Date: Thu, 28 Mar 2024 19:06:51 +0000 (UTC) Message-ID: <330206439.6833.1711652811040@ip-10-10-7-29.ec2.internal> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_6832_1381349285.1711652811040" ------=_Part_6832_1381349285.1711652811040 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
11/1/2022: Grouper v2.5 will not be supported after 5/1/2023. Plea= se upgrade to a newer supported version
Grouper= container upgrade instructions
These will be marked as stable once they are out for a while without iss= ue and/or as people start using these in production. This is a judgme= nt call by the Grouper team. If you are using a new release please in= form us so we can provide better advice.
Date |
Container tag (version) |
Status | Upgrade instructions |
Versions |
Enhancements and bugs fixed in this version, known issues with this vers= ion |
---|---|---|---|---|---|
2023/11/03 | i2incommon/grouper:2.5.69 sha256:b3c46f8cde0ce2ab8 | EXPIRED | 1 upgrade instruction | Shib: 3.4.1 Apache: 2.4.6 Tomee: 7.0.9 (8.5.57) Openjdk: 1.8.0_392 |
<=
p>Authentication bypass security issue=
Upgrade hibernate and ehcache in Group= er 2.5 |
2022/12/22 | i2incommon/grouper:2.5.68 sha256:7714455fb50ffcf6e4 |
EXPIRED | None | Shib: 3.2.3 Apache: 2.4.6 = Tomee: 7.0.9 (8.5.57) |
3 Jiras (library updates for security CVE) |
2022/11/29 | i2incommon/grouper:2.5.66.1 |
EXPIRED | None | Shib: 3.4.0 Apache: 2.4.6 = Tomee: 7.0.9 (8.5.57) |
Upst= ream SP container pointed to new version |
2022/11/01 | i2=
incommon/grouper:2.5.66 |
EXPIRED | None | Shib: 3.2.3 Apache: 2.4.6 = Tomee: 7.0.9 (8.5.57) |
|
2022/09/23 | i2incommon/grouper:2.5.65 sha256:e533f25aae4a8d2110 ddd7eb322984339123a3352 011565ec4a3d48db848ca98 |
EXPIRED | None | Shib: 3.2.3 Apache: 2.4.6 = Tomee: 7.0.9 (8.5.57) |
7 Jiras Upgrade jars Make findBadMemberships full daemon scale for missing com= posites Run r= ule if condition with grouper session running with actAs subject Upgrade to latest csrfg= uard Make ddl= utils not a dependency Change grouper client from xml to json (update unsecure libraries= ) |
2022/06/22 | i2incommon/grouper:2.5.63 sha256:a9b40684e0573731 46a4a44c26f3b685ff768a1 1a2b37838dc9293befc0a53f5 |
EXPIRED | None | Shib: 3.2.3 Apache: 2.4.6 = Tomee: 7.0.9 (8.5.57) |
1 Jira |
2022/06/13 | i2incommon/grouper:2.5.62 sha256:9170a8b65f560d65e 9e1966e4b57088f7be027daf 16e914e0c1b696045637895 |
EXPIRED | None | Shib: 3.2.3 Apache: 2.4.6 = Tomee: 7.0.9 (8.5.57) |
2 Jiras PSPNG startup error WS getMemberships paging error |
2022/02/16 | i2incommon/grouper:2=
.5.60 sha= 256:793a491d4b5693fc2 2032b8f70fef0e43117787f1 bd8526ea9a671bc56e83e0b |
RELEASED | None | Shib: 3.2.3 Apache: 2.4.6 = Tomee: 7.0.9 (8.5.57) |
2 Jiras Postgres driver security issue |
2021/12/20 | i2incommon/grouper:2.5.59.3 sha256:45d8e8608ec07bbd3a 29137ba8e1758364ef20be810 a7a55d28acb7ed92c3604 |
EXPIRED |
None | Shib: 3.2.3 Apache: 2.4.6 = Tomee: 7.0.9 (8.5.57) |
Log4j secur=
ity problem fixed (again, again)! [root@0= c8d8738e95a bin]# echo $GROUPER_CONTAINER_VERSION 2.5.59.3 [root@0c8d8738e95a bin]# ls /opt/tomee/bin/log4j* /opt/tomee/bin/log4j-api-2.17.0.jar /opt/tomee/bin/log4j-core-2.17.0.jar = /opt/tomee/bin/log4j-jul-2.17.0.jar |
2021/12/16 | i2incommon/grouper:2.5.59.2 sha256:6d9b0685f753041f77 b849f136b598af3d380f1b9a 13073dd1f11c74d3475421 |
EXPIRED Log4j security proble= m (log4j v2.16.0) |
None | Shib: 3.2.3 Apache: 2.4.6 = Tomee: 7.0.9 (8.5.57) |
Log4j secur=
ity problem fixed (again)! [root@0= c8d8738e95a bin]# echo $GROUPER_CONTAINER_VERSION 2.5.59.2 [root@0c8d8738e95a bin]# ls /opt/tomee/bin/log4j* /opt/tomee/bin/log4j-api-2.16.0.jar /opt/tomee/bin/log4j-core-2.16.0.jar = /opt/tomee/bin/log4j-jul-2.16.0.jar |
2021/12/10 | i2incommon/grouper:2.5.59.1 sha256:5c258cd3c398a47b1e 7c7cba7edc7f682f3d5aedd38 53aa284dfda9ccae99577 |
EXPIRED Log4j security problem (log4= j v2.15.0) |
None | Shib: 3.2.3 Apache: 2.4.6 = Tomee: 7.0.9 (8.5.57) |
Log4j secur=
ity problem fixed (NOT)! [root@0= c8d8738e95a bin]# echo $GROUPER_CONTAINER_VERSION 2.5.59.1 [root@0c8d8738e95a bin]# ls /opt/tomee/bin/log4j* /opt/tomee/bin/log4j-api-2.15.0.jar /opt/tomee/bin/log4j-core-2.15.0.jar = /opt/tomee/bin/log4j-jul-2.15.0.jar |
2021/12/08 | i2incommon/grouper:2.5.59 sha256:347fb78230de81408 1a4ed19929b8dda70d00779 02283184fcd6aecc608f423f |
EXPIRED Log4j security problem |
None | Shib: 3.2.3 Apache: 2.4.6 = Tomee: 7.0.9 (8.5.57) |
None |
2021/10/20 | i2incommon/grouper:2=
.5.58 sha= 256:5b012b02d72238bb f7c49ee786510539f62d02b1 a84d674bc411f67d1ee17d50 |
EXPIRED Log= 4j security problem |
None | Shib: 3.2.3 Apache: 2.4= .6 Tomee: 7.0.9 (8.5.57) Open= jdk: 1.8.0_312 |
4 Jiras Copy group validation error with invalid (dot) character fix Object type UI fix RabbitMQ configuration fix |
2021/09/17 | i2incommon/grouper:2.5.57 sha256:9fd575e5f2b8feacf1 b86cdd44779f89b23a7b375 da7fdb1c77c50dd105af24b |
EXPIRED Log4j security problem |
None | Shib: 3.2.3 Apache: 2.4.6 = Tomee: 7.0.9 (8.5.57) |
5 Jiras Provisioning framework fixes Chrome 93 header fix |
2021/09/06 | i2incommon/grouper:2.5.56 sha256:13f32e94d90f83dd6 333fee3abad682b6ecb9179 f688fd614f8c23b57ed31680 |
EXPIRED NO ENHANCEMENTS AFTER 2.5.56 Log4j security problem |
None | Shib: 3.2.3 Apache: 2.4.6 = Tomee: 7.0.9 (8.5.57) |
6 Jiras |
2021/09/01 | i2incommon/grouper:2.5.55 sha256:13124e45f77733887 20ae1190f86a5e47cb5de4b a75c8f032b16cf92c2cedc35 |
RELEASED Log4j security problem |
3 upgrade instructions | Shib: 3.2.3 Apache: 2.4.6 = Tomee: 7.0.9 (8.5.57) |
22 Jiras |
2021/07/27 | i2incommon/grouper:2.5.54 sha256:6fda7bfb9c3998cdc 02b00a3bab63abd4cca3671 6fe701b2b9f13fe1d0554320 |
