Date | | Status | Upgrade instructions and notes | Versions | |
---|
2025/02/03 | i2incommon/grouper:5.16.0 sha256:d2b8ba20af2b92f9b 98e6689d22090bf6ce4f576 bca7c48f256791660430f29c | LATEST STABLE | 1 from v5.15.4 | OS: Rocky 9.5 Tomcat: 9.0.98 Java Corretto: 17.0.14.7.1 Grouper API: 5.16.0 | 16 Jiras Scim provisioning membership strategies DDL for data field history Batch scim insert memberships and retry each if batch fails Provisioner with canRetrieveAllData query returns duplicate entities from other provisioners Oracle and MySQL install failures |
2025/01/23 | i2incommon/grouper:5.15.4 sha256:1eb34c45ded6e502 21f47a3b976f1c491b66e40c 5511d3c07f45183ea84375f5 | STABLE | None | OS: Rocky 9.5 Tomcat: 9.0.98 Java Corretto: 17.0.14.7.1 Grouper API: 5.15.4 | 10 Jiras Recent member of abac Fixes in rules UI Optimize data sync - Use batch inserts/queries/deletes (abac performance improvement) Scim provisioner cannot select all memberships Recursion error with getAttributeDelegate Provisioning error handling types should show code on label NPE in provisioner from GrouperProvisioningCompare.shouldSkipMembershipAttributeInsertDueToUnresolvableSubject |
2025/01/08 | i2incommon/grouper:5.15.3 sha256:b7912d964690c9feb 2d4073fd3b8a78a611ab885 2f52631c33e82f114b52b2bd | STABLE GRP-5956 GRP-5619 | None | OS: Rocky 9.5 Tomcat: 9.0.98 Java Corretto: 17.0.13.11.1 Grouper API: 5.15.3 | 7 Jiras Box retrieve by id sometimes throws error If release has gaps in upgrade steps, should not warn Do not set grouper loader log subjobs to error Performance issues with incremental provisioning Okta provisioner should be able to search and filter by arbitrary okta user attributes |
2025/01/07 | i2incommon/grouper:5.15.2 sha256:56c547e46e6d439e4 d43fa784b41ae045a4a95266 5a23f3ddbdc9f7419364650 | NOT STABLE | None | OS: Rocky 9.5 Tomcat: 9.0.98 Java Corretto: 17.0.13.11.1 Grouper API: 5.15.2 | 4 Jiras Incremental provisioners have poor performance Adobe provisioner cannot create user |
2025/01/06 | i2incommon/grouper:5.15.1 sha256:2a69ecd137cf44e6c fba1c89efb1c8f40a6501fea5 88cfb2152d61db5d74c932 | NOT STABLE | None | OS: Rocky 9.5 Tomcat: 9.0.98 Java Corretto: 17.0.13.11.1 Grouper API: 5.15.1 | 5 Jiras Add ability to not fail startup if upgrade tasks fail Grouper sql scripts intended to run against other database only run against the grouper database Error about http client: Caused by: java.lang.NoClassDefFoundError: org/apache/commons/httpclient/HttpMethod |
2025/01/04 | i2incommon/grouper:5.15.0 sha256:a115476d7fa71b383 b3acbacae4a65fcadf48981f 8ac206ba608f8a64046ed75 | NOT STABLE GRP-5909 | 4 from v5.14.0 | OS: Rocky 9.5 Tomcat: 9.0.98 Java Corretto: 17.0.13.11.1 Grouper API: 5.15.0 | 46 Jiras Upgrade tomcat, ldaptive, many 3rd party libraries with security vulnerabilities Okta provisioner Scim memberships retrieved by user or group Subject not found errors with data provider sync Sql cache history incremental Google provisioner - add option for whoCanModerateMembers Allow Azure provisioner to manage the SubscribeMembersToCalendarEventsDisabled attribute Allow abac row subscripts to use = instead of == Grouper WS should find groups by attribute framework value |
2024/11/26 | i2incommon/grouper:5.14.0 sha256:ccc09f28da0876257 fa882386125627dc7dee552 37289cbb620e351ae51f48f6 | STABLE | 2 from v5.13.5 | OS: Rocky 9.5 Tomcat: 9.0.87 Java Corretto: 17.0.13.11.1 Grouper API: 5.14.0 | 45 Jiras Improve upgrade tasks in grouper Adobe provisioning improvements Membership cache improvements Long query loaders do not work with diagnostics Allow config for default page size of daemon screen GrouperHttpClient should handle UTF bodies Adjust content type and accept for scim provisioner Add option for qualified and unqualified name in scim ABAC only should return non-groups Only query policy groups in provisioning if needed and directly, performance improvement Cannot delete jexl loaded population script setting
