Expected Duration: < 10 mins (after file has been downloaded and transferred to the GridGuard server)
- Please make a snapshot of your VM prior to beginning this process.
- The GridGuard appliance will need to be restarted after applying this patch.
- If you are upgrading from a version equal to or below 4.6.1, the ACC gridadmin password will be reset to 'gridguard'. Change password as necessary after upgrading
- This upgrade requires the GGVA appliance to be at version 5.3.0 or greater.
- If you get an error during the upgrade saying there is an issue with your certificates, install all of the certificate point's intermediate certificates as root CA certificates. This is due to an issue with previous versions allowing incomplete certificate installations. After the upgrade is complete, you can delete the intermediate certificates from the root CA store.
- Download file https://www.syferlock.com/ggva-patches/ggva-upgrade-5.4.1-1.ggpkghttps://www.syferlock.com/ggva-patches/ggva-upgrade-5.4.1-1.ggpkg
(Authentication Required. If you have problems, open a support ticket.) - Transfer file via scp to the GridGuard server
IMPORTANT NOTE: Replace username and password with your product download credentials.
- If you have internet access from the GridGuard server, you can download the file to the server by executing the following command: wget --no-check-certificiate --http-user=username --http-password=password
ggva-upgrade-5.4.1-1.ggpkg MD5 Value: 956eac5ea0396e6ab2e3f04d8c8a0de9
- Log onto GridGuard server as gridadmin via SSH - Execute command: ggva-upgrade ~/ggva-upgrade-5.4.1-1.ggpkg - Execute command: shutdown -r now
If you get a command not found error while executing the ggva-upgrade command, follow the instructions below to install the script:
Bug [GG-1290] - RepostTemplate needs to be async AJAX [GG-1288] - LDAP JNDI Pool Enumeration Verification [GG-1287] - Error in SAML IdP-initiated Logins "™ entity not found" [GG-1282] - Update the Copyright Data in the ACC and UI [GG-1276] - Write log with empty SAML request [GG-1263] - NSS CVE-2015-5277 [GG-1258] - OpenSSL - RHSA-2015:2616-1 [GG-1204] - Password Validator breaks GridGuard startup [GG-1196] - Make passphase field a password field [GG-963] - Audit Trail - does not provide name of key exported Enhancement [GG-1216] - TZ Update Security [GG-1291] - NSS Security Update CVE2016-1950 [GG-1284] - Openssl 0.9.8e-39.el5_11 Security fix
Version 5.4.0 Bug [GG-1281] - GGVA_API does not build OpenLDAP cert chain properly [GG-1280] - 5.4.0 min version detection no working properly [GG-1278] - Incorrect CA Bundle permissions [GG-1237] - Protect custom jars being linked to webapps [GG-1236] - Fix custom classpath entry in catalina.properties [GG-1166] - NSS & NSPR Security Fixes [GG-1028] - Change flow when registering users with no email specified [GG-1026] - Invalid error message when incorrect code is specified during registration with pwreset [GG-1025] - Labels incorrect during registration when using internal email for password resets [GG-1024] - Account reset when configured to use internal email should still send verification email during registration [GG-1023] - Footer missing on GridKey page [GG-1018] - Language on "Change GridPic" page [GG-1017] - Successful Registration Screen Needs to Be Revised [GG-1016] - Verification code pre-populated with email address in Chrome [GG-1014] - Links In Password Reset Emails Should Have An Expiration Time [GG-1013] - Unnecessary Information on Page Once Account Reset Process Has Begun [GG-1010] - More specific text in verification code email [GG-1009] - allow realm config to specify support email (global) [GG-1008] - Fix broken image link in sent email [GG-1007] - Do not send user back to main.jsf after reset request [GG-1006] - Possible XSS [GG-1005] - align/reorder forgot and howto links [GG-1004] - Move next button and description [GG-1003] - Reset emails get sent to primary ad email address [GG-999] - Enter key does not work on notification screen [GG-998] - Weird overlap on GST page [GG-997] - Layout issue with "Next" button instructions under Firefox [GG-996] - User registration - Skips 'Define PIN' when 'Next' clicked & 'Enter' key pressed [GG-995] - Registration - Default focus on clicking Next button should be on first field [GG-994] - Change Add-on page [GG-993] - Security Center -- User History [GG-992] - Problem Uploading GridPic [GG-991] - Admin - Manage Users - Page retains content from last visit [GG-990] - Error on uploading pdf document as gridpic during registration [GG-989] - Grid Numbers Not Properly Aligned in Internet Explorer [GG-988] - Registration Pages [GG-987] - Gridkey Activation [GG-984] - Grid2Form Security Center-- Manage Users, Reset User Account [GG-983] - Grid2Form Security Center- Manage Users [GG-982] - Cryptogram alignment off [GG-981] - Non-numeric characters allowed in GridCode field [GG-980] - Grid2Form UI GridGuard Login page [GG-979] - Grid2Form Security Center -- Change Add-on [GG-978] - Security Center Title on Security Center page [GG-977] - Background Color for Grid2Form UI "Enter Password" and "Enter GridPIN" Fields [GG-976] - Inconsistent use of "GridPIN" and GridCode" [GG-975] - Remove leading ! in error message shown during registration [GG-974] - Registration - Wrong error message displayed if GridPic is not set [GG-973] - Login screen - Cancel takes user to Login Failed URL [GG-972] - Navigation error on uploading too large a GridPic [GG-971] - Registration - On Click of 'Next' screen flickers back to 'Getting Started' Tab [GG-969] - GST Installation instructions for Windows truncated [GG-968] - GST Installation instructions hard-coded [GG-965] - Default button should be 'Next' for registration screens [GG-962] - Unable to export encryption key [GG-951] - GGVA_API service status sends incorrect stopped [GG-946] - GST - JAR File manifest issue [GG-944] - JRE 7u45 issue. [GG-926] - config.xml from 3.8.1 crashes ACC [GG-576] - On 5.2 upgrade CookieCapture proctype if changed [GG-533] - User falsely get registration Enhancement [GG-1206] - Add block to gridguard common http configuration [GG-1012] - base64 encode binary attributes [GG-483] - Display warning text under GridPic
Version 5.3.16 Bug [GG-1234] - SAML setup doesn't allow for non-LDAP User Stores [GG-1192] - Null Point with default SAML attribute
[GG-1248] - Upgrade not detecting cert chain properly
Version 5.3.15 Bug [GG-1230] - Whitelisted Users not working properly [GG-1228] - NTPDate config file not generated properly [GG-1227] - Fix for updating whitelists DNs [GG-1219] - Glibc Security Updated [GG-1218] - Error in read/write of Store custom properites [GG-1150] - Order LDAP Proxy DNs Enhancement [GG-1226] - script to monitor slapd/slapd-proxy internal
performance [GG-1225] - CVE-2015-5722 Sub-task [GG-1210] - SAML AuthnFailed on sucessful reg
Version 5.3.14 Bug [GG-1205] - Exception when upgrade PHP 5.0.0 with 5.3.14 [GG-1191] - LogJam SSH Key Update Enhancement [GG-1163] - Support SPProvidedID
Version 5.3.12 Bug [GG-1183] - GridRadius not compatible with REST [GG-1172] - Security: Slapd update [GG-1155] - OpenSSL Security Issue [GG-1154] - net-snmp security BZ#1133795 [GG-1153] - Information Leak: issue.net [GG-1148] - exec_backup.php doesn't execute [GG-1138] - Change Password on Next Login Can't Register Enhancement [GG-1167] - CSRs are generated with SHA256 [GG-1159] - Tomcat Security Update [GG-1158] - BIND utils security fix [GG-1157] - Updated Timezone data [GG-1156] - Sendmail Security Fix (BZ#1157811)
Version 5.3.11 Bug [GG-1142] - Parsing rules not handling previous password
encoding correctly [GG-1140] - Network Password Change - Wrong Error [GG-1137] - HTTPS certificates not installing properly [GG-1128] - NTP stability [GG-1119] - Hiding Grid still happens on non-GST realm [GG-1116] - Possible data leak under certain setups [GG-1038] - GST signing is expired Client Reported Issue [GG-1122] - IE9 Registration Display Issue Enhancement [GG-1131] - Add Encryption to Service Account Password Storage
Version 5.3.10 Bug [GG-1118] - JNDI escaping improperly [GG-1117] - GHOST (Glibc Vulnerability) CVE-2015-0235 [GG-1115] - Scrub logs that are out of rotation [GG-1114] - Logrotate disabled in upgrade
[GG-1113] - Ignore user GST seed on non-GST realm [GG-1111] - Reduce cron syslog facility
[GG-1110] - NULL pointer GST with no seed [GG-1109] - Membership lookup fails when '/' is in the DN [GG-1105] - GridGuard Not Showing Error Message [GG-1070] - Update Timezone data Enhancement [GG-1112] - Adding cookie paramters to Mod_auth_pubtkt
Version 5.3.9 Bug [GG-1101] - NTPUpdate does not use proper servers [GG-1100] - Cannot specify certain e-mail addresses [GG-1098] - 5.3.8 Upgrade Fails Enhancement [GG-1102] - Support multiple values with SAML attributes
Version 5.3.8 Enhancement [GG-1076] - Disable SSLv3 for OpenLDAP [GG-1075] - OpenLDAP CVE-2014-0224 [GG-1074] - Add monitoring database to slapd-proxy
Version 5.3.7. Hotfix [GG-1065] - DTLS security fix Bug [GG-1059] - BASH Vulnerability Client Reported Issue [GG-1060] - Fix for ShellShock Exploits Hotfix [GG-1067] - Disable mod_deflate [GG-1066] - Remove weak RC4 Ciphers
Version 5.3.6 Bug [GG-1052] - Exporting key from EncryptionKeys causes stack trace Enhancement [GG-1053] - Support mod_auth_pubtkt [GG-280] - Ability to clone Realms
Bug [GG-1046] - OpenLDAP crashes when PPolicy controlOID enabled [GG-1041] - Run logrotate check every hour [GG-1040] - 'service slapd reconfigure' doesn't work Enhancement [GG-1042] - Certifiy Array AG with GridGuard Version 5.3.4 Bug [GG-1039] - CentOS Security Patches Hotfix [GG-1037] - PHP Security fix - Version 5.3.3 Client Reported Issue [GG-942] - Locked out accounts in AD can log in in PIN-only setup Version 5.3.2 Bug [GG-946] - GST - JAR File manifest issue [GG-941] - RequestServiceStatus cannot get service status Version 5.3.0 Bug [GG-934] - No message displayed if invalid GridKey specified [GG-933] - GridKey's not cleared out in session table [GG-932] - Switching to my grid doesn't updated default grid [GG-930] - Missing realm.defaultLayout.tooltip tooltip [GG-929] - License expiration message needs to be updated [GG-925] - Manage GridKey - No error messge displayed when
no number is entered and Send Verification Code is
clicked [GG-924] - Manage GridKey - In IE, no error message displayed
when phone number specified without selecting SMS option [GG-923] - Manage GridKey - SMS options should be disabled
unless 'Send GridKey as SMS' is selected [GG-922] - In Security Center invalid number specified for
sending GridKey.. no error message displayed [GG-921] - No confirmation message shown on click of 'Send
Verification Code' [GG-920] - GridPic not displayed on Enter GridKey screen in
Internet Explorer [GG-919] - GridKey - Send Verification Code button alignment off [GG-917] - No error message on changing GridKey if no test
code is entered [GG-916] - Manage GridKey - Page layout issues [GG-915] - Invalid error message displayed when wrong
GridKey entered [GG-913] - Enter GridKey Info.. Text re-wording [GG-912] - Enter GridKey Info.. labels incorrect [GG-903] - SAML SP Configuration - Unable to delete attribute mappings [GG-902] - Proxy key not being set on realm creation correctly [GG-897] - No way to set default layout [GG-894] - Print message in log when RefURL is missing [GG-892] - userid cannot be null error when inserting history records [GG-891] - NullPointerException when username field name does match realm config [GG-888] - GridApplet displays warning about 'potentially unsafe components' being run [GG-882] - When enforce crypto subset when GST is enabled [GG-878] - User registration failed error message shows a 'null' username [GG-861] - File types not filtered by when uploading GridPics; file size not enforced [GG-857] - Error adding proc type params to custom type realm while adding new realm [GG-741] - Certificate Management - Key length does not update [GG-740] - Limit loading of Dashboard [GG-619] - Cannot delete password validator dictionary [GG-599] - Config error when pseudo-2form selected, and then unselected [GG-597] - Possible information leak [GG-594] - Keypad image shown during registration should match layout set for realm [GG-593] - Cannot enter newline while defining layout [GG-592] - Unable to delete custom layouts [GG-591] - Cannot delete a password validator [GG-590] - GST goes to wrong Security Center URL [GG-589] - Unable to type newlines in custom keyboard layout field [GG-586] - Password rules not displayed during password reset [GG-553] - Server name clears out when server type is changed [GG-507] - Click on Security Center without email address shows invalid error message [GG-318] - Passwords with UTF-8 characters not recoginzed Client Reported Issue [GG-928] - HTTPD security issues [GG-910] - 5.2.15 upgrade fails on httpd.conf [GG-908] - User cannot change grid layout at login [GG-889] - LDAP Server - Test LDAP Connection displays 'Unknown exception occurred' [GG-874] - GridPic extenstions need to be case-insensitive [GG-873] - Cannot do selective layout [GG-858] - User Password corrupted at registration [GG-852] - Null for PingFed ResumeURL [GG-851] - Groups not processing properly Enhancement [GG-901] - Support for requiring GridKeys during login [GG-900] - Support Twilio Integration via ACC settings [GG-863] - Add INFO line to syslog when registration fails for bad network password [GG-859] - config.xml file name should include hostname on export [GG-811] - Use DDS for aging Nonces instead of cron script [GG-797] - cn=admin,cn=config [GG-618] - i18n messages.properties user override [GG-600] - Support for PIN only authentication with PIN & Password registration [GG-427] - Give Administrator the ability set custom message for invalid user licensing [GG-341] - Log failed user registration [GG-335] - Write user login attempt successful or failed to log files at INFO level. [GG-271] - Ability to audit actions performed in ACC