Data Republic are pleased to announce a new release of Privacy-Preserving Matching (formerly known as Senate Matching), release 1.8.2. This release is focused on upgrading the third party libraries that we use in the development of the matching tool. Some of these libraries had low-risk security concerns and this update will address those risks.
Here's what you need to know:
The Contributor Node browser interface uses a popular library called Angular (also used by Data Republic), as well as some others. From time to time these libraries announce recommended upgrades to address security issues or bugs. We've upgraded our Contributor Node UI to the latest Angular v10.
Because the Contributor Node UI typically runs behind a customer's firewall, and is only ever accessible to authorised users these potential issues are considered low-risk. Nevertheless, Data Republic recommends all current customers to upgrade to the latest Contributor Node version at their earliest convenience.
Downtime: The release is scheduled to go to production environments Monday, 19 October 2020 (Australian DST). No system downtime is expected for this release.
Here's what you need to do:
All customers are encouraged to upgrade to the new release at their earliest convenience.
To upgrade your Contributor Node, follow these steps:
1. Shutdown your current Contributor Node
To stop your currently running node, use the command contributor.sh down which will cleanly shutdown the Docker container.
$ sudo bash contributor.sh down
2. Update your start up script
Edit your version of contributor.sh to point to the latest Docker image tags. The relevant lines are given below (edit your file to match this):
export HITCH_DOCKER_IMAGE_TAG="1.8.3" # latest (Nov 2020)
export HITCH_UI_DOCKER_IMAGE_TAG="1.8.3" # latest (Nov 2020)
3. Restart your Contributor Node
Start your Contributor Node with the contributor.sh up command. The script will download the latest version of the node software from our repository. Your data will be preserved during the update. The "-d" option starts the Docker containers in the background. Depending on your local environment, you may or may not need to run as sudo.
$ sudo bash contributor.sh up -d
Do I HAVE to update?
Customers on 1.7.0 or higher do not need to upgrade, although we encourage it to reduce the risk of support issues.
Customers on 1.6 or earlier must upgrade. The token format changed in 1.6, and Data Republic will no longer understand how to perform token masking on the old decimal-encoded tokens. You will not be able to load match results into a Workspace until your tokens are in 1.6 (hexadecimal) format.
Where do I get contributor.sh from?
Use your previously distributed version. Contact Customer Success if there are any issues.
How do I know what version I am running?
Use your browser to visit your Contributor Node UI. You do not need to log in. Check the bottom of the web page:
- If you see a message starting "Version" (e.g. "Version 1.6.0 (build g13b5da0)") then this is the current version of your Contributor Node.
- If you only see a copyright message, then you are running version 1.5.0 or earlier and must update.
What security / testing / review checks have been performed on this release?
- QA performed a full regression test and tested the performance of token databases containing up to 20M records. Recommended max database size is 10M rows per database.
- Static code analysis (Gosec) scanned all files and found 0 errors or warnings.
- All code is peer-reviewed in a "pull request" by at least one other developer before it is accepted onto the release branch.
- All (automated) unit tests passed.
- All (automated) integration tests passed.