When upgrading from Grouper v5 to another v5 container, this wiki will consolidate all the steps needed to perform that upgrade.
See information on Grouper Versioning here
Note, these are in reverse order, so go from bottom to top
| Date | Upgrading from version | Upgrading to Version | Note for version | Importance | Jira | Step needed if... | Description | |
|---|---|---|---|---|---|---|---|---|
| 2024/03/19 | ALL | ALL | 5.9.0 | Not important | You run Grouper | Tomcat was upgraded, make sure any tomcat things work in UI/WS, including logs, SSL, authentication, etc | ||
| 2024/03/10 | ALL | ALL | 5.8.1 | Medium important | If you use the provisioning framework and have too much memory allocated to your daemon | Try bumping down your daemon memory to 16g (16g in container and 13g heap) and see if you still have memory problems. | ||
| 2024/03/05 | ALL | ALL | 5.8.3 | Medium important | If you use Grouper | Group sync jobs (full sync push/pull involving another Grouper instance) are now run using otherJobs. This applies if you have grouper.properties configs that start with "syncAnotherGrouper" and if you have daemon jobs that start with "MAINTENANCE__groupSync__". If so, then go to the Daemon Jobs screen in the UI and add a daemon job for each group sync. The daemon type is "Group sync another Grouper full sync". The Jira has a screenshot of this. | ||
| 2024/03/03 | ALL | ALL | 5.8.2 | Medium important | If you use Grouper | Config property changeLog.enabledDisabled.queryIntervalInSeconds renamed to otherJob.enabledDisabled.queryIntervalInSeconds. See Jira and adjust the value of the new property if you're not using the default. | ||
| 2024/03/03 | ALL | ALL | 5.8.2 | Not important | You run Grouper and use the daemon screen | Note that the change log temp daemon and composite change log consumer run continuously. | ||
| 2024/03/03 | ALL | ALL | 5.8.2 | Not important | You run Grouper and have any rules | |||
| 2024/02/27 | 5.7.1 | ALL | 5.8.1 | Medium important | You use self signed certs for tomcat | See Jira and adjust env vars | ||
| 2024/02/27 | ALL | ALL | 5.8.1 | Medium important | Your grouper credential cannot do DDL | See the Jira and run the DDL | ||
| 2024/01/01 | ALL | ALL | 5.7.0 | Important | If you have existing data fields or rows | You need to edit them and add a description | ||
| 2024/01/01 | ALL | ALL | 5.7.0 | Medium important | If you expect tomcat access logs to be in /tmp (previous default), they are not in /opt/grouper/logs | Set this variable: GROUPER_TOMCAT_LOG_ACCESS_DIRECTORY=/tmp | ||
| 2023/12/27 | ALL | ALL | 5.7.0 | Medium important | If you customize the server.xml for tomcat SSL, remote IP valve, or rewrite valve | Remove your custom server.xml and use the env variables | ||
| 2023/12/27 | ALL | ALL | 5.7.0 | Medium important | If you set this in grouper.properties
| Remove it | ||
| 2023/11/26 | ALL | ALL | 5.6.0 | Medium important | If you have a MidPoint provisioner and do not have foreign keys with cascade delete | Either drop the MidPoint tables and use the new DDL, or add cascade delete to the foreign keys on the attribute and membership tables | ||
| 2023/11/26 | ALL | ALL | 5.6.0 | Medium important | You use LDAP | Test your LDAP subject source, loaders, and provisioners, as Ldaptive has been upgraded | ||
| 2023/11/20 | ALL | ALL | 4.9.0, 5.6.0 | Medium important | If you use the zoom provisioner / loader | A 3rd party library was updated for security, test your integration. Note set this
| ||
| 2023/11/20 | ALL | ALL | 4.9.0, 5.6.0 | Medium important | If you use the OIDC for UI/WS authentication | A 3rd party library was updated for security, test your authentication | ||
| 2023/11/20 | ALL | ALL | 4.9.0, 5.6.0 | Medium important | If you use the legacy (non provisioning framework) box provisioner | A 3rd party library was updated for security, test your provisioner or upgrade to the | ||
