Expected Duration: < 10 mins (after file has been downloaded and transferred to the GridGuard server)
- Please make a snapshot of your VM prior to beginning this process.
- The GridGuard appliance will need to be restarted after applying this patch.
- If you are upgrading from a version equal to or below 4.6.1, the ACC gridadmin password will be reset to 'gridguard'. Change password as necessary after upgrading
- Download file https://www.syferlock.com/ggva-patches/ggva-upgrade-5.3.10.ggpkghttps://www.syferlock.com/ggva-patches/ggva-upgrade-5.3.10.ggpkg
(Authentication Required. If you have problems, open a support ticket.) - Transfer file via scp to the GridGuard server
IMPORTANT NOTE: Replace username and password with your product download credentials.
- If you have internet access from the GridGuard server, you can download the file to the server by executing the following command: wget --no-check-certificiate --http-user=username --http-password=password
ggva-upgrade-5.3.10.ggpkg MD5 Value: 81bdf0c947b733c60832598360b88e03
- Log onto GridGuard server as gridadmin via SSH - Execute command: ggva-upgrade ~/ggva-upgrade-5.3.10.ggpkg - Execute command: shutdown -r now
If you get a command not found error while executing the ggva-upgrade command, follow the instructions below to install the script:
Version 5.3.10 Bug
[GG-1118] - JNDI escaping improperly [GG-1117] - GHOST (Glibc Vulnerability) CVE-2015-0235 [GG-1115] - Scrub logs that are out of rotation [GG-1114] - Logrotate disabled in upgrade
[GG-1113] - Ignore user GST seed on non-GST realm [GG-1111] - Reduce cron syslog facility
[GG-1110] - NULL pointer GST with no seed [GG-1109] - Membership lookup fails when '/' is in the DN [GG-1105] - GridGuard Not Showing Error Message [GG-1070] - Update Timezone data Enhancement [GG-1112] - Adding cookie paramters to Mod_auth_pubtkt
Version 5.3.9 Bug [GG-1101] - NTPUpdate does not use proper servers [GG-1100] - Cannot specify certain e-mail addresses [GG-1098] - 5.3.8 Upgrade Fails Enhancement [GG-1102] - Support multiple values with SAML attributes
Version 5.3.8 Enhancement [GG-1076] - Disable SSLv3 for OpenLDAP [GG-1075] - OpenLDAP CVE-2014-0224 [GG-1074] - Add monitoring database to slapd-proxy
Version 5.3.7. Hotfix [GG-1065] - DTLS security fix Bug [GG-1059] - BASH Vulnerability Client Reported Issue [GG-1060] - Fix for ShellShock Exploits Hotfix [GG-1067] - Disable mod_deflate [GG-1066] - Remove weak RC4 Ciphers
Version 5.3.6 Bug [GG-1052] - Exporting key from EncryptionKeys causes stack trace Enhancement [GG-1053] - Support mod_auth_pubtkt [GG-280] - Ability to clone Realms
Bug [GG-1046] - OpenLDAP crashes when PPolicy controlOID enabled [GG-1041] - Run logrotate check every hour [GG-1040] - 'service slapd reconfigure' doesn't work Enhancement [GG-1042] - Certifiy Array AG with GridGuard Version 5.3.4 Bug [GG-1039] - CentOS Security Patches Hotfix [GG-1037] - PHP Security fix - Version 5.3.3 Client Reported Issue [GG-942] - Locked out accounts in AD can log in in PIN-only setup Version 5.3.2 Bug [GG-946] - GST - JAR File manifest issue [GG-941] - RequestServiceStatus cannot get service status Version 5.3.0 Bug [GG-934] - No message displayed if invalid GridKey specified [GG-933] - GridKey's not cleared out in session table [GG-932] - Switching to my grid doesn't updated default grid [GG-930] - Missing realm.defaultLayout.tooltip tooltip [GG-929] - License expiration message needs to be updated [GG-925] - Manage GridKey - No error messge displayed when no number is entered and Send Verification Code is clicked [GG-924] - Manage GridKey - In IE, no error message displayed when phone number specified without selecting SMS optoin [GG-923] - Manage GridKey - SMS options should be disabled unless 'Send GridKey as SMS' is selected [GG-922] - In Security Center invalid number specified for sending GridKey.. no error message displayed [GG-921] - No confirmation message shown on click of 'Send Verification Code' [GG-920] - GridPic not displayed on Enter GridKey screen in IE [GG-919] - GridKey - Send Verification Code button alignment off [GG-917] - No error message on changing GridKey if no test code is entered [GG-916] - Manage GridKey - Page layout issues [GG-915] - Invalid error message displayed when wrong GridKey entered [GG-913] - Enter GridKey Info.. Text re-wording [GG-912] - Enter GridKey Info.. labels incorrect [GG-903] - SAML SP Configuration - Unable to delete attribute mappings [GG-902] - Proxy key not being set on realm creation correctly [GG-897] - No way to set default layout [GG-894] - Print message in log when RefURL is missing [GG-892] - userid cannot be null error when inserting history records [GG-891] - NullPointerException when username field name does match realm config [GG-888] - GridApplet displays warning about 'potentially unsafe components' being run [GG-882] - When enforce crypto subset when GST is enabled [GG-878] - User registration failed error message shows a 'null' username [GG-861] - File types not filtered by when uploading GridPics; file size not enforced [GG-857] - Error adding proc type params to custom type realm while adding new realm [GG-741] - Certificate Management - Key length does not update [GG-740] - Limit loading of Dashboard [GG-619] - Cannot delete password validator dictionary [GG-599] - Config error when pseudo-2form selected, and then unselected [GG-597] - Possible information leak [GG-594] - Keypad image shown during registration should match layout set for realm [GG-593] - Cannot enter newline while defining layout [GG-592] - Unable to delete custom layouts [GG-591] - Cannot delete a password validator [GG-590] - GST goes to wrong Security Center URL [GG-589] - Unable to type newlines in custom keyboard layout field [GG-586] - Password rules not displayed during password reset [GG-553] - Server name clears out when server type is changed [GG-507] - Click on Security Center without email address shows invalid error message [GG-318] - Passwords with UTF-8 characters not recoginzed Client Reported Issue [GG-928] - HTTPD security issues [GG-910] - 5.2.15 upgrade fails on httpd.conf [GG-908] - User cannot change grid layout at login [GG-889] - LDAP Server - Test LDAP Connection displays 'Unknown exception occurred' [GG-874] - GridPic extenstions need to be case-insensitive [GG-873] - Cannot do selective layout [GG-858] - User Password corrupted at registration [GG-852] - Null for PingFed ResumeURL [GG-851] - Groups not processing properly Enhancement [GG-901] - Support for requiring GridKeys during login [GG-900] - Support Twilio Integration via ACC settings [GG-863] - Add INFO line to syslog when registration fails for bad network password [GG-859] - config.xml file name should include hostname on export [GG-811] - Use DDS for aging Nonces instead of cron script [GG-797] - cn=admin,cn=config [GG-618] - i18n messages.properties user override [GG-600] - Support for PIN only authentication with PIN & Password registration [GG-427] - Give Administrator the ability set custom message for invalid user licensing [GG-341] - Log failed user registration [GG-335] - Write user login attempt successful or failed to log files at INFO level. [GG-271] - Ability to audit actions performed in ACC