01
    • Apache CVE-2021-44228 log4j Remote Code Execution Vulnerability Resolution

      On December 9th, 2021, an exploit was discovered in the widely used Apache Log4j logging libraries. This bug exposes a class of security vulnerability known as a Remote Code Execution Vulnerability. This package is widely used in Java-based enterprise applications and cloud services across verticals and institutions worldwide. Mango also uses this package.

      Following the publication of this information by Apache, Radix has produced two high-priority security updates:
      • 4.2.4 which is an update to the 4.2 series of Mango.
      • 3.7.9 is an update to the legacy 3.7 series of Mango.

      All customers, specifically those with public IP-facing connections, should immediately upgrade to mitigate the risk of this exploit.

      For customers that are unable for technical reasons to upgrade to these newest versions, the is a manual alternative that can be followed below depending on your version.

      Further public information can be found on this exploit here: https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/apache-releases-log4j-version-2150-address-critical-rce

      Version: Mango 4.0+

      Linux Environments

      If you are starting Mango via start-mango.sh or our supplied systemd mango.service file:

      • If you do not have start-options.sh in your data directory:
        • Copy start-options.sh from Mango installation directory to your data directory
        • Edit start-options.sh and add the following line:
      MA_JAVA_OPTS="$MA_JAVA_OPTS -Dlog4j2.formatMsgNoLookups=true"
      • Restart Mango

      Verify that Mango loaded your start-options.sh file and the java process was started with the -Dlog4j2.formatMsgNoLookups=true option:

      ps aux | grep java

      If you are not using Mango's supplied start-mango.sh or mango.service file to start Mango:

      • Set the Java system property log4j2.formatMsgNoLookups=true (This is done by providing the following argument to java -Dlog4j2.formatMsgNoLookups=true)
      • Restart Mango

      Windows Environments

      • Ensure the java property log4j2.formatMsgNoLookups is set to true. This is done by adding -Dlog4j2.formatMsgNoLookups=true to the Java command that starts Mango.
      • Restart Mango

      Version: Mango 3.6-3.7

      Linux Environments
      The fix is dependent on how Mango is being started. By default Mango will use the ma.sh start command, if you are using this command:

      • Add an extension to the bin/ext-enabled folder that is an executable file with this content:
      #!/bin/bash

case "$1" in

    init)

    #Disable lookups during message formatting

  JAVAOPTS="$JAVAOPTS -Dlog4j2.formatMsgNoLookups=true"

        ;;

esac
      • Restart Mango

      Windows Environments

      • Ensure the java property log4j2.formatMsgNoLookups is set to true. This is done by adding -Dlog4j2.formatMsgNoLookups=true to the Java command that starts Mango.
      • Restart Mango

      If you have questions please contact Radix IOT customer support at support@radixiot.com

      posted in Mango General
      mumcs01
      mumcs01
    • RE: Pricing Link Broken

      Hi Everyone. As promised we have added Series 4 pricing to the radixiot.com website. You can find it under Products / Pricing. At this point, it is a direct PDF, but as we have eluded to we have a 100% new website coming out hopefully in the next month that merges all of the other websites into one resource, and this will include an interactive pricing page.

      You can also directly link to the pricing here:
      https://radixiot.com/wp-content/uploads/2021/10/mango_v12.0_pricing_guide-FINALa.pdf

      posted in User help
      mumcs01
      mumcs01
    • RE: Pricing Link Broken

      Hey all! Sorry for the delay. So we have new Mango Series 4 pricing coming out this week and will be publishing it. Given all of the changes, we are following a much more simple approach that I think people will find easier to deal with. It also offers a much more streamlined approach to hosting for customers that want a managed hosting instance of Mango.

      This will be up and out by mid-next week and will be linked to the radixiot.com website. I will respond to this thread with the link when it's out.

      If you need immediate pricing (Like in the next few days), please drop us a note at sales@radixiot.com and we will get back to you quickly.

      More to come very soon! and as always thanks for your support!

      posted in User help
      mumcs01
      mumcs01
    • Love Mango? Drop us a Note!

      Do you have a passion for Mango and have some free time on your hands, or are you looking for a place to use your Mango skills to grow your career? We are interested in talking if you do!!! Radix IoT, LLC is looking for folk with a background in Mango from all skill sets and backgrounds. We are actively looking in our community for people that love the art of Mango and speak our fun (and sometimes nerdy) language of automation and IoT.

      We offer highly flexible full-time, part-time, and even project-based opportunities for anyone with a good foundation in Mango. From Java developers to graphic designers that understand the Mango relationship of HTML5 and Angular to individuals who understand how to design and architect monitoring and management solutions. Please drop us a note! All conversations are confidential, and your location doesn't matter! We LOVE remote team members (ask any of us, even me).

      We would love to hear from you! Send us a note at: hr@radixiot.com

      Radix_round_sticker_OL--1-01.png

      posted in Announcements
      mumcs01
      mumcs01
    • Upgrade Server Location Changing

      With the release of Mango Series 4, we have a new upgrade system we are launching! In the next several weeks Mango v4 users will be offered an upgrade through the standard upgrade process to upgrade to v4.2. (A future newsletter and post here will provide more info). So long as you perform this upgrade by November 15th your system will receive notifications and be able to access the upgrade server into the future without any problems.

      For users that are still on Mango 3, or for those customers in series 4 that choose to not upgrade by November 15th, you will need to change the location of where Mango looks for updates to this new update location. You only need to do this once on your Mango system, and from there on out, you’ll get upgrade notifications into the future.

      Information on how to do this can be found at https://docs-v4.mango-os.com/updating-the-mango-store-path. Have any questions? Feel free to drop a note in the forum or you can reach out to support@radixiot.com”

      Remember, so long as you upgrade when 4.2 comes out - before 11/15 all of this will be automatic.

      posted in Announcements
      mumcs01
      mumcs01