Update for CVE-2018-19276: 2019-02-04?

Tags: #<Tag:0x00007fe6db6ac330>

Hi All,

Following the alert that there’s a critical vulnerability in the REST Web Services module of OpenMRS, I was wondering whether there are any instructions for Bahmni admins to upgrade their deployments to patch the vulnerability?

Is it as simple as downloading a newer OMOD file from the OpenMRS add-ons page and installing it into OpenMRS? Will there be a new update for Bahmni and EndTB to patch this issue? If so, when should we expect the patch to be released?

Thanks so much!

We are looking at the compatibility aspects. If APIs (external and internal) are not effected, and dependencies (e.g. EMR API) then yes - its a matter of replacing the module. Request you to try this out (in a safe environment) as well, and please report (direct msg) to @angshuonline, @mksd, @binduak.

Also, for reporting any security vulnerability, please do not use public forum and mail to security[at the rate]bahmni[dot]org

As of now, with our testing, we have not come across any compatibility issues. Our https://demo-us.mybahmni.org site has been upgraded with 2.24 version of Webservices REST. Please consider updating the module. This would be particularly be important for cloud hosted instances of Bahmni.

2 Likes

We have upgraded Webservices REST to 2.24.0 in few of our implementations having Bahmni core versions 0.89, 0.90, 0.92. We tested our implementations and haven’t come across any compatibility issues.

3 Likes