Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: FusionAuth enters loop writing and deleting the IP location MaxMind file if the file is invalid but the checksums were valid #2673

Closed
lyleschemmerling opened this issue Mar 5, 2024 · 2 comments
Closed

[Bug]: FusionAuth enters loop writing and deleting the IP location MaxMind file if the file is invalid but the checksums were valid #2673

lyleschemmerling opened this issue Mar 5, 2024 · 2 comments
Assignees
@lyleschemmerling
Labels
bug Something isn't working
Projects
FusionAuth Issues
Milestone
1.49.2

Comments

@lyleschemmerling
Copy link

lyleschemmerling commented Mar 5, 2024
edited

What happened?

When we download the IP Location database for the advanced threat detection feature we do few checks in different places to ensure that file is valid. However an invalid file, ip-location-2024-02-01T101059Z.mmdb, made it through the system such that the checksum from Reactor was valid however the file itself could not be read as a maxmind database file.

The result is that FusionAuth will enter a loop of writing out and then deleting the version of the file that it has stored in the database. Because the file is invalid after writing it to the filesystem it deletes it and tries again on the next interval, but it will never reach out to reactor to download an updated file.

Workaround

The problematic file has been removed from the server and is no longer available for download. The data needs to be cleared from the database and then FusionAuth can download and run the newer files available from reactor.

Version

1.48.3

Affects Versions

1.47.0 - 1.49.1

Related

Release Notes

FusionAuth systems that were running version 1.47.0 or greater between the dates of February 1st, 2024, and February 23rd, 2024 that had the Advanced Threat Detection feature enabled may have downloaded a corrupted IP Location database file from our Reactor server. Once downloaded the system will no longer reach out to Reactor to download an updated file. If there was no other valid IP location database file previously downloaded on the FusionAuth system the advanced threat detection feature may have never moved past a "pending" state, otherwise, there was likely a repeated message in the FusionAuth logs of ERROR io.fusionauth.api.service.cache.MaxMindDatabaseLoader - Could not find a MaxMind DB metadata marker in this file (ip-location-2024-02-01T101059Z.mmdb). Is this a valid MaxMind DB file?.

All FusionAuth Cloud Hosted instances have been corrected but any self-hosted instances should pick up this update to correct the issue. This fix also ensures that if any invalid file is downloaded in the future the system will correctly reject it and attempt to download a valid file again from Reactor.
@lyleschemmerling lyleschemmerling added the bug Something isn't working label Mar 6, 2024
@lyleschemmerling lyleschemmerling added this to the 1.50.0 milestone Mar 6, 2024
@lyleschemmerling
Copy link
Author

Internal:

@lyleschemmerling lyleschemmerling added this to In progress in FusionAuth Issues Mar 6, 2024
@lyleschemmerling lyleschemmerling self-assigned this Mar 6, 2024
@robotdan robotdan modified the milestones: 1.50.0, 1.49.2 Mar 13, 2024
@lyleschemmerling lyleschemmerling moved this from In progress to Code complete in FusionAuth Issues Mar 15, 2024
@lyleschemmerling
Copy link
Author

Internal:

@robotdan robotdan moved this from Code complete to Delivered in FusionAuth Issues Mar 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lyleschemmerling lyleschemmerling

Labels
bug Something isn't working
Projects
FusionAuth Issues
  
Delivered
Milestone
1.49.2
Development

No branches or pull requests
2 participants
@robotdan @lyleschemmerling