EXPIRED Log4j security problem |
None | Shib: 3.2.3 Apache: 2.4.6 = Tomee: 7.0.9 (8.5.57) |
9 Jiras |
2021/07/15 | i2incommon/grouper:2.5.53 sha256:a144bbedc1d484b3e b968a973bb1073b0340d0c4 323caa08f7aad8e9460a040b |
EXPIRED Misc loader screen: GRP-3530 |
1 upgrade instruction | Shib: 3.2.3 Apache: 2.4.6 = Tomee: 7.0.9 (8.5.57) |
25 Jiras SCIM provisioner for AWS Reports can generated from GSH Attestation notifications can be sent to a group Loader can manage group display names Can delegate loader management |
2021/05/27 | i2incommon/grouper:2.5.52 sha256: a8ecd8a4d953321b 37eacdbe50475295e885a83 ef33598cb1de66a4f277ba160 |
EXPIRED Log4j security problem |
5 upgrade instructions | Shib: 3.2.2 Apache: 2.4.6 = Tomee: 7.0.9 (8.5.57) |
27 Jiras Incremental provisioning performance improvements Custom UI configuration moved from group attributes to UI wizard and config= GSH template improvements |
2021/05/01 | i2incommon/grouper:2.5.50 sha256:f108efdceaaf875b7c 8879a091557c6a64969545e 633e4e6efe5803b5520a057 |
EXPIRED Log4j security problem |
None | Shib: 3.2.2 Apache: 2.4.6 = Tomee: 7.0.9 Openjdk: 1.8.0_292 |
6 Jiras Loader doesn't create ancestor folders Incremental LDAP doesn't provision recalc memberships |
2021/04/28 | i2incommon/grouper:2.5.49 sha256:a1d389eb6735d02d4 2c510805c735c05a5824d656 bb6a49034bb19a4eb4cc8ef |
RELEASED Loader issue: GRP-3444 Provisioning: GRP-3445 |
4 upgrade instructions | Shib: 3.2.2 Apache: 2.4.6 = Tomee: 7.0.9 Openjdk: 1.8.0_292 |
71 Jiras GSH template updates / fixes Incremental provisioning performance improvements Attribute propagation re-write (e.g. "types" daemon) New default validation on Grouper object system names (see upgrade instruct= ions) |
2021/03/29 | i2incommon/grouper:2.5.47 sha256:e1523aed42d6af97f 14267fa31ad0ac765c32831 6c9d3d52e1ab9483508c17de |
RELEASED GSH bugs=
: GRP-3349, For GSH templates use 2.5=
.50+ |
1 upgrade instruction | Shib: 3.2.1 Apache: 2.4.6 = Tomee: 7.0.9 Openjdk: 1.8.0_282 |
46 Jiras |
2021/03/18 | i2incommon/grouper:2.5.46 sha256:e19f928406355cb54 08ba7f271f6915b3db5ef856 2a25ef15458b94d8= dc9469a |
RELEASED For GSH templates use 2.5.50+<= br>Log4j security problem |
None | Shib: 3.2.1 Apache: 2.4.6 = Tomee: 7.0.9 Openjdk: 1.8.0_282 |
14 Jiras |
2021/03/17 | i2incommon/grouper:2.5.45 sha256:f94bfdf83fc5bd55d3 11164dd77dcf36f4efde8629 b85ea264a55c63528328db |
RELEASED For GSH templates use 2.5.50+<= br>Log4j security problem |
2 upgrade instructions | Shib: 3.2.1 Apache: 2.4.6 = Tomee: 7.0.9 Openjdk: 1.8.0_282 |
33 Jiras GSH templates can be run from UI Provisionable groups and folders improved Provisioning diagnostics starting point Grouper client can be used in multi-app JVM Upgrade mysql/postgres drivers and improve quartz pooling |
