Expected Duration: < 10 mins (after file has been downloaded and transferred to the GridGuard server)
- Please make a snapshot of your VM prior to beginning this process.
- The GridGuard appliance will need to be restarted after applying this patch.
- If you are upgrading from a version equal to or below 4.6.1, the ACC gridadmin password will be reset to 'gridguard'. Change password as necessary after upgrading
- If you get an error during the upgrade saying there is an issue with your certificates, install all of the certificate point's intermediate certificates as root CA certificates. This is due to an issue with previous versions allowing incomplete certificate installations. After the upgrade is complete, you can delete the intermediate certificates from the root CA store.
- Download file https://www.syferlock.com/ggva-patches/ggva-upgrade-5.3.15.ziphttps://www.syferlock.com/ggva-patches/ggva-upgrade-5.3.15.zip
(Authentication Required. If you have problems, open a support ticket.) - Transfer file via scp to the GridGuard server
IMPORTANT NOTE: Replace username and password with your product download credentials.
- If you have internet access from the GridGuard server, you can download the file to the server by executing the following command: wget --no-check-certificiate --http-user=username --http-password=password
ggva-upgrade-5.3.15.zip MD5 Value: 73b2290a56c47e2933eddf6aae7b9f81
- Log onto GridGuard server as gridadmin via SSH - Execute command: ggva-upgrade ~/ggva-upgrade-5.3.15.zip - Execute command: shutdown -r now
If you get a command not found error while executing the ggva-upgrade command, follow the instructions below to install the script:
Version 5.3.15 Bug [GG-1230] - Whitelisted Users not working properly [GG-1228] - NTPDate config file not generated properly [GG-1227] - Fix for updating whitelists DNs [GG-1219] - Glibc Security Updated [GG-1218] - Error in read/write of Store custom properites [GG-1150] - Order LDAP Proxy DNs Enhancement [GG-1226] - script to monitor slapd/slapd-proxy internal performance [GG-1225] - CVE-2015-5722 Sub-task [GG-1210] - SAML AuthnFailed on sucessful reg
Version 5.3.14 Bug [GG-1205] - Exception when upgrade PHP 5.0.0 with 5.3.14 [GG-1191] - LogJam SSH Key Update Enhancement [GG-1163] - Support SPProvidedID
Version 5.3.12 Bug [GG-1183] - GridRadius not compatible with REST [GG-1172] - Security: Slapd update [GG-1155] - OpenSSL Security Issue [GG-1154] - net-snmp security BZ#1133795 [GG-1153] - Information Leak: issue.net [GG-1148] - exec_backup.php doesn't execute [GG-1138] - Change Password on Next Login Can't Register Enhancement [GG-1167] - CSRs are generated with SHA256 [GG-1159] - Tomcat Security Update [GG-1158] - BIND utils security fix [GG-1157] - Updated Timezone data [GG-1156] - Sendmail Security Fix (BZ#1157811)
Version 5.3.11 Bug [GG-1142] - Parsing rules not handling previous password encoding correctly [GG-1140] - Network Password Change - Wrong Error [GG-1137] - HTTPS certificates not installing properly [GG-1128] - NTP stability [GG-1119] - Hiding Grid still happens on non-GST realm [GG-1116] - Possible data leak under certain setups [GG-1038] - GST signing is expired Client Reported Issue [GG-1122] - IE9 Registration Display Issue Enhancement [GG-1131] - Add Encryption to Service Account Password Storage
Version 5.3.10 Bug [GG-1118] - JNDI escaping improperly [GG-1117] - GHOST (Glibc Vulnerability) CVE-2015-0235 [GG-1115] - Scrub logs that are out of rotation [GG-1114] - Logrotate disabled in upgrade
[GG-1113] - Ignore user GST seed on non-GST realm [GG-1111] - Reduce cron syslog facility
[GG-1110] - NULL pointer GST with no seed [GG-1109] - Membership lookup fails when '/' is in the DN [GG-1105] - GridGuard Not Showing Error Message [GG-1070] - Update Timezone data Enhancement [GG-1112] - Adding cookie paramters to Mod_auth_pubtkt
Version 5.3.9 Bug [GG-1101] - NTPUpdate does not use proper servers [GG-1100] - Cannot specify certain e-mail addresses [GG-1098] - 5.3.8 Upgrade Fails Enhancement [GG-1102] - Support multiple values with SAML attributes
Version 5.3.8 Enhancement [GG-1076] - Disable SSLv3 for OpenLDAP [GG-1075] - OpenLDAP CVE-2014-0224 [GG-1074] - Add monitoring database to slapd-proxy
Version 5.3.7. Hotfix [GG-1065] - DTLS security fix Bug [GG-1059] - BASH Vulnerability Client Reported Issue [GG-1060] - Fix for ShellShock Exploits Hotfix [GG-1067] - Disable mod_deflate [GG-1066] - Remove weak RC4 Ciphers
Version 5.3.6 Bug [GG-1052] - Exporting key from EncryptionKeys causes stack trace Enhancement [GG-1053] - Support mod_auth_pubtkt [GG-280] - Ability to clone Realms
