Skip to main content
Version: 4.12.x.x LTS

Standard Patterns migration from LTS-2019 to LTS-2021

If you have not done so already, upgrade to the latest available version of the nevisAdmin 4 patterns for LTS 2019/11.

Then you can switch to the latest RR version or the new LTS 2021/11 version. Read the release notes of all in-between pattern releases.

You can prepare the pattern configuration beforehand, but before you deploy, you have to upgrade the target hosts first.

Breaking Changes

Here is a list of changes that we consider breaking and may require pattern configuration changes.

4.6.0:

  • Syslog forwarding is not supported anymore for nevisIDM. Check the release notes for recommendations on how to replace this feature. If required, contact Nevis support.
  • The Target Version drop-down in nevisProxy Instance and nevisIDM Instance has been cleaned up by removing outdated versions. If you selected any of those, generation will fail. Select latest instead.
  • If you are using Generic nevisIDM Log Settings, you have to migrate the uploaded configuration file to the new Log4J 2 YAML format.
  • In version 4.x, nevisProxy has removed various settings. If you use generic patterns for nevisProxy, their configuration may need to be adapted. Read the nevisProxy release notes for details.

4.7.0:

  • The default value of Frontend TLS Settings has been changed in the Virtual Host pattern which could have an impact on older and technical clients.
  • The Validate Assertion Consumer Service setting has been removed from the SAML SP Connector pattern. If there is an error shown in the pattern, simply remove the value.
  • The SP URL setting in SAML SP Connector does not have a default value anymore. If you had no value set, you need to enter a complete URL now.
  • It is no longer possible to configure Allowed HTTP Methods in nevisIDM patterns. If there is an error, simply remove the value set in the pattern.

4.8.0:

  • Patterns which were marked as deprecated in the monitoring plugin have been removed. Use the standard patterns for configuring the monitoring solution.

4.9.0:

  • The multi-level option for the Session Store Mode property of the nevisProxy MariaDB Remote Session Store pattern has been renamed to hybrid**.If you use a nevisProxy MariaDB Remote Session Store with a local cache, newly select the hybrid mode.
  • The standard QoS directives of the nevisProxy Virtual Host pattern have been updated to match the current recommendation for attack prevention. Though, there should be no impact, technical clients should be tested thoroughly.
  • Cleaned up the Target Version setting in the nevisAuth Instance pattern. If you had selected an older version range, you will be asked to select latest instead.
  • Removed settings for Backend Key Store Password and Backend Trust Store Password from the nevisAuth Instance pattern. If you have configured these settings there will be an error. Remove the values from the pattern.
  • The default value of the propagateSession property in the nevisAuth esauth4.xml is now false. There should be no impact. For testing purposes, you can opt out by setting Propagate Session to enabled. Contact Nevis support if you had to do enable this feature.

4.10.0:

  • The Target Version settings have been removed from instance patterns. If you selected a value in the drop-down you now have to remove it from the pattern.
  • Modifying properties of Request Validation Settings (ModSecurity) now restarts nevisProxy on deployment. If you want to keep the current behavior, and let nevisProxy reload the configuration on-the-fly, set the Restart Policy to lazy in the corresponding nevisProxy Instance pattern(s).
  • Removed Mime-Mappings from Generic Application Settings. If you had entered a value there, use Generic Virtual Host Settings instead.

4.11.0:

  • The Generic nevisReports Deployment pattern has been removed as nevisReports is end of life. There will be no replacement.
  • The default SSL Cache has changed in nevisProxy. Instead of the Navajo SSL Cache, the new default is now the recommended Apache SSL Cache. Retest technical clients thoroughly.
  • The nevisMeta Database Connector pattern now requires 2 users to be configured. Check the release notes for details and on how to configure the pattern.

4.12.0:

  • The nevisAuth AuthEngine attribute compatLevel is now set to none by default:
    • Retest your authentication flows to confirm that they still work as expected.
    • If you encounter any issues, proceed as follows:
      • Contact Nevis support to analyse your use case if you need to change this setting.
      • You may opt out from this change temporarily via the advanced setting Compat Level in the nevisAuth Instance pattern. This option will be removed in November 2021.