2021/03/03 | i2incommon/grouper:2.5.44 sha256:1953b5475f237aba6= 44a53124= 643686d407c7f8e5 8ee12ceaec8db9d815435d1 |
RELEASED Log4j security problem |
None | Shib: 3.2.0 Apache: 2.4.6 = Tomee: 7.0.9 Openjdk: 1.8.0_282 |
29 Jiras |
2021/02/24 | i2incommon/grouper:2.5.43 grouper@sha256:20ab5adf6c2 8834c8945cf6df449a67f4df19a 162a9bfccd865918206c34a3b0 |
EXPIRED Log4j security problem |
2 upgrade instructions | Shib: 3.2.0 Apache: 2.4.6 = Tomee: 7.0.9 Openjdk: 1.8.0_282 |
12 Jiras GSH templates and WS Sync various objects to Grouper via SQL or another Grouper instance GSH scripts in daemon can have blocks on multiple lines Grouper external subject source issue resolved |
2021/02/12 | i2incommon/grouper:2.5.42 grou= per@sha256:00cd2a6d4ba c27025f679ebdcf8a8a372403c2 0da6fa3147dcee320018a8cd2d |
EXPIRED (if you do not use Grouper external subject source) Log4j security problem |
None | Shib: 3.2.0 Apache: 2.4.6 = Tomee: 7.0.9 Openjdk: 1.8.0_282 |
13 Jiras Provisioning improvements LDAP loader improvements MembershipFinder enhancements |
2021/02/01 | i2incommon/grouper:2.5.41 sha2= 56:bb21a34ad75a9fa3a7 5596645ffc75c4a53d3c3bbe 5b13de8180ac4311919990 |
EXPIRED (if you do not use Grouper external subject source) Log4j security problem |
1 upgrade instruction | Shib: 3.2.0 Apache: 2.4.6 = Tomee: 7.0.9 Openjdk: 1.8.0_282 |
Known issue: GRP-3118 (gro= uperExternal subject source broken) 14 Jiras |
2021/01/27 | i2incommon/grouper:2.5.40 sha2= 56:74f445fb55dea3821 58b79ff88d5d1d27bdbb604 a7fbb4d18bf39402e6c70ce7 |
EXPIRED (Azure CLC provisioning |
2 upgrade instructions | Shib: 3.2.0 Apache: 2.4.6 = Tomee: 7.0.9 Openjdk: 1.8.0_282 |
33 Jiras |
2020/12/09 | i2incommon/grouper:2.5.39 sha2= 56:df647042eb12ff088a 7c= faff186a387286b23ac782 1= 83923c587daa5f24a47ea |
EXPIRED Log4j security problem |
1 upgrade instruction | Shib: 3.1.0 Apache: 2.4.6 = Tomee: 7.0.9 Openjdk: 1.8.0_275 |
18 Jiras<=
br title=3D"">
Grouper provisioning LDAP/DB pools dynamically adjust without restart on config change Custom UI updates Import members audit improvement |
2020/11/09 | i2incommon/grouper:2.5.37.1 sh= a256:b1708b7e022472b2e9 = 055676aefe50a7dd773b053b 2d817ee96369712b56a04a |
EXPIRED Log4j security problem |
None | Shib: 3.1.0 Apache: 2.4.6 = Tomee: 7.0.9 Openjdk: 1.8.0_275 |
GRP-3015 and os updates |
2020/10/30 | i2incommon/grouper:2.5.37 sha2= 56:d384f0c4f67e18be3b 13= 8649050d6d687b16be5a4 76= fcc3c65a0280748365a58 |
SECURITY ISSUE GRP-3015 Log4j security problem |
None | Shib: 3.1.0 Apache: 2.4.6 = Tomee: 7.0.8 Openjdk: 1.8.0_272 |
13 Jiras in total=
a> ( -2 bugs, +18 improvements ) |
2020/11/09 | i2incommon/grouper:2.5.36.1 sh= a256:9ba5d138515246b64 a= 711fafe451fb7a1730f9aee1 3a7d2af4e1355defacedd8 |
EXPIRED Log4j security problem |
None | Shib: 3.1.0 Apache: 2.4.6 = Tomee: 7.0.8 Openjdk: 1.8.0_275 |
GRP-301= 5 and os updates |
