See below on this page for v5 release notes (v4 build info).  Grouper v5 is the current enhancement version of Grouper where ABAC will be built.

 

v5 builds

These will be marked as stable once they are out for a while without issue and/or as people start using these in production.  This is a judgment call by the Grouper team.  If you are using a new release please inform us so we can provide better advice.

Date

Container tag (version)

Status

Upgrade instructions
and notes

Versions

Enhancements and bugs fixed in this version, known issues with this version

2025/02/03

i2incommon/grouper:5.16.0

sha256:d2b8ba20af2b92f9b
98e6689d22090bf6ce4f576
bca7c48f256791660430f29c

LATEST STABLE

1 from v5.15.4OS: Rocky 9.5
Tomcat: 9.0.98
Java Corretto: 17.0.14.7.1
Grouper API: 5.16.0
16 Jiras
Scim provisioning membership strategies
DDL for data field history
Batch scim insert memberships and retry each if batch fails
Provisioner with canRetrieveAllData query returns duplicate entities from other provisioners
Oracle and MySQL install failures

2025/01/23

i2incommon/grouper:5.15.4

sha256:1eb34c45ded6e502
21f47a3b976f1c491b66e40c
5511d3c07f45183ea84375f5

STABLE

NoneOS: Rocky 9.5
Tomcat: 9.0.98
Java Corretto: 17.0.14.7.1
Grouper API: 5.15.4
10 Jiras
Recent member of abac
Fixes in rules UI
Optimize data sync - Use batch inserts/queries/deletes (abac performance improvement)
Scim provisioner cannot select all memberships
Recursion error with getAttributeDelegate
Provisioning error handling types should show code on label
NPE in provisioner from GrouperProvisioningCompare.shouldSkipMembershipAttributeInsertDueToUnresolvableSubject

2025/01/08

i2incommon/grouper:5.15.3

sha256:b7912d964690c9feb
2d4073fd3b8a78a611ab885
2f52631c33e82f114b52b2bd

STABLE

GRP-5956

GRP-5619

NoneOS: Rocky 9.5
Tomcat: 9.0.98
Java Corretto: 17.0.13.11.1
Grouper API: 5.15.3
7 Jiras
Box retrieve by id sometimes throws error
If release has gaps in upgrade steps, should not warn
Do not set grouper loader log subjobs to error
Performance issues with incremental provisioning
Okta provisioner should be able to search and filter by arbitrary okta user attributes

2025/01/07

i2incommon/grouper:5.15.2

sha256:56c547e46e6d439e4
d43fa784b41ae045a4a95266
5a23f3ddbdc9f7419364650

NOT STABLE

NoneOS: Rocky 9.5
Tomcat: 9.0.98
Java Corretto: 17.0.13.11.1
Grouper API: 5.15.2

4 Jiras
Incremental provisioners have poor performance
Adobe provisioner cannot create user

2025/01/06

i2incommon/grouper:5.15.1

sha256:2a69ecd137cf44e6c
fba1c89efb1c8f40a6501fea5
88cfb2152d61db5d74c932

NOT STABLE

NoneOS: Rocky 9.5
Tomcat: 9.0.98
Java Corretto: 17.0.13.11.1
Grouper API: 5.15.1

5 Jiras
Add ability to not fail startup if upgrade tasks fail
Grouper sql scripts intended to run against other database only run against the grouper database
Error about http client: Caused by: java.lang.NoClassDefFoundError: org/apache/commons/httpclient/HttpMethod

2025/01/04

i2incommon/grouper:5.15.0

sha256:a115476d7fa71b383
b3acbacae4a65fcadf48981f
8ac206ba608f8a64046ed75

NOT STABLE

GRP-5909

4 from v5.14.0OS: Rocky 9.5
Tomcat: 9.0.98
Java Corretto: 17.0.13.11.1
Grouper API: 5.15.0

46 Jiras
Upgrade tomcat, ldaptive, many 3rd party libraries with security vulnerabilities
Okta provisioner
Scim memberships retrieved by user or group
Subject not found errors with data provider sync
Sql cache history incremental
Google provisioner - add option for whoCanModerateMembers
Allow Azure provisioner to manage the SubscribeMembersToCalendarEventsDisabled attribute
Allow abac row subscripts to use = instead of ==
Grouper WS should find groups by attribute framework value

2024/11/26

i2incommon/grouper:5.14.0

sha256:ccc09f28da0876257
fa882386125627dc7dee552
37289cbb620e351ae51f48f6

STABLE

2 from v5.13.5OS: Rocky 9.5
Tomcat: 9.0.87
Java Corretto: 17.0.13.11.1
Grouper API: 5.14.0

45 Jiras
Improve upgrade tasks in grouper
Adobe provisioning improvements
Membership cache improvements
Long query loaders do not work with diagnostics
Allow config for default page size of daemon screen
GrouperHttpClient should handle UTF bodies
Adjust content type and accept for scim provisioner
Add option for qualified and unqualified name in scim
ABAC only should return non-groups
Only query policy groups in provisioning if needed and directly, performance improvement
Cannot delete jexl loaded population script setting

2024/10/17

i2incommon/grouper:5.13.5

sha256:c6887830e246008d
69228c31c33ac9f265c945c
4734db272fabf55897b5fea34

STABLE

GRP-5799

NoneOS: Rocky 9.4
Tomcat: 9.0.87
Java Corretto: 17.0.13.11.1
Grouper API: 5.13.5
16 Jiras
Scim is not updating name properties correctly
Provisioning metadata of type "set" does not translate correctly
Azure provisioning error when dealing with owners
Add a way to see what the provisioner will do exactly in readonly mode
Add setting and global default to not run logic in full or incremental daemon
Global provisioning readonly setting to default all provisioners to readonly
Provisioning object log improvements

2024/10/17

i2incommon/grouper:5.13.3

sha256:08bfb3b3f40085f72
b9c4b2a34b6c6582a291158
35e2b6f263178121d3b0396d

RELEASED

NoneOS: Rocky 9.4
Tomcat: 9.0.87
Java Corretto: 17.0.13.11.1
Grouper API: 5.13.3
3 Jiras
Refactor entity attributes provisioning
Entity attribute provisioner with new provisionable group does not create member and membership sync objects in incremental run for existing memberships

2024/10/15

i2incommon/grouper:5.13.2

sha256:a10dc0f5e3c134ef9
64f44239ed83b7cb5cf6f980
0334ac796a4298b2e8811fb

NOT STABLE

GRP-5753

NoneOS: Rocky 9.4
Tomcat: 9.0.87
Java Corretto: 17.0.12.7.1
Grouper API: 5.13.2

1 Jira
Entity attribute provisioner full run will delete and add memberships flapping back and forth

2024/10/14

i2incommon/grouper:5.13.1

sha256:54ec2225415822470
df8d04505f7f7350e38433d6
4744b3a9d346edbdc58dbea

NOT STABLE

GRP-5751

NoneOS: Rocky 9.4
Tomcat: 9.0.87
Java Corretto: 17.0.12.7.1
Grouper API: 5.13.1
6 Jiras
Run SqlCacheFullSyncDaemon for an extra hour to process groups without recent changes
Remove old sqlCacheGroup attributes (sqlCacheableGroupMarkerDef and sqlCacheableGroupDef)
Entity attributes deleteValueIfManagedByGrouper does not delete if attribute not assigned to anything in grouper (empty group)
Date picker format is mm/dd/yyyy which is rejected
Notification job fails when subject source is set

2024/10/07

i2incommon/grouper:5.13.0

sha256:f777bde5d89a8c15b
d360585dd896328f8da2bdb
c780b9d6b7247c5d4e2f7dac

STABLE

GRP-5726

2 from v5.12.2OS: Rocky 9.4
Tomcat: 9.0.87
Java Corretto: 17.0.12.7.1
Grouper API: 5.13.0
25 Jiras
GRP-5719: full provisioner will insert recent memberships which shouldnt be there
Populate sql cache group and membership tables for all groups, stems, and attributeDefs
Remove unecessary provisioning errors
OIDC improvements
Add duo as option for custom UI
Allow custom ui to redirect to a url, without clicking a button
MidPoint provisioner incremental fails on entity attribute validation

2024/09/13

i2incommon/grouper:5.12.2

sha256:84ddfad1861f4f8c76
5a446e0cd239a536db2f8d
d0bcc7c313f8e37970166f14

RELEASED

GRP-5719

3 from v5.12.0OS: Rocky 9.4
Tomcat: 9.0.87
Java Corretto: 17.0.12.7.1
Grouper API: 5.12.3

25 Jiras
Playwright enhancements
Fix Swagger in WS
NPE trying to view "Unresolvable subjects" in the UI.
Add ABAC like and regex

2024/08/26

i2incommon/grouper:5.12.0

sha256:d324736054fb448b
ef9499e5550c38264038aad
a90cd81be7d721b1faf26f2db

RELEASED

GRP-5693

GRP-5656

GRP-5719

2 from v5.11.3OS: Rocky 9.4
Tomcat: 9.0.87
Java Corretto: 17.0.12.7.1
Grouper API: 5.12.0