Bug [GG-1046] - OpenLDAP crashes when PPolicy controlOID enabled [GG-1041] - Run logrotate check every hour [GG-1040] - 'service slapd reconfigure' doesn't work Enhancement [GG-1042] - Certifiy Array AG with GridGuard Version 5.3.4 Bug [GG-1039] - CentOS Security Patches Hotfix [GG-1037] - PHP Security fix - Version 5.3.3 Client Reported Issue [GG-942] - Locked out accounts in AD can log in in PIN-only setup Version 5.3.2 Bug [GG-946] - GST - JAR File manifest issue [GG-941] - RequestServiceStatus cannot get service status Version 5.3.0 Bug [GG-934] - No message displayed if invalid GridKey specified [GG-933] - GridKey's not cleared out in session table [GG-932] - Switching to my grid doesn't updated default grid [GG-930] - Missing realm.defaultLayout.tooltip tooltip [GG-929] - License expiration message needs to be updated [GG-925] - Manage GridKey - No error messge displayed when no number is entered and Send Verification Code is clicked [GG-924] - Manage GridKey - In IE, no error message displayed when phone number specified without selecting SMS optoin [GG-923] - Manage GridKey - SMS options should be disabled unless 'Send GridKey as SMS' is selected [GG-922] - In Security Center invalid number specified for sending GridKey.. no error message displayed [GG-921] - No confirmation message shown on click of 'Send Verification Code' [GG-920] - GridPic not displayed on Enter GridKey screen in IE [GG-919] - GridKey - Send Verification Code button alignment off [GG-917] - No error message on changing GridKey if no test code is entered [GG-916] - Manage GridKey - Page layout issues [GG-915] - Invalid error message displayed when wrong GridKey entered [GG-913] - Enter GridKey Info.. Text re-wording [GG-912] - Enter GridKey Info.. labels incorrect [GG-903] - SAML SP Configuration - Unable to delete attribute mappings [GG-902] - Proxy key not being set on realm creation correctly [GG-897] - No way to set default layout [GG-894] - Print message in log when RefURL is missing [GG-892] - userid cannot be null error when inserting history records [GG-891] - NullPointerException when username field name does match realm config [GG-888] - GridApplet displays warning about 'potentially unsafe components' being run [GG-882] - When enforce crypto subset when GST is enabled [GG-878] - User registration failed error message shows a 'null' username [GG-861] - File types not filtered by when uploading GridPics; file size not enforced [GG-857] - Error adding proc type params to custom type realm while adding new realm [GG-741] - Certificate Management - Key length does not update [GG-740] - Limit loading of Dashboard [GG-619] - Cannot delete password validator dictionary [GG-599] - Config error when pseudo-2form selected, and then unselected [GG-597] - Possible information leak [GG-594] - Keypad image shown during registration should match layout set for realm [GG-593] - Cannot enter newline while defining layout [GG-592] - Unable to delete custom layouts [GG-591] - Cannot delete a password validator [GG-590] - GST goes to wrong Security Center URL [GG-589] - Unable to type newlines in custom keyboard layout field [GG-586] - Password rules not displayed during password reset [GG-553] - Server name clears out when server type is changed [GG-507] - Click on Security Center without email address shows invalid error message [GG-318] - Passwords with UTF-8 characters not recoginzed Client Reported Issue [GG-928] - HTTPD security issues [GG-910] - 5.2.15 upgrade fails on httpd.conf [GG-908] - User cannot change grid layout at login [GG-889] - LDAP Server - Test LDAP Connection displays 'Unknown exception occurred' [GG-874] - GridPic extenstions need to be case-insensitive [GG-873] - Cannot do selective layout [GG-858] - User Password corrupted at registration [GG-852] - Null for PingFed ResumeURL [GG-851] - Groups not processing properly Enhancement [GG-901] - Support for requiring GridKeys during login [GG-900] - Support Twilio Integration via ACC settings [GG-863] - Add INFO line to syslog when registration fails for bad network password [GG-859] - config.xml file name should include hostname on export [GG-811] - Use DDS for aging Nonces instead of cron script [GG-797] - cn=admin,cn=config [GG-618] - i18n messages.properties user override [GG-600] - Support for PIN only authentication with PIN & Password registration [GG-427] - Give Administrator the ability set custom message for invalid user licensing [GG-341] - Log failed user registration [GG-335] - Write user login attempt successful or failed to log files at INFO level. [GG-271] - Ability to audit actions performed in ACC