v4 Release Notes

2024/03/10

i2incommon/grouper:4.11.2

sha256:f7ca7abacb0a45b8b
34c972c468cec6387a6c9e5
1a9f3918c46a29151c565d53

STABLE

GRP-5382
Tomcat security advisory

5 Jiras

Memberships created in target without Grouper will not get deleted
No open grouper session right after creating one
GrouperLoader.runOnceByJobName should run long running jobs once only if running without daemon

2024/03/03

i2incommon/grouper:4.11.1

sha256:a4b09b56cf020329
024781c1ffd48ef3bc062bfb
6320acfe216888a1a73da90d

STABLE

GRP-5350
GRP-5347
Tomcat security advisory

5 Jiras

Clean logs on 4.11.0 is not working
Cannot delete groups (or maybe other things) as a wheel group member
Creating log pipes twice can fail
Validate rules periodically manually
Stop chmoding cacerts when not able to (openshift)

2024/02/27

i2incommon/grouper:4.11.0

sha256:c4afafd0a0492a89d4
33b445166827146a4c4b67e
49d8da2d429d502c833131c

NOT STABLE

GRP-5337
GRP-5335

22 Jiras

Fix memory issue with provisioner
Composite changes - move membership inserts and deletes to daemon
SCIM fixes (can manage "active" status instead of delete, adjust scim emails, allow group updates)
Can provision group roles and user roles in real time and incremental

2024/01/09

i2incommon/grouper:4.10.3

sha256:e94ae7cd3955b3acd
dd6571742641828c607e8b2
d4fb76298ef50e6876c0e8c5

STABLE

Tomcat security advisory

19 Jiras

TeamDynamix provisioner fixes
GSH template dynamic forms enhancements
Add progress bar on visualization (with no timeouts)
Json recursion error on memory bean
Subjob error in scheduler check daemon cant find log map

2024/01/01

i2incommon/grouper:4.10.2

sha256:294a06c17575111e1
7435610703c2be726f82354
2ebea3791a0053811f407a38

RELEASED

GRP-5249
GRP-5240
Tomcat security advisory

11 Jiras

TeamDynamix provisioner
Add rewrite valve for tomcat so / redirects to /grouper (or whatever the UI context is)
Add tomcat remote IP valve env vars for running v5 behind a load balancer
Add https ssl tls for tomcat when running without apache

2023/12/27

i2incommon/grouper:4.10.1

sha256:18ed306dd324070d1
c2dde6847b868598bddbe48
4a90173cdc082458afd5333f

RELEASED

GRP-5249
GRP-5240
Tomcat security advisory

1 Jira

gsh does not start

2023/12/27

i2incommon/grouper:4.10.0

sha256:1f73328c0bb6e6f32
285f9504a1e19c7ac4eedbca
ac2dabb3135ce16059e4c53

NOT STABLE

gsh does not start

30 Jiras

Daemon jobs will log ad error out if JVM dies (and other daemon enhancements)
Fixed JSON marshaling issues
GSH template dynamic inputs
GSH template WS enhancements
GSH templates report error line number
Daemon status threshold automatically adjusts based on schedule

2023/11/26

i2incommon/grouper:4.9.1

sha256:bf65bed450c890e9
a32d67022d03c3236ad61f8
ec2f90251db11ce6e43aabfda

STABLE

v1 templates do not run

json has issues with visualization,etc
Tomcat security advisory

10 Jiras

Add trust anchors to java cacerts
Add option to run tomcat as another user

2023/11/20

i2incommon/grouper:4.9.0

sha256:51c21b2801aaee6d5
f5816b216f5237f1ed19b91a7
534c2ec34d2f3660337839

STABLE

v1 templates do not run

json has issues with visualization,etc
Tomcat security advisory

25 Jiras

Add basic auth to scim provisioning framework
Add active flag as attribute for scim users
Attributes in group view/edit only handles all value types
Group updaters should be able to only attest/clear attestation on groups
UI: webpage titles for back button and browser tab
Ldap loader LDAP_GROUPS_FROM_ATTRIBUTES should allow specifying parent stem
Upgrade various libraries for security and performance

2023/11/04

i2incommon/grouper:4.8.0

sha256:0ce7e7b6385511553
3232264c6ed1a24502105c6
331d34c148ecaf96d0c1a171

EXPIRED

16 Jiras

Authentication bypass security issue
Provisioner External entity attributes not working for incrementals
Instrumentation cleanup
SFTP improvements
Provisioning improvements