|
2024/10/17 | i2incommon/grouper:5.13.5 sha256:c6887830e246008d 69228c31c33ac9f265c945c 4734db272fabf55897b5fea34 | STABLE GRP-5799 | None | OS: Rocky 9.4 Tomcat: 9.0.87 Java Corretto: 17.0.13.11.1 Grouper API: 5.13.5 | 16 Jiras Scim is not updating name properties correctly Provisioning metadata of type "set" does not translate correctly Azure provisioning error when dealing with owners Add a way to see what the provisioner will do exactly in readonly mode Add setting and global default to not run logic in full or incremental daemon Global provisioning readonly setting to default all provisioners to readonly Provisioning object log improvements |
2024/10/17 | i2incommon/grouper:5.13.3 sha256:08bfb3b3f40085f72 b9c4b2a34b6c6582a291158 35e2b6f263178121d3b0396d | RELEASED | None | OS: Rocky 9.4 Tomcat: 9.0.87 Java Corretto: 17.0.13.11.1 Grouper API: 5.13.3 | 3 Jiras Refactor entity attributes provisioning Entity attribute provisioner with new provisionable group does not create member and membership sync objects in incremental run for existing memberships |
2024/10/15 | i2incommon/grouper:5.13.2 sha256:a10dc0f5e3c134ef9 64f44239ed83b7cb5cf6f980 0334ac796a4298b2e8811fb | NOT STABLE GRP-5753 | None | OS: Rocky 9.4 Tomcat: 9.0.87 Java Corretto: 17.0.12.7.1 Grouper API: 5.13.2 | 1 Jira Entity attribute provisioner full run will delete and add memberships flapping back and forth |
2024/10/14 | i2incommon/grouper:5.13.1 sha256:54ec2225415822470 df8d04505f7f7350e38433d6 4744b3a9d346edbdc58dbea | NOT STABLE GRP-5751 | None | OS: Rocky 9.4 Tomcat: 9.0.87 Java Corretto: 17.0.12.7.1 Grouper API: 5.13.1 | 6 Jiras Run SqlCacheFullSyncDaemon for an extra hour to process groups without recent changes Remove old sqlCacheGroup attributes (sqlCacheableGroupMarkerDef and sqlCacheableGroupDef) Entity attributes deleteValueIfManagedByGrouper does not delete if attribute not assigned to anything in grouper (empty group) Date picker format is mm/dd/yyyy which is rejected Notification job fails when subject source is set |
2024/10/07 | i2incommon/grouper:5.13.0 sha256:f777bde5d89a8c15b d360585dd896328f8da2bdb c780b9d6b7247c5d4e2f7dac | STABLE GRP-5726 | 2 from v5.12.2 | OS: Rocky 9.4 Tomcat: 9.0.87 Java Corretto: 17.0.12.7.1 Grouper API: 5.13.0 | 25 Jiras GRP-5719: full provisioner will insert recent memberships which shouldnt be there Populate sql cache group and membership tables for all groups, stems, and attributeDefs Remove unecessary provisioning errors OIDC improvements Add duo as option for custom UI Allow custom ui to redirect to a url, without clicking a button MidPoint provisioner incremental fails on entity attribute validation |
2024/09/13 | i2incommon/grouper:5.12.2 sha256:84ddfad1861f4f8c76 5a446e0cd239a536db2f8d d0bcc7c313f8e37970166f14 | RELEASED GRP-5719 | 3 from v5.12.0 | OS: Rocky 9.4 Tomcat: 9.0.87 Java Corretto: 17.0.12.7.1 Grouper API: 5.12.3 | 25 Jiras Playwright enhancements Fix Swagger in WS NPE trying to view "Unresolvable subjects" in the UI. Add ABAC like and regex |
2024/08/26 | i2incommon/grouper:5.12.0 sha256:d324736054fb448b ef9499e5550c38264038aad a90cd81be7d721b1faf26f2db | RELEASED GRP-5693 GRP-5656 GRP-5719 | 2 from v5.11.3 | OS: Rocky 9.4 Tomcat: 9.0.87 Java Corretto: 17.0.12.7.1 Grouper API: 5.12.0
| 35 Jiras Upgrade Grouper from OS Rocky version 8 to Rocky version 9 Recent memberships not working (for new installs?) Daemon screen improvements LDAP to SQL sync improvements Manage azure owners from provisioner Load azure users from provisioner to table In loaders, allow sql query to be > 4000 char Prevent composite circular references Custom UI improvements Add referral support in ldaptive |
2024/08/06 | i2incommon/grouper:5.11.3 sha256:767008bce8fbd6778 cc64abb1d2f337a0bd7ae05d de8dab9fc9a31d38b992ded | STABLE Rocky 8 unsupported | None from v5.11.2 | Tomcat: 9.0.87 Java Corretto: 17.0.12.7.1 Grouper API: 5.11.3 | 31 Jiras Date Picker for start/end dates for memberships (when editing memberships) Sql/midpoint provisioner fixes including: has problems finding data will use the wrong datatype Custom UI fixes Provisioning - deleteGroupsIfUnmarkedProvisionable=false doesn't handle deleted groups in Grouper Scim should put paging on lookup queries Pac4j SAML xxxResource properties not working for "file:..." urls "Add or remove members" page: Change "Replace existing members" and "Remove members" from checkbox to radio selection. |
2024/07/16 | i2incommon/grouper:5.11.2 sha256:de1d10568a20cb799 b3c8aa603a227cbe7e25600 119ae3a6bd0b023ac768ae62
| STABLE Rocky 8 unsupported | 1 from v5.11.0 | Tomcat: 9.0.87 Java Corretto: 17.0.11.9.1 Grouper API: 5.11.1 | 20 Jiras Allow scim to read memberships from target Grouper provisionable fixes Google provisioner option to map privileges to manager/owner roles Add "Provision now" buttons to groups, entities, and memberships Add externalId to groups in scim provisioning |
2024/06/27 | i2incommon/grouper:5.11.0 sha256:1c55fb3f50f974393 873e835ef1390d91c5ddcdf6 7195e2691e9c1c5d2601e42 | EXPIRED Rocky 8 unsupported | 3 from v5.10.1 | Tomcat: 9.0.87 Java Corretto: 17.0.11.9.1 Grouper API: 5.11.0 | 32 Jiras Add id token to grouper ui oidc authn Scim loader to load entities back to grouper for reporting or provisioning Allow custom scim attributes in provisioning Github manage multiple organizations at once Various scim fixes: command logging, enabled attribute, schemas, etc Add rules for invalid permission definition or minimum group members Use the container version and not the maven version in various places in grouper |
2024/06/25 | i2incommon/grouper:5.10.2 sha256:5af82298cc998337 cdd0eec8a522fc2b58ff895a c91b9212cd1274ace67fed5d | EXPIRED Rocky 8 unsupported | 1 from v5.10.1 | Tomcat: 9.0.87 Java Corretto: 17.0.11.9.1 Grouper API: 5.10.1 | 1 Jira Web Services LDAP authentication security vulnerability |
2024/05/29 | i2incommon/grouper:5.10.1 sha256:fdedb75dc3dd8a577 db1b9d6ae367e99ccf18db3 d541ac2b5b01b27af3aef1ee | EXPIRED Rocky 8 unsupported | None | Tomcat: 9.0.87 Java Corretto: 17.0.11.9.1 Grouper API: 5.10.1 | 2 Jiras Error on unique last modifier index on midpoint provisioner Midpoint error on provisioning performance enhancement |
2024/05/28 | i2incommon/grouper:5.10.0 sha256:020c9eee0e1696b57 7c2bbd425817ff34ac08f003 648d5e6a02a3db6d681733f | NOT STABLE midpoint provisioning errors GRP-5471 GRP-5472 Rocky 8 unsupported | 1 from v5.9.0 | Tomcat: 9.0.87 Java Corretto: 17.0.11.9.1 Grouper API: 5.10.0 | 37 Jiras Improve memory usage for provisioning Visualization with member criteria Improve security of 'Grouper Rules' in the UI Improvements in using EL in provisioning config GrouperHttpClient doesn't release resources when doing an HTTP DELETE Add abac row array value any in list Allow null values in abac expressions Add inherited privilege finders Upgrade tomcat to 9.0.87 since 8.5 is EOL AttestationGroupSave.assignMarkAsAttested() does not work Cannot edit metadata in provisioning Add expiration time to ldap pool config in external system Create swagger docs for ws Gsh template logged in and act as user should audit correctly Provisioning entities not filtering objectClass when Select All Entities is false (and occasionally when it's true) Provisioner retrieve AD objectSid and objectGuid as string instead of binary |
2024/03/19 | i2incommon/grouper:5.9.0 sha256:3b58de6e37117cd3 6c3feac3f8b2b4457ffb0480 28a0f7c3df66cae74331a078 | EXPIRED Rocky 8 unsupported | 1 from v5.8.5 | Tomcat: 8.5.99 Java Corretto: 17.0.10.8.1 Grouper API: 5.9.0 | 10 Jiras Tomcat security advisory CVE-2024-23672 Grouper session gets lost if not assigned to a variable Add option in container to GROUPER_LOG_TO_STDERR and all logs to go stderr (running tomcat single process) Fix daemon jobs ui last run status for CHANGE_LOG_changeLogTempToChangeLog and CHANGE_LOG_consumer_compositeMemberships Default self signed tomcat cert in v5 should be /opt/container_files/certs/client/localhost.pem |
2024/03/10 | i2incommon/grouper:5.8.5 sha256:38fa9ded3eddabc75 8d05b0ecbc4f677980f0766 d5f1da90e8dd2c1ff6b87763 | EXPIRED Tomcat security advisory Rocky 8 unsupported
| 2 from v5.8.2 | Tomcat: 8.5.90 Java Corretto: 17.0.10.8.1 Grouper API: 5.8.5 | 11 Jiras Memberships created in target without Grouper will not get deleted No open grouper session right after creating one GrouperLoader.runOnceByJobName should run long running jobs once only if running without daemon Warning message for disabled dates too soon to work ABAC fixes |
2024/03/02 | i2incommon/grouper:5.8.2 sha256:49c47ef7ef7698b24 ef6eec5dbbcfda7e91ea2d35 d8a94e5a927e944c992bb65 | EXPIRED GRP-5350 GRP-5347 Tomcat security advisory | 3 from v5.8.1 | Tomcat: 8.5.90 Java Corretto: 17.0.10.8.1 Grouper API: 5.8.2 | 8 Jiras Clean logs on 4.11.0 is not working Cannot delete groups (or maybe other things) as a wheel group member Creating log pipes twice can fail Validate rules periodically manually Stop chmoding cacerts when not able to (openshift) Daemon logs show sub jobs by default for some jobs Add stop daemon calls to composite memberships change log consumer |
2024/02/28 | i2incommon/grouper:5.8.1 sha256:2e2e02abea72177ff0 95af0c061b3c6a36ac35c47 d8a9ae4b8814a9ad4a4cc46 | UNSTABLE GRP-5337 GRP-5335 Tomcat security advisory | 3 from v5.7.1 | Tomcat: 8.5.90 Java Corretto: 17.0.10.8.1 Grouper API: 5.8.1 | 30 Jiras Stopping daemon jobs Fix memory issue with provisioner Composite changes - move membership inserts and deletes to daemon SCIM fixes (can manage "active" status instead of delete, adjust scim emails, allow group updates) Can provision group roles and user roles in real time and incremental |
2024/01/09 | i2incommon/grouper:5.7.1 sha256:314a6bcdf0dc66048 3b016db285b1fb5e00875a97 564b947c00e9d76a90d1956 | EXPIRED Tomcat security advisory | None from 5.7.0 | Tomcat: 8.5.90 Java Corretto: 17.0.9.8.1 Grouper API: 5.7.1 | 21 Jiras TeamDynamix provisioner fixes GSH template dynamic forms enhancements Add progress bar on visualization (with no timeouts) Json recursion error on memory bean Subjob error in scheduler check daemon cant find log map |
2024/01/01 | i2incommon/grouper:5.7.0 sha256:396eb7b3c5f463dc a437329c07c1317adf6ecffdc 2dc51cedce3b0583bbc0184 | EXPIRED GRP-5249 GRP-5240 Tomcat security advisory | 3 from v5.6.0 | Tomcat: 8.5.90 Java Corretto: 17.0.9.8.1 Grouper API: 5.7.0 | 53 Jiras Data field dictionary Add rewrite valve for tomcat so / redirects to /grouper (or whatever the UI context is) Add tomcat remote IP valve env vars for running v5 behind a load balancer Add https ssl tls for tomcat when running without apache Daemon jobs will log ad error out if JVM dies (and other daemon enhancements) Fixed JSON marshaling issues GSH template dynamic inputs GSH template WS enhancements GSH templates report error line number Daemon status threshold automatically adjusts based on schedule Duo throttling logic should always throttle if http response code is 429... Http client network keep alive connection cleanup Box provisioner enhancements |
2023/11/26 | i2incommon/grouper:5.6.0 sha256:a3fdda2be8325b80a 508a7c2f4997221e89b7723 a66ff774d7d52ef04410394f | EXPIRED Tomcat security advisory | 7 from v5.4.0 | Tomcat: 8.5.90 Java Corretto: 17.0.9.8.1 Grouper API: 5.6.0 | 35 Jiras Update ldaptive to version 2 Add trust anchors to java cacerts Add option to run tomcat as another user Add basic auth to scim provisioning framework Add active flag as attribute for scim users Attributes in group view/edit only handles all value types Group updaters should be able to only attest/clear attestation on groups UI: webpage titles for back button and browser tab Ldap loader LDAP_GROUPS_FROM_ATTRIBUTES should allow specifying parent stem Upgrade various libraries for security and performance |
2023/11/04 | i2incommon/grouper:5.5.0 sha256:f91ab1c84544184e6 236412d2a565f24db66995a 9d392e54db53b4cfb58f87ca | EXPIRED Tomcat security advisory | 1 from v5.4.0 | Tomcat: 8.5.90 Java Corretto: 17.0.9.8.1 Grouper API: 5.5.0 | 27 Jiras Authentication bypass security issue Provisioner External entity attributes not working for incrementals Instrumentation cleanup SFTP improvements Provisioning improvements Simplified UI for GSH templates Default run group or folder does not show for gsh templates Sql/ldap syncs to mysql do not work Exceptions in provisioning should replace null characters before storing to the database In provisioning, if changing entities, if a group is deleted (or recalc'ed), entities could be deprovisioned during incremental In provisioning, if not retrieving all groups at once in full sync, group attribute updates not happening (e.g. description)
|
2023/10/05 | i2incommon/grouper:5.4.0 sha256:b1ca8f3a1d4265a30 59e7ee2323667af93c5f6f55 90578a6a510753c2a45846e | EXPIRED Rocky 8 unsupported | 1 from v5.3.4 Also these | Tomcat: 8.5.90 Java Corretto: 17.0.8.8.1 Grouper API: 5.4.0 | 81 Jiras Note: only sysadmins can edit jexl scripts on ABAC groups |
2023/08/28 | i2incommon/grouper:5.3.4 sha256: | EXPIRED Rocky 8 unsupported
| None from 5.3.3 | Tomcat: 8.5.90 Java Corretto: 17.0.8.8.1 Grouper API: 5.3.3 | 20 Jiras |
2023/08/21 | i2incommon/grouper:5.3.3 sha256:d4d5e1d952e37ebc0 89b2dd5017ea8bb682ef7996 8413b49cfbc0f1c856800d3 | EXPIRED Rocky 8 unsupported
| None from 5.2.0 | Tomcat: 8.5.90 Java Corretto: 17.0.8.7.1 Grouper API: 5.3.3 |
|
2023/06/21 | i2incommon/grouper:5.2.0 sha256:6c6ea5d0e51bff31f8 a9882b5edebc7fd2186ea64e e5f4362f5c7262ccd20546 | EXPIRED Rocky 8 unsupported
| 2 from v5.1.0 | Tomcat: 8.5.90 Java Corretto: 17.0.7 Grouper API: 5.2.0 | 20 Jiras All fixes in 4.4.0 Add internal id to pit tables - groups/members/fields Dont validate abac scripts to UI works, will add back later Fix breadcrumbs for entity data fields Fix issue with abac queries where the dictionary internal ids are not right |
2023/06/21 | i2incommon/grouper:5.1.0 sha256:2e429e4b8f57fab63b 38905d87aaddf7c717f6beb71 8d57dbb6c4110a0c54e06 | EXPIRED
| 1 from v5.0.3 | Tomcat: 8.5.87 Java Corretto: 17.0.7 | SQL cache for groups and memberships ABAC attribute queries ABAC group and attribute queries translate securely into SQL |
2023/03/28 | i2incommon/grouper:5.0.3 sha256: 68b751e3a24394324 3c010c43944b433e9eafe133 ca54cdcaef0d7df205ed5ad | EXPIRED
| 5 from v4.1.1 | Tomcat: 8.5.87 Java Corretto: 17.0.6 | Remove Apache Remove Shib SP Remove SOAP WS Remove supervisor Remove log pipes ABAC POC |