SyferLock Help Center

GridGuard-VA Upgrade 5.3.10 Released

Installation Instructions

Expected Duration: < 10 mins (after file has been downloaded and transferred to the GridGuard server)

  • Please make a snapshot of your VM prior to beginning this process.
  • The GridGuard appliance will need to be restarted after applying this patch.
  • If you are upgrading from a version equal to or below 4.6.1, the ACC gridadmin password will be reset to 'gridguard'. Change password as necessary after upgrading
- Download file 
  https://www.syferlock.com/ggva-patches/ggva-upgrade-5.3.10.ggpkg 
(Authentication Required. If you have problems, open a support ticket.) - Transfer file via scp to the GridGuard server

IMPORTANT NOTE: Replace username and password with your product download credentials.
- If you have internet access from the GridGuard server, you can  download the file to the server by executing the following command:  wget --no-check-certificiate --http-user=username --http-password=password
https://www.syferlock.com/ggva-patches/ggva-upgrade-5.3.10.ggpkg

ggva-upgrade-5.3.10.ggpkg MD5 Value: 81bdf0c947b733c60832598360b88e03
- Log onto GridGuard server as gridadmin via SSH
- Execute command: ggva-upgrade ~/ggva-upgrade-5.3.10.ggpkg

- Execute command: shutdown -r now

If you get a command not found error while executing the ggva-upgrade command, follow the instructions below to install the script:
https://syferlock.zendesk.com/hc/en-us/articles/204361117-GridGuard-VA-Upgrade-Deployment-Script

Release Notes

Version 5.3.10

    Bug
[GG-1118] - JNDI escaping improperly [GG-1117] - GHOST (Glibc Vulnerability) CVE-2015-0235 [GG-1115] - Scrub logs that are out of rotation [GG-1114] - Logrotate disabled in upgrade
[GG-1113] - Ignore user GST seed on non-GST realm [GG-1111] - Reduce cron syslog facility
[GG-1110] - NULL pointer GST with no seed [GG-1109] - Membership lookup fails when '/' is in the DN [GG-1105] - GridGuard Not Showing Error Message [GG-1070] - Update Timezone data Enhancement [GG-1112] - Adding cookie paramters to Mod_auth_pubtkt
Version 5.3.9

    Bug
        [GG-1101] - NTPUpdate does not use proper servers
        [GG-1100] - Cannot specify certain e-mail addresses
        [GG-1098] - 5.3.8 Upgrade Fails

    Enhancement
        [GG-1102] - Support multiple values with SAML attributes

Version 5.3.8

    Enhancement
        [GG-1076] - Disable SSLv3 for OpenLDAP
        [GG-1075] - OpenLDAP CVE-2014-0224
        [GG-1074] - Add monitoring database to slapd-proxy
Version 5.3.7.

    Hotfix
        [GG-1065] - DTLS security fix

    Bug
        [GG-1059] - BASH Vulnerability

    Client Reported Issue
        [GG-1060] - Fix for ShellShock Exploits

    Hotfix
        [GG-1067] - Disable mod_deflate
        [GG-1066] - Remove weak RC4 Ciphers
Version 5.3.6

    Bug 
        [GG-1052] - Exporting key from EncryptionKeys causes stack trace 

    Enhancement 
        [GG-1053] - Support mod_auth_pubtkt 
        [GG-280] - Ability to clone Realms
Version 5.3.5
    Bug
        [GG-1046] - OpenLDAP crashes when PPolicy controlOID enabled
        [GG-1041] - Run logrotate check every hour
        [GG-1040] - 'service slapd reconfigure' doesn't work

    Enhancement
        [GG-1042] - Certifiy Array AG with GridGuard

  Version 5.3.4

    Bug
        [GG-1039] - CentOS Security Patches

    Hotfix
        [GG-1037] - PHP Security fix - 

  Version 5.3.3

    Client Reported Issue
        [GG-942] - Locked out accounts in AD can log in in PIN-only setup

  Version 5.3.2

    Bug
        [GG-946] - GST - JAR File manifest issue
        [GG-941] - RequestServiceStatus cannot get service status