2023/10/13

i2incommon/grouper:4.7.2

sha256:3c03d9c0a7955b74
577b4533b8f433df05a4ee4c
702d8f7ce40c6e5817270297

EXPIRED

6 Jiras

Simplified UI for GSH templates
Default run group or folder does not show for gsh templates
Sql/ldap syncs to mysql do not work
Exceptions in provisioning should replace null characters before storing to the database

2023/10/09

i2incommon/grouper:4.7.1

sha256:15ca1e909943aafd3
afa6355c8a36ea3fec7327e4
0f4eda5554931abdcd1ca7e

EXPIRED

5 Jiras

In provisioning, if changing entities, if a group is deleted (or recalc'ed), entities could be deprovisioned during incremental
In provisioning, if not retrieving all groups at once in full sync, group attribute updates not happening (e.g. description)

2023/10/04

i2incommon/grouper:4.7.0

sha256:7aa24f33361ed5e89
ed87d74d4d66f22c9efd1ce7
fa37c690b571502f69b4907

EXPIRED

30 Jiras

Add option to mark provisioning attributes in values as "not provisionable if null"
Add option to leave a group in target if not provisionable but not deleted in grouper
Executable grouperClient jar fails trying to connect using Hibernate
Resolving subject from source should update member deleted/resolvable flags
Duo administrative role provisioner improvements
Old log files not deleted when logging files to host
Sql/midpoint provisioner has problems with inserting data that was recently deleted

2023/09/08

i2incommon/grouper:4.6.0

sha256:2aa7b0e8fde2e4209
d6824165697af5559451405
3cd5e0c2e12aecb726125be4

EXPIRED

Client jar standalone does not work

6 Jiras

Trusted client certs added to Corretto keystore, tomcat still uses /etc/pki/java/cacerts
Ldap provisioner wants to update dn based on case
Subject source intermittently disappears when there are database connection issues
Google provisioner not retrieving memberships
If a provisioner can retrieve all memberships, but isnt retrieving all groups, then it doesnt work

2023/08/28

i2incommon/grouper:4.5.5

sha256:34f0c77def32dd0118
3b34b7609d4d17628639745
c75c2601ab7d7f428202e6b

EXPIRED

7 Jiras

In some cases users cannot see folders on UI they have access to (inherited privileges on folders causes this)
AWS SCIM provisioning is broken
Cannot create group if inherited privileges are not configured correctly
Can't provision root stem due to infinite loop
Allow change log consumers to specify number of records to process (default 1000) in daemon edit screen

2023/08/24

i2incommon/grouper:4.5.4

sha256:c816c7b5a0a62dbf3e
9c4bb0b43355006c2d69d96
da4b620ff8e0fa747244b4b

NOT STABLE

AWS SCIM provisioning is broken

5 Jiras

Fix issues with SCIM provisioning paging

i2incommon/grouper:4.5.3

sha256:a2d07fe2ea13dc7a9
5c3f813a2e51a62dd50aedc
0f98157de1f4acc1818e082b

EXPIRED

12 Jiras

Security issue upgrade shib to i2incommon/shibboleth_sp:3.4.1_06122023_rocky8_multiarch
Group attributes should be available for provisioning
Delete value if managed by grouper doesnt work in certain circumstances
UI accessibility improvements (customer pull request)

i2incommon/grouper:4.5.2

sha256:547b6061dd1f7afc3
0d90049cd6a0f9ef7b5a4fb
c87ff4c29425c0562590675c

6 Jiras

Add a strategy in provisioning to be authoritative for value for memberships
Allow second email for SCIM 2 provisioning
Configure missing caches
All provisioners were shown in list (on folder or group) when only some should be shown based on security

i2incommon/grouper:4.5.0

sha256:91f8a6a8c25f15f7b
916bf8f0e877f07522a5fe3f
24bc04a7e3d9e588b75f30f

17 Jiras

Add progress screen for "edit stem" and "edit composite"
Add hook and daemon to ensure unique group extension in folder
Add edit button on provisionable screen for groups or folders
Add run button on GSH template screen
Upgrade bouncycastle for vulnerability
Add alias1-4 to duo user provisioning

i2incommon/grouper:4.4.0

sha256:af610ba539659582a
27138df8d8f5cda023bce117
729336950f18502ec2d66ee

8 Jiras

Allow micros in timestamps for SCIM for Atlassian provisioning
SQL sync bug fixes
Allow source IP address filtering on tomcat ports
Add built in hook to restrict non sysadmins from using EveryEntity

i2incommon/grouper:4.3.1

sha256:d7d67875d6ac5f559f
dde0783617620c12f5089b01
54055535639913766ba9c4

2 Jiras

tomcat 8.5.90 does not listen on 0.0.0.0 for ajp
revert new tomcat default for max parameter count back to 10k

i2incommon/grouper:4.3.0

sha256:4066ed05f045bde4
dd1d19cfd864e19df4c78860
992fe04e8882423bf4d5e962

EXPIRED

AJP listens on 127.0.0.1

9 Jiras

upgrade tomcat to 8.5.90 (security updates)
speed up miscellaneous -> provisioning screen
minor provisioning improvements

i2incommon/grouper:4.2.1

sha256:2d0c9c59a57f9088e
7ff57db9ba52860b68730c14
f9749486fd8816fae8e44d8

6 Jiras

Bug in provisioner when Select all groups at once during full sync is false
Provisioning logs should be able to focus on particular users/groups
For duo provisioning commands, if adding a membership that exists, dont fail

i2incommon/grouper:4.2.0

sha256:df86a0ef0e0e5a6ca
99a159e6abdc48a49a4cc22
220541c5ebefda7060f310a3

18 Jiras

Improve Google provisioner documentation
Movie on Google external system
Movie on Google provisioner
Oauth2 for zoom authentication
Memberships from pspng do not delete in incremental
Increase default database pool size

i2incommon/grouper:4.1.7

sha256:452799f54b54accd
7e15c6fe3b5efa28ab03a5f4
57a4a384a089f737c64a62fe

10 Jiras

Add new entities in provisioning in certain CRUD configs
Handle gracefully provisioning memberships when there are group or entity issues
Provisioning - validation before saving doesnt account for properties being removed
Add a screen to show provisionable groups
Add a screen to see where provisioning assignment are

i2incommon/grouper:4.1.6

sha256:3d2243dfdd39660c1
45263ff72d46f16c7f8d20111
dd5d5130e49e332a3ba8c1

18 Jiras

Reports are fixed (not working in 4.1.4)
GSH changelog consumer
Fix provisioning translation continue expression

i2incommon/grouper:4.1.4

sha256:ac1e9de4bbdddcff96
e024d4bed3fa165b8d167a76
5d57dfc982c05990ee609e

NOT STABLE

Issue with reports

1 Jira

Provisioning issue with start with due to bad build

i2incommon/grouper:4.1.3

sha256:270d29519a40ab8fa
873fc480b6bc765c4276442
d44fc6443a5e86905261ac3b

11 Jiras

Improve provisioning "start withs" and diagnostics
Provisioning - ldap - bug with moving groups with Active Directory
Provisioning - show entity attributes if select is false for hasMember (no entity link)

i2incommon/grouper:4.1.2

sha256:447f8bc1a408a7f37
7c16738d9cfe079352d1aeb0
85d710b27202aa03c3f98c4

EXPIRED

12 Jiras

Security issue: upgrade commons fileupload to 1.5
Security issue: upgrade jettison to 1.5.4
Security issue: fix ipv6 UI configuration source addresses
Provisioner fails when group or entity is there for translation purposes only
Duo provisioner start with

i2incommon/grouper:4.1.1

sha256:998d0826fa6c3b27
7daeb86c15ae7481fd8604af
7f5c24fadd9f566f08528845

EXPIRED

Has issue with
entity attributes
and some security issues

35 Jiras

Do not have default etc EveryEntity privs
Add screen that shows provisioning errors
Provisioning - bug with membership count for default value check
Auto ddl 4.*.* should work
Allow owners for teams groups in azure provisioning (on create only)
Entity static attribute provisioning
Improve LDAP and Azure provisioning 'start with' and diagnostics
Add a provisioning setting with a group of members NOT to provision
In provisioning, if an entity is not eligible, the memberships should be removed
Ldap provisioning search filter fails when ldap_dn is the search attribute
Ldap provisioner fails when there are multiple search attributes

i2incommon/grouper:4.0.3

sha256: c7afe275783d815fa7
5661f300745eedae135e4eb9
100d4d9dff029a813847da

GRP-4618: JEXL script editor supported files were not included in build

i2incommon/grouper:4.0.1

sha256:ffb15e5290b10ec79
4671f4089226da09ce1a4da
a546ba9b7bb7e4cf2b3dc6d6

EXPIRED

JEXL script
editor issue

Shib: 3.4.1
Apache: 2.4.37
Tomcat: 8.5.84
Java Corretto: 17.0.6

30 jiras

GRP-4567: Replace Tomee with Tomcat and remove PSU SCIM
Change to Rocky Linux
Upgrade Java to 17
Rewrite provisioning framework internals to make more solid
JEXL editor
Library upgrades for security