35 Jiras
Upgrade Grouper from OS Rocky version 8 to Rocky version 9
Recent memberships not working (for new installs?)
Daemon screen improvements
LDAP to SQL sync improvements
Manage azure owners from provisioner
Load azure users from provisioner to table
In loaders, allow sql query to be > 4000 char
Prevent composite circular references
Custom UI improvements
Add referral support in ldaptive

2024/08/06

i2incommon/grouper:5.11.3

sha256:767008bce8fbd6778
cc64abb1d2f337a0bd7ae05d
de8dab9fc9a31d38b992ded

STABLE

Rocky 8 unsupported

None from v5.11.2Tomcat: 9.0.87
Java Corretto: 17.0.12.7.1
Grouper API: 5.11.3

31 Jiras
Date Picker for start/end dates for memberships (when editing memberships)
Sql/midpoint provisioner fixes including: has problems finding data will use the wrong datatype
Custom UI fixes
Provisioning - deleteGroupsIfUnmarkedProvisionable=false doesn't handle deleted groups in Grouper
Scim should put paging on lookup queries
Pac4j SAML xxxResource properties not working for "file:..." urls
"Add or remove members" page: Change "Replace existing members" and "Remove members" from checkbox to radio selection.

2024/07/16

i2incommon/grouper:5.11.2

sha256:de1d10568a20cb799
b3c8aa603a227cbe7e25600
119ae3a6bd0b023ac768ae62


STABLE

Rocky 8 unsupported

1 from v5.11.0Tomcat: 9.0.87
Java Corretto: 17.0.11.9.1
Grouper API: 5.11.1

20 Jiras
Allow scim to read memberships from target
Grouper provisionable fixes
Google provisioner option to map privileges to manager/owner roles
Add "Provision now" buttons to groups, entities, and memberships
Add externalId to groups in scim provisioning

2024/06/27

i2incommon/grouper:5.11.0

sha256:1c55fb3f50f974393
873e835ef1390d91c5ddcdf6
7195e2691e9c1c5d2601e42

EXPIRED

Rocky 8 unsupported

3 from v5.10.1Tomcat: 9.0.87
Java Corretto: 17.0.11.9.1
Grouper API: 5.11.0

32 Jiras
Add id token to grouper ui oidc authn
Scim loader to load entities back to grouper for reporting or provisioning
Allow custom scim attributes in provisioning
Github manage multiple organizations at once
Various scim fixes: command logging, enabled attribute, schemas, etc
Add rules for invalid permission definition or minimum group members
Use the container version and not the maven version in various places in grouper

2024/06/25

i2incommon/grouper:5.10.2

sha256:5af82298cc998337
cdd0eec8a522fc2b58ff895a
c91b9212cd1274ace67fed5d

EXPIRED

Rocky 8 unsupported

1 from v5.10.1Tomcat: 9.0.87
Java Corretto: 17.0.11.9.1
Grouper API: 5.10.1

1 Jira
Web Services LDAP authentication security vulnerability

2024/05/29

i2incommon/grouper:5.10.1

sha256:fdedb75dc3dd8a577
db1b9d6ae367e99ccf18db3
d541ac2b5b01b27af3aef1ee

EXPIRED

Rocky 8 unsupported

NoneTomcat: 9.0.87
Java Corretto: 17.0.11.9.1
Grouper API: 5.10.1

2 Jiras

Error on unique last modifier index on midpoint provisioner
Midpoint error on provisioning performance enhancement

2024/05/28

i2incommon/grouper:5.10.0

sha256:020c9eee0e1696b57
7c2bbd425817ff34ac08f003
648d5e6a02a3db6d681733f

NOT STABLE

midpoint provisioning errors

GRP-5471

GRP-5472

Rocky 8 unsupported

1 from v5.9.0Tomcat: 9.0.87
Java Corretto: 17.0.11.9.1
Grouper API: 5.10.0

37 Jiras
Improve memory usage for provisioning
Visualization with member criteria
Improve security of 'Grouper Rules' in the UI
Improvements in using EL in provisioning config
GrouperHttpClient doesn't release resources when doing an HTTP DELETE
Add abac row array value any in list
Allow null values in abac expressions
Add inherited privilege finders
Upgrade tomcat to 9.0.87 since 8.5 is EOL

AttestationGroupSave.assignMarkAsAttested() does not work
Cannot edit metadata in provisioning
Add expiration time to ldap pool config in external system
Create swagger docs for ws
Gsh template logged in and act as user should audit correctly
Provisioning entities not filtering objectClass when Select All Entities is false (and occasionally when it's true)
Provisioner retrieve AD objectSid and objectGuid as string instead of binary
2024/03/19

i2incommon/grouper:5.9.0

sha256:3b58de6e37117cd3
6c3feac3f8b2b4457ffb0480
28a0f7c3df66cae74331a078

EXPIRED

Rocky 8 unsupported

1 from v5.8.5

Tomcat: 8.5.99
Java Corretto: 17.0.10.8.1
Grouper API: 5.9.0

10 Jiras

Tomcat security advisory CVE-2024-23672
Grouper session gets lost if not assigned to a variable
Add option in container to GROUPER_LOG_TO_STDERR and all logs to go stderr (running tomcat single process)
Fix daemon jobs ui last run status for CHANGE_LOG_changeLogTempToChangeLog and CHANGE_LOG_consumer_compositeMemberships
Default self signed tomcat cert in v5 should be /opt/container_files/certs/client/localhost.pem

2024/03/10

i2incommon/grouper:5.8.5

sha256:38fa9ded3eddabc75
8d05b0ecbc4f677980f0766
d5f1da90e8dd2c1ff6b87763

EXPIRED

Tomcat security advisory

Rocky 8 unsupported


2 from v5.8.2

Tomcat: 8.5.90
Java Corretto: 17.0.10.8.1
Grouper API: 5.8.5

11 Jiras

Memberships created in target without Grouper will not get deleted
No open grouper session right after creating one
GrouperLoader.runOnceByJobName should run long running jobs once only if running without daemon
Warning message for disabled dates too soon to work
ABAC fixes

2024/03/02

i2incommon/grouper:5.8.2

sha256:49c47ef7ef7698b24
ef6eec5dbbcfda7e91ea2d35
d8a94e5a927e944c992bb65

EXPIRED

GRP-5350
GRP-5347

Tomcat security advisory

3 from v5.8.1

Tomcat: 8.5.90
Java Corretto: 17.0.10.8.1
Grouper API: 5.8.2

8 Jiras

Clean logs on 4.11.0 is not working
Cannot delete groups (or maybe other things) as a wheel group member
Creating log pipes twice can fail
Validate rules periodically manually
Stop chmoding cacerts when not able to (openshift)
Daemon logs show sub jobs by default for some jobs
Add stop daemon calls to composite memberships change log consumer

2024/02/28

i2incommon/grouper:5.8.1

sha256:2e2e02abea72177ff0
95af0c061b3c6a36ac35c47
d8a9ae4b8814a9ad4a4cc46

UNSTABLE

GRP-5337
GRP-5335

Tomcat security advisory

3 from v5.7.1

Tomcat: 8.5.90
Java Corretto: 17.0.10.8.1
Grouper API: 5.8.1

30 Jiras

Stopping daemon jobs
Fix memory issue with provisioner
Composite changes - move membership inserts and deletes to daemon
SCIM fixes (can manage "active" status instead of delete, adjust scim emails, allow group updates)
Can provision group roles and user roles in real time and incremental

2024/01/09

i2incommon/grouper:5.7.1

sha256:314a6bcdf0dc66048
3b016db285b1fb5e00875a97
564b947c00e9d76a90d1956

EXPIRED

Tomcat security advisory

None from 5.7.0

Tomcat: 8.5.90
Java Corretto: 17.0.9.8.1
Grouper API: 5.7.1

21 Jiras

TeamDynamix provisioner fixes
GSH template dynamic forms enhancements
Add progress bar on visualization (with no timeouts)
Json recursion error on memory bean
Subjob error in scheduler check daemon cant find log map

2024/01/01

i2incommon/grouper:5.7.0

sha256:396eb7b3c5f463dc
a437329c07c1317adf6ecffdc
2dc51cedce3b0583bbc0184

EXPIRED

GRP-5249
GRP-5240

Tomcat security advisory

3 from v5.6.0

Tomcat: 8.5.90
Java Corretto: 17.0.9.8.1
Grouper API: 5.7.0

53 Jiras

Data field dictionary
Add rewrite valve for tomcat so / redirects to /grouper (or whatever the UI context is)
Add tomcat remote IP valve env vars for running v5 behind a load balancer
Add https ssl tls for tomcat when running without apache
Daemon jobs will log ad error out if JVM dies (and other daemon enhancements)
Fixed JSON marshaling issues
GSH template dynamic inputs
GSH template WS enhancements
GSH templates report error line number
Daemon status threshold automatically adjusts based on schedule
Duo throttling logic should always throttle if http response code is 429...
Http client network keep alive connection cleanup
Box provisioner enhancements

2023/11/26

i2incommon/grouper:5.6.0

sha256:a3fdda2be8325b80a
508a7c2f4997221e89b7723
a66ff774d7d52ef04410394f

EXPIRED

Tomcat security advisory

7 from v5.4.0

Tomcat: 8.5.90
Java Corretto: 17.0.9.8.1
Grouper API: 5.6.0

35 Jiras

Update ldaptive to version 2
Add trust anchors to java cacerts
Add option to run tomcat as another user
Add basic auth to scim provisioning framework
Add active flag as attribute for scim users
Attributes in group view/edit only handles all value types
Group updaters should be able to only attest/clear attestation on groups
UI: webpage titles for back button and browser tab
Ldap loader LDAP_GROUPS_FROM_ATTRIBUTES should allow specifying parent stem
Upgrade various libraries for security and performance

2023/11/04

i2incommon/grouper:5.5.0

sha256:f91ab1c84544184e6
236412d2a565f24db66995a
9d392e54db53b4cfb58f87ca

EXPIRED

Tomcat security advisory

1 from v5.4.0

Tomcat: 8.5.90
Java Corretto: 17.0.9.8.1
Grouper API: 5.5.0

27 Jiras

Authentication bypass security issue
Provisioner External entity attributes not working for incrementals
Instrumentation cleanup
SFTP improvements
Provisioning improvements
Simplified UI for GSH templates
Default run group or folder does not show for gsh templates
Sql/ldap syncs to mysql do not work
Exceptions in provisioning should replace null characters before storing to the database

In provisioning, if changing entities, if a group is deleted (or recalc'ed), entities could be deprovisioned during incremental
In provisioning, if not retrieving all groups at once in full sync, group attribute updates not happening (e.g. description)

2023/10/05

i2incommon/grouper:5.4.0

sha256:b1ca8f3a1d4265a30
59e7ee2323667af93c5f6f55
90578a6a510753c2a45846e

EXPIRED

Rocky 8 unsupported

1 from v5.3.4

Also these

Tomcat: 8.5.90
Java Corretto: 17.0.8.8.1
Grouper API: 5.4.0

81 Jiras

Note: only sysadmins can edit jexl scripts on ABAC groups

2023/08/28

i2incommon/grouper:5.3.4

sha256:

EXPIRED

Rocky 8 unsupported


None from 5.3.3Tomcat: 8.5.90
Java Corretto: 17.0.8.8.1
Grouper API: 5.3.3

20 Jiras

2023/08/21

i2incommon/grouper:5.3.3

sha256:d4d5e1d952e37ebc0
89b2dd5017ea8bb682ef7996
8413b49cfbc0f1c856800d3

EXPIRED

Rocky 8 unsupported


None from 5.2.0Tomcat: 8.5.90
Java Corretto: 17.0.8.7.1
Grouper API: 5.3.3


2023/06/21

i2incommon/grouper:5.2.0

sha256:6c6ea5d0e51bff31f8
a9882b5edebc7fd2186ea64e
e5f4362f5c7262ccd20546

EXPIRED

Rocky 8 unsupported


2 from v5.1.0Tomcat: 8.5.90
Java Corretto: 17.0.7
Grouper API: 5.2.0

20 Jiras

All fixes in 4.4.0
Add internal id to pit tables - groups/members/fields
Dont validate abac scripts to UI works, will add back later
Fix breadcrumbs for entity data fields
Fix issue with abac queries where the dictionary internal ids are not right

2023/06/21

i2incommon/grouper:5.1.0

sha256:2e429e4b8f57fab63b
38905d87aaddf7c717f6beb71
8d57dbb6c4110a0c54e06

EXPIRED


1 from v5.0.3Tomcat: 8.5.87
Java Corretto: 17.0.7

SQL cache for groups and memberships
ABAC attribute queries
ABAC group and attribute queries translate securely into SQL

2023/03/28

i2incommon/grouper:5.0.3

sha256: 68b751e3a24394324
3c010c43944b433e9eafe133
ca54cdcaef0d7df205ed5ad

EXPIRED


5 from v4.1.1Tomcat: 8.5.87
Java Corretto: 17.0.6

Remove Apache
Remove Shib SP
Remove SOAP WS
Remove supervisor
Remove log pipes
ABAC POC

For more information about upcoming plans, see the Grouper Product Roadmap .


See Also

Grouper Release Announcements

  • No labels