Thursday, February 16, 2006

Upgrading to Lotus Domino Release 7.0.1

This morning I upgraded our 2 servers and my workstation to Release 7.0.1 of IBM Lotus Domino and IBM Lotus Notes respectively. All went well.

The Reason for the Upgrade
Normally, I don't like to stay too close to the current version of software, but these days it's starting to look essential. My only reason for upgrading was to comply with a number of security advisories.

I've listed the security issues below. All are fixed by version 7.0.1.

Domino iNotes Client Script Insertion Vulnerabilities

Notes HTML Speed Reader Link Buffer Overflows

Notes Multiple Archive Handling Directory Traversal

Notes TAR Reader File Extraction Buffer Overflow

Notes UUE File Handling Buffer Overflow

Notes ZIP File Handling Buffer Overflow


The Upgrade Process
I received the Advisories by email yesterday and went looking for them on the IBM site. Strangely enough, this is the first time that I've ever managed to find the correct Domino downloads on the IBM site, either their delivery mechanism has improved or I'm getting better at second guessing their strange logic.



An aside - getting notified about these advisories
For a while there, I was subscribed to just about every kind of security broadcast there was. It wasn't helping much though. I've since changed my method. Now I have a Google Alert set up to look for Lotus Domino in the news and web once per day. It's fantastic. If you're not using Google Alerts, you should seriously consider using them.



So, I stopped our Domino service, and ran the upgrade. It took minutes and finished with a non-specific warning about not being able to replace a file. I rebooted the server, Notes started and then failed. I noticed it was still writing version 7.0.

I thought... oops, I might be in trouble here. On a Microsoft system, I think you'd be taking pills at this stage - but then nobody in their right mind would consider upgrading a Microsoft Exchange system with only 90 minutes to go before the workday started.

So I calmly went through the installation again and about 5 minutes later I was able to start the notes service. I let it do the database upgrades and all was well.

Another impressively easy upgrade.

No comments: