SyferLock Help Center

GridGuard-VA Upgrade 5.3.16 Released

Installation Instructions

Expected Duration: < 10 mins (after file has been downloaded and transferred to the GridGuard server)

  • Please make a snapshot of your VM prior to beginning this process.
  • The GridGuard appliance will need to be restarted after applying this patch.
  • If you are upgrading from a version equal to or below 4.6.1, the ACC gridadmin password will be reset to 'gridguard'. Change password as necessary after upgrading

Notes:

  • If you get an error during the upgrade saying there is an issue with your certificates, install all of the certificate point's intermediate certificates as root CA certificates. This is due to an issue with previous versions allowing incomplete certificate installations. After the upgrade is complete, you can delete the intermediate certificates from the root CA store. 
- Download file 
  https://www.syferlock.com/ggva-patches/ggva-upgrade-5.3.16-1.zip 
(Authentication Required. If you have problems, open a support ticket.) - Transfer file via scp to the GridGuard server

IMPORTANT NOTE: Replace username and password with your product download credentials.
- If you have internet access from the GridGuard server, you can  download the file to the server by executing the following command:  wget --no-check-certificiate --http-user=username --http-password=password
https://www.syferlock.com/ggva-patches/ggva-upgrade-5.3.16-1.zip

ggva-upgrade-5.3.16-1.zip MD5 Value: 1c05ff574a619cabaaf491fcf1602afc
- Log onto GridGuard server as gridadmin via SSH
- Execute command: ggva-upgrade ~/ggva-upgrade-5.3.16-1.zip

- Execute command: shutdown -r now

If you get a command not found error while executing the ggva-upgrade command, follow the instructions below to install the script:
https://syferlock.zendesk.com/hc/en-us/articles/204361117-GridGuard-VA-Upgrade-Deployment-Script

Release Notes

Version 5.3.16

    Bug
        [GG-1234] - SAML setup doesn't allow for non-LDAP User Stores
        [GG-1192] - Null Point with default SAML attribute
[GG-1248] - Upgrade not detecting cert chain properly
Version 5.3.15

    Bug
        [GG-1230] - Whitelisted Users not working properly
        [GG-1228] - NTPDate config file not generated properly
        [GG-1227] - Fix for updating whitelists DNs
        [GG-1219] - Glibc Security Updated
        [GG-1218] - Error in read/write of Store custom properites
        [GG-1150] - Order LDAP Proxy DNs

    Enhancement
        [GG-1226] - script to monitor slapd/slapd-proxy internal 
performance [GG-1225] - CVE-2015-5722 Sub-task [GG-1210] - SAML AuthnFailed on sucessful reg
Version 5.3.14

    Bug
        [GG-1205] - Exception when upgrade PHP 5.0.0 with 5.3.14
        [GG-1191] - LogJam SSH Key Update

    Enhancement
        [GG-1163] - Support SPProvidedID 


Version 5.3.12

    Bug
        [GG-1183] - GridRadius not compatible with REST
        [GG-1172] - Security: Slapd update
        [GG-1155] - OpenSSL Security Issue
        [GG-1154] - net-snmp security BZ#1133795
        [GG-1153] - Information Leak: issue.net
        [GG-1148] - exec_backup.php doesn't execute
        [GG-1138] - Change Password on Next Login Can't Register

    Enhancement
        [GG-1167] - CSRs are generated with SHA256
        [GG-1159] - Tomcat Security Update
        [GG-1158] - BIND utils security fix
        [GG-1157] - Updated Timezone data
        [GG-1156] - Sendmail Security Fix (BZ#1157811)

Version 5.3.11

    Bug
        [GG-1142] - Parsing rules not handling previous password 
encoding correctly [GG-1140] - Network Password Change - Wrong Error [GG-1137] - HTTPS certificates not installing properly [GG-1128] - NTP stability [GG-1119] - Hiding Grid still happens on non-GST realm [GG-1116] - Possible data leak under certain setups [GG-1038] - GST signing is expired Client Reported Issue [GG-1122] - IE9 Registration Display Issue Enhancement [GG-1131] - Add Encryption to Service Account Password Storage
Version 5.3.10

    Bug
        [GG-1118] - JNDI escaping improperly
        [GG-1117] - GHOST (Glibc Vulnerability) CVE-2015-0235 
        [GG-1115] - Scrub logs that are out of rotation
        [GG-1114] - Logrotate disabled in upgrade
[GG-1113] - Ignore user GST seed on non-GST realm [GG-1111] - Reduce cron syslog facility
[GG-1110] - NULL pointer GST with no seed [GG-1109] - Membership lookup fails when '/' is in the DN [GG-1105] - GridGuard Not Showing Error Message [GG-1070] - Update Timezone data Enhancement [GG-1112] - Adding cookie paramters to Mod_auth_pubtkt
Version 5.3.9

    Bug
        [GG-1101] - NTPUpdate does not use proper servers
        [GG-1100] - Cannot specify certain e-mail addresses
        [GG-1098] - 5.3.8 Upgrade Fails

    Enhancement
        [GG-1102] - Support multiple values with SAML attributes

Version 5.3.8

    Enhancement
        [GG-1076] - Disable SSLv3 for OpenLDAP
        [GG-1075] - OpenLDAP CVE-2014-0224
        [GG-1074] - Add monitoring database to slapd-proxy
Version 5.3.7.

    Hotfix
        [GG-1065] - DTLS security fix

    Bug
        [GG-1059] - BASH Vulnerability

    Client Reported Issue
        [GG-1060] - Fix for ShellShock Exploits

    Hotfix
        [GG-1067] - Disable mod_deflate
        [GG-1066] - Remove weak RC4 Ciphers
Version 5.3.6

    Bug 
        [GG-1052] - Exporting key from EncryptionKeys causes stack trace 

    Enhancement 
        [GG-1053] - Support mod_auth_pubtkt 
        [GG-280] - Ability to clone Realms
Version 5.3.5
    Bug
        [GG-1046] - OpenLDAP crashes when PPolicy controlOID enabled
        [GG-1041] - Run logrotate check every hour
        [GG-1040] - 'service slapd reconfigure' doesn't work

    Enhancement
        [GG-1042] - Certifiy Array AG with GridGuard

  Version 5.3.4

    Bug
        [GG-1039] - CentOS Security Patches

    Hotfix
        [GG-1037] - PHP Security fix - 

  Version 5.3.3

    Client Reported Issue
        [GG-942] - Locked out accounts in AD can log in in PIN-only setup

  Version 5.3.2

    Bug
        [GG-946] - GST - JAR File manifest issue
        [GG-941] - RequestServiceStatus cannot get service status

  Version 5.3.0

    Bug
        [GG-934] - No message displayed if invalid GridKey specified
        [GG-933] - GridKey's not cleared out in session table
        [GG-932] - Switching to my grid doesn't updated default grid
        [GG-930] - Missing realm.defaultLayout.tooltip tooltip
        [GG-929] - License expiration message needs to be updated
        [GG-925] - Manage GridKey - No error messge displayed when 
no number is entered and Send Verification Code is
clicked [GG-924] - Manage GridKey - In IE, no error message displayed
when phone number specified without selecting SMS option [GG-923] - Manage GridKey - SMS options should be disabled
unless 'Send GridKey as SMS' is selected [GG-922] - In Security Center invalid number specified for
sending GridKey.. no error message displayed [GG-921] - No confirmation message shown on click of 'Send
Verification Code' [GG-920] - GridPic not displayed on Enter GridKey screen in
Internet Explorer [GG-919] - GridKey - Send Verification Code button alignment off [GG-917] - No error message on changing GridKey if no test
code is entered [GG-916] - Manage GridKey - Page layout issues [GG-915] - Invalid error message displayed when wrong
GridKey entered [GG-913] - Enter GridKey Info.. Text re-wording [GG-912] - Enter GridKey Info.. labels incorrect [GG-903] - SAML SP Configuration - Unable to delete attribute mappings [GG-902] - Proxy key not being set on realm creation correctly [GG-897] - No way to set default layout [GG-894] - Print message in log when RefURL is missing [GG-892] - userid cannot be null error when inserting history records [GG-891] - NullPointerException when username field name does match realm config [GG-888] - GridApplet displays warning about 'potentially unsafe components' being run [GG-882] - When enforce crypto subset when GST is enabled [GG-878] - User registration failed error message shows a 'null' username [GG-861] - File types not filtered by when uploading GridPics; file size not enforced [GG-857] - Error adding proc type params to custom type realm while adding new realm [GG-741] - Certificate Management - Key length does not update [GG-740] - Limit loading of Dashboard [GG-619] - Cannot delete password validator dictionary [GG-599] - Config error when pseudo-2form selected, and then unselected [GG-597] - Possible information leak [GG-594] - Keypad image shown during registration should match layout set for realm [GG-593] - Cannot enter newline while defining layout [GG-592] - Unable to delete custom layouts [GG-591] - Cannot delete a password validator [GG-590] - GST goes to wrong Security Center URL [GG-589] - Unable to type newlines in custom keyboard layout field [GG-586] - Password rules not displayed during password reset [GG-553] - Server name clears out when server type is changed [GG-507] - Click on Security Center without email address shows invalid error message [GG-318] - Passwords with UTF-8 characters not recoginzed Client Reported Issue [GG-928] - HTTPD security issues [GG-910] - 5.2.15 upgrade fails on httpd.conf [GG-908] - User cannot change grid layout at login [GG-889] - LDAP Server - Test LDAP Connection displays 'Unknown exception occurred' [GG-874] - GridPic extenstions need to be case-insensitive [GG-873] - Cannot do selective layout [GG-858] - User Password corrupted at registration [GG-852] - Null for PingFed ResumeURL [GG-851] - Groups not processing properly Enhancement [GG-901] - Support for requiring GridKeys during login [GG-900] - Support Twilio Integration via ACC settings [GG-863] - Add INFO line to syslog when registration fails for bad network password [GG-859] - config.xml file name should include hostname on export [GG-811] - Use DDS for aging Nonces instead of cron script [GG-797] - cn=admin,cn=config [GG-618] - i18n messages.properties user override [GG-600] - Support for PIN only authentication with PIN & Password registration [GG-427] - Give Administrator the ability set custom message for invalid user licensing [GG-341] - Log failed user registration [GG-335] - Write user login attempt successful or failed to log files at INFO level. [GG-271] - Ability to audit actions performed in ACC

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk