Expected Duration: < 15 mins (after file has been downloaded and transferred to the GridGuard server)
- Please make a snapshot of your VM prior to beginning this process.
- The GridGuard appliance will need to be restarted after applying this patch.
- This upgrade requires the GGVA appliance to be at version 6.0.0 or greater.
- If you get an error during the upgrade saying there is an issue with your certificates, install all of the certificate point's intermediate certificates as root CA certificates. This is due to an issue with previous versions allowing incomplete certificate installations. After the upgrade is complete, you can delete the intermediate certificates from the root CA store.
- Download file https://www.syferlock.com/ggva-patches/ggva-upgrade-6.2.1-1.ggpkg
(Authentication Required. If you have problems, open a support ticket.) - Transfer file via scp to the GridGuard server. Placing the upgrade file
in the gridadmin home directory ideal.
ggva-upgrade-6.2.1-1.ggpkg MD5 Value: ec27b85613afa991762a562dd5d06fa1
- Log onto GridGuard server as gridadmin via SSH - Execute command: sudo /usr/local/sbin/ggva-upgrade ~/ggva-upgrade-6.2.1-1.ggpkg - Execute command: shutdown -r now
If you get a command not found error while executing the ggva-upgrade command, follow the instructions below to install the script:
Bug [GG-1752] - SSCR says it is disabled when it is not [GG-1724] - Update upgrade script to add 'sudo' to upgrade message [GG-1718] - Certain SAML configuration options need to be disabled until valid [GG-1714] - ACC UI - Realm - Grid Options - Default Image - Unexpected Size Error [GG-1684] - ACC UI - Realm - SAML - Paramaters [GG-1683] - ACC UI - Audit Log - Export does match Filters [GG-1617] - Self Service Admin Options Enhancement [GG-1705] - Add Credential Reset Link GridJS [GG-1612] - Admin has different term than Security Center Security [GG-1750] - Centos Security/Bug fixes for 6.2.1 [GG-1643] - Oracle - Java Security - Multiple CVEs [GG-1356] - Store RootDN password in seeded sha Sub-task [GG-1751] - Separate upgrade step for Kernel
Bug [GG-1720] - Push dracut.conf in update [GG-1715] - Update kernel helper function [GG-1713] - Apply RPM security fixed to for 6.2.0 [GG-1696] - AuditTrailCode values missing from DB [GG-1688] - Error deleting NTP server [GG-1687] - ACC UI - SAML Config - Export Cert [GG-1686] - ACC UI - Cluster management [GG-1685] - ACC UI - Add Store - Adding Custom Store - Error msgs doesnt update [GG-1682] - SSCR - Email in Security Center does not match the email used at Registration [GG-1678] - JSON Support not enabled in ModSecurity [GG-1676] - Can't succesfully upload TLS Private key [GG-1673] - ACC UI - Audit Trail - No data [GG-1669] - ACC UI - System Management - SNMP TRAP [GG-1668] - ACC UI - System Management - Export [GG-1666] - ACC UI - SAML Config - Attribute Mapping [GG-1665] - ACC UI - SAML Config - Export Cert - Wait [GG-1654] - ACC UI - Realm - Grid Options - MyGrid Options - Multi-Select [GG-1652] - GridCron service not enabled properly [GG-1651] - ACC UI - Add Store - History store doesn't limit length of number entered [GG-1650] - ACC UI - Add Store - History Store Permits negative days retention [GG-1649] - ACC UI - Add Store - Custom Store Add button crashes the ACC [GG-1647] - ACC UI - Add LDAP Server [GG-1646] - ACC UI - Add Server - Server Type Dropdown Focus [GG-1645] - ACC UI - Add Server JDBC to JNDI Detail Data Elements [GG-1644] - ACC UI - Add Server - Update from JNDI to JDBC [GG-1639] - ACC UI - Cluster Management becomes unavailable [GG-1638] - ACC UI - Drop Down has Unexpected Behavior [GG-1636] - ACC UI - Localization - GridGuard - Blank Default Text for SelfSerivce [GG-1635] - ACC UI - LDAP Configuration - LDAP Proxy [GG-1633] - ACC UI - Add NTP Server "+Add" button [GG-1632] - ACC - System Management - UI Layout Error [GG-1631] - Replication Peers tab is unresponsive once clustering is enabled [GG-1628] - E-mail address verification failed on license import [GG-1616] - Mismatched email gives confusing error message (SSCR) [GG-1613] - Changing email address doesnt update the security center screen [GG-1611] - Current E-Mail Address field is not always present (SSCR) [GG-1604] - Static IPs are reset to DHCP after reboot [GG-1466] - Text Says "contact us immediately" [GG-1283] - Update the Copyright Data in the Backend Enhancement [GG-1610] - Inconsistant Capitalization (SSCR) Security [GG-1623] - Exception when Proxy header field has more than one IP Sub-task [GG-1710] - Update modsecurity in update [GG-1709] - Update in Base build [GG-1701] - Fix GridCron in base build [GG-1700] - gridcron fix in update [GG-1699] - Populate missing AuditTableCode table missing in upgrade [GG-1698] - Update base build with SQL [GG-1624] - Proxy Header Field supports multiple IPs
Bug [GG-1618] - Credential Reset Hover Text tags missing Text Enhancement [GG-1615] - Current Email address needs a few more characters unobfuscated [GG-1593] - Upgrade to log4j 2 [GG-1592] - Update code signing cert for 2018 Security [GG-1557] - Update to Log4j 2.x Sub-task [GG-1603] - Add log4J2 json config to base image [GG-1595] - Update log4j jar to log4j 2 [GG-1594] - Change STC config for log4j
Bug [GG-1596] - Can't Select LDAP auth server type when creating a new server [GG-1585] - Undefined offset: 1 in /usr/local/lib/ggva_api/upgrade/lib/common-upgrade.class.php [GG-1584] - Undefined variable: status in /usr/local/lib/ggva_api/lib/common-upgrade.class.php [GG-1583] - ggva-upgrade does not detect upgrade file properly [GG-1568] - Backup fails when slapd service is in failed state [GG-1566] - Some logs are logging twice [GG-1554] - Dashboard Axis can get out of whack and doesn't correct [GG-1551] - REST V1 Authentication Replies with RAW GridPin when Nonce Creation failes [GG-1550] - REST V1 Authenticate Reason is set to Unknown Error on Success [GG-1548] - 6.0.0 Footer on Security Center Image is Cropped due to Background Status [GG-1534] - When clustering is enabled, ldap-user TCP ports need to be open [GG-1518] - Restore need to re-validated [GG-1440] - GGVA_API throws error when any PPolicy API call is attempted [GG-1132] - Pin Pad Vanished with failed password [GG-775] - Verify if replication peer is down before joining the cluster Security [GG-1601] - Old Cipher allow sweet32 attack [GG-1598] - Disable HTTP TRACE Verb [GG-1581] - JVM security fix - 8u171 [GG-1567] - Disable Directory index for :443/web/* [GG-1543] - Upgrade to symas 188.8.131.52 Sub-task [GG-1586] - Forced upgrade script is missing [GG-1532] - restore does not reboot after successful deployment
Bug [GG-1565] - Logs being written to / partition [GG-1564] - Kickstart doesn't setup custom firewalld services [GG-1563] - JCEs do not apply properly [GG-1562] - Can't ssh into GGVA [GG-1561] - Long Boot Time [GG-1559] - GridServer thread name truncated [GG-1558] - Localhost syslog messages aren't forwarding [GG-1556] - limits were not being set properly on slapd processes [GG-1553] - Log viewer in ACC is not working as expected [GG-1535] - atop service not enable [GG-1531] - hostname is not saved in backup file [GG-1530] - First run doesn't enumerate network card correctly [GG-1529] - Network does not come up on first boot [GG-1516] - /mnt/data/realm-storage not mounted properly [GG-1513] - Symlink for realm storage is missing [GG-1512] - Only get new auth server dialog when clicking on existing one [GG-1509] - Importing CA Certificate fails [GG-1507] - syslog won't restart after log level change [GG-1505] - NTP Services not staying up [GG-1504] - net-snmp is missing JVM mibs [GG-1503] - Manual backups will not complete [GG-1502] - com.syferlock.gridserver.config.AppRealmDef cannot be cast to com.syferlock.gridserver.config.ServerDef [GG-1500] - GridGuard errors when uploading PNG [GG-1499] - GridCron based service restart failing [GG-1498] - Can't upload page customizations [GG-1496] - common services failed getting 'status' [GG-1495] - Get Error when clicking "Backup System Now" [GG-1493] - Update GGVA to utilze C7's new CA architecture [GG-1492] - Right mouse click not working in ACC [GG-1474] - Missing Dictionary files breaks licensing [GG-1472] - REST calls not properly logging IP Addresses [GG-1471] - Under certain circumstances, users may register if already registered via REST [GG-1463] - Login Button is missing for Safari [GG-1462] - Error on creating radius client [GG-1461] - Cannot upload user pic [GG-1460] - 500 Error on AddLDAPProxy [GG-1454] - Cannot create or import Encryption Keys [GG-1425] - Improper directive in ldap.conf [GG-1424] - Symas binaries to not honor standard ldap.conf [GG-1415] - Pressing Enter on GridJS GridKey submits to wrong URL [GG-1176] - Create RAR and MD5 for Packaged OVF for Release 6.0.0 [GG-1108] - Disk Space usage [GG-1054] - Catalina Log Growth is Faster than Expected [GG-959] - OpenLDAP ABI not trusting installed trusted certificates [GG-697] - PHP Warning on php error-code.php Client Reported Issue [GG-866] - Move GridGuard to 64bit OS Enhancement [GG-1508] - Change message when changing logging level [GG-1485] - Smem diagnostics tool [GG-1484] - Updating BDB tree cache values [GG-1482] - HTTPd Tuning [GG-1481] - LDAP proxy timeouts update [GG-1480] - Logrotation Opimization [GG-1453] - Error applying JCE Policy file [GG-1452] - Update tomcat-user hash digest [GG-1393] - Extend self-signed certificate length [GG-1298] - firstrun script consiliated ACC and SSH password [GG-847] - Set default TLS keys to be 2048 [GG-784] - Move GGVA_API HTTP port to different port Security [GG-1555] - Log messages being dropped [GG-1549] - Logrotate not rotating properly [GG-1547] - GGVA specific logrotation not deployed [GG-1546] - Insufficient permission on network interfaces [GG-1541] - Strict-Transport-Security header not implemented (6.0) [GG-1537] - X-Content-Type-Options header not implemented (6.0) [GG-1533] - Can't upload backup file to ACC [GG-1459] - Enabled HTTP X-Frame policy Sub-task [GG-1577] - Automate VirtualBox build in Bamboo [GG-1525] - Install 6.0.0 onto Load 1 [GG-1456] - Disable SystemD tmp isolation [GG-1442] - Update Admin webapp to use new GGVA_API [GG-1441] - Update Apache config to use different GGVA_API port [GG-1394] - Extend default signed signed certificates max age in OVA