2020/10/20 | i2incommon/grouper:2.5.36 sha2= 56:27f50a205208a48c3e 78= ef24b62a6480a7460e4270 3= 1b2c4d71bc34e09000ddc |
SECURITY ISSUE GRP-3015 Log4j security problem |
3 upgrade instructions | Shib: 3.1.0 Apache: 2.4.6 = Tomee: 7.0.8 Openjdk: 1.8.0_265 |
26 Jiras in total ( -8 bugs, +18 improvements) Lots of PSPNG improvements |
2020/09/16 | i2incommon/grouper:2.5.35 |
EXPIRED Log4j security problem |
2 upgrade instructions | Shib: 3.1.0 Apache: 2.4.6 = Tomee: 7.0.8 Openjdk: 1.8.0_265 |
22 Ji= ras in total ( -5 bugs, +15 Improvements, +2 New Features ) |
2020/07/21 | i2incommon/grouper:2.5.33 |
EXPIRED Log4j security problem |
7 upgrade instructions | Shib: 3.1.0 Apache: 2.4.6 Tomee: 7.0.8 Openjdk: 1.8.0_262 |
Tomee security advisory and u= pdate to web profile 7.0.8 48 Jiras in total ( 21 bugs, 25 Improvement= s, 2 New F= eatures ) Known issue: Container will not stop/start, = you need to rm and run it |
2020/05/18 | i2incommon/grouper:2.5.29 |
EXPIRED Log4j security problem |
None | Shib: 3.1.0 |
API fixes: GRP-2806, GRP-2805, GRP-2804, GRP-2797, GRP-2795 Container updates: GRP-2708, GRP-2800, G= RP-2802, GRP= -2803 Google provisioner: GRP-2788, GRP-2789 12 Jiras in total= td> |
2020/05/13 | i2incommon/grouper:2.5.28 |
EXPIRED Log4j security problem |
Various google provisioner fixes: GRP-2787,&nbs= p;GRP-2786, GRP-2785, GRP-2784, GRP-2783 GR= P-2705: configs in UI show unmasked password for properties not in base= config34 Jiras in total |
||
2020/05/05 | i2incommon/grouper:2.5.27 sha2= 56:3bad2b55e0e83092 f74de33e2cccc31290802414 4ecd6f515e7ddc5d1bd46b7b |
EXPIRED |
GRP-2723: Grace peri=
ods Known issues |
||
2020/05/04 | i2incommon/grouper:2.5.26 sha2= 56:65c937260c3914bdb 75d277d8aa08257fa7016b9a 5675188bd3362c4079b14c8 |
NOT STABLE |
None |
|
|
2020/04/21 | i sha256:2d5b05d6cbd006e1 5c28f423757122a8837b20c 38044dfcda524f12fae7d95b4 |
EXPIRED Log4j security problem |
Various Azure provisi=
oner updates: G=
RP-2691, GR=
P-2670, GRP=
-2668, GRP-=
2669, GRP-2=
671 Known issues |
||
2020/04/08 | =
i2incommon/grouper:2.5.22 497b9b231e7a5db208645e5 8a3a42a8048381a33b79fd19 |
EXPIRED 2.5 initi=
al release |
2.5 DDL changes | Bugs fixed in this version=
|
|
2020/04/07 | i2incommon=
/grouper:2.5.20 sha256:6b9e4b92= 72d06bee aedba25bc4459729c98432e a5f37b111a57d7fa97c8e78a3 |
NOT STABLE Log4j security problem | Bugs fixed in this version: GRP-2648, GRP-2642, GRP-2651, G=
RP-2556 Known issues with this version: GRP-2657, GRP-2654, GRP-2658 = |
||
2020/04/05 | i2incommon= /grouper:2.5.19 | NOT STABLE Log4j security problem | Bugs fix=
ed in this version: GRP-2635, GRP-2636, GRP-2638, GRP-2637, GRP-2641&n=
bsp; |
||
2020/04/01 | i2incommon= /grouper:2.5.15 | NOT STABLE Log4j security problem | Enhancements: GRP-2630, GRP-2634 |
||
