Generic upgrade procedure
Frontend and backend shall always be started with the same version number.
The Docker Compose
docker-compose-prod-postgres.ymlin the GitHub repository always use the most recent released version of SecObserve.
The database structure will automatically be updated to the reflect the latest changes, when the backend container gets started. Always make a backup of your database before upgrading, in case something should go wrong.
There will be specific upgrade instructions if necessary, e.g. when there are new configuration parameters.
- The tag of the docker image is not part of the identity hash anymore, to allow updates of the docker image within a vulnerability check without creating a new observation.
- The ZAP project has had a rebranding as a result of the move to the Software Security Project. To reflect this, the name of the parser has been changed from
ZAP. The GitLab template and GitLab action for
ZAPhave been renamed as well. These changes are not backwards compatible, so you need to update your configuration files and pipelines.
- When OIDC authentication is used, the environment variable
OIDC_CLIENT_IDneeds to be set for the backend as well. See Configuration and OpenID Connect authentication for details.
- SecObserve now supports different OpenID Connect providers for authentication and the Microsoft specific dependencies have been removed. Thus the
AAD_configuration parameters are not valid anymore and have been replaced with
OIDC_parameters, see Configuration and OpenID Connect authentication for details.
- The value of the configuration parameter
MYSQL_AZUREhas been changed from
single, depending on the type of Azure Database for MySQL. See Configuration for details.
The SSLyze parser has been replaced by the CryptoLyzer parser due to licensing reasons. Even though the SSLyze parser may still be seen in the list of parsers, you cannot use it for imports anymore. The CryptoLyter parser generates the same kind of results, adding information about signature algorithms.
The project name
secobserve_prodhas been set in
docker-compose-prod-postgres.yml. This was necessary to assign defined network names, but it changes the name of the database volume. You need to dump the database content to a file before the upgrade and restore it after the upgrade.