| 2023/11/20 | ALL | ALL | 4.9.0, 5.6.0 | Medium important | If you use the legacy (non provisioning framework) google apps provisioner | A 3rd party library was updated for security, test your provisioner or upgrade to the | ||
| 2023/11/20 | ALL | ALL | 4.9.0, 5.6.0 | Medium important | If you use Grouper | JSON marshalling changed to be higher performance and less likely to
Report any issues you have if you have to revert | ||
| 2023/11/20 | ALL | ALL | 4.9.0, 5.6.0 | Medium important | If you LDAP loaders of type: list of groups or groups from attributes, and grouper-loader.properties:
| You can now specify any stems to be the top stem, or you can | ||
| 2023/11/04 | v2.5.0-v2.5.68, | ALL | 4.5.0 | Not important | If you were affected by the authentication bypass vulnerability and installed the remediation | |||
| 2023/10/21 | ALL | ALL | 5.2.0 | Important | If you use Grouper | Follow all v4 upgrade instructions | ||
| 2023/10/04 | ALL | ALL | 5.4.0 | Important | If you use deprovisioning | This defaults to true to veto deprovisioned users from being added to groups. If you dont want want, set to false in grouper.properties grouperHook.MembershipVetoIfDeprovisionedHook.autoRegister = true | ||
| 2023/07/04 | ALL | ALL | 5.2.0 | Important | If you use Grouper | Look at DDL changes and apply the updates manually | ||
| 2023/07/04 | ALL | ALL | 5.2.0 | Important | If you use Grouper | Follow all v4 upgrade instructions | ||
| 2023/03/30 | ALL | ALL | 5.0.3 | Important | If you use Grouper | DDL updates (Note: these are significant. You need to stop all updates when starting the daemon and running the upgrade task daemon) | ||
| 2023/03/28 | ALL | ALL | 5.0.3 | Important | If you use Grouper SOAP WS | SOAP is no longer in the Grouper container, you can install it in your image derived from Grouper (not recommended), or refactor your WS clients | ||
| 2023/03/28 | ALL | ALL | 5.0.3 | Important | If you run a process in the container other than the built in processes (e.g. sshd) | The supervisor is no longer in the Grouper container. If you start a process in your image derived from Grouper, you can install supervisor in your image derived from grouper, or make other arrangements | ||
| 2023/03/28 | ALL | ALL | 5.0.3 | Important | If you use SAML in the UI | The Shib SP is no longer in the Grouper container. You can either switch to OIDC, use the Unicon authn SAML, install the shib SP in your image derived from Grouper, or use a sidecar SP container Remove any SP environment variables passed to the container | ||
| 2023/03/28 | ALL | ALL | 5.0.3 | Important | If you use Apache in the grouper container | Apache is no longer in the Grouper container. You can either use tomcat, install apache in your image derived from Grouper, or use a sidecar apache container. Remove any Apache environment variables passed to the container |
If you want to run v5 locally, you can do something like this (change port, version, database url if not on mac):
$ docker run --name postgres -e POSTGRES_PASSWORD=pass -d -p 5432:5432 postgres:14 $ docker exec -it -u postgres postgres psql # CREATE USER grouper PASSWORD 'pass'; # CREATE DATABASE grouper; # GRANT ALL PRIVILEGES ON DATABASE grouper TO grouper; # \q
docker run -d -p 8081:8080 --name my-grouper \
-e GROUPER_UI_GROUPER_AUTH=true \
-e GROUPER_SELF_SIGNED_CERT=true \
-e GROUPER_AUTO_DDL_UPTOVERSION='v5.*.*' \
-e GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES='0.0.0.0/0' \
-e GROUPERSYSTEM_QUICKSTART_PASS=pass \
-e GROUPER_UI=true \
-e GROUPER_DATABASE_URL="jdbc:postgresql://docker.for.mac.localhost:5433/grouper?currentSchema=public" \
-e GROUPER_DATABASE_USERNAME=grouper \
-e GROUPER_DATABASE_PASSWORD=pass \
i2incommon/grouper:5.0.3 ui