2020/03/31 | i2incommon= /grouper:2.5.14 | NOT STABLE Log4j security problem | Known issues with this version: GRP-2629 |
Many other fixes and improvements were also made to all components of th= e Grouper Toolkit: Grouper API, Administrative & Lite UIs, Grouper Web = Services, Grouper Client, Grouper Shell, Grouper Loader, PSP, and the Subje= ct API.
When selecting which Grouper v2.5 container to use (which build number),= review the release notes w= iki. You should install the latest stable v2.5.* release (v2.5.43= as of 2021/02/24). When you do a minor build update in the future, l= ook at this wiki to verify the stability of the version
v2.5 is a minor upgrade from the latest v2.4 container. Some defau= lts have changed in the properties files, and the container layout has drastically change= d but it should be easy to adjust your docker file.
If you use v2.4 not in a container, then you will have to start using th= e container. You don't need orchestration or a container practice in = your organization, you can still use the same server you use now, just inst= all docker and use the maturity level 0 advice to = run Grouper. This should not be a barrier to running Grouper. I= f you are forbidden from running a container, at your institution and still= want v2.5, it is possible to install docker, get the container, copy files= out, and remove docker (sounds painful right? hope you don't have to= do that ).
If you are in v2.2.1+, then it is similar to v2.4 not in a container.&nb= sp; The DDL upgrade to 2.5 can run automatically from v2.2.1, but you shoul= d follow the "v2.4 Upgrade Instructions from v2.3" for everything except DDL. (an= d "v2.3 Up= grade from v2.2" if applicable) (Note: you need Grouper v2.5.36+ i= f you are in 2.2.1)
If you are in 2.2.0 or before, you need to upgrade to v2.2.1 before upgr= ading to v2.5 (or notify the Grouper team for advice)
There are a lot of specifics here based on where you are in Grouper, thi= s document will attempt to unravel that.
All things run in tomee (not daemon com=
mand line anymore). So this is how to set memory for all envs. =
Note, it used to be different for daemon envs, so adjust those accordingly.=
Daemon should have 12gigs at least
ENV GRO= UPER_MAX_MEMORY=3D"3g" Test the memory setting in all your containers: # ps -ef | grep tom (get pid) # sudo -u tomcat jmap -heap <pid> (see max heap, should be approx= what you expect)
If you copy files into the container, y=
ou should end your (Dockerfile or whatever) script by setting the owner of =
the webapp dir
RUN cho= wn -R tomcat:tomcat /opt/grouper/grouperWebapp
This gets you to v2.5.X. Now look at the v2.5.X upgrade steps and see which = ones apply to you
See Also
Release Notes for Groupe= r 2.5
Blog on Grouper 2.5 (April 2020)
Blog on Grouper Deprovisioning with Grouper 2.4 (September 201= 8)