  Version 5.3.0

    Bug
        [GG-934] - No message displayed if invalid GridKey specified
        [GG-933] - GridKey's not cleared out in session table
        [GG-932] - Switching to my grid doesn't updated default grid
        [GG-930] - Missing realm.defaultLayout.tooltip tooltip
        [GG-929] - License expiration message needs to be updated
        [GG-925] - Manage GridKey - No error messge displayed when no number is entered and Send Verification Code is clicked
        [GG-924] - Manage GridKey - In IE, no error message displayed when phone number specified without selecting SMS optoin
        [GG-923] - Manage GridKey - SMS options should be disabled unless 'Send GridKey as SMS' is selected
        [GG-922] - In Security Center invalid number specified for sending GridKey.. no error message displayed
        [GG-921] - No confirmation message shown on click of 'Send Verification Code'
        [GG-920] - GridPic not displayed on Enter GridKey screen in IE
        [GG-919] - GridKey - Send Verification Code button alignment off
        [GG-917] - No error message on changing GridKey if no test code is entered
        [GG-916] - Manage GridKey - Page layout issues
        [GG-915] - Invalid error message displayed when wrong GridKey entered
        [GG-913] - Enter GridKey Info.. Text re-wording
        [GG-912] - Enter GridKey Info.. labels incorrect
        [GG-903] - SAML SP Configuration - Unable to delete attribute mappings
        [GG-902] - Proxy key not being set on realm creation correctly
        [GG-897] - No way to set default layout
        [GG-894] - Print message in log when RefURL is missing
        [GG-892] - userid cannot be null error when inserting history records
        [GG-891] - NullPointerException when username field name does match realm config
        [GG-888] - GridApplet displays warning about 'potentially unsafe components' being run
        [GG-882] - When enforce crypto subset when GST is enabled
        [GG-878] - User registration failed error message shows a 'null' username
        [GG-861] - File types not filtered by when uploading GridPics; file size not enforced
        [GG-857] - Error adding proc type params to custom type realm while adding new realm
        [GG-741] - Certificate Management - Key length does not update
        [GG-740] - Limit loading of Dashboard
        [GG-619] - Cannot delete password validator dictionary
        [GG-599] - Config error when pseudo-2form selected, and then unselected
        [GG-597] - Possible information leak
        [GG-594] - Keypad image shown during registration should match layout set for realm
        [GG-593] - Cannot enter newline while defining layout
        [GG-592] - Unable to delete custom layouts
        [GG-591] - Cannot delete a password validator
        [GG-590] - GST goes to wrong Security Center URL
        [GG-589] - Unable to type newlines in custom keyboard layout field
        [GG-586] - Password rules not displayed during password reset
        [GG-553] - Server name clears out when server type is changed
        [GG-507] - Click on Security Center without email address shows invalid error message
        [GG-318] - Passwords with UTF-8 characters not recoginzed

    Client Reported Issue
        [GG-928] - HTTPD security issues
        [GG-910] - 5.2.15 upgrade fails on httpd.conf
        [GG-908] - User cannot change grid layout at login
        [GG-889] - LDAP Server - Test LDAP Connection displays 'Unknown exception occurred'
        [GG-874] - GridPic extenstions need to be case-insensitive
        [GG-873] - Cannot do selective layout
        [GG-858] - User Password corrupted at registration
        [GG-852] - Null for PingFed ResumeURL
        [GG-851] - Groups not processing properly

    Enhancement
        [GG-901] - Support for requiring GridKeys during login
        [GG-900] - Support Twilio Integration via ACC settings
        [GG-863] - Add INFO line to syslog when registration fails for bad network password
        [GG-859] - config.xml file name should include hostname on export
        [GG-811] - Use DDS for aging Nonces instead of cron script
        [GG-797] - cn=admin,cn=config
        [GG-618] - i18n messages.properties user override 
        [GG-600] - Support for PIN only authentication with PIN & Password registration
        [GG-427] - Give Administrator the ability set custom message for invalid user licensing
        [GG-341] - Log failed user registration
        [GG-335] - Write user login attempt successful or failed to log files at INFO level. 
        [GG-271] - Ability to audit actions performed in ACC

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk