Version-dependent patch steps

To upgrade to the desired version, you must perform all applicable patch steps from the following list whose patch level is higher than the current patch level and lower than or equal to the target version.

For example, if you want to upgrade to the target version 8.0.18 and your current version is 8.0.3, you must complete all steps from patch version 8.0.4 up to and including patch version 8.0.18.

In case a patch step occurs several times, you must execute it once only (e.g., Tomcat updates).

List structure

  • Patch level

    Patch level requiring a manual patch action. Patching is necessary if you patch from a minor version to the indicated or to a higher version.

  • Component

    Components involved in the patch step.

  • Action

    Action(s) that must be performed.

8.1.0

Only standard patch steps are required.

8.1.1

Only standard patch steps are required.

8.1.2

Enable HTTPs TLSv1.3 by default

Action

Only the versions TLSv1.2 and TLSv1.3 are currently classified as secure.

To enable the latest TLS version on both the server and client side, configure the settings so that only TLS 1.2 and TLS 1.3 are supported.

Proceed as follows

  • The values ​​for -Dhttps.protocols=…​ have been adjusted:

    • New (recommended) value: -Dhttps.protocols=TLSv1.2,TLSv1.3

    • BUT: This may cause HTTPs connections between the Process Engine and other servers that rely on older TLS versions to no longer work.

  • The values ​​for -Djdk.tls.client.protocols=…​ have been adjusted:

    • New (recommended) value: -Djdk.tls.client.protocols=TLSv1.2,TLSv1.3

  • Check the values ​​in the following files and adjust them accordingly:

    <inubit-installdir>/inubit/server/process_engine/bin/setenv.[bat|sh]
<inubit-installdir>/inubit/bin/start_workbench.[bat|sh]
<inubit-installdir>/inubit/server/process_engine/bin/startcli.[bat|sh]
<inubit-installdir>/inubit/client/bin/start_workbench.[bat|sh]
<inubit-installdir>/inubit/client/bin/startcli.[bat|sh]

  • Also use the files created by the patch installer with the suffix _patch.[bat|sh] to access the file contents recommended by Virtimo AG.

After completing the above steps, restart the Process Engine and Workbench.

8.1.3

Upgrade Keycloak to version 26.0.x

Prerequisites

You are already using Keycloak as an identity provider for INUBIT.

Action

Upgrade Keycloak and the corresponding client library in INUBIT to version 26.0.1 The Keycloak upgrade is not backwards compatible and therefore both the Keycloak application and the data stored in the database must be migrated.

Proceed as follows

  1. Read Keycloak Migration Guide to learn about the latest migration changes.

  2. Stop the Keycloak server if it is running.

  3. Read Preparing for upgrading and follow the preparation steps.

  4. Run the Virtimo Digitalization Suite patch installer and upgrade to the latest Keycloak version on your computer.

  5. Read Migrating the database and follow the database migration steps.

  6. Read the remaining sections like Migrating themes and follow the instructions.

  7. Start the Keycloak server.

  8. Login to Keycloak admin console and navigate to Realm Settings and change the value of "Unmanaged attributes" to "Enabled".

  9. Navigate to Authentication and then to Required Actions tab.

  10. Change the value of "Verify Profile" to "off".

8.0.37

AS4 log file path

To place the as4gateway.log file under <inubit-installdir>/inubit/server/ibis_root/log.

Action

  1. Stop the Process Engine

  2. Change the following entry to <inubit-installdir>/inubit/server/ibis_root/log/log4j2.properties and specify the absolute path to the target folder where the as4gateway.log file should be created:

    # Log into <inubit-installdir>/inubit/server/ibis_root/log
property.basePath=${env:CATALINA_BASE}/../ibis_root/log

  3. Save all changes

  4. Start the Process Engine

Press Esc to exit full screen
Modal image placeholder
Press Esc to exit full screen