© 2025 The Descartes Systems Group, Inc. | All rights reserved. Disclaimer: images and contents of the site are for communication purposes. Any copyrights and proprietary information belongs to the respective owners.
Security Patch - 01 - 2025
- Why is this patch being released?
This patch addresses critical security vulnerabilities identified in the Struts2 framework and file upload functionalities within the software. These vulnerabilities could be exploited to compromise your system.
- What risks are associated with these vulnerabilities
Exploiting these vulnerabilities could result in unauthorized access, data leakage, or other malicious activity that may disrupt your operations or compromise sensitive information.
- Who is affected by these vulnerabilities?
All users of software version 2024.V.90.12.12 (Rev 222795) or earlier (2024, 2023, 2022, etc. versions) are affected. If you are running these versions, it is critical to apply this patch.
- How do I install the patch?
- Multi-tenant / Shared Hosted Environments:
- EASE Secure Boost 1.0 will be installed in two waves.
- The first deployment date is February 2, 2025
- The second deployment date is February 9, 2025
- No action is required from your organization’s IT department.
- EASE Secure Boost 1.0 will be installed in two waves.
- Dedicated Hosted & On-Prem Client Environments:
- Begin by contacting our Service Desk Team for an upgrade plan.
- Email: servicedesk@descartes.com
- Service Desk Portal: https://servicedesk.descartes.com
- We will assess your specific needs and work with your organization to execute an upgrade plan.
- Begin by contacting our Service Desk Team for an upgrade plan.
- What happens if I don’t install the patch?
If the patch is not applied, your system will remain vulnerable to potential exploits targeting these security issues. This could result in compromised data integrity or service disruptions. OCR+Descartes Infosec strongly recommends applying the patch as soon as possible.
- Will applying this patch affect current functionality?
While this patch is designed to address vulnerabilities, it is important to recognize the EASE application upgrade will include the latest product improvements, enhancements, and bug resolutions. If you encounter any issues, our support team is ready to assist.
- How long will it take to apply the patch?
Applying the patch typically requires 30 to 60 minutes of downtime for the environment. But if you are running an EASE version older than 2024, then it could take more time. The upgrade process requires system downtime, so it is recommended that you communicate the offline period to your user community. OCR+Descartes strongly recommends reaching out to our service desk so that our staff can coordinate an upgrade plan with your organization.
- Can I test the patch in a staging environment first?
For those clients who have multiple instances of the EASE application (i.e., multiple servers), we recommend testing the patch in a test/staging or development environment before deploying it in production. This ensures compatibility with your specific setup.
- How can I contact service desk if I encounter issues?
Our support team is available to assist you. Please get in touch with us at:
- Email: servicedesk@descartes.com
- Phone: 877-786-9339 (North America) or 800-7866-3390 (International)
- Support Portal: https://servicedesk.descartes.com
- Are there plans for further updates or patches?
We are committed to providing ongoing security updates. Key releases coming in 2025 are:
- Struts2 Framework / EASE Version Upgrade: [Tentatively June or July 25 release]
- You will be notified of any additional patches or updates as they become available.
- Is this patch mandatory?
Yes, this patch is mandatory. We strongly recommend applying it immediately to safeguard your system and data.
- Are there additional steps I should take after applying the patch?
After applying the patch:
- Verify with OCR+Descartes the installation was successful.
- Validate the application functionality based on your business processes.
- Follow up with regular software updates for the EASE application.
- Can I schedule a consultation to ensure my system is up-to-date?
Our team offers consultations to review your system’s current state and ensure all measures are in place to get your organization to the latest version. Contact us at servicedesk@descartes.com.
- What if I cannot perform this upgrade now?
While OCR+Descartes recommends applying this upgrade as soon as possible, we recognize there might be challenges. This is why we are here to assist you in this upgrade effort. Please contact our service desk so we can work collaboratively on addressing any challenges your organization might face.